From: Valentine Wallace <vwallace@protonmail.com>
Date: Tue, 24 Oct 2023 20:45:24 +0000 (-0400)
Subject: Fix blinded recipient fail on receive reqs violation
X-Git-Tag: v0.0.119~9^2~9
X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=eca4dc0799889432bfd2a65d763074f38000ffce;p=rust-lightning

Fix blinded recipient fail on receive reqs violation

If a blinded HTLC does not satisfy the receiver's requirements, e.g. bad CLTV
or amount, they should malformed-fail backwards with error code
INVALID_ONION_BLINDING and a zeroed out onion hash per BOLt 4.
---

diff --git a/lightning/src/ln/blinded_payment_tests.rs b/lightning/src/ln/blinded_payment_tests.rs
index 2ac66d5e..72df4e15 100644
--- a/lightning/src/ln/blinded_payment_tests.rs
+++ b/lightning/src/ln/blinded_payment_tests.rs
@@ -464,12 +464,16 @@ enum ReceiveCheckFail {
 	RecipientFail,
 	// Failure to decode the recipient's onion payload.
 	OnionDecodeFail,
+	// The incoming HTLC did not satisfy our requirements; in this case it underpaid us according to
+	// the expected receive amount in the onion.
+	ReceiveRequirements,
 }
 
 #[test]
 fn multi_hop_receiver_fail() {
 	do_multi_hop_receiver_fail(ReceiveCheckFail::RecipientFail);
 	do_multi_hop_receiver_fail(ReceiveCheckFail::OnionDecodeFail);
+	do_multi_hop_receiver_fail(ReceiveCheckFail::ReceiveRequirements);
 }
 
 fn do_multi_hop_receiver_fail(check: ReceiveCheckFail) {
@@ -554,7 +558,14 @@ fn do_multi_hop_receiver_fail(check: ReceiveCheckFail) {
 			nodes[2].node.handle_update_add_htlc(&nodes[1].node.get_our_node_id(), update_add);
 			check_added_monitors!(nodes[2], 0);
 			do_commitment_signed_dance(&nodes[2], &nodes[1], &payment_event_1_2.commitment_msg, true, true);
-		}
+		},
+		ReceiveCheckFail::ReceiveRequirements => {
+			let update_add = &mut payment_event_1_2.msgs[0];
+			update_add.amount_msat -= 1;
+			nodes[2].node.handle_update_add_htlc(&nodes[1].node.get_our_node_id(), update_add);
+			check_added_monitors!(nodes[2], 0);
+			do_commitment_signed_dance(&nodes[2], &nodes[1], &payment_event_1_2.commitment_msg, true, true);
+		},
 	}
 
 	let updates_2_1 = get_htlc_update_msgs!(nodes[2], nodes[1].node.get_our_node_id());
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
index bf02015f..153e3991 100644
--- a/lightning/src/ln/channelmanager.rs
+++ b/lightning/src/ln/channelmanager.rs
@@ -3192,6 +3192,16 @@ where
 				{
 					let logger = WithContext::from(&self.logger, Some(*counterparty_node_id), Some(msg.channel_id));
 					log_info!(logger, "Failed to accept/forward incoming HTLC: {}", $msg);
+					if msg.blinding_point.is_some() {
+						return PendingHTLCStatus::Fail(HTLCFailureMsg::Malformed(
+							msgs::UpdateFailMalformedHTLC {
+								channel_id: msg.channel_id,
+								htlc_id: msg.htlc_id,
+								sha256_of_onion: [0; 32],
+								failure_code: INVALID_ONION_BLINDING,
+							}
+						))
+					}
 					return PendingHTLCStatus::Fail(HTLCFailureMsg::Relay(msgs::UpdateFailHTLC {
 						channel_id: msg.channel_id,
 						htlc_id: msg.htlc_id,