aljaz/lightning
1
0
Fork 0
mirror of https://github.com/aljazceru/lightning.git synced 2025-12-19 07:04:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

sphinx: fix potential data leak.

Browse Source 
https://github.com/lightningnetwork/lightning-rfc/pull/697
https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-November/002288.html

We generate it from an hmac using the session secret.  It's not
clear that this will be useful for reproducing test vectors though,
since we don't generate the first 66 bytes, which is what the
spec says to do.

Reported-by: @roasbeef
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell
2019-11-06 13:24:50 +10:30
committed by Christian Decker
parent 208123771e
commit c62f0cb6ff
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
common/sphinx.c
View File

@@ -511,6 +511,7 @@ struct onionpacket *create_onionpacket(
sphinx_hop_size(&sp->hops[num_hops - 1]);
u8 filler[fillerSize];
struct keyset keys;
u8 padkey[KEY_LEN];
u8 nexthmac[HMAC_SIZE];
u8 stream[ROUTING_INFO_SIZE];
struct hop_params *params;
@@ -529,7 +530,16 @@ struct onionpacket *create_onionpacket(
}
packet->version = 0;
memset(nexthmac, 0, HMAC_SIZE);
memset(packet->routinginfo, 0, ROUTING_INFO_SIZE);
/* BOLT-e116441ee836447ac3f24cdca62bac1e0f223d5f #4:
*
* The packet is initialized with 1366 _random_ bytes derived from a
* CSPRNG.
*/
/* Note that this is just hop_payloads: the rest of the packet is
* overwritten below or above anyway. */
generate_key(padkey, "pad", 3, sp->session_key->data);
generate_cipher_stream(stream, padkey, ROUTING_INFO_SIZE);
generate_header_padding(filler, sizeof(filler), sp, params);