crypto+sphinx: add error return value

This is a preparatory commit that adds an error return value to the
generateSharedSecret and generateSharedSecrets method. This is needed
because the interface we want to abstract the onion key behind has
an error return value too.

Author: guggero

crypto.go

@@ -198,8 +198,7 @@ func (r *Router) generateSharedSecret(dhKey *btcec.PublicKey) (Hash256, error) {
 	}
 
 	// Compute our shared secret.
-	sharedSecret = generateSharedSecret(dhKey, r.onionKey)
-	return sharedSecret, nil
+	return generateSharedSecret(dhKey, r.onionKey)
 }
 
 // generateSharedSecret generates the shared secret for a particular hop. The
@@ -208,11 +207,13 @@ func (r *Router) generateSharedSecret(dhKey *btcec.PublicKey) (Hash256, error) {
 // key. We then take the _entire_ point generated by the ECDH operation,
 // serialize that using a compressed format, then feed the raw bytes through a
 // single SHA256 invocation.  The resulting value is the shared secret.
-func generateSharedSecret(pub *btcec.PublicKey, priv *btcec.PrivateKey) Hash256 {
+func generateSharedSecret(pub *btcec.PublicKey, priv *btcec.PrivateKey) (Hash256,
+	error) {
+
 	s := &btcec.PublicKey{}
 	s.X, s.Y = btcec.S256().ScalarMult(pub.X, pub.Y, priv.D.Bytes())
 
-	return sha256.Sum256(s.SerializeCompressed())
+	return sha256.Sum256(s.SerializeCompressed()), nil
 }
 
 // onionEncrypt obfuscates the data with compliance with BOLT#4. As we use a
@@ -249,10 +250,14 @@ func (o *OnionErrorDecrypter) DecryptError(encryptedData []byte) (
 			len(encryptedData))
 	}
 
-	sharedSecrets := generateSharedSecrets(
+	sharedSecrets, err := generateSharedSecrets(
 		o.circuit.PaymentPath,
 		o.circuit.SessionKey,
 	)
+	if err != nil {
+		return nil, fmt.Errorf("error generating shared secret: %v",
+			err)
+	}
 
 	var (
 		sender      int

obfuscation_test.go

@@ -30,7 +30,10 @@ func TestOnionFailure(t *testing.T) {
 	errorPath := paymentPath[:len(paymentPath)-1]
 
 	failureData := bytes.Repeat([]byte{'A'}, onionErrorLength-sha256.Size)
-	sharedSecrets := generateSharedSecrets(paymentPath, sessionKey)
+	sharedSecrets, err := generateSharedSecrets(paymentPath, sessionKey)
+	if err != nil {
+		t.Fatalf("Unexpected error while generating secrets: %v", err)
+	}
 
 	// Emulate creation of the obfuscator on node where error have occurred.
 	obfuscator := &OnionErrorEncrypter{
@@ -194,7 +197,10 @@ func TestOnionFailureSpecVector(t *testing.T) {
 	}
 
 	var obfuscatedData []byte
-	sharedSecrets := generateSharedSecrets(paymentPath, sessionKey)
+	sharedSecrets, err := generateSharedSecrets(paymentPath, sessionKey)
+	if err != nil {
+		t.Fatalf("Unexpected error while generating secrets: %v", err)
+	}
 	for i, test := range onionErrorData {
 
 		// Decode the shared secret and check that it matchs with

sphinx.go

@@ -117,7 +117,7 @@ type OnionPacket struct {
 // generateSharedSecrets by the given nodes pubkeys, generates the shared
 // secrets.
 func generateSharedSecrets(paymentPath []*btcec.PublicKey,
-	sessionKey *btcec.PrivateKey) []Hash256 {
+	sessionKey *btcec.PrivateKey) ([]Hash256, error) {
 
 	// Each hop performs ECDH with our ephemeral key pair to arrive at a
 	// shared secret. Additionally, each hop randomizes the group element
@@ -131,8 +131,14 @@ func generateSharedSecrets(paymentPath []*btcec.PublicKey,
 	// Within the loop each new triplet will be computed recursively based
 	// off of the blinding factor of the last hop.
 	lastEphemeralPubKey := sessionKey.PubKey()
-	hopSharedSecrets[0] = generateSharedSecret(paymentPath[0], sessionKey)
-	lastBlindingFactor := computeBlindingFactor(lastEphemeralPubKey, hopSharedSecrets[0][:])
+	sharedSecret, err := generateSharedSecret(paymentPath[0], sessionKey)
+	if err != nil {
+		return nil, err
+	}
+	hopSharedSecrets[0] = sharedSecret
+	lastBlindingFactor := computeBlindingFactor(
+		lastEphemeralPubKey, hopSharedSecrets[0][:],
+	)
 
 	// The cached blinding factor will contain the running product of the
 	// session private key x and blinding factors b_i, computed as
@@ -184,7 +190,7 @@ func generateSharedSecrets(paymentPath []*btcec.PublicKey,
 		)
 	}
 
-	return hopSharedSecrets
+	return hopSharedSecrets, nil
 }
 
 // NewOnionPacket creates a new onion packet which is capable of obliviously
@@ -211,9 +217,12 @@ func NewOnionPacket(paymentPath *PaymentPath, sessionKey *btcec.PrivateKey,
 		return nil, fmt.Errorf("packet filler must be specified")
 	}
 
-	hopSharedSecrets := generateSharedSecrets(
+	hopSharedSecrets, err := generateSharedSecrets(
 		paymentPath.NodeKeys(), sessionKey,
 	)
+	if err != nil {
+		return nil, fmt.Errorf("error generating shared secret: %v", err)
+	}
 
 	// Generate the padding, called "filler strings" in the paper.
 	filler := generateHeaderPadding("rho", paymentPath, hopSharedSecrets)