sphinx_test: add test for blinded route processing

gijswijs · gijswijs · commit 58458e8dd113 · 2025-07-25T14:27:17.000+02:00
We add TestOnionMessageRouteBlinding which verifies that the onion
message packet from the test vector can be processed correctly by the
nodes in a blinded route.
diff --git a/path_test.go b/path_test.go
@@ -375,6 +375,121 @@ func TestOnionRouteBlinding(t *testing.T) {
 	}
 }
 
+// TestOnionMessageRouteBlinding tests that an onion message packet can
+// correctly be processed by a node in a blinded route.
+func TestOnionMessageRouteBlinding(t *testing.T) {
+	t.Parallel()
+
+	// First, we'll read out the raw Json file at the target location.
+	jsonBytes, err := os.ReadFile(blindedOnionMessageOnionTestFileName)
+	require.NoError(t, err)
+
+	// Once we have the raw file, we'll unpack it into our
+	// onionMessageJsonTestCase struct defined above.
+	testCase := &onionMessageJsonTestCase{}
+	require.NoError(t, json.Unmarshal(jsonBytes, testCase))
+
+	// Extract the original onion message packet to be processed.
+	onion, err := hex.DecodeString(testCase.OnionMessage.OnionMessagePacket)
+	require.NoError(t, err)
+
+	onionBytes := bytes.NewReader(onion)
+	onionPacket := &OnionPacket{}
+	require.NoError(t, onionPacket.Decode(onionBytes))
+
+	// peelOnion is a helper closure that can be used to set up a Router
+	// and use it to process the given onion packet.
+	peelOnion := func(key *btcec.PrivateKey,
+		blindingPoint *btcec.PublicKey,
+		onionPacket *OnionPacket) *ProcessedPacket {
+
+		r := NewRouter(&PrivKeyECDH{PrivKey: key}, NewMemoryReplayLog())
+
+		require.NoError(t, r.Start())
+		defer r.Stop()
+
+		res, err := r.ProcessOnionPacket(
+			onionPacket, nil, 10,
+			WithBlindingPoint(blindingPoint),
+		)
+		require.NoError(t, err)
+
+		return res
+	}
+
+	hops := testCase.Generate.Hops
+
+	// There are some things that the processor of the onion packet will
+	// only be able to determine from the actual contents of the encrypted
+	// data it receives. These things include the next_blinding_point for
+	// the introduction point and the next_blinding_override. The decryption
+	// of this data is dependent on the encoding chosen by higher layers.
+	// The test uses TLVs. Since the extraction of this data is dependent
+	// on layers outside the scope of this library, we provide handle these
+	// cases manually for the sake of the test.
+	var (
+		firstBlinding    = pubKeyFromString(testCase.Route.FirstPathKey)
+		concatIndex      = 1
+		blindingOverride = pubKeyFromString(
+			hops[0].EncodedOnionMessageTLVs.NextPathKeyOverride,
+		)
+	)
+
+	// Onion message routes are always entirely blinded, so
+	// the first hop will always use the first blinding
+	// point.
+	blindingPoint := firstBlinding
+	currentOnionPacket := onionPacket
+	for i, hop := range testCase.Decrypt.Hops {
+		// We encode the onion message packet to a buffer at each hop to
+		// compare it to the onion message packet in the test vector.
+		buff := bytes.NewBuffer(nil)
+		require.NoError(t, currentOnionPacket.Encode(buff))
+
+		// hop.OnionMessage contains the onion_message hex string. This
+		// contains the type 513 (two bytes), the path_key (33 bytes)
+		// and the length of the onion_message_packet (two bytes). We
+		// are only interested in the onion_message_packet so we only
+		// check that part. 2 + 33 + 2 = 37 bytes, so we skip the first
+		// 37 bytes, which equals 74 hex characters.
+		const onionMessageHexHeaderLen = 74
+
+		require.Equal(
+			t, hop.OnionMessage[onionMessageHexHeaderLen:],
+			hex.EncodeToString(buff.Bytes()),
+		)
+
+		priv := privKeyFromString(hop.PrivKey)
+
+		if i == concatIndex {
+			blindingPoint = blindingOverride
+		}
+
+		// With peelOnion we call into ProcessOnionPacket (with the
+		// functional option WithBlindingPoint) and we expect that the
+		// onion message packet for this hop is processed without error,
+		// otherwise peelOnion fails the test.
+		processedPkt := peelOnion(
+			priv, blindingPoint, currentOnionPacket,
+		)
+
+		// We derive the next blinding point from the current blinding
+		// point and the private key of the current hop. The new
+		// blindingPoint will be used to peel the next hop's onion
+		// unless it is overridden by a blinding override.
+		blindingPoint, err = NextEphemeral(
+			&PrivKeyECDH{priv}, blindingPoint,
+		)
+		require.NoError(t, err)
+
+		// We set the current onion packet to the next packet in the
+		// processed packet. This is the packet that the next hop will
+		// process. During the next iteration we will run all the above
+		// checks on this packet.
+		currentOnionPacket = processedPkt.NextPacket
+	}
+}
+
 type onionBlindingJsonTestCase struct {
 	Generate generateOnionData `json:"generate"`
 	Decrypt  decryptData       `json:"decrypt"`
@@ -413,10 +528,10 @@ type blindingJsonTestCase struct {
 }
 
 type onionMessageJsonTestCase struct {
-	Generate generateOnionMessageData `json:"generate"`
-	Route    routeOnionMessageData    `json:"route"`
-	// OnionMessage onionMessageData        `json:"onionmessage"`
-	Decrypt decryptOnionMessageData `json:"decrypt"`
+	Generate     generateOnionMessageData `json:"generate"`
+	Route        routeOnionMessageData    `json:"route"`
+	OnionMessage onionMessageData         `json:"onionmessage"`
+	Decrypt      decryptOnionMessageData  `json:"decrypt"`
 }
 
 type routeData struct {
@@ -431,6 +546,10 @@ type routeOnionMessageData struct {
 	Hops         []blindedOnionMessageHop `json:"hops"`
 }
 
+type onionMessageData struct {
+	OnionMessagePacket string `json:"onion_message_packet"`
+}
+
 type unblindData struct {
 	Hops []unblindedHop `json:"hops"`
 }
