+#[derive(Clone)] // See Channel::revoke_and_ack for why, tl;dr: Rust bug
+#[cfg_attr(test, derive(PartialEq))]
+pub(super) struct HTLCFailReason(HTLCFailReasonRepr);
+
+#[derive(Clone)] // See Channel::revoke_and_ack for why, tl;dr: Rust bug
+#[cfg_attr(test, derive(PartialEq))]
+enum HTLCFailReasonRepr {
+ LightningError {
+ err: msgs::OnionErrorPacket,
+ },
+ Reason {
+ failure_code: u16,
+ data: Vec<u8>,
+ }
+}
+
+impl core::fmt::Debug for HTLCFailReason {
+ fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
+ match self.0 {
+ HTLCFailReasonRepr::Reason { ref failure_code, .. } => {
+ write!(f, "HTLC error code {}", failure_code)
+ },
+ HTLCFailReasonRepr::LightningError { .. } => {
+ write!(f, "pre-built LightningError")
+ }
+ }
+ }
+}
+
+impl Writeable for HTLCFailReason {
+ fn write<W: Writer>(&self, writer: &mut W) -> Result<(), crate::io::Error> {
+ self.0.write(writer)
+ }
+}
+impl Readable for HTLCFailReason {
+ fn read<R: Read>(reader: &mut R) -> Result<Self, msgs::DecodeError> {
+ Ok(Self(Readable::read(reader)?))
+ }
+}
+
+impl_writeable_tlv_based_enum!(HTLCFailReasonRepr,
+ (0, LightningError) => {
+ (0, err, required),
+ },
+ (1, Reason) => {
+ (0, failure_code, required),
+ (2, data, required_vec),
+ },
+;);
+
+impl HTLCFailReason {
+ pub(super) fn reason(failure_code: u16, data: Vec<u8>) -> Self {
+ const BADONION: u16 = 0x8000;
+ const PERM: u16 = 0x4000;
+ const NODE: u16 = 0x2000;
+ const UPDATE: u16 = 0x1000;
+
+ if failure_code == 1 | PERM { debug_assert!(data.is_empty()) }
+ else if failure_code == 2 | NODE { debug_assert!(data.is_empty()) }
+ else if failure_code == 2 | PERM | NODE { debug_assert!(data.is_empty()) }
+ else if failure_code == 3 | PERM | NODE { debug_assert!(data.is_empty()) }
+ else if failure_code == 4 | BADONION | PERM { debug_assert_eq!(data.len(), 32) }
+ else if failure_code == 5 | BADONION | PERM { debug_assert_eq!(data.len(), 32) }
+ else if failure_code == 6 | BADONION | PERM { debug_assert_eq!(data.len(), 32) }
+ else if failure_code == 7 | UPDATE {
+ debug_assert_eq!(data.len() - 2, u16::from_be_bytes(data[0..2].try_into().unwrap()) as usize) }
+ else if failure_code == 8 | PERM { debug_assert!(data.is_empty()) }
+ else if failure_code == 9 | PERM { debug_assert!(data.is_empty()) }
+ else if failure_code == 10 | PERM { debug_assert!(data.is_empty()) }
+ else if failure_code == 11 | UPDATE {
+ debug_assert_eq!(data.len() - 2 - 8, u16::from_be_bytes(data[8..10].try_into().unwrap()) as usize) }
+ else if failure_code == 12 | UPDATE {
+ debug_assert_eq!(data.len() - 2 - 8, u16::from_be_bytes(data[8..10].try_into().unwrap()) as usize) }
+ else if failure_code == 13 | UPDATE {
+ debug_assert_eq!(data.len() - 2 - 4, u16::from_be_bytes(data[4..6].try_into().unwrap()) as usize) }
+ else if failure_code == 14 | UPDATE {
+ debug_assert_eq!(data.len() - 2, u16::from_be_bytes(data[0..2].try_into().unwrap()) as usize) }
+ else if failure_code == 15 | PERM { debug_assert_eq!(data.len(), 12) }
+ else if failure_code == 18 { debug_assert_eq!(data.len(), 4) }
+ else if failure_code == 19 { debug_assert_eq!(data.len(), 8) }
+ else if failure_code == 20 | UPDATE {
+ debug_assert_eq!(data.len() - 2 - 2, u16::from_be_bytes(data[2..4].try_into().unwrap()) as usize) }
+ else if failure_code == 21 { debug_assert!(data.is_empty()) }
+ else if failure_code == 22 | PERM { debug_assert!(data.len() <= 11) }
+ else if failure_code == 23 { debug_assert!(data.is_empty()) }
+ else if failure_code & BADONION != 0 {
+ // We set some bogus BADONION failure codes in test, so ignore unknown ones.
+ }
+ else { debug_assert!(false, "Unknown failure code: {}", failure_code) }
+
+ Self(HTLCFailReasonRepr::Reason { failure_code, data })
+ }
+
+ pub(super) fn from_failure_code(failure_code: u16) -> Self {
+ Self::reason(failure_code, Vec::new())
+ }
+
+ pub(super) fn from_msg(msg: &msgs::UpdateFailHTLC) -> Self {
+ Self(HTLCFailReasonRepr::LightningError { err: msg.reason.clone() })
+ }
+
+ pub(super) fn get_encrypted_failure_packet(&self, incoming_packet_shared_secret: &[u8; 32], phantom_shared_secret: &Option<[u8; 32]>)
+ -> msgs::OnionErrorPacket {
+ match self.0 {
+ HTLCFailReasonRepr::Reason { ref failure_code, ref data } => {
+ if let Some(phantom_ss) = phantom_shared_secret {
+ let phantom_packet = build_failure_packet(phantom_ss, *failure_code, &data[..]).encode();
+ let encrypted_phantom_packet = encrypt_failure_packet(phantom_ss, &phantom_packet);
+ encrypt_failure_packet(incoming_packet_shared_secret, &encrypted_phantom_packet.data[..])
+ } else {
+ let packet = build_failure_packet(incoming_packet_shared_secret, *failure_code, &data[..]).encode();
+ encrypt_failure_packet(incoming_packet_shared_secret, &packet)
+ }
+ },
+ HTLCFailReasonRepr::LightningError { ref err } => {
+ encrypt_failure_packet(incoming_packet_shared_secret, &err.data)
+ }
+ }
+ }
+
+ pub(super) fn decode_onion_failure<T: secp256k1::Signing, L: Deref>(
+ &self, secp_ctx: &Secp256k1<T>, logger: &L, htlc_source: &HTLCSource
+ ) -> DecodedOnionFailure where L::Target: Logger {
+ match self.0 {
+ HTLCFailReasonRepr::LightningError { ref err } => {
+ process_onion_failure(secp_ctx, logger, &htlc_source, err.data.clone())
+ },
+ #[allow(unused)]
+ HTLCFailReasonRepr::Reason { ref failure_code, ref data, .. } => {
+ // we get a fail_malformed_htlc from the first hop
+ // TODO: We'd like to generate a NetworkUpdate for temporary
+ // failures here, but that would be insufficient as find_route
+ // generally ignores its view of our own channels as we provide them via
+ // ChannelDetails.
+ if let &HTLCSource::OutboundRoute { ref path, .. } = htlc_source {
+ DecodedOnionFailure {
+ network_update: None,
+ payment_failed_permanently: false,
+ short_channel_id: Some(path.hops[0].short_channel_id),
+ #[cfg(test)]
+ onion_error_code: Some(*failure_code),
+ #[cfg(test)]
+ onion_error_data: Some(data.clone()),
+ }
+ } else { unreachable!(); }
+ }
+ }
+ }
+}
+
+/// Allows `decode_next_hop` to return the next hop packet bytes for either payments or onion
+/// message forwards.
+pub(crate) trait NextPacketBytes: AsMut<[u8]> {
+ fn new(len: usize) -> Self;
+}
+
+impl NextPacketBytes for FixedSizeOnionPacket {
+ fn new(_len: usize) -> Self {
+ Self([0 as u8; ONION_DATA_LEN])
+ }
+}
+
+impl NextPacketBytes for Vec<u8> {
+ fn new(len: usize) -> Self {
+ vec![0 as u8; len]
+ }
+}
+
+/// Data decrypted from a payment's onion payload.
+pub(crate) enum Hop {
+ /// This onion payload was for us, not for forwarding to a next-hop. Contains information for
+ /// verifying the incoming payment.
+ Receive(msgs::InboundOnionPayload),
+ /// This onion payload needs to be forwarded to a next-hop.
+ Forward {
+ /// Onion payload data used in forwarding the payment.
+ next_hop_data: msgs::InboundOnionPayload,
+ /// HMAC of the next hop's onion packet.
+ next_hop_hmac: [u8; 32],
+ /// Bytes of the onion packet we're forwarding.
+ new_packet_bytes: [u8; ONION_DATA_LEN],
+ },
+}
+
+/// Error returned when we fail to decode the onion packet.
+#[derive(Debug)]
+pub(crate) enum OnionDecodeErr {
+ /// The HMAC of the onion packet did not match the hop data.
+ Malformed {
+ err_msg: &'static str,
+ err_code: u16,
+ },
+ /// We failed to decode the onion payload.
+ Relay {
+ err_msg: &'static str,
+ err_code: u16,
+ },
+}
+
+pub(crate) fn decode_next_payment_hop<NS: Deref>(
+ shared_secret: [u8; 32], hop_data: &[u8], hmac_bytes: [u8; 32], payment_hash: PaymentHash,
+ blinding_point: Option<PublicKey>, node_signer: &NS,
+) -> Result<Hop, OnionDecodeErr> where NS::Target: NodeSigner {
+ match decode_next_hop(
+ shared_secret, hop_data, hmac_bytes, Some(payment_hash), (blinding_point, node_signer)
+ ) {
+ Ok((next_hop_data, None)) => Ok(Hop::Receive(next_hop_data)),
+ Ok((next_hop_data, Some((next_hop_hmac, FixedSizeOnionPacket(new_packet_bytes))))) => {
+ Ok(Hop::Forward {
+ next_hop_data,
+ next_hop_hmac,
+ new_packet_bytes
+ })
+ },
+ Err(e) => Err(e),
+ }
+}
+
+/// Build a payment onion, returning the first hop msat and cltv values as well.
+/// `cur_block_height` should be set to the best known block height + 1.
+pub fn create_payment_onion<T: secp256k1::Signing>(
+ secp_ctx: &Secp256k1<T>, path: &Path, session_priv: &SecretKey, total_msat: u64,
+ recipient_onion: RecipientOnionFields, cur_block_height: u32, payment_hash: &PaymentHash,
+ keysend_preimage: &Option<PaymentPreimage>, prng_seed: [u8; 32]
+) -> Result<(msgs::OnionPacket, u64, u32), APIError> {
+ let onion_keys = construct_onion_keys(&secp_ctx, &path, &session_priv)
+ .map_err(|_| APIError::InvalidRoute{
+ err: "Pubkey along hop was maliciously selected".to_owned()
+ })?;
+ let (onion_payloads, htlc_msat, htlc_cltv) = build_onion_payloads(
+ &path, total_msat, recipient_onion, cur_block_height, keysend_preimage
+ )?;
+ let onion_packet = construct_onion_packet(onion_payloads, onion_keys, prng_seed, payment_hash)
+ .map_err(|_| APIError::InvalidRoute{
+ err: "Route size too large considering onion data".to_owned()
+ })?;
+ Ok((onion_packet, htlc_msat, htlc_cltv))
+}