Support responding to refunds with transient keys

[rust-lightning] / lightning / src / offers / signer.rs

diff --git a/lightning/src/offers/signer.rs b/lightning/src/offers/signer.rs
index 7229775aa0b3b959bd83df3e70269f172a5bc153..8d5f98e6f6b050993474bbedbcc9a0f25c409980 100644 (file)
--- a/lightning/src/offers/signer.rs
+++ b/lightning/src/offers/signer.rs
@@ -162,6 +162,14 @@ impl MetadataMaterial {
        }
 }
 
+pub(super) fn derive_keys(nonce: Nonce, expanded_key: &ExpandedKey) -> KeyPair {
+       const IV_BYTES: &[u8; IV_LEN] = b"LDK Invoice ~~~~";
+       let secp_ctx = Secp256k1::new();
+       let hmac = Hmac::from_engine(expanded_key.hmac_for_offer(nonce, IV_BYTES));
+       let privkey = SecretKey::from_slice(hmac.as_inner()).unwrap();
+       KeyPair::from_secret_key(&secp_ctx, &privkey)
+}
+
 /// Verifies data given in a TLV stream was used to produce the given metadata, consisting of:
 /// - a 128-bit [`Nonce`] and possibly
 /// - a [`Sha256`] hash of the nonce and the TLV records using the [`ExpandedKey`].