Skip to content

Commit b0bd437

Browse files
TheBlueMattTheBlueMatt
authored
Merge pull request #3383 from valentinewallace/2024-09-blinded-keysend-verify
Verify blinded keysend payments
2 parents 739c412 + 9cc6969 commit b0bd437

File tree

7 files changed

+226
-121
lines changed

7 files changed

+226
-121
lines changed

lightning/src/crypto/utils.rs

+10-5
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ macro_rules! hkdf_extract_expand {
2424
let (k1, k2, _) = hkdf_extract_expand!($salt, $ikm);
2525
(k1, k2)
2626
}};
27-
($salt: expr, $ikm: expr, 5) => {{
27+
($salt: expr, $ikm: expr, 6) => {{
2828
let (k1, k2, prk) = hkdf_extract_expand!($salt, $ikm);
2929

3030
let mut hmac = HmacEngine::<Sha256>::new(&prk[..]);
@@ -42,18 +42,23 @@ macro_rules! hkdf_extract_expand {
4242
hmac.input(&[5; 1]);
4343
let k5 = Hmac::from_engine(hmac).to_byte_array();
4444

45-
(k1, k2, k3, k4, k5)
45+
let mut hmac = HmacEngine::<Sha256>::new(&prk[..]);
46+
hmac.input(&k5);
47+
hmac.input(&[6; 1]);
48+
let k6 = Hmac::from_engine(hmac).to_byte_array();
49+
50+
(k1, k2, k3, k4, k5, k6)
4651
}};
4752
}
4853

4954
pub fn hkdf_extract_expand_twice(salt: &[u8], ikm: &[u8]) -> ([u8; 32], [u8; 32]) {
5055
hkdf_extract_expand!(salt, ikm, 2)
5156
}
5257

53-
pub fn hkdf_extract_expand_5x(
58+
pub fn hkdf_extract_expand_6x(
5459
salt: &[u8], ikm: &[u8],
55-
) -> ([u8; 32], [u8; 32], [u8; 32], [u8; 32], [u8; 32]) {
56-
hkdf_extract_expand!(salt, ikm, 5)
60+
) -> ([u8; 32], [u8; 32], [u8; 32], [u8; 32], [u8; 32], [u8; 32]) {
61+
hkdf_extract_expand!(salt, ikm, 6)
5762
}
5863

5964
#[inline]

lightning/src/ln/blinded_payment_tests.rs

+75-2
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,10 @@ use crate::util::config::UserConfig;
3535
use crate::util::ser::WithoutLength;
3636
use crate::util::test_utils;
3737
use lightning_invoice::RawBolt11Invoice;
38+
#[cfg(async_payments)] use {
39+
crate::ln::inbound_payment,
40+
crate::types::payment::PaymentPreimage,
41+
};
3842

3943
fn blinded_payment_path(
4044
payment_secret: PaymentSecret, intro_node_min_htlc: u64, intro_node_max_htlc: u64,
@@ -1209,6 +1213,7 @@ fn conditionally_round_fwd_amt() {
12091213
}
12101214

12111215
#[test]
1216+
#[cfg(async_payments)]
12121217
fn blinded_keysend() {
12131218
let mut mpp_keysend_config = test_default_channel_config();
12141219
mpp_keysend_config.accept_mpp_keysend = true;
@@ -1219,8 +1224,15 @@ fn blinded_keysend() {
12191224
create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1_000_000, 0);
12201225
let chan_upd_1_2 = create_announced_chan_between_nodes_with_value(&nodes, 1, 2, 1_000_000, 0).0.contents;
12211226

1227+
let inbound_payment_key = inbound_payment::ExpandedKey::new(
1228+
&nodes[2].keys_manager.get_inbound_payment_key_material()
1229+
);
1230+
let payment_secret = inbound_payment::create_for_spontaneous_payment(
1231+
&inbound_payment_key, None, u32::MAX, nodes[2].node.duration_since_epoch().as_secs(), None
1232+
).unwrap();
1233+
12221234
let amt_msat = 5000;
1223-
let (keysend_preimage, _, payment_secret) = get_payment_preimage_hash(&nodes[2], None, None);
1235+
let keysend_preimage = PaymentPreimage([42; 32]);
12241236
let route_params = get_blinded_route_parameters(amt_msat, payment_secret, 1,
12251237
1_0000_0000,
12261238
nodes.iter().skip(1).map(|n| n.node.get_our_node_id()).collect(),
@@ -1241,6 +1253,7 @@ fn blinded_keysend() {
12411253
}
12421254

12431255
#[test]
1256+
#[cfg(async_payments)]
12441257
fn blinded_mpp_keysend() {
12451258
let mut mpp_keysend_config = test_default_channel_config();
12461259
mpp_keysend_config.accept_mpp_keysend = true;
@@ -1254,8 +1267,15 @@ fn blinded_mpp_keysend() {
12541267
let chan_1_3 = create_announced_chan_between_nodes(&nodes, 1, 3);
12551268
let chan_2_3 = create_announced_chan_between_nodes(&nodes, 2, 3);
12561269

1270+
let inbound_payment_key = inbound_payment::ExpandedKey::new(
1271+
&nodes[3].keys_manager.get_inbound_payment_key_material()
1272+
);
1273+
let payment_secret = inbound_payment::create_for_spontaneous_payment(
1274+
&inbound_payment_key, None, u32::MAX, nodes[3].node.duration_since_epoch().as_secs(), None
1275+
).unwrap();
1276+
12571277
let amt_msat = 15_000_000;
1258-
let (keysend_preimage, _, payment_secret) = get_payment_preimage_hash(&nodes[3], None, None);
1278+
let keysend_preimage = PaymentPreimage([42; 32]);
12591279
let route_params = {
12601280
let pay_params = PaymentParameters::blinded(
12611281
vec![
@@ -1293,6 +1313,59 @@ fn blinded_mpp_keysend() {
12931313
);
12941314
}
12951315

1316+
#[test]
1317+
#[cfg(async_payments)]
1318+
fn invalid_keysend_payment_secret() {
1319+
let mut mpp_keysend_config = test_default_channel_config();
1320+
mpp_keysend_config.accept_mpp_keysend = true;
1321+
let chanmon_cfgs = create_chanmon_cfgs(3);
1322+
let node_cfgs = create_node_cfgs(3, &chanmon_cfgs);
1323+
let node_chanmgrs = create_node_chanmgrs(3, &node_cfgs, &[None, None, Some(mpp_keysend_config)]);
1324+
let mut nodes = create_network(3, &node_cfgs, &node_chanmgrs);
1325+
create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1_000_000, 0);
1326+
let chan_upd_1_2 = create_announced_chan_between_nodes_with_value(&nodes, 1, 2, 1_000_000, 0).0.contents;
1327+
1328+
let invalid_payment_secret = PaymentSecret([42; 32]);
1329+
let amt_msat = 5000;
1330+
let keysend_preimage = PaymentPreimage([42; 32]);
1331+
let route_params = get_blinded_route_parameters(
1332+
amt_msat, invalid_payment_secret, 1, 1_0000_0000,
1333+
nodes.iter().skip(1).map(|n| n.node.get_our_node_id()).collect(), &[&chan_upd_1_2],
1334+
&chanmon_cfgs[2].keys_manager
1335+
);
1336+
1337+
let payment_hash = nodes[0].node.send_spontaneous_payment_with_retry(Some(keysend_preimage), RecipientOnionFields::spontaneous_empty(), PaymentId(keysend_preimage.0), route_params, Retry::Attempts(0)).unwrap();
1338+
check_added_monitors(&nodes[0], 1);
1339+
1340+
let expected_route: &[&[&Node]] = &[&[&nodes[1], &nodes[2]]];
1341+
let mut events = nodes[0].node.get_and_clear_pending_msg_events();
1342+
assert_eq!(events.len(), 1);
1343+
1344+
let ev = remove_first_msg_event_to_node(&nodes[1].node.get_our_node_id(), &mut events);
1345+
let args = PassAlongPathArgs::new(
1346+
&nodes[0], &expected_route[0], amt_msat, payment_hash, ev.clone()
1347+
)
1348+
.with_payment_secret(invalid_payment_secret)
1349+
.with_payment_preimage(keysend_preimage)
1350+
.expect_failure(HTLCDestination::FailedPayment { payment_hash });
1351+
do_pass_along_path(args);
1352+
1353+
let updates_2_1 = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
1354+
assert_eq!(updates_2_1.update_fail_malformed_htlcs.len(), 1);
1355+
let update_malformed = &updates_2_1.update_fail_malformed_htlcs[0];
1356+
assert_eq!(update_malformed.sha256_of_onion, [0; 32]);
1357+
assert_eq!(update_malformed.failure_code, INVALID_ONION_BLINDING);
1358+
nodes[1].node.handle_update_fail_malformed_htlc(nodes[2].node.get_our_node_id(), update_malformed);
1359+
do_commitment_signed_dance(&nodes[1], &nodes[2], &updates_2_1.commitment_signed, true, false);
1360+
1361+
let updates_1_0 = get_htlc_update_msgs!(nodes[1], nodes[0].node.get_our_node_id());
1362+
assert_eq!(updates_1_0.update_fail_htlcs.len(), 1);
1363+
nodes[0].node.handle_update_fail_htlc(nodes[1].node.get_our_node_id(), &updates_1_0.update_fail_htlcs[0]);
1364+
do_commitment_signed_dance(&nodes[0], &nodes[1], &updates_1_0.commitment_signed, false, false);
1365+
expect_payment_failed_conditions(&nodes[0], payment_hash, false,
1366+
PaymentFailedConditions::new().expected_htlc_error_data(INVALID_ONION_BLINDING, &[0; 32]));
1367+
}
1368+
12961369
#[test]
12971370
fn custom_tlvs_to_blinded_path() {
12981371
let chanmon_cfgs = create_chanmon_cfgs(2);

0 commit comments

Comments
 (0)