channeldb: only store public keys for multi-sig + commitment keys

This commit removes the storage+encryption of private keys within channeldb. We no longer need to encrypt these secrets before storing as the base wallet is now expected to retain full control of these secrets rather than the database. As a result, we now only store public keys within the database.
2016-08-12 15:03:18 -07:00 · 2016-08-12 15:03:18 -07:00 · bdb6566076
commit bdb6566076
parent dc00514c42
2 changed files with 15 additions and 29 deletions
--- a/channeldb/channel.go
+++ b/channeldb/channel.go
@ -106,7 +106,7 @@ type OpenChannel struct {
 	//ReserveAmount btcutil.Amount

 	// Keys for both sides to be used for the commitment transactions.
-	OurCommitKey   *btcec.PrivateKey
+	OurCommitKey   *btcec.PublicKey
 	TheirCommitKey *btcec.PublicKey

 	// Tracking total channel capacity, and the amount of funds allocated
@ -123,7 +123,7 @@ type OpenChannel struct {
 	// The outpoint of the final funding transaction.
 	FundingOutpoint *wire.OutPoint

-	OurMultiSigKey      *btcec.PrivateKey
+	OurMultiSigKey      *btcec.PublicKey
 	TheirMultiSigKey    *btcec.PublicKey
 	FundingRedeemScript []byte

@ -809,12 +809,7 @@ func putChanCommitKeys(nodeChanBucket *bolt.Bucket, channel *OpenChannel) error
 		return err
 	}

-	encryptedPriv, err := ed.Encrypt(channel.OurCommitKey.Serialize())
-	if err != nil {
-		return err
-	}
-
-	if _, err := b.Write(encryptedPriv); err != nil {
+	if _, err := b.Write(channel.OurCommitKey.SerializeCompressed()); err != nil {
 		return err
 	}

@ -848,12 +843,7 @@ func fetchChanCommitKeys(nodeChanBucket *bolt.Bucket, channel *OpenChannel) erro
 		return err
 	}

-	decryptedPriv, err := ed.Decrypt(keyBytes[33:])
-	if err != nil {
-		return err
-	}
-
-	channel.OurCommitKey, _ = btcec.PrivKeyFromBytes(btcec.S256(), decryptedPriv)
+	channel.OurCommitKey, err = btcec.ParsePubKey(keyBytes[33:], btcec.S256())
 	if err != nil {
 		return err
 	}
@ -952,11 +942,8 @@ func putChanFundingInfo(nodeChanBucket *bolt.Bucket, channel *OpenChannel) error
 		return err
 	}

-	encryptedPriv, err := ed.Encrypt(channel.OurMultiSigKey.Serialize())
-	if err != nil {
-		return err
-	}
-	if err := wire.WriteVarBytes(&b, 0, encryptedPriv); err != nil {
+	ourSerKey := channel.OurMultiSigKey.SerializeCompressed()
+	if err := wire.WriteVarBytes(&b, 0, ourSerKey); err != nil {
 		return err
 	}
 	theirSerKey := channel.TheirMultiSigKey.SerializeCompressed()
@ -1002,17 +989,16 @@ func fetchChanFundingInfo(nodeChanBucket *bolt.Bucket, channel *OpenChannel) err
 		return err
 	}

-	encryptedPrivBytes, err := wire.ReadVarBytes(infoBytes, 0, 100, "")
+	ourKeyBytes, err := wire.ReadVarBytes(infoBytes, 0, 34, "")
 	if err != nil {
 		return err
 	}
-	decryptedPriv, err := ed.Decrypt(encryptedPrivBytes)
+	channel.OurMultiSigKey, err = btcec.ParsePubKey(ourKeyBytes, btcec.S256())
 	if err != nil {
 		return err
 	}
-	channel.OurMultiSigKey, _ = btcec.PrivKeyFromBytes(btcec.S256(), decryptedPriv)

-	theirKeyBytes, err := wire.ReadVarBytes(infoBytes, 0, 33, "")
+	theirKeyBytes, err := wire.ReadVarBytes(infoBytes, 0, 34, "")
 	if err != nil {
 		return err
 	}
--- a/channeldb/channel_test.go
+++ b/channeldb/channel_test.go
@ -126,7 +126,7 @@ func TestOpenChannelPutGetDelete(t *testing.T) {
 		TheirLNID:                  key,
 		ChanID:                     id,
 		MinFeePerKb:                btcutil.Amount(5000),
-		OurCommitKey:               privKey,
+		OurCommitKey:               privKey.PubKey(),
 		TheirCommitKey:             pubKey,
 		Capacity:                   btcutil.Amount(10000),
 		OurBalance:                 btcutil.Amount(3000),
@ -136,7 +136,7 @@ func TestOpenChannelPutGetDelete(t *testing.T) {
 		LocalElkrem:                sender,
 		RemoteElkrem:               receiver,
 		FundingOutpoint:            testOutpoint,
-		OurMultiSigKey:             privKey,
+		OurMultiSigKey:             privKey.PubKey(),
 		TheirMultiSigKey:           privKey.PubKey(),
 		FundingRedeemScript:        script,
 		TheirCurrentRevocation:     privKey.PubKey(),
@ -177,8 +177,8 @@ func TestOpenChannelPutGetDelete(t *testing.T) {
 		t.Fatalf("fee/kb doens't match")
 	}

-	if !bytes.Equal(state.OurCommitKey.Serialize(),
-		newState.OurCommitKey.Serialize()) {
+	if !bytes.Equal(state.OurCommitKey.SerializeCompressed(),
+		newState.OurCommitKey.SerializeCompressed()) {
 		t.Fatalf("our commit key dont't match")
 	}
 	if !bytes.Equal(state.TheirCommitKey.SerializeCompressed(),
@ -216,8 +216,8 @@ func TestOpenChannelPutGetDelete(t *testing.T) {
 		t.Fatalf("funding outpoint doesn't match")
 	}

-	if !bytes.Equal(state.OurMultiSigKey.Serialize(),
-		newState.OurMultiSigKey.Serialize()) {
+	if !bytes.Equal(state.OurMultiSigKey.SerializeCompressed(),
+		newState.OurMultiSigKey.SerializeCompressed()) {
 		t.Fatalf("our multisig key doesn't match")
 	}
 	if !bytes.Equal(state.TheirMultiSigKey.SerializeCompressed(),