]> git.bitcoin.ninja Git - rust-lightning/commit
projects / rust-lightning / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5a7f523) | patch
Verify inbound ReleaseHeldHtlc messages via hmac.
authorValentine Wallace <vwallace@protonmail.com>
Thu, 5 Sep 2024 21:32:08 +0000 (17:32 -0400)
committerValentine Wallace <vwallace@protonmail.com>
Fri, 13 Sep 2024 14:40:06 +0000 (10:40 -0400)
commit615eefb543822bf361bb11de07bf391a99095352
tree78e7570bd05035928a172df5f0a87a6b5cda3f13tree | snapshot
parent5a7f52313b9b530206cd4a8a9c812c0ca9d86ed7commit | diff
Verify inbound ReleaseHeldHtlc messages via hmac.

See AsyncPaymentsContext::hmac, but this prevents the recipient from
deanonymizing us. Without this, if they are able to guess the correct payment
id, then they could create a blinded path to us and confirm our identity.

We also move the PAYMENT_HASH_HMAC_INPUT const to use &[7; 16], which is safe
because this const was added since the last release. This ordering reads more
smoothly.
lightning/src/blinded_path/message.rs diff | blob | history
lightning/src/ln/channelmanager.rs diff | blob | history
lightning/src/offers/signer.rs diff | blob | history
Personal fork of Rust-Lightning. Upstream is https://github.com/rust-bitcoin/rust-lightning