multi: validate contents in blinded data against payload

2025-08-31 17:51:33 +02:00 · 2024-04-02 15:20:25 -04:00
parent 03f6c5cd0a
commit ca6d414308
4 changed files with 110 additions and 1 deletions
--- a/htlcswitch/hop/payload.go
+++ b/htlcswitch/hop/payload.go
@@ -484,3 +484,37 @@ func ValidateBlindedRouteData(blindedData *record.BlindedRouteData,

 	return nil
 }
+
+// ValidatePayloadWithBlinded validates a payload against the contents of
+// its encrypted data blob.
+func ValidatePayloadWithBlinded(isFinalHop bool,
+	payloadParsed map[tlv.Type][]byte) error {
+
+	// Blinded routes restrict the presence of TLVs more strictly than
+	// regular routes, check that intermediate and final hops only have
+	// the TLVs the spec allows them to have.
+	allowedTLVs := map[tlv.Type]bool{
+		record.EncryptedDataOnionType: true,
+		record.BlindingPointOnionType: true,
+	}
+
+	if isFinalHop {
+		allowedTLVs[record.AmtOnionType] = true
+		allowedTLVs[record.LockTimeOnionType] = true
+		allowedTLVs[record.TotalAmtMsatBlindedType] = true
+	}
+
+	for tlvType := range payloadParsed {
+		if _, ok := allowedTLVs[tlvType]; ok {
+			continue
+		}
+
+		return ErrInvalidPayload{
+			Type:      tlvType,
+			Violation: IncludedViolation,
+			FinalHop:  isFinalHop,
+		}
+	}
+
+	return nil
+}