fixup! sphinx_test: add blinded onion message test

gijswijs · gijswijs · commit e0210d7a3c35 · 2025-07-23T18:06:44.000+02:00
diff --git a/path_test.go b/path_test.go
@@ -17,6 +17,14 @@ const (
 	blindedOnionMessageOnionTestFileName = "testdata/blinded-onion-message-onion-test.json"
 )
 
+var (
+	// bolt4PubKeys contains the public keys used in the Bolt 4 spec test
+	// vectors. We convert them variables named after the commonly used
+	// names in cryptography.
+	alicePubKey = bolt4PubKeys[0]
+	bobPubKey   = bolt4PubKeys[1]
+)
+
 // TestBuildBlindedRoute tests BuildBlindedRoute and decryptBlindedHopData against
 // the spec test vectors.
 func TestBuildBlindedRoute(t *testing.T) {
@@ -118,8 +126,35 @@ func TestBuildBlindedRoute(t *testing.T) {
 	}
 }
 
-// TestBuildOnionMessageBlindedRoute tests BuildBlindedRoute,
-// decryptBlindedHopData and NextEphemeral against the spec test vectors.
+// TestBuildOnionMessageBlindedRoute tests the construction of a blinded route
+// for an onion message, specifically the concatenation of two blinded paths,
+// against the spec test vectors in `blinded-onion-message-onion-test.json`. It
+// verifies the correctness of BuildBlindedPath, decryptBlindedHopData, and
+// NextEphemeral.
+//
+// The test setup involves several parties and two distinct blinded paths that
+// are combined to form the full route:
+//
+//  1. Path from Dave: Dave (the receiver) first constructs a blinded path for a
+//     message to be sent from Bob to himself (Dave).
+//     The path is: Bob -> Carol -> Dave
+//
+//  2. Path from Sender: Dave gives his blinded path to a Sender. The Sender
+//     then creates their own blinded path from themselves to Bob, passing
+//     through Alice. The path is: Sender -> Alice -> Bob
+//
+//  3. Path Concatenation: The Sender prepends their path to Dave's path,
+//     creating a final, concatenated route:
+//     Sender -> Alice -> Bob -> Carol ->  Dave
+//     To link the two paths, the Sender includes a `next_path_key_override`
+//     in the payload for Alice. This override is set to the first path key
+//     (blinding point) of Dave's path, instructing Alice to use it for the next
+//     hop (Bob) instead of the key that she could derive herself.
+//
+// The test then asserts that the generated concatenated path matches the test
+// vector's expected route. Finally, it simulates the decryption process at each
+// hop, verifying that each node can correctly decrypt its payload and derive
+// the correct next ephemeral key.
 func TestBuildOnionMessageBlindedRoute(t *testing.T) {
 	t.Parallel()
 
@@ -128,43 +163,50 @@ func TestBuildOnionMessageBlindedRoute(t *testing.T) {
 	require.NoError(t, err)
 
 	// Once we have the raw file, we'll unpack it into our
-	// blindingJsonTestCase struct defined below.
+	// onionMessageJsonTestCase struct defined below.
 	testCase := &onionMessageJsonTestCase{}
 	require.NoError(t, json.Unmarshal(jsonBytes, testCase))
 	require.Len(t, testCase.Generate.Hops, 4)
 
 	// buildMessagePath is a helper closure used to convert
 	// hopOnionMessageData objects into HopInfo objects.
-	buildMessagePath := func(h []hopOnionMessageData, e string) []*HopInfo {
+	buildMessagePath := func(h []hopOnionMessageData,
+		initialHopID string) []*HopInfo {
+
 		path := make([]*HopInfo, len(h))
-		currentHop := e
+		// The json test vector doesn't properly specify the current
+		// node id, so we need the initial Node ID as a starting point.
+		currentHop := initialHopID
 		for i, hop := range h {
-			// The json test vector only specifies the current node
-			// ID as the next node id in the payload of the previous
-			// node, so we get that from the previous hop.
-			nodeIDStr, _ := hex.DecodeString(
-				currentHop,
-			)
-			nodeID, _ := btcec.ParsePubKey(nodeIDStr)
-			payload, _ := hex.DecodeString(hop.EncryptedDataTlv)
+			nodeIDStr, err := hex.DecodeString(currentHop)
+			require.NoError(t, err)
+			nodeID, err := btcec.ParsePubKey(nodeIDStr)
+			require.NoError(t, err)
+			payload, err := hex.DecodeString(hop.EncryptedDataTlv)
+			require.NoError(t, err)
 
 			path[i] = &HopInfo{
 				NodePub:   nodeID,
 				PlainText: payload,
 			}
+
+			// The json test vector doesn't properly specify the
+			// current node id. It does specify the next node id. So
+			// to get the current node id for the next iteration, we
+			// get the next node id here.
 			currentHop = hop.EncodedOnionMessageTLVs.NextNodeID
 		}
 		return path
 	}
 
 	// First, Dave will build a blinded path from Bob to itself.
-	DaveSessKey := privKeyFromString(
+	daveSessKey := privKeyFromString(
 		testCase.Generate.Hops[1].PathKeySecret,
 	)
 	daveBobPath := buildMessagePath(
-		testCase.Generate.Hops[1:], bolt4PubKeys[1],
+		testCase.Generate.Hops[1:], bobPubKey,
 	)
-	pathDB, err := BuildBlindedPath(DaveSessKey, daveBobPath)
+	daveBobBlindedPath, err := BuildBlindedPath(daveSessKey, daveBobPath)
 	require.NoError(t, err)
 
 	// At this point, Dave will give his blinded path to the Sender who will
@@ -174,21 +216,27 @@ func TestBuildOnionMessageBlindedRoute(t *testing.T) {
 	// to the first path key in Dave's blinded route. This will indicate to
 	// Alice that she should use this point for the next path key instead of
 	// the next path key that she derives.
+	// Path created by Dave: Bob -> Carol -> Dave
+	// Path that the Sender will build: Sender -> Alice -> Bob
 	aliceBobPath := buildMessagePath(
-		testCase.Generate.Hops[:1], bolt4PubKeys[0],
+		testCase.Generate.Hops[:1], alicePubKey,
 	)
 	senderSessKey := privKeyFromString(
 		testCase.Generate.Hops[0].PathKeySecret,
 	)
-	pathAB, err := BuildBlindedPath(senderSessKey, aliceBobPath)
+	aliceBobBlindedPath, err := BuildBlindedPath(
+		senderSessKey, aliceBobPath,
+	)
 	require.NoError(t, err)
 
 	// Construct the concatenated path.
 	path := &BlindedPath{
-		IntroductionPoint: pathAB.Path.IntroductionPoint,
-		BlindingPoint:     pathAB.Path.BlindingPoint,
-		BlindedHops: append(pathAB.Path.BlindedHops,
-			pathDB.Path.BlindedHops...),
+		IntroductionPoint: aliceBobBlindedPath.Path.IntroductionPoint,
+		BlindingPoint:     aliceBobBlindedPath.Path.BlindingPoint,
+		BlindedHops: append(
+			aliceBobBlindedPath.Path.BlindedHops,
+			daveBobBlindedPath.Path.BlindedHops...,
+		),
 	}
 
 	// Check that the constructed path is equal to the test vector path.
@@ -205,19 +253,15 @@ func TestBuildOnionMessageBlindedRoute(t *testing.T) {
 		))
 
 		data, _ := hex.DecodeString(hop.EncryptedRecipientData)
-		require.True(
-			t, bytes.Equal(data, path.BlindedHops[i].CipherText),
-		)
+		require.Equal(t, data, path.BlindedHops[i].CipherText)
 	}
 
 	// Assert that each hop is able to decode the encrypted data meant for
 	// it.
 	for i, hop := range testCase.Decrypt.Hops {
 		genData := testCase.Generate.Hops[i]
 		priv := privKeyFromString(hop.PrivKey)
-		ephem := pubKeyFromString(
-			genData.EphemeralPubKey,
-		)
+		ephem := pubKeyFromString(genData.EphemeralPubKey)
 
 		// Now we'll decrypt the blinded hop data using the private key
 		// and the ephemeral public key.
@@ -227,9 +271,9 @@ func TestBuildOnionMessageBlindedRoute(t *testing.T) {
 		)
 		require.NoError(t, err)
 
-		// check if the decrypted data is what we expect it to be.
-		decoded, _ := hex.DecodeString(genData.EncryptedDataTlv)
-		require.True(t, bytes.Equal(data, decoded))
+		// Check if the decrypted data is what we expect it to be.
+		dataExpected, _ := hex.DecodeString(genData.EncryptedDataTlv)
+		require.Equal(t, data, dataExpected)
 
 		nextEphem, err := NextEphemeral(&PrivKeyECDH{priv}, ephem)
 		require.NoError(t, err)
