Add a MessageContext::DNSResolution to protect against probing

TheBlueMatt · TheBlueMatt · commit c310c726202d · 2024-08-30T23:51:26.000Z
When we make a DNSSEC query with a reply path, we don't want to
allow the DNS resolver to attempt to respond to various nodes to
try to detect (through timining or other analysis) whether we were
the one who made the query. Thus, we need to include a nonce in the
context in our reply path, which we set up here by creating a new
context type for DNS resolutions.
diff --git a/lightning/src/blinded_path/message.rs b/lightning/src/blinded_path/message.rs
@@ -280,6 +280,11 @@ pub enum MessageContext {
 	///
 	/// [`OffersMessage`]: crate::onion_message::offers::OffersMessage
 	Offers(OffersContext),
+	/// Represents a context for a blinded path used in a reply path when requesting a DNSSEC proof
+	/// in a [`DNSResolverMessage`].
+	///
+	/// [`DNSResolverMessage`]: crate::onion_message::dns_resolution::DNSResolverMessage
+	DNSResolver(DNSResolverContext),
 	/// Context specific to a [`CustomOnionMessageHandler::CustomMessage`].
 	///
 	/// [`CustomOnionMessageHandler::CustomMessage`]: crate::onion_message::messenger::CustomOnionMessageHandler::CustomMessage
@@ -353,6 +358,7 @@ pub enum OffersContext {
 impl_writeable_tlv_based_enum!(MessageContext,
 	{0, Offers} => (),
 	{1, Custom} => (),
+	{2, DNSResolver} => (),
 );
 
 impl_writeable_tlv_based_enum!(OffersContext,
@@ -369,6 +375,24 @@ impl_writeable_tlv_based_enum!(OffersContext,
 	},
 );
 
+/// Contains a simple nonce for use in a blinded path's context.
+///
+/// Such a context is required when receiving a [`DNSSECProof`] message.
+///
+/// [`DNSSECProof`]: crate::onion_message::dns_resolution::DNSSECProof
+#[derive(Clone, Debug, Hash, PartialEq, Eq)]
+pub struct DNSResolverContext {
+	/// A nonce which uniquely describes a DNS resolution.
+	///
+	/// When we receive a DNSSEC proof message, we should check that it was sent over the blinded
+	/// path we included in the request by comparing a stored nonce with this one.
+	pub nonce: [u8; 16],
+}
+
+impl_writeable_tlv_based!(DNSResolverContext, {
+	(0, nonce, required),
+});
+
 /// Construct blinded onion message hops for the given `intermediate_nodes` and `recipient_node_id`.
 pub(super) fn blinded_hops<T: secp256k1::Signing + secp256k1::Verification>(
 	secp_ctx: &Secp256k1<T>, intermediate_nodes: &[MessageForwardNode],
diff --git a/lightning/src/ln/peer_handler.rs b/lightning/src/ln/peer_handler.rs
@@ -18,7 +18,7 @@
 use bitcoin::constants::ChainHash;
 use bitcoin::secp256k1::{self, Secp256k1, SecretKey, PublicKey};
 
-use crate::blinded_path::message::OffersContext;
+use crate::blinded_path::message::{DNSResolverContext, OffersContext};
 use crate::sign::{NodeSigner, Recipient};
 use crate::events::{MessageSendEvent, MessageSendEventsProvider};
 use crate::ln::types::ChannelId;
@@ -161,7 +161,7 @@ impl DNSResolverMessageHandler for IgnoringMessageHandler {
 	) -> Option<(DNSResolverMessage, ResponseInstruction)> {
 		None
 	}
-	fn dnssec_proof(&self, _message: DNSSECProof) {}
+	fn dnssec_proof(&self, _message: DNSSECProof, _context: DNSResolverContext) {}
 }
 impl CustomOnionMessageHandler for IgnoringMessageHandler {
 	type CustomMessage = Infallible;
diff --git a/lightning/src/onion_message/dns_resolution.rs b/lightning/src/onion_message/dns_resolution.rs
@@ -17,6 +17,7 @@
 
 use dnssec_prover::rr::Name;
 
+use crate::blinded_path::message::DNSResolverContext;
 use crate::io;
 use crate::ln::msgs::DecodeError;
 use crate::onion_message::messenger::{MessageSendInstructions, Responder, ResponseInstruction};
@@ -39,7 +40,7 @@ pub trait DNSResolverMessageHandler {
 	/// Handle a [`DNSSECProof`] message (in response to a [`DNSSECQuery`] we presumably sent).
 	///
 	/// With this, we should be able to validate the DNS record we requested.
-	fn dnssec_proof(&self, message: DNSSECProof);
+	fn dnssec_proof(&self, message: DNSSECProof, context: DNSResolverContext);
 
 	/// Release any [`DNSResolverMessage`]s that need to be sent.
 	fn release_pending_messages(&self) -> Vec<(DNSResolverMessage, MessageSendInstructions)> {
diff --git a/lightning/src/onion_message/functional_tests.rs b/lightning/src/onion_message/functional_tests.rs
@@ -10,7 +10,7 @@
 //! Onion message testing and test utilities live here.
 
 use crate::blinded_path::EmptyNodeIdLookUp;
-use crate::blinded_path::message::{BlindedMessagePath, MessageForwardNode, MessageContext, OffersContext};
+use crate::blinded_path::message::{BlindedMessagePath, DNSResolverContext, MessageForwardNode, MessageContext, OffersContext};
 use crate::events::{Event, EventsProvider};
 use crate::ln::features::{ChannelFeatures, InitFeatures};
 use crate::ln::msgs::{self, DecodeError, OnionMessageHandler};
@@ -100,7 +100,7 @@ impl DNSResolverMessageHandler for TestDNSResolverMessageHandler {
 	) -> Option<(DNSResolverMessage, ResponseInstruction)> {
 		None
 	}
-	fn dnssec_proof(&self, _message: DNSSECProof) {}
+	fn dnssec_proof(&self, _message: DNSSECProof, _context: DNSResolverContext) {}
 }
 
 #[derive(Clone, Debug, PartialEq)]
diff --git a/lightning/src/onion_message/messenger.rs b/lightning/src/onion_message/messenger.rs
@@ -994,6 +994,9 @@ where
 				(ParsedOnionMessageContents::Custom(_), Some(MessageContext::Custom(_))) => {
 					Ok(PeeledOnion::Receive(message, context, reply_path))
 				}
+				(ParsedOnionMessageContents::DNSResolver(_), Some(MessageContext::DNSResolver(_))) => {
+					Ok(PeeledOnion::Receive(message, context, reply_path))
+				}
 				_ => {
 					log_trace!(logger, "Received message was sent on a blinded path with the wrong context.");
 					Err(())
@@ -1604,7 +1607,7 @@ where
 						let context = match context {
 							None => None,
 							Some(MessageContext::Offers(context)) => Some(context),
-							Some(MessageContext::Custom(_)) => {
+							Some(_) => {
 								debug_assert!(false, "Shouldn't have triggered this case.");
 								return
 							}
@@ -1634,13 +1637,17 @@ where
 						}
 					},
 					ParsedOnionMessageContents::DNSResolver(DNSResolverMessage::DNSSECProof(msg)) => {
-						self.dns_resolver_handler.dnssec_proof(msg);
+						let context = match context {
+							Some(MessageContext::DNSResolver(context)) => context,
+							_ => return,
+						};
+						self.dns_resolver_handler.dnssec_proof(msg, context);
 					},
 					ParsedOnionMessageContents::Custom(msg) => {
 						let context = match context {
 							None => None,
 							Some(MessageContext::Custom(data)) => Some(data),
-							Some(MessageContext::Offers(_)) => {
+							Some(_) => {
 								debug_assert!(false, "Shouldn't have triggered this case.");
 								return
 							}
