X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fldk%2Fstructs%2FBaseSign.java;h=11d55c9646681863205f568ffbbbcc3cb1272ffc;hb=1854b5cebef22ace9e9e4dd191f609818df9ce08;hp=9197b6c928c0d4e393f5865e3988799e93979460;hpb=6f84978154512148a47502caad48038e3f264392;p=ldk-java diff --git a/src/main/java/org/ldk/structs/BaseSign.java b/src/main/java/org/ldk/structs/BaseSign.java index 9197b6c9..11d55c96 100644 --- a/src/main/java/org/ldk/structs/BaseSign.java +++ b/src/main/java/org/ldk/structs/BaseSign.java @@ -4,6 +4,8 @@ import org.ldk.impl.bindings; import org.ldk.enums.*; import org.ldk.util.*; import java.util.Arrays; +import java.lang.ref.Reference; +import javax.annotation.Nullable; /** * A trait to sign lightning channel transactions as described in BOLT 3. @@ -29,9 +31,8 @@ public class BaseSign extends CommonBase { final bindings.LDKBaseSign bindings_instance; BaseSign(Object _dummy, long ptr) { super(ptr); bindings_instance = null; } private BaseSign(bindings.LDKBaseSign arg, ChannelPublicKeys pubkeys) { - super(bindings.LDKBaseSign_new(arg, pubkeys == null ? 0 : pubkeys.ptr & ~1)); + super(bindings.LDKBaseSign_new(arg, pubkeys == null ? 0 : pubkeys.clone_ptr())); this.ptrs_to.add(arg); - this.ptrs_to.add(pubkeys); this.bindings_instance = arg; } @Override @SuppressWarnings("deprecation") @@ -57,6 +58,15 @@ public class BaseSign extends CommonBase { * Note that the commitment number starts at (1 << 48) - 1 and counts backwards. */ byte[] release_commitment_secret(long idx); + /** + * Validate the counterparty's signatures on the holder commitment transaction and HTLCs. + * + * This is required in order for the signer to make sure that releasing a commitment + * secret won't leave us without a broadcastable holder transaction. + * Policy checks should be implemented in this function, including checking the amount + * sent to us and checking the HTLCs. + */ + Result_NoneNoneZ validate_holder_commitment(HolderCommitmentTransaction holder_tx); /** * Gets an arbitrary identifier describing the set of keys which are provided back to you in * some SpendableOutputDescriptor types. This should be sufficient to identify this @@ -67,8 +77,18 @@ public class BaseSign extends CommonBase { * Create a signature for a counterparty's commitment transaction and associated HTLC transactions. * * Note that if signing fails or is rejected, the channel will be force-closed. + * + * Policy checks should be implemented in this function, including checking the amount + * sent to us and checking the HTLCs. */ Result_C2Tuple_SignatureCVec_SignatureZZNoneZ sign_counterparty_commitment(CommitmentTransaction commitment_tx); + /** + * Validate the counterparty's revocation. + * + * This is required in order for the signer to make sure that the state has moved + * forward and it is safe to sign the next counterparty commitment. + */ + Result_NoneNoneZ validate_counterparty_revocation(long idx, byte[] secret); /** * Create a signatures for a holder's commitment transaction and its claiming HTLC transactions. * This will only ever be called with a non-revoked commitment_tx. This will be called with the @@ -84,12 +104,12 @@ public class BaseSign extends CommonBase { */ Result_C2Tuple_SignatureCVec_SignatureZZNoneZ sign_holder_commitment_and_htlcs(HolderCommitmentTransaction commitment_tx); /** - * Create a signature for the given input in a transaction spending an HTLC or commitment - * transaction output when our counterparty broadcasts an old state. + * Create a signature for the given input in a transaction spending an HTLC transaction output + * or a commitment transaction `to_local` output when our counterparty broadcasts an old state. * - * A justice transaction may claim multiples outputs at the same time if timelocks are + * A justice transaction may claim multiple outputs at the same time if timelocks are * similar, but only a signature for the input at index `input` should be signed for here. - * It may be called multiples time for same output(s) if a fee-bump is needed with regards + * It may be called multiple times for same output(s) if a fee-bump is needed with regards * to an upcoming timelock expiration. * * Amount is value of the output spent by this input, committed to in the BIP 143 signature. @@ -98,12 +118,28 @@ public class BaseSign extends CommonBase { * revoked the state which they eventually broadcast. It's not a _holder_ secret key and does * not allow the spending of any funds by itself (you need our holder revocation_secret to do * so). + */ + Result_SignatureNoneZ sign_justice_revoked_output(byte[] justice_tx, long input, long amount, byte[] per_commitment_key); + /** + * Create a signature for the given input in a transaction spending a commitment transaction + * HTLC output when our counterparty broadcasts an old state. + * + * A justice transaction may claim multiple outputs at the same time if timelocks are + * similar, but only a signature for the input at index `input` should be signed for here. + * It may be called multiple times for same output(s) if a fee-bump is needed with regards + * to an upcoming timelock expiration. * - * htlc holds HTLC elements (hash, timelock) if the output being spent is a HTLC output, thus - * changing the format of the witness script (which is committed to in the BIP 143 - * signatures). + * Amount is value of the output spent by this input, committed to in the BIP 143 signature. + * + * per_commitment_key is revocation secret which was provided by our counterparty when they + * revoked the state which they eventually broadcast. It's not a _holder_ secret key and does + * not allow the spending of any funds by itself (you need our holder revocation_secret to do + * so). + * + * htlc holds HTLC elements (hash, timelock), thus changing the format of the witness script + * (which is committed to in the BIP 143 signatures). */ - Result_SignatureNoneZ sign_justice_transaction(byte[] justice_tx, long input, long amount, byte[] per_commitment_key, HTLCOutputInCommitment htlc); + Result_SignatureNoneZ sign_justice_revoked_htlc(byte[] justice_tx, long input, long amount, byte[] per_commitment_key, HTLCOutputInCommitment htlc); /** * Create a signature for a claiming transaction for a HTLC output on a counterparty's commitment * transaction, either offered or received. @@ -130,7 +166,7 @@ public class BaseSign extends CommonBase { * Note that, due to rounding, there may be one \"missing\" satoshi, and either party may have * chosen to forgo their output as dust. */ - Result_SignatureNoneZ sign_closing_transaction(byte[] closing_tx); + Result_SignatureNoneZ sign_closing_transaction(ClosingTransaction closing_tx); /** * Signs a channel announcement message with our funding key, proving it comes from one * of the channel participants. @@ -160,53 +196,73 @@ public class BaseSign extends CommonBase { impl_holder.held = new BaseSign(new bindings.LDKBaseSign() { @Override public byte[] get_per_commitment_point(long idx) { byte[] ret = arg.get_per_commitment_point(idx); - return ret; + byte[] result = InternalUtils.check_arr_len(ret, 33); + return result; } @Override public byte[] release_commitment_secret(long idx) { byte[] ret = arg.release_commitment_secret(idx); - return ret; + byte[] result = InternalUtils.check_arr_len(ret, 32); + return result; + } + @Override public long validate_holder_commitment(long holder_tx) { + HolderCommitmentTransaction holder_tx_hu_conv = null; if (holder_tx < 0 || holder_tx > 4096) { holder_tx_hu_conv = new HolderCommitmentTransaction(null, holder_tx); } + Result_NoneNoneZ ret = arg.validate_holder_commitment(holder_tx_hu_conv); + long result = ret == null ? 0 : ret.clone_ptr(); + return result; } @Override public byte[] channel_keys_id() { byte[] ret = arg.channel_keys_id(); - return ret; + byte[] result = InternalUtils.check_arr_len(ret, 32); + return result; } @Override public long sign_counterparty_commitment(long commitment_tx) { - CommitmentTransaction commitment_tx_hu_conv = new CommitmentTransaction(null, commitment_tx); + CommitmentTransaction commitment_tx_hu_conv = null; if (commitment_tx < 0 || commitment_tx > 4096) { commitment_tx_hu_conv = new CommitmentTransaction(null, commitment_tx); } Result_C2Tuple_SignatureCVec_SignatureZZNoneZ ret = arg.sign_counterparty_commitment(commitment_tx_hu_conv); - long result = ret != null ? ret.ptr : 0; + long result = ret == null ? 0 : ret.clone_ptr(); + return result; + } + @Override public long validate_counterparty_revocation(long idx, byte[] secret) { + Result_NoneNoneZ ret = arg.validate_counterparty_revocation(idx, secret); + long result = ret == null ? 0 : ret.clone_ptr(); return result; } @Override public long sign_holder_commitment_and_htlcs(long commitment_tx) { - HolderCommitmentTransaction commitment_tx_hu_conv = new HolderCommitmentTransaction(null, commitment_tx); + HolderCommitmentTransaction commitment_tx_hu_conv = null; if (commitment_tx < 0 || commitment_tx > 4096) { commitment_tx_hu_conv = new HolderCommitmentTransaction(null, commitment_tx); } Result_C2Tuple_SignatureCVec_SignatureZZNoneZ ret = arg.sign_holder_commitment_and_htlcs(commitment_tx_hu_conv); - long result = ret != null ? ret.ptr : 0; + long result = ret == null ? 0 : ret.clone_ptr(); return result; } - @Override public long sign_justice_transaction(byte[] justice_tx, long input, long amount, byte[] per_commitment_key, long htlc) { - HTLCOutputInCommitment htlc_hu_conv = new HTLCOutputInCommitment(null, htlc); - Result_SignatureNoneZ ret = arg.sign_justice_transaction(justice_tx, input, amount, per_commitment_key, htlc_hu_conv); - long result = ret != null ? ret.ptr : 0; + @Override public long sign_justice_revoked_output(byte[] justice_tx, long input, long amount, byte[] per_commitment_key) { + Result_SignatureNoneZ ret = arg.sign_justice_revoked_output(justice_tx, input, amount, per_commitment_key); + long result = ret == null ? 0 : ret.clone_ptr(); + return result; + } + @Override public long sign_justice_revoked_htlc(byte[] justice_tx, long input, long amount, byte[] per_commitment_key, long htlc) { + HTLCOutputInCommitment htlc_hu_conv = null; if (htlc < 0 || htlc > 4096) { htlc_hu_conv = new HTLCOutputInCommitment(null, htlc); } + Result_SignatureNoneZ ret = arg.sign_justice_revoked_htlc(justice_tx, input, amount, per_commitment_key, htlc_hu_conv); + long result = ret == null ? 0 : ret.clone_ptr(); return result; } @Override public long sign_counterparty_htlc_transaction(byte[] htlc_tx, long input, long amount, byte[] per_commitment_point, long htlc) { - HTLCOutputInCommitment htlc_hu_conv = new HTLCOutputInCommitment(null, htlc); + HTLCOutputInCommitment htlc_hu_conv = null; if (htlc < 0 || htlc > 4096) { htlc_hu_conv = new HTLCOutputInCommitment(null, htlc); } Result_SignatureNoneZ ret = arg.sign_counterparty_htlc_transaction(htlc_tx, input, amount, per_commitment_point, htlc_hu_conv); - long result = ret != null ? ret.ptr : 0; + long result = ret == null ? 0 : ret.clone_ptr(); return result; } - @Override public long sign_closing_transaction(byte[] closing_tx) { - Result_SignatureNoneZ ret = arg.sign_closing_transaction(closing_tx); - long result = ret != null ? ret.ptr : 0; + @Override public long sign_closing_transaction(long closing_tx) { + ClosingTransaction closing_tx_hu_conv = null; if (closing_tx < 0 || closing_tx > 4096) { closing_tx_hu_conv = new ClosingTransaction(null, closing_tx); } + Result_SignatureNoneZ ret = arg.sign_closing_transaction(closing_tx_hu_conv); + long result = ret == null ? 0 : ret.clone_ptr(); return result; } @Override public long sign_channel_announcement(long msg) { - UnsignedChannelAnnouncement msg_hu_conv = new UnsignedChannelAnnouncement(null, msg); + UnsignedChannelAnnouncement msg_hu_conv = null; if (msg < 0 || msg > 4096) { msg_hu_conv = new UnsignedChannelAnnouncement(null, msg); } Result_SignatureNoneZ ret = arg.sign_channel_announcement(msg_hu_conv); - long result = ret != null ? ret.ptr : 0; + long result = ret == null ? 0 : ret.clone_ptr(); return result; } @Override public void ready_channel(long channel_parameters) { - ChannelTransactionParameters channel_parameters_hu_conv = new ChannelTransactionParameters(null, channel_parameters); + ChannelTransactionParameters channel_parameters_hu_conv = null; if (channel_parameters < 0 || channel_parameters > 4096) { channel_parameters_hu_conv = new ChannelTransactionParameters(null, channel_parameters); } arg.ready_channel(channel_parameters_hu_conv); } }, pubkeys); @@ -219,6 +275,8 @@ public class BaseSign extends CommonBase { */ public byte[] get_per_commitment_point(long idx) { byte[] ret = bindings.BaseSign_get_per_commitment_point(this.ptr, idx); + Reference.reachabilityFence(this); + Reference.reachabilityFence(idx); return ret; } @@ -234,9 +292,29 @@ public class BaseSign extends CommonBase { */ public byte[] release_commitment_secret(long idx) { byte[] ret = bindings.BaseSign_release_commitment_secret(this.ptr, idx); + Reference.reachabilityFence(this); + Reference.reachabilityFence(idx); return ret; } + /** + * Validate the counterparty's signatures on the holder commitment transaction and HTLCs. + * + * This is required in order for the signer to make sure that releasing a commitment + * secret won't leave us without a broadcastable holder transaction. + * Policy checks should be implemented in this function, including checking the amount + * sent to us and checking the HTLCs. + */ + public Result_NoneNoneZ validate_holder_commitment(HolderCommitmentTransaction holder_tx) { + long ret = bindings.BaseSign_validate_holder_commitment(this.ptr, holder_tx == null ? 0 : holder_tx.ptr & ~1); + Reference.reachabilityFence(this); + Reference.reachabilityFence(holder_tx); + if (ret >= 0 && ret <= 4096) { return null; } + Result_NoneNoneZ ret_hu_conv = Result_NoneNoneZ.constr_from_ptr(ret); + this.ptrs_to.add(holder_tx); + return ret_hu_conv; + } + /** * Gets an arbitrary identifier describing the set of keys which are provided back to you in * some SpendableOutputDescriptor types. This should be sufficient to identify this @@ -244,6 +322,7 @@ public class BaseSign extends CommonBase { */ public byte[] channel_keys_id() { byte[] ret = bindings.BaseSign_channel_keys_id(this.ptr); + Reference.reachabilityFence(this); return ret; } @@ -251,14 +330,36 @@ public class BaseSign extends CommonBase { * Create a signature for a counterparty's commitment transaction and associated HTLC transactions. * * Note that if signing fails or is rejected, the channel will be force-closed. + * + * Policy checks should be implemented in this function, including checking the amount + * sent to us and checking the HTLCs. */ public Result_C2Tuple_SignatureCVec_SignatureZZNoneZ sign_counterparty_commitment(CommitmentTransaction commitment_tx) { long ret = bindings.BaseSign_sign_counterparty_commitment(this.ptr, commitment_tx == null ? 0 : commitment_tx.ptr & ~1); + Reference.reachabilityFence(this); + Reference.reachabilityFence(commitment_tx); + if (ret >= 0 && ret <= 4096) { return null; } Result_C2Tuple_SignatureCVec_SignatureZZNoneZ ret_hu_conv = Result_C2Tuple_SignatureCVec_SignatureZZNoneZ.constr_from_ptr(ret); this.ptrs_to.add(commitment_tx); return ret_hu_conv; } + /** + * Validate the counterparty's revocation. + * + * This is required in order for the signer to make sure that the state has moved + * forward and it is safe to sign the next counterparty commitment. + */ + public Result_NoneNoneZ validate_counterparty_revocation(long idx, byte[] secret) { + long ret = bindings.BaseSign_validate_counterparty_revocation(this.ptr, idx, InternalUtils.check_arr_len(secret, 32)); + Reference.reachabilityFence(this); + Reference.reachabilityFence(idx); + Reference.reachabilityFence(secret); + if (ret >= 0 && ret <= 4096) { return null; } + Result_NoneNoneZ ret_hu_conv = Result_NoneNoneZ.constr_from_ptr(ret); + return ret_hu_conv; + } + /** * Create a signatures for a holder's commitment transaction and its claiming HTLC transactions. * This will only ever be called with a non-revoked commitment_tx. This will be called with the @@ -274,18 +375,49 @@ public class BaseSign extends CommonBase { */ public Result_C2Tuple_SignatureCVec_SignatureZZNoneZ sign_holder_commitment_and_htlcs(HolderCommitmentTransaction commitment_tx) { long ret = bindings.BaseSign_sign_holder_commitment_and_htlcs(this.ptr, commitment_tx == null ? 0 : commitment_tx.ptr & ~1); + Reference.reachabilityFence(this); + Reference.reachabilityFence(commitment_tx); + if (ret >= 0 && ret <= 4096) { return null; } Result_C2Tuple_SignatureCVec_SignatureZZNoneZ ret_hu_conv = Result_C2Tuple_SignatureCVec_SignatureZZNoneZ.constr_from_ptr(ret); this.ptrs_to.add(commitment_tx); return ret_hu_conv; } /** - * Create a signature for the given input in a transaction spending an HTLC or commitment - * transaction output when our counterparty broadcasts an old state. + * Create a signature for the given input in a transaction spending an HTLC transaction output + * or a commitment transaction `to_local` output when our counterparty broadcasts an old state. + * + * A justice transaction may claim multiple outputs at the same time if timelocks are + * similar, but only a signature for the input at index `input` should be signed for here. + * It may be called multiple times for same output(s) if a fee-bump is needed with regards + * to an upcoming timelock expiration. + * + * Amount is value of the output spent by this input, committed to in the BIP 143 signature. + * + * per_commitment_key is revocation secret which was provided by our counterparty when they + * revoked the state which they eventually broadcast. It's not a _holder_ secret key and does + * not allow the spending of any funds by itself (you need our holder revocation_secret to do + * so). + */ + public Result_SignatureNoneZ sign_justice_revoked_output(byte[] justice_tx, long input, long amount, byte[] per_commitment_key) { + long ret = bindings.BaseSign_sign_justice_revoked_output(this.ptr, justice_tx, input, amount, InternalUtils.check_arr_len(per_commitment_key, 32)); + Reference.reachabilityFence(this); + Reference.reachabilityFence(justice_tx); + Reference.reachabilityFence(input); + Reference.reachabilityFence(amount); + Reference.reachabilityFence(per_commitment_key); + if (ret >= 0 && ret <= 4096) { return null; } + Result_SignatureNoneZ ret_hu_conv = Result_SignatureNoneZ.constr_from_ptr(ret); + return ret_hu_conv; + } + + /** + * Create a signature for the given input in a transaction spending a commitment transaction + * HTLC output when our counterparty broadcasts an old state. * - * A justice transaction may claim multiples outputs at the same time if timelocks are + * A justice transaction may claim multiple outputs at the same time if timelocks are * similar, but only a signature for the input at index `input` should be signed for here. - * It may be called multiples time for same output(s) if a fee-bump is needed with regards + * It may be called multiple times for same output(s) if a fee-bump is needed with regards * to an upcoming timelock expiration. * * Amount is value of the output spent by this input, committed to in the BIP 143 signature. @@ -295,12 +427,18 @@ public class BaseSign extends CommonBase { * not allow the spending of any funds by itself (you need our holder revocation_secret to do * so). * - * htlc holds HTLC elements (hash, timelock) if the output being spent is a HTLC output, thus - * changing the format of the witness script (which is committed to in the BIP 143 - * signatures). + * htlc holds HTLC elements (hash, timelock), thus changing the format of the witness script + * (which is committed to in the BIP 143 signatures). */ - public Result_SignatureNoneZ sign_justice_transaction(byte[] justice_tx, long input, long amount, byte[] per_commitment_key, HTLCOutputInCommitment htlc) { - long ret = bindings.BaseSign_sign_justice_transaction(this.ptr, justice_tx, input, amount, per_commitment_key, htlc == null ? 0 : htlc.ptr & ~1); + public Result_SignatureNoneZ sign_justice_revoked_htlc(byte[] justice_tx, long input, long amount, byte[] per_commitment_key, HTLCOutputInCommitment htlc) { + long ret = bindings.BaseSign_sign_justice_revoked_htlc(this.ptr, justice_tx, input, amount, InternalUtils.check_arr_len(per_commitment_key, 32), htlc == null ? 0 : htlc.ptr & ~1); + Reference.reachabilityFence(this); + Reference.reachabilityFence(justice_tx); + Reference.reachabilityFence(input); + Reference.reachabilityFence(amount); + Reference.reachabilityFence(per_commitment_key); + Reference.reachabilityFence(htlc); + if (ret >= 0 && ret <= 4096) { return null; } Result_SignatureNoneZ ret_hu_conv = Result_SignatureNoneZ.constr_from_ptr(ret); this.ptrs_to.add(htlc); return ret_hu_conv; @@ -326,7 +464,14 @@ public class BaseSign extends CommonBase { * BIP 143 signature. */ public Result_SignatureNoneZ sign_counterparty_htlc_transaction(byte[] htlc_tx, long input, long amount, byte[] per_commitment_point, HTLCOutputInCommitment htlc) { - long ret = bindings.BaseSign_sign_counterparty_htlc_transaction(this.ptr, htlc_tx, input, amount, per_commitment_point, htlc == null ? 0 : htlc.ptr & ~1); + long ret = bindings.BaseSign_sign_counterparty_htlc_transaction(this.ptr, htlc_tx, input, amount, InternalUtils.check_arr_len(per_commitment_point, 33), htlc == null ? 0 : htlc.ptr & ~1); + Reference.reachabilityFence(this); + Reference.reachabilityFence(htlc_tx); + Reference.reachabilityFence(input); + Reference.reachabilityFence(amount); + Reference.reachabilityFence(per_commitment_point); + Reference.reachabilityFence(htlc); + if (ret >= 0 && ret <= 4096) { return null; } Result_SignatureNoneZ ret_hu_conv = Result_SignatureNoneZ.constr_from_ptr(ret); this.ptrs_to.add(htlc); return ret_hu_conv; @@ -338,9 +483,13 @@ public class BaseSign extends CommonBase { * Note that, due to rounding, there may be one \"missing\" satoshi, and either party may have * chosen to forgo their output as dust. */ - public Result_SignatureNoneZ sign_closing_transaction(byte[] closing_tx) { - long ret = bindings.BaseSign_sign_closing_transaction(this.ptr, closing_tx); + public Result_SignatureNoneZ sign_closing_transaction(ClosingTransaction closing_tx) { + long ret = bindings.BaseSign_sign_closing_transaction(this.ptr, closing_tx == null ? 0 : closing_tx.ptr & ~1); + Reference.reachabilityFence(this); + Reference.reachabilityFence(closing_tx); + if (ret >= 0 && ret <= 4096) { return null; } Result_SignatureNoneZ ret_hu_conv = Result_SignatureNoneZ.constr_from_ptr(ret); + this.ptrs_to.add(closing_tx); return ret_hu_conv; } @@ -354,6 +503,9 @@ public class BaseSign extends CommonBase { */ public Result_SignatureNoneZ sign_channel_announcement(UnsignedChannelAnnouncement msg) { long ret = bindings.BaseSign_sign_channel_announcement(this.ptr, msg == null ? 0 : msg.ptr & ~1); + Reference.reachabilityFence(this); + Reference.reachabilityFence(msg); + if (ret >= 0 && ret <= 4096) { return null; } Result_SignatureNoneZ ret_hu_conv = Result_SignatureNoneZ.constr_from_ptr(ret); this.ptrs_to.add(msg); return ret_hu_conv; @@ -373,6 +525,8 @@ public class BaseSign extends CommonBase { */ public void ready_channel(ChannelTransactionParameters channel_parameters) { bindings.BaseSign_ready_channel(this.ptr, channel_parameters == null ? 0 : channel_parameters.ptr & ~1); + Reference.reachabilityFence(this); + Reference.reachabilityFence(channel_parameters); this.ptrs_to.add(channel_parameters); } @@ -382,7 +536,9 @@ public class BaseSign extends CommonBase { */ public ChannelPublicKeys get_pubkeys() { long ret = bindings.BaseSign_get_pubkeys(this.ptr); - ChannelPublicKeys ret_hu_conv = new ChannelPublicKeys(null, ret); + Reference.reachabilityFence(this); + if (ret >= 0 && ret <= 4096) { return null; } + ChannelPublicKeys ret_hu_conv = null; if (ret < 0 || ret > 4096) { ret_hu_conv = new ChannelPublicKeys(null, ret); } ret_hu_conv.ptrs_to.add(this); return ret_hu_conv; }