f - HMAC entire ReceiveTlvs

Author: jkczyz

lightning/src/ln/channelmanager.rs

@@ -198,8 +198,6 @@ pub enum PendingHTLCRouting {
 		custom_tlvs: Vec<(u64, Vec<u8>)>,
 		/// Set if this HTLC is the final hop in a multi-hop blinded path.
 		requires_blinded_error: bool,
-		/// An HMAC of `payment_context` along with a nonce used to construct it.
-		authentication: Option<(Hmac<Sha256>, Nonce)>,
 	},
 	/// The onion indicates that this is for payment to us but which contains the preimage for
 	/// claiming included, and is unrelated to any invoice we'd previously generated (aka a
@@ -5996,19 +5994,19 @@ where
 								let blinded_failure = routing.blinded_failure();
 								let (
 									cltv_expiry, onion_payload, payment_data, payment_context, phantom_shared_secret,
-									mut onion_fields, has_recipient_created_payment_secret, authentication,
+									mut onion_fields, has_recipient_created_payment_secret
 								) = match routing {
 									PendingHTLCRouting::Receive {
 										payment_data, payment_metadata, payment_context,
 										incoming_cltv_expiry, phantom_shared_secret, custom_tlvs,
-										requires_blinded_error: _, authentication,
+										requires_blinded_error: _
 									} => {
 										let _legacy_hop_data = Some(payment_data.clone());
 										let onion_fields = RecipientOnionFields { payment_secret: Some(payment_data.payment_secret),
 												payment_metadata, custom_tlvs };
 										(incoming_cltv_expiry, OnionPayload::Invoice { _legacy_hop_data },
 											Some(payment_data), payment_context, phantom_shared_secret, onion_fields,
-											true, authentication)
+											true)
 									},
 									PendingHTLCRouting::ReceiveKeysend {
 										payment_data, payment_preimage, payment_metadata,
@@ -6021,7 +6019,7 @@ where
 											custom_tlvs,
 										};
 										(incoming_cltv_expiry, OnionPayload::Spontaneous(payment_preimage),
-											payment_data, None, None, onion_fields, has_recipient_created_payment_secret, None)
+											payment_data, None, None, onion_fields, has_recipient_created_payment_secret)
 									},
 									_ => {
 										panic!("short_channel_id == 0 should imply any pending_forward entries are of type Receive");
@@ -6206,16 +6204,6 @@ where
 										payment_preimage
 									} else { fail_htlc!(claimable_htlc, payment_hash); }
 								} else { None };
-
-								// Authenticate the PaymentContext received over a BlindedPaymentPath
-								if let Some(payment_context) = payment_context.as_ref() {
-									if let Some((hmac, nonce)) = authentication {
-										if payment_context.verify_for_offer_payment(hmac, nonce, &self.inbound_payment_key).is_err() {
-											fail_htlc!(claimable_htlc, payment_hash);
-										}
-									}
-								}
-
 								match claimable_htlc.onion_payload {
 									OnionPayload::Invoice { .. } => {
 										let payment_data = payment_data.unwrap();
@@ -12374,7 +12362,6 @@ impl_writeable_tlv_based_enum!(PendingHTLCRouting,
 		(5, custom_tlvs, optional_vec),
 		(7, requires_blinded_error, (default_value, false)),
 		(9, payment_context, option),
-		(11, authentication, option),
 	},
 	(2, ReceiveKeysend) => {
 		(0, payment_preimage, required),

lightning/src/ln/msgs.rs

@@ -32,6 +32,7 @@ use bitcoin::script::ScriptBuf;
 use bitcoin::hash_types::Txid;
 
 use crate::blinded_path::payment::{BlindedPaymentTlvs, ForwardTlvs, ReceiveTlvs};
+use crate::ln::channelmanager::Verification;
 use crate::ln::types::ChannelId;
 use crate::types::payment::{PaymentPreimage, PaymentHash, PaymentSecret};
 use crate::types::features::{ChannelFeatures, ChannelTypeFeatures, InitFeatures, NodeFeatures};
@@ -1745,12 +1746,9 @@ pub struct FinalOnionHopData {
 }
 
 mod fuzzy_internal_msgs {
-	use bitcoin::hashes::hmac::Hmac;
-	use bitcoin::hashes::sha256::Hash as Sha256;
 	use bitcoin::secp256k1::PublicKey;
 	use crate::blinded_path::payment::{BlindedPaymentPath, PaymentConstraints, PaymentContext, PaymentRelay};
 	use crate::offers::invoice_request::InvoiceRequest;
-	use crate::offers::nonce::Nonce;
 	use crate::types::payment::{PaymentPreimage, PaymentSecret};
 	use crate::types::features::{BlindedHopFeatures, Bolt12InvoiceFeatures};
 	use super::{FinalOnionHopData, TrampolineOnionPacket};
@@ -1794,7 +1792,6 @@ mod fuzzy_internal_msgs {
 			intro_node_blinding_point: Option<PublicKey>,
 			keysend_preimage: Option<PaymentPreimage>,
 			custom_tlvs: Vec<(u64, Vec<u8>)>,
-			authentication: (Hmac<Sha256>, Nonce),
 		}
 	}
 
@@ -2911,9 +2908,19 @@ impl<NS: Deref> ReadableArgs<(Option<PublicKey>, NS)> for InboundOnionPayload wh
 						next_blinding_override,
 					})
 				},
-				ChaChaPolyReadAdapter { readable: BlindedPaymentTlvs::Receive(ReceiveTlvs {
-					payment_secret, payment_constraints, payment_context, authentication,
-				})} => {
+				ChaChaPolyReadAdapter { readable: BlindedPaymentTlvs::Receive(mut receive_tlvs) } => {
+					if let Some((hmac, nonce)) = receive_tlvs.authentication.take() {
+						let expanded_key = node_signer.get_inbound_payment_key();
+						if receive_tlvs.verify_for_offer_payment(hmac, nonce, &expanded_key).is_err() {
+							return Err(DecodeError::InvalidValue);
+						}
+					} else {
+						return Err(DecodeError::InvalidValue);
+					}
+
+					let ReceiveTlvs {
+						payment_secret, payment_constraints, payment_context, authentication: _,
+					} = receive_tlvs;
 					if total_msat.unwrap_or(0) > MAX_VALUE_MSAT { return Err(DecodeError::InvalidValue) }
 					Ok(Self::BlindedReceive {
 						sender_intended_htlc_amt_msat: amt.ok_or(DecodeError::InvalidValue)?,
@@ -2925,7 +2932,6 @@ impl<NS: Deref> ReadableArgs<(Option<PublicKey>, NS)> for InboundOnionPayload wh
 						intro_node_blinding_point,
 						keysend_preimage,
 						custom_tlvs,
-						authentication,
 					})
 				},
 			}

lightning/src/ln/onion_payment.rs

@@ -135,19 +135,18 @@ pub(super) fn create_recv_pending_htlc_info(
 ) -> Result<PendingHTLCInfo, InboundHTLCErr> {
 	let (
 		payment_data, keysend_preimage, custom_tlvs, onion_amt_msat, onion_cltv_expiry,
-		payment_metadata, payment_context, requires_blinded_error, has_recipient_created_payment_secret,
-		authentication,
+		payment_metadata, payment_context, requires_blinded_error, has_recipient_created_payment_secret
 	) = match hop_data {
 		msgs::InboundOnionPayload::Receive {
 			payment_data, keysend_preimage, custom_tlvs, sender_intended_htlc_amt_msat,
 			cltv_expiry_height, payment_metadata, ..
 		} =>
 			(payment_data, keysend_preimage, custom_tlvs, sender_intended_htlc_amt_msat,
-			 cltv_expiry_height, payment_metadata, None, false, keysend_preimage.is_none(), None),
+			 cltv_expiry_height, payment_metadata, None, false, keysend_preimage.is_none()),
 		msgs::InboundOnionPayload::BlindedReceive {
 			sender_intended_htlc_amt_msat, total_msat, cltv_expiry_height, payment_secret,
 			intro_node_blinding_point, payment_constraints, payment_context, keysend_preimage,
-			custom_tlvs, authentication,
+			custom_tlvs
 		} => {
 			check_blinded_payment_constraints(
 				sender_intended_htlc_amt_msat, cltv_expiry, &payment_constraints
@@ -162,7 +161,7 @@ pub(super) fn create_recv_pending_htlc_info(
 			let payment_data = msgs::FinalOnionHopData { payment_secret, total_msat };
 			(Some(payment_data), keysend_preimage, custom_tlvs,
 			 sender_intended_htlc_amt_msat, cltv_expiry_height, None, Some(payment_context),
-			 intro_node_blinding_point.is_none(), true, Some(authentication))
+			 intro_node_blinding_point.is_none(), true)
 		}
 		msgs::InboundOnionPayload::Forward { .. } => {
 			return Err(InboundHTLCErr {
@@ -253,7 +252,6 @@ pub(super) fn create_recv_pending_htlc_info(
 			phantom_shared_secret,
 			custom_tlvs,
 			requires_blinded_error,
-			authentication,
 		}
 	} else {
 		return Err(InboundHTLCErr {