lnbits-legend/lnbits/bolt11.py

372 lines
12 KiB
Python
Raw Normal View History

2020-08-30 22:40:28 +02:00
import hashlib
2022-07-16 14:23:03 +02:00
import re
2022-01-31 01:12:59 +01:00
import time
2022-07-16 14:23:03 +02:00
from binascii import unhexlify
2022-01-31 01:12:59 +01:00
from decimal import Decimal
2022-07-16 14:23:03 +02:00
from typing import List, NamedTuple, Optional
import bitstring # type: ignore
2022-01-31 01:12:59 +01:00
import embit
import secp256k1
2022-07-16 14:23:03 +02:00
from bech32 import CHARSET, bech32_decode, bech32_encode
from ecdsa import SECP256k1, VerifyingKey # type: ignore
from ecdsa.util import sigdecode_string # type: ignore
2020-08-30 22:40:28 +02:00
2022-01-31 17:29:42 +01:00
2020-08-30 22:40:28 +02:00
class Route(NamedTuple):
pubkey: str
short_channel_id: str
base_fee_msat: int
ppm_fee: int
cltv: int
2019-12-14 01:57:22 +01:00
class Invoice(object):
payment_hash: str
2020-08-30 22:40:28 +02:00
amount_msat: int = 0
description: Optional[str] = None
description_hash: Optional[str] = None
2020-09-03 13:53:06 +02:00
payee: Optional[str] = None
date: int
2020-08-30 22:40:28 +02:00
expiry: int = 3600
secret: Optional[str] = None
2020-08-30 22:40:28 +02:00
route_hints: List[Route] = []
min_final_cltv_expiry: int = 18
2019-12-14 01:57:22 +01:00
def decode(pr: str) -> Invoice:
"""bolt11 decoder,
2019-12-14 01:57:22 +01:00
based on https://github.com/rustyrussell/lightning-payencode/blob/master/lnaddr.py
"""
hrp, decoded_data = bech32_decode(pr)
if hrp is None or decoded_data is None:
raise ValueError("Bad bech32 checksum")
2019-12-14 01:57:22 +01:00
if not hrp.startswith("ln"):
raise ValueError("Does not start with ln")
bitarray = _u5_to_bitarray(decoded_data)
2019-12-14 01:57:22 +01:00
2020-08-30 22:40:28 +02:00
# final signature 65 bytes, split it off.
if len(bitarray) < 65 * 8:
2019-12-14 01:57:22 +01:00
raise ValueError("Too short to contain signature")
2020-08-30 22:40:28 +02:00
# extract the signature
signature = bitarray[-65 * 8 :].tobytes()
2020-08-30 22:40:28 +02:00
# the tagged fields as a bitstream
data = bitstring.ConstBitStream(bitarray[: -65 * 8])
2019-12-14 01:57:22 +01:00
2020-08-30 22:40:28 +02:00
# build the invoice object
2019-12-14 01:57:22 +01:00
invoice = Invoice()
2020-08-30 22:40:28 +02:00
# decode the amount from the hrp
m = re.search(r"[^\d]+", hrp[2:])
2019-12-14 01:57:22 +01:00
if m:
amountstr = hrp[2 + m.end() :]
if amountstr != "":
invoice.amount_msat = _unshorten_amount(amountstr)
2019-12-14 01:57:22 +01:00
# pull out date
2020-08-30 22:40:28 +02:00
invoice.date = data.read(35).uint
2019-12-14 01:57:22 +01:00
while data.pos != data.len:
tag, tagdata, data = _pull_tagged(data)
2019-12-14 01:57:22 +01:00
data_length = len(tagdata) / 5
if tag == "d":
invoice.description = _trim_to_bytes(tagdata).decode("utf-8")
2019-12-14 01:57:22 +01:00
elif tag == "h" and data_length == 52:
invoice.description_hash = _trim_to_bytes(tagdata).hex()
2019-12-14 01:57:22 +01:00
elif tag == "p" and data_length == 52:
invoice.payment_hash = _trim_to_bytes(tagdata).hex()
2020-08-30 22:40:28 +02:00
elif tag == "x":
invoice.expiry = tagdata.uint
elif tag == "n":
invoice.payee = _trim_to_bytes(tagdata).hex()
2020-08-30 22:40:28 +02:00
# this won't work in most cases, we must extract the payee
# from the signature
elif tag == "s":
invoice.secret = _trim_to_bytes(tagdata).hex()
2020-08-30 22:40:28 +02:00
elif tag == "r":
s = bitstring.ConstBitStream(tagdata)
while s.pos + 264 + 64 + 32 + 32 + 16 < s.len:
route = Route(
pubkey=s.read(264).tobytes().hex(),
short_channel_id=_readable_scid(s.read(64).intbe),
2020-08-30 22:40:28 +02:00
base_fee_msat=s.read(32).intbe,
ppm_fee=s.read(32).intbe,
cltv=s.read(16).intbe,
)
invoice.route_hints.append(route)
# BOLT #11:
# A reader MUST check that the `signature` is valid (see the `n` tagged
# field specified below).
# A reader MUST use the `n` field to validate the signature instead of
# performing signature recovery if a valid `n` field is provided.
message = bytearray([ord(c) for c in hrp]) + data.tobytes()
sig = signature[0:64]
if invoice.payee:
key = VerifyingKey.from_string(unhexlify(invoice.payee), curve=SECP256k1)
key.verify(sig, message, hashlib.sha256, sigdecode=sigdecode_string)
else:
keys = VerifyingKey.from_public_key_recovery(
sig, message, SECP256k1, hashlib.sha256
)
2020-08-30 22:40:28 +02:00
signaling_byte = signature[64]
key = keys[int(signaling_byte)]
invoice.payee = key.to_string("compressed").hex()
2019-12-14 01:57:22 +01:00
return invoice
2022-01-30 11:41:20 +01:00
def encode(options):
2022-01-31 17:29:42 +01:00
"""Convert options into LnAddr and pass it to the encoder"""
2022-01-30 11:41:20 +01:00
addr = LnAddr()
2022-02-01 21:51:40 +01:00
addr.currency = options["currency"]
addr.fallback = options["fallback"] if options["fallback"] else None
if options["amount"]:
addr.amount = options["amount"]
if options["timestamp"]:
addr.date = int(options["timestamp"])
addr.paymenthash = unhexlify(options["paymenthash"])
if options["description"]:
addr.tags.append(("d", options["description"]))
if options["description_hash"]:
addr.tags.append(("h", options["description_hash"]))
if options["expires"]:
addr.tags.append(("x", options["expires"]))
if options["fallback"]:
addr.tags.append(("f", options["fallback"]))
if options["route"]:
for r in options["route"]:
2022-01-31 01:12:59 +01:00
splits = r.split("/")
route = []
while len(splits) >= 5:
route.append(
(
unhexlify(splits[0]),
unhexlify(splits[1]),
int(splits[2]),
int(splits[3]),
int(splits[4]),
)
2022-01-30 20:43:30 +01:00
)
2022-01-31 01:12:59 +01:00
splits = splits[5:]
assert len(splits) == 0
addr.tags.append(("r", route))
2022-02-01 21:51:40 +01:00
return lnencode(addr, options["privkey"])
2022-01-30 11:41:20 +01:00
def lnencode(addr, privkey):
if addr.amount:
amount = Decimal(str(addr.amount))
# We can only send down to millisatoshi.
2022-06-01 14:53:05 +02:00
if amount * 10**12 % 10:
2022-01-30 20:43:30 +01:00
raise ValueError(
"Cannot encode {}: too many decimal places".format(addr.amount)
)
2022-01-30 11:41:20 +01:00
amount = addr.currency + shorten_amount(amount)
else:
2022-01-30 20:43:30 +01:00
amount = addr.currency if addr.currency else ""
2022-01-30 11:41:20 +01:00
2022-01-31 01:12:59 +01:00
hrp = "ln" + amount + "0n"
2022-01-30 11:41:20 +01:00
# Start with the timestamp
2022-01-30 20:43:30 +01:00
data = bitstring.pack("uint:35", addr.date)
2022-01-30 11:41:20 +01:00
# Payment hash
2022-01-30 20:43:30 +01:00
data += tagged_bytes("p", addr.paymenthash)
2022-01-30 11:41:20 +01:00
tags_set = set()
for k, v in addr.tags:
# BOLT #11:
#
# A writer MUST NOT include more than one `d`, `h`, `n` or `x` fields,
2022-01-30 20:43:30 +01:00
if k in ("d", "h", "n", "x"):
2022-01-30 11:41:20 +01:00
if k in tags_set:
raise ValueError("Duplicate '{}' tag".format(k))
2022-01-30 20:43:30 +01:00
if k == "r":
2022-01-30 11:41:20 +01:00
route = bitstring.BitArray()
for step in v:
pubkey, channel, feebase, feerate, cltv = step
2022-01-30 20:43:30 +01:00
route.append(
bitstring.BitArray(pubkey)
+ bitstring.BitArray(channel)
+ bitstring.pack("intbe:32", feebase)
+ bitstring.pack("intbe:32", feerate)
+ bitstring.pack("intbe:16", cltv)
)
data += tagged("r", route)
elif k == "f":
2022-01-30 11:41:20 +01:00
data += encode_fallback(v, addr.currency)
2022-01-30 20:43:30 +01:00
elif k == "d":
data += tagged_bytes("d", v.encode())
elif k == "x":
2022-01-30 11:41:20 +01:00
# Get minimal length by trimming leading 5 bits at a time.
2022-01-30 20:43:30 +01:00
expirybits = bitstring.pack("intbe:64", v)[4:64]
while expirybits.startswith("0b00000"):
2022-01-30 11:41:20 +01:00
expirybits = expirybits[5:]
2022-01-30 20:43:30 +01:00
data += tagged("x", expirybits)
elif k == "h":
data += tagged_bytes("h", v)
2022-01-30 20:43:30 +01:00
elif k == "n":
data += tagged_bytes("n", v)
2022-01-30 11:41:20 +01:00
else:
# FIXME: Support unknown tags?
raise ValueError("Unknown tag {}".format(k))
tags_set.add(k)
# BOLT #11:
#
# A writer MUST include either a `d` or `h` field, and MUST NOT include
# both.
2022-01-30 20:43:30 +01:00
if "d" in tags_set and "h" in tags_set:
2022-01-30 11:41:20 +01:00
raise ValueError("Cannot include both 'd' and 'h'")
2022-01-30 20:43:30 +01:00
if not "d" in tags_set and not "h" in tags_set:
2022-01-30 11:41:20 +01:00
raise ValueError("Must include either 'd' or 'h'")
2022-01-30 20:43:30 +01:00
2022-01-30 11:41:20 +01:00
# We actually sign the hrp, then data (padded to 8 bits with zeroes).
privkey = secp256k1.PrivateKey(bytes(unhexlify(privkey)))
2022-01-30 20:43:30 +01:00
sig = privkey.ecdsa_sign_recoverable(
bytearray([ord(c) for c in hrp]) + data.tobytes()
)
2022-01-30 11:41:20 +01:00
# This doesn't actually serialize, but returns a pair of values :(
sig, recid = privkey.ecdsa_recoverable_serialize(sig)
data += bytes(sig) + bytes([recid])
return bech32_encode(hrp, bitarray_to_u5(data))
2022-01-30 20:43:30 +01:00
2022-01-30 11:41:20 +01:00
class LnAddr(object):
2022-01-30 20:43:30 +01:00
def __init__(
self, paymenthash=None, amount=None, currency="bc", tags=None, date=None
):
2022-01-30 11:41:20 +01:00
self.date = int(time.time()) if not date else int(date)
self.tags = [] if not tags else tags
self.unknown_tags = []
2022-01-30 20:43:30 +01:00
self.paymenthash = paymenthash
2022-01-30 11:41:20 +01:00
self.signature = None
self.pubkey = None
self.currency = currency
self.amount = amount
def __str__(self):
return "LnAddr[{}, amount={}{} tags=[{}]]".format(
2022-01-30 20:43:30 +01:00
hexlify(self.pubkey.serialize()).decode("utf-8"),
self.amount,
self.currency,
", ".join([k + "=" + str(v) for k, v in self.tags]),
2022-01-30 11:41:20 +01:00
)
2022-01-31 01:12:59 +01:00
def shorten_amount(amount):
2022-01-31 17:29:42 +01:00
"""Given an amount in bitcoin, shorten it"""
2022-01-31 01:12:59 +01:00
# Convert to pico initially
2022-06-01 14:53:05 +02:00
amount = int(amount * 10**12)
2022-01-31 17:29:42 +01:00
units = ["p", "n", "u", "m", ""]
2022-01-31 01:12:59 +01:00
for unit in units:
if amount % 1000 == 0:
amount //= 1000
else:
break
return str(amount) + unit
2022-01-31 17:29:42 +01:00
def _unshorten_amount(amount: str) -> int:
2020-09-03 23:02:15 +02:00
"""Given a shortened amount, return millisatoshis"""
2019-12-14 01:57:22 +01:00
# BOLT #11:
# The following `multiplier` letters are defined:
#
# * `m` (milli): multiply by 0.001
# * `u` (micro): multiply by 0.000001
# * `n` (nano): multiply by 0.000000001
# * `p` (pico): multiply by 0.000000000001
2022-06-01 14:53:05 +02:00
units = {"p": 10**12, "n": 10**9, "u": 10**6, "m": 10**3}
2019-12-14 01:57:22 +01:00
unit = str(amount)[-1]
# BOLT #11:
# A reader SHOULD fail if `amount` contains a non-digit, or is followed by
# anything except a `multiplier` in the table above.
if not re.fullmatch(r"\d+[pnum]?", str(amount)):
2019-12-14 01:57:22 +01:00
raise ValueError("Invalid amount '{}'".format(amount))
if unit in units:
return int(int(amount[:-1]) * 100_000_000_000 / units[unit])
2019-12-14 01:57:22 +01:00
else:
return int(amount) * 100_000_000_000
def _pull_tagged(stream):
2019-12-14 01:57:22 +01:00
tag = stream.read(5).uint
length = stream.read(5).uint * 32 + stream.read(5).uint
return (CHARSET[tag], stream.read(length * 5), stream)
2022-01-31 01:12:59 +01:00
def is_p2pkh(currency, prefix):
return prefix == base58_prefix_map[currency][0]
2022-01-31 17:29:42 +01:00
2022-01-31 01:12:59 +01:00
def is_p2sh(currency, prefix):
return prefix == base58_prefix_map[currency][1]
2022-01-31 17:29:42 +01:00
2022-01-31 01:12:59 +01:00
# Tagged field containing BitArray
def tagged(char, l):
# Tagged fields need to be zero-padded to 5 bits.
while l.len % 5 != 0:
2022-01-31 17:29:42 +01:00
l.append("0b0")
return (
bitstring.pack(
"uint:5, uint:5, uint:5",
CHARSET.find(char),
(l.len / 5) / 32,
(l.len / 5) % 32,
)
+ l
)
2022-01-31 01:12:59 +01:00
def tagged_bytes(char, l):
return tagged(char, bitstring.BitArray(l))
2022-01-31 17:29:42 +01:00
def _trim_to_bytes(barr):
2019-12-14 01:57:22 +01:00
# Adds a byte if necessary.
b = barr.tobytes()
if barr.len % 8 != 0:
return b[:-1]
return b
def _readable_scid(short_channel_id: int) -> str:
2020-08-30 22:40:28 +02:00
return "{blockheight}x{transactionindex}x{outputindex}".format(
2022-06-01 14:53:05 +02:00
blockheight=((short_channel_id >> 40) & 0xFFFFFF),
transactionindex=((short_channel_id >> 16) & 0xFFFFFF),
outputindex=(short_channel_id & 0xFFFF),
2020-08-30 22:40:28 +02:00
)
def _u5_to_bitarray(arr: List[int]) -> bitstring.BitArray:
2019-12-14 01:57:22 +01:00
ret = bitstring.BitArray()
for a in arr:
ret += bitstring.pack("uint:5", a)
return ret
2022-01-31 01:12:59 +01:00
2022-01-31 17:29:42 +01:00
2022-01-31 01:12:59 +01:00
def bitarray_to_u5(barr):
assert barr.len % 5 == 0
ret = []
s = bitstring.ConstBitStream(barr)
while s.pos != s.len:
ret.append(s.read(5).uint)
2022-01-31 17:29:42 +01:00
return ret