Refactor: Introduce ReceiveAuthKey

Author: shaavan

lightning/src/blinded_path/message.rs

@@ -25,7 +25,7 @@ use crate::ln::onion_utils;
 use crate::offers::nonce::Nonce;
 use crate::onion_message::packet::ControlTlvs;
 use crate::routing::gossip::{NodeId, ReadOnlyNetworkGraph};
-use crate::sign::{EntropySource, NodeSigner, Recipient};
+use crate::sign::{EntropySource, NodeSigner, ReceiveAuthKey, Recipient};
 use crate::types::payment::PaymentHash;
 use crate::util::scid_utils;
 use crate::util::ser::{FixedLengthReader, LengthReadableArgs, Readable, Writeable, Writer};
@@ -92,7 +92,7 @@ impl BlindedMessagePath {
 				recipient_node_id,
 				context,
 				&blinding_secret,
-				[41; 32], // TODO: Pass this in
+				ReceiveAuthKey { inner: [41; 32] }, // TODO: Pass this in
 			)
 			.map_err(|_| ())?,
 		}))
@@ -515,7 +515,7 @@ pub(crate) const MESSAGE_PADDING_ROUND_OFF: usize = 100;
 pub(super) fn blinded_hops<T: secp256k1::Signing + secp256k1::Verification>(
 	secp_ctx: &Secp256k1<T>, intermediate_nodes: &[MessageForwardNode],
 	recipient_node_id: PublicKey, context: MessageContext, session_priv: &SecretKey,
-	local_node_receive_key: [u8; 32],
+	local_node_receive_key: ReceiveAuthKey,
 ) -> Result<Vec<BlindedHop>, secp256k1::Error> {
 	let pks = intermediate_nodes
 		.iter()

lightning/src/blinded_path/utils.rs

@@ -22,6 +22,7 @@ use crate::crypto::streams::chachapoly_encrypt_with_swapped_aad;
 use crate::io;
 use crate::ln::onion_utils;
 use crate::onion_message::messenger::Destination;
+use crate::sign::ReceiveAuthKey;
 use crate::util::ser::{Writeable, Writer};
 
 use core::borrow::Borrow;
@@ -157,7 +158,7 @@ where
 
 struct PublicKeyWithTlvs<W: Writeable> {
 	pubkey: PublicKey,
-	hop_recv_key: Option<[u8; 32]>,
+	hop_recv_key: Option<ReceiveAuthKey>,
 	tlvs: W,
 }
 
@@ -172,7 +173,7 @@ pub(crate) fn construct_blinded_hops<'a, T, I, W>(
 ) -> Result<Vec<BlindedHop>, secp256k1::Error>
 where
 	T: secp256k1::Signing + secp256k1::Verification,
-	I: Iterator<Item = ((PublicKey, Option<[u8; 32]>), W)>,
+	I: Iterator<Item = ((PublicKey, Option<ReceiveAuthKey>), W)>,
 	W: Writeable,
 {
 	let mut blinded_hops = Vec::with_capacity(unblinded_path.size_hint().0);
@@ -201,11 +202,11 @@ where
 
 /// Encrypt TLV payload to be used as a [`crate::blinded_path::BlindedHop::encrypted_payload`].
 fn encrypt_payload<P: Writeable>(
-	payload: P, encrypted_tlvs_rho: [u8; 32], hop_recv_key: Option<[u8; 32]>,
+	payload: P, encrypted_tlvs_rho: [u8; 32], hop_recv_key: Option<ReceiveAuthKey>,
 ) -> Vec<u8> {
 	let mut payload_data = payload.encode();
 	if let Some(hop_recv_key) = hop_recv_key {
-		chachapoly_encrypt_with_swapped_aad(payload_data, encrypted_tlvs_rho, hop_recv_key)
+		chachapoly_encrypt_with_swapped_aad(payload_data, encrypted_tlvs_rho, hop_recv_key.inner)
 	} else {
 		let mut chacha = ChaCha20Poly1305RFC::new(&encrypted_tlvs_rho, &[0; 12], &[]);
 		let mut tag = [0; 16];

lightning/src/onion_message/messenger.rs

@@ -40,7 +40,7 @@ use crate::ln::msgs::{
 };
 use crate::ln::onion_utils;
 use crate::routing::gossip::{NetworkGraph, NodeId, ReadOnlyNetworkGraph};
-use crate::sign::{EntropySource, NodeSigner, Recipient};
+use crate::sign::{EntropySource, NodeSigner, ReceiveAuthKey, Recipient};
 use crate::types::features::{InitFeatures, NodeFeatures};
 use crate::util::async_poll::{MultiResultFuturePoller, ResultFuture};
 use crate::util::logger::{Logger, WithContext};
@@ -1068,7 +1068,7 @@ where
 			},
 		}
 	};
-	let receiving_context_auth_key = [41; 32]; // TODO: pass this in
+	let receiving_context_auth_key = ReceiveAuthKey { inner: [41; 32] }; // TODO: pass this in
 	let next_hop = onion_utils::decode_next_untagged_hop(
 		onion_decode_ss,
 		&msg.onion_routing_packet.hop_data[..],

lightning/src/onion_message/packet.rs

@@ -21,6 +21,7 @@ use crate::blinded_path::message::{BlindedMessagePath, ForwardTlvs, NextMessageH
 use crate::crypto::streams::{ChaChaDualPolyReadAdapter, ChaChaPolyWriteAdapter};
 use crate::ln::msgs::DecodeError;
 use crate::ln::onion_utils;
+use crate::sign::ReceiveAuthKey;
 use crate::util::logger::Logger;
 use crate::util::ser::{
 	BigSize, FixedLengthReader, LengthLimitedRead, LengthReadable, LengthReadableArgs, Readable,
@@ -262,11 +263,11 @@ impl<T: OnionMessageContents> Writeable for (Payload<T>, [u8; 32]) {
 
 // Uses the provided secret to simultaneously decode and decrypt the control TLVs and data TLV.
 impl<H: CustomOnionMessageHandler + ?Sized, L: Logger + ?Sized>
-	ReadableArgs<(SharedSecret, &H, [u8; 32], &L)>
+	ReadableArgs<(SharedSecret, &H, ReceiveAuthKey, &L)>
 	for Payload<ParsedOnionMessageContents<<H as CustomOnionMessageHandler>::CustomMessage>>
 {
 	fn read<R: Read>(
-		r: &mut R, args: (SharedSecret, &H, [u8; 32], &L),
+		r: &mut R, args: (SharedSecret, &H, ReceiveAuthKey, &L),
 	) -> Result<Self, DecodeError> {
 		let (encrypted_tlvs_ss, handler, receive_tlvs_key, logger) = args;
 
@@ -279,7 +280,7 @@ impl<H: CustomOnionMessageHandler + ?Sized, L: Logger + ?Sized>
 		let mut message = None;
 		decode_tlv_stream_with_custom_tlv_decode!(&mut rd, {
 			(2, reply_path, option),
-			(4, read_adapter, (option: LengthReadableArgs, (rho, receive_tlvs_key))),
+			(4, read_adapter, (option: LengthReadableArgs, (rho, receive_tlvs_key.inner))),
 		}, |msg_type, msg_reader| {
 			if msg_type < 64 { return Ok(false) }
 			// Don't allow reading more than one data TLV from an onion message.

lightning/src/sign/mod.rs

@@ -803,6 +803,20 @@ pub struct PeerStorageKey {
 	pub inner: [u8; 32],
 }
 
+/// A secret key used to authenticate message contexts in received [`BlindedMessagePath`]s.
+///
+/// This key ensures that a node only accepts incoming messages delivered through
+/// blinded paths that it constructed itself.
+///
+/// [`BlindedMessagePath`]: crate::blinded_path::message::BlindedMessagePath
+#[derive(Clone, Copy, PartialEq, Eq)]
+pub struct ReceiveAuthKey {
+	/// Represents the key used to authenticate incoming [`BlindedMessagePath`]s.
+	///
+	/// [`BlindedMessagePath`]: crate::blinded_path::message::BlindedMessagePath
+	pub inner: [u8; 32],
+}
+
 /// Specifies the recipient of an invoice.
 ///
 /// This indicates to [`NodeSigner::sign_invoice`] what node secret key should be used to sign