WIP: InvoiceRequestBuilder

Author: jkczyz

lightning/src/offers/invoice_request.rs

@@ -8,20 +8,189 @@
 // licenses.
 
 //! Data structures and encoding for `invoice_request` messages.
+//!
+//! An [`InvoiceRequest`] can be either built from a parsed [`Offer`] for the user-pays-merchant
+//! flow or built directly for the merchant-pays-user flow.
+//!
+//! ```
+//! extern crate bitcoin;
+//! extern crate lightning;
+//!
+//! use bitcoin::network::constants::Network;
+//! use bitcoin::secp256k1::{KeyPair, PublicKey, Secp256k1, SecretKey};
+//! use lightning::ln::features::OfferFeatures;
+//! use lightning::offers::Offer;
+//! use lightning::util::ser::Writeable;
+//!
+//! # fn parse() -> Result<(), lightning::offers::ParseError> {
+//! let secp_ctx = Secp256k1::new();
+//! let keys = KeyPair::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32])?);
+//! let pubkey = PublicKey::from(keys);
+//! let mut buffer = Vec::new();
+//!
+//! // User-pays-merchant flow
+//! "lno1qcp4256ypq"
+//!     .parse::<Offer>()?
+//!     .request_invoice(pubkey)
+//!     .payer_info(vec![42; 64])
+//!     .chain(Network::Testnet)?
+//!     .amount_msats(1000)?
+//!     .features(OfferFeatures::known())
+//!     .quantity(5)?
+//!     .payer_note("foo".to_string())
+//!     .build()?
+//!     .sign(|digest| secp_ctx.sign_schnorr_no_aux_rand(digest, &keys))?
+//!     .write(&mut buffer)
+//!     .unwrap();
+//! # Ok(())
+//! # }
+//! ```
 
 use bitcoin::blockdata::constants::ChainHash;
-use bitcoin::secp256k1::PublicKey;
+use bitcoin::network::constants::Network;
+use bitcoin::secp256k1::{Message, PublicKey, self};
 use bitcoin::secp256k1::schnorr::Signature;
 use core::convert::TryFrom;
 use core::str::FromStr;
 use io;
 use ln::features::OfferFeatures;
 use offers::merkle::{SignatureTlvStream, self};
-use offers::offer::{Amount, OfferContents, OfferTlvStream, self};
+use offers::offer::{Offer, OfferContents, OfferTlvStream, self};
 use offers::parse::{Bech32Encode, ParseError, SemanticError};
 use offers::payer::{PayerContents, PayerTlvStream, self};
 use util::ser::{Readable, WithoutLength, Writeable, Writer};
 
+///
+const SIGNATURE_TAG: &'static str = concat!("lightning", "invoice_request", "signature");
+
+/// Builds an [`InvoiceRequest`] from an [`Offer`] for the user-pays-merchant flow.
+///
+/// See [module-level documentation] for usage.
+///
+/// [module-level documentation]: self
+pub struct InvoiceRequestBuilder<'a> {
+	offer: &'a Offer,
+	invoice_request: InvoiceRequestContents,
+}
+
+impl<'a> InvoiceRequestBuilder<'a> {
+	pub(super) fn new(offer: &'a Offer, payer_id: PublicKey) -> Self {
+		Self {
+			offer,
+			invoice_request: InvoiceRequestContents {
+				payer: PayerContents(None), offer: offer.contents.clone(), chain: None,
+				amount_msats: None, features: None, quantity: None, payer_id, payer_note: None,
+			},
+		}
+	}
+
+	///
+	pub fn payer_info(mut self, payer_info: Vec<u8>) -> Self {
+		self.invoice_request.payer = PayerContents(Some(payer_info));
+		self
+	}
+
+	///
+	pub fn chain(mut self, network: Network) -> Result<Self, SemanticError> {
+		let chain_hash = ChainHash::using_genesis_block(network);
+		if !self.offer.supports_chain(chain_hash) {
+			return Err(SemanticError::UnsupportedChain)
+		}
+
+		self.invoice_request.chain = Some(chain_hash);
+		Ok(self)
+	}
+
+	///
+	pub fn amount_msats(mut self, amount_msats: u64) -> Result<Self, SemanticError> {
+		if !self.offer.is_sufficient_amount(amount_msats) {
+			return Err(SemanticError::InsufficientAmount);
+		}
+
+		self.invoice_request.amount_msats = Some(amount_msats);
+		Ok(self)
+	}
+
+	///
+	pub fn features(mut self, features: OfferFeatures) -> Self {
+		self.invoice_request.features = Some(features);
+		self
+	}
+
+	///
+	pub fn quantity(mut self, quantity: u64) -> Result<Self, SemanticError> {
+		if !self.offer.is_valid_quantity(quantity) {
+			return Err(SemanticError::InvalidQuantity);
+		}
+
+		self.invoice_request.quantity = Some(quantity);
+		Ok(self)
+	}
+
+	///
+	pub fn payer_note(mut self, payer_note: String) -> Self {
+		self.invoice_request.payer_note = Some(payer_note);
+		self
+	}
+
+	/// Builds the [`InvoiceRequest`] after checking for valid semantics.
+	pub fn build(self) -> Result<UnsignedInvoiceRequest<'a>, SemanticError> {
+		let chain = self.invoice_request.chain.unwrap_or_else(|| self.offer.implied_chain());
+		if !self.offer.supports_chain(chain) {
+			return Err(SemanticError::UnsupportedChain);
+		}
+
+		if self.offer.amount().is_some() && self.invoice_request.amount_msats.is_none() {
+			return Err(SemanticError::MissingAmount);
+		}
+
+		if self.offer.expects_quantity() && self.invoice_request.quantity.is_none() {
+			return Err(SemanticError::InvalidQuantity);
+		}
+
+		let InvoiceRequestBuilder { offer, invoice_request } = self;
+		Ok(UnsignedInvoiceRequest { offer, invoice_request })
+	}
+}
+
+/// A semantically valid [`InvoiceRequest`] that hasn't been signed.
+pub struct UnsignedInvoiceRequest<'a> {
+	offer: &'a Offer,
+	invoice_request: InvoiceRequestContents,
+}
+
+impl<'a> UnsignedInvoiceRequest<'a> {
+	/// Signs the invoice request using the given function.
+	pub fn sign<F>(self, sign: F) -> Result<InvoiceRequest, secp256k1::Error>
+	where F: FnOnce(&Message) -> Signature
+	{
+		// Use the offer bytes instead of the offer TLV stream as the offer may have contained
+		// unknown TLV records, which are not stored in `OfferContents`.
+		let (payer_tlv_stream, _offer_tlv_stream, invoice_request_tlv_stream) =
+			self.invoice_request.as_tlv_stream();
+		let offer_bytes = WithoutLength(&self.offer.bytes);
+		let unsigned_tlv_stream = (payer_tlv_stream, offer_bytes, invoice_request_tlv_stream);
+
+		let mut bytes = Vec::new();
+		unsigned_tlv_stream.write(&mut bytes).unwrap();
+
+		let pubkey = self.invoice_request.payer_id;
+		let signature = Some(merkle::sign_message(sign, SIGNATURE_TAG, &bytes, pubkey)?);
+
+		// Append the signature TLV record to the bytes.
+		let signature_tlv_stream = merkle::reference::SignatureTlvStream {
+			signature: signature.as_ref(),
+		};
+		signature_tlv_stream.write(&mut bytes).unwrap();
+
+		Ok(InvoiceRequest {
+			bytes,
+			contents: self.invoice_request,
+			signature,
+		})
+	}
+}
+
 ///
 pub struct InvoiceRequest {
 	bytes: Vec<u8>,
@@ -182,8 +351,7 @@ impl TryFrom<ParsedInvoiceRequest> for InvoiceRequest {
 		)?;
 
 		if let Some(signature) = &signature {
-			let tag = concat!("lightning", "invoice_request", "signature");
-			merkle::verify_signature(signature, tag, &bytes, contents.payer_id)?;
+			merkle::verify_signature(signature, SIGNATURE_TAG, &bytes, contents.payer_id)?;
 		}
 
 		Ok(InvoiceRequest { bytes, contents, signature })
@@ -203,25 +371,22 @@ impl TryFrom<PartialInvoiceRequestTlvStream> for InvoiceRequestContents {
 		let payer = PayerContents(payer_info.map(Into::into));
 		let offer = OfferContents::try_from(offer_tlv_stream)?;
 
-		let chain = match chain {
-			None => None,
-			Some(chain) if chain == offer.chain() => Some(chain),
-			Some(_) => return Err(SemanticError::UnsupportedChain),
-		};
+		if !offer.supports_chain(chain.unwrap_or_else(|| offer.implied_chain())) {
+			return Err(SemanticError::UnsupportedChain);
+		}
 
 		// TODO: Determine whether quantity should be accounted for
 		let amount_msats = match (offer.amount(), amount.map(Into::into)) {
 			// TODO: Handle currency case
-			(Some(Amount::Currency { .. }), _) => return Err(SemanticError::UnexpectedCurrency),
 			(Some(_), None) => return Err(SemanticError::MissingAmount),
-			(Some(Amount::Bitcoin { amount_msats: offer_amount_msats }), Some(amount_msats)) => {
-				if amount_msats < *offer_amount_msats {
+			(Some(_), Some(amount_msats)) => {
+				if !offer.is_sufficient_amount(amount_msats) {
 					return Err(SemanticError::InsufficientAmount);
 				} else {
 					Some(amount_msats)
 				}
 			},
-			(_, amount_msats) => amount_msats,
+			(None, amount_msats) => amount_msats,
 		};
 
 		if let Some(features) = &features {

lightning/src/offers/merkle.rs

@@ -20,17 +20,37 @@ tlv_stream!(struct SignatureTlvStream {
 	(240, signature: Signature),
 });
 
+pub(super) fn sign_message<F>(
+	sign: F, tag: &str, bytes: &[u8], pubkey: PublicKey,
+) -> Result<Signature, secp256k1::Error>
+where
+	F: FnOnce(&Message) -> Signature
+{
+	let digest = message_digest(tag, bytes);
+	let signature = sign(&digest);
+
+	let pubkey = pubkey.into();
+	let secp_ctx = Secp256k1::verification_only();
+	secp_ctx.verify_schnorr(&signature, &digest, &pubkey)?;
+
+	Ok(signature)
+}
+
 pub(super) fn verify_signature(
 	signature: &Signature, tag: &str, bytes: &[u8], pubkey: PublicKey,
 ) -> Result<(), secp256k1::Error> {
-	let tag = sha256::Hash::hash(tag.as_bytes());
-	let merkle_root = root_hash(bytes);
-	let digest = Message::from_slice(&tagged_hash(tag, merkle_root)).unwrap();
+	let digest = message_digest(tag, bytes);
 	let pubkey = pubkey.into();
 	let secp_ctx = Secp256k1::verification_only();
 	secp_ctx.verify_schnorr(signature, &digest, &pubkey)
 }
 
+fn message_digest(tag: &str, bytes: &[u8]) -> Message {
+	let tag = sha256::Hash::hash(tag.as_bytes());
+	let merkle_root = root_hash(bytes);
+	Message::from_slice(&tagged_hash(tag, merkle_root)).unwrap()
+}
+
 fn root_hash(data: &[u8]) -> sha256::Hash {
 	let mut tlv_stream = TlvStream::new(&data[..]).peekable();
 	let nonce_tag = tagged_hash_engine(sha256::Hash::from_engine({

lightning/src/offers/offer.rs

@@ -61,6 +61,7 @@ use core::str::FromStr;
 use core::time::Duration;
 use io;
 use ln::features::OfferFeatures;
+use offers::invoice_request::InvoiceRequestBuilder;
 use offers::parse::{Bech32Encode, ParseError, SemanticError};
 use onion_message::BlindedPath;
 use util::ser::{Writeable, Writer};
@@ -227,8 +228,8 @@ impl OfferBuilder {
 pub struct Offer {
 	// The serialized offer. Needed when creating an `InvoiceRequest` if the offer contains unknown
 	// fields.
-	bytes: Vec<u8>,
-	contents: OfferContents,
+	pub(super) bytes: Vec<u8>,
+	pub(super) contents: OfferContents,
 }
 
 /// The contents of an [`Offer`], which may be shared with an `InvoiceRequest` or an `Invoice`.
@@ -253,6 +254,15 @@ impl Offer {
 		self.contents.chain()
 	}
 
+	///
+	pub fn supports_chain(&self, chain: ChainHash) -> bool {
+		self.contents.supports_chain(chain)
+	}
+
+	pub(super) fn implied_chain(&self) -> ChainHash {
+		self.contents.implied_chain()
+	}
+
 	/// Metadata set by the originator, useful for authentication and validating fields.
 	pub fn metadata(&self) -> Option<&Vec<u8>> {
 		self.contents.metadata.as_ref()
@@ -263,6 +273,11 @@ impl Offer {
 		self.contents.amount()
 	}
 
+	///
+	pub fn is_sufficient_amount(&self, amount_msats: u64) -> bool {
+		self.contents.is_sufficient_amount(amount_msats)
+	}
+
 	/// A complete description of the purpose of the payment.
 	pub fn description(&self) -> &String {
 		&self.contents.description
@@ -327,6 +342,11 @@ impl Offer {
 		self.contents.node_id.unwrap()
 	}
 
+	///
+	pub fn request_invoice(&self, payer_id: PublicKey) -> InvoiceRequestBuilder {
+		InvoiceRequestBuilder::new(self, payer_id)
+	}
+
 	#[cfg(test)]
 	fn as_bytes(&self) -> &[u8] {
 		&self.bytes
@@ -357,13 +377,34 @@ impl OfferContents {
 		self.chains
 			.as_ref()
 			.and_then(|chains| chains.first().copied())
-			.unwrap_or_else(|| ChainHash::using_genesis_block(Network::Bitcoin))
+			.unwrap_or_else(|| self.implied_chain())
+	}
+
+	///
+	pub fn supports_chain(&self, chain: ChainHash) -> bool {
+		self.chains
+			.as_ref()
+			.map(|chains| chains.contains(&chain))
+			.unwrap_or_else(||chain == self.implied_chain())
+	}
+
+	pub(super) fn implied_chain(&self) -> ChainHash {
+		ChainHash::using_genesis_block(Network::Bitcoin)
 	}
 
 	pub fn amount(&self) -> Option<&Amount> {
 		self.amount.as_ref()
 	}
 
+	pub fn is_sufficient_amount(&self, amount_msats: u64) -> bool {
+		match self.amount {
+			Some(Amount::Currency { .. }) => unimplemented!(),
+			Some(Amount::Bitcoin { amount_msats: offer_amount_msats }) => {
+				amount_msats >= offer_amount_msats
+			},
+			None => true,
+		}
+	}
 	pub fn quantity_min(&self) -> u64 {
 		self.quantity_min.unwrap_or(1)
 	}
@@ -590,6 +631,7 @@ mod tests {
 
 		assert_eq!(offer.as_bytes(), &offer.to_bytes()[..]);
 		assert_eq!(offer.chain(), ChainHash::using_genesis_block(Network::Bitcoin));
+		assert!(offer.supports_chain(ChainHash::using_genesis_block(Network::Bitcoin)));
 		assert_eq!(offer.metadata(), None);
 		assert_eq!(offer.amount(), None);
 		assert_eq!(offer.description(), "foo");
@@ -627,6 +669,7 @@ mod tests {
 		let offer = OfferBuilder::new("foo".into(), pubkey())
 			.chain(Network::Bitcoin)
 			.build();
+		assert!(offer.supports_chain(block_hash));
 		assert_eq!(offer.chain(), block_hash);
 		assert_eq!(offer.as_tlv_stream().chains, Some((&vec![block_hash]).into()));
 
@@ -641,6 +684,8 @@ mod tests {
 			.chain(Network::Bitcoin)
 			.chain(Network::Testnet)
 			.build();
+		assert!(offer.supports_chain(block_hashes[0]));
+		assert!(offer.supports_chain(block_hashes[1]));
 		assert_eq!(offer.chain(), block_hashes[0]);
 		assert_eq!(offer.as_tlv_stream().chains, Some((&block_hashes).into()));
 	}