Generalize next_hop_packet_pubkey onion util

Useful for generating a next hop blinding point when forwarding a blinded
payment.

Author: valentinewallace

lightning/src/blinded_path/mod.rs

@@ -11,9 +11,7 @@
 
 pub(crate) mod utils;
 
-use bitcoin::hashes::{Hash, HashEngine};
-use bitcoin::hashes::sha256::Hash as Sha256;
-use bitcoin::secp256k1::{self, PublicKey, Scalar, Secp256k1, SecretKey};
+use bitcoin::secp256k1::{self, PublicKey, Secp256k1, SecretKey};
 
 use crate::sign::{EntropySource, NodeSigner, Recipient};
 use crate::onion_message::ControlTlvs;
@@ -97,14 +95,8 @@ impl BlindedPath {
 				let mut new_blinding_point = match next_blinding_override {
 					Some(blinding_point) => blinding_point,
 					None => {
-						let blinding_factor = {
-							let mut sha = Sha256::engine();
-							sha.input(&self.blinding_point.serialize()[..]);
-							sha.input(control_tlvs_ss.as_ref());
-							Sha256::from_engine(sha).into_inner()
-						};
-						self.blinding_point.mul_tweak(secp_ctx, &Scalar::from_be_bytes(blinding_factor).unwrap())
-							.map_err(|_| ())?
+						onion_utils::next_hop_pubkey(secp_ctx, self.blinding_point,
+							control_tlvs_ss.as_ref()).map_err(|_| ())?
 					}
 				};
 				mem::swap(&mut self.blinding_point, &mut new_blinding_point);

lightning/src/ln/channelmanager.rs

@@ -2868,9 +2868,9 @@ where
 					short_channel_id, amt_to_forward, outgoing_cltv_value
 				}, ..
 			} => {
-				let next_pk = onion_utils::next_hop_packet_pubkey(&self.secp_ctx,
+				let next_packet_pk = onion_utils::next_hop_pubkey(&self.secp_ctx,
 					msg.onion_routing_packet.public_key.unwrap(), &shared_secret);
-				(short_channel_id, amt_to_forward, outgoing_cltv_value, Some(next_pk))
+				(short_channel_id, amt_to_forward, outgoing_cltv_value, Some(next_packet_pk))
 			},
 			// We'll do receive checks in [`Self::construct_pending_htlc_info`] so we have access to the
 			// inbound channel's state.

lightning/src/ln/onion_utils.rs

@@ -91,15 +91,18 @@ pub(super) fn gen_pad_from_shared_secret(shared_secret: &[u8]) -> [u8; 32] {
 	Hmac::from_engine(hmac).into_inner()
 }
 
-pub(crate) fn next_hop_packet_pubkey<T: secp256k1::Signing + secp256k1::Verification>(secp_ctx: &Secp256k1<T>, packet_pubkey: PublicKey, packet_shared_secret: &[u8; 32]) -> Result<PublicKey, secp256k1::Error> {
+/// Calculates a pubkey for the next hop, such as the next hop's packet pubkey or blinding point.
+pub(crate) fn next_hop_pubkey<T: secp256k1::Signing + secp256k1::Verification>(
+	secp_ctx: &Secp256k1<T>, curr_pubkey: PublicKey, shared_secret: &[u8]
+) -> Result<PublicKey, secp256k1::Error> {
 	let blinding_factor = {
 		let mut sha = Sha256::engine();
-		sha.input(&packet_pubkey.serialize()[..]);
-		sha.input(packet_shared_secret);
+		sha.input(&curr_pubkey.serialize()[..]);
+		sha.input(shared_secret);
 		Sha256::from_engine(sha).into_inner()
 	};
 
-	packet_pubkey.mul_tweak(secp_ctx, &Scalar::from_be_bytes(blinding_factor).unwrap())
+	curr_pubkey.mul_tweak(secp_ctx, &Scalar::from_be_bytes(blinding_factor).unwrap())
 }
 
 // can only fail if an intermediary hop has an invalid public key or session_priv is invalid

lightning/src/onion_message/messenger.rs

@@ -490,7 +490,7 @@ where
 				// unwrapping the onion layers to get to the final payload. Since we don't have the option
 				// of creating blinded paths with dummy hops currently, we should be ok to not handle this
 				// for now.
-				let new_pubkey = match onion_utils::next_hop_packet_pubkey(&self.secp_ctx, msg.onion_routing_packet.public_key, &onion_decode_ss) {
+				let new_pubkey = match onion_utils::next_hop_pubkey(&self.secp_ctx, msg.onion_routing_packet.public_key, &onion_decode_ss) {
 					Ok(pk) => pk,
 					Err(e) => {
 						log_trace!(self.logger, "Failed to compute next hop packet pubkey: {}", e);
@@ -507,21 +507,16 @@ where
 					blinding_point: match next_blinding_override {
 						Some(blinding_point) => blinding_point,
 						None => {
-							let blinding_factor = {
-								let mut sha = Sha256::engine();
-								sha.input(&msg.blinding_point.serialize()[..]);
-								sha.input(control_tlvs_ss.as_ref());
-								Sha256::from_engine(sha).into_inner()
-							};
-							let next_blinding_point = msg.blinding_point;
-							match next_blinding_point.mul_tweak(&self.secp_ctx, &Scalar::from_be_bytes(blinding_factor).unwrap()) {
+							match onion_utils::next_hop_pubkey(
+								&self.secp_ctx, msg.blinding_point, control_tlvs_ss.as_ref()
+							) {
 								Ok(bp) => bp,
 								Err(e) => {
 									log_trace!(self.logger, "Failed to compute next blinding point: {}", e);
 									return
 								}
 							}
-						},
+						}
 					},
 					onion_routing_packet: outgoing_packet,
 				};