htlcswitch: split parsing and validation of TLV payloads

When handling blinded errors, we need to know whether there was a blinding key in our payload when we successfully parsed our payload but then found an invalid set of fields. The combination of parsing and validation in NewPayloadFromReader means that we don't know whether a blinding point was available to us by the time the error is returned. This commit splits parsing and validation into two functions so that we can take a look at what we actually pulled of the payload in between parsing and TLV validation.
2025-09-18 19:41:21 +02:00 · 2024-04-23 11:27:14 -04:00
parent 4d051b4170
commit b81a6f3d2f
4 changed files with 63 additions and 42 deletions
--- a/htlcswitch/hop/iterator.go
+++ b/htlcswitch/hop/iterator.go
@@ -112,14 +112,20 @@ func (r *sphinxHopIterator) HopPayload() (*Payload, error) {
 	// to decode only what we need to make routing decisions.
 	case sphinx.PayloadTLV:
 		isFinal := r.processedPacket.Action == sphinx.ExitNode
-		payload, parsed, err := NewPayloadFromReader(
+		payload, parsed, err := ParseTLVPayload(
 			bytes.NewReader(r.processedPacket.Payload.Payload),
-			isFinal, r.blindingKit.UpdateAddBlinding.IsSome(),
 		)
 		if err != nil {
 			return nil, err
 		}

+		if err := ValidateTLVPayload(
+			parsed, isFinal,
+			r.blindingKit.UpdateAddBlinding.IsSome(),
+		); err != nil {
+			return nil, err
+		}
+
 		// If we had an encrypted data payload present, pull out our
 		// forwarding info from the blob.
 		if payload.encryptedData != nil {