From 703e6107fa8447222a29ec76c314631fceb9869c Mon Sep 17 00:00:00 2001 From: fiatjaf Date: Thu, 16 Dec 2021 15:55:36 -0300 Subject: [PATCH] remove old fiatjaf's checksum thing (replaced with stepan's). --- lnbits/extensions/lnurlpos/lnurl.py | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/lnbits/extensions/lnurlpos/lnurl.py b/lnbits/extensions/lnurlpos/lnurl.py index e61fc900b..dccacef03 100644 --- a/lnbits/extensions/lnurlpos/lnurl.py +++ b/lnbits/extensions/lnurlpos/lnurl.py @@ -56,7 +56,7 @@ async def handle_lnurl_firstrequest( if not pos: return { "status": "ERROR", - "reason": f"lnurlpos {pos_id} not found on this server.", + "reason": f"lnurlpos {pos_id} not found on this server", } try: @@ -83,22 +83,24 @@ async def handle_lnurl_firstrequest( "reason": f"Invalid hex or base64 payload: {payload}", } - if len(payloadb)!=8: - raise RuntimeError("Expected 8 bytes") - expected = hmac.new(pos.key.encode(), payloadb[:-2], digestmod="sha256").digest() - if expected[:2] != payloadb[-2:]: - raise RuntimeError("Invalid HMAC") - s = hmac.new(pos.key.encode(), nonceb, digestmod="sha256").digest() + # check payload and nonce sizes + if len(payloadb) != 8 or len(nonceb) != 8: + return {"status": "ERROR", "reason": "Expected 8 bytes"} + # verify hmac + if verify_checksum: + expected = hmac.new( + pos.key.encode(), payloadb[:-2], digestmod="sha256" + ).digest() + if expected[:2] != payloadb[-2:]: + return {"status": "ERROR", "reason": "Invalid HMAC"} + + # decrypt + s = hmac.new(pos.key.encode(), nonceb, digestmod="sha256").digest() res = bytearray(payloadb) for i in range(len(res)): res[i] = res[i] ^ s[i] - if verify_checksum: - checksum = res[6:8] - if hashlib.sha256(res[0:6]).digest()[0:2] != checksum: - return {"status": "ERROR", "reason": "Invalid checksum!"} - pin = int.from_bytes(res[0:2], "little") amount = int.from_bytes(res[2:6], "little")