diff --git a/common/sphinx.c b/common/sphinx.c index d41366cec..f719ace9d 100644 --- a/common/sphinx.c +++ b/common/sphinx.c @@ -22,6 +22,8 @@ #define NUM_STREAM_BYTES (2*ROUTING_INFO_SIZE) #define ONION_REPLY_SIZE 256 +#define RHO_KEYTYPE "rho" + struct hop_params { u8 secret[SHARED_SECRET_SIZE]; u8 blind[BLINDING_FACTOR_SIZE]; @@ -268,27 +270,40 @@ static bool generate_key(void *k, const char *t, u8 tlen, const u8 *s) return compute_hmac(k, s, KEY_LEN, t, tlen); } -static bool generate_header_padding( - void *dst, size_t dstlen, - const size_t hopsize, - const char *keytype, - size_t keytypelen, - const u8 numhops, - struct hop_params *params - ) +static bool generate_header_padding(void *dst, size_t dstlen, + const struct sphinx_path *path, + struct hop_params *params) { - int i; - u8 cipher_stream[(NUM_MAX_FRAMES + 1) * FRAME_SIZE]; + u8 stream[2 * ROUTING_INFO_SIZE]; u8 key[KEY_LEN]; + size_t fillerStart, fillerEnd, fillerSize; memset(dst, 0, dstlen); - for (i = 1; i < numhops; i++) { - if (!generate_key(&key, keytype, keytypelen, params[i - 1].secret)) + for (int i = 0; i < tal_count(path->hops) - 1; i++) { + if (!generate_key(&key, RHO_KEYTYPE, strlen(RHO_KEYTYPE), + params[i].secret)) return false; - generate_cipher_stream(cipher_stream, key, sizeof(cipher_stream)); - int pos = ((NUM_MAX_FRAMES - i) + 1) * hopsize; - xorbytes(dst, dst, cipher_stream + pos, sizeof(cipher_stream) - pos); + generate_cipher_stream(stream, key, sizeof(stream)); + + /* Sum up how many bytes have been used by previous hops, + * that gives us the start in the stream */ + fillerSize = 0; + for (int j = 0; j < i; j++) + fillerSize += FRAME_SIZE; /* Currently constant, will change + with multi-frame hops */ + fillerStart = ROUTING_INFO_SIZE - fillerSize; + + /* The filler will dangle off of the end by the current + * hop-size, we'll make sure to copy it into the correct + * position in the next step. */ + /* TODO: This'll change with multi-frame hops */ + fillerEnd = ROUTING_INFO_SIZE + FRAME_SIZE; + + /* Apply the cipher-stream to the part of the filler that'll + * be added by this hop */ + xorbytes(dst, dst, stream + fillerStart, + fillerEnd - fillerStart); } return true; } @@ -463,8 +478,7 @@ struct onionpacket *create_onionpacket( memset(nexthmac, 0, HMAC_SIZE); memset(packet->routinginfo, 0, ROUTING_INFO_SIZE); - generate_header_padding(filler, sizeof(filler), FRAME_SIZE, - "rho", 3, num_hops, params); + generate_header_padding(filler, sizeof(filler), sp, params); for (i = num_hops - 1; i >= 0; i--) { memcpy(sp->hops[i].hmac, nexthmac, HMAC_SIZE);