From 62cdf5d60b3d1c906710a5881c456aa332b85699 Mon Sep 17 00:00:00 2001 From: Jeffrey Czyz Date: Wed, 4 Dec 2024 14:32:24 -0600 Subject: [PATCH] Verify that an HTLC's ReceiveTlvs is authentic When receiving a payment over a BlindedPaymentPath, a PaymentContext is included but was not authenticated. The previous commit adds an HMAC of the payment::ReceiveTlvs (which contains the PaymentContext) and the nonce used to create the HMAC. This commit verifies the authenticity when parsing the InboundOnionPayload. This prevents a malicious actor from for forging it. --- lightning/src/ln/msgs.rs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lightning/src/ln/msgs.rs b/lightning/src/ln/msgs.rs index 84da5a9f2..659ec65f6 100644 --- a/lightning/src/ln/msgs.rs +++ b/lightning/src/ln/msgs.rs @@ -32,6 +32,7 @@ use bitcoin::script::ScriptBuf; use bitcoin::hash_types::Txid; use crate::blinded_path::payment::{BlindedPaymentTlvs, ForwardTlvs, ReceiveTlvs, UnauthenticatedReceiveTlvs}; +use crate::ln::channelmanager::Verification; use crate::ln::types::ChannelId; use crate::types::payment::{PaymentPreimage, PaymentHash, PaymentSecret}; use crate::types::features::{ChannelFeatures, ChannelTypeFeatures, InitFeatures, NodeFeatures}; @@ -2908,7 +2909,12 @@ impl ReadableArgs<(Option, NS)> for InboundOnionPayload wh }) }, ChaChaPolyReadAdapter { readable: BlindedPaymentTlvs::Receive(receive_tlvs) } => { - let ReceiveTlvs { tlvs, authentication: _ } = receive_tlvs; + let ReceiveTlvs { tlvs, authentication: (hmac, nonce) } = receive_tlvs; + let expanded_key = node_signer.get_inbound_payment_key(); + if tlvs.verify_for_offer_payment(hmac, nonce, &expanded_key).is_err() { + return Err(DecodeError::InvalidValue); + } + let UnauthenticatedReceiveTlvs { payment_secret, payment_constraints, payment_context, } = tlvs;