Remove invalid state options from Hop

Now that each `InboundOnionPayload` variant corresponds to its own
struct, we can reference these same types inside `Hop` and thereby
avoid nesting that allowed invalid combinations, and instead store
supplemental data as each variant calls for.

Author: arik-so

Diff for: lightning/src/ln/blinded_payment_tests.rs

@@ -411,15 +411,23 @@ fn do_forward_checks_failure(check: ForwardCheckFail, intro_fails: bool) {
 		do_commitment_signed_dance(&nodes[0], &nodes[1], &updates.commitment_signed, false, false);
 		let failed_destination = match check {
 			ForwardCheckFail::InboundOnionCheck => HTLCDestination::InvalidOnion,
-			ForwardCheckFail::ForwardPayloadEncodedAsReceive => HTLCDestination::FailedPayment { payment_hash },
+			ForwardCheckFail::ForwardPayloadEncodedAsReceive => HTLCDestination::InvalidOnion,
 			ForwardCheckFail::OutboundChannelCheck =>
 				HTLCDestination::NextHopChannel { node_id: Some(nodes[2].node.get_our_node_id()), channel_id: chan_1_2.2 },
 		};
 		expect_htlc_handling_failed_destinations!(
 			nodes[1].node.get_and_clear_pending_events(), &[failed_destination.clone()]
 		);
-		expect_payment_failed_conditions(&nodes[0], payment_hash, false,
-			PaymentFailedConditions::new().expected_htlc_error_data(INVALID_ONION_BLINDING, &[0; 32]));
+		match check {
+			ForwardCheckFail::ForwardPayloadEncodedAsReceive => {
+				expect_payment_failed_conditions(&nodes[0], payment_hash, false,
+					PaymentFailedConditions::new().expected_htlc_error_data(0x4000 | 22, &[0; 0]));
+			}
+			_ => {
+				expect_payment_failed_conditions(&nodes[0], payment_hash, false,
+					PaymentFailedConditions::new().expected_htlc_error_data(INVALID_ONION_BLINDING, &[0; 32]));
+			}
+		};
 		return
 	}
 
@@ -1560,10 +1568,10 @@ fn route_blinding_spec_test_vector() {
 			Ok(res) => res,
 			_ => panic!("Unexpected error")
 		};
-	let (carol_packet_bytes, carol_hmac) = if let onion_utils::Hop::Forward {
-		next_hop_data: msgs::InboundOnionPayload::BlindedForward(msgs::InboundOnionBlindedForwardPayload {
+	let (carol_packet_bytes, carol_hmac) = if let onion_utils::Hop::BlindedForward {
+		next_hop_data: msgs::InboundOnionBlindedForwardPayload {
 			short_channel_id, payment_relay, payment_constraints, features, intro_node_blinding_point, next_blinding_override
-		}), next_hop_hmac, new_packet_bytes
+		}, next_hop_hmac, new_packet_bytes
 	} = bob_peeled_onion {
 		assert_eq!(short_channel_id, 1729);
 		assert!(next_blinding_override.is_none());
@@ -1594,10 +1602,10 @@ fn route_blinding_spec_test_vector() {
 			Ok(res) => res,
 			_ => panic!("Unexpected error")
 		};
-	let (dave_packet_bytes, dave_hmac) = if let onion_utils::Hop::Forward {
-		next_hop_data: msgs::InboundOnionPayload::BlindedForward(msgs::InboundOnionBlindedForwardPayload {
+	let (dave_packet_bytes, dave_hmac) = if let onion_utils::Hop::BlindedForward {
+		next_hop_data: msgs::InboundOnionBlindedForwardPayload {
 			short_channel_id, payment_relay, payment_constraints, features, intro_node_blinding_point, next_blinding_override
-		}), next_hop_hmac, new_packet_bytes
+		}, next_hop_hmac, new_packet_bytes
 	} = carol_peeled_onion {
 		assert_eq!(short_channel_id, 1105);
 		assert_eq!(next_blinding_override, Some(pubkey_from_hex("031b84c5567b126440995d3ed5aaba0565d71e1834604819ff9c17f5e9d5dd078f")));
@@ -1628,10 +1636,10 @@ fn route_blinding_spec_test_vector() {
 			Ok(res) => res,
 			_ => panic!("Unexpected error")
 		};
-	let (eve_packet_bytes, eve_hmac) = if let onion_utils::Hop::Forward {
-		next_hop_data: msgs::InboundOnionPayload::BlindedForward(msgs::InboundOnionBlindedForwardPayload {
+	let (eve_packet_bytes, eve_hmac) = if let onion_utils::Hop::BlindedForward {
+		next_hop_data: msgs::InboundOnionBlindedForwardPayload {
 			short_channel_id, payment_relay, payment_constraints, features, intro_node_blinding_point, next_blinding_override
-		}), next_hop_hmac, new_packet_bytes
+		}, next_hop_hmac, new_packet_bytes
 	} = dave_peeled_onion {
 		assert_eq!(short_channel_id, 561);
 		assert!(next_blinding_override.is_none());

Diff for: lightning/src/ln/channelmanager.rs

@@ -4430,7 +4430,24 @@ where
 			onion_utils::Hop::Receive(next_hop_data) => {
 				// OUR PAYMENT!
 				let current_height: u32 = self.best_block.read().unwrap().height;
-				match create_recv_pending_htlc_info(next_hop_data, shared_secret, msg.payment_hash,
+				match create_recv_pending_htlc_info(msgs::InboundOnionPayload::Receive(next_hop_data), shared_secret, msg.payment_hash,
+					msg.amount_msat, msg.cltv_expiry, None, allow_underpay, msg.skimmed_fee_msat,
+					current_height)
+				{
+					Ok(info) => {
+						// Note that we could obviously respond immediately with an update_fulfill_htlc
+						// message, however that would leak that we are the recipient of this payment, so
+						// instead we stay symmetric with the forwarding case, only responding (after a
+						// delay) once they've send us a commitment_signed!
+						PendingHTLCStatus::Forward(info)
+					},
+					Err(InboundHTLCErr { err_code, err_data, msg }) => return_err!(msg, err_code, &err_data)
+				}
+			},
+			onion_utils::Hop::BlindedReceive(next_hop_data) => {
+				// OUR PAYMENT!
+				let current_height: u32 = self.best_block.read().unwrap().height;
+				match create_recv_pending_htlc_info(msgs::InboundOnionPayload::BlindedReceive(next_hop_data), shared_secret, msg.payment_hash,
 					msg.amount_msat, msg.cltv_expiry, None, allow_underpay, msg.skimmed_fee_msat,
 					current_height)
 				{
@@ -4445,7 +4462,14 @@ where
 				}
 			},
 			onion_utils::Hop::Forward { next_hop_data, next_hop_hmac, new_packet_bytes } => {
-				match create_fwd_pending_htlc_info(msg, next_hop_data, next_hop_hmac,
+				match create_fwd_pending_htlc_info(msg, msgs::InboundOnionPayload::Forward(next_hop_data), next_hop_hmac,
+					new_packet_bytes, shared_secret, next_packet_pubkey_opt) {
+					Ok(info) => PendingHTLCStatus::Forward(info),
+					Err(InboundHTLCErr { err_code, err_data, msg }) => return_err!(msg, err_code, &err_data)
+				}
+			},
+			onion_utils::Hop::BlindedForward { next_hop_data, next_hop_hmac, new_packet_bytes } => {
+				match create_fwd_pending_htlc_info(msg, msgs::InboundOnionPayload::BlindedForward(next_hop_data), next_hop_hmac,
 					new_packet_bytes, shared_secret, next_packet_pubkey_opt) {
 					Ok(info) => PendingHTLCStatus::Forward(info),
 					Err(InboundHTLCErr { err_code, err_data, msg }) => return_err!(msg, err_code, &err_data)
@@ -5860,22 +5884,22 @@ where
 														failed_payment!(err_msg, err_code, Vec::new(), Some(phantom_shared_secret));
 													},
 												};
-												match next_hop {
-													onion_utils::Hop::Receive(hop_data) => {
-														let current_height: u32 = self.best_block.read().unwrap().height;
-														match create_recv_pending_htlc_info(hop_data,
-															incoming_shared_secret, payment_hash, outgoing_amt_msat,
-															outgoing_cltv_value, Some(phantom_shared_secret), false, None,
-															current_height)
-														{
-															Ok(info) => phantom_receives.push((
-																prev_short_channel_id, prev_counterparty_node_id, prev_funding_outpoint,
-																prev_channel_id, prev_user_channel_id, vec![(info, prev_htlc_id)]
-															)),
-															Err(InboundHTLCErr { err_code, err_data, msg }) => failed_payment!(msg, err_code, err_data, Some(phantom_shared_secret))
-														}
-													},
-													_ => panic!(),
+												let inbound_onion_payload = match next_hop {
+													onion_utils::Hop::Receive(hop_data) => msgs::InboundOnionPayload::Receive(hop_data),
+													onion_utils::Hop::BlindedReceive(hop_data) => msgs::InboundOnionPayload::BlindedReceive(hop_data),
+													_ => panic!()
+												};
+												let current_height: u32 = self.best_block.read().unwrap().height;
+												match create_recv_pending_htlc_info(inbound_onion_payload,
+													incoming_shared_secret, payment_hash, outgoing_amt_msat,
+													outgoing_cltv_value, Some(phantom_shared_secret), false, None,
+													current_height)
+												{
+													Ok(info) => phantom_receives.push((
+														prev_short_channel_id, prev_counterparty_node_id, prev_funding_outpoint,
+														prev_channel_id, prev_user_channel_id, vec![(info, prev_htlc_id)]
+													)),
+													Err(InboundHTLCErr { err_code, err_data, msg }) => failed_payment!(msg, err_code, err_data, Some(phantom_shared_secret))
 												}
 											} else {
 												fail_forward!(format!("Unknown short channel id {} for forward HTLC", short_chan_id), 0x4000 | 10, Vec::new(), None);

Diff for: lightning/src/ln/onion_payment.rs

@@ -16,7 +16,7 @@ use crate::ln::channelmanager::{BlindedFailure, BlindedForward, CLTV_FAR_FAR_AWA
 use crate::types::features::BlindedHopFeatures;
 use crate::ln::msgs;
 use crate::ln::onion_utils;
-use crate::ln::onion_utils::{HTLCFailReason, INVALID_ONION_BLINDING};
+use crate::ln::onion_utils::{Hop, HTLCFailReason, INVALID_ONION_BLINDING};
 use crate::sign::{NodeSigner, Recipient};
 use crate::util::logger::Logger;
 
@@ -296,7 +296,13 @@ where
 		InboundHTLCErr { msg, err_code, err_data }
 	})?;
 	Ok(match hop {
-		onion_utils::Hop::Forward { next_hop_data, next_hop_hmac, new_packet_bytes } => {
+		onion_utils::Hop::Forward { next_hop_hmac, new_packet_bytes, .. } | onion_utils::Hop::BlindedForward { next_hop_hmac, new_packet_bytes, .. } => {
+			let inbound_onion_payload = match hop {
+				onion_utils::Hop::Forward { next_hop_data, .. } => msgs::InboundOnionPayload::Forward(next_hop_data),
+				onion_utils::Hop::BlindedForward { next_hop_data, .. } => msgs::InboundOnionPayload::BlindedForward(next_hop_data),
+				_ => unreachable!()
+			};
+
 			let NextPacketDetails {
 				next_packet_pubkey, outgoing_amt_msat: _, outgoing_scid: _, outgoing_cltv_value
 			} = match next_packet_details_opt {
@@ -310,7 +316,7 @@ where
 			};
 
 			if let Err((err_msg, code)) = check_incoming_htlc_cltv(
-				cur_height, outgoing_cltv_value, msg.cltv_expiry
+				cur_height, outgoing_cltv_value, msg.cltv_expiry,
 			) {
 				return Err(InboundHTLCErr {
 					msg: err_msg,
@@ -321,16 +327,21 @@ where
 
 			// TODO: If this is potentially a phantom payment we should decode the phantom payment
 			// onion here and check it.
-
 			create_fwd_pending_htlc_info(
-				msg, next_hop_data, next_hop_hmac, new_packet_bytes, shared_secret,
-				Some(next_packet_pubkey)
+				msg, inbound_onion_payload, next_hop_hmac, new_packet_bytes, shared_secret,
+				Some(next_packet_pubkey),
 			)?
 		},
 		onion_utils::Hop::Receive(received_data) => {
 			create_recv_pending_htlc_info(
-				received_data, shared_secret, msg.payment_hash, msg.amount_msat, msg.cltv_expiry,
-				None, allow_skimmed_fees, msg.skimmed_fee_msat, cur_height
+				msgs::InboundOnionPayload::Receive(received_data), shared_secret, msg.payment_hash, msg.amount_msat, msg.cltv_expiry,
+				None, allow_skimmed_fees, msg.skimmed_fee_msat, cur_height,
+			)?
+		},
+		onion_utils::Hop::BlindedReceive(received_data) => {
+			create_recv_pending_htlc_info(
+				msgs::InboundOnionPayload::BlindedReceive(received_data), shared_secret, msg.payment_hash, msg.amount_msat, msg.cltv_expiry,
+				None, allow_skimmed_fees, msg.skimmed_fee_msat, cur_height,
 			)?
 		}
 	})
@@ -424,23 +435,15 @@ where
 	};
 
 	let next_packet_details = match next_hop {
-		onion_utils::Hop::Forward {
-			next_hop_data: msgs::InboundOnionPayload::Forward(msgs::InboundOnionForwardPayload {
-				short_channel_id, amt_to_forward, outgoing_cltv_value
-			}), ..
-		} => {
+		Hop::Forward { next_hop_data: msgs::InboundOnionForwardPayload { short_channel_id, amt_to_forward, outgoing_cltv_value }, .. } => {
 			let next_packet_pubkey = onion_utils::next_hop_pubkey(secp_ctx,
 				msg.onion_routing_packet.public_key.unwrap(), &shared_secret);
-			NextPacketDetails {
+			Some(NextPacketDetails {
 				next_packet_pubkey, outgoing_scid: short_channel_id,
 				outgoing_amt_msat: amt_to_forward, outgoing_cltv_value
-			}
-		},
-		onion_utils::Hop::Forward {
-			next_hop_data: msgs::InboundOnionPayload::BlindedForward (msgs::InboundOnionBlindedForwardPayload{
-				short_channel_id, ref payment_relay, ref payment_constraints, ref features, ..
-			}), ..
-		} => {
+			})
+		}
+		Hop::BlindedForward { next_hop_data: msgs::InboundOnionBlindedForwardPayload { short_channel_id, ref payment_relay, ref payment_constraints, ref features, .. }, .. } => {
 			let (amt_to_forward, outgoing_cltv_value) = match check_blinded_forward(
 				msg.amount_msat, msg.cltv_expiry, &payment_relay, &payment_constraints, &features
 			) {
@@ -452,20 +455,15 @@ where
 			};
 			let next_packet_pubkey = onion_utils::next_hop_pubkey(&secp_ctx,
 				msg.onion_routing_packet.public_key.unwrap(), &shared_secret);
-			NextPacketDetails {
+			Some(NextPacketDetails {
 				next_packet_pubkey, outgoing_scid: short_channel_id, outgoing_amt_msat: amt_to_forward,
 				outgoing_cltv_value
-			}
-		},
-		onion_utils::Hop::Receive { .. } => return Ok((next_hop, shared_secret, None)),
-		onion_utils::Hop::Forward { next_hop_data: msgs::InboundOnionPayload::Receive { .. }, .. } |
-			onion_utils::Hop::Forward { next_hop_data: msgs::InboundOnionPayload::BlindedReceive { .. }, .. } =>
-		{
-			return_err!("Final Node OnionHopData provided for us as an intermediary node", 0x4000 | 22, &[0; 0]);
+			})
 		}
+		_ => None
 	};
 
-	Ok((next_hop, shared_secret, Some(next_packet_details)))
+	Ok((next_hop, shared_secret, next_packet_details))
 }
 
 pub(super) fn check_incoming_htlc_cltv(

Diff for: lightning/src/ln/onion_utils.rs

@@ -1415,29 +1415,40 @@ impl NextPacketBytes for Vec<u8> {
 
 /// Data decrypted from a payment's onion payload.
 pub(crate) enum Hop {
-	/// This onion payload was for us, not for forwarding to a next-hop. Contains information for
-	/// verifying the incoming payment.
-	Receive(msgs::InboundOnionPayload),
 	/// This onion payload needs to be forwarded to a next-hop.
 	Forward {
 		/// Onion payload data used in forwarding the payment.
-		next_hop_data: msgs::InboundOnionPayload,
+		next_hop_data: msgs::InboundOnionForwardPayload,
 		/// HMAC of the next hop's onion packet.
 		next_hop_hmac: [u8; 32],
 		/// Bytes of the onion packet we're forwarding.
 		new_packet_bytes: [u8; ONION_DATA_LEN],
 	},
+	/// This onion payload needs to be forwarded to a next-hop.
+	BlindedForward {
+		/// Onion payload data used in forwarding the payment.
+		next_hop_data: msgs::InboundOnionBlindedForwardPayload,
+		/// HMAC of the next hop's onion packet.
+		next_hop_hmac: [u8; 32],
+		/// Bytes of the onion packet we're forwarding.
+		new_packet_bytes: [u8; ONION_DATA_LEN],
+	},
+	/// This onion payload was for us, not for forwarding to a next-hop. Contains information for
+	/// verifying the incoming payment.
+	Receive(msgs::InboundOnionReceivePayload),
+	/// This onion payload was for us, not for forwarding to a next-hop. Contains information for
+	/// verifying the incoming payment.
+	BlindedReceive(msgs::InboundOnionBlindedReceivePayload),
 }
 
 impl Hop {
 	pub(crate) fn is_intro_node_blinded_forward(&self) -> bool {
 		match self {
-			Self::Forward {
+			Self::BlindedForward {
 				next_hop_data:
-					msgs::InboundOnionPayload::BlindedForward(msgs::InboundOnionBlindedForwardPayload {
-						intro_node_blinding_point: Some(_),
-						..
-					}),
+					msgs::InboundOnionBlindedForwardPayload {
+						intro_node_blinding_point: Some(_), ..
+					},
 				..
 			} => true,
 			_ => false,
@@ -1461,16 +1472,35 @@ pub(crate) fn decode_next_payment_hop<NS: Deref>(
 where
 	NS::Target: NodeSigner,
 {
-	match decode_next_hop(
+	let decoded_hop: Result<(msgs::InboundOnionPayload, Option<_>), _> = decode_next_hop(
 		shared_secret,
 		hop_data,
 		hmac_bytes,
 		Some(payment_hash),
 		(blinding_point, node_signer),
-	) {
-		Ok((next_hop_data, None)) => Ok(Hop::Receive(next_hop_data)),
+	);
+	match decoded_hop {
 		Ok((next_hop_data, Some((next_hop_hmac, FixedSizeOnionPacket(new_packet_bytes))))) => {
-			Ok(Hop::Forward { next_hop_data, next_hop_hmac, new_packet_bytes })
+			match next_hop_data {
+				msgs::InboundOnionPayload::Forward(next_hop_data) => {
+					Ok(Hop::Forward { next_hop_data, next_hop_hmac, new_packet_bytes })
+				},
+				msgs::InboundOnionPayload::BlindedForward(next_hop_data) => {
+					Ok(Hop::BlindedForward { next_hop_data, next_hop_hmac, new_packet_bytes })
+				},
+				_ => Err(OnionDecodeErr::Relay {
+					err_msg: "Final Node OnionHopData provided for us as an intermediary node",
+					err_code: 0x4000 | 22,
+				}),
+			}
+		},
+		Ok((next_hop_data, None)) => match next_hop_data {
+			msgs::InboundOnionPayload::Receive(payload) => Ok(Hop::Receive(payload)),
+			msgs::InboundOnionPayload::BlindedReceive(payload) => Ok(Hop::BlindedReceive(payload)),
+			_ => Err(OnionDecodeErr::Relay {
+				err_msg: "Intermediate Node OnionHopData provided for us as a final node",
+				err_code: 0x4000 | 22,
+			}),
 		},
 		Err(e) => Err(e),
 	}