Introduce interactive signing state flags for funded states. #3637
Conversation
|
👋 Thanks for assigning @wpaulino as a reviewer! |
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
2 times, most recently
from
4c6b6ab to
c1f430a
Compare
dunxen
changed the title
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
c1f430a to
e89ba58
Compare
Not yet. Tracked in #3636. Will need to be able to contribute inputs first to test a useful order of message exchange + restart. |
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
e89ba58 to
3b2ac55
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3637 +/- ##
==========================================
+ Coverage 89.23% 89.27% +0.03%
==========================================
Files 155 155
Lines 119329 121895 +2566
Branches 119329 121895 +2566
==========================================
+ Hits 106488 108817 +2329
- Misses 10243 10473 +230
- Partials 2598 2605 +7 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
3b2ac55 to
5110ecc
Compare
|
@dunxen re-request when this is ready for review again, feel free to squash as well |
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
5110ecc to
1d96044
Compare
|
🔔 1st Reminder Hey @TheBlueMatt @jkczyz @wpaulino! This PR has been waiting for your review. |
| @@ -6924,11 +6933,72 @@ impl<SP: Deref> FundedChannel<SP> where | |||
| log_debug!(logger, "Reconnected channel {} with no loss", &self.context.channel_id()); | |||
| } | |||
|
|
|||
| // if next_funding_txid is set: | |||
There was a problem hiding this comment.
If possible, would be nice to get some test coverage in now for this
There was a problem hiding this comment.
Might be tricky at the moment, but makes sense to try do that now 👍
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
1d96044 to
55e5f6f
Compare
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
3 times, most recently
from
e510273 to
2fa5802
Compare
lightning/src/ln/channel.rs
Outdated
| let commitment_update = if !session.counterparty_sent_tx_signatures() && msg.next_local_commitment_number == 0 { | ||
| // if it has not received tx_signatures for that funding transaction AND | ||
| // if next_commitment_number is zero: | ||
| // MUST retransmit its commitment_signed for that funding transaction. |
There was a problem hiding this comment.
I assume for splicing this will need to be generalized to return a commitment_signed for the current commitment number (still 0 for the open case). Is it worth taking care of that now?
There was a problem hiding this comment.
For splicing this seems a bit up in the air still, but yes will have to generalise. Discussion here: https://github.com/lightning/bolts/pull/1214/files#discussion_r1882436204
| (None, None, Some(msgs::TxAbort { channel_id: self.context.channel_id(), data: vec![] })) | ||
| } | ||
| } else { | ||
| return Err(ChannelError::close("Counterparty set `next_funding_txid` at incorrect state".into())); |
There was a problem hiding this comment.
We shouldn't close the channel here. It seems possible that we clear the session because we exchanged tx_signatures from our PoV, but they still need us to retransmit tx_signatures because they didn't receive it the first time around.
There was a problem hiding this comment.
Yeah, I think it's then just fine to warn here since we are broadcasting the funding tx anyway. Unfortunately we don't have tx_signatures to send them since the session is cleared.
There was a problem hiding this comment.
Hm, that sounds like a protocol violation then, no? It'd be weird for the counterparty to not have received the message but then see the channel confirm. We might need to guarantee the send, either by not clearing the session until a later point, or reconstructing the tx_signatures message from the fully-signed transaction we plan to broadcast.
There was a problem hiding this comment.
Reconstructing may not be possible as we would have forgotten which inputs are the holder's at this point, so best to not clear until later.
There was a problem hiding this comment.
Ok in latest push we now only clear the session later.
There was a problem hiding this comment.
By not clearing this, when we process tx_signatures again, won't we add duplicative witness data?
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
2 times, most recently
from
d226021 to
20514fb
Compare
|
Just pushed the change for full persistence of |
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
3 times, most recently
from
af75699 to
9676dd5
Compare
|
@dunxen let us know when this is ready for another round |
| {1, Local} => (), | ||
| {3, Remote} => (), |
There was a problem hiding this comment.
nit: typically we use:
(1, Local) => {},
(3, Remote) => {},Also, can number these 0 and 1.
There was a problem hiding this comment.
In this case these are both tuple variants, so the () => {} syntax doesn't work as it won't include the the 0 field of the tuple, so it doesn't compile. That syntax would only work for unit/struct variants, I believe.
| {1, Single} => (), | ||
| {3, SharedControlFullyOwned} => (), | ||
| {5, Shared} => (), |
| impl_writeable_tlv_based!(InteractiveTxSigningSession, { | ||
| (1, unsigned_tx, required), | ||
| (3, holder_sends_tx_signatures_first, required), | ||
| (5, has_received_commitment_signed, required), | ||
| (7, holder_tx_signatures, required), | ||
| }); |
There was a problem hiding this comment.
IIUC, when introducing a new serialization, we can number these starting at 0 and use both even and odd given no previous versions understand this. Likewise elsewhere.
There was a problem hiding this comment.
Actually, given @wpaulino's comment on another PR, I'm not sure if this would be desirable. @TheBlueMatt What are the best practices when adding serialization for a new struct? IIRC, you had once suggested just numbering with both even and add. But Wilmer's comment of only using odd makes sense to me.
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
9676dd5 to
11e52b8
Compare
Instead of having an explicit `ChannelContext::next_funding_txid` to set and read, we can get this value on the fly when it is appropriate to do so.
This follows the the specification closely in branching without being too verbose, so that it should be easy to follow the logic. See: https://github.com/lightning/bolts/blob/aa5207a/02-peer-protocol.md?plain=1#L2520-L2531
…no active signing session
This intoduces the INTERACTIVE_SIGNING, THEIR_TX_SIGNATURES_SENT, and OUR_TX_SIGNATURES_SENT funded state flags. A top-level state flag for INTERACTIVE_SIGNING was avoided so that this work is compatible with splicing as well as V2 channel establishment (dual-funding).
… funding tx when signed & clear signing session on channel_ready received
We fully persist `InteractiveTxSigningSession` as it provides the full context of the constructed transaction which is still needed for signing.
…tlv_based!` everywhere
When this config field is enabled, the dual_fund feature bit will be set which determines support when receiving `open_channel2` messages.
dunxen
force-pushed
the
2025-02-interactivesigningstate
branch
from
11e52b8 to
b78d5dc
Compare
This PR includes some deferred follow-ups extracted from #3423 and introduces new state flags to track interactive signing along with persistence of the minimum information needed from a signing session to reconstruct it.
A top-level state flag was avoided so that this work is compatible with splicing as well as V2 channel establishment (dual-funding).