Skip to content

Commit

Permalink
Use SessionKey instead of SharedSecret for padding key
Browse files Browse the repository at this point in the history
  • Loading branch information
t-bast committed Jan 7, 2020
1 parent 9829742 commit a367d10
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 18 deletions.
15 changes: 8 additions & 7 deletions eclair-core/src/main/scala/fr/acinq/eclair/crypto/Sphinx.scala
Original file line number Diff line number Diff line change
Expand Up @@ -214,15 +214,14 @@ object Sphinx extends Logging {
* @param onionPayloadFiller optional onion payload filler, needed only when you're constructing the last packet.
* @return the next packet.
*/
def wrap(payload: ByteVector, associatedData: ByteVector32, ephemeralPublicKey: PublicKey, sharedSecret: ByteVector32, packet: Option[wire.OnionRoutingPacket], onionPayloadFiller: ByteVector = ByteVector.empty): wire.OnionRoutingPacket = {
def wrap(payload: ByteVector, associatedData: ByteVector32, ephemeralPublicKey: PublicKey, sharedSecret: ByteVector32, packet: Either[ByteVector, wire.OnionRoutingPacket], onionPayloadFiller: ByteVector = ByteVector.empty): wire.OnionRoutingPacket = {
require(payload.length <= PayloadLength - MacLength, s"packet payload cannot exceed ${PayloadLength - MacLength} bytes")

val (currentMac, currentPayload): (ByteVector32, ByteVector) = packet match {
// Packet construction starts with an empty mac and payload.
case None => (ByteVector32.Zeroes, generateStream(generateKey("pad", sharedSecret), PayloadLength))
case Some(p) => (p.hmac, p.payload)
// Packet construction starts with an empty mac and random payload.
case Left(startingBytes) => (ByteVector32.Zeroes, startingBytes)
case Right(p) => (p.hmac, p.payload)
}

val nextOnionPayload = {
val onionPayload1 = payload ++ currentMac ++ currentPayload.dropRight(payload.length + MacLength)
val onionPayload2 = onionPayload1 xor generateStream(generateKey("rho", sharedSecret), PayloadLength)
Expand All @@ -248,12 +247,14 @@ object Sphinx extends Logging {
val (ephemeralPublicKeys, sharedsecrets) = computeEphemeralPublicKeysAndSharedSecrets(sessionKey, publicKeys)
val filler = generateFiller("rho", sharedsecrets.dropRight(1), payloads.dropRight(1))

val lastPacket = wrap(payloads.last, associatedData, ephemeralPublicKeys.last, sharedsecrets.last, None, filler)
// We deterministically-derive the initial payload bytes: see https://github.com/lightningnetwork/lightning-rfc/pull/697
val startingBytes = generateStream(generateKey("pad", sessionKey.value), PayloadLength)
val lastPacket = wrap(payloads.last, associatedData, ephemeralPublicKeys.last, sharedsecrets.last, Left(startingBytes), filler)

@tailrec
def loop(hopPayloads: Seq[ByteVector], ephKeys: Seq[PublicKey], sharedSecrets: Seq[ByteVector32], packet: wire.OnionRoutingPacket): wire.OnionRoutingPacket = {
if (hopPayloads.isEmpty) packet else {
val nextPacket = wrap(hopPayloads.last, associatedData, ephKeys.last, sharedSecrets.last, Some(packet))
val nextPacket = wrap(hopPayloads.last, associatedData, ephKeys.last, sharedSecrets.last, Right(packet))
loop(hopPayloads.dropRight(1), ephKeys.dropRight(1), sharedSecrets.dropRight(1), nextPacket)
}
}
Expand Down
22 changes: 11 additions & 11 deletions eclair-core/src/test/scala/fr/acinq/eclair/crypto/SphinxSpec.scala
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ class SphinxSpec extends FunSuite {

test("create packet with fixed-size payloads (reference test vector)") {
val PacketAndSecrets(onion, sharedSecrets) = PaymentPacket.create(sessionKey, publicKeys, referenceFixedSizePayloads, associatedData)
assert(serializePaymentOnion(onion) == hex"0002eec7245d6b7d2ccb30380bfbe2a3648cd7a942653f5aa340edcea1f283686619e5f14350c2a76fc232b5e46d421e9615471ab9e0bc887beff8c95fdb878f7b3a71d215fe077311013884fabc09318c23a2435069ff1c40e90d2c150084eb8eb59ed10f7d61ab590531cf08000178a333a347f8b4072e216400406bdf3bf03865979313da96e66517a37b5c485744275a73b8eab6f43e3d56a2a59764eb12617efbe0ce721caad69320c3a469a202f3e468c67eaf7a7cda226d0fd32f7b48084dca885d3a3451e1a7368bb5edac5c665a61f6796b288bc1f12cd3b9fbaf915bc732ee749a1ec866abe044a9ad635778ba61fc0776dc832b39451bd5d35072d2269cf9b04040caeaeed42e3eb4adf6146661e3708accfeeb02d174de7effeaa8040417c8b49ed4c7f0218ff8c6c7dd7221d189c65b3b9aaa71a01484b122846c7c7b57e02e679ea8469b70e14fe4f70fee4d87b910cf144be6fe48eef24da475c0b0bcc6565ac90cc68a2cfd94a8a93dc787d6a074e539903b1d36e8d5d45655aa59208a20f3f600ef6b05d963ab796cdf33748c944795403626cdff6c0f114586f1754fb6d64800beeda3e18c04f109b7a91c9049ba2967316f088a8b45c57ea708768ed1cc99f06886ee3089d6c8e9ea3ce884b8dfffed4d4cdc425bf4a8740d03cfcdc95861300a03f5913bf284daa96b9c81dac1ec47cd72bd1049256f41d3710bb47d6151bc6d2dca3851363b4c499f53cbfd445bbd11e669f6b868b35b2e2cc950b1dcde4517b548066ac7543d9f9ac78393b61d1df632c1e7e048427d36227a51f795049c9b89cfdf25b9982e8d79f0da84caf54f7904e8731af45bcbf558eeefd885e2907ce00a3f2124421a704c1907a966e26215b26d2fa7558406a767c0e7218e1f9ac26b012971eba585be112b4e84abbab93a6d76f626b744c1f86df334dcc5d5277b2ce89e0c9869be3fd952ccfac0d3ab40eecd8dd5356155a8b0b186e650b9bbac561a9b5f309b18d31d3bfdd6dac9169b7e38f82b300e3598eb142fb5dd99612d3cd8e1f720551142f5460736e6da0d1158b238a626afa86076c64851694651d2bf6808de85104ef995ddc159d2efbe67c50a2462c10864400bf01ef387d63dd06b21ddebc4ddfb12b9ff2ad2816bcabf737ed8e89f8749a5179ab26faf5796c80b2364af41dc0384507b160c1e7bd93cc6062d82fb87572b9822f1400222c9517a5f4a89fe8fbe39b54efcca1d40bc8627d6b1f43e621c3297ea5ab9076824d90cfb86e5025aad6160cbff1d62c1e46d86a43dce76e09bc1833def9deeb42b02e96b2e423c3acf305e02d4c2c942fddcba269ffcdaef2b4dd6514b427e3236cee79bc28a26adf83af2137a9c7c6453a8571a65d86146c6a93fea20fe91d64f4e3eda8c1980d68e4d9d22a8dd20d5b5d36abda9a7a32bc0711802bd68a19a5837d6e45cf21ae674e291f9ab6846c9c0440017b47630f67cba07a90bfc98b4acd9bef2f8b379357f0e91c3dd04ee819214cfb4f50e35e9a6428d072c09240bb550b225ad312698a827da5fad2f1ae11a474d02872a3554822ff12045b230276f3ad5bd57e5b1e71705076ce6c234b32543cd86a8bec4a1da37b02ffeceb4ebc98311c2c1938458ce8e390e8b702032efc2d30326ffd9a16bbee7cd198b442e22a5210152c6b08c13972b50f5c4d3fd8e393d752463b9192f66cb4be243737ae167c044e4517b4d5efd6af68ab040477acd144fbd42d60725ed2a3e0d83af620e800c6c55e628bef178d4490bc8fa0e0be00f309183c75a402fa501ec8253530199d74bd360932281c3cc5a5d33906e695c927f49b169604959aec1978a369784bdeaecfb79281996b1fc377841ac73e62f2cc382a1356e06f2762f9cdbcec7c7771037e824b0c1071f4f93d614")
assert(serializePaymentOnion(onion) == hex"0002eec7245d6b7d2ccb30380bfbe2a3648cd7a942653f5aa340edcea1f283686619e5f14350c2a76fc232b5e46d421e9615471ab9e0bc887beff8c95fdb878f7b3a71e87f9aab8f6378c6ff744c1f34b393ad28d065b535c1a8668d85d3b34a1b3befd10f7d61ab590531cf08000178a333a347f8b4072e216400406bdf3bf038659793a1f9e7abc789266cc861cabd95818c0fc8efbdfdc14e3f7c2bc7eb8d6a79ef75ce721caad69320c3a469a202f3e468c67eaf7a7cda226d0fd32f7b48084dca885d014698cf05d742557763d9cb743faeae65dcc79dddaecf27fe5942be5380d15e9a1ec866abe044a9ad635778ba61fc0776dc832b39451bd5d35072d2269cf9b040a2a2fba158a0d8085926dc2e44f0c88bf487da56e13ef2d5e676a8589881b4869ed4c7f0218ff8c6c7dd7221d189c65b3b9aaa71a01484b122846c7c7b57e02e679ea8469b70e14fe4f70fee4d87b910cf144be6fe48eef24da475c0b0bcc6565a9f99728426ce2380a9580e2a9442481ceae7679906c30b1a0e21a10f26150e0645ab6edfdab1ce8f8bea7b1dee511c5fd38ac0e702c1c15bb86b52bca1b71e15b96982d262a442024c33ceb7dd8f949063c2e5e613e873250e2f8708bd4e1924abd45f65c2fa5617bfb10ee9e4a42d6b5811acc8029c16274f937dac9e8817c7e579fdb767ffe277f26d413ced06b620ede8362081da21cf67c2ca9d6f15fe5bc05f82f5bb93f8916bad3d63338ca824f3bbc11b57ce94a5fa1bc239533679903d6fec92a8c792fd86e2960188c14f21e399cfd72a50c620e10aefc6249360b463df9a89bf6836f4f26359207b765578e5ed76ae9f31b1cc48324be576e3d8e44d217445dba466f9b6293fdf05448584eb64f61e02903f834518622b7d4732471c6e0e22e22d1f45e31f0509eab39cdea5980a492a1da2aaac55a98a01216cd4bfe7abaa682af0fbff2dfed030ba28f1285df750e4d3477190dd193f8643b61d8ac1c427d590badb1f61a05d480908fbdc7c6f0502dd0c4abb51d725e92f95da2a8facb79881a844e2026911adcc659d1fb20a2fce63787c8bb0d9f6789c4b231c76da81c3f0718eb7156565a081d2be6b4170c0e0bcebddd459f53db2590c974bca0d705c055dee8c629bf854a5d58edc85228499ec6dde80cce4c8910b81b1e9e8b0f43bd39c8d69c3a80672729b7dc952dd9448688b6bd06afc2d2819cda80b66c57b52ccf7ac1a86601410d18d0c732f69de792e0894a9541684ef174de766fd4ce55efea8f53812867be6a391ac865802dbc26d93959df327ec2667c7256aa5a1d3c45a69a6158f285d6c97c3b8eedb09527848500517995a9eae4cd911df531544c77f5a9a2f22313e3eb72ca7a07dba243476bc926992e0d1e58b4a2fc8c7b01e0cad726237933ea319bad7537d39f3ed635d1e6c1d29e97b3d2160a09e30ee2b65ac5bce00996a73c008bcf351cecb97b6833b6d121dcf4644260b2946ea204732ac9954b228f0beaa15071930fd9583dfc466d12b5f0eeeba6dcf23d5ce8ae62ee5796359d97a4a15955c778d868d0ef9991d9f2833b5bb66119c5f8b396fd108baed7906cbb3cc376d13551caed97fece6f42a4c908ee279f1127fda1dd3ee77d8de0a6f3c135fa3f1cffe38591b6738dc97b55f0acc52be9753ce53e64d7e497bb00ca6123758df3b68fad99e35c04389f7514a8e36039f541598a417275e77869989782325a15b5342ac5011ff07af698584b476b35d941a4981eac590a07a092bb50342da5d3341f901aa07964a8d02b623c7b106dd0ae50bfa007a22d46c8772fa55558176602946cb1d11ea5460db7586fb89c6d3bcd3ab6dd20df4a4db63d2e7d52380800ad812b8640887e027e946df96488b47fbc4a4fadaa8beda4abe446fafea5403fae2ef")

val Right(DecryptedPacket(payload0, nextPacket0, sharedSecret0)) = PaymentPacket.peel(privKeys(0), associatedData, onion)
val Right(DecryptedPacket(payload1, nextPacket1, sharedSecret1)) = PaymentPacket.peel(privKeys(1), associatedData, nextPacket0)
Expand All @@ -144,17 +144,17 @@ class SphinxSpec extends FunSuite {
assert(Seq(sharedSecret0, sharedSecret1, sharedSecret2, sharedSecret3, sharedSecret4) == sharedSecrets.map(_._1))

val packets = Seq(nextPacket0, nextPacket1, nextPacket2, nextPacket3, nextPacket4)
assert(packets(0).hmac == ByteVector32(hex"9350c058fe33b70d9cea125d2d68ba02d81af4609c916d51a575c8db2d5f1de5"))
assert(packets(1).hmac == ByteVector32(hex"ef3860bc4d742ca9a6c2818d03c83f034d5c22776232a87ca049ec79b63627b9"))
assert(packets(2).hmac == ByteVector32(hex"22b8aa7917b4e2c87fc5678bab10b450454fbb5e70708c3d49f0670a616085ea"))
assert(packets(3).hmac == ByteVector32(hex"f4bc4473ec0a55d5f3ededdba4a8e303f9128391a0f1f54d8adacf2221c04e1b"))
assert(packets(0).hmac == ByteVector32(hex"a93aa4f40241cef3e764e24b28570a0db39af82ab5102c3a04e51bec8cca9394"))
assert(packets(1).hmac == ByteVector32(hex"5d1b11f1efeaa9be32eb1c74b113c0b46f056bb49e2a35a51ceaece6bd31332c"))
assert(packets(2).hmac == ByteVector32(hex"19ca6357b5552b28e50ae226854eec874bbbf7025cf290a34c06b4eff5d2bac0"))
assert(packets(3).hmac == ByteVector32(hex"16d4553c6084b369073d259381bb5b02c16bb2c590bbd9e69346cf7ebd563229"))
// this means that node #4 is the last node
assert(packets(4).hmac == ByteVector32(hex"0000000000000000000000000000000000000000000000000000000000000000"))
}

test("create packet with variable-size payloads (reference test vector)") {
val PacketAndSecrets(onion, sharedSecrets) = PaymentPacket.create(sessionKey, publicKeys, referenceVariableSizePayloads, associatedData)
assert(serializePaymentOnion(onion) == hex"0002eec7245d6b7d2ccb30380bfbe2a3648cd7a942653f5aa340edcea1f283686619e5f14350c2a76fc232b5e46d421e9615471ab9e0bc887beff8c95fdb878f7b3a71068850554818be051c5fb6e47df0f24ab88623abf089afc95db4f653cfdc4e3fc50f7d61ab590531cf08000178a333a347f8b4072ecac76d4ab27f190828a68222a6bb6c6f23fc671295d5d4fe37b9f3dacaa629d6404bae9a8e8d7178977d7094a1ae549f89338c0777551f874159eb42d3a59fb9285ad4e24883f27de23942ec966611e99bee1cee503455be9e8e642cef6cef7b9864130f692283f8a973d47a8f1c1726b6e59969385975c766e35737c8d76388b64f748ee7943ffb0e2ee45c57a1abc40762ae598723d21bd184e2b338f68ebff47219357bd19cd7e01e2337b806ef4d717888e129e59cd3dc31e6201ccb2fd6d7499836f37a993262468bcb3a4dcd03a22818aca49c6b7b9b8e9e870045631d8e039b066ff86e0d1b7291f71cefa7264c70404a8e538b566c17ccc5feab231401e6c08a01bd5edfc1aa8e3e533b96e82d1f91118d508924b923531929aea889fcdf0568b9af020955bf28f2296f547bec0773d4f76e19351ceda5ad381e6a79b57a5a658149e7e9ced4edde5d38c9b8f92e16f6b4ab13d704721bb12be5941e1b6620be32870100cb1000cf05b7562be8dbfb7fdb4da45b2f3bca8e6fe47eb45fbdd3be21a8a8d200797eae3c9a0497132f92410d804977408494dff49dd3d8bce248e0b74fd9e6f0f7102c25ddfa02bd9ad9f746abbfa337cea1082d8ae639b52346b18c05b8248d9b30df256d432ab365b732a58b04d7d0d6f6dd20b810c52b2457544c629ca0911c35ff1292523f980f13ebd87d1627e9759abf8b17e54955835fa70c3d9217d21dd2a7e33bea072be9170265c9465d5b4c54a1df3c15513332dfb2123c27498af3bfa116a140d28d43661a3088c6f2ae995bd921801d43ee31a353f2e164704b1593136e84815e2d304515ddf45ef3f70b2169718c811fbe697a1c0d97032e83dec858b6672be484244127e23e2ca8fa055e8e34165c3d02219fb588c7a221722e45e2b54f6b9fa4a6013906198cdf72c8d5222155cfc64f1f322f7785d84727fdd2f9b66627cbe8c7ecf5d944ffcb9266ac815ebc4b4301ed6bc1a765bfeade304cac32e5841340ded04f1f9ea4e2fa7ceea533f8b5253a940f842176c672443af37f03a03f7219df1c4062c51e6e79cf859d07eece8cb7583643e698cf76c04cc6f4c01ca9378046e1763818c616c54f640b26a424fbc0b37f6765f57ce1ade6c8c1eef6ab12df9fb6df6125d2d8bb665a4033d1386525eebc5af407155a5bbc9f8719b836f58044a8f5d1256ca627a592c0419af0bbe4886b9f97667c1bb1712f003f9ac8c53e5ceeaa2182260bab8f5ea50951529c4bda2e58ac649bff4447b585e07f8ca3e35379e969dc71f015557fc588eef1282f7da45f57d94f9316898c904217c3a39ceb2e20c4878c6c196ad11aee10b7ed0b047220930aa1d6463d60058dbf1c36f12eb767d5dc09b9c9d1df628766a4de995fa7e85040533087133ba8892b2cd207da65b99e5d95575e4d7d5ba2666de8f9d5582c1f8799e43e25aa1ad7b945bfb97a953e09a9341c49d1346901af9eb30486bd270d750493dfb69b467a24757e5b3a7198f6794549725bccdc69303f6ccaa48f825e5f83d42faba8f32895148c18db0ec3f6411b969674a507d39a4cb723bba876b766bc2219b164a0f32fd9a8c198695343cbc7c48dda1d36ce69efd07a3d7d46275583e50b9fd1a6d95ce3454da8fe754ab58ee4b5ed48a020f514287e900076d389d6266c627f1e0e22a4b511dfa5c4891eac4d8fe7e9f0332cc26af9a5f467b4acea6da597f27fbb58511ffb8a200d68f09aa9e83b401dc012")
assert(serializePaymentOnion(onion) == hex"0002eec7245d6b7d2ccb30380bfbe2a3648cd7a942653f5aa340edcea1f283686619e5f14350c2a76fc232b5e46d421e9615471ab9e0bc887beff8c95fdb878f7b3a710f8eaf9ccc768f66bb5dec1f7827f33c43fe2ddd05614c8283aa78e9e7573f87c50f7d61ab590531cf08000178a333a347f8b4072e1cea42da7552402b10765adae3f581408f35ff0a71a34b78b1d8ecae77df96c6404bae9a8e8d7178977d7094a1ae549f89338c0777551f874159eb42d3a59fb9285ad4e24883f27de23942ec966611e99bee1cee503455be9e8e642cef6cef7b9864130f692283f8a973d47a8f1c1726b6e59969385975c766e35737c8d76388b64f748ee7943ffb0e2ee45c57a1abc40762ae598723d21bd184e2b338f68ebff47219357bd19cd7e01e2337b806ef4d717888e129e59cd3dc31e6201ccb2fd6d7499836f37a993262468bcb3a4dcd03a22818aca49c6b7b9b8e9e870045631d8e039b066ff86e0d1b7291f71cefa7264c70404a8e538b566c17ccc5feab231401e6c08a01bd5edfc1aa8e3e533b96e82d1f91118d508924b923531929aea889fcdf057f5995d9731c4bf796fb0e41c885d488dcbc68eb742e27f44310b276edc6f652658149e7e9ced4edde5d38c9b8f92e16f6b4ab13d710ee5c193921909bdd75db331cd9d7581a39fca50814ed8d9d402b86e7f8f6ac2f3bca8e6fe47eb45fbdd3be21a8a8d200797eae3c9a0497132f92410d804977408494dff49dd3d8bce248e0b74fd9e6f0f7102c25ddfa02bd9ad9f746abbfa3379834bc2380d58e9d23237821475a1874484783a15d68f47d3dc339f38d9bf925655d5c946778680fd6d1f062f84128895aff09d35d6c92cca63d3f95a9ee8f2a84f383b4d6a087533e65de12fc8dcaf85777736a2088ff4b22462265028695b37e70963c10df8ef2458756c73007dc3e544340927f9e9f5ea4816a9fd9832c311d122e9512739a6b4714bba590e31caa143ce83cb84b36c738c60c3190ff70cd9ac286a9fd2ab619399b68f1f7447be376ce884b5913c8496d01cbf7a44a60b6e6747513f69dc538f340bc1388e0fde5d0c1db50a4dcb9cc0576e0e2474e4853af9623212578d502757ffb2e0e749695ed70f61c116560d0d4154b64dcf3cbf3c91d89fb6dd004dc19588e3479fcc63c394a4f9e8a3b8b961fce8a532304f1337f1a697a1bb14b94d2953f39b73b6a3125d24f27fcd4f60437881185370bde68a5454d816e7a70d4cea582effab9a4f1b730437e35f7a5c4b769c7b72f0346887c1e63576b2f1e2b3706142586883f8cf3a23595cc8e35a52ad290afd8d2f8bcd5b4c1b891583a4159af7110ecde092079209c6ec46d2bda60b04c519bb8bc6dffb5c87f310814ef2f3003671b3c90ddf5d0173a70504c2280d31f17c061f4bb12a978122c8a2a618bb7d1edcf14f84bf0fa181798b826a254fca8b6d7c81e0beb01bd77f6461be3c8647301d02b04753b0771105986aa0cbc13f7718d64e1b3437e8eef1d319359914a7932548c91570ef3ea741083ca5be5ff43c6d9444d29df06f76ec3dc936e3d180f4b6d0fbc495487c7d44d7c8fe4a70d5ff1461d0d9593f3f898c919c363fa18341ce9dae54f898ccf3fe792136682272941563387263c51b2a2f32363b804672cc158c9230472b554090a661aa81525d11876eefdcc45442249e61e07284592f1606491de5c0324d3af4be035d7ede75b957e879e9770cdde2e1bbc1ef75d45fe555f1ff6ac296a2f648eeee59c7c08260226ea333c285bcf37a9bbfa57ba2ab8083c4be6fc2ebe279537d22da96a07392908cf22b233337a74fe5c603b51712b43c3ee55010ee3d44dd9ba82bba3145ec358f863e04bbfa53799a7a9216718fd5859da2f0deb77b8e315ad6868fdec9400f45a48e6dc8ddbaeb3")

val Right(DecryptedPacket(payload0, nextPacket0, sharedSecret0)) = PaymentPacket.peel(privKeys(0), associatedData, onion)
val Right(DecryptedPacket(payload1, nextPacket1, sharedSecret1)) = PaymentPacket.peel(privKeys(1), associatedData, nextPacket0)
Expand All @@ -165,10 +165,10 @@ class SphinxSpec extends FunSuite {
assert(Seq(sharedSecret0, sharedSecret1, sharedSecret2, sharedSecret3, sharedSecret4) == sharedSecrets.map(_._1))

val packets = Seq(nextPacket0, nextPacket1, nextPacket2, nextPacket3, nextPacket4)
assert(packets(0).hmac == ByteVector32(hex"47cd6e0ac53a0830044f18b061146bea23ccbe3470582b95d4d43e0c090de644"))
assert(packets(1).hmac == ByteVector32(hex"eba36d0ad9a022f810c315b15a599a350b9fe8c06f5f0237132bbf616d4cff9f"))
assert(packets(2).hmac == ByteVector32(hex"274d625f475dd2d689a883acd3a11df53b547bb786e5cfa791fb5f8b18a434f0"))
assert(packets(3).hmac == ByteVector32(hex"5a7c27a6f4cdf576f3787e3d81d07b6c13f2b683339ac3772a03e0b9d405483a"))
assert(packets(0).hmac == ByteVector32(hex"4ecb91c341543953a34d424b64c36a9cd8b4b04285b0c8de0acab0b6218697fc"))
assert(packets(1).hmac == ByteVector32(hex"3d8e429a1e8d7bdb2813cd491f17771aa75670d88b299db1954aa015d035408f"))
assert(packets(2).hmac == ByteVector32(hex"30ad58843d142609ed7ae2b960c8ce0e331f7d45c7d705f67fd3f3978cd7b8f8"))
assert(packets(3).hmac == ByteVector32(hex"4ee0600ee609f1f3356b85b0af8ead34c2db4ae93e3978d15f983040e8b01acd"))
assert(packets(4).hmac == ByteVector32(hex"0000000000000000000000000000000000000000000000000000000000000000"))
}

Expand Down Expand Up @@ -203,7 +203,7 @@ class SphinxSpec extends FunSuite {

test("create trampoline packet") {
val PacketAndSecrets(onion, sharedSecrets) = TrampolinePacket.create(sessionKey, publicKeys, trampolinePayloads, associatedData)
assert(serializeTrampolineOnion(onion) == hex"0002eec7245d6b7d2ccb30380bfbe2a3648cd7a942653f5aa340edcea1f283686619cff34152f3a36e52ca94e74927203a560392b9cc7ce3c45809c6be52166c24a595716880f95f178bf5b30cef0d5765280d9b6d0c91a22ff4b6ef137eff2921c6de4a07ef54b6ba93e78c67cc99e303f3706509aa43ba7c8a88cba175fccf9a8f5016ef06d3b935dbb15196d7ce16dc1a7157845566901d7b2197e52cab4ce48701ba6653c2a2b2c3bafa910d5e0f92af6bdc71d910aa7b766e0c716cffc9c12f7029db7c5f7eafaa166578c720619561dd14b3277db557ec7dcdb793771aef0f2f667cfdbec42e2a82a7189271c562a5784669387fc32a517d289dee16b46e8f016c32394319517d7e2ea8c5391cf17d0fe30c80913ed887234ccb48808f7ef9425bcd815c3b6e26fe30cb5ddcf6482b371417cef541890e08894ae65cd73fe52a662d21f2c9e77eecb277229b4b682322371c0a1dbfcd723a991993df8cc1f2696b84b055b40a1792a29f710295a18fbd351b0f3ff34cd13941131b8278ba79303c89117120eea69173abb941ee4edacce5400518062f432a44676433c907c05de61dc24830d954c6872e5a5c11afe432b203698edd656d9dad1d2859270ff45b90a96d48f713916b56f5ddeaf3cc77")
assert(serializeTrampolineOnion(onion) == hex"0002eec7245d6b7d2ccb30380bfbe2a3648cd7a942653f5aa340edcea1f283686619cff34152f3a36e52ca94e74927203a560392b9cc7ce3c45809c6be52166c24a595716880f95f178bf5b30ca5f01f7d8f9e2d26348fa73a0cf0e01efaeb4a6ff69f0e8ca2cb7f180d97b5becc99e303f3706509aa43ba7c8a88cba175fccf9a8f5016ef06d3b935dbb15196d7ce16dc1a7157845566901d7b2197e52cab4ce487019d8f59df4c61e85b3c678636701ea8bb55b8bdbd8724d8d39ee47087a648501329db7c5f7eafaa166578c720619561dd14b3277db557ec7dcdb793771aef0f2f667cfdbe148be176e089e1ae07192472031bcdaf47ab6334b98e5b6fcd26b3b47982842019517d7e2ea8c5391cf17d0fe30c80913ed887234ccb48808f7ef9425bcd815c3b9604b5119fbc40ae57b5921bb333f5dd9de0b2638d44bc5e1a863715f96589f3e77eecb277229b4b682322371c0a1dbfcd723a991993df8cc1f2696b84b055b40a1792a29f710295a18fbd351b0f3ff34cd13941131b8278ba79303c89117120eea69173fd2cf5e044e97bcd4060d1ab6da116bdb4136f4d37eb832845b64366dfcbe8729df1dda5708c1c89cd880b0f7c82318bcfe8a27f9e857b1dc453eb555c428c412a1056005319")

val Right(DecryptedPacket(payload0, nextPacket0, sharedSecret0)) = TrampolinePacket.peel(privKeys(0), associatedData, onion)
val Right(DecryptedPacket(payload1, nextPacket1, sharedSecret1)) = TrampolinePacket.peel(privKeys(1), associatedData, nextPacket0)
Expand Down

0 comments on commit a367d10

Please sign in to comment.