diff --git a/bolt11/models/signature.py b/bolt11/models/signature.py index 7258d52..ec16f5c 100644 --- a/bolt11/models/signature.py +++ b/bolt11/models/signature.py @@ -1,8 +1,11 @@ from dataclasses import dataclass from hashlib import sha256 -from coincurve import PrivateKey, PublicKey +from coincurve import PrivateKey, PublicKey, verify_signature +from coincurve.ecdsa import deserialize_recoverable, recoverable_convert, cdata_to_der +def message(hrp: str, signing_data: bytes) -> bytes: + return bytearray([ord(c) for c in hrp]) + signing_data @dataclass class Signature: @@ -23,19 +26,19 @@ def from_private_key( cls, hrp: str, private_key: str, signing_data: bytes ) -> "Signature": key = PrivateKey.from_hex(private_key) - message = bytearray([ord(c) for c in hrp]) + signing_data - signature_data = key.sign_recoverable(message) + signature_data = key.sign_recoverable(message(hrp, signing_data)) return cls(hrp=hrp, signing_data=signing_data, signature_data=signature_data) def verify(self, payee: str) -> bool: if not self.signature_data: raise ValueError("No signature data") - # TODO: couldnt make it work with PublicKey.verify :( without recovering - if payee != self.recover_public_key(): - raise ValueError("Verifying payee public_key failed.") - # pubkey = PublicKey( bytes.fromhex(payee)) - # message = bytearray([ord(c) for c in self.hrp]) + self.signing_data - # pubkey.verify(self.signature_data, message) + if not self.signing_data: + raise ValueError("No signing data") + sig = deserialize_recoverable(self.signature_data) + sig = recoverable_convert(sig) + sig = cdata_to_der(sig) + if not verify_signature(sig, message(self.hrp, self.signing_data), bytes.fromhex(payee)): + raise ValueError("Invalid signature") return True def recover_public_key(self) -> str: