Closed jkczyz closed 2 months ago
Attention: Patch coverage is 95.57823%
with 26 lines
in your changes missing coverage. Please review.
Project coverage is 89.78%. Comparing base (
3733103
) to head (825bda0
).
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Chatted for a while offline, it looks like we need to remove the nonce from the metadata in invoice_request
s.
Chatted for a while offline, it looks like we need to remove the nonce from the metadata in
invoice_request
s.
Yup, it was removed directly from derive_metadata_and_keys
in 9f7fd0dfee0096972b05c807817273ef3eed29ab. It doesn't affect the offer metadata case since we already ignore the returned value there and set the metadata to None
. With the change in that commit, the returned bytes is now the empty vec (since there is no payment id for offer metadata) instead of allocating a vec with the nonce bytes. And when used for payer metadata it is the encrypted payment id, as is desired.
Needs rebase, it seems.
Needs rebase again, sorry :(
Also feel free to squash I think.
Squashed fixups and rebased.
Basically LGTM mod outstanding feedback!
@valentinewallace Could you take another look? A similar change was made to payer_metadata
though instead of eliding it entirely we instead remove the nonce.
Basically LGTM mod outstanding feedback!
@valentinewallace Could you take another look? A similar change was made to
payer_metadata
though instead of eliding it entirely we instead remove the nonce.
Will take another look today!
Last push just moves a commit since it didn't belong by the fixup.
Needs rebase. I'm good with a squash.
Squashed and rebased.
Invoice requests are authenticated by checking the metadata in the corresponding offer. For offers using blinded paths, this will simply be a 128-bit nonce. Elided this metadata from the offer directly and instead include it in the offer's blinded paths. This prevents de-anonymization attacks by ensuring the blinded paths are used in the right context.
Fixes #3117