crypto+sphinx: add error return value

guggero · matheusd · commit 5b732fe3bc98 · 2020-09-07T11:44:27.000-03:00
This is a preparatory commit that adds an error return value to the
generateSharedSecret and generateSharedSecrets method. This is needed
because the interface we want to abstract the onion key behind has
an error return value too.
diff --git a/crypto.go b/crypto.go
@@ -228,8 +228,7 @@ func (r *Router) generateSharedSecret(dhKey *secp256k1.PublicKey) (Hash256, erro
 	}
 
 	// Compute our shared secret.
-	sharedSecret = generateSharedSecret(dhKey, r.onionKey)
-	return sharedSecret, nil
+	return generateSharedSecret(dhKey, r.onionKey)
 }
 
 // generateSharedSecret generates the shared secret for a particular hop. The
@@ -238,7 +237,8 @@ func (r *Router) generateSharedSecret(dhKey *secp256k1.PublicKey) (Hash256, erro
 // key. We then take the _entire_ point generated by the ECDH operation,
 // serialize that using a compressed format, then feed the raw bytes through a
 // single SHA256 invocation.  The resulting value is the shared secret.
-func generateSharedSecret(pub *secp256k1.PublicKey, priv *secp256k1.PrivateKey) Hash256 {
+func generateSharedSecret(pub *secp256k1.PublicKey, priv *secp256k1.PrivateKey) (Hash256,
+	error) {
 	var modNScalar secp256k1.ModNScalar
 	modNScalar.SetByteSlice(priv.ToECDSA().D.Bytes())
 
@@ -250,8 +250,7 @@ func generateSharedSecret(pub *secp256k1.PublicKey, priv *secp256k1.PrivateKey)
 	result.ToAffine()
 
 	s := secp256k1.NewPublicKey(&result.X, &result.Y)
-
-	return sha256.Sum256(s.SerializeCompressed())
+	return sha256.Sum256(s.SerializeCompressed()), nil
 }
 
 // onionEncrypt obfuscates the data with compliance with BOLT#4. As we use a
@@ -288,10 +287,14 @@ func (o *OnionErrorDecrypter) DecryptError(encryptedData []byte) (
 			len(encryptedData))
 	}
 
-	sharedSecrets := generateSharedSecrets(
+	sharedSecrets, err := generateSharedSecrets(
 		o.circuit.PaymentPath,
 		o.circuit.SessionKey,
 	)
+	if err != nil {
+		return nil, fmt.Errorf("error generating shared secret: %v",
+			err)
+	}
 
 	var (
 		sender      int
diff --git a/obfuscation_test.go b/obfuscation_test.go
@@ -29,7 +29,10 @@ func TestOnionFailure(t *testing.T) {
 	errorPath := paymentPath[:len(paymentPath)-1]
 
 	failureData := bytes.Repeat([]byte{'A'}, onionErrorLength-sha256.Size)
-	sharedSecrets := generateSharedSecrets(paymentPath, sessionKey)
+	sharedSecrets, err := generateSharedSecrets(paymentPath, sessionKey)
+	if err != nil {
+		t.Fatalf("Unexpected error while generating secrets: %v", err)
+	}
 
 	// Emulate creation of the obfuscator on node where error have occurred.
 	obfuscator := &OnionErrorEncrypter{
@@ -193,7 +196,10 @@ func TestOnionFailureSpecVector(t *testing.T) {
 	}
 
 	var obfuscatedData []byte
-	sharedSecrets := generateSharedSecrets(paymentPath, sessionKey)
+	sharedSecrets, err := generateSharedSecrets(paymentPath, sessionKey)
+	if err != nil {
+		t.Fatalf("Unexpected error while generating secrets: %v", err)
+	}
 	for i, test := range onionErrorData {
 
 		// Decode the shared secret and check that it matchs with
diff --git a/sphinx.go b/sphinx.go
@@ -117,7 +117,7 @@ type OnionPacket struct {
 // generateSharedSecrets by the given nodes pubkeys, generates the shared
 // secrets.
 func generateSharedSecrets(paymentPath []*secp256k1.PublicKey,
-	sessionKey *secp256k1.PrivateKey) []Hash256 {
+	sessionKey *secp256k1.PrivateKey) ([]Hash256, error) {
 
 	// Each hop performs ECDH with our ephemeral key pair to arrive at a
 	// shared secret. Additionally, each hop randomizes the group element
@@ -131,8 +131,14 @@ func generateSharedSecrets(paymentPath []*secp256k1.PublicKey,
 	// Within the loop each new triplet will be computed recursively based
 	// off of the blinding factor of the last hop.
 	lastEphemeralPubKey := sessionKey.PubKey()
-	hopSharedSecrets[0] = generateSharedSecret(paymentPath[0], sessionKey)
-	lastBlindingFactor := computeBlindingFactor(lastEphemeralPubKey, hopSharedSecrets[0][:])
+	sharedSecret, err := generateSharedSecret(paymentPath[0], sessionKey)
+	if err != nil {
+		return nil, err
+	}
+	hopSharedSecrets[0] = sharedSecret
+	lastBlindingFactor := computeBlindingFactor(
+		lastEphemeralPubKey, hopSharedSecrets[0][:],
+	)
 
 	// The cached blinding factor will contain the running product of the
 	// session private key x and blinding factors b_i, computed as
@@ -184,7 +190,7 @@ func generateSharedSecrets(paymentPath []*secp256k1.PublicKey,
 		)
 	}
 
-	return hopSharedSecrets
+	return hopSharedSecrets, nil
 }
 
 // NewOnionPacket creates a new onion packet which is capable of obliviously
@@ -211,9 +217,12 @@ func NewOnionPacket(paymentPath *PaymentPath, sessionKey *secp256k1.PrivateKey,
 		return nil, fmt.Errorf("packet filler must be specified")
 	}
 
-	hopSharedSecrets := generateSharedSecrets(
+	hopSharedSecrets, err := generateSharedSecrets(
 		paymentPath.NodeKeys(), sessionKey,
 	)
+	if err != nil {
+		return nil, fmt.Errorf("error generating shared secret: %v", err)
+	}
 
 	// Generate the padding, called "filler strings" in the paper.
 	filler := generateHeaderPadding("rho", paymentPath, hopSharedSecrets)
