Authenticate Bolt12Invoice using OfferContext

When a Bolt12Invoice is handled with an OfferContext, use the
containing payment_id to verify that it is for a pending outbound
payment. Only invoices for refunds without any blinded paths can be
verified without an OfferContext.

diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
index b5356a85347f42335aba3d23f89d3bb9294647f9..6290a9d7e073a61a79615edcc697d4712421c174 100644 (file)
--- a/lightning/src/ln/channelmanager.rs
+++ b/lightning/src/ln/channelmanager.rs
@@ -10804,8 +10804,20 @@ where
                                }
                        },
                        OffersMessage::Invoice(invoice) => {
+                               let expected_payment_id = match context {
+                                       OffersContext::Unknown {} if invoice.is_for_refund_without_paths() => None,
+                                       OffersContext::OutboundPayment { payment_id } => Some(payment_id),
+                                       _ => return ResponseInstruction::NoResponse,
+                               };
+
                                let result = match invoice.verify(expanded_key, secp_ctx) {
                                        Ok(payment_id) => {
+                                               if let Some(expected_payment_id) = expected_payment_id {
+                                                       if payment_id != expected_payment_id {
+                                                               return ResponseInstruction::NoResponse;
+                                                       }
+                                               }
+
                                                let features = self.bolt12_invoice_features();
                                                if invoice.invoice_features().requires_unknown_bits_from(&features) {
                                                        Err(InvoiceError::from(Bolt12SemanticError::UnknownRequiredFeatures))

diff --git a/lightning/src/offers/invoice.rs b/lightning/src/offers/invoice.rs
index 2d34b1c0977cf9da6497e30051740811f8d0851b..69eafbdc54901d0ffc17067d78eed90f77f46a5f 100644 (file)
--- a/lightning/src/offers/invoice.rs
+++ b/lightning/src/offers/invoice.rs
@@ -787,6 +787,13 @@ impl Bolt12Invoice {
                (payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream, invoice_tlv_stream,
                 signature_tlv_stream)
        }
+
+       pub(crate) fn is_for_refund_without_paths(&self) -> bool {
+               match self.contents {
+                       InvoiceContents::ForOffer { .. } => false,
+                       InvoiceContents::ForRefund { .. } => self.message_paths().is_empty(),
+               }
+       }
 }
 
 impl PartialEq for Bolt12Invoice {