Add OfferId to Bolt12Invoice and tests for offer_id correctness

- Add an Option<OfferId> field to Bolt12Invoice to track the originating offer.
- Compute the offer_id for invoices created from offers by extracting the offer TLV records and hashing them with the correct tag.
- Expose a public offer_id() accessor on Bolt12Invoice.
- Add tests to ensure the offer_id in the invoice matches the originating Offer, and that refund invoices have no offer_id.
- All existing and new tests pass. This enables linking invoices to their originating offers in a robust and spec-compliant way.

Signed-off-by: Vincenzo Palazzo <[email protected]>

Author: vincenzopalazzo

lightning/src/offers/invoice.rs

@@ -135,7 +135,7 @@ use crate::offers::merkle::{
 };
 use crate::offers::nonce::Nonce;
 use crate::offers::offer::{
-	Amount, ExperimentalOfferTlvStream, ExperimentalOfferTlvStreamRef, OfferTlvStream,
+	Amount, ExperimentalOfferTlvStream, ExperimentalOfferTlvStreamRef, OfferId, OfferTlvStream,
 	OfferTlvStreamRef, Quantity, EXPERIMENTAL_OFFER_TYPES, OFFER_TYPES,
 };
 use crate::offers::parse::{Bolt12ParseError, Bolt12SemanticError, ParsedMessage};
@@ -665,6 +665,21 @@ impl UnsignedBolt12Invoice {
 	pub fn tagged_hash(&self) -> &TaggedHash {
 		&self.tagged_hash
 	}
+
+	/// Computes the offer ID if this invoice corresponds to an offer.
+	fn compute_offer_id(&self) -> Option<OfferId> {
+		match &self.contents {
+			InvoiceContents::ForOffer { .. } => {
+				// Extract offer TLV records from the invoice bytes
+				let offer_tlv_stream = TlvStream::new(&self.bytes).range(OFFER_TYPES);
+				let experimental_offer_tlv_stream = TlvStream::new(&self.experimental_bytes).range(EXPERIMENTAL_OFFER_TYPES);
+				let combined_tlv_stream = offer_tlv_stream.chain(experimental_offer_tlv_stream);
+				let tagged_hash = TaggedHash::from_tlv_stream("LDK Offer ID", combined_tlv_stream);
+				Some(OfferId(tagged_hash.to_bytes()))
+			},
+			InvoiceContents::ForRefund { .. } => None,
+		}
+	}
 }
 
 macro_rules! unsigned_invoice_sign_method { ($self: ident, $self_type: ty $(, $self_mut: tt)?) => {
@@ -686,6 +701,9 @@ macro_rules! unsigned_invoice_sign_method { ($self: ident, $self_type: ty $(, $s
 		// Append the experimental bytes after the signature.
 		$self.bytes.extend_from_slice(&$self.experimental_bytes);
 
+		// Compute offer_id before moving fields
+		let offer_id = $self.compute_offer_id();
+
 		Ok(Bolt12Invoice {
 			#[cfg(not(c_bindings))]
 			bytes: $self.bytes,
@@ -700,6 +718,7 @@ macro_rules! unsigned_invoice_sign_method { ($self: ident, $self_type: ty $(, $s
 			tagged_hash: $self.tagged_hash,
 			#[cfg(c_bindings)]
 			tagged_hash: $self.tagged_hash.clone(),
+			offer_id,
 		})
 	}
 } }
@@ -734,6 +753,7 @@ pub struct Bolt12Invoice {
 	contents: InvoiceContents,
 	signature: Signature,
 	tagged_hash: TaggedHash,
+	offer_id: Option<OfferId>,
 }
 
 /// The contents of an [`Bolt12Invoice`] for responding to either an [`Offer`] or a [`Refund`].
@@ -967,6 +987,11 @@ impl Bolt12Invoice {
 		self.tagged_hash.as_digest().as_ref().clone()
 	}
 
+	/// Returns the offer ID if this invoice corresponds to an offer.
+	pub fn offer_id(&self) -> Option<OfferId> {
+		self.offer_id
+	}
+
 	/// Verifies that the invoice was for a request or refund created using the given key by
 	/// checking the payer metadata from the invoice request.
 	///
@@ -1622,7 +1647,12 @@ impl TryFrom<ParsedMessage<FullInvoiceTlvStream>> for Bolt12Invoice {
 		let pubkey = contents.fields().signing_pubkey;
 		merkle::verify_signature(&signature, &tagged_hash, pubkey)?;
 
-		Ok(Bolt12Invoice { bytes, contents, signature, tagged_hash })
+		let offer_tlv_stream = TlvStream::new(&bytes).range(OFFER_TYPES);
+		let experimental_offer_tlv_stream = TlvStream::new(&bytes).range(EXPERIMENTAL_OFFER_TYPES);
+		let combined_tlv_stream = offer_tlv_stream.chain(experimental_offer_tlv_stream);
+		let offer_tagged_hash = TaggedHash::from_tlv_stream("LDK Offer ID", combined_tlv_stream);
+		let offer_id = OfferId::from_tagged_hash(&offer_tagged_hash);
+		Ok(Bolt12Invoice { bytes, contents, signature, tagged_hash, offer_id: Some(offer_id) })
 	}
 }
 
@@ -3556,4 +3586,62 @@ mod tests {
 			),
 		}
 	}
+
+	#[test]
+	fn invoice_offer_id_matches_offer_id() {
+		let expanded_key = ExpandedKey::new([42; 32]);
+		let entropy = FixedEntropy {};
+		let nonce = Nonce::from_entropy_source(&entropy);
+		let secp_ctx = Secp256k1::new();
+		let payment_id = PaymentId([1; 32]);
+
+		// Create an offer
+		let offer = OfferBuilder::new(recipient_pubkey())
+			.amount_msats(1000)
+			.build()
+			.unwrap();
+
+		// Get the offer ID
+		let offer_id = offer.id();
+
+		// Create an invoice request from the offer
+		let invoice_request = offer
+			.request_invoice(&expanded_key, nonce, &secp_ctx, payment_id)
+			.unwrap()
+			.build_and_sign()
+			.unwrap();
+
+		// Create an invoice from the invoice request
+		let invoice = invoice_request
+			.respond_with_no_std(payment_paths(), payment_hash(), now())
+			.unwrap()
+			.build()
+			.unwrap()
+			.sign(recipient_sign)
+			.unwrap();
+
+		// Verify that the invoice's offer_id matches the offer's id
+		assert_eq!(invoice.offer_id(), Some(offer_id));
+	}
+
+	#[test]
+	fn refund_invoice_has_no_offer_id() {
+		// Create a refund
+		let refund = RefundBuilder::new(vec![1; 32], payer_pubkey(), 1000)
+			.unwrap()
+			.build()
+			.unwrap();
+
+		// Create an invoice from the refund
+		let invoice = refund
+			.respond_with_no_std(payment_paths(), payment_hash(), recipient_pubkey(), now())
+			.unwrap()
+			.build()
+			.unwrap()
+			.sign(recipient_sign)
+			.unwrap();
+
+		// Verify that the refund invoice has no offer_id
+		assert_eq!(invoice.offer_id(), None);
+	}
 }

lightning/src/offers/offer.rs

@@ -133,6 +133,10 @@ impl OfferId {
 		let tagged_hash = TaggedHash::from_tlv_stream(Self::ID_TAG, tlv_stream);
 		Self(tagged_hash.to_bytes())
 	}
+
+	pub (crate) fn from_tagged_hash(tagged_hash: &TaggedHash) -> Self {
+		Self(tagged_hash.to_bytes())
+	}
 }
 
 impl Borrow<[u8]> for OfferId {