2020-09-03 02:11:08 +02:00
|
|
|
import bitstring # type: ignore
|
2019-12-14 01:57:22 +01:00
|
|
|
import re
|
2020-08-30 22:40:28 +02:00
|
|
|
import hashlib
|
2020-09-03 02:11:08 +02:00
|
|
|
from typing import List, NamedTuple, Optional
|
2020-09-03 23:02:15 +02:00
|
|
|
from bech32 import bech32_decode, CHARSET # type: ignore
|
2020-09-03 02:11:08 +02:00
|
|
|
from ecdsa import SECP256k1, VerifyingKey # type: ignore
|
|
|
|
|
from ecdsa.util import sigdecode_string # type: ignore
|
2020-08-30 22:40:28 +02:00
|
|
|
from binascii import unhexlify
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class Route(NamedTuple):
|
|
|
|
|
pubkey: str
|
|
|
|
|
short_channel_id: str
|
|
|
|
|
base_fee_msat: int
|
|
|
|
|
ppm_fee: int
|
|
|
|
|
cltv: int
|
2019-12-14 01:57:22 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class Invoice(object):
|
2020-09-03 02:11:08 +02:00
|
|
|
payment_hash: str
|
2020-08-30 22:40:28 +02:00
|
|
|
amount_msat: int = 0
|
2020-09-03 02:11:08 +02:00
|
|
|
description: Optional[str] = None
|
|
|
|
|
description_hash: Optional[str] = None
|
2020-09-03 13:53:06 +02:00
|
|
|
payee: Optional[str] = None
|
2020-09-03 02:11:08 +02:00
|
|
|
date: int
|
2020-08-30 22:40:28 +02:00
|
|
|
expiry: int = 3600
|
2020-09-03 02:11:08 +02:00
|
|
|
secret: Optional[str] = None
|
2020-08-30 22:40:28 +02:00
|
|
|
route_hints: List[Route] = []
|
|
|
|
|
min_final_cltv_expiry: int = 18
|
2019-12-14 01:57:22 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def decode(pr: str) -> Invoice:
|
2020-09-03 02:11:08 +02:00
|
|
|
"""bolt11 decoder,
|
2019-12-14 01:57:22 +01:00
|
|
|
based on https://github.com/rustyrussell/lightning-payencode/blob/master/lnaddr.py
|
|
|
|
|
"""
|
|
|
|
|
|
2020-09-03 02:11:08 +02:00
|
|
|
hrp, decoded_data = bech32_decode(pr)
|
|
|
|
|
if hrp is None or decoded_data is None:
|
|
|
|
|
raise ValueError("Bad bech32 checksum")
|
2019-12-14 01:57:22 +01:00
|
|
|
if not hrp.startswith("ln"):
|
|
|
|
|
raise ValueError("Does not start with ln")
|
|
|
|
|
|
2020-09-03 02:11:08 +02:00
|
|
|
bitarray = _u5_to_bitarray(decoded_data)
|
2019-12-14 01:57:22 +01:00
|
|
|
|
2020-08-30 22:40:28 +02:00
|
|
|
# final signature 65 bytes, split it off.
|
2020-09-03 02:11:08 +02:00
|
|
|
if len(bitarray) < 65 * 8:
|
2019-12-14 01:57:22 +01:00
|
|
|
raise ValueError("Too short to contain signature")
|
2020-08-30 22:40:28 +02:00
|
|
|
|
|
|
|
|
# extract the signature
|
2020-09-03 02:11:08 +02:00
|
|
|
signature = bitarray[-65 * 8 :].tobytes()
|
2020-08-30 22:40:28 +02:00
|
|
|
|
|
|
|
|
# the tagged fields as a bitstream
|
2020-09-03 02:11:08 +02:00
|
|
|
data = bitstring.ConstBitStream(bitarray[: -65 * 8])
|
2019-12-14 01:57:22 +01:00
|
|
|
|
2020-08-30 22:40:28 +02:00
|
|
|
# build the invoice object
|
2019-12-14 01:57:22 +01:00
|
|
|
invoice = Invoice()
|
|
|
|
|
|
2020-08-30 22:40:28 +02:00
|
|
|
# decode the amount from the hrp
|
2019-12-14 01:57:22 +01:00
|
|
|
m = re.search("[^\d]+", hrp[2:])
|
|
|
|
|
if m:
|
|
|
|
|
amountstr = hrp[2 + m.end() :]
|
|
|
|
|
if amountstr != "":
|
2020-09-03 02:11:08 +02:00
|
|
|
invoice.amount_msat = _unshorten_amount(amountstr)
|
2019-12-14 01:57:22 +01:00
|
|
|
|
|
|
|
|
# pull out date
|
2020-08-30 22:40:28 +02:00
|
|
|
invoice.date = data.read(35).uint
|
2019-12-14 01:57:22 +01:00
|
|
|
|
|
|
|
|
while data.pos != data.len:
|
2020-09-03 02:11:08 +02:00
|
|
|
tag, tagdata, data = _pull_tagged(data)
|
2019-12-14 01:57:22 +01:00
|
|
|
data_length = len(tagdata) / 5
|
|
|
|
|
|
|
|
|
|
if tag == "d":
|
2020-09-03 02:11:08 +02:00
|
|
|
invoice.description = _trim_to_bytes(tagdata).decode("utf-8")
|
2019-12-14 01:57:22 +01:00
|
|
|
elif tag == "h" and data_length == 52:
|
2020-09-03 02:11:08 +02:00
|
|
|
invoice.description_hash = _trim_to_bytes(tagdata).hex()
|
2019-12-14 01:57:22 +01:00
|
|
|
elif tag == "p" and data_length == 52:
|
2020-09-03 02:11:08 +02:00
|
|
|
invoice.payment_hash = _trim_to_bytes(tagdata).hex()
|
2020-08-30 22:40:28 +02:00
|
|
|
elif tag == "x":
|
|
|
|
|
invoice.expiry = tagdata.uint
|
|
|
|
|
elif tag == "n":
|
2020-09-03 02:11:08 +02:00
|
|
|
invoice.payee = _trim_to_bytes(tagdata).hex()
|
2020-08-30 22:40:28 +02:00
|
|
|
# this won't work in most cases, we must extract the payee
|
|
|
|
|
# from the signature
|
|
|
|
|
elif tag == "s":
|
2020-09-03 02:11:08 +02:00
|
|
|
invoice.secret = _trim_to_bytes(tagdata).hex()
|
2020-08-30 22:40:28 +02:00
|
|
|
elif tag == "r":
|
|
|
|
|
s = bitstring.ConstBitStream(tagdata)
|
|
|
|
|
while s.pos + 264 + 64 + 32 + 32 + 16 < s.len:
|
|
|
|
|
route = Route(
|
|
|
|
|
pubkey=s.read(264).tobytes().hex(),
|
2020-09-03 02:11:08 +02:00
|
|
|
short_channel_id=_readable_scid(s.read(64).intbe),
|
2020-08-30 22:40:28 +02:00
|
|
|
base_fee_msat=s.read(32).intbe,
|
|
|
|
|
ppm_fee=s.read(32).intbe,
|
|
|
|
|
cltv=s.read(16).intbe,
|
|
|
|
|
)
|
|
|
|
|
invoice.route_hints.append(route)
|
|
|
|
|
|
|
|
|
|
# BOLT #11:
|
|
|
|
|
# A reader MUST check that the `signature` is valid (see the `n` tagged
|
|
|
|
|
# field specified below).
|
|
|
|
|
# A reader MUST use the `n` field to validate the signature instead of
|
|
|
|
|
# performing signature recovery if a valid `n` field is provided.
|
|
|
|
|
message = bytearray([ord(c) for c in hrp]) + data.tobytes()
|
|
|
|
|
sig = signature[0:64]
|
|
|
|
|
if invoice.payee:
|
|
|
|
|
key = VerifyingKey.from_string(unhexlify(invoice.payee), curve=SECP256k1)
|
|
|
|
|
key.verify(sig, message, hashlib.sha256, sigdecode=sigdecode_string)
|
|
|
|
|
else:
|
2021-03-24 04:40:32 +01:00
|
|
|
keys = VerifyingKey.from_public_key_recovery(
|
|
|
|
|
sig, message, SECP256k1, hashlib.sha256
|
|
|
|
|
)
|
2020-08-30 22:40:28 +02:00
|
|
|
signaling_byte = signature[64]
|
|
|
|
|
key = keys[int(signaling_byte)]
|
|
|
|
|
invoice.payee = key.to_string("compressed").hex()
|
2019-12-14 01:57:22 +01:00
|
|
|
|
|
|
|
|
return invoice
|
|
|
|
|
|
|
|
|
|
|
2022-01-30 11:41:20 +01:00
|
|
|
def encode(options):
|
|
|
|
|
""" Convert options into LnAddr and pass it to the encoder
|
|
|
|
|
"""
|
|
|
|
|
addr = LnAddr()
|
|
|
|
|
addr.currency = options.currency
|
|
|
|
|
addr.fallback = options.fallback if options.fallback else None
|
|
|
|
|
if options.amount:
|
|
|
|
|
addr.amount = options.amount
|
|
|
|
|
if options.timestamp:
|
|
|
|
|
addr.date = int(options.timestamp)
|
|
|
|
|
|
|
|
|
|
addr.paymenthash = unhexlify(options.paymenthash)
|
|
|
|
|
|
|
|
|
|
if options.description:
|
2022-01-30 20:43:30 +01:00
|
|
|
addr.tags.append(("d", options.description))
|
2022-01-30 11:41:20 +01:00
|
|
|
if options.description_hashed:
|
2022-01-30 20:43:30 +01:00
|
|
|
addr.tags.append(("h", options.description_hashed))
|
2022-01-30 11:41:20 +01:00
|
|
|
if options.expires:
|
2022-01-30 20:43:30 +01:00
|
|
|
addr.tags.append(("x", options.expires))
|
2022-01-30 11:41:20 +01:00
|
|
|
|
|
|
|
|
if options.fallback:
|
2022-01-30 20:43:30 +01:00
|
|
|
addr.tags.append(("f", options.fallback))
|
2022-01-30 11:41:20 +01:00
|
|
|
|
|
|
|
|
for r in options.route:
|
2022-01-30 20:43:30 +01:00
|
|
|
splits = r.split("/")
|
|
|
|
|
route = []
|
2022-01-30 11:41:20 +01:00
|
|
|
while len(splits) >= 5:
|
2022-01-30 20:43:30 +01:00
|
|
|
route.append(
|
|
|
|
|
(
|
|
|
|
|
unhexlify(splits[0]),
|
|
|
|
|
unhexlify(splits[1]),
|
|
|
|
|
int(splits[2]),
|
|
|
|
|
int(splits[3]),
|
|
|
|
|
int(splits[4]),
|
|
|
|
|
)
|
|
|
|
|
)
|
2022-01-30 11:41:20 +01:00
|
|
|
splits = splits[5:]
|
2022-01-30 20:43:30 +01:00
|
|
|
assert len(splits) == 0
|
|
|
|
|
addr.tags.append(("r", route))
|
2022-01-30 11:41:20 +01:00
|
|
|
return lnencode(addr, options.privkey)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def lnencode(addr, privkey):
|
|
|
|
|
if addr.amount:
|
|
|
|
|
amount = Decimal(str(addr.amount))
|
|
|
|
|
# We can only send down to millisatoshi.
|
2022-01-30 20:43:30 +01:00
|
|
|
if amount * 10 ** 12 % 10:
|
|
|
|
|
raise ValueError(
|
|
|
|
|
"Cannot encode {}: too many decimal places".format(addr.amount)
|
|
|
|
|
)
|
2022-01-30 11:41:20 +01:00
|
|
|
|
|
|
|
|
amount = addr.currency + shorten_amount(amount)
|
|
|
|
|
else:
|
2022-01-30 20:43:30 +01:00
|
|
|
amount = addr.currency if addr.currency else ""
|
2022-01-30 11:41:20 +01:00
|
|
|
|
2022-01-30 20:43:30 +01:00
|
|
|
hrp = "ln" + amount
|
2022-01-30 11:41:20 +01:00
|
|
|
|
|
|
|
|
# Start with the timestamp
|
2022-01-30 20:43:30 +01:00
|
|
|
data = bitstring.pack("uint:35", addr.date)
|
2022-01-30 11:41:20 +01:00
|
|
|
|
|
|
|
|
# Payment hash
|
2022-01-30 20:43:30 +01:00
|
|
|
data += tagged_bytes("p", addr.paymenthash)
|
2022-01-30 11:41:20 +01:00
|
|
|
tags_set = set()
|
|
|
|
|
|
|
|
|
|
for k, v in addr.tags:
|
|
|
|
|
|
|
|
|
|
# BOLT #11:
|
|
|
|
|
#
|
|
|
|
|
# A writer MUST NOT include more than one `d`, `h`, `n` or `x` fields,
|
2022-01-30 20:43:30 +01:00
|
|
|
if k in ("d", "h", "n", "x"):
|
2022-01-30 11:41:20 +01:00
|
|
|
if k in tags_set:
|
|
|
|
|
raise ValueError("Duplicate '{}' tag".format(k))
|
|
|
|
|
|
2022-01-30 20:43:30 +01:00
|
|
|
if k == "r":
|
2022-01-30 11:41:20 +01:00
|
|
|
route = bitstring.BitArray()
|
|
|
|
|
for step in v:
|
|
|
|
|
pubkey, channel, feebase, feerate, cltv = step
|
2022-01-30 20:43:30 +01:00
|
|
|
route.append(
|
|
|
|
|
bitstring.BitArray(pubkey)
|
|
|
|
|
+ bitstring.BitArray(channel)
|
|
|
|
|
+ bitstring.pack("intbe:32", feebase)
|
|
|
|
|
+ bitstring.pack("intbe:32", feerate)
|
|
|
|
|
+ bitstring.pack("intbe:16", cltv)
|
|
|
|
|
)
|
|
|
|
|
data += tagged("r", route)
|
|
|
|
|
elif k == "f":
|
2022-01-30 11:41:20 +01:00
|
|
|
data += encode_fallback(v, addr.currency)
|
2022-01-30 20:43:30 +01:00
|
|
|
elif k == "d":
|
|
|
|
|
data += tagged_bytes("d", v.encode())
|
|
|
|
|
elif k == "x":
|
2022-01-30 11:41:20 +01:00
|
|
|
# Get minimal length by trimming leading 5 bits at a time.
|
2022-01-30 20:43:30 +01:00
|
|
|
expirybits = bitstring.pack("intbe:64", v)[4:64]
|
|
|
|
|
while expirybits.startswith("0b00000"):
|
2022-01-30 11:41:20 +01:00
|
|
|
expirybits = expirybits[5:]
|
2022-01-30 20:43:30 +01:00
|
|
|
data += tagged("x", expirybits)
|
|
|
|
|
elif k == "h":
|
|
|
|
|
data += tagged_bytes("h", hashlib.sha256(v.encode("utf-8")).digest())
|
|
|
|
|
elif k == "n":
|
|
|
|
|
data += tagged_bytes("n", v)
|
2022-01-30 11:41:20 +01:00
|
|
|
else:
|
|
|
|
|
# FIXME: Support unknown tags?
|
|
|
|
|
raise ValueError("Unknown tag {}".format(k))
|
|
|
|
|
|
|
|
|
|
tags_set.add(k)
|
|
|
|
|
|
|
|
|
|
# BOLT #11:
|
|
|
|
|
#
|
|
|
|
|
# A writer MUST include either a `d` or `h` field, and MUST NOT include
|
|
|
|
|
# both.
|
2022-01-30 20:43:30 +01:00
|
|
|
if "d" in tags_set and "h" in tags_set:
|
2022-01-30 11:41:20 +01:00
|
|
|
raise ValueError("Cannot include both 'd' and 'h'")
|
2022-01-30 20:43:30 +01:00
|
|
|
if not "d" in tags_set and not "h" in tags_set:
|
2022-01-30 11:41:20 +01:00
|
|
|
raise ValueError("Must include either 'd' or 'h'")
|
2022-01-30 20:43:30 +01:00
|
|
|
|
2022-01-30 11:41:20 +01:00
|
|
|
# We actually sign the hrp, then data (padded to 8 bits with zeroes).
|
|
|
|
|
privkey = secp256k1.PrivateKey(bytes(unhexlify(privkey)))
|
2022-01-30 20:43:30 +01:00
|
|
|
sig = privkey.ecdsa_sign_recoverable(
|
|
|
|
|
bytearray([ord(c) for c in hrp]) + data.tobytes()
|
|
|
|
|
)
|
2022-01-30 11:41:20 +01:00
|
|
|
# This doesn't actually serialize, but returns a pair of values :(
|
|
|
|
|
sig, recid = privkey.ecdsa_recoverable_serialize(sig)
|
|
|
|
|
data += bytes(sig) + bytes([recid])
|
|
|
|
|
|
|
|
|
|
return bech32_encode(hrp, bitarray_to_u5(data))
|
|
|
|
|
|
2022-01-30 20:43:30 +01:00
|
|
|
|
2022-01-30 11:41:20 +01:00
|
|
|
class LnAddr(object):
|
2022-01-30 20:43:30 +01:00
|
|
|
def __init__(
|
|
|
|
|
self, paymenthash=None, amount=None, currency="bc", tags=None, date=None
|
|
|
|
|
):
|
2022-01-30 11:41:20 +01:00
|
|
|
self.date = int(time.time()) if not date else int(date)
|
|
|
|
|
self.tags = [] if not tags else tags
|
|
|
|
|
self.unknown_tags = []
|
2022-01-30 20:43:30 +01:00
|
|
|
self.paymenthash = paymenthash
|
2022-01-30 11:41:20 +01:00
|
|
|
self.signature = None
|
|
|
|
|
self.pubkey = None
|
|
|
|
|
self.currency = currency
|
|
|
|
|
self.amount = amount
|
|
|
|
|
|
|
|
|
|
def __str__(self):
|
|
|
|
|
return "LnAddr[{}, amount={}{} tags=[{}]]".format(
|
2022-01-30 20:43:30 +01:00
|
|
|
hexlify(self.pubkey.serialize()).decode("utf-8"),
|
|
|
|
|
self.amount,
|
|
|
|
|
self.currency,
|
|
|
|
|
", ".join([k + "=" + str(v) for k, v in self.tags]),
|
2022-01-30 11:41:20 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2020-09-03 02:11:08 +02:00
|
|
|
def _unshorten_amount(amount: str) -> int:
|
2020-09-03 23:02:15 +02:00
|
|
|
"""Given a shortened amount, return millisatoshis"""
|
2019-12-14 01:57:22 +01:00
|
|
|
# BOLT #11:
|
|
|
|
|
# The following `multiplier` letters are defined:
|
|
|
|
|
#
|
|
|
|
|
# * `m` (milli): multiply by 0.001
|
|
|
|
|
# * `u` (micro): multiply by 0.000001
|
|
|
|
|
# * `n` (nano): multiply by 0.000000001
|
|
|
|
|
# * `p` (pico): multiply by 0.000000000001
|
2021-10-17 19:33:29 +02:00
|
|
|
units = {"p": 10 ** 12, "n": 10 ** 9, "u": 10 ** 6, "m": 10 ** 3}
|
2019-12-14 01:57:22 +01:00
|
|
|
unit = str(amount)[-1]
|
|
|
|
|
|
|
|
|
|
# BOLT #11:
|
|
|
|
|
# A reader SHOULD fail if `amount` contains a non-digit, or is followed by
|
|
|
|
|
# anything except a `multiplier` in the table above.
|
|
|
|
|
if not re.fullmatch("\d+[pnum]?", str(amount)):
|
|
|
|
|
raise ValueError("Invalid amount '{}'".format(amount))
|
|
|
|
|
|
|
|
|
|
if unit in units:
|
2020-09-03 02:11:08 +02:00
|
|
|
return int(int(amount[:-1]) * 100_000_000_000 / units[unit])
|
2019-12-14 01:57:22 +01:00
|
|
|
else:
|
|
|
|
|
return int(amount) * 100_000_000_000
|
|
|
|
|
|
|
|
|
|
|
2020-09-03 02:11:08 +02:00
|
|
|
def _pull_tagged(stream):
|
2019-12-14 01:57:22 +01:00
|
|
|
tag = stream.read(5).uint
|
|
|
|
|
length = stream.read(5).uint * 32 + stream.read(5).uint
|
|
|
|
|
return (CHARSET[tag], stream.read(length * 5), stream)
|
|
|
|
|
|
|
|
|
|
|
2020-09-03 02:11:08 +02:00
|
|
|
def _trim_to_bytes(barr):
|
2019-12-14 01:57:22 +01:00
|
|
|
# Adds a byte if necessary.
|
|
|
|
|
b = barr.tobytes()
|
|
|
|
|
if barr.len % 8 != 0:
|
|
|
|
|
return b[:-1]
|
|
|
|
|
return b
|
|
|
|
|
|
|
|
|
|
|
2020-09-03 02:11:08 +02:00
|
|
|
def _readable_scid(short_channel_id: int) -> str:
|
2020-08-30 22:40:28 +02:00
|
|
|
return "{blockheight}x{transactionindex}x{outputindex}".format(
|
2021-10-17 19:33:29 +02:00
|
|
|
blockheight=((short_channel_id >> 40) & 0xFFFFFF),
|
|
|
|
|
transactionindex=((short_channel_id >> 16) & 0xFFFFFF),
|
|
|
|
|
outputindex=(short_channel_id & 0xFFFF),
|
2020-08-30 22:40:28 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2020-09-03 02:11:08 +02:00
|
|
|
def _u5_to_bitarray(arr: List[int]) -> bitstring.BitArray:
|
2019-12-14 01:57:22 +01:00
|
|
|
ret = bitstring.BitArray()
|
|
|
|
|
for a in arr:
|
|
|
|
|
ret += bitstring.pack("uint:5", a)
|
|
|
|
|
return ret
|
