Skip to content

Add commit_upfront_shutdown_pubkey to ChannelHandshakeConfig #1270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Add commit_upfront_shutdown_pubkey to ChannelHandshakeConfig #1270

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions lightning/src/ln/chanmon_update_fail_tests.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2461,7 +2461,7 @@ fn test_temporary_error_during_shutdown() {
// Test that temporary failures when updating the monitor's shutdown script delay cooperative
// close.
let mut config = test_default_channel_config();
config.channel_options.commit_upfront_shutdown_pubkey = false;
config.own_channel_config.commit_upfront_shutdown_pubkey = false;

let chanmon_cfgs = create_chanmon_cfgs(2);
let node_cfgs = create_node_cfgs(2, &chanmon_cfgs);
Expand Down Expand Up @@ -2516,7 +2516,7 @@ fn test_permanent_error_during_sending_shutdown() {
// Test that permanent failures when updating the monitor's shutdown script result in a force
// close when initiating a cooperative close.
let mut config = test_default_channel_config();
config.channel_options.commit_upfront_shutdown_pubkey = false;
config.own_channel_config.commit_upfront_shutdown_pubkey = false;

let chanmon_cfgs = create_chanmon_cfgs(2);
let node_cfgs = create_node_cfgs(2, &chanmon_cfgs);
Expand All @@ -2537,7 +2537,7 @@ fn test_permanent_error_during_handling_shutdown() {
// Test that permanent failures when updating the monitor's shutdown script result in a force
// close when handling a cooperative close.
let mut config = test_default_channel_config();
config.channel_options.commit_upfront_shutdown_pubkey = false;
config.own_channel_config.commit_upfront_shutdown_pubkey = false;

let chanmon_cfgs = create_chanmon_cfgs(2);
let node_cfgs = create_node_cfgs(2, &chanmon_cfgs);
Expand Down
33 changes: 28 additions & 5 deletions lightning/src/ln/channel.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -425,6 +425,7 @@ pub(super) struct Channel<Signer: Sign> {
pub(crate) config: ChannelConfig,
#[cfg(not(any(test, feature = "_test_utils")))]
config: ChannelConfig,
commit_upfront_shutdown_pubkey: bool,

user_id: u64,

Expand Down Expand Up @@ -751,7 +752,7 @@ impl<Signer: Sign> Channel<Signer> {
let mut secp_ctx = Secp256k1::new();
secp_ctx.seeded_randomize(&keys_provider.get_secure_random_bytes());

let shutdown_scriptpubkey = if config.channel_options.commit_upfront_shutdown_pubkey {
let shutdown_scriptpubkey = if config.own_channel_config.commit_upfront_shutdown_pubkey {
Some(keys_provider.get_shutdown_scriptpubkey())
} else { None };

Expand All @@ -764,6 +765,7 @@ impl<Signer: Sign> Channel<Signer> {
Ok(Channel {
user_id,
config: config.channel_options.clone(),
commit_upfront_shutdown_pubkey: config.own_channel_config.commit_upfront_shutdown_pubkey.clone(),

channel_id: keys_provider.get_secure_random_bytes(),
channel_state: ChannelState::OurInitSent as u32,
Expand Down Expand Up @@ -1046,7 +1048,7 @@ impl<Signer: Sign> Channel<Signer> {
}
} else { None };

let shutdown_scriptpubkey = if config.channel_options.commit_upfront_shutdown_pubkey {
let shutdown_scriptpubkey = if config.own_channel_config.commit_upfront_shutdown_pubkey {
Some(keys_provider.get_shutdown_scriptpubkey())
} else { None };

Expand All @@ -1061,8 +1063,9 @@ impl<Signer: Sign> Channel<Signer> {

let chan = Channel {
user_id,
config: local_config,

config: local_config,
commit_upfront_shutdown_pubkey: config.own_channel_config.commit_upfront_shutdown_pubkey,
channel_id: msg.temporary_channel_id,
channel_state: (ChannelState::OurInitSent as u32) | (ChannelState::TheirInitSent as u32),
secp_ctx,
Expand Down Expand Up @@ -5191,7 +5194,7 @@ impl<Signer: Sign> Writeable for Channel<Signer> {
self.config.forwarding_fee_proportional_millionths.write(writer)?;
self.config.cltv_expiry_delta.write(writer)?;
self.config.announced_channel.write(writer)?;
self.config.commit_upfront_shutdown_pubkey.write(writer)?;
self.commit_upfront_shutdown_pubkey.write(writer)?;

self.channel_id.write(writer)?;
(self.channel_state | ChannelState::PeerDisconnected as u32).write(writer)?;
Expand Down Expand Up @@ -5434,6 +5437,7 @@ impl<Signer: Sign> Writeable for Channel<Signer> {
(9, self.target_closing_feerate_sats_per_kw, option),
(11, self.monitor_pending_finalized_fulfills, vec_type),
(13, self.channel_creation_height, required),
(15, self.commit_upfront_shutdown_pubkey, required),
});

Ok(())
Expand All @@ -5455,7 +5459,7 @@ impl<'a, Signer: Sign, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<Signer>
config.as_mut().unwrap().forwarding_fee_proportional_millionths = Readable::read(reader)?;
config.as_mut().unwrap().cltv_expiry_delta = Readable::read(reader)?;
config.as_mut().unwrap().announced_channel = Readable::read(reader)?;
config.as_mut().unwrap().commit_upfront_shutdown_pubkey = Readable::read(reader)?;
config.as_mut().unwrap().commit_upfront_shutdown_pubkey = Some(Readable::read(reader)?);
} else {
// Read the 8 bytes of backwards-compatibility ChannelConfig data.
let mut _val: u64 = Readable::read(reader)?;
Expand Down Expand Up @@ -5675,6 +5679,7 @@ impl<'a, Signer: Sign, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<Signer>
// only, so we default to that if none was written.
let mut channel_type = Some(ChannelTypeFeatures::only_static_remote_key());
let mut channel_creation_height = Some(serialized_height);
let mut commit_upfront_shutdown_pubkey = None;
read_tlv_fields!(reader, {
(0, announcement_sigs, option),
(1, minimum_depth, option),
Expand All @@ -5687,6 +5692,7 @@ impl<'a, Signer: Sign, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<Signer>
(9, target_closing_feerate_sats_per_kw, option),
(11, monitor_pending_finalized_fulfills, vec_type),
(13, channel_creation_height, option),
(15, commit_upfront_shutdown_pubkey, option),
});

let chan_features = channel_type.as_ref().unwrap();
Expand All @@ -5701,13 +5707,30 @@ impl<'a, Signer: Sign, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<Signer>
return Err(DecodeError::InvalidValue);
}

if commit_upfront_shutdown_pubkey.is_none() {
// commit_upfront_shutdown_pubkey has moved around a good bit, in version 1
// serialization, it was written out as a part of the explicit field list of the
// `ChannelConfig`. Then, it was written out as a field in the `ChannelConfig` itself.
// Now, it is written out explicitly as its own TLV (as the field has moved to
// `ChannelHandshakeConfig`).
// Thus, if its not in a TLV, we here pull it from the `ChannelConfig`, and if we can't
// find it at all, fail.
let legacy_commit_upfront_shutdown_pubkey = config.as_ref().unwrap().commit_upfront_shutdown_pubkey;
if let Some(val) = legacy_commit_upfront_shutdown_pubkey {
commit_upfront_shutdown_pubkey = Some(val);
} else {
return Err(DecodeError::InvalidValue);
}
}

let mut secp_ctx = Secp256k1::new();
secp_ctx.seeded_randomize(&keys_source.get_secure_random_bytes());

Ok(Channel {
user_id,

config: config.unwrap(),
commit_upfront_shutdown_pubkey: commit_upfront_shutdown_pubkey.unwrap(),
channel_id,
channel_state,
secp_ctx,
Expand Down
10 changes: 5 additions & 5 deletions lightning/src/ln/shutdown_tests.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -404,7 +404,7 @@ fn test_upfront_shutdown_script() {
let mut config = UserConfig::default();
config.channel_options.announced_channel = true;
config.peer_channel_config_limits.force_announced_channel_preference = false;
config.channel_options.commit_upfront_shutdown_pubkey = false;
config.own_channel_config.commit_upfront_shutdown_pubkey = false;
let user_cfgs = [None, Some(config), None];
let chanmon_cfgs = create_chanmon_cfgs(3);
let node_cfgs = create_node_cfgs(3, &chanmon_cfgs);
Expand Down Expand Up @@ -569,7 +569,7 @@ fn test_segwit_v0_shutdown_script() {
let mut config = UserConfig::default();
config.channel_options.announced_channel = true;
config.peer_channel_config_limits.force_announced_channel_preference = false;
config.channel_options.commit_upfront_shutdown_pubkey = false;
config.own_channel_config.commit_upfront_shutdown_pubkey = false;
let user_cfgs = [None, Some(config), None];
let chanmon_cfgs = create_chanmon_cfgs(3);
let node_cfgs = create_node_cfgs(3, &chanmon_cfgs);
Expand Down Expand Up @@ -604,7 +604,7 @@ fn test_anysegwit_shutdown_script() {
let mut config = UserConfig::default();
config.channel_options.announced_channel = true;
config.peer_channel_config_limits.force_announced_channel_preference = false;
config.channel_options.commit_upfront_shutdown_pubkey = false;
config.own_channel_config.commit_upfront_shutdown_pubkey = false;
let user_cfgs = [None, Some(config), None];
let chanmon_cfgs = create_chanmon_cfgs(3);
let node_cfgs = create_node_cfgs(3, &chanmon_cfgs);
Expand Down Expand Up @@ -639,7 +639,7 @@ fn test_unsupported_anysegwit_shutdown_script() {
let mut config = UserConfig::default();
config.channel_options.announced_channel = true;
config.peer_channel_config_limits.force_announced_channel_preference = false;
config.channel_options.commit_upfront_shutdown_pubkey = false;
config.own_channel_config.commit_upfront_shutdown_pubkey = false;
let user_cfgs = [None, Some(config), None];
let chanmon_cfgs = create_chanmon_cfgs(3);
let mut node_cfgs = create_node_cfgs(3, &chanmon_cfgs);
Expand Down Expand Up @@ -681,7 +681,7 @@ fn test_invalid_shutdown_script() {
let mut config = UserConfig::default();
config.channel_options.announced_channel = true;
config.peer_channel_config_limits.force_announced_channel_preference = false;
config.channel_options.commit_upfront_shutdown_pubkey = false;
config.own_channel_config.commit_upfront_shutdown_pubkey = false;
let user_cfgs = [None, Some(config), None];
let chanmon_cfgs = create_chanmon_cfgs(3);
let node_cfgs = create_node_cfgs(3, &chanmon_cfgs);
Expand Down
33 changes: 19 additions & 14 deletions lightning/src/util/config.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,20 @@ pub struct ChannelHandshakeConfig {
/// Default value: 1. If the value is less than 1, it is ignored and set to 1, as is required
/// by the protocol.
pub our_htlc_minimum_msat: u64,
/// When set, we commit to an upfront shutdown_pubkey at channel open. If our counterparty
/// supports it, they will then enforce the mutual-close output to us matches what we provided
/// at intialization, preventing us from closing to an alternate pubkey.
///
/// This is set to true by default to provide a slight increase in security, though ultimately
/// any attacker who is able to take control of a channel can just as easily send the funds via
/// lightning payments, so we never require that our counterparties support this option.
///
/// This cannot be changed after a channel has been initialized.
///
/// The upfront key committed is provided from [`KeysInterface::get_shutdown_pubkey`]
///
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can add "The upfront key committed is provided from [KeysInterface::get_shutdown_pubkey]".

/// Default value: true.
pub commit_upfront_shutdown_pubkey: bool
}

impl Default for ChannelHandshakeConfig {
Expand All @@ -55,6 +69,7 @@ impl Default for ChannelHandshakeConfig {
minimum_depth: 6,
our_to_self_delay: BREAKDOWN_TIMEOUT,
our_htlc_minimum_msat: 1,
commit_upfront_shutdown_pubkey: true
}
}
}
Expand Down Expand Up @@ -195,18 +210,8 @@ pub struct ChannelConfig {
///
/// Default value: false.
pub announced_channel: bool,
/// When set, we commit to an upfront shutdown_pubkey at channel open. If our counterparty
/// supports it, they will then enforce the mutual-close output to us matches what we provided
/// at intialization, preventing us from closing to an alternate pubkey.
///
/// This is set to true by default to provide a slight increase in security, though ultimately
/// any attacker who is able to take control of a channel can just as easily send the funds via
/// lightning payments, so we never require that our counterparties support this option.
///
/// This cannot be changed after a channel has been initialized.
///
/// Default value: true.
pub commit_upfront_shutdown_pubkey: bool,
/// This value is moved to ChannelHandshakeConfig, optional here for old serialiization
pub(crate) commit_upfront_shutdown_pubkey: Option<bool>,
/// Limit our total exposure to in-flight HTLCs which are burned to fees as they are too
/// small to claim on-chain.
///
Expand Down Expand Up @@ -256,7 +261,7 @@ impl Default for ChannelConfig {
forwarding_fee_base_msat: 1000,
cltv_expiry_delta: 6 * 12, // 6 blocks/hour * 12 hours
announced_channel: false,
commit_upfront_shutdown_pubkey: true,
commit_upfront_shutdown_pubkey: None,
max_dust_htlc_exposure_msat: 5_000_000,
force_close_avoidance_max_fee_satoshis: 1000,
}
Expand All @@ -269,7 +274,7 @@ impl_writeable_tlv_based!(ChannelConfig, {
(2, cltv_expiry_delta, required),
(3, force_close_avoidance_max_fee_satoshis, (default_value, 1000)),
(4, announced_channel, required),
(6, commit_upfront_shutdown_pubkey, required),
(6, commit_upfront_shutdown_pubkey, option),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, this presents a backwards-compatibility concern - one thing we explicitly support in LDK is for users to downgrade (at least a version or two) and still be able to open objects serialized with the newest version. Here, if a user did that, they'd fail to read the ChannelConfig because the value went from always present (and required) to defaulting to None. We can paper over this, though, by always defaulting to creating commit_upfront_shutdown_pubkey and setting it to Some(...) but then setting the "correct" value on the write side of channel to ensure old versions read the current/new value.

(8, forwarding_fee_base_msat, required),
});

Expand Down