diff --git a/docs/release-notes/release-notes-0.22.0.md b/docs/release-notes/release-notes-0.22.0.md index fb31bad5662..76d1866e23d 100644 --- a/docs/release-notes/release-notes-0.22.0.md +++ b/docs/release-notes/release-notes-0.22.0.md @@ -52,6 +52,9 @@ ## BOLT Spec Updates +* LND now [enforces](https://github.com/lightning/bolts/pull/1284) low-S + canonical signatures when the `n` field is present in a BOLT11 invoice. + * The fundee now [enforces the BOLT-02 bound on `push_msat`](https://github.com/lightningnetwork/lnd/pull/10765), rejecting incoming `open_channel` messages where `push_msat` exceeds diff --git a/go.mod b/go.mod index af03897854d..bea18305cfb 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ require ( github.com/Yawning/aez v0.0.0-20211027044916-e49e68abd344 github.com/andybalholm/brotli v1.0.4 github.com/btcsuite/btcd v0.25.1-0.20260310163610-1c55c7c18179 - github.com/btcsuite/btcd/btcec/v2 v2.3.6 + github.com/btcsuite/btcd/btcec/v2 v2.4.0 github.com/btcsuite/btcd/btcutil v1.1.6 github.com/btcsuite/btcd/btcutil/psbt v1.1.10 github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 diff --git a/go.sum b/go.sum index 065b5a18207..65714e9dd83 100644 --- a/go.sum +++ b/go.sum @@ -44,8 +44,8 @@ github.com/btcsuite/btcd v0.25.1-0.20260310163610-1c55c7c18179 h1:yJOTxkbxxtuSFr github.com/btcsuite/btcd v0.25.1-0.20260310163610-1c55c7c18179/go.mod h1:qbPE+pEiR9643E1s1xu57awsRhlCIm1ZIi6FfeRA4KE= github.com/btcsuite/btcd/btcec/v2 v2.1.0/go.mod h1:2VzYrv4Gm4apmbVVsSq5bqf1Ec8v56E48Vt0Y/umPgA= github.com/btcsuite/btcd/btcec/v2 v2.1.3/go.mod h1:ctjw4H1kknNJmRN4iP1R7bTQ+v3GJkZBd6mui8ZsAZE= -github.com/btcsuite/btcd/btcec/v2 v2.3.6 h1:IzlsEr9olcSRKB/n7c4351F3xHKxS2lma+1UFGCYd4E= -github.com/btcsuite/btcd/btcec/v2 v2.3.6/go.mod h1:m22FrOAiuxl/tht9wIqAoGHcbnCCaPWyauO8y2LGGtQ= +github.com/btcsuite/btcd/btcec/v2 v2.4.0 h1:9JgnRkOL8J1UKuGlpJs7oL5tFRgrBgyM/uhwfS+cUiI= +github.com/btcsuite/btcd/btcec/v2 v2.4.0/go.mod h1:64BXFSNzV1koQHPqljB4LaD6lZPQEQNZ38zMImajCRo= github.com/btcsuite/btcd/btcutil v1.0.0/go.mod h1:Uoxwv0pqYWhD//tfTiipkxNfdhG9UrLwaeswfjfdF0A= github.com/btcsuite/btcd/btcutil v1.1.0/go.mod h1:5OapHB7A2hBBWLm48mmw4MOHNJCcUBTwmWH/0Jn8VHE= github.com/btcsuite/btcd/btcutil v1.1.5/go.mod h1:PSZZ4UitpLBWzxGd5VGOrLnmOjtPP/a6HaFo12zMs00= diff --git a/zpay32/decode.go b/zpay32/decode.go index 577f6a6d13d..2e38b3820b9 100644 --- a/zpay32/decode.go +++ b/zpay32/decode.go @@ -186,6 +186,11 @@ func Decode(invoice string, net *chaincfg.Params, opts ...DecodeOption) ( return nil, fmt.Errorf("unable to deserialize "+ "signature: %v", err) } + // Ensure the signature is in canonical low-S form. + if err = ecdsa.VerifyLowS(sig.ToSignatureBytes()); err != nil { + return nil, fmt.Errorf("invalid invoice "+ + "signature: %w", err) + } if !signature.Verify(hash, decodedInvoice.Destination) { return nil, fmt.Errorf("invalid invoice signature") } diff --git a/zpay32/invoice_test.go b/zpay32/invoice_test.go index bfa1539f3ec..2ddf61357ca 100644 --- a/zpay32/invoice_test.go +++ b/zpay32/invoice_test.go @@ -22,6 +22,7 @@ import ( "github.com/stretchr/testify/require" ) +//nolint:ll var ( testMillisat24BTC = lnwire.MilliSatoshi(2400000000000) testMillisat2500uBTC = lnwire.MilliSatoshi(250000000) @@ -61,6 +62,9 @@ var ( testPrivKeyBytes, _ = hex.DecodeString("e126f68f7eafcc8b74f54d269fe206be715000f94dac067d1c04a8ca3b2db734") testPrivKey, testPubKey = btcec.PrivKeyFromBytes(testPrivKeyBytes) + testHighSPubKeyBytes, _ = hex.DecodeString("02d0139ce7427d6dfffd26a326c18be754ef1e64672b42694ba5b23ef6e6e7803d") + testHighSPubKey, _ = btcec.ParsePubKey(testHighSPubKeyBytes) + testDescriptionHashSlice = chainhash.HashB([]byte("One piece of chocolate cake, one icecream cone, one pickle, one slice of swiss cheese, one slice of salami, one lollypop, one piece of cherry pie, one sausage, one cupcake, and one slice of watermelon")) testExpiry0 = time.Duration(0) * time.Second @@ -195,6 +199,7 @@ func TestDecodeEncode(t *testing.T) { decodeOpts []DecodeOption skipEncoding bool beforeEncoding func(*Invoice) + errContains string }{ { encodedInvoice: "asdsaddnasdnas", // no hrp @@ -898,6 +903,36 @@ func TestDecodeEncode(t *testing.T) { WithErrorOnUnknownFeatureBit(), }, }, + { + // Invoice with high-S signature and Public-key + // recovery. + encodedInvoice: "lnbc1pvjluezsp5zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zygspp5qqqsyqcyq5rqwzqfqqqsyqcyq5rqwzqfqqqsyqcyq5rqwzqfqypqdpl2pkx2ctnv5sxxmmwwd5kgetjypeh2ursdae8g6twvus8g6rfwvs8qun0dfjkxaq9qrsgq357wnc5r2ueh7ck6q93dj32dlqnls087fxdwk8qakdyafkq3yap2r09nt4ndd0unm3z9u5t48y6ucv4r5sg7lk98c77ctvjczkspk5qprc90gx", + valid: true, + skipEncoding: true, + decodedInvoice: func() *Invoice { + return &Invoice{ + Net: &chaincfg.MainNetParams, + Timestamp: time.Unix(1496314658, 0), + PaymentHash: &testPaymentHash, + PaymentAddr: fn.Some(specPaymentAddr), + Description: &testPleaseConsider, + Destination: testHighSPubKey, + Features: lnwire.NewFeatureVector( + lnwire.NewRawFeatureVector( + 8, 14, + ), + lnwire.Features, + ), + } + }, + }, + { + // Invoice with high-S signature and 'n' tagged field + // for destination pubkey. + encodedInvoice: "lnbc25m1p70xwfzpp5qqqsyqcyq5rqwzqfqqqsyqcyq5rqwzqfqqqsyqcyq5rqwzqfqypqdpl2pkx2ctnv5sxxmmwwd5kgetjypeh2ursdae8g6twvus8g6rfwvs8qun0dfjkxaqnp4q0n326hr8v9zprg8gsvezcch06gfaqqhde2aj730yg0durunfhv66sp5zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zygs9qrsgqsp5zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zygsp5cfzp9ugllvk03rltd6hvndxj26ux6gcxc5azyxk060rj9tzghct5zvjlps76gx8wpq5yuu79688k8gnm2c0al6v608s96l0xzrrlqqwnzxmu", + valid: false, + errContains: "low-S", + }, } for i, test := range tests { @@ -918,6 +953,11 @@ func TestDecodeEncode(t *testing.T) { ) if !test.valid { require.Error(t, err) + if test.errContains != "" { + require.ErrorContains( + t, err, test.errContains, + ) + } } else { require.NoError(t, err) require.Equal(t, decodedInvoice, invoice)