Introduce parsing logic for DummyTlvs

shaavan · shaavan · commit 0f587ff11a46 · 2025-06-11T23:54:31.000+05:30
diff --git a/lightning/src/onion_message/messenger.rs b/lightning/src/onion_message/messenger.rs
@@ -13,28 +13,30 @@
 use bitcoin::hashes::hmac::{Hmac, HmacEngine};
 use bitcoin::hashes::sha256::Hash as Sha256;
 use bitcoin::hashes::{Hash, HashEngine};
+use bitcoin::secp256k1::ecdh::SharedSecret;
 use bitcoin::secp256k1::{self, PublicKey, Scalar, Secp256k1, SecretKey};
 
 #[cfg(async_payments)]
 use super::async_payments::AsyncPaymentsMessage;
 use super::async_payments::AsyncPaymentsMessageHandler;
 use super::dns_resolution::{DNSResolverMessage, DNSResolverMessageHandler};
 use super::offers::{OffersMessage, OffersMessageHandler};
-use super::packet::OnionMessageContents;
 use super::packet::ParsedOnionMessageContents;
+use super::packet::{DummyControlTlvs, OnionMessageContents};
 use super::packet::{
 	ForwardControlTlvs, Packet, Payload, ReceiveControlTlvs, BIG_PACKET_HOP_DATA_LEN,
 	SMALL_PACKET_HOP_DATA_LEN,
 };
 #[cfg(async_payments)]
 use crate::blinded_path::message::AsyncPaymentsContext;
 use crate::blinded_path::message::{
-	BlindedMessagePath, DNSResolverContext, ForwardTlvs, MessageContext, MessageForwardNode,
-	NextMessageHop, OffersContext, ReceiveTlvs,
+	BlindedMessagePath, DNSResolverContext, DummyTlv, ForwardTlvs, MessageContext,
+	MessageForwardNode, NextMessageHop, OffersContext, PrimaryDummyTlv, ReceiveTlvs,
 };
 use crate::blinded_path::utils;
 use crate::blinded_path::{IntroductionNode, NodeIdLookUp};
 use crate::events::{Event, EventHandler, EventsProvider, ReplayEvent};
+use crate::ln::channelmanager::Verification;
 use crate::ln::msgs::{
 	self, BaseMessageHandler, MessageSendEvent, OnionMessage, OnionMessageHandler, SocketAddress,
 };
@@ -1045,44 +1047,46 @@ where
 	L::Target: Logger,
 	CMH::Target: CustomOnionMessageHandler,
 {
-	let control_tlvs_ss = match node_signer.ecdh(Recipient::Node, &msg.blinding_point, None) {
-		Ok(ss) => ss,
-		Err(e) => {
-			log_error!(logger, "Failed to retrieve node secret: {:?}", e);
-			return Err(());
-		},
-	};
-	let onion_decode_ss = {
-		let blinding_factor = {
-			let mut hmac = HmacEngine::<Sha256>::new(b"blinded_node_id");
-			hmac.input(control_tlvs_ss.as_ref());
-			let hmac = Hmac::from_engine(hmac).to_byte_array();
-			Scalar::from_be_bytes(hmac).unwrap()
-		};
-		let packet_pubkey = &msg.onion_routing_packet.public_key;
-		match node_signer.ecdh(Recipient::Node, packet_pubkey, Some(&blinding_factor)) {
-			Ok(ss) => ss.secret_bytes(),
-			Err(()) => {
-				log_trace!(logger, "Failed to compute onion packet shared secret");
+	// Helper function to compute shared secrets for onion decoding
+	let compute_shared_secrets = |blinding_point: &PublicKey,
+	                              packet_pubkey: &PublicKey|
+	 -> Result<(SharedSecret, [u8; 32]), ()> {
+		let control_tlvs_ss = match node_signer.ecdh(Recipient::Node, blinding_point, None) {
+			Ok(ss) => ss,
+			Err(e) => {
+				log_error!(logger, "Failed to retrieve node secret: {:?}", e);
 				return Err(());
 			},
-		}
+		};
+
+		let onion_decode_ss = {
+			let blinding_factor = {
+				let mut hmac = HmacEngine::<Sha256>::new(b"blinded_node_id");
+				hmac.input(control_tlvs_ss.as_ref());
+				let hmac = Hmac::from_engine(hmac).to_byte_array();
+				Scalar::from_be_bytes(hmac).unwrap()
+			};
+			match node_signer.ecdh(Recipient::Node, packet_pubkey, Some(&blinding_factor)) {
+				Ok(ss) => ss.secret_bytes(),
+				Err(()) => {
+					log_trace!(logger, "Failed to compute onion packet shared secret");
+					return Err(());
+				},
+			}
+		};
+
+		Ok((control_tlvs_ss, onion_decode_ss))
 	};
-	let next_hop = onion_utils::decode_next_untagged_hop(
-		onion_decode_ss,
-		&msg.onion_routing_packet.hop_data[..],
-		msg.onion_routing_packet.hmac,
-		(control_tlvs_ss, custom_handler.deref(), logger.deref()),
-	);
-	match next_hop {
-		Ok((
-			Payload::Receive {
-				message,
-				control_tlvs: ReceiveControlTlvs::Unblinded(ReceiveTlvs { context }),
-				reply_path,
-			},
-			None,
-		)) => match (message, context) {
+
+	// Helper function to process receive payloads
+	let process_receive_payload = |message,
+	                               context,
+	                               reply_path|
+	 -> Result<
+		PeeledOnion<<<CMH>::Target as CustomOnionMessageHandler>::CustomMessage>,
+		(),
+	> {
+		match (message, context) {
 			(ParsedOnionMessageContents::Offers(msg), Some(MessageContext::Offers(ctx))) => {
 				Ok(PeeledOnion::Offers(msg, Some(ctx), reply_path))
 			},
@@ -1114,55 +1118,201 @@ where
 				);
 				Err(())
 			},
-		},
-		Ok((
-			Payload::Forward(ForwardControlTlvs::Unblinded(ForwardTlvs {
-				next_hop,
-				next_blinding_override,
-			})),
-			Some((next_hop_hmac, new_packet_bytes)),
-		)) => {
-			// TODO: we need to check whether `next_hop` is our node, in which case this is a dummy
-			// blinded hop and this onion message is destined for us. In this situation, we should keep
-			// unwrapping the onion layers to get to the final payload. Since we don't have the option
-			// of creating blinded paths with dummy hops currently, we should be ok to not handle this
-			// for now.
-			let packet_pubkey = msg.onion_routing_packet.public_key;
-			let new_pubkey_opt =
-				onion_utils::next_hop_pubkey(&secp_ctx, packet_pubkey, &onion_decode_ss);
-			let new_pubkey = match new_pubkey_opt {
-				Ok(pk) => pk,
+		}
+	};
+
+	// Constructs the next onion message using packet data and blinding logic.
+	let compute_onion_message = |packet_pubkey: PublicKey,
+	                             next_hop_hmac: [u8; 32],
+	                             new_packet_bytes: Vec<u8>,
+	                             current_blinding_point: PublicKey,
+	                             current_control_tlvs_ss: SharedSecret,
+	                             current_onion_decode_ss: [u8; 32],
+	                             blinding_point_opt: Option<PublicKey>|
+	 -> Result<OnionMessage, ()> {
+		let new_pubkey = match onion_utils::next_hop_pubkey(
+			&secp_ctx,
+			packet_pubkey,
+			&current_onion_decode_ss,
+		) {
+			Ok(pk) => pk,
+			Err(e) => {
+				log_trace!(logger, "Failed to compute next hop packet pubkey: {}", e);
+				return Err(());
+			},
+		};
+		let outgoing_packet = Packet {
+			version: 0,
+			public_key: new_pubkey,
+			hop_data: new_packet_bytes,
+			hmac: next_hop_hmac,
+		};
+		let blinding_point = match blinding_point_opt {
+			Some(bp) => bp,
+			None => match onion_utils::next_hop_pubkey(
+				&secp_ctx,
+				current_blinding_point,
+				current_control_tlvs_ss.as_ref(),
+			) {
+				Ok(bp) => bp,
 				Err(e) => {
-					log_trace!(logger, "Failed to compute next hop packet pubkey: {}", e);
+					log_trace!(logger, "Failed to compute next blinding point: {}", e);
 					return Err(());
 				},
-			};
-			let outgoing_packet = Packet {
-				version: 0,
-				public_key: new_pubkey,
-				hop_data: new_packet_bytes,
-				hmac: next_hop_hmac,
-			};
-			let onion_message = OnionMessage {
-				blinding_point: match next_blinding_override {
-					Some(blinding_point) => blinding_point,
-					None => {
-						match onion_utils::next_hop_pubkey(
+			},
+		};
+		Ok(OnionMessage { blinding_point, onion_routing_packet: outgoing_packet })
+	};
+
+	let (control_tlvs_ss, onion_decode_ss) =
+		compute_shared_secrets(&msg.blinding_point, &msg.onion_routing_packet.public_key)?;
+
+	let next_hop = onion_utils::decode_next_untagged_hop(
+		onion_decode_ss,
+		&msg.onion_routing_packet.hop_data[..],
+		msg.onion_routing_packet.hmac,
+		(control_tlvs_ss, custom_handler.deref(), logger.deref()),
+	);
+
+	match next_hop {
+		Ok((
+			Payload::Receive {
+				message,
+				control_tlvs: ReceiveControlTlvs::Unblinded(ReceiveTlvs { context }),
+				reply_path,
+			},
+			None,
+		)) => process_receive_payload(message, context, reply_path),
+		Ok((
+			Payload::Dummy(DummyControlTlvs::Unblinded(DummyTlv::Primary(PrimaryDummyTlv {
+				dummy_tlv,
+				authentication,
+			}))),
+			Some((next_hop_hmac, new_packet_bytes)),
+		)) => {
+			let expanded_key = node_signer.get_expanded_key();
+			dummy_tlv.verify_data(authentication.0, authentication.1, &expanded_key)?;
+
+			// Start iterative processing of the dummy chain
+			let mut current_message = compute_onion_message(
+				msg.onion_routing_packet.public_key,
+				next_hop_hmac,
+				new_packet_bytes,
+				msg.blinding_point,
+				control_tlvs_ss,
+				onion_decode_ss,
+				None,
+			)?;
+
+			// Process subsequent dummy hops iteratively
+			loop {
+				let (current_control_tlvs_ss, current_onion_decode_ss) = compute_shared_secrets(
+					&current_message.blinding_point,
+					&current_message.onion_routing_packet.public_key,
+				)?;
+
+				let current_next_hop = onion_utils::decode_next_untagged_hop(
+					current_onion_decode_ss,
+					&current_message.onion_routing_packet.hop_data[..],
+					current_message.onion_routing_packet.hmac,
+					(current_control_tlvs_ss, custom_handler.deref(), logger.deref()),
+				);
+
+				match current_next_hop {
+					Ok((
+						Payload::Dummy(DummyControlTlvs::Unblinded(DummyTlv::Subsequent)),
+						Some((next_hop_hmac, new_packet_bytes)),
+					)) => {
+						// Valid: Subsequent dummy after Primary dummy, continue processing
+						let new_pubkey = match onion_utils::next_hop_pubkey(
+							&secp_ctx,
+							current_message.onion_routing_packet.public_key,
+							&current_onion_decode_ss,
+						) {
+							Ok(pk) => pk,
+							Err(e) => {
+								log_trace!(
+									logger,
+									"Failed to compute next hop packet pubkey: {}",
+									e
+								);
+								return Err(());
+							},
+						};
+						let outgoing_packet = Packet {
+							version: 0,
+							public_key: new_pubkey,
+							hop_data: new_packet_bytes,
+							hmac: next_hop_hmac,
+						};
+						let blinding_point = match onion_utils::next_hop_pubkey(
 							&secp_ctx,
-							msg.blinding_point,
-							control_tlvs_ss.as_ref(),
+							current_message.blinding_point,
+							current_control_tlvs_ss.as_ref(),
 						) {
 							Ok(bp) => bp,
 							Err(e) => {
 								log_trace!(logger, "Failed to compute next blinding point: {}", e);
 								return Err(());
 							},
-						}
+						};
+						current_message =
+							OnionMessage { blinding_point, onion_routing_packet: outgoing_packet };
 					},
-				},
-				onion_routing_packet: outgoing_packet,
-			};
-
+					Ok((
+						Payload::Receive {
+							message,
+							control_tlvs: ReceiveControlTlvs::Unblinded(ReceiveTlvs { context }),
+							reply_path,
+						},
+						None,
+					)) => {
+						// End of dummy chain, process the final receive payload
+						return process_receive_payload(message, context, reply_path);
+					},
+					Err(e) => {
+						log_trace!(
+							logger,
+							"Errored decoding onion message packet in dummy chain: {:?}",
+							e
+						);
+						return Err(());
+					},
+					_ => {
+						// Invalid: anything else breaks the expected structure
+						log_trace!(
+							logger,
+							"Invalid payload type in dummy chain. Expected Subsequent dummy or Receive payload."
+						);
+						return Err(());
+					},
+				}
+			}
+		},
+		Ok((Payload::Dummy(DummyControlTlvs::Unblinded(DummyTlv::Subsequent)), _)) => {
+			// ERROR: Subsequent dummy without preceding Primary dummy
+			log_trace!(
+				logger,
+				"Received Subsequent dummy without preceding Primary dummy - invalid structure"
+			);
+			Err(())
+		},
+		Ok((
+			Payload::Forward(ForwardControlTlvs::Unblinded(ForwardTlvs {
+				next_hop,
+				next_blinding_override,
+			})),
+			Some((next_hop_hmac, new_packet_bytes)),
+		)) => {
+			let onion_message = compute_onion_message(
+				msg.onion_routing_packet.public_key,
+				next_hop_hmac,
+				new_packet_bytes,
+				msg.blinding_point,
+				control_tlvs_ss,
+				onion_decode_ss,
+				next_blinding_override,
+			)?;
 			Ok(PeeledOnion::Forward(next_hop, onion_message))
 		},
 		Err(e) => {
