X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Fln%2Fmsgs.rs;h=43005ad1d65370095f70e28823fc53ef2b95386f;hb=07db23d102738d1e84e3d2cb36101cef92e1761d;hp=ea1953eb83cffee3c5a74f48acccb99142289d2b;hpb=f8b06ec82c491efee2595bfcf95a68b027567d70;p=rust-lightning

diff --git a/lightning/src/ln/msgs.rs b/lightning/src/ln/msgs.rs
index ea1953eb..43005ad1 100644
--- a/lightning/src/ln/msgs.rs
+++ b/lightning/src/ln/msgs.rs
@@ -15,21 +15,25 @@
 //! raw socket events into your non-internet-facing system and then send routing events back to
 //! track the network on the less-secure system.
 
-use secp256k1::key::PublicKey;
-use secp256k1::Signature;
-use secp256k1;
-use bitcoin_hashes::sha256d::Hash as Sha256dHash;
+use bitcoin::secp256k1::key::PublicKey;
+use bitcoin::secp256k1::Signature;
+use bitcoin::secp256k1;
 use bitcoin::blockdata::script::Script;
+use bitcoin::hash_types::{Txid, BlockHash};
+
+use ln::features::{ChannelFeatures, InitFeatures, NodeFeatures};
 
-use std::error::Error;
 use std::{cmp, fmt};
 use std::io::Read;
 use std::result::Result;
 
 use util::events;
-use util::ser::{Readable, Writeable, Writer};
+use util::ser::{Readable, Writeable, Writer, FixedLengthReader, HighZeroBytesDroppedVarInt};
+
+use ln::channelmanager::{PaymentPreimage, PaymentHash, PaymentSecret};
 
-use ln::channelmanager::{PaymentPreimage, PaymentHash};
+/// 21 million * 10^8 * 1000
+pub(crate) const MAX_VALUE_MSAT: u64 = 21_000_000_0000_0000_000;
 
 /// An error in decoding a message or struct.
 #[derive(Debug)]
@@ -37,117 +41,26 @@ pub enum DecodeError {
 	/// A version byte specified something we don't know how to handle.
 	/// Includes unknown realm byte in an OnionHopData packet
 	UnknownVersion,
-	/// Unknown feature mandating we fail to parse message
+	/// Unknown feature mandating we fail to parse message (eg TLV with an even, unknown type)
 	UnknownRequiredFeature,
 	/// Value was invalid, eg a byte which was supposed to be a bool was something other than a 0
-	/// or 1, a public key/private key/signature was invalid, text wasn't UTF-8, etc
+	/// or 1, a public key/private key/signature was invalid, text wasn't UTF-8, TLV was
+	/// syntactically incorrect, etc
 	InvalidValue,
 	/// Buffer too short
 	ShortRead,
-	/// node_announcement included more than one address of a given type!
-	ExtraAddressesPerType,
 	/// A length descriptor in the packet didn't describe the later data correctly
 	BadLengthDescriptor,
 	/// Error from std::io
 	Io(::std::io::Error),
 }
 
-/// Tracks localfeatures which are only in init messages
-#[derive(Clone, PartialEq)]
-pub struct LocalFeatures {
-	flags: Vec<u8>,
-}
-
-impl LocalFeatures {
-	/// Create a blank LocalFeatures flags (visibility extended for fuzz tests)
-	#[cfg(not(feature = "fuzztarget"))]
-	pub(crate) fn new() -> LocalFeatures {
-		LocalFeatures {
-			flags: vec![2 | 1 << 5],
-		}
-	}
-	#[cfg(feature = "fuzztarget")]
-	pub fn new() -> LocalFeatures {
-		LocalFeatures {
-			flags: vec![2 | 1 << 5],
-		}
-	}
-
-	pub(crate) fn supports_data_loss_protect(&self) -> bool {
-		self.flags.len() > 0 && (self.flags[0] & 3) != 0
-	}
-	pub(crate) fn initial_routing_sync(&self) -> bool {
-		self.flags.len() > 0 && (self.flags[0] & (1 << 3)) != 0
-	}
-	pub(crate) fn set_initial_routing_sync(&mut self) {
-		if self.flags.len() == 0 {
-			self.flags.resize(1, 1 << 3);
-		} else {
-			self.flags[0] |= 1 << 3;
-		}
-	}
-
-	pub(crate) fn supports_upfront_shutdown_script(&self) -> bool {
-		self.flags.len() > 0 && (self.flags[0] & (3 << 4)) != 0
-	}
-	#[cfg(test)]
-	pub(crate) fn unset_upfront_shutdown_script(&mut self) {
-		self.flags[0] ^= 1 << 5;
-	}
-
-	pub(crate) fn requires_unknown_bits(&self) -> bool {
-		self.flags.iter().enumerate().any(|(idx, &byte)| {
-			( idx != 0 && (byte & 0x55) != 0 ) || ( idx == 0 && (byte & 0x14) != 0 )
-		})
-	}
-
-	pub(crate) fn supports_unknown_bits(&self) -> bool {
-		self.flags.iter().enumerate().any(|(idx, &byte)| {
-			( idx != 0 && byte != 0 ) || ( idx == 0 && (byte & 0xc4) != 0 )
-		})
-	}
-}
-
-/// Tracks globalfeatures which are in init messages and routing announcements
-#[derive(Clone, PartialEq, Debug)]
-pub struct GlobalFeatures {
-	#[cfg(not(test))]
-	flags: Vec<u8>,
-	// Used to test encoding of diverse msgs
-	#[cfg(test)]
-	pub flags: Vec<u8>
-}
-
-impl GlobalFeatures {
-	pub(crate) fn new() -> GlobalFeatures {
-		GlobalFeatures {
-			flags: Vec::new(),
-		}
-	}
-
-	pub(crate) fn requires_unknown_bits(&self) -> bool {
-		for &byte in self.flags.iter() {
-			if (byte & 0x55) != 0 {
-				return true;
-			}
-		}
-		return false;
-	}
-
-	pub(crate) fn supports_unknown_bits(&self) -> bool {
-		for &byte in self.flags.iter() {
-			if byte != 0 {
-				return true;
-			}
-		}
-		return false;
-	}
-}
-
 /// An init message to be sent or received from a peer
 pub struct Init {
-	pub(crate) global_features: GlobalFeatures,
-	pub(crate) local_features: LocalFeatures,
+	#[cfg(not(feature = "fuzztarget"))]
+	pub(crate) features: InitFeatures,
+	#[cfg(feature = "fuzztarget")]
+	pub features: InitFeatures,
 }
 
 /// An error message to be sent or received from a peer
@@ -171,7 +84,7 @@ pub struct Pong {
 /// An open_channel message to be sent or received from a peer
 #[derive(Clone)]
 pub struct OpenChannel {
-	pub(crate) chain_hash: Sha256dHash,
+	pub(crate) chain_hash: BlockHash,
 	pub(crate) temporary_channel_id: [u8; 32],
 	pub(crate) funding_satoshis: u64,
 	pub(crate) push_msat: u64,
@@ -184,7 +97,7 @@ pub struct OpenChannel {
 	pub(crate) max_accepted_htlcs: u16,
 	pub(crate) funding_pubkey: PublicKey,
 	pub(crate) revocation_basepoint: PublicKey,
-	pub(crate) payment_basepoint: PublicKey,
+	pub(crate) payment_point: PublicKey,
 	pub(crate) delayed_payment_basepoint: PublicKey,
 	pub(crate) htlc_basepoint: PublicKey,
 	pub(crate) first_per_commitment_point: PublicKey,
@@ -205,7 +118,7 @@ pub struct AcceptChannel {
 	pub(crate) max_accepted_htlcs: u16,
 	pub(crate) funding_pubkey: PublicKey,
 	pub(crate) revocation_basepoint: PublicKey,
-	pub(crate) payment_basepoint: PublicKey,
+	pub(crate) payment_point: PublicKey,
 	pub(crate) delayed_payment_basepoint: PublicKey,
 	pub(crate) htlc_basepoint: PublicKey,
 	pub(crate) first_per_commitment_point: PublicKey,
@@ -216,7 +129,7 @@ pub struct AcceptChannel {
 #[derive(Clone)]
 pub struct FundingCreated {
 	pub(crate) temporary_channel_id: [u8; 32],
-	pub(crate) funding_txid: Sha256dHash,
+	pub(crate) funding_txid: Txid,
 	pub(crate) funding_output_index: u16,
 	pub(crate) signature: Signature,
 }
@@ -230,9 +143,10 @@ pub struct FundingSigned {
 
 /// A funding_locked message to be sent or received from a peer
 #[derive(Clone, PartialEq)]
+#[allow(missing_docs)]
 pub struct FundingLocked {
-	pub(crate) channel_id: [u8; 32],
-	pub(crate) next_per_commitment_point: PublicKey,
+	pub channel_id: [u8; 32],
+	pub next_per_commitment_point: PublicKey,
 }
 
 /// A shutdown message to be sent or received from a peer
@@ -390,6 +304,9 @@ impl NetAddress {
 			&NetAddress::OnionV3 { .. } => { 37 },
 		}
 	}
+
+	/// The maximum length of any address descriptor, not including the 1-byte type
+	pub(crate) const MAX_LEN: u16 = 37;
 }
 
 impl Writeable for NetAddress {
@@ -422,9 +339,9 @@ impl Writeable for NetAddress {
 	}
 }
 
-impl<R: ::std::io::Read>  Readable<R> for Result<NetAddress, u8> {
-	fn read(reader: &mut R) -> Result<Result<NetAddress, u8>, DecodeError> {
-		let byte = <u8 as Readable<R>>::read(reader)?;
+impl Readable for Result<NetAddress, u8> {
+	fn read<R: Read>(reader: &mut R) -> Result<Result<NetAddress, u8>, DecodeError> {
+		let byte = <u8 as Readable>::read(reader)?;
 		match byte {
 			1 => {
 				Ok(Ok(NetAddress::IPv4 {
@@ -461,7 +378,7 @@ impl<R: ::std::io::Read>  Readable<R> for Result<NetAddress, u8> {
 /// The unsigned part of a node_announcement
 #[derive(PartialEq, Clone, Debug)]
 pub struct UnsignedNodeAnnouncement {
-	pub(crate) features: GlobalFeatures,
+	pub(crate) features: NodeFeatures,
 	pub(crate) timestamp: u32,
 	/// The node_id this announcement originated from (don't rebroadcast the node_announcement back
 	/// to this node).
@@ -485,8 +402,8 @@ pub struct NodeAnnouncement {
 /// The unsigned part of a channel_announcement
 #[derive(PartialEq, Clone, Debug)]
 pub struct UnsignedChannelAnnouncement {
-	pub(crate) features: GlobalFeatures,
-	pub(crate) chain_hash: Sha256dHash,
+	pub(crate) features: ChannelFeatures,
+	pub(crate) chain_hash: BlockHash,
 	pub(crate) short_channel_id: u64,
 	/// One of the two node_ids which are endpoints of this channel
 	pub        node_id_1: PublicKey,
@@ -508,7 +425,7 @@ pub struct ChannelAnnouncement {
 
 #[derive(PartialEq, Clone, Debug)]
 pub(crate) struct UnsignedChannelUpdate {
-	pub(crate) chain_hash: Sha256dHash,
+	pub(crate) chain_hash: BlockHash,
 	pub(crate) short_channel_id: u64,
 	pub(crate) timestamp: u32,
 	pub(crate) flags: u16,
@@ -616,9 +533,9 @@ pub enum OptionalField<T> {
 pub trait ChannelMessageHandler : events::MessageSendEventsProvider + Send + Sync {
 	//Channel init:
 	/// Handle an incoming open_channel message from the given peer.
-	fn handle_open_channel(&self, their_node_id: &PublicKey, their_local_features: LocalFeatures, msg: &OpenChannel);
+	fn handle_open_channel(&self, their_node_id: &PublicKey, their_features: InitFeatures, msg: &OpenChannel);
 	/// Handle an incoming accept_channel message from the given peer.
-	fn handle_accept_channel(&self, their_node_id: &PublicKey, their_local_features: LocalFeatures, msg: &AcceptChannel);
+	fn handle_accept_channel(&self, their_node_id: &PublicKey, their_features: InitFeatures, msg: &AcceptChannel);
 	/// Handle an incoming funding_created message from the given peer.
 	fn handle_funding_created(&self, their_node_id: &PublicKey, msg: &FundingCreated);
 	/// Handle an incoming funding_signed message from the given peer.
@@ -661,7 +578,7 @@ pub trait ChannelMessageHandler : events::MessageSendEventsProvider + Send + Syn
 	fn peer_disconnected(&self, their_node_id: &PublicKey, no_connection_possible: bool);
 
 	/// Handle a peer reconnecting, possibly generating channel_reestablish message(s).
-	fn peer_connected(&self, their_node_id: &PublicKey);
+	fn peer_connected(&self, their_node_id: &PublicKey, msg: &Init);
 	/// Handle an incoming channel_reestablish message from the given peer.
 	fn handle_channel_reestablish(&self, their_node_id: &PublicKey, msg: &ChannelReestablish);
 
@@ -685,30 +602,49 @@ pub trait RoutingMessageHandler : Send + Sync {
 	fn handle_htlc_fail_channel_update(&self, update: &HTLCFailChannelUpdate);
 	/// Gets a subset of the channel announcements and updates required to dump our routing table
 	/// to a remote node, starting at the short_channel_id indicated by starting_point and
-	/// including batch_amount entries.
-	fn get_next_channel_announcements(&self, starting_point: u64, batch_amount: u8) -> Vec<(ChannelAnnouncement, ChannelUpdate, ChannelUpdate)>;
+	/// including the batch_amount entries immediately higher in numerical value than starting_point.
+	fn get_next_channel_announcements(&self, starting_point: u64, batch_amount: u8) -> Vec<(ChannelAnnouncement, Option<ChannelUpdate>, Option<ChannelUpdate>)>;
 	/// Gets a subset of the node announcements required to dump our routing table to a remote node,
-	/// starting at the node *after* the provided publickey and including batch_amount entries.
+	/// starting at the node *after* the provided publickey and including batch_amount entries
+	/// immediately higher (as defined by <PublicKey as Ord>::cmp) than starting_point.
 	/// If None is provided for starting_point, we start at the first node.
 	fn get_next_node_announcements(&self, starting_point: Option<&PublicKey>, batch_amount: u8) -> Vec<NodeAnnouncement>;
-}
-
-pub(crate) struct OnionRealm0HopData {
-	pub(crate) short_channel_id: u64,
-	pub(crate) amt_to_forward: u64,
-	pub(crate) outgoing_cltv_value: u32,
-	// 12 bytes of 0-padding
+	/// Returns whether a full sync should be requested from a peer.
+	fn should_request_full_sync(&self, node_id: &PublicKey) -> bool;
 }
 
 mod fuzzy_internal_msgs {
+	use ln::channelmanager::PaymentSecret;
+
 	// These types aren't intended to be pub, but are exposed for direct fuzzing (as we deserialize
 	// them from untrusted input):
+	#[derive(Clone)]
+	pub(crate) struct FinalOnionHopData {
+		pub(crate) payment_secret: PaymentSecret,
+		/// The total value, in msat, of the payment as received by the ultimate recipient.
+		/// Message serialization may panic if this value is more than 21 million Bitcoin.
+		pub(crate) total_msat: u64,
+	}
+
+	pub(crate) enum OnionHopDataFormat {
+		Legacy { // aka Realm-0
+			short_channel_id: u64,
+		},
+		NonFinalNode {
+			short_channel_id: u64,
+		},
+		FinalNode {
+			payment_data: Option<FinalOnionHopData>,
+		},
+	}
 
-	use super::OnionRealm0HopData;
 	pub struct OnionHopData {
-		pub(crate) realm: u8,
-		pub(crate) data: OnionRealm0HopData,
-		pub(crate) hmac: [u8; 32],
+		pub(crate) format: OnionHopDataFormat,
+		/// The value, in msat, of the payment after this hop's fee is deducted.
+		/// Message serialization may panic if this value is more than 21 million Bitcoin.
+		pub(crate) amt_to_forward: u64,
+		pub(crate) outgoing_cltv_value: u32,
+		// 12 bytes of 0-padding for Legacy format
 	}
 
 	pub struct DecodedOnionErrorPacket {
@@ -751,22 +687,16 @@ pub(crate) struct OnionErrorPacket {
 	pub(crate) data: Vec<u8>,
 }
 
-impl Error for DecodeError {
-	fn description(&self) -> &str {
-		match *self {
-			DecodeError::UnknownVersion => "Unknown realm byte in Onion packet",
-			DecodeError::UnknownRequiredFeature => "Unknown required feature preventing decode",
-			DecodeError::InvalidValue => "Nonsense bytes didn't map to the type they were interpreted as",
-			DecodeError::ShortRead => "Packet extended beyond the provided bytes",
-			DecodeError::ExtraAddressesPerType => "More than one address of a single type",
-			DecodeError::BadLengthDescriptor => "A length descriptor in the packet didn't describe the later data correctly",
-			DecodeError::Io(ref e) => e.description(),
-		}
-	}
-}
 impl fmt::Display for DecodeError {
 	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-		f.write_str(self.description())
+		match *self {
+			DecodeError::UnknownVersion => f.write_str("Unknown realm byte in Onion packet"),
+			DecodeError::UnknownRequiredFeature => f.write_str("Unknown required feature preventing decode"),
+			DecodeError::InvalidValue => f.write_str("Nonsense bytes didn't map to the type they were interpreted as"),
+			DecodeError::ShortRead => f.write_str("Packet extended beyond the provided bytes"),
+			DecodeError::BadLengthDescriptor => f.write_str("A length descriptor in the packet didn't describe the later data correctly"),
+			DecodeError::Io(ref e) => e.fmt(f),
+		}
 	}
 }
 
@@ -799,9 +729,9 @@ impl Writeable for OptionalField<Script> {
 	}
 }
 
-impl<R: Read> Readable<R> for OptionalField<Script> {
-	fn read(r: &mut R) -> Result<Self, DecodeError> {
-		match <u16 as Readable<R>>::read(r) {
+impl Readable for OptionalField<Script> {
+	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+		match <u16 as Readable>::read(r) {
 			Ok(len) => {
 				let mut buf = vec![0; len as usize];
 				r.read_exact(&mut buf)?;
@@ -827,7 +757,7 @@ impl_writeable_len_match!(AcceptChannel, {
 	max_accepted_htlcs,
 	funding_pubkey,
 	revocation_basepoint,
-	payment_basepoint,
+	payment_point,
 	delayed_payment_basepoint,
 	htlc_basepoint,
 	first_per_commitment_point,
@@ -858,14 +788,14 @@ impl Writeable for ChannelReestablish {
 	}
 }
 
-impl<R: Read> Readable<R> for ChannelReestablish{
-	fn read(r: &mut R) -> Result<Self, DecodeError> {
+impl Readable for ChannelReestablish{
+	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
 		Ok(Self {
 			channel_id: Readable::read(r)?,
 			next_local_commitment_number: Readable::read(r)?,
 			next_remote_commitment_number: Readable::read(r)?,
 			data_loss_protect: {
-				match <[u8; 32] as Readable<R>>::read(r) {
+				match <[u8; 32] as Readable>::read(r) {
 					Ok(your_last_per_commitment_secret) =>
 						OptionalField::Present(DataLossProtect {
 							your_last_per_commitment_secret,
@@ -918,24 +848,24 @@ impl_writeable!(FundingLocked, 32+33, {
 	next_per_commitment_point
 });
 
-impl_writeable_len_match!(GlobalFeatures, {
-		{ GlobalFeatures { ref flags }, flags.len() + 2 }
-	}, {
-	flags
-});
-
-impl_writeable_len_match!(LocalFeatures, {
-		{ LocalFeatures { ref flags }, flags.len() + 2 }
-	}, {
-	flags
-});
+impl Writeable for Init {
+	fn write<W: Writer>(&self, w: &mut W) -> Result<(), ::std::io::Error> {
+		// global_features gets the bottom 13 bits of our features, and local_features gets all of
+		// our relevant feature bits. This keeps us compatible with old nodes.
+		self.features.write_up_to_13(w)?;
+		self.features.write(w)
+	}
+}
 
-impl_writeable_len_match!(Init, {
-		{ Init { ref global_features, ref local_features }, global_features.flags.len() + local_features.flags.len() + 4 }
-	}, {
-	global_features,
-	local_features
-});
+impl Readable for Init {
+	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+		let global_features: InitFeatures = Readable::read(r)?;
+		let features: InitFeatures = Readable::read(r)?;
+		Ok(Init {
+			features: features.or(global_features),
+		})
+	}
+}
 
 impl_writeable_len_match!(OpenChannel, {
 		{ OpenChannel { shutdown_scriptpubkey: OptionalField::Present(ref script), .. }, 319 + 2 + script.len() },
@@ -954,7 +884,7 @@ impl_writeable_len_match!(OpenChannel, {
 	max_accepted_htlcs,
 	funding_pubkey,
 	revocation_basepoint,
-	payment_basepoint,
+	payment_point,
 	delayed_payment_basepoint,
 	htlc_basepoint,
 	first_per_commitment_point,
@@ -1021,8 +951,8 @@ impl Writeable for OnionPacket {
 	}
 }
 
-impl<R: Read> Readable<R> for OnionPacket {
-	fn read(r: &mut R) -> Result<Self, DecodeError> {
+impl Readable for OnionPacket {
+	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
 		Ok(OnionPacket {
 			version: Readable::read(r)?,
 			public_key: {
@@ -1045,53 +975,119 @@ impl_writeable!(UpdateAddHTLC, 32+8+8+32+4+1366, {
 	onion_routing_packet
 });
 
-impl Writeable for OnionRealm0HopData {
+impl Writeable for FinalOnionHopData {
 	fn write<W: Writer>(&self, w: &mut W) -> Result<(), ::std::io::Error> {
-		w.size_hint(32);
-		self.short_channel_id.write(w)?;
-		self.amt_to_forward.write(w)?;
-		self.outgoing_cltv_value.write(w)?;
-		w.write_all(&[0;12])?;
-		Ok(())
+		w.size_hint(32 + 8 - (self.total_msat.leading_zeros()/8) as usize);
+		self.payment_secret.0.write(w)?;
+		HighZeroBytesDroppedVarInt(self.total_msat).write(w)
 	}
 }
 
-impl<R: Read> Readable<R> for OnionRealm0HopData {
-	fn read(r: &mut R) -> Result<Self, DecodeError> {
-		Ok(OnionRealm0HopData {
-			short_channel_id: Readable::read(r)?,
-			amt_to_forward: Readable::read(r)?,
-			outgoing_cltv_value: {
-				let v: u32 = Readable::read(r)?;
-				r.read_exact(&mut [0; 12])?;
-				v
-			}
-		})
+impl Readable for FinalOnionHopData {
+	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+		let secret: [u8; 32] = Readable::read(r)?;
+		let amt: HighZeroBytesDroppedVarInt<u64> = Readable::read(r)?;
+		Ok(Self { payment_secret: PaymentSecret(secret), total_msat: amt.0 })
 	}
 }
 
 impl Writeable for OnionHopData {
 	fn write<W: Writer>(&self, w: &mut W) -> Result<(), ::std::io::Error> {
-		w.size_hint(65);
-		self.realm.write(w)?;
-		self.data.write(w)?;
-		self.hmac.write(w)?;
+		w.size_hint(33);
+		// Note that this should never be reachable if Rust-Lightning generated the message, as we
+		// check values are sane long before we get here, though its possible in the future
+		// user-generated messages may hit this.
+		if self.amt_to_forward > MAX_VALUE_MSAT { panic!("We should never be sending infinite/overflow onion payments"); }
+		match self.format {
+			OnionHopDataFormat::Legacy { short_channel_id } => {
+				0u8.write(w)?;
+				short_channel_id.write(w)?;
+				self.amt_to_forward.write(w)?;
+				self.outgoing_cltv_value.write(w)?;
+				w.write_all(&[0;12])?;
+			},
+			OnionHopDataFormat::NonFinalNode { short_channel_id } => {
+				encode_varint_length_prefixed_tlv!(w, {
+					(2, HighZeroBytesDroppedVarInt(self.amt_to_forward)),
+					(4, HighZeroBytesDroppedVarInt(self.outgoing_cltv_value)),
+					(6, short_channel_id)
+				});
+			},
+			OnionHopDataFormat::FinalNode { payment_data: Some(ref final_data) } => {
+				if final_data.total_msat > MAX_VALUE_MSAT { panic!("We should never be sending infinite/overflow onion payments"); }
+				encode_varint_length_prefixed_tlv!(w, {
+					(2, HighZeroBytesDroppedVarInt(self.amt_to_forward)),
+					(4, HighZeroBytesDroppedVarInt(self.outgoing_cltv_value)),
+					(8, final_data)
+				});
+			},
+			OnionHopDataFormat::FinalNode { payment_data: None } => {
+				encode_varint_length_prefixed_tlv!(w, {
+					(2, HighZeroBytesDroppedVarInt(self.amt_to_forward)),
+					(4, HighZeroBytesDroppedVarInt(self.outgoing_cltv_value))
+				});
+			},
+		}
 		Ok(())
 	}
 }
 
-impl<R: Read> Readable<R> for OnionHopData {
-	fn read(r: &mut R) -> Result<Self, DecodeError> {
-		Ok(OnionHopData {
-			realm: {
-				let r: u8 = Readable::read(r)?;
-				if r != 0 {
-					return Err(DecodeError::UnknownVersion);
+impl Readable for OnionHopData {
+	fn read<R: Read>(mut r: &mut R) -> Result<Self, DecodeError> {
+		use bitcoin::consensus::encode::{Decodable, Error, VarInt};
+		let v: VarInt = Decodable::consensus_decode(&mut r)
+			.map_err(|e| match e {
+				Error::Io(ioe) => DecodeError::from(ioe),
+				_ => DecodeError::InvalidValue
+			})?;
+		const LEGACY_ONION_HOP_FLAG: u64 = 0;
+		let (format, amt, cltv_value) = if v.0 != LEGACY_ONION_HOP_FLAG {
+			let mut rd = FixedLengthReader::new(r, v.0);
+			let mut amt = HighZeroBytesDroppedVarInt(0u64);
+			let mut cltv_value = HighZeroBytesDroppedVarInt(0u32);
+			let mut short_id: Option<u64> = None;
+			let mut payment_data: Option<FinalOnionHopData> = None;
+			decode_tlv!(&mut rd, {
+				(2, amt),
+				(4, cltv_value)
+			}, {
+				(6, short_id),
+				(8, payment_data)
+			});
+			rd.eat_remaining().map_err(|_| DecodeError::ShortRead)?;
+			let format = if let Some(short_channel_id) = short_id {
+				if payment_data.is_some() { return Err(DecodeError::InvalidValue); }
+				OnionHopDataFormat::NonFinalNode {
+					short_channel_id,
 				}
-				r
-			},
-			data: Readable::read(r)?,
-			hmac: Readable::read(r)?,
+			} else {
+				if let &Some(ref data) = &payment_data {
+					if data.total_msat > MAX_VALUE_MSAT {
+						return Err(DecodeError::InvalidValue);
+					}
+				}
+				OnionHopDataFormat::FinalNode {
+					payment_data
+				}
+			};
+			(format, amt.0, cltv_value.0)
+		} else {
+			let format = OnionHopDataFormat::Legacy {
+				short_channel_id: Readable::read(r)?,
+			};
+			let amt: u64 = Readable::read(r)?;
+			let cltv_value: u32 = Readable::read(r)?;
+			r.read_exact(&mut [0; 12])?;
+			(format, amt, cltv_value)
+		};
+
+		if amt > MAX_VALUE_MSAT {
+			return Err(DecodeError::InvalidValue);
+		}
+		Ok(OnionHopData {
+			format,
+			amt_to_forward: amt,
+			outgoing_cltv_value: cltv_value,
 		})
 	}
 }
@@ -1105,8 +1101,8 @@ impl Writeable for Ping {
 	}
 }
 
-impl<R: Read> Readable<R> for Ping {
-	fn read(r: &mut R) -> Result<Self, DecodeError> {
+impl Readable for Ping {
+	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
 		Ok(Ping {
 			ponglen: Readable::read(r)?,
 			byteslen: {
@@ -1126,8 +1122,8 @@ impl Writeable for Pong {
 	}
 }
 
-impl<R: Read> Readable<R> for Pong {
-	fn read(r: &mut R) -> Result<Self, DecodeError> {
+impl Readable for Pong {
+	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
 		Ok(Pong {
 			byteslen: {
 				let byteslen = Readable::read(r)?;
@@ -1140,7 +1136,7 @@ impl<R: Read> Readable<R> for Pong {
 
 impl Writeable for UnsignedChannelAnnouncement {
 	fn write<W: Writer>(&self, w: &mut W) -> Result<(), ::std::io::Error> {
-		w.size_hint(2 + 2*32 + 4*33 + self.features.flags.len() + self.excess_data.len());
+		w.size_hint(2 + 2*32 + 4*33 + self.features.byte_count() + self.excess_data.len());
 		self.features.write(w)?;
 		self.chain_hash.write(w)?;
 		self.short_channel_id.write(w)?;
@@ -1153,16 +1149,10 @@ impl Writeable for UnsignedChannelAnnouncement {
 	}
 }
 
-impl<R: Read> Readable<R> for UnsignedChannelAnnouncement {
-	fn read(r: &mut R) -> Result<Self, DecodeError> {
+impl Readable for UnsignedChannelAnnouncement {
+	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
 		Ok(Self {
-			features: {
-				let f: GlobalFeatures = Readable::read(r)?;
-				if f.requires_unknown_bits() {
-					return Err(DecodeError::UnknownRequiredFeature);
-				}
-				f
-			},
+			features: Readable::read(r)?,
 			chain_hash: Readable::read(r)?,
 			short_channel_id: Readable::read(r)?,
 			node_id_1: Readable::read(r)?,
@@ -1180,7 +1170,7 @@ impl<R: Read> Readable<R> for UnsignedChannelAnnouncement {
 
 impl_writeable_len_match!(ChannelAnnouncement, {
 		{ ChannelAnnouncement { contents: UnsignedChannelAnnouncement {ref features, ref excess_data, ..}, .. },
-			2 + 2*32 + 4*33 + features.flags.len() + excess_data.len() + 4*64 }
+			2 + 2*32 + 4*33 + features.byte_count() + excess_data.len() + 4*64 }
 	}, {
 	node_signature_1,
 	node_signature_2,
@@ -1205,8 +1195,8 @@ impl Writeable for UnsignedChannelUpdate {
 	}
 }
 
-impl<R: Read> Readable<R> for UnsignedChannelUpdate {
-	fn read(r: &mut R) -> Result<Self, DecodeError> {
+impl Readable for UnsignedChannelUpdate {
+	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
 		Ok(Self {
 			chain_hash: Readable::read(r)?,
 			short_channel_id: Readable::read(r)?,
@@ -1243,12 +1233,12 @@ impl Writeable for ErrorMessage {
 	}
 }
 
-impl<R: Read> Readable<R> for ErrorMessage {
-	fn read(r: &mut R) -> Result<Self, DecodeError> {
+impl Readable for ErrorMessage {
+	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
 		Ok(Self {
 			channel_id: Readable::read(r)?,
 			data: {
-				let mut sz: usize = <u16 as Readable<R>>::read(r)? as usize;
+				let mut sz: usize = <u16 as Readable>::read(r)? as usize;
 				let mut data = vec![];
 				let data_len = r.read_to_end(&mut data)?;
 				sz = cmp::min(data_len, sz);
@@ -1263,7 +1253,7 @@ impl<R: Read> Readable<R> for ErrorMessage {
 
 impl Writeable for UnsignedNodeAnnouncement {
 	fn write<W: Writer>(&self, w: &mut W) -> Result<(), ::std::io::Error> {
-		w.size_hint(64 + 76 + self.features.flags.len() + self.addresses.len()*38 + self.excess_address_data.len() + self.excess_data.len());
+		w.size_hint(64 + 76 + self.features.byte_count() + self.addresses.len()*38 + self.excess_address_data.len() + self.excess_data.len());
 		self.features.write(w)?;
 		self.timestamp.write(w)?;
 		self.node_id.write(w)?;
@@ -1271,8 +1261,7 @@ impl Writeable for UnsignedNodeAnnouncement {
 		self.alias.write(w)?;
 
 		let mut addrs_to_encode = self.addresses.clone();
-		addrs_to_encode.sort_unstable_by(|a, b| { a.get_id().cmp(&b.get_id()) });
-		addrs_to_encode.dedup_by(|a, b| { a.get_id() == b.get_id() });
+		addrs_to_encode.sort_by(|a, b| { a.get_id().cmp(&b.get_id()) });
 		let mut addr_len = 0;
 		for addr in &addrs_to_encode {
 			addr_len += 1 + addr.len();
@@ -1287,12 +1276,9 @@ impl Writeable for UnsignedNodeAnnouncement {
 	}
 }
 
-impl<R: Read> Readable<R> for UnsignedNodeAnnouncement {
-	fn read(r: &mut R) -> Result<Self, DecodeError> {
-		let features: GlobalFeatures = Readable::read(r)?;
-		if features.requires_unknown_bits() {
-			return Err(DecodeError::UnknownRequiredFeature);
-		}
+impl Readable for UnsignedNodeAnnouncement {
+	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+		let features: NodeFeatures = Readable::read(r)?;
 		let timestamp: u32 = Readable::read(r)?;
 		let node_id: PublicKey = Readable::read(r)?;
 		let mut rgb = [0; 3];
@@ -1300,7 +1286,8 @@ impl<R: Read> Readable<R> for UnsignedNodeAnnouncement {
 		let alias: [u8; 32] = Readable::read(r)?;
 
 		let addr_len: u16 = Readable::read(r)?;
-		let mut addresses: Vec<NetAddress> = Vec::with_capacity(4);
+		let mut addresses: Vec<NetAddress> = Vec::new();
+		let mut highest_addr_type = 0;
 		let mut addr_readpos = 0;
 		let mut excess = false;
 		let mut excess_byte = 0;
@@ -1308,28 +1295,11 @@ impl<R: Read> Readable<R> for UnsignedNodeAnnouncement {
 			if addr_len <= addr_readpos { break; }
 			match Readable::read(r) {
 				Ok(Ok(addr)) => {
-					match addr {
-						NetAddress::IPv4 { .. } => {
-							if addresses.len() > 0 {
-								return Err(DecodeError::ExtraAddressesPerType);
-							}
-						},
-						NetAddress::IPv6 { .. } => {
-							if addresses.len() > 1 || (addresses.len() == 1 && addresses[0].get_id() != 1) {
-								return Err(DecodeError::ExtraAddressesPerType);
-							}
-						},
-						NetAddress::OnionV2 { .. } => {
-							if addresses.len() > 2 || (addresses.len() > 0 && addresses.last().unwrap().get_id() > 2) {
-								return Err(DecodeError::ExtraAddressesPerType);
-							}
-						},
-						NetAddress::OnionV3 { .. } => {
-							if addresses.len() > 3 || (addresses.len() > 0 && addresses.last().unwrap().get_id() > 3) {
-								return Err(DecodeError::ExtraAddressesPerType);
-							}
-						},
+					if addr.get_id() < highest_addr_type {
+						// Addresses must be sorted in increasing order
+						return Err(DecodeError::InvalidValue);
 					}
+					highest_addr_type = addr.get_id();
 					if addr_len < addr_readpos + 1 + addr.len() {
 						return Err(DecodeError::BadLengthDescriptor);
 					}
@@ -1376,7 +1346,7 @@ impl<R: Read> Readable<R> for UnsignedNodeAnnouncement {
 
 impl_writeable_len_match!(NodeAnnouncement, {
 		{ NodeAnnouncement { contents: UnsignedNodeAnnouncement { ref features, ref addresses, ref excess_address_data, ref excess_data, ..}, .. },
-			64 + 76 + features.flags.len() + addresses.len()*38 + excess_address_data.len() + excess_data.len() }
+			64 + 76 + features.byte_count() + addresses.len()*(NetAddress::MAX_LEN as usize + 1) + excess_address_data.len() + excess_data.len() }
 	}, {
 	signature,
 	contents
@@ -1386,19 +1356,21 @@ impl_writeable_len_match!(NodeAnnouncement, {
 mod tests {
 	use hex;
 	use ln::msgs;
-	use ln::msgs::{GlobalFeatures, LocalFeatures, OptionalField, OnionErrorPacket};
-	use ln::channelmanager::{PaymentPreimage, PaymentHash};
-	use util::ser::Writeable;
+	use ln::msgs::{ChannelFeatures, FinalOnionHopData, InitFeatures, NodeFeatures, OptionalField, OnionErrorPacket, OnionHopDataFormat};
+	use ln::channelmanager::{PaymentPreimage, PaymentHash, PaymentSecret};
+	use util::ser::{Writeable, Readable};
 
-	use bitcoin_hashes::sha256d::Hash as Sha256dHash;
-	use bitcoin_hashes::hex::FromHex;
+	use bitcoin::hashes::hex::FromHex;
 	use bitcoin::util::address::Address;
 	use bitcoin::network::constants::Network;
 	use bitcoin::blockdata::script::Builder;
 	use bitcoin::blockdata::opcodes;
+	use bitcoin::hash_types::{Txid, BlockHash};
+
+	use bitcoin::secp256k1::key::{PublicKey,SecretKey};
+	use bitcoin::secp256k1::{Secp256k1, Message};
 
-	use secp256k1::key::{PublicKey,SecretKey};
-	use secp256k1::{Secp256k1, Message};
+	use std::io::Cursor;
 
 	#[test]
 	fn encoding_channel_reestablish_no_secret() {
@@ -1483,13 +1455,13 @@ mod tests {
 		let sig_2 = get_sig_on!(privkey_2, secp_ctx, String::from("01010101010101010101010101010101"));
 		let sig_3 = get_sig_on!(privkey_3, secp_ctx, String::from("01010101010101010101010101010101"));
 		let sig_4 = get_sig_on!(privkey_4, secp_ctx, String::from("01010101010101010101010101010101"));
-		let mut features = GlobalFeatures::new();
+		let mut features = ChannelFeatures::known();
 		if unknown_features_bits {
-			features.flags = vec![0xFF, 0xFF];
+			features = ChannelFeatures::from_le_bytes(vec![0xFF, 0xFF]);
 		}
 		let unsigned_channel_announcement = msgs::UnsignedChannelAnnouncement {
 			features,
-			chain_hash: if !non_bitcoin_chain_hash { Sha256dHash::from_hex("6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000").unwrap() } else { Sha256dHash::from_hex("000000000933ea01ad0ee984209779baaec3ced90fa3f408719526f8d77f4943").unwrap() },
+			chain_hash: if !non_bitcoin_chain_hash { BlockHash::from_hex("6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000").unwrap() } else { BlockHash::from_hex("000000000933ea01ad0ee984209779baaec3ced90fa3f408719526f8d77f4943").unwrap() },
 			short_channel_id: 2316138423780173,
 			node_id_1: pubkey_1,
 			node_id_2: pubkey_2,
@@ -1539,10 +1511,12 @@ mod tests {
 		let secp_ctx = Secp256k1::new();
 		let (privkey_1, pubkey_1) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
 		let sig_1 = get_sig_on!(privkey_1, secp_ctx, String::from("01010101010101010101010101010101"));
-		let mut features = GlobalFeatures::new();
-		if unknown_features_bits {
-			features.flags = vec![0xFF, 0xFF];
-		}
+		let features = if unknown_features_bits {
+			NodeFeatures::from_le_bytes(vec![0xFF, 0xFF])
+		} else {
+			// Set to some features we may support
+			NodeFeatures::from_le_bytes(vec![2 | 1 << 5])
+		};
 		let mut addresses = Vec::new();
 		if ipv4 {
 			addresses.push(msgs::NetAddress::IPv4 {
@@ -1594,7 +1568,7 @@ mod tests {
 		if unknown_features_bits {
 			target_value.append(&mut hex::decode("0002ffff").unwrap());
 		} else {
-			target_value.append(&mut hex::decode("0000").unwrap());
+			target_value.append(&mut hex::decode("000122").unwrap());
 		}
 		target_value.append(&mut hex::decode("013413a7031b84c5567b126440995d3ed5aaba0565d71e1834604819ff9c17f5e9d5dd078f2020201010101010101010101010101010101010101010101010101010101010101010").unwrap());
 		target_value.append(&mut vec![(addr_len >> 8) as u8, addr_len as u8]);
@@ -1637,7 +1611,7 @@ mod tests {
 		let (privkey_1, _) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
 		let sig_1 = get_sig_on!(privkey_1, secp_ctx, String::from("01010101010101010101010101010101"));
 		let unsigned_channel_update = msgs::UnsignedChannelUpdate {
-			chain_hash: if !non_bitcoin_chain_hash { Sha256dHash::from_hex("6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000").unwrap() } else { Sha256dHash::from_hex("000000000933ea01ad0ee984209779baaec3ced90fa3f408719526f8d77f4943").unwrap() },
+			chain_hash: if !non_bitcoin_chain_hash { BlockHash::from_hex("6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000").unwrap() } else { BlockHash::from_hex("000000000933ea01ad0ee984209779baaec3ced90fa3f408719526f8d77f4943").unwrap() },
 			short_channel_id: 2316138423780173,
 			timestamp: 20190119,
 			flags: if direction { 1 } else { 0 } | if disable { 1 << 1 } else { 0 } | if htlc_maximum_msat { 1 << 8 } else { 0 },
@@ -1699,7 +1673,7 @@ mod tests {
 		let (_, pubkey_5) = get_keys_from!("0505050505050505050505050505050505050505050505050505050505050505", secp_ctx);
 		let (_, pubkey_6) = get_keys_from!("0606060606060606060606060606060606060606060606060606060606060606", secp_ctx);
 		let open_channel = msgs::OpenChannel {
-			chain_hash: if !non_bitcoin_chain_hash { Sha256dHash::from_hex("6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000").unwrap() } else { Sha256dHash::from_hex("000000000933ea01ad0ee984209779baaec3ced90fa3f408719526f8d77f4943").unwrap() },
+			chain_hash: if !non_bitcoin_chain_hash { BlockHash::from_hex("6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000").unwrap() } else { BlockHash::from_hex("000000000933ea01ad0ee984209779baaec3ced90fa3f408719526f8d77f4943").unwrap() },
 			temporary_channel_id: [2; 32],
 			funding_satoshis: 1311768467284833366,
 			push_msat: 2536655962884945560,
@@ -1712,7 +1686,7 @@ mod tests {
 			max_accepted_htlcs: 49340,
 			funding_pubkey: pubkey_1,
 			revocation_basepoint: pubkey_2,
-			payment_basepoint: pubkey_3,
+			payment_point: pubkey_3,
 			delayed_payment_basepoint: pubkey_4,
 			htlc_basepoint: pubkey_5,
 			first_per_commitment_point: pubkey_6,
@@ -1766,7 +1740,7 @@ mod tests {
 			max_accepted_htlcs: 49340,
 			funding_pubkey: pubkey_1,
 			revocation_basepoint: pubkey_2,
-			payment_basepoint: pubkey_3,
+			payment_point: pubkey_3,
 			delayed_payment_basepoint: pubkey_4,
 			htlc_basepoint: pubkey_5,
 			first_per_commitment_point: pubkey_6,
@@ -1793,7 +1767,7 @@ mod tests {
 		let sig_1 = get_sig_on!(privkey_1, secp_ctx, String::from("01010101010101010101010101010101"));
 		let funding_created = msgs::FundingCreated {
 			temporary_channel_id: [2; 32],
-			funding_txid: Sha256dHash::from_hex("c2d4449afa8d26140898dd54d3390b057ba2a5afcf03ba29d7dc0d8b9ffe966e").unwrap(),
+			funding_txid: Txid::from_hex("c2d4449afa8d26140898dd54d3390b057ba2a5afcf03ba29d7dc0d8b9ffe966e").unwrap(),
 			funding_output_index: 255,
 			signature: sig_1,
 		};
@@ -1993,40 +1967,17 @@ mod tests {
 		assert_eq!(encoded_value, target_value);
 	}
 
-	fn do_encoding_init(unknown_global_bits: bool, initial_routing_sync: bool) {
-		let mut global = GlobalFeatures::new();
-		if unknown_global_bits {
-			global.flags = vec![0xFF, 0xFF];
-		}
-		let mut local = LocalFeatures::new();
-		if initial_routing_sync {
-			local.set_initial_routing_sync();
-		}
-		let init = msgs::Init {
-			global_features: global,
-			local_features: local,
-		};
-		let encoded_value = init.encode();
-		let mut target_value = Vec::new();
-		if unknown_global_bits {
-			target_value.append(&mut hex::decode("0002ffff").unwrap());
-		} else {
-			target_value.append(&mut hex::decode("0000").unwrap());
-		}
-		if initial_routing_sync {
-			target_value.append(&mut hex::decode("00012a").unwrap());
-		} else {
-			target_value.append(&mut hex::decode("000122").unwrap());
-		}
-		assert_eq!(encoded_value, target_value);
-	}
-
 	#[test]
 	fn encoding_init() {
-		do_encoding_init(false, false);
-		do_encoding_init(true, false);
-		do_encoding_init(false, true);
-		do_encoding_init(true, true);
+		assert_eq!(msgs::Init {
+			features: InitFeatures::from_le_bytes(vec![0xFF, 0xFF, 0xFF]),
+		}.encode(), hex::decode("00023fff0003ffffff").unwrap());
+		assert_eq!(msgs::Init {
+			features: InitFeatures::from_le_bytes(vec![0xFF]),
+		}.encode(), hex::decode("0001ff0001ff").unwrap());
+		assert_eq!(msgs::Init {
+			features: InitFeatures::from_le_bytes(vec![]),
+		}.encode(), hex::decode("00000000").unwrap());
 	}
 
 	#[test]
@@ -2060,4 +2011,85 @@ mod tests {
 		let target_value = hex::decode("004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000").unwrap();
 		assert_eq!(encoded_value, target_value);
 	}
+
+	#[test]
+	fn encoding_legacy_onion_hop_data() {
+		let msg = msgs::OnionHopData {
+			format: OnionHopDataFormat::Legacy {
+				short_channel_id: 0xdeadbeef1bad1dea,
+			},
+			amt_to_forward: 0x0badf00d01020304,
+			outgoing_cltv_value: 0xffffffff,
+		};
+		let encoded_value = msg.encode();
+		let target_value = hex::decode("00deadbeef1bad1dea0badf00d01020304ffffffff000000000000000000000000").unwrap();
+		assert_eq!(encoded_value, target_value);
+	}
+
+	#[test]
+	fn encoding_nonfinal_onion_hop_data() {
+		let mut msg = msgs::OnionHopData {
+			format: OnionHopDataFormat::NonFinalNode {
+				short_channel_id: 0xdeadbeef1bad1dea,
+			},
+			amt_to_forward: 0x0badf00d01020304,
+			outgoing_cltv_value: 0xffffffff,
+		};
+		let encoded_value = msg.encode();
+		let target_value = hex::decode("1a02080badf00d010203040404ffffffff0608deadbeef1bad1dea").unwrap();
+		assert_eq!(encoded_value, target_value);
+		msg = Readable::read(&mut Cursor::new(&target_value[..])).unwrap();
+		if let OnionHopDataFormat::NonFinalNode { short_channel_id } = msg.format {
+			assert_eq!(short_channel_id, 0xdeadbeef1bad1dea);
+		} else { panic!(); }
+		assert_eq!(msg.amt_to_forward, 0x0badf00d01020304);
+		assert_eq!(msg.outgoing_cltv_value, 0xffffffff);
+	}
+
+	#[test]
+	fn encoding_final_onion_hop_data() {
+		let mut msg = msgs::OnionHopData {
+			format: OnionHopDataFormat::FinalNode {
+				payment_data: None,
+			},
+			amt_to_forward: 0x0badf00d01020304,
+			outgoing_cltv_value: 0xffffffff,
+		};
+		let encoded_value = msg.encode();
+		let target_value = hex::decode("1002080badf00d010203040404ffffffff").unwrap();
+		assert_eq!(encoded_value, target_value);
+		msg = Readable::read(&mut Cursor::new(&target_value[..])).unwrap();
+		if let OnionHopDataFormat::FinalNode { payment_data: None } = msg.format { } else { panic!(); }
+		assert_eq!(msg.amt_to_forward, 0x0badf00d01020304);
+		assert_eq!(msg.outgoing_cltv_value, 0xffffffff);
+	}
+
+	#[test]
+	fn encoding_final_onion_hop_data_with_secret() {
+		let expected_payment_secret = PaymentSecret([0x42u8; 32]);
+		let mut msg = msgs::OnionHopData {
+			format: OnionHopDataFormat::FinalNode {
+				payment_data: Some(FinalOnionHopData {
+					payment_secret: expected_payment_secret,
+					total_msat: 0x1badca1f
+				}),
+			},
+			amt_to_forward: 0x0badf00d01020304,
+			outgoing_cltv_value: 0xffffffff,
+		};
+		let encoded_value = msg.encode();
+		let target_value = hex::decode("3602080badf00d010203040404ffffffff082442424242424242424242424242424242424242424242424242424242424242421badca1f").unwrap();
+		assert_eq!(encoded_value, target_value);
+		msg = Readable::read(&mut Cursor::new(&target_value[..])).unwrap();
+		if let OnionHopDataFormat::FinalNode {
+			payment_data: Some(FinalOnionHopData {
+				payment_secret,
+				total_msat: 0x1badca1f
+			})
+		} = msg.format {
+			assert_eq!(payment_secret, expected_payment_secret);
+		} else { panic!(); }
+		assert_eq!(msg.amt_to_forward, 0x0badf00d01020304);
+		assert_eq!(msg.outgoing_cltv_value, 0xffffffff);
+	}
 }