Add new inbound payment key for spontaneous payments

valentinewallace · valentinewallace · commit 45f88ee7f9b7 · 2024-11-08T10:28:53.000-05:00
This key will be used in upcoming commits for encrypting metadata bytes for
spontaneous payments' payment secrets, to be included in the blinded paths of
static invoices for async payments. We need a new type of payment secret for
these payments because they don't have an a prior known payment hash, see the
next commit.
diff --git a/lightning/src/crypto/utils.rs b/lightning/src/crypto/utils.rs
@@ -24,7 +24,7 @@ macro_rules! hkdf_extract_expand {
 		let (k1, k2, _) = hkdf_extract_expand!($salt, $ikm);
 		(k1, k2)
 	}};
-	($salt: expr, $ikm: expr, 5) => {{
+	($salt: expr, $ikm: expr, 6) => {{
 		let (k1, k2, prk) = hkdf_extract_expand!($salt, $ikm);
 
 		let mut hmac = HmacEngine::<Sha256>::new(&prk[..]);
@@ -42,18 +42,23 @@ macro_rules! hkdf_extract_expand {
 		hmac.input(&[5; 1]);
 		let k5 = Hmac::from_engine(hmac).to_byte_array();
 
-		(k1, k2, k3, k4, k5)
+		let mut hmac = HmacEngine::<Sha256>::new(&prk[..]);
+		hmac.input(&k5);
+		hmac.input(&[6; 1]);
+		let k6 = Hmac::from_engine(hmac).to_byte_array();
+
+		(k1, k2, k3, k4, k5, k6)
 	}};
 }
 
 pub fn hkdf_extract_expand_twice(salt: &[u8], ikm: &[u8]) -> ([u8; 32], [u8; 32]) {
 	hkdf_extract_expand!(salt, ikm, 2)
 }
 
-pub fn hkdf_extract_expand_5x(
+pub fn hkdf_extract_expand_6x(
 	salt: &[u8], ikm: &[u8],
-) -> ([u8; 32], [u8; 32], [u8; 32], [u8; 32], [u8; 32]) {
-	hkdf_extract_expand!(salt, ikm, 5)
+) -> ([u8; 32], [u8; 32], [u8; 32], [u8; 32], [u8; 32], [u8; 32]) {
+	hkdf_extract_expand!(salt, ikm, 6)
 }
 
 #[inline]
diff --git a/lightning/src/ln/inbound_payment.rs b/lightning/src/ln/inbound_payment.rs
@@ -15,7 +15,7 @@ use bitcoin::hashes::hmac::{Hmac, HmacEngine};
 use bitcoin::hashes::sha256::Hash as Sha256;
 
 use crate::crypto::chacha20::ChaCha20;
-use crate::crypto::utils::hkdf_extract_expand_5x;
+use crate::crypto::utils::hkdf_extract_expand_6x;
 use crate::ln::msgs;
 use crate::ln::msgs::MAX_VALUE_MSAT;
 use crate::types::payment::{PaymentHash, PaymentPreimage, PaymentSecret};
@@ -55,6 +55,9 @@ pub struct ExpandedKey {
 	offers_base_key: [u8; 32],
 	/// The key used to encrypt message metadata for BOLT 12 Offers.
 	offers_encryption_key: [u8; 32],
+	/// The key used to authenticate spontaneous payments' metadata as previously registered with LDK
+	/// for inclusion in a blinded path.
+	spontaneous_pmt_key: [u8; 32],
 }
 
 impl ExpandedKey {
@@ -68,13 +71,15 @@ impl ExpandedKey {
 			user_pmt_hash_key,
 			offers_base_key,
 			offers_encryption_key,
-		) = hkdf_extract_expand_5x(b"LDK Inbound Payment Key Expansion", &key_material.0);
+			spontaneous_pmt_key,
+		) = hkdf_extract_expand_6x(b"LDK Inbound Payment Key Expansion", &key_material.0);
 		Self {
 			metadata_key,
 			ldk_pmt_hash_key,
 			user_pmt_hash_key,
 			offers_base_key,
 			offers_encryption_key,
+			spontaneous_pmt_key,
 		}
 	}
 
