sphinx: Expose the shared secret creation function

common/sphinx.c

@@ -364,12 +364,12 @@ static bool blind_group_element(struct pubkey *blindedelement,
 	return true;
 }
 
-static bool create_shared_secret(struct secret *secret,
+bool sphinx_create_shared_secret(struct secret *privkey,
 				 const struct pubkey *pubkey,
-				 const struct secret *session_key)
+				 const struct secret *secret)
 {
-	if (secp256k1_ecdh(secp256k1_ctx, secret->data, &pubkey->pubkey,
-			   session_key->data, NULL, NULL) != 1)
+	if (secp256k1_ecdh(secp256k1_ctx, privkey->data, &pubkey->pubkey,
+			   secret->data, NULL, NULL) != 1)
 		return false;
 	return true;
 }
@@ -379,8 +379,8 @@ bool onion_shared_secret(
 	const struct onionpacket *packet,
 	const struct privkey *privkey)
 {
-	return create_shared_secret(secret, &packet->ephemeralkey,
-				    &privkey->secret);
+	return sphinx_create_shared_secret(secret, &packet->ephemeralkey,
+					   &privkey->secret);
 }
 
 static void generate_key_set(const struct secret *secret,
@@ -408,8 +408,8 @@ static struct hop_params *generate_hop_params(
 				       path->session_key->data) != 1)
 		return NULL;
 
-	if (!create_shared_secret(&params[0].secret, &path->hops[0].pubkey,
-				  path->session_key))
+	if (!sphinx_create_shared_secret(
+		&params[0].secret, &path->hops[0].pubkey, path->session_key))
 		return NULL;
 
 	compute_blinding_factor(
@@ -491,7 +491,7 @@ static void sphinx_prefill(u8 *routinginfo, const struct sphinx_path *sp,
 
 	/* Now fill in the obfuscation stream, which can be regenerated by the
 	 * node processing this onion. */
-	create_shared_secret(&shared_secret, sp->rendezvous_id, sp->session_key);
+	sphinx_create_shared_secret(&shared_secret, sp->rendezvous_id, sp->session_key);
 	sphinx_prefill_stream_xor(routinginfo + prefill_offset, prefill_size, &shared_secret);
 }
 

common/sphinx.h

@@ -253,6 +253,17 @@ bool sphinx_path_set_rendezvous(struct sphinx_path *sp,
 u8 *sphinx_decompress(const tal_t *ctx, const u8 *compressed,
 		      struct secret *shared_secret);
 
+/**
+ * Use ECDH to generate a shared secret from a privkey and a pubkey.
+ *
+ * Sphinx uses shared secrets derived from a private key and a public key
+ * using ECDH in a number of places. This is a simple wrapper around the
+ * secp256k1 functions, with our internal types.
+ */
+bool sphinx_create_shared_secret(struct secret *privkey,
+				 const struct pubkey *pubkey,
+				 const struct secret *secret);
+
 #if DEVELOPER
 /* Override to force us to reject valid onion packets */
 extern bool dev_fail_process_onionpacket;

devtools/onion.c

@@ -310,8 +310,23 @@ static void decompress(char *hexprivkey, char *hexonion)
 
 	pubkey_from_der(compressed + 1, PUBKEY_SIZE, &ephkey);
 
-	decompressed = sphinx_decompress(NULL, compressed, &shared_secret);
-	printf("Decompressed Onion: %s\n", tal_hex(NULL, decompressed));
+	tinyonion = sphinx_compressed_onion_deserialize(NULL, compressed);
+	if (tinyonion == NULL)
+		errx(1, "Could not deserialize compressed onion");
+
+	if (!sphinx_create_shared_secret(&shared_secret,
+					 &tinyonion->ephemeralkey,
+					 &rendezvous_key.secret))
+		errx(1,
+		     "Could not generate shared secret from ephemeral key %s "
+		     "and private key %s",
+		     pubkey_to_hexstr(NULL, &ephkey), hexprivkey);
+
+	onion = sphinx_decompress(NULL, tinyonion, &shared_secret);
+	if (onion == NULL)
+		errx(1, "Could not decompress compressed onion");
+
+	printf("Decompressed Onion: %s\n", tal_hex(NULL, serialize_onionpacket(NULL, onion)));
 }
 
 /* Tal wrappers for opt. */