Use TaggedHash in merkle::verify_signature

An earlier commit introduced TaggedHash for use in sign_message. For
consistency, use it in verify_signature, too.

Author: jkczyz

lightning/src/offers/invoice.rs

@@ -873,8 +873,9 @@ impl TryFrom<ParsedMessage<FullInvoiceTlvStream>> for Bolt12Invoice {
 			None => return Err(Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::MissingSignature)),
 			Some(signature) => signature,
 		};
+		let message = TaggedHash::new(SIGNATURE_TAG, &bytes);
 		let pubkey = contents.fields().signing_pubkey;
-		merkle::verify_signature(&signature, SIGNATURE_TAG, &bytes, pubkey)?;
+		merkle::verify_signature(&signature, message, pubkey)?;
 
 		Ok(Bolt12Invoice { bytes, contents, signature })
 	}
@@ -1031,11 +1032,9 @@ mod tests {
 		assert_eq!(invoice.fallbacks(), vec![]);
 		assert_eq!(invoice.features(), &Bolt12InvoiceFeatures::empty());
 		assert_eq!(invoice.signing_pubkey(), recipient_pubkey());
-		assert!(
-			merkle::verify_signature(
-				&invoice.signature, SIGNATURE_TAG, &invoice.bytes, recipient_pubkey()
-			).is_ok()
-		);
+
+		let message = TaggedHash::new(SIGNATURE_TAG, &invoice.bytes);
+		assert!(merkle::verify_signature(&invoice.signature, message, recipient_pubkey()).is_ok());
 
 		let digest = Message::from_slice(&invoice.signable_hash()).unwrap();
 		let pubkey = recipient_pubkey().into();
@@ -1114,11 +1113,9 @@ mod tests {
 		assert_eq!(invoice.fallbacks(), vec![]);
 		assert_eq!(invoice.features(), &Bolt12InvoiceFeatures::empty());
 		assert_eq!(invoice.signing_pubkey(), recipient_pubkey());
-		assert!(
-			merkle::verify_signature(
-				&invoice.signature, SIGNATURE_TAG, &invoice.bytes, recipient_pubkey()
-			).is_ok()
-		);
+
+		let message = TaggedHash::new(SIGNATURE_TAG, &invoice.bytes);
+		assert!(merkle::verify_signature(&invoice.signature, message, recipient_pubkey()).is_ok());
 
 		assert_eq!(
 			invoice.as_tlv_stream(),

lightning/src/offers/invoice_request.rs

@@ -730,7 +730,8 @@ impl TryFrom<Vec<u8>> for InvoiceRequest {
 			None => return Err(Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::MissingSignature)),
 			Some(signature) => signature,
 		};
-		merkle::verify_signature(&signature, SIGNATURE_TAG, &bytes, contents.payer_id)?;
+		let message = TaggedHash::new(SIGNATURE_TAG, &bytes);
+		merkle::verify_signature(&signature, message, contents.payer_id)?;
 
 		Ok(InvoiceRequest { bytes, contents, signature })
 	}
@@ -823,10 +824,10 @@ mod tests {
 		assert_eq!(invoice_request.quantity(), None);
 		assert_eq!(invoice_request.payer_id(), payer_pubkey());
 		assert_eq!(invoice_request.payer_note(), None);
+
+		let message = TaggedHash::new(SIGNATURE_TAG, &invoice_request.bytes);
 		assert!(
-			merkle::verify_signature(
-				&invoice_request.signature, SIGNATURE_TAG, &invoice_request.bytes, payer_pubkey()
-			).is_ok()
+			merkle::verify_signature(&invoice_request.signature, message, payer_pubkey()).is_ok()
 		);
 
 		assert_eq!(

lightning/src/offers/merkle.rs

@@ -97,14 +97,14 @@ pub(super) fn sign_message<F: SignFunction<E>, E>(
 	Ok(signature)
 }
 
-/// Verifies the signature with a pubkey over the given bytes using a tagged hash as the message
+/// Verifies the signature with a pubkey over the given message using a tagged hash as the message
 /// digest.
 ///
-/// Panics if `bytes` is not a well-formed TLV stream containing at least one TLV record.
+/// Panics if `message` is not a well-formed TLV stream containing at least one TLV record.
 pub(super) fn verify_signature(
-	signature: &Signature, tag: &str, bytes: &[u8], pubkey: PublicKey,
+	signature: &Signature, message: TaggedHash, pubkey: PublicKey,
 ) -> Result<(), secp256k1::Error> {
-	let digest = message_digest(tag, bytes);
+	let digest = message.to_digest();
 	let pubkey = pubkey.into();
 	let secp_ctx = Secp256k1::verification_only();
 	secp_ctx.verify_schnorr(signature, &digest, &pubkey)