Skip to content

Commit 8b479ac

Browse files
shaavanshaavan
committed
Add HMAC, and nonce to OffersContext::InboundPayment
Introduce HMAC and nonce calculation when sending Invoice with reply path, so that if we receive InvoiceError back for the corresponding Invoice we can verify the payment hash before logging it.
1 parent 6500277 commit 8b479ac

File tree

2 files changed

+24
-2
lines changed

2 files changed

+24
-2
lines changed

lightning/src/blinded_path/message.rs

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -347,6 +347,19 @@ pub enum OffersContext {
347347
///
348348
/// [`Bolt12Invoice::payment_hash`]: crate::offers::invoice::Bolt12Invoice::payment_hash
349349
payment_hash: PaymentHash,
350+
351+
/// A nonce used for authenticating that a received [`InvoiceError`] is for a valid
352+
/// sent [`Bolt12Invoice`].
353+
///
354+
/// [`InvoiceError`]: crate::offers::invoice_error::InvoiceError
355+
/// [`Bolt12Invoice`]: crate::offers::invoice::Bolt12Invoice
356+
nonce: Nonce,
357+
358+
/// Authentication code for the [`PaymentHash`], which should be checked when the context is
359+
/// used to log the received [`InvoiceError`].
360+
///
361+
/// [`InvoiceError`]: crate::offers::invoice_error::InvoiceError
362+
hmac: Hmac<Sha256>,
350363
},
351364
}
352365

@@ -366,6 +379,8 @@ impl_writeable_tlv_based_enum!(OffersContext,
366379
},
367380
(2, InboundPayment) => {
368381
(0, payment_hash, required),
382+
(1, nonce, required),
383+
(2, hmac, required)
369384
},
370385
);
371386

lightning/src/ln/channelmanager.rs

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9226,8 +9226,10 @@ where
92269226
let builder: InvoiceBuilder<DerivedSigningPubkey> = builder.into();
92279227
let invoice = builder.allow_mpp().build_and_sign(secp_ctx)?;
92289228

9229+
let nonce = Nonce::from_entropy_source(entropy);
9230+
let hmac = payment_hash.hmac_for_offer_payment(nonce, expanded_key);
92299231
let context = OffersContext::InboundPayment {
9230-
payment_hash: invoice.payment_hash(),
9232+
payment_hash: invoice.payment_hash(), nonce, hmac
92319233
};
92329234
let reply_paths = self.create_blinded_paths(context)
92339235
.map_err(|_| Bolt12SemanticError::MissingPaths)?;
@@ -10987,7 +10989,12 @@ where
1098710989
},
1098810990
OffersMessage::InvoiceError(invoice_error) => {
1098910991
let payment_hash = match context {
10990-
Some(OffersContext::InboundPayment { payment_hash }) => Some(payment_hash),
10992+
Some(OffersContext::InboundPayment { payment_hash, nonce, hmac }) => {
10993+
match payment_hash.verify(hmac, nonce, expanded_key) {
10994+
Ok(_) => Some(payment_hash),
10995+
Err(_) => None,
10996+
}
10997+
},
1099110998
_ => None,
1099210999
};
1099311000

0 commit comments

Comments
 (0)