From cc798a8c3a6896d3aac021fc69057127c910e678 Mon Sep 17 00:00:00 2001 From: Jeffrey Czyz Date: Thu, 14 Dec 2023 21:19:57 -0600 Subject: [PATCH] Use one-hop blinded paths only for announced nodes To avoid exposing a node's identity in a blinded path, only create one-hop blinded paths if the node has been announced, and thus has public channels. Otherwise, there is no way to route a payment to the node, exposing its identity needlessly. --- lightning/src/onion_message/messenger.rs | 14 +++++++++----- lightning/src/routing/router.rs | 8 ++++++-- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/lightning/src/onion_message/messenger.rs b/lightning/src/onion_message/messenger.rs index c0db6096b99..7743270e257 100644 --- a/lightning/src/onion_message/messenger.rs +++ b/lightning/src/onion_message/messenger.rs @@ -350,16 +350,16 @@ where const MIN_PEER_CHANNELS: usize = 3; let network_graph = self.network_graph.deref().read_only(); - let paths = peers.into_iter() + let paths = peers.iter() // Limit to peers with announced channels .filter(|pubkey| network_graph - .node(&NodeId::from_pubkey(&pubkey)) + .node(&NodeId::from_pubkey(pubkey)) .map(|info| &info.channels[..]) .map(|channels| channels.len() >= MIN_PEER_CHANNELS) .unwrap_or(false) ) - .map(|pubkey| vec![pubkey, recipient]) + .map(|pubkey| vec![*pubkey, recipient]) .map(|node_pks| BlindedPath::new_for_message(&node_pks, entropy_source, secp_ctx)) .take(MAX_PATHS) .collect::, _>>(); @@ -367,8 +367,12 @@ where match paths { Ok(paths) if !paths.is_empty() => Ok(paths), _ => { - BlindedPath::one_hop_for_message(recipient, entropy_source, secp_ctx) - .map(|path| vec![path]) + if network_graph.nodes().contains_key(&NodeId::from_pubkey(&recipient)) { + BlindedPath::one_hop_for_message(recipient, entropy_source, secp_ctx) + .map(|path| vec![path]) + } else { + Err(()) + } }, } } diff --git a/lightning/src/routing/router.rs b/lightning/src/routing/router.rs index 136b79a53be..ea0e681b0fe 100644 --- a/lightning/src/routing/router.rs +++ b/lightning/src/routing/router.rs @@ -153,8 +153,12 @@ impl> + Clone, L: Deref, S: Deref, SP: Sized, match paths { Ok(paths) if !paths.is_empty() => Ok(paths), _ => { - BlindedPath::one_hop_for_payment(recipient, tlvs, entropy_source, secp_ctx) - .map(|path| vec![path]) + if network_graph.nodes().contains_key(&NodeId::from_pubkey(&recipient)) { + BlindedPath::one_hop_for_payment(recipient, tlvs, entropy_source, secp_ctx) + .map(|path| vec![path]) + } else { + Err(()) + } }, } }