Invoice request raw byte encoding and decoding

When reading an offer, an `invoice_request` message is sent over the
wire. Implement Writeable for encoding the message and TryFrom for
decoding it by defining in terms of TLV streams. These streams represent
content for the payer metadata (0), reflected `offer` (1-79),
`invoice_request` (80-159), and signature (240).

Author: jkczyz

lightning/src/offers/invoice_request.rs

@@ -12,9 +12,14 @@
 use bitcoin::blockdata::constants::ChainHash;
 use bitcoin::secp256k1::PublicKey;
 use bitcoin::secp256k1::schnorr::Signature;
+use core::convert::TryFrom;
+use io;
 use ln::features::OfferFeatures;
-use offers::offer::OfferContents;
-use offers::payer::PayerContents;
+use offers::merkle::{SignatureTlvStream, self};
+use offers::offer::{Amount, OfferContents, OfferTlvStream};
+use offers::parse::{ParseError, SemanticError};
+use offers::payer::{PayerContents, PayerTlvStream};
+use util::ser::{Readable, WithoutLength, Writeable, Writer};
 
 use prelude::*;
 
@@ -49,7 +54,7 @@ impl InvoiceRequest {
 	/// [`payer_id`].
 	///
 	/// [`payer_id`]: Self::payer_id
-	pub fn payer_info(&self) -> Option<&Vec<u8>> {
+	pub fn metadata(&self) -> Option<&Vec<u8>> {
 		self.contents.payer.0.as_ref()
 	}
 
@@ -100,3 +105,116 @@ impl InvoiceRequest {
 		self.signature
 	}
 }
+
+impl Writeable for InvoiceRequest {
+	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
+		WithoutLength(&self.bytes).write(writer)
+	}
+}
+
+impl TryFrom<Vec<u8>> for InvoiceRequest {
+	type Error = ParseError;
+
+	fn try_from(bytes: Vec<u8>) -> Result<Self, Self::Error> {
+		let tlv_stream: FullInvoiceRequestTlvStream = Readable::read(&mut &bytes[..])?;
+		InvoiceRequest::try_from((bytes, tlv_stream))
+	}
+}
+
+tlv_stream!(InvoiceRequestTlvStream, InvoiceRequestTlvStreamRef, {
+	(80, chain: ChainHash),
+	(82, amount: u64),
+	(84, features: OfferFeatures),
+	(86, quantity: u64),
+	(88, payer_id: PublicKey),
+	(89, payer_note: String),
+});
+
+type ParsedInvoiceRequest = (Vec<u8>, FullInvoiceRequestTlvStream);
+
+type FullInvoiceRequestTlvStream =
+	(PayerTlvStream, OfferTlvStream, InvoiceRequestTlvStream, SignatureTlvStream);
+
+type PartialInvoiceRequestTlvStream = (PayerTlvStream, OfferTlvStream, InvoiceRequestTlvStream);
+
+impl TryFrom<ParsedInvoiceRequest> for InvoiceRequest {
+	type Error = ParseError;
+
+	fn try_from(invoice_request: ParsedInvoiceRequest) -> Result<Self, Self::Error> {
+		let (bytes, tlv_stream) = invoice_request;
+		let (
+			payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream,
+			SignatureTlvStream { signature },
+		) = tlv_stream;
+		let contents = InvoiceRequestContents::try_from(
+			(payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream)
+		)?;
+
+		if let Some(signature) = &signature {
+			let tag = concat!("lightning", "invoice_request", "signature");
+			merkle::verify_signature(signature, tag, &bytes, contents.payer_id)?;
+		}
+
+		Ok(InvoiceRequest { bytes, contents, signature })
+	}
+}
+
+impl TryFrom<PartialInvoiceRequestTlvStream> for InvoiceRequestContents {
+	type Error = SemanticError;
+
+	fn try_from(tlv_stream: PartialInvoiceRequestTlvStream) -> Result<Self, Self::Error> {
+		let (
+			PayerTlvStream { metadata },
+			offer_tlv_stream,
+			InvoiceRequestTlvStream { chain, amount, features, quantity, payer_id, payer_note },
+		) = tlv_stream;
+
+		let payer = PayerContents(metadata);
+		let offer = OfferContents::try_from(offer_tlv_stream)?;
+
+		if !offer.supports_chain(chain.unwrap_or_else(|| offer.implied_chain())) {
+			return Err(SemanticError::UnsupportedChain);
+		}
+
+		let amount_msats = match (offer.amount(), amount) {
+			(None, None) => return Err(SemanticError::MissingAmount),
+			// TODO: Handle currency case
+			(Some(Amount::Currency { .. }), _) => return Err(SemanticError::UnsupportedCurrency),
+			(_, amount_msats) => amount_msats,
+		};
+
+		if let Some(features) = &features {
+			if features.requires_unknown_bits() {
+				return Err(SemanticError::UnknownRequiredFeatures);
+			}
+		}
+
+		let expects_quantity = offer.expects_quantity();
+		let quantity = match quantity {
+			None if expects_quantity => return Err(SemanticError::MissingQuantity),
+			Some(_) if !expects_quantity => return Err(SemanticError::UnexpectedQuantity),
+			Some(quantity) if !offer.is_valid_quantity(quantity) => {
+				return Err(SemanticError::InvalidQuantity);
+			}
+			quantity => quantity,
+		};
+
+		{
+			let amount_msats = amount_msats.unwrap_or(offer.amount_msats());
+			let quantity = quantity.unwrap_or(1);
+			if amount_msats < offer.base_invoice_amount_msats(quantity) {
+				return Err(SemanticError::InsufficientAmount);
+			}
+		}
+
+
+		let payer_id = match payer_id {
+			None => return Err(SemanticError::MissingPayerId),
+			Some(payer_id) => payer_id,
+		};
+
+		Ok(InvoiceRequestContents {
+			payer, offer, chain, amount_msats, features, quantity, payer_id, payer_note,
+		})
+	}
+}

lightning/src/offers/merkle.rs

@@ -10,13 +10,32 @@
 //! Tagged hashes for use in signature calculation and verification.
 
 use bitcoin::hashes::{Hash, HashEngine, sha256};
+use bitcoin::secp256k1::{Message, PublicKey, Secp256k1, self};
+use bitcoin::secp256k1::schnorr::Signature;
 use util::ser::{BigSize, Readable};
 
 use prelude::*;
 
 /// Valid type range for signature TLV records.
 const SIGNATURE_TYPES: core::ops::RangeInclusive<u64> = 240..=1000;
 
+tlv_stream!(SignatureTlvStream, SignatureTlvStreamRef, {
+	(240, signature: Signature),
+});
+
+/// Verifies the signature with a pubkey over the given bytes using a tagged hash as the message
+/// digest.
+pub(super) fn verify_signature(
+	signature: &Signature, tag: &str, bytes: &[u8], pubkey: PublicKey,
+) -> Result<(), secp256k1::Error> {
+	let tag = sha256::Hash::hash(tag.as_bytes());
+	let merkle_root = root_hash(bytes);
+	let digest = Message::from_slice(&tagged_hash(tag, merkle_root)).unwrap();
+	let pubkey = pubkey.into();
+	let secp_ctx = Secp256k1::verification_only();
+	secp_ctx.verify_schnorr(signature, &digest, &pubkey)
+}
+
 /// Computes a merkle root hash for the given data, which must be a well-formed TLV stream
 /// containing at least one TLV record.
 fn root_hash(data: &[u8]) -> sha256::Hash {

lightning/src/offers/offer.rs

@@ -294,6 +294,11 @@ impl Offer {
 		self.contents.chains()
 	}
 
+	/// Returns whether the given chain is supported by the offer.
+	pub fn supports_chain(&self, chain: ChainHash) -> bool {
+		self.contents.supports_chain(chain)
+	}
+
 	// TODO: Link to corresponding method in `InvoiceRequest`.
 	/// Metadata set by the originator. Useful for authentication and validating fields since it is
 	/// reflected in `invoice_request` messages along with all the other fields from the `offer`.
@@ -303,7 +308,12 @@ impl Offer {
 
 	/// The minimum amount required for a successful payment of a single item.
 	pub fn amount(&self) -> Option<&Amount> {
-		self.contents.amount.as_ref()
+		self.contents.amount()
+	}
+
+	/// Returns the minimum amount in msats required for the given quantity.
+	pub fn base_invoice_amount_msats(&self, quantity: u64) -> u64 {
+		self.contents.base_invoice_amount_msats(quantity)
 	}
 
 	/// A complete description of the purpose of the payment.
@@ -357,6 +367,18 @@ impl Offer {
 		self.contents.quantity_max()
 	}
 
+	/// Returns whether the given quantity is valid for the offer.
+	pub fn is_valid_quantity(&self, quantity: u64) -> bool {
+		self.contents.is_valid_quantity(quantity)
+	}
+
+	/// Returns whether a quantity is expected in an [`InvoiceRequest`] for the offer.
+	///
+	/// [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
+	pub fn expects_quantity(&self) -> bool {
+		self.contents.expects_quantity()
+	}
+
 	/// The public key used by the recipient to sign invoices.
 	pub fn signing_pubkey(&self) -> PublicKey {
 		self.contents.signing_pubkey.unwrap()
@@ -383,8 +405,20 @@ impl OfferContents {
 		ChainHash::using_genesis_block(Network::Bitcoin)
 	}
 
+	pub fn supports_chain(&self, chain: ChainHash) -> bool {
+		self.chains().contains(&chain)
+	}
+
+	pub fn amount(&self) -> Option<&Amount> {
+		self.amount.as_ref()
+	}
+
 	pub fn amount_msats(&self) -> u64 {
-		self.amount.as_ref().map(Amount::as_msats).unwrap_or(0)
+		self.amount().map(Amount::as_msats).unwrap_or(0)
+	}
+
+	pub fn base_invoice_amount_msats(&self, quantity: u64) -> u64 {
+		self.amount_msats() * quantity
 	}
 
 	pub fn quantity_min(&self) -> u64 {
@@ -396,6 +430,16 @@ impl OfferContents {
 			self.quantity_min.map_or(1, |_| u64::max_value()))
 	}
 
+	pub fn is_valid_quantity(&self, quantity: u64) -> bool {
+		self.expects_quantity()
+			&& quantity >= self.quantity_min()
+			&& quantity <= self.quantity_max()
+	}
+
+	pub fn expects_quantity(&self) -> bool {
+		self.quantity_min.is_some() || self.quantity_max.is_some()
+	}
+
 	fn as_tlv_stream(&self) -> OfferTlvStreamRef {
 		let (currency, amount) = match &self.amount {
 			None => (None, None),
@@ -621,6 +665,7 @@ mod tests {
 
 		assert_eq!(offer.bytes, buffer.as_slice());
 		assert_eq!(offer.chains(), vec![ChainHash::using_genesis_block(Network::Bitcoin)]);
+		assert!(offer.supports_chain(ChainHash::using_genesis_block(Network::Bitcoin)));
 		assert_eq!(offer.metadata(), None);
 		assert_eq!(offer.amount(), None);
 		assert_eq!(offer.description(), "foo");
@@ -664,6 +709,7 @@ mod tests {
 			.chain(Network::Bitcoin)
 			.build()
 			.unwrap();
+		assert!(offer.supports_chain(chain));
 		assert_eq!(offer.chains(), vec![chain]);
 		assert_eq!(offer.as_tlv_stream().chains, Some(&vec![chain]));
 
@@ -672,6 +718,7 @@ mod tests {
 			.chain(Network::Bitcoin)
 			.build()
 			.unwrap();
+		assert!(offer.supports_chain(chain));
 		assert_eq!(offer.chains(), vec![chain]);
 		assert_eq!(offer.as_tlv_stream().chains, Some(&vec![chain]));
 
@@ -680,6 +727,8 @@ mod tests {
 			.chain(Network::Testnet)
 			.build()
 			.unwrap();
+		assert!(offer.supports_chain(chains[0]));
+		assert!(offer.supports_chain(chains[1]));
 		assert_eq!(offer.chains(), chains);
 		assert_eq!(offer.as_tlv_stream().chains, Some(&chains));
 	}

lightning/src/offers/parse.rs

@@ -11,6 +11,7 @@
 
 use bitcoin::bech32;
 use bitcoin::bech32::{FromBase32, ToBase32};
+use bitcoin::secp256k1;
 use core::fmt;
 use ln::msgs::DecodeError;
 use util::ser::Readable;
@@ -70,24 +71,40 @@ pub enum ParseError {
 	Decode(DecodeError),
 	/// The parsed message has invalid semantics.
 	InvalidSemantics(SemanticError),
+	/// The parsed message has an invalid signature.
+	InvalidSignature(secp256k1::Error),
 }
 
 /// Error when interpreting a TLV stream as a specific type.
 #[derive(Debug, PartialEq)]
 pub enum SemanticError {
+	/// The provided chain hash does not correspond to a supported chain.
+	UnsupportedChain,
 	/// An amount was expected but was missing.
 	MissingAmount,
 	/// An amount exceeded the maximum number of bitcoin.
 	InvalidAmount,
+	/// An amount was provided but was not sufficient in value.
+	InsufficientAmount,
+	/// A currency was provided that is not supported.
+	UnsupportedCurrency,
+	/// A feature was required but is unknown.
+	UnknownRequiredFeatures,
 	/// A required description was not provided.
 	MissingDescription,
 	/// A node id was not provided.
 	MissingNodeId,
 	/// An empty set of blinded paths was provided.
 	MissingPaths,
+	/// A quantity was not provided.
+	MissingQuantity,
 	/// A quantity constituting part of an empty range or lying outside of a valid range was
 	/// provided.
 	InvalidQuantity,
+	/// A quantity or quantity bounds was provided but was not expected.
+	UnexpectedQuantity,
+	/// A payer id was expected but was missing.
+	MissingPayerId,
 }
 
 impl From<bech32::Error> for ParseError {
@@ -107,3 +124,9 @@ impl From<SemanticError> for ParseError {
 		Self::InvalidSemantics(error)
 	}
 }
+
+impl From<secp256k1::Error> for ParseError {
+	fn from(error: secp256k1::Error) -> Self {
+		Self::InvalidSignature(error)
+	}
+}

lightning/src/offers/payer.rs

@@ -17,3 +17,7 @@ use prelude::*;
 /// [`InvoiceRequestContents::payer_id`]: invoice_request::InvoiceRequestContents::payer_id
 #[derive(Clone, Debug)]
 pub(crate) struct PayerContents(pub Option<Vec<u8>>);
+
+tlv_stream!(PayerTlvStream, PayerTlvStreamRef, {
+	(0, metadata: Vec<u8>),
+});

lightning/src/util/ser.rs

@@ -1008,6 +1008,24 @@ impl<A: Writeable, B: Writeable, C: Writeable> Writeable for (A, B, C) {
 	}
 }
 
+impl<A: Readable, B: Readable, C: Readable, D: Readable> Readable for (A, B, C, D) {
+	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+		let a: A = Readable::read(r)?;
+		let b: B = Readable::read(r)?;
+		let c: C = Readable::read(r)?;
+		let d: D = Readable::read(r)?;
+		Ok((a, b, c, d))
+	}
+}
+impl<A: Writeable, B: Writeable, C: Writeable, D: Writeable> Writeable for (A, B, C, D) {
+	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
+		self.0.write(w)?;
+		self.1.write(w)?;
+		self.2.write(w)?;
+		self.3.write(w)
+	}
+}
+
 impl Writeable for () {
 	fn write<W: Writer>(&self, _: &mut W) -> Result<(), io::Error> {
 		Ok(())

lightning/src/util/ser_macros.rs

@@ -464,7 +464,7 @@ macro_rules! tlv_stream {
 		#[derive(Debug)]
 		pub(crate) struct $name {
 			$(
-				$field: Option<tlv_record_type!($fieldty)>,
+				pub(crate) $field: Option<tlv_record_type!($fieldty)>,
 			)*
 		}