diff --git a/fuzz/src/peer_crypt.rs b/fuzz/src/peer_crypt.rs index 9bef4329824..de0443ebd5b 100644 --- a/fuzz/src/peer_crypt.rs +++ b/fuzz/src/peer_crypt.rs @@ -9,7 +9,7 @@ use lightning::ln::peer_channel_encryptor::PeerChannelEncryptor; -use bitcoin::secp256k1::{PublicKey,SecretKey}; +use bitcoin::secp256k1::{Secp256k1, PublicKey, SecretKey}; use utils::test_logger; @@ -35,6 +35,8 @@ pub fn do_test(data: &[u8]) { } } + let secp_ctx = Secp256k1::signing_only(); + let our_network_key = match SecretKey::from_slice(get_slice!(32)) { Ok(key) => key, Err(_) => return, @@ -50,16 +52,16 @@ pub fn do_test(data: &[u8]) { Err(_) => return, }; let mut crypter = PeerChannelEncryptor::new_outbound(their_pubkey, ephemeral_key); - crypter.get_act_one(); - match crypter.process_act_two(get_slice!(50), &our_network_key) { + crypter.get_act_one(&secp_ctx); + match crypter.process_act_two(get_slice!(50), &our_network_key, &secp_ctx) { Ok(_) => {}, Err(_) => return, } assert!(crypter.is_ready_for_encryption()); crypter } else { - let mut crypter = PeerChannelEncryptor::new_inbound(&our_network_key); - match crypter.process_act_one_with_keys(get_slice!(50), &our_network_key, ephemeral_key) { + let mut crypter = PeerChannelEncryptor::new_inbound(&our_network_key, &secp_ctx); + match crypter.process_act_one_with_keys(get_slice!(50), &our_network_key, ephemeral_key, &secp_ctx) { Ok(_) => {}, Err(_) => return, } diff --git a/lightning/src/ln/peer_channel_encryptor.rs b/lightning/src/ln/peer_channel_encryptor.rs index da6dc67aba5..4e85ae37d70 100644 --- a/lightning/src/ln/peer_channel_encryptor.rs +++ b/lightning/src/ln/peer_channel_encryptor.rs @@ -80,7 +80,6 @@ enum NoiseState { } pub struct PeerChannelEncryptor { - secp_ctx: Secp256k1, their_node_id: Option, // filled in for outbound, or inbound after noise_state is Finished noise_state: NoiseState, @@ -88,8 +87,6 @@ pub struct PeerChannelEncryptor { impl PeerChannelEncryptor { pub fn new_outbound(their_node_id: PublicKey, ephemeral_key: SecretKey) -> PeerChannelEncryptor { - let secp_ctx = Secp256k1::signing_only(); - let mut sha = Sha256::engine(); sha.input(&NOISE_H); sha.input(&their_node_id.serialize()[..]); @@ -97,7 +94,6 @@ impl PeerChannelEncryptor { PeerChannelEncryptor { their_node_id: Some(their_node_id), - secp_ctx, noise_state: NoiseState::InProgress { state: NoiseStep::PreActOne, directional_state: DirectionalNoiseState::Outbound { @@ -111,9 +107,7 @@ impl PeerChannelEncryptor { } } - pub fn new_inbound(our_node_secret: &SecretKey) -> PeerChannelEncryptor { - let secp_ctx = Secp256k1::signing_only(); - + pub fn new_inbound(our_node_secret: &SecretKey, secp_ctx: &Secp256k1) -> PeerChannelEncryptor { let mut sha = Sha256::engine(); sha.input(&NOISE_H); let our_node_id = PublicKey::from_secret_key(&secp_ctx, our_node_secret); @@ -122,7 +116,6 @@ impl PeerChannelEncryptor { PeerChannelEncryptor { their_node_id: None, - secp_ctx, noise_state: NoiseState::InProgress { state: NoiseStep::PreActOne, directional_state: DirectionalNoiseState::Inbound { @@ -224,7 +217,7 @@ impl PeerChannelEncryptor { Ok((their_pub, temp_k)) } - pub fn get_act_one(&mut self) -> [u8; 50] { + pub fn get_act_one(&mut self, secp_ctx: &Secp256k1) -> [u8; 50] { match self.noise_state { NoiseState::InProgress { ref mut state, ref directional_state, ref mut bidirectional_state } => match directional_state { @@ -233,7 +226,7 @@ impl PeerChannelEncryptor { panic!("Requested act at wrong step"); } - let (res, _) = PeerChannelEncryptor::outbound_noise_act(&self.secp_ctx, bidirectional_state, &ie, &self.their_node_id.unwrap()); + let (res, _) = PeerChannelEncryptor::outbound_noise_act(secp_ctx, bidirectional_state, &ie, &self.their_node_id.unwrap()); *state = NoiseStep::PostActOne; res }, @@ -243,7 +236,9 @@ impl PeerChannelEncryptor { } } - pub fn process_act_one_with_keys(&mut self, act_one: &[u8], our_node_secret: &SecretKey, our_ephemeral: SecretKey) -> Result<[u8; 50], LightningError> { + pub fn process_act_one_with_keys( + &mut self, act_one: &[u8], our_node_secret: &SecretKey, our_ephemeral: SecretKey, secp_ctx: &Secp256k1) + -> Result<[u8; 50], LightningError> { assert_eq!(act_one.len(), 50); match self.noise_state { @@ -259,7 +254,8 @@ impl PeerChannelEncryptor { re.get_or_insert(our_ephemeral); - let (res, temp_k) = PeerChannelEncryptor::outbound_noise_act(&self.secp_ctx, bidirectional_state, &re.unwrap(), &ie.unwrap()); + let (res, temp_k) = + PeerChannelEncryptor::outbound_noise_act(secp_ctx, bidirectional_state, &re.unwrap(), &ie.unwrap()); *temp_k2 = Some(temp_k); *state = NoiseStep::PostActTwo; Ok(res) @@ -270,7 +266,9 @@ impl PeerChannelEncryptor { } } - pub fn process_act_two(&mut self, act_two: &[u8], our_node_secret: &SecretKey) -> Result<([u8; 66], PublicKey), LightningError> { + pub fn process_act_two( + &mut self, act_two: &[u8], our_node_secret: &SecretKey, secp_ctx: &Secp256k1) + -> Result<([u8; 66], PublicKey), LightningError> { assert_eq!(act_two.len(), 50); let final_hkdf; @@ -286,7 +284,7 @@ impl PeerChannelEncryptor { let (re, temp_k2) = PeerChannelEncryptor::inbound_noise_act(bidirectional_state, act_two, &ie)?; let mut res = [0; 66]; - let our_node_id = PublicKey::from_secret_key(&self.secp_ctx, &our_node_secret); + let our_node_id = PublicKey::from_secret_key(secp_ctx, &our_node_secret); PeerChannelEncryptor::encrypt_with_ad(&mut res[1..50], 1, &temp_k2, &bidirectional_state.h, &our_node_id.serialize()[..]); @@ -474,6 +472,7 @@ mod tests { use super::LN_MAX_MSG_LEN; use bitcoin::secp256k1::{PublicKey,SecretKey}; + use bitcoin::secp256k1::Secp256k1; use hex; @@ -481,9 +480,10 @@ mod tests { fn get_outbound_peer_for_initiator_test_vectors() -> PeerChannelEncryptor { let their_node_id = PublicKey::from_slice(&hex::decode("028d7500dd4c12685d1f568b4c2b5048e8534b873319f3a8daa612b469132ec7f7").unwrap()[..]).unwrap(); + let secp_ctx = Secp256k1::signing_only(); let mut outbound_peer = PeerChannelEncryptor::new_outbound(their_node_id, SecretKey::from_slice(&hex::decode("1212121212121212121212121212121212121212121212121212121212121212").unwrap()[..]).unwrap()); - assert_eq!(outbound_peer.get_act_one()[..], hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap()[..]); + assert_eq!(outbound_peer.get_act_one(&secp_ctx)[..], hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap()[..]); outbound_peer } @@ -491,11 +491,12 @@ mod tests { // transport-responder successful handshake let our_node_id = SecretKey::from_slice(&hex::decode("2121212121212121212121212121212121212121212121212121212121212121").unwrap()[..]).unwrap(); let our_ephemeral = SecretKey::from_slice(&hex::decode("2222222222222222222222222222222222222222222222222222222222222222").unwrap()[..]).unwrap(); + let secp_ctx = Secp256k1::signing_only(); - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec(); - assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); + assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); let act_three = hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap().to_vec(); // test vector doesn't specify the initiator static key, but it's the same as the one @@ -520,13 +521,14 @@ mod tests { #[test] fn noise_initiator_test_vectors() { let our_node_id = SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(); + let secp_ctx = Secp256k1::signing_only(); { // transport-initiator successful handshake let mut outbound_peer = get_outbound_peer_for_initiator_test_vectors(); let act_two = hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap().to_vec(); - assert_eq!(outbound_peer.process_act_two(&act_two[..], &our_node_id).unwrap().0[..], hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap()[..]); + assert_eq!(outbound_peer.process_act_two(&act_two[..], &our_node_id, &secp_ctx).unwrap().0[..], hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap()[..]); match outbound_peer.noise_state { NoiseState::Finished { sk, sn, sck, rk, rn, rck } => { @@ -549,7 +551,7 @@ mod tests { let mut outbound_peer = get_outbound_peer_for_initiator_test_vectors(); let act_two = hex::decode("0102466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap().to_vec(); - assert!(outbound_peer.process_act_two(&act_two[..], &our_node_id).is_err()); + assert!(outbound_peer.process_act_two(&act_two[..], &our_node_id, &secp_ctx).is_err()); } { @@ -557,7 +559,7 @@ mod tests { let mut outbound_peer = get_outbound_peer_for_initiator_test_vectors(); let act_two = hex::decode("0004466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap().to_vec(); - assert!(outbound_peer.process_act_two(&act_two[..], &our_node_id).is_err()); + assert!(outbound_peer.process_act_two(&act_two[..], &our_node_id, &secp_ctx).is_err()); } { @@ -565,7 +567,7 @@ mod tests { let mut outbound_peer = get_outbound_peer_for_initiator_test_vectors(); let act_two = hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730af").unwrap().to_vec(); - assert!(outbound_peer.process_act_two(&act_two[..], &our_node_id).is_err()); + assert!(outbound_peer.process_act_two(&act_two[..], &our_node_id, &secp_ctx).is_err()); } } @@ -573,6 +575,7 @@ mod tests { fn noise_responder_test_vectors() { let our_node_id = SecretKey::from_slice(&hex::decode("2121212121212121212121212121212121212121212121212121212121212121").unwrap()[..]).unwrap(); let our_ephemeral = SecretKey::from_slice(&hex::decode("2222222222222222222222222222222222222222222222222222222222222222").unwrap()[..]).unwrap(); + let secp_ctx = Secp256k1::signing_only(); { let _ = get_inbound_peer_for_test_vectors(); @@ -583,31 +586,31 @@ mod tests { } { // transport-responder act1 bad version test - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one = hex::decode("01036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec(); - assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).is_err()); + assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).is_err()); } { // transport-responder act1 bad key serialization test - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one =hex::decode("00046360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec(); - assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).is_err()); + assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).is_err()); } { // transport-responder act1 bad MAC test - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6b").unwrap().to_vec(); - assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).is_err()); + assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).is_err()); } { // transport-responder act3 bad version test - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec(); - assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); + assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); let act_three = hex::decode("01b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap().to_vec(); assert!(inbound_peer.process_act_three(&act_three[..]).is_err()); @@ -618,30 +621,30 @@ mod tests { } { // transport-responder act3 bad MAC for ciphertext test - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec(); - assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); + assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); let act_three = hex::decode("00c9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap().to_vec(); assert!(inbound_peer.process_act_three(&act_three[..]).is_err()); } { // transport-responder act3 bad rs test - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec(); - assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); + assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); let act_three = hex::decode("00bfe3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa2235536ad09a8ee351870c2bb7f78b754a26c6cef79a98d25139c856d7efd252c2ae73c").unwrap().to_vec(); assert!(inbound_peer.process_act_three(&act_three[..]).is_err()); } { // transport-responder act3 bad MAC test - let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id); + let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id, &secp_ctx); let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec(); - assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); + assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone(), &secp_ctx).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]); let act_three = hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139bb").unwrap().to_vec(); assert!(inbound_peer.process_act_three(&act_three[..]).is_err()); @@ -654,12 +657,13 @@ mod tests { // We use the same keys as the initiator and responder test vectors, so we copy those tests // here and use them to encrypt. let mut outbound_peer = get_outbound_peer_for_initiator_test_vectors(); + let secp_ctx = Secp256k1::signing_only(); { let our_node_id = SecretKey::from_slice(&hex::decode("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(); let act_two = hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap().to_vec(); - assert_eq!(outbound_peer.process_act_two(&act_two[..], &our_node_id).unwrap().0[..], hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap()[..]); + assert_eq!(outbound_peer.process_act_two(&act_two[..], &our_node_id, &secp_ctx).unwrap().0[..], hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap()[..]); match outbound_peer.noise_state { NoiseState::Finished { sk, sn, sck, rk, rn, rck } => { diff --git a/lightning/src/ln/peer_handler.rs b/lightning/src/ln/peer_handler.rs index 633876ee375..bfa3a45de90 100644 --- a/lightning/src/ln/peer_handler.rs +++ b/lightning/src/ln/peer_handler.rs @@ -15,7 +15,7 @@ //! call into the provided message handlers (probably a ChannelManager and NetGraphmsgHandler) with messages //! they should handle, and encoding/sending response messages. -use bitcoin::secp256k1::{SecretKey,PublicKey}; +use bitcoin::secp256k1::{self, Secp256k1, SecretKey, PublicKey}; use ln::features::InitFeatures; use ln::msgs; @@ -450,6 +450,7 @@ pub struct PeerManager } enum MessageHandlingError { @@ -568,6 +569,10 @@ impl P let mut ephemeral_key_midstate = Sha256::engine(); ephemeral_key_midstate.input(ephemeral_random_data); + let mut secp_ctx = Secp256k1::signing_only(); + let ephemeral_hash = Sha256::from_engine(ephemeral_key_midstate.clone()).into_inner(); + secp_ctx.seeded_randomize(&ephemeral_hash); + PeerManager { message_handler, peers: FairRwLock::new(HashMap::new()), @@ -579,6 +584,7 @@ impl P peer_counter: AtomicCounter::new(), logger, custom_message_handler, + secp_ctx, } } @@ -623,7 +629,7 @@ impl P /// [`socket_disconnected()`]: PeerManager::socket_disconnected pub fn new_outbound_connection(&self, their_node_id: PublicKey, descriptor: Descriptor, remote_network_address: Option) -> Result, PeerHandleError> { let mut peer_encryptor = PeerChannelEncryptor::new_outbound(their_node_id.clone(), self.get_ephemeral_key()); - let res = peer_encryptor.get_act_one().to_vec(); + let res = peer_encryptor.get_act_one(&self.secp_ctx).to_vec(); let pending_read_buffer = [0; 50].to_vec(); // Noise act two is 50 bytes let mut peers = self.peers.write().unwrap(); @@ -670,7 +676,7 @@ impl P /// /// [`socket_disconnected()`]: PeerManager::socket_disconnected pub fn new_inbound_connection(&self, descriptor: Descriptor, remote_network_address: Option) -> Result<(), PeerHandleError> { - let peer_encryptor = PeerChannelEncryptor::new_inbound(&self.our_node_secret); + let peer_encryptor = PeerChannelEncryptor::new_inbound(&self.our_node_secret, &self.secp_ctx); let pending_read_buffer = [0; 50].to_vec(); // Noise act one is 50 bytes let mut peers = self.peers.write().unwrap(); @@ -935,14 +941,16 @@ impl P let next_step = peer.channel_encryptor.get_noise_step(); match next_step { NextNoiseStep::ActOne => { - let act_two = try_potential_handleerror!(peer, - peer.channel_encryptor.process_act_one_with_keys(&peer.pending_read_buffer[..], &self.our_node_secret, self.get_ephemeral_key())).to_vec(); + let act_two = try_potential_handleerror!(peer, peer.channel_encryptor + .process_act_one_with_keys(&peer.pending_read_buffer[..], + &self.our_node_secret, self.get_ephemeral_key(), &self.secp_ctx)).to_vec(); peer.pending_outbound_buffer.push_back(act_two); peer.pending_read_buffer = [0; 66].to_vec(); // act three is 66 bytes long }, NextNoiseStep::ActTwo => { let (act_three, their_node_id) = try_potential_handleerror!(peer, - peer.channel_encryptor.process_act_two(&peer.pending_read_buffer[..], &self.our_node_secret)); + peer.channel_encryptor.process_act_two(&peer.pending_read_buffer[..], + &self.our_node_secret, &self.secp_ctx)); peer.pending_outbound_buffer.push_back(act_three.to_vec()); peer.pending_read_buffer = [0; 18].to_vec(); // Message length header is 18 bytes peer.pending_read_is_header = true;