Skip to content

Commit b0f798c

Browse files
yuntaiTheBlueMatt
yuntai
authored and
TheBlueMatt
committed
Bug fix using same seed sequence for channel key geneartion
1 parent b297d5b commit b0f798c

File tree

1 file changed

+27
-6
lines changed

1 file changed

+27
-6
lines changed

src/chain/keysinterface.rs

Lines changed: 27 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,16 @@ use secp256k1::Secp256k1;
1414
use secp256k1;
1515

1616
use crypto::hkdf::{hkdf_extract,hkdf_expand};
17+
use crypto::digest::Digest;
1718

1819
use util::sha2::Sha256;
1920
use util::logger::Logger;
21+
use util::rng;
22+
use util::byte_utils;
2023

24+
use std::time::{SystemTime, UNIX_EPOCH};
2125
use std::sync::Arc;
26+
use std::sync::atomic::{AtomicUsize, Ordering};
2227

2328
/// When on-chain outputs are created by rust-lightning an event is generated which informs the
2429
/// user thereof. This enum describes the format of the output and provides the OutPoint.
@@ -39,7 +44,7 @@ pub enum SpendableOutputDescriptor {
3944
DynamicOutput {
4045
/// Outpoint spendable by user wallet
4146
outpoint: OutPoint,
42-
/// local_delayedkey = delayed_payment_basepoint_secret + SHA256(per_commitment_point || delayed_payment_basepoint
47+
/// local_delayedkey = delayed_payment_basepoint_secret + SHA256(per_commitment_point || delayed_payment_basepoint)
4348
local_delayedkey: SecretKey,
4449
/// witness redeemScript encumbering output
4550
witness_script: Script,
@@ -137,6 +142,7 @@ pub struct KeysManager {
137142
destination_script: Script,
138143
shutdown_pubkey: PublicKey,
139144
channel_master_key: ExtendedPrivKey,
145+
channel_child_index: AtomicUsize,
140146

141147
logger: Arc<Logger>,
142148
}
@@ -169,6 +175,7 @@ impl KeysManager {
169175
destination_script,
170176
shutdown_pubkey,
171177
channel_master_key,
178+
channel_child_index: AtomicUsize::new(0),
172179

173180
logger,
174181
}
@@ -192,11 +199,25 @@ impl KeysInterface for KeysManager {
192199
}
193200

194201
fn get_channel_keys(&self, _inbound: bool) -> ChannelKeys {
195-
let channel_pubkey = ExtendedPubKey::from_private(&self.secp_ctx, &self. channel_master_key);
196-
let mut seed = [0; 32];
197-
for (arr, slice) in seed.iter_mut().zip((&channel_pubkey.public_key.serialize()[0..32]).iter()) {
198-
*arr = *slice;
199-
}
202+
// We only seriously intend to rely on the channel_master_key for true secure
203+
// entropy, everything else just ensures uniqueness. We generally don't expect
204+
// all clients to have non-broken RNGs here, so we also include the current
205+
// time as a fallback to get uniqueness.
206+
let mut sha = Sha256::new();
207+
208+
let mut seed = [0u8; 32];
209+
rng::fill_bytes(&mut seed[..]);
210+
sha.input(&seed);
211+
212+
let now = SystemTime::now().duration_since(UNIX_EPOCH).expect("Time went backwards");
213+
sha.input(&byte_utils::be32_to_array(now.subsec_nanos()));
214+
sha.input(&byte_utils::be64_to_array(now.as_secs()));
215+
216+
let child_ix = self.channel_child_index.fetch_add(1, Ordering::AcqRel);
217+
let child_privkey = self.channel_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32)).expect("Your RNG is busted");
218+
sha.input(&child_privkey.secret_key[..]);
219+
220+
sha.result(&mut seed);
200221
ChannelKeys::new_from_seed(&seed)
201222
}
202223
}

0 commit comments

Comments
 (0)