Validate amount_msats against invreq amount

Add a check to ensure that the amount_msats in an invoice matches the
amount_msats specified in the invoice_request or offer (or refund).
Reject the invoice as invalid if there is a mismatch between these
amounts. Otherwise, an invoice may be paid with an amount greater than
the requested amount.

Co-authored-by: Ian Slane <[email protected]>
Co-authored-by: Jeffrey Czyz <[email protected]>

Author: 2 people

lightning/src/ln/offers_tests.rs

@@ -566,7 +566,7 @@ fn creates_and_pays_for_offer_using_two_hop_blinded_path() {
 			human_readable_name: None,
 		},
 	});
-	assert_eq!(invoice_request.amount_msats(), None);
+	assert_eq!(invoice_request.amount_msats(), Some(10_000_000));
 	assert_ne!(invoice_request.payer_signing_pubkey(), david_id);
 	assert_eq!(reply_path.introduction_node(), &IntroductionNode::NodeId(charlie_id));
 
@@ -727,7 +727,7 @@ fn creates_and_pays_for_offer_using_one_hop_blinded_path() {
 			human_readable_name: None,
 		},
 	});
-	assert_eq!(invoice_request.amount_msats(), None);
+	assert_eq!(invoice_request.amount_msats(), Some(10_000_000));
 	assert_ne!(invoice_request.payer_signing_pubkey(), bob_id);
 	assert_eq!(reply_path.introduction_node(), &IntroductionNode::NodeId(bob_id));
 
@@ -1116,7 +1116,7 @@ fn creates_and_pays_for_offer_with_retry() {
 			human_readable_name: None,
 		},
 	});
-	assert_eq!(invoice_request.amount_msats(), None);
+	assert_eq!(invoice_request.amount_msats(), Some(10_000_000));
 	assert_ne!(invoice_request.payer_signing_pubkey(), bob_id);
 	assert_eq!(reply_path.introduction_node(), &IntroductionNode::NodeId(bob_id));
 	let onion_message = alice.onion_messenger.next_onion_message_for_peer(bob_id).unwrap();
@@ -1411,7 +1411,7 @@ fn fails_authentication_when_handling_invoice_request() {
 	alice.onion_messenger.handle_onion_message(david_id, &onion_message);
 
 	let (invoice_request, reply_path) = extract_invoice_request(alice, &onion_message);
-	assert_eq!(invoice_request.amount_msats(), None);
+	assert_eq!(invoice_request.amount_msats(), Some(10_000_000));
 	assert_ne!(invoice_request.payer_signing_pubkey(), david_id);
 	assert_eq!(reply_path.introduction_node(), &IntroductionNode::NodeId(charlie_id));
 
@@ -1441,7 +1441,7 @@ fn fails_authentication_when_handling_invoice_request() {
 	alice.onion_messenger.handle_onion_message(bob_id, &onion_message);
 
 	let (invoice_request, reply_path) = extract_invoice_request(alice, &onion_message);
-	assert_eq!(invoice_request.amount_msats(), None);
+	assert_eq!(invoice_request.amount_msats(), Some(10_000_000));
 	assert_ne!(invoice_request.payer_signing_pubkey(), david_id);
 	assert_eq!(reply_path.introduction_node(), &IntroductionNode::NodeId(charlie_id));
 
@@ -1543,7 +1543,7 @@ fn fails_authentication_when_handling_invoice_for_offer() {
 	alice.onion_messenger.handle_onion_message(bob_id, &onion_message);
 
 	let (invoice_request, reply_path) = extract_invoice_request(alice, &onion_message);
-	assert_eq!(invoice_request.amount_msats(), None);
+	assert_eq!(invoice_request.amount_msats(), Some(10_000_000));
 	assert_ne!(invoice_request.payer_signing_pubkey(), david_id);
 	assert_eq!(reply_path.introduction_node(), &IntroductionNode::NodeId(charlie_id));
 

lightning/src/offers/invoice.rs

@@ -342,7 +342,7 @@ macro_rules! invoice_builder_methods { (
 	pub(crate) fn amount_msats(
 		invoice_request: &InvoiceRequest
 	) -> Result<u64, Bolt12SemanticError> {
-		match invoice_request.amount_msats() {
+		match invoice_request.contents.inner.amount_msats() {
 			Some(amount_msats) => Ok(amount_msats),
 			None => match invoice_request.contents.inner.offer.amount() {
 				Some(Amount::Bitcoin { amount_msats }) => {
@@ -1531,6 +1531,11 @@ impl TryFrom<PartialInvoiceTlvStream> for InvoiceContents {
 					experimental_offer_tlv_stream, experimental_invoice_request_tlv_stream,
 				)
 			)?;
+
+			if amount_msats != refund.amount_msats() {
+				return Err(Bolt12SemanticError::InvalidAmount);
+			}
+
 			Ok(InvoiceContents::ForRefund { refund, fields })
 		} else {
 			let invoice_request = InvoiceRequestContents::try_from(
@@ -1539,6 +1544,13 @@ impl TryFrom<PartialInvoiceTlvStream> for InvoiceContents {
 					experimental_offer_tlv_stream, experimental_invoice_request_tlv_stream,
 				)
 			)?;
+
+			if let Some(requested_amount_msats) = invoice_request.amount_msats() {
+				if amount_msats != requested_amount_msats {
+					return Err(Bolt12SemanticError::InvalidAmount);
+				}
+			}
+
 			Ok(InvoiceContents::ForOffer { invoice_request, fields })
 		}
 	}
@@ -2707,6 +2719,69 @@ mod tests {
 		}
 	}
 
+	#[test]
+	fn fails_parsing_invoice_with_wrong_amount() {
+		let expanded_key = ExpandedKey::new([42; 32]);
+		let entropy = FixedEntropy {};
+		let nonce = Nonce::from_entropy_source(&entropy);
+		let secp_ctx = Secp256k1::new();
+		let payment_id = PaymentId([1; 32]);
+
+		let invoice = OfferBuilder::new(recipient_pubkey())
+			.amount_msats(1000)
+			.build().unwrap()
+			.request_invoice(&expanded_key, nonce, &secp_ctx, payment_id).unwrap()
+			.build_and_sign().unwrap()
+			.respond_with_no_std(payment_paths(), payment_hash(), now()).unwrap()
+			.amount_msats_unchecked(2000)
+			.build().unwrap()
+			.sign(recipient_sign).unwrap();
+
+		let mut buffer = Vec::new();
+		invoice.write(&mut buffer).unwrap();
+
+		match Bolt12Invoice::try_from(buffer) {
+			Ok(_) => panic!("expected error"),
+			Err(e) => assert_eq!(e, Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::InvalidAmount)),
+		}
+
+		let invoice = OfferBuilder::new(recipient_pubkey())
+			.amount_msats(1000)
+			.build().unwrap()
+			.request_invoice(&expanded_key, nonce, &secp_ctx, payment_id).unwrap()
+			.amount_msats(1000).unwrap()
+			.build_and_sign().unwrap()
+			.respond_with_no_std(payment_paths(), payment_hash(), now()).unwrap()
+			.amount_msats_unchecked(2000)
+			.build().unwrap()
+			.sign(recipient_sign).unwrap();
+
+		let mut buffer = Vec::new();
+		invoice.write(&mut buffer).unwrap();
+
+		match Bolt12Invoice::try_from(buffer) {
+			Ok(_) => panic!("expected error"),
+			Err(e) => assert_eq!(e, Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::InvalidAmount)),
+		}
+
+		let invoice = RefundBuilder::new(vec![1; 32], payer_pubkey(), 1000).unwrap()
+			.build().unwrap()
+			.respond_using_derived_keys_no_std(
+				payment_paths(), payment_hash(), now(), &expanded_key, &entropy
+			)
+			.unwrap()
+			.amount_msats_unchecked(2000)
+			.build_and_sign(&secp_ctx).unwrap();
+
+		let mut buffer = Vec::new();
+		invoice.write(&mut buffer).unwrap();
+
+		match Bolt12Invoice::try_from(buffer) {
+			Ok(_) => panic!("expected error"),
+			Err(e) => assert_eq!(e, Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::InvalidAmount)),
+		}
+	}
+
 	#[test]
 	fn fails_parsing_invoice_without_signature() {
 		let expanded_key = ExpandedKey::new([42; 32]);

lightning/src/offers/invoice_macros.rs

@@ -87,6 +87,14 @@ macro_rules! invoice_builder_methods_test { (
 	$self: ident, $self_type: ty, $invoice_fields: expr, $return_type: ty, $return_value: expr
 	$(, $self_mut: tt)?
 ) => {
+	#[cfg_attr(c_bindings, allow(dead_code))]
+	pub(crate) fn amount_msats_unchecked(
+		$($self_mut)* $self: $self_type, amount_msats: u64,
+	) -> $return_type {
+		$invoice_fields.amount_msats = amount_msats;
+		$return_value
+	}
+
 	#[cfg_attr(c_bindings, allow(dead_code))]
 	pub(crate) fn features_unchecked(
 		$($self_mut)* $self: $self_type, features: Bolt12InvoiceFeatures

lightning/src/offers/invoice_request.rs

@@ -79,7 +79,7 @@ use crate::ln::inbound_payment::{ExpandedKey, IV_LEN};
 use crate::ln::msgs::DecodeError;
 use crate::offers::merkle::{SignError, SignFn, SignatureTlvStream, SignatureTlvStreamRef, TaggedHash, TlvStream, self, SIGNATURE_TLV_RECORD_SIZE};
 use crate::offers::nonce::Nonce;
-use crate::offers::offer::{EXPERIMENTAL_OFFER_TYPES, ExperimentalOfferTlvStream, ExperimentalOfferTlvStreamRef, OFFER_TYPES, Offer, OfferContents, OfferId, OfferTlvStream, OfferTlvStreamRef};
+use crate::offers::offer::{Amount, EXPERIMENTAL_OFFER_TYPES, ExperimentalOfferTlvStream, ExperimentalOfferTlvStreamRef, OFFER_TYPES, Offer, OfferContents, OfferId, OfferTlvStream, OfferTlvStreamRef};
 use crate::offers::parse::{Bolt12ParseError, ParsedMessage, Bolt12SemanticError};
 use crate::offers::payer::{PayerContents, PayerTlvStream, PayerTlvStreamRef};
 use crate::offers::signer::{Metadata, MetadataMaterial};
@@ -974,7 +974,15 @@ impl InvoiceRequestContents {
 	}
 
 	pub(super) fn amount_msats(&self) -> Option<u64> {
-		self.inner.amount_msats
+		self.inner
+			.amount_msats()
+			.or_else(|| match self.inner.offer.amount() {
+				Some(Amount::Bitcoin { amount_msats }) => {
+					Some(amount_msats.saturating_mul(self.quantity().unwrap_or(1)))
+				},
+				Some(Amount::Currency { .. }) => None,
+				None => { debug_assert!(false); None},
+			})
 	}
 
 	pub(super) fn features(&self) -> &InvoiceRequestFeatures {
@@ -1015,6 +1023,10 @@ impl InvoiceRequestContentsWithoutPayerSigningPubkey {
 		self.chain.unwrap_or_else(|| self.offer.implied_chain())
 	}
 
+	pub(super) fn amount_msats(&self) -> Option<u64> {
+		self.amount_msats
+	}
+
 	pub(super) fn as_tlv_stream(&self) -> PartialInvoiceRequestTlvStreamRef {
 		let payer = PayerTlvStreamRef {
 			metadata: self.payer.0.as_bytes(),
@@ -1381,7 +1393,7 @@ mod tests {
 		assert_eq!(invoice_request.supported_quantity(), Quantity::One);
 		assert_eq!(invoice_request.issuer_signing_pubkey(), Some(recipient_pubkey()));
 		assert_eq!(invoice_request.chain(), ChainHash::using_genesis_block(Network::Bitcoin));
-		assert_eq!(invoice_request.amount_msats(), None);
+		assert_eq!(invoice_request.amount_msats(), Some(1000));
 		assert_eq!(invoice_request.invoice_request_features(), &InvoiceRequestFeatures::empty());
 		assert_eq!(invoice_request.quantity(), None);
 		assert_eq!(invoice_request.payer_note(), None);
@@ -1748,6 +1760,44 @@ mod tests {
 		}
 	}
 
+	#[test]
+	fn builds_invoice_request_without_amount() {
+		let expanded_key = ExpandedKey::new([42; 32]);
+		let entropy = FixedEntropy {};
+		let nonce = Nonce::from_entropy_source(&entropy);
+		let secp_ctx = Secp256k1::new();
+		let payment_id = PaymentId([1; 32]);
+
+		let invoice_request = OfferBuilder::new(recipient_pubkey())
+			.amount_msats(1000)
+			.build().unwrap()
+			.request_invoice(&expanded_key, nonce, &secp_ctx, payment_id).unwrap()
+			.build_and_sign().unwrap();
+		let (_, _, tlv_stream, _, _, _) = invoice_request.as_tlv_stream();
+		assert_eq!(invoice_request.amount_msats(), Some(1000));
+		assert_eq!(tlv_stream.amount, None);
+
+		let invoice_request = OfferBuilder::new(recipient_pubkey())
+			.amount_msats(1000)
+			.supported_quantity(Quantity::Unbounded)
+			.build().unwrap()
+			.request_invoice(&expanded_key, nonce, &secp_ctx, payment_id).unwrap()
+			.quantity(2).unwrap()
+			.build_and_sign().unwrap();
+		let (_, _, tlv_stream, _, _, _) = invoice_request.as_tlv_stream();
+		assert_eq!(invoice_request.amount_msats(), Some(2000));
+		assert_eq!(tlv_stream.amount, None);
+
+		let invoice_request = OfferBuilder::new(recipient_pubkey())
+			.amount(Amount::Currency { iso4217_code: *b"USD", amount: 10 })
+			.build_unchecked()
+			.request_invoice(&expanded_key, nonce, &secp_ctx, payment_id).unwrap()
+			.build_unchecked_and_sign();
+		let (_, _, tlv_stream, _, _, _) = invoice_request.as_tlv_stream();
+		assert_eq!(invoice_request.amount_msats(), None);
+		assert_eq!(tlv_stream.amount, None);
+	}
+
 	#[test]
 	fn builds_invoice_request_with_features() {
 		let expanded_key = ExpandedKey::new([42; 32]);

lightning/src/offers/parse.rs

@@ -147,7 +147,7 @@ pub enum Bolt12SemanticError {
 	UnexpectedChain,
 	/// An amount was expected but was missing.
 	MissingAmount,
-	/// The amount exceeded the total bitcoin supply.
+	/// The amount exceeded the total bitcoin supply or didn't match an expected amount.
 	InvalidAmount,
 	/// An amount was provided but was not sufficient in value.
 	InsufficientAmount,