From b0683b7fc6979a013c09ba782b0fad6365aa6147 Mon Sep 17 00:00:00 2001
From: Erik Grinaker <erik@grinaker.org>
Date: Fri, 21 Feb 2020 12:43:59 +0100
Subject: [PATCH] p2p: use curve25519.X25519() instead of ScalarMult() (#4449)

* p2p: use curve25519.X25519() instead of ScalarMult()

* Renamed array to shrKeyArray

* Updated CHANGELOG_PENDING

* Revert "Updated CHANGELOG_PENDING"

This reverts commit dbb72e0bf721287847ac136c99f385ce7456d1f7.
---
 p2p/conn/secret_connection.go | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

diff --git a/p2p/conn/secret_connection.go b/p2p/conn/secret_connection.go
index d6b20186f..c14f1bb5c 100644
--- a/p2p/conn/secret_connection.go
+++ b/p2p/conn/secret_connection.go
@@ -5,7 +5,6 @@ import (
 	"crypto/cipher"
 	crand "crypto/rand"
 	"crypto/sha256"
-	"crypto/subtle"
 	"encoding/binary"
 	"io"
 	"math"
@@ -38,7 +37,6 @@ const (
 
 var (
 	ErrSmallOrderRemotePubKey = errors.New("detected low order point from remote peer")
-	ErrSharedSecretIsZero     = errors.New("shared secret is all zeroes")
 
 	labelEphemeralLowerPublicKey = []byte("EPHEMERAL_LOWER_PUBLIC_KEY")
 	labelEphemeralUpperPublicKey = []byte("EPHEMERAL_UPPER_PUBLIC_KEY")
@@ -358,19 +356,14 @@ func deriveSecrets(
 
 // computeDHSecret computes a Diffie-Hellman shared secret key
 // from our own local private key and the other's public key.
-//
-// It returns an error if the computed shared secret is all zeroes.
-func computeDHSecret(remPubKey, locPrivKey *[32]byte) (shrKey *[32]byte, err error) {
-	shrKey = new([32]byte)
-	curve25519.ScalarMult(shrKey, locPrivKey, remPubKey)
-
-	// reject if the returned shared secret is all zeroes
-	// related to: https://github.com/tendermint/tendermint/issues/3010
-	zero := new([32]byte)
-	if subtle.ConstantTimeCompare(shrKey[:], zero[:]) == 1 {
-		return nil, ErrSharedSecretIsZero
+func computeDHSecret(remPubKey, locPrivKey *[32]byte) (*[32]byte, error) {
+	shrKey, err := curve25519.X25519(locPrivKey[:], remPubKey[:])
+	if err != nil {
+		return nil, err
 	}
-	return
+	var shrKeyArray [32]byte
+	copy(shrKeyArray[:], shrKey)
+	return &shrKeyArray, nil
 }
 
 func sort32(foo, bar *[32]byte) (lo, hi *[32]byte) {