]> git.bitcoin.ninja Git - rust-lightning/commitdiff
projects / rust-lightning / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 51be7c8)
Impl Base AMP in the receive pipeline and expose payment_secret
authorMatt Corallo <git@bluematt.me>
Thu, 2 Jan 2020 06:23:48 +0000 (01:23 -0500)
committerMatt Corallo <git@bluematt.me>
Sun, 1 Mar 2020 04:26:16 +0000 (23:26 -0500)
Sadly a huge diff here, but almost all of it is changing the method
signatures for sending/receiving/failing HTLCs and the
PaymentReceived event, which all now need to expose an
Option<[u8; 32]> for the payment_secret.

It doesn't yet properly fail back pending HTLCs when the full AMP
payment is never received (which should result in accidental
channel force-closures). Further, as sending AMP payments is not
yet supported, the only test here is a simple single-path payment
with a payment_secret in it.

fuzz/src/chanmon_consistency.rs patch | blob | history
fuzz/src/full_stack.rs patch | blob | history
lightning/src/ln/chanmon_update_fail_tests.rs patch | blob | history
lightning/src/ln/channelmanager.rs patch | blob | history
lightning/src/ln/functional_test_utils.rs patch | blob | history
lightning/src/ln/functional_tests.rs patch | blob | history
lightning/src/ln/onion_utils.rs patch | blob | history
lightning/src/ln/reorg_tests.rs patch | blob | history
lightning/src/util/events.rs patch | blob | history

diff --git a/fuzz/src/chanmon_consistency.rs b/fuzz/src/chanmon_consistency.rs
index 7b8baec7169e7793cd9312b87cc77366e140a6e4..5d64b95215b30355f34bd0d406fbc1eb01a07701 100644 (file)
--- a/fuzz/src/chanmon_consistency.rs
+++ b/fuzz/src/chanmon_consistency.rs
@@ -417,7 +417,7 @@ pub fn do_test(data: &[u8]) {
                                                fee_msat: 5000000,
                                                cltv_expiry_delta: 200,
                                        }],
-                               }, PaymentHash(payment_hash.into_inner())) {
+                               }, PaymentHash(payment_hash.into_inner()), None) {
                                        // Probably ran out of funds
                                        test_return!();
                                }
@@ -441,7 +441,7 @@ pub fn do_test(data: &[u8]) {
                                                fee_msat: 5000000,
                                                cltv_expiry_delta: 200,
                                        }],
-                               }, PaymentHash(payment_hash.into_inner())) {
+                               }, PaymentHash(payment_hash.into_inner()), None) {
                                        // Probably ran out of funds
                                        test_return!();
                                }
@@ -602,9 +602,9 @@ pub fn do_test(data: &[u8]) {
                                                events::Event::PaymentReceived { payment_hash, .. } => {
                                                        if claim_set.insert(payment_hash.0) {
                                                                if $fail {
-                                                                       assert!(nodes[$node].fail_htlc_backwards(&payment_hash));
+                                                                       assert!(nodes[$node].fail_htlc_backwards(&payment_hash, &None));
                                                                } else {
-                                                                       assert!(nodes[$node].claim_funds(PaymentPreimage(payment_hash.0), 5_000_000));
+                                                                       assert!(nodes[$node].claim_funds(PaymentPreimage(payment_hash.0), &None, 5_000_000));
                                                                }
                                                        }
                                                },
diff --git a/fuzz/src/full_stack.rs b/fuzz/src/full_stack.rs
index 3879d0b1da3cd506443bb8e29b4c7778b069ea7d..1abe7b8bf22a3f362785e4b444be761139d410a2 100644 (file)
--- a/fuzz/src/full_stack.rs
+++ b/fuzz/src/full_stack.rs
@@ -343,7 +343,7 @@ pub fn do_test(data: &[u8], logger: &Arc<dyn Logger>) {
        }, our_network_key, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 15, 0], Arc::clone(&logger)));
 
        let mut should_forward = false;
-       let mut payments_received: Vec<(PaymentHash, u64)> = Vec::new();
+       let mut payments_received: Vec<(PaymentHash, Option<[u8; 32]>, u64)> = Vec::new();
        let mut payments_sent = 0;
        let mut pending_funding_generation: Vec<([u8; 32], u64, Script)> = Vec::new();
        let mut pending_funding_signatures = HashMap::new();
@@ -401,7 +401,7 @@ pub fn do_test(data: &[u8], logger: &Arc<dyn Logger>) {
                                sha.input(&payment_hash.0[..]);
                                payment_hash.0 = Sha256::from_engine(sha).into_inner();
                                payments_sent += 1;
-                               match channelmanager.send_payment(route, payment_hash) {
+                               match channelmanager.send_payment(route, payment_hash, None) {
                                        Ok(_) => {},
                                        Err(_) => return,
                                }
@@ -428,23 +428,23 @@ pub fn do_test(data: &[u8], logger: &Arc<dyn Logger>) {
                                }
                        },
                        8 => {
-                               for (payment, amt) in payments_received.drain(..) {
+                               for (payment, payment_secret, amt) in payments_received.drain(..) {
                                        // SHA256 is defined as XOR of all input bytes placed in the first byte, and 0s
                                        // for the remaining bytes. Thus, if not all remaining bytes are 0s we cannot
                                        // fulfill this HTLC, but if they are, we can just take the first byte and
                                        // place that anywhere in our preimage.
                                        if &payment.0[1..] != &[0; 31] {
-                                               channelmanager.fail_htlc_backwards(&payment);
+                                               channelmanager.fail_htlc_backwards(&payment, &payment_secret);
                                        } else {
                                                let mut payment_preimage = PaymentPreimage([0; 32]);
                                                payment_preimage.0[0] = payment.0[0];
-                                               channelmanager.claim_funds(payment_preimage, amt);
+                                               channelmanager.claim_funds(payment_preimage, &payment_secret, amt);
                                        }
                                }
                        },
                        9 => {
-                               for (payment, _) in payments_received.drain(..) {
-                                       channelmanager.fail_htlc_backwards(&payment);
+                               for (payment, payment_secret, _) in payments_received.drain(..) {
+                                       channelmanager.fail_htlc_backwards(&payment, &payment_secret);
                                }
                        },
                        10 => {
@@ -524,9 +524,9 @@ pub fn do_test(data: &[u8], logger: &Arc<dyn Logger>) {
                                Event::FundingBroadcastSafe { funding_txo, .. } => {
                                        pending_funding_relay.push(pending_funding_signatures.remove(&funding_txo).unwrap());
                                },
-                               Event::PaymentReceived { payment_hash, amt } => {
+                               Event::PaymentReceived { payment_hash, payment_secret, amt } => {
                                        //TODO: enhance by fetching random amounts from fuzz input?
-                                       payments_received.push((payment_hash, amt));
+                                       payments_received.push((payment_hash, payment_secret, amt));
                                },
                                Event::PaymentSent {..} => {},
                                Event::PaymentFailed {..} => {},
diff --git a/lightning/src/ln/chanmon_update_fail_tests.rs b/lightning/src/ln/chanmon_update_fail_tests.rs
index 0983cf44e4952e12530b6b02303439dc6c6294c1..5c131722ca100f046253c0f343efb27c72bf5831 100644 (file)
--- a/lightning/src/ln/chanmon_update_fail_tests.rs
+++ b/lightning/src/ln/chanmon_update_fail_tests.rs
@@ -30,7 +30,7 @@ fn test_simple_monitor_permanent_update_fail() {
        let (_, payment_hash_1) = get_payment_preimage_hash!(&nodes[0]);
 
        *nodes[0].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::PermanentFailure);
-       if let Err(APIError::ChannelUnavailable {..}) = nodes[0].node.send_payment(route, payment_hash_1) {} else { panic!(); }
+       if let Err(APIError::ChannelUnavailable {..}) = nodes[0].node.send_payment(route, payment_hash_1, None) {} else { panic!(); }
        check_added_monitors!(nodes[0], 1);
 
        let events_1 = nodes[0].node.get_and_clear_pending_msg_events();
@@ -63,7 +63,7 @@ fn do_test_simple_monitor_temporary_update_fail(disconnect: bool) {
        let (payment_preimage_1, payment_hash_1) = get_payment_preimage_hash!(&nodes[0]);
 
        *nodes[0].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
-       if let Err(APIError::MonitorUpdateFailed) = nodes[0].node.send_payment(route.clone(), payment_hash_1) {} else { panic!(); }
+       if let Err(APIError::MonitorUpdateFailed) = nodes[0].node.send_payment(route.clone(), payment_hash_1, None) {} else { panic!(); }
        check_added_monitors!(nodes[0], 1);
 
        assert!(nodes[0].node.get_and_clear_pending_events().is_empty());
@@ -93,8 +93,9 @@ fn do_test_simple_monitor_temporary_update_fail(disconnect: bool) {
        let events_3 = nodes[1].node.get_and_clear_pending_events();
        assert_eq!(events_3.len(), 1);
        match events_3[0] {
-               Event::PaymentReceived { ref payment_hash, amt } => {
+               Event::PaymentReceived { ref payment_hash, ref payment_secret, amt } => {
                        assert_eq!(payment_hash_1, *payment_hash);
+                       assert_eq!(*payment_secret, None);
                        assert_eq!(amt, 1000000);
                },
                _ => panic!("Unexpected event"),
@@ -105,7 +106,7 @@ fn do_test_simple_monitor_temporary_update_fail(disconnect: bool) {
        // Now set it to failed again...
        let (_, payment_hash_2) = get_payment_preimage_hash!(&nodes[0]);
        *nodes[0].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
-       if let Err(APIError::MonitorUpdateFailed) = nodes[0].node.send_payment(route, payment_hash_2) {} else { panic!(); }
+       if let Err(APIError::MonitorUpdateFailed) = nodes[0].node.send_payment(route, payment_hash_2, None) {} else { panic!(); }
        check_added_monitors!(nodes[0], 1);
 
        assert!(nodes[0].node.get_and_clear_pending_events().is_empty());
@@ -168,7 +169,7 @@ fn do_test_monitor_temporary_update_fail(disconnect_count: usize) {
        let (payment_preimage_2, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
 
        *nodes[0].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
-       if let Err(APIError::MonitorUpdateFailed) = nodes[0].node.send_payment(route.clone(), payment_hash_2) {} else { panic!(); }
+       if let Err(APIError::MonitorUpdateFailed) = nodes[0].node.send_payment(route.clone(), payment_hash_2, None) {} else { panic!(); }
        check_added_monitors!(nodes[0], 1);
 
        assert!(nodes[0].node.get_and_clear_pending_events().is_empty());
@@ -177,7 +178,7 @@ fn do_test_monitor_temporary_update_fail(disconnect_count: usize) {
 
        // Claim the previous payment, which will result in a update_fulfill_htlc/CS from nodes[1]
        // but nodes[0] won't respond since it is frozen.
-       assert!(nodes[1].node.claim_funds(payment_preimage_1, 1_000_000));
+       assert!(nodes[1].node.claim_funds(payment_preimage_1, &None, 1_000_000));
        check_added_monitors!(nodes[1], 1);
        let events_2 = nodes[1].node.get_and_clear_pending_msg_events();
        assert_eq!(events_2.len(), 1);
@@ -446,8 +447,9 @@ fn do_test_monitor_temporary_update_fail(disconnect_count: usize) {
        let events_5 = nodes[1].node.get_and_clear_pending_events();
        assert_eq!(events_5.len(), 1);
        match events_5[0] {
-               Event::PaymentReceived { ref payment_hash, amt } => {
+               Event::PaymentReceived { ref payment_hash, ref payment_secret, amt } => {
                        assert_eq!(payment_hash_2, *payment_hash);
+                       assert_eq!(*payment_secret, None);
                        assert_eq!(amt, 1000000);
                },
                _ => panic!("Unexpected event"),
@@ -494,7 +496,7 @@ fn test_monitor_update_fail_cs() {
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
        check_added_monitors!(nodes[0], 1);
 
        let send_event = SendEvent::from_event(nodes[0].node.get_and_clear_pending_msg_events().remove(0));
@@ -555,8 +557,9 @@ fn test_monitor_update_fail_cs() {
        let events = nodes[1].node.get_and_clear_pending_events();
        assert_eq!(events.len(), 1);
        match events[0] {
-               Event::PaymentReceived { payment_hash, amt } => {
+               Event::PaymentReceived { payment_hash, payment_secret, amt } => {
                        assert_eq!(payment_hash, our_payment_hash);
+                       assert_eq!(payment_secret, None);
                        assert_eq!(amt, 1000000);
                },
                _ => panic!("Unexpected event"),
@@ -578,7 +581,7 @@ fn test_monitor_update_fail_no_rebroadcast() {
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage_1, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
        check_added_monitors!(nodes[0], 1);
 
        let send_event = SendEvent::from_event(nodes[0].node.get_and_clear_pending_msg_events().remove(0));
@@ -626,13 +629,13 @@ fn test_monitor_update_raa_while_paused() {
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage_1, our_payment_hash_1) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash_1).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash_1, None).unwrap();
        check_added_monitors!(nodes[0], 1);
        let send_event_1 = SendEvent::from_event(nodes[0].node.get_and_clear_pending_msg_events().remove(0));
 
        let route = nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage_2, our_payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
-       nodes[1].node.send_payment(route, our_payment_hash_2).unwrap();
+       nodes[1].node.send_payment(route, our_payment_hash_2, None).unwrap();
        check_added_monitors!(nodes[1], 1);
        let send_event_2 = SendEvent::from_event(nodes[1].node.get_and_clear_pending_msg_events().remove(0));
 
@@ -701,7 +704,7 @@ fn do_test_monitor_update_fail_raa(test_ignore_second_cs: bool) {
        let (_, payment_hash_1) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], 1000000);
 
        // Fail the payment backwards, failing the monitor update on nodes[1]'s receipt of the RAA
-       assert!(nodes[2].node.fail_htlc_backwards(&payment_hash_1));
+       assert!(nodes[2].node.fail_htlc_backwards(&payment_hash_1, &None));
        expect_pending_htlcs_forwardable!(nodes[2]);
        check_added_monitors!(nodes[2], 1);
 
@@ -720,7 +723,7 @@ fn do_test_monitor_update_fail_raa(test_ignore_second_cs: bool) {
        // holding cell.
        let (payment_preimage_2, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
        let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
-       nodes[0].node.send_payment(route, payment_hash_2).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_2, None).unwrap();
        check_added_monitors!(nodes[0], 1);
 
        let mut send_event = SendEvent::from_event(nodes[0].node.get_and_clear_pending_msg_events().remove(0));
@@ -745,7 +748,7 @@ fn do_test_monitor_update_fail_raa(test_ignore_second_cs: bool) {
 
        let (_, payment_hash_3) = get_payment_preimage_hash!(nodes[0]);
        let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
-       nodes[0].node.send_payment(route, payment_hash_3).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_3, None).unwrap();
        check_added_monitors!(nodes[0], 1);
 
        *nodes[1].chan_monitor.update_ret.lock().unwrap() = Ok(()); // We succeed in updating the monitor for the first channel
@@ -792,7 +795,7 @@ fn do_test_monitor_update_fail_raa(test_ignore_second_cs: bool) {
                // Try to route another payment backwards from 2 to make sure 1 holds off on responding
                let (payment_preimage_4, payment_hash_4) = get_payment_preimage_hash!(nodes[0]);
                let route = nodes[2].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
-               nodes[2].node.send_payment(route, payment_hash_4).unwrap();
+               nodes[2].node.send_payment(route, payment_hash_4, None).unwrap();
                check_added_monitors!(nodes[2], 1);
 
                send_event = SendEvent::from_event(nodes[2].node.get_and_clear_pending_msg_events().remove(0));
@@ -957,7 +960,7 @@ fn test_monitor_update_fail_reestablish() {
        nodes[1].node.peer_disconnected(&nodes[0].node.get_our_node_id(), false);
        nodes[0].node.peer_disconnected(&nodes[1].node.get_our_node_id(), false);
 
-       assert!(nodes[2].node.claim_funds(our_payment_preimage, 1_000_000));
+       assert!(nodes[2].node.claim_funds(our_payment_preimage, &None, 1_000_000));
        check_added_monitors!(nodes[2], 1);
        let mut updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
        assert!(updates.update_add_htlcs.is_empty());
@@ -1043,9 +1046,9 @@ fn raa_no_response_awaiting_raa_state() {
        // immediately after a CS. By setting failing the monitor update failure from the CS (which
        // requires only an RAA response due to AwaitingRAA) we can deliver the RAA and require the CS
        // generation during RAA while in monitor-update-failed state.
-       nodes[0].node.send_payment(route.clone(), payment_hash_1).unwrap();
+       nodes[0].node.send_payment(route.clone(), payment_hash_1, None).unwrap();
        check_added_monitors!(nodes[0], 1);
-       nodes[0].node.send_payment(route.clone(), payment_hash_2).unwrap();
+       nodes[0].node.send_payment(route.clone(), payment_hash_2, None).unwrap();
        check_added_monitors!(nodes[0], 0);
 
        let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -1093,7 +1096,7 @@ fn raa_no_response_awaiting_raa_state() {
        // We send a third payment here, which is somewhat of a redundant test, but the
        // chanmon_fail_consistency test required it to actually find the bug (by seeing out-of-sync
        // commitment transaction states) whereas here we can explicitly check for it.
-       nodes[0].node.send_payment(route.clone(), payment_hash_3).unwrap();
+       nodes[0].node.send_payment(route.clone(), payment_hash_3, None).unwrap();
        check_added_monitors!(nodes[0], 0);
        assert!(nodes[0].node.get_and_clear_pending_msg_events().is_empty());
 
@@ -1156,7 +1159,7 @@ fn claim_while_disconnected_monitor_update_fail() {
        nodes[0].node.peer_disconnected(&nodes[1].node.get_our_node_id(), false);
        nodes[1].node.peer_disconnected(&nodes[0].node.get_our_node_id(), false);
 
-       assert!(nodes[1].node.claim_funds(payment_preimage_1, 1_000_000));
+       assert!(nodes[1].node.claim_funds(payment_preimage_1, &None, 1_000_000));
        check_added_monitors!(nodes[1], 1);
 
        nodes[0].node.peer_connected(&nodes[1].node.get_our_node_id(), &msgs::Init { features: InitFeatures::empty() });
@@ -1182,7 +1185,7 @@ fn claim_while_disconnected_monitor_update_fail() {
        // the monitor still failed
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage_2, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, payment_hash_2).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_2, None).unwrap();
        check_added_monitors!(nodes[0], 1);
 
        let as_updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
@@ -1274,7 +1277,7 @@ fn monitor_failed_no_reestablish_response() {
        // on receipt).
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage_1, payment_hash_1) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, payment_hash_1).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_1, None).unwrap();
        check_added_monitors!(nodes[0], 1);
 
        *nodes[1].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
@@ -1344,7 +1347,7 @@ fn first_message_on_recv_ordering() {
        // can deliver it and fail the monitor update.
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage_1, payment_hash_1) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, payment_hash_1).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_1, None).unwrap();
        check_added_monitors!(nodes[0], 1);
 
        let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -1366,7 +1369,7 @@ fn first_message_on_recv_ordering() {
        // Route the second payment, generating an update_add_htlc/commitment_signed
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage_2, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, payment_hash_2).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_2, None).unwrap();
        check_added_monitors!(nodes[0], 1);
        let mut events = nodes[0].node.get_and_clear_pending_msg_events();
        assert_eq!(events.len(), 1);
@@ -1437,12 +1440,12 @@ fn test_monitor_update_fail_claim() {
        let (payment_preimage_1, _) = route_payment(&nodes[0], &[&nodes[1]], 1000000);
 
        *nodes[1].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
-       assert!(nodes[1].node.claim_funds(payment_preimage_1, 1_000_000));
+       assert!(nodes[1].node.claim_funds(payment_preimage_1, &None, 1_000_000));
        check_added_monitors!(nodes[1], 1);
 
        let route = nodes[2].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (_, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
-       nodes[2].node.send_payment(route, payment_hash_2).unwrap();
+       nodes[2].node.send_payment(route, payment_hash_2, None).unwrap();
        check_added_monitors!(nodes[2], 1);
 
        // Successfully update the monitor on the 1<->2 channel, but the 0<->1 channel should still be
@@ -1512,7 +1515,7 @@ fn test_monitor_update_on_pending_forwards() {
        send_payment(&nodes[0], &[&nodes[1], &nodes[2]], 5000000, 5_000_000);
 
        let (_, payment_hash_1) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], 1000000);
-       assert!(nodes[2].node.fail_htlc_backwards(&payment_hash_1));
+       assert!(nodes[2].node.fail_htlc_backwards(&payment_hash_1, &None));
        expect_pending_htlcs_forwardable!(nodes[2]);
        check_added_monitors!(nodes[2], 1);
 
@@ -1523,7 +1526,7 @@ fn test_monitor_update_on_pending_forwards() {
 
        let route = nodes[2].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage_2, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
-       nodes[2].node.send_payment(route, payment_hash_2).unwrap();
+       nodes[2].node.send_payment(route, payment_hash_2, None).unwrap();
        check_added_monitors!(nodes[2], 1);
 
        let mut events = nodes[2].node.get_and_clear_pending_msg_events();
@@ -1582,7 +1585,7 @@ fn monitor_update_claim_fail_no_response() {
        // Now start forwarding a second payment, skipping the last RAA so B is in AwaitingRAA
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage_2, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, payment_hash_2).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_2, None).unwrap();
        check_added_monitors!(nodes[0], 1);
 
        let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -1592,7 +1595,7 @@ fn monitor_update_claim_fail_no_response() {
        let as_raa = commitment_signed_dance!(nodes[1], nodes[0], payment_event.commitment_msg, false, true, false, true);
 
        *nodes[1].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
-       assert!(nodes[1].node.claim_funds(payment_preimage_1, 1_000_000));
+       assert!(nodes[1].node.claim_funds(payment_preimage_1, &None, 1_000_000));
        check_added_monitors!(nodes[1], 1);
        let events = nodes[1].node.get_and_clear_pending_msg_events();
        assert_eq!(events.len(), 0);
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
index 5debaa8adf48183a961a96f987d6f474d59962a4..55cda5f3be8862be43fb678f3c7292b3072cb0e1 100644 (file)
--- a/lightning/src/ln/channelmanager.rs
+++ b/lightning/src/ln/channelmanager.rs
@@ -284,11 +284,14 @@ pub(super) struct ChannelHolder<ChanSigner: ChannelKeys> {
        /// guarantees are made about the existence of a channel with the short id here, nor the short
        /// ids in the PendingHTLCInfo!
        pub(super) forward_htlcs: HashMap<u64, Vec<HTLCForwardInfo>>,
-       /// Tracks things that were to us and can be failed/claimed by the user
+       /// (payment_hash, payment_secret) -> Vec<HTLCs> for tracking things that
+       /// were to us and can be failed/claimed by the user
        /// Note that while this is held in the same mutex as the channels themselves, no consistency
        /// guarantees are made about the channels given here actually existing anymore by the time you
        /// go to read them!
-       claimable_htlcs: HashMap<PaymentHash, Vec<ClaimableHTLC>>,
+       /// TODO: We need to time out HTLCs sitting here which are waiting on other AMP HTLCs to
+       /// arrive.
+       claimable_htlcs: HashMap<(PaymentHash, Option<[u8; 32]>), Vec<ClaimableHTLC>>,
        /// Messages to send to peers - pushed to in the same lock that they are generated in (except
        /// for broadcast messages, where ordering isn't as strict).
        pub(super) pending_msg_events: Vec<events::MessageSendEvent>,
@@ -1193,7 +1196,14 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
        /// In case of APIError::MonitorUpdateFailed, the commitment update has been irrevocably
        /// committed on our end and we're just waiting for a monitor update to send it. Do NOT retry
        /// the payment via a different route unless you intend to pay twice!
-       pub fn send_payment(&self, route: Route, payment_hash: PaymentHash) -> Result<(), APIError> {
+       ///
+       /// payment_secret is unrelated to payment_hash (or PaymentPreimage) and exists to authenticate
+       /// the sender to the recipient and prevent payment-probing (deanonymization) attacks. For
+       /// newer nodes, it will be provided to you in the invoice. If you do not have one, the Route
+       /// must not contain multiple paths as otherwise the multipath data cannot be sent.
+       /// If a payment_secret *is* provided, we assume that the invoice had the basic_mpp feature bit
+       /// set (either as required or as available).
+       pub fn send_payment(&self, route: Route, payment_hash: PaymentHash, payment_secret: Option<&[u8; 32]>) -> Result<(), APIError> {
                if route.hops.len() < 1 || route.hops.len() > 20 {
                        return Err(APIError::RouteError{err: "Route didn't go anywhere/had bogus size"});
                }
@@ -1210,7 +1220,7 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
 
                let onion_keys = secp_call!(onion_utils::construct_onion_keys(&self.secp_ctx, &route, &session_priv),
                                APIError::RouteError{err: "Pubkey along hop was maliciously selected"});
-               let (onion_payloads, htlc_msat, htlc_cltv) = onion_utils::build_onion_payloads(&route, cur_height)?;
+               let (onion_payloads, htlc_msat, htlc_cltv) = onion_utils::build_onion_payloads(&route, payment_secret, cur_height)?;
                if onion_utils::route_size_insane(&onion_payloads) {
                        return Err(APIError::RouteError{err: "Route size too large considering onion data"});
                }
@@ -1426,7 +1436,9 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
                                                                                        htlc_id: prev_htlc_id,
                                                                                        incoming_packet_shared_secret: forward_info.incoming_shared_secret,
                                                                                });
-                                                                               failed_forwards.push((htlc_source, forward_info.payment_hash, 0x4000 | 10, None));
+                                                                               failed_forwards.push((htlc_source, forward_info.payment_hash,
+                                                                                       HTLCFailReason::Reason { failure_code: 0x1000 | 7, data: Vec::new() }
+                                                                               ));
                                                                        },
                                                                        HTLCForwardInfo::FailHTLC { .. } => {
                                                                                // Channel went away before we could fail it. This implies
@@ -1462,7 +1474,9 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
                                                                                                panic!("Stated return value requirements in send_htlc() were not met");
                                                                                        }
                                                                                        let chan_update = self.get_channel_update(chan.get()).unwrap();
-                                                                                       failed_forwards.push((htlc_source, payment_hash, 0x1000 | 7, Some(chan_update)));
+                                                                                       failed_forwards.push((htlc_source, payment_hash,
+                                                                                               HTLCFailReason::Reason { failure_code: 0x1000 | 7, data: chan_update.encode_with_len() }
+                                                                                       ));
                                                                                        continue;
                                                                                },
                                                                                Ok(update_add) => {
@@ -1571,15 +1585,48 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
                                                                        htlc_id: prev_htlc_id,
                                                                        incoming_packet_shared_secret: incoming_shared_secret,
                                                                };
-                                                               channel_state.claimable_htlcs.entry(payment_hash).or_insert(Vec::new()).push(ClaimableHTLC {
+
+                                                               let mut total_value = 0;
+                                                               let htlcs = channel_state.claimable_htlcs.entry((payment_hash, if let &Some(ref data) = &payment_data {
+                                                                       Some(data.payment_secret.clone()) } else { None }))
+                                                                       .or_insert(Vec::new());
+                                                               htlcs.push(ClaimableHTLC {
                                                                        src: prev_hop_data,
                                                                        value: amt_to_forward,
-                                                                       payment_data,
-                                                               });
-                                                               new_events.push(events::Event::PaymentReceived {
-                                                                       payment_hash: payment_hash,
-                                                                       amt: amt_to_forward,
+                                                                       payment_data: payment_data.clone(),
                                                                });
+                                                               if let &Some(ref data) = &payment_data {
+                                                                       for htlc in htlcs.iter() {
+                                                                               total_value += htlc.value;
+                                                                               if htlc.payment_data.as_ref().unwrap().total_msat != data.total_msat {
+                                                                                       total_value = msgs::MAX_VALUE_MSAT;
+                                                                               }
+                                                                               if total_value >= msgs::MAX_VALUE_MSAT { break; }
+                                                                       }
+                                                                       if total_value >= msgs::MAX_VALUE_MSAT {
+                                                                               for htlc in htlcs.iter() {
+                                                                                       failed_forwards.push((HTLCSource::PreviousHopData(HTLCPreviousHopData {
+                                                                                                       short_channel_id: htlc.src.short_channel_id,
+                                                                                                       htlc_id: htlc.src.htlc_id,
+                                                                                                       incoming_packet_shared_secret: htlc.src.incoming_packet_shared_secret,
+                                                                                               }), payment_hash,
+                                                                                               HTLCFailReason::Reason { failure_code: 0x4000 | 15, data: byte_utils::be64_to_array(htlc.value).to_vec() }
+                                                                                       ));
+                                                                               }
+                                                                       } else if total_value >= data.total_msat {
+                                                                               new_events.push(events::Event::PaymentReceived {
+                                                                                       payment_hash: payment_hash,
+                                                                                       payment_secret: Some(data.payment_secret),
+                                                                                       amt: total_value,
+                                                                               });
+                                                                       }
+                                                               } else {
+                                                                       new_events.push(events::Event::PaymentReceived {
+                                                                               payment_hash: payment_hash,
+                                                                               payment_secret: None,
+                                                                               amt: amt_to_forward,
+                                                                       });
+                                                               }
                                                        },
                                                        HTLCForwardInfo::AddHTLC { .. } => {
                                                                panic!("short_channel_id == 0 should imply any pending_forward entries are of type Receive");
@@ -1593,11 +1640,8 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
                        }
                }
 
-               for (htlc_source, payment_hash, failure_code, update) in failed_forwards.drain(..) {
-                       match update {
-                               None => self.fail_htlc_backwards_internal(self.channel_state.lock().unwrap(), htlc_source, &payment_hash, HTLCFailReason::Reason { failure_code, data: Vec::new() }),
-                               Some(chan_update) => self.fail_htlc_backwards_internal(self.channel_state.lock().unwrap(), htlc_source, &payment_hash, HTLCFailReason::Reason { failure_code, data: chan_update.encode_with_len() }),
-                       };
+               for (htlc_source, payment_hash, failure_reason) in failed_forwards.drain(..) {
+                       self.fail_htlc_backwards_internal(self.channel_state.lock().unwrap(), htlc_source, &payment_hash, failure_reason);
                }
 
                if handle_errors.len() > 0 {
@@ -1642,11 +1686,11 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
        /// along the path (including in our own channel on which we received it).
        /// Returns false if no payment was found to fail backwards, true if the process of failing the
        /// HTLC backwards has been started.
-       pub fn fail_htlc_backwards(&self, payment_hash: &PaymentHash) -> bool {
+       pub fn fail_htlc_backwards(&self, payment_hash: &PaymentHash, payment_secret: &Option<[u8; 32]>) -> bool {
                let _ = self.total_consistency_lock.read().unwrap();
 
                let mut channel_state = Some(self.channel_state.lock().unwrap());
-               let removed_source = channel_state.as_mut().unwrap().claimable_htlcs.remove(payment_hash);
+               let removed_source = channel_state.as_mut().unwrap().claimable_htlcs.remove(&(*payment_hash, *payment_secret));
                if let Some(mut sources) = removed_source {
                        for htlc in sources.drain(..) {
                                if channel_state.is_none() { channel_state = Some(self.channel_state.lock().unwrap()); }
@@ -1768,13 +1812,13 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
        /// motivated attackers.
        ///
        /// May panic if called except in response to a PaymentReceived event.
-       pub fn claim_funds(&self, payment_preimage: PaymentPreimage, expected_amount: u64) -> bool {
+       pub fn claim_funds(&self, payment_preimage: PaymentPreimage, payment_secret: &Option<[u8; 32]>, expected_amount: u64) -> bool {
                let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0).into_inner());
 
                let _ = self.total_consistency_lock.read().unwrap();
 
                let mut channel_state = Some(self.channel_state.lock().unwrap());
-               let removed_source = channel_state.as_mut().unwrap().claimable_htlcs.remove(&payment_hash);
+               let removed_source = channel_state.as_mut().unwrap().claimable_htlcs.remove(&(payment_hash, *payment_secret));
                if let Some(mut sources) = removed_source {
                        for htlc in sources.drain(..) {
                                if channel_state.is_none() { channel_state = Some(self.channel_state.lock().unwrap()); }
diff --git a/lightning/src/ln/functional_test_utils.rs b/lightning/src/ln/functional_test_utils.rs
index 945a0dde092f4967cad685a9344300f01615b9d8..10ccb75abf90d34e1cc3c28718e20b890334e181 100644 (file)
--- a/lightning/src/ln/functional_test_utils.rs
+++ b/lightning/src/ln/functional_test_utils.rs
@@ -678,8 +678,9 @@ macro_rules! expect_payment_received {
                let events = $node.node.get_and_clear_pending_events();
                assert_eq!(events.len(), 1);
                match events[0] {
-                       Event::PaymentReceived { ref payment_hash, amt } => {
+                       Event::PaymentReceived { ref payment_hash, ref payment_secret, amt } => {
                                assert_eq!($expected_payment_hash, *payment_hash);
+                               assert_eq!(*payment_secret, None);
                                assert_eq!($expected_recv_value, amt);
                        },
                        _ => panic!("Unexpected event"),
@@ -714,9 +715,9 @@ macro_rules! expect_payment_failed {
        }
 }
 
-pub fn send_along_route_with_hash<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, route: Route, expected_route: &[&Node<'a, 'b, 'c>], recv_value: u64, our_payment_hash: PaymentHash) {
+pub fn send_along_route_with_secret<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, route: Route, expected_route: &[&Node<'a, 'b, 'c>], recv_value: u64, our_payment_hash: PaymentHash, our_payment_secret: Option<[u8; 32]>) {
        let mut payment_event = {
-               origin_node.node.send_payment(route, our_payment_hash).unwrap();
+               origin_node.node.send_payment(route, our_payment_hash, our_payment_secret.as_ref()).unwrap();
                check_added_monitors!(origin_node, 1);
 
                let mut events = origin_node.node.get_and_clear_pending_msg_events();
@@ -738,8 +739,9 @@ pub fn send_along_route_with_hash<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, ro
                        let events_2 = node.node.get_and_clear_pending_events();
                        assert_eq!(events_2.len(), 1);
                        match events_2[0] {
-                               Event::PaymentReceived { ref payment_hash, amt } => {
+                               Event::PaymentReceived { ref payment_hash, ref payment_secret, amt } => {
                                        assert_eq!(our_payment_hash, *payment_hash);
+                                       assert_eq!(our_payment_secret, *payment_secret);
                                        assert_eq!(amt, recv_value);
                                },
                                _ => panic!("Unexpected event"),
@@ -756,14 +758,18 @@ pub fn send_along_route_with_hash<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, ro
        }
 }
 
+pub fn send_along_route_with_hash<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, route: Route, expected_route: &[&Node<'a, 'b, 'c>], recv_value: u64, our_payment_hash: PaymentHash) {
+       send_along_route_with_secret(origin_node, route, expected_route, recv_value, our_payment_hash, None);
+}
+
 pub fn send_along_route<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, route: Route, expected_route: &[&Node<'a, 'b, 'c>], recv_value: u64) -> (PaymentPreimage, PaymentHash) {
        let (our_payment_preimage, our_payment_hash) = get_payment_preimage_hash!(origin_node);
        send_along_route_with_hash(origin_node, route, expected_route, recv_value, our_payment_hash);
        (our_payment_preimage, our_payment_hash)
 }
 
-pub fn claim_payment_along_route<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, expected_route: &[&Node<'a, 'b, 'c>], skip_last: bool, our_payment_preimage: PaymentPreimage, expected_amount: u64) {
-       assert!(expected_route.last().unwrap().node.claim_funds(our_payment_preimage, expected_amount));
+pub fn claim_payment_along_route_with_secret<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, expected_route: &[&Node<'a, 'b, 'c>], skip_last: bool, our_payment_preimage: PaymentPreimage, our_payment_secret: Option<[u8; 32]>, expected_amount: u64) {
+       assert!(expected_route.last().unwrap().node.claim_funds(our_payment_preimage, &our_payment_secret, expected_amount));
        check_added_monitors!(expected_route.last().unwrap(), 1);
 
        let mut next_msgs: Option<(msgs::UpdateFulfillHTLC, msgs::CommitmentSigned)> = None;
@@ -840,6 +846,10 @@ pub fn claim_payment_along_route<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, exp
        }
 }
 
+pub fn claim_payment_along_route<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, expected_route: &[&Node<'a, 'b, 'c>], skip_last: bool, our_payment_preimage: PaymentPreimage, expected_amount: u64) {
+       claim_payment_along_route_with_secret(origin_node, expected_route, skip_last, our_payment_preimage, None, expected_amount);
+}
+
 pub fn claim_payment<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, expected_route: &[&Node<'a, 'b, 'c>], our_payment_preimage: PaymentPreimage, expected_amount: u64) {
        claim_payment_along_route(origin_node, expected_route, false, our_payment_preimage, expected_amount);
 }
@@ -865,7 +875,7 @@ pub fn route_over_limit<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, expected_rou
 
        let (_, our_payment_hash) = get_payment_preimage_hash!(origin_node);
 
-       let err = origin_node.node.send_payment(route, our_payment_hash).err().unwrap();
+       let err = origin_node.node.send_payment(route, our_payment_hash, None).err().unwrap();
        match err {
                APIError::ChannelUnavailable{err} => assert_eq!(err, "Cannot send value that would put us over the max HTLC value in flight our peer will accept"),
                _ => panic!("Unknown error variants"),
@@ -878,7 +888,7 @@ pub fn send_payment<'a, 'b, 'c>(origin: &Node<'a, 'b, 'c>, expected_route: &[&No
 }
 
 pub fn fail_payment_along_route<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, expected_route: &[&Node<'a, 'b, 'c>], skip_last: bool, our_payment_hash: PaymentHash)  {
-       assert!(expected_route.last().unwrap().node.fail_htlc_backwards(&our_payment_hash));
+       assert!(expected_route.last().unwrap().node.fail_htlc_backwards(&our_payment_hash, &None));
        expect_pending_htlcs_forwardable!(expected_route.last().unwrap());
        check_added_monitors!(expected_route.last().unwrap(), 1);
 
diff --git a/lightning/src/ln/functional_tests.rs b/lightning/src/ln/functional_tests.rs
index 089ac9ca71538bc763babb65cc62ce7149e0897a..b9e91f8732289c16121d96a77270e0b33af6f3fe 100644 (file)
--- a/lightning/src/ln/functional_tests.rs
+++ b/lightning/src/ln/functional_tests.rs
@@ -155,7 +155,7 @@ fn test_async_inbound_update_fee() {
 
        // ...but before it's delivered, nodes[1] starts to send a payment back to nodes[0]...
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[1].node.send_payment(nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 40000, TEST_FINAL_CLTV).unwrap(), our_payment_hash).unwrap();
+       nodes[1].node.send_payment(nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 40000, TEST_FINAL_CLTV).unwrap(), our_payment_hash, None).unwrap();
        check_added_monitors!(nodes[1], 1);
 
        let payment_event = {
@@ -251,7 +251,7 @@ fn test_update_fee_unordered_raa() {
 
        // ...but before it's delivered, nodes[1] starts to send a payment back to nodes[0]...
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[1].node.send_payment(nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 40000, TEST_FINAL_CLTV).unwrap(), our_payment_hash).unwrap();
+       nodes[1].node.send_payment(nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &Vec::new(), 40000, TEST_FINAL_CLTV).unwrap(), our_payment_hash, None).unwrap();
        check_added_monitors!(nodes[1], 1);
 
        let payment_event = {
@@ -644,7 +644,7 @@ fn test_update_fee_with_fundee_update_add_htlc() {
        let (our_payment_preimage, our_payment_hash) = get_payment_preimage_hash!(nodes[1]);
 
        // nothing happens since node[1] is in AwaitingRemoteRevoke
-       nodes[1].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[1].node.send_payment(route, our_payment_hash, None).unwrap();
        {
                let mut added_monitors = nodes[0].chan_monitor.added_monitors.lock().unwrap();
                assert_eq!(added_monitors.len(), 0);
@@ -863,12 +863,12 @@ fn updates_shutdown_wait() {
        assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
 
        let (_, payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       if let Err(APIError::ChannelUnavailable {..}) = nodes[0].node.send_payment(route_1, payment_hash) {}
+       if let Err(APIError::ChannelUnavailable {..}) = nodes[0].node.send_payment(route_1, payment_hash, None) {}
        else { panic!("New sends should fail!") };
-       if let Err(APIError::ChannelUnavailable {..}) = nodes[1].node.send_payment(route_2, payment_hash) {}
+       if let Err(APIError::ChannelUnavailable {..}) = nodes[1].node.send_payment(route_2, payment_hash, None) {}
        else { panic!("New sends should fail!") };
 
-       assert!(nodes[2].node.claim_funds(our_payment_preimage, 100_000));
+       assert!(nodes[2].node.claim_funds(our_payment_preimage, &None, 100_000));
        check_added_monitors!(nodes[2], 1);
        let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
        assert!(updates.update_add_htlcs.is_empty());
@@ -926,7 +926,7 @@ fn htlc_fail_async_shutdown() {
 
        let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
        check_added_monitors!(nodes[0], 1);
        let updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
        assert_eq!(updates.update_add_htlcs.len(), 1);
@@ -1047,7 +1047,7 @@ fn do_test_shutdown_rebroadcast(recv_count: u8) {
        assert!(nodes[0].node.get_and_clear_pending_msg_events().is_empty());
        assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
 
-       assert!(nodes[2].node.claim_funds(our_payment_preimage, 100_000));
+       assert!(nodes[2].node.claim_funds(our_payment_preimage, &None, 100_000));
        check_added_monitors!(nodes[2], 1);
        let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
        assert!(updates.update_add_htlcs.is_empty());
@@ -1306,7 +1306,7 @@ fn holding_cell_htlc_counting() {
        for _ in 0..::ln::channel::OUR_MAX_HTLCS {
                let route = nodes[1].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 100000, TEST_FINAL_CLTV).unwrap();
                let (payment_preimage, payment_hash) = get_payment_preimage_hash!(nodes[0]);
-               nodes[1].node.send_payment(route, payment_hash).unwrap();
+               nodes[1].node.send_payment(route, payment_hash, None).unwrap();
                payments.push((payment_preimage, payment_hash));
        }
        check_added_monitors!(nodes[1], 1);
@@ -1321,7 +1321,7 @@ fn holding_cell_htlc_counting() {
        // another HTLC.
        let route = nodes[1].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 100000, TEST_FINAL_CLTV).unwrap();
        let (_, payment_hash_1) = get_payment_preimage_hash!(nodes[0]);
-       if let APIError::ChannelUnavailable { err } = nodes[1].node.send_payment(route, payment_hash_1).unwrap_err() {
+       if let APIError::ChannelUnavailable { err } = nodes[1].node.send_payment(route, payment_hash_1, None).unwrap_err() {
                assert_eq!(err, "Cannot push more than their max accepted HTLCs");
        } else { panic!("Unexpected event"); }
        assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
@@ -1330,7 +1330,7 @@ fn holding_cell_htlc_counting() {
        // This should also be true if we try to forward a payment.
        let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 100000, TEST_FINAL_CLTV).unwrap();
        let (_, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, payment_hash_2).unwrap();
+       nodes[0].node.send_payment(route, payment_hash_2, None).unwrap();
        check_added_monitors!(nodes[0], 1);
 
        let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -1471,7 +1471,7 @@ fn test_duplicate_htlc_different_direction_onchain() {
        send_along_route_with_hash(&nodes[1], route, &vec!(&nodes[0])[..], 800_000, payment_hash);
 
        // Provide preimage to node 0 by claiming payment
-       nodes[0].node.claim_funds(payment_preimage, 800_000);
+       nodes[0].node.claim_funds(payment_preimage, &None, 800_000);
        check_added_monitors!(nodes[0], 1);
 
        // Broadcast node 1 commitment txn
@@ -1563,7 +1563,7 @@ fn do_channel_reserve_test(test_recv: bool) {
        {
                let (route, our_payment_hash, _) = get_route_and_payment_hash!(recv_value_0 + 1);
                assert!(route.hops.iter().rev().skip(1).all(|h| h.fee_msat == feemsat));
-               let err = nodes[0].node.send_payment(route, our_payment_hash).err().unwrap();
+               let err = nodes[0].node.send_payment(route, our_payment_hash, None).err().unwrap();
                match err {
                        APIError::ChannelUnavailable{err} => assert_eq!(err, "Cannot send value that would put us over the max HTLC value in flight our peer will accept"),
                        _ => panic!("Unknown error variants"),
@@ -1601,7 +1601,7 @@ fn do_channel_reserve_test(test_recv: bool) {
                let recv_value = stat01.value_to_self_msat - stat01.channel_reserve_msat - total_fee_msat;
                // attempt to get channel_reserve violation
                let (route, our_payment_hash, _) = get_route_and_payment_hash!(recv_value + 1);
-               let err = nodes[0].node.send_payment(route.clone(), our_payment_hash).err().unwrap();
+               let err = nodes[0].node.send_payment(route.clone(), our_payment_hash, None).err().unwrap();
                match err {
                        APIError::ChannelUnavailable{err} => assert_eq!(err, "Cannot send value that would put us over their reserve value"),
                        _ => panic!("Unknown error variants"),
@@ -1616,7 +1616,7 @@ fn do_channel_reserve_test(test_recv: bool) {
 
        let (route_1, our_payment_hash_1, our_payment_preimage_1) = get_route_and_payment_hash!(recv_value_1);
        let payment_event_1 = {
-               nodes[0].node.send_payment(route_1, our_payment_hash_1).unwrap();
+               nodes[0].node.send_payment(route_1, our_payment_hash_1, None).unwrap();
                check_added_monitors!(nodes[0], 1);
 
                let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -1629,7 +1629,7 @@ fn do_channel_reserve_test(test_recv: bool) {
        let recv_value_2 = stat01.value_to_self_msat - amt_msat_1 - stat01.channel_reserve_msat - total_fee_msat;
        {
                let (route, our_payment_hash, _) = get_route_and_payment_hash!(recv_value_2 + 1);
-               match nodes[0].node.send_payment(route, our_payment_hash).err().unwrap() {
+               match nodes[0].node.send_payment(route, our_payment_hash, None).err().unwrap() {
                        APIError::ChannelUnavailable{err} => assert_eq!(err, "Cannot send value that would put us over their reserve value"),
                        _ => panic!("Unknown error variants"),
                }
@@ -1652,7 +1652,7 @@ fn do_channel_reserve_test(test_recv: bool) {
 
                let cur_height = nodes[0].node.latest_block_height.load(Ordering::Acquire) as u32 + 1;
                let onion_keys = onion_utils::construct_onion_keys(&secp_ctx, &route, &session_priv).unwrap();
-               let (onion_payloads, htlc_msat, htlc_cltv) = onion_utils::build_onion_payloads(&route, cur_height).unwrap();
+               let (onion_payloads, htlc_msat, htlc_cltv) = onion_utils::build_onion_payloads(&route, None, cur_height).unwrap();
                let onion_packet = onion_utils::construct_onion_packet(onion_payloads, onion_keys, [0; 32], &our_payment_hash);
                let msg = msgs::UpdateAddHTLC {
                        channel_id: chan_1.2,
@@ -1685,7 +1685,7 @@ fn do_channel_reserve_test(test_recv: bool) {
        // now see if they go through on both sides
        let (route_21, our_payment_hash_21, our_payment_preimage_21) = get_route_and_payment_hash!(recv_value_21);
        // but this will stuck in the holding cell
-       nodes[0].node.send_payment(route_21, our_payment_hash_21).unwrap();
+       nodes[0].node.send_payment(route_21, our_payment_hash_21, None).unwrap();
        check_added_monitors!(nodes[0], 0);
        let events = nodes[0].node.get_and_clear_pending_events();
        assert_eq!(events.len(), 0);
@@ -1693,7 +1693,7 @@ fn do_channel_reserve_test(test_recv: bool) {
        // test with outbound holding cell amount > 0
        {
                let (route, our_payment_hash, _) = get_route_and_payment_hash!(recv_value_22+1);
-               match nodes[0].node.send_payment(route, our_payment_hash).err().unwrap() {
+               match nodes[0].node.send_payment(route, our_payment_hash, None).err().unwrap() {
                        APIError::ChannelUnavailable{err} => assert_eq!(err, "Cannot send value that would put us over their reserve value"),
                        _ => panic!("Unknown error variants"),
                }
@@ -1703,7 +1703,7 @@ fn do_channel_reserve_test(test_recv: bool) {
 
        let (route_22, our_payment_hash_22, our_payment_preimage_22) = get_route_and_payment_hash!(recv_value_22);
        // this will also stuck in the holding cell
-       nodes[0].node.send_payment(route_22, our_payment_hash_22).unwrap();
+       nodes[0].node.send_payment(route_22, our_payment_hash_22, None).unwrap();
        check_added_monitors!(nodes[0], 0);
        assert!(nodes[0].node.get_and_clear_pending_events().is_empty());
        assert!(nodes[0].node.get_and_clear_pending_msg_events().is_empty());
@@ -1753,15 +1753,17 @@ fn do_channel_reserve_test(test_recv: bool) {
        let events = nodes[2].node.get_and_clear_pending_events();
        assert_eq!(events.len(), 2);
        match events[0] {
-               Event::PaymentReceived { ref payment_hash, amt } => {
+               Event::PaymentReceived { ref payment_hash, ref payment_secret, amt } => {
                        assert_eq!(our_payment_hash_21, *payment_hash);
+                       assert_eq!(*payment_secret, None);
                        assert_eq!(recv_value_21, amt);
                },
                _ => panic!("Unexpected event"),
        }
        match events[1] {
-               Event::PaymentReceived { ref payment_hash, amt } => {
+               Event::PaymentReceived { ref payment_hash, ref payment_secret, amt } => {
                        assert_eq!(our_payment_hash_22, *payment_hash);
+                       assert_eq!(*payment_secret, None);
                        assert_eq!(recv_value_22, amt);
                },
                _ => panic!("Unexpected event"),
@@ -1825,7 +1827,7 @@ fn channel_reserve_in_flight_removes() {
        let (payment_preimage_3, payment_hash_3) = get_payment_preimage_hash!(nodes[0]);
        let send_1 = {
                let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
-               nodes[0].node.send_payment(route, payment_hash_3).unwrap();
+               nodes[0].node.send_payment(route, payment_hash_3, None).unwrap();
                check_added_monitors!(nodes[0], 1);
                let mut events = nodes[0].node.get_and_clear_pending_msg_events();
                assert_eq!(events.len(), 1);
@@ -1834,13 +1836,13 @@ fn channel_reserve_in_flight_removes() {
 
        // Now claim both of the first two HTLCs on B's end, putting B in AwaitingRAA and generating an
        // initial fulfill/CS.
-       assert!(nodes[1].node.claim_funds(payment_preimage_1, b_chan_values.channel_reserve_msat - b_chan_values.value_to_self_msat - 10000));
+       assert!(nodes[1].node.claim_funds(payment_preimage_1, &None, b_chan_values.channel_reserve_msat - b_chan_values.value_to_self_msat - 10000));
        check_added_monitors!(nodes[1], 1);
        let bs_removes = get_htlc_update_msgs!(nodes[1], nodes[0].node.get_our_node_id());
 
        // This claim goes in B's holding cell, allowing us to have a pending B->A RAA which does not
        // remove the second HTLC when we send the HTLC back from B to A.
-       assert!(nodes[1].node.claim_funds(payment_preimage_2, 20000));
+       assert!(nodes[1].node.claim_funds(payment_preimage_2, &None, 20000));
        check_added_monitors!(nodes[1], 1);
        assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
 
@@ -1897,7 +1899,7 @@ fn channel_reserve_in_flight_removes() {
        let (payment_preimage_4, payment_hash_4) = get_payment_preimage_hash!(nodes[1]);
        let send_2 = {
                let route = nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &[], 10000, TEST_FINAL_CLTV).unwrap();
-               nodes[1].node.send_payment(route, payment_hash_4).unwrap();
+               nodes[1].node.send_payment(route, payment_hash_4, None).unwrap();
                check_added_monitors!(nodes[1], 1);
                let mut events = nodes[1].node.get_and_clear_pending_msg_events();
                assert_eq!(events.len(), 1);
@@ -1987,7 +1989,7 @@ fn channel_monitor_network_test() {
        macro_rules! claim_funds {
                ($node: expr, $prev_node: expr, $preimage: expr, $amount: expr) => {
                        {
-                               assert!($node.node.claim_funds($preimage, $amount));
+                               assert!($node.node.claim_funds($preimage, &None, $amount));
                                check_added_monitors!($node, 1);
 
                                let events = $node.node.get_and_clear_pending_msg_events();
@@ -2425,8 +2427,8 @@ fn test_htlc_on_chain_success() {
        let commitment_tx = nodes[2].node.channel_state.lock().unwrap().by_id.get_mut(&chan_2.2).unwrap().channel_monitor().get_latest_local_commitment_txn();
        assert_eq!(commitment_tx.len(), 1);
        check_spends!(commitment_tx[0], chan_2.3.clone());
-       nodes[2].node.claim_funds(our_payment_preimage, 3_000_000);
-       nodes[2].node.claim_funds(our_payment_preimage_2, 3_000_000);
+       nodes[2].node.claim_funds(our_payment_preimage, &None, 3_000_000);
+       nodes[2].node.claim_funds(our_payment_preimage_2, &None, 3_000_000);
        check_added_monitors!(nodes[2], 2);
        let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
        assert!(updates.update_add_htlcs.is_empty());
@@ -2592,7 +2594,7 @@ fn test_htlc_on_chain_timeout() {
        // Broadcast legit commitment tx from C on B's chain
        let commitment_tx = nodes[2].node.channel_state.lock().unwrap().by_id.get_mut(&chan_2.2).unwrap().channel_monitor().get_latest_local_commitment_txn();
        check_spends!(commitment_tx[0], chan_2.3.clone());
-       nodes[2].node.fail_htlc_backwards(&payment_hash);
+       nodes[2].node.fail_htlc_backwards(&payment_hash, &None);
        check_added_monitors!(nodes[2], 0);
        expect_pending_htlcs_forwardable!(nodes[2]);
        check_added_monitors!(nodes[2], 1);
@@ -2781,7 +2783,7 @@ fn do_test_commitment_revoked_fail_backward_exhaustive(deliver_bs_raa: bool, use
        let (_, second_payment_hash) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], value);
        let (_, third_payment_hash) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], value);
 
-       assert!(nodes[2].node.fail_htlc_backwards(&first_payment_hash));
+       assert!(nodes[2].node.fail_htlc_backwards(&first_payment_hash, &None));
        expect_pending_htlcs_forwardable!(nodes[2]);
        check_added_monitors!(nodes[2], 1);
        let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
@@ -2794,7 +2796,7 @@ fn do_test_commitment_revoked_fail_backward_exhaustive(deliver_bs_raa: bool, use
        let bs_raa = commitment_signed_dance!(nodes[1], nodes[2], updates.commitment_signed, false, true, false, true);
        // Drop the last RAA from 3 -> 2
 
-       assert!(nodes[2].node.fail_htlc_backwards(&second_payment_hash));
+       assert!(nodes[2].node.fail_htlc_backwards(&second_payment_hash, &None));
        expect_pending_htlcs_forwardable!(nodes[2]);
        check_added_monitors!(nodes[2], 1);
        let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
@@ -2811,7 +2813,7 @@ fn do_test_commitment_revoked_fail_backward_exhaustive(deliver_bs_raa: bool, use
        nodes[2].node.handle_revoke_and_ack(&nodes[1].node.get_our_node_id(), &as_raa);
        check_added_monitors!(nodes[2], 1);
 
-       assert!(nodes[2].node.fail_htlc_backwards(&third_payment_hash));
+       assert!(nodes[2].node.fail_htlc_backwards(&third_payment_hash, &None));
        expect_pending_htlcs_forwardable!(nodes[2]);
        check_added_monitors!(nodes[2], 1);
        let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
@@ -2834,7 +2836,7 @@ fn do_test_commitment_revoked_fail_backward_exhaustive(deliver_bs_raa: bool, use
        // on nodes[2]'s RAA.
        let route = nodes[1].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (_, fourth_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[1].node.send_payment(route, fourth_payment_hash).unwrap();
+       nodes[1].node.send_payment(route, fourth_payment_hash, None).unwrap();
        assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
        assert!(nodes[1].node.get_and_clear_pending_events().is_empty());
        check_added_monitors!(nodes[1], 0);
@@ -3006,7 +3008,7 @@ fn test_force_close_fail_back() {
        let (our_payment_preimage, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
 
        let mut payment_event = {
-               nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+               nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
                check_added_monitors!(nodes[0], 1);
 
                let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -3174,7 +3176,7 @@ fn do_test_drop_messages_peer_disconnect(messages_delivered: u8) {
        let (payment_preimage_1, payment_hash_1) = get_payment_preimage_hash!(nodes[0]);
 
        let payment_event = {
-               nodes[0].node.send_payment(route.clone(), payment_hash_1).unwrap();
+               nodes[0].node.send_payment(route.clone(), payment_hash_1, None).unwrap();
                check_added_monitors!(nodes[0], 1);
 
                let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -3249,14 +3251,15 @@ fn do_test_drop_messages_peer_disconnect(messages_delivered: u8) {
        let events_2 = nodes[1].node.get_and_clear_pending_events();
        assert_eq!(events_2.len(), 1);
        match events_2[0] {
-               Event::PaymentReceived { ref payment_hash, amt } => {
+               Event::PaymentReceived { ref payment_hash, ref payment_secret, amt } => {
                        assert_eq!(payment_hash_1, *payment_hash);
+                       assert_eq!(*payment_secret, None);
                        assert_eq!(amt, 1000000);
                },
                _ => panic!("Unexpected event"),
        }
 
-       nodes[1].node.claim_funds(payment_preimage_1, 1_000_000);
+       nodes[1].node.claim_funds(payment_preimage_1, &None, 1_000_000);
        check_added_monitors!(nodes[1], 1);
 
        let events_3 = nodes[1].node.get_and_clear_pending_msg_events();
@@ -3465,7 +3468,7 @@ fn test_drop_messages_peer_disconnect_dual_htlc() {
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage_2, payment_hash_2) = get_payment_preimage_hash!(nodes[0]);
 
-       nodes[0].node.send_payment(route.clone(), payment_hash_2).unwrap();
+       nodes[0].node.send_payment(route.clone(), payment_hash_2, None).unwrap();
        check_added_monitors!(nodes[0], 1);
 
        let events_1 = nodes[0].node.get_and_clear_pending_msg_events();
@@ -3475,7 +3478,7 @@ fn test_drop_messages_peer_disconnect_dual_htlc() {
                _ => panic!("Unexpected event"),
        }
 
-       assert!(nodes[1].node.claim_funds(payment_preimage_1, 1_000_000));
+       assert!(nodes[1].node.claim_funds(payment_preimage_1, &None, 1_000_000));
        check_added_monitors!(nodes[1], 1);
 
        let events_2 = nodes[1].node.get_and_clear_pending_msg_events();
@@ -3578,8 +3581,9 @@ fn test_drop_messages_peer_disconnect_dual_htlc() {
        let events_5 = nodes[1].node.get_and_clear_pending_events();
        assert_eq!(events_5.len(), 1);
        match events_5[0] {
-               Event::PaymentReceived { ref payment_hash, amt: _ } => {
+               Event::PaymentReceived { ref payment_hash, ref payment_secret, amt: _ } => {
                        assert_eq!(payment_hash_2, *payment_hash);
+                       assert_eq!(*payment_secret, None);
                },
                _ => panic!("Unexpected event"),
        }
@@ -4100,7 +4104,7 @@ fn test_static_spendable_outputs_preimage_tx() {
 
        // Settle A's commitment tx on B's chain
        let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
-       assert!(nodes[1].node.claim_funds(payment_preimage, 3_000_000));
+       assert!(nodes[1].node.claim_funds(payment_preimage, &None, 3_000_000));
        check_added_monitors!(nodes[1], 1);
        nodes[1].block_notifier.block_connected(&Block { header, txdata: vec![commitment_tx[0].clone()] }, 1);
        let events = nodes[1].node.get_and_clear_pending_msg_events();
@@ -4282,7 +4286,7 @@ fn test_onchain_to_onchain_claim() {
        let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42};
        let commitment_tx = nodes[2].node.channel_state.lock().unwrap().by_id.get_mut(&chan_2.2).unwrap().channel_monitor().get_latest_local_commitment_txn();
        check_spends!(commitment_tx[0], chan_2.3.clone());
-       nodes[2].node.claim_funds(payment_preimage, 3_000_000);
+       nodes[2].node.claim_funds(payment_preimage, &None, 3_000_000);
        check_added_monitors!(nodes[2], 1);
        let updates = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
        assert!(updates.update_add_htlcs.is_empty());
@@ -4396,7 +4400,7 @@ fn test_duplicate_payment_hash_one_failure_one_success() {
                htlc_timeout_tx = node_txn[1].clone();
        }
 
-       nodes[2].node.claim_funds(our_payment_preimage, 900_000);
+       nodes[2].node.claim_funds(our_payment_preimage, &None, 900_000);
        nodes[2].block_notifier.block_connected(&Block { header, txdata: vec![commitment_txn[0].clone()] }, 1);
        check_added_monitors!(nodes[2], 2);
        let events = nodes[2].node.get_and_clear_pending_msg_events();
@@ -4492,7 +4496,7 @@ fn test_dynamic_spendable_outputs_local_htlc_success_tx() {
        check_spends!(local_txn[0], chan_1.3.clone());
 
        // Give B knowledge of preimage to be able to generate a local HTLC-Success Tx
-       nodes[1].node.claim_funds(payment_preimage, 9_000_000);
+       nodes[1].node.claim_funds(payment_preimage, &None, 9_000_000);
        check_added_monitors!(nodes[1], 1);
        let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
        nodes[1].block_notifier.block_connected(&Block { header, txdata: vec![local_txn[0].clone()] }, 1);
@@ -4586,10 +4590,10 @@ fn do_test_fail_backwards_unrevoked_remote_announce(deliver_last_raa: bool, anno
 
        // Now fail back three of the over-dust-limit and three of the under-dust-limit payments in one go.
        // Fail 0th below-dust, 4th above-dust, 8th above-dust, 10th below-dust HTLCs
-       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_1));
-       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_3));
-       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_5));
-       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_6));
+       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_1, &None));
+       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_3, &None));
+       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_5, &None));
+       assert!(nodes[4].node.fail_htlc_backwards(&payment_hash_6, &None));
        check_added_monitors!(nodes[4], 0);
        expect_pending_htlcs_forwardable!(nodes[4]);
        check_added_monitors!(nodes[4], 1);
@@ -4602,8 +4606,8 @@ fn do_test_fail_backwards_unrevoked_remote_announce(deliver_last_raa: bool, anno
        commitment_signed_dance!(nodes[3], nodes[4], four_removes.commitment_signed, false);
 
        // Fail 3rd below-dust and 7th above-dust HTLCs
-       assert!(nodes[5].node.fail_htlc_backwards(&payment_hash_2));
-       assert!(nodes[5].node.fail_htlc_backwards(&payment_hash_4));
+       assert!(nodes[5].node.fail_htlc_backwards(&payment_hash_2, &None));
+       assert!(nodes[5].node.fail_htlc_backwards(&payment_hash_4, &None));
        check_added_monitors!(nodes[5], 0);
        expect_pending_htlcs_forwardable!(nodes[5]);
        check_added_monitors!(nodes[5], 1);
@@ -4843,7 +4847,7 @@ fn do_htlc_claim_local_commitment_only(use_dust: bool) {
 
        // Claim the payment, but don't deliver A's commitment_signed, resulting in the HTLC only being
        // present in B's local commitment transaction, but none of A's commitment transactions.
-       assert!(nodes[1].node.claim_funds(our_payment_preimage, if use_dust { 50_000 } else { 3_000_000 }));
+       assert!(nodes[1].node.claim_funds(our_payment_preimage, &None, if use_dust { 50_000 } else { 3_000_000 }));
        check_added_monitors!(nodes[1], 1);
 
        let bs_updates = get_htlc_update_msgs!(nodes[1], nodes[0].node.get_our_node_id());
@@ -4881,7 +4885,7 @@ fn do_htlc_claim_current_remote_commitment_only(use_dust: bool) {
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), if use_dust { 50000 } else { 3000000 }, TEST_FINAL_CLTV).unwrap();
        let (_, payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, payment_hash).unwrap();
+       nodes[0].node.send_payment(route, payment_hash, None).unwrap();
        check_added_monitors!(nodes[0], 1);
 
        let _as_update = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
@@ -4913,7 +4917,7 @@ fn do_htlc_claim_previous_remote_commitment_only(use_dust: bool, check_revoke_no
        // actually revoked.
        let htlc_value = if use_dust { 50000 } else { 3000000 };
        let (_, our_payment_hash) = route_payment(&nodes[0], &[&nodes[1]], htlc_value);
-       assert!(nodes[1].node.fail_htlc_backwards(&our_payment_hash));
+       assert!(nodes[1].node.fail_htlc_backwards(&our_payment_hash, &None));
        expect_pending_htlcs_forwardable!(nodes[1]);
        check_added_monitors!(nodes[1], 1);
 
@@ -5027,7 +5031,7 @@ fn run_onion_failure_test_with_fail_intercept<F1,F2,F3>(_name: &str, test_case:
        }
 
        // 0 ~~> 2 send payment
-       nodes[0].node.send_payment(route.clone(), payment_hash.clone()).unwrap();
+       nodes[0].node.send_payment(route.clone(), payment_hash.clone(), None).unwrap();
        check_added_monitors!(nodes[0], 1);
        let update_0 = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
        // temper update_add (0 => 1)
@@ -5219,7 +5223,7 @@ fn test_onion_failure() {
                let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
                let cur_height = nodes[0].node.latest_block_height.load(Ordering::Acquire) as u32 + 1;
                let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
-               let (mut onion_payloads, _htlc_msat, _htlc_cltv) = onion_utils::build_onion_payloads(&route, cur_height).unwrap();
+               let (mut onion_payloads, _htlc_msat, _htlc_cltv) = onion_utils::build_onion_payloads(&route, None, cur_height).unwrap();
                let mut new_payloads = Vec::new();
                for payload in onion_payloads.drain(..) {
                        new_payloads.push(BogusOnionHopData::new(payload));
@@ -5235,7 +5239,7 @@ fn test_onion_failure() {
                let session_priv = SecretKey::from_slice(&[3; 32]).unwrap();
                let cur_height = nodes[0].node.latest_block_height.load(Ordering::Acquire) as u32 + 1;
                let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
-               let (mut onion_payloads, _htlc_msat, _htlc_cltv) = onion_utils::build_onion_payloads(&route, cur_height).unwrap();
+               let (mut onion_payloads, _htlc_msat, _htlc_cltv) = onion_utils::build_onion_payloads(&route, None, cur_height).unwrap();
                let mut new_payloads = Vec::new();
                for payload in onion_payloads.drain(..) {
                        new_payloads.push(BogusOnionHopData::new(payload));
@@ -5266,7 +5270,7 @@ fn test_onion_failure() {
                let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
                msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[1].shared_secret[..], NODE|2, &[0;0]);
        }, ||{
-               nodes[2].node.fail_htlc_backwards(&payment_hash);
+               nodes[2].node.fail_htlc_backwards(&payment_hash, &None);
        }, true, Some(NODE|2), Some(msgs::HTLCFailChannelUpdate::NodeFailure{node_id: route.hops[1].pubkey, is_permanent: false}));
 
        // intermediate node failure
@@ -5284,7 +5288,7 @@ fn test_onion_failure() {
                let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
                msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[1].shared_secret[..], PERM|NODE|2, &[0;0]);
        }, ||{
-               nodes[2].node.fail_htlc_backwards(&payment_hash);
+               nodes[2].node.fail_htlc_backwards(&payment_hash, &None);
        }, false, Some(PERM|NODE|2), Some(msgs::HTLCFailChannelUpdate::NodeFailure{node_id: route.hops[1].pubkey, is_permanent: true}));
 
        // intermediate node failure
@@ -5295,7 +5299,7 @@ fn test_onion_failure() {
                let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
                msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[0].shared_secret[..], PERM|NODE|3, &[0;0]);
        }, ||{
-               nodes[2].node.fail_htlc_backwards(&payment_hash);
+               nodes[2].node.fail_htlc_backwards(&payment_hash, &None);
        }, true, Some(PERM|NODE|3), Some(msgs::HTLCFailChannelUpdate::NodeFailure{node_id: route.hops[0].pubkey, is_permanent: true}));
 
        // final node failure
@@ -5304,7 +5308,7 @@ fn test_onion_failure() {
                let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
                msg.reason = onion_utils::build_first_hop_failure_packet(&onion_keys[1].shared_secret[..], PERM|NODE|3, &[0;0]);
        }, ||{
-               nodes[2].node.fail_htlc_backwards(&payment_hash);
+               nodes[2].node.fail_htlc_backwards(&payment_hash, &None);
        }, false, Some(PERM|NODE|3), Some(msgs::HTLCFailChannelUpdate::NodeFailure{node_id: route.hops[1].pubkey, is_permanent: true}));
 
        run_onion_failure_test("invalid_onion_version", 0, &nodes, &route, &payment_hash, |msg| { msg.onion_routing_packet.version = 1; }, ||{}, true,
@@ -5372,7 +5376,7 @@ fn test_onion_failure() {
        }, ||{}, true, Some(UPDATE|14), Some(msgs::HTLCFailChannelUpdate::ChannelUpdateMessage{msg: ChannelUpdate::dummy()}));
 
        run_onion_failure_test("unknown_payment_hash", 2, &nodes, &route, &payment_hash, |_| {}, || {
-               nodes[2].node.fail_htlc_backwards(&payment_hash);
+               nodes[2].node.fail_htlc_backwards(&payment_hash, &None);
        }, false, Some(PERM|15), None);
 
        run_onion_failure_test("final_expiry_too_soon", 1, &nodes, &route, &payment_hash, |msg| {
@@ -5420,7 +5424,7 @@ fn test_onion_failure() {
                let height = 1;
                route.hops[1].cltv_expiry_delta += CLTV_FAR_FAR_AWAY + route.hops[0].cltv_expiry_delta + 1;
                let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route, &session_priv).unwrap();
-               let (onion_payloads, _, htlc_cltv) = onion_utils::build_onion_payloads(&route, height).unwrap();
+               let (onion_payloads, _, htlc_cltv) = onion_utils::build_onion_payloads(&route, None, height).unwrap();
                let onion_packet = onion_utils::construct_onion_packet(onion_payloads, onion_keys, [0; 32], &payment_hash);
                msg.cltv_expiry = htlc_cltv;
                msg.onion_routing_packet = onion_packet;
@@ -5513,7 +5517,7 @@ fn test_update_add_htlc_bolt2_sender_value_below_minimum_msat() {
 
        route.hops[0].fee_msat = 0;
 
-       let err = nodes[0].node.send_payment(route, our_payment_hash);
+       let err = nodes[0].node.send_payment(route, our_payment_hash, None);
 
        if let Err(APIError::ChannelUnavailable{err}) = err {
                assert_eq!(err, "Cannot send less than their minimum HTLC value");
@@ -5536,7 +5540,7 @@ fn test_update_add_htlc_bolt2_sender_cltv_expiry_too_high() {
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 100000000, 500000001).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
 
-       let err = nodes[0].node.send_payment(route, our_payment_hash);
+       let err = nodes[0].node.send_payment(route, our_payment_hash, None);
 
        if let Err(APIError::RouteError{err}) = err {
                assert_eq!(err, "Channel CLTV overflowed?!");
@@ -5561,7 +5565,7 @@ fn test_update_add_htlc_bolt2_sender_exceed_max_htlc_num_and_htlc_id_increment()
                let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
                let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
                let payment_event = {
-                       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+                       nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
                        check_added_monitors!(nodes[0], 1);
 
                        let mut events = nodes[0].node.get_and_clear_pending_msg_events();
@@ -5582,7 +5586,7 @@ fn test_update_add_htlc_bolt2_sender_exceed_max_htlc_num_and_htlc_id_increment()
        }
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       let err = nodes[0].node.send_payment(route, our_payment_hash);
+       let err = nodes[0].node.send_payment(route, our_payment_hash, None);
 
        if let Err(APIError::ChannelUnavailable{err}) = err {
                assert_eq!(err, "Cannot push more than their max accepted HTLCs");
@@ -5608,7 +5612,7 @@ fn test_update_add_htlc_bolt2_sender_exceed_max_htlc_value_in_flight() {
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], max_in_flight+1, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       let err = nodes[0].node.send_payment(route, our_payment_hash);
+       let err = nodes[0].node.send_payment(route, our_payment_hash, None);
 
        if let Err(APIError::ChannelUnavailable{err}) = err {
                assert_eq!(err, "Cannot send value that would put us over the max HTLC value in flight our peer will accept");
@@ -5638,7 +5642,7 @@ fn test_update_add_htlc_bolt2_receiver_check_amount_received_more_than_min() {
        }
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], htlc_minimum_msat, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
        check_added_monitors!(nodes[0], 1);
        let mut updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
        updates.update_add_htlcs[0].amount_msat = htlc_minimum_msat-1;
@@ -5661,7 +5665,7 @@ fn test_update_add_htlc_bolt2_receiver_sender_can_afford_amount_sent() {
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 5000000-their_channel_reserve, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
        check_added_monitors!(nodes[0], 1);
        let mut updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
 
@@ -5694,7 +5698,7 @@ fn test_update_add_htlc_bolt2_receiver_check_max_htlc_limit() {
 
        let cur_height = nodes[0].node.latest_block_height.load(Ordering::Acquire) as u32 + 1;
        let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::signing_only(), &route, &session_priv).unwrap();
-       let (onion_payloads, _htlc_msat, htlc_cltv) = onion_utils::build_onion_payloads(&route, cur_height).unwrap();
+       let (onion_payloads, _htlc_msat, htlc_cltv) = onion_utils::build_onion_payloads(&route, None, cur_height).unwrap();
        let onion_packet = onion_utils::construct_onion_packet(onion_payloads, onion_keys, [0; 32], &our_payment_hash);
 
        let mut msg = msgs::UpdateAddHTLC {
@@ -5728,7 +5732,7 @@ fn test_update_add_htlc_bolt2_receiver_check_max_in_flight_msat() {
        let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1000000, 1000000, InitFeatures::supported(), InitFeatures::supported());
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
        check_added_monitors!(nodes[0], 1);
        let mut updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
        updates.update_add_htlcs[0].amount_msat = get_channel_value_stat!(nodes[1], chan.2).their_max_htlc_value_in_flight_msat + 1;
@@ -5749,7 +5753,7 @@ fn test_update_add_htlc_bolt2_receiver_check_cltv_expiry() {
        create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 95000000, InitFeatures::supported(), InitFeatures::supported());
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 3999999, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
        check_added_monitors!(nodes[0], 1);
        let mut updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
        updates.update_add_htlcs[0].cltv_expiry = 500000000;
@@ -5772,7 +5776,7 @@ fn test_update_add_htlc_bolt2_receiver_check_repeated_id_ignore() {
        create_announced_chan_between_nodes(&nodes, 0, 1, InitFeatures::supported(), InitFeatures::supported());
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
        check_added_monitors!(nodes[0], 1);
        let updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
        nodes[1].node.handle_update_add_htlc(&nodes[0].node.get_our_node_id(), &updates.update_add_htlcs[0]);
@@ -5817,7 +5821,7 @@ fn test_update_fulfill_htlc_bolt2_update_fulfill_htlc_before_commitment() {
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
        let (our_payment_preimage, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
        check_added_monitors!(nodes[0], 1);
        let updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
        nodes[1].node.handle_update_add_htlc(&nodes[0].node.get_our_node_id(), &updates.update_add_htlcs[0]);
@@ -5847,7 +5851,7 @@ fn test_update_fulfill_htlc_bolt2_update_fail_htlc_before_commitment() {
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
        check_added_monitors!(nodes[0], 1);
        let updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
        nodes[1].node.handle_update_add_htlc(&nodes[0].node.get_our_node_id(), &updates.update_add_htlcs[0]);
@@ -5877,7 +5881,7 @@ fn test_update_fulfill_htlc_bolt2_update_fail_malformed_htlc_before_commitment()
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
        check_added_monitors!(nodes[0], 1);
        let updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
        nodes[1].node.handle_update_add_htlc(&nodes[0].node.get_our_node_id(), &updates.update_add_htlcs[0]);
@@ -5908,7 +5912,7 @@ fn test_update_fulfill_htlc_bolt2_incorrect_htlc_id() {
 
        let our_payment_preimage = route_payment(&nodes[0], &[&nodes[1]], 100000).0;
 
-       nodes[1].node.claim_funds(our_payment_preimage, 100_000);
+       nodes[1].node.claim_funds(our_payment_preimage, &None, 100_000);
        check_added_monitors!(nodes[1], 1);
 
        let events = nodes[1].node.get_and_clear_pending_msg_events();
@@ -5948,7 +5952,7 @@ fn test_update_fulfill_htlc_bolt2_wrong_preimage() {
 
        let our_payment_preimage = route_payment(&nodes[0], &[&nodes[1]], 100000).0;
 
-       nodes[1].node.claim_funds(our_payment_preimage, 100_000);
+       nodes[1].node.claim_funds(our_payment_preimage, &None, 100_000);
        check_added_monitors!(nodes[1], 1);
 
        let events = nodes[1].node.get_and_clear_pending_msg_events();
@@ -5988,7 +5992,7 @@ fn test_update_fulfill_htlc_bolt2_missing_badonion_bit_for_malformed_htlc_messag
        create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1000000, 1000000, InitFeatures::supported(), InitFeatures::supported());
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
-       nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+       nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
        check_added_monitors!(nodes[0], 1);
 
        let mut updates = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
@@ -6038,7 +6042,7 @@ fn test_update_fulfill_htlc_bolt2_after_malformed_htlc_message_must_forward_upda
 
        //First hop
        let mut payment_event = {
-               nodes[0].node.send_payment(route, our_payment_hash).unwrap();
+               nodes[0].node.send_payment(route, our_payment_hash, None).unwrap();
                check_added_monitors!(nodes[0], 1);
                let mut events = nodes[0].node.get_and_clear_pending_msg_events();
                assert_eq!(events.len(), 1);
@@ -6121,7 +6125,7 @@ fn do_test_failure_delay_dust_htlc_local_commitment(announce_latest: bool) {
        let as_prev_commitment_tx = nodes[0].node.channel_state.lock().unwrap().by_id.get_mut(&chan.2).unwrap().channel_monitor().get_latest_local_commitment_txn();
 
        // Fail one HTLC to prune it in the will-be-latest-local commitment tx
-       assert!(nodes[1].node.fail_htlc_backwards(&payment_hash_2));
+       assert!(nodes[1].node.fail_htlc_backwards(&payment_hash_2, &None));
        check_added_monitors!(nodes[1], 0);
        expect_pending_htlcs_forwardable!(nodes[1]);
        check_added_monitors!(nodes[1], 1);
@@ -6680,7 +6684,7 @@ fn test_check_htlc_underpaying() {
 
        // Node 3 is expecting payment of 100_000 but receive 10_000,
        // fail htlc like we didn't know the preimage.
-       nodes[1].node.claim_funds(payment_preimage, 100_000);
+       nodes[1].node.claim_funds(payment_preimage, &None, 100_000);
        nodes[1].node.process_pending_htlc_forwards();
 
        let events = nodes[1].node.get_and_clear_pending_msg_events();
@@ -7053,7 +7057,7 @@ fn test_bump_penalty_txn_on_remote_commitment() {
        assert_eq!(remote_txn[0].input[0].previous_output.txid, chan.3.txid());
 
        // Claim a HTLC without revocation (provide B monitor with preimage)
-       nodes[1].node.claim_funds(payment_preimage, 3_000_000);
+       nodes[1].node.claim_funds(payment_preimage, &None, 3_000_000);
        let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
        nodes[1].block_notifier.block_connected(&Block { header, txdata: vec![remote_txn[0].clone()] }, 1);
        check_added_monitors!(nodes[1], 1);
@@ -7166,8 +7170,8 @@ fn test_set_outpoints_partial_claiming() {
        // Connect blocks on node A to advance height towards TEST_FINAL_CLTV
        let prev_header_100 = connect_blocks(&nodes[1].block_notifier, 100, 0, false, Default::default());
        // Provide node A with both preimage
-       nodes[0].node.claim_funds(payment_preimage_1, 3_000_000);
-       nodes[0].node.claim_funds(payment_preimage_2, 3_000_000);
+       nodes[0].node.claim_funds(payment_preimage_1, &None, 3_000_000);
+       nodes[0].node.claim_funds(payment_preimage_2, &None, 3_000_000);
        check_added_monitors!(nodes[0], 2);
        nodes[0].node.get_and_clear_pending_events();
        nodes[0].node.get_and_clear_pending_msg_events();
@@ -7329,3 +7333,26 @@ fn test_override_channel_config() {
        assert_eq!(res.channel_flags, 0);
        assert_eq!(res.to_self_delay, 200);
 }
+
+#[test]
+fn test_simple_payment_secret() {
+       // Simple test of sending a payment with a payment_secret present. This does not use any AMP
+       // features, however.
+       let chanmon_cfgs = create_chanmon_cfgs(3);
+       let node_cfgs = create_node_cfgs(3, &chanmon_cfgs);
+       let node_chanmgrs = create_node_chanmgrs(3, &node_cfgs, &[None, None, None]);
+       let nodes = create_network(3, &node_cfgs, &node_chanmgrs);
+
+       create_announced_chan_between_nodes(&nodes, 0, 1, InitFeatures::supported(), InitFeatures::supported());
+       create_announced_chan_between_nodes(&nodes, 1, 2, InitFeatures::supported(), InitFeatures::supported());
+
+       let (payment_preimage, payment_hash) = get_payment_preimage_hash!(&nodes[0]);
+       let (_, payment_secret) = get_payment_preimage_hash!(&nodes[0]);
+       let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
+       send_along_route_with_secret(&nodes[0], route, &[&nodes[1], &nodes[2]], 100000, payment_hash, Some(payment_secret.0));
+       // Claiming with all the correct values but the wrong secret should result in nothing...
+       assert_eq!(nodes[2].node.claim_funds(payment_preimage, &None, 100_000), false);
+       assert_eq!(nodes[2].node.claim_funds(payment_preimage, &Some([42; 32]), 100_000), false);
+       // ...but with the right secret we should be able to claim all the way back
+       claim_payment_along_route_with_secret(&nodes[0], &[&nodes[1], &nodes[2]], false, payment_preimage, Some(payment_secret.0), 100_000);
+}
diff --git a/lightning/src/ln/onion_utils.rs b/lightning/src/ln/onion_utils.rs
index a97621045370366069bdb5e9b2a3d4ebb68dffff..828f973578311a915e5fce0ba5d666528c713bc6 100644 (file)
--- a/lightning/src/ln/onion_utils.rs
+++ b/lightning/src/ln/onion_utils.rs
@@ -108,7 +108,7 @@ pub(super) fn construct_onion_keys<T: secp256k1::Signing>(secp_ctx: &Secp256k1<T
 }
 
 /// returns the hop data, as well as the first-hop value_msat and CLTV value we should send.
-pub(super) fn build_onion_payloads(route: &Route, starting_htlc_offset: u32) -> Result<(Vec<msgs::OnionHopData>, u64, u32), APIError> {
+pub(super) fn build_onion_payloads(route: &Route, payment_secret_option: Option<&[u8; 32]>, starting_htlc_offset: u32) -> Result<(Vec<msgs::OnionHopData>, u64, u32), APIError> {
        let mut cur_value_msat = 0u64;
        let mut cur_cltv = starting_htlc_offset;
        let mut last_short_channel_id = 0;
@@ -124,7 +124,12 @@ pub(super) fn build_onion_payloads(route: &Route, starting_htlc_offset: u32) ->
                        format: if hop.node_features.supports_variable_length_onion() {
                                if idx == 0 {
                                        msgs::OnionHopDataFormat::FinalNode {
-                                               payment_data: None,
+                                               payment_data: if let Some(payment_secret) = payment_secret_option {
+                                                       Some(msgs::FinalOnionHopData {
+                                                               payment_secret: payment_secret.clone(),
+                                                               total_msat: hop.fee_msat,
+                                                       })
+                                               } else { None },
                                        }
                                } else {
                                        msgs::OnionHopDataFormat::NonFinalNode {
diff --git a/lightning/src/ln/reorg_tests.rs b/lightning/src/ln/reorg_tests.rs
index a1051f5d6c2344caa3152598232f01a4f5e5226f..9fb3ec4216b071ce845cc99ac19339e5eff8ca5e 100644 (file)
--- a/lightning/src/ln/reorg_tests.rs
+++ b/lightning/src/ln/reorg_tests.rs
@@ -39,7 +39,7 @@ fn do_test_onchain_htlc_reorg(local_commitment: bool, claim: bool) {
        let (our_payment_preimage, our_payment_hash) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], 1000000);
 
        // Provide preimage to node 2 by claiming payment
-       nodes[2].node.claim_funds(our_payment_preimage, 1000000);
+       nodes[2].node.claim_funds(our_payment_preimage, &None, 1000000);
        check_added_monitors!(nodes[2], 1);
        get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
 
diff --git a/lightning/src/util/events.rs b/lightning/src/util/events.rs
index 2e568263c5b77d3ac65cea52926e7aed767ec545..a0ebc92cc2e385bc2adc633c3224e0af47945d4d 100644 (file)
--- a/lightning/src/util/events.rs
+++ b/lightning/src/util/events.rs
@@ -58,6 +58,16 @@ pub enum Event {
        PaymentReceived {
                /// The hash for which the preimage should be handed to the ChannelManager.
                payment_hash: PaymentHash,
+               /// The "payment secret". This authenticates the sender to the recipient, preventing a
+               /// number of deanonymization attacks during the routing process.
+               /// As nodes upgrade, the invoices you provide should likely migrate to setting the
+               /// var_onion_optin feature to required, at which point you should fail_backwards any HTLCs
+               /// which have a None here.
+               /// Until then, however, values of None should be ignored, and only incorrect Some values
+               /// should result in an HTLC fail_backwards.
+               /// Note that, in any case, this value must be passed as-is to any fail or claim calls as
+               /// the HTLC index includes this value.
+               payment_secret: Option<[u8; 32]>,
                /// The value, in thousandths of a satoshi, that this payment is for. Note that you must
                /// compare this to the expected value before accepting the payment (as otherwise you are
                /// providing proof-of-payment for less than the value you expected!).
@@ -119,9 +129,10 @@ impl Writeable for Event {
                                funding_txo.write(writer)?;
                                user_channel_id.write(writer)?;
                        },
-                       &Event::PaymentReceived { ref payment_hash, ref amt } => {
+                       &Event::PaymentReceived { ref payment_hash, ref payment_secret, ref amt } => {
                                2u8.write(writer)?;
                                payment_hash.write(writer)?;
+                               payment_secret.write(writer)?;
                                amt.write(writer)?;
                        },
                        &Event::PaymentSent { ref payment_preimage } => {
@@ -164,6 +175,7 @@ impl MaybeReadable for Event {
                                })),
                        2u8 => Ok(Some(Event::PaymentReceived {
                                        payment_hash: Readable::read(reader)?,
+                                       payment_secret: Readable::read(reader)?,
                                        amt: Readable::read(reader)?,
                                })),
                        3u8 => Ok(Some(Event::PaymentSent {
Personal fork of Rust-Lightning. Upstream is https://github.com/rust-bitcoin/rust-lightning