Option to set path_id in BlindedPath

The final hop in a BlindedPath may contain private data to provide
context to the receiver, allowing them to verify that the path was used
in desired context (e.g., making a payment). This data can be used in a
similar manner to BOLT 11's payment secret, which may include data
necessary to make inbound payments stateless (e.g., expiry, amount,
preimage, etc.). Add separate constructors to BlindedPath for with and
without the path id.

Author: jkczyz

fuzz/src/invoice_request_deser.rs

@@ -74,8 +74,8 @@ fn build_response<'a, T: secp256k1::Signing + secp256k1::Verification>(
 ) -> Result<UnsignedInvoice<'a>, SemanticError> {
 	let entropy_source = Randomness {};
 	let paths = vec![
-		BlindedPath::new(&[pubkey(43), pubkey(44), pubkey(42)], &entropy_source, secp_ctx).unwrap(),
-		BlindedPath::new(&[pubkey(45), pubkey(46), pubkey(42)], &entropy_source, secp_ctx).unwrap(),
+		BlindedPath::without_id(&[pubkey(43), pubkey(44), pubkey(42)], &entropy_source, secp_ctx).unwrap(),
+		BlindedPath::without_id(&[pubkey(45), pubkey(46), pubkey(42)], &entropy_source, secp_ctx).unwrap(),
 	];
 
 	let payinfo = vec![

fuzz/src/refund_deser.rs

@@ -63,8 +63,8 @@ fn build_response<'a, T: secp256k1::Signing + secp256k1::Verification>(
 ) -> Result<UnsignedInvoice<'a>, SemanticError> {
 	let entropy_source = Randomness {};
 	let paths = vec![
-		BlindedPath::new(&[pubkey(43), pubkey(44), pubkey(42)], &entropy_source, secp_ctx).unwrap(),
-		BlindedPath::new(&[pubkey(45), pubkey(46), pubkey(42)], &entropy_source, secp_ctx).unwrap(),
+		BlindedPath::without_id(&[pubkey(43), pubkey(44), pubkey(42)], &entropy_source, secp_ctx).unwrap(),
+		BlindedPath::without_id(&[pubkey(45), pubkey(46), pubkey(42)], &entropy_source, secp_ctx).unwrap(),
 	];
 
 	let payinfo = vec![

lightning/src/onion_message/blinded_path.rs

@@ -58,14 +58,30 @@ pub struct BlindedHop {
 }
 
 impl BlindedPath {
+	/// Create a blinded path to be forwarded along `node_pks`. The last node pubkey in `node_pks`
+	/// will be the destination node and will receive the `path_id`.
+	///
+	/// Errors if less than two hops are provided or if `node_pk`(s) are invalid.
+	pub fn with_id<ES: EntropySource, T: secp256k1::Signing + secp256k1::Verification>(
+		id: [u8; 32], node_pks: &[PublicKey], entropy_source: &ES, secp_ctx: &Secp256k1<T>
+	) -> Result<Self, ()> {
+		Self::new(Some(id), node_pks, entropy_source, secp_ctx)
+	}
+
 	/// Create a blinded path to be forwarded along `node_pks`. The last node pubkey in `node_pks`
 	/// will be the destination node.
 	///
 	/// Errors if less than two hops are provided or if `node_pk`(s) are invalid.
+	pub fn without_id<ES: EntropySource, T: secp256k1::Signing + secp256k1::Verification>(
+		node_pks: &[PublicKey], entropy_source: &ES, secp_ctx: &Secp256k1<T>
+	) -> Result<Self, ()> {
+		Self::new(None, node_pks, entropy_source, secp_ctx)
+	}
+
 	//  TODO: make all payloads the same size with padding + add dummy hops
-	pub fn new<ES: EntropySource, T: secp256k1::Signing + secp256k1::Verification>
-		(node_pks: &[PublicKey], entropy_source: &ES, secp_ctx: &Secp256k1<T>) -> Result<Self, ()>
-	{
+	fn new<ES: EntropySource, T: secp256k1::Signing + secp256k1::Verification>(
+		id: Option<[u8; 32]>, node_pks: &[PublicKey], entropy_source: &ES, secp_ctx: &Secp256k1<T>
+	) -> Result<Self, ()> {
 		if node_pks.len() < 2 { return Err(()) }
 		let blinding_secret_bytes = entropy_source.get_secure_random_bytes();
 		let blinding_secret = SecretKey::from_slice(&blinding_secret_bytes[..]).expect("RNG is busted");
@@ -74,7 +90,7 @@ impl BlindedPath {
 		Ok(BlindedPath {
 			introduction_node_id,
 			blinding_point: PublicKey::from_secret_key(secp_ctx, &blinding_secret),
-			blinded_hops: blinded_hops(secp_ctx, node_pks, &blinding_secret).map_err(|_| ())?,
+			blinded_hops: blinded_hops(secp_ctx, id, node_pks, &blinding_secret).map_err(|_| ())?,
 		})
 	}
 
@@ -116,7 +132,8 @@ impl BlindedPath {
 
 /// Construct blinded hops for the given `unblinded_path`.
 fn blinded_hops<T: secp256k1::Signing + secp256k1::Verification>(
-	secp_ctx: &Secp256k1<T>, unblinded_path: &[PublicKey], session_priv: &SecretKey
+	secp_ctx: &Secp256k1<T>, path_id: Option<[u8; 32]>, unblinded_path: &[PublicKey],
+	session_priv: &SecretKey
 ) -> Result<Vec<BlindedHop>, secp256k1::Error> {
 	let mut blinded_hops = Vec::with_capacity(unblinded_path.len());
 
@@ -138,7 +155,7 @@ fn blinded_hops<T: secp256k1::Signing + secp256k1::Verification>(
 	})?;
 
 	if let Some((final_ss, final_blinded_node_id)) = prev_ss_and_blinded_node_id {
-		let final_payload = ReceiveTlvs { path_id: None };
+		let final_payload = ReceiveTlvs { path_id };
 		blinded_hops.push(BlindedHop {
 			blinded_node_id: final_blinded_node_id,
 			encrypted_payload: encrypt_payload(final_payload, final_ss),

lightning/src/onion_message/functional_tests.rs

@@ -222,7 +222,7 @@ fn two_unblinded_two_blinded() {
 	let test_msg = OnionMessageContents::Custom(TestCustomMessage::Response);
 
 	let secp_ctx = Secp256k1::new();
-	let blinded_path = BlindedPath::new(&[nodes[3].get_node_pk(), nodes[4].get_node_pk()], &*nodes[4].keys_manager, &secp_ctx).unwrap();
+	let blinded_path = BlindedPath::without_id(&[nodes[3].get_node_pk(), nodes[4].get_node_pk()], &*nodes[4].keys_manager, &secp_ctx).unwrap();
 
 	nodes[0].messenger.send_onion_message(&[nodes[1].get_node_pk(), nodes[2].get_node_pk()], Destination::BlindedPath(blinded_path), test_msg, None).unwrap();
 	nodes[4].custom_handler.expect_message(TestCustomMessage::Response);
@@ -235,7 +235,7 @@ fn three_blinded_hops() {
 	let test_msg = OnionMessageContents::Custom(TestCustomMessage::Response);
 
 	let secp_ctx = Secp256k1::new();
-	let blinded_path = BlindedPath::new(&[nodes[1].get_node_pk(), nodes[2].get_node_pk(), nodes[3].get_node_pk()], &*nodes[3].keys_manager, &secp_ctx).unwrap();
+	let blinded_path = BlindedPath::without_id(&[nodes[1].get_node_pk(), nodes[2].get_node_pk(), nodes[3].get_node_pk()], &*nodes[3].keys_manager, &secp_ctx).unwrap();
 
 	nodes[0].messenger.send_onion_message(&[], Destination::BlindedPath(blinded_path), test_msg, None).unwrap();
 	nodes[3].custom_handler.expect_message(TestCustomMessage::Response);
@@ -262,14 +262,14 @@ fn we_are_intro_node() {
 	let test_msg = TestCustomMessage::Response;
 
 	let secp_ctx = Secp256k1::new();
-	let blinded_path = BlindedPath::new(&[nodes[0].get_node_pk(), nodes[1].get_node_pk(), nodes[2].get_node_pk()], &*nodes[2].keys_manager, &secp_ctx).unwrap();
+	let blinded_path = BlindedPath::without_id(&[nodes[0].get_node_pk(), nodes[1].get_node_pk(), nodes[2].get_node_pk()], &*nodes[2].keys_manager, &secp_ctx).unwrap();
 
 	nodes[0].messenger.send_onion_message(&[], Destination::BlindedPath(blinded_path), OnionMessageContents::Custom(test_msg.clone()), None).unwrap();
 	nodes[2].custom_handler.expect_message(TestCustomMessage::Response);
 	pass_along_path(&nodes);
 
 	// Try with a two-hop blinded path where we are the introduction node.
-	let blinded_path = BlindedPath::new(&[nodes[0].get_node_pk(), nodes[1].get_node_pk()], &*nodes[1].keys_manager, &secp_ctx).unwrap();
+	let blinded_path = BlindedPath::without_id(&[nodes[0].get_node_pk(), nodes[1].get_node_pk()], &*nodes[1].keys_manager, &secp_ctx).unwrap();
 	nodes[0].messenger.send_onion_message(&[], Destination::BlindedPath(blinded_path), OnionMessageContents::Custom(test_msg), None).unwrap();
 	nodes[1].custom_handler.expect_message(TestCustomMessage::Response);
 	nodes.remove(2);
@@ -284,13 +284,13 @@ fn invalid_blinded_path_error() {
 
 	// 0 hops
 	let secp_ctx = Secp256k1::new();
-	let mut blinded_path = BlindedPath::new(&[nodes[1].get_node_pk(), nodes[2].get_node_pk()], &*nodes[2].keys_manager, &secp_ctx).unwrap();
+	let mut blinded_path = BlindedPath::without_id(&[nodes[1].get_node_pk(), nodes[2].get_node_pk()], &*nodes[2].keys_manager, &secp_ctx).unwrap();
 	blinded_path.blinded_hops.clear();
 	let err = nodes[0].messenger.send_onion_message(&[], Destination::BlindedPath(blinded_path), OnionMessageContents::Custom(test_msg.clone()), None).unwrap_err();
 	assert_eq!(err, SendError::TooFewBlindedHops);
 
 	// 1 hop
-	let mut blinded_path = BlindedPath::new(&[nodes[1].get_node_pk(), nodes[2].get_node_pk()], &*nodes[2].keys_manager, &secp_ctx).unwrap();
+	let mut blinded_path = BlindedPath::without_id(&[nodes[1].get_node_pk(), nodes[2].get_node_pk()], &*nodes[2].keys_manager, &secp_ctx).unwrap();
 	blinded_path.blinded_hops.remove(0);
 	assert_eq!(blinded_path.blinded_hops.len(), 1);
 	let err = nodes[0].messenger.send_onion_message(&[], Destination::BlindedPath(blinded_path), OnionMessageContents::Custom(test_msg), None).unwrap_err();
@@ -304,7 +304,7 @@ fn reply_path() {
 	let secp_ctx = Secp256k1::new();
 
 	// Destination::Node
-	let reply_path = BlindedPath::new(&[nodes[2].get_node_pk(), nodes[1].get_node_pk(), nodes[0].get_node_pk()], &*nodes[0].keys_manager, &secp_ctx).unwrap();
+	let reply_path = BlindedPath::without_id(&[nodes[2].get_node_pk(), nodes[1].get_node_pk(), nodes[0].get_node_pk()], &*nodes[0].keys_manager, &secp_ctx).unwrap();
 	nodes[0].messenger.send_onion_message(&[nodes[1].get_node_pk(), nodes[2].get_node_pk()], Destination::Node(nodes[3].get_node_pk()), OnionMessageContents::Custom(test_msg.clone()), Some(reply_path)).unwrap();
 	nodes[3].custom_handler.expect_message(TestCustomMessage::Request);
 	pass_along_path(&nodes);
@@ -314,8 +314,8 @@ fn reply_path() {
 	pass_along_path(&nodes);
 
 	// Destination::BlindedPath
-	let blinded_path = BlindedPath::new(&[nodes[1].get_node_pk(), nodes[2].get_node_pk(), nodes[3].get_node_pk()], &*nodes[3].keys_manager, &secp_ctx).unwrap();
-	let reply_path = BlindedPath::new(&[nodes[2].get_node_pk(), nodes[1].get_node_pk(), nodes[0].get_node_pk()], &*nodes[0].keys_manager, &secp_ctx).unwrap();
+	let blinded_path = BlindedPath::without_id(&[nodes[1].get_node_pk(), nodes[2].get_node_pk(), nodes[3].get_node_pk()], &*nodes[3].keys_manager, &secp_ctx).unwrap();
+	let reply_path = BlindedPath::without_id(&[nodes[2].get_node_pk(), nodes[1].get_node_pk(), nodes[0].get_node_pk()], &*nodes[0].keys_manager, &secp_ctx).unwrap();
 
 	nodes[0].messenger.send_onion_message(&[], Destination::BlindedPath(blinded_path), OnionMessageContents::Custom(test_msg), Some(reply_path)).unwrap();
 	nodes[3].custom_handler.expect_message(TestCustomMessage::Request);

lightning/src/onion_message/messenger.rs

@@ -104,7 +104,7 @@ use crate::prelude::*;
 /// // Create a blinded path to yourself, for someone to send an onion message to.
 /// # let your_node_id = hop_node_id1;
 /// let hops = [hop_node_id3, hop_node_id4, your_node_id];
-/// let blinded_path = BlindedPath::new(&hops, &keys_manager, &secp_ctx).unwrap();
+/// let blinded_path = BlindedPath::without_id(&hops, &keys_manager, &secp_ctx).unwrap();
 ///
 /// // Send a custom onion message to a blinded path.
 /// # let intermediate_hops = [hop_node_id1, hop_node_id2];