Verify that an HTLC's ReceiveTlvs is authentic

When receiving a payment over a BlindedPaymentPath, a PaymentContext is
included but was not authenticated. The previous commit adds an HMAC of
the payment::ReceiveTlvs (which contains the PaymentContext) and the
nonce used to create the HMAC. This commit verifies the authenticity
when parsing the InboundOnionPayload. This prevents a malicious actor
from for forging it.
This commit is contained in:
Jeffrey Czyz 2024-12-04 14:32:24 -06:00
parent a041463c30
commit 62cdf5d60b
No known key found for this signature in database
GPG key ID: 912EF12EA67705F5

View file

@ -32,6 +32,7 @@ use bitcoin::script::ScriptBuf;
use bitcoin::hash_types::Txid;
use crate::blinded_path::payment::{BlindedPaymentTlvs, ForwardTlvs, ReceiveTlvs, UnauthenticatedReceiveTlvs};
use crate::ln::channelmanager::Verification;
use crate::ln::types::ChannelId;
use crate::types::payment::{PaymentPreimage, PaymentHash, PaymentSecret};
use crate::types::features::{ChannelFeatures, ChannelTypeFeatures, InitFeatures, NodeFeatures};
@ -2908,7 +2909,12 @@ impl<NS: Deref> ReadableArgs<(Option<PublicKey>, NS)> for InboundOnionPayload wh
})
},
ChaChaPolyReadAdapter { readable: BlindedPaymentTlvs::Receive(receive_tlvs) } => {
let ReceiveTlvs { tlvs, authentication: _ } = receive_tlvs;
let ReceiveTlvs { tlvs, authentication: (hmac, nonce) } = receive_tlvs;
let expanded_key = node_signer.get_inbound_payment_key();
if tlvs.verify_for_offer_payment(hmac, nonce, &expanded_key).is_err() {
return Err(DecodeError::InvalidValue);
}
let UnauthenticatedReceiveTlvs {
payment_secret, payment_constraints, payment_context,
} = tlvs;