Skip to content

Commit 6d0254c

Browse files
TheBlueMattTheBlueMatt
authored
Merge pull request #4126 from shaavan/aad-payment
Introduce ReceiveAuthKey verification for Blinded Payment Paths
2 parents d4828c0 + b18ccb3 commit 6d0254c

File tree

14 files changed

+168
-308
lines changed

14 files changed

+168
-308
lines changed

fuzz/src/chanmon_consistency.rs

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -132,8 +132,9 @@ impl Router for FuzzRouter {
132132
}
133133

134134
fn create_blinded_payment_paths<T: secp256k1::Signing + secp256k1::Verification>(
135-
&self, _recipient: PublicKey, _first_hops: Vec<ChannelDetails>, _tlvs: ReceiveTlvs,
136-
_amount_msats: Option<u64>, _secp_ctx: &Secp256k1<T>,
135+
&self, _recipient: PublicKey, _local_node_receive_key: ReceiveAuthKey,
136+
_first_hops: Vec<ChannelDetails>, _tlvs: ReceiveTlvs, _amount_msats: Option<u64>,
137+
_secp_ctx: &Secp256k1<T>,
137138
) -> Result<Vec<BlindedPaymentPath>, ()> {
138139
unreachable!()
139140
}

fuzz/src/full_stack.rs

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -157,8 +157,9 @@ impl Router for FuzzRouter {
157157
}
158158

159159
fn create_blinded_payment_paths<T: secp256k1::Signing + secp256k1::Verification>(
160-
&self, _recipient: PublicKey, _first_hops: Vec<ChannelDetails>, _tlvs: ReceiveTlvs,
161-
_amount_msats: Option<u64>, _secp_ctx: &Secp256k1<T>,
160+
&self, _recipient: PublicKey, _local_node_receive_key: ReceiveAuthKey,
161+
_first_hops: Vec<ChannelDetails>, _tlvs: ReceiveTlvs, _amount_msats: Option<u64>,
162+
_secp_ctx: &Secp256k1<T>,
162163
) -> Result<Vec<BlindedPaymentPath>, ()> {
163164
unreachable!()
164165
}

fuzz/src/invoice_request_deser.rs

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -12,16 +12,15 @@ use bitcoin::secp256k1::{self, Keypair, Parity, PublicKey, Secp256k1, SecretKey}
1212
use core::convert::TryFrom;
1313
use lightning::blinded_path::payment::{
1414
BlindedPaymentPath, Bolt12OfferContext, ForwardTlvs, PaymentConstraints, PaymentContext,
15-
PaymentForwardNode, PaymentRelay, UnauthenticatedReceiveTlvs,
15+
PaymentForwardNode, PaymentRelay, ReceiveTlvs,
1616
};
1717
use lightning::ln::channelmanager::MIN_FINAL_CLTV_EXPIRY_DELTA;
1818
use lightning::ln::inbound_payment::ExpandedKey;
1919
use lightning::offers::invoice::UnsignedBolt12Invoice;
2020
use lightning::offers::invoice_request::{InvoiceRequest, InvoiceRequestFields};
21-
use lightning::offers::nonce::Nonce;
2221
use lightning::offers::offer::OfferId;
2322
use lightning::offers::parse::Bolt12SemanticError;
24-
use lightning::sign::EntropySource;
23+
use lightning::sign::{EntropySource, ReceiveAuthKey};
2524
use lightning::types::features::BlindedHopFeatures;
2625
use lightning::types::payment::{PaymentHash, PaymentSecret};
2726
use lightning::types::string::UntrustedString;
@@ -84,7 +83,7 @@ fn build_response<T: secp256k1::Signing + secp256k1::Verification>(
8483
) -> Result<UnsignedBolt12Invoice, Bolt12SemanticError> {
8584
let expanded_key = ExpandedKey::new([42; 32]);
8685
let entropy_source = Randomness {};
87-
let nonce = Nonce::from_entropy_source(&entropy_source);
86+
let receive_auth_key = ReceiveAuthKey([41; 32]);
8887

8988
let invoice_request_fields =
9089
if let Ok(ver) = invoice_request.clone().verify_using_metadata(&expanded_key, secp_ctx) {
@@ -106,15 +105,14 @@ fn build_response<T: secp256k1::Signing + secp256k1::Verification>(
106105
offer_id: OfferId([42; 32]),
107106
invoice_request: invoice_request_fields,
108107
});
109-
let payee_tlvs = UnauthenticatedReceiveTlvs {
108+
let payee_tlvs = ReceiveTlvs {
110109
payment_secret: PaymentSecret([42; 32]),
111110
payment_constraints: PaymentConstraints {
112111
max_cltv_expiry: 1_000_000,
113112
htlc_minimum_msat: 1,
114113
},
115114
payment_context,
116115
};
117-
let payee_tlvs = payee_tlvs.authenticate(nonce, &expanded_key);
118116
let intermediate_nodes = [PaymentForwardNode {
119117
tlvs: ForwardTlvs {
120118
short_channel_id: 43,
@@ -124,7 +122,7 @@ fn build_response<T: secp256k1::Signing + secp256k1::Verification>(
124122
fee_base_msat: 1,
125123
},
126124
payment_constraints: PaymentConstraints {
127-
max_cltv_expiry: payee_tlvs.tlvs().payment_constraints.max_cltv_expiry + 40,
125+
max_cltv_expiry: payee_tlvs.payment_constraints.max_cltv_expiry + 40,
128126
htlc_minimum_msat: 100,
129127
},
130128
features: BlindedHopFeatures::empty(),
@@ -136,6 +134,7 @@ fn build_response<T: secp256k1::Signing + secp256k1::Verification>(
136134
let payment_path = BlindedPaymentPath::new(
137135
&intermediate_nodes,
138136
pubkey(42),
137+
receive_auth_key,
139138
payee_tlvs,
140139
u64::MAX,
141140
MIN_FINAL_CLTV_EXPIRY_DELTA,

fuzz/src/refund_deser.rs

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -12,15 +12,13 @@ use bitcoin::secp256k1::{self, Keypair, PublicKey, Secp256k1, SecretKey};
1212
use core::convert::TryFrom;
1313
use lightning::blinded_path::payment::{
1414
BlindedPaymentPath, Bolt12RefundContext, ForwardTlvs, PaymentConstraints, PaymentContext,
15-
PaymentForwardNode, PaymentRelay, UnauthenticatedReceiveTlvs,
15+
PaymentForwardNode, PaymentRelay, ReceiveTlvs,
1616
};
1717
use lightning::ln::channelmanager::MIN_FINAL_CLTV_EXPIRY_DELTA;
18-
use lightning::ln::inbound_payment::ExpandedKey;
1918
use lightning::offers::invoice::UnsignedBolt12Invoice;
20-
use lightning::offers::nonce::Nonce;
2119
use lightning::offers::parse::Bolt12SemanticError;
2220
use lightning::offers::refund::Refund;
23-
use lightning::sign::EntropySource;
21+
use lightning::sign::{EntropySource, ReceiveAuthKey};
2422
use lightning::types::features::BlindedHopFeatures;
2523
use lightning::types::payment::{PaymentHash, PaymentSecret};
2624
use lightning::util::ser::Writeable;
@@ -69,19 +67,17 @@ fn privkey(byte: u8) -> SecretKey {
6967
fn build_response<T: secp256k1::Signing + secp256k1::Verification>(
7068
refund: &Refund, signing_pubkey: PublicKey, secp_ctx: &Secp256k1<T>,
7169
) -> Result<UnsignedBolt12Invoice, Bolt12SemanticError> {
72-
let expanded_key = ExpandedKey::new([42; 32]);
7370
let entropy_source = Randomness {};
74-
let nonce = Nonce::from_entropy_source(&entropy_source);
71+
let receive_auth_key = ReceiveAuthKey([41; 32]);
7572
let payment_context = PaymentContext::Bolt12Refund(Bolt12RefundContext {});
76-
let payee_tlvs = UnauthenticatedReceiveTlvs {
73+
let payee_tlvs = ReceiveTlvs {
7774
payment_secret: PaymentSecret([42; 32]),
7875
payment_constraints: PaymentConstraints {
7976
max_cltv_expiry: 1_000_000,
8077
htlc_minimum_msat: 1,
8178
},
8279
payment_context,
8380
};
84-
let payee_tlvs = payee_tlvs.authenticate(nonce, &expanded_key);
8581
let intermediate_nodes = [PaymentForwardNode {
8682
tlvs: ForwardTlvs {
8783
short_channel_id: 43,
@@ -91,7 +87,7 @@ fn build_response<T: secp256k1::Signing + secp256k1::Verification>(
9187
fee_base_msat: 1,
9288
},
9389
payment_constraints: PaymentConstraints {
94-
max_cltv_expiry: payee_tlvs.tlvs().payment_constraints.max_cltv_expiry + 40,
90+
max_cltv_expiry: payee_tlvs.payment_constraints.max_cltv_expiry + 40,
9591
htlc_minimum_msat: 100,
9692
},
9793
features: BlindedHopFeatures::empty(),
@@ -103,6 +99,7 @@ fn build_response<T: secp256k1::Signing + secp256k1::Verification>(
10399
let payment_path = BlindedPaymentPath::new(
104100
&intermediate_nodes,
105101
pubkey(42),
102+
receive_auth_key,
106103
payee_tlvs,
107104
u64::MAX,
108105
MIN_FINAL_CLTV_EXPIRY_DELTA,

0 commit comments

Comments
 (0)