Add HMAC, and nonce to OffersContext::InboundPayment

Introduce HMAC and nonce calculation when sending Invoice with reply path, so that if we receive InvoiceError back for the corresponding Invoice we can verify the payment hash before logging it.
lightningdevkit · Sep 6, 2024 · 47be9fe · 47be9fe
1 parent e2ee325
commit 47be9fe
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 3 deletions.
diff --git a/lightning/src/blinded_path/message.rs b/lightning/src/blinded_path/message.rs
@@ -347,6 +347,20 @@ pub enum OffersContext {
 		///
 		/// [`Bolt12Invoice::payment_hash`]: crate::offers::invoice::Bolt12Invoice::payment_hash
 		payment_hash: PaymentHash,
+
+		/// A nonce used for authenticating that a [`Bolt12Invoice`] is for a valid [`Refund`] or
+		/// [`InvoiceRequest`] and for deriving their signing keys.
+		///
+		/// [`Bolt12Invoice`]: crate::offers::invoice::Bolt12Invoice
+		/// [`Refund`]: crate::offers::refund::Refund
+		/// [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
+		nonce: Nonce,
+
+		/// Authentication code for the [`PaymentId`], which should be checked when the context is
+		/// used with an [`InvoiceError`].
+		///
+		/// [`InvoiceError`]: crate::offers::invoice_error::InvoiceError
+		hmac: Hmac<Sha256>,
 	},
 }
 
@@ -366,6 +380,8 @@ impl_writeable_tlv_based_enum!(OffersContext,
 	},
 	(2, InboundPayment) => {
 		(0, payment_hash, required),
+		(1, nonce, required),
+		(2, hmac, required)
 	},
 );
 

diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
@@ -70,7 +70,7 @@ use crate::offers::nonce::Nonce;
 use crate::offers::offer::{Offer, OfferBuilder};
 use crate::offers::parse::Bolt12SemanticError;
 use crate::offers::refund::{Refund, RefundBuilder};
-use crate::offers::signer;
+use crate::offers::signer::{self, hmac_for_payment_hash};
 use crate::onion_message::async_payments::{AsyncPaymentsMessage, HeldHtlcAvailable, ReleaseHeldHtlc, AsyncPaymentsMessageHandler};
 use crate::onion_message::messenger::{Destination, MessageRouter, Responder, ResponseInstruction, MessageSendInstructions};
 use crate::onion_message::offers::{OffersMessage, OffersMessageHandler};
@@ -9192,8 +9192,10 @@ where
 				let builder: InvoiceBuilder<DerivedSigningPubkey> = builder.into();
 				let invoice = builder.allow_mpp().build_and_sign(secp_ctx)?;
 
+				let nonce = Nonce::from_entropy_source(entropy);
+				let hmac = hmac_for_payment_hash(invoice.payment_hash(), nonce, expanded_key);
 				let context = OffersContext::InboundPayment {
-					payment_hash: invoice.payment_hash(),
+					payment_hash: invoice.payment_hash(), nonce, hmac
 				};
 				let reply_paths = self.create_blinded_paths(context)
 					.map_err(|_| Bolt12SemanticError::MissingPaths)?;
@@ -10953,7 +10955,12 @@ where
 			},
 			OffersMessage::InvoiceError(invoice_error) => {
 				let payment_hash = match context {
-					Some(OffersContext::InboundPayment { payment_hash }) => Some(payment_hash),
+					Some(OffersContext::InboundPayment { payment_hash, nonce, hmac }) => {
+						match signer::verify_payment_hash(payment_hash, hmac, nonce, expanded_key) {
+							Ok(_) => Some(payment_hash),
+							Err(_) => None,
+						}
+					},
 					_ => None,
 				};