Add HMAC, and nonce to OffersContext::InboundPayment

Introduce HMAC and nonce calculation when sending Invoice with
reply path, so that if we receive InvoiceError back for the
corresponding Invoice we can verify the payment hash before logging it.

diff --git a/lightning/src/blinded_path/message.rs b/lightning/src/blinded_path/message.rs
index e3899b50edbb822ce66b17c82626d84b219c1c55..256483fec01aebba1030dbd1e130a1b38ad77c38 100644 (file)
--- a/lightning/src/blinded_path/message.rs
+++ b/lightning/src/blinded_path/message.rs
@@ -347,6 +347,19 @@ pub enum OffersContext {
                ///
                /// [`Bolt12Invoice::payment_hash`]: crate::offers::invoice::Bolt12Invoice::payment_hash
                payment_hash: PaymentHash,
+
+               /// A nonce used for authenticating that a received [`InvoiceError`] is for a valid
+               /// sent [`Bolt12Invoice`].
+               ///
+               /// [`InvoiceError`]: crate::offers::invoice_error::InvoiceError
+               /// [`Bolt12Invoice`]: crate::offers::invoice::Bolt12Invoice
+               nonce: Nonce,
+
+               /// Authentication code for the [`PaymentHash`], which should be checked when the context is
+               /// used to log the received [`InvoiceError`].
+               ///
+               /// [`InvoiceError`]: crate::offers::invoice_error::InvoiceError
+               hmac: Hmac<Sha256>,
        },
 }
 
@@ -366,6 +379,8 @@ impl_writeable_tlv_based_enum!(OffersContext,
        },
        (2, InboundPayment) => {
                (0, payment_hash, required),
+               (1, nonce, required),
+               (2, hmac, required)
        },
 );
 

diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
index 56457e79cba9f9418d9c95ace2fe36e9c33cbdde..c8597f8f0354fa44f40d9ea52e48d2f197df4ed6 100644 (file)
--- a/lightning/src/ln/channelmanager.rs
+++ b/lightning/src/ln/channelmanager.rs
@@ -9226,8 +9226,10 @@ where
                                let builder: InvoiceBuilder<DerivedSigningPubkey> = builder.into();
                                let invoice = builder.allow_mpp().build_and_sign(secp_ctx)?;
 
+                               let nonce = Nonce::from_entropy_source(entropy);
+                               let hmac = payment_hash.hmac_for_offer_payment(nonce, expanded_key);
                                let context = OffersContext::InboundPayment {
-                                       payment_hash: invoice.payment_hash(),
+                                       payment_hash: invoice.payment_hash(), nonce, hmac
                                };
                                let reply_paths = self.create_blinded_paths(context)
                                        .map_err(|_| Bolt12SemanticError::MissingPaths)?;
@@ -10987,7 +10989,12 @@ where
                        },
                        OffersMessage::InvoiceError(invoice_error) => {
                                let payment_hash = match context {
-                                       Some(OffersContext::InboundPayment { payment_hash }) => Some(payment_hash),
+                                       Some(OffersContext::InboundPayment { payment_hash, nonce, hmac }) => {
+                                               match payment_hash.verify(hmac, nonce, expanded_key) {
+                                                       Ok(_) => Some(payment_hash),
+                                                       Err(_) => None,
+                                               }
+                                       },
                                        _ => None,
                                };