lnwire: enforce non-zero timestamp in gossip messages

In this commit, we add extra validation for chan updates and node ann to
ensure that we fail to parse instances that have have a zero timestamp.

From bolt 7:
```
For channel_update:
  "MUST set timestamp to greater than 0, AND to greater than any
  previously-sent channel_update for this short_channel_id."
```

Author: Roasbeef

lnwire/channel_update.go

@@ -154,6 +154,12 @@ func (a *ChannelUpdate1) Decode(r io.Reader, _ uint32) error {
 		return err
 	}
 
+	// Per BOLT 7, the timestamp MUST be greater than 0. A zero timestamp
+	// is invalid and indicates a malformed message.
+	if a.Timestamp == 0 {
+		return fmt.Errorf("timestamp cannot be zero")
+	}
+
 	// Now check whether the max HTLC field is present and read it if so.
 	if a.MessageFlags.HasMaxHtlc() {
 		if err := ReadElements(r, &a.HtlcMaximumMsat); err != nil {

lnwire/channel_update_test.go

@@ -0,0 +1,67 @@
+package lnwire
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+// TestChannelUpdate1Timestamp tests that ChannelUpdate1 correctly validates
+// timestamps during decoding. Per BOLT 7, the timestamp MUST be greater than 0.
+func TestChannelUpdate1Timestamp(t *testing.T) {
+	t.Parallel()
+
+	testCases := []struct {
+		name      string
+		timestamp uint32
+		valid     bool
+	}{
+		{
+			name:      "zero timestamp rejected",
+			timestamp: 0,
+			valid:     false,
+		},
+		{
+			name:      "timestamp 1 accepted",
+			timestamp: 1,
+			valid:     true,
+		},
+		{
+			name:      "large timestamp accepted",
+			timestamp: 1700000000,
+			valid:     true,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			cu := &ChannelUpdate1{
+				Timestamp:    tc.timestamp,
+				MessageFlags: ChanUpdateRequiredMaxHtlc,
+			}
+
+			var buf bytes.Buffer
+			err := cu.Encode(&buf, 0)
+			require.NoError(t, err, "failed to encode")
+
+			decoded := &ChannelUpdate1{}
+			err = decoded.Decode(&buf, 0)
+
+			if tc.valid {
+				require.NoError(t, err)
+				require.Equal(
+					t, tc.timestamp, decoded.Timestamp,
+				)
+			} else {
+				require.Error(t, err)
+				require.Contains(
+					t, err.Error(), "timestamp cannot "+
+						"be zero",
+				)
+			}
+		})
+	}
+}

lnwire/node_announcement.go

@@ -131,6 +131,10 @@ func (a *NodeAnnouncement1) Decode(r io.Reader, _ uint32) error {
 		return err
 	}
 
+	if a.Timestamp == 0 {
+		return fmt.Errorf("timestamp cannot be zero")
+	}
+
 	return a.ExtraOpaqueData.ValidateTLV()
 }
 

lnwire/node_announcement_test.go

@@ -1,6 +1,11 @@
 package lnwire
 
-import "testing"
+import (
+	"bytes"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
 
 // TestNodeAliasValidation tests that the NewNodeAlias method will only accept
 // valid node announcements.
@@ -40,3 +45,63 @@ func TestNodeAliasValidation(t *testing.T) {
 		}
 	}
 }
+
+// TestNodeAnnouncement1Timestamp tests that NodeAnnouncement1 correctly
+// validates timestamps during decoding. Per BOLT 7, the timestamp MUST be
+// greater than any previous node_announcement.
+func TestNodeAnnouncement1Timestamp(t *testing.T) {
+	t.Parallel()
+
+	testCases := []struct {
+		name      string
+		timestamp uint32
+		valid     bool
+	}{
+		{
+			name:      "zero timestamp rejected",
+			timestamp: 0,
+			valid:     false,
+		},
+		{
+			name:      "timestamp 1 accepted",
+			timestamp: 1,
+			valid:     true,
+		},
+		{
+			name:      "large timestamp accepted",
+			timestamp: 1700000000,
+			valid:     true,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			na := &NodeAnnouncement1{
+				Timestamp: tc.timestamp,
+				Features:  NewRawFeatureVector(),
+			}
+
+			var buf bytes.Buffer
+			err := na.Encode(&buf, 0)
+			require.NoError(t, err, "failed to encode")
+
+			decoded := &NodeAnnouncement1{}
+			err = decoded.Decode(&buf, 0)
+
+			if tc.valid {
+				require.NoError(t, err)
+				require.Equal(
+					t, tc.timestamp, decoded.Timestamp,
+				)
+			} else {
+				require.Error(t, err)
+				require.Contains(
+					t, err.Error(), "timestamp cannot "+
+						"be zero",
+				)
+			}
+		})
+	}
+}

lnwire/test_message.go

@@ -477,7 +477,7 @@ func (a *ChannelUpdate1) RandTestMessage(t *rapid.T) Message {
 		Signature:      RandSignature(t),
 		ChainHash:      hash,
 		ShortChannelID: RandShortChannelID(t),
-		Timestamp: uint32(rapid.IntRange(0, 0x7FFFFFFF).Draw(
+		Timestamp: uint32(rapid.IntRange(1, 0x7FFFFFFF).Draw(
 			t, "timestamp"),
 		),
 		MessageFlags: msgFlags,
@@ -1279,7 +1279,7 @@ func (a *NodeAnnouncement1) RandTestMessage(t *rapid.T) Message {
 	return &NodeAnnouncement1{
 		Signature: RandSignature(t),
 		Features:  RandFeatureVector(t),
-		Timestamp: uint32(rapid.IntRange(0, 0x7FFFFFFF).Draw(
+		Timestamp: uint32(rapid.IntRange(1, 0x7FFFFFFF).Draw(
 			t, "timestamp"),
 		),
 		NodeID:          nodeID,