lightningdevkit
diff --git a/‎lightning-invoice/src/lib.rs
Lines changed: 16 additions & 0 deletions b/‎lightning-invoice/src/lib.rs
Lines changed: 16 additions & 0 deletions
diff --git a/‎lightning-invoice/src/utils.rs
Lines changed: 247 additions & 4 deletions b/‎lightning-invoice/src/utils.rs
Lines changed: 247 additions & 4 deletions
diff --git a/‎lightning/src/chain/keysinterface.rs
Lines changed: 22 additions & 1 deletion b/‎lightning/src/chain/keysinterface.rs
Lines changed: 22 additions & 1 deletion
@@ -1494,6 +1494,20 @@ pub enum CreationError {
 
 	/// The supplied millisatoshi amount was greater than the total bitcoin supply.
 	InvalidAmount,
+
+	/// Route hints were required for this invoice and were missing. Applies to
+	/// [phantom invoices].
+	///
+	/// [phantom invoices]: crate::utils::create_phantom_invoice
+	MissingRouteHints,
+
+	/// For [phantom invoices], short channel ids for phantom route hints are supplied and used to
+	/// retrieve the phantom's private key. This can fail if an scid was not previously retrieved from
+	/// [`ChannelManager::get_phantom_scid`].
+	///
+	/// [phantom invoices]: crate::utils::create_phantom_invoice
+	/// [`ChannelManager::get_phantom_scid`]: lightning::ln::channelmanager::ChannelManager::get_phantom_scid
+	InvalidPhantomScid,
 }
 
 impl Display for CreationError {
@@ -1504,6 +1518,8 @@ impl Display for CreationError {
 			CreationError::TimestampOutOfBounds => f.write_str("The unix timestamp of the supplied date is <0 or can't be represented as `SystemTime`"),
 			CreationError::ExpiryTimeOutOfBounds => f.write_str("The supplied expiry time could cause an overflow if added to a `PositiveTimestamp`"),
 			CreationError::InvalidAmount => f.write_str("The supplied millisatoshi amount was greater than the total bitcoin supply"),
+			CreationError::MissingRouteHints => f.write_str("The invoice required route hints and they weren't provided"),
+			CreationError::InvalidPhantomScid => f.write_str("Failed to retrieve the phantom secret with the supplied phantom scid"),
 		}
 	}
 }
 
@@ -5,22 +5,124 @@ use payment::{Payer, Router};
 
 use bech32::ToBase32;
 use bitcoin_hashes::Hash;
+use bitcoin_hashes::sha256::Hash as Sha256;
 use crate::prelude::*;
 use lightning::chain;
 use lightning::chain::chaininterface::{BroadcasterInterface, FeeEstimator};
 use lightning::chain::keysinterface::{Sign, KeysInterface};
 use lightning::ln::{PaymentHash, PaymentPreimage, PaymentSecret};
-use lightning::ln::channelmanager::{ChannelDetails, ChannelManager, PaymentId, PaymentSendFailure, MIN_FINAL_CLTV_EXPIRY};
+use lightning::ln::channelmanager::{ChannelDetails, ChannelManager, PaymentId, PaymentSendFailure, MIN_FINAL_CLTV_EXPIRY, MIN_CLTV_EXPIRY_DELTA};
 use lightning::ln::msgs::LightningError;
 use lightning::routing::scoring::Score;
 use lightning::routing::network_graph::{NetworkGraph, RoutingFees};
 use lightning::routing::router::{Route, RouteHint, RouteHintHop, RouteParameters, find_route};
 use lightning::util::logger::Logger;
+use secp256k1::Secp256k1;
 use secp256k1::key::PublicKey;
 use core::convert::TryInto;
 use core::ops::Deref;
 use core::time::Duration;
 
+#[cfg(feature = "std")]
+/// Utility to create an invoice that can be paid to one of multiple nodes, or a "phantom invoice."
+/// This works because the invoice officially pays to a fake node (the "phantom"). Useful for
+/// load-balancing payments between multiple nodes.
+///
+/// `channels` parameter:
+/// * Contains a list of tuples of `(phantom_node_scid, real_node_pubkey,
+///   real_channel_details)`, where `phantom_node_scid` is unique to each `channels` entry
+/// * `phantom_node_scid`s are retrieved from [`ChannelManager::get_phantom_scid`]
+/// * `real_channel_details` are retrieved from [`ChannelManager::list_channels`]
+/// * Contains channel info for all nodes participating in the phantom invoice
+/// * For increased privacy, it is ideal but not required to generate new `phantom_node_scid`s for
+///   each new invoice
+/// * It is fine to cache this information and reuse it across invoices, as long as you periodically
+///   check that no provided real channels have become unavailable
+/// * Note that including too many channels here could result in making the invoice too long for QR
+///   code scanning
+///
+/// `payment_hash` and `payment_secret` come from [`ChannelManager::create_inbound_payment`] or
+/// [`ChannelManager::create_inbound_payment_for_hash`].
+///
+/// See [`KeysInterface::get_phantom_secret`] for more requirements on supporting phantom node
+/// payments.
+///
+/// [`KeysInterface::get_phantom_secret`]: lightning::chain::keysinterface::KeysInterface::get_phantom_secret
+pub fn create_phantom_invoice<Signer: Sign, K: Deref>(
+	amt_msat: Option<u64>, description: String, payment_hash: PaymentHash, payment_secret:
+	PaymentSecret, channels: &[(u64, PublicKey, &ChannelDetails)], keys_manager: K, network: Currency
+) -> Result<Invoice, SignOrCreationError<()>> where K::Target: KeysInterface {
+	if channels.len() == 0 {
+		return Err(SignOrCreationError::CreationError(CreationError::MissingRouteHints))
+	}
+	let phantom_secret = match keys_manager.get_phantom_secret(channels[0].0) {
+		Ok(s) => s,
+		Err(()) => return Err(SignOrCreationError::CreationError(CreationError::InvalidPhantomScid))
+	};
+	let phantom_pubkey = PublicKey::from_secret_key(&Secp256k1::new(), &phantom_secret);
+	let mut invoice = InvoiceBuilder::new(network)
+		.description(description)
+		.current_timestamp()
+		.payee_pub_key(phantom_pubkey)
+		.payment_hash(Hash::from_slice(&payment_hash.0).unwrap())
+		.payment_secret(payment_secret)
+		.min_final_cltv_expiry(MIN_FINAL_CLTV_EXPIRY.into());
+	if let Some(amt) = amt_msat {
+		invoice = invoice.amount_milli_satoshis(amt);
+	}
+
+	for (phantom_scid, real_node_pubkey, channel) in channels {
+		let short_channel_id = match channel.short_channel_id {
+			Some(id) => id,
+			None => continue,
+		};
+		let forwarding_info = match &channel.counterparty.forwarding_info {
+			Some(info) => info.clone(),
+			None => continue,
+		};
+		invoice = invoice.private_route(RouteHint(vec![
+				RouteHintHop {
+					src_node_id: channel.counterparty.node_id,
+					short_channel_id,
+					fees: RoutingFees {
+						base_msat: forwarding_info.fee_base_msat,
+						proportional_millionths: forwarding_info.fee_proportional_millionths,
+					},
+					cltv_expiry_delta: forwarding_info.cltv_expiry_delta,
+					htlc_minimum_msat: None,
+					htlc_maximum_msat: None,
+				},
+				RouteHintHop {
+					src_node_id: *real_node_pubkey,
+					short_channel_id: *phantom_scid,
+					fees: RoutingFees {
+						base_msat: 0,
+						proportional_millionths: 0,
+					},
+					cltv_expiry_delta: MIN_CLTV_EXPIRY_DELTA,
+					htlc_minimum_msat: None,
+					htlc_maximum_msat: None,
+				}])
+		);
+	}
+
+	let raw_invoice = match invoice.build_raw() {
+		Ok(inv) => inv,
+		Err(e) => return Err(SignOrCreationError::CreationError(e))
+	};
+	let hrp_str = raw_invoice.hrp.to_string();
+	let hrp_bytes = hrp_str.as_bytes();
+	let data_without_signature = raw_invoice.data.to_base32();
+	let invoice_preimage = RawInvoice::construct_invoice_preimage(hrp_bytes, &data_without_signature);
+	let secp_ctx = Secp256k1::new();
+	let invoice_preimage_msg = secp256k1::Message::from_slice(&Sha256::hash(&invoice_preimage)).unwrap();
+	let signed_raw_invoice = raw_invoice.sign(|_| Ok(secp_ctx.sign_recoverable(&invoice_preimage_msg, &phantom_secret)));
+	match signed_raw_invoice {
+		Ok(inv) => Ok(Invoice::from_signed(inv).unwrap()),
+		Err(e) => Err(SignOrCreationError::SignError(e))
+	}
+}
+
 #[cfg(feature = "std")]
 /// Utility to construct an invoice. Generally, unless you want to do something like a custom
 /// cltv_expiry, this is what you should be using to create an invoice. The reason being, this
@@ -193,15 +295,20 @@ where
 mod test {
 	use core::time::Duration;
 	use {Currency, Description, InvoiceDescription};
-	use lightning::ln::PaymentHash;
-	use lightning::ln::channelmanager::MIN_FINAL_CLTV_EXPIRY;
+	use bitcoin_hashes::Hash;
+	use bitcoin_hashes::sha256::Hash as Sha256;
+	use lightning::chain::keysinterface::KeysManager;
+	use lightning::ln::{PaymentPreimage, PaymentHash};
+	use lightning::ln::channelmanager::{ChannelDetails, MIN_FINAL_CLTV_EXPIRY};
 	use lightning::ln::functional_test_utils::*;
 	use lightning::ln::features::InitFeatures;
 	use lightning::ln::msgs::ChannelMessageHandler;
 	use lightning::routing::router::{Payee, RouteParameters, find_route};
-	use lightning::util::events::MessageSendEventsProvider;
+	use lightning::util::enforcing_trait_impls::EnforcingSigner;
+	use lightning::util::events::{MessageSendEvent, MessageSendEventsProvider, Event, PaymentPurpose};
 	use lightning::util::test_utils;
 	use utils::create_invoice_from_channelmanager_and_duration_since_epoch;
+	use secp256k1::PublicKey;
 
 	#[test]
 	fn test_from_channelmanager() {
@@ -255,4 +362,140 @@ mod test {
 		let events = nodes[1].node.get_and_clear_pending_msg_events();
 		assert_eq!(events.len(), 2);
 	}
+
+	#[test]
+	fn test_multi_node_receive() {
+		#[cfg(feature = "std")]
+		do_test_multi_node_receive(true);
+		#[cfg(feature = "std")]
+		do_test_multi_node_receive(false);
+	}
+
+	#[cfg(feature = "std")]
+	fn do_test_multi_node_receive(user_generated_pmt_hash: bool) {
+		let mut chanmon_cfgs = create_chanmon_cfgs(3);
+		let seed_1 = [42 as u8; 32];
+		let seed_2 = [43 as u8; 32];
+		let cross_node_seed = [44 as u8; 32];
+		chanmon_cfgs[1].keys_manager.backing = KeysManager::new_multi_receive(&seed_1, 43, 44, &cross_node_seed);
+		chanmon_cfgs[2].keys_manager.backing = KeysManager::new_multi_receive(&seed_2, 43, 44, &cross_node_seed);
+		let node_cfgs = create_node_cfgs(3, &chanmon_cfgs);
+		let node_chanmgrs = create_node_chanmgrs(3, &node_cfgs, &[None, None, None]);
+		let nodes = create_network(3, &node_cfgs, &node_chanmgrs);
+		let chan_0_1 = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 10001, InitFeatures::known(), InitFeatures::known());
+		nodes[0].node.handle_channel_update(&nodes[1].node.get_our_node_id(), &chan_0_1.1);
+		nodes[1].node.handle_channel_update(&nodes[0].node.get_our_node_id(), &chan_0_1.0);
+		let chan_0_2 = create_announced_chan_between_nodes_with_value(&nodes, 0, 2, 100000, 10001, InitFeatures::known(), InitFeatures::known());
+		nodes[0].node.handle_channel_update(&nodes[2].node.get_our_node_id(), &chan_0_2.1);
+		nodes[2].node.handle_channel_update(&nodes[0].node.get_our_node_id(), &chan_0_2.0);
+
+		let payment_amt = 10_000;
+		let (payment_preimage, payment_hash, payment_secret) = {
+			if user_generated_pmt_hash {
+				let payment_preimage = PaymentPreimage([1; 32]);
+				let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0[..]).into_inner());
+				let payment_secret = nodes[1].node.create_inbound_payment_for_hash(payment_hash, Some(payment_amt), 3600).unwrap();
+				(payment_preimage, payment_hash, payment_secret)
+			} else {
+				let (payment_hash, payment_secret) = nodes[1].node.create_inbound_payment(Some(payment_amt), 3600).unwrap();
+				let payment_preimage = nodes[1].node.get_payment_preimage(payment_hash, payment_secret).unwrap();
+				(payment_preimage, payment_hash, payment_secret)
+			}
+		};
+		let channels_1 = nodes[1].node.list_channels();
+		let channels_2 = nodes[2].node.list_channels();
+		let mut route_hints = channels_1.iter().map(|e| (nodes[1].node.get_phantom_scid(), nodes[1].node.get_our_node_id(), e)).collect::<Vec<(u64, PublicKey, &ChannelDetails)>>();
+		for channel in channels_2.iter() {
+			route_hints.push((nodes[2].node.get_phantom_scid(), nodes[2].node.get_our_node_id(), &channel));
+		}
+		let invoice = ::utils::create_phantom_invoice::<EnforcingSigner, &test_utils::TestKeysInterface>(Some(payment_amt), "test".to_string(), payment_hash, payment_secret, &route_hints, &nodes[1].keys_manager, Currency::BitcoinTestnet).unwrap();
+
+		assert_eq!(invoice.min_final_cltv_expiry(), MIN_FINAL_CLTV_EXPIRY as u64);
+		assert_eq!(invoice.description(), InvoiceDescription::Direct(&Description("test".to_string())));
+		assert_eq!(invoice.route_hints().len(), 2);
+		assert!(!invoice.features().unwrap().supports_basic_mpp());
+
+		let payee = Payee::from_node_id(invoice.recover_payee_pub_key())
+			.with_features(invoice.features().unwrap().clone())
+			.with_route_hints(invoice.route_hints());
+		let params = RouteParameters {
+			payee,
+			final_value_msat: invoice.amount_milli_satoshis().unwrap(),
+			final_cltv_expiry_delta: invoice.min_final_cltv_expiry() as u32,
+		};
+		let first_hops = nodes[0].node.list_usable_channels();
+		let network_graph = node_cfgs[0].network_graph;
+		let logger = test_utils::TestLogger::new();
+		let scorer = test_utils::TestScorer::with_fixed_penalty(0);
+		let route = find_route(
+			&nodes[0].node.get_our_node_id(), &params, network_graph,
+			Some(&first_hops.iter().collect::<Vec<_>>()), &logger, &scorer,
+		).unwrap();
+		let (payment_event, fwd_idx) = {
+			let mut payment_hash = PaymentHash([0; 32]);
+			payment_hash.0.copy_from_slice(&invoice.payment_hash().as_ref()[0..32]);
+			nodes[0].node.send_payment(&route, payment_hash, &Some(invoice.payment_secret().clone())).unwrap();
+			let mut added_monitors = nodes[0].chain_monitor.added_monitors.lock().unwrap();
+			assert_eq!(added_monitors.len(), 1);
+			added_monitors.clear();
+
+			let mut events = nodes[0].node.get_and_clear_pending_msg_events();
+			assert_eq!(events.len(), 1);
+			let fwd_idx = match events[0] {
+				MessageSendEvent::UpdateHTLCs { node_id, .. } => {
+					if node_id == nodes[1].node.get_our_node_id() {
+						1
+					} else { 2 }
+				},
+				_ => panic!("Unexpected event")
+			};
+			(SendEvent::from_event(events.remove(0)), fwd_idx)
+		};
+		nodes[fwd_idx].node.handle_update_add_htlc(&nodes[0].node.get_our_node_id(), &payment_event.msgs[0]);
+		commitment_signed_dance!(nodes[fwd_idx], nodes[0], &payment_event.commitment_msg, false, true);
+		// expect_pending_htlcs_forwardable!(nodes[fwd_idx]);
+
+		// Note that we have to "forward pending HTLCs" twice before we see the PaymentReceived as
+		// this "emulates" the payment taking two hops, providing some privacy to make phantom node
+		// payments "look real" by taking more time.
+		expect_pending_htlcs_forwardable_ignore!(nodes[fwd_idx]);
+		nodes[fwd_idx].node.process_pending_htlc_forwards();
+		expect_pending_htlcs_forwardable_ignore!(nodes[fwd_idx]);
+		nodes[fwd_idx].node.process_pending_htlc_forwards();
+
+		let payment_preimage_opt = if user_generated_pmt_hash { None } else { Some(payment_preimage) };
+		let events = nodes[fwd_idx].node.get_and_clear_pending_events();
+		assert_eq!(events.len(), 1);
+		match events[0] {
+			Event::PaymentReceived { payment_hash: ref hash, ref purpose, amt } => {
+				assert_eq!(*hash, payment_hash);
+				assert_eq!(amt, payment_amt);
+				match purpose {
+					PaymentPurpose::InvoicePayment { payment_preimage, payment_secret: secret, .. } => {
+						assert_eq!(*payment_preimage, payment_preimage_opt);
+						assert_eq!(*secret, payment_secret);
+					},
+					_ => panic!("Unexpected payment purpose"),
+				}
+			},
+			_ => panic!("Unexpected event"),
+		}
+		do_claim_payment_along_route(&nodes[0], &vec!(&vec!(&nodes[fwd_idx])[..]), false, payment_preimage);
+		let events = nodes[0].node.get_and_clear_pending_events();
+		assert_eq!(events.len(), 2);
+		match events[0] {
+			Event::PaymentSent { payment_preimage: ref ev_preimage, payment_hash: ref ev_hash, ref fee_paid_msat, .. } => {
+				assert_eq!(payment_preimage, *ev_preimage);
+				assert_eq!(payment_hash, *ev_hash);
+				assert_eq!(fee_paid_msat, &Some(0));
+			},
+			_ => panic!("Unexpected event")
+		}
+		match events[1] {
+			Event::PaymentPathSuccessful { payment_hash: hash, .. } => {
+				assert_eq!(hash, Some(payment_hash));
+			},
+			_ => panic!("Unexpected event")
+		}
+	}
 }
@@ -407,10 +407,31 @@ pub trait KeysInterface {
 
 	/// Get secret key material as bytes for use in encrypting and decrypting inbound payment data.
 	///
+	/// If the implementor of this trait supports [phantom node payments], then every node that is
+	/// intended to be included in the phantom invoice(s) route hints must return the same value from
+	/// this method.
+	///
 	/// This method must return the same value each time it is called.
+	///
+	///[phantom node payments]: crate::ln::channelmanager::ChannelManager::get_phantom_scid
 	fn get_inbound_payment_key_material(&self) -> KeyMaterial;
 
-	/// Get a secret key for use in receiving phantom node payments.
+	/// Get the phantom node secret key (aka node_id or network_key) for use in receiving a [phantom
+	/// node payment]. This secret key is used to sign phantom invoices.
+	///
+	/// When a phantom invoice is generated with a set of phantom scids from multiple nodes, this
+	/// method must return the same key as the invoice was signed with, no matter the node on which it
+	/// is called. This implies that each set of phantom SCIDs will have one common secret key that
+	/// must be uniformly returned across nodes, though the secret keys may be reused.
+	///
+	/// Note that if you are using [`KeysManager`], every LDK node must use
+	/// [`KeysManager::new_multi_receive`] to initialize its `KeysManager` or phantom payments will
+	/// fail to be received.
+	///
+	/// See [`KeysInterface::get_inbound_payment_key_material`] for further requirements on nodes
+	/// supporting phantom node payments.
+	///
+	///[phantom node payment]: crate::ln::channelmanager::ChannelManager::get_phantom_scid
 	fn get_phantom_secret(&self, scid: u64) -> Result<SecretKey, ()>;
 }