f check for invalid provided blinded payment TLVs

Author: valentinewallace

lightning/src/blinded_path/mod.rs

@@ -80,13 +80,25 @@ impl BlindedPath {
 	/// Create a blinded path for a payment, to be forwarded along `path`. The last node
 	/// in `path` will be the destination node.
 	///
-	/// Errors if `path` is empty, a node id in `path` is invalid, or [`BlindedPayInfo`] calculation
-	/// results in an integer overflow.
+	/// Errors if:
+	/// * `path` is empty
+	/// * a node id in `path` is invalid
+	/// * [`BlindedPayInfo`] calculation results in an integer overflow
+	/// * the list of [`BlindedPaymentTlvs`] does not consist of 0 or more
+	///   `BlindedPaymentTlvs::Forward` followed by 1 `BlindedPaymentTlvs::Receive`
 	//  TODO: make all payloads the same size with padding + add dummy hops
 	pub fn new_for_payment<ES: EntropySource, T: secp256k1::Signing + secp256k1::Verification>(
 		path: &[(PublicKey, BlindedPaymentTlvs)], entropy_source: &ES, secp_ctx: &Secp256k1<T>
 	) -> Result<(BlindedPayInfo, Self), ()> {
 		if path.len() < 1 { return Err(()) }
+		let mut found_recv_payload = false;
+		for (_, payload) in path.iter() {
+			if let BlindedPaymentTlvs::Receive { .. } = payload {
+				if found_recv_payload { return Err(()) }
+				found_recv_payload = true;
+			} else if found_recv_payload { return Err(()) }
+		}
+
 		let blinding_secret_bytes = entropy_source.get_secure_random_bytes();
 		let blinding_secret = SecretKey::from_slice(&blinding_secret_bytes[..]).expect("RNG is busted");
 

lightning/src/blinded_path/payment.rs

@@ -203,10 +203,13 @@ impl_writeable_msg!(PaymentConstraints, {
 
 #[cfg(test)]
 mod tests {
-	use bitcoin::secp256k1::PublicKey;
+	use bitcoin::network::constants::Network;
+	use bitcoin::secp256k1::{PublicKey, Secp256k1};
+	use crate::blinded_path::BlindedPath;
 	use crate::blinded_path::payment::{BlindedPaymentTlvs, PaymentConstraints, PaymentRelay};
 	use crate::ln::PaymentSecret;
 	use crate::ln::features::BlindedHopFeatures;
+	use crate::util::test_utils;
 
 	#[test]
 	fn compute_payinfo() {
@@ -266,4 +269,47 @@ mod tests {
 		assert_eq!(blinded_payinfo.cltv_expiry_delta, 0);
 		assert_eq!(blinded_payinfo.htlc_minimum_msat, 1);
 	}
+
+	#[test]
+	fn invalid_payloads() {
+		let dummy_pk = PublicKey::from_slice(&[2; 33]).unwrap();
+		let secp_ctx = Secp256k1::new();
+		let keys_manager = test_utils::TestKeysInterface::new(&[42 as u8; 32], Network::Testnet);
+
+		let out_of_order_payloads_path  = vec![(dummy_pk, BlindedPaymentTlvs::Receive {
+			payment_secret: PaymentSecret([0; 32]),
+			payment_constraints: PaymentConstraints {
+				max_cltv_expiry: 0,
+				htlc_minimum_msat: 1,
+			},
+		}), (dummy_pk, BlindedPaymentTlvs::Forward {
+			short_channel_id: 0,
+			payment_relay: PaymentRelay {
+				cltv_expiry_delta: 144,
+				fee_proportional_millionths: 500,
+				fee_base_msat: 100,
+			},
+			payment_constraints: PaymentConstraints {
+				max_cltv_expiry: 0,
+				htlc_minimum_msat: 100,
+			},
+			features: BlindedHopFeatures::empty(),
+		})];
+		assert!(BlindedPath::new_for_payment(&out_of_order_payloads_path[..], &keys_manager, &secp_ctx).is_err());
+
+		let multiple_recv_payloads_path = vec![(dummy_pk, BlindedPaymentTlvs::Receive {
+			payment_secret: PaymentSecret([0; 32]),
+			payment_constraints: PaymentConstraints {
+				max_cltv_expiry: 0,
+				htlc_minimum_msat: 1,
+			},
+		}), (dummy_pk, BlindedPaymentTlvs::Receive {
+			payment_secret: PaymentSecret([0; 32]),
+			payment_constraints: PaymentConstraints {
+				max_cltv_expiry: 0,
+				htlc_minimum_msat: 1,
+			},
+		})];
+		assert!(BlindedPath::new_for_payment(&multiple_recv_payloads_path[..], &keys_manager, &secp_ctx).is_err());
+	}
 }