Handle Trampoline hops in error decryption

Rather than solely iterating over `RouteHop`s, we now also append the
shared secrets from the inner onion containing `TrampolineHop`s.

Author: arik-so

lightning/src/ln/onion_utils.rs

@@ -967,7 +967,7 @@ where
 	let mut htlc_msat = *first_hop_htlc_msat;
 	let mut _error_code_ret = None;
 	let mut _error_packet_ret = None;
-	let mut is_from_final_node = false;
+	let mut is_from_final_non_blinded_node = false;
 
 	const BADONION: u16 = 0x8000;
 	const PERM: u16 = 0x4000;
@@ -976,41 +976,72 @@ where
 
 	enum ErrorHop<'a> {
 		RouteHop(&'a RouteHop),
+		TrampolineHop(&'a TrampolineHop),
 	}
 
 	impl<'a> ErrorHop<'a> {
 		fn fee_msat(&self) -> u64 {
 			match self {
 				ErrorHop::RouteHop(rh) => rh.fee_msat,
+				ErrorHop::TrampolineHop(th) => th.fee_msat,
 			}
 		}
 
 		fn pubkey(&self) -> &PublicKey {
 			match self {
 				ErrorHop::RouteHop(rh) => rh.node_pubkey(),
+				ErrorHop::TrampolineHop(th) => th.node_pubkey(),
 			}
 		}
 
 		fn short_channel_id(&self) -> Option<u64> {
 			match self {
 				ErrorHop::RouteHop(rh) => Some(rh.short_channel_id),
+				ErrorHop::TrampolineHop(_) => None,
 			}
 		}
 	}
 
+	let outer_session_priv = path.has_trampoline_hops().then(|| {
+		// if we have Trampoline hops, the outer onion session_priv is a hash of the inner one
+		let session_priv_hash = Sha256::hash(&session_priv.secret_bytes()).to_byte_array();
+		SecretKey::from_slice(&session_priv_hash[..]).expect("You broke SHA-256!")
+	});
+
 	let num_blinded_hops = path.blinded_tail.as_ref().map_or(0, |bt| bt.hops.len());
+
+	// We are first collecting all the unblinded `RouteHop`s inside `onion_keys`. Then, if applicable,
+	// we will add all the `TrampolineHop`s, and finally, the blinded hops.
 	let mut onion_keys = Vec::with_capacity(path.hops.len() + num_blinded_hops);
 	construct_onion_keys_generic_callback(
 		secp_ctx,
 		&path.hops,
-		path.blinded_tail.as_ref(),
-		session_priv,
+		// if we have Trampoline hops, the blinded hops are part of the inner Trampoline onion
+		if path.has_trampoline_hops() { None } else { path.blinded_tail.as_ref() },
+		outer_session_priv.as_ref().unwrap_or(session_priv),
 		|shared_secret, _, _, route_hop_option: Option<&RouteHop>, _| {
 			onion_keys.push((route_hop_option.map(|rh| ErrorHop::RouteHop(rh)), shared_secret))
 		},
 	)
 	.expect("Route we used spontaneously grew invalid keys in the middle of it?");
 
+	if path.has_trampoline_hops() {
+		construct_onion_keys_generic_callback(
+			secp_ctx,
+			// Trampoline hops are part of the blinded tail, so this can never panic
+			&path.blinded_tail.as_ref().unwrap().trampoline_hops,
+			path.blinded_tail.as_ref(),
+			session_priv,
+			|shared_secret, _, _, trampoline_hop_option: Option<&TrampolineHop>, _| {
+				onion_keys.push((
+					trampoline_hop_option.map(|th| ErrorHop::TrampolineHop(th)),
+					shared_secret,
+				))
+			},
+		)
+		.expect("Route we used spontaneously grew invalid keys in the middle of it?");
+	}
+
 	// Handle packed channel/node updates for passing back for the route handler
 	let mut iterator = onion_keys.into_iter().peekable();
 	while let Some((route_hop_option, shared_secret)) = iterator.next() {
@@ -1032,12 +1063,12 @@ where
 
 		// The failing hop includes either the inbound channel to the recipient or the outbound channel
 		// from the current hop (i.e., the next hop's inbound channel).
-		// For 1-hop blinded paths, the final `path.hops` entry is the recipient.
+		// For 1-hop blinded paths, the final `ErrorHop` entry is the recipient.
 		// In our case that means that if we're on the last iteration, and there is no more than one
 		// blinded hop, the current iteration references the last non-blinded hop.
 		let next_hop = iterator.peek();
-		is_from_final_node = next_hop.is_none() && num_blinded_hops <= 1;
-		let failing_route_hop = if is_from_final_node {
+		is_from_final_non_blinded_node = next_hop.is_none() && num_blinded_hops <= 1;
+		let failing_route_hop = if is_from_final_non_blinded_node {
 			route_hop
 		} else {
 			match next_hop {
@@ -1102,7 +1133,7 @@ where
 					res = Some(FailureLearnings {
 						network_update,
 						short_channel_id,
-						payment_failed_permanently: is_from_final_node,
+						payment_failed_permanently: is_from_final_non_blinded_node,
 						failed_within_blinded_path: false,
 					});
 					break;
@@ -1124,7 +1155,7 @@ where
 				res = Some(FailureLearnings {
 					network_update,
 					short_channel_id,
-					payment_failed_permanently: is_from_final_node,
+					payment_failed_permanently: is_from_final_non_blinded_node,
 					failed_within_blinded_path: false,
 				});
 				break;
@@ -1141,7 +1172,7 @@ where
 		let payment_failed = match error_code & 0xff {
 			15 | 16 | 17 | 18 | 19 | 23 => true,
 			_ => false,
-		} && is_from_final_node; // PERM bit observed below even if this error is from the intermediate nodes
+		} && is_from_final_non_blinded_node; // PERM bit observed below even if this error is from the intermediate nodes
 
 		let mut network_update = None;
 		let mut short_channel_id = None;
@@ -1226,7 +1257,7 @@ where
 		res = Some(FailureLearnings {
 			network_update,
 			short_channel_id,
-			payment_failed_permanently: error_code & PERM == PERM && is_from_final_node,
+			payment_failed_permanently: error_code & PERM == PERM && is_from_final_non_blinded_node,
 			failed_within_blinded_path: false,
 		});
 
@@ -1285,7 +1316,7 @@ where
 		DecodedOnionFailure {
 			network_update: None,
 			short_channel_id: None,
-			payment_failed_permanently: is_from_final_node,
+			payment_failed_permanently: is_from_final_non_blinded_node,
 			failed_within_blinded_path: false,
 			#[cfg(any(test, feature = "_test_utils"))]
 			onion_error_code: None,

lightning/src/routing/router.rs

@@ -519,6 +519,11 @@ impl Path {
 			None => self.hops.last().map(|hop| hop.cltv_expiry_delta)
 		}
 	}
+
+	/// True if this [`Path`] has at least one Trampoline hop.
+	pub fn has_trampoline_hops(&self) -> bool {
+		self.blinded_tail.as_ref().map_or(false, |bt| !bt.trampoline_hops.is_empty())
+	}
 }
 
 /// A route directs a payment from the sender (us) to the recipient. If the recipient supports MPP,