Expand utility of secondary shared secrets

arik-so · arik-so · commit 18606a07cca7 · 2025-03-03T18:01:19.000-08:00
When encrypting errors, we currently have the ability to use two shared
secrets for Phantom Node payments.

Trampoline also requires the re-encryption of encrypted errors, first
using the Trampoline shared secret, and then using the outer one.

Given these two cryptographically equivalent use cases, we're renaming
the phantom_shared_secret parameter to secondary_shared_secret, and
explaining the now two contexts in which it will be applicable.
diff --git a/lightning/src/ln/onion_utils.rs b/lightning/src/ln/onion_utils.rs
@@ -1329,19 +1329,25 @@ impl HTLCFailReason {
 		Self(HTLCFailReasonRepr::LightningError { err: msg.reason.clone() })
 	}
 
+	/// Encrypted a failure packet using a shared secret.
+	///
+	/// For phantom nodes or inner Trampoline onions, a secondary_shared_secret can be passed, which
+	/// will be used to encrypt the failure packet before applying the outer encryption step using
+	/// incoming_packet_shared_secret.
 	pub(super) fn get_encrypted_failure_packet(
-		&self, incoming_packet_shared_secret: &[u8; 32], phantom_shared_secret: &Option<[u8; 32]>,
+		&self, incoming_packet_shared_secret: &[u8; 32], secondary_shared_secret: &Option<[u8; 32]>,
 	) -> msgs::OnionErrorPacket {
 		match self.0 {
 			HTLCFailReasonRepr::Reason { ref failure_code, ref data } => {
-				if let Some(phantom_ss) = phantom_shared_secret {
-					let phantom_packet =
-						build_failure_packet(phantom_ss, *failure_code, &data[..]).encode();
-					let encrypted_phantom_packet =
-						encrypt_failure_packet(phantom_ss, &phantom_packet);
+				if let Some(secondary_shared_secret) = secondary_shared_secret {
+					let inner_packet =
+						build_failure_packet(secondary_shared_secret, *failure_code, &data[..])
+							.encode();
+					let encrypted_inner_packet =
+						encrypt_failure_packet(secondary_shared_secret, &inner_packet);
 					encrypt_failure_packet(
 						incoming_packet_shared_secret,
-						&encrypted_phantom_packet.data[..],
+						&encrypted_inner_packet.data[..],
 					)
 				} else {
 					let packet = build_failure_packet(
