Generate ClaimEvent for HolderHTLCOutput inputs from anchor channels

Author: wpaulino

lightning/src/chain/channelmonitor.rs

@@ -2378,6 +2378,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 						pending_htlcs,
 					}));
 				},
+				_ => {},
 			}
 		}
 		ret

lightning/src/chain/onchaintx.rs

@@ -18,13 +18,15 @@ use bitcoin::blockdata::script::Script;
 
 use bitcoin::hash_types::{Txid, BlockHash};
 
+#[cfg(anchors)]
+use bitcoin::secp256k1::PublicKey;
 use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature};
 use bitcoin::secp256k1;
 
 use crate::ln::msgs::DecodeError;
 use crate::ln::PaymentPreimage;
 #[cfg(anchors)]
-use crate::ln::chan_utils;
+use crate::ln::chan_utils::{self, HTLCOutputInCommitment};
 use crate::ln::chan_utils::{ChannelTransactionParameters, HolderCommitmentTransaction};
 #[cfg(anchors)]
 use crate::chain::chaininterface::ConfirmationTarget;
@@ -174,6 +176,17 @@ impl Writeable for Option<Vec<Option<(usize, Signature)>>> {
 	}
 }
 
+#[cfg(anchors)]
+/// The claim commonly referred to as the pre-signed second-stage HTLC transaction.
+pub(crate) struct ExternalHTLCClaim {
+	pub(crate) per_commitment_number: u64,
+	pub(crate) htlc: HTLCOutputInCommitment,
+	pub(crate) preimage: Option<PaymentPreimage>,
+	pub(crate) counterparty_base_htlc_key: PublicKey,
+	pub(crate) counterparty_base_revocation_key: PublicKey,
+	pub(crate) counterparty_sig: Signature,
+}
+
 // Represents the different types of claims for which events are yielded externally to satisfy said
 // claims.
 #[cfg(anchors)]
@@ -185,6 +198,11 @@ pub(crate) enum ClaimEvent {
 		commitment_tx: Transaction,
 		anchor_output_idx: u32,
 	},
+	BumpHTLC {
+		target_feerate_sat_per_1000_weight: u32,
+		tx_template: Transaction,
+		htlcs: Vec<ExternalHTLCClaim>,
+	},
 }
 
 /// Represents the different ways an output can be claimed (i.e., spent to an address under our
@@ -476,15 +494,34 @@ impl<ChannelSigner: Sign> OnchainTxHandler<ChannelSigner> {
 		// didn't receive confirmation of it before, or not enough reorg-safe depth on top of it).
 		let new_timer = Some(cached_request.get_height_timer(cur_height));
 		if cached_request.is_malleable() {
+			#[cfg(anchors)]
+			{ // Attributes are not allowed on if expressions on our current MSRV of 1.41.
+				if cached_request.requires_external_funding() {
+					let target_feerate_sat_per_1000_weight = cached_request
+						.compute_package_feerate(fee_estimator, ConfirmationTarget::HighPriority);
+					let (tx_template, htlcs) = cached_request.construct_malleable_package_with_external_funding(self);
+					return Some((
+						new_timer,
+						target_feerate_sat_per_1000_weight as u64,
+						OnchainClaim::Event(ClaimEvent::BumpHTLC {
+							target_feerate_sat_per_1000_weight,
+							tx_template,
+							htlcs,
+						}),
+					));
+				}
+			}
+
 			let predicted_weight = cached_request.package_weight(&self.destination_script);
-			if let Some((output_value, new_feerate)) =
-					cached_request.compute_package_output(predicted_weight, self.destination_script.dust_value().to_sat(), fee_estimator, logger) {
+			if let Some((output_value, new_feerate)) = cached_request.compute_package_output(
+				predicted_weight, self.destination_script.dust_value().to_sat(), fee_estimator, logger,
+			) {
 				assert!(new_feerate != 0);
 
 				let transaction = cached_request.finalize_malleable_package(self, output_value, self.destination_script.clone(), logger).unwrap();
 				log_trace!(logger, "...with timer {} and feerate {}", new_timer.unwrap(), new_feerate);
 				assert!(predicted_weight >= transaction.weight());
-				return Some((new_timer, new_feerate, OnchainClaim::Tx(transaction)))
+				return Some((new_timer, new_feerate, OnchainClaim::Tx(transaction)));
 			}
 		} else {
 			// Untractable packages cannot have their fees bumped through Replace-By-Fee. Some
@@ -540,7 +577,7 @@ impl<ChannelSigner: Sign> OnchainTxHandler<ChannelSigner> {
 					debug_assert!(false, "Only HolderFundingOutput inputs should be untractable and require external funding");
 					None
 				},
-			});
+			})
 		}
 		None
 	}
@@ -630,6 +667,7 @@ impl<ChannelSigner: Sign> OnchainTxHandler<ChannelSigner> {
 						log_info!(logger, "Yielding onchain event to spend inputs {:?}", req.outpoints());
 						let txid = match claim_event {
 							ClaimEvent::BumpCommitment { ref commitment_tx, .. } => commitment_tx.txid(),
+							ClaimEvent::BumpHTLC { ref tx_template, .. } => tx_template.txid(),
 						};
 						self.pending_claim_events.insert(txid, claim_event);
 						txid
@@ -673,14 +711,33 @@ impl<ChannelSigner: Sign> OnchainTxHandler<ChannelSigner> {
 						// outpoints to know if transaction is the original claim or a bumped one issued
 						// by us.
 						let mut set_equality = true;
-						if request.outpoints().len() != tx.input.len() {
-							set_equality = false;
+						if !request.requires_external_funding() ||
+							(request.requires_external_funding() && !request.is_malleable())
+						{
+							// If the claim does not require external funds to be allocated through
+							// additional inputs we can simply check the inputs in order as they
+							// cannot change under us.
+							if request.outpoints().len() != tx.input.len() {
+								set_equality = false;
+							} else {
+								for (claim_inp, tx_inp) in request.outpoints().iter().zip(tx.input.iter()) {
+									if **claim_inp != tx_inp.previous_output {
+										set_equality = false;
+									}
+								}
+							}
 						} else {
-							for (claim_inp, tx_inp) in request.outpoints().iter().zip(tx.input.iter()) {
-								if **claim_inp != tx_inp.previous_output {
-									set_equality = false;
+							// Otherwise, we'll do a linear search for each input (we don't expect
+							// large input sets to exist) to ensure the request's input set is fully
+							// spent to be resilient against the external claim reordering inputs.
+							let mut spends_all_inputs = true;
+							for request_input in request.outpoints() {
+								if tx.input.iter().find(|input| input.previous_output == *request_input).is_none() {
+									spends_all_inputs = false;
+									break;
 								}
 							}
+							set_equality = spends_all_inputs;
 						}
 
 						macro_rules! clean_claim_request_after_safety_delay {
@@ -985,6 +1042,40 @@ impl<ChannelSigner: Sign> OnchainTxHandler<ChannelSigner> {
 		htlc_tx
 	}
 
+	#[cfg(anchors)]
+	pub(crate) fn unsigned_htlc_tx(
+		&mut self, outp: &::bitcoin::OutPoint, preimage: &Option<PaymentPreimage>
+	) -> Option<(Transaction, ExternalHTLCClaim)> {
+		let find_htlc = |holder_commitment: &HolderCommitmentTransaction| -> Option<(Transaction, ExternalHTLCClaim)> {
+			let trusted_tx = holder_commitment.trust();
+			if outp.txid != trusted_tx.txid() {
+				return None;
+			}
+			trusted_tx.htlcs().iter().enumerate()
+				.find(|(_, htlc)| if let Some(output_index) = htlc.transaction_output_index {
+					output_index == outp.vout
+				} else {
+					false
+				})
+				.map(|(htlc_idx, _)| {
+					let counterparty_htlc_sig = holder_commitment.counterparty_htlc_sigs[htlc_idx];
+					let channel_params = self.channel_transaction_parameters.as_holder_broadcastable();
+					let (htlc_tx, htlc) = trusted_tx.unsigned_htlc_tx(&channel_params, htlc_idx, preimage);
+					(htlc_tx, ExternalHTLCClaim {
+						per_commitment_number: trusted_tx.commitment_number(),
+						htlc,
+						preimage: *preimage,
+						counterparty_base_htlc_key: channel_params.countersignatory_pubkeys().htlc_basepoint,
+						counterparty_base_revocation_key: channel_params.countersignatory_pubkeys().revocation_basepoint,
+						counterparty_sig: counterparty_htlc_sig,
+					})
+				})
+		};
+		// Check if the HTLC spends from the current holder commitment or the previous one otherwise.
+		find_htlc(&self.holder_commitment)
+			.or(self.prev_holder_commitment.as_ref().map(|c| find_htlc(c)).flatten())
+	}
+
 	pub(crate) fn opt_anchors(&self) -> bool {
 		self.channel_transaction_parameters.opt_anchors.is_some()
 	}

lightning/src/chain/package.rs

@@ -26,6 +26,8 @@ use crate::ln::chan_utils;
 use crate::ln::msgs::DecodeError;
 use crate::chain::chaininterface::{FeeEstimator, ConfirmationTarget, MIN_RELAY_FEE_SAT_PER_1000_WEIGHT};
 use crate::chain::keysinterface::Sign;
+#[cfg(anchors)]
+use crate::chain::onchaintx::ExternalHTLCClaim;
 use crate::chain::onchaintx::OnchainTxHandler;
 use crate::util::byte_utils;
 use crate::util::logger::Logger;
@@ -453,8 +455,13 @@ impl PackageSolvingData {
 	}
 	fn get_finalized_tx<Signer: Sign>(&self, outpoint: &BitcoinOutPoint, onchain_handler: &mut OnchainTxHandler<Signer>) -> Option<Transaction> {
 		match self {
-			PackageSolvingData::HolderHTLCOutput(ref outp) => { return onchain_handler.get_fully_signed_htlc_tx(outpoint, &outp.preimage); }
-			PackageSolvingData::HolderFundingOutput(ref outp) => { return Some(onchain_handler.get_fully_signed_holder_tx(&outp.funding_redeemscript)); }
+			PackageSolvingData::HolderHTLCOutput(ref outp) => {
+				debug_assert!(!outp.opt_anchors());
+				return onchain_handler.get_fully_signed_htlc_tx(outpoint, &outp.preimage);
+			}
+			PackageSolvingData::HolderFundingOutput(ref outp) => {
+				return Some(onchain_handler.get_fully_signed_holder_tx(&outp.funding_redeemscript));
+			}
 			_ => { panic!("API Error!"); }
 		}
 	}
@@ -654,6 +661,31 @@ impl PackageTemplate {
 		let output_weight = (8 + 1 + destination_script.len()) * WITNESS_SCALE_FACTOR;
 		inputs_weight + witnesses_weight + transaction_weight + output_weight
 	}
+	#[cfg(anchors)]
+	pub(crate) fn construct_malleable_package_with_external_funding<Signer: Sign>(
+		&self, onchain_handler: &mut OnchainTxHandler<Signer>,
+	) -> (Transaction, Vec<ExternalHTLCClaim>) {
+		debug_assert!(self.requires_external_funding());
+		let mut aggregate_tx = Transaction {
+			version: 2,
+			lock_time: PackedLockTime(self.package_timelock()),
+			input: Vec::with_capacity(self.inputs.len()),
+			output: Vec::with_capacity(self.inputs.len()),
+		};
+		let mut htlcs = Vec::with_capacity(self.inputs.len());
+		self.inputs.iter().for_each(|input| match input.1 {
+			PackageSolvingData::HolderHTLCOutput(ref outp) => {
+				debug_assert!(outp.opt_anchors());
+				onchain_handler.unsigned_htlc_tx(&input.0, &outp.preimage).map(|(mut htlc_tx, htlc)| {
+					aggregate_tx.input.push(htlc_tx.input.pop().unwrap());
+					aggregate_tx.output.push(htlc_tx.output.pop().unwrap());
+					htlcs.push(htlc)
+				});
+			}
+			_ => debug_assert!(false, "Expected HolderHTLCOutputs to not be aggregated with other input types"),
+		});
+		(aggregate_tx, htlcs)
+	}
 	pub(crate) fn finalize_malleable_package<L: Deref, Signer: Sign>(
 		&self, onchain_handler: &mut OnchainTxHandler<Signer>, value: u64, destination_script: Script, logger: &L
 	) -> Option<Transaction> where L::Target: Logger {

lightning/src/ln/chan_utils.rs

@@ -1533,19 +1533,37 @@ impl<'a> TrustedCommitmentTransaction<'a> {
 		Ok(ret)
 	}
 
-	/// Gets a signed HTLC transaction given a preimage (for !htlc.offered) and the holder HTLC transaction signature.
-	pub(crate) fn get_signed_htlc_tx(&self, channel_parameters: &DirectedChannelTransactionParameters, htlc_index: usize, counterparty_signature: &Signature, signature: &Signature, preimage: &Option<PaymentPreimage>) -> Transaction {
+	/// Builds the unsigned HTLC transaction for a HTLC with output index `htlc_index` within
+	/// the commitment transaction.
+	pub(crate) fn unsigned_htlc_tx(
+		&self, channel_parameters: &DirectedChannelTransactionParameters, htlc_index: usize,
+		preimage: &Option<PaymentPreimage>
+	) -> (Transaction, HTLCOutputInCommitment) {
 		let inner = self.inner;
 		let keys = &inner.keys;
 		let txid = inner.built.txid;
-		let this_htlc = &inner.htlcs[htlc_index];
+		let this_htlc = inner.htlcs[htlc_index].clone();
 		assert!(this_htlc.transaction_output_index.is_some());
 		// if we don't have preimage for an HTLC-Success, we can't generate an HTLC transaction.
 		if !this_htlc.offered && preimage.is_none() { unreachable!(); }
 		// Further, we should never be provided the preimage for an HTLC-Timeout transaction.
 		if  this_htlc.offered && preimage.is_some() { unreachable!(); }
-
-		let mut htlc_tx = build_htlc_transaction(&txid, inner.feerate_per_kw, channel_parameters.contest_delay(), &this_htlc, self.opt_anchors(), &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
+		let htlc_tx = build_htlc_transaction(
+			&txid, inner.feerate_per_kw, channel_parameters.contest_delay(), &this_htlc,
+			self.opt_anchors(), &keys.broadcaster_delayed_payment_key, &keys.revocation_key,
+		);
+		(htlc_tx, this_htlc)
+	}
+
+	/// Gets a signed HTLC transaction given a preimage (for !htlc.offered) and the holder HTLC
+	/// transaction signature.
+	pub(crate) fn get_signed_htlc_tx(
+		&self, channel_parameters: &DirectedChannelTransactionParameters, htlc_index: usize,
+		counterparty_signature: &Signature, signature: &Signature, preimage: &Option<PaymentPreimage>
+	) -> Transaction {
+		let keys = &&self.inner.keys;
+		let this_htlc = &self.inner.htlcs[htlc_index];
+		let mut htlc_tx = self.unsigned_htlc_tx(channel_parameters, htlc_index, preimage).0;
 
 		let htlc_redeemscript = get_htlc_redeemscript_with_explicit_keys(&this_htlc, self.opt_anchors(), &keys.broadcaster_htlc_key, &keys.countersignatory_htlc_key, &keys.revocation_key);