f - TaggedBytes for lazy digest calculation

Author: jkczyz

fuzz/src/invoice_request_deser.rs

@@ -38,15 +38,15 @@ pub fn do_test<Out: test_logger::Output>(data: &[u8], _out: Out) {
 			if signing_pubkey == odd_pubkey || signing_pubkey == even_pubkey {
 				unsigned_invoice
 					.sign::<_, Infallible>(
-						|digest, _, _, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &keys))
+						|message, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &keys))
 					)
 					.unwrap()
 					.write(&mut buffer)
 					.unwrap();
 			} else {
 				unsigned_invoice
 					.sign::<_, Infallible>(
-						|digest, _, _, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &keys))
+						|message, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &keys))
 					)
 					.unwrap_err();
 			}

fuzz/src/offer_deser.rs

@@ -30,7 +30,7 @@ pub fn do_test<Out: test_logger::Output>(data: &[u8], _out: Out) {
 		if let Ok(invoice_request) = build_response(&offer, pubkey) {
 			invoice_request
 				.sign::<_, Infallible>(
-					|digest, _, _, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &keys))
+					|message, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &keys))
 				)
 				.unwrap()
 				.write(&mut buffer)

fuzz/src/refund_deser.rs

@@ -34,7 +34,7 @@ pub fn do_test<Out: test_logger::Output>(data: &[u8], _out: Out) {
 		if let Ok(invoice) = build_response(&refund, pubkey, &secp_ctx) {
 			invoice
 				.sign::<_, Infallible>(
-					|digest, _, _, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &keys))
+					|message, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &keys))
 				)
 				.unwrap()
 				.write(&mut buffer)

lightning/src/offers/invoice.rs

@@ -55,7 +55,7 @@
 //!     .allow_mpp()
 //!     .fallback_v0_p2wpkh(&wpubkey_hash)
 //!     .build()?
-//!     .sign::<_, Infallible>(|digest, _, _, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &keys)))
+//!     .sign::<_, Infallible>(|message, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &keys)))
 //!     .expect("failed verifying signature")
 //!     .write(&mut buffer)
 //!     .unwrap();
@@ -84,7 +84,7 @@
 //!     .allow_mpp()
 //!     .fallback_v0_p2wpkh(&wpubkey_hash)
 //!     .build()?
-//!     .sign::<_, Infallible>(|digest, _, _, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &keys)))
+//!     .sign::<_, Infallible>(|message, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &keys)))
 //!     .expect("failed verifying signature")
 //!     .write(&mut buffer)
 //!     .unwrap();
@@ -97,7 +97,7 @@ use bitcoin::blockdata::constants::ChainHash;
 use bitcoin::hash_types::{WPubkeyHash, WScriptHash};
 use bitcoin::hashes::Hash;
 use bitcoin::network::constants::Network;
-use bitcoin::secp256k1::{KeyPair, Message, PublicKey, Secp256k1, self};
+use bitcoin::secp256k1::{KeyPair, PublicKey, Secp256k1, self};
 use bitcoin::secp256k1::schnorr::Signature;
 use bitcoin::util::address::{Address, Payload, WitnessVersion};
 use bitcoin::util::schnorr::TweakedPublicKey;
@@ -110,7 +110,7 @@ use crate::ln::features::{BlindedHopFeatures, Bolt12InvoiceFeatures};
 use crate::ln::inbound_payment::ExpandedKey;
 use crate::ln::msgs::DecodeError;
 use crate::offers::invoice_request::{INVOICE_REQUEST_PAYER_ID_TYPE, INVOICE_REQUEST_TYPES, IV_BYTES as INVOICE_REQUEST_IV_BYTES, InvoiceRequest, InvoiceRequestContents, InvoiceRequestTlvStream, InvoiceRequestTlvStreamRef};
-use crate::offers::merkle::{SignError, SignatureTlvStream, SignatureTlvStreamRef, TlvStream, WithoutSignatures, self};
+use crate::offers::merkle::{SignError, SignatureTlvStream, SignatureTlvStreamRef, TaggedBytes, TlvStream, WithoutSignatures, self};
 use crate::offers::offer::{Amount, OFFER_TYPES, OfferTlvStream, OfferTlvStreamRef};
 use crate::offers::parse::{ParseError, ParsedMessage, SemanticError};
 use crate::offers::payer::{PAYER_METADATA_TYPE, PayerTlvStream, PayerTlvStreamRef};
@@ -359,7 +359,7 @@ impl<'a> InvoiceBuilder<'a, DerivedSigningPubkey> {
 		let keys = keys.unwrap();
 		let invoice = unsigned_invoice
 			.sign::<_, Infallible>(
-				|digest, _, _, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &keys))
+				|message, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &keys))
 			)
 			.unwrap();
 		Ok(invoice)
@@ -383,7 +383,7 @@ impl<'a> UnsignedInvoice<'a> {
 	/// This is not exported to bindings users as functions aren't currently mapped.
 	pub fn sign<F, E>(self, sign: F) -> Result<Invoice, SignError<E>>
 	where
-		F: FnOnce(&Message, &str, &[u8], &[u8]) -> Result<Signature, E>
+		F: FnOnce(TaggedBytes, &[u8]) -> Result<Signature, E>
 	{
 		// Use the invoice_request bytes instead of the invoice_request TLV stream as the latter may
 		// have contained unknown TLV records, which are not stored in `InvoiceRequestContents` or
@@ -395,9 +395,10 @@ impl<'a> UnsignedInvoice<'a> {
 		let mut bytes = Vec::new();
 		unsigned_tlv_stream.write(&mut bytes).unwrap();
 
+		let message = TaggedBytes::new(SIGNATURE_TAG, &bytes);
 		let metadata = self.invoice.metadata();
 		let pubkey = self.invoice.fields().signing_pubkey;
-		let signature = merkle::sign_message(sign, SIGNATURE_TAG, &bytes, metadata, pubkey)?;
+		let signature = merkle::sign_message(sign, message, metadata, pubkey)?;
 
 		// Append the signature TLV record to the bytes.
 		let signature_tlv_stream = SignatureTlvStreamRef {
@@ -1468,7 +1469,7 @@ mod tests {
 			.sign(payer_sign).unwrap()
 			.respond_with_no_std(payment_paths(), payment_hash(), now()).unwrap()
 			.build().unwrap()
-			.sign(|_, _, _, _| Err(()))
+			.sign(|_, _| Err(()))
 		{
 			Ok(_) => panic!("expected error"),
 			Err(e) => assert_eq!(e, SignError::Signing(())),

lightning/src/offers/invoice_request.rs

@@ -44,7 +44,7 @@
 //!     .quantity(5)?
 //!     .payer_note("foo".to_string())
 //!     .build()?
-//!     .sign::<_, Infallible>(|digest, _, _, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &keys)))
+//!     .sign::<_, Infallible>(|message, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &keys)))
 //!     .expect("failed verifying signature")
 //!     .write(&mut buffer)
 //!     .unwrap();
@@ -54,7 +54,7 @@
 
 use bitcoin::blockdata::constants::ChainHash;
 use bitcoin::network::constants::Network;
-use bitcoin::secp256k1::{KeyPair, Message, PublicKey, Secp256k1, self};
+use bitcoin::secp256k1::{KeyPair, PublicKey, Secp256k1, self};
 use bitcoin::secp256k1::schnorr::Signature;
 use core::convert::{Infallible, TryFrom};
 use core::ops::Deref;
@@ -66,7 +66,7 @@ use crate::ln::features::InvoiceRequestFeatures;
 use crate::ln::inbound_payment::{ExpandedKey, IV_LEN, Nonce};
 use crate::ln::msgs::DecodeError;
 use crate::offers::invoice::{BlindedPayInfo, DerivedSigningPubkey, ExplicitSigningPubkey, InvoiceBuilder};
-use crate::offers::merkle::{SignError, SignatureTlvStream, SignatureTlvStreamRef, self};
+use crate::offers::merkle::{SignError, SignatureTlvStream, SignatureTlvStreamRef, TaggedBytes, self};
 use crate::offers::offer::{Offer, OfferContents, OfferTlvStream, OfferTlvStreamRef};
 use crate::offers::parse::{ParseError, ParsedMessage, SemanticError};
 use crate::offers::payer::{PayerContents, PayerTlvStream, PayerTlvStreamRef};
@@ -307,7 +307,7 @@ impl<'a, 'b, T: secp256k1::Signing> InvoiceRequestBuilder<'a, 'b, DerivedPayerId
 		let keys = keys.unwrap();
 		let invoice_request = unsigned_invoice_request
 			.sign::<_, Infallible>(
-				|digest, _, _, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &keys))
+				|message, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &keys))
 			)
 			.unwrap();
 		Ok(invoice_request)
@@ -354,7 +354,7 @@ impl<'a> UnsignedInvoiceRequest<'a> {
 	/// This is not exported to bindings users as functions are not yet mapped.
 	pub fn sign<F, E>(self, sign: F) -> Result<InvoiceRequest, SignError<E>>
 	where
-		F: FnOnce(&Message, &str, &[u8], &[u8]) -> Result<Signature, E>
+		F: FnOnce(TaggedBytes, &[u8]) -> Result<Signature, E>
 	{
 		// Use the offer bytes instead of the offer TLV stream as the offer may have contained
 		// unknown TLV records, which are not stored in `OfferContents`.
@@ -366,9 +366,10 @@ impl<'a> UnsignedInvoiceRequest<'a> {
 		let mut bytes = Vec::new();
 		unsigned_tlv_stream.write(&mut bytes).unwrap();
 
+		let message = TaggedBytes::new(SIGNATURE_TAG, &bytes);
 		let metadata = self.offer.metadata().map(|metadata| metadata.as_slice()).unwrap_or(&[]);
 		let pubkey = self.invoice_request.payer_id;
-		let signature = merkle::sign_message(sign, SIGNATURE_TAG, &bytes, metadata, pubkey)?;
+		let signature = merkle::sign_message(sign, message, metadata, pubkey)?;
 
 		// Append the signature TLV record to the bytes.
 		let signature_tlv_stream = SignatureTlvStreamRef {
@@ -793,7 +794,7 @@ mod tests {
 	use crate::ln::inbound_payment::ExpandedKey;
 	use crate::ln::msgs::{DecodeError, MAX_VALUE_MSAT};
 	use crate::offers::invoice::{Invoice, SIGNATURE_TAG as INVOICE_SIGNATURE_TAG};
-	use crate::offers::merkle::{SignError, SignatureTlvStreamRef, self};
+	use crate::offers::merkle::{SignError, SignatureTlvStreamRef, TaggedBytes, self};
 	use crate::offers::offer::{Amount, OfferBuilder, OfferTlvStreamRef, Quantity};
 	use crate::offers::parse::{ParseError, SemanticError};
 	use crate::offers::payer::PayerTlvStreamRef;
@@ -925,9 +926,9 @@ mod tests {
 		let mut bytes = Vec::new();
 		tlv_stream.write(&mut bytes).unwrap();
 
+		let message = TaggedBytes::new(INVOICE_SIGNATURE_TAG, &bytes);
 		let signature = merkle::sign_message(
-			recipient_sign, INVOICE_SIGNATURE_TAG, &bytes, invoice_request.metadata(),
-			recipient_pubkey()
+			recipient_sign, message, invoice_request.metadata(), recipient_pubkey()
 		).unwrap();
 		signature_tlv_stream.signature = Some(&signature);
 
@@ -950,8 +951,9 @@ mod tests {
 		let mut bytes = Vec::new();
 		tlv_stream.write(&mut bytes).unwrap();
 
+		let message = TaggedBytes::new(INVOICE_SIGNATURE_TAG, &bytes);
 		let signature = merkle::sign_message(
-			recipient_sign, INVOICE_SIGNATURE_TAG, &bytes, &metadata, recipient_pubkey()
+			recipient_sign, message, &metadata, recipient_pubkey()
 		).unwrap();
 		signature_tlv_stream.signature = Some(&signature);
 
@@ -996,9 +998,9 @@ mod tests {
 		let mut bytes = Vec::new();
 		tlv_stream.write(&mut bytes).unwrap();
 
+		let message = TaggedBytes::new(INVOICE_SIGNATURE_TAG, &bytes);
 		let signature = merkle::sign_message(
-			recipient_sign, INVOICE_SIGNATURE_TAG, &bytes, invoice_request.metadata(),
-			recipient_pubkey()
+			recipient_sign, message, invoice_request.metadata(), recipient_pubkey()
 		).unwrap();
 		signature_tlv_stream.signature = Some(&signature);
 
@@ -1021,9 +1023,9 @@ mod tests {
 		let mut bytes = Vec::new();
 		tlv_stream.write(&mut bytes).unwrap();
 
+		let message = TaggedBytes::new(INVOICE_SIGNATURE_TAG, &bytes);
 		let signature = merkle::sign_message(
-			recipient_sign, INVOICE_SIGNATURE_TAG, &bytes, invoice_request.metadata(),
-			recipient_pubkey()
+			recipient_sign, message, invoice_request.metadata(), recipient_pubkey()
 		).unwrap();
 		signature_tlv_stream.signature = Some(&signature);
 
@@ -1363,7 +1365,7 @@ mod tests {
 			.build().unwrap()
 			.request_invoice(vec![1; 32], payer_pubkey()).unwrap()
 			.build().unwrap()
-			.sign(|_, _, _, _| Err(()))
+			.sign(|_, _| Err(()))
 		{
 			Ok(_) => panic!("expected error"),
 			Err(e) => assert_eq!(e, SignError::Signing(())),
@@ -1778,7 +1780,7 @@ mod tests {
 			.request_invoice(vec![1; 32], keys.public_key()).unwrap()
 			.build().unwrap()
 			.sign::<_, Infallible>(
-				|digest, _, _, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &keys))
+				|message, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &keys))
 			)
 			.unwrap();
 

lightning/src/offers/merkle.rs

@@ -24,6 +24,24 @@ tlv_stream!(SignatureTlvStream, SignatureTlvStreamRef, SIGNATURE_TYPES, {
 	(240, signature: Signature),
 });
 
+/// Bytes associated with a tag, which is used to produced a [`Message`] digest to sign.
+pub struct TaggedBytes<'a> {
+	tag: &'a str,
+	bytes: &'a [u8],
+}
+
+impl<'a> TaggedBytes<'a> {
+	/// Creates tagged bytes with the given parameters.
+	pub fn new(tag: &'a str, bytes: &'a [u8]) -> Self {
+		Self { tag, bytes }
+	}
+
+	/// Returns the digest to sign.
+	pub fn digest(&self) -> Message {
+		message_digest(self.tag, self.bytes)
+	}
+}
+
 /// Error when signing messages.
 #[derive(Debug, PartialEq)]
 pub enum SignError<E> {
@@ -41,17 +59,17 @@ pub enum SignError<E> {
 ///
 /// Panics if `bytes` is not a well-formed TLV stream containing at least one TLV record.
 pub(super) fn sign_message<F, E>(
-	sign: F, tag: &str, bytes: &[u8], metadata: &[u8], pubkey: PublicKey,
+	sign: F, message: TaggedBytes, metadata: &[u8], pubkey: PublicKey,
 ) -> Result<Signature, SignError<E>>
 where
-	F: FnOnce(&Message, &str, &[u8], &[u8]) -> Result<Signature, E>
+	F: FnOnce(TaggedBytes, &[u8]) -> Result<Signature, E>
 {
-	let digest = message_digest(tag, bytes);
-	let signature = sign(&digest, tag, bytes, metadata).map_err(|e| SignError::Signing(e))?;
+	let signature = sign(message, metadata).map_err(|e| SignError::Signing(e))?;
 
 	let pubkey = pubkey.into();
 	let secp_ctx = Secp256k1::verification_only();
-	secp_ctx.verify_schnorr(&signature, &digest, &pubkey).map_err(|e| SignError::Verification(e))?;
+	secp_ctx.verify_schnorr(&signature, &message.digest(), &pubkey)
+		.map_err(|e| SignError::Verification(e))?;
 
 	Ok(signature)
 }
@@ -275,7 +293,7 @@ mod tests {
 			.request_invoice(vec![0; 8], payer_keys.public_key()).unwrap()
 			.build_unchecked()
 			.sign::<_, Infallible>(
-				|digest, _, _, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &payer_keys))
+				|message, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &payer_keys))
 			)
 			.unwrap();
 		assert_eq!(
@@ -310,7 +328,7 @@ mod tests {
 			.request_invoice(vec![0; 8], payer_keys.public_key()).unwrap()
 			.build_unchecked()
 			.sign::<_, Infallible>(
-				|digest, _, _, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &payer_keys))
+				|message, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &payer_keys))
 			)
 			.unwrap();
 
@@ -342,7 +360,7 @@ mod tests {
 			.request_invoice(vec![0; 8], payer_keys.public_key()).unwrap()
 			.build_unchecked()
 			.sign::<_, Infallible>(
-				|digest, _, _, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &payer_keys))
+				|message, _| Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &payer_keys))
 			)
 			.unwrap();
 

lightning/src/offers/test_utils.rs

@@ -9,7 +9,7 @@
 
 //! Utilities for testing BOLT 12 Offers interfaces
 
-use bitcoin::secp256k1::{KeyPair, Message, PublicKey, Secp256k1, SecretKey};
+use bitcoin::secp256k1::{KeyPair, PublicKey, Secp256k1, SecretKey};
 use bitcoin::secp256k1::schnorr::Signature;
 use core::convert::Infallible;
 use core::time::Duration;
@@ -18,18 +18,17 @@ use crate::sign::EntropySource;
 use crate::ln::PaymentHash;
 use crate::ln::features::BlindedHopFeatures;
 use crate::offers::invoice::BlindedPayInfo;
+use crate::offers::merkle::TaggedBytes;
 
 pub(super) fn payer_keys() -> KeyPair {
 	let secp_ctx = Secp256k1::new();
 	KeyPair::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap())
 }
 
-pub(super) fn payer_sign(
-	digest: &Message, _tag: &str, _bytes: &[u8], _metadata: &[u8]
-) -> Result<Signature, Infallible> {
+pub(super) fn payer_sign(message: TaggedBytes, _metadata: &[u8]) -> Result<Signature, Infallible> {
 	let secp_ctx = Secp256k1::new();
 	let keys = KeyPair::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
-	Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &keys))
+	Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &keys))
 }
 
 pub(super) fn payer_pubkey() -> PublicKey {
@@ -42,11 +41,11 @@ pub(super) fn recipient_keys() -> KeyPair {
 }
 
 pub(super) fn recipient_sign(
-	digest: &Message, _tag: &str, _bytes: &[u8], _metadata: &[u8]
+	message: TaggedBytes, _metadata: &[u8]
 ) -> Result<Signature, Infallible> {
 	let secp_ctx = Secp256k1::new();
 	let keys = KeyPair::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[43; 32]).unwrap());
-	Ok(secp_ctx.sign_schnorr_no_aux_rand(digest, &keys))
+	Ok(secp_ctx.sign_schnorr_no_aux_rand(&message.digest(), &keys))
 }
 
 pub(super) fn recipient_pubkey() -> PublicKey {