f - exclude signing_pubkey from metadata

Author: jkczyz

lightning/src/offers/offer.rs

@@ -151,19 +151,26 @@ impl OfferBuilder {
 
 	/// Sets the [`Offer::metadata`] to the given bytes.
 	///
-	/// Successive calls to this method will override the previous setting and any previous calls to
-	/// [`OfferBuilder::metadata_derived`].
-	pub fn metadata(mut self, metadata: Vec<u8>) -> Self {
+	/// Successive calls to this method will override the previous setting. Errors if the builder
+	/// was constructed with [`SigningPubkey::Derived`].
+	pub fn metadata(mut self, metadata: Vec<u8>) -> Result<Self, SemanticError> {
+		if self.offer.signing_pubkey.is_none() {
+			return Err(SemanticError::UnexpectedMetadata);
+		}
+
 		self.offer.metadata = Some(metadata);
 		self.hmac = None;
-		self
+		Ok(self)
 	}
 
 	/// Sets the [`Offer::metadata`] derived from the given `key` and any fields set prior to
-	/// calling [`OfferBuilder::build`].
+	/// calling [`OfferBuilder::build`]. Allows for stateless verification of an [`InvoiceRequest`].
 	///
 	/// Successive calls to this method will override the previous setting and any previous calls to
-	/// [`OfferBuilder::metadata`].
+	/// [`OfferBuilder::metadata`]. Must be called if the builder was constructed with
+	/// [`SigningPubkey::Derived`] in order to derive [`Offer::signing_pubkey`].
+	///
+	/// [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
 	pub fn metadata_derived(mut self, key: &ExpandedKey) -> Self {
 		self.offer.metadata = None;
 		self.hmac = Some(key.hmac_for_offer());
@@ -239,8 +246,13 @@ impl OfferBuilder {
 			}
 		}
 
+		// Created the metadata for stateless verification and derive the signing_pubkey, if needed.
 		if let Some(mut hmac) = self.hmac {
-			self.offer.write(&mut hmac).unwrap();
+			debug_assert!(self.offer.metadata.is_none());
+			let mut tlv_stream = self.offer.as_tlv_stream();
+			tlv_stream.node_id = None;
+			tlv_stream.write(&mut hmac).unwrap();
+
 			self.offer.metadata = Some(Hmac::from_engine(hmac).into_inner().to_vec());
 		}
 
@@ -533,10 +545,11 @@ impl OfferContents {
 				let mut hmac = key.hmac_for_offer();
 
 				for record in tlv_stream.range(OFFER_TYPES) {
-					if record.r#type != OFFER_METADATA_TYPE {
-						hmac.input(record.record_bytes);
-					} else {
+					match record.r#type {
 						// TODO: Assert value bytes == metadata?
+						OFFER_METADATA_TYPE => {},
+						OFFER_NODE_ID_TYPE => {},
+						_ => hmac.input(record.record_bytes),
 					}
 				}
 
@@ -638,6 +651,9 @@ const OFFER_TYPES: core::ops::Range<u64> = 1..80;
 /// TLV record type for [`Offer::metadata`].
 const OFFER_METADATA_TYPE: u64 = 4;
 
+/// TLV record type for [`Offer::signing_pubkey`].
+const OFFER_NODE_ID_TYPE: u64 = 22;
+
 tlv_stream!(OfferTlvStream, OfferTlvStreamRef, OFFER_TYPES, {
 	(2, chains: (Vec<ChainHash>, WithoutLength)),
 	(OFFER_METADATA_TYPE, metadata: (Vec<u8>, WithoutLength)),
@@ -649,7 +665,7 @@ tlv_stream!(OfferTlvStream, OfferTlvStreamRef, OFFER_TYPES, {
 	(16, paths: (Vec<BlindedPath>, WithoutLength)),
 	(18, issuer: (String, WithoutLength)),
 	(20, quantity_max: (u64, HighZeroBytesDroppedBigSize)),
-	(22, node_id: PublicKey),
+	(OFFER_NODE_ID_TYPE, node_id: PublicKey),
 });
 
 impl Bech32Encode for Offer {
@@ -865,15 +881,15 @@ mod tests {
 	#[test]
 	fn builds_offer_with_metadata() {
 		let offer = OfferBuilder::new("foo".into(), pubkey(42).into())
-			.metadata(vec![42; 32])
+			.metadata(vec![42; 32]).unwrap()
 			.build()
 			.unwrap();
 		assert_eq!(offer.metadata(), Some(&vec![42; 32]));
 		assert_eq!(offer.as_tlv_stream().metadata, Some(&vec![42; 32]));
 
 		let offer = OfferBuilder::new("foo".into(), pubkey(42).into())
-			.metadata(vec![42; 32])
-			.metadata(vec![43; 32])
+			.metadata(vec![42; 32]).unwrap()
+			.metadata(vec![43; 32]).unwrap()
 			.build()
 			.unwrap();
 		assert_eq!(offer.metadata(), Some(&vec![43; 32]));