-
Notifications
You must be signed in to change notification settings - Fork 912
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hsmd: make get_per_commitment_point unconditionally safe by not returning secret #7178
hsmd: make get_per_commitment_point unconditionally safe by not returning secret #7178
Conversation
The short-term fix for the VLS crash is merged on our side as in https://gitlab.com/lightning-signer/validating-lightning-signer/-/merge_requests/643 The matching "clean fix" on the VLS side to be matched w/ the last two commits of this PR is https://gitlab.com/lightning-signer/validating-lightning-signer/-/merge_requests/641 |
@@ -434,7 +434,7 @@ static struct io_plan *init_hsm(struct io_conn *conn, | |||
struct secret *hsm_encryption_key; | |||
struct bip32_key_version bip32_key_version; | |||
u32 minversion, maxversion; | |||
const u32 our_minversion = 4, our_maxversion = 5; | |||
const u32 our_minversion = 4, our_maxversion = 6; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am still thinking that this value should be equal to the constant values defined inside the common/hsm_version.h
, but this is an off the book comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK 1b98ea8
Ack 1b98ea8 |
Changelog-None: shouldn't affect others HSM_MIN_VERSION is 5 which implies use of WIRE_HSMD_REVOKE_COMMITMENT_TX; prune branches that can't happen.
Changelog-None: internal to channeld Since we don't need a special path for early old_secrets from validate we can factor out duplicate code.
Changelog-None: channeld internal This factoring makes it much clearer which callers only need the pubkey and which only need the old_secret. VLS has merged a workaround which prevents crashing when fetching a per-commitment-point beyond the allowed range (the secret is just not returned in this case. https://gitlab.com/lightning-signer/validating-lightning-signer/-/merge_requests/643 In HSM_VERSION 6 the semantic is cleaned up; get_per_commitment_point never returns a secret and safely be called on any commitment number.
Changelog-None: hsmd internals
Changelog-Changed: hsmd: HSM_VERSION 6: get_per_commitment_point does not imply index - 2 is revoked, makes it safe to call on any index.
Changelog-Changed: hsmd: the hsmd now supports HSM_VERSION 6 This is actually optional, everything would be ok leaving native hsmd support at HSM_VERSION 5 instead.
1b98ea8
to
e1807b0
Compare
Removes returned old_secret from get_per_commitment_point making it safe to call on all commits
Motivation: When get_per_commitment_point returns the old secret it implies a revocation of index - 2. This causes a crash when VLS has validated a commitment but not seen the following revoke of the prior and the channel is asynchronously restarted. See https://gitlab.com/lightning-signer/validating-lightning-signer/-/issues/469
The last two commits in this PR are somewhat optional: by increasing the HSM_VERSION to 6 we can inform the signer that it should never return an old_secret (and therefore can't fail). The native hsmd implementation doesn't have the safety issue and it would be ok to leave it at HSM_VERSION 5. But it's cleaner to have consistent semantics.
All but the last two commits in the PR sequence are cleanup and reduction refactoring and worth considering even if an HSM_VERSION change is not considered.
Cleanup and refactoring Includes: