refactor: HTLC spending conditions (#803)

* refactor nut14 * format * tests * update tests * more tests * format * adjust wallet tests -> 32 bytes preimages * format
2025-12-19 10:04:19 +01:00 · 2025-10-21 16:37:51 +02:00
parent 23683f5985
commit f84028ca3f
4 changed files with 146 additions and 71 deletions
--- a/cashu/core/nuts/nut14.py
+++ b/cashu/core/nuts/nut14.py
@@ -0,0 +1,37 @@
+import time
+from hashlib import sha256
+
+from ..base import Proof
+from ..errors import TransactionError
+from ..htlc import HTLCSecret
+from ..secret import Secret, SecretKind
+
+
+def verify_htlc_spending_conditions(
+    proof: Proof,
+) -> bool:
+    """
+    Verifies an HTLC spending condition.
+    Either the preimage is provided or the locktime has passed and a refund is requested.
+    """
+    secret = Secret.deserialize(proof.secret)
+    if not secret.kind or secret.kind != SecretKind.HTLC.value:
+        raise TransactionError("not an HTLC secret.")
+    htlc_secret = HTLCSecret.from_secret(secret)
+    # hash lock
+    if not proof.htlcpreimage:
+        raise TransactionError("no HTLC preimage provided")
+    # verify correct preimage (the hashlock) if the locktime hasn't passed
+    now = time.time()
+    if not htlc_secret.locktime or htlc_secret.locktime > now:
+        try:
+            if len(proof.htlcpreimage) != 64:
+                raise TransactionError("HTLC preimage must be 64 characters hex.")
+            if not sha256(
+                bytes.fromhex(proof.htlcpreimage)
+            ).digest() == bytes.fromhex(htlc_secret.data):
+                raise TransactionError("HTLC preimage does not match.")
+        except ValueError:
+            raise TransactionError("invalid preimage for HTLC: not a hex string.")
+    return True
+
--- a/cashu/mint/conditions.py
+++ b/cashu/mint/conditions.py
@@ -1,4 +1,3 @@
-import hashlib
 import time
 from typing import List, Optional, Union

@@ -10,6 +9,7 @@ from ..core.errors import (
    TransactionError,
 )
 from ..core.htlc import HTLCSecret
+from ..core.nuts.nut14 import verify_htlc_spending_conditions
 from ..core.p2pk import (
    P2PKSecret,
    SigFlags,
@@ -75,56 +75,6 @@ class LedgerSpendingConditions:
            message_to_sign, pubkeys, proof.p2pksigs, n_sigs
        )

-    def _verify_htlc_spending_conditions(
-        self,
-        proof: Proof,
-        secret: HTLCSecret,
-        message_to_sign: Optional[str] = None,
-    ) -> bool:
-        """
-        Verify HTLC spending condition for a single input.
-
-        We return True:
-        - if the secret is not a HTLCSecret spending condition
-
-        We first verify the time lock. If the locktime has passed, we require
-        a valid signature if a 'refund' pubkey is present. If it isn't present,
-        anyone can spend.
-
-        We return True:
-        - if 'refund' pubkeys are present and a valid signature is provided for one of them
-        We raise an exception:
-        - if 'refund' but no valid signature is present
-
-
-        We then verify the hash lock. We require a valid preimage. We require a valid
-        signature if 'pubkeys' are present. If they aren't present, anyone who provides
-        a valid preimage can spend.
-
-        We raise an exception:
-        - if no preimage is provided
-        - if preimage does not match the hash lock in the secret
-
-        We return True:
-        - if 'pubkeys' are present and a valid signature is provided for one of them
-
-        We raise an exception:
-        - if 'pubkeys' are present but no valid signature is provided
-        """
-
-        htlc_secret = secret
-        # hash lock
-        if not proof.htlcpreimage:
-            raise TransactionError("no HTLC preimage provided")
-        # verify correct preimage (the hashlock) if the locktime hasn't passed
-        now = time.time()
-        if not htlc_secret.locktime or htlc_secret.locktime > now:
-            if not hashlib.sha256(
-                bytes.fromhex(proof.htlcpreimage)
-            ).digest() == bytes.fromhex(htlc_secret.data):
-                raise TransactionError("HTLC preimage does not match.")
-        return True
-
    def _verify_p2pk_signatures(
        self,
        message_to_sign: str,
@@ -213,7 +163,7 @@ class LedgerSpendingConditions:
        # HTLC
        if SecretKind(secret.kind) == SecretKind.HTLC:
            htlc_secret = HTLCSecret.from_secret(secret)
-            self._verify_htlc_spending_conditions(proof, htlc_secret)
+            verify_htlc_spending_conditions(proof)
            return self._verify_p2pk_sig_inputs(proof, htlc_secret)

        # no spending condition present
--- a/tests/mint/test_mint_htlc.py
+++ b/tests/mint/test_mint_htlc.py
@@ -0,0 +1,88 @@
+
+from cashu.core.base import Proof
+from cashu.core.errors import TransactionError
+from cashu.core.nuts.nut14 import verify_htlc_spending_conditions
+
+
+def test_htlc():    
+    proof = Proof.from_dict({
+        "amount": 0,
+        "secret": "[\"HTLC\",{\"nonce\":\"66687aadf862bd776c8fc18b8e9f8e20089714856ee233b3902a591d0d5f2925\",\"data\":\"4884fdaafea47c29fea7159d0daddd9c085d6200e1359e85bb81736af6b7c837\"}]",
+        "C": "02698c4e2b5f9534cd0687d87513c759790cf829aa5739184a3e3735471fbda904",
+        "id": "009a1f293253e41e",
+        "witness": "{\"preimage\":\"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\"}"
+    })
+
+    print(f"{proof.secret = }")
+    htlc_preimage = proof.htlcpreimage
+    assert htlc_preimage
+
+    verify_htlc_spending_conditions(proof)
+
+def test_htlc_case_insensitive():
+    proof = Proof.from_dict({
+        "amount": 0,
+        "secret": "[\"HTLC\",{\"nonce\":\"66687aadf862bd776c8fc18b8e9f8e20089714856ee233b3902a591d0d5f2925\",\"data\":\"4884fdaafea47c29fea7159d0daddd9c085d6200e1359e85bb81736af6b7c837\"}]",
+        "C": "02698c4e2b5f9534cd0687d87513c759790cf829aa5739184a3e3735471fbda904",
+        "id": "009a1f293253e41e",
+        "witness": "{\"preimage\":\"0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF\"}"
+    })
+
+    htlc_preimage = proof.htlcpreimage
+    assert htlc_preimage
+
+    verify_htlc_spending_conditions(proof)
+
+def test_invalid_preimage():
+    proof = Proof.from_dict({
+        "amount": 0,
+        "secret": "[\"HTLC\",{\"nonce\":\"72996563049cc84daa2c3f31fd5c3d10770e69d6ebbb8da5b6d76db303dbae43\",\"data\":\"c2f480d4dda9f4522b9f6d590011636d904accfe59f12f9d66a0221c2558e3a2\"}]",
+        "C": "02698c4e2b5f9534cd0687d87513c759790cf829aa5739184a3e3735471fbda904",
+        "id": "009a1f293253e41e",
+        "witness": "{\"preimage\":\"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\"}"
+    })
+
+    htlc_preimage = proof.htlcpreimage
+    assert htlc_preimage
+
+    try:
+        verify_htlc_spending_conditions(proof)
+        assert False, "Expected a TransactionError"
+    except TransactionError as e:
+        assert "HTLC preimage does not match." in e.detail
+
+def test_htlc_preimage_too_large():
+    proof = Proof.from_dict({
+        "amount": 0,
+        "secret": "[\"HTLC\",{\"nonce\":\"66687aadf862bd776c8fc18b8e9f8e20089714856ee233b3902a591d0d5f2925\",\"data\":\"c2f480d4dda9f4522b9f6d590011636d904accfe59f12f9d66a0221c2558e3a2\"}]",
+        "C": "02698c4e2b5f9534cd0687d87513c759790cf829aa5739184a3e3735471fbda904",
+        "id": "009a1f293253e41e",
+        "witness": "{\"preimage\":\"cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\"}"
+    })
+
+    htlc_preimage = proof.htlcpreimage
+    assert htlc_preimage
+
+    try:
+        verify_htlc_spending_conditions(proof)
+        assert False, "Expected a TransactionError"
+    except TransactionError as e:
+        assert "HTLC preimage must be 64 characters hex." in e.detail
+
+def test_htlc_nonhex_preimage():
+    proof = Proof.from_dict({
+        "amount": 0,
+        "secret": "[\"HTLC\",{\"nonce\":\"66687aadf862bd776c8fc18b8e9f8e20089714856ee233b3902a591d0d5f2925\",\"data\":\"72996563049cc84daa2c3f31fd5c3d10770e69d6ebbb8da5b6d76db303dbae43\"}]",
+        "C": "02698c4e2b5f9534cd0687d87513c759790cf829aa5739184a3e3735471fbda904",
+        "id": "009a1f293253e41e",
+        "witness": "{\"preimage\":\"zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz\"}"
+    })
+
+    htlc_preimage = proof.htlcpreimage
+    assert htlc_preimage
+
+    try:
+        verify_htlc_spending_conditions(proof)
+        assert False, "Expected a TransactionError"
+    except TransactionError as e:
+        assert "invalid preimage for HTLC: not a hex string." in e.detail
--- a/tests/wallet/test_wallet_htlc.py
+++ b/tests/wallet/test_wallet_htlc.py
@@ -63,7 +63,7 @@ async def test_create_htlc_secret(wallet1: Wallet):
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
    secret = await wallet1.create_htlc_lock(preimage=preimage)
    assert secret.data == preimage_hash
@@ -74,7 +74,7 @@ async def test_htlc_split(wallet1: Wallet, wallet2: Wallet):
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
    secret = await wallet1.create_htlc_lock(preimage=preimage)
    _, send_proofs = await wallet1.swap_to_send(wallet1.proofs, 8, secret_lock=secret)
@@ -87,7 +87,7 @@ async def test_htlc_redeem_with_preimage(wallet1: Wallet, wallet2: Wallet):
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    # preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
    secret = await wallet1.create_htlc_lock(preimage=preimage)
    _, send_proofs = await wallet1.swap_to_send(wallet1.proofs, 8, secret_lock=secret)
@@ -101,7 +101,7 @@ async def test_htlc_redeem_with_wrong_preimage(wallet1: Wallet, wallet2: Wallet)
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    # preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
    secret = await wallet1.create_htlc_lock(
        preimage=f"{preimage[:-5]}11111"
@@ -110,7 +110,7 @@ async def test_htlc_redeem_with_wrong_preimage(wallet1: Wallet, wallet2: Wallet)
    for p in send_proofs:
        p.witness = HTLCWitness(preimage=preimage).json()
    await assert_err(
-        wallet1.redeem(send_proofs), "Mint Error: HTLC preimage does not match"
+        wallet1.redeem(send_proofs), "Mint Error: HTLC preimage does not match."
    )


@@ -119,7 +119,7 @@ async def test_htlc_redeem_with_no_signature(wallet1: Wallet, wallet2: Wallet):
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    pubkey_wallet1 = await wallet1.create_p2pk_pubkey()
    # preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
    secret = await wallet1.create_htlc_lock(
@@ -139,7 +139,7 @@ async def test_htlc_redeem_with_wrong_signature(wallet1: Wallet, wallet2: Wallet
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    pubkey_wallet1 = await wallet1.create_p2pk_pubkey()
    # preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
    secret = await wallet1.create_htlc_lock(
@@ -163,7 +163,7 @@ async def test_htlc_redeem_with_correct_signature(wallet1: Wallet, wallet2: Wall
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    pubkey_wallet1 = await wallet1.create_p2pk_pubkey()
    # preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
    secret = await wallet1.create_htlc_lock(
@@ -183,7 +183,7 @@ async def test_htlc_redeem_with_2_of_1_signatures(wallet1: Wallet, wallet2: Wall
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    pubkey_wallet1 = await wallet1.create_p2pk_pubkey()
    pubkey_wallet2 = await wallet2.create_p2pk_pubkey()
    # preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
@@ -207,7 +207,7 @@ async def test_htlc_redeem_with_2_of_2_signatures(wallet1: Wallet, wallet2: Wall
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    pubkey_wallet1 = await wallet1.create_p2pk_pubkey()
    pubkey_wallet2 = await wallet2.create_p2pk_pubkey()
    # preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
@@ -233,7 +233,7 @@ async def test_htlc_redeem_with_2_of_2_signatures_with_duplicate_pubkeys(
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    pubkey_wallet1 = await wallet1.create_p2pk_pubkey()
    pubkey_wallet2 = pubkey_wallet1
    # preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
@@ -262,7 +262,7 @@ async def test_htlc_redeem_with_3_of_3_signatures_but_only_2_provided(
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    pubkey_wallet1 = await wallet1.create_p2pk_pubkey()
    pubkey_wallet2 = await wallet2.create_p2pk_pubkey()
    # preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
@@ -291,7 +291,7 @@ async def test_htlc_redeem_with_2_of_3_signatures_with_2_valid_and_1_invalid_pro
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    pubkey_wallet1 = await wallet1.create_p2pk_pubkey()
    pubkey_wallet2 = await wallet2.create_p2pk_pubkey()
    privatekey_wallet3 = PrivateKey(secrets.token_bytes(32), raw=True)
@@ -322,7 +322,7 @@ async def test_htlc_redeem_hashlock_wrong_signature_timelock_correct_signature(
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    pubkey_wallet1 = await wallet1.create_p2pk_pubkey()
    pubkey_wallet2 = await wallet2.create_p2pk_pubkey()
    # preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
@@ -356,7 +356,7 @@ async def test_htlc_redeem_hashlock_wrong_signature_timelock_wrong_signature(
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    pubkey_wallet1 = await wallet1.create_p2pk_pubkey()
    pubkey_wallet2 = await wallet2.create_p2pk_pubkey()
    # preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
@@ -395,7 +395,7 @@ async def test_htlc_redeem_timelock_2_of_2_signatures(wallet1: Wallet, wallet2:
    mint_quote = await wallet1.request_mint(64)
    await pay_if_regtest(mint_quote.request)
    await wallet1.mint(64, quote_id=mint_quote.quote)
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    pubkey_wallet1 = await wallet1.create_p2pk_pubkey()
    pubkey_wallet2 = await wallet2.create_p2pk_pubkey()
    # preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
@@ -444,7 +444,7 @@ async def test_htlc_sigall_behavior(wallet1: Wallet, wallet2: Wallet):
    await wallet1.mint(64, quote_id=mint_quote.quote)

    # Setup HTLC parameters
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    # preimage_hash = hashlib.sha256(bytes.fromhex(preimage)).hexdigest()
    pubkey_wallet2 = await wallet2.create_p2pk_pubkey()

@@ -495,13 +495,13 @@ async def test_htlc_n_sigs_refund_locktime(wallet1: Wallet, wallet2: Wallet):
    await wallet1.mint(64, quote_id=mint_quote.quote)

    # Setup parameters
-    preimage = "00000000000000000000000000000000"
+    preimage = "0000000000000000000000000000000000000000000000000000000000000000"
    pubkey_wallet1 = await wallet1.create_p2pk_pubkey()
    pubkey_wallet2 = await wallet2.create_p2pk_pubkey()
    pubkey_wallet3 = await wallet3.create_p2pk_pubkey()

    # Wrong preimage - making it so we can only spend via locktime
-    wrong_preimage = "11111111111111111111111111111111"
+    wrong_preimage = "1111111111111111111111111111111111111111111111111111111111111111"

    # Create HTLC with:
    # 1. Timelock in the past