@@ -2591,7 +2591,8 @@ impl<Signer: Sign, M: Deref, T: Deref, K: Deref, F: Deref, L: Deref> ChannelMana
25912591 }
25922592 }
25932593
2594- // Check that an inbound payment's `payment_data` field is sane.
2594+ // Check that an inbound payment's `payment_data` field is sane. See `create_inbound_payment` and
2595+ // `create_inbound_payment_for_hash` for details on our checks.
25952596 fn verify_inbound_payment_data ( & self , payment_hash : PaymentHash , payment_data : msgs:: FinalOnionHopData ) -> Result < Option < PaymentPreimage > , ( ) > {
25962597 let ( iv_bytes, encrypted_metadata_bytes) = payment_data. payment_secret . 0 . split_at ( 16 ) ;
25972598 let mut chacha = ChaCha20 :: new ( & self . inbound_payments_key [ ..] , & iv_bytes[ ..12 ] ) ;
@@ -4610,6 +4611,17 @@ impl<Signer: Sign, M: Deref, T: Deref, K: Deref, F: Deref, L: Deref> ChannelMana
46104611/// [`PaymentReceived`]: events::Event::PaymentReceived
46114612/// [`PaymentReceived::payment_preimage`]: events::Event::PaymentReceived::payment_preimage
46124613/// [`create_inbound_payment_for_hash`]: Self::create_inbound_payment_for_hash
4614+ // LDK does not store any data for pending inbound payments. Instead, in the case of
4615+ // `create_inbound_payment`, where LDK is supplying the payment preimage, we construct our payment
4616+ // secret and payment preimage to include encrypted metadata about the payment, as such:
4617+ //
4618+ // METADATA = payment amount (8 bytes) || expiry (8 bytes)
4619+ // IV = 16 random bytes
4620+ // payment_preimage = HMAC(ldk_pmt_hash_key, IV || METADATA)
4621+ // payment_secret = IV || CHACHA(self.inbound_payments_key, IV) xor METADATA
4622+ //
4623+ // Then on payment receipt, we verify in `verify_inbound_payment_data` that the payment preimage
4624+ // and payment secret match what was constructed in `create_inbound_payment`.
46134625 pub fn create_inbound_payment ( & self , min_value_msat : Option < u64 > , invoice_expiry_delta_secs : u32 ) -> ( PaymentHash , PaymentSecret ) {
46144626 let min_amt_msat_bytes: [ u8 ; 8 ] = match min_value_msat {
46154627 Some ( amt) => amt. to_be_bytes ( ) ,
@@ -4688,6 +4700,16 @@ impl<Signer: Sign, M: Deref, T: Deref, K: Deref, F: Deref, L: Deref> ChannelMana
46884700///
46894701/// [`create_inbound_payment`]: Self::create_inbound_payment
46904702/// [`PaymentReceived`]: events::Event::PaymentReceived
4703+ // LDK does not store any data for pending inbound payments. Instead, in the case of
4704+ // `create_inbound_payment_for_hash`, where the user is supplying the payment preimage, we
4705+ // construct our payment secret to include encrypted metadata about the payment, as such:
4706+ //
4707+ // METADATA = top bit set for user-generated payment hash || payment amount (8 bytes) || expiry (8 bytes)
4708+ // IV = HMAC(user_pmt_hash_key, METADATA || payment_hash)[0..16]
4709+ // payment_secret = IV || CHACHA(self.inbound_payments_key, IV) xor METADATA
4710+ //
4711+ // Then on payment receipt, we verify in `verify_inbound_payment_data` that the payment preimage
4712+ // and payment secret match what was constructed in `create_inbound_payment`.
46914713 pub fn create_inbound_payment_for_hash ( & self , payment_hash : PaymentHash , min_value_msat : Option < u64 > , invoice_expiry_delta_secs : u32 ) -> Result < PaymentSecret , APIError > {
46924714 let mut min_amt_msat_bytes: [ u8 ; 8 ] = match min_value_msat {
46934715 Some ( amt) => amt. to_be_bytes ( ) ,
0 commit comments