Skip to content

Commit 151a8a1

Browse files
TheBlueMattTheBlueMatt
committed
Add a MessageContext::DNSResolution to protect against probing
When we make a DNSSEC query with a reply path, we don't want to allow the DNS resolver to attempt to respond to various nodes to try to detect (through timining or other analysis) whether we were the one who made the query. Thus, we need to include a nonce in the context in our reply path, which we set up here by creating a new context type for DNS resolutions.
1 parent a661c92 commit 151a8a1

File tree

1 file changed

+20
-0
lines changed

1 file changed

+20
-0
lines changed

lightning/src/blinded_path/message.rs

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -284,6 +284,9 @@ pub enum MessageContext {
284284
///
285285
/// [`AsyncPaymentsMessage`]: crate::onion_message::async_payments::AsyncPaymentsMessage
286286
AsyncPayments(AsyncPaymentsContext),
287+
/// Represents a context for a blinded path used in a reply path when requesting a DNSSEC proof
288+
/// in a `DNSResolverMessage`.
289+
DNSResolver(DNSResolverContext),
287290
/// Context specific to a [`CustomOnionMessageHandler::CustomMessage`].
288291
///
289292
/// [`CustomOnionMessageHandler::CustomMessage`]: crate::onion_message::messenger::CustomOnionMessageHandler::CustomMessage
@@ -402,6 +405,7 @@ impl_writeable_tlv_based_enum!(MessageContext,
402405
{0, Offers} => (),
403406
{1, Custom} => (),
404407
{2, AsyncPayments} => (),
408+
{3, DNSResolver} => (),
405409
);
406410

407411
impl_writeable_tlv_based_enum!(OffersContext,
@@ -428,6 +432,22 @@ impl_writeable_tlv_based_enum!(AsyncPaymentsContext,
428432
},
429433
);
430434

435+
/// Contains a simple nonce for use in a blinded path's context.
436+
///
437+
/// Such a context is required when receiving a `DNSSECProof` message.
438+
#[derive(Clone, Debug, Hash, PartialEq, Eq)]
439+
pub struct DNSResolverContext {
440+
/// A nonce which uniquely describes a DNS resolution.
441+
///
442+
/// When we receive a DNSSEC proof message, we should check that it was sent over the blinded
443+
/// path we included in the request by comparing a stored nonce with this one.
444+
pub nonce: [u8; 16],
445+
}
446+
447+
impl_writeable_tlv_based!(DNSResolverContext, {
448+
(0, nonce, required),
449+
});
450+
431451
/// Construct blinded onion message hops for the given `intermediate_nodes` and `recipient_node_id`.
432452
pub(super) fn blinded_hops<T: secp256k1::Signing + secp256k1::Verification>(
433453
secp_ctx: &Secp256k1<T>, intermediate_nodes: &[MessageForwardNode],

0 commit comments

Comments
 (0)