f take an entropysource to force rng use

lightningdevkit · Sep 12, 2024 · eaa1e2e · eaa1e2e
1 parent 7018be4
commit eaa1e2e
Showing 1 changed file with 14 additions and 12 deletions.
diff --git a/lightning/src/onion_message/dns_resolution.rs b/lightning/src/onion_message/dns_resolution.rs
@@ -45,6 +45,8 @@ use crate::onion_message::messenger::{MessageSendInstructions, Responder, Respon
 use crate::onion_message::packet::OnionMessageContents;
 use crate::prelude::*;
 #[cfg(feature = "dnssec")]
+use crate::sign::EntropySource;
+#[cfg(feature = "dnssec")]
 use crate::sync::Mutex;
 use crate::util::ser::{Hostname, Readable, ReadableArgs, Writeable, Writer};
 
@@ -306,29 +308,29 @@ impl OMNameResolver {
 
 	/// Begins the process of resolving a BIP 353 Human Readable Name.
 	///
-	/// The given `random_context` must be a [`DNSResolverContext`] with a fresh, unused random
-	/// nonce which is included in the blinded path which will be set as the reply path when
-	/// sending the returned [`DNSSECQuery`].
-	///
-	/// Returns a [`DNSSECQuery`] onion message which should be sent to a resolver on success.
-	pub fn resolve_name(
-		&self, payment_id: PaymentId, name: HumanReadableName, random_context: DNSResolverContext,
-	) -> Result<DNSSECQuery, ()> {
+	/// Returns a [`DNSSECQuery`] onion message and a [`DNSResolverContext`] which should be sent
+	/// to a resolver (with the context used to generate the blinded response path) on success.
+	pub fn resolve_name<ES: EntropySource + ?Sized>(
+		&self, payment_id: PaymentId, name: HumanReadableName, entropy_source: &ES,
+	) -> Result<(DNSSECQuery, DNSResolverContext), ()> {
 		let dns_name =
 			Name::try_from(format!("{}.user._bitcoin-payment.{}.", name.user, name.domain));
 		debug_assert!(
 			dns_name.is_ok(),
 			"The HumanReadableName constructor shouldn't allow names which are too long"
 		);
-		let name_query = dns_name.clone().map(|q| DNSSECQuery(q));
+		let mut context = DNSResolverContext { nonce: [0; 16] };
+		context.nonce.copy_from_slice(&entropy_source.get_secure_random_bytes()[..16]);
 		if let Ok(dns_name) = dns_name {
 			let start_height = self.latest_block_height.load(Ordering::Acquire) as u32;
 			let mut pending_resolves = self.pending_resolves.lock().unwrap();
-			let context = random_context;
+			let context_ret = context.clone();
 			let resolution = PendingResolution { start_height, context, name, payment_id };
-			pending_resolves.entry(dns_name).or_insert_with(Vec::new).push(resolution);
+			pending_resolves.entry(dns_name.clone()).or_insert_with(Vec::new).push(resolution);
+			Ok((DNSSECQuery(dns_name), context_ret))
+		} else {
+			Err(())
 		}
-		name_query
 	}
 
 	/// Handles a [`DNSSECProof`] message, attempting to verify it and match it against a pending