From: Valentine Wallace Date: Thu, 9 Nov 2023 20:12:09 +0000 (-0500) Subject: Fail blinded received HTLCs if they violate PaymentConstraints X-Git-Tag: v0.0.119~9^2~5 X-Git-Url: http://git.bitcoin.ninja/?a=commitdiff_plain;h=41808037ac7111024fe5da30ea16e6c0bcc4c3d3;p=rust-lightning Fail blinded received HTLCs if they violate PaymentConstraints .. contained within their encrypted payload. --- diff --git a/lightning/src/ln/blinded_payment_tests.rs b/lightning/src/ln/blinded_payment_tests.rs index 0558de52e..9b580d1fa 100644 --- a/lightning/src/ln/blinded_payment_tests.rs +++ b/lightning/src/ln/blinded_payment_tests.rs @@ -22,7 +22,7 @@ use crate::ln::onion_utils; use crate::ln::onion_utils::INVALID_ONION_BLINDING; use crate::ln::outbound_payment::Retry; use crate::prelude::*; -use crate::routing::router::{PaymentParameters, RouteParameters}; +use crate::routing::router::{Payee, PaymentParameters, RouteParameters}; use crate::util::config::UserConfig; use crate::util::test_utils; @@ -505,6 +505,8 @@ enum ReceiveCheckFail { // The HTLC is successfully added to the inbound channel but fails receive checks in // process_pending_htlc_forwards. ProcessPendingHTLCsCheck, + // The HTLC violates the `PaymentConstraints` contained within the receiver's encrypted payload. + PaymentConstraints, } #[test] @@ -514,6 +516,7 @@ fn multi_hop_receiver_fail() { do_multi_hop_receiver_fail(ReceiveCheckFail::ReceiveRequirements); do_multi_hop_receiver_fail(ReceiveCheckFail::ChannelCheck); do_multi_hop_receiver_fail(ReceiveCheckFail::ProcessPendingHTLCsCheck); + do_multi_hop_receiver_fail(ReceiveCheckFail::PaymentConstraints); } fn do_multi_hop_receiver_fail(check: ReceiveCheckFail) { @@ -539,7 +542,7 @@ fn do_multi_hop_receiver_fail(check: ReceiveCheckFail) { Some(TEST_FINAL_CLTV as u16 - 2) } else { None }; let (_, payment_hash, payment_secret) = get_payment_preimage_hash(&nodes[2], Some(amt_msat), final_cltv_delta); - let route_params = get_blinded_route_parameters(amt_msat, payment_secret, + let mut route_params = get_blinded_route_parameters(amt_msat, payment_secret, nodes.iter().skip(1).map(|n| n.node.get_our_node_id()).collect(), &[&chan_upd_1_2], &chanmon_cfgs[2].keys_manager); @@ -548,7 +551,25 @@ fn do_multi_hop_receiver_fail(check: ReceiveCheckFail) { // Set the final CLTV expiry too low to trigger the failure in process_pending_htlc_forwards. route.paths[0].blinded_tail.as_mut().map(|bt| bt.excess_final_cltv_expiry_delta = TEST_FINAL_CLTV - 2); route - } else { + } else if check == ReceiveCheckFail::PaymentConstraints { + // Create a blinded path where the receiver's encrypted payload has an htlc_minimum_msat that is + // violated by `amt_msat`, and stick it in the route_params without changing the corresponding + // BlindedPayInfo (to ensure pathfinding still succeeds). + let high_htlc_min_bp = { + let mut high_htlc_minimum_upd = chan_upd_1_2.clone(); + high_htlc_minimum_upd.htlc_minimum_msat = amt_msat + 1000; + let high_htlc_min_params = get_blinded_route_parameters(amt_msat, payment_secret, + nodes.iter().skip(1).map(|n| n.node.get_our_node_id()).collect(), &[&high_htlc_minimum_upd], + &chanmon_cfgs[2].keys_manager); + if let Payee::Blinded { route_hints, .. } = high_htlc_min_params.payment_params.payee { + route_hints[0].1.clone() + } else { panic!() } + }; + if let Payee::Blinded { ref mut route_hints, .. } = route_params.payment_params.payee { + route_hints[0].1 = high_htlc_min_bp; + } else { panic!() } + find_route(&nodes[0], &route_params).unwrap() + } else { find_route(&nodes[0], &route_params).unwrap() }; node_cfgs[0].router.expect_find_route(route_params.clone(), Ok(route.clone())); @@ -643,6 +664,11 @@ fn do_multi_hop_receiver_fail(check: ReceiveCheckFail) { expect_pending_htlcs_forwardable_and_htlc_handling_failed_ignore!(nodes[2], vec![HTLCDestination::FailedPayment { payment_hash }]); check_added_monitors!(nodes[2], 1); + }, + ReceiveCheckFail::PaymentConstraints => { + nodes[2].node.handle_update_add_htlc(&nodes[1].node.get_our_node_id(), &payment_event_1_2.msgs[0]); + check_added_monitors!(nodes[2], 0); + do_commitment_signed_dance(&nodes[2], &nodes[1], &payment_event_1_2.commitment_msg, true, true); } } diff --git a/lightning/src/ln/onion_payment.rs b/lightning/src/ln/onion_payment.rs index c92c8fd24..8767e2500 100644 --- a/lightning/src/ln/onion_payment.rs +++ b/lightning/src/ln/onion_payment.rs @@ -33,6 +33,15 @@ pub struct InboundOnionErr { pub msg: &'static str, } +fn check_blinded_payment_constraints( + amt_msat: u64, cltv_expiry: u32, constraints: &PaymentConstraints +) -> Result<(), ()> { + if amt_msat < constraints.htlc_minimum_msat || + cltv_expiry > constraints.max_cltv_expiry + { return Err(()) } + Ok(()) +} + fn check_blinded_forward( inbound_amt_msat: u64, inbound_cltv_expiry: u32, payment_relay: &PaymentRelay, payment_constraints: &PaymentConstraints, features: &BlindedHopFeatures @@ -43,9 +52,8 @@ fn check_blinded_forward( let outgoing_cltv_value = inbound_cltv_expiry.checked_sub( payment_relay.cltv_expiry_delta as u32 ).ok_or(())?; - if inbound_amt_msat < payment_constraints.htlc_minimum_msat || - outgoing_cltv_value > payment_constraints.max_cltv_expiry - { return Err(()) } + check_blinded_payment_constraints(inbound_amt_msat, outgoing_cltv_value, payment_constraints)?; + if features.requires_unknown_bits_from(&BlindedHopFeatures::empty()) { return Err(()) } Ok((amt_to_forward, outgoing_cltv_value)) } @@ -122,8 +130,17 @@ pub(super) fn create_recv_pending_htlc_info( (payment_data, keysend_preimage, custom_tlvs, amt_msat, outgoing_cltv_value, payment_metadata, false), msgs::InboundOnionPayload::BlindedReceive { - amt_msat, total_msat, outgoing_cltv_value, payment_secret, intro_node_blinding_point, .. + amt_msat, total_msat, outgoing_cltv_value, payment_secret, intro_node_blinding_point, + payment_constraints, .. } => { + check_blinded_payment_constraints(amt_msat, cltv_expiry, &payment_constraints) + .map_err(|()| { + InboundOnionErr { + err_code: INVALID_ONION_BLINDING, + err_data: vec![0; 32], + msg: "Amount or cltv_expiry violated blinded payment constraints", + } + })?; let payment_data = msgs::FinalOnionHopData { payment_secret, total_msat }; (Some(payment_data), None, Vec::new(), amt_msat, outgoing_cltv_value, None, intro_node_blinding_point.is_none())