Expose a BOLT 12 Invoice's signable_hash

This is useful as an identifier for downstream clients like VLS.

Author: jkczyz

lightning/src/offers/invoice.rs

@@ -469,6 +469,11 @@ impl Invoice {
 		self.signature
 	}
 
+	/// Hash that was used for signing the invoice.
+	pub fn signable_hash(&self) -> [u8; 32] {
+		merkle::message_digest(SIGNATURE_TAG, &self.bytes).as_ref().clone()
+	}
+
 	#[cfg(test)]
 	fn as_tlv_stream(&self) -> FullInvoiceTlvStreamRef {
 		let (payer_tlv_stream, offer_tlv_stream, invoice_request_tlv_stream, invoice_tlv_stream) =
@@ -937,6 +942,11 @@ mod tests {
 			).is_ok()
 		);
 
+		let digest = Message::from_slice(&invoice.signable_hash()).unwrap();
+		let pubkey = recipient_pubkey().into();
+		let secp_ctx = Secp256k1::verification_only();
+		assert!(secp_ctx.verify_schnorr(&invoice.signature, &digest, &pubkey).is_ok());
+
 		assert_eq!(
 			invoice.as_tlv_stream(),
 			(

lightning/src/offers/merkle.rs

@@ -66,7 +66,7 @@ pub(super) fn verify_signature(
 	secp_ctx.verify_schnorr(signature, &digest, &pubkey)
 }
 
-fn message_digest(tag: &str, bytes: &[u8]) -> Message {
+pub(super) fn message_digest(tag: &str, bytes: &[u8]) -> Message {
 	let tag = sha256::Hash::hash(tag.as_bytes());
 	let merkle_root = root_hash(bytes);
 	Message::from_slice(&tagged_hash(tag, merkle_root)).unwrap()