Validate primitive inputs and add integration checks

Author: chavic

payjoin-ffi/Cargo.toml

@@ -31,7 +31,10 @@ serde = { version = "1.0.219", features = ["derive"] }
 serde_json = "1.0.142"
 thiserror = "2.0.14"
 tokio = { version = "1.47.1", features = ["full"], optional = true }
-uniffi = { version = "0.30.0", features = ["cli"] }
+uniffi = { version = "0.30.0", features = [
+  "cli",
+  "wasm-unstable-single-threaded",
+] }
 uniffi-dart = { git = "https://github.com/Uniffi-Dart/uniffi-dart.git", rev = "5bdcc79", optional = true }
 url = "2.5.4"
 

payjoin-ffi/dart/test/test_payjoin_integration_test.dart

@@ -373,6 +373,41 @@ Future<payjoin.ReceiveSession?> process_receiver_proposal(
 
 void main() {
   group('Test integration', () {
+    test('Invalid primitives', () async {
+      final tooLargeAmount = 21000000 * 100000000 + 1;
+      final txin = payjoin.PlainTxIn(
+        payjoin.PlainOutPoint("00" * 64, 0),
+        Uint8List(0),
+        0,
+        <Uint8List>[],
+      );
+      final txout = payjoin.PlainTxOut(
+        tooLargeAmount,
+        Uint8List.fromList([0x6a]),
+      );
+      final psbtIn = payjoin.PlainPsbtInput(txout, null, null);
+      expect(
+        () => payjoin.InputPair(txin, psbtIn, null),
+        throwsA(isA<payjoin.InputPairException>()),
+      );
+
+      final pjUri = payjoin.Uri.parse(
+        "bitcoin:12c6DSiU4Rq3P4ZxziKxzrL5LmMBrzjrJX?amount=1&pj=https://example.com",
+      ).checkPjSupported();
+      final psbt =
+          "cHNidP8BAHMCAAAAAY8nutGgJdyYGXWiBEb45Hoe9lWGbkxh/6bNiOJdCDuDAAAAAAD+////AtyVuAUAAAAAF6kUHehJ8GnSdBUOOv6ujXLrWmsJRDCHgIQeAAAAAAAXqRR3QJbbz0hnQ8IvQ0fptGn+votneofTAAAAAAEBIKgb1wUAAAAAF6kU3k4ekGHKWRNbA1rV5tR5kEVDVNCHAQcXFgAUx4pFclNVgo1WWAdN1SYNX8tphTABCGsCRzBEAiB8Q+A6dep+Rz92vhy26lT0AjZn4PRLi8Bf9qoB/CMk0wIgP/Rj2PWZ3gEjUkTlhDRNAQ0gXwTO7t9n+V14pZ6oljUBIQMVmsAaoNWHVMS02LfTSe0e388LNitPa1UQZyOihY+FFgABABYAFEb2Giu6c4KO5YW0pfw3lGp9jMUUAAA=";
+      final maxU64 = int.parse("18446744073709551615");
+      expect(
+        () => payjoin.SenderBuilder(psbt, pjUri).buildRecommended(maxU64),
+        throwsA(isA<payjoin.SenderInputException>()),
+      );
+
+      expect(
+        () => pjUri.setAmountSats(tooLargeAmount),
+        throwsA(isA<payjoin.PrimitiveException>()),
+      );
+    });
+
     test('Test integration v2 to v2', () async {
       env = payjoin.initBitcoindSenderReceiver();
       bitcoind = env.getBitcoind();

payjoin-ffi/javascript/test/integration.test.ts

@@ -450,6 +450,46 @@ async function processReceiverProposal(
     throw new Error(`Unknown receiver state`);
 }
 
+function testInvalidPrimitives(): void {
+    const tooLargeAmount = 21000000n * 100000000n + 1n;
+    const txin = payjoin.PlainTxIn.create({
+        previousOutput: payjoin.PlainOutPoint.create({
+            txid: "00".repeat(64),
+            vout: 0,
+        }),
+        scriptSig: new Uint8Array([]).buffer,
+        sequence: 0,
+        witness: [],
+    });
+    const txout = payjoin.PlainTxOut.create({
+        valueSat: tooLargeAmount,
+        scriptPubkey: new Uint8Array([0x6a]).buffer,
+    });
+    const psbtIn = payjoin.PlainPsbtInput.create({
+        witnessUtxo: txout,
+        redeemScript: undefined,
+        witnessScript: undefined,
+    });
+    assert.throws(() => {
+        new payjoin.InputPair(txin, psbtIn, undefined);
+    }, /Amount out of range/);
+
+    const pjUri = payjoin.Uri.parse(
+        "bitcoin:12c6DSiU4Rq3P4ZxziKxzrL5LmMBrzjrJX?amount=1&pj=https://example.com",
+    ).checkPjSupported();
+    const psbt =
+        "cHNidP8BAHMCAAAAAY8nutGgJdyYGXWiBEb45Hoe9lWGbkxh/6bNiOJdCDuDAAAAAAD+////AtyVuAUAAAAAF6kUHehJ8GnSdBUOOv6ujXLrWmsJRDCHgIQeAAAAAAAXqRR3QJbbz0hnQ8IvQ0fptGn+votneofTAAAAAAEBIKgb1wUAAAAAF6kU3k4ekGHKWRNbA1rV5tR5kEVDVNCHAQcXFgAUx4pFclNVgo1WWAdN1SYNX8tphTABCGsCRzBEAiB8Q+A6dep+Rz92vhy26lT0AjZn4PRLi8Bf9qoB/CMk0wIgP/Rj2PWZ3gEjUkTlhDRNAQ0gXwTO7t9n+V14pZ6oljUBIQMVmsAaoNWHVMS02LfTSe0e388LNitPa1UQZyOihY+FFgABABYAFEb2Giu6c4KO5YW0pfw3lGp9jMUUAAA=";
+    assert.throws(() => {
+        new payjoin.SenderBuilder(psbt, pjUri).buildRecommended(
+            18446744073709551615n,
+        );
+    }, /Fee rate out of range/);
+
+    assert.throws(() => {
+        pjUri.setAmountSats(tooLargeAmount);
+    }, /Amount out of range/);
+}
+
 async function testIntegrationV2ToV2(): Promise<void> {
     const env = testUtils.initBitcoindSenderReceiver();
     const bitcoind = env.getBitcoind();
@@ -589,6 +629,7 @@ async function testIntegrationV2ToV2(): Promise<void> {
 
 async function runTests(): Promise<void> {
     await uniffiInitAsync();
+    testInvalidPrimitives();
     await testIntegrationV2ToV2();
 }
 

payjoin-ffi/python/test/test_payjoin_integration_test.py

@@ -57,6 +57,37 @@ def setUpClass(cls):
         cls.receiver = cls.env.get_receiver()
         cls.sender = cls.env.get_sender()
 
+    async def test_invalid_primitives(self):
+        too_large_amount = 21_000_000 * 100_000_000 + 1
+        txin = PlainTxIn(
+            previous_output=PlainOutPoint(txid="00" * 64, vout=0),
+            script_sig=b"",
+            sequence=0,
+            witness=[],
+        )
+        psbt_in = PlainPsbtInput(
+            witness_utxo=PlainTxOut(
+                value_sat=too_large_amount,
+                script_pubkey=bytes([0x6A]),
+            ),
+            redeem_script=None,
+            witness_script=None,
+        )
+        with self.assertRaises(InputPairError) as ctx:
+            InputPair(txin=txin, psbtin=psbt_in, expected_weight=None)
+        self.assertIn("Amount out of range", str(ctx.exception))
+
+        pj_uri = Uri.parse(
+            "bitcoin:12c6DSiU4Rq3P4ZxziKxzrL5LmMBrzjrJX?amount=1&pj=https://example.com"
+        ).check_pj_supported()
+        with self.assertRaises(SenderInputError) as ctx:
+            SenderBuilder(original_psbt(), pj_uri).build_recommended(2**64 - 1)
+        self.assertIn("Fee rate out of range", str(ctx.exception))
+
+        with self.assertRaises(PrimitiveError) as ctx:
+            pj_uri.set_amount_sats(too_large_amount)
+        self.assertIn("Amount out of range", str(ctx.exception))
+
     async def process_receiver_proposal(
         self,
         receiver: ReceiveSession,

payjoin-ffi/src/error.rs

@@ -28,13 +28,13 @@ pub enum PrimitiveError {
     #[error("{field} script is empty")]
     ScriptEmpty { field: String },
     #[error("{field} script too large: {len} bytes (max {max})")]
-    ScriptTooLarge { field: String, len: usize, max: usize },
+    ScriptTooLarge { field: String, len: u64, max: u64 },
     #[error("Witness stack has {count} items (max {max})")]
-    WitnessItemsTooMany { count: usize, max: usize },
+    WitnessItemsTooMany { count: u64, max: u64 },
     #[error("Witness item {index} too large: {len} bytes (max {max})")]
-    WitnessItemTooLarge { index: usize, len: usize, max: usize },
+    WitnessItemTooLarge { index: u64, len: u64, max: u64 },
     #[error("Witness stack too large: {len} bytes (max {max})")]
-    WitnessTooLarge { len: usize, max: usize },
+    WitnessTooLarge { len: u64, max: u64 },
     #[error("Weight out of range: {weight_units} wu (max {max_wu})")]
     WeightOutOfRange { weight_units: u64, max_wu: u64 },
     #[error("Fee rate out of range: {value} {unit}")]

payjoin-ffi/src/receive/error.rs

@@ -168,23 +168,28 @@ impl From<ProtocolError> for JsonReply {
 #[error(transparent)]
 pub struct SessionError(#[from] receive::v2::SessionError);
 
+/// Protocol error raised during output substitution.
+#[derive(Debug, thiserror::Error, uniffi::Object)]
+#[error(transparent)]
+pub struct OutputSubstitutionProtocolError(#[from] receive::OutputSubstitutionError);
+
 /// Error that may occur when output substitution fails.
 #[derive(Debug, thiserror::Error, uniffi::Error)]
 pub enum OutputSubstitutionError {
     #[error(transparent)]
-    Protocol(Arc<receive::OutputSubstitutionError>),
+    Protocol(Arc<OutputSubstitutionProtocolError>),
     #[error(transparent)]
-    Primitive(Arc<PrimitiveError>),
+    Primitive(PrimitiveError),
 }
 
 impl From<receive::OutputSubstitutionError> for OutputSubstitutionError {
     fn from(value: receive::OutputSubstitutionError) -> Self {
-        OutputSubstitutionError::Protocol(Arc::new(value))
+        OutputSubstitutionError::Protocol(Arc::new(value.into()))
     }
 }
 
 impl From<PrimitiveError> for OutputSubstitutionError {
-    fn from(value: PrimitiveError) -> Self { OutputSubstitutionError::Primitive(Arc::new(value)) }
+    fn from(value: PrimitiveError) -> Self { OutputSubstitutionError::Primitive(value) }
 }
 
 /// Error that may occur when coin selection fails.
@@ -213,7 +218,7 @@ pub enum InputPairError {
     InvalidPsbtInput(Arc<PsbtInputError>),
     /// Primitive input failed validation in the FFI layer.
     #[error("Invalid primitive input: {0}")]
-    InvalidPrimitive(Arc<PrimitiveError>),
+    InvalidPrimitive(PrimitiveError),
 }
 
 impl InputPairError {
@@ -223,9 +228,7 @@ impl InputPairError {
 }
 
 impl From<PrimitiveError> for InputPairError {
-    fn from(value: PrimitiveError) -> Self {
-        InputPairError::InvalidPrimitive(Arc::new(value))
-    }
+    fn from(value: PrimitiveError) -> Self { InputPairError::InvalidPrimitive(value) }
 }
 
 /// Error that may occur when a receiver event log is replayed