Skip to content

Remove get_node_secret from NodeSigner #1951

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jan 19, 2023
Merged

Remove get_node_secret from NodeSigner #1951

merged 6 commits into from
Jan 19, 2023

Conversation

wpaulino
Copy link
Contributor

@wpaulino wpaulino commented Jan 14, 2023
edited
Loading

Secrets should not be exposed in-memory at the interface level as it would be impossible the implement it against a hardware security module/secure element.

Fixes #1819.

@codecov-commenter
Copy link

codecov-commenter commented Jan 14, 2023
edited
Loading

Codecov Report

Base: 90.73% // Head: 90.68% // Decreases project coverage by -0.05% ⚠️

Coverage data is based on head (8887b51) compared to base (98417a1).
Patch coverage: 80.54% of modified lines in pull request are covered.

❗ Current head 8887b51 differs from pull request most recent head acd2ae6. Consider uploading reports for the commit acd2ae6 to get more accurate results

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1951      +/-   ##
==========================================
- Coverage   90.73%   90.68%   -0.05%     
==========================================
  Files          97       97              
  Lines       50588    50660      +72     
  Branches    50588    50660      +72     
==========================================
+ Hits        45900    45941      +41     
- Misses       4688     4719      +31
Impacted Files Coverage Δ
lightning/src/chain/channelmonitor.rs 90.97% <ø> (-0.06%) ⬇️
lightning/src/ln/onion_route_tests.rs 97.63% <ø> (ø)
lightning/src/chain/keysinterface.rs 83.46% <50.00%> (-0.36%) ⬇️
lightning/src/util/test_utils.rs 72.04% <63.33%> (+0.74%) ⬆️
lightning-net-tokio/src/lib.rs 76.83% <71.87%> (-0.94%) ⬇️
lightning/src/ln/msgs.rs 86.01% <83.33%> (-0.02%) ⬇️
lightning/src/ln/peer_channel_encryptor.rs 91.94% <85.71%> (-1.44%) ⬇️
lightning/src/ln/channel.rs 89.02% <95.23%> (+0.25%) ⬆️
lightning-background-processor/src/lib.rs 95.46% <100.00%> (ø)
lightning/src/ln/channelmanager.rs 87.10% <100.00%> (-0.04%) ⬇️
... and 14 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

arik-so
arik-so requested changes Jan 14, 2023
View reviewed changes
Copy link
Contributor

@arik-so arik-so left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm super excited about this PR. It's very obvious how much sweat has gone into this, so I hope we can land this soon without needing a bunch of rebases on the way.

@wpaulino wpaulino force-pushed the remove-get-node-secret branch from 6111eb7 to a74da34 Compare January 14, 2023 21:57
@wpaulino wpaulino mentioned this pull request Jan 14, 2023
Closed
TheBlueMatt
TheBlueMatt reviewed Jan 15, 2023
View reviewed changes
Copy link
Collaborator

@TheBlueMatt TheBlueMatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically LGTM, needs rebase after #1946.

@TheBlueMatt
Copy link
Collaborator

I'd strongly prefer PRs this big be split into a few commits, this adds new signing methods that could be their own commit, refactors fuzzers that could, etc.

@wpaulino wpaulino force-pushed the remove-get-node-secret branch 2 times, most recently from 6069c13 to d2f885e Compare January 18, 2023 00:22
@arik-so arik-so mentioned this pull request Jan 18, 2023
Merged
@arik-so
Copy link
Contributor

arik-so commented Jan 18, 2023

LGTM, barring the newly arisen merge conflict.

@wpaulino wpaulino force-pushed the remove-get-node-secret branch from d2f885e to 02f1674 Compare January 18, 2023 19:25
@TheBlueMatt
Copy link
Collaborator

It should be super trivial to split this commit into, at least (a) the addition/use of sign_gossip_message, (b) the use of ecdh in a few more places, (c) the removal of get_node_secret.

@wpaulino wpaulino force-pushed the remove-get-node-secret branch from 02f1674 to 8887b51 Compare January 18, 2023 22:27
arik-so
arik-so reviewed Jan 18, 2023
View reviewed changes
fuzz/src/full_stack.rs
@@ -183,7 +183,7 @@ impl<'a> std::hash::Hash for Peer<'a> {
type ChannelMan<'a> = ChannelManager<
Arc<chainmonitor::ChainMonitor<EnforcingSigner, Arc<dyn chain::Filter>, Arc<TestBroadcaster>, Arc<FuzzEstimator>, Arc<dyn Logger>, Arc<TestPersister>>>,
Arc<TestBroadcaster>, Arc<KeyProvider>, Arc<KeyProvider>, Arc<KeyProvider>, Arc<FuzzEstimator>, &'a FuzzRouter, Arc<dyn Logger>>;
type PeerMan<'a> = PeerManager<Peer<'a>, Arc<ChannelMan<'a>>, Arc<P2PGossipSync<Arc<NetworkGraph<Arc<dyn Logger>>>, Arc<dyn chain::Access>, Arc<dyn Logger>>>, IgnoringMessageHandler, Arc<dyn Logger>, IgnoringMessageHandler>;
type PeerMan<'a> = PeerManager<Peer<'a>, Arc<ChannelMan<'a>>, Arc<P2PGossipSync<Arc<NetworkGraph<Arc<dyn Logger>>>, Arc<dyn chain::Access>, Arc<dyn Logger>>>, IgnoringMessageHandler, Arc<dyn Logger>, IgnoringMessageHandler, Arc<KeyProvider>>;
Copy link
Contributor

@arik-so arik-so Jan 18, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this technically has nothing to do with this PR and I know that this is just a fuzz test, but PeerMan and ChannelMan are horrible type names. At some point we should rename them to something more meaningful.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's just a peer, man.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PeerWoman is underrepresented.

@wpaulino wpaulino force-pushed the remove-get-node-secret branch 2 times, most recently from da154e7 to e253c04 Compare January 19, 2023 00:00
TheBlueMatt
TheBlueMatt reviewed Jan 19, 2023
View reviewed changes
TheBlueMatt and others added 2 commits January 18, 2023 16:57
@TheBlueMatt @wpaulino
Always set _test_utils when building lightning for some tests
f3a6ca4 
This ensures that we hit additional assertions which are intended
to always be run in tests.
@wpaulino
Remove unused NodeSigner implementations in tests
aee9952 
These implementations have every method panic, so assuming that the test
suite passes, these implementations are never used.
@wpaulino wpaulino force-pushed the remove-get-node-secret branch from e253c04 to 7fcbdf1 Compare January 19, 2023 00:58
@wpaulino
Add NodeSigner::sign_gossip_message
db0d6ec 
Adds signing capability to NodeSigner for all gossip messages that
require a node signature.
@wpaulino
Sign gossip messages with NodeSigner
19c4468
@wpaulino
Use NodeSigner::ecdh to compute SharedSecrets
9133bea
@wpaulino
Remove NodeSigner::get_node_secret
acd2ae6 
Secrets should not be exposed in-memory at the interface level as it
would be impossible the implement it against a hardware security
module/secure element.
@wpaulino wpaulino force-pushed the remove-get-node-secret branch from 7fcbdf1 to acd2ae6 Compare January 19, 2023 01:23
@TheBlueMatt TheBlueMatt merged commit 153b048 into lightningdevkit:main Jan 19, 2023
@wpaulino wpaulino deleted the remove-get-node-secret branch January 19, 2023 10:06
@wpaulino wpaulino mentioned this pull request Mar 3, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arik-so arik-so arik-so approved these changes

@TheBlueMatt TheBlueMatt TheBlueMatt approved these changes

Assignees

@TheBlueMatt TheBlueMatt

@arik-so arik-so

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove get_node_secret
4 participants
@wpaulino @codecov-commenter @TheBlueMatt @arik-so