Test create_payment_onion for Trampoline

Author: arik-so

lightning/src/ln/blinded_payment_tests.rs

@@ -8,6 +8,7 @@
 // licenses.
 
 use bitcoin::hashes::hex::FromHex;
+use bitcoin::hex::DisplayHex;
 use bitcoin::secp256k1::{PublicKey, Scalar, Secp256k1, SecretKey, schnorr};
 use bitcoin::secp256k1::ecdh::SharedSecret;
 use bitcoin::secp256k1::ecdsa::{RecoverableSignature, Signature};
@@ -30,16 +31,18 @@ use crate::ln::outbound_payment::{Retry, IDEMPOTENCY_TIMEOUT_TICKS};
 use crate::offers::invoice::UnsignedBolt12Invoice;
 use crate::offers::nonce::Nonce;
 use crate::prelude::*;
-use crate::routing::router::{BlindedTail, Path, Payee, PaymentParameters, RouteHop, RouteParameters};
+use crate::routing::router::{BlindedTail, Path, Payee, PaymentParameters, RouteHop, RouteParameters, TrampolineHop};
 use crate::sign::{NodeSigner, Recipient};
 use crate::util::config::UserConfig;
-use crate::util::ser::WithoutLength;
+use crate::util::ser::{WithoutLength, Writeable};
 use crate::util::test_utils;
 use lightning_invoice::RawBolt11Invoice;
 #[cfg(async_payments)] use {
 	crate::ln::inbound_payment,
 	crate::types::payment::PaymentPreimage,
 };
+use types::features::Features;
+use crate::blinded_path::BlindedHop;
 
 fn blinded_payment_path(
 	payment_secret: PaymentSecret, intro_node_min_htlc: u64, intro_node_max_htlc: u64,
@@ -1759,3 +1762,83 @@ fn route_blinding_spec_test_vector() {
 		_ => panic!("Unexpected error")
 	}
 }
+
+#[test]
+fn combined_trampoline_onion_creation_test() {
+	let mut secp_ctx = Secp256k1::new();
+	let session_priv = SecretKey::from_slice(&<Vec<u8>>::from_hex("a64feb81abd58e473df290e9e1c07dc3e56114495cadf33191f44ba5448ebe99").unwrap()).unwrap();
+
+	let path = Path {
+		hops: vec![
+			// Bob
+			RouteHop {
+				pubkey: PublicKey::from_slice(&<Vec<u8>>::from_hex("0324653eac434488002cc06bbfb7f10fe18991e35f9fe4302dbea6d2353dc0ab1c").unwrap()).unwrap(),
+				node_features: NodeFeatures::empty(),
+				short_channel_id: 0,
+				channel_features: ChannelFeatures::empty(),
+				fee_msat: 0,
+				cltv_expiry_delta: 0,
+				maybe_announced_channel: false,
+			},
+
+			// Carol
+			RouteHop {
+				pubkey: PublicKey::from_slice(&<Vec<u8>>::from_hex("027f31ebc5462c1fdce1b737ecff52d37d75dea43ce11c74d25aa297165faa2007").unwrap()).unwrap(),
+				node_features: NodeFeatures::empty(),
+				short_channel_id: (572330 << 40) + (42 << 16) + 2821,
+				channel_features: ChannelFeatures::empty(),
+				fee_msat: 150_153_000,
+				cltv_expiry_delta: 24,
+				maybe_announced_channel: false,
+			},
+		],
+		trampoline_hops: vec![
+			// Carol's pubkey
+			TrampolineHop {
+				pubkey: PublicKey::from_slice(&<Vec<u8>>::from_hex("027f31ebc5462c1fdce1b737ecff52d37d75dea43ce11c74d25aa297165faa2007").unwrap()).unwrap(),
+				node_features: Features::empty(),
+				fee_msat: 0,
+				cltv_expiry_delta: 0,
+			},
+			// Dave's pubkey (the intro node needs to be duplicated)
+			TrampolineHop {
+				pubkey: PublicKey::from_slice(&<Vec<u8>>::from_hex("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()).unwrap(),
+				node_features: Features::empty(),
+				fee_msat: 150_500, // incorporate both base and proportional fee
+				cltv_expiry_delta: 36,
+			}
+		],
+		blinded_tail: Some(BlindedTail {
+			hops: vec![
+				BlindedHop {
+					blinded_node_id: PublicKey::from_slice(&<Vec<u8>>::from_hex("0295d40514096a8be54859e7dfe947b376eaafea8afe5cb4eb2c13ff857ed0b4be").unwrap()).unwrap(),
+					encrypted_payload: <Vec<u8>>::from_hex("0ccf3c8a58deaa603f657ee2a5ed9d604eb5c8ca1e5f801989afa8f3ea6d789bbdde2c7e7a1ef9ca8c38d2c54760febad8446d3f273ddb537569ef56613846ccd3aba78a").unwrap(),
+				},
+				BlindedHop {
+					blinded_node_id: PublicKey::from_slice(&<Vec<u8>>::from_hex("020e2dbadcc2005e859819ddebbe88a834ae8a6d2b049233c07335f15cd1dc5f22").unwrap()).unwrap(),
+					encrypted_payload: <Vec<u8>>::from_hex("bcd747394fbd4d99588da075a623316e15a576df5bc785cccc7cd6ec7b398acce6faf520175f9ec920f2ef261cdb83dc28cc3a0eeb970107b3306489bf771ef5b1213bca811d345285405861d08a655b6c237fa247a8b4491beee20c878a60e9816492026d8feb9dafa84585b253978db6a0aa2945df5ef445c61e801fb82f43d5f00716baf9fc9b3de50bc22950a36bda8fc27bfb1242e5860c7e687438d4133e058770361a19b6c271a2a07788d34dccc27e39b9829b061a4d960eac4a2c2b0f4de506c24f9af3868c0aff6dda27281c").unwrap(),
+				}
+			],
+			blinding_point: PublicKey::from_slice(&<Vec<u8>>::from_hex("02988face71e92c345a068f740191fd8e53be14f0bb957ef730d3c5f76087b960e").unwrap()).unwrap(),
+			excess_final_cltv_expiry_delta: 0,
+			final_value_msat: 150_000_000,
+			final_hop_supports_trampoline: true,
+		}),
+	};
+
+	let associated_data_slice = SecretKey::from_slice(&<Vec<u8>>::from_hex("e89bc505e84aaca09613833fc58c9069078fb43bfbea0488f34eec9db99b5f82").unwrap()).unwrap();
+	let associated_data = PaymentHash(associated_data_slice.secret_bytes());
+	let payment_secret = PaymentSecret(SecretKey::from_slice(&<Vec<u8>>::from_hex("7494b65bc092b48a75465e43e29be807eb2cc535ce8aaba31012b8ff1ceac5da").unwrap()).unwrap().secret_bytes());
+	let outer_session_key = SecretKey::from_slice(&<Vec<u8>>::from_hex("4f777e8dac16e6dfe333066d9efb014f7a51d11762ff76eca4d3a95ada99ba3e").unwrap()).unwrap();
+	let outer_onion_prng_seed = onion_utils::gen_pad_from_shared_secret(&outer_session_key.secret_bytes());
+
+	let amt_msat = 150_000_000;
+	let cur_height = 800_000;
+	let recipient_onion_fields = RecipientOnionFields::secret_only(payment_secret);
+	let (bob_onion, htlc_msat, htlc_cltv) = onion_utils::create_payment_onion_internal(&secp_ctx, &path, &session_priv, amt_msat, &recipient_onion_fields, cur_height, &associated_data, &None, None, [0; 32], Some(payment_secret), Some(outer_session_key), Some(outer_onion_prng_seed)).unwrap();
+
+	let outer_onion_packet_hex = bob_onion.encode().to_lower_hex_string();
+	assert_eq!(outer_onion_packet_hex, "00025fd60556c134ae97e4baedba220a644037754ee67c54fd05e93bf40c17cbb73362fb9dee96001ff229945595b6edb59437a6bc143406d3f90f749892a84d8d430c6890437d26d5bfc599d565316ef51347521075bbab87c59c57bcf20af7e63d7192b46cf171e4f73cb11f9f603915389105d91ad630224bea95d735e3988add1e24b5bf28f1d7128db64284d90a839ba340d088c74b1fb1bd21136b1809428ec5399c8649e9bdf92d2dcfc694deae5046fa5b2bdf646847aaad73f5e95275763091c90e71031cae1f9a770fdea559642c9c02f424a2a28163dd0957e3874bd28a97bec67d18c0321b0e68bc804aa8345b17cb626e2348ca06c8312a167c989521056b0f25c55559d446507d6c491d50605cb79fa87929ce64b0a9860926eeaec2c431d926a1cadb9a1186e4061cb01671a122fc1f57602cbef06d6c194ec4b715c2e3dd4120baca3172cd81900b49fef857fb6d6afd24c983b608108b0a5ac0c1c6c52011f23b8778059ffadd1bb7cd06e2525417365f485a7fd1d4a9ba3818ede7cdc9e71afee8532252d08e2531ca52538655b7e8d912f7ec6d37bbcce8d7ec690709dbf9321e92c565b78e7fe2c22edf23e0902153d1ca15a112ad32fb19695ec65ce11ddf670da7915f05ad4b86c154fb908cb567315d1124f303f75fa075ebde8ef7bb12e27737ad9e4924439097338ea6d7a6fc3721b88c9b830a34e8d55f4c582b74a3895cc848fe57f4fe29f115dabeb6b3175be15d94408ed6771109cfaf57067ae658201082eae7605d26b1449af4425ae8e8f58cdda5c6265f1fd7a386fc6cea3074e4f25b909b96175883676f7610a00fdf34df9eb6c7b9a4ae89b839c69fd1f285e38cdceb634d782cc6d81179759bc9fd47d7fd060470d0b048287764c6837963274e708314f017ac7dc26d0554d59bfcfd3136225798f65f0b0fea337c6b256ebbb63a90b994c0ab93fd8b1d6bd4c74aebe535d6110014cd3d525394027dfe8faa98b4e9b2bee7949eb1961f1b026791092f84deea63afab66603dbe9b6365a102a1fef2f6b9744bc1bb091a8da9130d34d4d39f25dbad191649cfb67e10246364b7ce0c6ec072f9690cabb459d9fda0c849e17535de4357e9907270c75953fca3c845bb613926ecf73205219c7057a4b6bb244c184362bb4e2f24279dc4e60b94a5b1ec11c34081a628428ba5646c995b9558821053ba9c84a05afbf00dabd60223723096516d2f5668f3ec7e11612b01eb7a3a0506189a2272b88e89807943adb34291a17f6cb5516ffd6f945a1c42a524b21f096d66f350b1dad4db455741ae3d0e023309fbda5ef55fb0dc74f3297041448b2be76c525141963934c6afc53d263fb7836626df502d7c2ee9e79cbbd87afd84bbb8dfbf45248af3cd61ad5fac827e7683ca4f91dfad507a8eb9c17b2c9ac5ec051fe645a4a6cb37136f6f19b611e0ea8da7960af2d779507e55f57305bc74b7568928c5dd5132990fe54c22117df91c257d8c7b61935a018a28c1c3b17bab8e4294fa699161ec21123c9fc4e71079df31f300c2822e1246561e04765d3aab333eafd026c7431ac7616debb0e022746f4538e1c6348b600c988eeb2d051fc60c468dca260a84c79ab3ab8342dc345a764672848ea234e17332bc124799daf7c5fcb2e2358514a7461357e1c19c802c5ee32deccf1776885dd825bedd5f781d459984370a6b7ae885d4483a76ddb19b30f47ed47cd56aa5a079a89793dbcad461c59f2e002067ac98dd5a534e525c9c46c2af730741bf1f8629357ec0bfc0bc9ecb31af96777e507648ff4260dc3673716e098d9111dfd245f1d7c55a6de340deb8bd7a053e5d62d760f184dc70ca8fa255b9023b9b9aedfb6e419a5b5951ba0f83b603793830ee68d442d7b88ee1bbf6bbd1bcd6f68cc1af");
+	assert_eq!(htlc_msat, 150_153_000);
+	assert_eq!(htlc_cltv, 800_060);
+}

lightning/src/ln/onion_utils.rs

@@ -1353,12 +1353,27 @@ pub fn create_payment_onion<T: secp256k1::Signing>(
 	keysend_preimage: &Option<PaymentPreimage>, invoice_request: Option<&InvoiceRequest>,
 	prng_seed: [u8; 32],
 ) -> Result<(msgs::OnionPacket, u64, u32), APIError> {
-	let mut trampoline_payloads = vec![];
+	create_payment_onion_internal(secp_ctx, path, session_priv, total_msat, recipient_onion,
+	cur_block_height, payment_hash, keysend_preimage, invoice_request,
+	prng_seed, None, None, None)
+}
+
+/// Build a payment onion, returning the first hop msat and cltv values as well.
+/// `cur_block_height` should be set to the best known block height + 1.
+pub(crate) fn create_payment_onion_internal<T: secp256k1::Signing>(
+	secp_ctx: &Secp256k1<T>, path: &Path, session_priv: &SecretKey, total_msat: u64,
+	recipient_onion: &RecipientOnionFields, cur_block_height: u32, payment_hash: &PaymentHash,
+	keysend_preimage: &Option<PaymentPreimage>, invoice_request: Option<&InvoiceRequest>,
+	prng_seed: [u8; 32], secondary_payment_secret: Option<PaymentSecret>,
+	secondary_session_priv: Option<SecretKey>, secondary_prng_seed: Option<[u8; 32]>
+) -> Result<(msgs::OnionPacket, u64, u32), APIError> {
 	let mut outer_total_msat = total_msat;
 	let mut outer_starting_htlc_offset = cur_block_height;
 	let mut outer_session_priv_override = None;
+	let mut trampoline_packet_option = None;
 
 	if !path.trampoline_hops.is_empty() {
+		let trampoline_payloads;
 		(trampoline_payloads, outer_total_msat, outer_starting_htlc_offset) =
 			build_trampoline_onion_payloads(
 				path,
@@ -1367,18 +1382,7 @@ pub fn create_payment_onion<T: secp256k1::Signing>(
 				cur_block_height,
 				keysend_preimage,
 			)?;
-	}
 
-	let (mut onion_payloads, htlc_msat, htlc_cltv) = build_onion_payloads(
-		&path,
-		total_msat,
-		recipient_onion,
-		cur_block_height,
-		keysend_preimage,
-		invoice_request,
-	)?;
-
-	if !path.trampoline_hops.is_empty() {
 		let onion_keys =
 			construct_trampoline_onion_keys(&secp_ctx, &path, &session_priv).map_err(|_| {
 				APIError::InvalidRoute {
@@ -1396,26 +1400,42 @@ pub fn create_payment_onion<T: secp256k1::Signing>(
 			err: "Route size too large considering onion data".to_owned(),
 		})?;
 
+		trampoline_packet_option = Some(trampoline_packet);
+	}
+
+	let (mut onion_payloads, htlc_msat, htlc_cltv) = build_onion_payloads(
+		&path,
+		outer_total_msat,
+		recipient_onion,
+		outer_starting_htlc_offset,
+		keysend_preimage,
+		invoice_request,
+	)?;
+
+	if !path.trampoline_hops.is_empty() {
 		let last_payload = onion_payloads.pop().ok_or(APIError::InvalidRoute {
 			err: "Non-Trampoline path needs at least one hop".to_owned(),
 		})?;
 
 		match last_payload {
 			OutboundOnionPayload::Receive { payment_data, .. } => {
+				let fee_delta = path.hops.last().map_or(0, |h| h.fee_msat);
+				let cltv_delta = path.hops.last().map_or(0, |h| h.cltv_expiry_delta);
 				let multipath_trampoline_data = payment_data.map(|d| {
-					let trampoline_payment_secret =
-						Sha256::hash(&d.payment_secret.0).to_byte_array();
-					let total_msat = d.total_msat + path.hops.last().map_or(0, |h| h.fee_msat);
+					let trampoline_payment_secret = secondary_payment_secret.unwrap_or_else(|| {
+						PaymentSecret(Sha256::hash(&d.payment_secret.0).to_byte_array())
+					});
+					let total_msat = fee_delta;
 					FinalOnionHopData {
-						payment_secret: PaymentSecret(trampoline_payment_secret),
+						payment_secret: trampoline_payment_secret,
 						total_msat,
 					}
 				});
 				onion_payloads.push(OutboundOnionPayload::TrampolineEntrypoint {
-					amt_to_forward: outer_total_msat,
-					outgoing_cltv_value: outer_starting_htlc_offset,
+					amt_to_forward: fee_delta,
+					outgoing_cltv_value: outer_starting_htlc_offset + cltv_delta,
 					multipath_trampoline_data,
-					trampoline_packet,
+					trampoline_packet: trampoline_packet_option.unwrap(),
 				});
 			},
 			_ => {
@@ -1426,16 +1446,18 @@ pub fn create_payment_onion<T: secp256k1::Signing>(
 			},
 		};
 
-		let session_priv_hash = Sha256::hash(&session_priv.secret_bytes()).to_byte_array();
-		outer_session_priv_override =
-			Some(SecretKey::from_slice(&session_priv_hash[..]).expect("You broke SHA-256!"));
+		outer_session_priv_override = Some(secondary_session_priv.unwrap_or_else(|| {
+			let session_priv_hash = Sha256::hash(&session_priv.secret_bytes()).to_byte_array();
+			SecretKey::from_slice(&session_priv_hash[..]).expect("You broke SHA-256!")
+		}));
 	}
 
 	let outer_session_priv = outer_session_priv_override.as_ref().unwrap_or(session_priv);
 	let onion_keys = construct_onion_keys(&secp_ctx, &path, outer_session_priv).map_err(|_| {
 		APIError::InvalidRoute { err: "Pubkey along hop was maliciously selected".to_owned() }
 	})?;
-	let onion_packet = construct_onion_packet(onion_payloads, onion_keys, prng_seed, payment_hash)
+	let outer_onion_prng_seed = secondary_prng_seed.unwrap_or(prng_seed);
+	let onion_packet = construct_onion_packet(onion_payloads, onion_keys, outer_onion_prng_seed, payment_hash)
 		.map_err(|_| APIError::InvalidRoute {
 			err: "Route size too large considering onion data".to_owned(),
 		})?;