@@ -1120,17 +1120,29 @@ where
1120
1120
} ,
1121
1121
} ,
1122
1122
Ok ( (
1123
- Payload :: Forward ( ForwardControlTlvs :: Unblinded ( ForwardTlvs {
1124
- next_hop,
1125
- next_blinding_override,
1126
- } ) ) ,
1123
+ Payload :: Forward {
1124
+ control_tlvs :
1125
+ ForwardControlTlvs :: Unblinded ( ForwardTlvs { next_hop, next_blinding_override } ) ,
1126
+ control_tlvs_authenticated,
1127
+ } ,
1127
1128
Some ( ( next_hop_hmac, new_packet_bytes) ) ,
1128
1129
) ) => {
1129
1130
// TODO: we need to check whether `next_hop` is our node, in which case this is a dummy
1130
1131
// blinded hop and this onion message is destined for us. In this situation, we should keep
1131
1132
// unwrapping the onion layers to get to the final payload. Since we don't have the option
1132
1133
// of creating blinded paths with dummy hops currently, we should be ok to not handle this
1133
1134
// for now.
1135
+ if control_tlvs_authenticated {
1136
+ // TODO: When we start adding dummy hops, we should require the use of
1137
+ // authenticated control TLVs, as it prevents a DoS attack where someone builds a
1138
+ // blinded path to us which requires we decode hundreds of dummy hops only to find
1139
+ // that we don't actually have a message inside to read.
1140
+ // However, we should never accept a `control_tlvs_authenticated` packet which is
1141
+ // *not* a dummy blinded hop we added, though it shouldn't be possible to reach in
1142
+ // any case.
1143
+ log_trace ! ( logger, "Received an authenticated to-forward onion message" ) ;
1144
+ return Err ( ( ) ) ;
1145
+ }
1134
1146
let packet_pubkey = msg. onion_routing_packet . public_key ;
1135
1147
let new_pubkey_opt =
1136
1148
onion_utils:: next_hop_pubkey ( & secp_ctx, packet_pubkey, & onion_decode_ss) ;
@@ -2251,10 +2263,13 @@ fn packet_payloads_and_keys<
2251
2263
if num_unblinded_hops != 0 && unblinded_path_idx < num_unblinded_hops {
2252
2264
if let Some ( ss) = prev_control_tlvs_ss. take ( ) {
2253
2265
payloads. push ( (
2254
- Payload :: Forward ( ForwardControlTlvs :: Unblinded ( ForwardTlvs {
2255
- next_hop : NextMessageHop :: NodeId ( unblinded_pk_opt. unwrap ( ) ) ,
2256
- next_blinding_override : None ,
2257
- } ) ) ,
2266
+ Payload :: Forward {
2267
+ control_tlvs : ForwardControlTlvs :: Unblinded ( ForwardTlvs {
2268
+ next_hop : NextMessageHop :: NodeId ( unblinded_pk_opt. unwrap ( ) ) ,
2269
+ next_blinding_override : None ,
2270
+ } ) ,
2271
+ control_tlvs_authenticated : false ,
2272
+ } ,
2258
2273
ss,
2259
2274
) ) ;
2260
2275
}
@@ -2263,17 +2278,23 @@ fn packet_payloads_and_keys<
2263
2278
} else if let Some ( ( intro_node_id, blinding_pt) ) = intro_node_id_blinding_pt. take ( ) {
2264
2279
if let Some ( control_tlvs_ss) = prev_control_tlvs_ss. take ( ) {
2265
2280
payloads. push ( (
2266
- Payload :: Forward ( ForwardControlTlvs :: Unblinded ( ForwardTlvs {
2267
- next_hop : NextMessageHop :: NodeId ( intro_node_id) ,
2268
- next_blinding_override : Some ( blinding_pt) ,
2269
- } ) ) ,
2281
+ Payload :: Forward {
2282
+ control_tlvs : ForwardControlTlvs :: Unblinded ( ForwardTlvs {
2283
+ next_hop : NextMessageHop :: NodeId ( intro_node_id) ,
2284
+ next_blinding_override : Some ( blinding_pt) ,
2285
+ } ) ,
2286
+ control_tlvs_authenticated : false ,
2287
+ } ,
2270
2288
control_tlvs_ss,
2271
2289
) ) ;
2272
2290
}
2273
2291
}
2274
2292
if blinded_path_idx < num_blinded_hops. saturating_sub ( 1 ) && enc_payload_opt. is_some ( ) {
2275
2293
payloads. push ( (
2276
- Payload :: Forward ( ForwardControlTlvs :: Blinded ( enc_payload_opt. unwrap ( ) ) ) ,
2294
+ Payload :: Forward {
2295
+ control_tlvs : ForwardControlTlvs :: Blinded ( enc_payload_opt. unwrap ( ) ) ,
2296
+ control_tlvs_authenticated : false ,
2297
+ } ,
2277
2298
control_tlvs_ss,
2278
2299
) ) ;
2279
2300
blinded_path_idx += 1 ;
0 commit comments