X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Foffers%2Fmerkle.rs;h=a3979866926170e8b5dc467ef10c59aae9c91c54;hb=478911d42a8b47020511bdcb793756723f3801be;hp=7390b58fef8ef780a68f58aa50438dcbe1979d71;hpb=d9eb201bd8da97e9f249c793abeb9cbdb00f4744;p=rust-lightning

diff --git a/lightning/src/offers/merkle.rs b/lightning/src/offers/merkle.rs
index 7390b58f..a3979866 100644
--- a/lightning/src/offers/merkle.rs
+++ b/lightning/src/offers/merkle.rs
@@ -12,10 +12,10 @@
 use bitcoin::hashes::{Hash, HashEngine, sha256};
 use bitcoin::secp256k1::{Message, PublicKey, Secp256k1, self};
 use bitcoin::secp256k1::schnorr::Signature;
-use core::convert::AsRef;
 use crate::io;
 use crate::util::ser::{BigSize, Readable, Writeable, Writer};
 
+#[allow(unused_imports)]
 use crate::prelude::*;
 
 /// Valid type range for signature TLV records.
@@ -30,20 +30,55 @@ tlv_stream!(SignatureTlvStream, SignatureTlvStreamRef, SIGNATURE_TYPES, {
 ///
 /// [BIP 340]: https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
 /// [BOLT 12]: https://github.com/rustyrussell/lightning-rfc/blob/guilt/offers/12-offer-encoding.md#signature-calculation
-#[derive(Debug, PartialEq)]
-pub struct TaggedHash(Message);
+#[derive(Clone, Debug, PartialEq)]
+pub struct TaggedHash {
+	tag: &'static str,
+	merkle_root: sha256::Hash,
+	digest: Message,
+}
 
 impl TaggedHash {
+	/// Creates a tagged hash with the given parameters.
+	///
+	/// Panics if `bytes` is not a well-formed TLV stream containing at least one TLV record.
+	pub(super) fn from_valid_tlv_stream_bytes(tag: &'static str, bytes: &[u8]) -> Self {
+		let tlv_stream = TlvStream::new(bytes);
+		Self::from_tlv_stream(tag, tlv_stream)
+	}
+
 	/// Creates a tagged hash with the given parameters.
 	///
 	/// Panics if `tlv_stream` is not a well-formed TLV stream containing at least one TLV record.
-	pub(super) fn new(tag: &str, tlv_stream: &[u8]) -> Self {
-		Self(message_digest(tag, tlv_stream))
+	pub(super) fn from_tlv_stream<'a, I: core::iter::Iterator<Item = TlvRecord<'a>>>(
+		tag: &'static str, tlv_stream: I
+	) -> Self {
+		let tag_hash = sha256::Hash::hash(tag.as_bytes());
+		let merkle_root = root_hash(tlv_stream);
+		let digest = Message::from_slice(tagged_hash(tag_hash, merkle_root).as_byte_array()).unwrap();
+		Self {
+			tag,
+			merkle_root,
+			digest,
+		}
 	}
 
 	/// Returns the digest to sign.
 	pub fn as_digest(&self) -> &Message {
-		&self.0
+		&self.digest
+	}
+
+	/// Returns the tag used in the tagged hash.
+	pub fn tag(&self) -> &str {
+		&self.tag
+	}
+
+	/// Returns the merkle root used in the tagged hash.
+	pub fn merkle_root(&self) -> sha256::Hash {
+		self.merkle_root
+	}
+
+	pub(super) fn to_bytes(&self) -> [u8; 32] {
+		*self.digest.as_ref()
 	}
 }
 
@@ -55,13 +90,28 @@ impl AsRef<TaggedHash> for TaggedHash {
 
 /// Error when signing messages.
 #[derive(Debug, PartialEq)]
-pub enum SignError<E> {
+pub enum SignError {
 	/// User-defined error when signing the message.
-	Signing(E),
+	Signing,
 	/// Error when verifying the produced signature using the given pubkey.
 	Verification(secp256k1::Error),
 }
 
+/// A function for signing a [`TaggedHash`].
+pub(super) trait SignFn<T: AsRef<TaggedHash>> {
+	/// Signs a [`TaggedHash`] computed over the merkle root of `message`'s TLV stream.
+	fn sign(&self, message: &T) -> Result<Signature, ()>;
+}
+
+impl<F> SignFn<TaggedHash> for F
+where
+	F: Fn(&TaggedHash) -> Result<Signature, ()>,
+{
+	fn sign(&self, message: &TaggedHash) -> Result<Signature, ()> {
+		self(message)
+	}
+}
+
 /// Signs a [`TaggedHash`] computed over the merkle root of `message`'s TLV stream, checking if it
 /// can be verified with the supplied `pubkey`.
 ///
@@ -71,14 +121,14 @@ pub enum SignError<E> {
 ///
 /// [`Bolt12Invoice`]: crate::offers::invoice::Bolt12Invoice
 /// [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
-pub(super) fn sign_message<F, E, T>(
-	sign: F, message: &T, pubkey: PublicKey,
-) -> Result<Signature, SignError<E>>
+pub(super) fn sign_message<F, T>(
+	f: F, message: &T, pubkey: PublicKey,
+) -> Result<Signature, SignError>
 where
-	F: FnOnce(&T) -> Result<Signature, E>,
+	F: SignFn<T>,
 	T: AsRef<TaggedHash>,
 {
-	let signature = sign(message).map_err(|e| SignError::Signing(e))?;
+	let signature = f.sign(message).map_err(|()| SignError::Signing)?;
 
 	let digest = message.as_ref().as_digest();
 	let pubkey = pubkey.into();
@@ -91,7 +141,7 @@ where
 /// Verifies the signature with a pubkey over the given message using a tagged hash as the message
 /// digest.
 pub(super) fn verify_signature(
-	signature: &Signature, message: TaggedHash, pubkey: PublicKey,
+	signature: &Signature, message: &TaggedHash, pubkey: PublicKey,
 ) -> Result<(), secp256k1::Error> {
 	let digest = message.as_digest();
 	let pubkey = pubkey.into();
@@ -99,17 +149,12 @@ pub(super) fn verify_signature(
 	secp_ctx.verify_schnorr(signature, digest, &pubkey)
 }
 
-pub(super) fn message_digest(tag: &str, bytes: &[u8]) -> Message {
-	let tag = sha256::Hash::hash(tag.as_bytes());
-	let merkle_root = root_hash(bytes);
-	Message::from_slice(&tagged_hash(tag, merkle_root)).unwrap()
-}
-
 /// Computes a merkle root hash for the given data, which must be a well-formed TLV stream
 /// containing at least one TLV record.
-fn root_hash(data: &[u8]) -> sha256::Hash {
+fn root_hash<'a, I: core::iter::Iterator<Item = TlvRecord<'a>>>(tlv_stream: I) -> sha256::Hash {
+	let mut tlv_stream = tlv_stream.peekable();
 	let nonce_tag = tagged_hash_engine(sha256::Hash::from_engine({
-		let first_tlv_record = TlvStream::new(&data[..]).next().unwrap();
+		let first_tlv_record = tlv_stream.peek().unwrap();
 		let mut engine = sha256::Hash::engine();
 		engine.input("LnNonce".as_bytes());
 		engine.input(first_tlv_record.record_bytes);
@@ -119,8 +164,7 @@ fn root_hash(data: &[u8]) -> sha256::Hash {
 	let branch_tag = tagged_hash_engine(sha256::Hash::hash("LnBranch".as_bytes()));
 
 	let mut leaves = Vec::new();
-	let tlv_stream = TlvStream::new(&data[..]);
-	for record in tlv_stream.skip_signatures() {
+	for record in TlvStream::skip_signatures(tlv_stream) {
 		leaves.push(tagged_hash_from_engine(leaf_tag.clone(), &record.record_bytes));
 		leaves.push(tagged_hash_from_engine(nonce_tag.clone(), &record.type_bytes));
 	}
@@ -197,8 +241,10 @@ impl<'a> TlvStream<'a> {
 			.take_while(move |record| take_range.contains(&record.r#type))
 	}
 
-	fn skip_signatures(self) -> core::iter::Filter<TlvStream<'a>, fn(&TlvRecord) -> bool> {
-		self.filter(|record| !SIGNATURE_TYPES.contains(&record.r#type))
+	fn skip_signatures(
+		tlv_stream: impl core::iter::Iterator<Item = TlvRecord<'a>>
+	) -> impl core::iter::Iterator<Item = TlvRecord<'a>> {
+		tlv_stream.filter(|record| !SIGNATURE_TYPES.contains(&record.r#type))
 	}
 }
 
@@ -246,7 +292,7 @@ impl<'a> Writeable for WithoutSignatures<'a> {
 	#[inline]
 	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
 		let tlv_stream = TlvStream::new(self.0);
-		for record in tlv_stream.skip_signatures() {
+		for record in TlvStream::skip_signatures(tlv_stream) {
 			writer.write_all(record.record_bytes)?;
 		}
 		Ok(())
@@ -258,12 +304,13 @@ mod tests {
 	use super::{SIGNATURE_TYPES, TlvStream, WithoutSignatures};
 
 	use bitcoin::hashes::{Hash, sha256};
-	use bitcoin::secp256k1::{KeyPair, Secp256k1, SecretKey};
+	use bitcoin::hashes::hex::FromHex;
+	use bitcoin::secp256k1::{KeyPair, Message, Secp256k1, SecretKey};
 	use bitcoin::secp256k1::schnorr::Signature;
-	use core::convert::Infallible;
 	use crate::offers::offer::{Amount, OfferBuilder};
-	use crate::offers::invoice_request::InvoiceRequest;
+	use crate::offers::invoice_request::{InvoiceRequest, UnsignedInvoiceRequest};
 	use crate::offers::parse::Bech32Encode;
+	use crate::offers::test_utils::{payer_pubkey, recipient_pubkey};
 	use crate::util::ser::Writeable;
 
 	#[test]
@@ -273,16 +320,16 @@ mod tests {
 		macro_rules! tlv2 { () => { "02080000010000020003" } }
 		macro_rules! tlv3 { () => { "03310266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c0351800000000000000010000000000000002" } }
 		assert_eq!(
-			super::root_hash(&hex::decode(tlv1!()).unwrap()),
-			sha256::Hash::from_slice(&hex::decode("b013756c8fee86503a0b4abdab4cddeb1af5d344ca6fc2fa8b6c08938caa6f93").unwrap()).unwrap(),
+			super::root_hash(TlvStream::new(&<Vec<u8>>::from_hex(tlv1!()).unwrap())),
+			sha256::Hash::from_slice(&<Vec<u8>>::from_hex("b013756c8fee86503a0b4abdab4cddeb1af5d344ca6fc2fa8b6c08938caa6f93").unwrap()).unwrap(),
 		);
 		assert_eq!(
-			super::root_hash(&hex::decode(concat!(tlv1!(), tlv2!())).unwrap()),
-			sha256::Hash::from_slice(&hex::decode("c3774abbf4815aa54ccaa026bff6581f01f3be5fe814c620a252534f434bc0d1").unwrap()).unwrap(),
+			super::root_hash(TlvStream::new(&<Vec<u8>>::from_hex(concat!(tlv1!(), tlv2!())).unwrap())),
+			sha256::Hash::from_slice(&<Vec<u8>>::from_hex("c3774abbf4815aa54ccaa026bff6581f01f3be5fe814c620a252534f434bc0d1").unwrap()).unwrap(),
 		);
 		assert_eq!(
-			super::root_hash(&hex::decode(concat!(tlv1!(), tlv2!(), tlv3!())).unwrap()),
-			sha256::Hash::from_slice(&hex::decode("ab2e79b1283b0b31e0b035258de23782df6b89a38cfa7237bde69aed1a658c5d").unwrap()).unwrap(),
+			super::root_hash(TlvStream::new(&<Vec<u8>>::from_hex(concat!(tlv1!(), tlv2!(), tlv3!())).unwrap())),
+			sha256::Hash::from_slice(&<Vec<u8>>::from_hex("ab2e79b1283b0b31e0b035258de23782df6b89a38cfa7237bde69aed1a658c5d").unwrap()).unwrap(),
 		);
 	}
 
@@ -290,11 +337,11 @@ mod tests {
 	fn calculates_merkle_root_hash_from_invoice_request() {
 		let secp_ctx = Secp256k1::new();
 		let recipient_pubkey = {
-			let secret_key = SecretKey::from_slice(&hex::decode("4141414141414141414141414141414141414141414141414141414141414141").unwrap()).unwrap();
+			let secret_key = SecretKey::from_slice(&<Vec<u8>>::from_hex("4141414141414141414141414141414141414141414141414141414141414141").unwrap()).unwrap();
 			KeyPair::from_secret_key(&secp_ctx, &secret_key).public_key()
 		};
 		let payer_keys = {
-			let secret_key = SecretKey::from_slice(&hex::decode("4242424242424242424242424242424242424242424242424242424242424242").unwrap()).unwrap();
+			let secret_key = SecretKey::from_slice(&<Vec<u8>>::from_hex("4242424242424242424242424242424242424242424242424242424242424242").unwrap()).unwrap();
 			KeyPair::from_secret_key(&secp_ctx, &secret_key)
 		};
 
@@ -304,8 +351,8 @@ mod tests {
 			.build_unchecked()
 			.request_invoice(vec![0; 8], payer_keys.public_key()).unwrap()
 			.build_unchecked()
-			.sign::<_, Infallible>(
-				|message| Ok(secp_ctx.sign_schnorr_no_aux_rand(message.as_ref().as_digest(), &payer_keys))
+			.sign(|message: &UnsignedInvoiceRequest|
+				Ok(secp_ctx.sign_schnorr_no_aux_rand(message.as_ref().as_digest(), &payer_keys))
 			)
 			.unwrap();
 		assert_eq!(
@@ -313,15 +360,34 @@ mod tests {
 			"lnr1qqyqqqqqqqqqqqqqqcp4256ypqqkgzshgysy6ct5dpjk6ct5d93kzmpq23ex2ct5d9ek293pqthvwfzadd7jejes8q9lhc4rvjxd022zv5l44g6qah82ru5rdpnpjkppqvjx204vgdzgsqpvcp4mldl3plscny0rt707gvpdh6ndydfacz43euzqhrurageg3n7kafgsek6gz3e9w52parv8gs2hlxzk95tzeswywffxlkeyhml0hh46kndmwf4m6xma3tkq2lu04qz3slje2rfthc89vss",
 		);
 		assert_eq!(
-			super::root_hash(&invoice_request.bytes[..]),
-			sha256::Hash::from_slice(&hex::decode("608407c18ad9a94d9ea2bcdbe170b6c20c462a7833a197621c916f78cf18e624").unwrap()).unwrap(),
+			super::root_hash(TlvStream::new(&invoice_request.bytes[..])),
+			sha256::Hash::from_slice(&<Vec<u8>>::from_hex("608407c18ad9a94d9ea2bcdbe170b6c20c462a7833a197621c916f78cf18e624").unwrap()).unwrap(),
 		);
 		assert_eq!(
 			invoice_request.signature(),
-			Signature::from_slice(&hex::decode("b8f83ea3288cfd6ea510cdb481472575141e8d8744157f98562d162cc1c472526fdb24befefbdebab4dbb726bbd1b7d8aec057f8fa805187e5950d2bbe0e5642").unwrap()).unwrap(),
+			Signature::from_slice(&<Vec<u8>>::from_hex("b8f83ea3288cfd6ea510cdb481472575141e8d8744157f98562d162cc1c472526fdb24befefbdebab4dbb726bbd1b7d8aec057f8fa805187e5950d2bbe0e5642").unwrap()).unwrap(),
 		);
 	}
 
+        #[test]
+        fn compute_tagged_hash() {
+                let unsigned_invoice_request = OfferBuilder::new("foo".into(), recipient_pubkey())
+                        .amount_msats(1000)
+                        .build().unwrap()
+                        .request_invoice(vec![1; 32], payer_pubkey()).unwrap()
+                        .payer_note("bar".into())
+                        .build().unwrap();
+
+                // Simply test that we can grab the tag and merkle root exposed by the accessor
+                // functions, then use them to succesfully compute a tagged hash.
+                let tagged_hash = unsigned_invoice_request.as_ref();
+                let expected_digest = unsigned_invoice_request.as_ref().as_digest();
+                let tag = sha256::Hash::hash(tagged_hash.tag().as_bytes());
+                let actual_digest = Message::from_slice(super::tagged_hash(tag, tagged_hash.merkle_root()).as_byte_array())
+                        .unwrap();
+                assert_eq!(*expected_digest, actual_digest);
+        }
+
 	#[test]
 	fn skips_encoding_signature_tlv_records() {
 		let secp_ctx = Secp256k1::new();
@@ -339,8 +405,8 @@ mod tests {
 			.build_unchecked()
 			.request_invoice(vec![0; 8], payer_keys.public_key()).unwrap()
 			.build_unchecked()
-			.sign::<_, Infallible>(
-				|message| Ok(secp_ctx.sign_schnorr_no_aux_rand(message.as_ref().as_digest(), &payer_keys))
+			.sign(|message: &UnsignedInvoiceRequest|
+				Ok(secp_ctx.sign_schnorr_no_aux_rand(message.as_ref().as_digest(), &payer_keys))
 			)
 			.unwrap();
 
@@ -371,8 +437,8 @@ mod tests {
 			.build_unchecked()
 			.request_invoice(vec![0; 8], payer_keys.public_key()).unwrap()
 			.build_unchecked()
-			.sign::<_, Infallible>(
-				|message| Ok(secp_ctx.sign_schnorr_no_aux_rand(message.as_ref().as_digest(), &payer_keys))
+			.sign(|message: &UnsignedInvoiceRequest|
+				Ok(secp_ctx.sign_schnorr_no_aux_rand(message.as_ref().as_digest(), &payer_keys))
 			)
 			.unwrap();