offer: make the merkle tree signature public

This is helpfull for the users that want to use the merkle tree
signature in their own code, for example to verify the
signature of bolt12 invoices or recreate it.

Very useful for people that are building command line tools
for the bolt12 offers.

Signed-off-by: Vincenzo Palazzo <[email protected]>

Author: vincenzopalazzo

lightning/src/offers/invoice.rs

@@ -3560,4 +3560,37 @@ mod tests {
 			),
 		}
 	}
+
+	#[test]
+	fn verifies_invoice_signature_with_tagged_hash() {
+		let secp_ctx = Secp256k1::new();
+		let expanded_key = ExpandedKey::new([42; 32]);
+		let entropy = FixedEntropy {};
+		let nonce = Nonce::from_entropy_source(&entropy);
+		let node_id = recipient_pubkey();
+		let payment_paths = payment_paths();
+		let now = Duration::from_secs(123456);
+		let payment_id = PaymentId([1; 32]);
+
+		let offer = OfferBuilder::new(node_id).amount_msats(1000).build().unwrap();
+
+		let invoice_request = offer
+			.request_invoice(&expanded_key, nonce, &secp_ctx, payment_id)
+			.unwrap()
+			.build_and_sign()
+			.unwrap();
+
+		let invoice = invoice_request
+			.respond_with_no_std(payment_paths, payment_hash(), now)
+			.unwrap()
+			.build()
+			.unwrap()
+			.sign(recipient_sign)
+			.unwrap();
+
+		let issuer_sign_pubkey = offer.issuer_signing_pubkey().unwrap();
+		let tagged_hash = invoice.tagged_hash();
+		let signature = invoice.signature();
+		assert!(merkle::verify_signature(&signature, tagged_hash, issuer_sign_pubkey).is_ok());
+	}
 }

lightning/src/offers/merkle.rs

@@ -94,7 +94,7 @@ pub enum SignError {
 }
 
 /// A function for signing a [`TaggedHash`].
-pub(super) trait SignFn<T: AsRef<TaggedHash>> {
+pub trait SignFn<T: AsRef<TaggedHash>> {
 	/// Signs a [`TaggedHash`] computed over the merkle root of `message`'s TLV stream.
 	fn sign(&self, message: &T) -> Result<Signature, ()>;
 }
@@ -117,9 +117,7 @@ where
 ///
 /// [`Bolt12Invoice`]: crate::offers::invoice::Bolt12Invoice
 /// [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
-pub(super) fn sign_message<F, T>(
-	f: F, message: &T, pubkey: PublicKey,
-) -> Result<Signature, SignError>
+pub fn sign_message<F, T>(f: F, message: &T, pubkey: PublicKey) -> Result<Signature, SignError>
 where
 	F: SignFn<T>,
 	T: AsRef<TaggedHash>,
@@ -136,7 +134,7 @@ where
 
 /// Verifies the signature with a pubkey over the given message using a tagged hash as the message
 /// digest.
-pub(super) fn verify_signature(
+pub fn verify_signature(
 	signature: &Signature, message: &TaggedHash, pubkey: PublicKey,
 ) -> Result<(), secp256k1::Error> {
 	let digest = message.as_digest();