[Lightning-dev] Onion routing strawman proposal

Anthony Towns aj at erisian.com.au
Sun Oct 4 05:57:17 UTC 2015


On Sun, Oct 04, 2015 at 02:38:56AM +1000, Anthony Towns wrote:
> Sigh. I've had a go at reimplementing it in python, but ...

But nothing! The decoding/forwarding is successfully working in python
with pyelliptic. (I'm running the HMAC twice rather than actually working
out y)

$ test/test_onion 15 > TEST.OUT
$ python test/test_onion.py < TEST.OUT
Message to 0
Message to 1
Message to 2
Message to 3
Message to 4
Message to 5
Message to 6
Message to 7
Message to 8
Message to 9
Message to 10
Message to 11
Message to 12
Message to 13
Message to 14
done

I changed test_onion.c to output the generated node keypairs (private
key and non-compressed public key) and to dump the first message, like
so:

$ grep -v Decrypting TEST.OUT | tail -n3 | cut -c1-300
 * Keypair 13: 3f62802944de7ca5894e5759d351adac869580ec17e485f18c0c66f17cc07cbb 047d1b9ad310727493cf5fab067ec9b7476eac30eca03348ddce13f63f73ccce235dfa2807ab608a81628df72aa29d16c284379e8a48e2ddc1b98cfccf07c12a42
 * Keypair 14: 22fce466da610b63af62bc83b4692f3affaf271693ac071fb86d11342d8def4f 045319588ea4788b57452821af386aaf25842c96e680fc3a0f16076bd4bf21f1647144bc5ff1e492fcb6c12c1f893a02dc5d12ba85d96d4eaea0faaeded0f452fa
 * Message: 9c9e39281020fe4e4193ba2c1147753038c88e7ca98f4cbc1e074011fc0f85f15dd7576d9e400779eff31b27872b7762e1844447a92772a0bd495f86389a9ae0eae16f0f8dff246d57156a3a5aa36ebae2eaafd50e3bb7e08fc6b97e435b8e62f715980068f23bcf6c177d50b61507efdaf377fd1de20374ca556ec323acd7533e19031c36945e895be7935ec9d6c181

Eh, I made it a pull request; those are fun right?

https://github.com/ElementsProject/lightning/pull/8

Some notes:

 - AES128 just uses the first half of the calculated enckey, iv and
   pad_iv
 - I couldn't get pyCrypto's AES128 to work -- I think because I wasn't
   sure exactly how openssl turns an "IV" into a "counter". I couldn't
   find docs on what openssl is trying to do here either, but didn't
   bother looking at the source
 - since libsecp256k1 already sha256s the ecdh secret; the hmac/enckey/etc
   end up being sha256'ed twice (with a byte added in between). confused
   me for a minute.

Cheers,
aj


More information about the Lightning-dev mailing list