Parse experimental offer TLV records

The BOLT12 spec defines an experimental TLV range that are allowed in
offer messages. Allow this range when parsing an offer and include those
bytes in any invoice requests. Also include those bytes when computing
an OfferId and verifying that an InvoiceRequest is for a valid Offer.

Author: jkczyz

lightning/src/offers/invoice.rs

@@ -118,9 +118,9 @@ use crate::ln::inbound_payment::{ExpandedKey, IV_LEN};
 use crate::ln::msgs::DecodeError;
 use crate::offers::invoice_macros::{invoice_accessors_common, invoice_builder_methods_common};
 use crate::offers::invoice_request::{INVOICE_REQUEST_PAYER_ID_TYPE, INVOICE_REQUEST_TYPES, IV_BYTES as INVOICE_REQUEST_IV_BYTES, InvoiceRequest, InvoiceRequestContents, InvoiceRequestTlvStream, InvoiceRequestTlvStreamRef};
-use crate::offers::merkle::{SignError, SignFn, SignatureTlvStream, SignatureTlvStreamRef, TaggedHash, TlvStream, WithoutSignatures, self};
+use crate::offers::merkle::{SignError, SignFn, SignatureTlvStream, SignatureTlvStreamRef, TaggedHash, TlvStream, self};
 use crate::offers::nonce::Nonce;
-use crate::offers::offer::{Amount, OFFER_TYPES, OfferTlvStream, OfferTlvStreamRef, Quantity};
+use crate::offers::offer::{Amount, EXPERIMENTAL_OFFER_TYPES, ExperimentalOfferTlvStream, ExperimentalOfferTlvStreamRef, OFFER_TYPES, OfferTlvStream, OfferTlvStreamRef, Quantity};
 use crate::offers::parse::{Bolt12ParseError, Bolt12SemanticError, ParsedMessage};
 use crate::offers::payer::{PAYER_METADATA_TYPE, PayerTlvStream, PayerTlvStreamRef};
 use crate::offers::refund::{IV_BYTES_WITH_METADATA as REFUND_IV_BYTES_WITH_METADATA, IV_BYTES_WITHOUT_METADATA as REFUND_IV_BYTES_WITHOUT_METADATA, Refund, RefundContents};
@@ -483,17 +483,26 @@ where
 
 impl UnsignedBolt12Invoice {
 	fn new(invreq_bytes: &[u8], contents: InvoiceContents) -> Self {
+		const NON_EXPERIMENTAL_TYPES: core::ops::Range<u64> = 0..INVOICE_REQUEST_TYPES.end;
+		const EXPERIMENTAL_TYPES: core::ops::Range<u64> = EXPERIMENTAL_OFFER_TYPES;
+
+		let mut bytes = Vec::new();
+
 		// Use the invoice_request bytes instead of the invoice_request TLV stream as the latter may
 		// have contained unknown TLV records, which are not stored in `InvoiceRequestContents` or
 		// `RefundContents`.
-		let (_, _, _, invoice_tlv_stream) = contents.as_tlv_stream();
-		let invoice_request_bytes = WithoutSignatures(invreq_bytes);
-		let unsigned_tlv_stream = (invoice_request_bytes, invoice_tlv_stream);
+		for record in TlvStream::new(invreq_bytes).range(NON_EXPERIMENTAL_TYPES) {
+			record.write(&mut bytes).unwrap();
+		}
 
-		let mut bytes = Vec::new();
-		unsigned_tlv_stream.write(&mut bytes).unwrap();
+		let (_, _, _, invoice_tlv_stream, _) = contents.as_tlv_stream();
+		invoice_tlv_stream.write(&mut bytes).unwrap();
 
-		let experimental_bytes = Vec::new();
+		let mut experimental_bytes = Vec::new();
+
+		for record in TlvStream::new(invreq_bytes).range(EXPERIMENTAL_TYPES) {
+			record.write(&mut experimental_bytes).unwrap();
+		}
 
 		let tlv_stream = TlvStream::new(&bytes).chain(TlvStream::new(&experimental_bytes));
 		let tagged_hash = TaggedHash::from_tlv_stream(SIGNATURE_TAG, tlv_stream);
@@ -826,7 +835,7 @@ impl Bolt12Invoice {
 				(&refund.payer.0, REFUND_IV_BYTES_WITH_METADATA)
 			},
 		};
-		self.contents.verify(TlvStream::new(&self.bytes), metadata, key, iv_bytes, secp_ctx)
+		self.contents.verify(&self.bytes, metadata, key, iv_bytes, secp_ctx)
 	}
 
 	/// Verifies that the invoice was for a request or refund created using the given key by
@@ -840,21 +849,26 @@ impl Bolt12Invoice {
 			InvoiceContents::ForOffer { .. } => INVOICE_REQUEST_IV_BYTES,
 			InvoiceContents::ForRefund { .. } => REFUND_IV_BYTES_WITHOUT_METADATA,
 		};
-		self.contents.verify(TlvStream::new(&self.bytes), &metadata, key, iv_bytes, secp_ctx)
+		self.contents
+			.verify(&self.bytes, &metadata, key, iv_bytes, secp_ctx)
 			.and_then(|extracted_payment_id| (payment_id == extracted_payment_id)
 				.then(|| payment_id)
 				.ok_or(())
 			)
 	}
 
 	pub(crate) fn as_tlv_stream(&self) -> FullInvoiceTlvStreamRef {
-		let (payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream, invoice_tlv_stream) =
-			self.contents.as_tlv_stream();
+		let (
+			payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream, invoice_tlv_stream,
+			experimental_offer_tlv_stream,
+		) = self.contents.as_tlv_stream();
 		let signature_tlv_stream = SignatureTlvStreamRef {
 			signature: Some(&self.signature),
 		};
-		(payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream, invoice_tlv_stream,
-		 signature_tlv_stream)
+		(
+			payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream, invoice_tlv_stream,
+			signature_tlv_stream, experimental_offer_tlv_stream,
+		)
 	}
 
 	pub(crate) fn is_for_refund_without_paths(&self) -> bool {
@@ -1084,18 +1098,21 @@ impl InvoiceContents {
 	}
 
 	fn verify<T: secp256k1::Signing>(
-		&self, tlv_stream: TlvStream<'_>, metadata: &Metadata, key: &ExpandedKey,
-		iv_bytes: &[u8; IV_LEN], secp_ctx: &Secp256k1<T>
+		&self, bytes: &[u8], metadata: &Metadata, key: &ExpandedKey, iv_bytes: &[u8; IV_LEN],
+		secp_ctx: &Secp256k1<T>,
 	) -> Result<PaymentId, ()> {
-		let offer_records = tlv_stream.clone().range(OFFER_TYPES);
-		let invreq_records = tlv_stream.range(INVOICE_REQUEST_TYPES).filter(|record| {
+		const EXPERIMENTAL_TYPES: core::ops::Range<u64> = EXPERIMENTAL_OFFER_TYPES;
+
+		let offer_records = TlvStream::new(bytes).range(OFFER_TYPES);
+		let invreq_records = TlvStream::new(bytes).range(INVOICE_REQUEST_TYPES).filter(|record| {
 			match record.r#type {
 				PAYER_METADATA_TYPE => false, // Should be outside range
 				INVOICE_REQUEST_PAYER_ID_TYPE => !metadata.derives_payer_keys(),
 				_ => true,
 			}
 		});
-		let tlv_stream = offer_records.chain(invreq_records);
+		let experimental_records = TlvStream::new(bytes).range(EXPERIMENTAL_TYPES);
+		let tlv_stream = offer_records.chain(invreq_records).chain(experimental_records);
 
 		let signing_pubkey = self.payer_signing_pubkey();
 		signer::verify_payer_metadata(
@@ -1104,13 +1121,13 @@ impl InvoiceContents {
 	}
 
 	fn as_tlv_stream(&self) -> PartialInvoiceTlvStreamRef {
-		let (payer, offer, invoice_request) = match self {
+		let (payer, offer, invoice_request, experimental_offer) = match self {
 			InvoiceContents::ForOffer { invoice_request, .. } => invoice_request.as_tlv_stream(),
 			InvoiceContents::ForRefund { refund, .. } => refund.as_tlv_stream(),
 		};
 		let invoice = self.fields().as_tlv_stream();
 
-		(payer, offer, invoice_request, invoice)
+		(payer, offer, invoice_request, invoice, experimental_offer)
 	}
 }
 
@@ -1213,9 +1230,13 @@ impl TryFrom<Vec<u8>> for UnsignedBolt12Invoice {
 		let ParsedMessage { mut bytes, tlv_stream } = invoice;
 		let (
 			payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream, invoice_tlv_stream,
+			experimental_offer_tlv_stream,
 		) = tlv_stream;
 		let contents = InvoiceContents::try_from(
-			(payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream, invoice_tlv_stream)
+			(
+				payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream, invoice_tlv_stream,
+				experimental_offer_tlv_stream,
+			)
 		)?;
 
 		let tagged_hash = TaggedHash::from_valid_tlv_stream_bytes(SIGNATURE_TAG, &bytes);
@@ -1314,15 +1335,18 @@ pub(super) struct FallbackAddress {
 
 impl_writeable!(FallbackAddress, { version, program });
 
-type FullInvoiceTlvStream =
-	(PayerTlvStream, OfferTlvStream, InvoiceRequestTlvStream, InvoiceTlvStream, SignatureTlvStream);
+type FullInvoiceTlvStream =(
+	PayerTlvStream, OfferTlvStream, InvoiceRequestTlvStream, InvoiceTlvStream, SignatureTlvStream,
+	ExperimentalOfferTlvStream,
+);
 
 type FullInvoiceTlvStreamRef<'a> = (
 	PayerTlvStreamRef<'a>,
 	OfferTlvStreamRef<'a>,
 	InvoiceRequestTlvStreamRef<'a>,
 	InvoiceTlvStreamRef<'a>,
 	SignatureTlvStreamRef<'a>,
+	ExperimentalOfferTlvStreamRef,
 );
 
 impl SeekReadable for FullInvoiceTlvStream {
@@ -1332,19 +1356,23 @@ impl SeekReadable for FullInvoiceTlvStream {
 		let invoice_request = SeekReadable::read(r)?;
 		let invoice = SeekReadable::read(r)?;
 		let signature = SeekReadable::read(r)?;
+		let experimental_offer = SeekReadable::read(r)?;
 
-		Ok((payer, offer, invoice_request, invoice, signature))
+		Ok((payer, offer, invoice_request, invoice, signature, experimental_offer))
 	}
 }
 
-type PartialInvoiceTlvStream =
-	(PayerTlvStream, OfferTlvStream, InvoiceRequestTlvStream, InvoiceTlvStream);
+type PartialInvoiceTlvStream = (
+	PayerTlvStream, OfferTlvStream, InvoiceRequestTlvStream, InvoiceTlvStream,
+	ExperimentalOfferTlvStream,
+);
 
 type PartialInvoiceTlvStreamRef<'a> = (
 	PayerTlvStreamRef<'a>,
 	OfferTlvStreamRef<'a>,
 	InvoiceRequestTlvStreamRef<'a>,
 	InvoiceTlvStreamRef<'a>,
+	ExperimentalOfferTlvStreamRef,
 );
 
 impl SeekReadable for PartialInvoiceTlvStream {
@@ -1353,8 +1381,9 @@ impl SeekReadable for PartialInvoiceTlvStream {
 		let offer = SeekReadable::read(r)?;
 		let invoice_request = SeekReadable::read(r)?;
 		let invoice = SeekReadable::read(r)?;
+		let experimental_offer = SeekReadable::read(r)?;
 
-		Ok((payer, offer, invoice_request, invoice))
+		Ok((payer, offer, invoice_request, invoice, experimental_offer))
 	}
 }
 
@@ -1366,9 +1395,13 @@ impl TryFrom<ParsedMessage<FullInvoiceTlvStream>> for Bolt12Invoice {
 		let (
 			payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream, invoice_tlv_stream,
 			SignatureTlvStream { signature },
+			experimental_offer_tlv_stream,
 		) = tlv_stream;
 		let contents = InvoiceContents::try_from(
-			(payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream, invoice_tlv_stream)
+			(
+				payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream, invoice_tlv_stream,
+				experimental_offer_tlv_stream,
+			)
 		)?;
 
 		let signature = signature.ok_or(
@@ -1394,6 +1427,7 @@ impl TryFrom<PartialInvoiceTlvStream> for InvoiceContents {
 				paths, blindedpay, created_at, relative_expiry, payment_hash, amount, fallbacks,
 				features, node_id, message_paths,
 			},
+			experimental_offer_tlv_stream,
 		) = tlv_stream;
 
 		if message_paths.is_some() { return Err(Bolt12SemanticError::UnexpectedPaths) }
@@ -1426,12 +1460,18 @@ impl TryFrom<PartialInvoiceTlvStream> for InvoiceContents {
 
 		if offer_tlv_stream.issuer_id.is_none() && offer_tlv_stream.paths.is_none() {
 			let refund = RefundContents::try_from(
-				(payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream)
+				(
+					payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream,
+					experimental_offer_tlv_stream,
+				)
 			)?;
 			Ok(InvoiceContents::ForRefund { refund, fields })
 		} else {
 			let invoice_request = InvoiceRequestContents::try_from(
-				(payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream)
+				(
+					payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream,
+					experimental_offer_tlv_stream,
+				)
 			)?;
 			Ok(InvoiceContents::ForOffer { invoice_request, fields })
 		}
@@ -1500,7 +1540,7 @@ mod tests {
 	use crate::offers::invoice_request::InvoiceRequestTlvStreamRef;
 	use crate::offers::merkle::{SignError, SignatureTlvStreamRef, TaggedHash, self};
 	use crate::offers::nonce::Nonce;
-	use crate::offers::offer::{Amount, OfferTlvStreamRef, Quantity};
+	use crate::offers::offer::{Amount, ExperimentalOfferTlvStreamRef, OfferTlvStreamRef, Quantity};
 	use crate::prelude::*;
 	#[cfg(not(c_bindings))]
 	use {
@@ -1668,6 +1708,7 @@ mod tests {
 					message_paths: None,
 				},
 				SignatureTlvStreamRef { signature: Some(&invoice.signature()) },
+				ExperimentalOfferTlvStreamRef {},
 			),
 		);
 
@@ -1761,6 +1802,7 @@ mod tests {
 					message_paths: None,
 				},
 				SignatureTlvStreamRef { signature: Some(&invoice.signature()) },
+				ExperimentalOfferTlvStreamRef {},
 			),
 		);
 
@@ -1956,7 +1998,7 @@ mod tests {
 			.relative_expiry(one_hour.as_secs() as u32)
 			.build().unwrap()
 			.sign(recipient_sign).unwrap();
-		let (_, _, _, tlv_stream, _) = invoice.as_tlv_stream();
+		let (_, _, _, tlv_stream, _, _) = invoice.as_tlv_stream();
 		#[cfg(feature = "std")]
 		assert!(!invoice.is_expired());
 		assert_eq!(invoice.relative_expiry(), one_hour);
@@ -1972,7 +2014,7 @@ mod tests {
 			.relative_expiry(one_hour.as_secs() as u32 - 1)
 			.build().unwrap()
 			.sign(recipient_sign).unwrap();
-		let (_, _, _, tlv_stream, _) = invoice.as_tlv_stream();
+		let (_, _, _, tlv_stream, _, _) = invoice.as_tlv_stream();
 		#[cfg(feature = "std")]
 		assert!(invoice.is_expired());
 		assert_eq!(invoice.relative_expiry(), one_hour - Duration::from_secs(1));
@@ -1991,7 +2033,7 @@ mod tests {
 			.respond_with_no_std(payment_paths(), payment_hash(), now()).unwrap()
 			.build().unwrap()
 			.sign(recipient_sign).unwrap();
-		let (_, _, _, tlv_stream, _) = invoice.as_tlv_stream();
+		let (_, _, _, tlv_stream, _, _) = invoice.as_tlv_stream();
 		assert_eq!(invoice.amount_msats(), 1001);
 		assert_eq!(tlv_stream.amount, Some(1001));
 	}
@@ -2009,7 +2051,7 @@ mod tests {
 			.respond_with_no_std(payment_paths(), payment_hash(), now()).unwrap()
 			.build().unwrap()
 			.sign(recipient_sign).unwrap();
-		let (_, _, _, tlv_stream, _) = invoice.as_tlv_stream();
+		let (_, _, _, tlv_stream, _, _) = invoice.as_tlv_stream();
 		assert_eq!(invoice.amount_msats(), 2000);
 		assert_eq!(tlv_stream.amount, Some(2000));
 
@@ -2047,7 +2089,7 @@ mod tests {
 			.fallback_v1_p2tr_tweaked(&tweaked_pubkey)
 			.build().unwrap()
 			.sign(recipient_sign).unwrap();
-		let (_, _, _, tlv_stream, _) = invoice.as_tlv_stream();
+		let (_, _, _, tlv_stream, _, _) = invoice.as_tlv_stream();
 		assert_eq!(
 			invoice.fallbacks(),
 			vec![
@@ -2090,7 +2132,7 @@ mod tests {
 			.allow_mpp()
 			.build().unwrap()
 			.sign(recipient_sign).unwrap();
-		let (_, _, _, tlv_stream, _) = invoice.as_tlv_stream();
+		let (_, _, _, tlv_stream, _, _) = invoice.as_tlv_stream();
 		assert_eq!(invoice.invoice_features(), &features);
 		assert_eq!(tlv_stream.features, Some(&features));
 	}