From: Matt Corallo Date: Mon, 30 Sep 2024 14:45:36 +0000 (+0000) Subject: Add a `MessageContext::DNSResolution` to protect against probing X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=151a8a1aaf828195a5198b64a97a08c645dc9b60;p=rust-lightning Add a `MessageContext::DNSResolution` to protect against probing When we make a DNSSEC query with a reply path, we don't want to allow the DNS resolver to attempt to respond to various nodes to try to detect (through timining or other analysis) whether we were the one who made the query. Thus, we need to include a nonce in the context in our reply path, which we set up here by creating a new context type for DNS resolutions. --- diff --git a/lightning/src/blinded_path/message.rs b/lightning/src/blinded_path/message.rs index 805d35a01..5b6b5fa6d 100644 --- a/lightning/src/blinded_path/message.rs +++ b/lightning/src/blinded_path/message.rs @@ -284,6 +284,9 @@ pub enum MessageContext { /// /// [`AsyncPaymentsMessage`]: crate::onion_message::async_payments::AsyncPaymentsMessage AsyncPayments(AsyncPaymentsContext), + /// Represents a context for a blinded path used in a reply path when requesting a DNSSEC proof + /// in a `DNSResolverMessage`. + DNSResolver(DNSResolverContext), /// Context specific to a [`CustomOnionMessageHandler::CustomMessage`]. /// /// [`CustomOnionMessageHandler::CustomMessage`]: crate::onion_message::messenger::CustomOnionMessageHandler::CustomMessage @@ -402,6 +405,7 @@ impl_writeable_tlv_based_enum!(MessageContext, {0, Offers} => (), {1, Custom} => (), {2, AsyncPayments} => (), + {3, DNSResolver} => (), ); impl_writeable_tlv_based_enum!(OffersContext, @@ -428,6 +432,22 @@ impl_writeable_tlv_based_enum!(AsyncPaymentsContext, }, ); +/// Contains a simple nonce for use in a blinded path's context. +/// +/// Such a context is required when receiving a `DNSSECProof` message. +#[derive(Clone, Debug, Hash, PartialEq, Eq)] +pub struct DNSResolverContext { + /// A nonce which uniquely describes a DNS resolution. + /// + /// When we receive a DNSSEC proof message, we should check that it was sent over the blinded + /// path we included in the request by comparing a stored nonce with this one. + pub nonce: [u8; 16], +} + +impl_writeable_tlv_based!(DNSResolverContext, { + (0, nonce, required), +}); + /// Construct blinded onion message hops for the given `intermediate_nodes` and `recipient_node_id`. pub(super) fn blinded_hops( secp_ctx: &Secp256k1, intermediate_nodes: &[MessageForwardNode],