Use a non-pubkey-associated node counter for blinded recipients

When routing, we have to assign a node counter for the recipient.
When searching for a path to a blinded recipient, we do this by
assigning a node counter to a NUMS pubkey. This should be fine as
there is no known private key corresponding to this NUMS point,
and thus no first-hop or network graph nodes can appear for the
same pubkey.

However, this can fail in fuzzing as the fuzzer can forge valid
signatures for the NUMS pubkey. Thus, here, we adapt the node
counter allocation to issue a node counter without a corresponding
public key when paying to a blinded path.

Author: TheBlueMatt

lightning/src/routing/router.rs

@@ -1771,6 +1771,7 @@ struct NodeCounters<'a> {
 	network_graph: &'a ReadOnlyNetworkGraph<'a>,
 	private_node_id_to_node_counter: HashMap<NodeId, u32>,
 	private_hop_key_cache: HashMap<PublicKey, (NodeId, u32)>,
+	have_blinded_payee_counter: bool,
 }
 
 struct NodeCountersBuilder<'a>(NodeCounters<'a>);
@@ -1781,9 +1782,17 @@ impl<'a> NodeCountersBuilder<'a> {
 			network_graph,
 			private_node_id_to_node_counter: new_hash_map(),
 			private_hop_key_cache: new_hash_map(),
+			have_blinded_payee_counter: false,
 		})
 	}
 
+	fn select_node_counter_for_blinded_payee_and_build(mut self) -> (u32, NodeCounters<'a>) {
+		let next_node_counter = self.0.network_graph.max_node_counter() + 1 +
+			self.0.private_node_id_to_node_counter.len() as u32;
+		self.0.have_blinded_payee_counter = true;
+		(next_node_counter, self.0)
+	}
+
 	fn select_node_counter_for_pubkey(&mut self, pubkey: PublicKey) -> u32 {
 		let id = NodeId::from_pubkey(&pubkey);
 		let counter = self.select_node_counter_for_id(id);
@@ -1809,7 +1818,8 @@ impl<'a> NodeCountersBuilder<'a> {
 impl<'a> NodeCounters<'a> {
 	fn max_counter(&self) -> u32 {
 		self.network_graph.max_node_counter() +
-			self.private_node_id_to_node_counter.len() as u32
+			self.private_node_id_to_node_counter.len() as u32 +
+			if self.have_blinded_payee_counter { 1 } else { 0 }
 	}
 
 	fn private_node_counter_from_pubkey(&self, pubkey: &PublicKey) -> Option<&(NodeId, u32)> {
@@ -2416,7 +2426,6 @@ where L::Target: Logger {
 	let mut node_counter_builder = NodeCountersBuilder::new(&network_graph);
 
 	let payer_node_counter = node_counter_builder.select_node_counter_for_pubkey(*our_node_pubkey);
-	let payee_node_counter = node_counter_builder.select_node_counter_for_pubkey(maybe_dummy_payee_pk);
 
 	for route in payment_params.payee.unblinded_route_hints().iter() {
 		for hop in route.0.iter() {
@@ -2455,7 +2464,11 @@ where L::Target: Logger {
 		}
 	}
 
-	let node_counters = node_counter_builder.build();
+	let (payee_node_counter, node_counters) = if let Some(pubkey) = payment_params.payee.node_id() {
+		(node_counter_builder.select_node_counter_for_pubkey(pubkey), node_counter_builder.build())
+	} else {
+		node_counter_builder.select_node_counter_for_blinded_payee_and_build()
+	};
 
 	let introduction_node_id_cache = calculate_blinded_path_intro_points(
 		&payment_params, &node_counters, network_graph, &logger, our_node_id, &first_hop_targets,