htlcswitch: split shared secret extraction and encrypter instantiation

Preparation for the instantiation of an attributable error encrypter.
This gets rid of the sphinx encrypter instantiation in OnionProcessor.
This would otherwise be problematic when an attributable encrypter
would need to be created there without having access to the error
structure.

Co-authored-by: Joost Jager <[email protected]>

Author: GeorgeTsagk

htlcswitch/circuit.go

@@ -199,17 +199,18 @@ func (c *PaymentCircuit) Decode(r io.Reader) error {
 
 	case hop.EncrypterTypeSphinx:
 		// Sphinx encrypter was used as this is a forwarded HTLC.
-		c.ErrorEncrypter = hop.NewSphinxErrorEncrypter()
+		c.ErrorEncrypter = hop.NewSphinxErrorEncrypterUninitialized()
 
 	case hop.EncrypterTypeMock:
 		// Test encrypter.
 		c.ErrorEncrypter = NewMockObfuscator()
 
 	case hop.EncrypterTypeIntroduction:
-		c.ErrorEncrypter = hop.NewIntroductionErrorEncrypter()
+		c.ErrorEncrypter =
+			hop.NewIntroductionErrorEncrypterUninitialized()
 
 	case hop.EncrypterTypeRelaying:
-		c.ErrorEncrypter = hop.NewRelayingErrorEncrypter()
+		c.ErrorEncrypter = hop.NewRelayingErrorEncrypterUninitialized()
 
 	default:
 		return UnknownEncrypterType(encrypterType)

htlcswitch/circuit_map.go

@@ -210,9 +210,9 @@ type CircuitMapConfig struct {
 	FetchClosedChannels func(
 		pendingOnly bool) ([]*channeldb.ChannelCloseSummary, error)
 
-	// ExtractErrorEncrypter derives the shared secret used to encrypt
-	// errors from the obfuscator's ephemeral public key.
-	ExtractErrorEncrypter hop.ErrorEncrypterExtracter
+	// ExtractSharedSecret derives the shared secret used to encrypt errors
+	// from the obfuscator's ephemeral public key.
+	ExtractSharedSecret hop.SharedSecretGenerator
 
 	// CheckResolutionMsg checks whether a given resolution message exists
 	// for the passed CircuitKey.
@@ -632,9 +632,7 @@ func (cm *circuitMap) decodeCircuit(v []byte) (*PaymentCircuit, error) {
 
 	// Otherwise, we need to reextract the encrypter, so that the shared
 	// secret is rederived from what was decoded.
-	err := circuit.ErrorEncrypter.Reextract(
-		cm.cfg.ExtractErrorEncrypter,
-	)
+	err := circuit.ErrorEncrypter.Reextract(cm.cfg.ExtractSharedSecret)
 	if err != nil {
 		return nil, err
 	}

htlcswitch/circuit_test.go

@@ -65,16 +65,17 @@ func initTestExtracter() {
 	onionProcessor := newOnionProcessor(nil)
 	defer onionProcessor.Stop()
 
-	obfuscator, _ := onionProcessor.ExtractErrorEncrypter(
+	sharedSecret, failCode := onionProcessor.ExtractSharedSecret(
 		testEphemeralKey,
 	)
 
-	sphinxExtracter, ok := obfuscator.(*hop.SphinxErrorEncrypter)
-	if !ok {
-		panic("did not extract sphinx error encrypter")
+	if failCode != lnwire.CodeNone {
+		panic("did not extract shared secret")
 	}
 
-	testExtracter = sphinxExtracter
+	testExtracter = hop.NewSphinxErrorEncrypter(
+		testEphemeralKey, sharedSecret,
+	)
 
 	// We also set this error extracter on startup, otherwise it will be nil
 	// at compile-time.
@@ -106,10 +107,10 @@ func newCircuitMap(t *testing.T, resMsg bool) (*htlcswitch.CircuitMapConfig,
 
 	db := makeCircuitDB(t, "")
 	circuitMapCfg := &htlcswitch.CircuitMapConfig{
-		DB:                    db,
-		FetchAllOpenChannels:  db.ChannelStateDB().FetchAllOpenChannels,
-		FetchClosedChannels:   db.ChannelStateDB().FetchClosedChannels,
-		ExtractErrorEncrypter: onionProcessor.ExtractErrorEncrypter,
+		DB:                   db,
+		FetchAllOpenChannels: db.ChannelStateDB().FetchAllOpenChannels,
+		FetchClosedChannels:  db.ChannelStateDB().FetchClosedChannels,
+		ExtractSharedSecret:  onionProcessor.ExtractSharedSecret,
 	}
 
 	if resMsg {
@@ -216,7 +217,7 @@ func TestHalfCircuitSerialization(t *testing.T) {
 		// encrypters, this will be a NOP.
 		if circuit2.ErrorEncrypter != nil {
 			err := circuit2.ErrorEncrypter.Reextract(
-				onionProcessor.ExtractErrorEncrypter,
+				onionProcessor.ExtractSharedSecret,
 			)
 			if err != nil {
 				t.Fatalf("unable to reextract sphinx error "+
@@ -643,11 +644,11 @@ func restartCircuitMap(t *testing.T, cfg *htlcswitch.CircuitMapConfig) (
 	// Reinitialize circuit map with same db path.
 	db := makeCircuitDB(t, dbPath)
 	cfg2 := &htlcswitch.CircuitMapConfig{
-		DB:                    db,
-		FetchAllOpenChannels:  db.ChannelStateDB().FetchAllOpenChannels,
-		FetchClosedChannels:   db.ChannelStateDB().FetchClosedChannels,
-		ExtractErrorEncrypter: cfg.ExtractErrorEncrypter,
-		CheckResolutionMsg:    cfg.CheckResolutionMsg,
+		DB:                   db,
+		FetchAllOpenChannels: db.ChannelStateDB().FetchAllOpenChannels,
+		FetchClosedChannels:  db.ChannelStateDB().FetchClosedChannels,
+		ExtractSharedSecret:  cfg.ExtractSharedSecret,
+		CheckResolutionMsg:   cfg.CheckResolutionMsg,
 	}
 	cm2, err := htlcswitch.NewCircuitMap(cfg2)
 	require.NoError(t, err, "unable to recreate persistent circuit map")

htlcswitch/hop/error_encryptor.go

@@ -45,9 +45,9 @@ func (e EncrypterType) IsBlinded() bool {
 	return e == EncrypterTypeIntroduction || e == EncrypterTypeRelaying
 }
 
-// ErrorEncrypterExtracter defines a function signature that extracts an
-// ErrorEncrypter from an sphinx OnionPacket.
-type ErrorEncrypterExtracter func(*btcec.PublicKey) (ErrorEncrypter,
+// SharedSecretGenerator defines a function signature that extracts a shared
+// secret from an sphinx OnionPacket.
+type SharedSecretGenerator func(*btcec.PublicKey) (sphinx.Hash256,
 	lnwire.FailCode)
 
 // ErrorEncrypter is an interface that is used to encrypt HTLC related errors
@@ -87,12 +87,13 @@ type ErrorEncrypter interface {
 	// given io.Reader.
 	Decode(io.Reader) error
 
-	// Reextract rederives the encrypter using the extracter, performing an
-	// ECDH with the sphinx router's key and the ephemeral public key.
+	// Reextract rederives the encrypter using the shared secret generator,
+	// performing an ECDH with the sphinx router's key and the ephemeral
+	// public key.
 	//
 	// NOTE: This should be called shortly after Decode to properly
 	// reinitialize the error encrypter.
-	Reextract(ErrorEncrypterExtracter) error
+	Reextract(SharedSecretGenerator) error
 }
 
 // SphinxErrorEncrypter is a concrete implementation of both the ErrorEncrypter
@@ -105,20 +106,43 @@ type SphinxErrorEncrypter struct {
 	EphemeralKey *btcec.PublicKey
 }
 
-// NewSphinxErrorEncrypter initializes a blank sphinx error encrypter, that
-// should be used to deserialize an encoded SphinxErrorEncrypter. Since the
-// actual encrypter is not stored in plaintext while at rest, reconstructing the
-// error encrypter requires:
+// NewSphinxErrorEncrypterUninitialized initializes a blank sphinx error
+// encrypter, that should be used to deserialize an encoded
+// SphinxErrorEncrypter. Since the actual encrypter is not stored in plaintext
+// while at rest, reconstructing the error encrypter requires:
 //  1. Decode: to deserialize the ephemeral public key.
 //  2. Reextract: to "unlock" the actual error encrypter using an active
 //     OnionProcessor.
-func NewSphinxErrorEncrypter() *SphinxErrorEncrypter {
+func NewSphinxErrorEncrypterUninitialized() *SphinxErrorEncrypter {
 	return &SphinxErrorEncrypter{
 		OnionErrorEncrypter: nil,
 		EphemeralKey:        &btcec.PublicKey{},
 	}
 }
 
+// NewSphinxErrorEncrypter creates a new instance of a SphinxErrorEncrypter,
+// initialized with the provided shared secret. To deserialize an encoded
+// SphinxErrorEncrypter, use the NewSphinxErrorEncrypterUninitialized
+// constructor.
+func NewSphinxErrorEncrypter(ephemeralKey *btcec.PublicKey,
+	sharedSecret sphinx.Hash256) *SphinxErrorEncrypter {
+
+	encrypter := &SphinxErrorEncrypter{
+		EphemeralKey: ephemeralKey,
+	}
+
+	encrypter.initialize(sharedSecret)
+
+	return encrypter
+}
+
+// initialize creates the underlying instance of the sphinx error encrypter.
+func (s *SphinxErrorEncrypter) initialize(sharedSecret sphinx.Hash256) {
+	s.OnionErrorEncrypter = sphinx.NewOnionErrorEncrypter(
+		sharedSecret, nil,
+	)
+}
+
 // EncryptFirstHop transforms a concrete failure message into an encrypted
 // opaque failure reason. This method will be used at the source that the error
 // occurs. It differs from BackwardObfuscate slightly, in that it computes a
@@ -198,10 +222,8 @@ func (s *SphinxErrorEncrypter) Decode(r io.Reader) error {
 // Reextract rederives the error encrypter from the currently held EphemeralKey.
 // This intended to be used shortly after Decode, to fully initialize a
 // SphinxErrorEncrypter.
-func (s *SphinxErrorEncrypter) Reextract(
-	extract ErrorEncrypterExtracter) error {
-
-	obfuscator, failcode := extract(s.EphemeralKey)
+func (s *SphinxErrorEncrypter) Reextract(extract SharedSecretGenerator) error {
+	sharedSecret, failcode := extract(s.EphemeralKey)
 	if failcode != lnwire.CodeNone {
 		// This should never happen, since we already validated that
 		// this obfuscator can be extracted when it was received in the
@@ -210,13 +232,7 @@ func (s *SphinxErrorEncrypter) Reextract(
 			"obfuscator, got failcode: %d", failcode)
 	}
 
-	sphinxEncrypter, ok := obfuscator.(*SphinxErrorEncrypter)
-	if !ok {
-		return fmt.Errorf("incorrect onion error extracter")
-	}
-
-	// Copy the freshly extracted encrypter.
-	s.OnionErrorEncrypter = sphinxEncrypter.OnionErrorEncrypter
+	s.initialize(sharedSecret)
 
 	return nil
 }
@@ -239,9 +255,25 @@ type IntroductionErrorEncrypter struct {
 }
 
 // NewIntroductionErrorEncrypter returns a blank IntroductionErrorEncrypter.
-func NewIntroductionErrorEncrypter() *IntroductionErrorEncrypter {
+func NewIntroductionErrorEncrypter(ephemeralKey *btcec.PublicKey,
+	sharedSecret sphinx.Hash256) *IntroductionErrorEncrypter {
+
+	return &IntroductionErrorEncrypter{
+		ErrorEncrypter: NewSphinxErrorEncrypter(
+			ephemeralKey, sharedSecret,
+		),
+	}
+}
+
+// NewIntroductionErrorEncrypter returns a blank IntroductionErrorEncrypter.
+// Since the actual encrypter is not stored in plaintext
+// while at rest, reconstructing the error encrypter requires:
+//  1. Decode: to deserialize the ephemeral public key.
+//  2. Reextract: to "unlock" the actual error encrypter using an active
+//     OnionProcessor.
+func NewIntroductionErrorEncrypterUninitialized() *IntroductionErrorEncrypter {
 	return &IntroductionErrorEncrypter{
-		ErrorEncrypter: NewSphinxErrorEncrypter(),
+		ErrorEncrypter: NewSphinxErrorEncrypterUninitialized(),
 	}
 }
 
@@ -253,7 +285,7 @@ func (i *IntroductionErrorEncrypter) Type() EncrypterType {
 // Reextract rederives the error encrypter from the currently held EphemeralKey,
 // relying on the logic in the underlying SphinxErrorEncrypter.
 func (i *IntroductionErrorEncrypter) Reextract(
-	extract ErrorEncrypterExtracter) error {
+	extract SharedSecretGenerator) error {
 
 	return i.ErrorEncrypter.Reextract(extract)
 }
@@ -270,9 +302,26 @@ type RelayingErrorEncrypter struct {
 
 // NewRelayingErrorEncrypter returns a blank RelayingErrorEncrypter with
 // an underlying SphinxErrorEncrypter.
-func NewRelayingErrorEncrypter() *RelayingErrorEncrypter {
+func NewRelayingErrorEncrypter(ephemeralKey *btcec.PublicKey,
+	sharedSecret sphinx.Hash256) *RelayingErrorEncrypter {
+
+	return &RelayingErrorEncrypter{
+		ErrorEncrypter: NewSphinxErrorEncrypter(
+			ephemeralKey, sharedSecret,
+		),
+	}
+}
+
+// NewRelayingErrorEncrypterUninitialized returns a blank RelayingErrorEncrypter
+// with an underlying SphinxErrorEncrypter.
+// Since the actual encrypter is not stored in plaintext
+// while at rest, reconstructing the error encrypter requires:
+//  1. Decode: to deserialize the ephemeral public key.
+//  2. Reextract: to "unlock" the actual error encrypter using an active
+//     OnionProcessor.
+func NewRelayingErrorEncrypterUninitialized() *RelayingErrorEncrypter {
 	return &RelayingErrorEncrypter{
-		ErrorEncrypter: NewSphinxErrorEncrypter(),
+		ErrorEncrypter: NewSphinxErrorEncrypterUninitialized(),
 	}
 }
 
@@ -284,7 +333,7 @@ func (r *RelayingErrorEncrypter) Type() EncrypterType {
 // Reextract rederives the error encrypter from the currently held EphemeralKey,
 // relying on the logic in the underlying SphinxErrorEncrypter.
 func (r *RelayingErrorEncrypter) Reextract(
-	extract ErrorEncrypterExtracter) error {
+	extract SharedSecretGenerator) error {
 
 	return r.ErrorEncrypter.Reextract(extract)
 }