Support forwarding blinded payments.

valentinewallace · valentinewallace · commit 551ce8ec88ab · 2023-08-26T16:27:12.000-04:00
Error handling will be completed in later commit(s).
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
@@ -105,6 +105,7 @@ pub(super) enum PendingHTLCRouting {
 		/// The SCID from the onion that we should forward to. This could be a real SCID or a fake one
 		/// generated using `get_fake_scid` from the scid_utils::fake_scid module.
 		short_channel_id: u64, // This should be NonZero<u64> eventually when we bump MSRV
+		blinded: Option<BlindedForward>,
 	},
 	Receive {
 		payment_data: msgs::FinalOnionHopData,
@@ -182,6 +183,12 @@ pub(super) enum HTLCForwardInfo {
 	},
 }
 
+#[derive(Clone, Copy, Hash, PartialEq, Eq)]
+pub(super) struct BlindedForward {
+	inbound_blinding_point: PublicKey,
+	we_are_intro_node: bool,
+}
+
 /// Tracks the inbound corresponding to an outbound HTLC
 #[derive(Clone, Hash, PartialEq, Eq)]
 pub(crate) struct HTLCPreviousHopData {
@@ -2733,22 +2740,45 @@ where
 			hmac: hop_hmac,
 		};
 
-		let (short_channel_id, amt_to_forward, outgoing_cltv_value) = match hop_data {
+		let (short_channel_id, amt_to_forward, outgoing_cltv_value, intro_node_blinding_pt)
+			= match hop_data
+		{
 			msgs::InboundOnionPayload::Forward { short_channel_id, amt_to_forward, outgoing_cltv_value } =>
-				(short_channel_id, amt_to_forward, outgoing_cltv_value),
-			msgs::InboundOnionPayload::Receive { .. } =>
+				(short_channel_id, amt_to_forward, outgoing_cltv_value, None),
+			msgs::InboundOnionPayload::BlindedForward {
+				short_channel_id, payment_relay, intro_node_blinding_point, ..
+			} => {
+				// We checked these values in [`Self::decode_update_add_htlc_onion`].
+				let amt_to_forward = msg.amount_msat - payment_relay.fee_base_msat as u64
+					- (msg.amount_msat * payment_relay.fee_proportional_millionths as u64 / 1_000_000);
+				let outgoing_cltv_value = msg.cltv_expiry - payment_relay.cltv_expiry_delta as u32;
+				(short_channel_id, amt_to_forward, outgoing_cltv_value, intro_node_blinding_point)
+			},
+			msgs::InboundOnionPayload::Receive { .. } => {
 				return Err(InboundOnionErr {
 					msg: "Final Node OnionHopData provided for us as an intermediary node",
 					err_code: 0x4000 | 22,
 					err_data: Vec::new(),
-				}),
-			_ => todo!()
+				})
+			},
+			msgs::InboundOnionPayload::BlindedReceive { .. } => {
+				return Err(InboundOnionErr {
+					msg: "Final Node OnionHopData provided for us as an intermediary node",
+					err_code: INVALID_ONION_BLINDING,
+					err_data: Sha256::hash(&msg.onion_routing_packet.hop_data).into_inner().to_vec(),
+				})
+			},
 		};
 
 		Ok(PendingHTLCInfo {
 			routing: PendingHTLCRouting::Forward {
 				onion_packet: outgoing_packet,
 				short_channel_id,
+				blinded: intro_node_blinding_pt.or(msg.blinding_point)
+					.map(|bp| BlindedForward {
+						inbound_blinding_point: bp,
+						we_are_intro_node: intro_node_blinding_pt.is_some(),
+					}),
 			},
 			payment_hash: msg.payment_hash,
 			incoming_shared_secret: shared_secret,
@@ -2939,6 +2969,15 @@ where
 				}
 			}
 		}
+		macro_rules! return_blinded_htlc_err {
+			($msg: expr) => {
+				if msg.blinding_point.is_some() {
+					return_malformed_err!($msg, INVALID_ONION_BLINDING);
+				} else {
+					return_err!($msg, INVALID_ONION_BLINDING, [0; 32]);
+				}
+			}
+		}
 
 		let next_hop = match onion_utils::decode_next_payment_hop(shared_secret,
 			&msg.onion_routing_packet.hop_data[..], msg.onion_routing_packet.hmac, msg.payment_hash,
@@ -2962,6 +3001,39 @@ where
 					msg.onion_routing_packet.public_key.unwrap(), &shared_secret);
 				(short_channel_id, amt_to_forward, outgoing_cltv_value, Some(next_packet_pk))
 			},
+			onion_utils::Hop::Forward {
+				next_hop_data: msgs::InboundOnionPayload::BlindedForward {
+					short_channel_id, ref payment_relay, ref payment_constraints,
+					..
+				}, ..
+			} => {
+				let amt_to_forward =
+					match msg.amount_msat.checked_mul(payment_relay.fee_proportional_millionths as u64)
+						.map(|prop_fee| prop_fee / 1_000_000)
+						.and_then(|fee| msg.amount_msat.checked_sub(fee))
+						.and_then(|amt| amt.checked_sub(payment_relay.fee_base_msat as u64))
+					{
+						Some(a) => a,
+						None => {
+							return_blinded_htlc_err!("Over or underflow computing amt_to_forward for blinded forward");
+						}
+					};
+				let outgoing_cltv_value =
+					match msg.cltv_expiry.checked_sub(payment_relay.cltv_expiry_delta as u32) {
+						Some(v) => v,
+						None => {
+							return_blinded_htlc_err!("Underflow computing cltv value for blinded forward");
+						}
+					};
+				if amt_to_forward < payment_constraints.htlc_minimum_msat ||
+					outgoing_cltv_value > payment_constraints.max_cltv_expiry
+				{
+					return_blinded_htlc_err!("amt_to_forward did not meet htlc_minimum_msat or outgoing_cltv_value exceeded max_cltv_expiry");
+				}
+				let next_packet_pk = onion_utils::next_hop_pubkey(&self.secp_ctx,
+					msg.onion_routing_packet.public_key.unwrap(), &shared_secret);
+				(short_channel_id, amt_to_forward, outgoing_cltv_value, Some(next_packet_pk))
+			},
 			// We'll do receive checks in [`Self::construct_pending_htlc_info`] so we have access to the
 			// inbound channel's state.
 			onion_utils::Hop::Receive { .. } => return Ok((next_hop, shared_secret, None)),
@@ -3808,8 +3880,8 @@ where
 			})?;
 
 		let routing = match payment.forward_info.routing {
-			PendingHTLCRouting::Forward { onion_packet, .. } => {
-				PendingHTLCRouting::Forward { onion_packet, short_channel_id: next_hop_scid }
+			PendingHTLCRouting::Forward { onion_packet, blinded, .. } => {
+				PendingHTLCRouting::Forward { short_channel_id: next_hop_scid, onion_packet, blinded, }
 			},
 			_ => unreachable!() // Only `PendingHTLCRouting::Forward`s are intercepted
 		};
@@ -4008,7 +4080,8 @@ where
 										prev_short_channel_id, prev_htlc_id, prev_funding_outpoint, prev_user_channel_id,
 										forward_info: PendingHTLCInfo {
 											incoming_shared_secret, payment_hash, outgoing_amt_msat, outgoing_cltv_value,
-											routing: PendingHTLCRouting::Forward { onion_packet, .. }, skimmed_fee_msat, ..
+											routing: PendingHTLCRouting::Forward { onion_packet, blinded, .. },
+											skimmed_fee_msat, ..
 										},
 									}) => {
 										log_trace!(self.logger, "Adding HTLC from short id {} with payment_hash {} to channel with short id {} after delay", prev_short_channel_id, &payment_hash, short_chan_id);
@@ -4021,9 +4094,24 @@ where
 											// Phantom payments are only PendingHTLCRouting::Receive.
 											phantom_shared_secret: None,
 										});
-										if let Err(e) = chan.get_mut().queue_add_htlc(outgoing_amt_msat,
-											payment_hash, outgoing_cltv_value, htlc_source.clone(),
-											onion_packet, skimmed_fee_msat, None, &self.fee_estimator,
+										let next_blinding_point = if let Some(b) = blinded {
+											let encrypted_tlvs_ss = self.node_signer.ecdh(
+												Recipient::Node, &b.inbound_blinding_point, None
+											).unwrap().secret_bytes();
+											match onion_utils::next_hop_pubkey(&self.secp_ctx, b.inbound_blinding_point, &encrypted_tlvs_ss) {
+												Ok(pk) => Some(pk),
+												Err(_) => {
+													failed_forwards.push((htlc_source, payment_hash,
+														HTLCFailReason::reason(INVALID_ONION_BLINDING, vec![0; 32]),
+														HTLCDestination::FailedPayment { payment_hash }
+													));
+													continue;
+												}
+											}
+										} else { None };
+										if let Err(e) = chan.get_mut().queue_add_htlc(outgoing_amt_msat, payment_hash,
+											outgoing_cltv_value, htlc_source.clone(), onion_packet, skimmed_fee_msat,
+											next_blinding_point, &self.fee_estimator,
 											&self.logger)
 										{
 											if let ChannelError::Ignore(msg) = e {
@@ -7946,6 +8034,7 @@ impl_writeable_tlv_based_enum!(PendingHTLCRouting,
 	(0, Forward) => {
 		(0, onion_packet, required),
 		(2, short_channel_id, required),
+		(4, blinded, option),
 	},
 	(1, Receive) => {
 		(0, payment_data, required),
@@ -7965,6 +8054,11 @@ impl_writeable_tlv_based_enum!(PendingHTLCRouting,
 	},
 ;);
 
+impl_writeable_tlv_based!(BlindedForward, {
+	(0, inbound_blinding_point, required),
+	(2, we_are_intro_node, required),
+});
+
 impl_writeable_tlv_based!(PendingHTLCInfo, {
 	(0, routing, required),
 	(2, incoming_shared_secret, required),
diff --git a/lightning/src/ln/outbound_payment.rs b/lightning/src/ln/outbound_payment.rs
@@ -1075,10 +1075,6 @@ impl OutboundPayments {
 				path_errs.push(Err(APIError::InvalidRoute{err: "Path didn't go anywhere/had bogus size".to_owned()}));
 				continue 'path_check;
 			}
-			if path.blinded_tail.is_some() {
-				path_errs.push(Err(APIError::InvalidRoute{err: "Sending to blinded paths isn't supported yet".to_owned()}));
-				continue 'path_check;
-			}
 			let dest_hop_idx = if path.blinded_tail.is_some() && path.blinded_tail.as_ref().unwrap().hops.len() > 1 {
 				usize::max_value() } else { path.hops.len() - 1 };
 			for (idx, hop) in path.hops.iter().enumerate() {
