Implement lnurl auth signer #1088
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dangeross
reviewed
Sep 18, 2024
| let sig = Secp256k1::new().sign_ecdsa(&k1_to_sign, &linking_keys.secret_key()); | ||
| let url = Url::from_str(&req_data.url).map_err(|e| LnUrlError::InvalidUri(e.to_string()))?; | ||
| let derivation_path = get_derivation_path(signer, url)?; | ||
| let sig = signer.sign_ecdsa(req_data.k1.as_bytes(), &derivation_path)?; |
There was a problem hiding this comment.
I think this k1 needs to be decoded from hex
There was a problem hiding this comment.
Indeed, I wonder how it is working also with this code...
| let url = Url::from_str(&req_data.url).map_err(|e| LnUrlError::InvalidUri(e.to_string()))?; | ||
| let derivation_path = get_derivation_path(signer, url)?; | ||
| let sig = signer.sign_ecdsa(req_data.k1.as_bytes(), &derivation_path)?; | ||
| let xpub = signer.derive_bip32_pub_key(&derivation_path)?; | ||
|
|
||
| // <LNURL_hostname_and_path>?<LNURL_existing_query_parameters>&sig=<hex(sign(utf8ToBytes(k1), linkingPrivKey))>&key=<hex(linkingKey)> |
There was a problem hiding this comment.
From LUD-04:
Suggested change
| // <LNURL_hostname_and_path>?<LNURL_existing_query_parameters>&sig=<hex(sign(utf8ToBytes(k1), linkingPrivKey))>&key=<hex(linkingKey)> | |
| // <LNURL_hostname_and_path>?<LNURL_existing_query_parameters>&sig=<hex(sign(hexToBytes(k1), linkingPrivKey))>&key=<hex(linkingKey)> |
libs/sdk-core/src/lnurl/auth.rs
Outdated
| fn sign_ecdsa(&self, msg: &[u8], derivation_path: &[ChildNumber]) -> LnUrlResult<Vec<u8>> { | ||
| let xpriv = self.node_api.derive_bip32_key(derivation_path.to_vec())?; | ||
| let sig = Secp256k1::new().sign_ecdsa( | ||
| &Message::from_slice(msg).map_err(|_| LnUrlError::generic("failed to sign"))?, |
There was a problem hiding this comment.
Suggested change
| &Message::from_slice(msg).map_err(|_| LnUrlError::generic("failed to sign"))?, | |
| &Message::from_slice(msg).map_err(|_| LnUrlError::generic("Failed to sign"))?, |
libs/sdk-core/src/lnurl/auth.rs
Outdated
|
|
||
| use crate::node_api::NodeAPI; | ||
|
|
||
| pub(crate) struct SDKLnurlAuthSigner { |
There was a problem hiding this comment.
Small nit about naming, Sdk is used throughout for structs and enums (correct or not, just for consistency)
dangeross
reviewed
Sep 18, 2024
| use reqwest::Url; | ||
|
|
||
| use crate::prelude::*; | ||
|
|
||
| pub trait LnurAuthSigner { |
There was a problem hiding this comment.
Sorry, just spotted:
Suggested change
| pub trait LnurAuthSigner { | |
| pub trait LnurlAuthSigner { |
dangeross
approved these changes
Sep 18, 2024
ok300
approved these changes
Sep 18, 2024
ok300
approved these changes
Sep 23, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR changes the lnurl auth functionality to support signers that don't expose private keys.
Instead of passing the private key (linking key) to the lnurl module for signing the lnurl module expect a signer implementation with some basic building blocks for siginig and deriving public keys.
Also the caller now doesn't need to have a knowledge about the lnurl auth internals (constructing the linking key for example) as the lnurl module takes care of it.
This is needed in order also to support splitting the signer from the sdk implementation in breez-ask-liquid project.