From: Jeffrey Czyz Date: Thu, 24 Aug 2023 20:16:53 +0000 (-0500) Subject: Add an encryption key to ExpandedKey for Offers X-Git-Tag: v0.0.117-alpha1~32^2~3 X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=4fafae0733b451754c77c0692f8941d9122b78ed;p=rust-lightning Add an encryption key to ExpandedKey for Offers Metadata such as the PaymentId should be encrypted when included in an InvoiceRequest or a Refund, as it is user data and is exposed to the payment recipient. Add an encryption key to ExpandedKey for this purpose instead of reusing offers_base_key. --- diff --git a/lightning/src/ln/inbound_payment.rs b/lightning/src/ln/inbound_payment.rs index e01cdf364..956928fd7 100644 --- a/lightning/src/ln/inbound_payment.rs +++ b/lightning/src/ln/inbound_payment.rs @@ -19,7 +19,7 @@ use crate::ln::{PaymentHash, PaymentPreimage, PaymentSecret}; use crate::ln::msgs; use crate::ln::msgs::MAX_VALUE_MSAT; use crate::util::chacha20::ChaCha20; -use crate::util::crypto::hkdf_extract_expand_4x; +use crate::util::crypto::hkdf_extract_expand_5x; use crate::util::errors::APIError; use crate::util::logger::Logger; @@ -50,6 +50,8 @@ pub struct ExpandedKey { user_pmt_hash_key: [u8; 32], /// The base key used to derive signing keys and authenticate messages for BOLT 12 Offers. offers_base_key: [u8; 32], + /// The key used to encrypt message metadata for BOLT 12 Offers. + offers_encryption_key: [u8; 32], } impl ExpandedKey { @@ -57,13 +59,19 @@ impl ExpandedKey { /// /// It is recommended to cache this value and not regenerate it for each new inbound payment. pub fn new(key_material: &KeyMaterial) -> ExpandedKey { - let (metadata_key, ldk_pmt_hash_key, user_pmt_hash_key, offers_base_key) = - hkdf_extract_expand_4x(b"LDK Inbound Payment Key Expansion", &key_material.0); + let ( + metadata_key, + ldk_pmt_hash_key, + user_pmt_hash_key, + offers_base_key, + offers_encryption_key, + ) = hkdf_extract_expand_5x(b"LDK Inbound Payment Key Expansion", &key_material.0); Self { metadata_key, ldk_pmt_hash_key, user_pmt_hash_key, offers_base_key, + offers_encryption_key, } } diff --git a/lightning/src/util/crypto.rs b/lightning/src/util/crypto.rs index 617f71e42..cdd00d92a 100644 --- a/lightning/src/util/crypto.rs +++ b/lightning/src/util/crypto.rs @@ -24,7 +24,7 @@ macro_rules! hkdf_extract_expand { let (k1, k2, _) = hkdf_extract_expand!($salt, $ikm); (k1, k2) }}; - ($salt: expr, $ikm: expr, 4) => {{ + ($salt: expr, $ikm: expr, 5) => {{ let (k1, k2, prk) = hkdf_extract_expand!($salt, $ikm); let mut hmac = HmacEngine::::new(&prk[..]); @@ -35,7 +35,14 @@ macro_rules! hkdf_extract_expand { let mut hmac = HmacEngine::::new(&prk[..]); hmac.input(&k3); hmac.input(&[4; 1]); - (k1, k2, k3, Hmac::from_engine(hmac).into_inner()) + let k4 = Hmac::from_engine(hmac).into_inner(); + + let mut hmac = HmacEngine::::new(&prk[..]); + hmac.input(&k4); + hmac.input(&[5; 1]); + let k5 = Hmac::from_engine(hmac).into_inner(); + + (k1, k2, k3, k4, k5) }} } @@ -43,8 +50,8 @@ pub fn hkdf_extract_expand_twice(salt: &[u8], ikm: &[u8]) -> ([u8; 32], [u8; 32] hkdf_extract_expand!(salt, ikm, 2) } -pub fn hkdf_extract_expand_4x(salt: &[u8], ikm: &[u8]) -> ([u8; 32], [u8; 32], [u8; 32], [u8; 32]) { - hkdf_extract_expand!(salt, ikm, 4) +pub fn hkdf_extract_expand_5x(salt: &[u8], ikm: &[u8]) -> ([u8; 32], [u8; 32], [u8; 32], [u8; 32], [u8; 32]) { + hkdf_extract_expand!(salt, ikm, 5) } #[inline]