diff --git a/channeld/channeld.c b/channeld/channeld.c index 3e3bffea9..a0eedef87 100644 --- a/channeld/channeld.c +++ b/channeld/channeld.c @@ -1491,11 +1491,7 @@ static void marshall_htlc_info(const tal_t *ctx, memcpy(a.onion_routing_packet, htlc->routing, sizeof(a.onion_routing_packet)); - if (htlc->blinding) { - a.blinding = htlc->blinding; - ecdh(a.blinding, &a.blinding_ss); - } else - a.blinding = NULL; + a.blinding = htlc->blinding; a.fail_immediate = htlc->fail_immediate; tal_arr_expand(added, a); } else if (htlc->state == RCVD_REMOVE_COMMIT) { diff --git a/common/blindedpath.c b/common/blindedpath.c index 5307999d3..1493e17a7 100644 --- a/common/blindedpath.c +++ b/common/blindedpath.c @@ -196,6 +196,10 @@ static struct tlv_encrypted_data_tlv *decrypt_encmsg(const tal_t *ctx, * - if the `enctlv` is not a valid TLV... * - MUST drop the message. */ + /* Note: our parser consider nothing is a valid TLV, but decrypt_encmsg_raw + * returns NULL if it couldn't decrypt. */ + if (!cursor) + return NULL; return fromwire_tlv_encrypted_data_tlv(ctx, &cursor, &maxlen); } diff --git a/common/htlc_wire.c b/common/htlc_wire.c index 72ce1ac3d..fb47e0003 100644 --- a/common/htlc_wire.c +++ b/common/htlc_wire.c @@ -82,7 +82,6 @@ void towire_added_htlc(u8 **pptr, const struct added_htlc *added) if (added->blinding) { towire_bool(pptr, true); towire_pubkey(pptr, added->blinding); - towire_secret(pptr, &added->blinding_ss); } else towire_bool(pptr, false); towire_bool(pptr, added->fail_immediate); @@ -184,7 +183,6 @@ void fromwire_added_htlc(const u8 **cursor, size_t *max, if (fromwire_bool(cursor, max)) { added->blinding = tal(added, struct pubkey); fromwire_pubkey(cursor, max, added->blinding); - fromwire_secret(cursor, max, &added->blinding_ss); } else added->blinding = NULL; added->fail_immediate = fromwire_bool(cursor, max); diff --git a/common/htlc_wire.h b/common/htlc_wire.h index b89b5961a..72d359f57 100644 --- a/common/htlc_wire.h +++ b/common/htlc_wire.h @@ -16,10 +16,7 @@ struct added_htlc { u32 cltv_expiry; u8 onion_routing_packet[TOTAL_PACKET_SIZE(ROUTING_INFO_SIZE)]; bool fail_immediate; - - /* If this is non-NULL, secret is the resulting shared secret */ struct pubkey *blinding; - struct secret blinding_ss; }; /* This is how lightningd tells us about HTLCs which already exist at startup */ diff --git a/common/onion.c b/common/onion.c index 93a4ec107..1f1d4582f 100644 --- a/common/onion.c +++ b/common/onion.c @@ -110,7 +110,6 @@ u8 *onion_final_hop(const tal_t *ctx, struct onion_payload *onion_decode(const tal_t *ctx, const struct route_step *rs, const struct pubkey *blinding, - const struct secret *blinding_ss, const u64 *accepted_extra_tlvs, u64 *failtlvtype, size_t *failtlvpos) diff --git a/common/onion.h b/common/onion.h index 23dd2c92c..65d76dcfb 100644 --- a/common/onion.h +++ b/common/onion.h @@ -45,7 +45,6 @@ u8 *onion_final_hop(const tal_t *ctx, * @rs: the route_step, whose raw_payload is of at least length * onion_payload_length(). * @blinding: the optional incoming blinding point. - * @blinding_ss: the shared secret derived from @blinding (iff that's non-NULL) * @accepted_extra_tlvs: Allow these types to be in the TLV without failing * @failtlvtype: (out) the tlv type which failed to parse. * @failtlvpos: (out) the offset in the tlv which failed to parse. @@ -55,7 +54,6 @@ u8 *onion_final_hop(const tal_t *ctx, struct onion_payload *onion_decode(const tal_t *ctx, const struct route_step *rs, const struct pubkey *blinding, - const struct secret *blinding_ss, const u64 *accepted_extra_tlvs, u64 *failtlvtype, size_t *failtlvpos); diff --git a/lightningd/htlc_end.c b/lightningd/htlc_end.c index d9a80ac1b..607da655c 100644 --- a/lightningd/htlc_end.c +++ b/lightningd/htlc_end.c @@ -130,7 +130,6 @@ struct htlc_in *new_htlc_in(const tal_t *ctx, const struct sha256 *payment_hash, const struct secret *shared_secret TAKES, const struct pubkey *blinding TAKES, - const struct secret *blinding_ss, const u8 *onion_routing_packet, bool fail_immediate) { @@ -145,10 +144,9 @@ struct htlc_in *new_htlc_in(const tal_t *ctx, hin->status = NULL; hin->fail_immediate = fail_immediate; hin->shared_secret = tal_dup_or_null(hin, struct secret, shared_secret); - if (blinding) { + if (blinding) hin->blinding = tal_dup(hin, struct pubkey, blinding); - hin->blinding_ss = *blinding_ss; - } else + else hin->blinding = NULL; memcpy(hin->onion_routing_packet, onion_routing_packet, sizeof(hin->onion_routing_packet)); diff --git a/lightningd/htlc_end.h b/lightningd/htlc_end.h index da5f2ce18..b98a96f97 100644 --- a/lightningd/htlc_end.h +++ b/lightningd/htlc_end.h @@ -48,8 +48,6 @@ struct htlc_in { /* If it was blinded. */ struct pubkey *blinding; - /* Only set if blinding != NULL */ - struct secret blinding_ss; /* true if we supplied the preimage */ bool *we_filled; /* true if we immediately fail the htlc (too much dust) */ @@ -159,7 +157,6 @@ struct htlc_in *new_htlc_in(const tal_t *ctx, const struct sha256 *payment_hash, const struct secret *shared_secret TAKES, const struct pubkey *blinding TAKES, - const struct secret *blinding_ss, const u8 *onion_routing_packet, bool fail_immediate); diff --git a/lightningd/peer_htlcs.c b/lightningd/peer_htlcs.c index dfea74ca5..d9b31e86b 100644 --- a/lightningd/peer_htlcs.c +++ b/lightningd/peer_htlcs.c @@ -931,7 +931,7 @@ static bool htlc_accepted_hook_deserialize(struct htlc_accepted_hook_payload *re rs->raw_payload = prepend_length(rs, take(payload)); request->payload = onion_decode(request, rs, - hin->blinding, &hin->blinding_ss, + hin->blinding, ld->accept_extra_tlv_types, &request->failtlvtype, &request->failtlvpos); @@ -1137,7 +1137,6 @@ htlc_accepted_hook_final(struct htlc_accepted_hook_payload *request STEALS) /* Apply tweak to ephemeral key if blinding is non-NULL, then do ECDH */ static bool ecdh_maybe_blinding(const struct pubkey *ephemeral_key, const struct pubkey *blinding, - const struct secret *blinding_ss, struct secret *ss) { struct pubkey point = *ephemeral_key; @@ -1145,9 +1144,11 @@ static bool ecdh_maybe_blinding(const struct pubkey *ephemeral_key, #if EXPERIMENTAL_FEATURES if (blinding) { struct secret hmac; + struct secret blinding_ss; + ecdh(blinding, &blinding_ss); /* b(i) = HMAC256("blinded_node_id", ss(i)) * k(i) */ - subkey_from_hmac("blinded_node_id", blinding_ss, &hmac); + subkey_from_hmac("blinded_node_id", &blinding_ss, &hmac); /* We instead tweak the *ephemeral* key from the onion and use * our normal privkey: since hsmd knows only how to ECDH with @@ -1312,7 +1313,7 @@ static bool peer_accepted_htlc(const tal_t *ctx, hook_payload->route_step = tal_steal(hook_payload, rs); hook_payload->payload = onion_decode(hook_payload, rs, - hin->blinding, &hin->blinding_ss, + hin->blinding, ld->accept_extra_tlv_types, &hook_payload->failtlvtype, &hook_payload->failtlvpos); @@ -2069,7 +2070,7 @@ static bool channel_added_their_htlc(struct channel *channel, &failcode); if (op) { if (!ecdh_maybe_blinding(&op->ephemeralkey, - added->blinding, &added->blinding_ss, + added->blinding, &shared_secret)) { log_debug(channel->log, "htlc %"PRIu64 ": can't tweak pubkey", added->id); @@ -2082,7 +2083,7 @@ static bool channel_added_their_htlc(struct channel *channel, hin = new_htlc_in(channel, channel, added->id, added->amount, added->cltv_expiry, &added->payment_hash, op ? &shared_secret : NULL, - added->blinding, &added->blinding_ss, + added->blinding, added->onion_routing_packet, added->fail_immediate); diff --git a/wallet/test/run-wallet.c b/wallet/test/run-wallet.c index fcd85fd32..e2f7f324b 100644 --- a/wallet/test/run-wallet.c +++ b/wallet/test/run-wallet.c @@ -550,7 +550,6 @@ enum watch_result onchaind_funding_spent(struct channel *channel UNNEEDED, struct onion_payload *onion_decode(const tal_t *ctx UNNEEDED, const struct route_step *rs UNNEEDED, const struct pubkey *blinding UNNEEDED, - const struct secret *blinding_ss UNNEEDED, const u64 *accepted_extra_tlvs UNNEEDED, u64 *failtlvtype UNNEEDED, size_t *failtlvpos UNNEEDED)