From: Valentine Wallace <vwallace@protonmail.com>
Date: Thu, 26 Oct 2023 19:16:42 +0000 (-0400)
Subject: Support receiving to multi-hop blinded payment paths.
X-Git-Tag: v0.0.119~9^2~24
X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=51f41ce7ce1853a1385cac9216729706829f8479;p=rust-lightning

Support receiving to multi-hop blinded payment paths.

The only remaining step is to use the update_add blinding point in decoding
inbound onion payloads.

Error handling will be completed in upcoming commits.
---

diff --git a/lightning/src/ln/onion_payment.rs b/lightning/src/ln/onion_payment.rs
index f61c05df..5f03b86e 100644
--- a/lightning/src/ln/onion_payment.rs
+++ b/lightning/src/ln/onion_payment.rs
@@ -3,9 +3,10 @@
 //! Primarily features [`peel_payment_onion`], which allows the decoding of an onion statelessly
 //! and can be used to predict whether we'd accept a payment.
 
-use bitcoin::hashes::Hash;
+use bitcoin::hashes::{Hash, HashEngine};
+use bitcoin::hashes::hmac::{Hmac, HmacEngine};
 use bitcoin::hashes::sha256::Hash as Sha256;
-use bitcoin::secp256k1::{self, Secp256k1, PublicKey};
+use bitcoin::secp256k1::{self, PublicKey, Scalar, Secp256k1};
 
 use crate::blinded_path;
 use crate::blinded_path::payment::{PaymentConstraints, PaymentRelay};
@@ -326,8 +327,14 @@ where
 		return_malformed_err!("invalid ephemeral pubkey", 0x8000 | 0x4000 | 6);
 	}
 
+	let blinded_node_id_tweak = msg.blinding_point.map(|bp| {
+		let blinded_tlvs_ss = node_signer.ecdh(Recipient::Node, &bp, None).unwrap().secret_bytes();
+		let mut hmac = HmacEngine::<Sha256>::new(b"blinded_node_id");
+		hmac.input(blinded_tlvs_ss.as_ref());
+		Scalar::from_be_bytes(Hmac::from_engine(hmac).to_byte_array()).unwrap()
+	});
 	let shared_secret = node_signer.ecdh(
-		Recipient::Node, &msg.onion_routing_packet.public_key.unwrap(), None
+		Recipient::Node, &msg.onion_routing_packet.public_key.unwrap(), blinded_node_id_tweak.as_ref()
 	).unwrap().secret_bytes();
 
 	if msg.onion_routing_packet.version != 0 {