Correctly fail back on outbound channel check for blinded HTLC

Forwarding intro nodes should always fail with 0x8000|0x4000|24.

Author: valentinewallace

lightning/src/ln/blinded_payment_tests.rs

@@ -120,12 +120,15 @@ enum ForwardCheckFail {
 	InboundOnionCheck,
 	// The forwarding node's payload is encoded as a receive, i.e. the next hop HMAC is [0; 32].
 	ForwardPayloadEncodedAsReceive,
+	// Fail a check on the outbound channel. In this case, our next-hop peer is offline.
+	OutboundChannelCheck,
 }
 
 #[test]
 fn forward_checks_failure() {
 	do_forward_checks_failure(ForwardCheckFail::InboundOnionCheck);
 	do_forward_checks_failure(ForwardCheckFail::ForwardPayloadEncodedAsReceive);
+	do_forward_checks_failure(ForwardCheckFail::OutboundChannelCheck);
 }
 
 fn do_forward_checks_failure(check: ForwardCheckFail) {
@@ -200,6 +203,10 @@ fn do_forward_checks_failure(check: ForwardCheckFail) {
 			onion_payloads.pop();
 			update_add.onion_routing_packet = onion_utils::construct_onion_packet(onion_payloads, onion_keys, [0; 32], &payment_hash).unwrap();
 		},
+		ForwardCheckFail::OutboundChannelCheck => {
+			// The intro node will see that the next-hop peer is disconnected and fail the HTLC backwards.
+			nodes[1].node.peer_disconnected(&nodes[2].node.get_our_node_id());
+		},
 	}
 	nodes[1].node.handle_update_add_htlc(&nodes[0].node.get_our_node_id(), &payment_event.msgs[0]);
 	check_added_monitors!(nodes[1], 0);

lightning/src/ln/channelmanager.rs

@@ -3178,15 +3178,17 @@ where
 				return_err!(err_msg, err_code, &[0; 0]);
 			},
 		};
-		let (outgoing_scid, outgoing_amt_msat, outgoing_cltv_value, next_packet_pk_opt) = match next_hop {
+		let (
+			outgoing_scid, outgoing_amt_msat, outgoing_cltv_value, next_packet_pk_opt, is_blinded
+		) = match next_hop {
 			onion_utils::Hop::Forward {
 				next_hop_data: msgs::InboundOnionPayload::Forward {
 					short_channel_id, amt_to_forward, outgoing_cltv_value
 				}, ..
 			} => {
 				let next_packet_pk = onion_utils::next_hop_pubkey(&self.secp_ctx,
 					msg.onion_routing_packet.public_key.unwrap(), &shared_secret);
-				(short_channel_id, amt_to_forward, outgoing_cltv_value, Some(next_packet_pk))
+				(short_channel_id, amt_to_forward, outgoing_cltv_value, Some(next_packet_pk), false)
 			},
 			onion_utils::Hop::Forward {
 				next_hop_data: msgs::InboundOnionPayload::BlindedForward {
@@ -3204,7 +3206,7 @@ where
 				};
 				let next_packet_pk = onion_utils::next_hop_pubkey(&self.secp_ctx,
 					msg.onion_routing_packet.public_key.unwrap(), &shared_secret);
-				(short_channel_id, amt_to_forward, outgoing_cltv_value, Some(next_packet_pk))
+				(short_channel_id, amt_to_forward, outgoing_cltv_value, Some(next_packet_pk), true)
 			},
 			// We'll do receive checks in [`Self::construct_pending_htlc_info`] so we have access to the
 			// inbound channel's state.
@@ -3327,6 +3329,7 @@ where
 			break None;
 		}
 		{
+			if is_blinded { return_err!(err, INVALID_ONION_BLINDING, vec![0; 32]); }
 			let mut res = VecWriter(Vec::with_capacity(chan_update.serialized_length() + 2 + 8 + 2));
 			if let Some(chan_update) = chan_update {
 				if code == 0x1000 | 11 || code == 0x1000 | 12 {