aljaz/sphinx-key
1
1
Fork 0
mirror of https://github.com/stakwork/sphinx-key.git synced 2025-12-17 15:24:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

sphinx-key: use bitcoin::sign_message for ota sig checks

Browse Source
This commit is contained in:
irriden
2023-11-22 21:36:15 +00:00
parent 66e4a11759
commit ef70fe8c59
10 changed files with 49 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
broker/Cargo.lock generated
View File

@@ -1691,7 +1691,7 @@ dependencies = [
[[package]] [[package]]
name = "lss-connector" name = "lss-connector"
version = "0.1.0" version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"lightning-storage-server", "lightning-storage-server",
@@ -2693,7 +2693,7 @@ dependencies = [
[[package]] [[package]]
name = "rmp-utils" name = "rmp-utils"
version = "0.1.0" version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"log", "log",
@@ -3268,7 +3268,7 @@ dependencies = [
[[package]] [[package]]
name = "sphinx-auther" name = "sphinx-auther"
version = "0.1.12" version = "0.1.12"
source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"base64 0.21.2", "base64 0.21.2",
@@ -3280,7 +3280,7 @@ dependencies = [
[[package]] [[package]]
name = "sphinx-glyph" name = "sphinx-glyph"
version = "0.1.2" version = "0.1.2"
source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"hex", "hex",
@@ -3326,7 +3326,7 @@ dependencies = [
[[package]] [[package]]
name = "sphinx-signer" name = "sphinx-signer"
version = "0.1.0" version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"bip39", "bip39",

4
broker/Cargo.toml
View File

@@ -39,8 +39,8 @@ vls-proxy = { git = "https://gitlab.com/lightning-signer/validating-li
# vls-protocol-client = { path = "../../vls/vls-protocol-client" } # vls-protocol-client = { path = "../../vls/vls-protocol-client" }
# vls-proxy = { path = "../../vls/vls-proxy" } # vls-proxy = { path = "../../vls/vls-proxy" }
lss-connector = { git = "https://github.com/stakwork/sphinx-rs", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" } lss-connector = { git = "https://github.com/stakwork/sphinx-rs", rev = "da0aeebc7a51ea7440fb8b23b602c12c0795c26b" }
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" } sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs", rev = "da0aeebc7a51ea7440fb8b23b602c12c0795c26b" }
# lss-connector = { path = "../../sphinx-rs/lss-connector" } # lss-connector = { path = "../../sphinx-rs/lss-connector" }
# sphinx-signer = { path = "../../sphinx-rs/signer" } # sphinx-signer = { path = "../../sphinx-rs/signer" }

17
sphinx-key/Cargo.lock generated
View File

@@ -138,9 +138,9 @@ dependencies = [
[[package]] [[package]]
name = "base64" name = "base64"
version = "0.21.2" version = "0.21.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "604178f6c5c21f02dc555784810edfb88d34ac2c73b2eae109655649ee73ce3d" checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9"
[[package]] [[package]]
name = "bech32" name = "bech32"
@@ -1161,7 +1161,7 @@ checksum = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4"
[[package]] [[package]]
name = "lss-connector" name = "lss-connector"
version = "0.1.0" version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"log", "log",
@@ -1530,7 +1530,7 @@ dependencies = [
[[package]] [[package]]
name = "rmp-utils" name = "rmp-utils"
version = "0.1.0" version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"log", "log",
@@ -1728,7 +1728,7 @@ dependencies = [
[[package]] [[package]]
name = "sphinx-auther" name = "sphinx-auther"
version = "0.1.12" version = "0.1.12"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"base64", "base64",
@@ -1740,7 +1740,7 @@ dependencies = [
[[package]] [[package]]
name = "sphinx-crypter" name = "sphinx-crypter"
version = "0.1.0" version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"chacha20poly1305", "chacha20poly1305",
@@ -1751,7 +1751,7 @@ dependencies = [
[[package]] [[package]]
name = "sphinx-glyph" name = "sphinx-glyph"
version = "0.1.2" version = "0.1.2"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"hex", "hex",
@@ -1766,6 +1766,7 @@ name = "sphinx-key"
version = "0.1.0" version = "0.1.0"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"base64",
"bitflags", "bitflags",
"embuild", "embuild",
"esp-idf-svc", "esp-idf-svc",
@@ -1783,7 +1784,7 @@ dependencies = [
[[package]] [[package]]
name = "sphinx-signer" name = "sphinx-signer"
version = "0.1.0" version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"bip39", "bip39",

7
sphinx-key/Cargo.toml
View File

@@ -21,9 +21,9 @@ serde_urlencoded = "0.7.1"
url = "2" url = "2"
# sphinx-rs # sphinx-rs
lss-connector = { git = "https://github.com/stakwork/sphinx-rs.git", default-features = false, rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" } lss-connector = { git = "https://github.com/stakwork/sphinx-rs.git", default-features = false, rev = "da0aeebc7a51ea7440fb8b23b602c12c0795c26b" }
sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" } sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "da0aeebc7a51ea7440fb8b23b602c12c0795c26b" }
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", optional = true, rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" } sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", optional = true, rev = "da0aeebc7a51ea7440fb8b23b602c12c0795c26b" }
# local # local
# lss-connector = { path = "../../sphinx-rs/lss-connector", default-features = false } # lss-connector = { path = "../../sphinx-rs/lss-connector", default-features = false }
# sphinx-crypter = { path = "../../sphinx-rs/crypter" } # sphinx-crypter = { path = "../../sphinx-rs/crypter" }
@@ -33,6 +33,7 @@ anyhow = { version = "1", features = ["backtrace"] }
bitflags = "1.3.2" bitflags = "1.3.2"
esp-idf-svc = { version = "0.47.1", features = ["experimental", "alloc", "binstart"] } esp-idf-svc = { version = "0.47.1", features = ["experimental", "alloc", "binstart"] }
log = "0.4.17" log = "0.4.17"
base64 = "0.21.5"
[build-dependencies] [build-dependencies]
embuild = "0.31.2" embuild = "0.31.2"

26
sphinx-key/src/ota.rs
View File

@@ -1,23 +1,25 @@
use anyhow::{anyhow, Result}; use anyhow::{anyhow, Result};
use base64::{engine::general_purpose::STANDARD, Engine as _};
use esp_idf_svc::http::client::Configuration; use esp_idf_svc::http::client::Configuration;
use esp_idf_svc::http::client::EspHttpConnection; use esp_idf_svc::http::client::EspHttpConnection;
use esp_idf_svc::http::client::FollowRedirectsPolicy::FollowNone; use esp_idf_svc::http::client::FollowRedirectsPolicy::FollowNone;
use esp_idf_svc::http::Method; use esp_idf_svc::http::Method;
use esp_idf_svc::ota::EspOta; use esp_idf_svc::ota::EspOta;
use log::{error, info}; use log::{error, info};
use sphinx_signer::lightning_signer::bitcoin::hashes::{sha256, Hash}; use sphinx_signer::lightning_signer::bitcoin::{
use sphinx_signer::lightning_signer::bitcoin::secp256k1::{ hashes::{sha256, Hash},
schnorr::Signature, Message, PublicKey, Secp256k1, secp256k1::Secp256k1,
util::misc::{signed_msg_hash, MessageSignature},
Address,
}; };
use sphinx_signer::sphinx_glyph::control::OtaParams; use sphinx_signer::sphinx_glyph::control::OtaParams;
use std::fs::{remove_file, File}; use std::fs::{remove_file, File};
use std::io::Write; use std::io::Write;
use std::io::{BufReader, BufWriter}; use std::io::{BufReader, BufWriter};
use std::str::FromStr;
const BUFFER_LEN: usize = 1024; const BUFFER_LEN: usize = 1024;
const UPDATE_BIN_PATH: &str = "/sdcard/update.bin"; const UPDATE_BIN_PATH: &str = "/sdcard/update.bin";
const PUBLIC: &str = "039707459d92b1809a9f6f78feebf6f518e7319b851fe474a31d64307b86aaf38a"; const ADDRESS: &str = "1K51sSTyoVxHhKFtwWpzMZsoHvLshtw3Dp";
fn factory_reset() -> Result<()> { fn factory_reset() -> Result<()> {
let mut ota = EspOta::new()?; let mut ota = EspOta::new()?;
@@ -68,13 +70,17 @@ fn get_update(params: &OtaParams) -> Result<()> {
} }
fn check_signature(params: &OtaParams) -> Result<()> { fn check_signature(params: &OtaParams) -> Result<()> {
let msg = Message::from_hashed_data::<sha256::Hash>(params.sha256_hash.as_bytes()); let add = ADDRESS.parse::<Address>()?;
let sig = Signature::from_str(&params.schnorr_sig).unwrap(); let sig = STANDARD.decode(&params.message_sig)?;
let pbk = PublicKey::from_str(PUBLIC).unwrap().x_only_public_key().0; let sig = MessageSignature::from_slice(&sig)?;
let secp = Secp256k1::verification_only(); let secp = Secp256k1::verification_only();
secp.verify_schnorr(&sig, &msg, &pbk).unwrap(); let signed = sig.is_signed_by_address(&secp, &add, signed_msg_hash(&params.sha256_hash))?;
Ok(()) match signed {
true => Ok(()),
false => Err(anyhow!("Failed signature check")),
} }
}
fn check_integrity(params: &OtaParams) -> Result<()> { fn check_integrity(params: &OtaParams) -> Result<()> {
let f = File::open(UPDATE_BIN_PATH)?; let f = File::open(UPDATE_BIN_PATH)?;
let mut reader = BufReader::new(f); let mut reader = BufReader::new(f);

2
sphinx-key/up.sh
View File

@@ -41,4 +41,4 @@ cargo build --release --bin sphinx-key &&
cargo espflash save-image --bin sphinx-key --release --chip esp32c3 sphinx-key.bin && cargo espflash save-image --bin sphinx-key --release --chip esp32c3 sphinx-key.bin &&
espsecure.py sign_data sphinx-key.bin --version 2 --keyfile ../secure_boot_signing_key.pem && espsecure.py sign_data sphinx-key.bin --version 2 --keyfile ../secure_boot_signing_key.pem &&
espflash write-bin 0x50000 sphinx-key.bin && espflash write-bin 0x50000 sphinx-key.bin &&
cargo espflash monitor --port $PORT cargo espflash monitor

12
tester/Cargo.lock generated
View File

@@ -1151,7 +1151,7 @@ dependencies = [
[[package]] [[package]]
name = "lss-connector" name = "lss-connector"
version = "0.1.0" version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"log", "log",
@@ -1702,7 +1702,7 @@ dependencies = [
[[package]] [[package]]
name = "rmp-utils" name = "rmp-utils"
version = "0.1.0" version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"log", "log",
@@ -2085,7 +2085,7 @@ dependencies = [
[[package]] [[package]]
name = "sphinx-auther" name = "sphinx-auther"
version = "0.1.12" version = "0.1.12"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"base64 0.21.2", "base64 0.21.2",
@@ -2097,7 +2097,7 @@ dependencies = [
[[package]] [[package]]
name = "sphinx-crypter" name = "sphinx-crypter"
version = "0.1.0" version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"chacha20poly1305", "chacha20poly1305",
@@ -2108,7 +2108,7 @@ dependencies = [
[[package]] [[package]]
name = "sphinx-glyph" name = "sphinx-glyph"
version = "0.1.2" version = "0.1.2"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"hex", "hex",
@@ -2147,7 +2147,7 @@ dependencies = [
[[package]] [[package]]
name = "sphinx-signer" name = "sphinx-signer"
version = "0.1.0" version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" source = "git+https://github.com/stakwork/sphinx-rs.git?rev=da0aeebc7a51ea7440fb8b23b602c12c0795c26b#da0aeebc7a51ea7440fb8b23b602c12c0795c26b"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"bip39", "bip39",

4
tester/Cargo.toml
View File

@@ -24,8 +24,8 @@ serde_json = "1.0"
tokio = { version = "1.4.0", features = ["rt", "rt-multi-thread", "macros"] } tokio = { version = "1.4.0", features = ["rt", "rt-multi-thread", "macros"] }
urlencoding = "2.1.0" urlencoding = "2.1.0"
sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" } sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "da0aeebc7a51ea7440fb8b23b602c12c0795c26b" }
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" } sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "da0aeebc7a51ea7440fb8b23b602c12c0795c26b" }
# sphinx-crypter = { path = "../../sphinx-rs/crypter" } # sphinx-crypter = { path = "../../sphinx-rs/crypter" }
# sphinx-signer = { path = "../../sphinx-rs/signer" } # sphinx-signer = { path = "../../sphinx-rs/signer" }

4
tester/cmd.json
View File

@@ -2,7 +2,7 @@
"Ota": { "Ota": {
"url": "https://jolliness.ddns.net/sphinx-update-", "url": "https://jolliness.ddns.net/sphinx-update-",
"version": 0, "version": 0,
"sha256_hash": "204534038f2aa84cb8fa435dd9d762309d33a9129eaacfb3986df144bf8008a7", "sha256_hash": "8f6e162edf258ff528b27a245969b6e30f8e7504a5832079d6da1a540fa3aeec",
"schnorr_sig": "ff34c0a598329468f74a21704221b49fe6aacfd32f9090ba02252cb0f64058b12d619c5c6cd172087ae679d1d7402d3b77d53f4de889047597737fd425f63a34" "message_sig": "IK1aAvQKHcZ6FhVosxFe3mut3GoeHzD+t0EREJewBaB1IxVbw7X0Dj5StijIxWEVmvcj+FLRKecgdEcMLDMxBqk="
} }
} }

4
tester/ota_cmd.json
View File

@@ -2,7 +2,7 @@
"Ota": { "Ota": {
"url": "https://jolliness.ddns.net/sphinx-update-", "url": "https://jolliness.ddns.net/sphinx-update-",
"version": 0, "version": 0,
"sha256_hash": "bbd3e4a74564278bad1b9248799749ce64620dea34c3a5ca31fb3a8879f63aec", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"schnorr_sig": "2949f14399ddab8a59ddea33cc3e04079298fb9ffb5bb826537ed2a10fce4917f4e70e739bf8da6ecf29a5ed9221eb855828306b3918790838173fd9110658ea" "message_sig": "H119Q3ZihfysLmcMuOHdSqLqLwmEOOFHF96+16rFkEYEc3dXH8xW1lSM0Fi4ZjZ8XAMSMwltQWJ5pDblAhEZVoc="
} }
} }