Add new inbound payment key for spontaneous payments

This key will be used in upcoming commits for encrypting metadata bytes for
spontaneous payments' payment secrets, to be included in the blinded paths of
static invoices for async payments. We need a new type of payment secret for
these payments because they don't have an a prior known payment hash, see the
next commit.

diff --git a/lightning/src/crypto/utils.rs b/lightning/src/crypto/utils.rs
index cd4d9bfa6d5dd131dbc4972d71f28d009a7955f4..b59cc6002d9a0465dde74dd6b352a2f5346de946 100644 (file)
--- a/lightning/src/crypto/utils.rs
+++ b/lightning/src/crypto/utils.rs
@@ -24,7 +24,7 @@ macro_rules! hkdf_extract_expand {
                let (k1, k2, _) = hkdf_extract_expand!($salt, $ikm);
                (k1, k2)
        }};
-       ($salt: expr, $ikm: expr, 5) => {{
+       ($salt: expr, $ikm: expr, 6) => {{
                let (k1, k2, prk) = hkdf_extract_expand!($salt, $ikm);
 
                let mut hmac = HmacEngine::<Sha256>::new(&prk[..]);
@@ -42,7 +42,12 @@ macro_rules! hkdf_extract_expand {
                hmac.input(&[5; 1]);
                let k5 = Hmac::from_engine(hmac).to_byte_array();
 
-               (k1, k2, k3, k4, k5)
+               let mut hmac = HmacEngine::<Sha256>::new(&prk[..]);
+               hmac.input(&k5);
+               hmac.input(&[6; 1]);
+               let k6 = Hmac::from_engine(hmac).to_byte_array();
+
+               (k1, k2, k3, k4, k5, k6)
        }};
 }
 
@@ -50,10 +55,10 @@ pub fn hkdf_extract_expand_twice(salt: &[u8], ikm: &[u8]) -> ([u8; 32], [u8; 32]
        hkdf_extract_expand!(salt, ikm, 2)
 }
 
-pub fn hkdf_extract_expand_5x(
+pub fn hkdf_extract_expand_6x(
        salt: &[u8], ikm: &[u8],
-) -> ([u8; 32], [u8; 32], [u8; 32], [u8; 32], [u8; 32]) {
-       hkdf_extract_expand!(salt, ikm, 5)
+) -> ([u8; 32], [u8; 32], [u8; 32], [u8; 32], [u8; 32], [u8; 32]) {
+       hkdf_extract_expand!(salt, ikm, 6)
 }
 
 #[inline]

diff --git a/lightning/src/ln/inbound_payment.rs b/lightning/src/ln/inbound_payment.rs
index e294dcbcf2409c6598522edc8e661a9aed30ffb5..d3cdae61691cd580605403c6199b8836f22dba3b 100644 (file)
--- a/lightning/src/ln/inbound_payment.rs
+++ b/lightning/src/ln/inbound_payment.rs
@@ -15,7 +15,7 @@ use bitcoin::hashes::hmac::{Hmac, HmacEngine};
 use bitcoin::hashes::sha256::Hash as Sha256;
 
 use crate::crypto::chacha20::ChaCha20;
-use crate::crypto::utils::hkdf_extract_expand_5x;
+use crate::crypto::utils::hkdf_extract_expand_6x;
 use crate::ln::msgs;
 use crate::ln::msgs::MAX_VALUE_MSAT;
 use crate::types::payment::{PaymentHash, PaymentPreimage, PaymentSecret};
@@ -55,6 +55,9 @@ pub struct ExpandedKey {
        offers_base_key: [u8; 32],
        /// The key used to encrypt message metadata for BOLT 12 Offers.
        offers_encryption_key: [u8; 32],
+       /// The key used to authenticate spontaneous payments' metadata as previously registered with LDK
+       /// for inclusion in a blinded path.
+       spontaneous_pmt_key: [u8; 32],
 }
 
 impl ExpandedKey {
@@ -68,13 +71,15 @@ impl ExpandedKey {
                        user_pmt_hash_key,
                        offers_base_key,
                        offers_encryption_key,
-               ) = hkdf_extract_expand_5x(b"LDK Inbound Payment Key Expansion", &key_material.0);
+                       spontaneous_pmt_key,
+               ) = hkdf_extract_expand_6x(b"LDK Inbound Payment Key Expansion", &key_material.0);
                Self {
                        metadata_key,
                        ldk_pmt_hash_key,
                        user_pmt_hash_key,
                        offers_base_key,
                        offers_encryption_key,
+                       spontaneous_pmt_key,
                }
        }