Fix encryption of broadcasted gossip messages

TheBlueMatt · TheBlueMatt · commit 8ec92f5b6bb2 · 2022-09-12T18:06:52.000Z
In 47e818f, forwarding broadcasted gossip messages was split into a separate per-peer message buffer. However, both it and the original regular-message queue are encrypted immediately when the messages are enqueued. Because the lightning P2P encryption algorithm is order-dependent, this causes messages to fail their MAC checks as the messages from the two queues may not be sent to peers in the order in which they were encrypted. The fix is to simply queue broadcast gossip messages unencrypted, encrypting them when we add them to the regular outbound buffer.
diff --git a/lightning/src/ln/peer_handler.rs b/lightning/src/ln/peer_handler.rs
@@ -367,8 +367,10 @@ struct Peer {
 
 	pending_outbound_buffer: LinkedList<Vec<u8>>,
 	pending_outbound_buffer_first_msg_offset: usize,
-	// Queue gossip broadcasts separately from `pending_outbound_buffer` so we can easily prioritize
-	// channel messages over them.
+	/// Queue gossip broadcasts separately from `pending_outbound_buffer` so we can easily
+	/// prioritize channel messages over them.
+	///
+	/// Note that these messages are *not* encrypted/MAC'd, and are only serialized.
 	gossip_broadcast_buffer: LinkedList<Vec<u8>>,
 	awaiting_write_event: bool,
 
@@ -822,7 +824,7 @@ impl<Descriptor: SocketDescriptor, CM: Deref, RM: Deref, OM: Deref, L: Deref, CM
 			}
 			if peer.should_buffer_gossip_broadcast() {
 				if let Some(msg) = peer.gossip_broadcast_buffer.pop_front() {
-					peer.pending_outbound_buffer.push_back(msg);
+					peer.pending_outbound_buffer.push_back(peer.channel_encryptor.encrypt_message(&msg[..]));
 				}
 			}
 			if peer.should_buffer_gossip_backfill() {
@@ -954,9 +956,9 @@ impl<Descriptor: SocketDescriptor, CM: Deref, RM: Deref, OM: Deref, L: Deref, CM
 	}
 
 	/// Append a message to a peer's pending outbound/write gossip broadcast buffer
-	fn enqueue_encoded_gossip_broadcast(&self, peer: &mut Peer, encoded_message: &Vec<u8>) {
+	fn enqueue_encoded_gossip_broadcast(&self, peer: &mut Peer, encoded_message: Vec<u8>) {
 		peer.msgs_sent_since_pong += 1;
-		peer.gossip_broadcast_buffer.push_back(peer.channel_encryptor.encrypt_message(&encoded_message[..]));
+		peer.gossip_broadcast_buffer.push_back(encoded_message);
 	}
 
 	fn do_read_event(&self, peer_descriptor: &mut Descriptor, data: &[u8]) -> Result<bool, PeerHandleError> {
@@ -1435,7 +1437,7 @@ impl<Descriptor: SocketDescriptor, CM: Deref, RM: Deref, OM: Deref, L: Deref, CM
 					if except_node.is_some() && peer.their_node_id.as_ref() == except_node {
 						continue;
 					}
-					self.enqueue_encoded_gossip_broadcast(&mut *peer, &encoded_msg);
+					self.enqueue_encoded_gossip_broadcast(&mut *peer, encoded_msg.clone());
 				}
 			},
 			wire::Message::NodeAnnouncement(ref msg) => {
@@ -1458,7 +1460,7 @@ impl<Descriptor: SocketDescriptor, CM: Deref, RM: Deref, OM: Deref, L: Deref, CM
 					if except_node.is_some() && peer.their_node_id.as_ref() == except_node {
 						continue;
 					}
-					self.enqueue_encoded_gossip_broadcast(&mut *peer, &encoded_msg);
+					self.enqueue_encoded_gossip_broadcast(&mut *peer, encoded_msg.clone());
 				}
 			},
 			wire::Message::ChannelUpdate(ref msg) => {
@@ -1478,7 +1480,7 @@ impl<Descriptor: SocketDescriptor, CM: Deref, RM: Deref, OM: Deref, L: Deref, CM
 					if except_node.is_some() && peer.their_node_id.as_ref() == except_node {
 						continue;
 					}
-					self.enqueue_encoded_gossip_broadcast(&mut *peer, &encoded_msg);
+					self.enqueue_encoded_gossip_broadcast(&mut *peer, encoded_msg.clone());
 				}
 			},
 			_ => debug_assert!(false, "We shouldn't attempt to forward anything but gossip messages"),

Original file line number	Diff line number	Diff line change
`@@ -367,8 +367,10 @@ struct Peer {`
`367`	`367`
`368`	`368`	`pending_outbound_buffer: LinkedList<Vec<u8>>,`
`369`	`369`	`pending_outbound_buffer_first_msg_offset: usize,`
`370`		- // Queue gossip broadcasts separately from `pending_outbound_buffer` so we can easily prioritize
`371`		`- // channel messages over them.`
	`370`	+ /// Queue gossip broadcasts separately from `pending_outbound_buffer` so we can easily
	`371`	`+ /// prioritize channel messages over them.`
	`372`	`+ ///`
	`373`	`+ /// Note that these messages are not encrypted/MAC'd, and are only serialized.`
`372`	`374`	`gossip_broadcast_buffer: LinkedList<Vec<u8>>,`
`373`	`375`	`awaiting_write_event: bool,`
`374`	`376`
`@@ -822,7 +824,7 @@ impl<Descriptor: SocketDescriptor, CM: Deref, RM: Deref, OM: Deref, L: Deref, CM`
`822`	`824`	`}`
`823`	`825`	`if peer.should_buffer_gossip_broadcast() {`
`824`	`826`	`if let Some(msg) = peer.gossip_broadcast_buffer.pop_front() {`
`825`		`- peer.pending_outbound_buffer.push_back(msg);`
	`827`	`+ peer.pending_outbound_buffer.push_back(peer.channel_encryptor.encrypt_message(&msg[..]));`
`826`	`828`	`}`
`827`	`829`	`}`
`828`	`830`	`if peer.should_buffer_gossip_backfill() {`
`@@ -954,9 +956,9 @@ impl<Descriptor: SocketDescriptor, CM: Deref, RM: Deref, OM: Deref, L: Deref, CM`
`954`	`956`	`}`
`955`	`957`
`956`	`958`	`/// Append a message to a peer's pending outbound/write gossip broadcast buffer`
`957`		`- fn enqueue_encoded_gossip_broadcast(&self, peer: &mut Peer, encoded_message: &Vec<u8>) {`
	`959`	`+ fn enqueue_encoded_gossip_broadcast(&self, peer: &mut Peer, encoded_message: Vec<u8>) {`
`958`	`960`	`peer.msgs_sent_since_pong += 1;`
`959`		`- peer.gossip_broadcast_buffer.push_back(peer.channel_encryptor.encrypt_message(&encoded_message[..]));`
	`961`	`+ peer.gossip_broadcast_buffer.push_back(encoded_message);`
`960`	`962`	`}`
`961`	`963`
`962`	`964`	`fn do_read_event(&self, peer_descriptor: &mut Descriptor, data: &[u8]) -> Result<bool, PeerHandleError> {`
`@@ -1435,7 +1437,7 @@ impl<Descriptor: SocketDescriptor, CM: Deref, RM: Deref, OM: Deref, L: Deref, CM`
`1435`	`1437`	`if except_node.is_some() && peer.their_node_id.as_ref() == except_node {`
`1436`	`1438`	`continue;`
`1437`	`1439`	`}`
`1438`		`- self.enqueue_encoded_gossip_broadcast(&mut *peer, &encoded_msg);`
	`1440`	`+ self.enqueue_encoded_gossip_broadcast(&mut *peer, encoded_msg.clone());`
`1439`	`1441`	`}`
`1440`	`1442`	`},`
`1441`	`1443`	`wire::Message::NodeAnnouncement(ref msg) => {`
`@@ -1458,7 +1460,7 @@ impl<Descriptor: SocketDescriptor, CM: Deref, RM: Deref, OM: Deref, L: Deref, CM`
`1458`	`1460`	`if except_node.is_some() && peer.their_node_id.as_ref() == except_node {`
`1459`	`1461`	`continue;`
`1460`	`1462`	`}`
`1461`		`- self.enqueue_encoded_gossip_broadcast(&mut *peer, &encoded_msg);`
	`1463`	`+ self.enqueue_encoded_gossip_broadcast(&mut *peer, encoded_msg.clone());`
`1462`	`1464`	`}`
`1463`	`1465`	`},`
`1464`	`1466`	`wire::Message::ChannelUpdate(ref msg) => {`
`@@ -1478,7 +1480,7 @@ impl<Descriptor: SocketDescriptor, CM: Deref, RM: Deref, OM: Deref, L: Deref, CM`
`1478`	`1480`	`if except_node.is_some() && peer.their_node_id.as_ref() == except_node {`
`1479`	`1481`	`continue;`
`1480`	`1482`	`}`
`1481`		`- self.enqueue_encoded_gossip_broadcast(&mut *peer, &encoded_msg);`
	`1483`	`+ self.enqueue_encoded_gossip_broadcast(&mut *peer, encoded_msg.clone());`
`1482`	`1484`	`}`
`1483`	`1485`	`},`
`1484`	`1486`	`_ => debug_assert!(false, "We shouldn't attempt to forward anything but gossip messages"),`