Use the full signature as promise and verify it directly

This commit is contained in:
Yaacov Akiba Slama
2023-05-24 15:31:36 +03:00
parent d7aee62fd4
commit 301760401f

View File

@@ -125,8 +125,7 @@ func (s *server) createOpeningParamsMenu(
return menu, nil
}
func createPromise(node *node, params *lspdrpc.OpeningFeeParams) (*string, error) {
func paramsHash(params *lspdrpc.OpeningFeeParams) ([]byte, error) {
// First hash all the values in the params in a fixed order.
items := []interface{}{
params.MinMsat,
@@ -140,33 +139,52 @@ func createPromise(node *node, params *lspdrpc.OpeningFeeParams) (*string, error
return nil, err
}
hash := sha256.Sum256(blob)
return hash[:], nil
}
func createPromise(node *node, params *lspdrpc.OpeningFeeParams) (*string, error) {
hash, err := paramsHash(params)
if err != nil {
return nil, err
}
// Sign the hash with the private key of the LSP id.
sig, err := ecdsa.SignCompact(node.privateKey, hash[:], true)
if err != nil {
return nil, err
}
// The promise is the hex encoded hash of the signature.
result := sha256.Sum256(sig)
promise := hex.EncodeToString(result[:])
promise := hex.EncodeToString(sig)
return &promise, nil
}
func verifyPromise(node *node, params *lspdrpc.OpeningFeeParams) error {
hash, err := paramsHash(params)
if err != nil {
return err
}
sig, err := hex.DecodeString(params.Promise)
if err != nil {
return err
}
pub, _, err := ecdsa.RecoverCompact(sig, hash)
if err != nil {
return err
}
if !node.publicKey.IsEqual(pub) {
return fmt.Errorf("invalid promise")
}
return nil
}
func validateOpeningFeeParams(node *node, params *lspdrpc.OpeningFeeParams) bool {
if params == nil {
return false
}
promise, err := createPromise(node, params)
err := verifyPromise(node, params)
if err != nil {
return false
}
if *promise != params.Promise {
return false
}
t, err := time.Parse(basetypes.TIME_FORMAT, params.ValidUntil)
if err != nil {
return false