lnd+server+netann: use signing interface in node signer
This commit is contained in:
parent
6f702a43aa
commit
be890ef9be
14
lnd.go
14
lnd.go
@ -484,6 +484,18 @@ func Main(cfg *Config, lisCfg ListenerCfg, shutdownChan <-chan struct{}) error {
|
|||||||
}
|
}
|
||||||
idPrivKey.Curve = btcec.S256()
|
idPrivKey.Curve = btcec.S256()
|
||||||
|
|
||||||
|
idKeyDesc, err := activeChainControl.keyRing.DeriveKey(
|
||||||
|
keychain.KeyLocator{
|
||||||
|
Family: keychain.KeyFamilyNodeKey,
|
||||||
|
Index: 0,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
err := fmt.Errorf("error deriving node key: %v", err)
|
||||||
|
ltndLog.Error(err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
if cfg.Tor.Active {
|
if cfg.Tor.Active {
|
||||||
srvrLog.Infof("Proxying all network traffic via Tor "+
|
srvrLog.Infof("Proxying all network traffic via Tor "+
|
||||||
"(stream_isolation=%v)! NOTE: Ensure the backend node "+
|
"(stream_isolation=%v)! NOTE: Ensure the backend node "+
|
||||||
@ -612,7 +624,7 @@ func Main(cfg *Config, lisCfg ListenerCfg, shutdownChan <-chan struct{}) error {
|
|||||||
// connections.
|
// connections.
|
||||||
server, err := newServer(
|
server, err := newServer(
|
||||||
cfg, cfg.Listeners, chanDB, towerClientDB, activeChainControl,
|
cfg, cfg.Listeners, chanDB, towerClientDB, activeChainControl,
|
||||||
idPrivKey, walletInitParams.ChansToRestore, chainedAcceptor,
|
idPrivKey, &idKeyDesc, walletInitParams.ChansToRestore, chainedAcceptor,
|
||||||
torController,
|
torController,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -14,6 +14,7 @@ import (
|
|||||||
"github.com/btcsuite/btcd/btcec"
|
"github.com/btcsuite/btcd/btcec"
|
||||||
"github.com/btcsuite/btcd/wire"
|
"github.com/btcsuite/btcd/wire"
|
||||||
"github.com/lightningnetwork/lnd/channeldb"
|
"github.com/lightningnetwork/lnd/channeldb"
|
||||||
|
"github.com/lightningnetwork/lnd/keychain"
|
||||||
"github.com/lightningnetwork/lnd/lnwire"
|
"github.com/lightningnetwork/lnd/lnwire"
|
||||||
"github.com/lightningnetwork/lnd/netann"
|
"github.com/lightningnetwork/lnd/netann"
|
||||||
)
|
)
|
||||||
@ -309,6 +310,7 @@ func newManagerCfg(t *testing.T, numChannels int,
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("unable to generate key pair: %v", err)
|
t.Fatalf("unable to generate key pair: %v", err)
|
||||||
}
|
}
|
||||||
|
privKeySigner := &keychain.PrivKeyDigestSigner{PrivKey: privKey}
|
||||||
|
|
||||||
graph := newMockGraph(
|
graph := newMockGraph(
|
||||||
t, numChannels, startEnabled, startEnabled, privKey.PubKey(),
|
t, numChannels, startEnabled, startEnabled, privKey.PubKey(),
|
||||||
@ -320,7 +322,7 @@ func newManagerCfg(t *testing.T, numChannels int,
|
|||||||
ChanEnableTimeout: 500 * time.Millisecond,
|
ChanEnableTimeout: 500 * time.Millisecond,
|
||||||
ChanDisableTimeout: time.Second,
|
ChanDisableTimeout: time.Second,
|
||||||
OurPubKey: privKey.PubKey(),
|
OurPubKey: privKey.PubKey(),
|
||||||
MessageSigner: netann.NewNodeSigner(privKey),
|
MessageSigner: netann.NewNodeSigner(privKeySigner),
|
||||||
IsChannelActive: htlcSwitch.HasActiveLink,
|
IsChannelActive: htlcSwitch.HasActiveLink,
|
||||||
ApplyChannelUpdate: graph.ApplyChannelUpdate,
|
ApplyChannelUpdate: graph.ApplyChannelUpdate,
|
||||||
DB: graph,
|
DB: graph,
|
||||||
|
@ -7,6 +7,7 @@ import (
|
|||||||
|
|
||||||
"github.com/btcsuite/btcd/btcec"
|
"github.com/btcsuite/btcd/btcec"
|
||||||
"github.com/lightningnetwork/lnd/input"
|
"github.com/lightningnetwork/lnd/input"
|
||||||
|
"github.com/lightningnetwork/lnd/keychain"
|
||||||
"github.com/lightningnetwork/lnd/lnwallet"
|
"github.com/lightningnetwork/lnd/lnwallet"
|
||||||
"github.com/lightningnetwork/lnd/lnwire"
|
"github.com/lightningnetwork/lnd/lnwire"
|
||||||
"github.com/lightningnetwork/lnd/netann"
|
"github.com/lightningnetwork/lnd/netann"
|
||||||
@ -30,7 +31,8 @@ func (m *mockSigner) SignMessage(pk *btcec.PublicKey,
|
|||||||
var _ lnwallet.MessageSigner = (*mockSigner)(nil)
|
var _ lnwallet.MessageSigner = (*mockSigner)(nil)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
privKey, _ = btcec.NewPrivateKey(btcec.S256())
|
privKey, _ = btcec.NewPrivateKey(btcec.S256())
|
||||||
|
privKeySigner = &keychain.PrivKeyDigestSigner{PrivKey: privKey}
|
||||||
|
|
||||||
pubKey = privKey.PubKey()
|
pubKey = privKey.PubKey()
|
||||||
|
|
||||||
@ -52,35 +54,35 @@ var updateDisableTests = []updateDisableTest{
|
|||||||
startEnabled: true,
|
startEnabled: true,
|
||||||
disable: true,
|
disable: true,
|
||||||
startTime: time.Now(),
|
startTime: time.Now(),
|
||||||
signer: netann.NewNodeSigner(privKey),
|
signer: netann.NewNodeSigner(privKeySigner),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "working signer enabled to enabled",
|
name: "working signer enabled to enabled",
|
||||||
startEnabled: true,
|
startEnabled: true,
|
||||||
disable: false,
|
disable: false,
|
||||||
startTime: time.Now(),
|
startTime: time.Now(),
|
||||||
signer: netann.NewNodeSigner(privKey),
|
signer: netann.NewNodeSigner(privKeySigner),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "working signer disabled to enabled",
|
name: "working signer disabled to enabled",
|
||||||
startEnabled: false,
|
startEnabled: false,
|
||||||
disable: false,
|
disable: false,
|
||||||
startTime: time.Now(),
|
startTime: time.Now(),
|
||||||
signer: netann.NewNodeSigner(privKey),
|
signer: netann.NewNodeSigner(privKeySigner),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "working signer disabled to disabled",
|
name: "working signer disabled to disabled",
|
||||||
startEnabled: false,
|
startEnabled: false,
|
||||||
disable: true,
|
disable: true,
|
||||||
startTime: time.Now(),
|
startTime: time.Now(),
|
||||||
signer: netann.NewNodeSigner(privKey),
|
signer: netann.NewNodeSigner(privKeySigner),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "working signer future monotonicity",
|
name: "working signer future monotonicity",
|
||||||
startEnabled: true,
|
startEnabled: true,
|
||||||
disable: true,
|
disable: true,
|
||||||
startTime: time.Now().Add(time.Hour), // must increment
|
startTime: time.Now().Add(time.Hour), // must increment
|
||||||
signer: netann.NewNodeSigner(privKey),
|
signer: netann.NewNodeSigner(privKeySigner),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "failing signer",
|
name: "failing signer",
|
||||||
|
@ -6,25 +6,21 @@ import (
|
|||||||
"github.com/btcsuite/btcd/btcec"
|
"github.com/btcsuite/btcd/btcec"
|
||||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||||
"github.com/lightningnetwork/lnd/input"
|
"github.com/lightningnetwork/lnd/input"
|
||||||
|
"github.com/lightningnetwork/lnd/keychain"
|
||||||
"github.com/lightningnetwork/lnd/lnwallet"
|
"github.com/lightningnetwork/lnd/lnwallet"
|
||||||
)
|
)
|
||||||
|
|
||||||
// NodeSigner is an implementation of the MessageSigner interface backed by the
|
// NodeSigner is an implementation of the MessageSigner interface backed by the
|
||||||
// identity private key of running lnd node.
|
// identity private key of running lnd node.
|
||||||
type NodeSigner struct {
|
type NodeSigner struct {
|
||||||
privKey *btcec.PrivateKey
|
keySigner keychain.SingleKeyDigestSigner
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewNodeSigner creates a new instance of the NodeSigner backed by the target
|
// NewNodeSigner creates a new instance of the NodeSigner backed by the target
|
||||||
// private key.
|
// private key.
|
||||||
func NewNodeSigner(key *btcec.PrivateKey) *NodeSigner {
|
func NewNodeSigner(keySigner keychain.SingleKeyDigestSigner) *NodeSigner {
|
||||||
priv := &btcec.PrivateKey{}
|
|
||||||
priv.Curve = btcec.S256()
|
|
||||||
priv.PublicKey.X = key.X
|
|
||||||
priv.PublicKey.Y = key.Y
|
|
||||||
priv.D = key.D
|
|
||||||
return &NodeSigner{
|
return &NodeSigner{
|
||||||
privKey: priv,
|
keySigner: keySigner,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -36,13 +32,14 @@ func (n *NodeSigner) SignMessage(pubKey *btcec.PublicKey,
|
|||||||
|
|
||||||
// If this isn't our identity public key, then we'll exit early with an
|
// If this isn't our identity public key, then we'll exit early with an
|
||||||
// error as we can't sign with this key.
|
// error as we can't sign with this key.
|
||||||
if !pubKey.IsEqual(n.privKey.PubKey()) {
|
if !pubKey.IsEqual(n.keySigner.PubKey()) {
|
||||||
return nil, fmt.Errorf("unknown public key")
|
return nil, fmt.Errorf("unknown public key")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Otherwise, we'll sign the dsha256 of the target message.
|
// Otherwise, we'll sign the dsha256 of the target message.
|
||||||
digest := chainhash.DoubleHashB(msg)
|
var digest [32]byte
|
||||||
sig, err := n.privKey.Sign(digest)
|
copy(digest[:], chainhash.DoubleHashB(msg))
|
||||||
|
sig, err := n.keySigner.SignDigest(digest)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("can't sign the message: %v", err)
|
return nil, fmt.Errorf("can't sign the message: %v", err)
|
||||||
}
|
}
|
||||||
@ -63,14 +60,11 @@ func (n *NodeSigner) SignCompact(msg []byte) ([]byte, error) {
|
|||||||
// SignDigestCompact signs the provided message digest under the resident
|
// SignDigestCompact signs the provided message digest under the resident
|
||||||
// node's private key. The returned signature is a pubkey-recoverable signature.
|
// node's private key. The returned signature is a pubkey-recoverable signature.
|
||||||
func (n *NodeSigner) SignDigestCompact(hash []byte) ([]byte, error) {
|
func (n *NodeSigner) SignDigestCompact(hash []byte) ([]byte, error) {
|
||||||
|
var digest [32]byte
|
||||||
|
copy(digest[:], hash)
|
||||||
|
|
||||||
// Should the signature reference a compressed public key or not.
|
// keychain.SignDigestCompact returns a pubkey-recoverable signature.
|
||||||
isCompressedKey := true
|
sig, err := n.keySigner.SignDigestCompact(digest)
|
||||||
|
|
||||||
// btcec.SignCompact returns a pubkey-recoverable signature
|
|
||||||
sig, err := btcec.SignCompact(
|
|
||||||
btcec.S256(), n.privKey, hash, isCompressedKey,
|
|
||||||
)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("can't sign the hash: %v", err)
|
return nil, fmt.Errorf("can't sign the hash: %v", err)
|
||||||
}
|
}
|
||||||
|
12
server.go
12
server.go
@ -41,6 +41,7 @@ import (
|
|||||||
"github.com/lightningnetwork/lnd/htlcswitch/hop"
|
"github.com/lightningnetwork/lnd/htlcswitch/hop"
|
||||||
"github.com/lightningnetwork/lnd/input"
|
"github.com/lightningnetwork/lnd/input"
|
||||||
"github.com/lightningnetwork/lnd/invoices"
|
"github.com/lightningnetwork/lnd/invoices"
|
||||||
|
"github.com/lightningnetwork/lnd/keychain"
|
||||||
"github.com/lightningnetwork/lnd/lncfg"
|
"github.com/lightningnetwork/lnd/lncfg"
|
||||||
"github.com/lightningnetwork/lnd/lnpeer"
|
"github.com/lightningnetwork/lnd/lnpeer"
|
||||||
"github.com/lightningnetwork/lnd/lnrpc"
|
"github.com/lightningnetwork/lnd/lnrpc"
|
||||||
@ -324,12 +325,17 @@ func noiseDial(idPriv *btcec.PrivateKey,
|
|||||||
// passed listener address.
|
// passed listener address.
|
||||||
func newServer(cfg *Config, listenAddrs []net.Addr, chanDB *channeldb.DB,
|
func newServer(cfg *Config, listenAddrs []net.Addr, chanDB *channeldb.DB,
|
||||||
towerClientDB *wtdb.ClientDB, cc *chainControl,
|
towerClientDB *wtdb.ClientDB, cc *chainControl,
|
||||||
privKey *btcec.PrivateKey,
|
privKey *btcec.PrivateKey, nodeKeyDesc *keychain.KeyDescriptor,
|
||||||
chansToRestore walletunlocker.ChannelsToRecover,
|
chansToRestore walletunlocker.ChannelsToRecover,
|
||||||
chanPredicate chanacceptor.ChannelAcceptor,
|
chanPredicate chanacceptor.ChannelAcceptor,
|
||||||
torController *tor.Controller) (*server, error) {
|
torController *tor.Controller) (*server, error) {
|
||||||
|
|
||||||
var err error
|
var (
|
||||||
|
err error
|
||||||
|
nodeKeySigner = keychain.NewPubKeyDigestSigner(
|
||||||
|
*nodeKeyDesc, cc.keyRing,
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
listeners := make([]net.Listener, len(listenAddrs))
|
listeners := make([]net.Listener, len(listenAddrs))
|
||||||
for i, listenAddr := range listenAddrs {
|
for i, listenAddr := range listenAddrs {
|
||||||
@ -426,7 +432,7 @@ func newServer(cfg *Config, listenAddrs []net.Addr, chanDB *channeldb.DB,
|
|||||||
channelNotifier: channelnotifier.New(chanDB),
|
channelNotifier: channelnotifier.New(chanDB),
|
||||||
|
|
||||||
identityECDH: privKey,
|
identityECDH: privKey,
|
||||||
nodeSigner: netann.NewNodeSigner(privKey),
|
nodeSigner: netann.NewNodeSigner(nodeKeySigner),
|
||||||
|
|
||||||
listenAddrs: listenAddrs,
|
listenAddrs: listenAddrs,
|
||||||
|
|
||||||
|
@ -103,10 +103,13 @@ func createTestPeer(notifier chainntnfs.ChainNotifier, publTx chan *wire.MsgTx,
|
|||||||
updateChan func(a, b *channeldb.OpenChannel)) (*peer, *lnwallet.LightningChannel,
|
updateChan func(a, b *channeldb.OpenChannel)) (*peer, *lnwallet.LightningChannel,
|
||||||
*lnwallet.LightningChannel, func(), error) {
|
*lnwallet.LightningChannel, func(), error) {
|
||||||
|
|
||||||
aliceKeyPriv, aliceKeyPub := btcec.PrivKeyFromBytes(btcec.S256(),
|
aliceKeyPriv, aliceKeyPub := btcec.PrivKeyFromBytes(
|
||||||
alicesPrivKey)
|
btcec.S256(), alicesPrivKey,
|
||||||
bobKeyPriv, bobKeyPub := btcec.PrivKeyFromBytes(btcec.S256(),
|
)
|
||||||
bobsPrivKey)
|
aliceKeySigner := &keychain.PrivKeyDigestSigner{PrivKey: aliceKeyPriv}
|
||||||
|
bobKeyPriv, bobKeyPub := btcec.PrivKeyFromBytes(
|
||||||
|
btcec.S256(), bobsPrivKey,
|
||||||
|
)
|
||||||
|
|
||||||
channelCapacity := btcutil.Amount(10 * 1e8)
|
channelCapacity := btcutil.Amount(10 * 1e8)
|
||||||
channelBal := channelCapacity / 2
|
channelBal := channelCapacity / 2
|
||||||
@ -402,7 +405,7 @@ func createTestPeer(notifier chainntnfs.ChainNotifier, publTx chan *wire.MsgTx,
|
|||||||
}
|
}
|
||||||
s.htlcSwitch = htlcSwitch
|
s.htlcSwitch = htlcSwitch
|
||||||
|
|
||||||
nodeSignerAlice := netann.NewNodeSigner(aliceKeyPriv)
|
nodeSignerAlice := netann.NewNodeSigner(aliceKeySigner)
|
||||||
|
|
||||||
const chanActiveTimeout = time.Minute
|
const chanActiveTimeout = time.Minute
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user