Replace constant key with ReceiveAuthKey

This commit replaces the hardcoded key used for authenticating the
context in incoming `BlindedMessagePath`s with a dedicated
`ReceiveAuthKey`.

This makes the authentication mechanism explicit and configurable
for the user.

Changes include:
- Introducing `ReceiveAuthKey` to the `NodeSigner`, used to authenticate
  the context at the final hop of an incoming blinded path.
- Updating `BlindedMessagePath::new` to accept a `ReceiveAuthKey` as a
  parameter during path construction.

Author: shaavan

fuzz/src/chanmon_consistency.rs

@@ -63,7 +63,8 @@ use lightning::routing::router::{
 	InFlightHtlcs, Path, PaymentParameters, Route, RouteHop, RouteParameters, Router,
 };
 use lightning::sign::{
-	EntropySource, InMemorySigner, NodeSigner, PeerStorageKey, Recipient, SignerProvider,
+	EntropySource, InMemorySigner, NodeSigner, PeerStorageKey, ReceiveAuthKey, Recipient,
+	SignerProvider,
 };
 use lightning::types::payment::{PaymentHash, PaymentPreimage, PaymentSecret};
 use lightning::util::config::UserConfig;
@@ -142,8 +143,8 @@ impl MessageRouter for FuzzRouter {
 	}
 
 	fn create_blinded_paths<T: secp256k1::Signing + secp256k1::Verification>(
-		&self, _recipient: PublicKey, _context: MessageContext, _peers: Vec<PublicKey>,
-		_secp_ctx: &Secp256k1<T>,
+		&self, _recipient: PublicKey, _local_node_receive_key: ReceiveAuthKey,
+		_context: MessageContext, _peers: Vec<PublicKey>, _secp_ctx: &Secp256k1<T>,
 	) -> Result<Vec<BlindedMessagePath>, ()> {
 		unreachable!()
 	}
@@ -347,6 +348,10 @@ impl NodeSigner for KeyProvider {
 		PeerStorageKey { inner: [42; 32] }
 	}
 
+	fn get_receive_auth_key(&self) -> ReceiveAuthKey {
+		ReceiveAuthKey([41; 32])
+	}
+
 	fn sign_bolt12_invoice(
 		&self, _invoice: &UnsignedBolt12Invoice,
 	) -> Result<schnorr::Signature, ()> {

fuzz/src/full_stack.rs

@@ -57,7 +57,8 @@ use lightning::routing::router::{
 };
 use lightning::routing::utxo::UtxoLookup;
 use lightning::sign::{
-	EntropySource, InMemorySigner, NodeSigner, PeerStorageKey, Recipient, SignerProvider,
+	EntropySource, InMemorySigner, NodeSigner, PeerStorageKey, ReceiveAuthKey, Recipient,
+	SignerProvider,
 };
 use lightning::types::payment::{PaymentHash, PaymentPreimage, PaymentSecret};
 use lightning::util::config::{ChannelConfig, UserConfig};
@@ -173,8 +174,8 @@ impl MessageRouter for FuzzRouter {
 	}
 
 	fn create_blinded_paths<T: secp256k1::Signing + secp256k1::Verification>(
-		&self, _recipient: PublicKey, _context: MessageContext, _peers: Vec<PublicKey>,
-		_secp_ctx: &Secp256k1<T>,
+		&self, _recipient: PublicKey, _local_node_receive_key: ReceiveAuthKey,
+		_context: MessageContext, _peers: Vec<PublicKey>, _secp_ctx: &Secp256k1<T>,
 	) -> Result<Vec<BlindedMessagePath>, ()> {
 		unreachable!()
 	}
@@ -438,6 +439,10 @@ impl NodeSigner for KeyProvider {
 	fn get_peer_storage_key(&self) -> PeerStorageKey {
 		PeerStorageKey { inner: [42; 32] }
 	}
+
+	fn get_receive_auth_key(&self) -> ReceiveAuthKey {
+		ReceiveAuthKey([41; 32])
+	}
 }
 
 impl SignerProvider for KeyProvider {

fuzz/src/onion_message.rs

@@ -24,7 +24,9 @@ use lightning::onion_message::messenger::{
 };
 use lightning::onion_message::offers::{OffersMessage, OffersMessageHandler};
 use lightning::onion_message::packet::OnionMessageContents;
-use lightning::sign::{EntropySource, NodeSigner, PeerStorageKey, Recipient, SignerProvider};
+use lightning::sign::{
+	EntropySource, NodeSigner, PeerStorageKey, ReceiveAuthKey, Recipient, SignerProvider,
+};
 use lightning::types::features::InitFeatures;
 use lightning::util::logger::Logger;
 use lightning::util::ser::{LengthReadable, Writeable, Writer};
@@ -104,8 +106,8 @@ impl MessageRouter for TestMessageRouter {
 	}
 
 	fn create_blinded_paths<T: secp256k1::Signing + secp256k1::Verification>(
-		&self, _recipient: PublicKey, _context: MessageContext, _peers: Vec<PublicKey>,
-		_secp_ctx: &Secp256k1<T>,
+		&self, _recipient: PublicKey, _local_node_receive_key: ReceiveAuthKey,
+		_context: MessageContext, _peers: Vec<PublicKey>, _secp_ctx: &Secp256k1<T>,
 	) -> Result<Vec<BlindedMessagePath>, ()> {
 		unreachable!()
 	}
@@ -278,6 +280,10 @@ impl NodeSigner for KeyProvider {
 	fn get_peer_storage_key(&self) -> PeerStorageKey {
 		unreachable!()
 	}
+
+	fn get_receive_auth_key(&self) -> ReceiveAuthKey {
+		ReceiveAuthKey([41; 32])
+	}
 }
 
 impl SignerProvider for KeyProvider {

lightning-dns-resolver/src/lib.rs

@@ -174,7 +174,7 @@ mod test {
 		AOnionMessenger, Destination, MessageRouter, OnionMessagePath, OnionMessenger,
 	};
 	use lightning::routing::router::RouteParametersConfig;
-	use lightning::sign::{KeysManager, NodeSigner, Recipient};
+	use lightning::sign::{KeysManager, NodeSigner, ReceiveAuthKey, Recipient};
 	use lightning::types::features::InitFeatures;
 	use lightning::types::payment::PaymentHash;
 	use lightning::util::logger::Logger;
@@ -230,11 +230,18 @@ mod test {
 		}
 
 		fn create_blinded_paths<T: secp256k1::Signing + secp256k1::Verification>(
-			&self, recipient: PublicKey, context: MessageContext, _peers: Vec<PublicKey>,
-			secp_ctx: &Secp256k1<T>,
+			&self, recipient: PublicKey, local_node_receive_key: ReceiveAuthKey,
+			context: MessageContext, _peers: Vec<PublicKey>, secp_ctx: &Secp256k1<T>,
 		) -> Result<Vec<BlindedMessagePath>, ()> {
 			let keys = KeysManager::new(&[0; 32], 42, 43);
-			Ok(vec![BlindedMessagePath::one_hop(recipient, context, &keys, secp_ctx).unwrap()])
+			Ok(vec![BlindedMessagePath::one_hop(
+				recipient,
+				local_node_receive_key,
+				context,
+				&keys,
+				secp_ctx,
+			)
+			.unwrap()])
 		}
 	}
 	impl Deref for DirectlyConnectedRouter {
@@ -336,8 +343,15 @@ mod test {
 		let (msg, context) =
 			payer.resolver.resolve_name(payment_id, name.clone(), &*payer_keys).unwrap();
 		let query_context = MessageContext::DNSResolver(context);
-		let reply_path =
-			BlindedMessagePath::one_hop(payer_id, query_context, &*payer_keys, &secp_ctx).unwrap();
+		let receive_key = payer_keys.get_receive_auth_key();
+		let reply_path = BlindedMessagePath::one_hop(
+			payer_id,
+			receive_key,
+			query_context,
+			&*payer_keys,
+			&secp_ctx,
+		)
+		.unwrap();
 		payer.pending_messages.lock().unwrap().push((
 			DNSResolverMessage::DNSSECQuery(msg),
 			MessageSendInstructions::WithSpecifiedReplyPath {

lightning/src/blinded_path/message.rs

@@ -56,13 +56,13 @@ impl Readable for BlindedMessagePath {
 impl BlindedMessagePath {
 	/// Create a one-hop blinded path for a message.
 	pub fn one_hop<ES: Deref, T: secp256k1::Signing + secp256k1::Verification>(
-		recipient_node_id: PublicKey, context: MessageContext, entropy_source: ES,
-		secp_ctx: &Secp256k1<T>,
+		recipient_node_id: PublicKey, local_node_receive_key: ReceiveAuthKey,
+		context: MessageContext, entropy_source: ES, secp_ctx: &Secp256k1<T>,
 	) -> Result<Self, ()>
 	where
 		ES::Target: EntropySource,
 	{
-		Self::new(&[], recipient_node_id, context, entropy_source, secp_ctx)
+		Self::new(&[], recipient_node_id, local_node_receive_key, context, entropy_source, secp_ctx)
 	}
 
 	/// Create a path for an onion message, to be forwarded along `node_pks`. The last node
@@ -72,7 +72,8 @@ impl BlindedMessagePath {
 	//  TODO: make all payloads the same size with padding + add dummy hops
 	pub fn new<ES: Deref, T: secp256k1::Signing + secp256k1::Verification>(
 		intermediate_nodes: &[MessageForwardNode], recipient_node_id: PublicKey,
-		context: MessageContext, entropy_source: ES, secp_ctx: &Secp256k1<T>,
+		local_node_receive_key: ReceiveAuthKey, context: MessageContext, entropy_source: ES,
+		secp_ctx: &Secp256k1<T>,
 	) -> Result<Self, ()>
 	where
 		ES::Target: EntropySource,
@@ -93,7 +94,7 @@ impl BlindedMessagePath {
 				recipient_node_id,
 				context,
 				&blinding_secret,
-				ReceiveAuthKey([41; 32]), // TODO: Pass this in
+				local_node_receive_key,
 			)
 			.map_err(|_| ())?,
 		}))

lightning/src/ln/async_payments_tests.rs

@@ -109,6 +109,7 @@ fn create_static_invoice<T: secp256k1::Signing + secp256k1::Verification>(
 		.message_router
 		.create_blinded_paths(
 			always_online_counterparty.node.get_our_node_id(),
+			always_online_counterparty.keys_manager.get_receive_auth_key(),
 			MessageContext::Offers(OffersContext::InvoiceRequest { nonce: Nonce([42; 16]) }),
 			Vec::new(),
 			&secp_ctx,
@@ -219,6 +220,7 @@ fn static_invoice_unknown_required_features() {
 		.message_router
 		.create_blinded_paths(
 			nodes[1].node.get_our_node_id(),
+			nodes[1].keys_manager.get_receive_auth_key(),
 			MessageContext::Offers(OffersContext::InvoiceRequest { nonce: Nonce([42; 16]) }),
 			Vec::new(),
 			&secp_ctx,
@@ -848,6 +850,7 @@ fn invalid_async_receive_with_retry<F1, F2>(
 		.message_router
 		.create_blinded_paths(
 			nodes[1].node.get_our_node_id(),
+			nodes[1].keys_manager.get_receive_auth_key(),
 			MessageContext::Offers(OffersContext::InvoiceRequest { nonce: Nonce([42; 16]) }),
 			Vec::new(),
 			&secp_ctx,

lightning/src/ln/blinded_payment_tests.rs

@@ -36,7 +36,7 @@ use crate::offers::invoice::UnsignedBolt12Invoice;
 use crate::offers::nonce::Nonce;
 use crate::prelude::*;
 use crate::routing::router::{BlindedTail, Path, Payee, PaymentParameters, RouteHop, RouteParameters, TrampolineHop};
-use crate::sign::{NodeSigner, PeerStorageKey, Recipient};
+use crate::sign::{NodeSigner, PeerStorageKey, ReceiveAuthKey, Recipient};
 use crate::util::config::UserConfig;
 use crate::util::ser::{WithoutLength, Writeable};
 use crate::util::test_utils;
@@ -1638,6 +1638,7 @@ fn route_blinding_spec_test_vector() {
 			&self, _invoice: &RawBolt11Invoice, _recipient: Recipient,
 		) -> Result<RecoverableSignature, ()> { unreachable!() }
 		fn get_peer_storage_key(&self) -> PeerStorageKey { unreachable!() }
+		fn get_receive_auth_key(&self) -> ReceiveAuthKey { unreachable!() }
 		fn sign_bolt12_invoice(
 			&self, _invoice: &UnsignedBolt12Invoice,
 		) -> Result<schnorr::Signature, ()> { unreachable!() }
@@ -1948,6 +1949,7 @@ fn test_trampoline_inbound_payment_decoding() {
 			&self, _invoice: &RawBolt11Invoice, _recipient: Recipient,
 		) -> Result<RecoverableSignature, ()> { unreachable!() }
 		fn get_peer_storage_key(&self) -> PeerStorageKey { unreachable!() }
+		fn get_receive_auth_key(&self) -> ReceiveAuthKey { unreachable!() }
 		fn sign_bolt12_invoice(
 			&self, _invoice: &UnsignedBolt12Invoice,
 		) -> Result<schnorr::Signature, ()> { unreachable!() }

lightning/src/ln/channelmanager.rs

@@ -3750,7 +3750,7 @@ where
 		let flow = OffersMessageFlow::new(
 			ChainHash::using_genesis_block(params.network), params.best_block,
 			our_network_pubkey, current_timestamp, expanded_inbound_key,
-			secp_ctx.clone(), message_router
+			node_signer.get_receive_auth_key(), secp_ctx.clone(), message_router
 		);
 
 		ChannelManager {
@@ -15658,7 +15658,7 @@ where
 		let flow = OffersMessageFlow::new(
 			chain_hash, best_block, our_network_pubkey,
 			highest_seen_timestamp, expanded_inbound_key,
-			secp_ctx.clone(), args.message_router
+			args.node_signer.get_receive_auth_key(), secp_ctx.clone(), args.message_router
 		).with_async_payments_offers_cache(async_receive_offer_cache);
 
 		let channel_manager = ChannelManager {

lightning/src/offers/flow.rs

@@ -54,7 +54,7 @@ use crate::onion_message::messenger::{Destination, MessageRouter, MessageSendIns
 use crate::onion_message::offers::OffersMessage;
 use crate::onion_message::packet::OnionMessageContents;
 use crate::routing::router::Router;
-use crate::sign::{EntropySource, NodeSigner};
+use crate::sign::{EntropySource, NodeSigner, ReceiveAuthKey};
 use crate::sync::{Mutex, RwLock};
 use crate::types::payment::{PaymentHash, PaymentSecret};
 use crate::util::ser::Writeable;
@@ -94,6 +94,8 @@ where
 	highest_seen_timestamp: AtomicUsize,
 	inbound_payment_key: inbound_payment::ExpandedKey,
 
+	receive_auth_key: ReceiveAuthKey,
+
 	secp_ctx: Secp256k1<secp256k1::All>,
 	message_router: MR,
 
@@ -122,7 +124,7 @@ where
 	pub fn new(
 		chain_hash: ChainHash, best_block: BestBlock, our_network_pubkey: PublicKey,
 		current_timestamp: u32, inbound_payment_key: inbound_payment::ExpandedKey,
-		secp_ctx: Secp256k1<secp256k1::All>, message_router: MR,
+		receive_auth_key: ReceiveAuthKey, secp_ctx: Secp256k1<secp256k1::All>, message_router: MR,
 	) -> Self {
 		Self {
 			chain_hash,
@@ -132,6 +134,8 @@ where
 			highest_seen_timestamp: AtomicUsize::new(current_timestamp as usize),
 			inbound_payment_key,
 
+			receive_auth_key,
+
 			secp_ctx,
 			message_router,
 
@@ -187,6 +191,10 @@ where
 		self.our_network_pubkey
 	}
 
+	fn get_receive_auth_key(&self) -> ReceiveAuthKey {
+		self.receive_auth_key
+	}
+
 	fn duration_since_epoch(&self) -> Duration {
 		#[cfg(not(feature = "std"))]
 		let now = Duration::from_secs(self.highest_seen_timestamp.load(Ordering::Acquire) as u64);
@@ -278,11 +286,12 @@ where
 		&self, peers: Vec<MessageForwardNode>, context: MessageContext,
 	) -> Result<Vec<BlindedMessagePath>, ()> {
 		let recipient = self.get_our_node_id();
+		let receive_key = self.get_receive_auth_key();
 		let secp_ctx = &self.secp_ctx;
 
 		let peers = peers.into_iter().map(|node| node.node_id).collect();
 		self.message_router
-			.create_blinded_paths(recipient, context, peers, secp_ctx)
+			.create_blinded_paths(recipient, receive_key, context, peers, secp_ctx)
 			.and_then(|paths| (!paths.is_empty()).then(|| paths).ok_or(()))
 	}
 
@@ -294,11 +303,13 @@ where
 		&self, peers: Vec<MessageForwardNode>, context: OffersContext,
 	) -> Result<Vec<BlindedMessagePath>, ()> {
 		let recipient = self.get_our_node_id();
+		let receive_key = self.get_receive_auth_key();
 		let secp_ctx = &self.secp_ctx;
 
 		self.message_router
 			.create_compact_blinded_paths(
 				recipient,
+				receive_key,
 				MessageContext::Offers(context),
 				peers,
 				secp_ctx,