plugins/offers: Extend the capability of decode to decrypt the conten…

…ts of emergency.recover file.

plugins/offers.c

@@ -17,6 +17,10 @@
 #include <plugins/offers_inv_hook.h>
 #include <plugins/offers_invreq_hook.h>
 #include <plugins/offers_offer.h>
+#include <sodium.h>
+
+#define HEADER_LEN crypto_secretstream_xchacha20poly1305_HEADERBYTES
+#define ABYTES crypto_secretstream_xchacha20poly1305_ABYTES
 
 struct pubkey id;
 u32 blockheight;
@@ -159,8 +163,23 @@ struct decodable {
 	struct tlv_invoice *invoice;
 	struct tlv_invoice_request *invreq;
 	struct rune *rune;
+	u8 *encrypted_blob;
 };
 
+static u8 *encrypted_decode(const tal_t *ctx, const char *str, size_t len) {
+	u8 *data = tal_hexdata(ctx, str, len);
+	if(!data)
+		goto fail;
+
+	if(len < ABYTES + HEADER_LEN)
+		goto fail;
+
+	return data;
+fail:
+	tal_free(data);
+	return NULL;
+}
+
 static struct command_result *param_decodable(struct command *cmd,
 					      const char *name,
 					      const char *buffer,
@@ -226,6 +245,14 @@ static struct command_result *param_decodable(struct command *cmd,
 		return NULL;
 	}
 
+	decodable->encrypted_blob = encrypted_decode(decodable, buffer + tok.start,
+						     tok.end - tok.start);
+
+	if (decodable->encrypted_blob) {
+		decodable->type = "encrypted blob";
+		return NULL;
+	}
+
 	decodable->rune = rune_from_base64n(decodable, buffer + tok.start,
 					    tok.end - tok.start);
 	if (decodable->rune) {
@@ -1009,6 +1036,48 @@ static void json_add_rune(struct command *cmd, struct json_stream *js, const str
 	json_add_bool(js, "valid", true);
 }
 
+static struct command_result *after_makesecret(struct command *cmd,
+				       const char *buf,
+				       const jsmntok_t *result,
+				       struct decodable *decodable)
+{
+	struct secret secret;
+	struct json_stream *response;
+	const jsmntok_t *secrettok;
+
+	secrettok = json_get_member(buf, result, "secret");
+	json_to_secret(buf, secrettok, &secret);
+
+	crypto_secretstream_xchacha20poly1305_state crypto_state;
+
+	u8 *decrypt_blob = tal_arr(tmpctx, u8,
+					tal_bytelen(decodable->encrypted_blob) -
+					ABYTES -
+					HEADER_LEN);
+	/* The header part */
+	if (crypto_secretstream_xchacha20poly1305_init_pull(&crypto_state,
+							    decodable->encrypted_blob,
+							    (&secret)->data) != 0) {
+		return command_fail(cmd, JSONRPC2_INVALID_PARAMS, "Can't decrypt!");
+	}
+
+	if (crypto_secretstream_xchacha20poly1305_pull(&crypto_state, decrypt_blob,
+						       NULL, 0,
+						       decodable->encrypted_blob +
+						       HEADER_LEN,
+						       tal_bytelen(decodable->encrypted_blob)-
+						       HEADER_LEN,
+						       NULL, 0) != 0) {
+		return command_fail(cmd, JSONRPC2_INVALID_PARAMS, "Can't decrypt!");
+	}
+
+	response = jsonrpc_stream_success(cmd);
+	json_add_string(response, "type", decodable->type);
+	json_add_hex(response, "decrypted", decrypt_blob,
+		     tal_bytelen(decrypt_blob));
+	return command_finished(cmd, response);
+}
+
 static struct command_result *json_decode(struct command *cmd,
 					  const char *buffer,
 					  const jsmntok_t *params)
@@ -1036,6 +1105,18 @@ static struct command_result *json_decode(struct command *cmd,
 	}
 	if (decodable->rune)
 		json_add_rune(cmd, response, decodable->rune);
+	if (decodable->encrypted_blob) {
+		struct out_req *req;
+		const char *info = "scb secret";
+		u8 *info_hex = tal_dup_arr(tmpctx, u8, (u8*)info, strlen(info), 0);
+
+		req = jsonrpc_request_start(cmd->plugin, cmd, "makesecret",
+					after_makesecret, &forward_error, decodable);
+
+		json_add_hex(req->js, "hex", info_hex, tal_bytelen(info_hex));
+		return send_outreq(cmd->plugin, req);
+	}
+
 	return command_finished(cmd, response);
 }