Impl Base AMP in the receive pipeline and expose payment_secret

author Matt Corallo <git@bluematt.me>

Thu, 2 Jan 2020 06:23:48 +0000 (01:23 -0500)

committer Matt Corallo <git@bluematt.me>

Tue, 14 Apr 2020 23:54:17 +0000 (19:54 -0400)
author Matt Corallo <git@bluematt.me>
Thu, 2 Jan 2020 06:23:48 +0000 (01:23 -0500)
committer Matt Corallo <git@bluematt.me>
Tue, 14 Apr 2020 23:54:17 +0000 (19:54 -0400)
diff --git a/fuzz/src/chanmon_consistency.rs b/fuzz/src/chanmon_consistency.rs

index bcacae883d3d91fc5a9f7882c2859a07adc22e3e..4981833baa3de5787d6d98ef3e8b7ed43e03e905 100644 (file)
--- a/fuzz/src/chanmon_consistency.rs
+++ b/fuzz/src/chanmon_consistency.rs
@@ -417,7 +417,7 @@ pub fn do_test(data: &[u8]) {
                                                 fee_msat: 5000000,
                                                 cltv_expiry_delta: 200,
                                         }],
-                               }, PaymentHash(payment_hash.into_inner())) {
+                               }, PaymentHash(payment_hash.into_inner()), &None) {
                                         // Probably ran out of funds
                                         test_return!();
                                 }
@@ -441,7 +441,7 @@ pub fn do_test(data: &[u8]) {
                                                 fee_msat: 5000000,
                                                 cltv_expiry_delta: 200,
                                         }],
-                               }, PaymentHash(payment_hash.into_inner())) {
+                               }, PaymentHash(payment_hash.into_inner()), &None) {
                                         // Probably ran out of funds
                                         test_return!();
                                 }
@@ -602,9 +602,9 @@ pub fn do_test(data: &[u8]) {
                                                 events::Event::PaymentReceived { payment_hash, .. } => {
                                                         if claim_set.insert(payment_hash.0) {
                                                                 if $fail {
-                                                                       assert!(nodes[$node].fail_htlc_backwards(&payment_hash));
+                                                                       assert!(nodes[$node].fail_htlc_backwards(&payment_hash, &None));
                                                                 } else {
-                                                                       assert!(nodes[$node].claim_funds(PaymentPreimage(payment_hash.0), 5_000_000));
+                                                                       assert!(nodes[$node].claim_funds(PaymentPreimage(payment_hash.0), &None, 5_000_000));
                                                                 }
                                                         }
                                                 },
diff --git a/fuzz/src/full_stack.rs b/fuzz/src/full_stack.rs

index 3ae4e56b5f1903093d621d6f91327fcc58d79b5f..b3317fc416b1775e7107934cc981eb269836366b 100644 (file)
--- a/fuzz/src/full_stack.rs
+++ b/fuzz/src/full_stack.rs
@@ -22,7 +22,7 @@ use lightning::chain::chaininterface::{BroadcasterInterface,ConfirmationTarget,C
  use lightning::chain::transaction::OutPoint;
  use lightning::chain::keysinterface::{InMemoryChannelKeys, KeysInterface};
  use lightning::ln::channelmonitor;
-use lightning::ln::channelmanager::{ChannelManager, PaymentHash, PaymentPreimage};
+use lightning::ln::channelmanager::{ChannelManager, PaymentHash, PaymentPreimage, PaymentSecret};
  use lightning::ln::peer_handler::{MessageHandler,PeerManager,SocketDescriptor};
  use lightning::ln::router::Router;
  use lightning::util::events::{EventsProvider,Event};
@@ -343,7 +343,7 @@ pub fn do_test(data: &[u8], logger: &Arc<dyn Logger>) {
         }, our_network_key, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 15, 0], Arc::clone(&logger)));
  
         let mut should_forward = false;
-       let mut payments_received: Vec<(PaymentHash, u64)> = Vec::new();
+       let mut payments_received: Vec<(PaymentHash, Option<PaymentSecret>, u64)> = Vec::new();
         let mut payments_sent = 0;
         let mut pending_funding_generation: Vec<([u8; 32], u64, Script)> = Vec::new();
         let mut pending_funding_signatures = HashMap::new();
@@ -401,7 +401,7 @@ pub fn do_test(data: &[u8], logger: &Arc<dyn Logger>) {
                                 sha.input(&payment_hash.0[..]);
                                 payment_hash.0 = Sha256::from_engine(sha).into_inner();
                                 payments_sent += 1;
-                               match channelmanager.send_payment(route, payment_hash) {
+                               match channelmanager.send_payment(route, payment_hash, &None) {
                                         Ok(_) => {},
                                         Err(_) => return,
                                 }
@@ -428,23 +428,23 @@ pub fn do_test(data: &[u8], logger: &Arc<dyn Logger>) {
                                 }
                         },
                         8 => {
-                               for (payment, amt) in payments_received.drain(..) {
+                               for (payment, payment_secret, amt) in payments_received.drain(..) {
                                         // SHA256 is defined as XOR of all input bytes placed in the first byte, and 0s
                                         // for the remaining bytes. Thus, if not all remaining bytes are 0s we cannot
                                         // fulfill this HTLC, but if they are, we can just take the first byte and
                                         // place that anywhere in our preimage.
                                         if &payment.0[1..] != &[0; 31] {
-                                               channelmanager.fail_htlc_backwards(&payment);
+                                               channelmanager.fail_htlc_backwards(&payment, &payment_secret);
                                         } else {
                                                 let mut payment_preimage = PaymentPreimage([0; 32]);
                                                 payment_preimage.0[0] = payment.0[0];
-                                               channelmanager.claim_funds(payment_preimage, amt);
+                                               channelmanager.claim_funds(payment_preimage, &payment_secret, amt);
                                         }
                                 }
                         },
                         9 => {
-                               for (payment, _) in payments_received.drain(..) {
-                                       channelmanager.fail_htlc_backwards(&payment);
+                               for (payment, payment_secret, _) in payments_received.drain(..) {
+                                       channelmanager.fail_htlc_backwards(&payment, &payment_secret);
                                 }
                         },
                         10 => {
@@ -524,9 +524,9 @@ pub fn do_test(data: &[u8], logger: &Arc<dyn Logger>) {
                                 Event::FundingBroadcastSafe { funding_txo, .. } => {
                                         pending_funding_relay.push(pending_funding_signatures.remove(&funding_txo).unwrap());
                                 },
-                               Event::PaymentReceived { payment_hash, amt } => {
+                               Event::PaymentReceived { payment_hash, payment_secret, amt } => {
                                         //TODO: enhance by fetching random amounts from fuzz input?
-                                       payments_received.push((payment_hash, amt));
+                                       payments_received.push((payment_hash, payment_secret, amt));
                                 },
                                 Event::PaymentSent {..} => {},
                                 Event::PaymentFailed {..} => {},
diff --git a/lightning/src/ln/chanmon_update_fail_tests.rs b/lightning/src/ln/chanmon_update_fail_tests.rs

index d43608f376b3417c0bee9a78aeead958a1c521ad..4a682f74fa1056977ac30270ba91ce6aea0a7cec 100644 (file)
--- a/lightning/src/ln/chanmon_update_fail_tests.rs
+++ b/lightning/src/ln/chanmon_update_fail_tests.rs
@@ -30,7 +30,7 @@ fn test_simple_monitor_permanent_update_fail() {
         let (_, payment_hash_1) = get_payment_preimage_hash!(&nodes[0]);
  
         *nodes[0].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::PermanentFailure);
-       if let Err(APIError::ChannelUnavailable {..}) = nodes[0].node.send_payment(route, payment_hash_1) {} else { panic!(); }
+       if let Err(APIError::ChannelUnavailable {..}) = nodes[0].node.send_payment(route, payment_hash_1, &None) {} else { panic!(); }
         check_added_monitors!(nodes[0], 2);
  
         let events_1 = nodes[0].node.get_and_clear_pending_msg_events();
@@ -63,7 +63,7 @@ fn do_test_simple_monitor_temporary_update_fail(disconnect: bool) {
         let (payment_preimage_1, payment_hash_1) = get_payment_preimage_hash!(&nodes[0]);
  
         *nodes[0].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
-       if let Err(APIError::MonitorUpdateFailed) = nodes[0].node.send_payment(route.clone(), payment_hash_1) {} else { panic!(); }
+       if let Err(APIError::MonitorUpdateFailed) = nodes[0].node.send_payment(route.clone(), payment_hash_1, &None) {} else { panic!(); }
         check_added_monitors!(nodes[0], 1);
  
         assert!(nodes[0].node.get_and_clear_pending_events().is_empty());
@@ -93,8 +93,9 @@ fn do_test_simple_monitor_temporary_update_fail(disconnect: bool) {
         let events_3 = nodes[1].node.get_and_clear_pending_events();
         assert_eq!(events_3.len(), 1);
         match events_3[0] {
-               Event::PaymentReceived { ref payment_hash, amt } => {
+               Event::PaymentReceived { ref payment_hash, ref payment_secret, amt } => {
                         assert_eq!(payment_hash_1, *payment_hash);
+                       assert_eq!(*payment_secret, None);
                         assert_eq!(amt, 1000000);
                 },
                 _ => panic!("Unexpected event"),
@@ -105,7 +106,7 @@ fn do_test_simple_monitor_temporary_update_fail(disconnect: bool) {
         // Now set it to failed again...
         let (_, payment_hash_2) = get_payment_preimage_hash!(&nodes[0]);
         *nodes[0].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
-       if let Err(APIError::MonitorUpdateFailed) = nodes[0].node.send_payment(route, payment_hash_2) {} else { panic!(); }
+       if let Err(APIError::MonitorUpdateFailed) = nodes[0].node.send_payment(route, payment_hash_2, &None) {} else { panic!(); }
         check_added_monitors!(nodes[0], 1);
  
         assert!(nodes[0].node.get_and_clear_pending_events().is_empty());
@@ -168,7 +169,7 @@ fn do_test_monitor_temporary_update_fail(disconnect_count: usize) {
         let (payment_preimage_2, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
  
         *nodes[0].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
-       if let Err(APIError::MonitorUpdateFailed) = nodes[0].node.send_payment(route.clone(), payment_hash_2) {} else { panic!(); }
+       if let Err(APIError::MonitorUpdateFailed) = nodes[0].node.send_payment(route.clone(), payment_hash_2, &None) {} else { panic!(); }
         check_added_monitors!(nodes[0], 1);
  
         assert!(nodes[0].node.get_and_clear_pending_events().is_empty());
@@ -177,7 +178,7 @@ fn do_test_monitor_temporary_update_fail(disconnect_count: usize) {
  
         // Claim the previous payment, which will result in a update_fulfill_htlc/CS from nodes[1]
         // but nodes[0] won't respond since it is frozen.
-       assert!(nodes[1].node.claim_funds(payment_preimage_1, 1_000_000));
+       assert!(nodes[1].node.claim_funds(payment_preimage_1, &None, 1_000_000));
         check_added_monitors!(nodes[1], 1);
         let events_2 = nodes[1].node.get_and_clear_pending_msg_events();
         assert_eq!(events_2.len(), 1);
@@ -446,8 +447,9 @@ fn do_test_monitor_temporary_update_fail(disconnect_count: usize) {
         let events_5 = nodes[1].node.get_and_clear_pending_events();
         assert_eq!(events_5.len(), 1);
         match events_5[0] {
-               Event::PaymentReceived { ref payment_hash, amt } => {
+               Event::PaymentReceived { ref payment_hash, ref payment_secret, amt } => {
                         assert_eq!(payment_hash_2, *payment_hash);
+                       assert_eq!(*payment_secret, None);
                         assert_eq!(amt, 1000000);
                 },
                 _ => panic!("Unexpected event"),
@@ -494,7 +496,7 @@ fn test_monitor_update_fail_cs() {
  
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
         let (payment_preimage, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
  
         let send_event = SendEvent::from_event(nodes[0].node.get_and_clear_pending_msg_events().remove(0));
@@ -555,8 +557,9 @@ fn test_monitor_update_fail_cs() {
         let events = nodes[1].node.get_and_clear_pending_events();
         assert_eq!(events.len(), 1);
         match events[0] {
-               Event::PaymentReceived { payment_hash, amt } => {
+               Event::PaymentReceived { payment_hash, payment_secret, amt } => {
                         assert_eq!(payment_hash, our_payment_hash);
+                       assert_eq!(payment_secret, None);
                         assert_eq!(amt, 1000000);
                 },
                 _ => panic!("Unexpected event"),
@@ -578,7 +581,7 @@ fn test_monitor_update_fail_no_rebroadcast() {
  
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
         let (payment_preimage_1, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
  
         let send_event = SendEvent::from_event(nodes[0].node.get_and_clear_pending_msg_events().remove(0));
@@ -626,13 +629,13 @@ fn test_monitor_update_raa_while_paused() {
  
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
         let (payment_preimage_1, our_payment_hash_1) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash_1).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash_1, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
         let send_event_1 = SendEvent::from_event(nodes[0].node.get_and_clear_pending_msg_events().remove(0));
  
         let route = nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
         let (payment_preimage_2, our_payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
-       nodes[1].node.send_payment(route, our_payment_hash_2).unwrap();
+       nodes[1].node.send_payment(route, our_payment_hash_2, &None).unwrap();
         check_added_monitors!(nodes[1], 1);
         let send_event_2 = SendEvent::from_event(nodes[1].node.get_and_clear_pending_msg_events().remove(0));
  
@@ -701,7 +704,7 @@ fn do_test_monitor_update_fail_raa(test_ignore_second_cs: bool) {
         let (_, payment_hash_1) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], 1000000);
  
         // Fail the payment backwards, failing the monitor update on nodes[1]'s receipt of the RAA
-       assert!(nodes[2].node.fail_htlc_backwards(&payment_hash_1));
+       assert!(nodes[2].node.fail_htlc_backwards(&payment_hash_1, &None));
         expect_pending_htlcs_forwardable!(nodes[2]);
         check_added_monitors!(nodes[2], 1);
  
@@ -720,7 +723,7 @@ fn do_test_monitor_update_fail_raa(test_ignore_second_cs: bool) {
         // holding cell.
         let (payment_preimage_2, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
         let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
-       nodes[0].node.send_payment(route, payment_hash_2).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_2, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
  
         let mut send_event = SendEvent::from_event(nodes[0].node.get_and_clear_pending_msg_events().remove(0));
@@ -745,7 +748,7 @@ fn do_test_monitor_update_fail_raa(test_ignore_second_cs: bool) {
  
         let (_, payment_hash_3) = get_payment_preimage_hash!(nodes[0]);
         let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
-       nodes[0].node.send_payment(route, payment_hash_3).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_3, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
  
         *nodes[1].chan_monitor.update_ret.lock().unwrap() = Ok(()); // We succeed in updating the monitor for the first channel
@@ -792,7 +795,7 @@ fn do_test_monitor_update_fail_raa(test_ignore_second_cs: bool) {
                 // Try to route another payment backwards from 2 to make sure 1 holds off on responding
                 let (payment_preimage_4, payment_hash_4) = get_payment_preimage_hash!(nodes[0]);
                 let route = nodes[2].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
-               nodes[2].node.send_payment(route, payment_hash_4).unwrap();
+               nodes[2].node.send_payment(route, payment_hash_4, &None).unwrap();
                 check_added_monitors!(nodes[2], 1);
  
                 send_event = SendEvent::from_event(nodes[2].node.get_and_clear_pending_msg_events().remove(0));
@@ -957,7 +960,7 @@ fn test_monitor_update_fail_reestablish() {
         nodes[1].node.peer_disconnected(&nodes[0].node.get_our_node_id(), false);
         nodes[0].node.peer_disconnected(&nodes[1].node.get_our_node_id(), false);
  
-       assert!(nodes[2].node.claim_funds(our_payment_preimage, 1_000_000));
+       assert!(nodes[2].node.claim_funds(our_payment_preimage, &None, 1_000_000));
         check_added_monitors!(nodes[2], 1);
         let mut updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
         assert!(updates.update_add_htlcs.is_empty());
@@ -1043,9 +1046,9 @@ fn raa_no_response_awaiting_raa_state() {
         // immediately after a CS. By setting failing the monitor update failure from the CS (which
         // requires only an RAA response due to AwaitingRAA) we can deliver the RAA and require the CS
         // generation during RAA while in monitor-update-failed state.
-       nodes[0].node.send_payment(route.clone(), payment_hash_1).unwrap();
+       nodes[0].node.send_payment(route.clone(), payment_hash_1, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
-       nodes[0].node.send_payment(route.clone(), payment_hash_2).unwrap();
+       nodes[0].node.send_payment(route.clone(), payment_hash_2, &None).unwrap();
         check_added_monitors!(nodes[0], 0);
  
         let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -1093,7 +1096,7 @@ fn raa_no_response_awaiting_raa_state() {
         // We send a third payment here, which is somewhat of a redundant test, but the
         // chanmon_fail_consistency test required it to actually find the bug (by seeing out-of-sync
         // commitment transaction states) whereas here we can explicitly check for it.
-       nodes[0].node.send_payment(route.clone(), payment_hash_3).unwrap();
+       nodes[0].node.send_payment(route.clone(), payment_hash_3, &None).unwrap();
         check_added_monitors!(nodes[0], 0);
         assert!(nodes[0].node.get_and_clear_pending_msg_events().is_empty());
  
@@ -1156,7 +1159,7 @@ fn claim_while_disconnected_monitor_update_fail() {
         nodes[0].node.peer_disconnected(&nodes[1].node.get_our_node_id(), false);
         nodes[1].node.peer_disconnected(&nodes[0].node.get_our_node_id(), false);
  
-       assert!(nodes[1].node.claim_funds(payment_preimage_1, 1_000_000));
+       assert!(nodes[1].node.claim_funds(payment_preimage_1, &None, 1_000_000));
         check_added_monitors!(nodes[1], 1);
  
         nodes[0].node.peer_connected(&nodes[1].node.get_our_node_id(), &msgs::Init { features: InitFeatures::empty() });
@@ -1182,7 +1185,7 @@ fn claim_while_disconnected_monitor_update_fail() {
         // the monitor still failed
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
         let (payment_preimage_2, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, payment_hash_2).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_2, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
  
         let as_updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
@@ -1274,7 +1277,7 @@ fn monitor_failed_no_reestablish_response() {
         // on receipt).
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
         let (payment_preimage_1, payment_hash_1) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, payment_hash_1).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_1, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
  
         *nodes[1].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
@@ -1344,7 +1347,7 @@ fn first_message_on_recv_ordering() {
         // can deliver it and fail the monitor update.
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
         let (payment_preimage_1, payment_hash_1) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, payment_hash_1).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_1, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
  
         let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -1366,7 +1369,7 @@ fn first_message_on_recv_ordering() {
         // Route the second payment, generating an update_add_htlc/commitment_signed
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
         let (payment_preimage_2, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, payment_hash_2).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_2, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
         let mut events = nodes[0].node.get_and_clear_pending_msg_events();
         assert_eq!(events.len(), 1);
@@ -1437,12 +1440,12 @@ fn test_monitor_update_fail_claim() {
         let (payment_preimage_1, _) = route_payment(&nodes[0], &[&nodes[1]], 1000000);
  
         *nodes[1].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
-       assert!(nodes[1].node.claim_funds(payment_preimage_1, 1_000_000));
+       assert!(nodes[1].node.claim_funds(payment_preimage_1, &None, 1_000_000));
         check_added_monitors!(nodes[1], 1);
  
         let route = nodes[2].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
         let (_, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
-       nodes[2].node.send_payment(route, payment_hash_2).unwrap();
+       nodes[2].node.send_payment(route, payment_hash_2, &None).unwrap();
         check_added_monitors!(nodes[2], 1);
  
         // Successfully update the monitor on the 1<->2 channel, but the 0<->1 channel should still be
@@ -1512,7 +1515,7 @@ fn test_monitor_update_on_pending_forwards() {
         send_payment(&nodes[0], &[&nodes[1], &nodes[2]], 5000000, 5_000_000);
  
         let (_, payment_hash_1) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], 1000000);
-       assert!(nodes[2].node.fail_htlc_backwards(&payment_hash_1));
+       assert!(nodes[2].node.fail_htlc_backwards(&payment_hash_1, &None));
         expect_pending_htlcs_forwardable!(nodes[2]);
         check_added_monitors!(nodes[2], 1);
  
@@ -1523,7 +1526,7 @@ fn test_monitor_update_on_pending_forwards() {
  
         let route = nodes[2].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
         let (payment_preimage_2, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
-       nodes[2].node.send_payment(route, payment_hash_2).unwrap();
+       nodes[2].node.send_payment(route, payment_hash_2, &None).unwrap();
         check_added_monitors!(nodes[2], 1);
  
         let mut events = nodes[2].node.get_and_clear_pending_msg_events();
@@ -1582,7 +1585,7 @@ fn monitor_update_claim_fail_no_response() {
         // Now start forwarding a second payment, skipping the last RAA so B is in AwaitingRAA
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
         let (payment_preimage_2, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, payment_hash_2).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_2, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
  
         let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -1592,7 +1595,7 @@ fn monitor_update_claim_fail_no_response() {
         let as_raa = commitment_signed_dance!(nodes[1], nodes[0], payment_event.commitment_msg, false, true, false, true);
  
         *nodes[1].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
-       assert!(nodes[1].node.claim_funds(payment_preimage_1, 1_000_000));
+       assert!(nodes[1].node.claim_funds(payment_preimage_1, &None, 1_000_000));
         check_added_monitors!(nodes[1], 1);
         let events = nodes[1].node.get_and_clear_pending_msg_events();
         assert_eq!(events.len(), 0);
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs

index 1a207bf9104f1b4dcc45b9329c0cedf43af3986f..efcf2159a068fa21b6f18e9674c98960a0f2f501 100644 (file)
--- a/lightning/src/ln/channelmanager.rs
+++ b/lightning/src/ln/channelmanager.rs
@@ -171,6 +171,9 @@ pub struct PaymentHash(pub [u8;32]);
  /// payment_preimage type, use to route payment between hop
  #[derive(Hash, Copy, Clone, PartialEq, Eq, Debug)]
  pub struct PaymentPreimage(pub [u8;32]);
+/// payment_secret type, use to authenticate sender to the receiver and tie MPP HTLCs together
+#[derive(Hash, Copy, Clone, PartialEq, Eq, Debug)]
+pub struct PaymentSecret(pub [u8;32]);
  
  type ShutdownResult = (Option<OutPoint>, ChannelMonitorUpdate, Vec<(HTLCSource, PaymentHash)>);
  
@@ -288,11 +291,14 @@ pub(super) struct ChannelHolder<ChanSigner: ChannelKeys> {
         /// guarantees are made about the existence of a channel with the short id here, nor the short
         /// ids in the PendingHTLCInfo!
         pub(super) forward_htlcs: HashMap<u64, Vec<HTLCForwardInfo>>,
-       /// Tracks HTLCs that were to us and can be failed/claimed by the user
+       /// (payment_hash, payment_secret) -> Vec<HTLCs> for tracking HTLCs that
+       /// were to us and can be failed/claimed by the user
         /// Note that while this is held in the same mutex as the channels themselves, no consistency
         /// guarantees are made about the channels given here actually existing anymore by the time you
         /// go to read them!
-       claimable_htlcs: HashMap<PaymentHash, Vec<ClaimableHTLC>>,
+       /// TODO: We need to time out HTLCs sitting here which are waiting on other AMP HTLCs to
+       /// arrive.
+       claimable_htlcs: HashMap<(PaymentHash, Option<PaymentSecret>), Vec<ClaimableHTLC>>,
         /// Messages to send to peers - pushed to in the same lock that they are generated in (except
         /// for broadcast messages, where ordering isn't as strict).
         pub(super) pending_msg_events: Vec<events::MessageSendEvent>,
@@ -1215,7 +1221,16 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
         /// In case of APIError::MonitorUpdateFailed, the commitment update has been irrevocably
         /// committed on our end and we're just waiting for a monitor update to send it. Do NOT retry
         /// the payment via a different route unless you intend to pay twice!
-       pub fn send_payment(&self, route: Route, payment_hash: PaymentHash) -> Result<(), APIError> {
+       ///
+       /// payment_secret is unrelated to payment_hash (or PaymentPreimage) and exists to authenticate
+       /// the sender to the recipient and prevent payment-probing (deanonymization) attacks. For
+       /// newer nodes, it will be provided to you in the invoice. If you do not have one, the Route
+       /// must not contain multiple paths as multi-path payments require a recipient-provided
+       /// payment_secret.
+       /// If a payment_secret *is* provided, we assume that the invoice had the payment_secret feature
+       /// bit set (either as required or as available). If multiple paths are present in the Route,
+       /// we assume the invoice had the basic_mpp feature set.
+       pub fn send_payment(&self, route: Route, payment_hash: PaymentHash, payment_secret: &Option<PaymentSecret>) -> Result<(), APIError> {
                 if route.hops.len() < 1 || route.hops.len() > 20 {
                         return Err(APIError::RouteError{err: "Route didn't go anywhere/had bogus size"});
                 }
@@ -1232,7 +1247,7 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
  
                 let onion_keys = secp_call!(onion_utils::construct_onion_keys(&self.secp_ctx, &route, &session_priv),
                                 APIError::RouteError{err: "Pubkey along hop was maliciously selected"});
-               let (onion_payloads, htlc_msat, htlc_cltv) = onion_utils::build_onion_payloads(&route, cur_height)?;
+               let (onion_payloads, htlc_msat, htlc_cltv) = onion_utils::build_onion_payloads(&route, payment_secret, cur_height)?;
                 if onion_utils::route_size_insane(&onion_payloads) {
                         return Err(APIError::RouteError{err: "Route size too large considering onion data"});
                 }
@@ -1461,7 +1476,9 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
                                                                                         htlc_id: prev_htlc_id,
                                                                                         incoming_packet_shared_secret: forward_info.incoming_shared_secret,
                                                                                 });
-                                                                               failed_forwards.push((htlc_source, forward_info.payment_hash, 0x4000 | 10, None));
+                                                                               failed_forwards.push((htlc_source, forward_info.payment_hash,
+                                                                                       HTLCFailReason::Reason { failure_code: 0x4000 | 10, data: Vec::new() }
+                                                                               ));
                                                                         },
                                                                         HTLCForwardInfo::FailHTLC { .. } => {
                                                                                 // Channel went away before we could fail it. This implies
@@ -1497,7 +1514,9 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
                                                                                                 panic!("Stated return value requirements in send_htlc() were not met");
                                                                                         }
                                                                                         let chan_update = self.get_channel_update(chan.get()).unwrap();
-                                                                                       failed_forwards.push((htlc_source, payment_hash, 0x1000 | 7, Some(chan_update)));
+                                                                                       failed_forwards.push((htlc_source, payment_hash,
+                                                                                               HTLCFailReason::Reason { failure_code: 0x1000 | 7, data: chan_update.encode_with_len() }
+                                                                                       ));
                                                                                         continue;
                                                                                 },
                                                                                 Ok(update_add) => {
@@ -1604,15 +1623,49 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
                                                                         htlc_id: prev_htlc_id,
                                                                         incoming_packet_shared_secret: incoming_shared_secret,
                                                                 };
-                                                               channel_state.claimable_htlcs.entry(payment_hash).or_insert(Vec::new()).push(ClaimableHTLC {
+
+                                                               let mut total_value = 0;
+                                                               let payment_secret_opt =
+                                                                       if let &Some(ref data) = &payment_data { Some(data.payment_secret.clone()) } else { None };
+                                                               let htlcs = channel_state.claimable_htlcs.entry((payment_hash, payment_secret_opt))
+                                                                       .or_insert(Vec::new());
+                                                               htlcs.push(ClaimableHTLC {
                                                                         prev_hop,
                                                                         value: amt_to_forward,
-                                                                       payment_data,
-                                                               });
-                                                               new_events.push(events::Event::PaymentReceived {
-                                                                       payment_hash: payment_hash,
-                                                                       amt: amt_to_forward,
+                                                                       payment_data: payment_data.clone(),
                                                                 });
+                                                               if let &Some(ref data) = &payment_data {
+                                                                       for htlc in htlcs.iter() {
+                                                                               total_value += htlc.value;
+                                                                               if htlc.payment_data.as_ref().unwrap().total_msat != data.total_msat {
+                                                                                       total_value = msgs::MAX_VALUE_MSAT;
+                                                                               }
+                                                                               if total_value >= msgs::MAX_VALUE_MSAT { break; }
+                                                                       }
+                                                                       if total_value >= msgs::MAX_VALUE_MSAT || total_value > data.total_msat  {
+                                                                               for htlc in htlcs.iter() {
+                                                                                       failed_forwards.push((HTLCSource::PreviousHopData(HTLCPreviousHopData {
+                                                                                                       short_channel_id: htlc.prev_hop.short_channel_id,
+                                                                                                       htlc_id: htlc.prev_hop.htlc_id,
+                                                                                                       incoming_packet_shared_secret: htlc.prev_hop.incoming_packet_shared_secret,
+                                                                                               }), payment_hash,
+                                                                                               HTLCFailReason::Reason { failure_code: 0x4000 | 15, data: byte_utils::be64_to_array(htlc.value).to_vec() }
+                                                                                       ));
+                                                                               }
+                                                                       } else if total_value == data.total_msat {
+                                                                               new_events.push(events::Event::PaymentReceived {
+                                                                                       payment_hash: payment_hash,
+                                                                                       payment_secret: Some(data.payment_secret),
+                                                                                       amt: total_value,
+                                                                               });
+                                                                       }
+                                                               } else {
+                                                                       new_events.push(events::Event::PaymentReceived {
+                                                                               payment_hash: payment_hash,
+                                                                               payment_secret: None,
+                                                                               amt: amt_to_forward,
+                                                                       });
+                                                               }
                                                         },
                                                         HTLCForwardInfo::AddHTLC { .. } => {
                                                                 panic!("short_channel_id == 0 should imply any pending_forward entries are of type Receive");
@@ -1626,11 +1679,8 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
                         }
                 }
  
-               for (htlc_source, payment_hash, failure_code, update) in failed_forwards.drain(..) {
-                       match update {
-                               None => self.fail_htlc_backwards_internal(self.channel_state.lock().unwrap(), htlc_source, &payment_hash, HTLCFailReason::Reason { failure_code, data: Vec::new() }),
-                               Some(chan_update) => self.fail_htlc_backwards_internal(self.channel_state.lock().unwrap(), htlc_source, &payment_hash, HTLCFailReason::Reason { failure_code, data: chan_update.encode_with_len() }),
-                       };
+               for (htlc_source, payment_hash, failure_reason) in failed_forwards.drain(..) {
+                       self.fail_htlc_backwards_internal(self.channel_state.lock().unwrap(), htlc_source, &payment_hash, failure_reason);
                 }
  
                 for (their_node_id, err) in handle_errors.drain(..) {
@@ -1672,11 +1722,11 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
         /// along the path (including in our own channel on which we received it).
         /// Returns false if no payment was found to fail backwards, true if the process of failing the
         /// HTLC backwards has been started.
-       pub fn fail_htlc_backwards(&self, payment_hash: &PaymentHash) -> bool {
+       pub fn fail_htlc_backwards(&self, payment_hash: &PaymentHash, payment_secret: &Option<PaymentSecret>) -> bool {
                 let _ = self.total_consistency_lock.read().unwrap();
  
                 let mut channel_state = Some(self.channel_state.lock().unwrap());
-               let removed_source = channel_state.as_mut().unwrap().claimable_htlcs.remove(payment_hash);
+               let removed_source = channel_state.as_mut().unwrap().claimable_htlcs.remove(&(*payment_hash, *payment_secret));
                 if let Some(mut sources) = removed_source {
                         for htlc in sources.drain(..) {
                                 if channel_state.is_none() { channel_state = Some(self.channel_state.lock().unwrap()); }
@@ -1798,13 +1848,13 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
         /// motivated attackers.
         ///
         /// May panic if called except in response to a PaymentReceived event.
-       pub fn claim_funds(&self, payment_preimage: PaymentPreimage, expected_amount: u64) -> bool {
+       pub fn claim_funds(&self, payment_preimage: PaymentPreimage, payment_secret: &Option<PaymentSecret>, expected_amount: u64) -> bool {
                 let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0).into_inner());
  
                 let _ = self.total_consistency_lock.read().unwrap();
  
                 let mut channel_state = Some(self.channel_state.lock().unwrap());
-               let removed_source = channel_state.as_mut().unwrap().claimable_htlcs.remove(&payment_hash);
+               let removed_source = channel_state.as_mut().unwrap().claimable_htlcs.remove(&(payment_hash, *payment_secret));
                 if let Some(mut sources) = removed_source {
                         for htlc in sources.drain(..) {
                                 if channel_state.is_none() { channel_state = Some(self.channel_state.lock().unwrap()); }
diff --git a/lightning/src/ln/functional_test_utils.rs b/lightning/src/ln/functional_test_utils.rs

index 2da764b300b8bc2425aa7ff252fbba3749cdb7e9..4b73ad0ad058f3dd9c6b538e4d6a404c7d5d03e6 100644 (file)
--- a/lightning/src/ln/functional_test_utils.rs
+++ b/lightning/src/ln/functional_test_utils.rs
@@ -4,7 +4,7 @@
  use chain::chaininterface;
  use chain::transaction::OutPoint;
  use chain::keysinterface::KeysInterface;
-use ln::channelmanager::{ChannelManager, ChannelManagerReadArgs, RAACommitmentOrder, PaymentPreimage, PaymentHash};
+use ln::channelmanager::{ChannelManager, ChannelManagerReadArgs, RAACommitmentOrder, PaymentPreimage, PaymentHash, PaymentSecret};
  use ln::channelmonitor::{ChannelMonitor, ManyChannelMonitor};
  use ln::router::{Route, Router, RouterReadArgs};
  use ln::features::InitFeatures;
@@ -717,8 +717,9 @@ macro_rules! expect_payment_received {
                 let events = $node.node.get_and_clear_pending_events();
                 assert_eq!(events.len(), 1);
                 match events[0] {
-                       Event::PaymentReceived { ref payment_hash, amt } => {
+                       Event::PaymentReceived { ref payment_hash, ref payment_secret, amt } => {
                                 assert_eq!($expected_payment_hash, *payment_hash);
+                               assert_eq!(None, *payment_secret);
                                 assert_eq!($expected_recv_value, amt);
                         },
                         _ => panic!("Unexpected event"),
@@ -753,9 +754,9 @@ macro_rules! expect_payment_failed {
         }
  }
  
-pub fn send_along_route_with_hash<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, route: Route, expected_route: &[&Node<'a, 'b, 'c>], recv_value: u64, our_payment_hash: PaymentHash) {
+pub fn send_along_route_with_secret<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, route: Route, expected_route: &[&Node<'a, 'b, 'c>], recv_value: u64, our_payment_hash: PaymentHash, our_payment_secret: Option<PaymentSecret>) {
         let mut payment_event = {
-               origin_node.node.send_payment(route, our_payment_hash).unwrap();
+               origin_node.node.send_payment(route, our_payment_hash, &our_payment_secret).unwrap();
                 check_added_monitors!(origin_node, 1);
  
                 let mut events = origin_node.node.get_and_clear_pending_msg_events();
@@ -777,8 +778,9 @@ pub fn send_along_route_with_hash<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, ro
                         let events_2 = node.node.get_and_clear_pending_events();
                         assert_eq!(events_2.len(), 1);
                         match events_2[0] {
-                               Event::PaymentReceived { ref payment_hash, amt } => {
+                               Event::PaymentReceived { ref payment_hash, ref payment_secret, amt } => {
                                         assert_eq!(our_payment_hash, *payment_hash);
+                                       assert_eq!(our_payment_secret, *payment_secret);
                                         assert_eq!(amt, recv_value);
                                 },
                                 _ => panic!("Unexpected event"),
@@ -795,14 +797,18 @@ pub fn send_along_route_with_hash<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, ro
         }
  }
  
+pub fn send_along_route_with_hash<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, route: Route, expected_route: &[&Node<'a, 'b, 'c>], recv_value: u64, our_payment_hash: PaymentHash) {
+       send_along_route_with_secret(origin_node, route, expected_route, recv_value, our_payment_hash, None);
+}
+
  pub fn send_along_route<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, route: Route, expected_route: &[&Node<'a, 'b, 'c>], recv_value: u64) -> (PaymentPreimage, PaymentHash) {
         let (our_payment_preimage, our_payment_hash) = get_payment_preimage_hash!(origin_node);
         send_along_route_with_hash(origin_node, route, expected_route, recv_value, our_payment_hash);
         (our_payment_preimage, our_payment_hash)
  }
  
-pub fn claim_payment_along_route<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, expected_route: &[&Node<'a, 'b, 'c>], skip_last: bool, our_payment_preimage: PaymentPreimage, expected_amount: u64) {
-       assert!(expected_route.last().unwrap().node.claim_funds(our_payment_preimage, expected_amount));
+pub fn claim_payment_along_route_with_secret<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, expected_route: &[&Node<'a, 'b, 'c>], skip_last: bool, our_payment_preimage: PaymentPreimage, our_payment_secret: Option<PaymentSecret>, expected_amount: u64) {
+       assert!(expected_route.last().unwrap().node.claim_funds(our_payment_preimage, &our_payment_secret, expected_amount));
         check_added_monitors!(expected_route.last().unwrap(), 1);
  
         let mut next_msgs: Option<(msgs::UpdateFulfillHTLC, msgs::CommitmentSigned)> = None;
@@ -879,6 +885,10 @@ pub fn claim_payment_along_route<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, exp
         }
  }
  
+pub fn claim_payment_along_route<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, expected_route: &[&Node<'a, 'b, 'c>], skip_last: bool, our_payment_preimage: PaymentPreimage, expected_amount: u64) {
+       claim_payment_along_route_with_secret(origin_node, expected_route, skip_last, our_payment_preimage, None, expected_amount);
+}
+
  pub fn claim_payment<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, expected_route: &[&Node<'a, 'b, 'c>], our_payment_preimage: PaymentPreimage, expected_amount: u64) {
         claim_payment_along_route(origin_node, expected_route, false, our_payment_preimage, expected_amount);
  }
@@ -904,7 +914,7 @@ pub fn route_over_limit<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, expected_rou
  
         let (_, our_payment_hash) = get_payment_preimage_hash!(origin_node);
  
-       let err = origin_node.node.send_payment(route, our_payment_hash).err().unwrap();
+       let err = origin_node.node.send_payment(route, our_payment_hash, &None).err().unwrap();
         match err {
                 APIError::ChannelUnavailable{err} => assert_eq!(err, "Cannot send value that would put us over the max HTLC value in flight our peer will accept"),
                 _ => panic!("Unknown error variants"),
@@ -917,7 +927,7 @@ pub fn send_payment<'a, 'b, 'c>(origin: &Node<'a, 'b, 'c>, expected_route: &[&No
  }
  
  pub fn fail_payment_along_route<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, expected_route: &[&Node<'a, 'b, 'c>], skip_last: bool, our_payment_hash: PaymentHash)  {
-       assert!(expected_route.last().unwrap().node.fail_htlc_backwards(&our_payment_hash));
+       assert!(expected_route.last().unwrap().node.fail_htlc_backwards(&our_payment_hash, &None));
         expect_pending_htlcs_forwardable!(expected_route.last().unwrap());
         check_added_monitors!(expected_route.last().unwrap(), 1);
  
diff --git a/lightning/src/ln/functional_tests.rs b/lightning/src/ln/functional_tests.rs

index e6b9939efd9f0557fd6bb04318c603b26afe18f2..da6999ff847bd2714662413666dbe13058b7d7ef 100644 (file)
--- a/lightning/src/ln/functional_tests.rs
+++ b/lightning/src/ln/functional_tests.rs
@@ -6,7 +6,7 @@ use chain::transaction::OutPoint;
  use chain::keysinterface::{ChannelKeys, KeysInterface, SpendableOutputDescriptor};
  use chain::chaininterface::{ChainListener, ChainWatchInterfaceUtil, BlockNotifier};
  use ln::channel::{COMMITMENT_TX_BASE_WEIGHT, COMMITMENT_TX_WEIGHT_PER_HTLC};
-use ln::channelmanager::{ChannelManager,ChannelManagerReadArgs,HTLCForwardInfo,RAACommitmentOrder, PaymentPreimage, PaymentHash, BREAKDOWN_TIMEOUT};
+use ln::channelmanager::{ChannelManager,ChannelManagerReadArgs,HTLCForwardInfo,RAACommitmentOrder, PaymentPreimage, PaymentHash, PaymentSecret, BREAKDOWN_TIMEOUT};
  use ln::channelmonitor::{ChannelMonitor, CLTV_CLAIM_BUFFER, LATENCY_GRACE_PERIOD_BLOCKS, ManyChannelMonitor, ANTI_REORG_DELAY};
  use ln::channel::{Channel, ChannelError};
  use ln::{chan_utils, onion_utils};
@@ -155,7 +155,7 @@ fn test_async_inbound_update_fee() {
  
         // ...but before it's delivered, nodes[1] starts to send a payment back to nodes[0]...
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[1].node.send_payment(nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 40000, TEST_FINAL_CLTV).unwrap(), our_payment_hash).unwrap();
+       nodes[1].node.send_payment(nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 40000, TEST_FINAL_CLTV).unwrap(), our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[1], 1);
  
         let payment_event = {
@@ -251,7 +251,7 @@ fn test_update_fee_unordered_raa() {
  
         // ...but before it's delivered, nodes[1] starts to send a payment back to nodes[0]...
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[1].node.send_payment(nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 40000, TEST_FINAL_CLTV).unwrap(), our_payment_hash).unwrap();
+       nodes[1].node.send_payment(nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 40000, TEST_FINAL_CLTV).unwrap(), our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[1], 1);
  
         let payment_event = {
@@ -642,7 +642,7 @@ fn test_update_fee_with_fundee_update_add_htlc() {
         let (our_payment_preimage, our_payment_hash) = get_payment_preimage_hash!(nodes[1]);
  
         // nothing happens since node[1] is in AwaitingRemoteRevoke
-       nodes[1].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[1].node.send_payment(route, our_payment_hash, &None).unwrap();
         {
                 let mut added_monitors = nodes[0].chan_monitor.added_monitors.lock().unwrap();
                 assert_eq!(added_monitors.len(), 0);
@@ -861,12 +861,12 @@ fn updates_shutdown_wait() {
         assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
  
         let (_, payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       if let Err(APIError::ChannelUnavailable {..}) = nodes[0].node.send_payment(route_1, payment_hash) {}
+       if let Err(APIError::ChannelUnavailable {..}) = nodes[0].node.send_payment(route_1, payment_hash, &None) {}
         else { panic!("New sends should fail!") };
-       if let Err(APIError::ChannelUnavailable {..}) = nodes[1].node.send_payment(route_2, payment_hash) {}
+       if let Err(APIError::ChannelUnavailable {..}) = nodes[1].node.send_payment(route_2, payment_hash, &None) {}
         else { panic!("New sends should fail!") };
  
-       assert!(nodes[2].node.claim_funds(our_payment_preimage, 100_000));
+       assert!(nodes[2].node.claim_funds(our_payment_preimage, &None, 100_000));
         check_added_monitors!(nodes[2], 1);
         let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
         assert!(updates.update_add_htlcs.is_empty());
@@ -924,7 +924,7 @@ fn htlc_fail_async_shutdown() {
  
         let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
         let updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
         assert_eq!(updates.update_add_htlcs.len(), 1);
@@ -1045,7 +1045,7 @@ fn do_test_shutdown_rebroadcast(recv_count: u8) {
         assert!(nodes[0].node.get_and_clear_pending_msg_events().is_empty());
         assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
  
-       assert!(nodes[2].node.claim_funds(our_payment_preimage, 100_000));
+       assert!(nodes[2].node.claim_funds(our_payment_preimage, &None, 100_000));
         check_added_monitors!(nodes[2], 1);
         let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
         assert!(updates.update_add_htlcs.is_empty());
@@ -1305,7 +1305,7 @@ fn holding_cell_htlc_counting() {
         for _ in 0..::ln::channel::OUR_MAX_HTLCS {
                 let route = nodes[1].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 100000, TEST_FINAL_CLTV).unwrap();
                 let (payment_preimage, payment_hash) = get_payment_preimage_hash!(nodes[0]);
-               nodes[1].node.send_payment(route, payment_hash).unwrap();
+               nodes[1].node.send_payment(route, payment_hash, &None).unwrap();
                 payments.push((payment_preimage, payment_hash));
         }
         check_added_monitors!(nodes[1], 1);
@@ -1320,7 +1320,7 @@ fn holding_cell_htlc_counting() {
         // another HTLC.
         let route = nodes[1].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 100000, TEST_FINAL_CLTV).unwrap();
         let (_, payment_hash_1) = get_payment_preimage_hash!(nodes[0]);
-       if let APIError::ChannelUnavailable { err } = nodes[1].node.send_payment(route, payment_hash_1).unwrap_err() {
+       if let APIError::ChannelUnavailable { err } = nodes[1].node.send_payment(route, payment_hash_1, &None).unwrap_err() {
                 assert_eq!(err, "Cannot push more than their max accepted HTLCs");
         } else { panic!("Unexpected event"); }
         assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
@@ -1329,7 +1329,7 @@ fn holding_cell_htlc_counting() {
         // This should also be true if we try to forward a payment.
         let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 100000, TEST_FINAL_CLTV).unwrap();
         let (_, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, payment_hash_2).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_2, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
  
         let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -1470,7 +1470,7 @@ fn test_duplicate_htlc_different_direction_onchain() {
         send_along_route_with_hash(&nodes[1], route, &vec!(&nodes[0])[..], 800_000, payment_hash);
  
         // Provide preimage to node 0 by claiming payment
-       nodes[0].node.claim_funds(payment_preimage, 800_000);
+       nodes[0].node.claim_funds(payment_preimage, &None, 800_000);
         check_added_monitors!(nodes[0], 1);
  
         // Broadcast node 1 commitment txn
@@ -1563,7 +1563,7 @@ fn do_channel_reserve_test(test_recv: bool) {
         {
                 let (route, our_payment_hash, _) = get_route_and_payment_hash!(recv_value_0 + 1);
                 assert!(route.hops.iter().rev().skip(1).all(|h| h.fee_msat == feemsat));
-               let err = nodes[0].node.send_payment(route, our_payment_hash).err().unwrap();
+               let err = nodes[0].node.send_payment(route, our_payment_hash, &None).err().unwrap();
                 match err {
                         APIError::ChannelUnavailable{err} => assert_eq!(err, "Cannot send value that would put us over the max HTLC value in flight our peer will accept"),
                         _ => panic!("Unknown error variants"),
@@ -1601,7 +1601,7 @@ fn do_channel_reserve_test(test_recv: bool) {
                 let recv_value = stat01.value_to_self_msat - stat01.channel_reserve_msat - total_fee_msat;
                 // attempt to get channel_reserve violation
                 let (route, our_payment_hash, _) = get_route_and_payment_hash!(recv_value + 1);
-               let err = nodes[0].node.send_payment(route.clone(), our_payment_hash).err().unwrap();
+               let err = nodes[0].node.send_payment(route.clone(), our_payment_hash, &None).err().unwrap();
                 match err {
                         APIError::ChannelUnavailable{err} => assert_eq!(err, "Cannot send value that would put us over their reserve value"),
                         _ => panic!("Unknown error variants"),
@@ -1616,7 +1616,7 @@ fn do_channel_reserve_test(test_recv: bool) {
  
         let (route_1, our_payment_hash_1, our_payment_preimage_1) = get_route_and_payment_hash!(recv_value_1);
         let payment_event_1 = {
-               nodes[0].node.send_payment(route_1, our_payment_hash_1).unwrap();
+               nodes[0].node.send_payment(route_1, our_payment_hash_1, &None).unwrap();
                 check_added_monitors!(nodes[0], 1);
  
                 let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -1629,7 +1629,7 @@ fn do_channel_reserve_test(test_recv: bool) {
         let recv_value_2 = stat01.value_to_self_msat - amt_msat_1 - stat01.channel_reserve_msat - total_fee_msat;
         {
                 let (route, our_payment_hash, _) = get_route_and_payment_hash!(recv_value_2 + 1);
-               match nodes[0].node.send_payment(route, our_payment_hash).err().unwrap() {
+               match nodes[0].node.send_payment(route, our_payment_hash, &None).err().unwrap() {
                         APIError::ChannelUnavailable{err} => assert_eq!(err, "Cannot send value that would put us over their reserve value"),
                         _ => panic!("Unknown error variants"),
                 }
@@ -1652,7 +1652,7 @@ fn do_channel_reserve_test(test_recv: bool) {
  
                 let cur_height = nodes[0].node.latest_block_height.load(Ordering::Acquire) as u32 + 1;
                 let onion_keys = onion_utils::construct_onion_keys(&secp_ctx, &route, &session_priv).unwrap();
-               let (onion_payloads, htlc_msat, htlc_cltv) = onion_utils::build_onion_payloads(&route, cur_height).unwrap();
+               let (onion_payloads, htlc_msat, htlc_cltv) = onion_utils::build_onion_payloads(&route, &None, cur_height).unwrap();
                 let onion_packet = onion_utils::construct_onion_packet(onion_payloads, onion_keys, [0; 32], &our_payment_hash);
                 let msg = msgs::UpdateAddHTLC {
                         channel_id: chan_1.2,
@@ -1686,7 +1686,7 @@ fn do_channel_reserve_test(test_recv: bool) {
         // now see if they go through on both sides
         let (route_21, our_payment_hash_21, our_payment_preimage_21) = get_route_and_payment_hash!(recv_value_21);
         // but this will stuck in the holding cell
-       nodes[0].node.send_payment(route_21, our_payment_hash_21).unwrap();
+       nodes[0].node.send_payment(route_21, our_payment_hash_21, &None).unwrap();
         check_added_monitors!(nodes[0], 0);
         let events = nodes[0].node.get_and_clear_pending_events();
         assert_eq!(events.len(), 0);
@@ -1694,7 +1694,7 @@ fn do_channel_reserve_test(test_recv: bool) {
         // test with outbound holding cell amount > 0
         {
                 let (route, our_payment_hash, _) = get_route_and_payment_hash!(recv_value_22+1);
-               match nodes[0].node.send_payment(route, our_payment_hash).err().unwrap() {
+               match nodes[0].node.send_payment(route, our_payment_hash, &None).err().unwrap() {
                         APIError::ChannelUnavailable{err} => assert_eq!(err, "Cannot send value that would put us over their reserve value"),
                         _ => panic!("Unknown error variants"),
                 }
@@ -1704,7 +1704,7 @@ fn do_channel_reserve_test(test_recv: bool) {
  
         let (route_22, our_payment_hash_22, our_payment_preimage_22) = get_route_and_payment_hash!(recv_value_22);
         // this will also stuck in the holding cell
-       nodes[0].node.send_payment(route_22, our_payment_hash_22).unwrap();
+       nodes[0].node.send_payment(route_22, our_payment_hash_22, &None).unwrap();
         check_added_monitors!(nodes[0], 0);
         assert!(nodes[0].node.get_and_clear_pending_events().is_empty());
         assert!(nodes[0].node.get_and_clear_pending_msg_events().is_empty());
@@ -1754,15 +1754,17 @@ fn do_channel_reserve_test(test_recv: bool) {
         let events = nodes[2].node.get_and_clear_pending_events();
         assert_eq!(events.len(), 2);
         match events[0] {
-               Event::PaymentReceived { ref payment_hash, amt } => {
+               Event::PaymentReceived { ref payment_hash, ref payment_secret, amt } => {
                         assert_eq!(our_payment_hash_21, *payment_hash);
+                       assert_eq!(*payment_secret, None);
                         assert_eq!(recv_value_21, amt);
                 },
                 _ => panic!("Unexpected event"),
         }
         match events[1] {
-               Event::PaymentReceived { ref payment_hash, amt } => {
+               Event::PaymentReceived { ref payment_hash, ref payment_secret, amt } => {
                         assert_eq!(our_payment_hash_22, *payment_hash);
+                       assert_eq!(None, *payment_secret);
                         assert_eq!(recv_value_22, amt);
                 },
                 _ => panic!("Unexpected event"),
@@ -1826,7 +1828,7 @@ fn channel_reserve_in_flight_removes() {
         let (payment_preimage_3, payment_hash_3) = get_payment_preimage_hash!(nodes[0]);
         let send_1 = {
                 let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
-               nodes[0].node.send_payment(route, payment_hash_3).unwrap();
+               nodes[0].node.send_payment(route, payment_hash_3, &None).unwrap();
                 check_added_monitors!(nodes[0], 1);
                 let mut events = nodes[0].node.get_and_clear_pending_msg_events();
                 assert_eq!(events.len(), 1);
@@ -1835,13 +1837,13 @@ fn channel_reserve_in_flight_removes() {
  
         // Now claim both of the first two HTLCs on B's end, putting B in AwaitingRAA and generating an
         // initial fulfill/CS.
-       assert!(nodes[1].node.claim_funds(payment_preimage_1, b_chan_values.channel_reserve_msat - b_chan_values.value_to_self_msat - 10000));
+       assert!(nodes[1].node.claim_funds(payment_preimage_1, &None, b_chan_values.channel_reserve_msat - b_chan_values.value_to_self_msat - 10000));
         check_added_monitors!(nodes[1], 1);
         let bs_removes = get_htlc_update_msgs!(nodes[1], nodes[0].node.get_our_node_id());
  
         // This claim goes in B's holding cell, allowing us to have a pending B->A RAA which does not
         // remove the second HTLC when we send the HTLC back from B to A.
-       assert!(nodes[1].node.claim_funds(payment_preimage_2, 20000));
+       assert!(nodes[1].node.claim_funds(payment_preimage_2, &None, 20000));
         check_added_monitors!(nodes[1], 1);
         assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
  
@@ -1898,7 +1900,7 @@ fn channel_reserve_in_flight_removes() {
         let (payment_preimage_4, payment_hash_4) = get_payment_preimage_hash!(nodes[1]);
         let send_2 = {
                 let route = nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &[], 10000, TEST_FINAL_CLTV).unwrap();
-               nodes[1].node.send_payment(route, payment_hash_4).unwrap();
+               nodes[1].node.send_payment(route, payment_hash_4, &None).unwrap();
                 check_added_monitors!(nodes[1], 1);
                 let mut events = nodes[1].node.get_and_clear_pending_msg_events();
                 assert_eq!(events.len(), 1);
@@ -1992,7 +1994,7 @@ fn channel_monitor_network_test() {
         macro_rules! claim_funds {
                 ($node: expr, $prev_node: expr, $preimage: expr, $amount: expr) => {
                         {
-                               assert!($node.node.claim_funds($preimage, $amount));
+                               assert!($node.node.claim_funds($preimage, &None, $amount));
                                 check_added_monitors!($node, 1);
  
                                 let events = $node.node.get_and_clear_pending_msg_events();
@@ -2437,8 +2439,8 @@ fn test_htlc_on_chain_success() {
         let commitment_tx = get_local_commitment_txn!(nodes[2], chan_2.2);
         assert_eq!(commitment_tx.len(), 1);
         check_spends!(commitment_tx[0], chan_2.3);
-       nodes[2].node.claim_funds(our_payment_preimage, 3_000_000);
-       nodes[2].node.claim_funds(our_payment_preimage_2, 3_000_000);
+       nodes[2].node.claim_funds(our_payment_preimage, &None, 3_000_000);
+       nodes[2].node.claim_funds(our_payment_preimage_2, &None, 3_000_000);
         check_added_monitors!(nodes[2], 2);
         let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
         assert!(updates.update_add_htlcs.is_empty());
@@ -2613,7 +2615,7 @@ fn test_htlc_on_chain_timeout() {
         // Broadcast legit commitment tx from C on B's chain
         let commitment_tx = get_local_commitment_txn!(nodes[2], chan_2.2);
         check_spends!(commitment_tx[0], chan_2.3);
-       nodes[2].node.fail_htlc_backwards(&payment_hash);
+       nodes[2].node.fail_htlc_backwards(&payment_hash, &None);
         check_added_monitors!(nodes[2], 0);
         expect_pending_htlcs_forwardable!(nodes[2]);
         check_added_monitors!(nodes[2], 1);
@@ -2803,7 +2805,7 @@ fn do_test_commitment_revoked_fail_backward_exhaustive(deliver_bs_raa: bool, use
         let (_, second_payment_hash) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], value);
         let (_, third_payment_hash) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], value);
  
-       assert!(nodes[2].node.fail_htlc_backwards(&first_payment_hash));
+       assert!(nodes[2].node.fail_htlc_backwards(&first_payment_hash, &None));
         expect_pending_htlcs_forwardable!(nodes[2]);
         check_added_monitors!(nodes[2], 1);
         let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
@@ -2816,7 +2818,7 @@ fn do_test_commitment_revoked_fail_backward_exhaustive(deliver_bs_raa: bool, use
         let bs_raa = commitment_signed_dance!(nodes[1], nodes[2], updates.commitment_signed, false, true, false, true);
         // Drop the last RAA from 3 -> 2
  
-       assert!(nodes[2].node.fail_htlc_backwards(&second_payment_hash));
+       assert!(nodes[2].node.fail_htlc_backwards(&second_payment_hash, &None));
         expect_pending_htlcs_forwardable!(nodes[2]);
         check_added_monitors!(nodes[2], 1);
         let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
@@ -2833,7 +2835,7 @@ fn do_test_commitment_revoked_fail_backward_exhaustive(deliver_bs_raa: bool, use
         nodes[2].node.handle_revoke_and_ack(&nodes[1].node.get_our_node_id(), &as_raa);
         check_added_monitors!(nodes[2], 1);
  
-       assert!(nodes[2].node.fail_htlc_backwards(&third_payment_hash));
+       assert!(nodes[2].node.fail_htlc_backwards(&third_payment_hash, &None));
         expect_pending_htlcs_forwardable!(nodes[2]);
         check_added_monitors!(nodes[2], 1);
         let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
@@ -2856,7 +2858,7 @@ fn do_test_commitment_revoked_fail_backward_exhaustive(deliver_bs_raa: bool, use
         // on nodes[2]'s RAA.
         let route = nodes[1].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
         let (_, fourth_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[1].node.send_payment(route, fourth_payment_hash).unwrap();
+       nodes[1].node.send_payment(route, fourth_payment_hash, &None).unwrap();
         assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
         assert!(nodes[1].node.get_and_clear_pending_events().is_empty());
         check_added_monitors!(nodes[1], 0);
@@ -3000,7 +3002,7 @@ fn fail_backward_pending_htlc_upon_channel_failure() {
         {
                 let (_, payment_hash) = get_payment_preimage_hash!(nodes[0]);
                 let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 50_000, TEST_FINAL_CLTV).unwrap();
-               nodes[0].node.send_payment(route, payment_hash).unwrap();
+               nodes[0].node.send_payment(route, payment_hash, &None).unwrap();
                 check_added_monitors!(nodes[0], 1);
  
                 let payment_event = {
@@ -3016,7 +3018,7 @@ fn fail_backward_pending_htlc_upon_channel_failure() {
         let (_, failed_payment_hash) = get_payment_preimage_hash!(nodes[0]);
         {
                 let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 50_000, TEST_FINAL_CLTV).unwrap();
-               nodes[0].node.send_payment(route, failed_payment_hash).unwrap();
+               nodes[0].node.send_payment(route, failed_payment_hash, &None).unwrap();
                 check_added_monitors!(nodes[0], 0);
  
                 assert!(nodes[0].node.get_and_clear_pending_msg_events().is_empty());
@@ -3036,7 +3038,7 @@ fn fail_backward_pending_htlc_upon_channel_failure() {
                 };
  
                 let current_height = nodes[1].node.latest_block_height.load(Ordering::Acquire) as u32 + 1;
-               let (onion_payloads, _amount_msat, cltv_expiry) = onion_utils::build_onion_payloads(&route, current_height).unwrap();
+               let (onion_payloads, _amount_msat, cltv_expiry) = onion_utils::build_onion_payloads(&route, &None, current_height).unwrap();
                 let onion_keys = onion_utils::construct_onion_keys(&secp_ctx, &route, &session_priv).unwrap();
                 let onion_routing_packet = onion_utils::construct_onion_packet(onion_payloads, onion_keys, [0; 32], &payment_hash);
  
@@ -3101,7 +3103,7 @@ fn test_force_close_fail_back() {
         let (our_payment_preimage, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
  
         let mut payment_event = {
-               nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+               nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
                 check_added_monitors!(nodes[0], 1);
  
                 let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -3272,7 +3274,7 @@ fn do_test_drop_messages_peer_disconnect(messages_delivered: u8) {
         let (payment_preimage_1, payment_hash_1) = get_payment_preimage_hash!(nodes[0]);
  
         let payment_event = {
-               nodes[0].node.send_payment(route.clone(), payment_hash_1).unwrap();
+               nodes[0].node.send_payment(route.clone(), payment_hash_1, &None).unwrap();
                 check_added_monitors!(nodes[0], 1);
  
                 let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -3347,14 +3349,15 @@ fn do_test_drop_messages_peer_disconnect(messages_delivered: u8) {
         let events_2 = nodes[1].node.get_and_clear_pending_events();
         assert_eq!(events_2.len(), 1);
         match events_2[0] {
-               Event::PaymentReceived { ref payment_hash, amt } => {
+               Event::PaymentReceived { ref payment_hash, ref payment_secret, amt } => {
                         assert_eq!(payment_hash_1, *payment_hash);
+                       assert_eq!(*payment_secret, None);
                         assert_eq!(amt, 1000000);
                 },
                 _ => panic!("Unexpected event"),
         }
  
-       nodes[1].node.claim_funds(payment_preimage_1, 1_000_000);
+       nodes[1].node.claim_funds(payment_preimage_1, &None, 1_000_000);
         check_added_monitors!(nodes[1], 1);
  
         let events_3 = nodes[1].node.get_and_clear_pending_msg_events();
@@ -3563,7 +3566,7 @@ fn test_drop_messages_peer_disconnect_dual_htlc() {
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
         let (payment_preimage_2, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
  
-       nodes[0].node.send_payment(route.clone(), payment_hash_2).unwrap();
+       nodes[0].node.send_payment(route.clone(), payment_hash_2, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
  
         let events_1 = nodes[0].node.get_and_clear_pending_msg_events();
@@ -3573,7 +3576,7 @@ fn test_drop_messages_peer_disconnect_dual_htlc() {
                 _ => panic!("Unexpected event"),
         }
  
-       assert!(nodes[1].node.claim_funds(payment_preimage_1, 1_000_000));
+       assert!(nodes[1].node.claim_funds(payment_preimage_1, &None, 1_000_000));
         check_added_monitors!(nodes[1], 1);
  
         let events_2 = nodes[1].node.get_and_clear_pending_msg_events();
@@ -3676,8 +3679,9 @@ fn test_drop_messages_peer_disconnect_dual_htlc() {
         let events_5 = nodes[1].node.get_and_clear_pending_events();
         assert_eq!(events_5.len(), 1);
         match events_5[0] {
-               Event::PaymentReceived { ref payment_hash, amt: _ } => {
+               Event::PaymentReceived { ref payment_hash, ref payment_secret, amt: _ } => {
                         assert_eq!(payment_hash_2, *payment_hash);
+                       assert_eq!(*payment_secret, None);
                 },
                 _ => panic!("Unexpected event"),
         }
@@ -4241,7 +4245,7 @@ fn test_static_spendable_outputs_preimage_tx() {
  
         // Settle A's commitment tx on B's chain
         let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
-       assert!(nodes[1].node.claim_funds(payment_preimage, 3_000_000));
+       assert!(nodes[1].node.claim_funds(payment_preimage, &None, 3_000_000));
         check_added_monitors!(nodes[1], 1);
         nodes[1].block_notifier.block_connected(&Block { header, txdata: vec![commitment_tx[0].clone()] }, 1);
         check_added_monitors!(nodes[1], 1);
@@ -4500,7 +4504,7 @@ fn test_onchain_to_onchain_claim() {
         let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42};
         let commitment_tx = get_local_commitment_txn!(nodes[2], chan_2.2);
         check_spends!(commitment_tx[0], chan_2.3);
-       nodes[2].node.claim_funds(payment_preimage, 3_000_000);
+       nodes[2].node.claim_funds(payment_preimage, &None, 3_000_000);
         check_added_monitors!(nodes[2], 1);
         let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
         assert!(updates.update_add_htlcs.is_empty());
@@ -4618,7 +4622,7 @@ fn test_duplicate_payment_hash_one_failure_one_success() {
                 htlc_timeout_tx = node_txn[1].clone();
         }
  
-       nodes[2].node.claim_funds(our_payment_preimage, 900_000);
+       nodes[2].node.claim_funds(our_payment_preimage, &None, 900_000);
         nodes[2].block_notifier.block_connected(&Block { header, txdata: vec![commitment_txn[0].clone()] }, 1);
         check_added_monitors!(nodes[2], 3);
         let events = nodes[2].node.get_and_clear_pending_msg_events();
@@ -4714,7 +4718,7 @@ fn test_dynamic_spendable_outputs_local_htlc_success_tx() {
         check_spends!(local_txn[0], chan_1.3);
  
         // Give B knowledge of preimage to be able to generate a local HTLC-Success Tx
-       nodes[1].node.claim_funds(payment_preimage, 9_000_000);
+       nodes[1].node.claim_funds(payment_preimage, &None, 9_000_000);
         check_added_monitors!(nodes[1], 1);
         let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
         nodes[1].block_notifier.block_connected(&Block { header, txdata: vec![local_txn[0].clone()] }, 1);
@@ -4816,10 +4820,10 @@ fn do_test_fail_backwards_unrevoked_remote_announce(deliver_last_raa: bool, anno
  
         // Now fail back three of the over-dust-limit and three of the under-dust-limit payments in one go.
         // Fail 0th below-dust, 4th above-dust, 8th above-dust, 10th below-dust HTLCs
-       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_1));
-       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_3));
-       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_5));
-       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_6));
+       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_1, &None));
+       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_3, &None));
+       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_5, &None));
+       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_6, &None));
         check_added_monitors!(nodes[4], 0);
         expect_pending_htlcs_forwardable!(nodes[4]);
         check_added_monitors!(nodes[4], 1);
@@ -4832,8 +4836,8 @@ fn do_test_fail_backwards_unrevoked_remote_announce(deliver_last_raa: bool, anno
         commitment_signed_dance!(nodes[3], nodes[4], four_removes.commitment_signed, false);
  
         // Fail 3rd below-dust and 7th above-dust HTLCs
-       assert!(nodes[5].node.fail_htlc_backwards(&payment_hash_2));
-       assert!(nodes[5].node.fail_htlc_backwards(&payment_hash_4));
+       assert!(nodes[5].node.fail_htlc_backwards(&payment_hash_2, &None));
+       assert!(nodes[5].node.fail_htlc_backwards(&payment_hash_4, &None));
         check_added_monitors!(nodes[5], 0);
         expect_pending_htlcs_forwardable!(nodes[5]);
         check_added_monitors!(nodes[5], 1);
@@ -5088,7 +5092,7 @@ fn do_htlc_claim_local_commitment_only(use_dust: bool) {
  
         // Claim the payment, but don't deliver A's commitment_signed, resulting in the HTLC only being
         // present in B's local commitment transaction, but none of A's commitment transactions.
-       assert!(nodes[1].node.claim_funds(our_payment_preimage, if use_dust { 50_000 } else { 3_000_000 }));
+       assert!(nodes[1].node.claim_funds(our_payment_preimage, &None, if use_dust { 50_000 } else { 3_000_000 }));
         check_added_monitors!(nodes[1], 1);
  
         let bs_updates = get_htlc_update_msgs!(nodes[1], nodes[0].node.get_our_node_id());
@@ -5127,7 +5131,7 @@ fn do_htlc_claim_current_remote_commitment_only(use_dust: bool) {
  
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), if use_dust { 50000 } else { 3000000 }, TEST_FINAL_CLTV).unwrap();
         let (_, payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, payment_hash).unwrap();
+       nodes[0].node.send_payment(route, payment_hash, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
  
         let _as_update = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
@@ -5160,7 +5164,7 @@ fn do_htlc_claim_previous_remote_commitment_only(use_dust: bool, check_revoke_no
         // actually revoked.
         let htlc_value = if use_dust { 50000 } else { 3000000 };
         let (_, our_payment_hash) = route_payment(&nodes[0], &[&nodes[1]], htlc_value);
-       assert!(nodes[1].node.fail_htlc_backwards(&our_payment_hash));
+       assert!(nodes[1].node.fail_htlc_backwards(&our_payment_hash, &None));
         expect_pending_htlcs_forwardable!(nodes[1]);
         check_added_monitors!(nodes[1], 1);
  
@@ -5275,7 +5279,7 @@ fn run_onion_failure_test_with_fail_intercept<F1,F2,F3>(_name: &str, test_case:
         }
  
         // 0 ~~> 2 send payment
-       nodes[0].node.send_payment(route.clone(), payment_hash.clone()).unwrap();
+       nodes[0].node.send_payment(route.clone(), payment_hash.clone(), &None).unwrap();
         check_added_monitors!(nodes[0], 1);
         let update_0 = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
         // temper update_add (0 => 1)
@@ -5467,7 +5471,7 @@ fn test_onion_failure() {
                 let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
                 let cur_height = nodes[0].node.latest_block_height.load(Ordering::Acquire) as u32 + 1;
                 let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
-               let (mut onion_payloads, _htlc_msat, _htlc_cltv) = onion_utils::build_onion_payloads(&route, cur_height).unwrap();
+               let (mut onion_payloads, _htlc_msat, _htlc_cltv) = onion_utils::build_onion_payloads(&route, &None, cur_height).unwrap();
                 let mut new_payloads = Vec::new();
                 for payload in onion_payloads.drain(..) {
                         new_payloads.push(BogusOnionHopData::new(payload));
@@ -5483,7 +5487,7 @@ fn test_onion_failure() {
                 let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
                 let cur_height = nodes[0].node.latest_block_height.load(Ordering::Acquire) as u32 + 1;
                 let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
-               let (mut onion_payloads, _htlc_msat, _htlc_cltv) = onion_utils::build_onion_payloads(&route, cur_height).unwrap();
+               let (mut onion_payloads, _htlc_msat, _htlc_cltv) = onion_utils::build_onion_payloads(&route, &None, cur_height).unwrap();
                 let mut new_payloads = Vec::new();
                 for payload in onion_payloads.drain(..) {
                         new_payloads.push(BogusOnionHopData::new(payload));
@@ -5514,7 +5518,7 @@ fn test_onion_failure() {
                 let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
                 msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[1].shared_secret[..], NODE|2, &[0;0]);
         }, ||{
-               nodes[2].node.fail_htlc_backwards(&payment_hash);
+               nodes[2].node.fail_htlc_backwards(&payment_hash, &None);
         }, true, Some(NODE|2), Some(msgs::HTLCFailChannelUpdate::NodeFailure{node_id: route.hops[1].pubkey, is_permanent: false}));
  
         // intermediate node failure
@@ -5532,7 +5536,7 @@ fn test_onion_failure() {
                 let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
                 msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[1].shared_secret[..], PERM|NODE|2, &[0;0]);
         }, ||{
-               nodes[2].node.fail_htlc_backwards(&payment_hash);
+               nodes[2].node.fail_htlc_backwards(&payment_hash, &None);
         }, false, Some(PERM|NODE|2), Some(msgs::HTLCFailChannelUpdate::NodeFailure{node_id: route.hops[1].pubkey, is_permanent: true}));
  
         // intermediate node failure
@@ -5543,7 +5547,7 @@ fn test_onion_failure() {
                 let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
                 msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[0].shared_secret[..], PERM|NODE|3, &[0;0]);
         }, ||{
-               nodes[2].node.fail_htlc_backwards(&payment_hash);
+               nodes[2].node.fail_htlc_backwards(&payment_hash, &None);
         }, true, Some(PERM|NODE|3), Some(msgs::HTLCFailChannelUpdate::NodeFailure{node_id: route.hops[0].pubkey, is_permanent: true}));
  
         // final node failure
@@ -5552,7 +5556,7 @@ fn test_onion_failure() {
                 let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
                 msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[1].shared_secret[..], PERM|NODE|3, &[0;0]);
         }, ||{
-               nodes[2].node.fail_htlc_backwards(&payment_hash);
+               nodes[2].node.fail_htlc_backwards(&payment_hash, &None);
         }, false, Some(PERM|NODE|3), Some(msgs::HTLCFailChannelUpdate::NodeFailure{node_id: route.hops[1].pubkey, is_permanent: true}));
  
         run_onion_failure_test("invalid_onion_version", 0, &nodes, &route, &payment_hash, |msg| { msg.onion_routing_packet.version = 1; }, ||{}, true,
@@ -5620,7 +5624,7 @@ fn test_onion_failure() {
         }, ||{}, true, Some(UPDATE|14), Some(msgs::HTLCFailChannelUpdate::ChannelUpdateMessage{msg: ChannelUpdate::dummy()}));
  
         run_onion_failure_test("unknown_payment_hash", 2, &nodes, &route, &payment_hash, |_| {}, || {
-               nodes[2].node.fail_htlc_backwards(&payment_hash);
+               nodes[2].node.fail_htlc_backwards(&payment_hash, &None);
         }, false, Some(PERM|15), None);
  
         run_onion_failure_test("final_expiry_too_soon", 1, &nodes, &route, &payment_hash, |msg| {
@@ -5668,7 +5672,7 @@ fn test_onion_failure() {
                 let height = 1;
                 route.hops[1].cltv_expiry_delta += CLTV_FAR_FAR_AWAY + route.hops[0].cltv_expiry_delta + 1;
                 let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
-               let (onion_payloads, _, htlc_cltv) = onion_utils::build_onion_payloads(&route, height).unwrap();
+               let (onion_payloads, _, htlc_cltv) = onion_utils::build_onion_payloads(&route, &None, height).unwrap();
                 let onion_packet = onion_utils::construct_onion_packet(onion_payloads, onion_keys, [0; 32], &payment_hash);
                 msg.cltv_expiry = htlc_cltv;
                 msg.onion_routing_packet = onion_packet;
@@ -5760,7 +5764,7 @@ fn test_update_add_htlc_bolt2_sender_value_below_minimum_msat() {
  
         route.hops[0].fee_msat = 100;
  
-       let err = nodes[0].node.send_payment(route, our_payment_hash);
+       let err = nodes[0].node.send_payment(route, our_payment_hash, &None);
  
         if let Err(APIError::ChannelUnavailable{err}) = err {
                 assert_eq!(err, "Cannot send less than their minimum HTLC value");
@@ -5784,7 +5788,7 @@ fn test_update_add_htlc_bolt2_sender_zero_value_msat() {
  
         route.hops[0].fee_msat = 0;
  
-       let err = nodes[0].node.send_payment(route, our_payment_hash);
+       let err = nodes[0].node.send_payment(route, our_payment_hash, &None);
  
         if let Err(APIError::ChannelUnavailable{err}) = err {
                 assert_eq!(err, "Cannot send 0-msat HTLC");
@@ -5806,7 +5810,7 @@ fn test_update_add_htlc_bolt2_receiver_zero_value_msat() {
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
  
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
         let mut updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
         updates.update_add_htlcs[0].amount_msat = 0;
@@ -5829,7 +5833,7 @@ fn test_update_add_htlc_bolt2_sender_cltv_expiry_too_high() {
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 100000000, 500000001).unwrap();
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
  
-       let err = nodes[0].node.send_payment(route, our_payment_hash);
+       let err = nodes[0].node.send_payment(route, our_payment_hash, &None);
  
         if let Err(APIError::RouteError{err}) = err {
                 assert_eq!(err, "Channel CLTV overflowed?!");
@@ -5854,7 +5858,7 @@ fn test_update_add_htlc_bolt2_sender_exceed_max_htlc_num_and_htlc_id_increment()
                 let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
                 let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
                 let payment_event = {
-                       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+                       nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
                         check_added_monitors!(nodes[0], 1);
  
                         let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -5875,7 +5879,7 @@ fn test_update_add_htlc_bolt2_sender_exceed_max_htlc_num_and_htlc_id_increment()
         }
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       let err = nodes[0].node.send_payment(route, our_payment_hash);
+       let err = nodes[0].node.send_payment(route, our_payment_hash, &None);
  
         if let Err(APIError::ChannelUnavailable{err}) = err {
                 assert_eq!(err, "Cannot push more than their max accepted HTLCs");
@@ -5901,7 +5905,7 @@ fn test_update_add_htlc_bolt2_sender_exceed_max_htlc_value_in_flight() {
  
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], max_in_flight+1, TEST_FINAL_CLTV).unwrap();
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       let err = nodes[0].node.send_payment(route, our_payment_hash);
+       let err = nodes[0].node.send_payment(route, our_payment_hash, &None);
  
         if let Err(APIError::ChannelUnavailable{err}) = err {
                 assert_eq!(err, "Cannot send value that would put us over the max HTLC value in flight our peer will accept");
@@ -5931,7 +5935,7 @@ fn test_update_add_htlc_bolt2_receiver_check_amount_received_more_than_min() {
         }
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], htlc_minimum_msat, TEST_FINAL_CLTV).unwrap();
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
         let mut updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
         updates.update_add_htlcs[0].amount_msat = htlc_minimum_msat-1;
@@ -5955,7 +5959,7 @@ fn test_update_add_htlc_bolt2_receiver_sender_can_afford_amount_sent() {
  
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 5000000-their_channel_reserve, TEST_FINAL_CLTV).unwrap();
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
         let mut updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
  
@@ -5989,7 +5993,7 @@ fn test_update_add_htlc_bolt2_receiver_check_max_htlc_limit() {
  
         let cur_height = nodes[0].node.latest_block_height.load(Ordering::Acquire) as u32 + 1;
         let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::signing_only(), &route, &session_priv).unwrap();
-       let (onion_payloads, _htlc_msat, htlc_cltv) = onion_utils::build_onion_payloads(&route, cur_height).unwrap();
+       let (onion_payloads, _htlc_msat, htlc_cltv) = onion_utils::build_onion_payloads(&route, &None, cur_height).unwrap();
         let onion_packet = onion_utils::construct_onion_packet(onion_payloads, onion_keys, [0; 32], &our_payment_hash);
  
         let mut msg = msgs::UpdateAddHTLC {
@@ -6024,7 +6028,7 @@ fn test_update_add_htlc_bolt2_receiver_check_max_in_flight_msat() {
         let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1000000, 1000000, InitFeatures::supported(), InitFeatures::supported());
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
         let mut updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
         updates.update_add_htlcs[0].amount_msat = get_channel_value_stat!(nodes[1], chan.2).their_max_htlc_value_in_flight_msat + 1;
@@ -6046,7 +6050,7 @@ fn test_update_add_htlc_bolt2_receiver_check_cltv_expiry() {
         create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 95000000, InitFeatures::supported(), InitFeatures::supported());
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 3999999, TEST_FINAL_CLTV).unwrap();
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
         let mut updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
         updates.update_add_htlcs[0].cltv_expiry = 500000000;
@@ -6070,7 +6074,7 @@ fn test_update_add_htlc_bolt2_receiver_check_repeated_id_ignore() {
         create_announced_chan_between_nodes(&nodes, 0, 1, InitFeatures::supported(), InitFeatures::supported());
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
         let updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
         nodes[1].node.handle_update_add_htlc(&nodes[0].node.get_our_node_id(), &updates.update_add_htlcs[0]);
@@ -6116,7 +6120,7 @@ fn test_update_fulfill_htlc_bolt2_update_fulfill_htlc_before_commitment() {
  
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
         let (our_payment_preimage, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
         let updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
         nodes[1].node.handle_update_add_htlc(&nodes[0].node.get_our_node_id(), &updates.update_add_htlcs[0]);
@@ -6147,7 +6151,7 @@ fn test_update_fulfill_htlc_bolt2_update_fail_htlc_before_commitment() {
  
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
         let updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
         nodes[1].node.handle_update_add_htlc(&nodes[0].node.get_our_node_id(), &updates.update_add_htlcs[0]);
@@ -6178,7 +6182,7 @@ fn test_update_fulfill_htlc_bolt2_update_fail_malformed_htlc_before_commitment()
  
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
         let updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
         nodes[1].node.handle_update_add_htlc(&nodes[0].node.get_our_node_id(), &updates.update_add_htlcs[0]);
@@ -6210,7 +6214,7 @@ fn test_update_fulfill_htlc_bolt2_incorrect_htlc_id() {
  
         let our_payment_preimage = route_payment(&nodes[0], &[&nodes[1]], 100000).0;
  
-       nodes[1].node.claim_funds(our_payment_preimage, 100_000);
+       nodes[1].node.claim_funds(our_payment_preimage, &None, 100_000);
         check_added_monitors!(nodes[1], 1);
  
         let events = nodes[1].node.get_and_clear_pending_msg_events();
@@ -6251,7 +6255,7 @@ fn test_update_fulfill_htlc_bolt2_wrong_preimage() {
  
         let our_payment_preimage = route_payment(&nodes[0], &[&nodes[1]], 100000).0;
  
-       nodes[1].node.claim_funds(our_payment_preimage, 100_000);
+       nodes[1].node.claim_funds(our_payment_preimage, &None, 100_000);
         check_added_monitors!(nodes[1], 1);
  
         let events = nodes[1].node.get_and_clear_pending_msg_events();
@@ -6291,7 +6295,7 @@ fn test_update_fulfill_htlc_bolt2_missing_badonion_bit_for_malformed_htlc_messag
         create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1000000, 1000000, InitFeatures::supported(), InitFeatures::supported());
         let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
         let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
         check_added_monitors!(nodes[0], 1);
  
         let mut updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
@@ -6342,7 +6346,7 @@ fn test_update_fulfill_htlc_bolt2_after_malformed_htlc_message_must_forward_upda
  
         //First hop
         let mut payment_event = {
-               nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+               nodes[0].node.send_payment(route, our_payment_hash, &None).unwrap();
                 check_added_monitors!(nodes[0], 1);
                 let mut events = nodes[0].node.get_and_clear_pending_msg_events();
                 assert_eq!(events.len(), 1);
@@ -6425,7 +6429,7 @@ fn do_test_failure_delay_dust_htlc_local_commitment(announce_latest: bool) {
         let as_prev_commitment_tx = get_local_commitment_txn!(nodes[0], chan.2);
  
         // Fail one HTLC to prune it in the will-be-latest-local commitment tx
-       assert!(nodes[1].node.fail_htlc_backwards(&payment_hash_2));
+       assert!(nodes[1].node.fail_htlc_backwards(&payment_hash_2, &None));
         check_added_monitors!(nodes[1], 0);
         expect_pending_htlcs_forwardable!(nodes[1]);
         check_added_monitors!(nodes[1], 1);
@@ -6948,7 +6952,7 @@ fn test_check_htlc_underpaying() {
  
         // Node 3 is expecting payment of 100_000 but receive 10_000,
         // fail htlc like we didn't know the preimage.
-       nodes[1].node.claim_funds(payment_preimage, 100_000);
+       nodes[1].node.claim_funds(payment_preimage, &None, 100_000);
         nodes[1].node.process_pending_htlc_forwards();
  
         let events = nodes[1].node.get_and_clear_pending_msg_events();
@@ -7287,7 +7291,7 @@ fn test_bump_penalty_txn_on_remote_commitment() {
         assert_eq!(remote_txn[0].input[0].previous_output.txid, chan.3.txid());
  
         // Claim a HTLC without revocation (provide B monitor with preimage)
-       nodes[1].node.claim_funds(payment_preimage, 3_000_000);
+       nodes[1].node.claim_funds(payment_preimage, &None, 3_000_000);
         let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
         nodes[1].block_notifier.block_connected(&Block { header, txdata: vec![remote_txn[0].clone()] }, 1);
         check_added_monitors!(nodes[1], 2);
@@ -7400,8 +7404,8 @@ fn test_set_outpoints_partial_claiming() {
         // Connect blocks on node A to advance height towards TEST_FINAL_CLTV
         let prev_header_100 = connect_blocks(&nodes[1].block_notifier, 100, 0, false, Default::default());
         // Provide node A with both preimage
-       nodes[0].node.claim_funds(payment_preimage_1, 3_000_000);
-       nodes[0].node.claim_funds(payment_preimage_2, 3_000_000);
+       nodes[0].node.claim_funds(payment_preimage_1, &None, 3_000_000);
+       nodes[0].node.claim_funds(payment_preimage_2, &None, 3_000_000);
         check_added_monitors!(nodes[0], 2);
         nodes[0].node.get_and_clear_pending_events();
         nodes[0].node.get_and_clear_pending_msg_events();
@@ -7585,3 +7589,26 @@ fn test_override_0msat_htlc_minimum() {
         let res = get_event_msg!(nodes[1], MessageSendEvent::SendAcceptChannel, nodes[0].node.get_our_node_id());
         assert_eq!(res.htlc_minimum_msat, 1);
  }
+
+#[test]
+fn test_simple_payment_secret() {
+       // Simple test of sending a payment with a payment_secret present. This does not use any AMP
+       // features, however.
+       let chanmon_cfgs = create_chanmon_cfgs(3);
+       let node_cfgs = create_node_cfgs(3, &chanmon_cfgs);
+       let node_chanmgrs = create_node_chanmgrs(3, &node_cfgs, &[None, None, None]);
+       let nodes = create_network(3, &node_cfgs, &node_chanmgrs);
+
+       create_announced_chan_between_nodes(&nodes, 0, 1, InitFeatures::supported(), InitFeatures::supported());
+       create_announced_chan_between_nodes(&nodes, 1, 2, InitFeatures::supported(), InitFeatures::supported());
+
+       let (payment_preimage, payment_hash) = get_payment_preimage_hash!(&nodes[0]);
+       let payment_secret = PaymentSecret([0xdb; 32]);
+       let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
+       send_along_route_with_secret(&nodes[0], route, &[&nodes[1], &nodes[2]], 100000, payment_hash, Some(payment_secret.clone()));
+       // Claiming with all the correct values but the wrong secret should result in nothing...
+       assert_eq!(nodes[2].node.claim_funds(payment_preimage, &None, 100_000), false);
+       assert_eq!(nodes[2].node.claim_funds(payment_preimage, &Some(PaymentSecret([42; 32])), 100_000), false);
+       // ...but with the right secret we should be able to claim all the way back
+       claim_payment_along_route_with_secret(&nodes[0], &[&nodes[1], &nodes[2]], false, payment_preimage, Some(payment_secret.clone()), 100_000);
+}
diff --git a/lightning/src/ln/msgs.rs b/lightning/src/ln/msgs.rs

index e915f04152092f77388f20af1ad5d1d495cc245a..4bdde0f4bcb9799913b873443f0e71677b691f45 100644 (file)
--- a/lightning/src/ln/msgs.rs
+++ b/lightning/src/ln/msgs.rs
@@ -31,7 +31,7 @@ use std::result::Result;
  use util::events;
  use util::ser::{Readable, Writeable, Writer, FixedLengthReader, HighZeroBytesDroppedVarInt};
  
-use ln::channelmanager::{PaymentPreimage, PaymentHash};
+use ln::channelmanager::{PaymentPreimage, PaymentHash, PaymentSecret};
  
  /// 21 million * 10^8 * 1000
  pub(crate) const MAX_VALUE_MSAT: u64 = 21_000_000_0000_0000_000;
@@ -615,11 +615,13 @@ pub trait RoutingMessageHandler : Send + Sync {
  }
  
  mod fuzzy_internal_msgs {
+       use ln::channelmanager::PaymentSecret;
+
         // These types aren't intended to be pub, but are exposed for direct fuzzing (as we deserialize
         // them from untrusted input):
         #[derive(Clone)]
         pub(crate) struct FinalOnionHopData {
-               pub(crate) payment_secret: [u8; 32],
+               pub(crate) payment_secret: PaymentSecret,
                 pub(crate) total_msat: u64,
         }
  
@@ -978,16 +980,16 @@ impl_writeable!(UpdateAddHTLC, 32+8+8+32+4+1366, {
  impl Writeable for FinalOnionHopData {
         fn write<W: Writer>(&self, w: &mut W) -> Result<(), ::std::io::Error> {
                 w.size_hint(32 + 8 - (self.total_msat.leading_zeros()/8) as usize);
-               self.payment_secret.write(w)?;
+               self.payment_secret.0.write(w)?;
                 HighZeroBytesDroppedVarInt(self.total_msat).write(w)
         }
  }
  
  impl Readable for FinalOnionHopData {
         fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
-               let payment_secret = Readable::read(r)?;
+               let secret: [u8; 32] = Readable::read(r)?;
                 let amt: HighZeroBytesDroppedVarInt<u64> = Readable::read(r)?;
-               Ok(Self { payment_secret, total_msat: amt.0 })
+               Ok(Self { payment_secret: PaymentSecret(secret), total_msat: amt.0 })
         }
  }
  
@@ -1352,7 +1354,7 @@ mod tests {
         use hex;
         use ln::msgs;
         use ln::msgs::{ChannelFeatures, FinalOnionHopData, InitFeatures, NodeFeatures, OptionalField, OnionErrorPacket, OnionHopDataFormat};
-       use ln::channelmanager::{PaymentPreimage, PaymentHash};
+       use ln::channelmanager::{PaymentPreimage, PaymentHash, PaymentSecret};
         use util::ser::{Writeable, Readable};
  
         use bitcoin_hashes::sha256d::Hash as Sha256dHash;
@@ -2061,7 +2063,7 @@ mod tests {
  
         #[test]
         fn encoding_final_onion_hop_data_with_secret() {
-               let expected_payment_secret = [0x42u8; 32];
+               let expected_payment_secret = PaymentSecret([0x42u8; 32]);
                 let mut msg = msgs::OnionHopData {
                         format: OnionHopDataFormat::FinalNode {
                                 payment_data: Some(FinalOnionHopData {
diff --git a/lightning/src/ln/onion_utils.rs b/lightning/src/ln/onion_utils.rs

index a97621045370366069bdb5e9b2a3d4ebb68dffff..ebea1334a8489bc81000b0df1e272ad4557fab73 100644 (file)
--- a/lightning/src/ln/onion_utils.rs
+++ b/lightning/src/ln/onion_utils.rs
@@ -1,4 +1,4 @@
-use ln::channelmanager::{PaymentHash, HTLCSource};
+use ln::channelmanager::{PaymentHash, PaymentSecret, HTLCSource};
  use ln::msgs;
  use ln::router::{Route,RouteHop};
  use util::byte_utils;
@@ -108,7 +108,7 @@ pub(super) fn construct_onion_keys<T: secp256k1::Signing>(secp_ctx: &Secp256k1<T
  }
  
  /// returns the hop data, as well as the first-hop value_msat and CLTV value we should send.
-pub(super) fn build_onion_payloads(route: &Route, starting_htlc_offset: u32) -> Result<(Vec<msgs::OnionHopData>, u64, u32), APIError> {
+pub(super) fn build_onion_payloads(route: &Route, payment_secret_option: &Option<PaymentSecret>, starting_htlc_offset: u32) -> Result<(Vec<msgs::OnionHopData>, u64, u32), APIError> {
         let mut cur_value_msat = 0u64;
         let mut cur_cltv = starting_htlc_offset;
         let mut last_short_channel_id = 0;
@@ -124,7 +124,12 @@ pub(super) fn build_onion_payloads(route: &Route, starting_htlc_offset: u32) ->
                         format: if hop.node_features.supports_variable_length_onion() {
                                 if idx == 0 {
                                         msgs::OnionHopDataFormat::FinalNode {
-                                               payment_data: None,
+                                               payment_data: if let &Some(ref payment_secret) = payment_secret_option {
+                                                       Some(msgs::FinalOnionHopData {
+                                                               payment_secret: payment_secret.clone(),
+                                                               total_msat: hop.fee_msat,
+                                                       })
+                                               } else { None },
                                         }
                                 } else {
                                         msgs::OnionHopDataFormat::NonFinalNode {
diff --git a/lightning/src/ln/reorg_tests.rs b/lightning/src/ln/reorg_tests.rs

index bfc0f56698103b7cb7d54f9b19f74dfe0355f27b..6b2c5d43234125ecd1ce07bc0292eb71407fbc62 100644 (file)
--- a/lightning/src/ln/reorg_tests.rs
+++ b/lightning/src/ln/reorg_tests.rs
@@ -39,7 +39,7 @@ fn do_test_onchain_htlc_reorg(local_commitment: bool, claim: bool) {
         let (our_payment_preimage, our_payment_hash) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], 1000000);
  
         // Provide preimage to node 2 by claiming payment
-       nodes[2].node.claim_funds(our_payment_preimage, 1000000);
+       nodes[2].node.claim_funds(our_payment_preimage, &None, 1000000);
         check_added_monitors!(nodes[2], 1);
         get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
  
diff --git a/lightning/src/util/events.rs b/lightning/src/util/events.rs

index 420d2fefad31ed1b20044be9aea70864a57cabb5..2c00a133575d60d9923f1e9afb0501b9cc4fa706 100644 (file)
--- a/lightning/src/util/events.rs
+++ b/lightning/src/util/events.rs
@@ -6,7 +6,7 @@
  //! few other things.
  
  use ln::msgs;
-use ln::channelmanager::{PaymentPreimage, PaymentHash};
+use ln::channelmanager::{PaymentPreimage, PaymentHash, PaymentSecret};
  use chain::transaction::OutPoint;
  use chain::keysinterface::SpendableOutputDescriptor;
  use util::ser::{Writeable, Writer, MaybeReadable, Readable};
@@ -58,6 +58,16 @@ pub enum Event {
         PaymentReceived {
                 /// The hash for which the preimage should be handed to the ChannelManager.
                 payment_hash: PaymentHash,
+               /// The "payment secret". This authenticates the sender to the recipient, preventing a
+               /// number of deanonymization attacks during the routing process.
+               /// As nodes upgrade, the invoices you provide should likely migrate to setting the
+               /// payment_secret feature to required, at which point you should fail_backwards any HTLCs
+               /// which have a None here.
+               /// Until then, however, values of None should be ignored, and only incorrect Some values
+               /// should result in an HTLC fail_backwards.
+               /// Note that, in any case, this value must be passed as-is to any fail or claim calls as
+               /// the HTLC index includes this value.
+               payment_secret: Option<PaymentSecret>,
                 /// The value, in thousandths of a satoshi, that this payment is for. Note that you must
                 /// compare this to the expected value before accepting the payment (as otherwise you are
                 /// providing proof-of-payment for less than the value you expected!).
@@ -119,9 +129,10 @@ impl Writeable for Event {
                                 funding_txo.write(writer)?;
                                 user_channel_id.write(writer)?;
                         },
-                       &Event::PaymentReceived { ref payment_hash, ref amt } => {
+                       &Event::PaymentReceived { ref payment_hash, ref payment_secret, ref amt } => {
                                 2u8.write(writer)?;
                                 payment_hash.write(writer)?;
+                               payment_secret.write(writer)?;
                                 amt.write(writer)?;
                         },
                         &Event::PaymentSent { ref payment_preimage } => {
@@ -164,6 +175,7 @@ impl MaybeReadable for Event {
                                 })),
                         2u8 => Ok(Some(Event::PaymentReceived {
                                         payment_hash: Readable::read(reader)?,
+                                       payment_secret: Readable::read(reader)?,
                                         amt: Readable::read(reader)?,
                                 })),
                         3u8 => Ok(Some(Event::PaymentSent {
diff --git a/lightning/src/util/ser.rs b/lightning/src/util/ser.rs

index 60d5329d781c8ed247a36eef791470e224878d48..5a68f7a5eb4164a43753630d4e7015b712ac2f37 100644 (file)
--- a/lightning/src/util/ser.rs
+++ b/lightning/src/util/ser.rs
@@ -17,7 +17,7 @@ use bitcoin::consensus::Encodable;
  use bitcoin_hashes::sha256d::Hash as Sha256dHash;
  use std::marker::Sized;
  use ln::msgs::DecodeError;
-use ln::channelmanager::{PaymentPreimage, PaymentHash};
+use ln::channelmanager::{PaymentPreimage, PaymentHash, PaymentSecret};
  use util::byte_utils;
  
  use util::byte_utils::{be64_to_array, be48_to_array, be32_to_array, be16_to_array, slice_to_be16, slice_to_be32, slice_to_be48, slice_to_be64};
@@ -591,6 +591,19 @@ impl Readable for PaymentHash {
         }
  }
  
+impl Writeable for PaymentSecret {
+       fn write<W: Writer>(&self, w: &mut W) -> Result<(), ::std::io::Error> {
+               self.0.write(w)
+       }
+}
+
+impl Readable for PaymentSecret {
+       fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+               let buf: [u8; 32] = Readable::read(r)?;
+               Ok(PaymentSecret(buf))
+       }
+}
+
  impl<T: Writeable> Writeable for Option<T> {
         fn write<W: Writer>(&self, w: &mut W) -> Result<(), ::std::io::Error> {
                 match *self {
author	Matt Corallo <git@bluematt.me>
	Thu, 2 Jan 2020 06:23:48 +0000 (01:23 -0500)
committer	Matt Corallo <git@bluematt.me>
	Tue, 14 Apr 2020 23:54:17 +0000 (19:54 -0400)
fuzz/src/chanmon_consistency.rs		patch \| blob \| history
fuzz/src/full_stack.rs		patch \| blob \| history
lightning/src/ln/chanmon_update_fail_tests.rs		patch \| blob \| history
lightning/src/ln/channelmanager.rs		patch \| blob \| history
lightning/src/ln/functional_test_utils.rs		patch \| blob \| history
lightning/src/ln/functional_tests.rs		patch \| blob \| history
lightning/src/ln/msgs.rs		patch \| blob \| history
lightning/src/ln/onion_utils.rs		patch \| blob \| history
lightning/src/ln/reorg_tests.rs		patch \| blob \| history
lightning/src/util/events.rs		patch \| blob \| history
lightning/src/util/ser.rs		patch \| blob \| history