diff --git a/lightning/src/blinded_path/message.rs b/lightning/src/blinded_path/message.rs index 218b2282141..7db5dc00b05 100644 --- a/lightning/src/blinded_path/message.rs +++ b/lightning/src/blinded_path/message.rs @@ -543,14 +543,10 @@ impl_writeable_tlv_based_enum!(MessageContext, {3, DNSResolver} => (), ); -// NOTE: -// Several TLV fields (`nonce`, `hmac`, etc.) were removed in LDK v0.2 -// following the introduction of `ReceiveAuthKey`-based authentication for -// inbound `BlindedMessagePath`s. These fields are now commented out and -// their `type` values must not be reused unless support for LDK v0.2 -// and earlier is fully dropped. -// -// For context-specific removals, see the commented-out fields within each enum variant. +// Note: Several TLV fields (`nonce`, `hmac`, etc.) were removed in LDK v0.2 following the +// introduction of `ReceiveAuthKey`-based authentication for inbound `BlindedMessagePath`s. Because +// we do not support receiving to those contexts anymore (they will fail the `ReceiveAuthKey`-based +// authentication checks), we can reuse those fields here. impl_writeable_tlv_based_enum!(OffersContext, (0, InvoiceRequest) => { (0, nonce, required), @@ -558,12 +554,9 @@ impl_writeable_tlv_based_enum!(OffersContext, (1, OutboundPayment) => { (0, payment_id, required), (1, nonce, required), - // Removed: (2, hmac, option) }, (2, InboundPayment) => { (0, payment_hash, required), - // Removed: (1, nonce, required), - // Removed: (2, hmac, required) }, (3, StaticInvoiceRequested) => { (0, recipient_id, required), @@ -575,12 +568,8 @@ impl_writeable_tlv_based_enum!(OffersContext, impl_writeable_tlv_based_enum!(AsyncPaymentsContext, (0, OutboundPayment) => { (0, payment_id, required), - // Removed: (2, nonce, required), - // Removed: (4, hmac, required), }, (1, InboundPayment) => { - // Removed: (0, nonce, required), - // Removed: (2, hmac, required), (4, path_absolute_expiry, required), }, (2, OfferPaths) => { diff --git a/lightning/src/crypto/streams.rs b/lightning/src/crypto/streams.rs index 9386b31f47a..b631b7bd645 100644 --- a/lightning/src/crypto/streams.rs +++ b/lightning/src/crypto/streams.rs @@ -51,6 +51,10 @@ impl<'a, T: Writeable> Writeable for ChaChaPolyWriteAdapter<'a, T> { Ok(()) } + + fn serialized_length(&self) -> usize { + self.writeable.serialized_length() + 16 + } } /// Encrypts the provided plaintext with the given key using ChaCha20Poly1305 in the modified @@ -124,7 +128,10 @@ impl LengthReadableArgs<([u8; 32], [u8; 32])> for ChaChaDualPolyRea ChaChaDualPolyReader { chacha: &mut chacha, poly: &mut mac, read_len: 0, read: s }; let readable: T = Readable::read(&mut chacha_stream)?; - chacha_stream.read.eat_remaining()?; + while chacha_stream.read.bytes_remain() { + let mut buf = [0; 256]; + chacha_stream.read(&mut buf)?; + } let read_len = chacha_stream.read_len; @@ -199,7 +206,10 @@ impl LengthReadableArgs<[u8; 32]> for ChaChaPolyReadAdapter { let s = FixedLengthReader::new(r, decrypted_len); let mut chacha_stream = ChaChaPolyReader { chacha: &mut chacha, read: s }; let readable: T = Readable::read(&mut chacha_stream)?; - chacha_stream.read.eat_remaining()?; + while chacha_stream.read.bytes_remain() { + let mut buf = [0; 256]; + chacha_stream.read(&mut buf)?; + } let mut tag = [0 as u8; 16]; r.read_exact(&mut tag)?; diff --git a/lightning/src/offers/flow.rs b/lightning/src/offers/flow.rs index a1b83260dfd..27ed4f42ef0 100644 --- a/lightning/src/offers/flow.rs +++ b/lightning/src/offers/flow.rs @@ -543,13 +543,12 @@ where /// Verifies the provided [`AsyncPaymentsContext`] for an inbound [`HeldHtlcAvailable`] message. /// - /// The context is verified using the `nonce` and `hmac` values, and ensures that the context - /// has not expired based on `path_absolute_expiry`. + /// Because blinded path contexts are verified as a part of onion message processing, this only + /// validates that the context is not yet expired based on `path_absolute_expiry`. /// /// # Errors /// /// Returns `Err(())` if: - /// - The HMAC verification fails for inbound context. /// - The inbound payment context has expired. #[cfg(async_payments)] pub fn verify_inbound_async_payment_context( diff --git a/lightning/src/offers/signer.rs b/lightning/src/offers/signer.rs index dfdf7fef583..645949ff866 100644 --- a/lightning/src/offers/signer.rs +++ b/lightning/src/offers/signer.rs @@ -42,7 +42,7 @@ const WITH_ENCRYPTED_PAYMENT_ID_HMAC_INPUT: &[u8; 16] = &[4; 16]; // `OffersContext`, but were removed in LDK v0.2 with the introduction of `ReceiveAuthKey`-based // authentication. // Their corresponding values (`[5; 16]` and `[7; 16]`) are now reserved and must not -// be reused to preserve backward compatibility. +// be reused to ensure type confusion attacks are impossible. // // Reserved HMAC_INPUT values — do not reuse: //