Documentation ¶
Index ¶
- Constants
- Variables
- func Encrypt(kit JusticeKit, key BreachKey) ([]byte, error)
- func IsSupportedType(blobType Type) bool
- func NewBreachHintAndKeyFromHash(hash *chainhash.Hash) (BreachHint, BreachKey)
- func Size(kit JusticeKit) int
- type BreachHint
- type BreachKey
- type CommitmentType
- func (c CommitmentType) EmptyJusticeKit() (JusticeKit, error)
- func (c CommitmentType) NewJusticeKit(sweepScript []byte, breachInfo *lnwallet.BreachRetribution, withToRemote bool) (JusticeKit, error)
- func (c CommitmentType) ParseRawSig(witness wire.TxWitness) (lnwire.Sig, error)
- func (c CommitmentType) ToLocalInput(info *lnwallet.BreachRetribution) (input.Input, error)
- func (c CommitmentType) ToLocalWitnessSize() (int, error)
- func (c CommitmentType) ToLocalWitnessType() (input.WitnessType, error)
- func (c CommitmentType) ToRemoteInput(info *lnwallet.BreachRetribution) (input.Input, error)
- func (c CommitmentType) ToRemoteWitnessSize() (int, error)
- func (c CommitmentType) ToRemoteWitnessType() (input.WitnessType, error)
- type Flag
- type JusticeKit
- type Type
Constants ¶
const ( // NonceSize is the length of a chacha20poly1305 nonce, 24 bytes. NonceSize = chacha20poly1305.NonceSizeX // KeySize is the length of a chacha20poly1305 key, 32 bytes. KeySize = chacha20poly1305.KeySize // CiphertextExpansion is the number of bytes padded to a plaintext // encrypted with chacha20poly1305, which comes from a 16-byte MAC. CiphertextExpansion = 16 // V0PlaintextSize is the plaintext size of a version 0 encoded blob. // sweep address length: 1 byte // padded sweep address: 42 bytes // revocation pubkey: 33 bytes // local delay pubkey: 33 bytes // csv delay: 4 bytes // commit to-local revocation sig: 64 bytes // commit to-remote pubkey: 33 bytes, maybe blank // commit to-remote sig: 64 bytes, maybe blank V0PlaintextSize = 274 // V1PlaintextSize is the plaintext size of a version 1 encoded blob. // sweep address length: 1 byte // padded sweep address: 42 bytes // revocation pubkey: 32 bytes // local delay pubkey: 32 bytes // commit to-local revocation sig: 64 bytes // hash of to-local delay script: 32 bytes // commit to-remote pubkey: 33 bytes, maybe blank // commit to-remote sig: 64 bytes, maybe blank V1PlaintextSize = 300 // MaxSweepAddrSize defines the maximum sweep address size that can be // encoded in a blob. MaxSweepAddrSize = 42 )
const ( // TypeAltruistCommit sweeps only commitment outputs to a sweep address // controlled by the user, and does not give the tower a reward. TypeAltruistCommit = Type(FlagCommitOutputs) // TypeAltruistAnchorCommit sweeps only commitment outputs from an // anchor commitment to a sweep address controlled by the user, and does // not give the tower a reward. TypeAltruistAnchorCommit = Type(FlagCommitOutputs | FlagAnchorChannel) // TypeRewardCommit sweeps only commitment outputs to a sweep address // controlled by the user, and pays a negotiated reward to the tower. TypeRewardCommit = Type(FlagCommitOutputs | FlagReward) // TypeAltruistTaprootCommit sweeps only the commitment outputs from a // taproot channel commitment to a sweep address controlled by the user, // and does not give the tower a reward. TypeAltruistTaprootCommit = Type(FlagCommitOutputs | FlagTaprootChannel) )
const BreachHintSize = 16
BreachHintSize is the length of the identifier used to detect remote commitment broadcasts.
Variables ¶
var ( // ErrUnknownBlobType signals that we don't understand the requested // blob encoding scheme. ErrUnknownBlobType = errors.New("unknown blob type") // ErrCiphertextTooSmall is a decryption error signaling that the // ciphertext is smaller than the ciphertext expansion factor. ErrCiphertextTooSmall = errors.New( "ciphertext is too small for chacha20poly1305", ) // ErrNoCommitToRemoteOutput is returned when trying to retrieve the // commit to-remote output from the blob, though none exists. ErrNoCommitToRemoteOutput = errors.New( "cannot obtain commit to-remote p2wkh output script from blob", ) // ErrSweepAddressToLong is returned when trying to encode or decode a // sweep address with length greater than the maximum length of 42 // bytes, which supports p2wkh and p2sh addresses. ErrSweepAddressToLong = fmt.Errorf( "sweep address must be less than or equal to %d bytes long", MaxSweepAddrSize, ) )
Functions ¶
func Encrypt ¶
func Encrypt(kit JusticeKit, key BreachKey) ([]byte, error)
Encrypt encodes the blob of justice using encoding version, and then creates a ciphertext using chacha20poly1305 under the chosen (nonce, key) pair.
NOTE: It is the caller's responsibility to ensure that this method is only called once for a given (nonce, key) pair.
func IsSupportedType ¶
IsSupportedType returns true if the given type is supported by the package.
func NewBreachHintAndKeyFromHash ¶
func NewBreachHintAndKeyFromHash(hash *chainhash.Hash) (BreachHint, BreachKey)
NewBreachHintAndKeyFromHash derives a BreachHint and BreachKey from a given txid in a single pass. The hint and key are computed as:
hint = SHA256(txid) key = SHA256(txid || txid)
func Size ¶
func Size(kit JusticeKit) int
Size returns the size of the encoded-and-encrypted blob in bytes.
nonce: 24 bytes enciphered plaintext: n bytes MAC: 16 bytes
Types ¶
type BreachHint ¶
type BreachHint [BreachHintSize]byte
BreachHint is the first 16-bytes of SHA256(txid), which is used to identify the breach transaction.
func NewBreachHintFromHash ¶
func NewBreachHintFromHash(hash *chainhash.Hash) BreachHint
NewBreachHintFromHash creates a breach hint from a transaction ID.
func (BreachHint) String ¶
func (h BreachHint) String() string
String returns a hex encoding of the breach hint.
type BreachKey ¶
BreachKey is computed as SHA256(txid || txid), which produces the key for decrypting a client's encrypted blobs.
func NewBreachKeyFromHash ¶
NewBreachKeyFromHash creates a breach key from a transaction ID.
type CommitmentType ¶
type CommitmentType uint8
CommitmentType characterises the various properties of the breach commitment transaction.
const ( // LegacyCommitment represents a legacy commitment transaction where // anchor outputs are not yet used and so the to_remote output is just // a regular but tweaked P2WKH. LegacyCommitment CommitmentType = iota // LegacyTweaklessCommitment is similar to the LegacyCommitment with the // added detail of the to_remote output not being tweaked. LegacyTweaklessCommitment // AnchorCommitment represents the commitment transaction of an // anchor channel. The key differences are that the to_remote is // encumbered by a 1 block CSV and so is thus a P2WSH output. AnchorCommitment // TaprootCommitment represents the commitment transaction of a simple // taproot channel. TaprootCommitment )
func (CommitmentType) EmptyJusticeKit ¶
func (c CommitmentType) EmptyJusticeKit() (JusticeKit, error)
EmptyJusticeKit returns the appropriate empty justice kit for the given CommitmentType.
func (CommitmentType) NewJusticeKit ¶
func (c CommitmentType) NewJusticeKit(sweepScript []byte, breachInfo *lnwallet.BreachRetribution, withToRemote bool) (JusticeKit, error)
NewJusticeKit can be used to construct a new JusticeKit depending on the CommitmentType.
func (CommitmentType) ParseRawSig ¶
ParseRawSig parses a wire.TxWitness and creates an lnwire.Sig.
func (CommitmentType) ToLocalInput ¶
func (c CommitmentType) ToLocalInput(info *lnwallet.BreachRetribution) ( input.Input, error)
ToLocalInput constructs the input that will be used to spend the to_local output.
func (CommitmentType) ToLocalWitnessSize ¶
func (c CommitmentType) ToLocalWitnessSize() (int, error)
ToLocalWitnessSize is the size of the witness that will be required to spend the to_local output.
func (CommitmentType) ToLocalWitnessType ¶
func (c CommitmentType) ToLocalWitnessType() (input.WitnessType, error)
ToLocalWitnessType is the input type of the to_local output.
func (CommitmentType) ToRemoteInput ¶
func (c CommitmentType) ToRemoteInput(info *lnwallet.BreachRetribution) ( input.Input, error)
ToRemoteInput constructs the input that will be used to spend the to_remote output.
func (CommitmentType) ToRemoteWitnessSize ¶
func (c CommitmentType) ToRemoteWitnessSize() (int, error)
ToRemoteWitnessSize is the size of the witness that will be required to spend the to_remote output.
func (CommitmentType) ToRemoteWitnessType ¶
func (c CommitmentType) ToRemoteWitnessType() (input.WitnessType, error)
ToRemoteWitnessType is the input type of the to_remote output.
type Flag ¶
type Flag uint16
Flag represents a specify option that can be present in a Type.
const ( // FlagReward signals that the justice transaction should contain an // additional output for itself. Signatures sent by the client should // include the reward script negotiated during session creation. Without // the flag, there is only one output sweeping clients funds back to // them solely. FlagReward Flag = 1 // FlagCommitOutputs signals that the blob contains the information // required to sweep commitment outputs. FlagCommitOutputs Flag = 1 << 1 // FlagAnchorChannel signals that this blob is meant to spend an anchor // channel, and therefore must expect a P2WSH-style to-remote output if // one exists. FlagAnchorChannel Flag = 1 << 2 // FlagTaprootChannel signals that this blob is meant to spend a // taproot channel and therefore must expect P2TR outputs. FlagTaprootChannel Flag = 1 << 3 )
type JusticeKit ¶
type JusticeKit interface { // ToLocalOutputSpendInfo returns the info required to send the to-local // output. It returns the output pub key script and the witness required // to spend the output. ToLocalOutputSpendInfo() (*txscript.PkScript, wire.TxWitness, error) // ToRemoteOutputSpendInfo returns the info required to send the // to-remote output. It returns the output pub key script, the witness // required to spend the output and the sequence to apply. ToRemoteOutputSpendInfo() (*txscript.PkScript, wire.TxWitness, uint32, error) // HasCommitToRemoteOutput returns true if the kit does include the // information required to sweep the to-remote output. HasCommitToRemoteOutput() bool // AddToLocalSig adds the to-local signature to the kit. AddToLocalSig(sig lnwire.Sig) // AddToRemoteSig adds the to-remote signature to the kit. AddToRemoteSig(sig lnwire.Sig) // SweepAddress returns the sweep address to be used on the justice tx // output. SweepAddress() []byte // PlainTextSize is the size of the encoded-but-unencrypted blob in // bytes. PlainTextSize() int // contains filtered or unexported methods }
JusticeKit is an interface that describes lé Blob of Justice. An implementation of the JusticeKit contains information required to construct a justice transaction, that sweeps a remote party's revoked commitment transaction. It supports encryption and decryption using chacha20poly1305, allowing the client to encrypt the contents of the blob, and for a watchtower to later decrypt if action must be taken.
type Type ¶
type Type uint16
Type is a bit vector composed of Flags that govern various aspects of reconstructing the justice transaction from an encrypted blob. The flags can be used to signal behaviors such as which inputs are being swept, which outputs should be added to the justice transaction, or modify serialization of the blob itself.
func SupportedTypes ¶
func SupportedTypes() []Type
SupportedTypes returns a list of all supported blob types.
func TypeFromChannel ¶
func TypeFromChannel(chanType channeldb.ChannelType) Type
TypeFromChannel returns the appropriate blob Type for the given channel type.
func TypeFromFlags ¶
TypeFromFlags creates a single Type from an arbitrary list of flags.
func (Type) CommitmentType ¶
func (t Type) CommitmentType(chanType *channeldb.ChannelType) (CommitmentType, error)
CommitmentType returns the appropriate CommitmentType for the given blob Type and channel type.
func (Type) Identifier ¶
Identifier returns a unique, stable string identifier for the blob Type.
func (Type) IsAnchorChannel ¶
IsAnchorChannel returns true if the blob type is for an anchor channel.
func (Type) IsTaprootChannel ¶
IsTaprootChannel returns true if the blob type is for a taproot channel.