X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Foffers%2Finvoice_request.rs;h=92fabd6fdf0c7ab5f49c46cfd0793e02a8886774;hb=8afe6940200769b9df9e9ecfda2a8390919a6cf2;hp=2294fc458853c6f4afb223df823a0845f2c6f1e2;hpb=2298af4d0b008d844eed12444948339ba7557de7;p=rust-lightning

diff --git a/lightning/src/offers/invoice_request.rs b/lightning/src/offers/invoice_request.rs
index 2294fc45..92fabd6f 100644
--- a/lightning/src/offers/invoice_request.rs
+++ b/lightning/src/offers/invoice_request.rs
@@ -64,12 +64,12 @@ use crate::ln::PaymentHash;
 use crate::ln::features::InvoiceRequestFeatures;
 use crate::ln::inbound_payment::{ExpandedKey, IV_LEN, Nonce};
 use crate::ln::msgs::DecodeError;
-use crate::offers::invoice::{BlindedPayInfo, InvoiceBuilder};
-use crate::offers::merkle::{SignError, SignatureTlvStream, SignatureTlvStreamRef, TlvStream, self};
-use crate::offers::offer::{OFFER_TYPES, Offer, OfferContents, OfferTlvStream, OfferTlvStreamRef};
+use crate::offers::invoice::{BlindedPayInfo, DerivedSigningPubkey, ExplicitSigningPubkey, InvoiceBuilder};
+use crate::offers::merkle::{SignError, SignatureTlvStream, SignatureTlvStreamRef, self};
+use crate::offers::offer::{Offer, OfferContents, OfferTlvStream, OfferTlvStreamRef};
 use crate::offers::parse::{ParseError, ParsedMessage, SemanticError};
-use crate::offers::payer::{PAYER_METADATA_TYPE, PayerContents, PayerTlvStream, PayerTlvStreamRef};
-use crate::offers::signer::{Metadata, MetadataMaterial, self};
+use crate::offers::payer::{PayerContents, PayerTlvStream, PayerTlvStreamRef};
+use crate::offers::signer::{Metadata, MetadataMaterial};
 use crate::onion_message::BlindedPath;
 use crate::util::ser::{HighZeroBytesDroppedBigSize, SeekReadable, WithoutLength, Writeable, Writer};
 use crate::util::string::PrintableString;
@@ -78,7 +78,7 @@ use crate::prelude::*;
 
 const SIGNATURE_TAG: &'static str = concat!("lightning", "invoice_request", "signature");
 
-const IV_BYTES: &[u8; IV_LEN] = b"LDK Invreq ~~~~~";
+pub(super) const IV_BYTES: &[u8; IV_LEN] = b"LDK Invreq ~~~~~";
 
 /// Builds an [`InvoiceRequest`] from an [`Offer`] for the "offer to be paid" flow.
 ///
@@ -469,7 +469,7 @@ impl InvoiceRequest {
 	#[cfg(feature = "std")]
 	pub fn respond_with(
 		&self, payment_paths: Vec<(BlindedPath, BlindedPayInfo)>, payment_hash: PaymentHash
-	) -> Result<InvoiceBuilder, SemanticError> {
+	) -> Result<InvoiceBuilder<ExplicitSigningPubkey>, SemanticError> {
 		let created_at = std::time::SystemTime::now()
 			.duration_since(std::time::SystemTime::UNIX_EPOCH)
 			.expect("SystemTime::now() should come after SystemTime::UNIX_EPOCH");
@@ -497,7 +497,7 @@ impl InvoiceRequest {
 	pub fn respond_with_no_std(
 		&self, payment_paths: Vec<(BlindedPath, BlindedPayInfo)>, payment_hash: PaymentHash,
 		created_at: core::time::Duration
-	) -> Result<InvoiceBuilder, SemanticError> {
+	) -> Result<InvoiceBuilder<ExplicitSigningPubkey>, SemanticError> {
 		if self.features().requires_unknown_bits() {
 			return Err(SemanticError::UnknownRequiredFeatures);
 		}
@@ -505,11 +505,60 @@ impl InvoiceRequest {
 		InvoiceBuilder::for_offer(self, payment_paths, created_at, payment_hash)
 	}
 
-	/// Verifies that the request was for an offer created using the given key.
+	/// Creates an [`InvoiceBuilder`] for the request using the given required fields and that uses
+	/// derived signing keys from the originating [`Offer`] to sign the [`Invoice`]. Must use the
+	/// same [`ExpandedKey`] as the one used to create the offer.
+	///
+	/// See [`InvoiceRequest::respond_with`] for further details.
+	///
+	/// [`Invoice`]: crate::offers::invoice::Invoice
+	#[cfg(feature = "std")]
+	pub fn verify_and_respond_using_derived_keys<T: secp256k1::Signing>(
+		&self, payment_paths: Vec<(BlindedPath, BlindedPayInfo)>, payment_hash: PaymentHash,
+		expanded_key: &ExpandedKey, secp_ctx: &Secp256k1<T>
+	) -> Result<InvoiceBuilder<DerivedSigningPubkey>, SemanticError> {
+		let created_at = std::time::SystemTime::now()
+			.duration_since(std::time::SystemTime::UNIX_EPOCH)
+			.expect("SystemTime::now() should come after SystemTime::UNIX_EPOCH");
+
+		self.verify_and_respond_using_derived_keys_no_std(
+			payment_paths, payment_hash, created_at, expanded_key, secp_ctx
+		)
+	}
+
+	/// Creates an [`InvoiceBuilder`] for the request using the given required fields and that uses
+	/// derived signing keys from the originating [`Offer`] to sign the [`Invoice`]. Must use the
+	/// same [`ExpandedKey`] as the one used to create the offer.
+	///
+	/// See [`InvoiceRequest::respond_with_no_std`] for further details.
+	///
+	/// [`Invoice`]: crate::offers::invoice::Invoice
+	pub fn verify_and_respond_using_derived_keys_no_std<T: secp256k1::Signing>(
+		&self, payment_paths: Vec<(BlindedPath, BlindedPayInfo)>, payment_hash: PaymentHash,
+		created_at: core::time::Duration, expanded_key: &ExpandedKey, secp_ctx: &Secp256k1<T>
+	) -> Result<InvoiceBuilder<DerivedSigningPubkey>, SemanticError> {
+		if self.features().requires_unknown_bits() {
+			return Err(SemanticError::UnknownRequiredFeatures);
+		}
+
+		let keys = match self.verify(expanded_key, secp_ctx) {
+			Err(()) => return Err(SemanticError::InvalidMetadata),
+			Ok(None) => return Err(SemanticError::InvalidMetadata),
+			Ok(Some(keys)) => keys,
+		};
+
+		InvoiceBuilder::for_offer_using_keys(self, payment_paths, created_at, payment_hash, keys)
+	}
+
+	/// Verifies that the request was for an offer created using the given key. Returns the derived
+	/// keys need to sign an [`Invoice`] for the request if they could be extracted from the
+	/// metadata.
+	///
+	/// [`Invoice`]: crate::offers::invoice::Invoice
 	pub fn verify<T: secp256k1::Signing>(
 		&self, key: &ExpandedKey, secp_ctx: &Secp256k1<T>
-	) -> bool {
-		self.contents.inner.offer.verify(TlvStream::new(&self.bytes), key, secp_ctx)
+	) -> Result<Option<KeyPair>, ()> {
+		self.contents.inner.offer.verify(&self.bytes, key, secp_ctx)
 	}
 
 	#[cfg(test)]
@@ -528,24 +577,16 @@ impl InvoiceRequestContents {
 		self.inner.metadata()
 	}
 
+	pub(super) fn derives_keys(&self) -> bool {
+		self.inner.payer.0.derives_keys()
+	}
+
 	pub(super) fn chain(&self) -> ChainHash {
 		self.inner.chain()
 	}
 
-	/// Verifies that the payer metadata was produced from the invoice request in the TLV stream.
-	pub(super) fn verify<T: secp256k1::Signing>(
-		&self, tlv_stream: TlvStream<'_>, key: &ExpandedKey, secp_ctx: &Secp256k1<T>
-	) -> bool {
-		let offer_records = tlv_stream.clone().range(OFFER_TYPES);
-		let invreq_records = tlv_stream.range(INVOICE_REQUEST_TYPES).filter(|record| {
-			match record.r#type {
-				PAYER_METADATA_TYPE => false, // Should be outside range
-				INVOICE_REQUEST_PAYER_ID_TYPE => !self.inner.payer.0.derives_keys(),
-				_ => true,
-			}
-		});
-		let tlv_stream = offer_records.chain(invreq_records);
-		signer::verify_metadata(self.metadata(), key, IV_BYTES, self.payer_id, tlv_stream, secp_ctx)
+	pub(super) fn payer_id(&self) -> PublicKey {
+		self.payer_id
 	}
 
 	pub(super) fn as_tlv_stream(&self) -> PartialInvoiceRequestTlvStreamRef {