git.bitcoin.ninja Git - rust-lightning/commit

author	Jeffrey Czyz <jkczyz@gmail.com>
	Mon, 30 Jan 2023 20:57:43 +0000 (14:57 -0600)
committer	Jeffrey Czyz <jkczyz@gmail.com>
	Thu, 20 Apr 2023 02:31:07 +0000 (21:31 -0500)
commit	022eadc4dbf0f60179674f936d604cade6c5dd9e
tree	dc6541d9b2ffb7e7b77f0352c812efe6d1957118	tree \| snapshot
parent	9bd43e077fd00add0491960aeb5533a75d9d71d3	commit \| diff

Stateless verification of Invoice for Offer

Verify that an Invoice was produced from an InvoiceRequest constructed
by the payer using the payer metadata reflected in the Invoice. The
payer metadata consists of a 128-bit encrypted nonce and possibly a
256-bit HMAC over the nonce and InvoiceRequest TLV records (excluding
the payer id) using an ExpandedKey.

Thus, the HMAC can be reproduced from the invoice request bytes using
the nonce and the original ExpandedKey, and then checked against the
metadata. If metadata does not contain an HMAC, then the reproduced HMAC
was used to form the signing keys, and thus can be checked against the
payer id.

lightning/src/offers/invoice.rs		diff \| blob \| history
lightning/src/offers/invoice_request.rs		diff \| blob \| history
lightning/src/offers/merkle.rs		diff \| blob \| history
lightning/src/offers/offer.rs		diff \| blob \| history
lightning/src/offers/payer.rs		diff \| blob \| history
lightning/src/offers/signer.rs		diff \| blob \| history