lnd+server+netann: use signing interface in node signer

This commit is contained in:
Oliver Gugger 2020-04-28 10:06:27 +02:00
parent 6f702a43aa
commit be890ef9be
No known key found for this signature in database
GPG Key ID: 8E4256593F177720
6 changed files with 53 additions and 34 deletions

14
lnd.go
View File

@ -484,6 +484,18 @@ func Main(cfg *Config, lisCfg ListenerCfg, shutdownChan <-chan struct{}) error {
}
idPrivKey.Curve = btcec.S256()
idKeyDesc, err := activeChainControl.keyRing.DeriveKey(
keychain.KeyLocator{
Family: keychain.KeyFamilyNodeKey,
Index: 0,
},
)
if err != nil {
err := fmt.Errorf("error deriving node key: %v", err)
ltndLog.Error(err)
return err
}
if cfg.Tor.Active {
srvrLog.Infof("Proxying all network traffic via Tor "+
"(stream_isolation=%v)! NOTE: Ensure the backend node "+
@ -612,7 +624,7 @@ func Main(cfg *Config, lisCfg ListenerCfg, shutdownChan <-chan struct{}) error {
// connections.
server, err := newServer(
cfg, cfg.Listeners, chanDB, towerClientDB, activeChainControl,
idPrivKey, walletInitParams.ChansToRestore, chainedAcceptor,
idPrivKey, &idKeyDesc, walletInitParams.ChansToRestore, chainedAcceptor,
torController,
)
if err != nil {

View File

@ -14,6 +14,7 @@ import (
"github.com/btcsuite/btcd/btcec"
"github.com/btcsuite/btcd/wire"
"github.com/lightningnetwork/lnd/channeldb"
"github.com/lightningnetwork/lnd/keychain"
"github.com/lightningnetwork/lnd/lnwire"
"github.com/lightningnetwork/lnd/netann"
)
@ -309,6 +310,7 @@ func newManagerCfg(t *testing.T, numChannels int,
if err != nil {
t.Fatalf("unable to generate key pair: %v", err)
}
privKeySigner := &keychain.PrivKeyDigestSigner{PrivKey: privKey}
graph := newMockGraph(
t, numChannels, startEnabled, startEnabled, privKey.PubKey(),
@ -320,7 +322,7 @@ func newManagerCfg(t *testing.T, numChannels int,
ChanEnableTimeout: 500 * time.Millisecond,
ChanDisableTimeout: time.Second,
OurPubKey: privKey.PubKey(),
MessageSigner: netann.NewNodeSigner(privKey),
MessageSigner: netann.NewNodeSigner(privKeySigner),
IsChannelActive: htlcSwitch.HasActiveLink,
ApplyChannelUpdate: graph.ApplyChannelUpdate,
DB: graph,

View File

@ -7,6 +7,7 @@ import (
"github.com/btcsuite/btcd/btcec"
"github.com/lightningnetwork/lnd/input"
"github.com/lightningnetwork/lnd/keychain"
"github.com/lightningnetwork/lnd/lnwallet"
"github.com/lightningnetwork/lnd/lnwire"
"github.com/lightningnetwork/lnd/netann"
@ -30,7 +31,8 @@ func (m *mockSigner) SignMessage(pk *btcec.PublicKey,
var _ lnwallet.MessageSigner = (*mockSigner)(nil)
var (
privKey, _ = btcec.NewPrivateKey(btcec.S256())
privKey, _ = btcec.NewPrivateKey(btcec.S256())
privKeySigner = &keychain.PrivKeyDigestSigner{PrivKey: privKey}
pubKey = privKey.PubKey()
@ -52,35 +54,35 @@ var updateDisableTests = []updateDisableTest{
startEnabled: true,
disable: true,
startTime: time.Now(),
signer: netann.NewNodeSigner(privKey),
signer: netann.NewNodeSigner(privKeySigner),
},
{
name: "working signer enabled to enabled",
startEnabled: true,
disable: false,
startTime: time.Now(),
signer: netann.NewNodeSigner(privKey),
signer: netann.NewNodeSigner(privKeySigner),
},
{
name: "working signer disabled to enabled",
startEnabled: false,
disable: false,
startTime: time.Now(),
signer: netann.NewNodeSigner(privKey),
signer: netann.NewNodeSigner(privKeySigner),
},
{
name: "working signer disabled to disabled",
startEnabled: false,
disable: true,
startTime: time.Now(),
signer: netann.NewNodeSigner(privKey),
signer: netann.NewNodeSigner(privKeySigner),
},
{
name: "working signer future monotonicity",
startEnabled: true,
disable: true,
startTime: time.Now().Add(time.Hour), // must increment
signer: netann.NewNodeSigner(privKey),
signer: netann.NewNodeSigner(privKeySigner),
},
{
name: "failing signer",

View File

@ -6,25 +6,21 @@ import (
"github.com/btcsuite/btcd/btcec"
"github.com/btcsuite/btcd/chaincfg/chainhash"
"github.com/lightningnetwork/lnd/input"
"github.com/lightningnetwork/lnd/keychain"
"github.com/lightningnetwork/lnd/lnwallet"
)
// NodeSigner is an implementation of the MessageSigner interface backed by the
// identity private key of running lnd node.
type NodeSigner struct {
privKey *btcec.PrivateKey
keySigner keychain.SingleKeyDigestSigner
}
// NewNodeSigner creates a new instance of the NodeSigner backed by the target
// private key.
func NewNodeSigner(key *btcec.PrivateKey) *NodeSigner {
priv := &btcec.PrivateKey{}
priv.Curve = btcec.S256()
priv.PublicKey.X = key.X
priv.PublicKey.Y = key.Y
priv.D = key.D
func NewNodeSigner(keySigner keychain.SingleKeyDigestSigner) *NodeSigner {
return &NodeSigner{
privKey: priv,
keySigner: keySigner,
}
}
@ -36,13 +32,14 @@ func (n *NodeSigner) SignMessage(pubKey *btcec.PublicKey,
// If this isn't our identity public key, then we'll exit early with an
// error as we can't sign with this key.
if !pubKey.IsEqual(n.privKey.PubKey()) {
if !pubKey.IsEqual(n.keySigner.PubKey()) {
return nil, fmt.Errorf("unknown public key")
}
// Otherwise, we'll sign the dsha256 of the target message.
digest := chainhash.DoubleHashB(msg)
sig, err := n.privKey.Sign(digest)
var digest [32]byte
copy(digest[:], chainhash.DoubleHashB(msg))
sig, err := n.keySigner.SignDigest(digest)
if err != nil {
return nil, fmt.Errorf("can't sign the message: %v", err)
}
@ -63,14 +60,11 @@ func (n *NodeSigner) SignCompact(msg []byte) ([]byte, error) {
// SignDigestCompact signs the provided message digest under the resident
// node's private key. The returned signature is a pubkey-recoverable signature.
func (n *NodeSigner) SignDigestCompact(hash []byte) ([]byte, error) {
var digest [32]byte
copy(digest[:], hash)
// Should the signature reference a compressed public key or not.
isCompressedKey := true
// btcec.SignCompact returns a pubkey-recoverable signature
sig, err := btcec.SignCompact(
btcec.S256(), n.privKey, hash, isCompressedKey,
)
// keychain.SignDigestCompact returns a pubkey-recoverable signature.
sig, err := n.keySigner.SignDigestCompact(digest)
if err != nil {
return nil, fmt.Errorf("can't sign the hash: %v", err)
}

View File

@ -41,6 +41,7 @@ import (
"github.com/lightningnetwork/lnd/htlcswitch/hop"
"github.com/lightningnetwork/lnd/input"
"github.com/lightningnetwork/lnd/invoices"
"github.com/lightningnetwork/lnd/keychain"
"github.com/lightningnetwork/lnd/lncfg"
"github.com/lightningnetwork/lnd/lnpeer"
"github.com/lightningnetwork/lnd/lnrpc"
@ -324,12 +325,17 @@ func noiseDial(idPriv *btcec.PrivateKey,
// passed listener address.
func newServer(cfg *Config, listenAddrs []net.Addr, chanDB *channeldb.DB,
towerClientDB *wtdb.ClientDB, cc *chainControl,
privKey *btcec.PrivateKey,
privKey *btcec.PrivateKey, nodeKeyDesc *keychain.KeyDescriptor,
chansToRestore walletunlocker.ChannelsToRecover,
chanPredicate chanacceptor.ChannelAcceptor,
torController *tor.Controller) (*server, error) {
var err error
var (
err error
nodeKeySigner = keychain.NewPubKeyDigestSigner(
*nodeKeyDesc, cc.keyRing,
)
)
listeners := make([]net.Listener, len(listenAddrs))
for i, listenAddr := range listenAddrs {
@ -426,7 +432,7 @@ func newServer(cfg *Config, listenAddrs []net.Addr, chanDB *channeldb.DB,
channelNotifier: channelnotifier.New(chanDB),
identityECDH: privKey,
nodeSigner: netann.NewNodeSigner(privKey),
nodeSigner: netann.NewNodeSigner(nodeKeySigner),
listenAddrs: listenAddrs,

View File

@ -103,10 +103,13 @@ func createTestPeer(notifier chainntnfs.ChainNotifier, publTx chan *wire.MsgTx,
updateChan func(a, b *channeldb.OpenChannel)) (*peer, *lnwallet.LightningChannel,
*lnwallet.LightningChannel, func(), error) {
aliceKeyPriv, aliceKeyPub := btcec.PrivKeyFromBytes(btcec.S256(),
alicesPrivKey)
bobKeyPriv, bobKeyPub := btcec.PrivKeyFromBytes(btcec.S256(),
bobsPrivKey)
aliceKeyPriv, aliceKeyPub := btcec.PrivKeyFromBytes(
btcec.S256(), alicesPrivKey,
)
aliceKeySigner := &keychain.PrivKeyDigestSigner{PrivKey: aliceKeyPriv}
bobKeyPriv, bobKeyPub := btcec.PrivKeyFromBytes(
btcec.S256(), bobsPrivKey,
)
channelCapacity := btcutil.Amount(10 * 1e8)
channelBal := channelCapacity / 2
@ -402,7 +405,7 @@ func createTestPeer(notifier chainntnfs.ChainNotifier, publTx chan *wire.MsgTx,
}
s.htlcSwitch = htlcSwitch
nodeSignerAlice := netann.NewNodeSigner(aliceKeyPriv)
nodeSignerAlice := netann.NewNodeSigner(aliceKeySigner)
const chanActiveTimeout = time.Minute