Introduce FundingTransactionReadyForSignatures event
#3889
Conversation
|
👋 Thanks for assigning @jkczyz as a reviewer! |
| let witnesses: Vec<_> = transaction | ||
| .input | ||
| .into_iter() | ||
| .filter_map(|input| if input.witness.is_empty() { None } else { Some(input.witness) }) | ||
| .collect(); |
There was a problem hiding this comment.
Don't have a strong opinion here, but seems we can avoid this by passing the Transaction through and only collecting witnesses when we are ready to construct TxSignatures.
There was a problem hiding this comment.
Cool, yeah will look at changing this after fixups.
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
165d59d to
8ca6d79
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3889 +/- ##
==========================================
- Coverage 88.88% 88.82% -0.07%
==========================================
Files 165 165
Lines 118886 118971 +85
Branches 118886 118971 +85
==========================================
Hits 105676 105676
- Misses 10892 10976 +84
- Partials 2318 2319 +1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
1 similar comment
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
890633d to
a1de384
Compare
|
🔔 2nd Reminder Hey @wpaulino! This PR has been waiting for your review. |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
7df5779 to
c8f981c
Compare
|
🔔 3rd Reminder Hey @wpaulino! This PR has been waiting for your review. |
Yeah, they got lost on a rebase and somehow lost the commit. Rebased to get the one CI fix in. Fixing. |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
c15f426 to
ff1489d
Compare
|
🔔 4th Reminder Hey @wpaulino! This PR has been waiting for your review. |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
ff1489d to
0a586e6
Compare
|
🔔 5th Reminder Hey @wpaulino! This PR has been waiting for your review. |
|
🔔 6th Reminder Hey @wpaulino! This PR has been waiting for your review. |
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
a9e1a3a to
83e78d6
Compare
The `FundingTransactionReadyForSignatures` event requests witnesses from the client for their contributed inputs to an interactively constructed transaction. The client calls `ChannelManager::funding_transaction_signed` to provide the witnesses to LDK.
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
1ab3286 to
b161cba
Compare
lightning/src/ln/channel.rs
Outdated
| @@ -7605,6 +7586,188 @@ where | |||
| } | |||
| } | |||
|
|
|||
| fn verify_interactive_tx_signatures( | |||
There was a problem hiding this comment.
Needs some clean up and tests but pushed it for some review.
There was a problem hiding this comment.
Is test coverage for this actually feasible yet?
lightning/src/ln/channel.rs
Outdated
| @@ -1840,15 +1840,15 @@ where | |||
| let res = if has_negotiated_pending_splice && !session_received_commitment_signed { | |||
| funded_channel | |||
| .splice_initial_commitment_signed(msg, logger) | |||
| .map(|monitor_update_opt| (None, monitor_update_opt)) | |||
| .map(|monitor_update_opt| (None, monitor_update_opt, None)) | |||
There was a problem hiding this comment.
We will also need to return the unsigned transaction here for splices.
There was a problem hiding this comment.
Shall we defer this to a splice PR? I'm not 100% sure of the specifics in splice_initial_commitment_signed().
lightning/src/ln/channelmanager.rs
Outdated
| if let Some(unsigned_transaction) = funding_tx_opt { | ||
| let mut pending_events = self.pending_events.lock().unwrap(); | ||
| pending_events.push_back(( | ||
| Event::FundingTransactionReadyForSigning { |
There was a problem hiding this comment.
I think we'll also need to generate this on reestablish when we have already received commitment_signed but not tx_signatures.
There was a problem hiding this comment.
Working on this still.
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
b161cba to
4dde88e
Compare
lightning/src/ln/channel.rs
Outdated
| @@ -1840,15 +1840,15 @@ where | |||
| let res = if has_negotiated_pending_splice && !session_received_commitment_signed { | |||
| funded_channel | |||
| .splice_initial_commitment_signed(msg, logger) | |||
| .map(|monitor_update_opt| (None, monitor_update_opt)) | |||
| .map(|monitor_update_opt| (None, monitor_update_opt, None)) | |||
There was a problem hiding this comment.
Shall we defer this to a splice PR? I'm not 100% sure of the specifics in splice_initial_commitment_signed().
lightning/src/ln/channelmanager.rs
Outdated
| if let Some(unsigned_transaction) = funding_tx_opt { | ||
| let mut pending_events = self.pending_events.lock().unwrap(); | ||
| pending_events.push_back(( | ||
| Event::FundingTransactionReadyForSigning { |
There was a problem hiding this comment.
Working on this still.
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
2 times, most recently
from
58b5381 to
50e7cf4
Compare
lightning/src/ln/channel.rs
Outdated
| @@ -7605,6 +7586,188 @@ where | |||
| } | |||
| } | |||
|
|
|||
| fn verify_interactive_tx_signatures( | |||
There was a problem hiding this comment.
Is test coverage for this actually feasible yet?
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
50e7cf4 to
ca2d5e0
Compare
The `handle_channel_resumption` method handles resumption from both a channel re-establish and a monitor update. When the corresponding monitor update for the commitment_signed message completes, we will push the event here. We can thus only ever provide holder signatures after a monitor update has completed. We can also get rid of the reestablish code involved with `monitor_pending_tx_signatures` and remove that field too.
The return type of commitment_signed() started groing into a really long and unwieldy tuple. We introduce a dedicated enum return type for it here.
…hecks In a following commit, We'll use the contained scriptPubKeys to validate P2WPKH and P2TR key path spends and to assist in checking that signatures in provided holder witnesses use SIGHASH_ALL to prevent funds being frozen or held ransom.
LDK checks the following: * Each input spends an output that is one of P2WPKH, P2WSH, or P2TR. These were already checked by LDK when the inputs to be contributed were provided. * All signatures use the `SIGHASH_ALL` sighash type. * P2WPKH and P2TR key path spends are valid (verifies signatures) NOTE: * When checking P2WSH spends, LDK tries to decode 70-72 byte witness elements as ECDSA signatures with a sighash flag. If the internal DER-decoding fails, then LDK just assumes it wasn't a signature and carries with checks. If the element can be decoded as an ECDSA signature, the the sighash flag must be `SIGHASH_ALL`. * When checking P2TR script-path spends, LDK assumes all elements of exactly 65 bytes with the last byte matching any valid sighash flag byte are schnorr signatures and checks that the sighash type is `SIGHASH_ALL`. If the last byte is not any valid sighash flag, the element is assumed not to be a signature and is ignored. Elements of 64 bytes are not checked because if they were schnorr signatures then they would implicitly be `SIGHASH_DEFAULT` which is an alias of `SIGHASH_ALL`.
dunxen
force-pushed
the
2025-06-readyforsigningevent
branch
from
ca2d5e0 to
b45913a
Compare
| @@ -460,7 +465,11 @@ impl InteractiveTxSigningSession { | |||
| shared_input_signature: None, | |||
| }); | |||
|
|
|||
| Ok(()) | |||
| if self.holder_sends_tx_signatures_first && self.has_received_commitment_signed { | |||
There was a problem hiding this comment.
Nit: there's an unnecessary into_iter().collect() a few lines above
| // We only exhange the initial `commitment_signed` after the client calls | ||
| // `ChannelManager::funding_transaction_signed` and ALWAYS before we send a `tx_signatures` | ||
| // We never write out FundingTransactionReadyForSigning events as they will be regenerated when | ||
| // necessary. |
There was a problem hiding this comment.
Nit: I would just squash this commit (1c6c08f) with the previous
| @@ -8435,41 +8412,14 @@ where | |||
| update_fee: None, | |||
| }) | |||
| } else { None }; | |||
| // TODO(dual_funding): For async signing support we need to hold back `tx_signatures` until the `commitment_signed` is ready. | |||
There was a problem hiding this comment.
This TODO is still relevant, it just has to be tracked in handle_channel_resumption now
| let tx_signatures = if ( | ||
| // if it has not received tx_signatures for that funding transaction AND | ||
| // if it has already received commitment_signed AND it should sign first, as specified in the tx_signatures requirements: | ||
| // MUST send its tx_signatures for that funding transaction. | ||
| !self.context.channel_state.is_their_tx_signatures_sent() && session.has_received_commitment_signed() && session.holder_sends_tx_signatures_first() | ||
| // else if it has already received tx_signatures for that funding transaction: | ||
| // MUST send its tx_signatures for that funding transaction. | ||
| ) || self.context.channel_state.is_their_tx_signatures_sent() { |
There was a problem hiding this comment.
We still have to send the message in these cases if it's ready
| user_channel_id: channel.context.get_user_id(), | ||
| }, None)); | ||
| } else if signing_session.local_inputs_count() == 0 { | ||
| pending_msg_events.push(MessageSendEvent::SendTxSignatures { node_id: counterparty_node_id, msg: msgs::TxSignatures { channel_id: channel.context.channel_id(), tx_hash: signing_session.unsigned_tx().compute_txid(), witnesses: vec![], shared_input_signature: None } }); |
There was a problem hiding this comment.
We probably shouldn't send the message here, and should rely on either sending it after receiving a tx_signatures, sending it first as a result of funding_transaction_signed, or re-sending it on reestablish.
| @@ -130,8 +130,10 @@ use crate::util::ser::{ | |||
| }; | |||
| use crate::util::wakers::{Future, Notifier}; | |||
|
|
|||
| use super::channel::CommitmentSignedResult; | |||
There was a problem hiding this comment.
Nit: group with the other channel imports
| #[cfg(splicing)] | ||
| let is_monitor_update_in_progress = self.is_awaiting_initial_mon_persist() | ||
| || self.is_splicing() | ||
| && self.context.channel_state.is_monitor_update_in_progress(); | ||
| #[cfg(not(splicing))] | ||
| let is_monitor_update_in_progress = self.is_awaiting_initial_mon_persist(); | ||
|
|
||
| if is_monitor_update_in_progress { |
There was a problem hiding this comment.
Unreachable now as the event is guaranteed to be generated after the monitor persistence completes
Cherry-picked from #3735 as it is relevant to splicing and will unblock testing after #3736 lands.
The
FundingTransactionReadyForSignaturesevent requests witnesses from the client for their contributed inputs to an interactively constructed transaction.The client calls
ChannelManager::funding_transaction_signedto provide the witnesses to LDK.