From 285b8b46985827a1775c0b68097194cdb0ce601d Mon Sep 17 00:00:00 2001
From: Christian Decker <decker.christian@gmail.com>
Date: Fri, 13 Jan 2017 17:57:27 +0100
Subject: [PATCH] sphinx: Use libsecp256k1 to generate shared secrets

So far we did it on our own, but since the spec specifies that we use
the libsecp256k1 version anyway, we can remove our own implementation.
---
 daemon/sphinx.c | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/daemon/sphinx.c b/daemon/sphinx.c
index b1119cc15..fec6341b0 100644
--- a/daemon/sphinx.c
+++ b/daemon/sphinx.c
@@ -8,6 +8,8 @@
 
 #include <err.h>
 
+#include <secp256k1_ecdh.h>
+
 #include <sodium/crypto_auth_hmacsha256.h>
 #include <sodium/crypto_stream_chacha20.h>
 
@@ -258,22 +260,9 @@ static bool create_shared_secret(
 	const secp256k1_pubkey *pubkey,
 	const u8 *sessionkey)
 {
-	/* Need to copy since tweak is in-place */
-	secp256k1_pubkey pkcopy;
-	u8 ecres[33];
-
-	pkcopy = *pubkey;
 
-	if (secp256k1_ec_pubkey_tweak_mul(secp256k1_ctx, &pkcopy, sessionkey) != 1)
+	if (secp256k1_ecdh(secp256k1_ctx, secret, pubkey, sessionkey) != 1)
 		return false;
-
-	/* Serialize and strip first byte, this gives us the X coordinate */
-	size_t outputlen = 33;
-	secp256k1_ec_pubkey_serialize(secp256k1_ctx, ecres, &outputlen,
-				      &pkcopy, SECP256K1_EC_COMPRESSED);
-	struct sha256 h;
-	sha256(&h, ecres, sizeof(ecres));
-	memcpy(secret, &h, sizeof(h));
 	return true;
 }