Add nonce to OffersContext::OutboundPayment

jkczyz · jkczyz · commit b3792092289f · 2024-07-12T17:45:59.000-05:00
To authenticate that a Bolt12Invoice is for a valid InvoiceRequest or
Refund, include the nonce from the payer_metadata in the InvoiceRequest
reply path or Refund::paths, respectively. This can be used to prevent
de-anonymization attacks where an attacker sends invoices using
self-constructed paths to nodes near the blinded paths' introduction
nodes.
diff --git a/lightning/src/blinded_path/message.rs b/lightning/src/blinded_path/message.rs
@@ -135,7 +135,13 @@ pub enum OffersContext {
 		///
 		/// [`Refund`]: crate::offers::refund::Refund
 		/// [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
-		payment_id: PaymentId
+		payment_id: PaymentId,
+		/// A nonce used for authenticating that an [`Invoice`] is for a valid [`Refund`] or
+		/// [`InvoiceRequest`] and for deriving their signing keys.
+		///
+		/// [`Refund`]: crate::offers::refund::Refund
+		/// [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
+		nonce: Nonce,
 	},
 	/// Context used by a [`BlindedPath`] for replying to a [`Bolt12Invoice`] with an
 	/// [`InvoiceError`].
@@ -162,6 +168,7 @@ impl_writeable_tlv_based_enum!(OffersContext,
 	},
 	(2, OutboundPayment) => {
 		(0, payment_id, required),
+		(1, nonce, required),
 	},
 	(3, InboundPayment) => {
 		(0, payment_hash, required),
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
@@ -8698,7 +8698,7 @@ macro_rules! create_refund_builder { ($self: ident, $builder: ty) => {
 		let secp_ctx = &$self.secp_ctx;
 
 		let nonce = Nonce::from_entropy_source(entropy);
-		let context = OffersContext::OutboundPayment { payment_id };
+		let context = OffersContext::OutboundPayment { payment_id, nonce };
 		let path = $self.create_blinded_path_using_absolute_expiry(context, Some(absolute_expiry))
 			.map_err(|_| Bolt12SemanticError::MissingPaths)?;
 		let builder = RefundBuilder::deriving_payer_id(
@@ -8824,7 +8824,7 @@ where
 		};
 		let invoice_request = builder.build_and_sign()?;
 
-		let context = OffersContext::OutboundPayment { payment_id };
+		let context = OffersContext::OutboundPayment { payment_id, nonce };
 		let reply_path = self.create_blinded_path(context).map_err(|_| Bolt12SemanticError::MissingPaths)?;
 
 		let _persistence_guard = PersistenceNotifierGuard::notify_on_drop(self);
@@ -10514,7 +10514,7 @@ where
 
 		let abandon_if_payment = |context| {
 			match context {
-				OffersContext::OutboundPayment { payment_id } => self.abandon_payment(payment_id),
+				OffersContext::OutboundPayment { payment_id, .. } => self.abandon_payment(payment_id),
 				_ => {},
 			}
 		};
@@ -10625,7 +10625,7 @@ where
 			OffersMessage::Invoice(invoice) => {
 				let expected_payment_id = match context {
 					OffersContext::Unknown {} if invoice.is_for_refund_without_paths() => None,
-					OffersContext::OutboundPayment { payment_id } => Some(payment_id),
+					OffersContext::OutboundPayment { payment_id, .. } => Some(payment_id),
 					_ => return ResponseInstruction::NoResponse,
 				};
 
