Merge pull request #225 from TheBlueMatt/2018-10-214-redo

Keys Interface Simplification

Author: TheBlueMatt

fuzz/fuzz_targets/full_stack_target.rs

@@ -5,15 +5,17 @@ extern crate secp256k1;
 
 use bitcoin::blockdata::block::BlockHeader;
 use bitcoin::blockdata::transaction::{Transaction, TxOut};
-use bitcoin::blockdata::script::Script;
+use bitcoin::blockdata::script::{Builder, Script};
+use bitcoin::blockdata::opcodes;
 use bitcoin::network::constants::Network;
 use bitcoin::network::serialize::{deserialize, serialize, BitcoinHash};
-use bitcoin::util::hash::Sha256dHash;
+use bitcoin::util::hash::{Sha256dHash, Hash160};
 
 use crypto::digest::Digest;
 
 use lightning::chain::chaininterface::{BroadcasterInterface,ConfirmationTarget,ChainListener,FeeEstimator,ChainWatchInterfaceUtil};
 use lightning::chain::transaction::OutPoint;
+use lightning::chain::keysinterface::{ChannelKeys, KeysInterface};
 use lightning::ln::channelmonitor;
 use lightning::ln::channelmanager::{ChannelManager, PaymentFailReason};
 use lightning::ln::peer_handler::{MessageHandler,PeerManager,SocketDescriptor};
@@ -196,6 +198,50 @@ impl<'a> Drop for MoneyLossDetector<'a> {
 	}
 }
 
+struct KeyProvider {
+	node_secret: SecretKey,
+}
+impl KeysInterface for KeyProvider {
+	fn get_node_secret(&self) -> SecretKey {
+		self.node_secret.clone()
+	}
+
+	fn get_destination_script(&self) -> Script {
+		let secp_ctx = Secp256k1::signing_only();
+		let channel_monitor_claim_key = SecretKey::from_slice(&secp_ctx, &hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
+		let our_channel_monitor_claim_key_hash = Hash160::from_data(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());
+		Builder::new().push_opcode(opcodes::All::OP_PUSHBYTES_0).push_slice(&our_channel_monitor_claim_key_hash[..]).into_script()
+	}
+
+	fn get_shutdown_pubkey(&self) -> PublicKey {
+		let secp_ctx = Secp256k1::signing_only();
+		PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap())
+	}
+
+	fn get_channel_keys(&self, inbound: bool) -> ChannelKeys {
+		let secp_ctx = Secp256k1::without_caps();
+		if inbound {
+			ChannelKeys {
+				funding_key:               SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0]).unwrap(),
+				revocation_base_key:       SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0]).unwrap(),
+				payment_base_key:          SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0]).unwrap(),
+				delayed_payment_base_key:  SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0]).unwrap(),
+				htlc_base_key:             SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0]).unwrap(),
+				commitment_seed: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
+			}
+		} else {
+			ChannelKeys {
+				funding_key:               SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
+				revocation_base_key:       SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
+				payment_base_key:          SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
+				delayed_payment_base_key:  SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
+				htlc_base_key:             SecretKey::from_slice(&secp_ctx, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
+				commitment_seed: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
+			}
+		}
+	}
+}
+
 #[inline]
 pub fn do_test(data: &[u8], logger: &Arc<Logger>) {
 	reset_rng_state();
@@ -236,8 +282,9 @@ pub fn do_test(data: &[u8], logger: &Arc<Logger>) {
 	let broadcast = Arc::new(TestBroadcaster{});
 	let monitor = channelmonitor::SimpleManyChannelMonitor::new(watch.clone(), broadcast.clone());
 
-	let channelmanager = ChannelManager::new(our_network_key, slice_to_be32(get_slice!(4)), get_slice!(1)[0] != 0, Network::Bitcoin, fee_est.clone(), monitor.clone(), watch.clone(), broadcast.clone(), Arc::clone(&logger)).unwrap();
-	let router = Arc::new(Router::new(PublicKey::from_secret_key(&secp_ctx, &our_network_key), watch.clone(), Arc::clone(&logger)));
+	let keys_manager = Arc::new(KeyProvider { node_secret: our_network_key.clone() });
+	let channelmanager = ChannelManager::new(slice_to_be32(get_slice!(4)), get_slice!(1)[0] != 0, Network::Bitcoin, fee_est.clone(), monitor.clone(), watch.clone(), broadcast.clone(), Arc::clone(&logger), keys_manager.clone()).unwrap();
+	let router = Arc::new(Router::new(PublicKey::from_secret_key(&secp_ctx, &keys_manager.get_node_secret()), watch.clone(), Arc::clone(&logger)));
 
 	let peers = RefCell::new([false; 256]);
 	let mut loss_detector = MoneyLossDetector::new(&peers, channelmanager.clone(), monitor.clone(), PeerManager::new(MessageHandler {

src/chain/keysinterface.rs

@@ -0,0 +1,193 @@
+//! keysinterface provides keys into rust-lightning and defines some useful enums which describe
+//! spendable on-chain outputs which the user owns and is responsible for using just as any other
+//! on-chain output which is theirs.
+
+use bitcoin::blockdata::transaction::{OutPoint, TxOut};
+use bitcoin::blockdata::script::{Script, Builder};
+use bitcoin::blockdata::opcodes;
+use bitcoin::network::constants::Network;
+use bitcoin::util::hash::Hash160;
+use bitcoin::util::bip32::{ExtendedPrivKey, ExtendedPubKey, ChildNumber};
+
+use secp256k1::key::{SecretKey, PublicKey};
+use secp256k1::Secp256k1;
+use secp256k1;
+
+use crypto::hkdf::{hkdf_extract,hkdf_expand};
+
+use util::sha2::Sha256;
+use util::logger::Logger;
+
+use std::sync::Arc;
+
+/// When on-chain outputs are created by rust-lightning an event is generated which informs the
+/// user thereof. This enum describes the format of the output and provides the OutPoint.
+pub enum SpendableOutputDescriptor {
+	/// Outpoint with an output to a script which was provided via KeysInterface, thus you should
+	/// have stored somewhere how to spend script_pubkey!
+	/// Outputs from a justice tx, claim tx or preimage tx
+	StaticOutput {
+		/// The outpoint spendable by user wallet
+		outpoint: OutPoint,
+		/// The output which is referenced by the given outpoint
+		output: TxOut,
+	},
+	/// Outpoint commits to a P2WSH, should be spend by the following witness :
+	/// <local_delayedsig> 0 <witnessScript>
+	/// With input nSequence set to_self_delay.
+	/// Outputs from a HTLC-Success/Timeout tx
+	DynamicOutput {
+		/// Outpoint spendable by user wallet
+		outpoint: OutPoint,
+		/// local_delayedkey = delayed_payment_basepoint_secret + SHA256(per_commitment_point || delayed_payment_basepoint
+		local_delayedkey: SecretKey,
+		/// witness redeemScript encumbering output
+		witness_script: Script,
+		/// nSequence input must commit to self_delay to satisfy script's OP_CSV
+		to_self_delay: u16,
+	}
+}
+
+/// A trait to describe an object which can get user secrets and key material.
+pub trait KeysInterface: Send + Sync {
+	/// Get node secret key (aka node_id or network_key)
+	fn get_node_secret(&self) -> SecretKey;
+	/// Get destination redeemScript to encumber static protocol exit points.
+	fn get_destination_script(&self) -> Script;
+	/// Get shutdown_pubkey to use as PublicKey at channel closure
+	fn get_shutdown_pubkey(&self) -> PublicKey;
+	/// Get a new set of ChannelKeys for per-channel secrets. These MUST be unique even if you
+	/// restarted with some stale data!
+	fn get_channel_keys(&self, inbound: bool) -> ChannelKeys;
+}
+
+/// Set of lightning keys needed to operate a channel as described in BOLT 3
+#[derive(Clone)]
+pub struct ChannelKeys {
+	/// Private key of anchor tx
+	pub funding_key: SecretKey,
+	/// Local secret key for blinded revocation pubkey
+	pub revocation_base_key: SecretKey,
+	/// Local secret key used in commitment tx htlc outputs
+	pub payment_base_key: SecretKey,
+	/// Local secret key used in HTLC tx
+	pub delayed_payment_base_key: SecretKey,
+	/// Local htlc secret key used in commitment tx htlc outputs
+	pub htlc_base_key: SecretKey,
+	/// Commitment seed
+	pub commitment_seed: [u8; 32],
+}
+
+impl ChannelKeys {
+	/// Generate a set of lightning keys needed to operate a channel by HKDF-expanding a given
+	/// random 32-byte seed
+	pub fn new_from_seed(seed: &[u8; 32]) -> ChannelKeys {
+		let mut prk = [0; 32];
+		hkdf_extract(Sha256::new(), b"rust-lightning key gen salt", seed, &mut prk);
+		let secp_ctx = Secp256k1::without_caps();
+
+		let mut okm = [0; 32];
+		hkdf_expand(Sha256::new(), &prk, b"rust-lightning funding key info", &mut okm);
+		let funding_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
+
+		hkdf_expand(Sha256::new(), &prk, b"rust-lightning revocation base key info", &mut okm);
+		let revocation_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
+
+		hkdf_expand(Sha256::new(), &prk, b"rust-lightning payment base key info", &mut okm);
+		let payment_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
+
+		hkdf_expand(Sha256::new(), &prk, b"rust-lightning delayed payment base key info", &mut okm);
+		let delayed_payment_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
+
+		hkdf_expand(Sha256::new(), &prk, b"rust-lightning htlc base key info", &mut okm);
+		let htlc_base_key = SecretKey::from_slice(&secp_ctx, &okm).expect("Sha256 is broken");
+
+		hkdf_expand(Sha256::new(), &prk, b"rust-lightning local commitment seed info", &mut okm);
+
+		ChannelKeys {
+			funding_key: funding_key,
+			revocation_base_key: revocation_base_key,
+			payment_base_key: payment_base_key,
+			delayed_payment_base_key: delayed_payment_base_key,
+			htlc_base_key: htlc_base_key,
+			commitment_seed: okm
+		}
+	}
+}
+
+/// Simple KeysInterface implementor that takes a 32-byte seed for use as a BIP 32 extended key
+/// and derives keys from that.
+///
+/// Your node_id is seed/0'
+/// ChannelMonitor closes may use seed/1'
+/// Cooperative closes may use seed/2'
+/// The two close keys may be needed to claim on-chain funds!
+pub struct KeysManager {
+	secp_ctx: Secp256k1<secp256k1::All>,
+	node_secret: SecretKey,
+	destination_script: Script,
+	shutdown_pubkey: PublicKey,
+	channel_master_key: ExtendedPrivKey,
+
+	logger: Arc<Logger>,
+}
+
+impl KeysManager {
+	/// Constructs a KeysManager from a 32-byte seed. If the seed is in some way biased (eg your
+	/// RNG is busted) this may panic.
+	pub fn new(seed: &[u8; 32], network: Network, logger: Arc<Logger>) -> KeysManager {
+		let secp_ctx = Secp256k1::new();
+		match ExtendedPrivKey::new_master(&secp_ctx, network.clone(), seed) {
+			Ok(master_key) => {
+				let node_secret = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(0)).expect("Your RNG is busted").secret_key;
+				let destination_script = match master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(1)) {
+					Ok(destination_key) => {
+						let pubkey_hash160 = Hash160::from_data(&ExtendedPubKey::from_private(&secp_ctx, &destination_key).public_key.serialize()[..]);
+						Builder::new().push_opcode(opcodes::All::OP_PUSHBYTES_0)
+						              .push_slice(pubkey_hash160.as_bytes())
+						              .into_script()
+					},
+					Err(_) => panic!("Your RNG is busted"),
+				};
+				let shutdown_pubkey = match master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(2)) {
+					Ok(shutdown_key) => ExtendedPubKey::from_private(&secp_ctx, &shutdown_key).public_key,
+					Err(_) => panic!("Your RNG is busted"),
+				};
+				let channel_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(3)).expect("Your RNG is busted");
+				KeysManager {
+					secp_ctx,
+					node_secret,
+					destination_script,
+					shutdown_pubkey,
+					channel_master_key,
+
+					logger,
+				}
+			},
+			Err(_) => panic!("Your rng is busted"),
+		}
+	}
+}
+
+impl KeysInterface for KeysManager {
+	fn get_node_secret(&self) -> SecretKey {
+		self.node_secret.clone()
+	}
+
+	fn get_destination_script(&self) -> Script {
+		self.destination_script.clone()
+	}
+
+	fn get_shutdown_pubkey(&self) -> PublicKey {
+		self.shutdown_pubkey.clone()
+	}
+
+	fn get_channel_keys(&self, _inbound: bool) -> ChannelKeys {
+		let channel_pubkey = ExtendedPubKey::from_private(&self.secp_ctx, &self. channel_master_key);
+		let mut seed = [0; 32];
+		for (arr, slice) in seed.iter_mut().zip((&channel_pubkey.public_key.serialize()[0..32]).iter()) {
+			*arr = *slice;
+		}
+		ChannelKeys::new_from_seed(&seed)
+	}
+}

src/chain/mod.rs

@@ -2,3 +2,4 @@
 
 pub mod chaininterface;
 pub mod transaction;
+pub mod keysinterface;