Add test for dummy hop insertion

Introduces a test to verify correct handling of dummy hops
in constructed blinded paths.
Ensures that the added dummy hops are properly included and
do not interfere with the real path.

Author: shaavan

lightning/src/blinded_path/utils.rs

@@ -276,16 +276,37 @@ impl<T: Writeable> Writeable for BlindedPathWithPadding<T> {
 }
 
 #[cfg(test)]
-/// Checks if all the packets in the blinded path are properly padded.
+/// Verifies whether all hops in the blinded path follow the expected padding scheme.
+///
+/// In the padded encoding scheme, each hop's encrypted payload is expected to be of the form:
+/// `n * padding_round_off + extra`, where:
+/// - `padding_round_off` is the fixed block size to which unencrypted payloads are padded.
+/// - `n` is a positive integer (n ≥ 1).
+/// - `extra` is the fixed overhead added during encryption (assumed uniform across hops).
+///
+/// This function infers the `extra` from the first hop, and checks that all other hops conform
+/// to the same pattern.
+///
+/// # Returns
+/// - `true` if all hop payloads are padded correctly.
+/// - `false` if padding is incorrectly applied or intentionally absent (e.g., in compact paths).
 pub fn is_padded(hops: &[BlindedHop], padding_round_off: usize) -> bool {
 	let first_hop = hops.first().expect("BlindedPath must have at least one hop");
-	let first_payload_size = first_hop.encrypted_payload.len();
+	let first_len = first_hop.encrypted_payload.len();
+
+	// Early rejection: if the first hop is too small, it can't be correctly padded.
+	if first_len <= padding_round_off {
+		return false;
+	}
+
+	// Compute the extra encrypted overhead by taking the remainder.
+	let extra = first_len % padding_round_off;
+
+	// All hops must follow the same padding structure:
+	// their length minus `extra` should be a clean multiple of `padding_round_off`.
 
-	// The unencrypted payload data is padded before getting encrypted.
-	// Assuming the first payload is padded properly, get the extra data length.
-	let extra_length = first_payload_size % padding_round_off;
 	hops.iter().all(|hop| {
-		// Check that every packet is padded to the round off length subtracting the extra length.
-		(hop.encrypted_payload.len() - extra_length) % padding_round_off == 0
+		let len = hop.encrypted_payload.len();
+		len > extra && (len - extra) % padding_round_off == 0
 	})
 }

lightning/src/ln/offers_tests.rs

@@ -46,11 +46,12 @@ use bitcoin::network::Network;
 use bitcoin::secp256k1::{PublicKey, Secp256k1};
 use core::time::Duration;
 use crate::blinded_path::IntroductionNode;
-use crate::blinded_path::message::BlindedMessagePath;
+use crate::blinded_path::message::{BlindedMessagePath, MAX_DUMMY_HOPS_COUNT};
 use crate::blinded_path::payment::{Bolt12OfferContext, Bolt12RefundContext, PaymentContext};
 use crate::blinded_path::message::OffersContext;
 use crate::events::{ClosureReason, Event, HTLCHandlingFailureType, PaidBolt12Invoice, PaymentFailureReason, PaymentPurpose};
 use crate::ln::channelmanager::{Bolt12PaymentError, PaymentId, RecentPaymentDetails, RecipientOnionFields, Retry, self};
+use crate::offers::test_utils::FixedEntropy;
 use crate::types::features::Bolt12InvoiceFeatures;
 use crate::ln::functional_test_utils::*;
 use crate::ln::msgs::{BaseMessageHandler, ChannelMessageHandler, Init, NodeAnnouncement, OnionMessage, OnionMessageHandler, RoutingMessageHandler, SocketAddress, UnsignedGossipMessage, UnsignedNodeAnnouncement};
@@ -60,7 +61,7 @@ use crate::offers::invoice_error::InvoiceError;
 use crate::offers::invoice_request::{InvoiceRequest, InvoiceRequestFields};
 use crate::offers::nonce::Nonce;
 use crate::offers::parse::Bolt12SemanticError;
-use crate::onion_message::messenger::{Destination, MessageSendInstructions, NodeIdMessageRouter, NullMessageRouter, PeeledOnion};
+use crate::onion_message::messenger::{DefaultMessageRouter, Destination, MessageSendInstructions, NodeIdMessageRouter, NullMessageRouter, PeeledOnion};
 use crate::onion_message::offers::OffersMessage;
 use crate::routing::gossip::{NodeAlias, NodeId};
 use crate::routing::router::{PaymentParameters, RouteParameters, RouteParametersConfig};
@@ -435,6 +436,89 @@ fn prefers_more_connected_nodes_in_blinded_paths() {
 	}
 }
 
+/// Tests the dummy hop behavior of Offers based on the message router used:
+/// - Compact paths (`DefaultMessageRouter`) should not include dummy hops.
+/// - Node ID paths (`NodeIdMessageRouter`) may include 0 to [`MAX_DUMMY_HOPS_COUNT`] dummy hops.
+///
+/// Also verifies that the resulting paths are functional: the counterparty can respond with a valid `invoice_request`.
+#[test]
+fn check_dummy_hop_pattern_in_offer() {
+	let chanmon_cfgs = create_chanmon_cfgs(2);
+	let node_cfgs = create_node_cfgs(2, &chanmon_cfgs);
+	let node_chanmgrs = create_node_chanmgrs(2, &node_cfgs, &[None, None]);
+	let nodes = create_network(2, &node_cfgs, &node_chanmgrs);
+
+	create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 10_000_000, 1_000_000_000);
+
+	let alice = &nodes[0];
+	let alice_id = alice.node.get_our_node_id();
+	let bob = &nodes[1];
+	let bob_id = bob.node.get_our_node_id();
+
+	// Case 1: DefaultMessageRouter → uses compact blinded paths (via SCIDs)
+	// Expected: No dummy hops; each path contains only the recipient.
+	let default_router = DefaultMessageRouter::new(alice.network_graph, &FixedEntropy);
+
+	let compact_offer = alice.node
+		.create_offer_builder_using_router(&default_router).unwrap()
+		.amount_msats(10_000_000)
+		.build().unwrap();
+
+	assert!(!compact_offer.paths().is_empty());
+
+	for path in compact_offer.paths() {
+		assert_eq!(
+			path.blinded_hops().len(), 1,
+			"Compact paths must include only the recipient"
+		);
+	}
+
+	let payment_id = PaymentId([1; 32]);
+	bob.node.pay_for_offer(&compact_offer, None, None, None, payment_id, Retry::Attempts(0), RouteParametersConfig::default()).unwrap();
+
+	let onion_message = bob.onion_messenger.next_onion_message_for_peer(alice_id).unwrap();
+	let (invoice_request, reply_path) = extract_invoice_request(alice, &onion_message);
+
+	assert_eq!(invoice_request.amount_msats(), Some(10_000_000));
+	assert_ne!(invoice_request.payer_signing_pubkey(), bob_id);
+	assert!(check_compact_path_introduction_node(&reply_path, alice, bob_id));
+
+	// Case 2: NodeIdMessageRouter → uses node ID-based blinded paths
+	// Expected: 0 to MAX_DUMMY_HOPS_COUNT dummy hops, followed by recipient.
+	let node_id_router = NodeIdMessageRouter::new(alice.network_graph, &FixedEntropy);
+
+	let padded_offer = alice.node
+		.create_offer_builder_using_router(&node_id_router).unwrap()
+		.amount_msats(10_000_000)
+		.build().unwrap();
+
+	assert!(!padded_offer.paths().is_empty());
+
+	for path in padded_offer.paths() {
+		let hops = path.blinded_hops();
+		assert!(
+			hops.len() > 1,
+			"Non-compact paths must include at least one dummy hop plus recipient"
+		);
+
+		let dummy_count = hops.len() - 1;
+		assert!(
+			dummy_count <= MAX_DUMMY_HOPS_COUNT,
+			"Dummy hops must not exceed MAX_DUMMY_HOPS_COUNT"
+		);
+	}
+
+	let payment_id = PaymentId([2; 32]);
+	bob.node.pay_for_offer(&padded_offer, None, None, None, payment_id, Retry::Attempts(0), RouteParametersConfig::default()).unwrap();
+
+	let onion_message = bob.onion_messenger.next_onion_message_for_peer(alice_id).unwrap();
+	let (invoice_request, reply_path) = extract_invoice_request(alice, &onion_message);
+
+	assert_eq!(invoice_request.amount_msats(), Some(10_000_000));
+	assert_ne!(invoice_request.payer_signing_pubkey(), bob_id);
+	assert!(check_compact_path_introduction_node(&reply_path, alice, bob_id));
+}
+
 /// Checks that blinded paths are compact for short-lived offers.
 #[test]
 fn creates_short_lived_offer() {

lightning/src/onion_message/functional_tests.rs

@@ -145,6 +145,9 @@ const CUSTOM_PONG_MESSAGE_TYPE: u64 = 4343;
 const CUSTOM_PING_MESSAGE_CONTENTS: [u8; 32] = [42; 32];
 const CUSTOM_PONG_MESSAGE_CONTENTS: [u8; 32] = [43; 32];
 
+/// A dummy hop count for testing purposes.
+const TEST_DUMMY_HOP_COUNT: usize = 5;
+
 impl OnionMessageContents for TestCustomMessage {
 	fn tlv_type(&self) -> u64 {
 		match self {
@@ -443,6 +446,34 @@ fn one_blinded_hop() {
 	pass_along_path(&nodes);
 }
 
+#[test]
+fn blinded_path_with_dummy_hops() {
+	let nodes = create_nodes(2);
+	let test_msg = TestCustomMessage::Pong;
+
+	let secp_ctx = Secp256k1::new();
+	let context = MessageContext::Custom(Vec::new());
+	let entropy = &*nodes[1].entropy_source;
+	let receive_key = nodes[1].messenger.node_signer.get_receive_auth_key();
+	let blinded_path = BlindedMessagePath::new_with_dummy_hops(
+		&[],
+		nodes[1].node_id,
+		TEST_DUMMY_HOP_COUNT,
+		receive_key,
+		context,
+		entropy,
+		&secp_ctx,
+	)
+	.unwrap();
+	// Ensure that dummy hops are added to the blinded path.
+	assert_eq!(blinded_path.blinded_hops().len(), 6);
+	let destination = Destination::BlindedPath(blinded_path);
+	let instructions = MessageSendInstructions::WithoutReplyPath { destination };
+	nodes[0].messenger.send_onion_message(test_msg, instructions).unwrap();
+	nodes[1].custom_message_handler.expect_message(TestCustomMessage::Pong);
+	pass_along_path(&nodes);
+}
+
 #[test]
 fn two_unblinded_two_blinded() {
 	let nodes = create_nodes(5);
@@ -658,9 +689,10 @@ fn test_blinded_path_padding_for_full_length_path() {
 	let context = MessageContext::Custom(vec![0u8; 42]);
 	let entropy = &*nodes[3].entropy_source;
 	let receive_key = nodes[3].messenger.node_signer.get_receive_auth_key();
-	let blinded_path = BlindedMessagePath::new(
+	let blinded_path = BlindedMessagePath::new_with_dummy_hops(
 		&intermediate_nodes,
 		nodes[3].node_id,
+		TEST_DUMMY_HOP_COUNT,
 		receive_key,
 		context,
 		entropy,
@@ -694,9 +726,10 @@ fn test_blinded_path_no_padding_for_compact_path() {
 	let context = MessageContext::Custom(vec![0u8; 42]);
 	let entropy = &*nodes[3].entropy_source;
 	let receive_key = nodes[3].messenger.node_signer.get_receive_auth_key();
-	let blinded_path = BlindedMessagePath::new(
+	let blinded_path = BlindedMessagePath::new_with_dummy_hops(
 		&intermediate_nodes,
 		nodes[3].node_id,
+		TEST_DUMMY_HOP_COUNT,
 		receive_key,
 		context,
 		entropy,