KeysInterface: add new ecdh method

This method will help us avoid retrieving our node secret, something we want to
get rid of entirely.  It will be used in upcoming commits when decoding the
onion message packet, and in future PRs to help us get rid of
KeysInterface::get_node_secret usages across the codebase

Author: valentinewallace

fuzz/src/chanmon_consistency.rs

@@ -54,6 +54,7 @@ use utils::test_logger::{self, Output};
 use utils::test_persister::TestPersister;
 
 use bitcoin::secp256k1::{PublicKey,SecretKey};
+use bitcoin::secp256k1::ecdh::SharedSecret;
 use bitcoin::secp256k1::ecdsa::RecoverableSignature;
 use bitcoin::secp256k1::Secp256k1;
 
@@ -165,6 +166,14 @@ impl KeysInterface for KeyProvider {
 		Ok(SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, self.node_id]).unwrap())
 	}
 
+	fn ecdh(&self, recipient: Recipient, other_key: &PublicKey, tweak: Option<&[u8; 32]>) -> Result<SharedSecret, ()> {
+		let mut node_secret = self.get_node_secret(recipient)?;
+		if let Some(tweak) = tweak {
+			node_secret.mul_assign(tweak).map_err(|_| ())?;
+		}
+		Ok(SharedSecret::new(other_key, &node_secret))
+	}
+
 	fn get_inbound_payment_key_material(&self) -> KeyMaterial {
 		KeyMaterial([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, self.node_id])
 	}

fuzz/src/full_stack.rs

@@ -51,6 +51,7 @@ use utils::test_logger;
 use utils::test_persister::TestPersister;
 
 use bitcoin::secp256k1::{PublicKey,SecretKey};
+use bitcoin::secp256k1::ecdh::SharedSecret;
 use bitcoin::secp256k1::ecdsa::RecoverableSignature;
 use bitcoin::secp256k1::Secp256k1;
 
@@ -269,6 +270,14 @@ impl KeysInterface for KeyProvider {
 		Ok(self.node_secret.clone())
 	}
 
+	fn ecdh(&self, recipient: Recipient, other_key: &PublicKey, tweak: Option<&[u8; 32]>) -> Result<SharedSecret, ()> {
+		let mut node_secret = self.get_node_secret(recipient)?;
+		if let Some(tweak) = tweak {
+			node_secret.mul_assign(tweak).map_err(|_| ())?;
+		}
+		Ok(SharedSecret::new(other_key, &node_secret))
+	}
+
 	fn get_inbound_payment_key_material(&self) -> KeyMaterial {
 		self.inbound_payment_key.clone()
 	}

lightning/src/chain/keysinterface.rs

@@ -27,6 +27,7 @@ use bitcoin::hash_types::WPubkeyHash;
 
 use bitcoin::secp256k1::{SecretKey, PublicKey};
 use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature, Signing};
+use bitcoin::secp256k1::ecdh::SharedSecret;
 use bitcoin::secp256k1::ecdsa::RecoverableSignature;
 use bitcoin::{secp256k1, Witness};
 
@@ -404,6 +405,12 @@ pub trait KeysInterface {
 	/// This method must return the same value each time it is called with a given `Recipient`
 	/// parameter.
 	fn get_node_secret(&self, recipient: Recipient) -> Result<SecretKey, ()>;
+	/// Gets the ECDH shared secret of our [`node secret`] and `other_key`, multiplying by `tweak` if
+	/// one is provided. Note that this tweak can be applied to `other_key` instead of our node
+	/// secret, though this is less efficient.
+	///
+	/// [`node secret`]: Self::get_node_secret
+	fn ecdh(&self, recipient: Recipient, other_key: &PublicKey, tweak: Option<&[u8; 32]>) -> Result<SharedSecret, ()>;
 	/// Get a script pubkey which we send funds to when claiming on-chain contestable outputs.
 	///
 	/// This method should return a different value each time it is called, to avoid linking
@@ -1133,6 +1140,14 @@ impl KeysInterface for KeysManager {
 		}
 	}
 
+	fn ecdh(&self, recipient: Recipient, other_key: &PublicKey, tweak: Option<&[u8; 32]>) -> Result<SharedSecret, ()> {
+		let mut node_secret = self.get_node_secret(recipient)?;
+		if let Some(tweak) = tweak {
+			node_secret.mul_assign(tweak).map_err(|_| ())?;
+		}
+		Ok(SharedSecret::new(other_key, &node_secret))
+	}
+
 	fn get_inbound_payment_key_material(&self) -> KeyMaterial {
 		self.inbound_payment_key.clone()
 	}
@@ -1217,6 +1232,14 @@ impl KeysInterface for PhantomKeysManager {
 		}
 	}
 
+	fn ecdh(&self, recipient: Recipient, other_key: &PublicKey, tweak: Option<&[u8; 32]>) -> Result<SharedSecret, ()> {
+		let mut node_secret = self.get_node_secret(recipient)?;
+		if let Some(tweak) = tweak {
+			node_secret.mul_assign(tweak).map_err(|_| ())?;
+		}
+		Ok(SharedSecret::new(other_key, &node_secret))
+	}
+
 	fn get_inbound_payment_key_material(&self) -> KeyMaterial {
 		self.inbound_payment_key.clone()
 	}

lightning/src/ln/channel.rs

@@ -6583,6 +6583,7 @@ mod tests {
 	use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature};
 	use bitcoin::secp256k1::ffi::Signature as FFISignature;
 	use bitcoin::secp256k1::{SecretKey,PublicKey};
+	use bitcoin::secp256k1::ecdh::SharedSecret;
 	use bitcoin::secp256k1::ecdsa::RecoverableSignature;
 	use bitcoin::hashes::sha256::Hash as Sha256;
 	use bitcoin::hashes::Hash;
@@ -6621,6 +6622,7 @@ mod tests {
 		type Signer = InMemorySigner;
 
 		fn get_node_secret(&self, _recipient: Recipient) -> Result<SecretKey, ()> { panic!(); }
+		fn ecdh(&self, _recipient: Recipient, _other_key: &PublicKey, _tweak: Option<&[u8; 32]>) -> Result<SharedSecret, ()> { panic!(); }
 		fn get_inbound_payment_key_material(&self) -> KeyMaterial { panic!(); }
 		fn get_destination_script(&self) -> Script {
 			let secp_ctx = Secp256k1::signing_only();

lightning/src/util/test_utils.rs

@@ -36,6 +36,7 @@ use bitcoin::network::constants::Network;
 use bitcoin::hash_types::{BlockHash, Txid};
 
 use bitcoin::secp256k1::{SecretKey, PublicKey, Secp256k1, ecdsa::Signature};
+use bitcoin::secp256k1::ecdh::SharedSecret;
 use bitcoin::secp256k1::ecdsa::RecoverableSignature;
 
 use regex;
@@ -74,6 +75,7 @@ impl keysinterface::KeysInterface for OnlyReadsKeysInterface {
 	type Signer = EnforcingSigner;
 
 	fn get_node_secret(&self, _recipient: Recipient) -> Result<SecretKey, ()> { unreachable!(); }
+	fn ecdh(&self, _recipient: Recipient, _other_key: &PublicKey, _tweak: Option<&[u8; 32]>) -> Result<SharedSecret, ()> { unreachable!(); }
 	fn get_inbound_payment_key_material(&self) -> KeyMaterial { unreachable!(); }
 	fn get_destination_script(&self) -> Script { unreachable!(); }
 	fn get_shutdown_scriptpubkey(&self) -> ShutdownScript { unreachable!(); }
@@ -599,6 +601,9 @@ impl keysinterface::KeysInterface for TestKeysInterface {
 	fn get_node_secret(&self, recipient: Recipient) -> Result<SecretKey, ()> {
 		self.backing.get_node_secret(recipient)
 	}
+	fn ecdh(&self, recipient: Recipient, other_key: &PublicKey, tweak: Option<&[u8; 32]>) -> Result<SharedSecret, ()> {
+		self.backing.ecdh(recipient, other_key, tweak)
+	}
 	fn get_inbound_payment_key_material(&self) -> keysinterface::KeyMaterial {
 		self.backing.get_inbound_payment_key_material()
 	}