Support multi-node receive in ChannelManager, with invoice util

See get_phantom_scid and invoice util's create_phantom_invoice for more info

Author: valentinewallace

lightning-invoice/src/lib.rs

@@ -1416,6 +1416,20 @@ pub enum CreationError {
 
 	/// The supplied millisatoshi amount was greater than the total bitcoin supply.
 	InvalidAmount,
+
+	/// Route hints were required for this invoice and were missing. Applies to
+	/// [phantom invoices].
+	///
+	/// [phantom invoices]: crate::utils::create_phantom_invoice
+	MissingRouteHints,
+
+	/// For [phantom invoices], short channel ids for phantom route hints are supplied and used to
+	/// retrieve the phantom's private key. This can fail if an scid was not previously retrieved from
+	/// [`ChannelManager::get_phantom_scid`].
+	///
+	/// [phantom invoices]: crate::utils::create_phantom_invoice
+	/// [`ChannelManager::get_phantom_scid`]: lightning::ln::channelmanager::ChannelManager::get_phantom_scid
+	InvalidPhantomScid,
 }
 
 impl Display for CreationError {
@@ -1426,6 +1440,8 @@ impl Display for CreationError {
 			CreationError::TimestampOutOfBounds => f.write_str("The unix timestamp of the supplied date is <0 or can't be represented as `SystemTime`"),
 			CreationError::ExpiryTimeOutOfBounds => f.write_str("The supplied expiry time could cause an overflow if added to a `PositiveTimestamp`"),
 			CreationError::InvalidAmount => f.write_str("The supplied millisatoshi amount was greater than the total bitcoin supply"),
+			CreationError::MissingRouteHints => f.write_str("The invoice required route hints and they weren't provided"),
+			CreationError::InvalidPhantomScid => f.write_str("Failed to retrieve the phantom secret with the supplied phantom scid"),
 		}
 	}
 }

lightning-invoice/src/utils.rs

@@ -5,20 +5,116 @@ use payment::{Payer, Router};
 
 use bech32::ToBase32;
 use bitcoin_hashes::Hash;
+use bitcoin_hashes::sha256::Hash as Sha256;
 use lightning::chain;
 use lightning::chain::chaininterface::{BroadcasterInterface, FeeEstimator};
 use lightning::chain::keysinterface::{Sign, KeysInterface};
 use lightning::ln::{PaymentHash, PaymentPreimage, PaymentSecret};
-use lightning::ln::channelmanager::{ChannelDetails, ChannelManager, PaymentId, PaymentSendFailure, MIN_FINAL_CLTV_EXPIRY};
+use lightning::ln::channelmanager::{ChannelDetails, ChannelManager, PaymentId, PaymentSendFailure, MIN_FINAL_CLTV_EXPIRY, MIN_CLTV_EXPIRY_DELTA};
 use lightning::ln::msgs::LightningError;
 use lightning::routing::scoring::Score;
 use lightning::routing::network_graph::{NetworkGraph, RoutingFees};
 use lightning::routing::router::{Route, RouteHint, RouteHintHop, RouteParameters, find_route};
 use lightning::util::logger::Logger;
+use secp256k1::Secp256k1;
 use secp256k1::key::PublicKey;
 use std::convert::TryInto;
 use std::ops::Deref;
 
+/// Utility to create an invoice that can be paid to one of multiple nodes, or a "phantom invoice."
+/// This works because the invoice officially pays to a fake node (the "phantom"). Useful for
+/// load-balancing payments between multiple nodes.
+///
+/// `channels` contains a list of tuples of `(phantom_node_scid, real_node_pubkey,
+/// real_channel_details)`, where `phantom_node_scid` is unique to each `channels` entry and should
+/// be retrieved freshly for each new invoice from [`ChannelManager::get_phantom_scid`].
+/// `real_channel_details` comes from [`ChannelManager::list_channels`].
+///
+/// `payment_hash` and `payment_secret` come from [`ChannelManager::create_inbound_payment`] or
+/// [`ChannelManager::create_inbound_payment_for_hash`].
+///
+/// See [`KeysInterface::get_phantom_secret`] for more requirements on supporting phantom node
+/// payments.
+///
+/// [`KeysInterface::get_phantom_secret`]: lightning::chain::keysinterface::KeysInterface::get_phantom_secret
+pub fn create_phantom_invoice<Signer: Sign, K: Deref>(
+	amt_msat: Option<u64>, description: String, payment_hash: PaymentHash, payment_secret:
+	PaymentSecret, channels: &[(u64, PublicKey, &ChannelDetails)], keys_manager: K, network: Currency
+) -> Result<Invoice, SignOrCreationError<()>> where K::Target: KeysInterface {
+	if channels.len() == 0 {
+		return Err(SignOrCreationError::CreationError(CreationError::MissingRouteHints))
+	}
+	let phantom_secret = match keys_manager.get_phantom_secret(channels[0].0) {
+		Ok(s) => s,
+		Err(()) => return Err(SignOrCreationError::CreationError(CreationError::InvalidPhantomScid))
+	};
+	let mut route_hints = vec![];
+	for (fake_scid, real_node_pubkey, channel) in channels {
+		let short_channel_id = match channel.short_channel_id {
+			Some(id) => id,
+			None => continue,
+		};
+		let forwarding_info = match &channel.counterparty.forwarding_info {
+			Some(info) => info.clone(),
+			None => continue,
+		};
+		route_hints.push(RouteHint(vec![
+			RouteHintHop {
+				src_node_id: channel.counterparty.node_id,
+				short_channel_id,
+				fees: RoutingFees {
+					base_msat: forwarding_info.fee_base_msat,
+					proportional_millionths: forwarding_info.fee_proportional_millionths,
+				},
+				cltv_expiry_delta: forwarding_info.cltv_expiry_delta,
+				htlc_minimum_msat: None,
+				htlc_maximum_msat: None,
+			},
+			RouteHintHop {
+				src_node_id: *real_node_pubkey,
+				short_channel_id: *fake_scid,
+				fees: RoutingFees {
+					base_msat: 0,
+					proportional_millionths: 0,
+				},
+				cltv_expiry_delta: MIN_CLTV_EXPIRY_DELTA,
+				htlc_minimum_msat: None,
+				htlc_maximum_msat: None,
+			}])
+		);
+	}
+	let fake_node_pubkey = PublicKey::from_secret_key(&Secp256k1::new(), &phantom_secret);
+	let mut invoice = InvoiceBuilder::new(network)
+		.description(description)
+		.current_timestamp()
+		.payee_pub_key(fake_node_pubkey)
+		.payment_hash(Hash::from_slice(&payment_hash.0).unwrap())
+		.payment_secret(payment_secret)
+		.min_final_cltv_expiry(MIN_FINAL_CLTV_EXPIRY.into());
+	if let Some(amt) = amt_msat {
+		invoice = invoice.amount_milli_satoshis(amt);
+	}
+	for hint in route_hints {
+		invoice = invoice.private_route(hint);
+	}
+
+	let raw_invoice = match invoice.build_raw() {
+		Ok(inv) => inv,
+		Err(e) => return Err(SignOrCreationError::CreationError(e))
+	};
+	let hrp_str = raw_invoice.hrp.to_string();
+	let hrp_bytes = hrp_str.as_bytes();
+	let data_without_signature = raw_invoice.data.to_base32();
+	let invoice_preimage = RawInvoice::construct_invoice_preimage(hrp_bytes, &data_without_signature);
+	let secp_ctx = Secp256k1::new();
+	let invoice_preimage_msg = secp256k1::Message::from_slice(&Sha256::hash(&invoice_preimage)).unwrap();
+	let signed_raw_invoice = raw_invoice.sign(|_| Ok(secp_ctx.sign_recoverable(&invoice_preimage_msg, &phantom_secret)));
+	match signed_raw_invoice {
+		Ok(inv) => Ok(Invoice::from_signed(inv).unwrap()),
+		Err(e) => Err(SignOrCreationError::SignError(e))
+	}
+}
+
 /// Utility to construct an invoice. Generally, unless you want to do something like a custom
 /// cltv_expiry, this is what you should be using to create an invoice. The reason being, this
 /// method stores the invoice's payment secret and preimage in `ChannelManager`, so (a) the user
@@ -160,16 +256,22 @@ where
 }
 
 #[cfg(test)]
-mod test {
+mod tests {
 	use {Currency, Description, InvoiceDescription};
-	use lightning::ln::PaymentHash;
-	use lightning::ln::channelmanager::MIN_FINAL_CLTV_EXPIRY;
+	use bitcoin_hashes::Hash;
+	use bitcoin_hashes::sha256::Hash as Sha256;
+	use lightning::chain::keysinterface::{KeysInterface, KeysManager};
+	use lightning::ln::{PaymentPreimage, PaymentHash};
+	use lightning::ln::channelmanager::{ChannelDetails, MIN_FINAL_CLTV_EXPIRY};
 	use lightning::ln::functional_test_utils::*;
 	use lightning::ln::features::InitFeatures;
 	use lightning::ln::msgs::ChannelMessageHandler;
 	use lightning::routing::router::{Payee, RouteParameters, find_route};
-	use lightning::util::events::MessageSendEventsProvider;
+	use lightning::util::enforcing_trait_impls::EnforcingSigner;
+	use lightning::util::events::{MessageSendEvent, MessageSendEventsProvider, Event};
 	use lightning::util::test_utils;
+	use secp256k1::PublicKey;
+
 	#[test]
 	fn test_from_channelmanager() {
 		let chanmon_cfgs = create_chanmon_cfgs(2);
@@ -220,4 +322,102 @@ mod test {
 		let events = nodes[1].node.get_and_clear_pending_msg_events();
 		assert_eq!(events.len(), 2);
 	}
+
+	#[test]
+	fn test_multi_node_receive() {
+		do_test_multi_node_receive(true);
+		do_test_multi_node_receive(false);
+	}
+
+	fn do_test_multi_node_receive(user_generated_pmt_hash: bool) {
+		let mut chanmon_cfgs = create_chanmon_cfgs(3);
+		let seed = [42 as u8; 32];
+		chanmon_cfgs[2].keys_manager.backing = KeysManager::new_multi_receive(&seed, 43, 44, chanmon_cfgs[1].keys_manager.get_inbound_payment_key_material());
+		let node_cfgs = create_node_cfgs(3, &chanmon_cfgs);
+		let node_chanmgrs = create_node_chanmgrs(3, &node_cfgs, &[None, None, None]);
+		let nodes = create_network(3, &node_cfgs, &node_chanmgrs);
+		let chan_0_1 = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 10001, InitFeatures::known(), InitFeatures::known());
+		nodes[0].node.handle_channel_update(&nodes[1].node.get_our_node_id(), &chan_0_1.1);
+		nodes[1].node.handle_channel_update(&nodes[0].node.get_our_node_id(), &chan_0_1.0);
+		let chan_0_2 = create_announced_chan_between_nodes_with_value(&nodes, 0, 2, 100000, 10001, InitFeatures::known(), InitFeatures::known());
+		nodes[0].node.handle_channel_update(&nodes[2].node.get_our_node_id(), &chan_0_2.1);
+		nodes[2].node.handle_channel_update(&nodes[0].node.get_our_node_id(), &chan_0_2.0);
+
+		let payment_amt = 10_000;
+		let (payment_preimage, payment_hash, payment_secret) = {
+			if user_generated_pmt_hash {
+				let payment_preimage = PaymentPreimage([1; 32]);
+				let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0[..]).into_inner());
+				let payment_secret = nodes[1].node.create_inbound_payment_for_hash(payment_hash, Some(payment_amt), 3600).unwrap();
+				(payment_preimage, payment_hash, payment_secret)
+			} else {
+				let (payment_hash, payment_secret) = nodes[1].node.create_inbound_payment(Some(payment_amt), 3600).unwrap();
+				let payment_preimage = nodes[1].node.get_payment_preimage(payment_hash, payment_secret).unwrap();
+				(payment_preimage, payment_hash, payment_secret)
+			}
+		};
+		let channels_1 = nodes[1].node.list_channels();
+		let channels_2 = nodes[2].node.list_channels();
+		let mut route_hints = channels_1.iter().map(|e| (nodes[1].node.get_phantom_scid(), nodes[1].node.get_our_node_id(), e)).collect::<Vec<(u64, PublicKey, &ChannelDetails)>>();
+		for channel in channels_2.iter() {
+			route_hints.push((nodes[2].node.get_phantom_scid(), nodes[2].node.get_our_node_id(), &channel));
+		}
+		let invoice = ::utils::create_phantom_invoice::<EnforcingSigner, &test_utils::TestKeysInterface>(Some(payment_amt), "test".to_string(), payment_hash, payment_secret, &route_hints, &nodes[1].keys_manager, Currency::BitcoinTestnet).unwrap();
+
+		assert_eq!(invoice.min_final_cltv_expiry(), MIN_FINAL_CLTV_EXPIRY as u64);
+		assert_eq!(invoice.description(), InvoiceDescription::Direct(&Description("test".to_string())));
+		assert_eq!(invoice.route_hints().len(), 2);
+		assert!(!invoice.features().unwrap().supports_basic_mpp());
+
+		let payee = Payee::from_node_id(invoice.recover_payee_pub_key())
+			.with_features(invoice.features().unwrap().clone())
+			.with_route_hints(invoice.route_hints());
+		let params = RouteParameters {
+			payee,
+			final_value_msat: invoice.amount_milli_satoshis().unwrap(),
+			final_cltv_expiry_delta: invoice.min_final_cltv_expiry() as u32,
+		};
+		let first_hops = nodes[0].node.list_usable_channels();
+		let network_graph = node_cfgs[0].network_graph;
+		let logger = test_utils::TestLogger::new();
+		let scorer = test_utils::TestScorer::with_fixed_penalty(0);
+		let route = find_route(
+			&nodes[0].node.get_our_node_id(), &params, network_graph,
+			Some(&first_hops.iter().collect::<Vec<_>>()), &logger, &scorer,
+		).unwrap();
+		let payment_event = {
+			let mut payment_hash = PaymentHash([0; 32]);
+			payment_hash.0.copy_from_slice(&invoice.payment_hash().as_ref()[0..32]);
+			nodes[0].node.send_payment(&route, payment_hash, &Some(invoice.payment_secret().clone())).unwrap();
+			let mut added_monitors = nodes[0].chain_monitor.added_monitors.lock().unwrap();
+			assert_eq!(added_monitors.len(), 1);
+			added_monitors.clear();
+
+			let mut events = nodes[0].node.get_and_clear_pending_msg_events();
+			assert_eq!(events.len(), 1);
+			SendEvent::from_event(events.remove(0))
+		};
+		nodes[1].node.handle_update_add_htlc(&nodes[0].node.get_our_node_id(), &payment_event.msgs[0]);
+		commitment_signed_dance!(nodes[1], nodes[0], &payment_event.commitment_msg, false, true);
+		expect_pending_htlcs_forwardable!(nodes[1]);
+		let payment_preimage_opt = if user_generated_pmt_hash { None } else { Some(payment_preimage) };
+		expect_payment_received!(nodes[1], payment_hash, payment_secret, payment_amt, payment_preimage_opt);
+		do_claim_payment_along_route(&nodes[0], &vec!(&vec!(&nodes[1])[..]), false, payment_preimage);
+		let events = nodes[0].node.get_and_clear_pending_events();
+		assert_eq!(events.len(), 2);
+		match events[0] {
+			Event::PaymentSent { payment_preimage: ref ev_preimage, payment_hash: ref ev_hash, ref fee_paid_msat, .. } => {
+				assert_eq!(payment_preimage, *ev_preimage);
+				assert_eq!(payment_hash, *ev_hash);
+				assert_eq!(fee_paid_msat, &Some(0));
+			},
+			_ => panic!("Unexpected event")
+		}
+		match events[1] {
+			Event::PaymentPathSuccessful { payment_hash: hash, .. } => {
+				assert_eq!(hash, Some(payment_hash));
+			},
+			_ => panic!("Unexpected event")
+		}
+	}
 }

lightning/src/chain/keysinterface.rs

@@ -407,10 +407,27 @@ pub trait KeysInterface {
 
 	/// Get secret key material as bytes for use in encrypting and decrypting inbound payment data.
 	///
+	/// If the implementor of this trait supports [phantom node payments], then every node that is
+	/// intended to be included in the phantom invoice(s) route hints must return the same value from
+	/// this method.
+	///
 	/// This method must return the same value each time it is called.
+	///
+	///[phantom node payments]: crate::ln::channelmanager::ChannelManager::get_phantom_scid
 	fn get_inbound_payment_key_material(&self) -> KeyMaterial;
 
-	/// Get a secret key for use in receiving phantom node payments.
+	/// Get the phantom node secret key for use in receiving a [phantom node payment].
+	///
+	/// Must return the same value for all `scid`s in a given phantom invoice's route hints.
+	///
+	/// Note that if you are using [`KeysManager`], every additional LDK node after the first one must
+	/// use [`KeysManager::new_multi_receive`] to initialize its `KeysManager` or payments will fail to
+	/// be received.
+	///
+	/// See [`KeysInterface::get_inbound_payment_key_material`] for further requirements on nodes
+	/// supporting phantom node payments.
+	///
+	///[phantom node payment]: crate::ln::channelmanager::ChannelManager::get_phantom_scid
 	fn get_phantom_secret(&self, scid: u64) -> Result<SecretKey, ()>;
 }
 

lightning/src/ln/channelmanager.rs

@@ -386,6 +386,7 @@ mod fake_scid {
 
 			let rand_i32 = i32::from_be_bytes(rand_bytes[4..8].try_into().unwrap()).abs();
 			let rand_tx_index =  rand_i32 % (MAX_TX_INDEX as i32);
+			// Adding this offset to `rand_tx_index` will put it into the given `scid_namespace`.
 			let offset = (scid_namespace as i32 - rand_tx_index) % (MAX_NAMESPACES as i32);
 			let fake_scid_tx_index: u64 = (rand_tx_index + offset) as u64;
 
@@ -2357,16 +2358,40 @@ impl<Signer: Sign, M: Deref, T: Deref, K: Deref, F: Deref, L: Deref> ChannelMana
 					},
 				};
 
-				PendingHTLCStatus::Forward(PendingHTLCInfo {
-					routing: PendingHTLCRouting::Forward {
-						onion_packet: outgoing_packet,
-						short_channel_id,
-					},
-					payment_hash: msg.payment_hash.clone(),
-					incoming_shared_secret: shared_secret,
-					amt_to_forward: next_hop_data.amt_to_forward,
-					outgoing_cltv_value: next_hop_data.outgoing_cltv_value,
-				})
+				let phantom_secret_res = self.keys_manager.get_phantom_secret(short_channel_id);
+				if phantom_secret_res.is_ok() && fake_scid::is_valid(&self.phantom_scid_namespace, short_channel_id) {
+					let shared_secret = {
+						let mut arr = [0; 32];
+						arr.copy_from_slice(&SharedSecret::new(&public_key.unwrap(), &phantom_secret_res.unwrap())[..]);
+						arr
+					};
+					let next_hop = match onion_utils::decode_next_hop(shared_secret, &outgoing_packet.hop_data, next_hop_hmac, msg.payment_hash) {
+						Ok(res) => res,
+						Err(onion_utils::OnionDecodeErr::Malformed { err_msg, err_code }) => {
+							return_malformed_err!(err_msg, err_code);
+						},
+						Err(onion_utils::OnionDecodeErr::Relay { err_msg, err_code }) => {
+							return_err!(err_msg, err_code, &[0; 0]);
+						},
+					};
+					match next_hop {
+						onion_utils::Hop::Receive(hop_data) => {
+							get_recv_pending_htlc_status!(hop_data)
+						},
+						_ => panic!(),
+					}
+				} else {
+					PendingHTLCStatus::Forward(PendingHTLCInfo {
+						routing: PendingHTLCRouting::Forward {
+							onion_packet: outgoing_packet,
+							short_channel_id,
+						},
+						payment_hash: msg.payment_hash.clone(),
+						incoming_shared_secret: shared_secret,
+						amt_to_forward: next_hop_data.amt_to_forward,
+						outgoing_cltv_value: next_hop_data.outgoing_cltv_value,
+					})
+				}
 			}
 		};
 
@@ -5214,6 +5239,20 @@ impl<Signer: Sign, M: Deref, T: Deref, K: Deref, F: Deref, L: Deref> ChannelMana
 		inbound_payment::get_payment_preimage(payment_hash, payment_secret, &self.inbound_payment_key)
 	}
 
+	/// Gets a fake short channel id for use in receiving phantom node payments.
+	///
+	/// A phantom node payment is a payment made to a phantom invoice, which is an invoice that can be
+	/// paid to one of multiple nodes. This works because the invoice officially pays to a fake node
+	/// (the "phantom"), with route hints containing phantom channels. This method is used to retrieve
+	/// the short channel ids for these phantom route hints.
+	///
+	/// These scids are not meant to be reused across invoices and should be fetched anew for each new
+	/// invoice.
+	pub fn get_phantom_scid(&self) -> u64 {
+		let best_block = self.best_block.read().unwrap();
+		self.phantom_scid_namespace.get_fake_scid(best_block.height(), &self.genesis_hash, &self.keys_manager)
+	}
+
 	#[cfg(any(test, feature = "fuzztarget", feature = "_test_utils"))]
 	pub fn get_and_clear_pending_events(&self) -> Vec<events::Event> {
 		let events = core::cell::RefCell::new(Vec::new());