From dc18f3cd7b3886dc4d7cbf33859007c0f180889a Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Tue, 15 Oct 2024 02:33:49 +1030 Subject: [PATCH] BOLTs: update which renames blinding terminology. No code changes, just catching up with the BOLT changes which rework our blinded path terminology (for the better!). Another patch will sweep the rest of our internal names, this tries only to make things compile and fix up the BOLT quotes. 1. Inside payload: current_blinding_point -> current_path_key 2. Inside update_add_htlc TLV: blinding_point -> blinded_path 3. Inside blinded_path: blinding -> first_path_key 4. Inside onion_message: blinding -> path_key. 5. Inside encrypted_data_tlv: next_blinding_override -> next_path_key_override Signed-off-by: Rusty Russell --- Makefile | 2 +- channeld/channeld.c | 8 +- common/blindedpath.c | 88 +++++++-------- common/blindedpath.h | 23 ++-- common/blindedpay.c | 6 +- common/blinding.c | 12 +- common/blinding.h | 12 +- common/json_blinded_path.c | 2 +- common/onion_decode.c | 38 +++---- common/onion_encode.c | 2 +- common/onion_message.c | 8 +- common/onion_message_parse.c | 10 +- common/test/run-blindedpath_enctlv.c | 106 +++++++++--------- common/test/run-blindedpath_onion.c | 70 ++++++------ common/test/run-bolt12-encode-test.c | 14 +-- common/test/run-onion-message-test.c | 70 ++++++------ common/test/run-onion-test-vector.c | 1 - common/test/run-route_blinding_onion_test.c | 4 +- common/test/run-route_blinding_test.c | 18 +-- common/test/run-sphinx.c | 1 - devtools/bolt12-cli.c | 4 +- gossipd/test/run-check_channel_announcement.c | 20 ++-- gossipd/test/run-extended-info.c | 20 ++-- gossipd/test/run-next_block_range.c | 20 ++-- gossipd/test/run-txout_failure.c | 20 ++-- lightningd/invoice.c | 8 +- lightningd/onion_message.c | 16 +-- lightningd/peer_htlcs.c | 8 +- lightningd/test/run-invoice-select-inchan.c | 4 +- plugins/offers.c | 2 +- plugins/pay.c | 12 +- tests/fuzz/fuzz-wire-update_add_htlc.c | 2 +- wallet/test/run-wallet.c | 10 +- wire/extracted_onion_02_offers.patch | 5 +- ...onion_03_onionmsg-payload-as-bytearr.patch | 5 +- ...racted_onion_05_remove-onion_message.patch | 2 +- ...blinded_path_first_sciddir_or_pubkey.patch | 2 +- wire/extracted_peer_05_newonion.patch | 2 +- wire/onion_wire.csv | 26 ++--- wire/peer_wire.csv | 6 +- 40 files changed, 338 insertions(+), 351 deletions(-) diff --git a/Makefile b/Makefile index 76be2f2ff..fe095fe38 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,7 @@ CCANDIR := ccan # Where we keep the BOLT RFCs BOLTDIR := ../bolts/ -DEFAULT_BOLTVERSION := 6a51861d93ad617438fe24195768e2742d7708ac +DEFAULT_BOLTVERSION := 6c0f0d878f52ee189be9649b06a0dd86e52a517a # Can be overridden on cmdline. BOLTVERSION := $(DEFAULT_BOLTVERSION) diff --git a/channeld/channeld.c b/channeld/channeld.c index b10c06a58..91147853f 100644 --- a/channeld/channeld.c +++ b/channeld/channeld.c @@ -622,7 +622,7 @@ static void handle_peer_add_htlc(struct peer *peer, const u8 *msg) } add_err = channel_add_htlc(peer->channel, REMOTE, id, amount, cltv_expiry, &payment_hash, - onion_routing_packet, tlvs->blinding_point, &htlc, NULL, + onion_routing_packet, tlvs->blinded_path, &htlc, NULL, /* We don't immediately fail incoming htlcs, * instead we wait and fail them after * they've been committed */ @@ -4412,8 +4412,8 @@ static void resend_commitment(struct peer *peer, struct changed_htlc *last) struct tlv_update_add_htlc_tlvs *tlvs; if (h->blinding) { tlvs = tlv_update_add_htlc_tlvs_new(tmpctx); - tlvs->blinding_point = tal_dup(tlvs, struct pubkey, - h->blinding); + tlvs->blinded_path = tal_dup(tlvs, struct pubkey, + h->blinding); } else tlvs = NULL; msg = towire_update_add_htlc(NULL, &peer->channel_id, @@ -5360,7 +5360,7 @@ static void handle_offer_htlc(struct peer *peer, const u8 *inmsg) if (blinding) { tlvs = tlv_update_add_htlc_tlvs_new(tmpctx); - tlvs->blinding_point = tal_dup(tlvs, struct pubkey, blinding); + tlvs->blinded_path = tal_dup(tlvs, struct pubkey, blinding); } else tlvs = NULL; diff --git a/common/blindedpath.c b/common/blindedpath.c index 19c836d02..87ed776da 100644 --- a/common/blindedpath.c +++ b/common/blindedpath.c @@ -14,13 +14,13 @@ #endif /* Blinds node_id and calculates next blinding factor. */ -static bool blind_node(const struct privkey *blinding, +static bool blind_node(const struct privkey *path_privkey, const struct secret *ss, const struct pubkey *node, struct pubkey *node_alias, - struct privkey *next_blinding) + struct privkey *next_path_privkey) { - struct pubkey blinding_pubkey; + struct pubkey path_pubkey; struct sha256 h; if (!blindedpath_get_alias(ss, node, node_alias)) @@ -30,32 +30,32 @@ static bool blind_node(const struct privkey *blinding, /* BOLT #4: * - $`E_{i+1} = SHA256(E_i || ss_i) * E_i`$ - * (NB: $`N_i`$ MUST NOT learn $`e_i`$) + * (`path_key`. NB: $`N_i`$ MUST NOT learn $`e_i`$) */ - if (!pubkey_from_privkey(blinding, &blinding_pubkey)) + if (!pubkey_from_privkey(path_privkey, &path_pubkey)) return false; SUPERVERBOSE("\t\"E\": \"%s\",\n", - fmt_pubkey(tmpctx, &blinding_pubkey)); + fmt_pubkey(tmpctx, &path_pubkey)); /* BOLT #4: * - $`e_{i+1} = SHA256(E_i || ss_i) * e_i`$ - * (blinding ephemeral private key, only known by $`N_r`$) + * (ephemeral private path key, only known by $`N_r`$) */ - blinding_hash_e_and_ss(&blinding_pubkey, ss, &h); + blinding_hash_e_and_ss(&path_pubkey, ss, &h); SUPERVERBOSE("\t\"H(E || ss)\": \"%s\",\n", fmt_sha256(tmpctx, &h)); - blinding_next_privkey(blinding, &h, next_blinding); + blinding_next_path_privkey(path_privkey, &h, next_path_privkey); SUPERVERBOSE("\t\"next_e\": \"%s\",\n", - fmt_privkey(tmpctx, next_blinding)); + fmt_privkey(tmpctx, next_path_privkey)); return true; } static u8 *enctlv_from_encmsg_raw(const tal_t *ctx, - const struct privkey *blinding, + const struct privkey *path_privkey, const struct pubkey *node, const u8 *raw_encmsg TAKES, - struct privkey *next_blinding, + struct privkey *next_path_privkey, struct pubkey *node_alias) { struct secret ss, rho; @@ -65,25 +65,25 @@ static u8 *enctlv_from_encmsg_raw(const tal_t *ctx, static const unsigned char npub[crypto_aead_chacha20poly1305_ietf_NPUBBYTES]; /* BOLT #4: - * - $`ss_i = SHA256(e_i * N_i) = SHA256(k_i * E_i)$` + * - $`ss_i = SHA256(e_i * N_i) = SHA256(k_i * E_i)`$ * (ECDH shared secret known only by $`N_r`$ and $`N_i`$) */ if (secp256k1_ecdh(secp256k1_ctx, ss.data, - &node->pubkey, blinding->secret.data, + &node->pubkey, path_privkey->secret.data, NULL, NULL) != 1) return NULL; SUPERVERBOSE("\t\"ss\": \"%s\",\n", fmt_secret(tmpctx, &ss)); - /* This calculates the node's alias, and next blinding */ - if (!blind_node(blinding, &ss, node, node_alias, next_blinding)) + /* This calculates the node's alias, and next path_key */ + if (!blind_node(path_privkey, &ss, node, node_alias, next_path_privkey)) return NULL; ret = tal_dup_talarr(ctx, u8, raw_encmsg); /* BOLT #4: * - $`rho_i = HMAC256(\text{"rho"}, ss_i)`$ - * (key used to encrypt the payload for $`N_i`$ by $`N_r`$) + * (key used to encrypt `encrypted_recipient_data` for $`N_i`$ by $`N_r`$) */ subkey_from_hmac("rho", &ss, &rho); SUPERVERBOSE("\t\"rho\": \"%s\",\n", @@ -91,7 +91,7 @@ static u8 *enctlv_from_encmsg_raw(const tal_t *ctx, /* BOLT #4: * - MUST encrypt each `encrypted_data_tlv[i]` with ChaCha20-Poly1305 using - * the corresponding `rho_i` key and an all-zero nonce to produce + * the corresponding $`rho_i`$ key and an all-zero nonce to produce * `encrypted_recipient_data[i]` */ /* Encrypt in place */ @@ -109,24 +109,24 @@ static u8 *enctlv_from_encmsg_raw(const tal_t *ctx, } u8 *encrypt_tlv_encrypted_data(const tal_t *ctx, - const struct privkey *blinding, + const struct privkey *path_privkey, const struct pubkey *node, - const struct tlv_encrypted_data_tlv *encmsg, - struct privkey *next_blinding, + const struct tlv_encrypted_data_tlv *tlv, + struct privkey *next_path_privkey, struct pubkey *node_alias) { struct privkey unused; - u8 *encmsg_raw = tal_arr(NULL, u8, 0); - towire_tlv_encrypted_data_tlv(&encmsg_raw, encmsg); + u8 *tlv_wire = tal_arr(NULL, u8, 0); + towire_tlv_encrypted_data_tlv(&tlv_wire, tlv); - /* last hop doesn't care about next_blinding */ - if (!next_blinding) - next_blinding = &unused; - return enctlv_from_encmsg_raw(ctx, blinding, node, take(encmsg_raw), - next_blinding, node_alias); + /* last hop doesn't care about next path_key */ + if (!next_path_privkey) + next_path_privkey = &unused; + return enctlv_from_encmsg_raw(ctx, path_privkey, node, take(tlv_wire), + next_path_privkey, node_alias); } -bool unblind_onion(const struct pubkey *blinding, +bool unblind_onion(const struct pubkey *path_key, void (*ecdh)(const struct pubkey *point, struct secret *ss), struct pubkey *onion_key, struct secret *ss) @@ -140,7 +140,7 @@ bool unblind_onion(const struct pubkey *blinding, * - $`ss_i = SHA256(k_i * E_i)`$ (standard ECDH) * - $`b_i = HMAC256(\text{"blinded\_node\_id"}, ss_i) * k_i`$ */ - ecdh(blinding, ss); + ecdh(path_key, ss); subkey_from_hmac("blinded_node_id", ss, &hmac); /* We instead tweak the *ephemeral* key from the onion and use @@ -149,7 +149,7 @@ bool unblind_onion(const struct pubkey *blinding, /* BOLT #4: * - MUST use $`b_i`$ instead of its private key $`k_i`$ to decrypt the onion. Note * that the node may instead tweak the onion ephemeral key with - * $`HMAC256(\text{"blinded\_node\_id}", ss_i)`$ which achieves the same result. + * $`HMAC256(\text{"blinded\_node\_id"}, ss_i)`$ which achieves the same result. */ return secp256k1_ec_pubkey_tweak_mul(secp256k1_ctx, &onion_key->pubkey, @@ -157,7 +157,6 @@ bool unblind_onion(const struct pubkey *blinding, } u8 *decrypt_encmsg_raw(const tal_t *ctx, - const struct pubkey *blinding, const struct secret *ss, const u8 *enctlv) { @@ -197,17 +196,16 @@ u8 *decrypt_encmsg_raw(const tal_t *ctx, } struct tlv_encrypted_data_tlv *decrypt_encrypted_data(const tal_t *ctx, - const struct pubkey *blinding, const struct secret *ss, const u8 *enctlv) { - const u8 *cursor = decrypt_encmsg_raw(tmpctx, blinding, ss, enctlv); + const u8 *cursor = decrypt_encmsg_raw(tmpctx, ss, enctlv); size_t maxlen = tal_bytelen(cursor); /* BOLT #4: * * - MUST return an error if `encrypted_recipient_data` does not decrypt - * using the blinding point as described in + * using the `path_key` as described in * [Route Blinding](#route-blinding). */ /* Note: our parser consider nothing is a valid TLV, but decrypt_encmsg_raw @@ -237,27 +235,27 @@ bool blindedpath_get_alias(const struct secret *ss, node_id_blinding.data) == 1; } -void blindedpath_next_blinding(const struct tlv_encrypted_data_tlv *enc, - const struct pubkey *blinding, +void blindedpath_next_path_key(const struct tlv_encrypted_data_tlv *enc, + const struct pubkey *path_key, const struct secret *ss, - struct pubkey *next_blinding) + struct pubkey *next_path_key) { /* BOLT #4: * - $`E_{i+1} = SHA256(E_i || ss_i) * E_i`$ * ... - * - If `encrypted_data` contains a `next_blinding_override`: - * - MUST use it as the next blinding point instead of $`E_{i+1}`$ + * - If `encrypted_data` contains a `next_path_key_override`: + * - MUST use it as the next `path_key` instead of $`E_{i+1}`$ * - Otherwise: - * - MUST use $`E_{i+1}`$ as the next blinding point + * - MUST use $`E_{i+1}`$ as the next `path_key` */ - if (enc->next_blinding_override) - *next_blinding = *enc->next_blinding_override; + if (enc->next_path_key_override) + *next_path_key = *enc->next_path_key_override; else { /* BOLT #4: * $`E_{i+1} = SHA256(E_i || ss_i) * E_i`$ */ struct sha256 h; - blinding_hash_e_and_ss(blinding, ss, &h); - blinding_next_pubkey(blinding, &h, next_blinding); + blinding_hash_e_and_ss(path_key, ss, &h); + blinding_next_path_key(path_key, &h, next_path_key); } } diff --git a/common/blindedpath.h b/common/blindedpath.h index 0b2330bef..b84869351 100644 --- a/common/blindedpath.h +++ b/common/blindedpath.h @@ -17,33 +17,33 @@ struct tlv_encrypted_data_tlv_payment_relay; /** * encrypt_tlv_encrypted_data - Encrypt a tlv_encrypted_data_tlv. * @ctx: tal context - * @blinding: e(i), the blinding secret + * @path_privkey: e(i), the path key * @node: the pubkey of the node to encrypt for * @tlv: the message to encrypt. - * @next_blinding: (out) e(i+1), the next blinding secret (optional) + * @next_path_privkey: (out) e(i+1), the next blinding secret (optional) * @node_alias: (out) the blinded pubkey of the node to tell the recipient. * * You create a blinding secret using randombytes_buf(), then call this * iteratively for each node in the path. */ u8 *encrypt_tlv_encrypted_data(const tal_t *ctx, - const struct privkey *blinding, + const struct privkey *path_privkey, const struct pubkey *node, const struct tlv_encrypted_data_tlv *tlv, - struct privkey *next_blinding, + struct privkey *next_path_privkey, struct pubkey *node_alias) NON_NULL_ARGS(2, 3, 4, 6); /** * unblind_onion - tweak onion epheremeral key so we can decode it with ours. - * @blinding: E(i), the blinding pubkey the previous peer gave us. + * @path_key: E(i), the blinding pubkey the previous peer gave us. * @ecdh: the ecdh routine (usually ecdh from common/ecdh_hsmd). * @onion_key: (in, out) the onionpacket->ephemeralkey to tweak. * @ss: (out) the shared secret we gained from blinding pubkey. * * The shared secret is needed to decrypt the enctlv we expect to find, too. */ -bool unblind_onion(const struct pubkey *blinding, +bool unblind_onion(const struct pubkey *path_key, void (*ecdh)(const struct pubkey *point, struct secret *ss), struct pubkey *onion_key, struct secret *ss) @@ -64,30 +64,27 @@ bool blindedpath_get_alias(const struct secret *ss, /** * decrypt_encrypted_data - Decrypt an encmsg to form an tlv_encrypted_data_tlv. * @ctx: the context to allocate off. - * @blinding: E(i), the blinding pubkey the previous peer gave us. * @ss: the blinding secret from unblind_onion(). * @enctlv: the enctlv from the onion (tal, may be NULL). * * Returns NULL if decryption failed or encmsg was malformed. */ struct tlv_encrypted_data_tlv *decrypt_encrypted_data(const tal_t *ctx, - const struct pubkey *blinding, const struct secret *ss, const u8 *enctlv) NON_NULL_ARGS(2, 3); /* Low-level accessor */ u8 *decrypt_encmsg_raw(const tal_t *ctx, - const struct pubkey *blinding, const struct secret *ss, const u8 *enctlv); /** - * blindedpath_next_blinding - Calculate or extract next blinding pubkey + * blindedpath_next_path_key - Calculate or extract next blinding pubkey */ -void blindedpath_next_blinding(const struct tlv_encrypted_data_tlv *enc, - const struct pubkey *blinding, +void blindedpath_next_path_key(const struct tlv_encrypted_data_tlv *enc, + const struct pubkey *path_key, const struct secret *ss, - struct pubkey *next_blinding); + struct pubkey *next_path_key); #endif /* LIGHTNING_COMMON_BLINDEDPATH_H */ diff --git a/common/blindedpay.c b/common/blindedpay.c index 513f7d6c1..9c3dec2e7 100644 --- a/common/blindedpay.c +++ b/common/blindedpay.c @@ -23,8 +23,8 @@ u8 **blinded_onion_hops(const tal_t *ctx, * - MUST include the `encrypted_recipient_data` provided by the * recipient * - For the first node in the blinded route: - * - MUST include the `blinding_point` provided by the - * recipient in `current_blinding_point` + * - MUST include the `path_key` provided by the + * recipient in `current_path_key` * - If it is the final node: * - MUST include `amt_to_forward`, `outgoing_cltv_value` and `total_amount_msat`. *... @@ -35,7 +35,7 @@ u8 **blinded_onion_hops(const tal_t *ctx, final ? &total_amount : NULL, final ? &final_cltv : NULL, path->path[i]->encrypted_recipient_data, - first ? &path->blinding : NULL); + first ? &path->first_path_key : NULL); } return onions; } diff --git a/common/blinding.c b/common/blinding.c index 1fbb4b09d..0b8e0d8ea 100644 --- a/common/blinding.c +++ b/common/blinding.c @@ -19,9 +19,9 @@ void blinding_hash_e_and_ss(const struct pubkey *e, } /* E(i+1) = H(E(i) || ss(i)) * E(i) */ -bool blinding_next_pubkey(const struct pubkey *pk, - const struct sha256 *h, - struct pubkey *next) +bool blinding_next_path_key(const struct pubkey *pk, + const struct sha256 *h, + struct pubkey *next) { *next = *pk; @@ -30,9 +30,9 @@ bool blinding_next_pubkey(const struct pubkey *pk, } /* e(i+1) = H(E(i) || ss(i)) * e(i) */ -bool blinding_next_privkey(const struct privkey *e, - const struct sha256 *h, - struct privkey *next) +bool blinding_next_path_privkey(const struct privkey *e, + const struct sha256 *h, + struct privkey *next) { *next = *e; return secp256k1_ec_seckey_tweak_mul(secp256k1_ctx, next->secret.data, diff --git a/common/blinding.h b/common/blinding.h index af30d0b0f..78ae22d82 100644 --- a/common/blinding.h +++ b/common/blinding.h @@ -13,13 +13,13 @@ void blinding_hash_e_and_ss(const struct pubkey *e, struct sha256 *sha); /* E(i+1) = H(E(i) || ss(i)) * E(i) */ -bool blinding_next_pubkey(const struct pubkey *pk, - const struct sha256 *h, - struct pubkey *next); +bool blinding_next_path_key(const struct pubkey *pk, + const struct sha256 *h, + struct pubkey *next); /* e(i+1) = H(E(i) || ss(i)) * e(i) */ -bool blinding_next_privkey(const struct privkey *e, - const struct sha256 *h, - struct privkey *next); +bool blinding_next_path_privkey(const struct privkey *e, + const struct sha256 *h, + struct privkey *next); #endif /* LIGHTNING_COMMON_BLINDING_H */ diff --git a/common/json_blinded_path.c b/common/json_blinded_path.c index 860845888..37a33ead4 100644 --- a/common/json_blinded_path.c +++ b/common/json_blinded_path.c @@ -22,7 +22,7 @@ json_to_blinded_path(const tal_t *ctx, const char *buffer, const jsmntok_t *tok) "first_node_id?:%," "first_scid?:%," "first_scid_dir?:%}", - JSON_SCAN(json_to_pubkey, &rpath->blinding), + JSON_SCAN(json_to_pubkey, &rpath->first_path_key), JSON_SCAN(json_to_pubkey, &first_node_id), JSON_SCAN(json_to_short_channel_id, &first_scidd.scid), JSON_SCAN(json_to_int, &first_scidd.dir), diff --git a/common/onion_decode.c b/common/onion_decode.c index 092ab6077..7155ef33a 100644 --- a/common/onion_decode.c +++ b/common/onion_decode.c @@ -14,14 +14,14 @@ *... * - If it is not the final node: * - MUST return an error if the payload contains other tlv fields than - * `encrypted_recipient_data` and `current_blinding_point`. + * `encrypted_recipient_data` and `current_path_key`. */ static bool check_nonfinal_tlv(const struct tlv_payload *tlv, u64 *failtlvtype) { for (size_t i = 0; i < tal_count(tlv->fields); i++) { switch (tlv->fields[i].numtype) { - case TLV_PAYLOAD_CURRENT_BLINDING_POINT: + case TLV_PAYLOAD_CURRENT_PATH_KEY: case TLV_PAYLOAD_ENCRYPTED_RECIPIENT_DATA: continue; } @@ -36,7 +36,7 @@ static bool check_nonfinal_tlv(const struct tlv_payload *tlv, *... * - If it is the final node: * - MUST return an error if the payload contains other tlv fields than - * `encrypted_recipient_data`, `current_blinding_point`, `amt_to_forward`, + * `encrypted_recipient_data`, `current_path_key`, `amt_to_forward`, * `outgoing_cltv_value` and `total_amount_msat`. */ static bool check_final_tlv(const struct tlv_payload *tlv, @@ -45,7 +45,7 @@ static bool check_final_tlv(const struct tlv_payload *tlv, for (size_t i = 0; i < tal_count(tlv->fields); i++) { switch (tlv->fields[i].numtype) { case TLV_PAYLOAD_ENCRYPTED_RECIPIENT_DATA: - case TLV_PAYLOAD_CURRENT_BLINDING_POINT: + case TLV_PAYLOAD_CURRENT_PATH_KEY: case TLV_PAYLOAD_AMT_TO_FORWARD: case TLV_PAYLOAD_OUTGOING_CLTV_VALUE: case TLV_PAYLOAD_TOTAL_AMOUNT_MSAT: @@ -215,37 +215,37 @@ struct onion_payload *onion_decode(const tal_t *ctx, /* BOLT #4: * - * - If `blinding_point` is set in the incoming `update_add_htlc`: - * - MUST return an error if `current_blinding_point` is present. - * - MUST use that `blinding_point` as the blinding point for decryption. + * - If `path_key` is set in the incoming `update_add_htlc`: + * - MUST return an error if `current_path_key` is present. + * - MUST use that `path_key` as `path_key` for decryption. * - Otherwise: - * - MUST return an error if `current_blinding_point` is not present. - * - MUST use that `current_blinding_point` as the blinding point for decryption. + * - MUST return an error if `current_path_key` is not present. + * - MUST use that `current_path_key` as the `path_key` for decryption. */ if (blinding) { - if (p->tlv->current_blinding_point) { - *failtlvtype = TLV_PAYLOAD_CURRENT_BLINDING_POINT; + if (p->tlv->current_path_key) { + *failtlvtype = TLV_PAYLOAD_CURRENT_PATH_KEY; goto field_bad; } p->blinding = tal_dup(p, struct pubkey, blinding); } else { - if (!p->tlv->current_blinding_point) { - *failtlvtype = TLV_PAYLOAD_CURRENT_BLINDING_POINT; + if (!p->tlv->current_path_key) { + *failtlvtype = TLV_PAYLOAD_CURRENT_PATH_KEY; goto field_bad; } p->blinding = tal_dup(p, struct pubkey, - p->tlv->current_blinding_point); + p->tlv->current_path_key); } /* BOLT #4: * The reader: *... * - MUST return an error if `encrypted_recipient_data` does - * not decrypt using the blinding point as described in + * not decrypt using the `path_key` as described in * [Route Blinding](#route-blinding). */ ecdh(p->blinding, &p->blinding_ss); - enc = decrypt_encrypted_data(tmpctx, p->blinding, &p->blinding_ss, + enc = decrypt_encrypted_data(tmpctx, &p->blinding_ss, p->tlv->encrypted_recipient_data); if (!enc) { *failtlvtype = TLV_PAYLOAD_ENCRYPTED_RECIPIENT_DATA; @@ -331,11 +331,11 @@ struct onion_payload *onion_decode(const tal_t *ctx, /* BOLT #4: * - Otherwise (it is not part of a blinded route): - * - MUST return an error if `blinding_point` is set in the - * incoming `update_add_htlc` or `current_blinding_point` + * - MUST return an error if `path_key` is set in the + * incoming `update_add_htlc` or `current_path_key` * is present. */ - if (blinding || p->tlv->current_blinding_point) { + if (blinding || p->tlv->current_path_key) { *failtlvtype = TLV_PAYLOAD_ENCRYPTED_RECIPIENT_DATA; goto field_bad; } diff --git a/common/onion_encode.c b/common/onion_encode.c index e300c0f02..ee9747189 100644 --- a/common/onion_encode.c +++ b/common/onion_encode.c @@ -120,7 +120,7 @@ u8 *onion_blinded_hop(const tal_t *ctx, } tlv->outgoing_cltv_value = cast_const(u32 *, outgoing_cltv_value); tlv->encrypted_recipient_data = cast_const(u8 *, enctlv); - tlv->current_blinding_point = cast_const(struct pubkey *, blinding); + tlv->current_path_key = cast_const(struct pubkey *, blinding); return make_tlv_hop(ctx, tlv); } diff --git a/common/onion_message.c b/common/onion_message.c index 98e5b87d8..0861a1c5a 100644 --- a/common/onion_message.c +++ b/common/onion_message.c @@ -69,7 +69,7 @@ struct blinded_path *blinded_path_from_encdata_tlvs(const tal_t *ctx, assert(tal_count(ids) > 0); randombytes_buf(&first_blinding, sizeof(first_blinding)); - if (!pubkey_from_privkey(&first_blinding, &path->blinding)) + if (!pubkey_from_privkey(&first_blinding, &path->first_path_key)) abort(); sciddir_or_pubkey_from_pubkey(&path->first_node_id, &ids[0]); @@ -191,9 +191,9 @@ struct onion_message *outgoing_onion_message(const tal_t *ctx, /* We need to tell last hop to hand blinded_path blinding for next hop */ pre_final = etlvs[tal_count(ids)-2]; - pre_final->next_blinding_override = tal_dup(pre_final, + pre_final->next_path_key_override = tal_dup(pre_final, struct pubkey, - &their_path->blinding); + &their_path->first_path_key); } our_path = blinded_path_from_encdata_tlvs(tmpctx, @@ -221,7 +221,7 @@ wrap: /* Now populate the onion message to return */ omsg = tal(ctx, struct onion_message); - omsg->first_blinding = combined_path->blinding; + omsg->first_blinding = combined_path->first_path_key; omsg->hops = onionmsg_tlvs_to_hops(omsg, combined_path, cast_const2(const struct tlv_onionmsg_tlv **, otlvs)); return omsg; diff --git a/common/onion_message_parse.c b/common/onion_message_parse.c index 71dad51e9..f3ddfcdd7 100644 --- a/common/onion_message_parse.c +++ b/common/onion_message_parse.c @@ -24,7 +24,7 @@ static bool decrypt_final_onionmsg(const tal_t *ctx, if (!blindedpath_get_alias(ss, my_id, alias)) return false; - encmsg = decrypt_encrypted_data(tmpctx, blinding, ss, enctlv); + encmsg = decrypt_encrypted_data(tmpctx, ss, enctlv); if (!encmsg) return false; @@ -37,15 +37,15 @@ static bool decrypt_final_onionmsg(const tal_t *ctx, return true; } -static bool decrypt_forwarding_onionmsg(const struct pubkey *blinding, +static bool decrypt_forwarding_onionmsg(const struct pubkey *path_key, const struct secret *ss, const u8 *enctlv, struct sciddir_or_pubkey *next_node, - struct pubkey *next_blinding) + struct pubkey *next_path_key) { struct tlv_encrypted_data_tlv *encmsg; - encmsg = decrypt_encrypted_data(tmpctx, blinding, ss, enctlv); + encmsg = decrypt_encrypted_data(tmpctx, ss, enctlv); if (!encmsg) return false; @@ -79,7 +79,7 @@ static bool decrypt_forwarding_onionmsg(const struct pubkey *blinding, } else return false; - blindedpath_next_blinding(encmsg, blinding, ss, next_blinding); + blindedpath_next_path_key(encmsg, path_key, ss, next_path_key); return true; } diff --git a/common/test/run-blindedpath_enctlv.c b/common/test/run-blindedpath_enctlv.c index af1459074..c9408cba2 100644 --- a/common/test/run-blindedpath_enctlv.c +++ b/common/test/run-blindedpath_enctlv.c @@ -95,13 +95,13 @@ static void test_ecdh(const struct pubkey *point, struct secret *ss) abort(); } -static void test_decrypt(const struct pubkey *blinding, +static void test_decrypt(const struct pubkey *path_key, const u8 *enctlv, const struct privkey *me, const struct pubkey *expected_next_node, - const struct privkey *expected_next_blinding_priv) + const struct privkey *expected_next_path_key_priv) { - struct pubkey expected_next_blinding, dummy, next_blinding; + struct pubkey expected_next_path_key, dummy, next_path_key; struct secret ss; struct tlv_encrypted_data_tlv *enc; @@ -109,17 +109,17 @@ static void test_decrypt(const struct pubkey *blinding, pubkey_from_privkey(me, &dummy); mykey = me; - assert(unblind_onion(blinding, test_ecdh, &dummy, &ss)); - enc = decrypt_encrypted_data(tmpctx, blinding, &ss, enctlv); + assert(unblind_onion(path_key, test_ecdh, &dummy, &ss)); + enc = decrypt_encrypted_data(tmpctx, &ss, enctlv); assert(enc); - pubkey_from_privkey(expected_next_blinding_priv, &expected_next_blinding); - blindedpath_next_blinding(enc, blinding, &ss, &next_blinding); - assert(pubkey_eq(&next_blinding, &expected_next_blinding)); + pubkey_from_privkey(expected_next_path_key_priv, &expected_next_path_key); + blindedpath_next_path_key(enc, path_key, &ss, &next_path_key); + assert(pubkey_eq(&next_path_key, &expected_next_path_key)); assert(pubkey_eq(enc->next_node_id, expected_next_node)); } -static void test_final_decrypt(const struct pubkey *blinding, +static void test_final_decrypt(const struct pubkey *path_key, const u8 *enctlv, const struct privkey *me, const struct pubkey *expected_alias, @@ -134,8 +134,8 @@ static void test_final_decrypt(const struct pubkey *blinding, mykey = me; pubkey_from_privkey(me, &my_pubkey); - assert(unblind_onion(blinding, test_ecdh, &dummy, &ss)); - enc = decrypt_encrypted_data(tmpctx, blinding, &ss, enctlv); + assert(unblind_onion(path_key, test_ecdh, &dummy, &ss)); + enc = decrypt_encrypted_data(tmpctx, &ss, enctlv); assert(enc); assert(blindedpath_get_alias(&ss, &my_pubkey, &alias)); @@ -146,8 +146,8 @@ static void test_final_decrypt(const struct pubkey *blinding, int main(int argc, char *argv[]) { - struct privkey alice, bob, carol, dave, blinding, override_blinding; - struct pubkey alice_id, bob_id, carol_id, dave_id, blinding_pub, override_blinding_pub, alias; + struct privkey alice, bob, carol, dave, path_key, override_path_key; + struct pubkey alice_id, bob_id, carol_id, dave_id, path_key_pub, override_path_key_pub, alias; struct secret self_id; u8 *enctlv; struct tlv_encrypted_data_tlv *tlv; @@ -163,8 +163,8 @@ int main(int argc, char *argv[]) pubkey_from_privkey(&carol, &carol_id); pubkey_from_privkey(&dave, &dave_id); - memset(&blinding, 5, sizeof(blinding)); - pubkey_from_privkey(&blinding, &blinding_pub); + memset(&path_key, 5, sizeof(path_key)); + pubkey_from_privkey(&path_key, &path_key_pub); /* We output the JSON test vectors. */ printf("[{"); @@ -173,10 +173,10 @@ int main(int argc, char *argv[]) fmt_privkey(tmpctx, &alice)); json_strfield("node_id", fmt_pubkey(tmpctx, &alice_id)); - json_strfield("blinding_secret", - fmt_privkey(tmpctx, &blinding)); - json_strfield("blinding", - fmt_pubkey(tmpctx, &blinding_pub)); + json_strfield("path_key_secret", + fmt_privkey(tmpctx, &path_key)); + json_strfield("path_key", + fmt_pubkey(tmpctx, &path_key_pub)); printf("\t\"encrypted_data_tlv\": {\n" "\t\t\"next_node_id\": \"%s\"\n" "\t},\n", @@ -184,50 +184,50 @@ int main(int argc, char *argv[]) tlv = tlv_encrypted_data_tlv_new(tmpctx); tlv->next_node_id = &bob_id; - enctlv = encrypt_tlv_encrypted_data(tmpctx, &blinding, &alice_id, tlv, - &blinding, &alias); + enctlv = encrypt_tlv_encrypted_data(tmpctx, &path_key, &alice_id, tlv, + &path_key, &alias); printf("\t\"encrypted_recipient_data_hex\": \"%s\"\n" "},\n", tal_hex(tmpctx, enctlv)); - test_decrypt(&blinding_pub, enctlv, &alice, &bob_id, &blinding); + test_decrypt(&path_key_pub, enctlv, &alice, &bob_id, &path_key); - pubkey_from_privkey(&blinding, &blinding_pub); - memset(&override_blinding, 7, sizeof(override_blinding)); - pubkey_from_privkey(&override_blinding, &override_blinding_pub); + pubkey_from_privkey(&path_key, &path_key_pub); + memset(&override_path_key, 7, sizeof(override_path_key)); + pubkey_from_privkey(&override_path_key, &override_path_key_pub); printf("{"); json_strfield("test name", - "Blinding-key-override encrypted_recipient_data for Bob, next is Carol"); + "path_key_override encrypted_recipient_data for Bob, next is Carol"); json_strfield("node_privkey", fmt_privkey(tmpctx, &bob)); json_strfield("node_id", fmt_pubkey(tmpctx, &bob_id)); - json_strfield("blinding_secret", - fmt_privkey(tmpctx, &blinding)); - json_strfield("blinding", - fmt_pubkey(tmpctx, &blinding_pub)); + json_strfield("path_key_secret", + fmt_privkey(tmpctx, &path_key)); + json_strfield("path_key", + fmt_pubkey(tmpctx, &path_key_pub)); printf("\t\"encrypted_data_tlv\": {\n" "\t\t\"next_node_id\": \"%s\",\n" - "\t\t\"blinding\": \"%s\"\n" + "\t\t\"path_key\": \"%s\"\n" "\t},\n", fmt_pubkey(tmpctx, &carol_id), - fmt_privkey(tmpctx, &override_blinding)); + fmt_privkey(tmpctx, &override_path_key)); tlv = tlv_encrypted_data_tlv_new(tmpctx); tlv->next_node_id = &carol_id; - tlv->next_blinding_override = &override_blinding_pub; - enctlv = encrypt_tlv_encrypted_data(tmpctx, &blinding, &bob_id, tlv, - &blinding, &alias); + tlv->next_path_key_override = &override_path_key_pub; + enctlv = encrypt_tlv_encrypted_data(tmpctx, &path_key, &bob_id, tlv, + &path_key, &alias); printf("\t\"encrypted_recipient_data_hex\": \"%s\"\n" "},\n", tal_hex(tmpctx, enctlv)); - test_decrypt(&blinding_pub, enctlv, &bob, &carol_id, &override_blinding); + test_decrypt(&path_key_pub, enctlv, &bob, &carol_id, &override_path_key); - /* That replaced the blinding */ - blinding = override_blinding; - blinding_pub = override_blinding_pub; + /* That replaced the path_key */ + path_key = override_path_key; + path_key_pub = override_path_key_pub; printf("{"); json_strfield("test name", "Padded encrypted_recipient_data for Carol, next is Dave"); @@ -235,10 +235,10 @@ int main(int argc, char *argv[]) fmt_privkey(tmpctx, &carol)); json_strfield("node_id", fmt_pubkey(tmpctx, &carol_id)); - json_strfield("blinding_secret", - fmt_privkey(tmpctx, &blinding)); - json_strfield("blinding", - fmt_pubkey(tmpctx, &blinding_pub)); + json_strfield("path_key_secret", + fmt_privkey(tmpctx, &path_key)); + json_strfield("path_key", + fmt_pubkey(tmpctx, &path_key_pub)); printf("\t\"encrypted_data_tlv\": {\n" "\t\t\"next_node_id\": \"%s\",\n" "\t\t\"padding\": \"%s\"\n" @@ -249,13 +249,13 @@ int main(int argc, char *argv[]) tlv = tlv_encrypted_data_tlv_new(tmpctx); tlv->padding = tal_arrz(tlv, u8, 35); tlv->next_node_id = &dave_id; - enctlv = encrypt_tlv_encrypted_data(tmpctx, &blinding, &carol_id, tlv, - &blinding, &alias); + enctlv = encrypt_tlv_encrypted_data(tmpctx, &path_key, &carol_id, tlv, + &path_key, &alias); printf("\t\"encrypted_recipient_data_hex\": \"%s\"\n" "},\n", tal_hex(tmpctx, enctlv)); - test_decrypt(&blinding_pub, enctlv, &carol, &dave_id, &blinding); + test_decrypt(&path_key_pub, enctlv, &carol, &dave_id, &path_key); for (size_t i = 0; i < sizeof(self_id); i++) self_id.data[i] = i+1; @@ -265,10 +265,10 @@ int main(int argc, char *argv[]) fmt_privkey(tmpctx, &dave)); json_strfield("node_id", fmt_pubkey(tmpctx, &dave_id)); - json_strfield("blinding_secret", - fmt_privkey(tmpctx, &blinding)); - json_strfield("blinding", - fmt_pubkey(tmpctx, &blinding_pub)); + json_strfield("path_key_secret", + fmt_privkey(tmpctx, &path_key)); + json_strfield("path_key", + fmt_pubkey(tmpctx, &path_key_pub)); printf("\t\"encrypted_data_tlv\": {\n" "\t\t\"self_id\": \"%s\"\n" "\t},\n", @@ -277,15 +277,15 @@ int main(int argc, char *argv[]) tlv = tlv_encrypted_data_tlv_new(tmpctx); tlv->path_id = tal_dup_arr(tlv, u8, self_id.data, ARRAY_SIZE(self_id.data), 0); - enctlv = encrypt_tlv_encrypted_data(tmpctx, &blinding, &dave_id, tlv, + enctlv = encrypt_tlv_encrypted_data(tmpctx, &path_key, &dave_id, tlv, NULL, &alias); printf("\t\"encrypted_recipient_data_hex\": \"%s\"\n", tal_hex(tmpctx, enctlv)); printf("}]\n"); - pubkey_from_privkey(&blinding, &blinding_pub); + pubkey_from_privkey(&path_key, &path_key_pub); - test_final_decrypt(&blinding_pub, enctlv, &dave, &alias, &self_id); + test_final_decrypt(&path_key_pub, enctlv, &dave, &alias, &self_id); common_shutdown(); } diff --git a/common/test/run-blindedpath_onion.c b/common/test/run-blindedpath_onion.c index 084e1a27e..7fa7abe59 100644 --- a/common/test/run-blindedpath_onion.c +++ b/common/test/run-blindedpath_onion.c @@ -118,11 +118,11 @@ void ecdh(const struct pubkey *point, struct secret *ss) static u8 *next_onion(const tal_t *ctx, u8 *omsg, const struct privkey *nodekey, - const struct pubkey *expected_blinding) + const struct pubkey *expected_path_key) { struct onionpacket *op; - struct pubkey blinding, ephemeral; - struct pubkey next_blinding; + struct pubkey path_key, ephemeral; + struct pubkey next_path_key; struct tlv_onionmsg_tlv *om; struct secret ss, onion_ss; const u8 *cursor; @@ -130,14 +130,14 @@ static u8 *next_onion(const tal_t *ctx, u8 *omsg, struct route_step *rs; struct tlv_encrypted_data_tlv *enc; - assert(fromwire_onion_message(tmpctx, omsg, &blinding, &omsg)); - assert(pubkey_eq(&blinding, expected_blinding)); + assert(fromwire_onion_message(tmpctx, omsg, &path_key, &omsg)); + assert(pubkey_eq(&path_key, expected_path_key)); op = parse_onionpacket(tmpctx, omsg, tal_bytelen(omsg), NULL); ephemeral = op->ephemeralkey; ecdh_key = nodekey; - assert(unblind_onion(&blinding, ecdh, &ephemeral, &ss)); + assert(unblind_onion(&path_key, ecdh, &ephemeral, &ss)); ecdh(&ephemeral, &onion_ss); rs = process_onionpacket(tmpctx, op, &onion_ss, NULL, 0); @@ -152,17 +152,17 @@ static u8 *next_onion(const tal_t *ctx, u8 *omsg, if (rs->nextcase == ONION_END) return NULL; - enc = decrypt_encrypted_data(tmpctx, &blinding, &ss, om->encrypted_recipient_data); + enc = decrypt_encrypted_data(tmpctx, &ss, om->encrypted_recipient_data); assert(enc); - blindedpath_next_blinding(enc, &blinding, &ss, &next_blinding); - return towire_onion_message(ctx, &next_blinding, + blindedpath_next_path_key(enc, &path_key, &ss, &next_path_key); + return towire_onion_message(ctx, &next_path_key, serialize_onionpacket(tmpctx, rs->next)); } int main(int argc, char *argv[]) { - struct privkey nodekey[4], blinding[4], override_blinding; - struct pubkey id[4], blinding_pub[4], override_blinding_pub, alias[4]; + struct privkey nodekey[4], path_key[4], override_path_key; + struct pubkey id[4], path_key_pub[4], override_path_key_pub, alias[4]; struct secret self_id; struct tlv_encrypted_data_tlv *tlv[4]; u8 *enctlv[4]; @@ -181,43 +181,43 @@ int main(int argc, char *argv[]) } /* Make enctlvs as per enctlv test vectors */ - memset(&blinding[ALICE], 5, sizeof(blinding[ALICE])); - pubkey_from_privkey(&blinding[ALICE], &blinding_pub[ALICE]); + memset(&path_key[ALICE], 5, sizeof(path_key[ALICE])); + pubkey_from_privkey(&path_key[ALICE], &path_key_pub[ALICE]); tlv[ALICE] = tlv_encrypted_data_tlv_new(tmpctx); tlv[ALICE]->next_node_id = &id[BOB]; enctlv[ALICE] = encrypt_tlv_encrypted_data(tmpctx, - &blinding[ALICE], + &path_key[ALICE], &id[ALICE], tlv[ALICE], - &blinding[BOB], + &path_key[BOB], &alias[ALICE]); - pubkey_from_privkey(&blinding[BOB], &blinding_pub[BOB]); + pubkey_from_privkey(&path_key[BOB], &path_key_pub[BOB]); - /* We override blinding for Carol. */ - memset(&override_blinding, 7, sizeof(override_blinding)); - pubkey_from_privkey(&override_blinding, &override_blinding_pub); + /* We override path_key for Carol. */ + memset(&override_path_key, 7, sizeof(override_path_key)); + pubkey_from_privkey(&override_path_key, &override_path_key_pub); tlv[BOB] = tlv_encrypted_data_tlv_new(tmpctx); tlv[BOB]->next_node_id = &id[CAROL]; - tlv[BOB]->next_blinding_override = &override_blinding_pub; + tlv[BOB]->next_path_key_override = &override_path_key_pub; enctlv[BOB] = encrypt_tlv_encrypted_data(tmpctx, - &blinding[BOB], + &path_key[BOB], &id[BOB], tlv[BOB], - &blinding[CAROL], + &path_key[CAROL], &alias[BOB]); - /* That replaced the blinding */ - blinding[CAROL] = override_blinding; - blinding_pub[CAROL] = override_blinding_pub; + /* That replaced the path_key */ + path_key[CAROL] = override_path_key; + path_key_pub[CAROL] = override_path_key_pub; tlv[CAROL] = tlv_encrypted_data_tlv_new(tmpctx); tlv[CAROL]->next_node_id = &id[DAVE]; tlv[CAROL]->padding = tal_arrz(tlv[CAROL], u8, 35); enctlv[CAROL] = encrypt_tlv_encrypted_data(tmpctx, - &blinding[CAROL], + &path_key[CAROL], &id[CAROL], tlv[CAROL], - &blinding[DAVE], + &path_key[DAVE], &alias[CAROL]); for (size_t i = 0; i < sizeof(self_id); i++) @@ -228,11 +228,11 @@ int main(int argc, char *argv[]) self_id.data, ARRAY_SIZE(self_id.data), 0); enctlv[DAVE] = encrypt_tlv_encrypted_data(tmpctx, - &blinding[DAVE], + &path_key[DAVE], &id[DAVE], tlv[DAVE], NULL, &alias[DAVE]); - pubkey_from_privkey(&blinding[DAVE], &blinding_pub[DAVE]); + pubkey_from_privkey(&path_key[DAVE], &path_key_pub[DAVE]); /* Create an onion which encodes this. */ sphinx_path = sphinx_path_new(tmpctx, NULL); @@ -248,7 +248,7 @@ int main(int argc, char *argv[]) &path_secrets); /* And finally, the onion message as handed to Alice */ - omsg = towire_onion_message(tmpctx, &blinding_pub[ALICE], + omsg = towire_onion_message(tmpctx, &path_key_pub[ALICE], serialize_onionpacket(tmpctx, op)); printf("{\n"); @@ -265,10 +265,10 @@ int main(int argc, char *argv[]) printf("\t\"onion_message\": {"); json_strfield("raw", tal_hex(tmpctx, omsg)); - json_strfield("blinding_secret", - fmt_privkey(tmpctx, &blinding[i])); - json_strfield("blinding", - fmt_pubkey(tmpctx, &blinding_pub[i])); + json_strfield("path_key_secret", + fmt_privkey(tmpctx, &path_key[i])); + json_strfield("path_key", + fmt_pubkey(tmpctx, &path_key_pub[i])); json_strfield("blinded_alias", fmt_pubkey(tmpctx, &alias[i])); json_strfield("onionmsg_tlv", @@ -280,7 +280,7 @@ int main(int argc, char *argv[]) printf(",\n"); /* Unwrap for next hop */ - omsg = next_onion(tmpctx, omsg, &nodekey[i], &blinding_pub[i]); + omsg = next_onion(tmpctx, omsg, &nodekey[i], &path_key_pub[i]); } assert(!omsg); printf("\n]}\n"); diff --git a/common/test/run-bolt12-encode-test.c b/common/test/run-bolt12-encode-test.c index 0b59adaef..9ec552ddd 100644 --- a/common/test/run-bolt12-encode-test.c +++ b/common/test/run-bolt12-encode-test.c @@ -230,7 +230,7 @@ int main(int argc, char *argv[]) offer->offer_paths[0]->first_node_id.is_pubkey = true; assert(pubkey_from_secret(&bob, &offer->offer_paths[0]->first_node_id.pubkey)); /* Random blinding secret. */ - assert(pubkey_from_hexstr("020202020202020202020202020202020202020202020202020202020202020202", 66, &offer->offer_paths[0]->blinding)); + assert(pubkey_from_hexstr("020202020202020202020202020202020202020202020202020202020202020202", 66, &offer->offer_paths[0]->first_path_key)); offer->offer_paths[0]->path = tal_arr(offer->offer_paths[0], struct onionmsg_hop *, 2); @@ -242,7 +242,7 @@ int main(int argc, char *argv[]) struct onionmsg_hop); assert(pubkey_from_hexstr("020202020202020202020202020202020202020202020202020202020202020202", 66, &offer->offer_paths[0]->path[1]->blinded_node_id)); offer->offer_paths[0]->path[1]->encrypted_recipient_data = tal_hexdata(offer->offer_paths[0]->path[1], "1111111111111111", 16); - print_valid_offer(offer, "with blinded path via Bob (0x424242...), blinding 020202...", + print_valid_offer(offer, "with blinded path via Bob (0x424242...), path_key 020202...", "path is [id=02020202..., enc=0x00*16], [id=02020202..., enc=0x11*8]", NULL); /* BOLT-offers #12: @@ -253,7 +253,7 @@ int main(int argc, char *argv[]) * - MUST set `offer_issuer_id` to the node's public key to request the invoice from. */ offer->offer_issuer_id = tal_free(offer->offer_issuer_id); - print_valid_offer(offer, "with no issuer_id and blinded path via Bob (0x424242...), blinding 020202...", + print_valid_offer(offer, "with no issuer_id and blinded path via Bob (0x424242...), path_key 020202...", "path is [id=02020202..., enc=0x00*16], [id=02020202..., enc=0x11*8]", NULL); offer->offer_issuer_id = tal(offer, struct pubkey); assert(pubkey_from_secret(&alice, offer->offer_issuer_id)); @@ -263,8 +263,8 @@ int main(int argc, char *argv[]) offer->offer_paths[1]->first_node_id.is_pubkey = false; assert(short_channel_id_dir_from_str("1x2x3/1", strlen("1x2x3/1"), &offer->offer_paths[1]->first_node_id.scidd)); - /* Random blinding secret. */ - assert(pubkey_from_hexstr("020202020202020202020202020202020202020202020202020202020202020202", 66, &offer->offer_paths[1]->blinding)); + /* Random path_key secret. */ + assert(pubkey_from_hexstr("020202020202020202020202020202020202020202020202020202020202020202", 66, &offer->offer_paths[1]->first_path_key)); offer->offer_paths[1]->path = tal_arr(offer->offer_paths[1], struct onionmsg_hop *, 2); @@ -276,7 +276,7 @@ int main(int argc, char *argv[]) struct onionmsg_hop); assert(pubkey_from_hexstr("020202020202020202020202020202020202020202020202020202020202020202", 66, &offer->offer_paths[1]->path[1]->blinded_node_id)); offer->offer_paths[1]->path[1]->encrypted_recipient_data = tal_hexdata(offer->offer_paths[1]->path[1], "2222222222222222", 16); - print_valid_offer(offer, "... and with second blinded path via 1x2x3 (direction 1), blinding 020202...", + print_valid_offer(offer, "... and with second blinded path via 1x2x3 (direction 1), path_key 020202...", "path is [id=02020202..., enc=0x00*16], [id=02020202..., enc=0x22*8]", NULL); paths = offer->offer_paths; offer->offer_paths = NULL; @@ -363,7 +363,7 @@ int main(int argc, char *argv[]) "0A05414C494345" "10020202020202020202020202020202020202020202020202020202020202020202030303030303030303030303030303030303030303030303030303030303030303010202020202020202020202020202020202020202020202020202020202020202020100" "1621020202020202020202020202020202020202020202020202020202020202020202", - "Malformed: bad blinding in blinded_path"); + "Malformed: bad path_key in blinded_path"); print_malformed_tlv("lno", "0A05414C494345" "10020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202010303030303030303030303030303030303030303030303030303030303030303030100" diff --git a/common/test/run-onion-message-test.c b/common/test/run-onion-message-test.c index 7017da3cf..ae1d55de7 100644 --- a/common/test/run-onion-message-test.c +++ b/common/test/run-onion-message-test.c @@ -119,15 +119,15 @@ void ecdh(const struct pubkey *point, struct secret *ss) #define LARGEST_DAVE_TLV_SIZE 42 /* Generic, ugly, function to calc encrypted_recipient_data, - alias and next blinding, and print out JSON */ + alias and next path_key, and print out JSON */ static u8 *add_hop(const char *name, const char *comment, const struct pubkey *me, const struct pubkey *next, - const struct privkey *override_blinding, + const struct privkey *override_path_key, const char *additional_field_hexstr, const char *path_id_hexstr, - struct privkey *blinding, /* in and out */ + struct privkey *path_key, /* in and out */ struct pubkey *alias /* out */) { struct tlv_encrypted_data_tlv *tlv = tlv_encrypted_data_tlv_new(tmpctx); @@ -137,7 +137,7 @@ static u8 *add_hop(const char *name, json_start(NULL, '{'); json_strfield("alias", name); json_strfield("comment", comment); - json_hexfield("blinding_secret", blinding->secret.data, sizeof(*blinding)); + json_hexfield("path_key_secret", path_key->secret.data, sizeof(*path_key)); /* We have to calc first, to make padding correct */ tlv->next_node_id = tal_dup_or_null(tlv, struct pubkey, next); @@ -145,12 +145,12 @@ static u8 *add_hop(const char *name, tlv->path_id = tal_hexdata(tlv, path_id_hexstr, strlen(path_id_hexstr)); - /* Normally we wouldn't know blinding privkey, and we'd just + /* Normally we wouldn't know path_key privkey, and we'd just * paste in the rest of the path as given, but here we're actually * generating the lot. */ - if (override_blinding) { - tlv->next_blinding_override = tal(tlv, struct pubkey); - assert(pubkey_from_privkey(override_blinding, tlv->next_blinding_override)); + if (override_path_key) { + tlv->next_path_key_override = tal(tlv, struct pubkey); + assert(pubkey_from_privkey(override_path_key, tlv->next_path_key_override)); } /* This is assumed to be a valid TLV tuple, and greater than @@ -178,7 +178,7 @@ static u8 *add_hop(const char *name, enctlv = tal_arr(tmpctx, u8, 0); towire_tlv_encrypted_data_tlv(&enctlv, tlv); towire(&enctlv, additional, tal_bytelen(additional)); - if (!override_blinding) + if (!override_path_key) assert(tal_bytelen(enctlv) == LARGEST_DAVE_TLV_SIZE); json_start("tlvs", '{'); @@ -188,12 +188,12 @@ static u8 *add_hop(const char *name, json_pubkey("next_node_id", tlv->next_node_id); if (tlv->path_id) json_hex_talfield("path_id", tlv->path_id); - if (tlv->next_blinding_override) { - json_pubkey("next_blinding_override", - tlv->next_blinding_override); - json_hexfield("blinding_override_secret", - override_blinding->secret.data, - sizeof(*override_blinding)); + if (tlv->next_path_key_override) { + json_pubkey("next_path_key_override", + tlv->next_path_key_override); + json_hexfield("path_key_override_secret", + override_path_key->secret.data, + sizeof(*override_path_key)); } if (additional) { /* Deconstruct into type, len, value */ @@ -211,16 +211,16 @@ static u8 *add_hop(const char *name, flush_comma(); enable_superverbose = true; encrypted_recipient_data = enctlv_from_encmsg_raw(tmpctx, - blinding, + path_key, me, enctlv, - blinding, + path_key, alias); enable_superverbose = false; json_hex_talfield("encrypted_recipient_data", encrypted_recipient_data); - if (override_blinding) - *blinding = *override_blinding; + if (override_path_key) + *path_key = *override_path_key; json_end('}'); maybe_comma(); @@ -230,8 +230,8 @@ static u8 *add_hop(const char *name, int main(int argc, char *argv[]) { const char *alias[] = {"Alice", "Bob", "Carol", "Dave"}; - struct privkey privkey[ARRAY_SIZE(alias)], blinding, override_blinding; - struct pubkey id[ARRAY_SIZE(alias)], blinding_pub; + struct privkey privkey[ARRAY_SIZE(alias)], path_key, override_path_key; + struct pubkey id[ARRAY_SIZE(alias)], path_key_pub; struct secret session_key; u8 *erd[ARRAY_SIZE(alias)]; /* encrypted_recipient_data */ u8 *onion_message_packet, *onion_message; @@ -257,36 +257,36 @@ int main(int argc, char *argv[]) json_hexfield("session_key", session_key.data, sizeof(session_key)); json_start("hops", '['); - memset(&blinding, 99, sizeof(blinding)); - memset(&override_blinding, 1, sizeof(override_blinding)); - erd[0] = add_hop("Alice", "Alice->Bob: note next_blinding_override to match that give by Dave for Bob", + memset(&path_key, 99, sizeof(path_key)); + memset(&override_path_key, 1, sizeof(override_path_key)); + erd[0] = add_hop("Alice", "Alice->Bob: note next_path_key_override to match that give by Dave for Bob", &id[0], &id[1], - &override_blinding, NULL, NULL, - &blinding, &blinded[0]); + &override_path_key, NULL, NULL, + &path_key, &blinded[0]); erd[1] = add_hop("Bob", "Bob->Carol", &id[1], &id[2], NULL, "fd023103123456", NULL, - &blinding, &blinded[1]); + &path_key, &blinded[1]); erd[2] = add_hop("Carol", "Carol->Dave", &id[2], &id[3], NULL, NULL, NULL, - &blinding, &blinded[2]); + &path_key, &blinded[2]); erd[3] = add_hop("Dave", "Dave is final node, hence path_id", &id[3], NULL, NULL, "fdffff0206c1", "deadbeefbadc0ffeedeadbeefbadc0ffeedeadbeefbadc0ffeedeadbeefbadc0", - &blinding, &blinded[3]); + &path_key, &blinded[3]); json_end(']'); json_end('}'); maybe_comma(); - memset(&blinding, 99, sizeof(blinding)); - assert(pubkey_from_privkey(&blinding, &blinding_pub)); + memset(&path_key, 99, sizeof(path_key)); + assert(pubkey_from_privkey(&path_key, &path_key_pub)); json_start("route", '{'); json_strfield("comment", "The resulting blinded route Alice to Dave."); json_pubkey("introduction_node_id", &id[0]); - json_pubkey("blinding", &blinding_pub); + json_pubkey("path_key", &path_key_pub); json_start("hops", '['); for (size_t i = 0; i < ARRAY_SIZE(erd); i++) { @@ -338,7 +338,7 @@ int main(int argc, char *argv[]) json_start("decrypt", '{'); json_strfield("comment", "This section contains the internal values generated by intermediate nodes when decrypting the onion."); - onion_message = towire_onion_message(tmpctx, &blinding_pub, onion_message_packet); + onion_message = towire_onion_message(tmpctx, &path_key_pub, onion_message_packet); json_start("hops", '['); for (size_t i = 0; i < ARRAY_SIZE(erd); i++) { @@ -354,11 +354,11 @@ int main(int argc, char *argv[]) /* Now, do full decrypt code, to check */ assert(fromwire_onion_message(tmpctx, onion_message, - &blinding_pub, &onion_message_packet)); + &path_key_pub, &onion_message_packet)); /* For test_ecdh */ mykey = &privkey[i]; - assert(onion_message_parse(tmpctx, onion_message_packet, &blinding_pub, + assert(onion_message_parse(tmpctx, onion_message_packet, &path_key_pub, &id[i], &onion_message, &next_node, &final_om, diff --git a/common/test/run-onion-test-vector.c b/common/test/run-onion-test-vector.c index a42cf1e9b..e7246dc0f 100644 --- a/common/test/run-onion-test-vector.c +++ b/common/test/run-onion-test-vector.c @@ -59,7 +59,6 @@ struct amount_sat amount_tx_fee(u32 fee_per_kw UNNEEDED, size_t weight UNNEEDED) { fprintf(stderr, "amount_tx_fee called!\n"); abort(); } /* Generated stub for decrypt_encrypted_data */ struct tlv_encrypted_data_tlv *decrypt_encrypted_data(const tal_t *ctx UNNEEDED, - const struct pubkey *blinding UNNEEDED, const struct secret *ss UNNEEDED, const u8 *enctlv) diff --git a/common/test/run-route_blinding_onion_test.c b/common/test/run-route_blinding_onion_test.c index 45610fa7c..84b291c2c 100644 --- a/common/test/run-route_blinding_onion_test.c +++ b/common/test/run-route_blinding_onion_test.c @@ -111,7 +111,7 @@ int main(int argc, char *argv[]) "final_amount_msat:%," "final_cltv:%," "blinded_payinfo:{fee_base_msat:%,fee_proportional_millionths:%,cltv_expiry_delta:%}," - "blinded_route:{introduction_node_id:%,blinding:%,hops:%}}}", + "blinded_route:{first_node_id:%,first_path_key:%,hops:%}}}", JSON_SCAN(json_to_secret, &session_key), JSON_SCAN_TAL(tmpctx, json_tok_bin_from_hex, &associated_data), JSON_SCAN(json_to_msat, &final_amount), @@ -120,7 +120,7 @@ int main(int argc, char *argv[]) JSON_SCAN(json_to_u32, &path_fee_proportional_millionths), JSON_SCAN(json_to_u32, &path_cltv_delta), JSON_SCAN(json_to_pubkey, &bpath->first_node_id.pubkey), - JSON_SCAN(json_to_pubkey, &bpath->blinding), + JSON_SCAN(json_to_pubkey, &bpath->first_path_key), JSON_SCAN(json_to_tok, &hops_tok)) == NULL); /* FIXME: Test scid as well! */ diff --git a/common/test/run-route_blinding_test.c b/common/test/run-route_blinding_test.c index 6cc627762..deb651509 100644 --- a/common/test/run-route_blinding_test.c +++ b/common/test/run-route_blinding_test.c @@ -118,10 +118,10 @@ static u8 *json_to_enctlvs(const tal_t *ctx, enctlv->path_id = json_tok_bin_from_hex(enctlv, buf, t+1); assert(enctlv->path_id); - } else if (json_tok_streq(buf, t, "next_blinding_override")) { - enctlv->next_blinding_override = tal(enctlv, struct pubkey); + } else if (json_tok_streq(buf, t, "next_path_key_override")) { + enctlv->next_path_key_override = tal(enctlv, struct pubkey); assert(json_to_pubkey(buf, t+1, - enctlv->next_blinding_override)); + enctlv->next_path_key_override)); } else if (json_tok_streq(buf, t, "payment_relay")) { enctlv->payment_relay = json_to_payment_relay(enctlv, buf, t+1); } else if (json_tok_streq(buf, t, "payment_constraints")) { @@ -159,7 +159,7 @@ int main(int argc, char *argv[]) const jsmntok_t *t, *hops_tok; struct pubkey *ids; u8 **enctlvs; - struct privkey blinding; + struct privkey path_key; common_setup(argv[0]); @@ -212,20 +212,20 @@ int main(int argc, char *argv[]) if (json_get_member(json, t, "session_key")) assert(json_to_secret(json, json_get_member(json, t, "session_key"), - &blinding.secret)); + &path_key.secret)); else - assert(secret_eq_consttime(&blinding.secret, &s)); + assert(secret_eq_consttime(&path_key.secret, &s)); - assert(pubkey_from_privkey(&blinding, &pubkey)); + assert(pubkey_from_privkey(&path_key, &pubkey)); json_to_pubkey(json, json_get_member(json, t, "ephemeral_pubkey"), &expected_pubkey); assert(pubkey_eq(&pubkey, &expected_pubkey)); enctlv = enctlv_from_encmsg_raw(tmpctx, - &blinding, + &path_key, &ids[i], enctlvs[i], - &blinding, + &path_key, &alias); expected_enctlv = json_tok_bin_from_hex(tmpctx,json, json_get_member(json, t, diff --git a/common/test/run-sphinx.c b/common/test/run-sphinx.c index 1af709090..2bca7edf4 100644 --- a/common/test/run-sphinx.c +++ b/common/test/run-sphinx.c @@ -60,7 +60,6 @@ size_t bigsize_put(u8 buf[BIGSIZE_MAX_LEN] UNNEEDED, bigsize_t v UNNEEDED) { fprintf(stderr, "bigsize_put called!\n"); abort(); } /* Generated stub for decrypt_encrypted_data */ struct tlv_encrypted_data_tlv *decrypt_encrypted_data(const tal_t *ctx UNNEEDED, - const struct pubkey *blinding UNNEEDED, const struct secret *ss UNNEEDED, const u8 *enctlv) diff --git a/devtools/bolt12-cli.c b/devtools/bolt12-cli.c index 7b4dae196..d6feea32e 100644 --- a/devtools/bolt12-cli.c +++ b/devtools/bolt12-cli.c @@ -270,10 +270,10 @@ static bool print_blindedpaths(const char *fieldname, for (size_t i = 0; i < tal_count(paths); i++) { struct onionmsg_hop **p = paths[i]->path; - printf("%s %zu/%zu: blinding %s ", + printf("%s %zu/%zu: first_path_key %s ", fieldname, i, tal_count(paths), - fmt_pubkey(tmpctx, &paths[i]->blinding)); + fmt_pubkey(tmpctx, &paths[i]->first_path_key)); printf("first_node_id %s ", fmt_sciddir_or_pubkey(tmpctx, &paths[i]->first_node_id)); printf("path "); diff --git a/gossipd/test/run-check_channel_announcement.c b/gossipd/test/run-check_channel_announcement.c index 42da0a710..6c743d4d9 100644 --- a/gossipd/test/run-check_channel_announcement.c +++ b/gossipd/test/run-check_channel_announcement.c @@ -46,16 +46,16 @@ void blinding_hash_e_and_ss(const struct pubkey *e UNNEEDED, const struct secret *ss UNNEEDED, struct sha256 *sha UNNEEDED) { fprintf(stderr, "blinding_hash_e_and_ss called!\n"); abort(); } -/* Generated stub for blinding_next_privkey */ -bool blinding_next_privkey(const struct privkey *e UNNEEDED, - const struct sha256 *h UNNEEDED, - struct privkey *next UNNEEDED) -{ fprintf(stderr, "blinding_next_privkey called!\n"); abort(); } -/* Generated stub for blinding_next_pubkey */ -bool blinding_next_pubkey(const struct pubkey *pk UNNEEDED, - const struct sha256 *h UNNEEDED, - struct pubkey *next UNNEEDED) -{ fprintf(stderr, "blinding_next_pubkey called!\n"); abort(); } +/* Generated stub for blinding_next_path_key */ +bool blinding_next_path_key(const struct pubkey *pk UNNEEDED, + const struct sha256 *h UNNEEDED, + struct pubkey *next UNNEEDED) +{ fprintf(stderr, "blinding_next_path_key called!\n"); abort(); } +/* Generated stub for blinding_next_path_privkey */ +bool blinding_next_path_privkey(const struct privkey *e UNNEEDED, + const struct sha256 *h UNNEEDED, + struct privkey *next UNNEEDED) +{ fprintf(stderr, "blinding_next_path_privkey called!\n"); abort(); } /* Generated stub for fromwire_sciddir_or_pubkey */ void fromwire_sciddir_or_pubkey(const u8 **cursor UNNEEDED, size_t *max UNNEEDED, struct sciddir_or_pubkey *sciddpk UNNEEDED) diff --git a/gossipd/test/run-extended-info.c b/gossipd/test/run-extended-info.c index 10ba32ad7..4973af8d9 100644 --- a/gossipd/test/run-extended-info.c +++ b/gossipd/test/run-extended-info.c @@ -21,16 +21,16 @@ void blinding_hash_e_and_ss(const struct pubkey *e UNNEEDED, const struct secret *ss UNNEEDED, struct sha256 *sha UNNEEDED) { fprintf(stderr, "blinding_hash_e_and_ss called!\n"); abort(); } -/* Generated stub for blinding_next_privkey */ -bool blinding_next_privkey(const struct privkey *e UNNEEDED, - const struct sha256 *h UNNEEDED, - struct privkey *next UNNEEDED) -{ fprintf(stderr, "blinding_next_privkey called!\n"); abort(); } -/* Generated stub for blinding_next_pubkey */ -bool blinding_next_pubkey(const struct pubkey *pk UNNEEDED, - const struct sha256 *h UNNEEDED, - struct pubkey *next UNNEEDED) -{ fprintf(stderr, "blinding_next_pubkey called!\n"); abort(); } +/* Generated stub for blinding_next_path_key */ +bool blinding_next_path_key(const struct pubkey *pk UNNEEDED, + const struct sha256 *h UNNEEDED, + struct pubkey *next UNNEEDED) +{ fprintf(stderr, "blinding_next_path_key called!\n"); abort(); } +/* Generated stub for blinding_next_path_privkey */ +bool blinding_next_path_privkey(const struct privkey *e UNNEEDED, + const struct sha256 *h UNNEEDED, + struct privkey *next UNNEEDED) +{ fprintf(stderr, "blinding_next_path_privkey called!\n"); abort(); } /* Generated stub for decode_channel_update_timestamps */ struct channel_update_timestamps *decode_channel_update_timestamps(const tal_t *ctx UNNEEDED, const struct tlv_reply_channel_range_tlvs_timestamps_tlv *timestamps_tlv UNNEEDED) diff --git a/gossipd/test/run-next_block_range.c b/gossipd/test/run-next_block_range.c index 8f2e7db7e..f6197acea 100644 --- a/gossipd/test/run-next_block_range.c +++ b/gossipd/test/run-next_block_range.c @@ -17,16 +17,16 @@ void blinding_hash_e_and_ss(const struct pubkey *e UNNEEDED, const struct secret *ss UNNEEDED, struct sha256 *sha UNNEEDED) { fprintf(stderr, "blinding_hash_e_and_ss called!\n"); abort(); } -/* Generated stub for blinding_next_privkey */ -bool blinding_next_privkey(const struct privkey *e UNNEEDED, - const struct sha256 *h UNNEEDED, - struct privkey *next UNNEEDED) -{ fprintf(stderr, "blinding_next_privkey called!\n"); abort(); } -/* Generated stub for blinding_next_pubkey */ -bool blinding_next_pubkey(const struct pubkey *pk UNNEEDED, - const struct sha256 *h UNNEEDED, - struct pubkey *next UNNEEDED) -{ fprintf(stderr, "blinding_next_pubkey called!\n"); abort(); } +/* Generated stub for blinding_next_path_key */ +bool blinding_next_path_key(const struct pubkey *pk UNNEEDED, + const struct sha256 *h UNNEEDED, + struct pubkey *next UNNEEDED) +{ fprintf(stderr, "blinding_next_path_key called!\n"); abort(); } +/* Generated stub for blinding_next_path_privkey */ +bool blinding_next_path_privkey(const struct privkey *e UNNEEDED, + const struct sha256 *h UNNEEDED, + struct privkey *next UNNEEDED) +{ fprintf(stderr, "blinding_next_path_privkey called!\n"); abort(); } /* Generated stub for find_peer */ struct peer *find_peer(struct daemon *daemon UNNEEDED, const struct node_id *id UNNEEDED) { fprintf(stderr, "find_peer called!\n"); abort(); } diff --git a/gossipd/test/run-txout_failure.c b/gossipd/test/run-txout_failure.c index 64ee3b698..ebb740ea7 100644 --- a/gossipd/test/run-txout_failure.c +++ b/gossipd/test/run-txout_failure.c @@ -19,16 +19,16 @@ void blinding_hash_e_and_ss(const struct pubkey *e UNNEEDED, const struct secret *ss UNNEEDED, struct sha256 *sha UNNEEDED) { fprintf(stderr, "blinding_hash_e_and_ss called!\n"); abort(); } -/* Generated stub for blinding_next_privkey */ -bool blinding_next_privkey(const struct privkey *e UNNEEDED, - const struct sha256 *h UNNEEDED, - struct privkey *next UNNEEDED) -{ fprintf(stderr, "blinding_next_privkey called!\n"); abort(); } -/* Generated stub for blinding_next_pubkey */ -bool blinding_next_pubkey(const struct pubkey *pk UNNEEDED, - const struct sha256 *h UNNEEDED, - struct pubkey *next UNNEEDED) -{ fprintf(stderr, "blinding_next_pubkey called!\n"); abort(); } +/* Generated stub for blinding_next_path_key */ +bool blinding_next_path_key(const struct pubkey *pk UNNEEDED, + const struct sha256 *h UNNEEDED, + struct pubkey *next UNNEEDED) +{ fprintf(stderr, "blinding_next_path_key called!\n"); abort(); } +/* Generated stub for blinding_next_path_privkey */ +bool blinding_next_path_privkey(const struct privkey *e UNNEEDED, + const struct sha256 *h UNNEEDED, + struct privkey *next UNNEEDED) +{ fprintf(stderr, "blinding_next_path_privkey called!\n"); abort(); } /* Generated stub for fromwire_sciddir_or_pubkey */ void fromwire_sciddir_or_pubkey(const u8 **cursor UNNEEDED, size_t *max UNNEEDED, struct sciddir_or_pubkey *sciddpk UNNEEDED) diff --git a/lightningd/invoice.c b/lightningd/invoice.c index ff185de61..d287c89ee 100644 --- a/lightningd/invoice.c +++ b/lightningd/invoice.c @@ -1613,13 +1613,13 @@ static void add_stub_blindedpath(const tal_t *ctx, struct tlv_invoice *inv) { struct blinded_path *path; - struct privkey blinding; + struct privkey path_key; struct tlv_encrypted_data_tlv *tlv; path = tal(NULL, struct blinded_path); sciddir_or_pubkey_from_pubkey(&path->first_node_id, &ld->our_pubkey); - randombytes_buf(&blinding, sizeof(blinding)); - if (!pubkey_from_privkey(&blinding, &path->blinding)) + randombytes_buf(&path_key, sizeof(path_key)); + if (!pubkey_from_privkey(&path_key, &path->first_path_key)) abort(); path->path = tal_arr(path, struct onionmsg_hop *, 1); path->path[0] = tal(path->path, struct onionmsg_hop); @@ -1633,7 +1633,7 @@ static void add_stub_blindedpath(const tal_t *ctx, path->path[0]->encrypted_recipient_data = encrypt_tlv_encrypted_data(path->path[0], - &blinding, + &path_key, &path->first_node_id.pubkey, tlv, NULL, diff --git a/lightningd/onion_message.c b/lightningd/onion_message.c index 495541266..31815262c 100644 --- a/lightningd/onion_message.c +++ b/lightningd/onion_message.c @@ -32,7 +32,7 @@ static void json_add_blindedpath(struct json_stream *stream, json_add_short_channel_id(stream, "first_scid", path->first_node_id.scidd.scid); json_add_u32(stream, "first_scid_dir", path->first_node_id.scidd.dir); } - json_add_pubkey(stream, "blinding", &path->blinding); + json_add_pubkey(stream, "blinding", &path->first_path_key); json_array_start(stream, "hops"); for (size_t i = 0; i < tal_count(path->path); i++) { json_object_start(stream, NULL); @@ -267,14 +267,14 @@ static struct command_result *json_decryptencrypteddata(struct command *cmd, const jsmntok_t *params) { u8 *encdata, *decrypted; - struct pubkey *blinding, next_blinding; + struct pubkey *path_key, next_path_key; struct secret ss; struct sha256 h; struct json_stream *response; if (!param_check(cmd, buffer, params, p_req("encrypted_data", param_bin_from_hex, &encdata), - p_req("blinding", param_pubkey, &blinding), + p_req("blinding", param_pubkey, &path_key), NULL)) return command_param_failed(); @@ -285,9 +285,9 @@ static struct command_result *json_decryptencrypteddata(struct command *cmd, *... * - MUST decrypt the `encrypted_data` field using $`rho_i`$ */ - ecdh(blinding, &ss); + ecdh(path_key, &ss); - decrypted = decrypt_encmsg_raw(cmd, blinding, &ss, encdata); + decrypted = decrypt_encmsg_raw(cmd, &ss, encdata); if (!decrypted) return command_fail(cmd, JSONRPC2_INVALID_PARAMS, "Decryption failed!"); @@ -299,13 +299,13 @@ static struct command_result *json_decryptencrypteddata(struct command *cmd, * * - $`E_{i+1} = SHA256(E_i || ss_i) * E_i`$ */ - blinding_hash_e_and_ss(blinding, &ss, &h); - blinding_next_pubkey(blinding, &h, &next_blinding); + blinding_hash_e_and_ss(path_key, &ss, &h); + blinding_next_path_key(path_key, &h, &next_path_key); response = json_stream_success(cmd); json_object_start(response, "decryptencrypteddata"); json_add_hex_talarr(response, "decrypted", decrypted); - json_add_pubkey(response, "next_blinding", &next_blinding); + json_add_pubkey(response, "next_blinding", &next_path_key); json_object_end(response); return command_success(cmd, response); } diff --git a/lightningd/peer_htlcs.c b/lightningd/peer_htlcs.c index 215314dc3..38446a094 100644 --- a/lightningd/peer_htlcs.c +++ b/lightningd/peer_htlcs.c @@ -136,9 +136,9 @@ static void channel_stats_incr_out_offered(struct channel *c, } /* BOLT #4: - * - if `blinding_point` is set in the incoming `update_add_htlc`: + * - if `path_key` is set in the incoming `update_add_htlc`: * - MUST return an `invalid_onion_blinding` error. - * - if `current_blinding_point` is set in the onion payload and it is not the + * - if `current_path_key` is set in the onion payload and it is not the * final node: * - MUST return an `invalid_onion_blinding` error. */ @@ -1421,8 +1421,8 @@ static bool peer_accepted_htlc(const tal_t *ctx, &hook_payload->payload->blinding_ss, &sha); hook_payload->next_blinding = tal(hook_payload, struct pubkey); - blinding_next_pubkey(hook_payload->payload->blinding, &sha, - hook_payload->next_blinding); + blinding_next_path_key(hook_payload->payload->blinding, &sha, + hook_payload->next_blinding); } else hook_payload->next_blinding = NULL; diff --git a/lightningd/test/run-invoice-select-inchan.c b/lightningd/test/run-invoice-select-inchan.c index 54fe654ac..4d2b0832b 100644 --- a/lightningd/test/run-invoice-select-inchan.c +++ b/lightningd/test/run-invoice-select-inchan.c @@ -244,10 +244,10 @@ char *encode_scriptpubkey_to_addr(const tal_t *ctx UNNEEDED, { fprintf(stderr, "encode_scriptpubkey_to_addr called!\n"); abort(); } /* Generated stub for encrypt_tlv_encrypted_data */ u8 *encrypt_tlv_encrypted_data(const tal_t *ctx UNNEEDED, - const struct privkey *blinding UNNEEDED, + const struct privkey *path_privkey UNNEEDED, const struct pubkey *node UNNEEDED, const struct tlv_encrypted_data_tlv *tlv UNNEEDED, - struct privkey *next_blinding UNNEEDED, + struct privkey *next_path_privkey UNNEEDED, struct pubkey *node_alias) { fprintf(stderr, "encrypt_tlv_encrypted_data called!\n"); abort(); } diff --git a/plugins/offers.c b/plugins/offers.c index ef75d6c46..1c75ac3e2 100644 --- a/plugins/offers.c +++ b/plugins/offers.c @@ -530,7 +530,7 @@ static bool json_add_blinded_paths(struct json_stream *js, json_add_u32(js, "first_scid_dir", paths[i]->first_node_id.scidd.dir); } - json_add_pubkey(js, "blinding", &paths[i]->blinding); + json_add_pubkey(js, "blinding", &paths[i]->first_path_key); /* Don't crash if we're short a payinfo! */ if (i < tal_count(blindedpay)) { diff --git a/plugins/pay.c b/plugins/pay.c index 967d97123..211e422da 100644 --- a/plugins/pay.c +++ b/plugins/pay.c @@ -1110,7 +1110,7 @@ decrypt_done(struct command *cmd, { const char *err; u8 *encdata; - struct pubkey next_blinding; + struct pubkey next_path_key; struct tlv_encrypted_data_tlv *enctlv; const u8 *cursor; size_t maxlen; @@ -1119,7 +1119,7 @@ decrypt_done(struct command *cmd, "{decryptencrypteddata:{decrypted:%" ",next_blinding:%}}", JSON_SCAN_TAL(tmpctx, json_tok_bin_from_hex, &encdata), - JSON_SCAN(json_to_pubkey, &next_blinding)); + JSON_SCAN(json_to_pubkey, &next_path_key)); if (err) { return command_fail(cmd, LIGHTNINGD, "Bad decryptencrypteddata response? %.*s: %s", @@ -1151,10 +1151,10 @@ decrypt_done(struct command *cmd, } /* Promote second hop to first hop */ - if (enctlv->next_blinding_override) - p->blindedpath->blinding = *enctlv->next_blinding_override; + if (enctlv->next_path_key_override) + p->blindedpath->first_path_key = *enctlv->next_path_key_override; else - p->blindedpath->blinding = next_blinding; + p->blindedpath->first_path_key = next_path_key; /* Remove now-decrypted part of path */ tal_free(p->blindedpath->path[0]); @@ -1205,7 +1205,7 @@ preapproveinvoice_succeed(struct command *cmd, json_add_hex_talarr(req->js, "encrypted_data", p->blindedpath->path[0]->encrypted_recipient_data); - json_add_pubkey(req->js, "blinding", &p->blindedpath->blinding); + json_add_pubkey(req->js, "blinding", &p->blindedpath->first_path_key); return send_outreq(cmd->plugin, req); } diff --git a/tests/fuzz/fuzz-wire-update_add_htlc.c b/tests/fuzz/fuzz-wire-update_add_htlc.c index 4f20964dc..7fa22be8b 100644 --- a/tests/fuzz/fuzz-wire-update_add_htlc.c +++ b/tests/fuzz/fuzz-wire-update_add_htlc.c @@ -47,7 +47,7 @@ static bool equal(const struct update_add_htlc *x, return false; assert(x->tlvs && y->tlvs); - return tal_arr_eq(x->tlvs->blinding_point, y->tlvs->blinding_point); + return tal_arr_eq(x->tlvs->blinded_path, y->tlvs->blinded_path); } void run(const u8 *data, size_t size) diff --git a/wallet/test/run-wallet.c b/wallet/test/run-wallet.c index 31006b1f7..9fe88a2cb 100644 --- a/wallet/test/run-wallet.c +++ b/wallet/test/run-wallet.c @@ -62,11 +62,11 @@ void blinding_hash_e_and_ss(const struct pubkey *e UNNEEDED, const struct secret *ss UNNEEDED, struct sha256 *sha UNNEEDED) { fprintf(stderr, "blinding_hash_e_and_ss called!\n"); abort(); } -/* Generated stub for blinding_next_pubkey */ -bool blinding_next_pubkey(const struct pubkey *pk UNNEEDED, - const struct sha256 *h UNNEEDED, - struct pubkey *next UNNEEDED) -{ fprintf(stderr, "blinding_next_pubkey called!\n"); abort(); } +/* Generated stub for blinding_next_path_key */ +bool blinding_next_path_key(const struct pubkey *pk UNNEEDED, + const struct sha256 *h UNNEEDED, + struct pubkey *next UNNEEDED) +{ fprintf(stderr, "blinding_next_path_key called!\n"); abort(); } /* Generated stub for bolt11_decode */ struct bolt11 *bolt11_decode(const tal_t *ctx UNNEEDED, const char *str UNNEEDED, const struct feature_set *our_features UNNEEDED, diff --git a/wire/extracted_onion_02_offers.patch b/wire/extracted_onion_02_offers.patch index c1de44245..07103ee20 100644 --- a/wire/extracted_onion_02_offers.patch +++ b/wire/extracted_onion_02_offers.patch @@ -2,7 +2,7 @@ diff --git a/wire/onion_wire.csv b/wire/onion_wire.csv index ae05f09fd..b09811ed1 100644 --- a/wire/onion_wire.csv +++ b/wire/onion_wire.csv -@@ -92,6 +92,12 @@ tlvtype,onionmsg_tlv,reply_path,2 +@@ -92,3 +92,9 @@ tlvtype,onionmsg_tlv,reply_path,2 tlvdata,onionmsg_tlv,reply_path,path,blinded_path, tlvtype,onionmsg_tlv,encrypted_recipient_data,4 tlvdata,onionmsg_tlv,encrypted_recipient_data,encrypted_recipient_data,byte,... @@ -12,6 +12,3 @@ index ae05f09fd..b09811ed1 100644 +tlvdata,onionmsg_tlv,invoice,invoice,tlv_invoice, +tlvtype,onionmsg_tlv,invoice_error,68 +tlvdata,onionmsg_tlv,invoice_error,invoice_error,tlv_invoice_error, - subtype,blinded_path - subtypedata,blinded_path,first_node_id,point, - subtypedata,blinded_path,blinding,point, diff --git a/wire/extracted_onion_03_onionmsg-payload-as-bytearr.patch b/wire/extracted_onion_03_onionmsg-payload-as-bytearr.patch index 1c17f0b31..55dce3419 100644 --- a/wire/extracted_onion_03_onionmsg-payload-as-bytearr.patch +++ b/wire/extracted_onion_03_onionmsg-payload-as-bytearr.patch @@ -4,7 +4,7 @@ diff --git b/wire/onion_wire.csv a/wire/onion_wire.csv index 5c52fe9a1..2ac0c4cff 100644 --- b/wire/onion_wire.csv +++ a/wire/onion_wire.csv -@@ -51,11 +29,11 @@ tlvdata,onionmsg_tlv,reply_path,path,onionmsg_path,... +@@ -51,8 +29,8 @@ tlvdata,onionmsg_tlv,reply_path,path,onionmsg_path,... tlvtype,onionmsg_tlv,encrypted_data_tlv,4 tlvdata,onionmsg_tlv,encrypted_data_tlv,encrypted_data_tlv,byte,... tlvtype,onionmsg_tlv,invoice_request,64 @@ -16,6 +16,3 @@ index 5c52fe9a1..2ac0c4cff 100644 tlvtype,onionmsg_tlv,invoice_error,68 -tlvdata,onionmsg_tlv,invoice_error,invoice_error,tlv_invoice_error, +tlvdata,onionmsg_tlv,invoice_error,invoice_error,byte,... - subtype,blinded_path - subtypedata,blinded_path,first_node_id,point, - subtypedata,blinded_path,blinding,point, diff --git a/wire/extracted_onion_05_remove-onion_message.patch b/wire/extracted_onion_05_remove-onion_message.patch index ae099ba26..ebadab75f 100644 --- a/wire/extracted_onion_05_remove-onion_message.patch +++ b/wire/extracted_onion_05_remove-onion_message.patch @@ -9,7 +9,7 @@ index 3884c63dd..25798c3da 100644 msgtype,invalid_onion_blinding,BADONION|PERM|24 msgdata,invalid_onion_blinding,sha256_of_onion,sha256, -msgtype,onion_message,513 --msgdata,onion_message,blinding,point, +-msgdata,onion_message,path_key,point, -msgdata,onion_message,len,u16, -msgdata,onion_message,onion_message_packet,byte,len tlvtype,onionmsg_tlv,reply_path,2 diff --git a/wire/extracted_onion_06_blinded_path_first_sciddir_or_pubkey.patch b/wire/extracted_onion_06_blinded_path_first_sciddir_or_pubkey.patch index e9bb8bda6..d58e831e2 100644 --- a/wire/extracted_onion_06_blinded_path_first_sciddir_or_pubkey.patch +++ b/wire/extracted_onion_06_blinded_path_first_sciddir_or_pubkey.patch @@ -8,6 +8,6 @@ index 41cafe553..c1d850c60 100644 subtype,blinded_path -subtypedata,blinded_path,first_node_id,point, +subtypedata,blinded_path,first_node_id,sciddir_or_pubkey, - subtypedata,blinded_path,blinding,point, + subtypedata,blinded_path,first_path_key,point, subtypedata,blinded_path,num_hops,byte, subtypedata,blinded_path,path,onionmsg_hop,num_hops diff --git a/wire/extracted_peer_05_newonion.patch b/wire/extracted_peer_05_newonion.patch index cc9676fec..b5b4674e9 100644 --- a/wire/extracted_peer_05_newonion.patch +++ b/wire/extracted_peer_05_newonion.patch @@ -7,6 +7,6 @@ FIXME: This is actually from BOLT 4, but we remove it from onion_wire.csv and pu msgdata,gossip_timestamp_filter,first_timestamp,u32, msgdata,gossip_timestamp_filter,timestamp_range,u32, +msgtype,onion_message,513,option_onion_messages -+msgdata,onion_message,blinding,point, ++msgdata,onion_message,path_key,point, +msgdata,onion_message,len,u16, +msgdata,onion_message,onionmsg,byte,len diff --git a/wire/onion_wire.csv b/wire/onion_wire.csv index d795a2443..e37f181d2 100644 --- a/wire/onion_wire.csv +++ b/wire/onion_wire.csv @@ -10,12 +10,21 @@ tlvdata,payload,payment_data,payment_secret,byte,32 tlvdata,payload,payment_data,total_msat,tu64, tlvtype,payload,encrypted_recipient_data,10 tlvdata,payload,encrypted_recipient_data,encrypted_data,byte,... -tlvtype,payload,current_blinding_point,12 -tlvdata,payload,current_blinding_point,blinding,point, +tlvtype,payload,current_path_key,12 +tlvdata,payload,current_path_key,path_key,point, tlvtype,payload,payment_metadata,16 tlvdata,payload,payment_metadata,payment_metadata,byte,... tlvtype,payload,total_amount_msat,18 tlvdata,payload,total_amount_msat,total_msat,tu64, +subtype,blinded_path +subtypedata,blinded_path,first_node_id,sciddir_or_pubkey, +subtypedata,blinded_path,first_path_key,point, +subtypedata,blinded_path,num_hops,byte, +subtypedata,blinded_path,path,onionmsg_hop,num_hops +subtype,onionmsg_hop +subtypedata,onionmsg_hop,blinded_node_id,point, +subtypedata,onionmsg_hop,enclen,u16, +subtypedata,onionmsg_hop,encrypted_recipient_data,byte,enclen tlvtype,encrypted_data_tlv,padding,1 tlvdata,encrypted_data_tlv,padding,padding,byte,... tlvtype,encrypted_data_tlv,short_channel_id,2 @@ -24,8 +33,8 @@ tlvtype,encrypted_data_tlv,next_node_id,4 tlvdata,encrypted_data_tlv,next_node_id,node_id,point, tlvtype,encrypted_data_tlv,path_id,6 tlvdata,encrypted_data_tlv,path_id,data,byte,... -tlvtype,encrypted_data_tlv,next_blinding_override,8 -tlvdata,encrypted_data_tlv,next_blinding_override,blinding,point, +tlvtype,encrypted_data_tlv,next_path_key_override,8 +tlvdata,encrypted_data_tlv,next_path_key_override,path_key,point, tlvtype,encrypted_data_tlv,payment_relay,10 tlvdata,encrypted_data_tlv,payment_relay,cltv_expiry_delta,u16, tlvdata,encrypted_data_tlv,payment_relay,fee_proportional_millionths,u32, @@ -93,12 +102,3 @@ tlvtype,onionmsg_tlv,invoice,66 tlvdata,onionmsg_tlv,invoice,invoice,byte,... tlvtype,onionmsg_tlv,invoice_error,68 tlvdata,onionmsg_tlv,invoice_error,invoice_error,byte,... -subtype,blinded_path -subtypedata,blinded_path,first_node_id,sciddir_or_pubkey, -subtypedata,blinded_path,blinding,point, -subtypedata,blinded_path,num_hops,byte, -subtypedata,blinded_path,path,onionmsg_hop,num_hops -subtype,onionmsg_hop -subtypedata,onionmsg_hop,blinded_node_id,point, -subtypedata,onionmsg_hop,enclen,u16, -subtypedata,onionmsg_hop,encrypted_recipient_data,byte,enclen diff --git a/wire/peer_wire.csv b/wire/peer_wire.csv index 3865c11f1..6543e34ee 100644 --- a/wire/peer_wire.csv +++ b/wire/peer_wire.csv @@ -245,8 +245,8 @@ msgdata,update_add_htlc,amount_msat,u64, msgdata,update_add_htlc,payment_hash,sha256, msgdata,update_add_htlc,cltv_expiry,u32, msgdata,update_add_htlc,onion_routing_packet,byte,1366 -tlvtype,update_add_htlc_tlvs,blinding_point,0 -tlvdata,update_add_htlc_tlvs,blinding_point,blinding,point, +tlvtype,update_add_htlc_tlvs,blinded_path,0 +tlvdata,update_add_htlc_tlvs,blinded_path,path_key,point, msgtype,update_fulfill_htlc,130 msgdata,update_fulfill_htlc,channel_id,channel_id, msgdata,update_fulfill_htlc,id,u64, @@ -388,6 +388,6 @@ msgdata,gossip_timestamp_filter,chain_hash,chain_hash, msgdata,gossip_timestamp_filter,first_timestamp,u32, msgdata,gossip_timestamp_filter,timestamp_range,u32, msgtype,onion_message,513,option_onion_messages -msgdata,onion_message,blinding,point, +msgdata,onion_message,path_key,point, msgdata,onion_message,len,u16, msgdata,onion_message,onionmsg,byte,len