Use one-hop blinded paths only for announced nodes

jkczyz · jkczyz · commit cc798a8c3a68 · 2023-12-15T09:05:49.000-06:00
To avoid exposing a node's identity in a blinded path, only create
one-hop blinded paths if the node has been announced, and thus has
public channels. Otherwise, there is no way to route a payment to the
node, exposing its identity needlessly.
diff --git a/lightning/src/onion_message/messenger.rs b/lightning/src/onion_message/messenger.rs
@@ -350,25 +350,29 @@ where
 		const MIN_PEER_CHANNELS: usize = 3;
 
 		let network_graph = self.network_graph.deref().read_only();
-		let paths = peers.into_iter()
+		let paths = peers.iter()
 			// Limit to peers with announced channels
 			.filter(|pubkey|
 				network_graph
-					.node(&NodeId::from_pubkey(&pubkey))
+					.node(&NodeId::from_pubkey(pubkey))
 					.map(|info| &info.channels[..])
 					.map(|channels| channels.len() >= MIN_PEER_CHANNELS)
 					.unwrap_or(false)
 			)
-			.map(|pubkey| vec![pubkey, recipient])
+			.map(|pubkey| vec![*pubkey, recipient])
 			.map(|node_pks| BlindedPath::new_for_message(&node_pks, entropy_source, secp_ctx))
 			.take(MAX_PATHS)
 			.collect::<Result<Vec<_>, _>>();
 
 		match paths {
 			Ok(paths) if !paths.is_empty() => Ok(paths),
 			_ => {
-				BlindedPath::one_hop_for_message(recipient, entropy_source, secp_ctx)
-					.map(|path| vec![path])
+				if network_graph.nodes().contains_key(&NodeId::from_pubkey(&recipient)) {
+					BlindedPath::one_hop_for_message(recipient, entropy_source, secp_ctx)
+						.map(|path| vec![path])
+				} else {
+					Err(())
+				}
 			},
 		}
 	}
diff --git a/lightning/src/routing/router.rs b/lightning/src/routing/router.rs
@@ -153,8 +153,12 @@ impl<G: Deref<Target = NetworkGraph<L>> + Clone, L: Deref, S: Deref, SP: Sized,
 		match paths {
 			Ok(paths) if !paths.is_empty() => Ok(paths),
 			_ => {
-				BlindedPath::one_hop_for_payment(recipient, tlvs, entropy_source, secp_ctx)
-					.map(|path| vec![path])
+				if network_graph.nodes().contains_key(&NodeId::from_pubkey(&recipient)) {
+					BlindedPath::one_hop_for_payment(recipient, tlvs, entropy_source, secp_ctx)
+						.map(|path| vec![path])
+				} else {
+					Err(())
+				}
 			},
 		}
 	}
