Introduce FundingTransactionReadyForSignatures event
#3889
Conversation
|
👋 Thanks for assigning @jkczyz as a reviewer! |
| /// After signing, call [`ChannelManager::funding_transaction_signed`] with the (partially) signed | ||
| /// funding transaction. | ||
| /// | ||
| /// Generated in [`ChannelManager`] message handling. |
There was a problem hiding this comment.
Could you add a "Failure Behavior and Persistence" section as is done for other events?
There was a problem hiding this comment.
Yeah and it makes sense to replay this after failure to handle, but not to persist across restarts as the new channel/splice won't be persisted before signing, anyway.
There was a problem hiding this comment.
Looks like this needs to be added still.
| let witnesses: Vec<_> = transaction | ||
| .input | ||
| .into_iter() | ||
| .filter_map(|input| if input.witness.is_empty() { None } else { Some(input.witness) }) | ||
| .collect(); |
There was a problem hiding this comment.
Don't have a strong opinion here, but seems we can avoid this by passing the Transaction through and only collecting witnesses when we are ready to construct TxSignatures.
There was a problem hiding this comment.
Cool, yeah will look at changing this after fixups.
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
165d59d to
8ca6d79
Compare
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #3889 +/- ##
==========================================
- Coverage 88.93% 88.67% -0.26%
==========================================
Files 174 173 -1
Lines 123875 124257 +382
Branches 123875 124257 +382
==========================================
+ Hits 110169 110191 +22
- Misses 11253 11673 +420
+ Partials 2453 2393 -60
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
1 similar comment
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
890633d to
a1de384
Compare
|
🔔 2nd Reminder Hey @wpaulino! This PR has been waiting for your review. |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
7df5779 to
c8f981c
Compare
|
🔔 3rd Reminder Hey @wpaulino! This PR has been waiting for your review. |
Yeah, they got lost on a rebase and somehow lost the commit. Rebased to get the one CI fix in. Fixing. |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
c15f426 to
ff1489d
Compare
|
🔔 4th Reminder Hey @wpaulino! This PR has been waiting for your review. |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
ff1489d to
0a586e6
Compare
|
🔔 5th Reminder Hey @wpaulino! This PR has been waiting for your review. |
|
🔔 6th Reminder Hey @wpaulino! This PR has been waiting for your review. |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
a9e1a3a to
83e78d6
Compare
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
1ab3286 to
b161cba
Compare
lightning/src/ln/channel.rs
Outdated
| @@ -7605,6 +7586,188 @@ where | |||
| } | |||
| } | |||
|
|
|||
| fn verify_interactive_tx_signatures( | |||
There was a problem hiding this comment.
Needs some clean up and tests but pushed it for some review.
There was a problem hiding this comment.
Is test coverage for this actually feasible yet?
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
b161cba to
4dde88e
Compare
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
58b5381 to
50e7cf4
Compare
lightning/src/ln/channel.rs
Outdated
| @@ -7605,6 +7586,188 @@ where | |||
| } | |||
| } | |||
|
|
|||
| fn verify_interactive_tx_signatures( | |||
There was a problem hiding this comment.
Is test coverage for this actually feasible yet?
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
ca2d5e0 to
b45913a
Compare
| user_channel_id: channel.context.get_user_id(), | ||
| }, None)); | ||
| } else if signing_session.local_inputs_count() == 0 { | ||
| pending_msg_events.push(MessageSendEvent::SendTxSignatures { node_id: counterparty_node_id, msg: msgs::TxSignatures { channel_id: channel.context.channel_id(), tx_hash: signing_session.unsigned_tx().compute_txid(), witnesses: vec![], shared_input_signature: None } }); |
There was a problem hiding this comment.
We probably shouldn't send the message here, and should rely on either sending it after receiving a tx_signatures, sending it first as a result of funding_transaction_signed, or re-sending it on reestablish.
There was a problem hiding this comment.
Yeah, this would be the case of no inputs contributed, so we'd be up first for sending (we'd have the lowest contributed input value).
So this means,
- We can't send an empty
tx_signaturesin response to receiving atx_signatures funding_transaction_signedwill never be called as there is nothing to sign.- Sending on re-establish will happen, but where else do we send it?
There was a problem hiding this comment.
Ah I see, you're right. This looks correct then, but before sending with 0 inputs can we move the call to provide_holder_witnesses here as well?
Thanks, I did intend to avoid that but I definitely lost track of the changes. |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
b45913a to
e518bd2
Compare
The `FundingTransactionReadyForSignatures` event requests witnesses from the client for their contributed inputs to an interactively constructed transaction. The client calls `ChannelManager::funding_transaction_signed` to provide the witnesses to LDK. The `handle_channel_resumption` method handles resumption from both a channel re-establish and a monitor update. When the corresponding monitor update for the commitment_signed message completes, we will push the event here. We can thus only ever provide holder signatures after a monitor update has completed. We can also get rid of the reestablish code involved with `monitor_pending_tx_signatures` and remove that field too.
The return type of commitment_signed() started groing into a really long and unwieldy tuple. We introduce a dedicated enum return type for it here.
…hecks In a following commit, We'll use the contained scriptPubKeys to validate P2WPKH and P2TR key path spends and to assist in checking that signatures in provided holder witnesses use SIGHASH_ALL to prevent funds being frozen or held ransom.
LDK checks the following: * Each input spends an output that is one of P2WPKH, P2WSH, or P2TR. These were already checked by LDK when the inputs to be contributed were provided. * All signatures use the `SIGHASH_ALL` sighash type. * P2WPKH and P2TR key path spends are valid (verifies signatures) NOTE: * When checking P2WSH spends, LDK tries to decode 70-72 byte witness elements as ECDSA signatures with a sighash flag. If the internal DER-decoding fails, then LDK just assumes it wasn't a signature and carries with checks. If the element can be decoded as an ECDSA signature, the the sighash flag must be `SIGHASH_ALL`. * When checking P2TR script-path spends, LDK assumes all elements of exactly 65 bytes with the last byte matching any valid sighash flag byte are schnorr signatures and checks that the sighash type is `SIGHASH_ALL`. If the last byte is not any valid sighash flag, the element is assumed not to be a signature and is ignored. Elements of 64 bytes are not checked because if they were schnorr signatures then they would implicitly be `SIGHASH_DEFAULT` which is an alias of `SIGHASH_ALL`.
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
e518bd2 to
0dbc64f
Compare
| @@ -7832,8 +7844,7 @@ where | |||
| // case checks if there is a monitor persist in progress when we need to respond with our `tx_signatures` | |||
| // and sets it as pending. | |||
| if holder_tx_signatures_opt.is_some() && self.is_awaiting_initial_mon_persist() { | |||
There was a problem hiding this comment.
This should probably change to just checking holder_tx_signature_opt.is_none(), and we can debug_assert!(self.is_awaiting_initial_mon_persist()) inside. Though I think that also breaks when we have 0 inputs contributed as we immediately provide an empty set of witnesses. Maybe that logic should also happen in handle_channel_resumption instead of generating the event.
| @@ -8628,13 +8627,7 @@ where | |||
| // MUST send its tx_signatures for that funding transaction. | |||
| ) || self.context.channel_state.is_their_tx_signatures_sent() { | |||
| if self.context.channel_state.is_monitor_update_in_progress() { | |||
There was a problem hiding this comment.
Let's check for presence of holder_tx_signatures instead and debug_assert!(monitor_update_in_progress) if None
| pub fn funding_transaction_signed( | ||
| &self, channel_id: &ChannelId, counterparty_node_id: &PublicKey, transaction: Transaction, | ||
| ) -> Result<(), APIError> { | ||
| let _persistence_guard = PersistenceNotifierGuard::notify_on_drop(self); |
There was a problem hiding this comment.
We should only have to persist if we have a tx_signatures message to send
| let _ = self.interactive_tx_signing_session.as_mut().and_then(|session| session.received_commitment_signed()); | ||
| // Only build the unsigned transaction for signing if there are any holder inputs to actually sign | ||
| let funding_tx_opt = self.interactive_tx_signing_session.as_ref().and_then(|session| | ||
| session.local_inputs_count().gt(&0).then_some(session.unsigned_tx().build_unsigned_tx())); |
There was a problem hiding this comment.
Looks like this can be dropped now
| let witnesses: Vec<_> = transaction | ||
| .input | ||
| .into_iter() | ||
| .filter_map(|input| if input.witness.is_empty() { None } else { Some(input.witness) }) | ||
| .collect(); |
| } | ||
| } else { | ||
| return Err(APIError::APIMisuseError { | ||
| pub fn funding_transaction_signed( |
There was a problem hiding this comment.
This change could be squashed to the first commit
| // TODO(dual_funding): Check sig for sighash | ||
| } | ||
| #[cfg(splicing)] | ||
| fn is_splicing(&self) -> bool { |
| }, | ||
| _ => return Err(APIError::APIMisuseError { err: format!("The scriptPubKey of the previous output for input at index {input_idx} for a P2TR key path spend is invalid") }), | ||
| }.map_err(|_| APIError::APIMisuseError { err: format!("The scriptPubKey of the previous output for input at index {input_idx} for a P2TR key path spend has an invalid public key") })?; | ||
| let sig = bitcoin::taproot::Signature::from_slice(&witness[0]).map_err(|_| APIError::APIMisuseError { err: format!("The witness for input at index {input_idx} for a P2TR key path spend has an invalid signature") })?; |
There was a problem hiding this comment.
rustfmt doesn't like inlined macro calls like this, it basically won't format any of it. Here's a diff where I fixed all of them:
diff --git a/lightning/src/ln/interactivetxs.rs b/lightning/src/ln/interactivetxs.rs
index 35a15cea0..ed38b9667 100644
--- a/lightning/src/ln/interactivetxs.rs
+++ b/lightning/src/ln/interactivetxs.rs
@@ -550,9 +550,8 @@ impl InteractiveTxSigningSession {
'inputs: for ((input_idx, input), witness) in script_pubkeys.zip(witnesses) {
if witness.is_empty() {
- return Err(APIError::APIMisuseError {
- err: format!("The witness for input at index {input_idx} is empty",),
- });
+ let err = format!("The witness for input at index {input_idx} is empty");
+ return Err(APIError::APIMisuseError { err });
}
let prev_output = input.prev_output();
@@ -561,22 +560,24 @@ impl InteractiveTxSigningSession {
// P2WPKH
if script_pubkey.is_p2wpkh() {
if witness.len() != 2 {
- return Err(APIError::APIMisuseError {
- err: format!(
- "The witness for input at index {input_idx} does not have the correct number of elements for a P2WPKH spend. Expected 2 got {}",
- witness.len()
- ),
- });
+ let err = format!("The witness for input at index {input_idx} does not have the correct number of elements for a P2WPKH spend. Expected 2 got {}", witness.len());
+ return Err(APIError::APIMisuseError { err });
}
let pubkey = PublicKey::from_slice(&witness[1]).map_err(|_| {
- APIError::APIMisuseError { err:
- format!("The witness for input at index {input_idx} contains an invalid ECDSA public key") }
+ let err = format!("The witness for input at index {input_idx} contains an invalid ECDSA public key");
+ APIError::APIMisuseError { err }
})?;
- let sig = bitcoin::ecdsa::Signature::from_slice(&witness[0]).map_err(|_| APIError::APIMisuseError { err: format!("The witness for input at index {input_idx} contains an invalid signature") })?;
+
+ let sig =
+ bitcoin::ecdsa::Signature::from_slice(&witness[0]).map_err(|_| {
+ let err = format!("The witness for input at index {input_idx} contains an invalid signature");
+ APIError::APIMisuseError { err }
+ })?;
if !matches!(sig.sighash_type, EcdsaSighashType::All) {
- return Err(APIError::APIMisuseError { err:
- format!("Signature does not use SIGHASH_ALL for input at index {input_idx} for P2WPKH spend") });
+ let err = format!("Signature does not use SIGHASH_ALL for input at index {input_idx} for P2WPKH spend");
+ return Err(APIError::APIMisuseError { err });
}
+
let sighash = cache
.p2wpkh_signature_hash(
input_idx,
@@ -593,9 +594,10 @@ impl InteractiveTxSigningSession {
let msg = Message::from_digest_slice(&sighash[..])
.expect("Sighash is a SHA256 which is 32 bytes long");
secp_ctx.verify_ecdsa(&msg, &sig.signature, &pubkey).map_err(|_| {
- APIError::APIMisuseError { err:
- format!("Failed signature verification for input at index {input_idx} for P2WPKH spend") }
+ let err = format!("Failed signature verification for input at index {input_idx} for P2WPKH spend");
+ APIError::APIMisuseError { err }
})?;
+
continue 'inputs;
}
@@ -605,13 +607,24 @@ impl InteractiveTxSigningSession {
Some(Ok(bitcoin::script::Instruction::PushBytes(push_bytes))) => {
XOnlyPublicKey::from_slice(push_bytes.as_bytes())
},
- _ => return Err(APIError::APIMisuseError { err: format!("The scriptPubKey of the previous output for input at index {input_idx} for a P2TR key path spend is invalid") }),
- }.map_err(|_| APIError::APIMisuseError { err: format!("The scriptPubKey of the previous output for input at index {input_idx} for a P2TR key path spend has an invalid public key") })?;
- let sig = bitcoin::taproot::Signature::from_slice(&witness[0]).map_err(|_| APIError::APIMisuseError { err: format!("The witness for input at index {input_idx} for a P2TR key path spend has an invalid signature") })?;
+ _ => {
+ let err = format!("The scriptPubKey of the previous output for input at index {input_idx} for a P2TR key path spend is invalid");
+ return Err(APIError::APIMisuseError { err })
+ },
+ }.map_err(|_| {
+ let err = format!("The scriptPubKey of the previous output for input at index {input_idx} for a P2TR key path spend has an invalid public key");
+ APIError::APIMisuseError { err }
+ })?;
+
+ let sig = bitcoin::taproot::Signature::from_slice(&witness[0]).map_err(|_| {
+ let err = format!("The witness for input at index {input_idx} for a P2TR key path spend has an invalid signature");
+ APIError::APIMisuseError { err }
+ })?;
if !matches!(sig.sighash_type, TapSighashType::Default | TapSighashType::All) {
- return Err(APIError::APIMisuseError { err:
- format!("Signature does not use SIGHASH_DEFAULT or SIGHASH_ALL for input at index {input_idx} for P2TR key path spend") });
+ let err = format!("Signature does not use SIGHASH_DEFAULT or SIGHASH_ALL for input at index {input_idx} for P2TR key path spend");
+ return Err(APIError::APIMisuseError { err });
}
+
let sighash = cache
.taproot_key_spend_signature_hash(input_idx, &all_prevouts, sig.sighash_type)
.map_err(|_| {
@@ -623,8 +636,10 @@ impl InteractiveTxSigningSession {
let msg = Message::from_digest_slice(&sighash[..])
.expect("Sighash is a SHA256 which is 32 bytes long");
secp_ctx.verify_schnorr(&sig.signature, &msg, &pubkey).map_err(|_| {
- APIError::APIMisuseError { err: format!("Failed signature verification for input at index {input_idx} for P2TR key path spend") }
- })?;
+ let err = format!("Failed signature verification for input at index {input_idx} for P2TR key path spend");
+ APIError::APIMisuseError { err }
+ })?;
+
continue 'inputs;
}
@@ -641,11 +656,8 @@ impl InteractiveTxSigningSession {
continue 'elements;
}
- return Err(APIError::APIMisuseError {
- err: format!(
- "An ECDSA signature in the witness for input {input_idx} does not use SIGHASH_ALL"
- ),
- });
+ let err = format!("An ECDSA signature in the witness for input {input_idx} does not use SIGHASH_ALL");
+ return Err(APIError::APIMisuseError { err });
},
_ => continue 'elements,
}
@@ -667,10 +679,8 @@ impl InteractiveTxSigningSession {
continue 'elements;
}
- return Err(APIError::APIMisuseError {
- err:
- format!("A (likely) Schnorr signature in the witness for input {input_idx} does not use SIGHASH_DEFAULT or SIGHASH_ALL")
- });
+ let err = format!("A (likely) Schnorr signature in the witness for input {input_idx} does not use SIGHASH_DEFAULT or SIGHASH_ALL");
+ return Err(APIError::APIMisuseError { err });
},
_ => continue 'elements,
}
@@ -682,12 +692,12 @@ impl InteractiveTxSigningSession {
false,
"We don't allow contributing inputs that are not spending P2WPKH, P2WSH, or P2TR"
);
- return Err(APIError::APIMisuseError {
- err: format!(
- "Input at index {input_idx} does not spend from one of P2WPKH, P2WSH, or P2TR"
- ),
- });
+ let err = format!(
+ "Input at index {input_idx} does not spend from one of P2WPKH, P2WSH, or P2TR"
+ );
+ return Err(APIError::APIMisuseError { err });
}
+
Ok(())
}
}
| "Provided witness count of {} does not match required count for {} inputs", | ||
| witnesses.len(), | ||
| local_inputs_count | ||
| )); | ||
| } | ||
|
|
||
| self.unsigned_tx.add_local_witnesses(witnesses.clone()); | ||
| self.holder_tx_signatures = Some(TxSignatures { |
There was a problem hiding this comment.
Maybe also error if they've already been provided?
| /// After signing, call [`ChannelManager::funding_transaction_signed`] with the (partially) signed | ||
| /// funding transaction. | ||
| /// | ||
| /// Generated in [`ChannelManager`] message handling. |
Cherry-picked from #3735 as it is relevant to splicing and will unblock testing after #3736 lands.
The
FundingTransactionReadyForSignaturesevent requests witnesses from the client for their contributed inputs to an interactively constructed transaction.The client calls
ChannelManager::funding_transaction_signedto provide the witnesses to LDK.