lightning/util/
ser.rs

1// This file is Copyright its original authors, visible in version control
2// history.
3//
4// This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
5// or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
7// You may not use this file except in accordance with one or both of these
8// licenses.
9
10//! A very simple serialization framework which is used to serialize/deserialize messages as well
11//! as [`ChannelManager`]s and [`ChannelMonitor`]s.
12//!
13//! [`ChannelManager`]: crate::ln::channelmanager::ChannelManager
14//! [`ChannelMonitor`]: crate::chain::channelmonitor::ChannelMonitor
15
16use crate::io::{self, BufRead, Read, Write};
17use crate::io_extras::{copy, sink};
18use crate::ln::interactivetxs::{TxInMetadata, TxOutMetadata};
19use crate::ln::onion_utils::{HMAC_COUNT, HMAC_LEN, HOLD_TIME_LEN, MAX_HOPS};
20use crate::prelude::*;
21use crate::sync::{Mutex, RwLock};
22use core::cmp;
23use core::hash::Hash;
24use core::ops::Deref;
25
26use alloc::collections::BTreeMap;
27
28use bitcoin::absolute::LockTime as AbsoluteLockTime;
29use bitcoin::amount::{Amount, SignedAmount};
30use bitcoin::consensus::Encodable;
31use bitcoin::constants::ChainHash;
32use bitcoin::hash_types::{BlockHash, Txid};
33use bitcoin::hashes::hmac::Hmac;
34use bitcoin::hashes::sha256::Hash as Sha256;
35use bitcoin::hashes::sha256d::Hash as Sha256dHash;
36use bitcoin::script::{self, ScriptBuf};
37use bitcoin::secp256k1::constants::{
38	COMPACT_SIGNATURE_SIZE, PUBLIC_KEY_SIZE, SCHNORR_SIGNATURE_SIZE, SECRET_KEY_SIZE,
39};
40use bitcoin::secp256k1::ecdsa;
41use bitcoin::secp256k1::schnorr;
42use bitcoin::secp256k1::{PublicKey, SecretKey};
43use bitcoin::transaction::{OutPoint, Transaction, TxOut};
44use bitcoin::{consensus, Sequence, TxIn, Weight, Witness};
45
46use dnssec_prover::rr::Name;
47
48use crate::chain::ClaimId;
49#[cfg(taproot)]
50use crate::ln::msgs::PartialSignatureWithNonce;
51use crate::ln::msgs::{DecodeError, SerialId};
52use crate::types::payment::{PaymentHash, PaymentPreimage, PaymentSecret};
53use crate::types::string::UntrustedString;
54use crate::util::byte_utils::{be48_to_array, slice_to_be48};
55
56use core::time::Duration;
57
58/// serialization buffer size
59pub const MAX_BUF_SIZE: usize = 64 * 1024;
60
61/// A simplified version of `std::io::Write` that exists largely for backwards compatibility.
62/// An impl is provided for any type that also impls `std::io::Write`.
63///
64/// This is not exported to bindings users as we only export serialization to/from byte arrays instead
65pub trait Writer {
66	/// Writes the given buf out. See std::io::Write::write_all for more
67	fn write_all(&mut self, buf: &[u8]) -> Result<(), io::Error>;
68}
69
70impl<W: Write> Writer for W {
71	#[inline]
72	fn write_all(&mut self, buf: &[u8]) -> Result<(), io::Error> {
73		<Self as io::Write>::write_all(self, buf)
74	}
75}
76
77// TODO: Drop this entirely if rust-bitcoin releases a version bump with https://github.com/rust-bitcoin/rust-bitcoin/pull/3173
78/// Wrap buffering support for implementations of Read.
79/// A [`Read`]er which keeps an internal buffer to avoid hitting the underlying stream directly for
80/// every read, implementing [`BufRead`].
81///
82/// In order to avoid reading bytes past the first object, and those bytes then ending up getting
83/// dropped, this BufReader operates in one-byte-increments.
84struct BufReader<'a, R: Read> {
85	inner: &'a mut R,
86	buf: [u8; 1],
87	is_consumed: bool,
88}
89
90impl<'a, R: Read> BufReader<'a, R> {
91	/// Creates a [`BufReader`] which will read from the given `inner`.
92	pub fn new(inner: &'a mut R) -> Self {
93		BufReader { inner, buf: [0; 1], is_consumed: true }
94	}
95}
96
97impl<'a, R: Read> Read for BufReader<'a, R> {
98	#[inline]
99	fn read(&mut self, output: &mut [u8]) -> io::Result<usize> {
100		if output.is_empty() {
101			return Ok(0);
102		}
103		let mut offset = 0;
104		if !self.is_consumed {
105			output[0] = self.buf[0];
106			self.is_consumed = true;
107			offset = 1;
108		}
109		self.inner.read(&mut output[offset..]).map(|len| len + offset)
110	}
111}
112
113impl<'a, R: Read> BufRead for BufReader<'a, R> {
114	#[inline]
115	fn fill_buf(&mut self) -> io::Result<&[u8]> {
116		debug_assert!(false, "rust-bitcoin doesn't actually use this");
117		if self.is_consumed {
118			let count = self.inner.read(&mut self.buf[..])?;
119			debug_assert!(count <= 1, "read gave us a garbage length");
120
121			// upon hitting EOF, assume the byte is already consumed
122			self.is_consumed = count == 0;
123		}
124
125		if self.is_consumed {
126			Ok(&[])
127		} else {
128			Ok(&self.buf[..])
129		}
130	}
131
132	#[inline]
133	fn consume(&mut self, amount: usize) {
134		debug_assert!(false, "rust-bitcoin doesn't actually use this");
135		if amount >= 1 {
136			debug_assert_eq!(amount, 1, "Can only consume one byte");
137			debug_assert!(!self.is_consumed, "Cannot consume more than had been read");
138			self.is_consumed = true;
139		}
140	}
141}
142
143pub(crate) struct WriterWriteAdaptor<'a, W: Writer + 'a>(pub &'a mut W);
144impl<'a, W: Writer + 'a> Write for WriterWriteAdaptor<'a, W> {
145	#[inline]
146	fn write_all(&mut self, buf: &[u8]) -> Result<(), io::Error> {
147		self.0.write_all(buf)
148	}
149	#[inline]
150	fn write(&mut self, buf: &[u8]) -> Result<usize, io::Error> {
151		self.0.write_all(buf)?;
152		Ok(buf.len())
153	}
154	#[inline]
155	fn flush(&mut self) -> Result<(), io::Error> {
156		Ok(())
157	}
158}
159
160pub(crate) struct VecWriter(pub Vec<u8>);
161impl Writer for VecWriter {
162	#[inline]
163	fn write_all(&mut self, buf: &[u8]) -> Result<(), io::Error> {
164		self.0.extend_from_slice(buf);
165		Ok(())
166	}
167}
168
169/// Writer that only tracks the amount of data written - useful if you need to calculate the length
170/// of some data when serialized but don't yet need the full data.
171///
172/// This is not exported to bindings users as manual TLV building is not currently supported in bindings
173pub struct LengthCalculatingWriter(pub usize);
174impl Writer for LengthCalculatingWriter {
175	#[inline]
176	fn write_all(&mut self, buf: &[u8]) -> Result<(), io::Error> {
177		self.0 += buf.len();
178		Ok(())
179	}
180}
181
182/// Essentially `std::io::Take` but a bit simpler and with a method to walk the underlying stream
183/// forward to ensure we always consume exactly the fixed length specified.
184///
185/// This is not exported to bindings users as manual TLV building is not currently supported in bindings
186pub struct FixedLengthReader<'a, R: Read> {
187	read: &'a mut R,
188	bytes_read: u64,
189	total_bytes: u64,
190}
191impl<'a, R: Read> FixedLengthReader<'a, R> {
192	/// Returns a new [`FixedLengthReader`].
193	pub fn new(read: &'a mut R, total_bytes: u64) -> Self {
194		Self { read, bytes_read: 0, total_bytes }
195	}
196
197	/// Returns whether some bytes are remaining or not.
198	#[inline]
199	pub fn bytes_remain(&mut self) -> bool {
200		self.bytes_read != self.total_bytes
201	}
202
203	/// Consumes the remaining bytes.
204	#[inline]
205	pub fn eat_remaining(&mut self) -> Result<(), DecodeError> {
206		copy(self, &mut sink()).unwrap();
207		if self.bytes_read != self.total_bytes {
208			Err(DecodeError::ShortRead)
209		} else {
210			Ok(())
211		}
212	}
213}
214impl<'a, R: Read> Read for FixedLengthReader<'a, R> {
215	#[inline]
216	fn read(&mut self, dest: &mut [u8]) -> Result<usize, io::Error> {
217		if self.total_bytes == self.bytes_read {
218			Ok(0)
219		} else {
220			let read_len = cmp::min(dest.len() as u64, self.total_bytes - self.bytes_read);
221			match self.read.read(&mut dest[0..(read_len as usize)]) {
222				Ok(v) => {
223					self.bytes_read += v as u64;
224					Ok(v)
225				},
226				Err(e) => Err(e),
227			}
228		}
229	}
230}
231
232/// This is not exported to bindings users as reads are always from byte arrays, never streams, in
233/// bindings.
234impl<'a, R: Read> LengthLimitedRead for FixedLengthReader<'a, R> {
235	#[inline]
236	fn remaining_bytes(&self) -> u64 {
237		self.total_bytes.saturating_sub(self.bytes_read)
238	}
239}
240
241/// A [`Read`] implementation which tracks whether any bytes have been read at all. This allows us to distinguish
242/// between "EOF reached before we started" and "EOF reached mid-read".
243///
244/// This is not exported to bindings users as manual TLV building is not currently supported in bindings
245pub struct ReadTrackingReader<'a, R: Read> {
246	read: &'a mut R,
247	/// Returns whether we have read from this reader or not yet.
248	pub have_read: bool,
249}
250impl<'a, R: Read> ReadTrackingReader<'a, R> {
251	/// Returns a new [`ReadTrackingReader`].
252	pub fn new(read: &'a mut R) -> Self {
253		Self { read, have_read: false }
254	}
255}
256impl<'a, R: Read> Read for ReadTrackingReader<'a, R> {
257	#[inline]
258	fn read(&mut self, dest: &mut [u8]) -> Result<usize, io::Error> {
259		match self.read.read(dest) {
260			Ok(0) => Ok(0),
261			Ok(len) => {
262				self.have_read = true;
263				Ok(len)
264			},
265			Err(e) => Err(e),
266		}
267	}
268}
269
270/// A trait that various LDK types implement allowing them to be written out to a [`Writer`].
271///
272/// This is not exported to bindings users as we only export serialization to/from byte arrays instead
273pub trait Writeable {
274	/// Writes `self` out to the given [`Writer`].
275	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error>;
276
277	/// Writes `self` out to a `Vec<u8>`.
278	fn encode(&self) -> Vec<u8> {
279		let len = self.serialized_length();
280		let mut msg = VecWriter(Vec::with_capacity(len));
281		self.write(&mut msg).unwrap();
282		// Note that objects with interior mutability may change size between when we called
283		// serialized_length and when we called write. That's okay, but shouldn't happen during
284		// testing as most of our tests are not threaded.
285		#[cfg(test)]
286		debug_assert_eq!(len, msg.0.len());
287		msg.0
288	}
289
290	/// Writes `self` out to a `Vec<u8>`.
291	#[cfg(test)]
292	fn encode_with_len(&self) -> Vec<u8> {
293		let mut msg = VecWriter(Vec::new());
294		0u16.write(&mut msg).unwrap();
295		self.write(&mut msg).unwrap();
296		let len = msg.0.len();
297		debug_assert_eq!(len - 2, self.serialized_length());
298		msg.0[..2].copy_from_slice(&(len as u16 - 2).to_be_bytes());
299		msg.0
300	}
301
302	/// Gets the length of this object after it has been serialized. This can be overridden to
303	/// optimize cases where we prepend an object with its length.
304	// Note that LLVM optimizes this away in most cases! Check that it isn't before you override!
305	#[inline]
306	fn serialized_length(&self) -> usize {
307		let mut len_calc = LengthCalculatingWriter(0);
308		self.write(&mut len_calc).expect("No in-memory data may fail to serialize");
309		len_calc.0
310	}
311}
312
313impl<'a, T: Writeable> Writeable for &'a T {
314	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
315		(*self).write(writer)
316	}
317}
318
319/// A trait that various LDK types implement allowing them to be read in from a [`Read`].
320///
321/// This is not exported to bindings users as we only export serialization to/from byte arrays instead
322pub trait Readable
323where
324	Self: Sized,
325{
326	/// Reads a `Self` in from the given [`Read`].
327	fn read<R: Read>(reader: &mut R) -> Result<Self, DecodeError>;
328}
329
330/// A trait that various LDK types implement allowing them to be read in from a
331/// [`io::Cursor`].
332pub(crate) trait CursorReadable
333where
334	Self: Sized,
335{
336	/// Reads a `Self` in from the given [`Read`].
337	fn read<R: AsRef<[u8]>>(reader: &mut io::Cursor<R>) -> Result<Self, DecodeError>;
338}
339
340/// A trait that various higher-level LDK types implement allowing them to be read in
341/// from a [`Read`] given some additional set of arguments which is required to deserialize.
342///
343/// This is not exported to bindings users as we only export serialization to/from byte arrays instead
344pub trait ReadableArgs<P>
345where
346	Self: Sized,
347{
348	/// Reads a `Self` in from the given [`Read`].
349	fn read<R: Read>(reader: &mut R, params: P) -> Result<Self, DecodeError>;
350}
351
352/// A [`io::Read`] that limits the amount of bytes that can be read. Implementations should ensure
353/// that the object being read will only consume a fixed number of bytes from the underlying
354/// [`io::Read`], see [`FixedLengthReader`] for an example.
355///
356/// This is not exported to bindings users as reads are always from byte arrays, never streams, in
357/// bindings.
358pub trait LengthLimitedRead: Read {
359	/// The number of bytes remaining to be read.
360	fn remaining_bytes(&self) -> u64;
361}
362
363impl LengthLimitedRead for &[u8] {
364	fn remaining_bytes(&self) -> u64 {
365		// The underlying `Read` implementation for slice updates the slice to point to the yet unread
366		// part.
367		self.len() as u64
368	}
369}
370
371/// Similar to [`LengthReadable`]. Useful when an additional set of arguments is required to
372/// deserialize.
373pub(crate) trait LengthReadableArgs<P>
374where
375	Self: Sized,
376{
377	/// Reads a `Self` in from the given [`LengthLimitedRead`].
378	fn read<R: LengthLimitedRead>(reader: &mut R, params: P) -> Result<Self, DecodeError>;
379}
380
381/// A trait that allows the implementer to be read in from a [`LengthLimitedRead`], requiring the
382/// reader to limit the number of total bytes read from its underlying [`Read`]. Useful for structs
383/// that will always consume the entire provided [`Read`] when deserializing.
384///
385/// Any type that implements [`Readable`] also automatically has a [`LengthReadable`]
386/// implementation, but some types, most notably onion packets, only implement [`LengthReadable`].
387///
388/// This is not exported to bindings users as reads are always from byte arrays, never streams, in
389/// bindings.
390pub trait LengthReadable
391where
392	Self: Sized,
393{
394	/// Reads a `Self` in from the given [`LengthLimitedRead`].
395	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(
396		reader: &mut R,
397	) -> Result<Self, DecodeError>;
398}
399
400impl<T: Readable> LengthReadable for T {
401	#[inline]
402	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(
403		reader: &mut R,
404	) -> Result<T, DecodeError> {
405		Readable::read(reader)
406	}
407}
408
409/// A trait that various LDK types implement allowing them to (maybe) be read in from a [`Read`].
410///
411/// This is not exported to bindings users as we only export serialization to/from byte arrays instead
412pub trait MaybeReadable
413where
414	Self: Sized,
415{
416	/// Reads a `Self` in from the given [`Read`].
417	fn read<R: Read>(reader: &mut R) -> Result<Option<Self>, DecodeError>;
418}
419
420impl<T: Readable> MaybeReadable for T {
421	#[inline]
422	fn read<R: Read>(reader: &mut R) -> Result<Option<T>, DecodeError> {
423		Ok(Some(Readable::read(reader)?))
424	}
425}
426
427/// Wrapper to read a required (non-optional) TLV record.
428///
429/// This is not exported to bindings users as manual TLV building is not currently supported in bindings
430pub struct RequiredWrapper<T>(pub Option<T>);
431impl<T: LengthReadable> LengthReadable for RequiredWrapper<T> {
432	#[inline]
433	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(
434		reader: &mut R,
435	) -> Result<Self, DecodeError> {
436		Ok(Self(Some(LengthReadable::read_from_fixed_length_buffer(reader)?)))
437	}
438}
439impl<A, T: ReadableArgs<A>> ReadableArgs<A> for RequiredWrapper<T> {
440	#[inline]
441	fn read<R: Read>(reader: &mut R, args: A) -> Result<Self, DecodeError> {
442		Ok(Self(Some(ReadableArgs::read(reader, args)?)))
443	}
444}
445/// When handling `default_values`, we want to map the default-value T directly
446/// to a `RequiredWrapper<T>` in a way that works for `field: T = t;` as
447/// well. Thus, we assume `Into<T> for T` does nothing and use that.
448impl<T> From<T> for RequiredWrapper<T> {
449	fn from(t: T) -> RequiredWrapper<T> {
450		RequiredWrapper(Some(t))
451	}
452}
453impl<T: Clone> Clone for RequiredWrapper<T> {
454	fn clone(&self) -> Self {
455		Self(self.0.clone())
456	}
457}
458impl<T: Copy> Copy for RequiredWrapper<T> {}
459
460/// Wrapper to read a required (non-optional) TLV record that may have been upgraded without
461/// backwards compat.
462///
463/// This is not exported to bindings users as manual TLV building is not currently supported in bindings
464pub struct UpgradableRequired<T: MaybeReadable>(pub Option<T>);
465impl<T: MaybeReadable> MaybeReadable for UpgradableRequired<T> {
466	#[inline]
467	fn read<R: Read>(reader: &mut R) -> Result<Option<Self>, DecodeError> {
468		let tlv = MaybeReadable::read(reader)?;
469		if let Some(tlv) = tlv {
470			return Ok(Some(Self(Some(tlv))));
471		}
472		Ok(None)
473	}
474}
475
476pub(crate) struct U48(pub u64);
477impl Writeable for U48 {
478	#[inline]
479	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
480		writer.write_all(&be48_to_array(self.0))
481	}
482}
483impl Readable for U48 {
484	#[inline]
485	fn read<R: Read>(reader: &mut R) -> Result<U48, DecodeError> {
486		let mut buf = [0; 6];
487		reader.read_exact(&mut buf)?;
488		Ok(U48(slice_to_be48(&buf)))
489	}
490}
491
492/// Lightning TLV uses a custom variable-length integer called `BigSize`. It is similar to Bitcoin's
493/// variable-length integers except that it is serialized in big-endian instead of little-endian.
494///
495/// Like Bitcoin's variable-length integer, it exhibits ambiguity in that certain values can be
496/// encoded in several different ways, which we must check for at deserialization-time. Thus, if
497/// you're looking for an example of a variable-length integer to use for your own project, move
498/// along, this is a rather poor design.
499#[derive(Clone, Copy, Debug, Hash, PartialOrd, Ord, PartialEq, Eq)]
500pub struct BigSize(pub u64);
501impl Writeable for BigSize {
502	#[inline]
503	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
504		match self.0 {
505			0..=0xFC => (self.0 as u8).write(writer),
506			0xFD..=0xFFFF => {
507				0xFDu8.write(writer)?;
508				(self.0 as u16).write(writer)
509			},
510			0x10000..=0xFFFFFFFF => {
511				0xFEu8.write(writer)?;
512				(self.0 as u32).write(writer)
513			},
514			_ => {
515				0xFFu8.write(writer)?;
516				(self.0 as u64).write(writer)
517			},
518		}
519	}
520}
521impl Readable for BigSize {
522	#[inline]
523	fn read<R: Read>(reader: &mut R) -> Result<BigSize, DecodeError> {
524		let n: u8 = Readable::read(reader)?;
525		match n {
526			0xFF => {
527				let x: u64 = Readable::read(reader)?;
528				if x < 0x100000000 {
529					Err(DecodeError::InvalidValue)
530				} else {
531					Ok(BigSize(x))
532				}
533			},
534			0xFE => {
535				let x: u32 = Readable::read(reader)?;
536				if x < 0x10000 {
537					Err(DecodeError::InvalidValue)
538				} else {
539					Ok(BigSize(x as u64))
540				}
541			},
542			0xFD => {
543				let x: u16 = Readable::read(reader)?;
544				if x < 0xFD {
545					Err(DecodeError::InvalidValue)
546				} else {
547					Ok(BigSize(x as u64))
548				}
549			},
550			n => Ok(BigSize(n as u64)),
551		}
552	}
553}
554
555/// The lightning protocol uses u16s for lengths in most cases. As our serialization framework
556/// primarily targets that, we must as well. However, because we may serialize objects that have
557/// more than 65K entries, we need to be able to store larger values. Thus, we define a variable
558/// length integer here that is backwards-compatible for values < 0xffff. We treat 0xffff as
559/// "read eight more bytes".
560///
561/// To ensure we only have one valid encoding per value, we add 0xffff to values written as eight
562/// bytes. Thus, 0xfffe is serialized as 0xfffe, whereas 0xffff is serialized as
563/// 0xffff0000000000000000 (i.e. read-eight-bytes then zero).
564pub struct CollectionLength(pub u64);
565impl Writeable for CollectionLength {
566	#[inline]
567	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
568		if self.0 < 0xffff {
569			(self.0 as u16).write(writer)
570		} else {
571			0xffffu16.write(writer)?;
572			(self.0 - 0xffff).write(writer)
573		}
574	}
575}
576
577impl Readable for CollectionLength {
578	#[inline]
579	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
580		let mut val: u64 = <u16 as Readable>::read(r)? as u64;
581		if val == 0xffff {
582			val =
583				<u64 as Readable>::read(r)?.checked_add(0xffff).ok_or(DecodeError::InvalidValue)?;
584		}
585		Ok(CollectionLength(val))
586	}
587}
588
589/// In TLV we occasionally send fields which only consist of, or potentially end with, a
590/// variable-length integer which is simply truncated by skipping high zero bytes. This type
591/// encapsulates such integers implementing [`Readable`]/[`Writeable`] for them.
592#[cfg_attr(test, derive(PartialEq, Eq, Debug))]
593pub(crate) struct HighZeroBytesDroppedBigSize<T>(pub T);
594
595macro_rules! impl_writeable_primitive {
596	($val_type:ty, $len: expr) => {
597		impl Writeable for $val_type {
598			#[inline]
599			fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
600				writer.write_all(&self.to_be_bytes())
601			}
602		}
603		impl Writeable for HighZeroBytesDroppedBigSize<$val_type> {
604			#[inline]
605			fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
606				// Skip any full leading 0 bytes when writing (in BE):
607				writer.write_all(&self.0.to_be_bytes()[(self.0.leading_zeros() / 8) as usize..$len])
608			}
609		}
610		impl Readable for $val_type {
611			#[inline]
612			fn read<R: Read>(reader: &mut R) -> Result<$val_type, DecodeError> {
613				let mut buf = [0; $len];
614				reader.read_exact(&mut buf)?;
615				Ok(<$val_type>::from_be_bytes(buf))
616			}
617		}
618		impl Readable for HighZeroBytesDroppedBigSize<$val_type> {
619			#[inline]
620			fn read<R: Read>(
621				reader: &mut R,
622			) -> Result<HighZeroBytesDroppedBigSize<$val_type>, DecodeError> {
623				// We need to accept short reads (read_len == 0) as "EOF" and handle them as simply
624				// the high bytes being dropped. To do so, we start reading into the middle of buf
625				// and then convert the appropriate number of bytes with extra high bytes out of
626				// buf.
627				let mut buf = [0; $len * 2];
628				let mut read_len = reader.read(&mut buf[$len..])?;
629				let mut total_read_len = read_len;
630				while read_len != 0 && total_read_len != $len {
631					read_len = reader.read(&mut buf[($len + total_read_len)..])?;
632					total_read_len += read_len;
633				}
634				if total_read_len == 0 || buf[$len] != 0 {
635					let first_byte = $len - ($len - total_read_len);
636					let mut bytes = [0; $len];
637					bytes.copy_from_slice(&buf[first_byte..first_byte + $len]);
638					Ok(HighZeroBytesDroppedBigSize(<$val_type>::from_be_bytes(bytes)))
639				} else {
640					// If the encoding had extra zero bytes, return a failure even though we know
641					// what they meant (as the TLV test vectors require this)
642					Err(DecodeError::InvalidValue)
643				}
644			}
645		}
646		impl From<$val_type> for HighZeroBytesDroppedBigSize<$val_type> {
647			fn from(val: $val_type) -> Self {
648				Self(val)
649			}
650		}
651	};
652}
653
654impl_writeable_primitive!(u128, 16);
655impl_writeable_primitive!(u64, 8);
656impl_writeable_primitive!(u32, 4);
657impl_writeable_primitive!(u16, 2);
658impl_writeable_primitive!(i64, 8);
659impl_writeable_primitive!(i32, 4);
660impl_writeable_primitive!(i16, 2);
661impl_writeable_primitive!(i8, 1);
662
663impl Writeable for u8 {
664	#[inline]
665	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
666		writer.write_all(&[*self])
667	}
668}
669impl Readable for u8 {
670	#[inline]
671	fn read<R: Read>(reader: &mut R) -> Result<u8, DecodeError> {
672		let mut buf = [0; 1];
673		reader.read_exact(&mut buf)?;
674		Ok(buf[0])
675	}
676}
677
678impl Writeable for bool {
679	#[inline]
680	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
681		writer.write_all(&[if *self { 1 } else { 0 }])
682	}
683}
684impl Readable for bool {
685	#[inline]
686	fn read<R: Read>(reader: &mut R) -> Result<bool, DecodeError> {
687		let mut buf = [0; 1];
688		reader.read_exact(&mut buf)?;
689		if buf[0] != 0 && buf[0] != 1 {
690			return Err(DecodeError::InvalidValue);
691		}
692		Ok(buf[0] == 1)
693	}
694}
695
696macro_rules! impl_array {
697	($size:expr, $ty: ty) => {
698		impl Writeable for [$ty; $size] {
699			#[inline]
700			fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
701				let mut out = [0; $size * core::mem::size_of::<$ty>()];
702				for (idx, v) in self.iter().enumerate() {
703					let startpos = idx * core::mem::size_of::<$ty>();
704					out[startpos..startpos + core::mem::size_of::<$ty>()]
705						.copy_from_slice(&v.to_be_bytes());
706				}
707				w.write_all(&out)
708			}
709		}
710
711		impl Readable for [$ty; $size] {
712			#[inline]
713			fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
714				let mut buf = [0u8; $size * core::mem::size_of::<$ty>()];
715				r.read_exact(&mut buf)?;
716				let mut res = [0; $size];
717				for (idx, v) in res.iter_mut().enumerate() {
718					let startpos = idx * core::mem::size_of::<$ty>();
719					let mut arr = [0; core::mem::size_of::<$ty>()];
720					arr.copy_from_slice(&buf[startpos..startpos + core::mem::size_of::<$ty>()]);
721					*v = <$ty>::from_be_bytes(arr);
722				}
723				Ok(res)
724			}
725		}
726	};
727}
728
729impl_array!(3, u8); // for rgb, ISO 4217 code
730impl_array!(4, u8); // for IPv4
731impl_array!(12, u8); // for OnionV2
732impl_array!(16, u8); // for IPv6
733impl_array!(32, u8); // for channel id & hmac
734impl_array!(PUBLIC_KEY_SIZE, u8); // for PublicKey
735impl_array!(64, u8); // for ecdsa::Signature and schnorr::Signature
736impl_array!(66, u8); // for MuSig2 nonces
737impl_array!(1300, u8); // for OnionPacket.hop_data
738
739impl_array!(8, u16);
740impl_array!(32, u16);
741
742// Implement array serialization for attribution_data.
743impl_array!(MAX_HOPS * HOLD_TIME_LEN, u8);
744impl_array!(HMAC_LEN * HMAC_COUNT, u8);
745
746/// A type for variable-length values within TLV record where the length is encoded as part of the record.
747/// Used to prevent encoding the length twice.
748///
749/// This is not exported to bindings users as manual TLV building is not currently supported in bindings
750pub struct WithoutLength<T>(pub T);
751
752impl Writeable for WithoutLength<&String> {
753	#[inline]
754	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
755		w.write_all(self.0.as_bytes())
756	}
757}
758impl LengthReadable for WithoutLength<String> {
759	#[inline]
760	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
761		let v: WithoutLength<Vec<u8>> = LengthReadable::read_from_fixed_length_buffer(r)?;
762		Ok(Self(String::from_utf8(v.0).map_err(|_| DecodeError::InvalidValue)?))
763	}
764}
765impl<'a> From<&'a String> for WithoutLength<&'a String> {
766	fn from(s: &'a String) -> Self {
767		Self(s)
768	}
769}
770
771impl Writeable for UntrustedString {
772	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
773		self.0.write(w)
774	}
775}
776
777impl Readable for UntrustedString {
778	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
779		let s: String = Readable::read(r)?;
780		Ok(Self(s))
781	}
782}
783
784impl Writeable for WithoutLength<&UntrustedString> {
785	#[inline]
786	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
787		WithoutLength(&self.0 .0).write(w)
788	}
789}
790impl LengthReadable for WithoutLength<UntrustedString> {
791	#[inline]
792	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
793		let s: WithoutLength<String> = LengthReadable::read_from_fixed_length_buffer(r)?;
794		Ok(Self(UntrustedString(s.0)))
795	}
796}
797
798trait AsWriteableSlice {
799	type Inner: Writeable;
800	fn as_slice(&self) -> &[Self::Inner];
801}
802
803impl<T: Writeable> AsWriteableSlice for &Vec<T> {
804	type Inner = T;
805	fn as_slice(&self) -> &[T] {
806		&self
807	}
808}
809impl<T: Writeable> AsWriteableSlice for &[T] {
810	type Inner = T;
811	fn as_slice(&self) -> &[T] {
812		&self
813	}
814}
815
816impl<S: AsWriteableSlice> Writeable for WithoutLength<S> {
817	#[inline]
818	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
819		for ref v in self.0.as_slice() {
820			v.write(writer)?;
821		}
822		Ok(())
823	}
824}
825
826impl<T: MaybeReadable> LengthReadable for WithoutLength<Vec<T>> {
827	#[inline]
828	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(
829		reader: &mut R,
830	) -> Result<Self, DecodeError> {
831		let mut values = Vec::new();
832		loop {
833			let mut track_read = ReadTrackingReader::new(reader);
834			match MaybeReadable::read(&mut track_read) {
835				Ok(Some(v)) => {
836					values.push(v);
837				},
838				Ok(None) => {},
839				// If we failed to read any bytes at all, we reached the end of our TLV
840				// stream and have simply exhausted all entries.
841				Err(ref e) if e == &DecodeError::ShortRead && !track_read.have_read => break,
842				Err(e) => return Err(e),
843			}
844		}
845		Ok(Self(values))
846	}
847}
848impl<'a, T> From<&'a Vec<T>> for WithoutLength<&'a Vec<T>> {
849	fn from(v: &'a Vec<T>) -> Self {
850		Self(v)
851	}
852}
853
854impl Writeable for WithoutLength<&ScriptBuf> {
855	#[inline]
856	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
857		writer.write_all(self.0.as_bytes())
858	}
859}
860
861impl LengthReadable for WithoutLength<ScriptBuf> {
862	#[inline]
863	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
864		let v: WithoutLength<Vec<u8>> = LengthReadable::read_from_fixed_length_buffer(r)?;
865		Ok(WithoutLength(script::Builder::from(v.0).into_script()))
866	}
867}
868
869#[derive(Debug)]
870pub(crate) struct Iterable<'a, I: Iterator<Item = &'a T> + Clone, T: 'a>(pub I);
871
872impl<'a, I: Iterator<Item = &'a T> + Clone, T: 'a + Writeable> Writeable for Iterable<'a, I, T> {
873	#[inline]
874	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
875		for ref v in self.0.clone() {
876			v.write(writer)?;
877		}
878		Ok(())
879	}
880}
881
882#[cfg(test)]
883impl<'a, I: Iterator<Item = &'a T> + Clone, T: 'a + PartialEq> PartialEq for Iterable<'a, I, T> {
884	fn eq(&self, other: &Self) -> bool {
885		self.0.clone().collect::<Vec<_>>() == other.0.clone().collect::<Vec<_>>()
886	}
887}
888
889#[derive(Debug)]
890pub(crate) struct IterableOwned<I: Iterator<Item = T> + Clone, T>(pub I);
891
892impl<I: Iterator<Item = T> + Clone, T: Writeable> Writeable for IterableOwned<I, T> {
893	#[inline]
894	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
895		for ref v in self.0.clone() {
896			v.write(writer)?;
897		}
898		Ok(())
899	}
900}
901
902macro_rules! impl_for_map {
903	($ty: ident, $keybound: ident, $constr: expr) => {
904		impl<K, V> Writeable for $ty<K, V>
905		where
906			K: Writeable + Eq + $keybound,
907			V: Writeable,
908		{
909			#[inline]
910			fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
911				CollectionLength(self.len() as u64).write(w)?;
912				for (key, value) in self.iter() {
913					key.write(w)?;
914					value.write(w)?;
915				}
916				Ok(())
917			}
918		}
919
920		impl<K, V> Readable for $ty<K, V>
921		where
922			K: Readable + Eq + $keybound,
923			V: MaybeReadable,
924		{
925			#[inline]
926			fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
927				let len: CollectionLength = Readable::read(r)?;
928				let mut ret = $constr(len.0 as usize);
929				for _ in 0..len.0 {
930					let k = K::read(r)?;
931					let v_opt = V::read(r)?;
932					if let Some(v) = v_opt {
933						if ret.insert(k, v).is_some() {
934							return Err(DecodeError::InvalidValue);
935						}
936					}
937				}
938				Ok(ret)
939			}
940		}
941	};
942}
943
944impl_for_map!(BTreeMap, Ord, |_| BTreeMap::new());
945impl_for_map!(HashMap, Hash, |len| hash_map_with_capacity(len));
946
947// HashSet
948impl<T> Writeable for HashSet<T>
949where
950	T: Writeable + Eq + Hash,
951{
952	#[inline]
953	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
954		CollectionLength(self.len() as u64).write(w)?;
955		for item in self.iter() {
956			item.write(w)?;
957		}
958		Ok(())
959	}
960}
961
962impl<T> Readable for HashSet<T>
963where
964	T: Readable + Eq + Hash,
965{
966	#[inline]
967	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
968		let len: CollectionLength = Readable::read(r)?;
969		let mut ret = hash_set_with_capacity(cmp::min(
970			len.0 as usize,
971			MAX_BUF_SIZE / core::mem::size_of::<T>(),
972		));
973		for _ in 0..len.0 {
974			if !ret.insert(T::read(r)?) {
975				return Err(DecodeError::InvalidValue);
976			}
977		}
978		Ok(ret)
979	}
980}
981
982// Vectors
983macro_rules! impl_writeable_for_vec {
984	($ty: ty $(, $name: ident)*) => {
985		impl<$($name : Writeable),*> Writeable for Vec<$ty> {
986			#[inline]
987			fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
988				CollectionLength(self.len() as u64).write(w)?;
989				for elem in self.iter() {
990					elem.write(w)?;
991				}
992				Ok(())
993			}
994		}
995	}
996}
997macro_rules! impl_readable_for_vec {
998	($ty: ty $(, $name: ident)*) => {
999		impl<$($name : Readable),*> Readable for Vec<$ty> {
1000			#[inline]
1001			fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1002				let len: CollectionLength = Readable::read(r)?;
1003				let mut ret = Vec::with_capacity(cmp::min(len.0 as usize, MAX_BUF_SIZE / core::mem::size_of::<$ty>()));
1004				for _ in 0..len.0 {
1005					if let Some(val) = MaybeReadable::read(r)? {
1006						ret.push(val);
1007					}
1008				}
1009				Ok(ret)
1010			}
1011		}
1012	}
1013}
1014macro_rules! impl_for_vec {
1015	($ty: ty $(, $name: ident)*) => {
1016		impl_writeable_for_vec!($ty $(, $name)*);
1017		impl_readable_for_vec!($ty $(, $name)*);
1018	}
1019}
1020
1021// Alternatives to impl_writeable_for_vec/impl_readable_for_vec that add a length prefix to each
1022// element in the Vec. Intended to be used when elements have variable lengths.
1023macro_rules! impl_writeable_for_vec_with_element_length_prefix {
1024	($ty: ty $(, $name: ident)*) => {
1025		impl<$($name : Writeable),*> Writeable for Vec<$ty> {
1026			#[inline]
1027			fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1028				CollectionLength(self.len() as u64).write(w)?;
1029				for elem in self.iter() {
1030					CollectionLength(elem.serialized_length() as u64).write(w)?;
1031					elem.write(w)?;
1032				}
1033				Ok(())
1034			}
1035		}
1036	}
1037}
1038macro_rules! impl_readable_for_vec_with_element_length_prefix {
1039	($ty: ty $(, $name: ident)*) => {
1040		impl<$($name : Readable),*> Readable for Vec<$ty> {
1041			#[inline]
1042			fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1043				let len: CollectionLength = Readable::read(r)?;
1044				let mut ret = Vec::with_capacity(cmp::min(len.0 as usize, MAX_BUF_SIZE / core::mem::size_of::<$ty>()));
1045				for _ in 0..len.0 {
1046					let elem_len: CollectionLength = Readable::read(r)?;
1047					let mut elem_reader = FixedLengthReader::new(r, elem_len.0);
1048					ret.push(LengthReadable::read_from_fixed_length_buffer(&mut elem_reader)?);
1049				}
1050				Ok(ret)
1051			}
1052		}
1053	}
1054}
1055macro_rules! impl_for_vec_with_element_length_prefix {
1056	($ty: ty $(, $name: ident)*) => {
1057		impl_writeable_for_vec_with_element_length_prefix!($ty $(, $name)*);
1058		impl_readable_for_vec_with_element_length_prefix!($ty $(, $name)*);
1059	}
1060}
1061
1062impl Writeable for Vec<u8> {
1063	#[inline]
1064	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1065		CollectionLength(self.len() as u64).write(w)?;
1066		w.write_all(&self)
1067	}
1068}
1069
1070impl Readable for Vec<u8> {
1071	#[inline]
1072	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1073		let mut len: CollectionLength = Readable::read(r)?;
1074		let mut ret = Vec::new();
1075		while len.0 > 0 {
1076			let readamt = cmp::min(len.0 as usize, MAX_BUF_SIZE);
1077			let readstart = ret.len();
1078			ret.resize(readstart + readamt, 0);
1079			r.read_exact(&mut ret[readstart..])?;
1080			len.0 -= readamt as u64;
1081		}
1082		Ok(ret)
1083	}
1084}
1085
1086impl_for_vec!(ecdsa::Signature);
1087impl_for_vec!(crate::chain::channelmonitor::ChannelMonitorUpdate);
1088impl_for_vec!(crate::ln::channelmanager::MonitorUpdateCompletionAction);
1089impl_for_vec!(crate::ln::channelmanager::PaymentClaimDetails);
1090impl_for_vec!(crate::ln::msgs::SocketAddress);
1091impl_for_vec!((A, B), A, B);
1092impl_for_vec!(SerialId);
1093impl_for_vec!(TxInMetadata);
1094impl_for_vec!(TxOutMetadata);
1095impl_for_vec!(crate::ln::our_peer_storage::PeerStorageMonitorHolder);
1096impl_for_vec!(crate::blinded_path::message::BlindedMessagePath);
1097impl_writeable_for_vec!(&crate::routing::router::BlindedTail);
1098impl_readable_for_vec!(crate::routing::router::BlindedTail);
1099impl_for_vec!(crate::routing::router::TrampolineHop);
1100impl_for_vec_with_element_length_prefix!(crate::ln::msgs::UpdateAddHTLC);
1101impl_writeable_for_vec_with_element_length_prefix!(&crate::ln::msgs::UpdateAddHTLC);
1102impl_for_vec!(u32);
1103
1104impl Writeable for Vec<Witness> {
1105	#[inline]
1106	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1107		(self.len() as u16).write(w)?;
1108		for witness in self {
1109			(witness.size() as u16).write(w)?;
1110			witness.write(w)?;
1111		}
1112		Ok(())
1113	}
1114}
1115
1116impl Readable for Vec<Witness> {
1117	#[inline]
1118	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1119		let num_witnesses = <u16 as Readable>::read(r)? as usize;
1120		let mut witnesses = Vec::with_capacity(num_witnesses);
1121		for _ in 0..num_witnesses {
1122			// Even though the length of each witness can be inferred in its consensus-encoded form,
1123			// the spec includes a length prefix so that implementations don't have to deserialize
1124			//  each initially. We do that here anyway as in general we'll need to be able to make
1125			// assertions on some properties of the witnesses when receiving a message providing a list
1126			// of witnesses. We'll just do a sanity check for the lengths and error if there is a mismatch.
1127			let witness_len = <u16 as Readable>::read(r)? as usize;
1128			let witness = <Witness as Readable>::read(r)?;
1129			if witness.size() != witness_len {
1130				return Err(DecodeError::BadLengthDescriptor);
1131			}
1132			witnesses.push(witness);
1133		}
1134		Ok(witnesses)
1135	}
1136}
1137
1138impl Writeable for ScriptBuf {
1139	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1140		(self.len() as u16).write(w)?;
1141		w.write_all(self.as_bytes())
1142	}
1143}
1144
1145impl Readable for ScriptBuf {
1146	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1147		let len = <u16 as Readable>::read(r)? as usize;
1148		let mut buf = vec![0; len];
1149		r.read_exact(&mut buf)?;
1150		Ok(ScriptBuf::from(buf))
1151	}
1152}
1153
1154impl Writeable for PublicKey {
1155	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1156		self.serialize().write(w)
1157	}
1158	#[inline]
1159	fn serialized_length(&self) -> usize {
1160		PUBLIC_KEY_SIZE
1161	}
1162}
1163
1164impl Readable for PublicKey {
1165	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1166		let buf: [u8; PUBLIC_KEY_SIZE] = Readable::read(r)?;
1167		match PublicKey::from_slice(&buf) {
1168			Ok(key) => Ok(key),
1169			Err(_) => return Err(DecodeError::InvalidValue),
1170		}
1171	}
1172}
1173
1174impl Writeable for SecretKey {
1175	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1176		let mut ser = [0; SECRET_KEY_SIZE];
1177		ser.copy_from_slice(&self[..]);
1178		ser.write(w)
1179	}
1180	#[inline]
1181	fn serialized_length(&self) -> usize {
1182		SECRET_KEY_SIZE
1183	}
1184}
1185
1186impl Readable for SecretKey {
1187	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1188		let buf: [u8; SECRET_KEY_SIZE] = Readable::read(r)?;
1189		match SecretKey::from_slice(&buf) {
1190			Ok(key) => Ok(key),
1191			Err(_) => return Err(DecodeError::InvalidValue),
1192		}
1193	}
1194}
1195
1196#[cfg(taproot)]
1197impl Writeable for musig2::types::PublicNonce {
1198	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1199		self.serialize().write(w)
1200	}
1201}
1202
1203#[cfg(taproot)]
1204impl Readable for musig2::types::PublicNonce {
1205	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1206		let buf: [u8; PUBLIC_KEY_SIZE * 2] = Readable::read(r)?;
1207		musig2::types::PublicNonce::from_slice(&buf).map_err(|_| DecodeError::InvalidValue)
1208	}
1209}
1210
1211#[cfg(taproot)]
1212impl Writeable for PartialSignatureWithNonce {
1213	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1214		self.0.serialize().write(w)?;
1215		self.1.write(w)
1216	}
1217}
1218
1219#[cfg(taproot)]
1220impl Readable for PartialSignatureWithNonce {
1221	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1222		let partial_signature_buf: [u8; SECRET_KEY_SIZE] = Readable::read(r)?;
1223		let partial_signature = musig2::types::PartialSignature::from_slice(&partial_signature_buf)
1224			.map_err(|_| DecodeError::InvalidValue)?;
1225		let public_nonce: musig2::types::PublicNonce = Readable::read(r)?;
1226		Ok(PartialSignatureWithNonce(partial_signature, public_nonce))
1227	}
1228}
1229
1230impl Writeable for Hmac<Sha256> {
1231	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1232		w.write_all(&self[..])
1233	}
1234}
1235
1236impl Readable for Hmac<Sha256> {
1237	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1238		use bitcoin::hashes::Hash;
1239
1240		let buf: [u8; 32] = Readable::read(r)?;
1241		Ok(Hmac::<Sha256>::from_byte_array(buf))
1242	}
1243}
1244
1245impl Writeable for Sha256dHash {
1246	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1247		w.write_all(&self[..])
1248	}
1249}
1250
1251impl Readable for Sha256dHash {
1252	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1253		use bitcoin::hashes::Hash;
1254
1255		let buf: [u8; 32] = Readable::read(r)?;
1256		Ok(Sha256dHash::from_slice(&buf[..]).unwrap())
1257	}
1258}
1259
1260impl Writeable for ecdsa::Signature {
1261	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1262		self.serialize_compact().write(w)
1263	}
1264}
1265
1266impl Readable for ecdsa::Signature {
1267	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1268		let buf: [u8; COMPACT_SIGNATURE_SIZE] = Readable::read(r)?;
1269		match ecdsa::Signature::from_compact(&buf) {
1270			Ok(sig) => Ok(sig),
1271			Err(_) => return Err(DecodeError::InvalidValue),
1272		}
1273	}
1274}
1275
1276impl Writeable for schnorr::Signature {
1277	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1278		self.as_ref().write(w)
1279	}
1280}
1281
1282impl Readable for schnorr::Signature {
1283	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1284		let buf: [u8; SCHNORR_SIGNATURE_SIZE] = Readable::read(r)?;
1285		match schnorr::Signature::from_slice(&buf) {
1286			Ok(sig) => Ok(sig),
1287			Err(_) => return Err(DecodeError::InvalidValue),
1288		}
1289	}
1290}
1291
1292impl Writeable for PaymentPreimage {
1293	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1294		self.0.write(w)
1295	}
1296}
1297
1298impl Readable for PaymentPreimage {
1299	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1300		let buf: [u8; 32] = Readable::read(r)?;
1301		Ok(PaymentPreimage(buf))
1302	}
1303}
1304
1305impl Writeable for PaymentHash {
1306	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1307		self.0.write(w)
1308	}
1309}
1310
1311impl Readable for PaymentHash {
1312	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1313		let buf: [u8; 32] = Readable::read(r)?;
1314		Ok(PaymentHash(buf))
1315	}
1316}
1317
1318impl Writeable for PaymentSecret {
1319	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1320		self.0.write(w)
1321	}
1322}
1323
1324impl Readable for PaymentSecret {
1325	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1326		let buf: [u8; 32] = Readable::read(r)?;
1327		Ok(PaymentSecret(buf))
1328	}
1329}
1330
1331impl<T: Writeable> Writeable for Box<T> {
1332	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1333		T::write(&**self, w)
1334	}
1335}
1336
1337impl<T: Readable> Readable for Box<T> {
1338	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1339		Ok(Box::new(Readable::read(r)?))
1340	}
1341}
1342
1343impl<T: Writeable> Writeable for Option<T> {
1344	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1345		match *self {
1346			None => 0u8.write(w)?,
1347			Some(ref data) => {
1348				BigSize(data.serialized_length() as u64 + 1).write(w)?;
1349				data.write(w)?;
1350			},
1351		}
1352		Ok(())
1353	}
1354}
1355
1356impl<T: LengthReadable> Readable for Option<T> {
1357	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1358		let len: BigSize = Readable::read(r)?;
1359		match len.0 {
1360			0 => Ok(None),
1361			len => {
1362				let mut reader = FixedLengthReader::new(r, len - 1);
1363				Ok(Some(LengthReadable::read_from_fixed_length_buffer(&mut reader)?))
1364			},
1365		}
1366	}
1367}
1368
1369impl Writeable for AbsoluteLockTime {
1370	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1371		self.to_consensus_u32().write(w)
1372	}
1373}
1374
1375impl Readable for AbsoluteLockTime {
1376	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1377		let lock_time: u32 = Readable::read(r)?;
1378		Ok(AbsoluteLockTime::from_consensus(lock_time))
1379	}
1380}
1381
1382impl Writeable for Amount {
1383	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1384		self.to_sat().write(w)
1385	}
1386}
1387
1388impl Readable for Amount {
1389	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1390		let amount: u64 = Readable::read(r)?;
1391		Ok(Amount::from_sat(amount))
1392	}
1393}
1394
1395impl Writeable for SignedAmount {
1396	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1397		self.to_sat().write(w)
1398	}
1399}
1400
1401impl Readable for SignedAmount {
1402	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1403		let amount: i64 = Readable::read(r)?;
1404		Ok(SignedAmount::from_sat(amount))
1405	}
1406}
1407
1408impl Writeable for Weight {
1409	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1410		self.to_wu().write(w)
1411	}
1412}
1413
1414impl Readable for Weight {
1415	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1416		let wu: u64 = Readable::read(r)?;
1417		Ok(Weight::from_wu(wu))
1418	}
1419}
1420
1421impl Writeable for Txid {
1422	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1423		w.write_all(&self[..])
1424	}
1425}
1426
1427impl Readable for Txid {
1428	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1429		use bitcoin::hashes::Hash;
1430
1431		let buf: [u8; 32] = Readable::read(r)?;
1432		Ok(Txid::from_slice(&buf[..]).unwrap())
1433	}
1434}
1435
1436impl Writeable for BlockHash {
1437	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1438		w.write_all(&self[..])
1439	}
1440}
1441
1442impl Readable for BlockHash {
1443	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1444		use bitcoin::hashes::Hash;
1445
1446		let buf: [u8; 32] = Readable::read(r)?;
1447		Ok(BlockHash::from_slice(&buf[..]).unwrap())
1448	}
1449}
1450
1451impl Writeable for ChainHash {
1452	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1453		w.write_all(self.as_bytes())
1454	}
1455}
1456
1457impl Readable for ChainHash {
1458	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1459		let buf: [u8; 32] = Readable::read(r)?;
1460		Ok(ChainHash::from(buf))
1461	}
1462}
1463
1464impl Writeable for OutPoint {
1465	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1466		self.txid.write(w)?;
1467		self.vout.write(w)?;
1468		Ok(())
1469	}
1470}
1471
1472impl Readable for OutPoint {
1473	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1474		let txid = Readable::read(r)?;
1475		let vout = Readable::read(r)?;
1476		Ok(OutPoint { txid, vout })
1477	}
1478}
1479
1480macro_rules! impl_consensus_ser {
1481	($bitcoin_type: ty) => {
1482		impl Writeable for $bitcoin_type {
1483			fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
1484				match self.consensus_encode(&mut WriterWriteAdaptor(writer)) {
1485					Ok(_) => Ok(()),
1486					Err(e) => Err(e),
1487				}
1488			}
1489		}
1490
1491		impl Readable for $bitcoin_type {
1492			fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1493				let mut reader = BufReader::<_>::new(r);
1494				match consensus::encode::Decodable::consensus_decode(&mut reader) {
1495					Ok(t) => Ok(t),
1496					Err(consensus::encode::Error::Io(ref e))
1497						if e.kind() == io::ErrorKind::UnexpectedEof =>
1498					{
1499						Err(DecodeError::ShortRead)
1500					},
1501					Err(consensus::encode::Error::Io(e)) => Err(DecodeError::Io(e.kind().into())),
1502					Err(_) => Err(DecodeError::InvalidValue),
1503				}
1504			}
1505		}
1506	};
1507}
1508impl_consensus_ser!(Transaction);
1509impl_consensus_ser!(TxIn);
1510impl_consensus_ser!(TxOut);
1511impl_consensus_ser!(Witness);
1512impl_consensus_ser!(Sequence);
1513
1514impl<T: Readable> Readable for Mutex<T> {
1515	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1516		let t: T = Readable::read(r)?;
1517		Ok(Mutex::new(t))
1518	}
1519}
1520impl<T: Writeable> Writeable for Mutex<T> {
1521	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1522		self.lock().unwrap().write(w)
1523	}
1524}
1525
1526impl<T: Readable> Readable for RwLock<T> {
1527	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1528		let t: T = Readable::read(r)?;
1529		Ok(RwLock::new(t))
1530	}
1531}
1532impl<T: Writeable> Writeable for RwLock<T> {
1533	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1534		self.read().unwrap().write(w)
1535	}
1536}
1537
1538macro_rules! impl_tuple_ser {
1539	($($i: ident : $type: tt),*) => {
1540		impl<$($type),*> Readable for ($($type),*)
1541		where $(
1542			$type: Readable,
1543		)*
1544		{
1545			fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1546				Ok(($(<$type as Readable>::read(r)?),*))
1547			}
1548		}
1549
1550		impl<$($type),*> Writeable for ($($type),*)
1551		where $(
1552			$type: Writeable,
1553		)*
1554		{
1555			fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1556				let ($($i),*) = self;
1557				$($i.write(w)?;)*
1558				Ok(())
1559			}
1560		}
1561	}
1562}
1563
1564impl_tuple_ser!(a: A, b: B);
1565impl_tuple_ser!(a: A, b: B, c: C);
1566impl_tuple_ser!(a: A, b: B, c: C, d: D);
1567impl_tuple_ser!(a: A, b: B, c: C, d: D, e: E);
1568impl_tuple_ser!(a: A, b: B, c: C, d: D, e: E, f: F);
1569impl_tuple_ser!(a: A, b: B, c: C, d: D, e: E, f: F, g: G);
1570
1571impl Writeable for () {
1572	fn write<W: Writer>(&self, _: &mut W) -> Result<(), io::Error> {
1573		Ok(())
1574	}
1575}
1576impl Readable for () {
1577	fn read<R: Read>(_r: &mut R) -> Result<Self, DecodeError> {
1578		Ok(())
1579	}
1580}
1581
1582impl Writeable for String {
1583	#[inline]
1584	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1585		CollectionLength(self.len() as u64).write(w)?;
1586		w.write_all(self.as_bytes())
1587	}
1588}
1589impl Readable for String {
1590	#[inline]
1591	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1592		let v: Vec<u8> = Readable::read(r)?;
1593		let ret = String::from_utf8(v).map_err(|_| DecodeError::InvalidValue)?;
1594		Ok(ret)
1595	}
1596}
1597
1598/// Represents a hostname for serialization purposes.
1599/// Only the character set and length will be validated.
1600/// The character set consists of ASCII alphanumeric characters, hyphens, and periods.
1601/// Its length is guaranteed to be representable by a single byte.
1602/// This serialization is used by [`BOLT 7`] hostnames.
1603///
1604/// [`BOLT 7`]: https://github.com/lightning/bolts/blob/master/07-routing-gossip.md
1605#[derive(Clone, Debug, Hash, PartialEq, Eq)]
1606pub struct Hostname(String);
1607impl Hostname {
1608	/// Returns the length of the hostname.
1609	pub fn len(&self) -> u8 {
1610		(&self.0).len() as u8
1611	}
1612
1613	/// Check if the chars in `s` are allowed to be included in a [`Hostname`].
1614	pub(crate) fn str_is_valid_hostname(s: &str) -> bool {
1615		s.len() <= 255
1616			&& s.chars().all(|c| c.is_ascii_alphanumeric() || c == '.' || c == '_' || c == '-')
1617	}
1618}
1619
1620impl core::fmt::Display for Hostname {
1621	fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
1622		write!(f, "{}", self.0)?;
1623		Ok(())
1624	}
1625}
1626impl Deref for Hostname {
1627	type Target = String;
1628
1629	fn deref(&self) -> &Self::Target {
1630		&self.0
1631	}
1632}
1633impl From<Hostname> for String {
1634	fn from(hostname: Hostname) -> Self {
1635		hostname.0
1636	}
1637}
1638impl TryFrom<Vec<u8>> for Hostname {
1639	type Error = ();
1640
1641	fn try_from(bytes: Vec<u8>) -> Result<Self, Self::Error> {
1642		if let Ok(s) = String::from_utf8(bytes) {
1643			Hostname::try_from(s)
1644		} else {
1645			Err(())
1646		}
1647	}
1648}
1649impl TryFrom<String> for Hostname {
1650	type Error = ();
1651
1652	fn try_from(s: String) -> Result<Self, Self::Error> {
1653		if Hostname::str_is_valid_hostname(&s) {
1654			Ok(Hostname(s))
1655		} else {
1656			Err(())
1657		}
1658	}
1659}
1660impl Writeable for Hostname {
1661	#[inline]
1662	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1663		self.len().write(w)?;
1664		w.write_all(self.as_bytes())
1665	}
1666}
1667impl Readable for Hostname {
1668	#[inline]
1669	fn read<R: Read>(r: &mut R) -> Result<Hostname, DecodeError> {
1670		let len: u8 = Readable::read(r)?;
1671		let mut vec = Vec::with_capacity(len.into());
1672		vec.resize(len.into(), 0);
1673		r.read_exact(&mut vec)?;
1674		Hostname::try_from(vec).map_err(|_| DecodeError::InvalidValue)
1675	}
1676}
1677
1678impl TryInto<Name> for Hostname {
1679	type Error = ();
1680	fn try_into(self) -> Result<Name, ()> {
1681		Name::try_from(self.0)
1682	}
1683}
1684
1685/// This is not exported to bindings users as `Duration`s are simply mapped as ints.
1686impl Writeable for Duration {
1687	#[inline]
1688	fn write<W: Writer>(&self, w: &mut W) -> Result<(), io::Error> {
1689		self.as_secs().write(w)?;
1690		self.subsec_nanos().write(w)
1691	}
1692}
1693/// This is not exported to bindings users as `Duration`s are simply mapped as ints.
1694impl Readable for Duration {
1695	#[inline]
1696	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
1697		let secs = Readable::read(r)?;
1698		let nanos = Readable::read(r)?;
1699		// Duration::new panics if the nanosecond part in excess of a second, added to the second
1700		// part, overflows. To ensure this won't happen, we simply reject any case where there are
1701		// nanoseconds in excess of a second, which is invalid anyway.
1702		if nanos >= 1_000_000_000 {
1703			Err(DecodeError::InvalidValue)
1704		} else {
1705			Ok(Duration::new(secs, nanos))
1706		}
1707	}
1708}
1709
1710impl Writeable for ClaimId {
1711	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
1712		self.0.write(writer)
1713	}
1714}
1715
1716impl Readable for ClaimId {
1717	fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
1718		Ok(Self(Readable::read(reader)?))
1719	}
1720}
1721
1722#[cfg(test)]
1723mod tests {
1724	use crate::prelude::*;
1725	use crate::util::ser::{Hostname, Readable, Writeable};
1726	use bitcoin::hex::FromHex;
1727	use bitcoin::secp256k1::ecdsa;
1728
1729	#[test]
1730	fn hostname_conversion() {
1731		assert_eq!(Hostname::try_from(String::from("a-test.com")).unwrap().as_str(), "a-test.com");
1732
1733		assert!(Hostname::try_from(String::from("\"")).is_err());
1734		assert!(Hostname::try_from(String::from("$")).is_err());
1735		assert!(Hostname::try_from(String::from("⚡")).is_err());
1736		let mut large_vec = Vec::with_capacity(256);
1737		large_vec.resize(256, b'A');
1738		assert!(Hostname::try_from(String::from_utf8(large_vec).unwrap()).is_err());
1739	}
1740
1741	#[test]
1742	fn hostname_serialization() {
1743		let hostname = Hostname::try_from(String::from("test")).unwrap();
1744		let mut buf: Vec<u8> = Vec::new();
1745		hostname.write(&mut buf).unwrap();
1746		assert_eq!(Hostname::read(&mut buf.as_slice()).unwrap().as_str(), "test");
1747	}
1748
1749	#[test]
1750	/// Taproot will likely fill legacy signature fields with all 0s.
1751	/// This test ensures that doing so won't break serialization.
1752	fn null_signature_codec() {
1753		let buffer = vec![0u8; 64];
1754		let mut cursor = crate::io::Cursor::new(buffer.clone());
1755		let signature = ecdsa::Signature::read(&mut cursor).unwrap();
1756		let serialization = signature.serialize_compact();
1757		assert_eq!(buffer, serialization.to_vec())
1758	}
1759
1760	#[test]
1761	fn bigsize_encoding_decoding() {
1762		let values = [0, 252, 253, 65535, 65536, 4294967295, 4294967296, 18446744073709551615];
1763		let bytes = [
1764			"00",
1765			"fc",
1766			"fd00fd",
1767			"fdffff",
1768			"fe00010000",
1769			"feffffffff",
1770			"ff0000000100000000",
1771			"ffffffffffffffffff",
1772		];
1773		for i in 0..=7 {
1774			let mut stream = crate::io::Cursor::new(<Vec<u8>>::from_hex(bytes[i]).unwrap());
1775			assert_eq!(super::BigSize::read(&mut stream).unwrap().0, values[i]);
1776			let mut stream = super::VecWriter(Vec::new());
1777			super::BigSize(values[i]).write(&mut stream).unwrap();
1778			assert_eq!(stream.0, <Vec<u8>>::from_hex(bytes[i]).unwrap());
1779		}
1780		let err_bytes = [
1781			"fd00fc",
1782			"fe0000ffff",
1783			"ff00000000ffffffff",
1784			"fd00",
1785			"feffff",
1786			"ffffffffff",
1787			"fd",
1788			"fe",
1789			"ff",
1790			"",
1791		];
1792		for i in 0..=9 {
1793			let mut stream = crate::io::Cursor::new(<Vec<u8>>::from_hex(err_bytes[i]).unwrap());
1794			if i < 3 {
1795				assert_eq!(
1796					super::BigSize::read(&mut stream).err(),
1797					Some(crate::ln::msgs::DecodeError::InvalidValue)
1798				);
1799			} else {
1800				assert_eq!(
1801					super::BigSize::read(&mut stream).err(),
1802					Some(crate::ln::msgs::DecodeError::ShortRead)
1803				);
1804			}
1805		}
1806	}
1807}