Skip to content

refactor(invoice): align signature checks with BOLT11 semantics #4064

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 16, 2025
Merged

refactor(invoice): align signature checks with BOLT11 semantics #4064

merged 2 commits into from
Sep 16, 2025
+31 −42

Conversation

erickcestari
Copy link
Contributor

Simplify check_signature logic to follow the BOLT11 rules discussed:

  • If an n field is present, verify the signature against the included pubkey using secp256k1_ecdsa_verify, which enforces normalized low-S form.

  • If no n field is present, rely on secp256k1_ecdsa_recover to extract the pubkey. Recovery accepts both high-S and low-S signatures, matching existing implementations (lnd, c-lightning).

This avoids redundant recovery+verify checks while preserving interoperability.

Context: lightning/bolts#1284

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Sep 9, 2025
edited
Loading

👋 Thanks for assigning @valentinewallace as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

@erickcestari erickcestari force-pushed the improve-check-signature-bolt11 branch from 9e89d85 to c5c9121 Compare September 9, 2025 14:27
@erickcestari erickcestari changed the title feat(invoice): align signature checks with BOLT11 semantics refactor(invoice): align signature checks with BOLT11 semantics Sep 9, 2025
@codecov Codecov
Copy link

codecov bot commented Sep 9, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.33%. Comparing base (ecce859) to head (c678a9a).
⚠️ Report is 50 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4064      +/-   ##
==========================================
- Coverage   88.76%   88.33%   -0.43%     
==========================================
  Files         176      177       +1     
  Lines      129518   131880    +2362     
  Branches   129518   131880    +2362     
==========================================
+ Hits       114968   116502    +1534     
- Misses      11945    12715     +770     
- Partials     2605     2663      +58
Flag Coverage Δ
fuzzing 21.62% <0.00%> (-0.40%) ⬇️
tests 88.17% <100.00%> (-0.43%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@erickcestari erickcestari force-pushed the improve-check-signature-bolt11 branch from c5c9121 to b91793a Compare September 9, 2025 18:33
@ldk-reviews-bot
Copy link

🔔 1st Reminder

Hey @valentinewallace! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

🔔 2nd Reminder

Hey @valentinewallace! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

🔔 3rd Reminder

Hey @valentinewallace! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

valentinewallace
valentinewallace previously approved these changes Sep 15, 2025
View reviewed changes
@ldk-reviews-bot
Copy link

👋 The first review has been submitted!

Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer.

@erickcestari
refactor(invoice): align signature checks with BOLT11 semantics
f63aebb 
Simplify `check_signature` logic to follow the BOLT11 rules discussed:

- If an `n` field is present, verify the signature against the included
pubkey using `secp256k1_ecdsa_verify`, which enforces normalized
low-S form.

- If no `n` field is present, rely on `secp256k1_ecdsa_recover` to
extract the pubkey. Recovery accepts both high-S and low-S signatures,
matching existing implementations (lnd, c-lightning).

This avoids redundant recovery+verify checks while preserving
interoperability.
@erickcestari
test(invoice): add new BOLT11 test vector to test public-key recovery…
c678a9a 
… high-S signature
@erickcestari erickcestari force-pushed the improve-check-signature-bolt11 branch from 25347f9 to c678a9a Compare September 15, 2025 19:19
valentinewallace
valentinewallace approved these changes Sep 15, 2025
View reviewed changes
Copy link
Contributor

@valentinewallace valentinewallace left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @erickcestari! Will land after CI passes

@valentinewallace valentinewallace merged commit 3f82564 into lightningdevkit:main Sep 16, 2025
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@valentinewallace valentinewallace valentinewallace approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@erickcestari @ldk-reviews-bot @valentinewallace