multi: hide long-term private key behind interface

To be able to eventually extract the private keys out of the node
itself into a hardware wallet or HSM, we need to abstract the ECDH
operation against the long-term key behind an interface.

Author: guggero

cmd/main.go

@@ -133,8 +133,11 @@ func main() {
 		}
 
 		privkey, _ := btcec.PrivKeyFromBytes(btcec.S256(), binKey)
+		privKeyECDH := &sphinx.PrivKeyECDH{PrivKey: privkey}
 		replayLog := sphinx.NewMemoryReplayLog()
-		s := sphinx.NewRouter(privkey, &chaincfg.TestNet3Params, replayLog)
+		s := sphinx.NewRouter(
+			privKeyECDH, &chaincfg.TestNet3Params, replayLog,
+		)
 
 		replayLog.Start()
 		defer replayLog.Stop()

crypto.go

@@ -198,22 +198,7 @@ func (r *Router) generateSharedSecret(dhKey *btcec.PublicKey) (Hash256, error) {
 	}
 
 	// Compute our shared secret.
-	return generateSharedSecret(dhKey, r.onionKey)
-}
-
-// generateSharedSecret generates the shared secret for a particular hop. The
-// shared secret is generated by taking the group element contained in the
-// mix-header, and performing an ECDH operation with the node's long term onion
-// key. We then take the _entire_ point generated by the ECDH operation,
-// serialize that using a compressed format, then feed the raw bytes through a
-// single SHA256 invocation.  The resulting value is the shared secret.
-func generateSharedSecret(pub *btcec.PublicKey, priv *btcec.PrivateKey) (Hash256,
-	error) {
-
-	s := &btcec.PublicKey{}
-	s.X, s.Y = btcec.S256().ScalarMult(pub.X, pub.Y, priv.D.Bytes())
-
-	return sha256.Sum256(s.SerializeCompressed()), nil
+	return r.onionKey.ECDH(dhKey)
 }
 
 // onionEncrypt obfuscates the data with compliance with BOLT#4. As we use a

sphinx.go

@@ -2,7 +2,6 @@ package sphinx
 
 import (
 	"bytes"
-	"crypto/ecdsa"
 	"crypto/hmac"
 	"crypto/sha256"
 	"fmt"
@@ -131,7 +130,8 @@ func generateSharedSecrets(paymentPath []*btcec.PublicKey,
 	// Within the loop each new triplet will be computed recursively based
 	// off of the blinding factor of the last hop.
 	lastEphemeralPubKey := sessionKey.PubKey()
-	sharedSecret, err := generateSharedSecret(paymentPath[0], sessionKey)
+	sessionKeyECDH := &PrivKeyECDH{PrivKey: sessionKey}
+	sharedSecret, err := sessionKeyECDH.ECDH(paymentPath[0])
 	if err != nil {
 		return nil, err
 	}
@@ -488,14 +488,14 @@ type Router struct {
 	nodeID   [AddressSize]byte
 	nodeAddr *btcutil.AddressPubKeyHash
 
-	onionKey *btcec.PrivateKey
+	onionKey SingleKeyECDH
 
 	log ReplayLog
 }
 
 // NewRouter creates a new instance of a Sphinx onion Router given the node's
 // currently advertised onion private key, and the target Bitcoin network.
-func NewRouter(nodeKey *btcec.PrivateKey, net *chaincfg.Params, log ReplayLog) *Router {
+func NewRouter(nodeKey SingleKeyECDH, net *chaincfg.Params, log ReplayLog) *Router {
 	var nodeID [AddressSize]byte
 	copy(nodeID[:], btcutil.Hash160(nodeKey.PubKey().SerializeCompressed()))
 
@@ -505,15 +505,8 @@ func NewRouter(nodeKey *btcec.PrivateKey, net *chaincfg.Params, log ReplayLog) *
 	return &Router{
 		nodeID:   nodeID,
 		nodeAddr: nodeAddr,
-		onionKey: &btcec.PrivateKey{
-			PublicKey: ecdsa.PublicKey{
-				Curve: btcec.S256(),
-				X:     nodeKey.X,
-				Y:     nodeKey.Y,
-			},
-			D: nodeKey.D,
-		},
-		log: log,
+		onionKey: nodeKey,
+		log:      log,
 	}
 }
 

sphinx_test.go

@@ -102,7 +102,8 @@ func newTestRoute(numHops int) ([]*Router, *PaymentPath, *[]HopData, *OnionPacke
 		}
 
 		nodes[i] = NewRouter(
-			privKey, &chaincfg.MainNetParams, NewMemoryReplayLog(),
+			&PrivKeyECDH{PrivKey: privKey}, &chaincfg.MainNetParams,
+			NewMemoryReplayLog(),
 		)
 	}
 
@@ -543,7 +544,8 @@ func newEOBRoute(numHops uint32,
 		}
 
 		nodes[i] = NewRouter(
-			privKey, &chaincfg.MainNetParams, NewMemoryReplayLog(),
+			&PrivKeyECDH{PrivKey: privKey}, &chaincfg.MainNetParams,
+			NewMemoryReplayLog(),
 		)
 	}