core-lightning/common/blindedpath.h

#ifndef LIGHTNING_COMMON_BLINDEDPATH_H
#define LIGHTNING_COMMON_BLINDEDPATH_H
#include "config.h"
#include <ccan/compiler/compiler.h>
#include <ccan/short_types/short_types.h>
#include <ccan/tal/tal.h>

struct route_info;
struct pubkey;
struct privkey;
struct secret;
struct short_channel_id;
struct tlv_encrypted_data_tlv;
struct tlv_encrypted_data_tlv_payment_constraints;
struct tlv_encrypted_data_tlv_payment_relay;

/**
 * encrypt_tlv_encrypted_data - Encrypt a tlv_encrypted_data_tlv.
 * @ctx: tal context
 * @path_privkey: e(i), the path key
 * @node: the pubkey of the node to encrypt for
 * @tlv: the message to encrypt.
 * @next_path_privkey: (out) e(i+1), the next blinding secret (optional)
 * @node_alias: (out) the blinded pubkey of the node to tell the recipient.
 *
 * You create a blinding secret using randombytes_buf(), then call this
 * iteratively for each node in the path.
 */
u8 *encrypt_tlv_encrypted_data(const tal_t *ctx,
			       const struct privkey *path_privkey,
			       const struct pubkey *node,
			       const struct tlv_encrypted_data_tlv *tlv,
			       struct privkey *next_path_privkey,
			       struct pubkey *node_alias)
	NON_NULL_ARGS(2, 3, 4, 6);

/**
 * unblind_onion - tweak onion epheremeral key so we can decode it with ours.
 * @path_key: E(i), the blinding pubkey the previous peer gave us.
 * @ecdh: the ecdh routine (usually ecdh from common/ecdh_hsmd).
 * @onion_key: (in, out) the onionpacket->ephemeralkey to tweak.
 * @ss: (out) the shared secret we gained from blinding pubkey.
 *
 * The shared secret is needed to decrypt the enctlv we expect to find, too.
 */
bool unblind_onion(const struct pubkey *path_key,
		   void (*ecdh)(const struct pubkey *point, struct secret *ss),
		   struct pubkey *onion_key,
		   struct secret *ss)
	NO_NULL_ARGS;

/**
 * blindedpath_get_alias - tweak our id to see alias they used.
 * @ss: the shared secret from unblind_onion
 * @my_id: my node_id
 * @alias: (out) the alias.
 *
 * Returns false on ECDH fail.
 */
bool blindedpath_get_alias(const struct secret *ss,
			   const struct pubkey *my_id,
			   struct pubkey *alias);

/**
 * decrypt_encrypted_data - Decrypt an encmsg to form an tlv_encrypted_data_tlv.
 * @ctx: the context to allocate off.
 * @ss: the blinding secret from unblind_onion().
 * @enctlv: the enctlv from the onion (tal, may be NULL).
 *
 * Returns NULL if decryption failed or encmsg was malformed.
 */
struct tlv_encrypted_data_tlv *decrypt_encrypted_data(const tal_t *ctx,
						      const struct secret *ss,
						      const u8 *enctlv)
	NON_NULL_ARGS(2, 3);

/* Low-level accessor */
u8 *decrypt_encmsg_raw(const tal_t *ctx,
		       const struct secret *ss,
		       const u8 *enctlv);

/**
 * blindedpath_next_path_key - Calculate or extract next blinding pubkey
 */
void blindedpath_next_path_key(const struct tlv_encrypted_data_tlv *enc,
			       const struct pubkey *path_key,
			       const struct secret *ss,
			       struct pubkey *next_path_key);

#endif /* LIGHTNING_COMMON_BLINDEDPATH_H */
common/blindedpath: EXPERIMENTAL creation of blinded paths. For inclusion in the onion as a reply path. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2020-12-09 04:57:50 +01:00			`#ifndef LIGHTNING_COMMON_BLINDEDPATH_H`
			`#define LIGHTNING_COMMON_BLINDEDPATH_H`
			`#include "config.h"`
common/blindedpath: enctlv creation primitives. And test vector generation! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:16 +02:00			`#include <ccan/compiler/compiler.h>`
			`#include <ccan/short_types/short_types.h>`
common/blindedpath: EXPERIMENTAL creation of blinded paths. For inclusion in the onion as a reply path. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2020-12-09 04:57:50 +01:00			`#include <ccan/tal/tal.h>`

			`struct route_info;`
			`struct pubkey;`
common/blindedpath: enctlv creation primitives. And test vector generation! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:16 +02:00			`struct privkey;`
			`struct secret;`
common/blindedpath: generalize construction routines. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-10-17 02:43:08 +02:00			`struct short_channel_id;`
common/blindedpath: expose API at a lower level. We actually want lightningd to create these, since it wants to put the path_id secret in the last element. So best API is actually a generic one, rather than separate APIs to create first and last ones. And really, the more explicit initialization makes the users clearer. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-11-09 02:30:10 +01:00			`struct tlv_encrypted_data_tlv;`
common/blindedpath: generalize construction routines. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-10-17 02:43:08 +02:00			`struct tlv_encrypted_data_tlv_payment_constraints;`
			`struct tlv_encrypted_data_tlv_payment_relay;`
common/blindedpath: EXPERIMENTAL creation of blinded paths. For inclusion in the onion as a reply path. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2020-12-09 04:57:50 +01:00
common/blindedpath: enctlv creation primitives. And test vector generation! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:16 +02:00			`/**`
common/blindedpath: expose API at a lower level. We actually want lightningd to create these, since it wants to put the path_id secret in the last element. So best API is actually a generic one, rather than separate APIs to create first and last ones. And really, the more explicit initialization makes the users clearer. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-11-09 02:30:10 +01:00			`* encrypt_tlv_encrypted_data - Encrypt a tlv_encrypted_data_tlv.`
common/blindedpath: enctlv creation primitives. And test vector generation! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:16 +02:00			`* @ctx: tal context`
BOLTs: update which renames blinding terminology. No code changes, just catching up with the BOLT changes which rework our blinded path terminology (for the better!). Another patch will sweep the rest of our internal names, this tries only to make things compile and fix up the BOLT quotes. 1. Inside payload: current_blinding_point -> current_path_key 2. Inside update_add_htlc TLV: blinding_point -> blinded_path 3. Inside blinded_path: blinding -> first_path_key 4. Inside onion_message: blinding -> path_key. 5. Inside encrypted_data_tlv: next_blinding_override -> next_path_key_override Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2024-10-14 18:03:49 +02:00			`* @path_privkey: e(i), the path key`
common/blindedpath: enctlv creation primitives. And test vector generation! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:16 +02:00			`* @node: the pubkey of the node to encrypt for`
common/blindedpath: expose API at a lower level. We actually want lightningd to create these, since it wants to put the path_id secret in the last element. So best API is actually a generic one, rather than separate APIs to create first and last ones. And really, the more explicit initialization makes the users clearer. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-11-09 02:30:10 +01:00			`* @tlv: the message to encrypt.`
BOLTs: update which renames blinding terminology. No code changes, just catching up with the BOLT changes which rework our blinded path terminology (for the better!). Another patch will sweep the rest of our internal names, this tries only to make things compile and fix up the BOLT quotes. 1. Inside payload: current_blinding_point -> current_path_key 2. Inside update_add_htlc TLV: blinding_point -> blinded_path 3. Inside blinded_path: blinding -> first_path_key 4. Inside onion_message: blinding -> path_key. 5. Inside encrypted_data_tlv: next_blinding_override -> next_path_key_override Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2024-10-14 18:03:49 +02:00			`* @next_path_privkey: (out) e(i+1), the next blinding secret (optional)`
common/blindedpath: enctlv creation primitives. And test vector generation! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:16 +02:00			`* @node_alias: (out) the blinded pubkey of the node to tell the recipient.`
			`*`
common/blindedpath: expose API at a lower level. We actually want lightningd to create these, since it wants to put the path_id secret in the last element. So best API is actually a generic one, rather than separate APIs to create first and last ones. And really, the more explicit initialization makes the users clearer. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-11-09 02:30:10 +01:00			`* You create a blinding secret using randombytes_buf(), then call this`
			`* iteratively for each node in the path.`
common/blindedpath: enctlv creation primitives. And test vector generation! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:16 +02:00			`*/`
common/blindedpath: expose API at a lower level. We actually want lightningd to create these, since it wants to put the path_id secret in the last element. So best API is actually a generic one, rather than separate APIs to create first and last ones. And really, the more explicit initialization makes the users clearer. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-11-09 02:30:10 +01:00			`u8 encrypt_tlv_encrypted_data(const tal_t ctx,`
BOLTs: update which renames blinding terminology. No code changes, just catching up with the BOLT changes which rework our blinded path terminology (for the better!). Another patch will sweep the rest of our internal names, this tries only to make things compile and fix up the BOLT quotes. 1. Inside payload: current_blinding_point -> current_path_key 2. Inside update_add_htlc TLV: blinding_point -> blinded_path 3. Inside blinded_path: blinding -> first_path_key 4. Inside onion_message: blinding -> path_key. 5. Inside encrypted_data_tlv: next_blinding_override -> next_path_key_override Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2024-10-14 18:03:49 +02:00			`const struct privkey *path_privkey,`
common/blindedpath: expose API at a lower level. We actually want lightningd to create these, since it wants to put the path_id secret in the last element. So best API is actually a generic one, rather than separate APIs to create first and last ones. And really, the more explicit initialization makes the users clearer. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-11-09 02:30:10 +01:00			`const struct pubkey *node,`
			`const struct tlv_encrypted_data_tlv *tlv,`
BOLTs: update which renames blinding terminology. No code changes, just catching up with the BOLT changes which rework our blinded path terminology (for the better!). Another patch will sweep the rest of our internal names, this tries only to make things compile and fix up the BOLT quotes. 1. Inside payload: current_blinding_point -> current_path_key 2. Inside update_add_htlc TLV: blinding_point -> blinded_path 3. Inside blinded_path: blinding -> first_path_key 4. Inside onion_message: blinding -> path_key. 5. Inside encrypted_data_tlv: next_blinding_override -> next_path_key_override Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2024-10-14 18:03:49 +02:00			`struct privkey *next_path_privkey,`
common/blindedpath: expose API at a lower level. We actually want lightningd to create these, since it wants to put the path_id secret in the last element. So best API is actually a generic one, rather than separate APIs to create first and last ones. And really, the more explicit initialization makes the users clearer. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-11-09 02:30:10 +01:00			`struct pubkey *node_alias)`
			`NON_NULL_ARGS(2, 3, 4, 6);`
common/blindedpath: enctlv creation primitives. And test vector generation! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:16 +02:00
common/blindedpath: enctlv unwrapping primitives. And we check them on our test vectors. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:24 +02:00			`/**`
			`* unblind_onion - tweak onion epheremeral key so we can decode it with ours.`
BOLTs: update which renames blinding terminology. No code changes, just catching up with the BOLT changes which rework our blinded path terminology (for the better!). Another patch will sweep the rest of our internal names, this tries only to make things compile and fix up the BOLT quotes. 1. Inside payload: current_blinding_point -> current_path_key 2. Inside update_add_htlc TLV: blinding_point -> blinded_path 3. Inside blinded_path: blinding -> first_path_key 4. Inside onion_message: blinding -> path_key. 5. Inside encrypted_data_tlv: next_blinding_override -> next_path_key_override Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2024-10-14 18:03:49 +02:00			`* @path_key: E(i), the blinding pubkey the previous peer gave us.`
common/blindedpath: enctlv unwrapping primitives. And we check them on our test vectors. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:24 +02:00			`* @ecdh: the ecdh routine (usually ecdh from common/ecdh_hsmd).`
			`* @onion_key: (in, out) the onionpacket->ephemeralkey to tweak.`
			`* @ss: (out) the shared secret we gained from blinding pubkey.`
			`*`
			`* The shared secret is needed to decrypt the enctlv we expect to find, too.`
			`*/`
BOLTs: update which renames blinding terminology. No code changes, just catching up with the BOLT changes which rework our blinded path terminology (for the better!). Another patch will sweep the rest of our internal names, this tries only to make things compile and fix up the BOLT quotes. 1. Inside payload: current_blinding_point -> current_path_key 2. Inside update_add_htlc TLV: blinding_point -> blinded_path 3. Inside blinded_path: blinding -> first_path_key 4. Inside onion_message: blinding -> path_key. 5. Inside encrypted_data_tlv: next_blinding_override -> next_path_key_override Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2024-10-14 18:03:49 +02:00			`bool unblind_onion(const struct pubkey *path_key,`
common/blindedpath: enctlv unwrapping primitives. And we check them on our test vectors. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:24 +02:00			`void (ecdh)(const struct pubkey point, struct secret *ss),`
			`struct pubkey *onion_key,`
			`struct secret *ss)`
			`NO_NULL_ARGS;`

			`/**`
common/blindedpath: generalize routines. We're going to share them for onion messages as well as for blinded payments. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-10-17 02:43:07 +02:00			`* blindedpath_get_alias - tweak our id to see alias they used.`
			`* @ss: the shared secret from unblind_onion`
			`* @my_id: my node_id`
			`* @alias: (out) the alias.`
common/blindedpath: enctlv unwrapping primitives. And we check them on our test vectors. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:24 +02:00			`*`
common/blindedpath: generalize routines. We're going to share them for onion messages as well as for blinded payments. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-10-17 02:43:07 +02:00			`* Returns false on ECDH fail.`
common/blindedpath: enctlv unwrapping primitives. And we check them on our test vectors. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:24 +02:00			`*/`
common/blindedpath: generalize routines. We're going to share them for onion messages as well as for blinded payments. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-10-17 02:43:07 +02:00			`bool blindedpath_get_alias(const struct secret *ss,`
			`const struct pubkey *my_id,`
			`struct pubkey *alias);`
common/blindedpath: enctlv unwrapping primitives. And we check them on our test vectors. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:24 +02:00
			`/**`
common/blindedpath: generalize routines. We're going to share them for onion messages as well as for blinded payments. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-10-17 02:43:07 +02:00			`* decrypt_encrypted_data - Decrypt an encmsg to form an tlv_encrypted_data_tlv.`
			`* @ctx: the context to allocate off.`
common/blindedpath: enctlv unwrapping primitives. And we check them on our test vectors. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:24 +02:00			`* @ss: the blinding secret from unblind_onion().`
			`* @enctlv: the enctlv from the onion (tal, may be NULL).`
			`*`
common/blindedpath: generalize routines. We're going to share them for onion messages as well as for blinded payments. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-10-17 02:43:07 +02:00			`* Returns NULL if decryption failed or encmsg was malformed.`
			`*/`
			`struct tlv_encrypted_data_tlv decrypt_encrypted_data(const tal_t ctx,`
			`const struct secret *ss,`
			`const u8 *enctlv)`
			`NON_NULL_ARGS(2, 3);`

lightningd: new internal JSONRPC "decryptencrypteddata" I'm not sure about interface yet, so don't document. It's ugly. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2024-07-17 11:00:11 +02:00			`/* Low-level accessor */`
			`u8 decrypt_encmsg_raw(const tal_t ctx,`
			`const struct secret *ss,`
			`const u8 *enctlv);`

common/blindedpath: generalize routines. We're going to share them for onion messages as well as for blinded payments. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-10-17 02:43:07 +02:00			`/**`
BOLTs: update which renames blinding terminology. No code changes, just catching up with the BOLT changes which rework our blinded path terminology (for the better!). Another patch will sweep the rest of our internal names, this tries only to make things compile and fix up the BOLT quotes. 1. Inside payload: current_blinding_point -> current_path_key 2. Inside update_add_htlc TLV: blinding_point -> blinded_path 3. Inside blinded_path: blinding -> first_path_key 4. Inside onion_message: blinding -> path_key. 5. Inside encrypted_data_tlv: next_blinding_override -> next_path_key_override Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2024-10-14 18:03:49 +02:00			`* blindedpath_next_path_key - Calculate or extract next blinding pubkey`
common/blindedpath: enctlv unwrapping primitives. And we check them on our test vectors. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-09-21 23:17:24 +02:00			`*/`
BOLTs: update which renames blinding terminology. No code changes, just catching up with the BOLT changes which rework our blinded path terminology (for the better!). Another patch will sweep the rest of our internal names, this tries only to make things compile and fix up the BOLT quotes. 1. Inside payload: current_blinding_point -> current_path_key 2. Inside update_add_htlc TLV: blinding_point -> blinded_path 3. Inside blinded_path: blinding -> first_path_key 4. Inside onion_message: blinding -> path_key. 5. Inside encrypted_data_tlv: next_blinding_override -> next_path_key_override Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2024-10-14 18:03:49 +02:00			`void blindedpath_next_path_key(const struct tlv_encrypted_data_tlv *enc,`
			`const struct pubkey *path_key,`
common/blindedpath: generalize routines. We're going to share them for onion messages as well as for blinded payments. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2022-10-17 02:43:07 +02:00			`const struct secret *ss,`
BOLTs: update which renames blinding terminology. No code changes, just catching up with the BOLT changes which rework our blinded path terminology (for the better!). Another patch will sweep the rest of our internal names, this tries only to make things compile and fix up the BOLT quotes. 1. Inside payload: current_blinding_point -> current_path_key 2. Inside update_add_htlc TLV: blinding_point -> blinded_path 3. Inside blinded_path: blinding -> first_path_key 4. Inside onion_message: blinding -> path_key. 5. Inside encrypted_data_tlv: next_blinding_override -> next_path_key_override Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2024-10-14 18:03:49 +02:00			`struct pubkey *next_path_key);`
spec: import latest onionmessage spec, based on routeblinding. This is from 6e99c5feaf60cb797507d181fe583224309318e9 We renamed the enctlv field to encrypted_recipient_data in the spec, and the new onion_message is message 513. We don't handle it until the next patch. Two renames: 1. blinding_seed -> blinding_point. 2. enctlv -> encrypted_recipient_data. We don't do a compat cycle for our JSON APIs for these experimental features only used by our own plugins, we just rename. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2021-11-30 04:06:04 +01:00
common/blindedpath: EXPERIMENTAL creation of blinded paths. For inclusion in the onion as a reply path. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2020-12-09 04:57:50 +01:00			`#endif /* LIGHTNING_COMMON_BLINDEDPATH_H */`