Use NodeSigner::ecdh to compute SharedSecrets

Author: wpaulino

fuzz/src/peer_crypt.rs

@@ -11,7 +11,7 @@ use lightning::ln::peer_channel_encryptor::PeerChannelEncryptor;
 
 use bitcoin::secp256k1::{Secp256k1, PublicKey, SecretKey};
 
-use crate::utils::test_logger;
+use crate::utils::{test_logger, test_node_signer};
 
 #[inline]
 fn slice_to_be16(v: &[u8]) -> u16 {
@@ -41,6 +41,7 @@ pub fn do_test(data: &[u8]) {
 		Ok(key) => key,
 		Err(_) => return,
 	};
+	let node_signer = test_node_signer::TestNodeSigner::new(our_network_key);
 	let ephemeral_key = match SecretKey::from_slice(get_slice!(32)) {
 		Ok(key) => key,
 		Err(_) => return,
@@ -53,15 +54,15 @@ pub fn do_test(data: &[u8]) {
 		};
 		let mut crypter = PeerChannelEncryptor::new_outbound(their_pubkey, ephemeral_key);
 		crypter.get_act_one(&secp_ctx);
-		match crypter.process_act_two(get_slice!(50), &our_network_key, &secp_ctx) {
+		match crypter.process_act_two(get_slice!(50), &&node_signer) {
 			Ok(_) => {},
 			Err(_) => return,
 		}
 		assert!(crypter.is_ready_for_encryption());
 		crypter
 	} else {
-		let mut crypter = PeerChannelEncryptor::new_inbound(&our_network_key, &secp_ctx);
-		match crypter.process_act_one_with_keys(get_slice!(50), &our_network_key, ephemeral_key, &secp_ctx) {
+		let mut crypter = PeerChannelEncryptor::new_inbound(&&node_signer);
+		match crypter.process_act_one_with_keys(get_slice!(50), &&node_signer, ephemeral_key, &secp_ctx) {
 			Ok(_) => {},
 			Err(_) => return,
 		}

fuzz/src/utils/mod.rs

@@ -9,3 +9,4 @@
 
 pub mod test_logger;
 pub mod test_persister;
+pub mod test_node_signer;

fuzz/src/utils/test_node_signer.rs

@@ -0,0 +1,64 @@
+// This file is Copyright its original authors, visible in version control
+// history.
+//
+// This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
+// or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
+// You may not use this file except in accordance with one or both of these
+// licenses.
+
+use bitcoin::secp256k1::{PublicKey, SecretKey, Secp256k1};
+use bitcoin::secp256k1::ecdh::SharedSecret;
+
+use lightning::chain::keysinterface::{NodeSigner, Recipient};
+
+pub struct TestNodeSigner {
+	node_secret: SecretKey,
+}
+
+impl TestNodeSigner {
+	pub fn new(node_secret: SecretKey) -> Self {
+		Self { node_secret }
+	}
+}
+
+impl NodeSigner for TestNodeSigner {
+	fn get_node_secret(&self, recipient: Recipient) -> Result<SecretKey, ()> {
+		let node_secret = match recipient {
+			Recipient::Node => Ok(self.node_secret.clone()),
+			Recipient::PhantomNode => Err(())
+		}?;
+		Ok(node_secret)
+	}
+
+	fn get_inbound_payment_key_material(&self) -> lightning::chain::keysinterface::KeyMaterial {
+		unreachable!()
+	}
+
+	fn get_node_id(&self, recipient: Recipient) -> Result<PublicKey, ()> {
+		let node_secret = match recipient {
+			Recipient::Node => Ok(&self.node_secret),
+			Recipient::PhantomNode => Err(())
+		}?;
+		Ok(PublicKey::from_secret_key(&Secp256k1::new(), node_secret))
+	}
+
+	fn ecdh(&self, recipient: Recipient, other_key: &PublicKey, tweak: Option<&bitcoin::secp256k1::Scalar>) -> Result<SharedSecret, ()> {
+		let mut node_secret = match recipient {
+			Recipient::Node => Ok(self.node_secret.clone()),
+			Recipient::PhantomNode => Err(())
+		}?;
+		if let Some(tweak) = tweak {
+			node_secret = node_secret.mul_tweak(tweak).map_err(|_| ())?;
+		}
+		Ok(SharedSecret::new(other_key, &node_secret))
+	}
+
+	fn sign_invoice(&self, _: &[u8], _: &[bitcoin::bech32::u5], _: Recipient) -> Result<bitcoin::secp256k1::ecdsa::RecoverableSignature, ()> {
+		unreachable!()
+	}
+
+	fn sign_gossip_message(&self, _: lightning::ln::msgs::UnsignedGossipMessage) -> Result<bitcoin::secp256k1::ecdsa::Signature, ()> {
+		unreachable!()
+	}
+}

lightning/src/ln/channelmanager.rs

@@ -30,7 +30,6 @@ use bitcoin::hash_types::{BlockHash, Txid};
 
 use bitcoin::secp256k1::{SecretKey,PublicKey};
 use bitcoin::secp256k1::Secp256k1;
-use bitcoin::secp256k1::ecdh::SharedSecret;
 use bitcoin::{LockTime, secp256k1, Sequence};
 
 use crate::chain;
@@ -2016,7 +2015,9 @@ where
 			return_malformed_err!("invalid ephemeral pubkey", 0x8000 | 0x4000 | 6);
 		}
 
-		let shared_secret = SharedSecret::new(&msg.onion_routing_packet.public_key.unwrap(), &self.our_network_key).secret_bytes();
+		let shared_secret = self.node_signer.ecdh(
+			Recipient::Node, &msg.onion_routing_packet.public_key.unwrap(), None
+		).unwrap().secret_bytes();
 
 		if msg.onion_routing_packet.version != 0 {
 			//TODO: Spec doesn't indicate if we should only hash hop_data here (and in other
@@ -2924,9 +2925,9 @@ where
 											}
 										}
 										if let PendingHTLCRouting::Forward { onion_packet, .. } = routing {
-											let phantom_secret_res = self.node_signer.get_node_secret(Recipient::PhantomNode);
-											if phantom_secret_res.is_ok() && fake_scid::is_valid_phantom(&self.fake_scid_rand_bytes, short_chan_id, &self.genesis_hash) {
-												let phantom_shared_secret = SharedSecret::new(&onion_packet.public_key.unwrap(), &phantom_secret_res.unwrap()).secret_bytes();
+											let phantom_pubkey_res = self.node_signer.get_node_id(Recipient::PhantomNode);
+											if phantom_pubkey_res.is_ok() && fake_scid::is_valid_phantom(&self.fake_scid_rand_bytes, short_chan_id, &self.genesis_hash) {
+												let phantom_shared_secret = self.node_signer.ecdh(Recipient::PhantomNode, &onion_packet.public_key.unwrap(), None).unwrap().secret_bytes();
 												let next_hop = match onion_utils::decode_next_payment_hop(phantom_shared_secret, &onion_packet.hop_data, onion_packet.hmac, payment_hash) {
 													Ok(res) => res,
 													Err(onion_utils::OnionDecodeErr::Malformed { err_msg, err_code }) => {