Send static invoice in response to offer paths

As an async recipient, we need to interactively build a static invoice that an
always-online node will serve to payers on our behalf.

As part of this process, the static invoice server sends us blinded message
paths to include in our offer so they'll receive invoice requests from senders
trying to pay us while we're offline. On receipt of these paths, create an
offer and static invoice and send the invoice back to the server so they can
provide the invoice to payers.

Author: valentinewallace

lightning/src/blinded_path/message.rs

@@ -23,6 +23,7 @@ use crate::ln::channelmanager::PaymentId;
 use crate::ln::msgs::DecodeError;
 use crate::ln::onion_utils;
 use crate::offers::nonce::Nonce;
+use crate::offers::offer::Offer;
 use crate::onion_message::packet::ControlTlvs;
 use crate::routing::gossip::{NodeId, ReadOnlyNetworkGraph};
 use crate::sign::{EntropySource, NodeSigner, Recipient};
@@ -419,6 +420,38 @@ pub enum AsyncPaymentsContext {
 		/// is no longer configured to accept paths from them.
 		path_absolute_expiry: core::time::Duration,
 	},
+	/// Context used by a reply path to a [`ServeStaticInvoice`] message, provided back to us in
+	/// corresponding [`StaticInvoicePersisted`] messages.
+	///
+	/// [`ServeStaticInvoice`]: crate::onion_message::async_payments::ServeStaticInvoice
+	/// [`StaticInvoicePersisted`]: crate::onion_message::async_payments::StaticInvoicePersisted
+	StaticInvoicePersisted {
+		/// The offer corresponding to the [`StaticInvoice`] that has been persisted. This invoice is
+		/// now ready to be provided by the static invoice server in response to [`InvoiceRequest`]s.
+		///
+		/// [`StaticInvoice`]: crate::offers::static_invoice::StaticInvoice
+		/// [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
+		offer: Offer,
+		/// A nonce used for authenticating that a [`StaticInvoicePersisted`] message is valid for a
+		/// preceding [`ServeStaticInvoice`] message.
+		///
+		/// [`StaticInvoicePersisted`]: crate::onion_message::async_payments::StaticInvoicePersisted
+		/// [`ServeStaticInvoice`]: crate::onion_message::async_payments::ServeStaticInvoice
+		nonce: Nonce,
+		/// Authentication code for the [`StaticInvoicePersisted`] message.
+		///
+		/// Prevents nodes from creating their own blinded path to us and causing us to cache an
+		/// unintended async receive offer.
+		///
+		/// [`StaticInvoicePersisted`]: crate::onion_message::async_payments::StaticInvoicePersisted
+		hmac: Hmac<Sha256>,
+		/// The time as duration since the Unix epoch at which this path expires and messages sent over
+		/// it should be ignored.
+		///
+		/// Prevents a static invoice server from causing an async recipient to cache an old offer if
+		/// the recipient is no longer configured to use that server.
+		path_absolute_expiry: core::time::Duration,
+	},
 	/// Context contained within the reply [`BlindedMessagePath`] we put in outbound
 	/// [`HeldHtlcAvailable`] messages, provided back to us in corresponding [`ReleaseHeldHtlc`]
 	/// messages.
@@ -506,6 +539,12 @@ impl_writeable_tlv_based_enum!(AsyncPaymentsContext,
 		(2, hmac, required),
 		(4, path_absolute_expiry, required),
 	},
+	(3, StaticInvoicePersisted) => {
+		(0, offer, required),
+		(2, nonce, required),
+		(4, hmac, required),
+		(6, path_absolute_expiry, required),
+	},
 );
 
 /// Contains a simple nonce for use in a blinded path's context.

lightning/src/ln/channelmanager.rs

@@ -12657,6 +12657,99 @@ where
 	fn handle_offer_paths(
 		&self, _message: OfferPaths, _context: AsyncPaymentsContext, _responder: Option<Responder>,
 	) -> Option<(ServeStaticInvoice, ResponseInstruction)> {
+		#[cfg(async_payments)] {
+			let expanded_key = &self.inbound_payment_key;
+			let entropy = &*self.entropy_source;
+			let secp_ctx = &self.secp_ctx;
+			let duration_since_epoch = self.duration_since_epoch();
+
+			match _context {
+				AsyncPaymentsContext::OfferPaths { nonce, hmac, path_absolute_expiry } => {
+					if let Err(()) = signer::verify_offer_paths_context(nonce, hmac, expanded_key) {
+						return None
+					}
+					if duration_since_epoch > path_absolute_expiry { return None }
+				},
+				_ => return None
+			}
+
+			if !self.async_receive_offer_cache.lock().unwrap().should_refresh_offer(duration_since_epoch) {
+				return None
+			}
+
+			// Require at least two hours before we'll need to start the process of creating a new offer.
+			const MIN_OFFER_PATHS_RELATIVE_EXPIRY: Duration =
+				Duration::from_secs(2 * 60 * 60).saturating_add(AsyncReceiveOffer::OFFER_RELATIVE_EXPIRY_BUFFER);
+			let min_offer_paths_absolute_expiry =
+				duration_since_epoch.saturating_add(MIN_OFFER_PATHS_RELATIVE_EXPIRY);
+			let offer_paths_absolute_expiry =
+				_message.paths_absolute_expiry.unwrap_or(Duration::from_secs(u64::MAX));
+			if offer_paths_absolute_expiry < min_offer_paths_absolute_expiry {
+				log_error!(self.logger, "Received offer paths with too-soon absolute Unix epoch expiry: {}", offer_paths_absolute_expiry.as_secs());
+				return None
+			}
+
+			// Expire the offer at the same time as the static invoice so we automatically refresh both
+			// at the same time.
+			let offer_and_invoice_absolute_expiry = Duration::from_secs(core::cmp::min(
+				offer_paths_absolute_expiry.as_secs(),
+				duration_since_epoch.saturating_add(STATIC_INVOICE_DEFAULT_RELATIVE_EXPIRY).as_secs()
+			));
+
+			let (offer, offer_nonce) = {
+				let (offer_builder, offer_nonce) =
+					match self.create_async_receive_offer_builder(_message.paths) {
+						Ok((builder, nonce)) => (builder, nonce),
+						Err(e) => {
+							log_error!(self.logger, "Failed to create offer builder when replying to OfferPaths message: {:?}", e);
+							return None
+						},
+					};
+				match offer_builder.absolute_expiry(offer_and_invoice_absolute_expiry).build() {
+					Ok(offer) => (offer, offer_nonce),
+					Err(e) => {
+						log_error!(self.logger, "Failed to build offer when replying to OfferPaths message: {:?}", e);
+						return None
+					},
+				}
+			};
+
+			let static_invoice_relative_expiry =
+				offer_and_invoice_absolute_expiry.saturating_sub(duration_since_epoch);
+			let static_invoice = {
+				let invoice_res = self.create_static_invoice_builder(
+					&offer, offer_nonce, Some(static_invoice_relative_expiry )
+				).and_then(|builder| builder.build_and_sign(secp_ctx));
+				match invoice_res {
+					Ok(invoice) => invoice,
+					Err(e) => {
+						log_error!(self.logger, "Failed to create static invoice when replying to OfferPaths message: {:?}", e);
+						return None
+					},
+				}
+			};
+
+			let invoice_persisted_paths = {
+				let nonce = Nonce::from_entropy_source(entropy);
+				let hmac = signer::hmac_for_static_invoice_persisted_context(nonce, expanded_key);
+				let context = MessageContext::AsyncPayments(AsyncPaymentsContext::StaticInvoicePersisted {
+					offer, nonce, hmac,
+					path_absolute_expiry: duration_since_epoch.saturating_add(REPLY_PATH_RELATIVE_EXPIRY)
+				});
+				match self.create_blinded_paths(context) {
+					Ok(paths) => paths,
+					Err(()) => {
+						log_error!(self.logger, "Failed to create blinded paths when replying to OfferPaths message");
+						return None
+					},
+				}
+			};
+
+			let reply = ServeStaticInvoice { invoice: static_invoice, invoice_persisted_paths };
+			return _responder.map(|responder| (reply, responder.respond()))
+		}
+
+		#[cfg(not(async_payments))]
 		None
 	}
 

lightning/src/offers/signer.rs

@@ -60,6 +60,11 @@ const ASYNC_PAYMENTS_HELD_HTLC_HMAC_INPUT: &[u8; 16] = &[9; 16];
 #[cfg(async_payments)]
 const ASYNC_PAYMENTS_OFFER_PATHS_INPUT: &[u8; 16] = &[10; 16];
 
+// HMAC input used in `AsyncPaymentsContext::StaticInvoicePersisted` to authenticate inbound
+// static_invoice_persisted onion messages.
+#[cfg(async_payments)]
+const ASYNC_PAYMENTS_STATIC_INV_PERSISTED_INPUT: &[u8; 16] = &[11; 16];
+
 /// Message metadata which possibly is derived from [`MetadataMaterial`] such that it can be
 /// verified.
 #[derive(Clone)]
@@ -573,3 +578,27 @@ pub(crate) fn hmac_for_offer_paths_context(
 
 	Hmac::from_engine(hmac)
 }
+
+#[cfg(async_payments)]
+pub(crate) fn verify_offer_paths_context(
+	nonce: Nonce, hmac: Hmac<Sha256>, expanded_key: &ExpandedKey,
+) -> Result<(), ()> {
+	if hmac_for_offer_paths_context(nonce, expanded_key) == hmac {
+		Ok(())
+	} else {
+		Err(())
+	}
+}
+
+#[cfg(async_payments)]
+pub(crate) fn hmac_for_static_invoice_persisted_context(
+	nonce: Nonce, expanded_key: &ExpandedKey,
+) -> Hmac<Sha256> {
+	const IV_BYTES: &[u8; IV_LEN] = b"LDK InvPersisted";
+	let mut hmac = expanded_key.hmac_for_offer();
+	hmac.input(IV_BYTES);
+	hmac.input(&nonce.0);
+	hmac.input(ASYNC_PAYMENTS_STATIC_INV_PERSISTED_INPUT);
+
+	Hmac::from_engine(hmac)
+}