Skip to content

Commit 08d4d52

Browse files
TheBlueMattTheBlueMatt
committed
f take an entropysource to force rng use
1 parent 083a572 commit 08d4d52

File tree

1 file changed

+14
-12
lines changed

1 file changed

+14
-12
lines changed

lightning/src/onion_message/dns_resolution.rs

Lines changed: 14 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,8 @@ use crate::onion_message::messenger::{MessageSendInstructions, Responder, Respon
4545
use crate::onion_message::packet::OnionMessageContents;
4646
use crate::prelude::*;
4747
#[cfg(feature = "dnssec")]
48+
use crate::sign::EntropySource;
49+
#[cfg(feature = "dnssec")]
4850
use crate::sync::Mutex;
4951
use crate::util::ser::{Readable, ReadableArgs, Writeable, Writer};
5052

@@ -320,28 +322,28 @@ impl OMNameResolver {
320322

321323
/// Begins the process of resolving a BIP 353 Human Readable Name.
322324
///
323-
/// The given `random_context` must be a [`DNSResolverContext`] with a fresh, unused random
324-
/// nonce which is included in the blinded path which will be set as the reply path when
325-
/// sending the returned [`DNSSECQuery`].
326-
///
327-
/// Returns a [`DNSSECQuery`] onion message which should be sent to a resolver on success.
328-
pub fn resolve_name(
329-
&self, payment_id: PaymentId, name: HumanReadableName, random_context: DNSResolverContext,
330-
) -> Result<DNSSECQuery, ()> {
325+
/// Returns a [`DNSSECQuery`] onion message and a [`DNSResolverContext`] which should be sent
326+
/// to a resolver (with the context used to generate the blinded response path) on success.
327+
pub fn resolve_name<ES: EntropySource + ?Sized>(
328+
&self, payment_id: PaymentId, name: HumanReadableName, entropy_source: &ES,
329+
) -> Result<(DNSSECQuery, DNSResolverContext), ()> {
331330
let dns_name =
332331
Name::try_from(format!("{}.user._bitcoin-payment.{}.", name.user, name.domain));
333332
debug_assert!(
334333
dns_name.is_ok(),
335334
"The HumanReadableName constructor shouldn't allow names which are too long"
336335
);
337-
let name_query = dns_name.clone().map(|q| DNSSECQuery(q));
336+
let mut context = DNSResolverContext { nonce: [0; 16] };
337+
context.nonce.copy_from_slice(&entropy_source.get_secure_random_bytes()[..16]);
338338
if let Ok(dns_name) = dns_name {
339339
let height = self.latest_block_height.load(Ordering::Acquire);
340340
let mut pending_resolves = self.pending_resolves.lock().unwrap();
341-
let resolution = (height as u32, random_context, name, payment_id);
342-
pending_resolves.entry(dns_name).or_insert_with(Vec::new).push(resolution);
341+
let resolution = (height as u32, context.clone(), name, payment_id);
342+
pending_resolves.entry(dns_name.clone()).or_insert_with(Vec::new).push(resolution);
343+
Ok((DNSSECQuery(dns_name), context))
344+
} else {
345+
Err(())
343346
}
344-
name_query
345347
}
346348

347349
/// Handles a [`DNSSECProof`] message, attempting to verify it and match it against a pending

0 commit comments

Comments
 (0)