f - HMAC entire ReceiveTlvs

jkczyz · jkczyz · commit 7835f4a0dec9 · 2024-12-05T16:08:23.000-06:00
diff --git a/fuzz/src/invoice_request_deser.rs b/fuzz/src/invoice_request_deser.rs
@@ -14,14 +14,12 @@ use lightning::blinded_path::payment::{
 	BlindedPaymentPath, Bolt12OfferContext, ForwardTlvs, PaymentConstraints, PaymentContext,
 	PaymentForwardNode, PaymentRelay, ReceiveTlvs,
 };
-use lightning::ln::channelmanager::{MIN_FINAL_CLTV_EXPIRY_DELTA, Verification};
-use lightning::ln::inbound_payment::ExpandedKey;
+use lightning::ln::channelmanager::MIN_FINAL_CLTV_EXPIRY_DELTA;
 use lightning::offers::invoice::UnsignedBolt12Invoice;
 use lightning::offers::invoice_request::{InvoiceRequest, InvoiceRequestFields};
-use lightning::offers::nonce::Nonce;
 use lightning::offers::offer::OfferId;
 use lightning::offers::parse::Bolt12SemanticError;
-use lightning::sign::{EntropySource, KeyMaterial};
+use lightning::sign::EntropySource;
 use lightning::types::features::BlindedHopFeatures;
 use lightning::types::payment::{PaymentHash, PaymentSecret};
 use lightning::util::ser::Writeable;
@@ -82,7 +80,6 @@ fn privkey(byte: u8) -> SecretKey {
 fn build_response<T: secp256k1::Signing + secp256k1::Verification>(
 	invoice_request: &InvoiceRequest, secp_ctx: &Secp256k1<T>,
 ) -> Result<UnsignedBolt12Invoice, Bolt12SemanticError> {
-	let expanded_key = ExpandedKey::new(&KeyMaterial([42; 32]));
 	let entropy_source = Randomness {};
 	let payment_context = PaymentContext::Bolt12Offer(Bolt12OfferContext {
 		offer_id: OfferId([42; 32]),
@@ -95,16 +92,14 @@ fn build_response<T: secp256k1::Signing + secp256k1::Verification>(
 			human_readable_name: None,
 		},
 	});
-	let nonce = Nonce::from_entropy_source(&entropy_source);
-	let hmac = payment_context.hmac_for_offer_payment(nonce, &expanded_key);
 	let payee_tlvs = ReceiveTlvs {
 		payment_secret: PaymentSecret([42; 32]),
 		payment_constraints: PaymentConstraints {
 			max_cltv_expiry: 1_000_000,
 			htlc_minimum_msat: 1,
 		},
 		payment_context,
-		authentication: (hmac, nonce),
+		authentication: None,
 	};
 	let intermediate_nodes = [PaymentForwardNode {
 		tlvs: ForwardTlvs {
diff --git a/fuzz/src/refund_deser.rs b/fuzz/src/refund_deser.rs
@@ -14,13 +14,11 @@ use lightning::blinded_path::payment::{
 	BlindedPaymentPath, Bolt12RefundContext, ForwardTlvs, PaymentConstraints, PaymentContext,
 	PaymentForwardNode, PaymentRelay, ReceiveTlvs,
 };
-use lightning::ln::channelmanager::{MIN_FINAL_CLTV_EXPIRY_DELTA, Verification};
-use lightning::ln::inbound_payment::ExpandedKey;
+use lightning::ln::channelmanager::MIN_FINAL_CLTV_EXPIRY_DELTA;
 use lightning::offers::invoice::UnsignedBolt12Invoice;
-use lightning::offers::nonce::Nonce;
 use lightning::offers::parse::Bolt12SemanticError;
 use lightning::offers::refund::Refund;
-use lightning::sign::{EntropySource, KeyMaterial};
+use lightning::sign::EntropySource;
 use lightning::types::features::BlindedHopFeatures;
 use lightning::types::payment::{PaymentHash, PaymentSecret};
 use lightning::util::ser::Writeable;
@@ -69,19 +67,16 @@ fn privkey(byte: u8) -> SecretKey {
 fn build_response<T: secp256k1::Signing + secp256k1::Verification>(
 	refund: &Refund, signing_pubkey: PublicKey, secp_ctx: &Secp256k1<T>,
 ) -> Result<UnsignedBolt12Invoice, Bolt12SemanticError> {
-	let expanded_key = ExpandedKey::new(&KeyMaterial([42; 32]));
 	let entropy_source = Randomness {};
 	let payment_context = PaymentContext::Bolt12Refund(Bolt12RefundContext {});
-	let nonce = Nonce::from_entropy_source(&entropy_source);
-	let hmac = payment_context.hmac_for_offer_payment(nonce, &expanded_key);
 	let payee_tlvs = ReceiveTlvs {
 		payment_secret: PaymentSecret([42; 32]),
 		payment_constraints: PaymentConstraints {
 			max_cltv_expiry: 1_000_000,
 			htlc_minimum_msat: 1,
 		},
 		payment_context,
-		authentication: (hmac, nonce),
+		authentication: None,
 	};
 	let intermediate_nodes = [PaymentForwardNode {
 		tlvs: ForwardTlvs {
diff --git a/lightning/src/blinded_path/payment.rs b/lightning/src/blinded_path/payment.rs
@@ -264,7 +264,7 @@ pub struct ReceiveTlvs {
 	/// Context for the receiver of this payment.
 	pub payment_context: PaymentContext,
 	/// An HMAC of `payment_context` along with a nonce used to construct it.
-	pub authentication: (Hmac<Sha256>, Nonce),
+	pub authentication: Option<(Hmac<Sha256>, Nonce)>,
 }
 
 /// Data to construct a [`BlindedHop`] for sending a payment over.
@@ -410,7 +410,7 @@ impl Writeable for ReceiveTlvs {
 			(12, self.payment_constraints, required),
 			(65536, self.payment_secret, required),
 			(65537, self.payment_context, required),
-			(65539, self.authentication, required),
+			(65539, self.authentication, option),
 		});
 		Ok(())
 	}
@@ -459,7 +459,7 @@ impl Readable for BlindedPaymentTlvs {
 				payment_secret: payment_secret.ok_or(DecodeError::InvalidValue)?,
 				payment_constraints: payment_constraints.0.unwrap(),
 				payment_context: payment_context.0.unwrap(),
-				authentication: authentication.ok_or(DecodeError::InvalidValue)?,
+				authentication,
 			}))
 		}
 	}
@@ -638,15 +638,11 @@ impl_writeable_tlv_based!(Bolt12RefundContext, {});
 
 #[cfg(test)]
 mod tests {
-	use bitcoin::hashes::hmac::Hmac;
-	use bitcoin::hashes::sha256::Hash as Sha256;
-	use bitcoin::hashes::Hash;
 	use bitcoin::secp256k1::PublicKey;
 	use crate::blinded_path::payment::{PaymentForwardNode, ForwardTlvs, ReceiveTlvs, PaymentConstraints, PaymentContext, PaymentRelay};
 	use crate::types::payment::PaymentSecret;
 	use crate::types::features::BlindedHopFeatures;
 	use crate::ln::functional_test_utils::TEST_FINAL_CLTV;
-	use crate::offers::nonce::Nonce;
 
 	#[test]
 	fn compute_payinfo() {
@@ -695,7 +691,7 @@ mod tests {
 				htlc_minimum_msat: 1,
 			},
 			payment_context: PaymentContext::unknown(),
-			authentication: (Hmac::<Sha256>::hash(&[42u8]), Nonce([42u8; 16])),
+			authentication: None,
 		};
 		let htlc_maximum_msat = 100_000;
 		let blinded_payinfo = super::compute_payinfo(&intermediate_nodes[..], &recv_tlvs, htlc_maximum_msat, 12).unwrap();
@@ -715,7 +711,7 @@ mod tests {
 				htlc_minimum_msat: 1,
 			},
 			payment_context: PaymentContext::unknown(),
-			authentication: (Hmac::<Sha256>::hash(&[42u8]), Nonce([42u8; 16])),
+			authentication: None,
 		};
 		let blinded_payinfo = super::compute_payinfo(&[], &recv_tlvs, 4242, TEST_FINAL_CLTV as u16).unwrap();
 		assert_eq!(blinded_payinfo.fee_base_msat, 0);
@@ -772,7 +768,7 @@ mod tests {
 				htlc_minimum_msat: 3,
 			},
 			payment_context: PaymentContext::unknown(),
-			authentication: (Hmac::<Sha256>::hash(&[42u8]), Nonce([42u8; 16])),
+			authentication: None,
 		};
 		let htlc_maximum_msat = 100_000;
 		let blinded_payinfo = super::compute_payinfo(&intermediate_nodes[..], &recv_tlvs, htlc_maximum_msat, TEST_FINAL_CLTV as u16).unwrap();
@@ -826,7 +822,7 @@ mod tests {
 				htlc_minimum_msat: 1,
 			},
 			payment_context: PaymentContext::unknown(),
-			authentication: (Hmac::<Sha256>::hash(&[42u8]), Nonce([42u8; 16])),
+			authentication: None,
 		};
 		let htlc_minimum_msat = 3798;
 		assert!(super::compute_payinfo(&intermediate_nodes[..], &recv_tlvs, htlc_minimum_msat - 1, TEST_FINAL_CLTV as u16).is_err());
@@ -884,7 +880,7 @@ mod tests {
 				htlc_minimum_msat: 1,
 			},
 			payment_context: PaymentContext::unknown(),
-			authentication: (Hmac::<Sha256>::hash(&[42u8]), Nonce([42u8; 16])),
+			authentication: None,
 		};
 
 		let blinded_payinfo = super::compute_payinfo(&intermediate_nodes[..], &recv_tlvs, 10_000, TEST_FINAL_CLTV as u16).unwrap();
diff --git a/lightning/src/ln/blinded_payment_tests.rs b/lightning/src/ln/blinded_payment_tests.rs
@@ -74,17 +74,17 @@ fn blinded_payment_path(
 		});
 	}
 
-	let payment_context = PaymentContext::unknown();
-	let payee_tlvs = ReceiveTlvs {
+	let mut payee_tlvs = ReceiveTlvs {
 		payment_secret,
 		payment_constraints: PaymentConstraints {
 			max_cltv_expiry: u32::max_value(),
 			htlc_minimum_msat:
 				intro_node_min_htlc_opt.unwrap_or_else(|| channel_upds.last().unwrap().htlc_minimum_msat),
 		},
-		authentication: hmac_payment_context(&payment_context, keys_manager),
-		payment_context,
+		payment_context: PaymentContext::unknown(),
+		authentication: None,
 	};
+	payee_tlvs.authentication = Some(hmac_payee_tlvs(&payee_tlvs, keys_manager));
 
 	let mut secp_ctx = Secp256k1::new();
 	BlindedPaymentPath::new(
@@ -94,12 +94,12 @@ fn blinded_payment_path(
 	).unwrap()
 }
 
-fn hmac_payment_context(
-	payment_context: &PaymentContext, keys_manager: &test_utils::TestKeysInterface,
+fn hmac_payee_tlvs(
+	payee_tlvs: &ReceiveTlvs, keys_manager: &test_utils::TestKeysInterface,
 ) -> (Hmac<Sha256>, Nonce) {
 	let nonce = Nonce([42u8; 16]);
 	let expanded_key = ExpandedKey::new(&keys_manager.get_inbound_payment_key_material());
-	let hmac = payment_context.hmac_for_offer_payment(nonce, &expanded_key);
+	let hmac = payee_tlvs.hmac_for_offer_payment(nonce, &expanded_key);
 	(hmac, nonce)
 }
 
@@ -133,16 +133,16 @@ fn do_one_hop_blinded_path(success: bool) {
 
 	let amt_msat = 5000;
 	let (payment_preimage, payment_hash, payment_secret) = get_payment_preimage_hash(&nodes[1], Some(amt_msat), None);
-	let payment_context = PaymentContext::unknown();
-	let payee_tlvs = ReceiveTlvs {
+	let mut payee_tlvs = ReceiveTlvs {
 		payment_secret,
 		payment_constraints: PaymentConstraints {
 			max_cltv_expiry: u32::max_value(),
 			htlc_minimum_msat: chan_upd.htlc_minimum_msat,
 		},
-		authentication: hmac_payment_context(&payment_context, &chanmon_cfgs[1].keys_manager),
-		payment_context,
+		payment_context: PaymentContext::unknown(),
+		authentication: None,
 	};
+	payee_tlvs.authentication = Some(hmac_payee_tlvs(&payee_tlvs, &chanmon_cfgs[1].keys_manager));
 	let mut secp_ctx = Secp256k1::new();
 	let blinded_path = BlindedPaymentPath::new(
 		&[], nodes[1].node.get_our_node_id(), payee_tlvs, u64::MAX, TEST_FINAL_CLTV as u16,
@@ -179,16 +179,16 @@ fn mpp_to_one_hop_blinded_path() {
 
 	let amt_msat = 15_000_000;
 	let (payment_preimage, payment_hash, payment_secret) = get_payment_preimage_hash(&nodes[3], Some(amt_msat), None);
-	let payment_context = PaymentContext::unknown();
-	let payee_tlvs = ReceiveTlvs {
+	let mut payee_tlvs = ReceiveTlvs {
 		payment_secret,
 		payment_constraints: PaymentConstraints {
 			max_cltv_expiry: u32::max_value(),
 			htlc_minimum_msat: chan_upd_1_3.htlc_minimum_msat,
 		},
-		authentication: hmac_payment_context(&payment_context, &chanmon_cfgs[3].keys_manager),
-		payment_context,
+		payment_context: PaymentContext::unknown(),
+		authentication: None,
 	};
+	payee_tlvs.authentication = Some(hmac_payee_tlvs(&payee_tlvs, &chanmon_cfgs[3].keys_manager));
 	let blinded_path = BlindedPaymentPath::new(
 		&[], nodes[3].node.get_our_node_id(), payee_tlvs, u64::MAX, TEST_FINAL_CLTV as u16,
 		&chanmon_cfgs[3].keys_manager, &secp_ctx
@@ -1396,16 +1396,16 @@ fn custom_tlvs_to_blinded_path() {
 
 	let amt_msat = 5000;
 	let (payment_preimage, payment_hash, payment_secret) = get_payment_preimage_hash(&nodes[1], Some(amt_msat), None);
-	let payment_context = PaymentContext::unknown();
-	let payee_tlvs = ReceiveTlvs {
+	let mut payee_tlvs = ReceiveTlvs {
 		payment_secret,
 		payment_constraints: PaymentConstraints {
 			max_cltv_expiry: u32::max_value(),
 			htlc_minimum_msat: chan_upd.htlc_minimum_msat,
 		},
-		authentication: hmac_payment_context(&payment_context, &chanmon_cfgs[1].keys_manager),
-		payment_context,
+		payment_context: PaymentContext::unknown(),
+		authentication: None,
 	};
+	payee_tlvs.authentication = Some(hmac_payee_tlvs(&payee_tlvs, &chanmon_cfgs[1].keys_manager));
 	let mut secp_ctx = Secp256k1::new();
 	let blinded_path = BlindedPaymentPath::new(
 		&[], nodes[1].node.get_our_node_id(), payee_tlvs, u64::MAX, TEST_FINAL_CLTV as u16,
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
@@ -10481,18 +10481,18 @@ where
 		let max_cltv_expiry = self.best_block.read().unwrap().height + CLTV_FAR_FAR_AWAY
 			+ LATENCY_GRACE_PERIOD_BLOCKS;
 
-		let nonce = Nonce::from_entropy_source(entropy);
-		let hmac = payment_context.hmac_for_offer_payment(nonce, expanded_key);
-
-		let payee_tlvs = ReceiveTlvs {
+		let mut payee_tlvs = ReceiveTlvs {
 			payment_secret,
 			payment_constraints: PaymentConstraints {
 				max_cltv_expiry,
 				htlc_minimum_msat: 1,
 			},
 			payment_context,
-			authentication: (hmac, nonce),
+			authentication: None,
 		};
+		let nonce = Nonce::from_entropy_source(entropy);
+		let hmac = payee_tlvs.hmac_for_offer_payment(nonce, expanded_key);
+		payee_tlvs.authentication = Some((hmac, nonce));
 
 		self.router.create_blinded_payment_paths(
 			payee_node_id, first_hops, payee_tlvs, amount_msats, secp_ctx
diff --git a/lightning/src/ln/max_payment_path_len_tests.rs b/lightning/src/ln/max_payment_path_len_tests.rs
@@ -160,19 +160,19 @@ fn one_hop_blinded_path_with_custom_tlv() {
 	// Construct the route parameters for sending to nodes[2]'s 1-hop blinded path.
 	let amt_msat = 100_000;
 	let (payment_preimage, payment_hash, payment_secret) = get_payment_preimage_hash(&nodes[2], Some(amt_msat), None);
-	let payment_context = PaymentContext::unknown();
-	let nonce = Nonce([42u8; 16]);
-	let expanded_key = ExpandedKey::new(&chanmon_cfgs[2].keys_manager.get_inbound_payment_key_material());
-	let hmac = payment_context.hmac_for_offer_payment(nonce, &expanded_key);
-	let payee_tlvs = ReceiveTlvs {
+	let mut payee_tlvs = ReceiveTlvs {
 		payment_secret,
 		payment_constraints: PaymentConstraints {
 			max_cltv_expiry: u32::max_value(),
 			htlc_minimum_msat: chan_upd_1_2.htlc_minimum_msat,
 		},
-		payment_context,
-		authentication: (hmac, nonce),
+		payment_context: PaymentContext::unknown(),
+		authentication: None,
 	};
+	let nonce = Nonce([42u8; 16]);
+	let expanded_key = ExpandedKey::new(&chanmon_cfgs[2].keys_manager.get_inbound_payment_key_material());
+	let hmac = payee_tlvs.hmac_for_offer_payment(nonce, &expanded_key);
+	payee_tlvs.authentication = Some((hmac, nonce));
 	let mut secp_ctx = Secp256k1::new();
 	let blinded_path = BlindedPaymentPath::new(
 		&[], nodes[2].node.get_our_node_id(), payee_tlvs, u64::MAX, TEST_FINAL_CLTV as u16,
