mirror of
https://github.com/stakwork/sphinx-key.git
synced 2025-12-17 07:14:23 +01:00
sphinx-key: use bitcoin::sign_message for ota sig checks
This commit is contained in:
irriden
10
broker/Cargo.lock
generated
10
broker/Cargo.lock
generated
@@ -1691,7 +1691,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "lss-connector"
|
||||
version = "0.1.0"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"lightning-storage-server",
|
||||
@@ -2693,7 +2693,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "rmp-utils"
|
||||
version = "0.1.0"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"log",
|
||||
@@ -3268,7 +3268,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "sphinx-auther"
|
||||
version = "0.1.12"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"base64 0.21.2",
|
||||
@@ -3280,7 +3280,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "sphinx-glyph"
|
||||
version = "0.1.2"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"hex",
|
||||
@@ -3326,7 +3326,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "sphinx-signer"
|
||||
version = "0.1.0"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"bip39",
|
||||
|
||||
@@ -39,8 +39,8 @@ vls-proxy = { git = "https://gitlab.com/lightning-signer/validating-li
|
||||
# vls-protocol-client = { path = "../../vls/vls-protocol-client" }
|
||||
# vls-proxy = { path = "../../vls/vls-proxy" }
|
||||
|
||||
lss-connector = { git = "https://github.com/stakwork/sphinx-rs", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" }
|
||||
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" }
|
||||
lss-connector = { git = "https://github.com/stakwork/sphinx-rs", rev = "da0aeebc7a51ea7440fb8b23b602c12c0795c26b" }
|
||||
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs", rev = "da0aeebc7a51ea7440fb8b23b602c12c0795c26b" }
|
||||
# lss-connector = { path = "../../sphinx-rs/lss-connector" }
|
||||
# sphinx-signer = { path = "../../sphinx-rs/signer" }
|
||||
|
||||
|
||||
17
sphinx-key/Cargo.lock
generated
17
sphinx-key/Cargo.lock
generated
@@ -138,9 +138,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "base64"
|
||||
version = "0.21.2"
|
||||
version = "0.21.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "604178f6c5c21f02dc555784810edfb88d34ac2c73b2eae109655649ee73ce3d"
|
||||
checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9"
|
||||
|
||||
[[package]]
|
||||
name = "bech32"
|
||||
@@ -1161,7 +1161,7 @@ checksum = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4"
|
||||
[[package]]
|
||||
name = "lss-connector"
|
||||
version = "0.1.0"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"log",
|
||||
@@ -1530,7 +1530,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "rmp-utils"
|
||||
version = "0.1.0"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"log",
|
||||
@@ -1728,7 +1728,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "sphinx-auther"
|
||||
version = "0.1.12"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"base64",
|
||||
@@ -1740,7 +1740,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "sphinx-crypter"
|
||||
version = "0.1.0"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"chacha20poly1305",
|
||||
@@ -1751,7 +1751,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "sphinx-glyph"
|
||||
version = "0.1.2"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"hex",
|
||||
@@ -1766,6 +1766,7 @@ name = "sphinx-key"
|
||||
version = "0.1.0"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"base64",
|
||||
"bitflags",
|
||||
"embuild",
|
||||
"esp-idf-svc",
|
||||
@@ -1783,7 +1784,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "sphinx-signer"
|
||||
version = "0.1.0"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"bip39",
|
||||
|
||||
@@ -21,9 +21,9 @@ serde_urlencoded = "0.7.1"
|
||||
url = "2"
|
||||
|
||||
# sphinx-rs
|
||||
lss-connector = { git = "https://github.com/stakwork/sphinx-rs.git", default-features = false, rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" }
|
||||
sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" }
|
||||
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", optional = true, rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" }
|
||||
lss-connector = { git = "https://github.com/stakwork/sphinx-rs.git", default-features = false, rev = "da0aeebc7a51ea7440fb8b23b602c12c0795c26b" }
|
||||
sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "da0aeebc7a51ea7440fb8b23b602c12c0795c26b" }
|
||||
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", optional = true, rev = "da0aeebc7a51ea7440fb8b23b602c12c0795c26b" }
|
||||
# local
|
||||
# lss-connector = { path = "../../sphinx-rs/lss-connector", default-features = false }
|
||||
# sphinx-crypter = { path = "../../sphinx-rs/crypter" }
|
||||
@@ -33,6 +33,7 @@ anyhow = { version = "1", features = ["backtrace"] }
|
||||
bitflags = "1.3.2"
|
||||
esp-idf-svc = { version = "0.47.1", features = ["experimental", "alloc", "binstart"] }
|
||||
log = "0.4.17"
|
||||
base64 = "0.21.5"
|
||||
|
||||
[build-dependencies]
|
||||
embuild = "0.31.2"
|
||||
|
||||
@@ -1,23 +1,25 @@
|
||||
use anyhow::{anyhow, Result};
|
||||
use base64::{engine::general_purpose::STANDARD, Engine as _};
|
||||
use esp_idf_svc::http::client::Configuration;
|
||||
use esp_idf_svc::http::client::EspHttpConnection;
|
||||
use esp_idf_svc::http::client::FollowRedirectsPolicy::FollowNone;
|
||||
use esp_idf_svc::http::Method;
|
||||
use esp_idf_svc::ota::EspOta;
|
||||
use log::{error, info};
|
||||
use sphinx_signer::lightning_signer::bitcoin::hashes::{sha256, Hash};
|
||||
use sphinx_signer::lightning_signer::bitcoin::secp256k1::{
|
||||
schnorr::Signature, Message, PublicKey, Secp256k1,
|
||||
use sphinx_signer::lightning_signer::bitcoin::{
|
||||
hashes::{sha256, Hash},
|
||||
secp256k1::Secp256k1,
|
||||
util::misc::{signed_msg_hash, MessageSignature},
|
||||
Address,
|
||||
};
|
||||
use sphinx_signer::sphinx_glyph::control::OtaParams;
|
||||
use std::fs::{remove_file, File};
|
||||
use std::io::Write;
|
||||
use std::io::{BufReader, BufWriter};
|
||||
use std::str::FromStr;
|
||||
|
||||
const BUFFER_LEN: usize = 1024;
|
||||
const UPDATE_BIN_PATH: &str = "/sdcard/update.bin";
|
||||
const PUBLIC: &str = "039707459d92b1809a9f6f78feebf6f518e7319b851fe474a31d64307b86aaf38a";
|
||||
const ADDRESS: &str = "1K51sSTyoVxHhKFtwWpzMZsoHvLshtw3Dp";
|
||||
|
||||
fn factory_reset() -> Result<()> {
|
||||
let mut ota = EspOta::new()?;
|
||||
@@ -68,13 +70,17 @@ fn get_update(params: &OtaParams) -> Result<()> {
|
||||
}
|
||||
|
||||
fn check_signature(params: &OtaParams) -> Result<()> {
|
||||
let msg = Message::from_hashed_data::<sha256::Hash>(params.sha256_hash.as_bytes());
|
||||
let sig = Signature::from_str(¶ms.schnorr_sig).unwrap();
|
||||
let pbk = PublicKey::from_str(PUBLIC).unwrap().x_only_public_key().0;
|
||||
let add = ADDRESS.parse::<Address>()?;
|
||||
let sig = STANDARD.decode(¶ms.message_sig)?;
|
||||
let sig = MessageSignature::from_slice(&sig)?;
|
||||
let secp = Secp256k1::verification_only();
|
||||
secp.verify_schnorr(&sig, &msg, &pbk).unwrap();
|
||||
Ok(())
|
||||
let signed = sig.is_signed_by_address(&secp, &add, signed_msg_hash(¶ms.sha256_hash))?;
|
||||
match signed {
|
||||
true => Ok(()),
|
||||
false => Err(anyhow!("Failed signature check")),
|
||||
}
|
||||
}
|
||||
|
||||
fn check_integrity(params: &OtaParams) -> Result<()> {
|
||||
let f = File::open(UPDATE_BIN_PATH)?;
|
||||
let mut reader = BufReader::new(f);
|
||||
|
||||
@@ -41,4 +41,4 @@ cargo build --release --bin sphinx-key &&
|
||||
cargo espflash save-image --bin sphinx-key --release --chip esp32c3 sphinx-key.bin &&
|
||||
espsecure.py sign_data sphinx-key.bin --version 2 --keyfile ../secure_boot_signing_key.pem &&
|
||||
espflash write-bin 0x50000 sphinx-key.bin &&
|
||||
cargo espflash monitor --port $PORT
|
||||
cargo espflash monitor
|
||||
|
||||
12
tester/Cargo.lock
generated
12
tester/Cargo.lock
generated
@@ -1151,7 +1151,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "lss-connector"
|
||||
version = "0.1.0"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"log",
|
||||
@@ -1702,7 +1702,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "rmp-utils"
|
||||
version = "0.1.0"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"log",
|
||||
@@ -2085,7 +2085,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "sphinx-auther"
|
||||
version = "0.1.12"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"base64 0.21.2",
|
||||
@@ -2097,7 +2097,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "sphinx-crypter"
|
||||
version = "0.1.0"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"chacha20poly1305",
|
||||
@@ -2108,7 +2108,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "sphinx-glyph"
|
||||
version = "0.1.2"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"hex",
|
||||
@@ -2147,7 +2147,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "sphinx-signer"
|
||||
version = "0.1.0"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e"
|
||||
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"bip39",
|
||||
|
||||
@@ -24,8 +24,8 @@ serde_json = "1.0"
|
||||
tokio = { version = "1.4.0", features = ["rt", "rt-multi-thread", "macros"] }
|
||||
urlencoding = "2.1.0"
|
||||
|
||||
sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" }
|
||||
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" }
|
||||
sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "da0aeebc7a51ea7440fb8b23b602c12c0795c26b" }
|
||||
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "da0aeebc7a51ea7440fb8b23b602c12c0795c26b" }
|
||||
# sphinx-crypter = { path = "../../sphinx-rs/crypter" }
|
||||
# sphinx-signer = { path = "../../sphinx-rs/signer" }
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Ota": {
|
||||
"url": "https://jolliness.ddns.net/sphinx-update-",
|
||||
"version": 0,
|
||||
"sha256_hash": "204534038f2aa84cb8fa435dd9d762309d33a9129eaacfb3986df144bf8008a7",
|
||||
"schnorr_sig": "ff34c0a598329468f74a21704221b49fe6aacfd32f9090ba02252cb0f64058b12d619c5c6cd172087ae679d1d7402d3b77d53f4de889047597737fd425f63a34"
|
||||
"sha256_hash": "8f6e162edf258ff528b27a245969b6e30f8e7504a5832079d6da1a540fa3aeec",
|
||||
"message_sig": "IK1aAvQKHcZ6FhVosxFe3mut3GoeHzD+t0EREJewBaB1IxVbw7X0Dj5StijIxWEVmvcj+FLRKecgdEcMLDMxBqk="
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Ota": {
|
||||
"url": "https://jolliness.ddns.net/sphinx-update-",
|
||||
"version": 0,
|
||||
"sha256_hash": "bbd3e4a74564278bad1b9248799749ce64620dea34c3a5ca31fb3a8879f63aec",
|
||||
"schnorr_sig": "2949f14399ddab8a59ddea33cc3e04079298fb9ffb5bb826537ed2a10fce4917f4e70e739bf8da6ecf29a5ed9221eb855828306b3918790838173fd9110658ea"
|
||||
"sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
|
||||
"message_sig": "H119Q3ZihfysLmcMuOHdSqLqLwmEOOFHF96+16rFkEYEc3dXH8xW1lSM0Fi4ZjZ8XAMSMwltQWJ5pDblAhEZVoc="
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user