multi: hide long-term private key behind interface

To be able to eventually extract the private keys out of the node
itself into a hardware wallet or HSM, we need to abstract the ECDH
operation against the long-term key behind an interface.

Author: guggero

cmd/main.go

@@ -133,8 +133,11 @@ func main() {
 		}
 
 		privkey, _ := btcec.PrivKeyFromBytes(btcec.S256(), binKey)
+		privKeyECDH := &sphinx.PrivKeyECDH{PrivKey: privkey}
 		replayLog := sphinx.NewMemoryReplayLog()
-		s := sphinx.NewRouter(privkey, &chaincfg.TestNet3Params, replayLog)
+		s := sphinx.NewRouter(
+			privKeyECDH, &chaincfg.TestNet3Params, replayLog,
+		)
 
 		replayLog.Start()
 		defer replayLog.Stop()

crypto.go

@@ -204,13 +204,10 @@ func (r *Router) generateSharedSecret(dhKey *btcec.PublicKey) (Hash256, error) {
 // key. We then take the _entire_ point generated by the ECDH operation,
 // serialize that using a compressed format, then feed the raw bytes through a
 // single SHA256 invocation.  The resulting value is the shared secret.
-func generateSharedSecret(pub *btcec.PublicKey, priv *btcec.PrivateKey) (Hash256,
+func generateSharedSecret(pub *btcec.PublicKey, priv SingleKeyECDH) (Hash256,
 	error) {
 
-	s := &btcec.PublicKey{}
-	s.X, s.Y = btcec.S256().ScalarMult(pub.X, pub.Y, priv.D.Bytes())
-
-	return sha256.Sum256(s.SerializeCompressed()), nil
+	return priv.ECDH(pub)
 }
 
 // onionEncrypt obfuscates the data with compliance with BOLT#4. As we use a

sphinx.go

@@ -2,7 +2,6 @@ package sphinx
 
 import (
 	"bytes"
-	"crypto/ecdsa"
 	"crypto/hmac"
 	"crypto/sha256"
 	"fmt"
@@ -134,7 +133,7 @@ func generateSharedSecrets(paymentPath []*btcec.PublicKey,
 	// off of the blinding factor of the last hop.
 	lastEphemeralPubKey := sessionKey.PubKey()
 	hopSharedSecrets[0], err = generateSharedSecret(
-		paymentPath[0], sessionKey,
+		paymentPath[0], &PrivKeyECDH{PrivKey: sessionKey},
 	)
 	if err != nil {
 		return nil, err
@@ -489,14 +488,14 @@ type Router struct {
 	nodeID   [AddressSize]byte
 	nodeAddr *btcutil.AddressPubKeyHash
 
-	onionKey *btcec.PrivateKey
+	onionKey SingleKeyECDH
 
 	log ReplayLog
 }
 
 // NewRouter creates a new instance of a Sphinx onion Router given the node's
 // currently advertised onion private key, and the target Bitcoin network.
-func NewRouter(nodeKey *btcec.PrivateKey, net *chaincfg.Params, log ReplayLog) *Router {
+func NewRouter(nodeKey SingleKeyECDH, net *chaincfg.Params, log ReplayLog) *Router {
 	var nodeID [AddressSize]byte
 	copy(nodeID[:], btcutil.Hash160(nodeKey.PubKey().SerializeCompressed()))
 
@@ -506,15 +505,8 @@ func NewRouter(nodeKey *btcec.PrivateKey, net *chaincfg.Params, log ReplayLog) *
 	return &Router{
 		nodeID:   nodeID,
 		nodeAddr: nodeAddr,
-		onionKey: &btcec.PrivateKey{
-			PublicKey: ecdsa.PublicKey{
-				Curve: btcec.S256(),
-				X:     nodeKey.X,
-				Y:     nodeKey.Y,
-			},
-			D: nodeKey.D,
-		},
-		log: log,
+		onionKey: nodeKey,
+		log:      log,
 	}
 }
 

sphinx_test.go

@@ -102,7 +102,8 @@ func newTestRoute(numHops int) ([]*Router, *PaymentPath, *[]HopData, *OnionPacke
 		}
 
 		nodes[i] = NewRouter(
-			privKey, &chaincfg.MainNetParams, NewMemoryReplayLog(),
+			&PrivKeyECDH{PrivKey: privKey}, &chaincfg.MainNetParams,
+			NewMemoryReplayLog(),
 		)
 	}
 
@@ -543,7 +544,8 @@ func newEOBRoute(numHops uint32,
 		}
 
 		nodes[i] = NewRouter(
-			privKey, &chaincfg.MainNetParams, NewMemoryReplayLog(),
+			&PrivKeyECDH{PrivKey: privKey}, &chaincfg.MainNetParams,
+			NewMemoryReplayLog(),
 		)
 	}