lightningdevkit · arik-so · Feb 10, 2025 · Feb 10, 2025 · Feb 3, 2025 · Feb 10, 2025
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
@@ -56,7 +56,7 @@ use crate::types::features::{Bolt12InvoiceFeatures, ChannelFeatures, ChannelType
 #[cfg(any(feature = "_test_utils", test))]
 use crate::types::features::Bolt11InvoiceFeatures;
 use crate::routing::router::{BlindedTail, FixedRouter, InFlightHtlcs, Path, Payee, PaymentParameters, Route, RouteParameters, Router};
-use crate::ln::onion_payment::{check_incoming_htlc_cltv, create_recv_pending_htlc_info, create_fwd_pending_htlc_info, decode_incoming_update_add_htlc_onion, InboundHTLCErr, NextPacketDetails};
+use crate::ln::onion_payment::{check_incoming_htlc_cltv, create_recv_pending_htlc_info, create_fwd_pending_htlc_info, decode_incoming_update_add_htlc_onion, InboundHTLCErr, NextPacketDetails, HopConnector};
 use crate::ln::msgs;
 use crate::ln::onion_utils;
 use crate::ln::onion_utils::{HTLCFailReason, INVALID_ONION_BLINDING};
@@ -131,7 +131,7 @@ pub use crate::ln::outbound_payment::{Bolt12PaymentError, ProbeSendFailure, Retr
 #[cfg(test)]
 pub(crate) use crate::ln::outbound_payment::PaymentSendFailure;
 use crate::ln::script::ShutdownScript;
-
+use crate::routing::gossip::NodeId;
 // We hold various information about HTLC relay in the HTLC objects in Channel itself:
 //
 // Upon receipt of an HTLC from a peer, we'll give it a PendingHTLCStatus indicating if it should
@@ -169,6 +169,25 @@ pub enum PendingHTLCRouting {
 		/// The absolute CLTV of the inbound HTLC
 		incoming_cltv_expiry: Option<u32>,
 	},
+
+	/// An HTLC which should be forwarded on to another Trampoline node.
+	TrampolineForward {
+		/// The onion shared secret we build with the sender (or the preceding Trampoline node) used
+		/// to decrypt the onion.
+		///
+		/// This is later used to encrypt failure packets in the event that the HTLC is failed.
+		incoming_shared_secret: [u8; 32],
+		/// The onion which should be included in the forwarded HTLC, telling the next hop what to
+		/// do with the HTLC.
+		onion_packet: msgs::TrampolineOnionPacket,
+		/// The node ID of the Trampoline node which we need to route this HTLC to.
+		node_id: NodeId, // This should be NonZero<u64> eventually when we bump MSRV
+		/// Set if this HTLC is being forwarded within a blinded path.
+		blinded: Option<BlindedForward>,
+		/// The absolute CLTV of the inbound HTLC
+		incoming_cltv_expiry: Option<u32>,
+	},
+
 	/// The onion indicates that this is a payment for an invoice (supposedly) generated by us.
 	///
 	/// Note that at this point, we have not checked that the invoice being paid was actually
@@ -279,6 +298,7 @@ impl PendingHTLCRouting {
 	fn incoming_cltv_expiry(&self) -> Option<u32> {
 		match self {
 			Self::Forward { incoming_cltv_expiry, .. } => *incoming_cltv_expiry,
+			Self::TrampolineForward { incoming_cltv_expiry, .. } => *incoming_cltv_expiry,
 			Self::Receive { incoming_cltv_expiry, .. } => Some(*incoming_cltv_expiry),
 			Self::ReceiveKeysend { incoming_cltv_expiry, .. } => Some(*incoming_cltv_expiry),
 		}
@@ -4242,11 +4262,15 @@ where
 			// we don't allow forwards outbound over them.
 			return Err(("Refusing to forward to a private channel based on our config.", 0x4000 | 10));
 		}
-		if chan.context.get_channel_type().supports_scid_privacy() && next_packet.outgoing_scid != chan.context.outbound_scid_alias() {
-			// `option_scid_alias` (referred to in LDK as `scid_privacy`) means
-			// "refuse to forward unless the SCID alias was used", so we pretend
-			// we don't have the channel here.
-			return Err(("Refusing to forward over real channel SCID as our counterparty requested.", 0x4000 | 10));
+		if let HopConnector::ShortChannelId(outgoing_scid) = next_packet.outgoing_connector {
+			if chan.context.get_channel_type().supports_scid_privacy() && outgoing_scid != chan.context.outbound_scid_alias() {
+				// `option_scid_alias` (referred to in LDK as `scid_privacy`) means
+				// "refuse to forward unless the SCID alias was used", so we pretend
+				// we don't have the channel here.
+				return Err(("Refusing to forward over real channel SCID as our counterparty requested.", 0x4000 | 10));
+			}
+		} else {
+			return Err(("Cannot forward by Node ID without SCID.", 0x4000 | 10));
 		}
 
 		// Note that we could technically not return an error yet here and just hope
@@ -4298,7 +4322,13 @@ where
 	fn can_forward_htlc(
 		&self, msg: &msgs::UpdateAddHTLC, next_packet_details: &NextPacketDetails
 	) -> Result<(), (&'static str, u16)> {
-		match self.do_funded_channel_callback(next_packet_details.outgoing_scid, |chan: &mut FundedChannel<SP>| {
+		let outgoing_scid = match next_packet_details.outgoing_connector {
+			HopConnector::ShortChannelId(scid) => scid,
+			HopConnector::Trampoline { .. } => {
+				return Err(("Cannot forward by Node ID without SCID.", 0x4000 | 10));
+			}
+		};
+		match self.do_funded_channel_callback(outgoing_scid, |chan: &mut FundedChannel<SP>| {
 			self.can_forward_htlc_to_outgoing_channel(chan, msg, next_packet_details)
 		}) {
 			Some(Ok(())) => {},
@@ -4307,8 +4337,8 @@ where
 				// If we couldn't find the channel info for the scid, it may be a phantom or
 				// intercept forward.
 				if (self.default_configuration.accept_intercept_htlcs &&
-					fake_scid::is_valid_intercept(&self.fake_scid_rand_bytes, next_packet_details.outgoing_scid, &self.chain_hash)) ||
-					fake_scid::is_valid_phantom(&self.fake_scid_rand_bytes, next_packet_details.outgoing_scid, &self.chain_hash)
+					fake_scid::is_valid_intercept(&self.fake_scid_rand_bytes, outgoing_scid, &self.chain_hash)) ||
+					fake_scid::is_valid_phantom(&self.fake_scid_rand_bytes, outgoing_scid, &self.chain_hash)
 				{} else {
 					return Err(("Don't have available channel for forwarding as requested.", 0x4000 | 10));
 				}
@@ -5660,7 +5690,12 @@ where
 				};
 
 				let is_intro_node_blinded_forward = next_hop.is_intro_node_blinded_forward();
-				let outgoing_scid_opt = next_packet_details_opt.as_ref().map(|d| d.outgoing_scid);
+				let outgoing_scid_opt = next_packet_details_opt.as_ref().and_then(|d| {
+					match d.outgoing_connector {
+						HopConnector::ShortChannelId(scid) => { Some(scid) }
+						HopConnector::Trampoline { .. } => { None }
+					}
+				});
 
 				// Process the HTLC on the incoming channel.
 				match self.do_funded_channel_callback(incoming_scid, |chan: &mut FundedChannel<SP>| {
@@ -8909,6 +8944,7 @@ This indicates a bug inside LDK. Please report this error at https://github.com/
 				for (forward_info, prev_htlc_id) in pending_forwards.drain(..) {
 					let scid = match forward_info.routing {
 						PendingHTLCRouting::Forward { short_channel_id, .. } => short_channel_id,
+						PendingHTLCRouting::TrampolineForward { .. } => 0,
 						PendingHTLCRouting::Receive { .. } => 0,
 						PendingHTLCRouting::ReceiveKeysend { .. } => 0,
 					};
@@ -12476,6 +12512,13 @@ impl_writeable_tlv_based_enum!(PendingHTLCRouting,
 		(9, payment_context, option),
 		(11, invoice_request, option),
 	},
+	(3, TrampolineForward) => {
+		(0, incoming_shared_secret, required),
+		(1, onion_packet, required),
+		(2, blinded, option),
+		(3, node_id, required),
+		(4, incoming_cltv_expiry, option),
+	}
 );
 
 impl_writeable_tlv_based!(PendingHTLCInfo, {

diff --git a/lightning/src/ln/msgs.rs b/lightning/src/ln/msgs.rs
@@ -1775,6 +1775,13 @@ mod fuzzy_internal_msgs {
 			amt_to_forward: u64,
 			outgoing_cltv_value: u32,
 		},
+		#[allow(unused)]
+		TrampolineEntrypoint {
+			amt_to_forward: u64,
+			outgoing_cltv_value: u32,
+			multipath_trampoline_data: Option<FinalOnionHopData>,
+			trampoline_packet: TrampolineOnionPacket,
+		},
 		Receive {
 			payment_data: Option<FinalOnionHopData>,
 			payment_metadata: Option<Vec<u8>>,
@@ -1805,6 +1812,36 @@ mod fuzzy_internal_msgs {
 		}
 	}
 
+	#[allow(unused)]
+	pub enum InboundTrampolinePayload {
+		Forward {
+			/// The value, in msat, of the payment after this hop's fee is deducted.
+			amt_to_forward: u64,
+			outgoing_cltv_value: u32,
+			/// The node id to which the trampoline node must find a route.
+			outgoing_node_id: PublicKey,
+		},
+		BlindedForward {
+			short_channel_id: u64,
+			payment_relay: PaymentRelay,
+			payment_constraints: PaymentConstraints,
+			features: BlindedHopFeatures,
+			intro_node_blinding_point: Option<PublicKey>,
+			next_blinding_override: Option<PublicKey>,
+		},
+		BlindedReceive {
+			sender_intended_htlc_amt_msat: u64,
+			total_msat: u64,
+			cltv_expiry_height: u32,
+			payment_secret: PaymentSecret,
+			payment_constraints: PaymentConstraints,
+			payment_context: PaymentContext,
+			intro_node_blinding_point: Option<PublicKey>,
+			keysend_preimage: Option<PaymentPreimage>,
+			custom_tlvs: Vec<(u64, Vec<u8>)>,
+		}
+	}
+
 	pub(crate) enum OutboundOnionPayload<'a> {
 		Forward {
 			short_channel_id: u64,
@@ -2858,6 +2895,7 @@ impl<NS: Deref> ReadableArgs<(Option<PublicKey>, NS)> for InboundOnionPayload wh
 		let mut payment_metadata: Option<WithoutLength<Vec<u8>>> = None;
 		let mut total_msat = None;
 		let mut keysend_preimage: Option<PaymentPreimage> = None;
+		let mut trampoline_onion_packet: Option<TrampolineOnionPacket> = None;
 		let mut invoice_request: Option<InvoiceRequest> = None;
 		let mut custom_tlvs = Vec::new();
 
@@ -2872,6 +2910,7 @@ impl<NS: Deref> ReadableArgs<(Option<PublicKey>, NS)> for InboundOnionPayload wh
 			(12, intro_node_blinding_point, option),
 			(16, payment_metadata, option),
 			(18, total_msat, (option, encoding: (u64, HighZeroBytesDroppedBigSize))),
+			(20, trampoline_onion_packet, option),
 			(77_777, invoice_request, option),
 			// See https://github.com/lightning/blips/blob/master/blip-0003.md
 			(5482373484, keysend_preimage, option)
@@ -2950,6 +2989,16 @@ impl<NS: Deref> ReadableArgs<(Option<PublicKey>, NS)> for InboundOnionPayload wh
 				amt_to_forward: amt.ok_or(DecodeError::InvalidValue)?,
 				outgoing_cltv_value: cltv_value.ok_or(DecodeError::InvalidValue)?,
 			})
+		} else if let Some(trampoline_onion_packet) = trampoline_onion_packet {
+			if payment_metadata.is_some() || encrypted_tlvs_opt.is_some() ||
+				total_msat.is_some()
+			{ return Err(DecodeError::InvalidValue) }
+			Ok(Self::TrampolineEntrypoint {
+				amt_to_forward: amt.ok_or(DecodeError::InvalidValue)?,
+				outgoing_cltv_value: cltv_value.ok_or(DecodeError::InvalidValue)?,
+				multipath_trampoline_data: payment_data,
+				trampoline_packet: trampoline_onion_packet,
+			})
 		} else {
 			if encrypted_tlvs_opt.is_some() || total_msat.is_some() || invoice_request.is_some() {
 				return Err(DecodeError::InvalidValue)
@@ -2971,6 +3020,114 @@ impl<NS: Deref> ReadableArgs<(Option<PublicKey>, NS)> for InboundOnionPayload wh
 	}
 }
 
+impl<NS: Deref> ReadableArgs<(Option<PublicKey>, NS)> for InboundTrampolinePayload where NS::Target: NodeSigner {
+	fn read<R: Read>(r: &mut R, args: (Option<PublicKey>, NS)) -> Result<Self, DecodeError> {
+		let (update_add_blinding_point, node_signer) = args;
+
+		let mut amt = None;
+		let mut cltv_value = None;
+		let mut payment_data: Option<FinalOnionHopData> = None;
+		let mut encrypted_tlvs_opt: Option<WithoutLength<Vec<u8>>> = None;
+		let mut intro_node_blinding_point = None;
+		let mut outgoing_node_id: Option<PublicKey> = None;
+		let mut total_msat = None;
+		let mut keysend_preimage: Option<PaymentPreimage> = None;
+		let mut custom_tlvs = Vec::new();
+
+		let tlv_len = <BigSize as Readable>::read(r)?;
+		let mut rd = FixedLengthReader::new(r, tlv_len.0);
+		decode_tlv_stream_with_custom_tlv_decode!(&mut rd, {
+			(2, amt, (option, encoding: (u64, HighZeroBytesDroppedBigSize))),
+			(4, cltv_value, (option, encoding: (u32, HighZeroBytesDroppedBigSize))),
+			(8, payment_data, option),
+			(10, encrypted_tlvs_opt, option),
+			(12, intro_node_blinding_point, option),
+			(14, outgoing_node_id, option),
+			(18, total_msat, (option, encoding: (u64, HighZeroBytesDroppedBigSize))),
+			// See https://github.com/lightning/blips/blob/master/blip-0003.md
+			(5482373484, keysend_preimage, option)
+		}, |msg_type: u64, msg_reader: &mut FixedLengthReader<_>| -> Result<bool, DecodeError> {
+			if msg_type < 1 << 16 { return Ok(false) }
+			let mut value = Vec::new();
+			msg_reader.read_to_limit(&mut value, u64::MAX)?;
+			custom_tlvs.push((msg_type, value));
+			Ok(true)
+		});
+
+		if amt.unwrap_or(0) > MAX_VALUE_MSAT { return Err(DecodeError::InvalidValue) }
+		if intro_node_blinding_point.is_some() && update_add_blinding_point.is_some() {
+			return Err(DecodeError::InvalidValue)
+		}
+
+		if let Some(blinding_point) = intro_node_blinding_point.or(update_add_blinding_point) {
+			if payment_data.is_some() {
+				return Err(DecodeError::InvalidValue)
+			}
+			let enc_tlvs = encrypted_tlvs_opt.ok_or(DecodeError::InvalidValue)?.0;
+			let enc_tlvs_ss = node_signer.ecdh(Recipient::Node, &blinding_point, None)
+				.map_err(|_| DecodeError::InvalidValue)?;
+			let rho = onion_utils::gen_rho_from_shared_secret(&enc_tlvs_ss.secret_bytes());
+			let mut s = Cursor::new(&enc_tlvs);
+			let mut reader = FixedLengthReader::new(&mut s, enc_tlvs.len() as u64);
+			match ChaChaPolyReadAdapter::read(&mut reader, rho)? {
+				ChaChaPolyReadAdapter { readable: BlindedPaymentTlvs::Forward(ForwardTlvs {
+				short_channel_id, payment_relay, payment_constraints, features, next_blinding_override
+																			  })} => {
+					if amt.is_some() || cltv_value.is_some() || total_msat.is_some() ||
+						keysend_preimage.is_some()
+					{
+						return Err(DecodeError::InvalidValue)
+					}
+					Ok(Self::BlindedForward {
+						short_channel_id,
+						payment_relay,
+						payment_constraints,
+						features,
+						intro_node_blinding_point,
+						next_blinding_override,
+					})
+				},
+				ChaChaPolyReadAdapter { readable: BlindedPaymentTlvs::Receive(receive_tlvs) } => {
+					let ReceiveTlvs { tlvs, authentication: (hmac, nonce) } = receive_tlvs;
+					let expanded_key = node_signer.get_inbound_payment_key();
+					if tlvs.verify_for_offer_payment(hmac, nonce, &expanded_key).is_err() {
+						return Err(DecodeError::InvalidValue);
+					}
+
+					let UnauthenticatedReceiveTlvs {
+						payment_secret, payment_constraints, payment_context,
+					} = tlvs;
+					if total_msat.unwrap_or(0) > MAX_VALUE_MSAT { return Err(DecodeError::InvalidValue) }
+					Ok(Self::BlindedReceive {
+						sender_intended_htlc_amt_msat: amt.ok_or(DecodeError::InvalidValue)?,
+						total_msat: total_msat.ok_or(DecodeError::InvalidValue)?,
+						cltv_expiry_height: cltv_value.ok_or(DecodeError::InvalidValue)?,
+						payment_secret,
+						payment_constraints,
+						payment_context,
+						intro_node_blinding_point,
+						keysend_preimage,
+						custom_tlvs,
+					})
+				},
+			}
+		} else if let Some(outgoing_node_id) = outgoing_node_id {
+			if payment_data.is_some() || encrypted_tlvs_opt.is_some() ||
+				total_msat.is_some()
+			{ return Err(DecodeError::InvalidValue) }
+			Ok(Self::Forward {
+				outgoing_node_id,
+				amt_to_forward: amt.ok_or(DecodeError::InvalidValue)?,
+				outgoing_cltv_value: cltv_value.ok_or(DecodeError::InvalidValue)?,
+			})
+		} else {
+			// unblinded Trampoline receives are not supported
+			return Err(DecodeError::InvalidValue);
+		}
+	}
+}
+
+
 impl Writeable for Ping {
 	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
 		self.ponglen.write(w)?;