Add get_inbound_payment_secret to KeysInterface

This will allow us to retrieve a key for encrypting/decrypting inbound
payment info, in upcoming commits

Author: valentinewallace

fuzz/src/chanmon_consistency.rs

@@ -164,6 +164,10 @@ impl KeysInterface for KeyProvider {
 		SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, self.node_id]).unwrap()
 	}
 
+	fn get_inbound_payment_secret(&self) -> SecretKey {
+		SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, self.node_id]).unwrap()
+	}
+
 	fn get_destination_script(&self) -> Script {
 		let secp_ctx = Secp256k1::signing_only();
 		let channel_monitor_claim_key = SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, self.node_id]).unwrap();

fuzz/src/full_stack.rs

@@ -257,6 +257,7 @@ impl<'a> Drop for MoneyLossDetector<'a> {
 
 struct KeyProvider {
 	node_secret: SecretKey,
+	inbound_payment_secret: SecretKey,
 	counter: AtomicU64,
 }
 impl KeysInterface for KeyProvider {
@@ -266,6 +267,10 @@ impl KeysInterface for KeyProvider {
 		self.node_secret.clone()
 	}
 
+	fn get_inbound_payment_secret(&self) -> SecretKey {
+		self.inbound_payment_secret.clone()
+	}
+
 	fn get_destination_script(&self) -> Script {
 		let secp_ctx = Secp256k1::signing_only();
 		let channel_monitor_claim_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
@@ -365,11 +370,16 @@ pub fn do_test(data: &[u8], logger: &Arc<dyn Logger>) {
 		Err(_) => return,
 	};
 
+	let inbound_payment_key = match SecretKey::from_slice(get_slice!(32)) {
+		Ok(key) => key,
+		Err(_) => return,
+	};
+
 	let broadcast = Arc::new(TestBroadcaster{ txn_broadcasted: Mutex::new(Vec::new()) });
 	let monitor = Arc::new(chainmonitor::ChainMonitor::new(None, broadcast.clone(), Arc::clone(&logger), fee_est.clone(),
 		Arc::new(TestPersister { update_ret: Mutex::new(Ok(())) })));
 
-	let keys_manager = Arc::new(KeyProvider { node_secret: our_network_key.clone(), counter: AtomicU64::new(0) });
+	let keys_manager = Arc::new(KeyProvider { node_secret: our_network_key.clone(), inbound_payment_secret: inbound_payment_key, counter: AtomicU64::new(0) });
 	let mut config = UserConfig::default();
 	config.channel_options.forwarding_fee_proportional_millionths =  slice_to_be32(get_slice!(4));
 	config.channel_options.announced_channel = get_slice!(1)[0] != 0;

lightning/src/chain/keysinterface.rs

@@ -397,6 +397,11 @@ pub trait KeysInterface {
 	/// this trait to parse the invoice and make sure they're signing what they expect, rather than
 	/// blindly signing the hash.
 	fn sign_invoice(&self, invoice_preimage: Vec<u8>) -> Result<RecoverableSignature, ()>;
+
+	/// Get a secret key for use in encrypting and decrypting inbound payment data.
+	///
+	/// This method must return the same value each time it is called.
+	fn get_inbound_payment_secret(&self) -> SecretKey;
 }
 
 #[derive(Clone)]
@@ -760,6 +765,7 @@ impl Readable for InMemorySigner {
 pub struct KeysManager {
 	secp_ctx: Secp256k1<secp256k1::All>,
 	node_secret: SecretKey,
+	inbound_payments_secret: SecretKey,
 	destination_script: Script,
 	shutdown_pubkey: PublicKey,
 	channel_master_key: ExtendedPrivKey,
@@ -800,6 +806,7 @@ impl KeysManager {
 		match ExtendedPrivKey::new_master(Network::Testnet, seed) {
 			Ok(master_key) => {
 				let node_secret = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(0).unwrap()).expect("Your RNG is busted").private_key.key;
+				let inbound_payments_secret = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(1).unwrap()).expect("Your RNG is busted").private_key.key;
 				let destination_script = match master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(1).unwrap()) {
 					Ok(destination_key) => {
 						let wpubkey_hash = WPubkeyHash::hash(&ExtendedPubKey::from_private(&secp_ctx, &destination_key).public_key.to_bytes());
@@ -824,6 +831,7 @@ impl KeysManager {
 				let mut res = KeysManager {
 					secp_ctx,
 					node_secret,
+					inbound_payments_secret,
 
 					destination_script,
 					shutdown_pubkey,
@@ -1032,6 +1040,10 @@ impl KeysInterface for KeysManager {
 		self.node_secret.clone()
 	}
 
+	fn get_inbound_payment_secret(&self) -> SecretKey {
+		self.inbound_payments_secret.clone()
+	}
+
 	fn get_destination_script(&self) -> Script {
 		self.destination_script.clone()
 	}

lightning/src/ln/channel.rs

@@ -5788,6 +5788,7 @@ mod tests {
 		type Signer = InMemorySigner;
 
 		fn get_node_secret(&self) -> SecretKey { panic!(); }
+		fn get_inbound_payment_secret(&self) -> SecretKey { panic!(); }
 		fn get_destination_script(&self) -> Script {
 			let secp_ctx = Secp256k1::signing_only();
 			let channel_monitor_claim_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();

lightning/src/util/test_utils.rs

@@ -70,6 +70,7 @@ impl keysinterface::KeysInterface for OnlyReadsKeysInterface {
 	type Signer = EnforcingSigner;
 
 	fn get_node_secret(&self) -> SecretKey { unreachable!(); }
+	fn get_inbound_payment_secret(&self) -> SecretKey { unreachable!(); }
 	fn get_destination_script(&self) -> Script { unreachable!(); }
 	fn get_shutdown_scriptpubkey(&self) -> ShutdownScript { unreachable!(); }
 	fn get_channel_signer(&self, _inbound: bool, _channel_value_satoshis: u64) -> EnforcingSigner { unreachable!(); }
@@ -461,6 +462,7 @@ impl keysinterface::KeysInterface for TestKeysInterface {
 	type Signer = EnforcingSigner;
 
 	fn get_node_secret(&self) -> SecretKey { self.backing.get_node_secret() }
+	fn get_inbound_payment_secret(&self) -> SecretKey { self.backing.get_inbound_payment_secret() }
 	fn get_destination_script(&self) -> Script { self.backing.get_destination_script() }
 
 	fn get_shutdown_scriptpubkey(&self) -> ShutdownScript {