Skip to content

Commit 4fac0fe

Browse files
TheBlueMattTheBlueMatt
committed
Unify and simplify the application of simple chacha20 passes
Most of our `chacha20` calls don't actually care about the concept of ChaCha20's "seek" vs "nonce" - we just want to use the full 128 bits of nonce space as nonce. Here we unify those calls to keep a consistent API and consolidate the `unwrap`s to one place.
1 parent 3855252 commit 4fac0fe

3 files changed

Lines changed: 23 additions & 58 deletions

File tree

lightning/src/crypto/utils.rs

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@ use bitcoin::hashes::sha256::Hash as Sha256;
33
use bitcoin::hashes::{Hash, HashEngine};
44
use bitcoin::secp256k1::{ecdsa::Signature, Message, Secp256k1, SecretKey, Signing};
55

6+
use chacha20_poly1305::chacha20::{ChaCha20, Key, Nonce};
7+
68
use crate::sign::EntropySource;
79

810
macro_rules! hkdf_extract_expand {
@@ -96,3 +98,12 @@ pub fn sign_with_aux_rand<C: Signing, ES: EntropySource>(
9698
let sig = sign(ctx, msg, sk);
9799
sig
98100
}
101+
102+
pub fn apply_chacha20(key: [u8; 32], nonce: [u8; 16], data: &mut [u8]) {
103+
ChaCha20::new_from_block(
104+
Key::new(key),
105+
Nonce::new(nonce[4..].try_into().unwrap()),
106+
u32::from_le_bytes(nonce[..4].try_into().unwrap()),
107+
)
108+
.apply_keystream(data);
109+
}

lightning/src/ln/inbound_payment.rs

Lines changed: 10 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,8 @@ use bitcoin::hashes::cmp::fixed_time_eq;
1313
use bitcoin::hashes::hmac::{Hmac, HmacEngine};
1414
use bitcoin::hashes::sha256::Hash as Sha256;
1515
use bitcoin::hashes::{Hash, HashEngine};
16-
use chacha20_poly1305::chacha20::{ChaCha20, Key, Nonce};
1716

18-
use crate::crypto::utils::hkdf_extract_expand_8x;
17+
use crate::crypto::utils::{apply_chacha20, hkdf_extract_expand_8x};
1918
use crate::ln::msgs;
2019
use crate::ln::msgs::MAX_VALUE_MSAT;
2120
use crate::offers::nonce::Nonce as LocalNonce;
@@ -101,12 +100,7 @@ impl ExpandedKey {
101100
/// Encrypts or decrypts the given `bytes`. Used for data included in an offer message's
102101
/// metadata (e.g., payment id).
103102
pub(crate) fn crypt_for_offer(&self, mut bytes: [u8; 32], nonce: LocalNonce) -> [u8; 32] {
104-
ChaCha20::new_from_block(
105-
Key::new(self.offers_encryption_key),
106-
Nonce::new(nonce.0[4..].try_into().unwrap()),
107-
u32::from_le_bytes(nonce.0[..4].try_into().unwrap()),
108-
)
109-
.apply_keystream(&mut bytes);
103+
apply_chacha20(self.offers_encryption_key, nonce.0, &mut bytes);
110104
bytes
111105
}
112106
}
@@ -181,12 +175,7 @@ pub fn create<ES: EntropySource>(
181175
iv_bytes.copy_from_slice(&rand_bytes[..IV_LEN]);
182176

183177
if let Some(metadata) = payment_metadata.as_mut() {
184-
ChaCha20::new_from_block(
185-
Key::new(keys.metadata_enc_key),
186-
Nonce::new(iv_bytes[4..].try_into().unwrap()),
187-
u32::from_le_bytes(iv_bytes[..4].try_into().unwrap()),
188-
)
189-
.apply_keystream(metadata.as_mut_slice());
178+
apply_chacha20(keys.metadata_enc_key, iv_bytes, metadata.as_mut_slice());
190179
}
191180

192181
let mut hmac = HmacEngine::<Sha256>::new(&keys.ldk_pmt_hash_key);
@@ -238,12 +227,7 @@ pub fn create_from_hash<ES: EntropySource>(
238227
let rand_bytes = entropy_source.get_secure_random_bytes();
239228
iv_bytes.copy_from_slice(&rand_bytes[..IV_LEN]);
240229

241-
ChaCha20::new_from_block(
242-
Key::new(keys.metadata_enc_key),
243-
Nonce::new(iv_bytes[4..16].try_into().unwrap()),
244-
u32::from_le_bytes(iv_bytes[..4].try_into().unwrap()),
245-
)
246-
.apply_keystream(metadata.as_mut_slice());
230+
apply_chacha20(keys.metadata_enc_key, iv_bytes, metadata.as_mut_slice());
247231
metadata.extend_from_slice(&iv_bytes);
248232
}
249233

@@ -349,12 +333,7 @@ fn construct_payment_secret(
349333
iv_slice.copy_from_slice(iv_bytes);
350334

351335
encrypted_info_slice.copy_from_slice(info_bytes);
352-
ChaCha20::new_from_block(
353-
Key::new(*info_key),
354-
Nonce::new(iv_bytes[4..].try_into().unwrap()),
355-
u32::from_le_bytes(iv_bytes[..4].try_into().unwrap()),
356-
)
357-
.apply_keystream(encrypted_info_slice);
336+
apply_chacha20(*info_key, *iv_bytes, encrypted_info_slice);
358337

359338
PaymentSecret(payment_secret_bytes)
360339
}
@@ -442,13 +421,9 @@ pub(super) fn verify<L: Logger>(
442421
}
443422
let new_len = metadata.len() - IV_LEN;
444423
let (metadata_enc, metadata_iv) = metadata.split_at_mut(new_len);
424+
let metadata_iv: [u8; IV_LEN] = metadata_iv.try_into().expect("len checked");
445425

446-
ChaCha20::new_from_block(
447-
Key::new(keys.metadata_enc_key),
448-
Nonce::new(metadata_iv[4..16].try_into().unwrap()),
449-
u32::from_le_bytes(metadata_iv[..4].try_into().unwrap()),
450-
)
451-
.apply_keystream(metadata_enc);
426+
apply_chacha20(keys.metadata_enc_key, metadata_iv, metadata_enc);
452427
metadata.truncate(new_len);
453428
}
454429
},
@@ -473,12 +448,7 @@ pub(super) fn verify<L: Logger>(
473448
}
474449

475450
if let Some(metadata) = payment_metadata {
476-
ChaCha20::new_from_block(
477-
Key::new(keys.metadata_enc_key),
478-
Nonce::new(iv_bytes[4..].try_into().unwrap()),
479-
u32::from_le_bytes(iv_bytes[..4].try_into().unwrap()),
480-
)
481-
.apply_keystream(metadata);
451+
apply_chacha20(keys.metadata_enc_key, iv_bytes, metadata);
482452
}
483453
},
484454
Ok(Method::SpontaneousPayment) => {
@@ -557,12 +527,7 @@ pub(super) fn get_payment_preimage(
557527
})?;
558528

559529
if let Some(metadata) = payment_metadata {
560-
ChaCha20::new_from_block(
561-
Key::new(keys.metadata_enc_key),
562-
Nonce::new(iv_bytes[4..].try_into().unwrap()),
563-
u32::from_le_bytes(iv_bytes[..4].try_into().unwrap()),
564-
)
565-
.apply_keystream(metadata);
530+
apply_chacha20(keys.metadata_enc_key, iv_bytes, metadata);
566531
}
567532
Ok(preimage)
568533
},
@@ -590,12 +555,7 @@ fn decrypt_info(
590555

591556
let mut info_bytes: [u8; INFO_LEN] = [0; INFO_LEN];
592557
info_bytes.copy_from_slice(encrypted_info_bytes);
593-
ChaCha20::new_from_block(
594-
Key::new(keys.info_key),
595-
Nonce::new(iv_bytes[4..].try_into().unwrap()),
596-
u32::from_le_bytes(iv_bytes[..4].try_into().unwrap()),
597-
)
598-
.apply_keystream(&mut info_bytes);
558+
apply_chacha20(keys.info_key, iv_bytes, &mut info_bytes);
599559

600560
(iv_bytes, info_bytes)
601561
}

lightning/src/sign/mod.rs

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -34,12 +34,11 @@ use bitcoin::secp256k1::schnorr;
3434
use bitcoin::secp256k1::All;
3535
use bitcoin::secp256k1::{Keypair, PublicKey, Scalar, Secp256k1, SecretKey, Signing};
3636
use bitcoin::{secp256k1, Psbt, Sequence, Txid, WPubkeyHash, Witness};
37-
use chacha20_poly1305::chacha20::{ChaCha20, Key, Nonce};
3837

3938
use lightning_invoice::RawBolt11Invoice;
4039

4140
use crate::chain::transaction::OutPoint;
42-
use crate::crypto::utils::{hkdf_extract_expand_twice, sign, sign_with_aux_rand};
41+
use crate::crypto::utils::{apply_chacha20, hkdf_extract_expand_twice, sign, sign_with_aux_rand};
4342
use crate::ln::chan_utils;
4443
use crate::ln::chan_utils::{
4544
get_countersigner_payment_script, get_revokeable_redeemscript, make_funding_redeemscript,
@@ -2704,12 +2703,7 @@ impl EntropySource for RandomBytes {
27042703
let mut nonce = [0u8; 16];
27052704
nonce[..8].copy_from_slice(&index.to_be_bytes());
27062705
let mut chacha_bytes = [0; 32];
2707-
ChaCha20::new_from_block(
2708-
Key::new(self.seed),
2709-
Nonce::new(nonce[4..].try_into().unwrap()),
2710-
u32::from_le_bytes(nonce[..4].try_into().unwrap()),
2711-
)
2712-
.apply_keystream(&mut chacha_bytes);
2706+
apply_chacha20(self.seed, nonce, &mut chacha_bytes);
27132707
chacha_bytes
27142708
}
27152709
}

0 commit comments

Comments
 (0)