Offers: bolt12 updated for latest draft.

.msggen.json

@@ -272,6 +272,7 @@
             "CreateInvoice.bolt12": 3,
             "CreateInvoice.description": 7,
             "CreateInvoice.expires_at": 8,
+            "CreateInvoice.invreq_payer_note": 15,
             "CreateInvoice.label": 1,
             "CreateInvoice.local_offer_id": 13,
             "CreateInvoice.paid_at": 11,
@@ -336,6 +337,7 @@
             "DelInvoice.bolt12": 3,
             "DelInvoice.description": 5,
             "DelInvoice.expires_at": 8,
+            "DelInvoice.invreq_payer_note": 11,
             "DelInvoice.label": 1,
             "DelInvoice.local_offer_id": 9,
             "DelInvoice.payer_note": 10,
@@ -630,6 +632,7 @@
             "ListInvoices.invoices[].bolt12": 8,
             "ListInvoices.invoices[].description": 2,
             "ListInvoices.invoices[].expires_at": 5,
+            "ListInvoices.invoices[].invreq_payer_note": 15,
             "ListInvoices.invoices[].label": 1,
             "ListInvoices.invoices[].local_offer_id": 9,
             "ListInvoices.invoices[].paid_at": 13,
@@ -871,6 +874,7 @@
             "Pay.exclude": 10,
             "Pay.exemptfee": 7,
             "Pay.label": 3,
+            "Pay.localinvreqid": 14,
             "Pay.localofferid": 9,
             "Pay.maxdelay": 6,
             "Pay.maxfee": 11,
@@ -910,6 +914,7 @@
             "SendOnion.first_hop": 2,
             "SendOnion.groupid": 11,
             "SendOnion.label": 4,
+            "SendOnion.localinvreqid": 13,
             "SendOnion.localofferid": 10,
             "SendOnion.msatoshi": 8,
             "SendOnion.onion": 1,
@@ -937,6 +942,7 @@
             "SendPay.bolt11": 5,
             "SendPay.groupid": 9,
             "SendPay.label": 3,
+            "SendPay.localinvreqid": 11,
             "SendPay.localofferid": 8,
             "SendPay.msatoshi": 4,
             "SendPay.partid": 7,

Makefile

@@ -551,7 +551,7 @@ check-cppcheck: .cppcheck-suppress
 	@trap 'rm -f .cppcheck-suppress' 0; git ls-files -- "*.c" "*.h" | grep -vE '^ccan/' | xargs cppcheck  ${CPPCHECK_OPTS}
 
 check-shellcheck:
-	@git ls-files -- "*.sh" | xargs shellcheck
+	@git ls-files -- "*.sh" | xargs shellcheck -f gcc
 
 check-setup_locale:
 	@tools/check-setup_locale.sh

common/Makefile

@@ -47,6 +47,7 @@ COMMON_SRC_NOGEN :=				\
 	common/interactivetx.c			\
 	common/initial_channel.c		\
 	common/initial_commit_tx.c		\
+	common/invoice_path_id.c		\
 	common/iso4217.c			\
 	common/json_filter.c			\
 	common/json_param.c			\
@@ -59,7 +60,8 @@ COMMON_SRC_NOGEN :=				\
 	common/memleak.c			\
 	common/msg_queue.c			\
 	common/node_id.c			\
-	common/onion.c				\
+	common/onion_decode.c			\
+	common/onion_encode.c			\
 	common/onionreply.c			\
 	common/onion_message_parse.c		\
 	common/peer_billboard.c			\

common/blindedpath.c

@@ -89,9 +89,10 @@ static u8 *enctlv_from_encmsg_raw(const tal_t *ctx,
 		     type_to_string(tmpctx, struct secret, &rho));
 
 	/* BOLT-route-blinding #4:
-	 * - MUST encrypt them with ChaCha20-Poly1305 using the `rho(i)` key
-	 *   and an all-zero nonce
-	*/
+	 * - MUST encrypt each `encrypted_data_tlv(i)` with ChaCha20-Poly1305
+         *   using the corresponding `rho(i)` key and an all-zero nonce to
+         *   produce `encrypted_recipient_data(i)`
+	 */
 	/* Encrypt in place */
 	towire_pad(&ret, crypto_aead_chacha20poly1305_ietf_ABYTES);
 	ok = crypto_aead_chacha20poly1305_ietf_encrypt(ret, NULL,
@@ -106,15 +107,20 @@ static u8 *enctlv_from_encmsg_raw(const tal_t *ctx,
 	return ret;
 }
 
-static u8 *enctlv_from_encmsg(const tal_t *ctx,
-			      const struct privkey *blinding,
-			      const struct pubkey *node,
-			      const struct tlv_encrypted_data_tlv *encmsg,
-			      struct privkey *next_blinding,
-			      struct pubkey *node_alias)
+u8 *encrypt_tlv_encrypted_data(const tal_t *ctx,
+			       const struct privkey *blinding,
+			       const struct pubkey *node,
+			       const struct tlv_encrypted_data_tlv *encmsg,
+			       struct privkey *next_blinding,
+			       struct pubkey *node_alias)
 {
+	struct privkey unused;
 	u8 *encmsg_raw = tal_arr(NULL, u8, 0);
 	towire_tlv_encrypted_data_tlv(&encmsg_raw, encmsg);
+
+	/* last hop doesn't care about next_blinding */
+	if (!next_blinding)
+		next_blinding = &unused;
 	return enctlv_from_encmsg_raw(ctx, blinding, node, take(encmsg_raw),
 				      next_blinding, node_alias);
 }
@@ -127,8 +133,8 @@ bool unblind_onion(const struct pubkey *blinding,
 	struct secret hmac;
 
 	/* BOLT-route-blinding #4:
-	 * An intermediate node in the blinded route:
-	 *
+	 * A reader:
+	 *...
 	 * - MUST compute:
 	 *   - `ss(i) = SHA256(k(i) * E(i))` (standard ECDH)
 	 *   - `b(i) = HMAC256("blinded_node_id", ss(i)) * k(i)`
@@ -160,15 +166,17 @@ static u8 *decrypt_encmsg_raw(const tal_t *ctx,
 	static const unsigned char npub[crypto_aead_chacha20poly1305_ietf_NPUBBYTES];
 
 	/* BOLT-route-blinding #4:
-	 * - If an `encrypted_data` field is provided:
-	 *   - MUST decrypt it using `rho(r)`
+	 * A reader:
+	 *...
+	 *- MUST decrypt the `encrypted_data` field using `rho(i)` and use
+	 *  the decrypted fields to locate the next node
 	 */
 	subkey_from_hmac("rho", ss, &rho);
 
 	/* BOLT-onion-message #4:
-	 *   - if `enctlv` is not present, or does not decrypt with the
-	 *     shared secret from the given `blinding` parameter:
-	 *   - MUST drop the message.
+	 *- If the `encrypted_data` field is missing or cannot
+	 *  be decrypted:
+	 *   - MUST return an error
 	 */
 	/* Too short? */
 	if (tal_bytelen(enctlv) < crypto_aead_chacha20poly1305_ietf_ABYTES)
@@ -250,52 +258,3 @@ void blindedpath_next_blinding(const struct tlv_encrypted_data_tlv *enc,
 		blinding_next_pubkey(blinding, &h, next_blinding);
 	}
 }
-
-u8 *create_enctlv(const tal_t *ctx,
-		  const struct privkey *blinding,
-		  const struct pubkey *node,
-		  const struct pubkey *next_node,
-		  const struct short_channel_id *next_scid,
-		  size_t padlen,
-		  const struct pubkey *next_blinding_override,
-		  const struct tlv_encrypted_data_tlv_payment_relay *payment_relay TAKES,
-		  const struct tlv_encrypted_data_tlv_payment_constraints *payment_constraints TAKES,
-		  const u8 *allowed_features TAKES,
-		  struct privkey *next_blinding,
-		  struct pubkey *node_alias)
-{
-	struct tlv_encrypted_data_tlv *encmsg = tlv_encrypted_data_tlv_new(tmpctx);
-	if (padlen)
-		encmsg->padding = tal_arrz(encmsg, u8, padlen);
-	encmsg->next_node_id = cast_const(struct pubkey *, next_node);
-	encmsg->next_blinding_override = cast_const(struct pubkey *, next_blinding_override);
-	encmsg->payment_relay = tal_dup_or_null(encmsg, struct tlv_encrypted_data_tlv_payment_relay,
-						payment_relay);
-	encmsg->payment_constraints = tal_dup_or_null(encmsg, struct tlv_encrypted_data_tlv_payment_constraints,
-						      payment_constraints);
-	encmsg->allowed_features = tal_dup_talarr(encmsg, u8, allowed_features);
-
-	return enctlv_from_encmsg(ctx, blinding, node, encmsg,
-				  next_blinding, node_alias);
-}
-
-u8 *create_final_enctlv(const tal_t *ctx,
-			const struct privkey *blinding,
-			const struct pubkey *final_node,
-			size_t padlen,
-			const struct secret *path_id,
-			const u8 *allowed_features TAKES,
-			struct pubkey *node_alias)
-{
-	struct tlv_encrypted_data_tlv *encmsg = tlv_encrypted_data_tlv_new(tmpctx);
-	struct privkey unused_next_blinding;
-
-	if (padlen)
-		encmsg->padding = tal_arrz(encmsg, u8, padlen);
-	if (path_id)
-		encmsg->path_id = (u8 *)tal_dup(encmsg, struct secret, path_id);
-	encmsg->allowed_features = tal_dup_talarr(encmsg, u8, allowed_features);
-
-	return enctlv_from_encmsg(ctx, blinding, final_node, encmsg,
-				  &unused_next_blinding, node_alias);
-}