offer: make the merkle tree signature public

[vincenzopalazzo]

This is helpful for users who want to use the Merkle tree signature in their own code, for example, to verify the signature of bolt12 invoices or recreate it.

Very useful for people who are building command line tools for the bolt12 offers.

I am opening this, but I do not know if it is something that you want to do, but at the same time, IMHO, this is very useful to expose because it allows to use LDK in command line tools and in learning tools.

However, this is not strictly necessary because Bolt12Invoice::try_from already verifies the signature, but I would open this to know your point of view.

[ldk-reviews-bot]

👋 Thanks for assigning @TheBlueMatt as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

[dunxen]

I'm not personally opposed to this and it may be nice to expose it for the use cases you mention.
However, maybe the doc comments for these should be updated to indicate that these don't need to be used directly and they're really for internal use, but made public for use in applications like you specified. We should redirect them to the appropriate methods for production use.

I'm also not sure about any API guarantees for these methods. I don't think it's too much of a hassle to treat them the same way we treat any other public API.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 88.95%. Comparing base (1d507f2) to head (93cf409).
Report is 130 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3892      +/-   ##
==========================================
- Coverage   89.00%   88.95%   -0.05%     
==========================================
  Files         166      168       +2     
  Lines      119990   122065    +2075     
  Branches   119990   122065    +2075     
==========================================
+ Hits       106798   108586    +1788     
- Misses      10770    11076     +306     
+ Partials     2422     2403      -19     

Flag	Coverage Δ
fuzz	?
fuzzing	22.69% <0.00%> (?)
tests	88.78% <100.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[ldk-reviews-bot]

👋 The first review has been submitted!

Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer.

[ldk-reviews-bot]

🔔 1st Reminder

Hey @TheBlueMatt @valentinewallace! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 1st Reminder

Hey @TheBlueMatt @valentinewallace! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[vincenzopalazzo]

cc @jkczyz

[TheBlueMatt]

Will take a look at this after @jkczyz's comments are addressed, assuming he thinks it needs a second reviewer at that point.

[ldk-reviews-bot]

🔔 2nd Reminder

Hey @valentinewallace! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[vincenzopalazzo]

Ok, I pushed the change that @jkczyz requested, and now the PR is organised in two commits as follows:

• bed3812 where expose the sign and verify method to verify manually an invoice signature, this is nice for people that are building command line tools and want to show how the signature verification is described inside the spec
  -e60b87c38c043114642eda5499864c3c6898aa64 expose the offer_id inside the Bolt12Invoice that allows to compare it with the Offer to make sure that the invoice is linked with the Bolt12 one. This is useful for a sanity check, but requires trusting that the decoding of ldk will always verify the signature of the invoice

Let me know if you are fine with the commit divided in this way, or you prefer e60b87c

[vincenzopalazzo]

@jkczyz do you think that we should add in OfferId a maybe_from_valid_bolt12_tlv_stream(&bytes) -> Option<OfferId> to include the refund case without duplicate the match here?

[jkczyz]

We'd need to take in the InvoiceContents then, too. Leaning towards not doing this for unsigned invoices after all. See next comment.

[jkczyz]

We'd need to take in the InvoiceContents then, too. Leaning towards not doing this for unsigned invoices after all. See next comment.

[vincenzopalazzo]

Ok pushed the changes, not sure that I have got 100% this review, but let me know if there is something that is still pending #3892 (comment)

[vincenzopalazzo]

I noted that for some reason, I was not making public the tagged_hash inside the Bolt12Invoice which was the way to execute manual verification. I pushed the code in ea5685c and added a test to show a user how to use the API that we are now making public

[vincenzopalazzo]

I had to rebase to make the CI happy because there was a problem fixed by some PR that is now merged.

So I think the only missing thing to resolve is the following one #3892 (comment)

Would love to have the API to hide the secp256k1, but I also understand that the code is simple enough that we do not need an API for skilled users. Let me know what you preferer

[TheBlueMatt]

Sure

[TheBlueMatt]

This is a chunk more hashing on load. Its probably not crazy given we already do a signature validation, but if we assume most folks won't use it, does it make more sense to expose a calculate_offer_id method that does it live instead?