From 679dec3e6a213df8f5558da86186dc98a266ca1e Mon Sep 17 00:00:00 2001 From: Christian Decker Date: Fri, 13 Jan 2017 17:34:42 +0100 Subject: [PATCH] sphinx: Actually use the full pubkey in ECDH key generation The spec says that we use the libsecp256k1 style ECDH, which uses the full compressed pubkey from the scalar multiplication which is then hashed. This is in contrast to the btcsuite implementation which was only using the hashed X-coordinate. --- daemon/sphinx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/daemon/sphinx.c b/daemon/sphinx.c index 65b439990..b1119cc15 100644 --- a/daemon/sphinx.c +++ b/daemon/sphinx.c @@ -272,7 +272,7 @@ static bool create_shared_secret( secp256k1_ec_pubkey_serialize(secp256k1_ctx, ecres, &outputlen, &pkcopy, SECP256K1_EC_COMPRESSED); struct sha256 h; - sha256(&h, ecres + 1, sizeof(ecres) - 1); + sha256(&h, ecres, sizeof(ecres)); memcpy(secret, &h, sizeof(h)); return true; } @@ -361,7 +361,7 @@ static struct hop_params *generate_hop_params( secp256k1_ctx, der, &outputlen, &temp, SECP256K1_EC_COMPRESSED); struct sha256 h; - sha256(&h, der + 1, sizeof(der) - 1); + sha256(&h, der, sizeof(der)); memcpy(¶ms[i].secret, &h, sizeof(h)); compute_blinding_factor(