1 use bitcoin::secp256k1::{self, PublicKey, Secp256k1, SecretKey};
3 use crate::blinded_path::{BlindedHop, BlindedPath};
4 use crate::blinded_path::utils;
7 use crate::ln::onion_utils;
8 use crate::onion_message::packet::ControlTlvs;
10 use crate::sign::{NodeSigner, Recipient};
11 use crate::crypto::streams::ChaChaPolyReadAdapter;
12 use crate::util::ser::{FixedLengthReader, LengthReadableArgs, Writeable, Writer};
17 /// TLVs to encode in an intermediate onion message packet's hop data. When provided in a blinded
18 /// route, they are encoded into [`BlindedHop::encrypted_payload`].
19 pub(crate) struct ForwardTlvs {
20 /// The node id of the next hop in the onion message's path.
21 pub(crate) next_node_id: PublicKey,
22 /// Senders to a blinded path use this value to concatenate the route they find to the
23 /// introduction node with the blinded path.
24 pub(crate) next_blinding_override: Option<PublicKey>,
27 /// Similar to [`ForwardTlvs`], but these TLVs are for the final node.
28 pub(crate) struct ReceiveTlvs {
29 /// If `path_id` is `Some`, it is used to identify the blinded path that this onion message is
30 /// sending to. This is useful for receivers to check that said blinded path is being used in
31 /// the right context.
32 pub(crate) path_id: Option<[u8; 32]>,
35 impl Writeable for ForwardTlvs {
36 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
37 // TODO: write padding
38 encode_tlv_stream!(writer, {
39 (4, self.next_node_id, required),
40 (8, self.next_blinding_override, option)
46 impl Writeable for ReceiveTlvs {
47 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
48 // TODO: write padding
49 encode_tlv_stream!(writer, {
50 (6, self.path_id, option),
56 /// Construct blinded onion message hops for the given `unblinded_path`.
57 pub(super) fn blinded_hops<T: secp256k1::Signing + secp256k1::Verification>(
58 secp_ctx: &Secp256k1<T>, unblinded_path: &[PublicKey], session_priv: &SecretKey
59 ) -> Result<Vec<BlindedHop>, secp256k1::Error> {
60 let blinded_tlvs = unblinded_path.iter()
61 .skip(1) // The first node's TLVs contains the next node's pubkey
63 ControlTlvs::Forward(ForwardTlvs { next_node_id: *pk, next_blinding_override: None })
65 .chain(core::iter::once(ControlTlvs::Receive(ReceiveTlvs { path_id: None })));
67 utils::construct_blinded_hops(secp_ctx, unblinded_path.iter(), blinded_tlvs, session_priv)
70 // Advance the blinded onion message path by one hop, so make the second hop into the new
72 pub(crate) fn advance_path_by_one<NS: Deref, T: secp256k1::Signing + secp256k1::Verification>(
73 path: &mut BlindedPath, node_signer: &NS, secp_ctx: &Secp256k1<T>
74 ) -> Result<(), ()> where NS::Target: NodeSigner {
75 let control_tlvs_ss = node_signer.ecdh(Recipient::Node, &path.blinding_point, None)?;
76 let rho = onion_utils::gen_rho_from_shared_secret(&control_tlvs_ss.secret_bytes());
77 let encrypted_control_tlvs = path.blinded_hops.remove(0).encrypted_payload;
78 let mut s = Cursor::new(&encrypted_control_tlvs);
79 let mut reader = FixedLengthReader::new(&mut s, encrypted_control_tlvs.len() as u64);
80 match ChaChaPolyReadAdapter::read(&mut reader, rho) {
81 Ok(ChaChaPolyReadAdapter { readable: ControlTlvs::Forward(ForwardTlvs {
82 mut next_node_id, next_blinding_override,
84 let mut new_blinding_point = match next_blinding_override {
85 Some(blinding_point) => blinding_point,
87 onion_utils::next_hop_pubkey(secp_ctx, path.blinding_point,
88 control_tlvs_ss.as_ref()).map_err(|_| ())?
91 mem::swap(&mut path.blinding_point, &mut new_blinding_point);
92 mem::swap(&mut path.introduction_node_id, &mut next_node_id);
projects / rust-lightning / blob