WIP: invoice_request with reflected offer

Author: jkczyz

lightning/src/offers/invoice_request.rs

@@ -0,0 +1,258 @@
+// This file is Copyright its original authors, visible in version control
+// history.
+//
+// This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
+// or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
+// You may not use this file except in accordance with one or both of these
+// licenses.
+
+//! Data structures and encoding for `invoice_request` messages.
+
+use bitcoin::blockdata::constants::ChainHash;
+use bitcoin::secp256k1::PublicKey;
+use bitcoin::secp256k1::schnorr::Signature;
+use core::convert::TryFrom;
+use core::str::FromStr;
+use io;
+use ln::features::OfferFeatures;
+use offers::merkle::{SignatureTlvStream, self};
+use offers::offer::{Amount, OfferContents, OfferTlvStream, self};
+use offers::parse::{Bech32Encode, ParseError, SemanticError};
+use offers::payer::{PayerContents, PayerTlvStream, self};
+use util::ser::{Readable, WithoutLength, Writeable, Writer};
+
+use prelude::*;
+
+///
+pub struct InvoiceRequest {
+	bytes: Vec<u8>,
+	contents: InvoiceRequestContents,
+	signature: Option<Signature>,
+}
+
+///
+pub(crate) struct InvoiceRequestContents {
+	payer: PayerContents,
+	offer: OfferContents,
+	chain: Option<ChainHash>,
+	amount_msats: Option<u64>,
+	features: Option<OfferFeatures>,
+	quantity: Option<u64>,
+	payer_id: PublicKey,
+	payer_note: Option<String>,
+}
+
+impl InvoiceRequest {
+	///
+	pub fn payer_info(&self) -> Option<&Vec<u8>> {
+		self.contents.payer.0.as_ref()
+	}
+
+	///
+	pub fn chain(&self) -> ChainHash {
+		self.contents.chain.unwrap_or_else(|| self.contents.offer.chain())
+	}
+
+	///
+	pub fn amount_msats(&self) -> Option<u64> {
+		self.contents.amount_msats
+	}
+
+	///
+	pub fn features(&self) -> Option<&OfferFeatures> {
+		self.contents.features.as_ref()
+	}
+
+	///
+	pub fn quantity(&self) -> Option<u64> {
+		self.contents.quantity
+	}
+
+	///
+	pub fn payer_id(&self) -> PublicKey {
+		self.contents.payer_id
+	}
+
+	///
+	pub fn payer_note(&self) -> Option<&String> {
+		self.contents.payer_note.as_ref()
+	}
+
+	///
+	pub fn signature(&self) -> Option<Signature> {
+		self.signature
+	}
+}
+
+impl AsRef<[u8]> for InvoiceRequest {
+	fn as_ref(&self) -> &[u8] {
+		&self.bytes
+	}
+}
+
+impl InvoiceRequestContents {
+	pub(super) fn as_tlv_stream(&self) -> ReferencedPartialInvoiceRequestTlvStream {
+		let payer = payer::reference::PayerTlvStream {
+			payer_info: self.payer.0.as_ref().map(Into::into),
+		};
+
+		let offer = self.offer.as_tlv_stream();
+
+		let invoice_request = reference::InvoiceRequestTlvStream {
+			chain: self.chain.as_ref(),
+			amount: self.amount_msats.map(Into::into),
+			features: self.features.as_ref(),
+			quantity: self.quantity.map(Into::into),
+			payer_id: Some(&self.payer_id),
+			payer_note: self.payer_note.as_ref().map(Into::into),
+		};
+
+		(payer, offer, invoice_request)
+	}
+}
+
+impl Writeable for InvoiceRequest {
+	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
+		WithoutLength(&self.bytes).write(writer)
+	}
+}
+
+impl Writeable for InvoiceRequestContents {
+	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
+		self.as_tlv_stream().write(writer)
+	}
+}
+
+impl TryFrom<Vec<u8>> for InvoiceRequest {
+	type Error = ParseError;
+
+	fn try_from(bytes: Vec<u8>) -> Result<Self, Self::Error> {
+		let tlv_stream: FullInvoiceRequestTlvStream = Readable::read(&mut &bytes[..])?;
+		InvoiceRequest::try_from((bytes, tlv_stream))
+	}
+}
+
+tlv_stream!(struct InvoiceRequestTlvStream {
+	(80, chain: ChainHash),
+	(82, amount: u64),
+	(84, features: OfferFeatures),
+	(86, quantity: u64),
+	(88, payer_id: PublicKey),
+	(89, payer_note: String),
+});
+
+impl Bech32Encode for InvoiceRequest {
+	type TlvStream = FullInvoiceRequestTlvStream;
+
+	const BECH32_HRP: &'static str = "lnr";
+}
+
+type ParsedInvoiceRequest = (Vec<u8>, FullInvoiceRequestTlvStream);
+
+type FullInvoiceRequestTlvStream =
+	(PayerTlvStream, OfferTlvStream, InvoiceRequestTlvStream, SignatureTlvStream);
+
+type PartialInvoiceRequestTlvStream = (PayerTlvStream, OfferTlvStream, InvoiceRequestTlvStream);
+
+type ReferencedPartialInvoiceRequestTlvStream<'a> = (
+	payer::reference::PayerTlvStream<'a>,
+	offer::reference::OfferTlvStream<'a>,
+	reference::InvoiceRequestTlvStream<'a>,
+);
+
+impl FromStr for InvoiceRequest {
+	type Err = ParseError;
+
+	fn from_str(s: &str) -> Result<Self, <Self as FromStr>::Err> {
+		let (tlv_stream, bytes) = InvoiceRequest::from_bech32_str(s)?;
+		InvoiceRequest::try_from((bytes, tlv_stream))
+	}
+}
+
+impl TryFrom<ParsedInvoiceRequest> for InvoiceRequest {
+	type Error = ParseError;
+
+	fn try_from(invoice_request: ParsedInvoiceRequest) -> Result<Self, Self::Error> {
+		let (bytes, tlv_stream) = invoice_request;
+		let (
+			payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream,
+			SignatureTlvStream { signature },
+		) = tlv_stream;
+		let contents = InvoiceRequestContents::try_from(
+			(payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream)
+		)?;
+
+		if let Some(signature) = &signature {
+			let tag = concat!("lightning", "invoice_request", "signature");
+			merkle::verify_signature(signature, tag, &bytes, contents.payer_id)?;
+		}
+
+		Ok(InvoiceRequest { bytes, contents, signature })
+	}
+}
+
+impl TryFrom<PartialInvoiceRequestTlvStream> for InvoiceRequestContents {
+	type Error = SemanticError;
+
+	fn try_from(tlv_stream: PartialInvoiceRequestTlvStream) -> Result<Self, Self::Error> {
+		let (
+			PayerTlvStream { payer_info },
+			offer_tlv_stream,
+			InvoiceRequestTlvStream { chain, amount, features, quantity, payer_id, payer_note },
+		) = tlv_stream;
+
+		let payer = PayerContents(payer_info.map(Into::into));
+		let offer = OfferContents::try_from(offer_tlv_stream)?;
+
+		let chain = match chain {
+			None => None,
+			Some(chain) if chain == offer.chain() => Some(chain),
+			Some(_) => return Err(SemanticError::UnsupportedChain),
+		};
+
+		// TODO: Determine whether quantity should be accounted for
+		let amount_msats = match (offer.amount(), amount.map(Into::into)) {
+			// TODO: Handle currency case
+			(Some(Amount::Currency { .. }), _) => return Err(SemanticError::UnexpectedCurrency),
+			(Some(_), None) => return Err(SemanticError::MissingAmount),
+			(Some(Amount::Bitcoin { amount_msats: offer_amount_msats }), Some(amount_msats)) => {
+				if amount_msats < *offer_amount_msats {
+					return Err(SemanticError::InsufficientAmount);
+				} else {
+					Some(amount_msats)
+				}
+			},
+			(_, amount_msats) => amount_msats,
+		};
+
+		if let Some(features) = &features {
+			if features.requires_unknown_bits() {
+				return Err(SemanticError::UnknownRequiredFeatures);
+			}
+		}
+
+		let quantity = match quantity.map(Into::into) {
+			None if !offer.expects_quantity() => None,
+			Some(quantity) if offer.is_valid_quantity(quantity) => Some(quantity),
+			_ => return Err(SemanticError::InvalidQuantity),
+		};
+
+		let payer_id = match payer_id {
+			None => return Err(SemanticError::MissingPayerId),
+			Some(payer_id) => payer_id,
+		};
+
+		let payer_note = payer_note.map(Into::into);
+
+		Ok(InvoiceRequestContents {
+			payer, offer, chain, amount_msats, features, quantity, payer_id, payer_note,
+		})
+	}
+}
+
+impl core::fmt::Display for InvoiceRequest {
+	fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
+		self.fmt_bech32_str(f)
+	}
+}

lightning/src/offers/merkle.rs

@@ -10,13 +10,30 @@
 //! Tagged hashes for use in signature calculation and verification.
 
 use bitcoin::hashes::{Hash, HashEngine, sha256};
+use bitcoin::secp256k1::{Message, PublicKey, Secp256k1, self};
+use bitcoin::secp256k1::schnorr::Signature;
 use util::ser::{BigSize, Readable};
 
 use prelude::*;
 
 const SIGNATURE_TYPES: core::ops::RangeInclusive<u64> = 240..=1000;
 
-pub(super) fn root_hash(data: &[u8]) -> sha256::Hash {
+tlv_stream!(struct SignatureTlvStream {
+	(240, signature: Signature),
+});
+
+pub(super) fn verify_signature(
+	signature: &Signature, tag: &str, bytes: &[u8], pubkey: PublicKey,
+) -> Result<(), secp256k1::Error> {
+	let tag = sha256::Hash::hash(tag.as_bytes());
+	let merkle_root = root_hash(bytes);
+	let digest = Message::from_slice(&tagged_hash(tag, merkle_root)).unwrap();
+	let pubkey = pubkey.into();
+	let secp_ctx = Secp256k1::verification_only();
+	secp_ctx.verify_schnorr(signature, &digest, &pubkey)
+}
+
+fn root_hash(data: &[u8]) -> sha256::Hash {
 	let mut tlv_stream = TlvStream::new(&data[..]).peekable();
 	let nonce_tag = tagged_hash_engine(sha256::Hash::from_engine({
 		let mut engine = sha256::Hash::engine();
@@ -52,7 +69,7 @@ pub(super) fn root_hash(data: &[u8]) -> sha256::Hash {
 	*leaves.first().unwrap()
 }
 
-pub(super) fn tagged_hash<T: AsRef<[u8]>>(tag: sha256::Hash, msg: T) -> sha256::Hash {
+fn tagged_hash<T: AsRef<[u8]>>(tag: sha256::Hash, msg: T) -> sha256::Hash {
 	let engine = tagged_hash_engine(tag);
 	tagged_hash_from_engine(engine, msg)
 }

lightning/src/offers/mod.rs

@@ -12,6 +12,8 @@
 //!
 //! Offers are a flexible protocol for Lightning payments.
 
+pub mod invoice_request;
 mod merkle;
 pub mod offer;
 pub mod parse;
+mod payer;

lightning/src/offers/offer.rs

@@ -250,11 +250,7 @@ pub(crate) struct OfferContents {
 impl Offer {
 	/// The chain used for paying the invoice.
 	pub fn chain(&self) -> ChainHash {
-		// TODO: Update once spec is finalized
-		self.contents.chains
-			.as_ref()
-			.and_then(|chains| chains.first().copied())
-			.unwrap_or_else(|| ChainHash::using_genesis_block(Network::Bitcoin))
+		self.contents.chain()
 	}
 
 	/// Metadata set by the originator, useful for authentication and validating fields.
@@ -264,7 +260,7 @@ impl Offer {
 
 	/// The minimum amount required for a successful payment.
 	pub fn amount(&self) -> Option<&Amount> {
-		self.contents.amount.as_ref()
+		self.contents.amount()
 	}
 
 	/// A complete description of the purpose of the payment.
@@ -316,6 +312,16 @@ impl Offer {
 		self.contents.quantity_max()
 	}
 
+	///
+	pub fn is_valid_quantity(&self, quantity: u64) -> bool {
+		self.contents.is_valid_quantity(quantity)
+	}
+
+	///
+	pub fn expects_quantity(&self) -> bool {
+		self.contents.expects_quantity()
+	}
+
 	/// The recipient's public key used to sign invoices.
 	pub fn node_id(&self) -> PublicKey {
 		self.contents.node_id.unwrap()
@@ -346,6 +352,18 @@ impl AsRef<[u8]> for Offer {
 }
 
 impl OfferContents {
+	pub fn chain(&self) -> ChainHash {
+		// TODO: Update once spec is finalized
+		self.chains
+			.as_ref()
+			.and_then(|chains| chains.first().copied())
+			.unwrap_or_else(|| ChainHash::using_genesis_block(Network::Bitcoin))
+	}
+
+	pub fn amount(&self) -> Option<&Amount> {
+		self.amount.as_ref()
+	}
+
 	pub fn quantity_min(&self) -> u64 {
 		self.quantity_min.unwrap_or(1)
 	}
@@ -355,7 +373,17 @@ impl OfferContents {
 			self.quantity_min.map_or(1, |_| u64::max_value()))
 	}
 
-	fn as_tlv_stream(&self) -> reference::OfferTlvStream {
+	pub fn is_valid_quantity(&self, quantity: u64) -> bool {
+		self.expects_quantity()
+			&& quantity >= self.quantity_min()
+			&& quantity <= self.quantity_max()
+	}
+
+	pub fn expects_quantity(&self) -> bool {
+		self.quantity_min.is_some() || self.quantity_max.is_some()
+	}
+
+	pub(super) fn as_tlv_stream(&self) -> reference::OfferTlvStream {
 		let (currency, amount) = match &self.amount {
 			None => (None, None),
 			Some(Amount::Bitcoin { amount_msats }) => (None, Some(amount_msats.into())),