sphinx_test: add blinded onion message test

This commit adds the spec test vector for blinded onion messages. It
also adds a test that tests BuildBlindedRoute, decryptBlindedHopData and
NextEphemeral against this vector.

Author: gijswijs

path_test.go

@@ -12,8 +12,9 @@ import (
 )
 
 const (
-	routeBlindingTestFileName      = "testdata/route-blinding-test.json"
-	onionRouteBlindingTestFileName = "testdata/onion-route-blinding-test.json"
+	routeBlindingTestFileName            = "testdata/route-blinding-test.json"
+	onionRouteBlindingTestFileName       = "testdata/onion-route-blinding-test.json"
+	blindedOnionMessageOnionTestFileName = "testdata/blinded-onion-message-onion-test.json"
 )
 
 // TestBuildBlindedRoute tests BuildBlindedRoute and decryptBlindedHopData against
@@ -117,6 +118,128 @@ func TestBuildBlindedRoute(t *testing.T) {
 	}
 }
 
+// TestBuildOnionMessageBlindedRoute tests BuildBlindedRoute,
+// decryptBlindedHopData and NextEphemeral against the spec test vectors.
+func TestBuildOnionMessageBlindedRoute(t *testing.T) {
+	t.Parallel()
+
+	// First, we'll read out the raw Json file at the target location.
+	jsonBytes, err := os.ReadFile(blindedOnionMessageOnionTestFileName)
+	require.NoError(t, err)
+
+	// Once we have the raw file, we'll unpack it into our
+	// blindingJsonTestCase struct defined below.
+	testCase := &onionMessageJsonTestCase{}
+	require.NoError(t, json.Unmarshal(jsonBytes, testCase))
+	require.Len(t, testCase.Generate.Hops, 4)
+
+	// buildMessagePath is a helper closure used to convert
+	// hopOnionMessageData objects into HopInfo objects.
+	buildMessagePath := func(h []hopOnionMessageData, e string) []*HopInfo {
+		path := make([]*HopInfo, len(h))
+		currentHop := e
+		for i, hop := range h {
+			// The json test vector only specifies the current node
+			// ID as the next node id in the payload of the previous
+			// node, so we get that from the previous hop.
+			nodeIDStr, _ := hex.DecodeString(
+				currentHop,
+			)
+			nodeID, _ := btcec.ParsePubKey(nodeIDStr)
+			payload, _ := hex.DecodeString(hop.EncryptedDataTlv)
+
+			path[i] = &HopInfo{
+				NodePub:   nodeID,
+				PlainText: payload,
+			}
+			currentHop = hop.EncodedOnionMessageTLVs.NextNodeID
+		}
+		return path
+	}
+
+	// First, Dave will build a blinded path from Bob to itself.
+	DaveSessKey := privKeyFromString(
+		testCase.Generate.Hops[1].PathKeySecret,
+	)
+	daveBobPath := buildMessagePath(
+		testCase.Generate.Hops[1:], bolt4PubKeys[1],
+	)
+	pathDB, err := BuildBlindedPath(DaveSessKey, daveBobPath)
+	require.NoError(t, err)
+
+	// At this point, Dave will give his blinded path to the Sender who will
+	// then build its own blinded route from itself to Bob via Alice. The
+	// sender will then concatenate the two paths. Note that in the payload
+	// for Alice, the `next_path_key_override` field is added which is set
+	// to the first path key in Dave's blinded route. This will indicate to
+	// Alice that she should use this point for the next path key instead of
+	// the next path key that she derives.
+	aliceBobPath := buildMessagePath(
+		testCase.Generate.Hops[:1], bolt4PubKeys[0],
+	)
+	senderSessKey := privKeyFromString(
+		testCase.Generate.Hops[0].PathKeySecret,
+	)
+	pathAB, err := BuildBlindedPath(senderSessKey, aliceBobPath)
+	require.NoError(t, err)
+
+	// Construct the concatenated path.
+	path := &BlindedPath{
+		IntroductionPoint: pathAB.Path.IntroductionPoint,
+		BlindingPoint:     pathAB.Path.BlindingPoint,
+		BlindedHops: append(pathAB.Path.BlindedHops,
+			pathDB.Path.BlindedHops...),
+	}
+
+	// Check that the constructed path is equal to the test vector path.
+	require.True(t, equalPubKeys(
+		testCase.Route.FirstNodeId, path.IntroductionPoint,
+	))
+	require.True(t, equalPubKeys(
+		testCase.Route.FirstPathKey, path.BlindingPoint,
+	))
+
+	for i, hop := range testCase.Route.Hops {
+		require.True(t, equalPubKeys(
+			hop.BlindedNodeID, path.BlindedHops[i].BlindedNodePub,
+		))
+
+		data, _ := hex.DecodeString(hop.EncryptedRecipientData)
+		require.True(
+			t, bytes.Equal(data, path.BlindedHops[i].CipherText),
+		)
+	}
+
+	// Assert that each hop is able to decode the encrypted data meant for
+	// it.
+	for i, hop := range testCase.Decrypt.Hops {
+		genData := testCase.Generate.Hops[i]
+		priv := privKeyFromString(hop.PrivKey)
+		ephem := pubKeyFromString(
+			genData.EphemeralPubKey,
+		)
+
+		// Now we'll decrypt the blinded hop data using the private key
+		// and the ephemeral public key.
+		data, err := decryptBlindedHopData(
+			&PrivKeyECDH{PrivKey: priv}, ephem,
+			path.BlindedHops[i].CipherText,
+		)
+		require.NoError(t, err)
+
+		// check if the decrypted data is what we expect it to be.
+		decoded, _ := hex.DecodeString(genData.EncryptedDataTlv)
+		require.True(t, bytes.Equal(data, decoded))
+
+		nextEphem, err := NextEphemeral(&PrivKeyECDH{priv}, ephem)
+		require.NoError(t, err)
+
+		nextE := privKeyFromString(genData.NextEphemeralPrivKey)
+
+		require.Equal(t, nextE.PubKey(), nextEphem)
+	}
+}
+
 // TestOnionRouteBlinding tests that an onion packet can correctly be processed
 // by a node in a blinded route.
 func TestOnionRouteBlinding(t *testing.T) {
@@ -223,24 +346,47 @@ type decryptData struct {
 	Hops []decryptHops `json:"hops"`
 }
 
+type decryptOnionMessageData struct {
+	Hops []decryptOnionMessageHops `json:"hops"`
+}
+
 type decryptHops struct {
 	Onion        string `json:"onion"`
 	NodePrivKey  string `json:"node_privkey"`
 	NextBlinding string `json:"next_blinding"`
 }
 
+type decryptOnionMessageHops struct {
+	OnionMessage string `json:"onion_message"`
+	PrivKey      string `json:"privkey"`
+	NextNodeID   string `json:"next_node_id"`
+}
+
 type blindingJsonTestCase struct {
 	Generate generateData `json:"generate"`
 	Route    routeData    `json:"route"`
 	Unblind  unblindData  `json:"unblind"`
 }
 
+type onionMessageJsonTestCase struct {
+	Generate generateOnionMessageData `json:"generate"`
+	Route    routeOnionMessageData    `json:"route"`
+	// OnionMessage onionMessageData        `json:"onionmessage"`
+	Decrypt decryptOnionMessageData `json:"decrypt"`
+}
+
 type routeData struct {
 	IntroductionNodeID string       `json:"introduction_node_id"`
 	Blinding           string       `json:"blinding"`
 	Hops               []blindedHop `json:"hops"`
 }
 
+type routeOnionMessageData struct {
+	FirstNodeId  string                   `json:"first_node_id"`
+	FirstPathKey string                   `json:"first_path_key"`
+	Hops         []blindedOnionMessageHop `json:"hops"`
+}
+
 type unblindData struct {
 	Hops []unblindedHop `json:"hops"`
 }
@@ -249,6 +395,11 @@ type generateData struct {
 	Hops []hopData `json:"hops"`
 }
 
+type generateOnionMessageData struct {
+	SessionKey string                `json:"session_key"`
+	Hops       []hopOnionMessageData `json:"hops"`
+}
+
 type unblindedHop struct {
 	NodePrivKey         string `json:"node_privkey"`
 	EphemeralPubKey     string `json:"ephemeral_pubkey"`
@@ -262,11 +413,31 @@ type hopData struct {
 	EncodedTLVs string `json:"encoded_tlvs"`
 }
 
+type hopOnionMessageData struct {
+	PathKeySecret           string                  `json:"path_key_secret"`
+	EncodedOnionMessageTLVs encodedOnionMessageTLVs `json:"tlvs"`
+	EncryptedDataTlv        string                  `json:"encrypted_data_tlv"`
+	EphemeralPubKey         string                  `json:"E"`
+	NextEphemeralPrivKey    string                  `json:"next_e"`
+}
+
+type encodedOnionMessageTLVs struct {
+	NextNodeID            string `json:"next_node_id"`
+	NextPathKeyOverride   string `json:"next_path_key_override"`
+	PathKeyOverrideSecret string `json:"path_key_override_secret"`
+	PathID                string `json:"path_id"`
+}
+
 type blindedHop struct {
 	BlindedNodeID string `json:"blinded_node_id"`
 	EncryptedData string `json:"encrypted_data"`
 }
 
+type blindedOnionMessageHop struct {
+	BlindedNodeID          string `json:"blinded_node_id"`
+	EncryptedRecipientData string `json:"encrypted_recipient_data"`
+}
+
 func equalPubKeys(pkStr string, pk *btcec.PublicKey) bool {
 	return hex.EncodeToString(pk.SerializeCompressed()) == pkStr
 }