From: Jeffrey Czyz Date: Tue, 11 Jul 2023 20:08:23 +0000 (-0500) Subject: Use TaggedHash in merkle::verify_signature X-Git-Tag: v0.0.117-alpha1~49^2~1 X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=63d0d5583d2b18021434092face066ae92d5ae7b;p=rust-lightning Use TaggedHash in merkle::verify_signature An earlier commit introduced TaggedHash for use in sign_message. For consistency, use it in verify_signature, too. --- diff --git a/lightning/src/offers/invoice.rs b/lightning/src/offers/invoice.rs index 05960642e..745b389fa 100644 --- a/lightning/src/offers/invoice.rs +++ b/lightning/src/offers/invoice.rs @@ -1184,8 +1184,9 @@ impl TryFrom> for Bolt12Invoice { None => return Err(Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::MissingSignature)), Some(signature) => signature, }; + let message = TaggedHash::new(SIGNATURE_TAG, &bytes); let pubkey = contents.fields().signing_pubkey; - merkle::verify_signature(&signature, SIGNATURE_TAG, &bytes, pubkey)?; + merkle::verify_signature(&signature, message, pubkey)?; Ok(Bolt12Invoice { bytes, contents, signature }) } @@ -1288,7 +1289,7 @@ mod tests { use crate::ln::inbound_payment::ExpandedKey; use crate::ln::msgs::DecodeError; use crate::offers::invoice_request::InvoiceRequestTlvStreamRef; - use crate::offers::merkle::{SignError, SignatureTlvStreamRef, self}; + use crate::offers::merkle::{SignError, SignatureTlvStreamRef, TaggedHash, self}; use crate::offers::offer::{Amount, OfferBuilder, OfferTlvStreamRef, Quantity}; use crate::offers::parse::{Bolt12ParseError, Bolt12SemanticError}; use crate::offers::payer::PayerTlvStreamRef; @@ -1400,11 +1401,9 @@ mod tests { assert_eq!(invoice.fallbacks(), vec![]); assert_eq!(invoice.invoice_features(), &Bolt12InvoiceFeatures::empty()); assert_eq!(invoice.signing_pubkey(), recipient_pubkey()); - assert!( - merkle::verify_signature( - &invoice.signature, SIGNATURE_TAG, &invoice.bytes, recipient_pubkey() - ).is_ok() - ); + + let message = TaggedHash::new(SIGNATURE_TAG, &invoice.bytes); + assert!(merkle::verify_signature(&invoice.signature, message, recipient_pubkey()).is_ok()); let digest = Message::from_slice(&invoice.signable_hash()).unwrap(); let pubkey = recipient_pubkey().into(); @@ -1499,11 +1498,9 @@ mod tests { assert_eq!(invoice.fallbacks(), vec![]); assert_eq!(invoice.invoice_features(), &Bolt12InvoiceFeatures::empty()); assert_eq!(invoice.signing_pubkey(), recipient_pubkey()); - assert!( - merkle::verify_signature( - &invoice.signature, SIGNATURE_TAG, &invoice.bytes, recipient_pubkey() - ).is_ok() - ); + + let message = TaggedHash::new(SIGNATURE_TAG, &invoice.bytes); + assert!(merkle::verify_signature(&invoice.signature, message, recipient_pubkey()).is_ok()); assert_eq!( invoice.as_tlv_stream(), diff --git a/lightning/src/offers/invoice_request.rs b/lightning/src/offers/invoice_request.rs index 198e15ec5..41c86171b 100644 --- a/lightning/src/offers/invoice_request.rs +++ b/lightning/src/offers/invoice_request.rs @@ -799,7 +799,8 @@ impl TryFrom> for InvoiceRequest { None => return Err(Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::MissingSignature)), Some(signature) => signature, }; - merkle::verify_signature(&signature, SIGNATURE_TAG, &bytes, contents.payer_id)?; + let message = TaggedHash::new(SIGNATURE_TAG, &bytes); + merkle::verify_signature(&signature, message, contents.payer_id)?; Ok(InvoiceRequest { bytes, contents, signature }) } @@ -933,11 +934,9 @@ mod tests { assert_eq!(invoice_request.quantity(), None); assert_eq!(invoice_request.payer_id(), payer_pubkey()); assert_eq!(invoice_request.payer_note(), None); - assert!( - merkle::verify_signature( - &invoice_request.signature, SIGNATURE_TAG, &invoice_request.bytes, payer_pubkey() - ).is_ok() - ); + + let message = TaggedHash::new(SIGNATURE_TAG, &invoice_request.bytes); + assert!(merkle::verify_signature(&invoice_request.signature, message, payer_pubkey()).is_ok()); assert_eq!( invoice_request.as_tlv_stream(), diff --git a/lightning/src/offers/merkle.rs b/lightning/src/offers/merkle.rs index b3867bf6f..7390b58fe 100644 --- a/lightning/src/offers/merkle.rs +++ b/lightning/src/offers/merkle.rs @@ -88,17 +88,15 @@ where Ok(signature) } -/// Verifies the signature with a pubkey over the given bytes using a tagged hash as the message +/// Verifies the signature with a pubkey over the given message using a tagged hash as the message /// digest. -/// -/// Panics if `bytes` is not a well-formed TLV stream containing at least one TLV record. pub(super) fn verify_signature( - signature: &Signature, tag: &str, bytes: &[u8], pubkey: PublicKey, + signature: &Signature, message: TaggedHash, pubkey: PublicKey, ) -> Result<(), secp256k1::Error> { - let digest = message_digest(tag, bytes); + let digest = message.as_digest(); let pubkey = pubkey.into(); let secp_ctx = Secp256k1::verification_only(); - secp_ctx.verify_schnorr(signature, &digest, &pubkey) + secp_ctx.verify_schnorr(signature, digest, &pubkey) } pub(super) fn message_digest(tag: &str, bytes: &[u8]) -> Message {