lightningd: don't return normal errors on blinded path entry, either.

This current spec is not strict enough: we might complain that the next peer is not connected, for example, which leaks information. So return WIRE_INVALID_ONION_BLINDING even if we're the first hop on the path, to be safe. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2025-02-21 22:31:48 +01:00 · 2022-11-09 12:00:10 +10:30 · 2022-11-09 12:00:10 +10:30 · 987df688ed
commit 987df688ed
parent 2760490d5d
2 changed files with 17 additions and 1 deletions
--- a/lightningd/peer_htlcs.c
+++ b/lightningd/peer_htlcs.c
@ -103,7 +103,9 @@ static struct failed_htlc *mk_failed_htlc_badonion(const tal_t *ctx,
 	 *    - MUST return `invalid_onion_blinding` for any local error or
 	 *      other downstream errors.
 	 */
-	if (hin->blinding)
+	/* FIXME: That's not enough!  Don't leak information about forward
+	 * failures either! */
+	if (hin->blinding || (hin->payload && hin->payload->blinding))
 		badonion = WIRE_INVALID_ONION_BLINDING;

 	f->id = hin->key.id;
@ -130,6 +132,17 @@ static struct failed_htlc *mk_failed_htlc(const tal_t *ctx,
 		return mk_failed_htlc_badonion(ctx, hin,
 					       WIRE_INVALID_ONION_BLINDING);
 	}
+
+	/* Also, at head of the blinded path, return "normal" invalid
+	 * onion blinding. */
+	if (hin->payload && hin->payload->blinding) {
+		struct sha256 sha;
+		sha256(&sha, hin->onion_routing_packet,
+		       sizeof(hin->onion_routing_packet));
+		failonion = create_onionreply(tmpctx, hin->shared_secret,
+					      towire_invalid_onion_blinding(tmpctx, &sha));
+	}
+
 	f->id = hin->key.id;
 	f->sha256_of_onion = NULL;
 	f->badonion = 0;
--- a/wallet/test/run-wallet.c
+++ b/wallet/test/run-wallet.c
@ -806,6 +806,9 @@ u8 *towire_incorrect_cltv_expiry(const tal_t *ctx UNNEEDED, u32 cltv_expiry UNNE
 /* Generated stub for towire_incorrect_or_unknown_payment_details */
 u8 *towire_incorrect_or_unknown_payment_details(const tal_t *ctx UNNEEDED, struct amount_msat htlc_msat UNNEEDED, u32 height UNNEEDED)
 { fprintf(stderr, "towire_incorrect_or_unknown_payment_details called!\n"); abort(); }
+/* Generated stub for towire_invalid_onion_blinding */
+u8 *towire_invalid_onion_blinding(const tal_t *ctx UNNEEDED, const struct sha256 *sha256_of_onion UNNEEDED)
+{ fprintf(stderr, "towire_invalid_onion_blinding called!\n"); abort(); }
 /* Generated stub for towire_invalid_onion_payload */
 u8 *towire_invalid_onion_payload(const tal_t *ctx UNNEEDED, bigsize type UNNEEDED, u16 offset UNNEEDED)
 { fprintf(stderr, "towire_invalid_onion_payload called!\n"); abort(); }