| 146 | } |
| 147 | |
| 148 | static struct command_result *json_checkmessage(struct command *cmd, |
| 149 | const char *buffer, |
| 150 | const jsmntok_t *obj UNNEEDED, |
| 151 | const jsmntok_t *params) |
| 152 | { |
| 153 | struct pubkey *pubkey, reckey; |
| 154 | const u8 *u8sig; |
| 155 | const char *message, *zb; |
| 156 | secp256k1_ecdsa_recoverable_signature rsig; |
| 157 | struct sha256_ctx sctx = SHA256_INIT; |
| 158 | struct sha256_double shad; |
| 159 | struct json_stream *response; |
| 160 | |
| 161 | if (!param_check(cmd, buffer, params, |
| 162 | p_req("message", param_string, &message), |
| 163 | p_req("zbase", param_string, &zb), |
| 164 | p_opt("pubkey", param_pubkey, &pubkey), |
| 165 | NULL)) |
| 166 | return command_param_failed(); |
| 167 | |
| 168 | u8sig = from_zbase32(tmpctx, zb); |
| 169 | if (!u8sig) |
| 170 | return command_fail(cmd, JSONRPC2_INVALID_PARAMS, |
| 171 | "zbase is not valid zbase32"); |
| 172 | |
| 173 | if (tal_bytelen(u8sig) != 65) |
| 174 | return command_fail(cmd, JSONRPC2_INVALID_PARAMS, |
| 175 | "zbase is too %s", |
| 176 | tal_bytelen(u8sig) < 65 ? "short" : "long"); |
| 177 | |
| 178 | if (!secp256k1_ecdsa_recoverable_signature_parse_compact(secp256k1_ctx, |
| 179 | &rsig, |
| 180 | u8sig + 1, |
| 181 | u8sig[0] - 31)) |
| 182 | return command_fail(cmd, JSONRPC2_INVALID_PARAMS, |
| 183 | "cannot parse zbase signature"); |
| 184 | |
| 185 | if (command_check_only(cmd)) |
| 186 | return command_check_done(cmd); |
| 187 | |
| 188 | sha256_update(&sctx, "Lightning Signed Message:", |
| 189 | strlen("Lightning Signed Message:")); |
| 190 | sha256_update(&sctx, message, strlen(message)); |
| 191 | sha256_double_done(&sctx, &shad); |
| 192 | |
| 193 | if (!secp256k1_ecdsa_recover(secp256k1_ctx, &reckey.pubkey, &rsig, |
| 194 | shad.sha.u.u8)) { |
| 195 | response = json_stream_success(cmd); |
| 196 | json_add_bool(response, "verified", false); |
| 197 | return command_success(cmd, response); |
| 198 | } |
| 199 | |
| 200 | /* If they didn't specify pubkey, we only accept the signature if it's |
| 201 | * in the graph (thus, they've signed something with it). This idea |
| 202 | * was stolen directly from lnd, thanks @roasbeef. |
| 203 | * |
| 204 | * FIXME: We could also look through known invoices: AFAICT you can't |
| 205 | * make two (different) signed messages with the same recovered key |
nothing calls this directly
no test coverage detected