From eb37dba3f6e2add3c106ac24093bb15819431f2b Mon Sep 17 00:00:00 2001 From: Olaoluwa Osuntokun Date: Fri, 14 Apr 2017 11:17:41 -0700 Subject: [PATCH] funding: modify fundingManager config to use SignMessage for ann's This commit modifies the fundingManager config to use the a SignMesage function rather than two distinct functions for singing one half the channel announcement proofs. This change unifies the signing of messages under a single abstraction: the MessageSigner interface. --- fundingmanager.go | 37 +++++++++++++++++++------------------ lnd.go | 6 +++--- server.go | 26 ++++++++++++++------------ 3 files changed, 36 insertions(+), 33 deletions(-) diff --git a/fundingmanager.go b/fundingmanager.go index fce616e2..56ba318a 100644 --- a/fundingmanager.go +++ b/fundingmanager.go @@ -140,18 +140,11 @@ type fundingConfig struct { // so that the channel creation process can be completed. Notifier chainntnfs.ChainNotifier - // SignNodeKey is used to generate a signature of a given node identity - // public key signed under the passed node funding key. This function - // closure is used to generate one half the channel proof which attests - // the target nodeKey is indeed in control of the channel funding key - // in question. - SignNodeKey func(nodeKey, fundingKey *btcec.PublicKey) (*btcec.Signature, error) - - // SignAnnouncement is used to generate the signatures for channel - // update, and node announcements, and also to generate the proof for - // the channel announcements. The key used to generate this signature - // is the identity public key of the running daemon. - SignAnnouncement func(msg lnwire.Message) (*btcec.Signature, error) + // SignMessage signs an arbitrary method with a given public key. The + // actual digest signed is the double sha-256 of the message. In the + // case that the private key corresponding to the passed public key + // cannot be located, then an error is returned. + SignMessage func(pubKey *btcec.PublicKey, msg []byte) (*btcec.Signature, error) // SendAnnouncement is used by the FundingManager to announce newly // created channels to the rest of the Lightning Network. @@ -1064,7 +1057,7 @@ func (f *fundingManager) newChanAnnouncement(localPubKey, remotePubKey *btcec.Pu chanFlags = 1 } - // TODO(roasbeef): add real sig, populate proper FeeSchema + // TODO(roasbeef): populate proper FeeSchema chanUpdateAnn := &lnwire.ChannelUpdateAnnouncement{ ShortChannelID: chanID, Timestamp: uint32(time.Now().Unix()), @@ -1077,9 +1070,13 @@ func (f *fundingManager) newChanAnnouncement(localPubKey, remotePubKey *btcec.Pu // With the channel update announcement constructed, we'll generate a // signature that signs a double-sha digest of the announcement. - // This'll serve to authenticate this announcement and other Other - // future updates we may send. - chanUpdateAnn.Signature, err = f.cfg.SignAnnouncement(chanUpdateAnn) + // This'll serve to authenticate this announcement and any other future + // updates we may send. + chanUpdateMsg, err := chanUpdateAnn.DataToSign() + if err != nil { + return nil, err + } + chanUpdateAnn.Signature, err = f.cfg.SignMessage(f.cfg.IDKey, chanUpdateMsg) if err != nil { return nil, errors.Errorf("unable to generate channel "+ "update announcement signature: %v", err) @@ -1092,12 +1089,16 @@ func (f *fundingManager) newChanAnnouncement(localPubKey, remotePubKey *btcec.Pu // public key under the funding key itself. // TODO(roasbeef): need to revisit, ensure signatures are signed // properly - nodeSig, err := f.cfg.SignAnnouncement(chanAnn) + chanAnnMsg, err := chanAnn.DataToSign() + if err != nil { + return nil, err + } + nodeSig, err := f.cfg.SignMessage(f.cfg.IDKey, chanAnnMsg) if err != nil { return nil, errors.Errorf("unable to generate node "+ "signature for channel announcement: %v", err) } - bitcoinSig, err := f.cfg.SignNodeKey(localPubKey, localFundingKey) + bitcoinSig, err := f.cfg.SignMessage(localFundingKey, selfBytes) if err != nil { return nil, errors.Errorf("unable to generate bitcoin "+ "signature for node public key: %v", err) diff --git a/lnd.go b/lnd.go index 355508d3..cefae5bc 100644 --- a/lnd.go +++ b/lnd.go @@ -138,6 +138,7 @@ func lndMain() error { } signer := wc bio := wc + fundingSigner := wc // Create, and start the lnwallet, which handles the core payment // channel logic, and exposes control via proxy state machines. @@ -159,9 +160,8 @@ func lndMain() error { net.JoinHostPort("", strconv.Itoa(cfg.PeerPort)), } - fundingSigner := btcwallet.NewFundingSigner(wc) - server, err := newServer(defaultListenAddrs, notifier, bio, wallet, - chanDB, fundingSigner) + server, err := newServer(defaultListenAddrs, notifier, bio, + fundingSigner, wallet, chanDB) if err != nil { srvrLog.Errorf("unable to create server: %v\n", err) return err diff --git a/server.go b/server.go index 222afbb8..d611e6ab 100644 --- a/server.go +++ b/server.go @@ -18,7 +18,6 @@ import ( "github.com/lightningnetwork/lnd/discovery" "github.com/lightningnetwork/lnd/lnrpc" "github.com/lightningnetwork/lnd/lnwallet" - "github.com/lightningnetwork/lnd/lnwallet/btcwallet" "github.com/lightningnetwork/lnd/lnwire" "github.com/lightningnetwork/lnd/routing" "github.com/roasbeef/btcd/btcec" @@ -39,6 +38,10 @@ type server struct { // connections. identityPriv *btcec.PrivateKey + // nodeSigner is an implementation of the MessageSigner implementation + // that's backed by the identituy private key of the running lnd node. + nodeSigner *nodeSigner + // lightningID is the sha256 of the public key corresponding to our // long-term identity private key. lightningID [32]byte @@ -96,8 +99,8 @@ type server struct { // newServer creates a new instance of the server which is to listen using the // passed listener address. func newServer(listenAddrs []string, notifier chainntnfs.ChainNotifier, - bio lnwallet.BlockChainIO, wallet *lnwallet.LightningWallet, - chanDB *channeldb.DB, fundingSigner *btcwallet.FundingSigner) (*server, error) { + bio lnwallet.BlockChainIO, fundingSigner lnwallet.MessageSigner, + wallet *lnwallet.LightningWallet, chanDB *channeldb.DB) (*server, error) { privKey, err := wallet.GetIdentitykey() if err != nil { @@ -125,6 +128,7 @@ func newServer(listenAddrs []string, notifier chainntnfs.ChainNotifier, htlcSwitch: newHtlcSwitch(), identityPriv: privKey, + nodeSigner: newNodeSigner(privKey), // TODO(roasbeef): derive proper onion key based on rotation // schedule @@ -200,8 +204,8 @@ func newServer(listenAddrs []string, notifier chainntnfs.ChainNotifier, // Initialize graph with authenticated lightning node. We need to // generate a valid signature in order for other nodes on the network // to accept our announcement. - messageSigner := lnwallet.NewMessageSigner(s.identityPriv) - self.AuthSig, err = discovery.SignAnnouncement(messageSigner, + self.AuthSig, err = discovery.SignAnnouncement(s.nodeSigner, + s.identityPriv.PubKey(), &lnwire.NodeAnnouncement{ Timestamp: uint32(self.LastUpdate.Unix()), Addresses: self.Addresses, @@ -258,14 +262,12 @@ func newServer(listenAddrs []string, notifier chainntnfs.ChainNotifier, IDKey: s.identityPriv.PubKey(), Wallet: wallet, Notifier: s.chainNotifier, - SignNodeKey: func(nodeKey, - fundingKey *btcec.PublicKey) (*btcec.Signature, error) { + SignMessage: func(pubKey *btcec.PublicKey, msg []byte) (*btcec.Signature, error) { + if pubKey.IsEqual(s.identityPriv.PubKey()) { + return s.nodeSigner.SignMessage(pubKey, msg) + } - data := nodeKey.SerializeCompressed() - return fundingSigner.SignData(data, fundingKey) - }, - SignAnnouncement: func(msg lnwire.Message) (*btcec.Signature, error) { - return discovery.SignAnnouncement(messageSigner, msg) + return fundingSigner.SignMessage(pubKey, msg) }, SendAnnouncement: func(msg lnwire.Message) error { s.discoverSrv.ProcessLocalAnnouncement(msg,