Add support for storing a source HRN in BOLT 12 invoice_requests

TheBlueMatt · TheBlueMatt · commit 5b29a11ce475 · 2024-09-30T18:04:33.000Z
When we resolve a Human Readable Name to a BOLT 12 `offer`, we may
end up resolving to a wildcard DNS name covering all possible
`user` parts. In that case, if we just blindly pay the `offer`, the
recipient would have no way to tell which `user` we paid.

Instead, BOLT 12 defines a field to include the HRN resolved in the
`invoice_request`, which we implement here.
diff --git a/lightning/src/offers/invoice.rs b/lightning/src/offers/invoice.rs
@@ -1613,6 +1613,7 @@ mod tests {
 					payer_id: Some(&payer_pubkey()),
 					payer_note: None,
 					paths: None,
+					source_human_readable_name: None,
 				},
 				InvoiceTlvStreamRef {
 					paths: Some(Iterable(payment_paths.iter().map(|path| path.inner_blinded_path()))),
@@ -1706,6 +1707,7 @@ mod tests {
 					payer_id: Some(&payer_pubkey()),
 					payer_note: None,
 					paths: None,
+					source_human_readable_name: None,
 				},
 				InvoiceTlvStreamRef {
 					paths: Some(Iterable(payment_paths.iter().map(|path| path.inner_blinded_path()))),
diff --git a/lightning/src/offers/invoice_request.rs b/lightning/src/offers/invoice_request.rs
@@ -75,6 +75,7 @@ use crate::offers::offer::{Offer, OfferContents, OfferId, OfferTlvStream, OfferT
 use crate::offers::parse::{Bolt12ParseError, ParsedMessage, Bolt12SemanticError};
 use crate::offers::payer::{PayerContents, PayerTlvStream, PayerTlvStreamRef};
 use crate::offers::signer::{Metadata, MetadataMaterial};
+use crate::onion_message::dns_resolution::HumanReadableName;
 use crate::util::ser::{CursorReadable, HighZeroBytesDroppedBigSize, Readable, WithoutLength, Writeable, Writer};
 use crate::util::string::{PrintableString, UntrustedString};
 
@@ -241,6 +242,7 @@ macro_rules! invoice_request_builder_methods { (
 		InvoiceRequestContentsWithoutPayerSigningPubkey {
 			payer: PayerContents(metadata), offer, chain: None, amount_msats: None,
 			features: InvoiceRequestFeatures::empty(), quantity: None, payer_note: None,
+			source_human_readable_name: None,
 		}
 	}
 
@@ -299,6 +301,14 @@ macro_rules! invoice_request_builder_methods { (
 		$return_value
 	}
 
+	/// Sets the [`InvoiceRequest::source_human_readable_name`].
+	///
+	/// Successive calls to this method will override the previous setting.
+	pub fn sourced_from_human_readable_name($($self_mut)* $self: $self_type, hrn: HumanReadableName) -> $return_type {
+		$self.invoice_request.source_human_readable_name = Some(hrn);
+		$return_value
+	}
+
 	fn build_with_checks($($self_mut)* $self: $self_type) -> Result<
 		(UnsignedInvoiceRequest, Option<Keypair>, Option<&'b Secp256k1<$secp_context>>),
 		Bolt12SemanticError
@@ -643,6 +653,7 @@ pub(super) struct InvoiceRequestContentsWithoutPayerSigningPubkey {
 	features: InvoiceRequestFeatures,
 	quantity: Option<u64>,
 	payer_note: Option<String>,
+	source_human_readable_name: Option<HumanReadableName>,
 }
 
 macro_rules! invoice_request_accessors { ($self: ident, $contents: expr) => {
@@ -687,6 +698,12 @@ macro_rules! invoice_request_accessors { ($self: ident, $contents: expr) => {
 	pub fn payer_note(&$self) -> Option<PrintableString> {
 		$contents.payer_note()
 	}
+
+	/// If the [`Offer`] was sourced from a BIP 353 Human Readable Name, this should be set by the
+	/// builder to indicate the original [`HumanReadableName`] which was resolved.
+	pub fn source_human_readable_name(&$self) -> &Option<HumanReadableName> {
+		$contents.source_human_readable_name()
+	}
 } }
 
 impl UnsignedInvoiceRequest {
@@ -940,7 +957,7 @@ impl VerifiedInvoiceRequest {
 		let InvoiceRequestContents {
 			payer_signing_pubkey,
 			inner: InvoiceRequestContentsWithoutPayerSigningPubkey {
-				payer: _, offer: _, chain: _, amount_msats: _, features: _, quantity, payer_note
+				quantity, payer_note, ..
 			},
 		} = &self.inner.contents;
 
@@ -983,6 +1000,10 @@ impl InvoiceRequestContents {
 			.map(|payer_note| PrintableString(payer_note.as_str()))
 	}
 
+	pub(super) fn source_human_readable_name(&self) -> &Option<HumanReadableName> {
+		&self.inner.source_human_readable_name
+	}
+
 	pub(super) fn as_tlv_stream(&self) -> PartialInvoiceRequestTlvStreamRef {
 		let (payer, offer, mut invoice_request) = self.inner.as_tlv_stream();
 		invoice_request.payer_id = Some(&self.payer_signing_pubkey);
@@ -1018,6 +1039,7 @@ impl InvoiceRequestContentsWithoutPayerSigningPubkey {
 			quantity: self.quantity,
 			payer_id: None,
 			payer_note: self.payer_note.as_ref(),
+			source_human_readable_name: self.source_human_readable_name.as_ref(),
 			paths: None,
 		};
 
@@ -1070,6 +1092,7 @@ tlv_stream!(InvoiceRequestTlvStream, InvoiceRequestTlvStreamRef, INVOICE_REQUEST
 	(89, payer_note: (String, WithoutLength)),
 	// Only used for Refund since the onion message of an InvoiceRequest has a reply path.
 	(90, paths: (Vec<BlindedMessagePath>, WithoutLength)),
+	(91, source_human_readable_name: HumanReadableName),
 });
 
 type FullInvoiceRequestTlvStream =
@@ -1154,6 +1177,7 @@ impl TryFrom<PartialInvoiceRequestTlvStream> for InvoiceRequestContents {
 			offer_tlv_stream,
 			InvoiceRequestTlvStream {
 				chain, amount, features, quantity, payer_id, payer_note, paths,
+				source_human_readable_name,
 			},
 		) = tlv_stream;
 
@@ -1188,6 +1212,7 @@ impl TryFrom<PartialInvoiceRequestTlvStream> for InvoiceRequestContents {
 		Ok(InvoiceRequestContents {
 			inner: InvoiceRequestContentsWithoutPayerSigningPubkey {
 				payer, offer, chain, amount_msats: amount, features, quantity, payer_note,
+				source_human_readable_name,
 			},
 			payer_signing_pubkey,
 		})
@@ -1365,6 +1390,7 @@ mod tests {
 					payer_id: Some(&payer_pubkey()),
 					payer_note: None,
 					paths: None,
+					source_human_readable_name: None,
 				},
 				SignatureTlvStreamRef { signature: Some(&invoice_request.signature()) },
 			),
diff --git a/lightning/src/offers/parse.rs b/lightning/src/offers/parse.rs
@@ -195,6 +195,11 @@ pub enum Bolt12SemanticError {
 	InvalidSigningPubkey,
 	/// A signature was expected but was missing.
 	MissingSignature,
+	/// A Human Readable Name was provided but was not expected (i.e. was included in a
+	/// [`Refund`]).
+	///
+	/// [`Refund`]: super::refund::Refund
+	UnexpectedHumanReadableName,
 }
 
 impl From<bech32::Error> for Bolt12ParseError {
diff --git a/lightning/src/offers/refund.rs b/lightning/src/offers/refund.rs
@@ -768,6 +768,7 @@ impl RefundContents {
 			payer_id: Some(&self.payer_signing_pubkey),
 			payer_note: self.payer_note.as_ref(),
 			paths: self.paths.as_ref(),
+			source_human_readable_name: None,
 		};
 
 		(payer, offer, invoice_request)
@@ -847,7 +848,8 @@ impl TryFrom<RefundTlvStream> for RefundContents {
 				issuer_id,
 			},
 			InvoiceRequestTlvStream {
-				chain, amount, features, quantity, payer_id, payer_note, paths
+				chain, amount, features, quantity, payer_id, payer_note, paths,
+				source_human_readable_name,
 			},
 		) = tlv_stream;
 
@@ -891,6 +893,11 @@ impl TryFrom<RefundTlvStream> for RefundContents {
 			return Err(Bolt12SemanticError::UnexpectedIssuerSigningPubkey);
 		}
 
+		if source_human_readable_name.is_some() {
+			// Only offers can be resolved using Human Readable Names
+			return Err(Bolt12SemanticError::UnexpectedHumanReadableName);
+		}
+
 		let amount_msats = match amount {
 			None => return Err(Bolt12SemanticError::MissingAmount),
 			Some(amount_msats) if amount_msats > MAX_VALUE_MSAT => {
@@ -1013,6 +1020,7 @@ mod tests {
 					payer_id: Some(&payer_pubkey()),
 					payer_note: None,
 					paths: None,
+					source_human_readable_name: None,
 				},
 			),
 		);
