f - extract offer id from invreq bytes

Author: jkczyz

lightning/src/offers/invoice.rs

@@ -546,7 +546,7 @@ impl UnsignedBolt12Invoice {
 		let mut bytes = Vec::new();
 		unsigned_tlv_stream.write(&mut bytes).unwrap();
 
-		let tagged_hash = TaggedHash::new(SIGNATURE_TAG, &bytes);
+		let tagged_hash = TaggedHash::from_bytes(SIGNATURE_TAG, &bytes);
 
 		Self { bytes, contents, tagged_hash }
 	}
@@ -1225,7 +1225,7 @@ impl TryFrom<Vec<u8>> for UnsignedBolt12Invoice {
 			(payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream, invoice_tlv_stream)
 		)?;
 
-		let tagged_hash = TaggedHash::new(SIGNATURE_TAG, &bytes);
+		let tagged_hash = TaggedHash::from_bytes(SIGNATURE_TAG, &bytes);
 
 		Ok(UnsignedBolt12Invoice { bytes, contents, tagged_hash })
 	}
@@ -1370,7 +1370,7 @@ impl TryFrom<ParsedMessage<FullInvoiceTlvStream>> for Bolt12Invoice {
 			None => return Err(Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::MissingSignature)),
 			Some(signature) => signature,
 		};
-		let tagged_hash = TaggedHash::new(SIGNATURE_TAG, &bytes);
+		let tagged_hash = TaggedHash::from_bytes(SIGNATURE_TAG, &bytes);
 		let pubkey = contents.fields().signing_pubkey;
 		merkle::verify_signature(&signature, &tagged_hash, pubkey)?;
 
@@ -1599,7 +1599,7 @@ mod tests {
 		assert_eq!(invoice.invoice_features(), &Bolt12InvoiceFeatures::empty());
 		assert_eq!(invoice.signing_pubkey(), recipient_pubkey());
 
-		let message = TaggedHash::new(SIGNATURE_TAG, &invoice.bytes);
+		let message = TaggedHash::from_bytes(SIGNATURE_TAG, &invoice.bytes);
 		assert!(merkle::verify_signature(&invoice.signature, &message, recipient_pubkey()).is_ok());
 
 		let digest = Message::from_slice(&invoice.signable_hash()).unwrap();
@@ -1696,7 +1696,7 @@ mod tests {
 		assert_eq!(invoice.invoice_features(), &Bolt12InvoiceFeatures::empty());
 		assert_eq!(invoice.signing_pubkey(), recipient_pubkey());
 
-		let message = TaggedHash::new(SIGNATURE_TAG, &invoice.bytes);
+		let message = TaggedHash::from_bytes(SIGNATURE_TAG, &invoice.bytes);
 		assert!(merkle::verify_signature(&invoice.signature, &message, recipient_pubkey()).is_ok());
 
 		assert_eq!(

lightning/src/offers/invoice_request.rs

@@ -529,7 +529,7 @@ impl UnsignedInvoiceRequest {
 		let mut bytes = Vec::new();
 		unsigned_tlv_stream.write(&mut bytes).unwrap();
 
-		let tagged_hash = TaggedHash::new(SIGNATURE_TAG, &bytes);
+		let tagged_hash = TaggedHash::from_bytes(SIGNATURE_TAG, &bytes);
 
 		Self { bytes, contents, tagged_hash }
 	}
@@ -1026,7 +1026,7 @@ impl TryFrom<Vec<u8>> for UnsignedInvoiceRequest {
 			(payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream)
 		)?;
 
-		let tagged_hash = TaggedHash::new(SIGNATURE_TAG, &bytes);
+		let tagged_hash = TaggedHash::from_bytes(SIGNATURE_TAG, &bytes);
 
 		Ok(UnsignedInvoiceRequest { bytes, contents, tagged_hash })
 	}
@@ -1050,7 +1050,7 @@ impl TryFrom<Vec<u8>> for InvoiceRequest {
 			None => return Err(Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::MissingSignature)),
 			Some(signature) => signature,
 		};
-		let message = TaggedHash::new(SIGNATURE_TAG, &bytes);
+		let message = TaggedHash::from_bytes(SIGNATURE_TAG, &bytes);
 		merkle::verify_signature(&signature, &message, contents.payer_id)?;
 
 		Ok(InvoiceRequest { bytes, contents, signature })
@@ -1197,7 +1197,7 @@ mod tests {
 		assert_eq!(invoice_request.payer_id(), payer_pubkey());
 		assert_eq!(invoice_request.payer_note(), None);
 
-		let message = TaggedHash::new(SIGNATURE_TAG, &invoice_request.bytes);
+		let message = TaggedHash::from_bytes(SIGNATURE_TAG, &invoice_request.bytes);
 		assert!(merkle::verify_signature(&invoice_request.signature, &message, payer_pubkey()).is_ok());
 
 		assert_eq!(
@@ -1302,7 +1302,7 @@ mod tests {
 		let mut bytes = Vec::new();
 		tlv_stream.write(&mut bytes).unwrap();
 
-		let message = TaggedHash::new(INVOICE_SIGNATURE_TAG, &bytes);
+		let message = TaggedHash::from_bytes(INVOICE_SIGNATURE_TAG, &bytes);
 		let signature = merkle::sign_message(recipient_sign, &message, recipient_pubkey()).unwrap();
 		signature_tlv_stream.signature = Some(&signature);
 
@@ -1325,7 +1325,7 @@ mod tests {
 		let mut bytes = Vec::new();
 		tlv_stream.write(&mut bytes).unwrap();
 
-		let message = TaggedHash::new(INVOICE_SIGNATURE_TAG, &bytes);
+		let message = TaggedHash::from_bytes(INVOICE_SIGNATURE_TAG, &bytes);
 		let signature = merkle::sign_message(recipient_sign, &message, recipient_pubkey()).unwrap();
 		signature_tlv_stream.signature = Some(&signature);
 
@@ -1374,7 +1374,7 @@ mod tests {
 		let mut bytes = Vec::new();
 		tlv_stream.write(&mut bytes).unwrap();
 
-		let message = TaggedHash::new(INVOICE_SIGNATURE_TAG, &bytes);
+		let message = TaggedHash::from_bytes(INVOICE_SIGNATURE_TAG, &bytes);
 		let signature = merkle::sign_message(recipient_sign, &message, recipient_pubkey()).unwrap();
 		signature_tlv_stream.signature = Some(&signature);
 
@@ -1397,7 +1397,7 @@ mod tests {
 		let mut bytes = Vec::new();
 		tlv_stream.write(&mut bytes).unwrap();
 
-		let message = TaggedHash::new(INVOICE_SIGNATURE_TAG, &bytes);
+		let message = TaggedHash::from_bytes(INVOICE_SIGNATURE_TAG, &bytes);
 		let signature = merkle::sign_message(recipient_sign, &message, recipient_pubkey()).unwrap();
 		signature_tlv_stream.signature = Some(&signature);
 

lightning/src/offers/merkle.rs

@@ -38,10 +38,20 @@ pub struct TaggedHash {
 }
 
 impl TaggedHash {
+	/// Creates a tagged hash with the given parameters.
+	///
+	/// Panics if `bytes` is not a well-formed TLV stream containing at least one TLV record.
+	pub(super) fn from_bytes(tag: &'static str, bytes: &[u8]) -> Self {
+		let tlv_stream = TlvStream::new(bytes);
+		Self::from_tlv_stream(tag, tlv_stream)
+	}
+
 	/// Creates a tagged hash with the given parameters.
 	///
 	/// Panics if `tlv_stream` is not a well-formed TLV stream containing at least one TLV record.
-	pub(super) fn new(tag: &'static str, tlv_stream: &[u8]) -> Self {
+	pub(super) fn from_tlv_stream<'a, I: core::iter::Iterator<Item = TlvRecord<'a>>>(
+		tag: &'static str, tlv_stream: I
+	) -> Self {
 		let tag_hash = sha256::Hash::hash(tag.as_bytes());
 		let merkle_root = root_hash(tlv_stream);
 		let digest = Message::from_slice(tagged_hash(tag_hash, merkle_root).as_byte_array()).unwrap();
@@ -141,9 +151,10 @@ pub(super) fn verify_signature(
 
 /// Computes a merkle root hash for the given data, which must be a well-formed TLV stream
 /// containing at least one TLV record.
-fn root_hash(data: &[u8]) -> sha256::Hash {
+fn root_hash<'a, I: core::iter::Iterator<Item = TlvRecord<'a>>>(tlv_stream: I) -> sha256::Hash {
+	let mut tlv_stream = tlv_stream.peekable();
 	let nonce_tag = tagged_hash_engine(sha256::Hash::from_engine({
-		let first_tlv_record = TlvStream::new(&data[..]).next().unwrap();
+		let first_tlv_record = tlv_stream.peek().unwrap();
 		let mut engine = sha256::Hash::engine();
 		engine.input("LnNonce".as_bytes());
 		engine.input(first_tlv_record.record_bytes);
@@ -153,8 +164,7 @@ fn root_hash(data: &[u8]) -> sha256::Hash {
 	let branch_tag = tagged_hash_engine(sha256::Hash::hash("LnBranch".as_bytes()));
 
 	let mut leaves = Vec::new();
-	let tlv_stream = TlvStream::new(&data[..]);
-	for record in tlv_stream.skip_signatures() {
+	for record in TlvStream::skip_signatures(tlv_stream) {
 		leaves.push(tagged_hash_from_engine(leaf_tag.clone(), &record.record_bytes));
 		leaves.push(tagged_hash_from_engine(nonce_tag.clone(), &record.type_bytes));
 	}
@@ -231,8 +241,10 @@ impl<'a> TlvStream<'a> {
 			.take_while(move |record| take_range.contains(&record.r#type))
 	}
 
-	fn skip_signatures(self) -> core::iter::Filter<TlvStream<'a>, fn(&TlvRecord) -> bool> {
-		self.filter(|record| !SIGNATURE_TYPES.contains(&record.r#type))
+	fn skip_signatures(
+		tlv_stream: impl core::iter::Iterator<Item = TlvRecord<'a>>
+	) -> impl core::iter::Iterator<Item = TlvRecord<'a>> {
+		tlv_stream.filter(|record| !SIGNATURE_TYPES.contains(&record.r#type))
 	}
 }
 
@@ -280,7 +292,7 @@ impl<'a> Writeable for WithoutSignatures<'a> {
 	#[inline]
 	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
 		let tlv_stream = TlvStream::new(self.0);
-		for record in tlv_stream.skip_signatures() {
+		for record in TlvStream::skip_signatures(tlv_stream) {
 			writer.write_all(record.record_bytes)?;
 		}
 		Ok(())
@@ -308,15 +320,15 @@ mod tests {
 		macro_rules! tlv2 { () => { "02080000010000020003" } }
 		macro_rules! tlv3 { () => { "03310266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c0351800000000000000010000000000000002" } }
 		assert_eq!(
-			super::root_hash(&<Vec<u8>>::from_hex(tlv1!()).unwrap()),
+			super::root_hash(TlvStream::new(&<Vec<u8>>::from_hex(tlv1!()).unwrap())),
 			sha256::Hash::from_slice(&<Vec<u8>>::from_hex("b013756c8fee86503a0b4abdab4cddeb1af5d344ca6fc2fa8b6c08938caa6f93").unwrap()).unwrap(),
 		);
 		assert_eq!(
-			super::root_hash(&<Vec<u8>>::from_hex(concat!(tlv1!(), tlv2!())).unwrap()),
+			super::root_hash(TlvStream::new(&<Vec<u8>>::from_hex(concat!(tlv1!(), tlv2!())).unwrap())),
 			sha256::Hash::from_slice(&<Vec<u8>>::from_hex("c3774abbf4815aa54ccaa026bff6581f01f3be5fe814c620a252534f434bc0d1").unwrap()).unwrap(),
 		);
 		assert_eq!(
-			super::root_hash(&<Vec<u8>>::from_hex(concat!(tlv1!(), tlv2!(), tlv3!())).unwrap()),
+			super::root_hash(TlvStream::new(&<Vec<u8>>::from_hex(concat!(tlv1!(), tlv2!(), tlv3!())).unwrap())),
 			sha256::Hash::from_slice(&<Vec<u8>>::from_hex("ab2e79b1283b0b31e0b035258de23782df6b89a38cfa7237bde69aed1a658c5d").unwrap()).unwrap(),
 		);
 	}
@@ -348,7 +360,7 @@ mod tests {
 			"lnr1qqyqqqqqqqqqqqqqqcp4256ypqqkgzshgysy6ct5dpjk6ct5d93kzmpq23ex2ct5d9ek293pqthvwfzadd7jejes8q9lhc4rvjxd022zv5l44g6qah82ru5rdpnpjkppqvjx204vgdzgsqpvcp4mldl3plscny0rt707gvpdh6ndydfacz43euzqhrurageg3n7kafgsek6gz3e9w52parv8gs2hlxzk95tzeswywffxlkeyhml0hh46kndmwf4m6xma3tkq2lu04qz3slje2rfthc89vss",
 		);
 		assert_eq!(
-			super::root_hash(&invoice_request.bytes[..]),
+			super::root_hash(TlvStream::new(&invoice_request.bytes[..])),
 			sha256::Hash::from_slice(&<Vec<u8>>::from_hex("608407c18ad9a94d9ea2bcdbe170b6c20c462a7833a197621c916f78cf18e624").unwrap()).unwrap(),
 		);
 		assert_eq!(

lightning/src/offers/offer.rs

@@ -122,7 +122,13 @@ impl OfferId {
 	const ID_TAG: &'static str = concat!("lightning", "offer");
 
 	fn from_offer_bytes(bytes: &[u8]) -> Self {
-		let tagged_hash = TaggedHash::new(Self::ID_TAG, &bytes);
+		let tagged_hash = TaggedHash::from_bytes(Self::ID_TAG, bytes);
+		Self(tagged_hash.to_bytes())
+	}
+
+	fn from_invreq_bytes(bytes: &[u8]) -> Self {
+		let tlv_stream = TlvStream::new(bytes).range(OFFER_TYPES);
+		let tagged_hash = TaggedHash::from_tlv_stream(Self::ID_TAG, tlv_stream);
 		Self(tagged_hash.to_bytes())
 	}
 }
@@ -889,10 +895,12 @@ impl OfferContents {
 						_ => true,
 					}
 				});
-				let (keys, nonce) = signer::verify_recipient_metadata(
+				let keys = signer::verify_recipient_metadata(
 					metadata, key, IV_BYTES, self.signing_pubkey(), tlv_stream, secp_ctx
 				)?;
-				let offer_id = OfferId(nonce);
+
+				let offer_id = OfferId::from_invreq_bytes(bytes);
+
 				Ok((offer_id, keys))
 			},
 			None => Err(()),
@@ -1230,17 +1238,17 @@ mod tests {
 
 		#[cfg(c_bindings)]
 		use super::OfferWithDerivedMetadataBuilder as OfferBuilder;
-		let (offer_id, offer) = OfferBuilder
+		let offer = OfferBuilder
 			::deriving_signing_pubkey(desc, node_id, &expanded_key, &entropy, &secp_ctx)
 			.amount_msats(1000)
-			.build_with_id().unwrap();
+			.build().unwrap();
 		assert_eq!(offer.signing_pubkey(), node_id);
 
 		let invoice_request = offer.request_invoice(vec![1; 32], payer_pubkey()).unwrap()
 			.build().unwrap()
 			.sign(payer_sign).unwrap();
 		match invoice_request.verify(&expanded_key, &secp_ctx) {
-			Ok(invoice_request) => assert_eq!(invoice_request.offer_id, offer_id),
+			Ok(invoice_request) => assert_eq!(invoice_request.offer_id, offer.id()),
 			Err(_) => panic!("unexpected error"),
 		}
 
@@ -1291,18 +1299,18 @@ mod tests {
 
 		#[cfg(c_bindings)]
 		use super::OfferWithDerivedMetadataBuilder as OfferBuilder;
-		let (offer_id, offer) = OfferBuilder
+		let offer = OfferBuilder
 			::deriving_signing_pubkey(desc, node_id, &expanded_key, &entropy, &secp_ctx)
 			.amount_msats(1000)
 			.path(blinded_path)
-			.build_with_id().unwrap();
+			.build().unwrap();
 		assert_ne!(offer.signing_pubkey(), node_id);
 
 		let invoice_request = offer.request_invoice(vec![1; 32], payer_pubkey()).unwrap()
 			.build().unwrap()
 			.sign(payer_sign).unwrap();
 		match invoice_request.verify(&expanded_key, &secp_ctx) {
-			Ok(invoice_request) => assert_eq!(invoice_request.offer_id, offer_id),
+			Ok(invoice_request) => assert_eq!(invoice_request.offer_id, offer.id()),
 			Err(_) => panic!("unexpected error"),
 		}
 

lightning/src/offers/signer.rs

@@ -271,13 +271,11 @@ pub(super) fn verify_recipient_metadata<'a, T: secp256k1::Signing>(
 	metadata: &[u8], expanded_key: &ExpandedKey, iv_bytes: &[u8; IV_LEN],
 	signing_pubkey: PublicKey, tlv_stream: impl core::iter::Iterator<Item = TlvRecord<'a>>,
 	secp_ctx: &Secp256k1<T>
-) -> Result<(Option<KeyPair>, Nonce), ()> {
+) -> Result<Option<KeyPair>, ()> {
 	let mut hmac = hmac_for_message(metadata, expanded_key, iv_bytes, tlv_stream)?;
 	hmac.input(WITHOUT_ENCRYPTED_PAYMENT_ID_HMAC_INPUT);
 
-	let keys = verify_metadata(metadata, Hmac::from_engine(hmac), signing_pubkey, secp_ctx)?;
-	let nonce = Nonce::try_from(&metadata[..Nonce::LENGTH]).unwrap();
-	Ok((keys, nonce))
+	verify_metadata(metadata, Hmac::from_engine(hmac), signing_pubkey, secp_ctx)
 }
 
 fn verify_metadata<T: secp256k1::Signing>(