WIP: Elide metadata from Offer with derived keys

lightningdevkit · Jun 20, 2024 · cd9a904 · cd9a904
1 parent c17d677
commit cd9a904
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 21 deletions.
diff --git a/lightning/src/offers/invoice.rs b/lightning/src/offers/invoice.rs
@@ -1776,7 +1776,7 @@ mod tests {
 			.sign(payer_sign).unwrap();
 
 		if let Err(e) = invoice_request.clone()
-			.verify(&expanded_key, &secp_ctx).unwrap()
+			.verify_using_nonce(nonce, &expanded_key, &secp_ctx).unwrap()
 			.respond_using_derived_keys_no_std(payment_paths(), payment_hash(), now()).unwrap()
 			.build_and_sign(&secp_ctx)
 		{

diff --git a/lightning/src/offers/offer.rs b/lightning/src/offers/offer.rs
@@ -399,13 +399,13 @@ macro_rules! offer_builder_methods { (
 				}
 
 				let (derived_metadata, keys) = metadata.derive_from(tlv_stream, $self.secp_ctx);
-				metadata = derived_metadata;
-				if let Some(keys) = keys {
-					$self.offer.signing_pubkey = Some(keys.public_key());
+				match keys {
+					Some(keys) => $self.offer.signing_pubkey = Some(keys.public_key()),
+					None => $self.offer.metadata = Some(derived_metadata),
 				}
+			} else {
+				$self.offer.metadata = Some(metadata);
 			}
-
-			$self.offer.metadata = Some(metadata);
 		}
 
 		let mut bytes = Vec::new();
@@ -666,9 +666,9 @@ impl Offer {
 	}
 
 	pub(super) fn verify<T: secp256k1::Signing>(
-		&self, key: &ExpandedKey, secp_ctx: &Secp256k1<T>
+		&self, nonce: Nonce, key: &ExpandedKey, secp_ctx: &Secp256k1<T>
 	) -> Result<(OfferId, Option<Keypair>), ()> {
-		self.contents.verify(&self.bytes, key, secp_ctx)
+		self.contents.verify_using_nonce(&self.bytes, nonce, key, secp_ctx)
 	}
 }
 
@@ -1295,6 +1295,7 @@ mod tests {
 		let offer = OfferBuilder::deriving_signing_pubkey(node_id, &expanded_key, nonce, &secp_ctx)
 			.amount_msats(1000)
 			.build().unwrap();
+		assert!(offer.metadata().is_some());
 		assert_eq!(offer.signing_pubkey(), Some(node_id));
 
 		let invoice_request = offer.request_invoice(vec![1; 32], payer_pubkey()).unwrap()
@@ -1361,16 +1362,9 @@ mod tests {
 			.amount_msats(1000)
 			.path(blinded_path)
 			.build().unwrap();
+		assert!(offer.metadata().is_none());
 		assert_ne!(offer.signing_pubkey(), Some(node_id));
 
-		let invoice_request = offer.request_invoice(vec![1; 32], payer_pubkey()).unwrap()
-			.build().unwrap()
-			.sign(payer_sign).unwrap();
-		match invoice_request.verify(&expanded_key, &secp_ctx) {
-			Ok(invoice_request) => assert_eq!(invoice_request.offer_id, offer.id()),
-			Err(_) => panic!("unexpected error"),
-		}
-
 		let invoice_request = offer.request_invoice(vec![1; 32], payer_pubkey()).unwrap()
 			.build().unwrap()
 			.sign(payer_sign).unwrap();

diff --git a/lightning/src/offers/static_invoice.rs b/lightning/src/offers/static_invoice.rs
@@ -22,6 +22,7 @@ use crate::offers::invoice_macros::{invoice_accessors_common, invoice_builder_me
 use crate::offers::merkle::{
 	self, SignError, SignFn, SignatureTlvStream, SignatureTlvStreamRef, TaggedHash,
 };
+use crate::offers::nonce::Nonce;
 use crate::offers::offer::{
 	Amount, Offer, OfferContents, OfferTlvStream, OfferTlvStreamRef, Quantity,
 };
@@ -99,7 +100,7 @@ impl<'a> StaticInvoiceBuilder<'a> {
 	pub fn for_offer_using_derived_keys<T: secp256k1::Signing>(
 		offer: &'a Offer, payment_paths: Vec<(BlindedPayInfo, BlindedPath)>,
 		message_paths: Vec<BlindedPath>, created_at: Duration, expanded_key: &ExpandedKey,
-		secp_ctx: &Secp256k1<T>,
+		nonce: Nonce, secp_ctx: &Secp256k1<T>,
 	) -> Result<Self, Bolt12SemanticError> {
 		if offer.chains().len() > 1 {
 			return Err(Bolt12SemanticError::UnexpectedChain);
@@ -113,7 +114,7 @@ impl<'a> StaticInvoiceBuilder<'a> {
 			offer.signing_pubkey().ok_or(Bolt12SemanticError::MissingSigningPubkey)?;
 
 		let keys = offer
-			.verify(&expanded_key, &secp_ctx)
+			.verify(nonce, &expanded_key, &secp_ctx)
 			.map_err(|()| Bolt12SemanticError::InvalidMetadata)?
 			.1
 			.ok_or(Bolt12SemanticError::MissingSigningPubkey)?;
@@ -625,6 +626,7 @@ mod tests {
 			vec![blinded_path()],
 			now,
 			&expanded_key,
+			nonce,
 			&secp_ctx,
 		)
 		.unwrap()
@@ -664,6 +666,7 @@ mod tests {
 			vec![blinded_path()],
 			now,
 			&expanded_key,
+			nonce,
 			&secp_ctx,
 		)
 		.unwrap()
@@ -674,7 +677,7 @@ mod tests {
 		invoice.write(&mut buffer).unwrap();
 
 		assert_eq!(invoice.bytes, buffer.as_slice());
-		assert!(invoice.metadata().is_some());
+		assert_eq!(invoice.metadata(), None);
 		assert_eq!(invoice.amount(), None);
 		assert_eq!(invoice.description(), None);
 		assert_eq!(invoice.offer_features(), &OfferFeatures::empty());
@@ -700,13 +703,12 @@ mod tests {
 		);
 
 		let paths = vec![blinded_path()];
-		let metadata = vec![42; 16];
 		assert_eq!(
 			invoice.as_tlv_stream(),
 			(
 				OfferTlvStreamRef {
 					chains: None,
-					metadata: Some(&metadata),
+					metadata: None,
 					currency: None,
 					amount: None,
 					description: None,
@@ -764,6 +766,7 @@ mod tests {
 			vec![blinded_path()],
 			now,
 			&expanded_key,
+			nonce,
 			&secp_ctx,
 		)
 		.unwrap()
@@ -784,6 +787,7 @@ mod tests {
 			vec![blinded_path()],
 			now,
 			&expanded_key,
+			nonce,
 			&secp_ctx,
 		)
 		.unwrap()
@@ -817,6 +821,7 @@ mod tests {
 			vec![blinded_path()],
 			now,
 			&expanded_key,
+			nonce,
 			&secp_ctx,
 		) {
 			assert_eq!(e, Bolt12SemanticError::MissingPaths);
@@ -831,6 +836,7 @@ mod tests {
 			Vec::new(),
 			now,
 			&expanded_key,
+			nonce,
 			&secp_ctx,
 		) {
 			assert_eq!(e, Bolt12SemanticError::MissingPaths);
@@ -851,6 +857,7 @@ mod tests {
 			vec![blinded_path()],
 			now,
 			&expanded_key,
+			nonce,
 			&secp_ctx,
 		) {
 			assert_eq!(e, Bolt12SemanticError::MissingPaths);
@@ -888,6 +895,7 @@ mod tests {
 			vec![blinded_path()],
 			now,
 			&expanded_key,
+			nonce,
 			&secp_ctx,
 		) {
 			assert_eq!(e, Bolt12SemanticError::MissingSigningPubkey);
@@ -908,6 +916,7 @@ mod tests {
 			vec![blinded_path()],
 			now,
 			&expanded_key,
+			nonce,
 			&secp_ctx,
 		) {
 			assert_eq!(e, Bolt12SemanticError::InvalidMetadata);
@@ -939,6 +948,7 @@ mod tests {
 			vec![blinded_path()],
 			now,
 			&expanded_key,
+			nonce,
 			&secp_ctx,
 		) {
 			assert_eq!(e, Bolt12SemanticError::UnexpectedChain);
@@ -969,6 +979,7 @@ mod tests {
 			vec![blinded_path()],
 			now,
 			&expanded_key,
+			nonce,
 			&secp_ctx,
 		)
 		.unwrap()
@@ -1009,6 +1020,7 @@ mod tests {
 			vec![blinded_path()],
 			now,
 			&expanded_key,
+			nonce,
 			&secp_ctx,
 		)
 		.unwrap()