From 45f88ee7f9b75850dc44a77115a95e195b2d2030 Mon Sep 17 00:00:00 2001 From: Valentine Wallace Date: Wed, 6 Nov 2024 14:58:04 -0500 Subject: [PATCH] Add new inbound payment key for spontaneous payments This key will be used in upcoming commits for encrypting metadata bytes for spontaneous payments' payment secrets, to be included in the blinded paths of static invoices for async payments. We need a new type of payment secret for these payments because they don't have an a prior known payment hash, see the next commit. --- lightning/src/crypto/utils.rs | 15 ++++++++++----- lightning/src/ln/inbound_payment.rs | 9 +++++++-- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/lightning/src/crypto/utils.rs b/lightning/src/crypto/utils.rs index cd4d9bfa6..b59cc6002 100644 --- a/lightning/src/crypto/utils.rs +++ b/lightning/src/crypto/utils.rs @@ -24,7 +24,7 @@ macro_rules! hkdf_extract_expand { let (k1, k2, _) = hkdf_extract_expand!($salt, $ikm); (k1, k2) }}; - ($salt: expr, $ikm: expr, 5) => {{ + ($salt: expr, $ikm: expr, 6) => {{ let (k1, k2, prk) = hkdf_extract_expand!($salt, $ikm); let mut hmac = HmacEngine::::new(&prk[..]); @@ -42,7 +42,12 @@ macro_rules! hkdf_extract_expand { hmac.input(&[5; 1]); let k5 = Hmac::from_engine(hmac).to_byte_array(); - (k1, k2, k3, k4, k5) + let mut hmac = HmacEngine::::new(&prk[..]); + hmac.input(&k5); + hmac.input(&[6; 1]); + let k6 = Hmac::from_engine(hmac).to_byte_array(); + + (k1, k2, k3, k4, k5, k6) }}; } @@ -50,10 +55,10 @@ pub fn hkdf_extract_expand_twice(salt: &[u8], ikm: &[u8]) -> ([u8; 32], [u8; 32] hkdf_extract_expand!(salt, ikm, 2) } -pub fn hkdf_extract_expand_5x( +pub fn hkdf_extract_expand_6x( salt: &[u8], ikm: &[u8], -) -> ([u8; 32], [u8; 32], [u8; 32], [u8; 32], [u8; 32]) { - hkdf_extract_expand!(salt, ikm, 5) +) -> ([u8; 32], [u8; 32], [u8; 32], [u8; 32], [u8; 32], [u8; 32]) { + hkdf_extract_expand!(salt, ikm, 6) } #[inline] diff --git a/lightning/src/ln/inbound_payment.rs b/lightning/src/ln/inbound_payment.rs index e294dcbcf..d3cdae616 100644 --- a/lightning/src/ln/inbound_payment.rs +++ b/lightning/src/ln/inbound_payment.rs @@ -15,7 +15,7 @@ use bitcoin::hashes::hmac::{Hmac, HmacEngine}; use bitcoin::hashes::sha256::Hash as Sha256; use crate::crypto::chacha20::ChaCha20; -use crate::crypto::utils::hkdf_extract_expand_5x; +use crate::crypto::utils::hkdf_extract_expand_6x; use crate::ln::msgs; use crate::ln::msgs::MAX_VALUE_MSAT; use crate::types::payment::{PaymentHash, PaymentPreimage, PaymentSecret}; @@ -55,6 +55,9 @@ pub struct ExpandedKey { offers_base_key: [u8; 32], /// The key used to encrypt message metadata for BOLT 12 Offers. offers_encryption_key: [u8; 32], + /// The key used to authenticate spontaneous payments' metadata as previously registered with LDK + /// for inclusion in a blinded path. + spontaneous_pmt_key: [u8; 32], } impl ExpandedKey { @@ -68,13 +71,15 @@ impl ExpandedKey { user_pmt_hash_key, offers_base_key, offers_encryption_key, - ) = hkdf_extract_expand_5x(b"LDK Inbound Payment Key Expansion", &key_material.0); + spontaneous_pmt_key, + ) = hkdf_extract_expand_6x(b"LDK Inbound Payment Key Expansion", &key_material.0); Self { metadata_key, ldk_pmt_hash_key, user_pmt_hash_key, offers_base_key, offers_encryption_key, + spontaneous_pmt_key, } } -- 2.39.5