From 06968c44c52ebd6b7a7d96087dd5a5e72428ff65 Mon Sep 17 00:00:00 2001 From: Varunram Date: Fri, 3 Aug 2018 21:40:23 +0530 Subject: [PATCH 1/6] Connect to known nodes via Noise_XK Since we know the pubkey of nodes we connected to previously, use Noise_XK to connect to them. Connecting to new nodes still uses Noise_XX --- lndc/conn.go | 43 +++++++++------ lndc/listener.go | 12 +++-- lndc/noise.go | 133 +++++++++++++++++++++++++++++++---------------- qln/init.go | 12 +++++ qln/lndb.go | 2 + qln/netio.go | 12 ++++- 6 files changed, 151 insertions(+), 63 deletions(-) diff --git a/lndc/conn.go b/lndc/conn.go index 059999da5..74a7bb4cb 100644 --- a/lndc/conn.go +++ b/lndc/conn.go @@ -2,12 +2,12 @@ package lndc import ( "bytes" + "fmt" "io" + "log" "math" "net" - "log" "time" - "fmt" "github.com/mit-dci/lit/btcutil/btcec" "github.com/mit-dci/lit/lnutil" @@ -34,12 +34,20 @@ var _ net.Conn = (*Conn)(nil) // remote peer located at address which has remotePub as its long-term static // public key. In the case of a handshake failure, the connection is closed and // a non-nil error is returned. -func Dial(localPriv *btcec.PrivateKey, ipAddr string, remotePKH string, +func Dial(localPriv *btcec.PrivateKey, ipAddr string, remotePKH string, remotePK [33]byte, dialer func(string, string) (net.Conn, error)) (*Conn, error) { var conn net.Conn var err error + var empty [33]byte + var noise_xk = false + if remotePK != empty { + log.Println("Connecting via noise_XK since we know remotePK") + noise_xk = true + } + if noise_xk { + SetConsts() + } conn, err = dialer("tcp", ipAddr) - log.Println("ipAddr is", ipAddr) if err != nil { return nil, err } @@ -48,9 +56,8 @@ func Dial(localPriv *btcec.PrivateKey, ipAddr string, remotePKH string, conn: conn, noise: NewNoiseMachine(true, localPriv), } - // Initiate the handshake by sending the first act to the receiver. - actOne, err := b.noise.GenActOne() + actOne, err := b.noise.GenActOne(remotePK) if err != nil { b.conn.Close() return nil, err @@ -69,22 +76,28 @@ func Dial(localPriv *btcec.PrivateKey, ipAddr string, remotePKH string, // remotePub), then read the second act after which we'll be able to // send our static public key to the remote peer with strong forward // secrecy. - var actTwo [ActTwoSize]byte + actTwo := make([]byte, ActTwoSize) if _, err := io.ReadFull(conn, actTwo[:]); err != nil { b.conn.Close() return nil, err } - s, err := b.noise.RecvActTwo(actTwo) - if err != nil { - b.conn.Close() - return nil, err + if !noise_xk { + remotePK, err = b.noise.RecvActTwo(actTwo) + if err != nil { + b.conn.Close() + return nil, err + } + } else { + if _, err := b.noise.RecvActTwo(actTwo); err != nil { + b.conn.Close() + return nil, err + } } - - log.Println("Received pubkey", s) - if lnutil.LitAdrFromPubkey(s) != remotePKH { + log.Println("Received pubkey", remotePK) + if lnutil.LitAdrFromPubkey(remotePK) != remotePKH { return nil, fmt.Errorf("Remote PKH doesn't match. Quitting!") } - log.Printf("Received PKH %s matches", lnutil.LitAdrFromPubkey(s)) + log.Printf("Received PKH %s matches", lnutil.LitAdrFromPubkey(remotePK)) // Finally, complete the handshake by sending over our encrypted static // key and execute the final ECDH operation. diff --git a/lndc/listener.go b/lndc/listener.go index 3b6f2a6d5..46020f9d3 100644 --- a/lndc/listener.go +++ b/lndc/listener.go @@ -3,6 +3,7 @@ package lndc import ( "errors" "io" + "log" "net" "time" @@ -111,7 +112,8 @@ func (l *Listener) doHandshake(conn net.Conn) { // Attempt to carry out the first act of the handshake protocol. If the // connecting node doesn't know our long-term static public key, then // this portion will fail with a non-nil error. - var actOne [ActOneSize]byte + actOne := make([]byte, ActOneSize) + log.Println("DEFAULTs", HandshakeVersion) if _, err := io.ReadFull(conn, actOne[:]); err != nil { lndcConn.conn.Close() l.rejectConn(err) @@ -122,9 +124,13 @@ func (l *Listener) doHandshake(conn net.Conn) { l.rejectConn(err) return } + if actOne[0] == 0 { // remote node wants to connect via XK + HandshakeVersion = byte(0) + ActTwoSize = 50 + } // no need for else as default covers XX // Next, progress the handshake processes by sending over our ephemeral // key for the session along with an authenticating tag. - actTwo, err := lndcConn.noise.GenActTwo() + actTwo, err := lndcConn.noise.GenActTwo(HandshakeVersion) if err != nil { lndcConn.conn.Close() l.rejectConn(err) @@ -150,7 +156,7 @@ func (l *Listener) doHandshake(conn net.Conn) { // Finally, finish the handshake processes by reading and decrypting // the connection peer's static public key. If this succeeds then both // sides have mutually authenticated each other. - var actThree [ActThreeSize]byte + actThree := make([]byte, ActThreeSize) if _, err := io.ReadFull(conn, actThree[:]); err != nil { lndcConn.conn.Close() l.rejectConn(err) diff --git a/lndc/noise.go b/lndc/noise.go index 31d908549..e84abf24c 100644 --- a/lndc/noise.go +++ b/lndc/noise.go @@ -4,8 +4,8 @@ import ( "crypto/cipher" "crypto/sha256" "encoding/binary" - "fmt" "errors" + "fmt" "io" "math" "time" @@ -316,10 +316,19 @@ func EphemeralGenerator(gen func() (*btcec.PrivateKey, error)) func(*Machine) { // INITIATOR -> e RESPONDER // INITIATOR <- e, ee, s, es RESPONDER // INITIATOR -> s, se RESPONDER +// The protocol has the following steps involved: +// XK(s, rs): +// INITIATOR <- s +// INITIATOR -> e, es RESPONDER +// INITIATOR <- e, ee, RESPONDER +// INITIATOR -> s, se RESPONDER // s refers to the static key (or public key) belonging to an entity // e refers to the ephemeral key // e, ee, es refer to a DH exchange between the initiator's key pair and the // responder's key pair. The letters e and s hold the same meaning as before. +// lit uses Noise_XX to connect with nodes that it does not know of and uses +// Noise_XK for nodes that it has previously connected to. This saves 33 bytes +// in Act Two. type Machine struct { sendCipher cipherState @@ -373,12 +382,13 @@ func NewNoiseMachine(initiator bool, localStatic *btcec.PrivateKey, return m } -const ( +var ( // HandshakeVersion is the expected version of the lndc handshake. // Any messages that carry a different version will cause the handshake // to abort immediately. - HandshakeVersion = byte(1) // TODO: add support for noise_XK (brontide) as well - + HandshakeVersion = byte(1) + // noise_XX HandshakeVersion = 1 + // noise_XK HandshakeVersion = 0 // ActOneSize is the size of the packet sent from initiator to // responder in ActOne. The packet consists of a handshake version, an // ephemeral key in compressed format, and a 16-byte poly1305 tag. @@ -403,18 +413,25 @@ const ( ActThreeSize = 66 ) +func SetConsts() { + HandshakeVersion = byte(0) // Noise_XK's hadnshake version + // ActTwoSize is the size the packet sent from responder to initiator + // in ActTwo. The packet consists of a handshake version, an ephemeral + // key in compressed format and a 16-byte poly1305 tag. + // <- e, ee + // 1 + 33 + 16 + ActTwoSize = 50 +} + // GenActOne generates the initial packet (act one) to be sent from initiator // to responder. During act one the initiator generates an ephemeral key and // hashes it into the handshake digest. Future payloads are encrypted with a key // derived from this result. // -> e -func (b *Machine) GenActOne() ([ActOneSize]byte, error) { - var ( - err error - actOne [ActOneSize]byte - ) - +func (b *Machine) GenActOne(remotePK [33]byte) ([]byte, error) { + var err error + actOne := make([]byte, ActOneSize) // Generate e b.localEphemeral, err = b.ephemeralGen() if err != nil { @@ -426,6 +443,15 @@ func (b *Machine) GenActOne() ([ActOneSize]byte, error) { // Hash it into the handshake digest b.mixHash(e) + if Noise_XK { + b.remoteStatic, err = btcec.ParsePubKey(remotePK[:], btcec.S256()) + if err != nil { + return nil, err + } + // es + s := ecdh(b.remoteStatic, b.localEphemeral) + b.mixKey(s[:]) + } authPayload := b.EncryptAndHash([]byte{}) actOne[0] = HandshakeVersion copy(actOne[1:34], e) @@ -437,16 +463,15 @@ func (b *Machine) GenActOne() ([ActOneSize]byte, error) { // executes the mirrored actions to that of the initiator extending the // handshake digest and deriving a new shared secret based on an ECDH with the // initiator's ephemeral key and responder's static key. -func (b *Machine) RecvActOne(actOne [ActOneSize]byte) error { +func (b *Machine) RecvActOne(actOne []byte) error { var ( err error e [33]byte p [16]byte ) - // If the handshake version is unknown, then the handshake fails // immediately. - if actOne[0] != HandshakeVersion { + if !(actOne[0] == 0 || actOne[0] == 1) { return fmt.Errorf("Act One: invalid handshake version: %v, "+ "only %v is valid, msg=%x", actOne[0], HandshakeVersion, actOne[:]) @@ -462,6 +487,12 @@ func (b *Machine) RecvActOne(actOne [ActOneSize]byte) error { } b.mixHash(b.remoteEphemeral.SerializeCompressed()) + if actOne[0] == 0 { + // es + s := ecdh(b.remoteEphemeral, b.localStatic) + b.mixKey(s) + } + _, err = b.DecryptAndHash(p[:]) return err // nil means Act one completed successfully } @@ -469,11 +500,9 @@ func (b *Machine) RecvActOne(actOne [ActOneSize]byte) error { // GenActTwo generates the second packet (act two) to be sent from the // responder to the initiator // <- e, ee, s, es -func (b *Machine) GenActTwo() ([ActTwoSize]byte, error) { - var ( - err error - actTwo [ActTwoSize]byte - ) +func (b *Machine) GenActTwo(HandshakeVersion byte) ([]byte, error) { + var err error + actTwo := make([]byte, ActTwoSize) // e b.localEphemeral, err = b.ephemeralGen() @@ -488,19 +517,27 @@ func (b *Machine) GenActTwo() ([ActTwoSize]byte, error) { ee := ecdh(b.remoteEphemeral, b.localEphemeral) b.mixKey(ee) - // s - s := b.localStatic.PubKey().SerializeCompressed() - b.mixHash(s) - - // es - es := ecdh(b.remoteEphemeral, b.localStatic) - b.mixKey(es) - + if HandshakeVersion == 1 { + // s + s := b.localStatic.PubKey().SerializeCompressed() + b.mixHash(s) + + // es + es := ecdh(b.remoteEphemeral, b.localStatic) + b.mixKey(es) + + authPayload := b.EncryptAndHash([]byte{}) + actTwo[0] = HandshakeVersion + copy(actTwo[1:34], e) + copy(actTwo[34:67], s) + copy(actTwo[67:], authPayload) + // add additional stuff based on what we need + return actTwo, nil + } authPayload := b.EncryptAndHash([]byte{}) actTwo[0] = HandshakeVersion copy(actTwo[1:34], e) - copy(actTwo[34:67], s) - copy(actTwo[67:], authPayload) + copy(actTwo[34:], authPayload) // add additional stuff based on what we need return actTwo, nil } @@ -508,7 +545,7 @@ func (b *Machine) GenActTwo() ([ActTwoSize]byte, error) { // RecvActTwo processes the second packet (act two) sent from the responder to // the initiator. A successful processing of this packet authenticates the // initiator to the responder. -func (b *Machine) RecvActTwo(actTwo [ActTwoSize]byte) ([33]byte, error) { +func (b *Machine) RecvActTwo(actTwo []byte) ([33]byte, error) { var ( err error e [33]byte @@ -524,9 +561,14 @@ func (b *Machine) RecvActTwo(actTwo [ActTwoSize]byte) ([33]byte, error) { actTwo[:]) } - copy(e[:], actTwo[1:34]) - copy(s[:], actTwo[34:67]) - copy(p[:], actTwo[67:]) + if HandshakeVersion == 0 { + copy(e[:], actTwo[1:34]) + copy(p[:], actTwo[34:]) + } else { + copy(e[:], actTwo[1:34]) + copy(s[:], actTwo[34:67]) + copy(p[:], actTwo[67:]) + } // e b.remoteEphemeral, err = btcec.ParsePubKey(e[:], btcec.S256()) @@ -539,17 +581,19 @@ func (b *Machine) RecvActTwo(actTwo [ActTwoSize]byte) ([33]byte, error) { ee := ecdh(b.remoteEphemeral, b.localEphemeral) b.mixKey(ee) - // s - b.remoteStatic, err = btcec.ParsePubKey(s[:], btcec.S256()) - if err != nil { - return empty, err - } - b.mixHash(b.remoteStatic.SerializeCompressed()) + if HandshakeVersion == 1 { + // s + b.remoteStatic, err = btcec.ParsePubKey(s[:], btcec.S256()) + if err != nil { + return empty, err + } + b.mixHash(b.remoteStatic.SerializeCompressed()) - // es - es := ecdh(b.remoteStatic, b.localEphemeral) - b.mixKey(es) + // es + es := ecdh(b.remoteStatic, b.localEphemeral) + b.mixKey(es) + } _, err = b.DecryptAndHash(p[:]) return s, err } @@ -560,8 +604,9 @@ func (b *Machine) RecvActTwo(actTwo [ActTwoSize]byte) ([33]byte, error) { // the responder. This act also includes the final ECDH operation which yields // the final session. // -> s, se -func (b *Machine) GenActThree() ([ActThreeSize]byte, error) { - var actThree [ActThreeSize]byte +func (b *Machine) GenActThree() ([]byte, error) { + //var actThree [ActThreeSize]byte + actThree := make([]byte, ActThreeSize) // s s := b.localStatic.PubKey().SerializeCompressed() @@ -587,7 +632,7 @@ func (b *Machine) GenActThree() ([ActThreeSize]byte, error) { // the responder. After processing this act, the responder learns of the // initiator's static public key. Decryption of the static key serves to // authenticate the initiator to the responder. -func (b *Machine) RecvActThree(actThree [ActThreeSize]byte) error { +func (b *Machine) RecvActThree(actThree []byte) error { var ( err error s [49]byte diff --git a/qln/init.go b/qln/init.go index a15956fcf..1aa8cb829 100644 --- a/qln/init.go +++ b/qln/init.go @@ -82,6 +82,18 @@ func NewLitNode(privKey *[32]byte, path string, trackerURL string, proxyURL stri nd.OmniOut = make(chan lnutil.LitMsg, 10) nd.OmniIn = make(chan lnutil.LitMsg, 10) + nd.KnownPubkeys = make(map[uint32][33]byte) + var empty [33]byte + i := uint32(1) + for { + pubKey, _ := nd.GetPubHostFromPeerIdx(i) + if pubKey == empty { + log.Printf("Done, tried %d hosts, none matched\n", i-1) + break + } + nd.KnownPubkeys[i] = pubKey + i++ + } // go nd.OmniHandler() go nd.OutMessager() diff --git a/qln/lndb.go b/qln/lndb.go index 784216709..c341d161f 100644 --- a/qln/lndb.go +++ b/qln/lndb.go @@ -132,6 +132,8 @@ type LitNode struct { // The URL from which lit attempts to resolve the LN address TrackerURL string + KnownPubkeys map[uint32][33]byte + ChannelMap map[[20]byte][]lnutil.LinkMsg ChannelMapMtx sync.Mutex AdvTimeout *time.Ticker diff --git a/qln/netio.go b/qln/netio.go index d4d515f9d..0eb7cbaef 100644 --- a/qln/netio.go +++ b/qln/netio.go @@ -9,6 +9,8 @@ import ( "time" "github.com/mit-dci/lit/btcutil/btcec" "github.com/mit-dci/lit/lndc" + "github.com/mit-dci/lit/bech32" + "github.com/mit-dci/lit/crypto/fastsha256" "github.com/mit-dci/lit/lnutil" nat "github.com/mit-dci/lit/nat" ) @@ -161,11 +163,19 @@ func (nd *LitNode) DialPeer(connectAdr string) error { } } + var remotePK [33]byte + for _, pubkey := range nd.KnownPubkeys { + idHash := fastsha256.Sum256(pubkey[:]) + adr := bech32.Encode("ln", idHash[:20]) + if adr == who { + remotePK = pubkey + } + } // get my private ID key idPriv := nd.IdKey() // Assign remote connection - newConn, err := lndc.Dial(idPriv, where, who, net.Dial) + newConn, err := lndc.Dial(idPriv, where, who, remotePK, net.Dial) if err != nil { return err } From e6ca9c30c9f064ad053866833b8559b750699dd5 Mon Sep 17 00:00:00 2001 From: Varunram Date: Sat, 4 Aug 2018 01:22:38 +0530 Subject: [PATCH 2/6] Put global back in --- lndc/conn.go | 12 ++++++------ lndc/noise_test.go | 11 +++++++---- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/lndc/conn.go b/lndc/conn.go index 74a7bb4cb..12d016cc9 100644 --- a/lndc/conn.go +++ b/lndc/conn.go @@ -29,7 +29,7 @@ type Conn struct { // A compile-time assertion to ensure that Conn meets the net.Conn interface. var _ net.Conn = (*Conn)(nil) - +var Noise_XK bool // Dial attempts to establish an encrypted+authenticated connection with the // remote peer located at address which has remotePub as its long-term static // public key. In the case of a handshake failure, the connection is closed and @@ -39,12 +39,12 @@ func Dial(localPriv *btcec.PrivateKey, ipAddr string, remotePKH string, remotePK var conn net.Conn var err error var empty [33]byte - var noise_xk = false + var Noise_XK = false if remotePK != empty { - log.Println("Connecting via noise_XK since we know remotePK") - noise_xk = true + log.Println("Connecting via Noise_XK since we know remotePK") + Noise_XK = true } - if noise_xk { + if Noise_XK { SetConsts() } conn, err = dialer("tcp", ipAddr) @@ -81,7 +81,7 @@ func Dial(localPriv *btcec.PrivateKey, ipAddr string, remotePKH string, remotePK b.conn.Close() return nil, err } - if !noise_xk { + if !Noise_XK { remotePK, err = b.noise.RecvActTwo(actTwo) if err != nil { b.conn.Close() diff --git a/lndc/noise_test.go b/lndc/noise_test.go index bc18b3a3e..e9fe73021 100644 --- a/lndc/noise_test.go +++ b/lndc/noise_test.go @@ -63,7 +63,8 @@ func establishTestConnection(wrong bool) (net.Conn, net.Conn, func(), error) { } remoteConnChan := make(chan maybeNetConn, 1) go func() { - remoteConn, err := Dial(remotePriv, netAddr, pkh, net.Dial) + var empty [33]byte + remoteConn, err := Dial(remotePriv, netAddr, pkh, empty, net.Dial) if err != nil { log.Println(err) } @@ -199,7 +200,8 @@ func TestConcurrentHandshakes(t *testing.T) { } go func() { - remoteConn, err := Dial(remotePriv, netAddr, pubKey, net.Dial) + var empty [33]byte + remoteConn, err := Dial(remotePriv, netAddr, pubKey, empty, net.Dial) connChan <- maybeNetConn{remoteConn, err} }() @@ -342,7 +344,8 @@ func TestBolt0008TestVectors(t *testing.T) { // act one. This should consist of exactly 50 bytes. We'll assert that // the payload return is _exactly_ the same as what's specified within // the test vectors. - actOne, err := initiator.GenActOne() + var empty [33]byte + actOne, err := initiator.GenActOne(empty) if err != nil { t.Fatalf("unable to generate act one: %v", err) } @@ -367,7 +370,7 @@ func TestBolt0008TestVectors(t *testing.T) { // its contribution to the crypto handshake. We'll also verify that we // produce the _exact_ same byte stream as advertised within the spec's // test vectors. - actTwo, err := responder.GenActTwo() + actTwo, err := responder.GenActTwo(byte(1)) if err != nil { t.Fatalf("unable to generate act two: %v", err) } From 12e01b71365bf21ef8ac2f9cd0a1ee1251270111 Mon Sep 17 00:00:00 2001 From: Varunram Date: Tue, 28 Aug 2018 23:01:37 +0530 Subject: [PATCH 3/6] pass a single param to Dial instead of passing an empty slice --- lndc/conn.go | 18 +++++++++++++----- lndc/listener.go | 10 +++++----- lndc/noise.go | 7 +++---- qln/netio.go | 37 ++++++++++++++++++++++++------------- 4 files changed, 45 insertions(+), 27 deletions(-) diff --git a/lndc/conn.go b/lndc/conn.go index 12d016cc9..ff7aaf560 100644 --- a/lndc/conn.go +++ b/lndc/conn.go @@ -34,17 +34,23 @@ var Noise_XK bool // remote peer located at address which has remotePub as its long-term static // public key. In the case of a handshake failure, the connection is closed and // a non-nil error is returned. -func Dial(localPriv *btcec.PrivateKey, ipAddr string, remotePKH string, remotePK [33]byte, +func Dial(localPriv *btcec.PrivateKey, ipAddr string, remoteAddress string, dialer func(string, string) (net.Conn, error)) (*Conn, error) { + + var remotePKH string + var remotePK [33]byte + if len(remoteAddress) == 41 { // its a remotePKH + remotePKH = remoteAddress + } else if len(remoteAddress) == 33 { // remotePK + temp := []byte(remoteAddress) + copy(remotePK[:], temp) + } var conn net.Conn var err error var empty [33]byte - var Noise_XK = false if remotePK != empty { log.Println("Connecting via Noise_XK since we know remotePK") Noise_XK = true - } - if Noise_XK { SetConsts() } conn, err = dialer("tcp", ipAddr) @@ -94,7 +100,9 @@ func Dial(localPriv *btcec.PrivateKey, ipAddr string, remotePKH string, remotePK } } log.Println("Received pubkey", remotePK) - if lnutil.LitAdrFromPubkey(remotePK) != remotePKH { + if lnutil.LitAdrFromPubkey(remotePK) != remotePKH&& !Noise_XK { + // for noise_XK dont check PKH and PK because we'd have already checked this + // the last time we connected to this guy return nil, fmt.Errorf("Remote PKH doesn't match. Quitting!") } log.Printf("Received PKH %s matches", lnutil.LitAdrFromPubkey(remotePK)) diff --git a/lndc/listener.go b/lndc/listener.go index 46020f9d3..89e6d8063 100644 --- a/lndc/listener.go +++ b/lndc/listener.go @@ -113,21 +113,21 @@ func (l *Listener) doHandshake(conn net.Conn) { // connecting node doesn't know our long-term static public key, then // this portion will fail with a non-nil error. actOne := make([]byte, ActOneSize) - log.Println("DEFAULTs", HandshakeVersion) + log.Println("Handshake Version", HandshakeVersion) if _, err := io.ReadFull(conn, actOne[:]); err != nil { lndcConn.conn.Close() l.rejectConn(err) return } + if actOne[0] == 0 { // remote node wants to connect via XK + HandshakeVersion = byte(0) + ActTwoSize = 50 + } // no need for else as default covers XX if err := lndcConn.noise.RecvActOne(actOne); err != nil { lndcConn.conn.Close() l.rejectConn(err) return } - if actOne[0] == 0 { // remote node wants to connect via XK - HandshakeVersion = byte(0) - ActTwoSize = 50 - } // no need for else as default covers XX // Next, progress the handshake processes by sending over our ephemeral // key for the session along with an authenticating tag. actTwo, err := lndcConn.noise.GenActTwo(HandshakeVersion) diff --git a/lndc/noise.go b/lndc/noise.go index e84abf24c..dbed9e15f 100644 --- a/lndc/noise.go +++ b/lndc/noise.go @@ -320,7 +320,7 @@ func EphemeralGenerator(gen func() (*btcec.PrivateKey, error)) func(*Machine) { // XK(s, rs): // INITIATOR <- s // INITIATOR -> e, es RESPONDER -// INITIATOR <- e, ee, RESPONDER +// INITIATOR <- e, ee RESPONDER // INITIATOR -> s, se RESPONDER // s refers to the static key (or public key) belonging to an entity // e refers to the ephemeral key @@ -489,10 +489,9 @@ func (b *Machine) RecvActOne(actOne []byte) error { if actOne[0] == 0 { // es - s := ecdh(b.remoteEphemeral, b.localStatic) - b.mixKey(s) + es := ecdh(b.remoteEphemeral, b.localStatic) + b.mixKey(es) } - _, err = b.DecryptAndHash(p[:]) return err // nil means Act one completed successfully } diff --git a/qln/netio.go b/qln/netio.go index 0eb7cbaef..4de2dbec1 100644 --- a/qln/netio.go +++ b/qln/netio.go @@ -2,17 +2,17 @@ package qln import ( "fmt" - "log" - "net" - "strings" - "strconv" - "time" - "github.com/mit-dci/lit/btcutil/btcec" - "github.com/mit-dci/lit/lndc" "github.com/mit-dci/lit/bech32" + "github.com/mit-dci/lit/btcutil/btcec" "github.com/mit-dci/lit/crypto/fastsha256" + "github.com/mit-dci/lit/lndc" "github.com/mit-dci/lit/lnutil" nat "github.com/mit-dci/lit/nat" + "log" + "net" + "strconv" + "strings" + "time" ) // Gets the list of ports where LitNode is listening for incoming connections, @@ -164,22 +164,33 @@ func (nd *LitNode) DialPeer(connectAdr string) error { } var remotePK [33]byte + var noisexk bool for _, pubkey := range nd.KnownPubkeys { idHash := fastsha256.Sum256(pubkey[:]) adr := bech32.Encode("ln", idHash[:20]) if adr == who { remotePK = pubkey + noisexk = true } } // get my private ID key idPriv := nd.IdKey() - + var newConn *lndc.Conn // Assign remote connection - newConn, err := lndc.Dial(idPriv, where, who, remotePK, net.Dial) - if err != nil { - return err + if noisexk { + var remotePKdup [33]byte + temp := []byte(string(remotePK[:])) + copy(remotePKdup[:], temp) + newConn, err = lndc.Dial(idPriv, where, string(remotePK[:]), net.Dial) + if err != nil { + return err + } + } else { + newConn, err = lndc.Dial(idPriv, where, who, net.Dial) + if err != nil { + return err + } } - // if connect is successful, either query for already existing peer index, or // if the peer is new, make a new index, and save the hostname&port @@ -233,7 +244,7 @@ func (nd *LitNode) OutMessager() { type PeerInfo struct { PeerNumber uint32 RemoteHost string - LitAdr string + LitAdr string Nickname string } From 36171eb61d2a3295301be8ed1ca9f5395c17ea9c Mon Sep 17 00:00:00 2001 From: Varunram Date: Tue, 28 Aug 2018 23:11:31 +0530 Subject: [PATCH 4/6] make tests work --- lndc/noise_test.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lndc/noise_test.go b/lndc/noise_test.go index e9fe73021..5fcba6dd5 100644 --- a/lndc/noise_test.go +++ b/lndc/noise_test.go @@ -63,8 +63,7 @@ func establishTestConnection(wrong bool) (net.Conn, net.Conn, func(), error) { } remoteConnChan := make(chan maybeNetConn, 1) go func() { - var empty [33]byte - remoteConn, err := Dial(remotePriv, netAddr, pkh, empty, net.Dial) + remoteConn, err := Dial(remotePriv, netAddr, pkh, net.Dial) if err != nil { log.Println(err) } @@ -200,8 +199,7 @@ func TestConcurrentHandshakes(t *testing.T) { } go func() { - var empty [33]byte - remoteConn, err := Dial(remotePriv, netAddr, pubKey, empty, net.Dial) + remoteConn, err := Dial(remotePriv, netAddr, pubKey, net.Dial) connChan <- maybeNetConn{remoteConn, err} }() From daed60f1b47354e945f72e163087d9f898b9efd8 Mon Sep 17 00:00:00 2001 From: Varunram Date: Tue, 28 Aug 2018 23:43:01 +0530 Subject: [PATCH 5/6] differentiate based on ln1 prefix --- lndc/conn.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lndc/conn.go b/lndc/conn.go index ff7aaf560..e51facb9f 100644 --- a/lndc/conn.go +++ b/lndc/conn.go @@ -39,7 +39,7 @@ func Dial(localPriv *btcec.PrivateKey, ipAddr string, remoteAddress string, var remotePKH string var remotePK [33]byte - if len(remoteAddress) == 41 { // its a remotePKH + if remoteAddress[0:3] == "ln1" { // its a remote PKH remotePKH = remoteAddress } else if len(remoteAddress) == 33 { // remotePK temp := []byte(remoteAddress) @@ -100,7 +100,7 @@ func Dial(localPriv *btcec.PrivateKey, ipAddr string, remoteAddress string, } } log.Println("Received pubkey", remotePK) - if lnutil.LitAdrFromPubkey(remotePK) != remotePKH&& !Noise_XK { + if lnutil.LitAdrFromPubkey(remotePK) != remotePKH && !Noise_XK { // for noise_XK dont check PKH and PK because we'd have already checked this // the last time we connected to this guy return nil, fmt.Errorf("Remote PKH doesn't match. Quitting!") From ca913908ec98966474ee7b3b73601ecae3b11493 Mon Sep 17 00:00:00 2001 From: Gert-Jaap Glasbergen Date: Tue, 11 Sep 2018 11:23:14 +0200 Subject: [PATCH 6/6] Logging code change --- qln/init.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qln/init.go b/qln/init.go index 6db3e0c4a..c2aff365c 100644 --- a/qln/init.go +++ b/qln/init.go @@ -91,7 +91,7 @@ func NewLitNode(privKey *[32]byte, path string, trackerURL string, proxyURL stri for { pubKey, _ := nd.GetPubHostFromPeerIdx(i) if pubKey == empty { - log.Printf("Done, tried %d hosts, none matched\n", i-1) + logging.Infof("Done, tried %d hosts, none matched\n", i-1) break } nd.KnownPubkeys[i] = pubKey