Check and refresh async receive offer

As an async recipient, we need to interactively build a static invoice that an
always-online node will serve to payers on our behalf.

At the start of this process, we send a request for paths to include in our
offer to the always-online node on startup and refresh the cached offer when it
expires.

Author: valentinewallace

lightning/src/blinded_path/message.rs

@@ -393,6 +393,32 @@ pub enum OffersContext {
 /// [`AsyncPaymentsMessage`]: crate::onion_message::async_payments::AsyncPaymentsMessage
 #[derive(Clone, Debug)]
 pub enum AsyncPaymentsContext {
+	/// Context used by a reply path to an [`OfferPathsRequest`], provided back to us in corresponding
+	/// [`OfferPaths`] messages.
+	///
+	/// [`OfferPathsRequest`]: crate::onion_message::async_payments::OfferPathsRequest
+	/// [`OfferPaths`]: crate::onion_message::async_payments::OfferPaths
+	OfferPaths {
+		/// A nonce used for authenticating that an [`OfferPaths`] message is valid for a preceding
+		/// [`OfferPathsRequest`].
+		///
+		/// [`OfferPathsRequest`]: crate::onion_message::async_payments::OfferPathsRequest
+		/// [`OfferPaths`]: crate::onion_message::async_payments::OfferPaths
+		nonce: Nonce,
+		/// Authentication code for the [`OfferPaths`] message.
+		///
+		/// Prevents nodes from creating their own blinded path to us and causing us to cache an
+		/// unintended async receive offer.
+		///
+		/// [`OfferPaths`]: crate::onion_message::async_payments::OfferPaths
+		hmac: Hmac<Sha256>,
+		/// The time as duration since the Unix epoch at which this path expires and messages sent over
+		/// it should be ignored.
+		///
+		/// Used to time out a static invoice server from providing offer paths if the async recipient
+		/// is no longer configured to accept paths from them.
+		path_absolute_expiry: core::time::Duration,
+	},
 	/// Context contained within the reply [`BlindedMessagePath`] we put in outbound
 	/// [`HeldHtlcAvailable`] messages, provided back to us in corresponding [`ReleaseHeldHtlc`]
 	/// messages.
@@ -475,6 +501,11 @@ impl_writeable_tlv_based_enum!(AsyncPaymentsContext,
 		(2, hmac, required),
 		(4, path_absolute_expiry, required),
 	},
+	(2, OfferPaths) => {
+		(0, nonce, required),
+		(2, hmac, required),
+		(4, path_absolute_expiry, required),
+	},
 );
 
 /// Contains a simple nonce for use in a blinded path's context.

lightning/src/ln/channelmanager.rs

@@ -94,6 +94,7 @@ use crate::util::errors::APIError;
 #[cfg(async_payments)] use {
 	crate::offers::offer::Amount,
 	crate::offers::static_invoice::{DEFAULT_RELATIVE_EXPIRY as STATIC_INVOICE_DEFAULT_RELATIVE_EXPIRY, StaticInvoice, StaticInvoiceBuilder},
+	crate::onion_message::async_payments::REPLY_PATH_RELATIVE_EXPIRY,
 };
 
 #[cfg(feature = "dnssec")]
@@ -1515,6 +1516,35 @@ struct AsyncReceiveOffer {
 	offer_paths_request_attempts: u8,
 }
 
+impl AsyncReceiveOffer {
+	// If we have more than three hours before our offer expires, don't bother requesting new
+	// paths.
+	#[cfg(async_payments)]
+	const OFFER_RELATIVE_EXPIRY_BUFFER: Duration = Duration::from_secs(3 * 60 * 60);
+
+	/// Removes the offer from our cache if it's expired.
+	#[cfg(async_payments)]
+	fn check_expire_offer(&mut self, duration_since_epoch: Duration) {
+		if let Some(ref mut offer) = self.offer {
+			if offer.is_expired_no_std(duration_since_epoch) {
+				self.offer.take();
+				self.offer_paths_request_attempts = 0;
+			}
+		}
+	}
+
+	#[cfg(async_payments)]
+	fn should_refresh_offer(&self, duration_since_epoch: Duration) -> bool {
+		if let Some(ref offer) = self.offer {
+			let  offer_expiry = offer.absolute_expiry().unwrap_or(Duration::MAX);
+			if offer_expiry > duration_since_epoch.saturating_add(Self::OFFER_RELATIVE_EXPIRY_BUFFER) {
+				return false
+			}
+		}
+		return true
+	}
+}
+
 impl_writeable_tlv_based!(AsyncReceiveOffer, {
 	(0, offer, option),
 	(2, offer_paths_request_attempts, (static_value, 0)),
@@ -2432,6 +2462,8 @@ where
 //
 // `pending_async_payments_messages`
 //
+// `async_receive_offer_cache`
+//
 // `total_consistency_lock`
 //  |
 //  |__`forward_htlcs`
@@ -4852,6 +4884,50 @@ where
 			)
 	}
 
+	#[cfg(async_payments)]
+	fn check_refresh_async_receive_offer(&self) {
+		if self.default_configuration.paths_to_static_invoice_server.is_empty() { return }
+
+		let expanded_key = &self.inbound_payment_key;
+		let entropy = &*self.entropy_source;
+		let duration_since_epoch = self.duration_since_epoch();
+
+		{
+			let mut offer_cache = self.async_receive_offer_cache.lock().unwrap();
+			offer_cache.check_expire_offer(duration_since_epoch);
+			if !offer_cache.should_refresh_offer(duration_since_epoch) {
+				return
+			}
+
+			const MAX_ATTEMPTS: u8 = 3;
+			if offer_cache.offer_paths_request_attempts > MAX_ATTEMPTS { return }
+		}
+
+		let reply_paths = {
+			let nonce = Nonce::from_entropy_source(entropy);
+			let context = MessageContext::AsyncPayments(AsyncPaymentsContext::OfferPaths {
+				nonce,
+				hmac: signer::hmac_for_offer_paths_context(nonce, expanded_key),
+				path_absolute_expiry: duration_since_epoch.saturating_add(REPLY_PATH_RELATIVE_EXPIRY),
+			});
+			match self.create_blinded_paths(context) {
+				Ok(paths) => paths,
+				Err(()) => {
+					log_error!(self.logger, "Failed to create blinded paths when requesting async receive offer paths");
+					return
+				}
+			}
+		};
+
+
+		self.async_receive_offer_cache.lock().unwrap().offer_paths_request_attempts += 1;
+		let message = AsyncPaymentsMessage::OfferPathsRequest(OfferPathsRequest {});
+		queue_onion_message_with_reply_paths(
+			message, &self.default_configuration.paths_to_static_invoice_server[..], reply_paths,
+			&mut self.pending_async_payments_messages.lock().unwrap()
+		);
+	}
+
 	#[cfg(async_payments)]
 	fn initiate_async_payment(
 		&self, invoice: &StaticInvoice, payment_id: PaymentId
@@ -6801,6 +6877,9 @@ where
 				duration_since_epoch, &self.pending_events
 			);
 
+			#[cfg(async_payments)]
+			self.check_refresh_async_receive_offer();
+
 			// Technically we don't need to do this here, but if we have holding cell entries in a
 			// channel that need freeing, it's better to do that here and block a background task
 			// than block the message queueing pipeline.
@@ -12085,6 +12164,9 @@ where
 			return NotifyOption::SkipPersistHandleEvents;
 			//TODO: Also re-broadcast announcement_signatures
 		});
+
+		#[cfg(async_payments)]
+		self.check_refresh_async_receive_offer();
 		res
 	}
 

lightning/src/offers/signer.rs

@@ -55,6 +55,11 @@ const PAYMENT_TLVS_HMAC_INPUT: &[u8; 16] = &[8; 16];
 #[cfg(async_payments)]
 const ASYNC_PAYMENTS_HELD_HTLC_HMAC_INPUT: &[u8; 16] = &[9; 16];
 
+// HMAC input used in `AsyncPaymentsContext::OfferPaths` to authenticate inbound offer_paths onion
+// messages.
+#[cfg(async_payments)]
+const ASYNC_PAYMENTS_OFFER_PATHS_INPUT: &[u8; 16] = &[10; 16];
+
 /// Message metadata which possibly is derived from [`MetadataMaterial`] such that it can be
 /// verified.
 #[derive(Clone)]
@@ -555,3 +560,16 @@ pub(crate) fn verify_held_htlc_available_context(
 		Err(())
 	}
 }
+
+#[cfg(async_payments)]
+pub(crate) fn hmac_for_offer_paths_context(
+	nonce: Nonce, expanded_key: &ExpandedKey,
+) -> Hmac<Sha256> {
+	const IV_BYTES: &[u8; IV_LEN] = b"LDK Offer Paths~";
+	let mut hmac = expanded_key.hmac_for_offer();
+	hmac.input(IV_BYTES);
+	hmac.input(&nonce.0);
+	hmac.input(ASYNC_PAYMENTS_OFFER_PATHS_INPUT);
+
+	Hmac::from_engine(hmac)
+}

lightning/src/onion_message/async_payments.rs

@@ -29,6 +29,12 @@ const INVOICE_PERSISTED_TLV_TYPE: u64 = 65544;
 const HELD_HTLC_AVAILABLE_TLV_TYPE: u64 = 72;
 const RELEASE_HELD_HTLC_TLV_TYPE: u64 = 74;
 
+// Used to expire reply paths used in exchanging static invoice server onion messages. We expect
+// these onion messages to be exchanged quickly, but add some buffer for no-std users who rely on
+// block timestamps.
+#[cfg(async_payments)]
+pub(crate) const REPLY_PATH_RELATIVE_EXPIRY: Duration = Duration::from_secs(2 * 60 * 60);
+
 /// A handler for an [`OnionMessage`] containing an async payments message as its payload.
 ///
 /// [`OnionMessage`]: crate::ln::msgs::OnionMessage