Authenticate Bolt12RefundContext with payment hash

Bolt12RefundContext didn't contain any data, so there wasn't anything to
use to authenticate it. Include the invoice's payment hash so that it
can only be used for the corresponding payment.

Author: jkczyz

fuzz/src/refund_deser.rs

@@ -71,7 +71,9 @@ fn build_response<T: secp256k1::Signing + secp256k1::Verification>(
 ) -> Result<UnsignedBolt12Invoice, Bolt12SemanticError> {
 	let expanded_key = ExpandedKey::new(&KeyMaterial([42; 32]));
 	let entropy_source = Randomness {};
-	let payment_context = PaymentContext::Bolt12Refund(Bolt12RefundContext {});
+	let payment_context = PaymentContext::Bolt12Refund(Bolt12RefundContext {
+		payment_hash: PaymentHash([42u8; 32]),
+	});
 	let nonce = Nonce::from_entropy_source(&entropy_source);
 	let hmac = payment_context.hmac_for_offer_payment(nonce, &expanded_key);
 	let payee_tlvs = ReceiveTlvs {

lightning/src/blinded_path/payment.rs

@@ -21,6 +21,7 @@ use crate::io::Cursor;
 use crate::types::payment::PaymentSecret;
 use crate::ln::channel_state::CounterpartyForwardingInfo;
 use crate::types::features::BlindedHopFeatures;
+use crate::types::payment::PaymentHash;
 use crate::ln::msgs::DecodeError;
 use crate::ln::onion_utils;
 use crate::offers::invoice_request::InvoiceRequestFields;
@@ -360,7 +361,10 @@ pub struct Bolt12OfferContext {
 ///
 /// [`Refund`]: crate::offers::refund::Refund
 #[derive(Clone, Debug, Eq, PartialEq)]
-pub struct Bolt12RefundContext {}
+pub struct Bolt12RefundContext {
+	/// The [`PaymentHash`] used in the invoice.
+	pub payment_hash: PaymentHash,
+}
 
 impl PaymentContext {
 	pub(crate) fn unknown() -> Self {
@@ -634,7 +638,9 @@ impl_writeable_tlv_based!(Bolt12OfferContext, {
 	(2, invoice_request, required),
 });
 
-impl_writeable_tlv_based!(Bolt12RefundContext, {});
+impl_writeable_tlv_based!(Bolt12RefundContext, {
+	(0, payment_hash, required),
+});
 
 #[cfg(test)]
 mod tests {

lightning/src/ln/channelmanager.rs

@@ -10173,7 +10173,9 @@ where
 
 		match self.create_inbound_payment(Some(amount_msats), relative_expiry, None) {
 			Ok((payment_hash, payment_secret)) => {
-				let payment_context = PaymentContext::Bolt12Refund(Bolt12RefundContext {});
+				let payment_context = PaymentContext::Bolt12Refund(Bolt12RefundContext {
+					payment_hash,
+				});
 				let payment_paths = self.create_blinded_payment_paths(
 					amount_msats, payment_secret, payment_context
 				)

lightning/src/ln/offers_tests.rs

@@ -654,8 +654,10 @@ fn creates_and_pays_for_refund_using_two_hop_blinded_path() {
 	}
 	expect_recent_payment!(david, RecentPaymentDetails::AwaitingInvoice, payment_id);
 
-	let payment_context = PaymentContext::Bolt12Refund(Bolt12RefundContext {});
 	let expected_invoice = alice.node.request_refund_payment(&refund).unwrap();
+	let payment_context = PaymentContext::Bolt12Refund(Bolt12RefundContext {
+		payment_hash: invoice.payment_hash(),
+	});
 
 	connect_peers(alice, charlie);
 
@@ -783,8 +785,10 @@ fn creates_and_pays_for_refund_using_one_hop_blinded_path() {
 	}
 	expect_recent_payment!(bob, RecentPaymentDetails::AwaitingInvoice, payment_id);
 
-	let payment_context = PaymentContext::Bolt12Refund(Bolt12RefundContext {});
 	let expected_invoice = alice.node.request_refund_payment(&refund).unwrap();
+	let payment_context = PaymentContext::Bolt12Refund(Bolt12RefundContext {
+		payment_hash: invoice.payment_hash(),
+	});
 
 	let onion_message = alice.onion_messenger.next_onion_message_for_peer(bob_id).unwrap();
 	bob.onion_messenger.handle_onion_message(alice_id, &onion_message);
@@ -888,8 +892,10 @@ fn pays_for_refund_without_blinded_paths() {
 	assert!(refund.paths().is_empty());
 	expect_recent_payment!(bob, RecentPaymentDetails::AwaitingInvoice, payment_id);
 
-	let payment_context = PaymentContext::Bolt12Refund(Bolt12RefundContext {});
 	let expected_invoice = alice.node.request_refund_payment(&refund).unwrap();
+	let payment_context = PaymentContext::Bolt12Refund(Bolt12RefundContext {
+		payment_hash: invoice.payment_hash(),
+	});
 
 	let onion_message = alice.onion_messenger.next_onion_message_for_peer(bob_id).unwrap();
 	bob.onion_messenger.handle_onion_message(alice_id, &onion_message);
@@ -2117,8 +2123,10 @@ fn fails_paying_invoice_more_than_once() {
 	david.onion_messenger.handle_onion_message(charlie_id, &onion_message);
 
 	// David initiates paying the first invoice
-	let payment_context = PaymentContext::Bolt12Refund(Bolt12RefundContext {});
 	let (invoice1, _) = extract_invoice(david, &onion_message);
+	let payment_context = PaymentContext::Bolt12Refund(Bolt12RefundContext {
+		payment_hash: invoice.payment_hash(),
+	});
 
 	route_bolt12_payment(david, &[charlie, bob, alice], &invoice1);
 	expect_recent_payment!(david, RecentPaymentDetails::Pending, payment_id);