Add a MessageContext::DNSResolution to protect against probing

TheBlueMatt · TheBlueMatt · commit 96cdae06e726 · 2024-07-15T19:21:06.000Z
When we make a DNSSEC query with a reply path, we don't want to
allow the DNS resolver to attempt to respond to various nodes to
try to detect (through timining or other analysis) whether we were
the one who made the query. Thus, we need to include a nonce in the
context in our reply path, which we set up here by creating a new
context type for DNS resolutions.
diff --git a/lightning/src/blinded_path/message.rs b/lightning/src/blinded_path/message.rs
@@ -92,20 +92,25 @@ impl Writeable for ReceiveTlvs {
 /// whenever the [`BlindedPath`] is used.
 /// The recipient can authenticate the message and utilize it for further processing
 /// if needed.
-#[derive(Clone, Debug)]
+#[derive(Clone, Debug, Hash, PartialEq, Eq)]
 pub enum MessageContext {
 	/// Represents the data specific to [`OffersMessage`]
 	///
 	/// [`OffersMessage`]: crate::onion_message::offers::OffersMessage
 	Offers(OffersContext),
+	/// Represents a context for a blinded path used in a reply path when requesting a DNSSEC proof
+	/// in a [`DNSResolverMessage`].
+	///
+	/// [`DNSResolverMessage`]: crate::onion_message::dns_resolution::DNSResolverMessage
+	DNSResolver(DNSResolverContext),
 	/// Represents custom data received in a Custom Onion Message.
 	Custom(Vec<u8>),
 }
 
 /// Contains the data specific to [`OffersMessage`]
 ///
 /// [`OffersMessage`]: crate::onion_message::offers::OffersMessage
-#[derive(Clone, Debug)]
+#[derive(Clone, Debug, Hash, PartialEq, Eq)]
 pub enum OffersContext {
 	/// Represents an unknown BOLT12 payment context.
 	/// This variant is used when a message is sent without
@@ -122,6 +127,7 @@ pub enum OffersContext {
 impl_writeable_tlv_based_enum!(MessageContext, ;
 	(0, Offers),
 	(1, Custom),
+	(3, DNSResolver),
 );
 
 impl_writeable_tlv_based_enum!(OffersContext,
@@ -131,6 +137,24 @@ impl_writeable_tlv_based_enum!(OffersContext,
 	},
 ;);
 
+/// Contains a simple nonce for use in a blinded path's context.
+///
+/// Such a context is required when receiving a [`DNSSECProof`] message.
+///
+/// [`DNSSECProof`]: crate::onion_message::dns_resolution::DNSSECProof
+#[derive(Clone, Debug, Hash, PartialEq, Eq)]
+pub struct DNSResolverContext {
+	/// A nonce which uniquely describes a DNS resolution.
+	///
+	/// When we receive a DNSSEC proof message, we should check that it was sent over the blinded
+	/// path we included in the request by comparing a stored nonce with this one.
+	pub nonce: [u8; 16],
+}
+
+impl_writeable_tlv_based!(DNSResolverContext, {
+	(0, nonce, required),
+});
+
 /// Construct blinded onion message hops for the given `intermediate_nodes` and `recipient_node_id`.
 pub(super) fn blinded_hops<T: secp256k1::Signing + secp256k1::Verification>(
 	secp_ctx: &Secp256k1<T>, intermediate_nodes: &[ForwardNode], recipient_node_id: PublicKey,
diff --git a/lightning/src/ln/peer_handler.rs b/lightning/src/ln/peer_handler.rs
@@ -18,7 +18,7 @@
 use bitcoin::blockdata::constants::ChainHash;
 use bitcoin::secp256k1::{self, Secp256k1, SecretKey, PublicKey};
 
-use crate::blinded_path::message::OffersContext;
+use crate::blinded_path::message::{DNSResolverContext, OffersContext};
 use crate::sign::{NodeSigner, Recipient};
 use crate::events::{MessageSendEvent, MessageSendEventsProvider};
 use crate::ln::types::ChannelId;
@@ -163,7 +163,7 @@ impl DNSResolverMessageHandler for IgnoringMessageHandler {
 	) -> ResponseInstruction<DNSResolverMessage> {
 		ResponseInstruction::NoResponse
 	}
-	fn dnssec_proof(&self, _message: DNSSECProof) {}
+	fn dnssec_proof(&self, _message: DNSSECProof, _context: DNSResolverContext) {}
 }
 impl CustomOnionMessageHandler for IgnoringMessageHandler {
 	type CustomMessage = Infallible;
diff --git a/lightning/src/onion_message/dns_resolution.rs b/lightning/src/onion_message/dns_resolution.rs
@@ -17,6 +17,7 @@
 
 use dnssec_prover::rr::Name;
 
+use crate::blinded_path::message::DNSResolverContext;
 use crate::io;
 use crate::ln::msgs::DecodeError;
 use crate::onion_message::messenger::{PendingOnionMessage, Responder, ResponseInstruction};
@@ -39,7 +40,7 @@ pub trait DNSResolverMessageHandler {
 	/// Handle a [`DNSSECProof`] message (in response to a [`DNSSECQuery`] we presumably sent).
 	///
 	/// With this, we should be able to validate the DNS record we requested.
-	fn dnssec_proof(&self, message: DNSSECProof);
+	fn dnssec_proof(&self, message: DNSSECProof, context: DNSResolverContext);
 
 	/// Release any [`DNSResolverMessage`]s that need to be sent.
 	#[cfg(not(c_bindings))]
diff --git a/lightning/src/onion_message/functional_tests.rs b/lightning/src/onion_message/functional_tests.rs
@@ -10,7 +10,7 @@
 //! Onion message testing and test utilities live here.
 
 use crate::blinded_path::{BlindedPath, EmptyNodeIdLookUp};
-use crate::blinded_path::message::{ForwardNode, MessageContext, OffersContext};
+use crate::blinded_path::message::{DNSResolverContext, ForwardNode, MessageContext, OffersContext};
 use crate::events::{Event, EventsProvider};
 use crate::ln::features::{ChannelFeatures, InitFeatures};
 use crate::ln::msgs::{self, DecodeError, OnionMessageHandler};
@@ -102,7 +102,7 @@ impl DNSResolverMessageHandler for TestDNSResolverMessageHandler {
 	) -> ResponseInstruction<DNSResolverMessage> {
 		ResponseInstruction::NoResponse
 	}
-	fn dnssec_proof(&self, _message: DNSSECProof) {}
+	fn dnssec_proof(&self, _message: DNSSECProof, _context: DNSResolverContext) {}
 }
 
 #[derive(Clone, Debug, PartialEq)]
diff --git a/lightning/src/onion_message/messenger.rs b/lightning/src/onion_message/messenger.rs
@@ -975,6 +975,9 @@ where
 				(ParsedOnionMessageContents::Custom(_), Some(MessageContext::Custom(_))) => {
 					Ok(PeeledOnion::Receive(message, context, reply_path))
 				}
+				(ParsedOnionMessageContents::DNSResolver(_), Some(MessageContext::DNSResolver(_))) => {
+					Ok(PeeledOnion::Receive(message, context, reply_path))
+				}
 				_ => {
 					log_trace!(logger, "Received message was sent on a blinded path with the wrong context.");
 					Err(())
@@ -1480,7 +1483,7 @@ where
 						let context = match context {
 							None => OffersContext::Unknown {},
 							Some(MessageContext::Offers(context)) => context,
-							Some(MessageContext::Custom(_)) => {
+							Some(_) => {
 								debug_assert!(false, "Shouldn't have triggered this case.");
 								return
 							}
@@ -1504,13 +1507,17 @@ where
 						let _ = self.handle_onion_message_response(response);
 					},
 					ParsedOnionMessageContents::DNSResolver(DNSResolverMessage::DNSSECProof(msg)) => {
-						self.dns_resolver_handler.dnssec_proof(msg);
+						let context = match context {
+							Some(MessageContext::DNSResolver(context)) => context,
+							_ => return,
+						};
+						self.dns_resolver_handler.dnssec_proof(msg, context);
 					},
 					ParsedOnionMessageContents::Custom(msg) => {
 						let context = match context {
 							None => None,
 							Some(MessageContext::Custom(data)) => Some(data),
-							Some(MessageContext::Offers(_)) => {
+							Some(_) => {
 								debug_assert!(false, "Shouldn't have triggered this case.");
 								return
 							}
