mirror of
https://github.com/lightningdevkit/rust-lightning.git
synced 2025-03-15 15:39:09 +01:00
Verify that an HTLC's ReceiveTlvs is authentic
When receiving a payment over a BlindedPaymentPath, a PaymentContext is included but was not authenticated. The previous commit adds an HMAC of the payment::ReceiveTlvs (which contains the PaymentContext) and the nonce used to create the HMAC. This commit verifies the authenticity when parsing the InboundOnionPayload. This prevents a malicious actor from for forging it.
This commit is contained in:
parent
a041463c30
commit
62cdf5d60b
1 changed files with 7 additions and 1 deletions
|
@ -32,6 +32,7 @@ use bitcoin::script::ScriptBuf;
|
|||
use bitcoin::hash_types::Txid;
|
||||
|
||||
use crate::blinded_path::payment::{BlindedPaymentTlvs, ForwardTlvs, ReceiveTlvs, UnauthenticatedReceiveTlvs};
|
||||
use crate::ln::channelmanager::Verification;
|
||||
use crate::ln::types::ChannelId;
|
||||
use crate::types::payment::{PaymentPreimage, PaymentHash, PaymentSecret};
|
||||
use crate::types::features::{ChannelFeatures, ChannelTypeFeatures, InitFeatures, NodeFeatures};
|
||||
|
@ -2908,7 +2909,12 @@ impl<NS: Deref> ReadableArgs<(Option<PublicKey>, NS)> for InboundOnionPayload wh
|
|||
})
|
||||
},
|
||||
ChaChaPolyReadAdapter { readable: BlindedPaymentTlvs::Receive(receive_tlvs) } => {
|
||||
let ReceiveTlvs { tlvs, authentication: _ } = receive_tlvs;
|
||||
let ReceiveTlvs { tlvs, authentication: (hmac, nonce) } = receive_tlvs;
|
||||
let expanded_key = node_signer.get_inbound_payment_key();
|
||||
if tlvs.verify_for_offer_payment(hmac, nonce, &expanded_key).is_err() {
|
||||
return Err(DecodeError::InvalidValue);
|
||||
}
|
||||
|
||||
let UnauthenticatedReceiveTlvs {
|
||||
payment_secret, payment_constraints, payment_context,
|
||||
} = tlvs;
|
||||
|
|
Loading…
Add table
Reference in a new issue