Use one-hop blinded paths only for announced nodes

To avoid exposing a node's identity in a blinded path, only create
one-hop blinded paths if the node has been announced, and thus has
public channels. Otherwise, there is no way to route a payment to the
node, exposing its identity needlessly.

diff --git a/lightning/src/onion_message/messenger.rs b/lightning/src/onion_message/messenger.rs
index c0db6096b995744c8dac86a90031eb8982ece9a6..7743270e257b039301b4eaa9cdab681e242590b3 100644 (file)
--- a/lightning/src/onion_message/messenger.rs
+++ b/lightning/src/onion_message/messenger.rs
@@ -350,16 +350,16 @@ where
                const MIN_PEER_CHANNELS: usize = 3;
 
                let network_graph = self.network_graph.deref().read_only();
-               let paths = peers.into_iter()
+               let paths = peers.iter()
                        // Limit to peers with announced channels
                        .filter(|pubkey|
                                network_graph
-                                       .node(&NodeId::from_pubkey(&pubkey))
+                                       .node(&NodeId::from_pubkey(pubkey))
                                        .map(|info| &info.channels[..])
                                        .map(|channels| channels.len() >= MIN_PEER_CHANNELS)
                                        .unwrap_or(false)
                        )
-                       .map(|pubkey| vec![pubkey, recipient])
+                       .map(|pubkey| vec![*pubkey, recipient])
                        .map(|node_pks| BlindedPath::new_for_message(&node_pks, entropy_source, secp_ctx))
                        .take(MAX_PATHS)
                        .collect::<Result<Vec<_>, _>>();
@@ -367,8 +367,12 @@ where
                match paths {
                        Ok(paths) if !paths.is_empty() => Ok(paths),
                        _ => {
-                               BlindedPath::one_hop_for_message(recipient, entropy_source, secp_ctx)
-                                       .map(|path| vec![path])
+                               if network_graph.nodes().contains_key(&NodeId::from_pubkey(&recipient)) {
+                                       BlindedPath::one_hop_for_message(recipient, entropy_source, secp_ctx)
+                                               .map(|path| vec![path])
+                               } else {
+                                       Err(())
+                               }
                        },
                }
        }

diff --git a/lightning/src/routing/router.rs b/lightning/src/routing/router.rs
index 08c57266cb52e7101a94ba25fac77bcd73c75db0..86c42841027b8320dee54ffc230cae3384d6bd0b 100644 (file)
--- a/lightning/src/routing/router.rs
+++ b/lightning/src/routing/router.rs
@@ -153,8 +153,12 @@ impl<G: Deref<Target = NetworkGraph<L>> + Clone, L: Deref, S: Deref, SP: Sized,
                match paths {
                        Ok(paths) if !paths.is_empty() => Ok(paths),
                        _ => {
-                               BlindedPath::one_hop_for_payment(recipient, tlvs, entropy_source, secp_ctx)
-                                       .map(|path| vec![path])
+                               if network_graph.nodes().contains_key(&NodeId::from_pubkey(&recipient)) {
+                                       BlindedPath::one_hop_for_payment(recipient, tlvs, entropy_source, secp_ctx)
+                                               .map(|path| vec![path])
+                               } else {
+                                       Err(())
+                               }
                        },
                }
        }