Remove InMemorySigner (de-)serialization support

InMemorySigner no longer holds channel_value_satoshis and
channel_parameters. Instead of writing 0 and None, respectively, drop
(de-)serialization support entirely since InMemorySigner hasn't been
serialized since SERIALIZATION_VERSION 2.

Author: jkczyz

fuzz/src/chanmon_consistency.rs

@@ -52,9 +52,7 @@ use lightning::ln::channelmanager::{
 };
 use lightning::ln::functional_test_utils::*;
 use lightning::ln::inbound_payment::ExpandedKey;
-use lightning::ln::msgs::{
-	ChannelMessageHandler, CommitmentUpdate, DecodeError, Init, UpdateAddHTLC,
-};
+use lightning::ln::msgs::{ChannelMessageHandler, CommitmentUpdate, Init, UpdateAddHTLC};
 use lightning::ln::script::ShutdownScript;
 use lightning::ln::types::ChannelId;
 use lightning::offers::invoice::UnsignedBolt12Invoice;
@@ -385,15 +383,6 @@ impl SignerProvider for KeyProvider {
 		TestChannelSigner::new_with_revoked(keys, revoked_commitment, false)
 	}
 
-	fn read_chan_signer(&self, buffer: &[u8]) -> Result<Self::EcdsaSigner, DecodeError> {
-		let mut reader = lightning::io::Cursor::new(buffer);
-
-		let inner: InMemorySigner = ReadableArgs::read(&mut reader, self)?;
-		let state = self.make_enforcement_state_cell(inner.commitment_seed);
-
-		Ok(TestChannelSigner::new_with_revoked(inner, state, false))
-	}
-
 	fn get_destination_script(&self, _channel_keys_id: [u8; 32]) -> Result<ScriptBuf, ()> {
 		let secp_ctx = Secp256k1::signing_only();
 		#[rustfmt::skip]

fuzz/src/full_stack.rs

@@ -44,7 +44,6 @@ use lightning::ln::channelmanager::{
 };
 use lightning::ln::functional_test_utils::*;
 use lightning::ln::inbound_payment::ExpandedKey;
-use lightning::ln::msgs::DecodeError;
 use lightning::ln::peer_handler::{
 	IgnoringMessageHandler, MessageHandler, PeerManager, SocketDescriptor,
 };
@@ -63,7 +62,7 @@ use lightning::util::config::{ChannelConfig, UserConfig};
 use lightning::util::errors::APIError;
 use lightning::util::hash_tables::*;
 use lightning::util::logger::Logger;
-use lightning::util::ser::{Readable, ReadableArgs, Writeable};
+use lightning::util::ser::{Readable, Writeable};
 use lightning::util::test_channel_signer::{EnforcementState, TestChannelSigner};
 
 use lightning_invoice::RawBolt11Invoice;
@@ -522,13 +521,6 @@ impl SignerProvider for KeyProvider {
 		)
 	}
 
-	fn read_chan_signer(&self, mut data: &[u8]) -> Result<TestChannelSigner, DecodeError> {
-		let inner: InMemorySigner = ReadableArgs::read(&mut data, self)?;
-		let state = Arc::new(Mutex::new(EnforcementState::new()));
-
-		Ok(TestChannelSigner::new_with_revoked(inner, state, false))
-	}
-
 	fn get_destination_script(&self, _channel_keys_id: [u8; 32]) -> Result<ScriptBuf, ()> {
 		let secp_ctx = Secp256k1::signing_only();
 		let channel_monitor_claim_key = SecretKey::from_slice(

fuzz/src/onion_message.rs

@@ -10,7 +10,7 @@ use lightning::blinded_path::message::{
 };
 use lightning::blinded_path::EmptyNodeIdLookUp;
 use lightning::ln::inbound_payment::ExpandedKey;
-use lightning::ln::msgs::{self, DecodeError, OnionMessageHandler};
+use lightning::ln::msgs::{self, OnionMessageHandler};
 use lightning::ln::peer_handler::IgnoringMessageHandler;
 use lightning::ln::script::ShutdownScript;
 use lightning::offers::invoice::UnsignedBolt12Invoice;
@@ -265,10 +265,6 @@ impl SignerProvider for KeyProvider {
 		unreachable!()
 	}
 
-	fn read_chan_signer(&self, _data: &[u8]) -> Result<TestChannelSigner, DecodeError> {
-		unreachable!()
-	}
-
 	fn get_destination_script(&self, _channel_keys_id: [u8; 32]) -> Result<ScriptBuf, ()> {
 		unreachable!()
 	}

lightning/src/ln/channel.rs

@@ -10297,7 +10297,6 @@ impl<SP: Deref> Writeable for FundedChannel<SP> where SP::Target: SignerProvider
 	}
 }
 
-const MAX_ALLOC_SIZE: usize = 64*1024;
 impl<'a, 'b, 'c, ES: Deref, SP: Deref> ReadableArgs<(&'a ES, &'b SP, u32, &'c ChannelTypeFeatures)> for FundedChannel<SP>
 		where
 			ES::Target: EntropySource,
@@ -10330,21 +10329,6 @@ impl<'a, 'b, 'c, ES: Deref, SP: Deref> ReadableArgs<(&'a ES, &'b SP, u32, &'c Ch
 
 		let latest_monitor_update_id = Readable::read(reader)?;
 
-		let mut keys_data = None;
-		if ver <= 2 {
-			// Read the serialize signer bytes. We'll choose to deserialize them or not based on whether
-			// the `channel_keys_id` TLV is present below.
-			let keys_len: u32 = Readable::read(reader)?;
-			keys_data = Some(Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE)));
-			while keys_data.as_ref().unwrap().len() != keys_len as usize {
-				// Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
-				let mut data = [0; 1024];
-				let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - keys_data.as_ref().unwrap().len())];
-				reader.read_exact(read_slice)?;
-				keys_data.as_mut().unwrap().extend_from_slice(read_slice);
-			}
-		}
-
 		// Read the old serialization for shutdown_pubkey, preferring the TLV field later if set.
 		let mut shutdown_scriptpubkey = match <PublicKey as Readable>::read(reader) {
 			Ok(pubkey) => Some(ShutdownScript::new_p2wpkh_from_pubkey(pubkey)),
@@ -10641,10 +10625,7 @@ impl<'a, 'b, 'c, ES: Deref, SP: Deref> ReadableArgs<(&'a ES, &'b SP, u32, &'c Ch
 			}
 			(channel_keys_id, holder_signer)
 		} else {
-			// `keys_data` can be `None` if we had corrupted data.
-			let keys_data = keys_data.ok_or(DecodeError::InvalidValue)?;
-			let holder_signer = signer_provider.read_chan_signer(&keys_data)?;
-			(holder_signer.channel_keys_id(), holder_signer)
+			return Err(DecodeError::InvalidValue);
 		};
 
 		if let Some(preimages) = preimages_opt {
@@ -10931,7 +10912,7 @@ mod tests {
 	use crate::ln::channel::{MAX_FUNDING_SATOSHIS_NO_WUMBO, TOTAL_BITCOIN_SUPPLY_SATOSHIS, MIN_THEIR_CHAN_RESERVE_SATOSHIS};
 	use crate::types::features::{ChannelFeatures, ChannelTypeFeatures, NodeFeatures};
 	use crate::ln::msgs;
-	use crate::ln::msgs::{ChannelUpdate, DecodeError, UnsignedChannelUpdate, MAX_VALUE_MSAT};
+	use crate::ln::msgs::{ChannelUpdate, UnsignedChannelUpdate, MAX_VALUE_MSAT};
 	use crate::ln::script::ShutdownScript;
 	use crate::ln::chan_utils::{self, htlc_success_tx_weight, htlc_timeout_tx_weight};
 	use crate::chain::BestBlock;
@@ -11003,8 +10984,6 @@ mod tests {
 			self.signer.clone()
 		}
 
-		fn read_chan_signer(&self, _data: &[u8]) -> Result<Self::EcdsaSigner, DecodeError> { panic!(); }
-
 		fn get_destination_script(&self, _channel_keys_id: [u8; 32]) -> Result<ScriptBuf, ()> {
 			let secp_ctx = Secp256k1::signing_only();
 			let channel_monitor_claim_key = SecretKey::from_slice(&<Vec<u8>>::from_hex("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();

lightning/src/ln/channelmanager.rs

@@ -13488,8 +13488,8 @@ where
 	pub node_signer: NS,
 
 	/// The keys provider which will give us relevant keys. Some keys will be loaded during
-	/// deserialization and KeysInterface::read_chan_signer will be used to read per-Channel
-	/// signing data.
+	/// deserialization and [`SignerProvider::derive_channel_signer`] will be used to derive
+	/// per-Channel signing data.
 	pub signer_provider: SP,
 
 	/// The fee_estimator for use in the ChannelManager in the future.

lightning/src/sign/mod.rs

@@ -58,12 +58,10 @@ use crate::ln::msgs::{UnsignedChannelAnnouncement, UnsignedGossipMessage};
 use crate::ln::script::ShutdownScript;
 use crate::offers::invoice::UnsignedBolt12Invoice;
 use crate::types::payment::PaymentPreimage;
-use crate::util::ser::{Readable, ReadableArgs, Writeable, Writer};
+use crate::util::ser::Writeable;
 use crate::util::transaction_utils;
 
 use crate::crypto::chacha20::ChaCha20;
-use crate::io::{self, Error};
-use crate::ln::msgs::DecodeError;
 use crate::prelude::*;
 use crate::sign::ecdsa::EcdsaChannelSigner;
 #[cfg(taproot)]
@@ -811,8 +809,7 @@ pub trait ChannelSigner {
 	///
 	/// This data is static, and will never change for a channel once set. For a given [`ChannelSigner`]
 	/// instance, LDK will call this method exactly once - either immediately after construction
-	/// (not including if done via [`SignerProvider::read_chan_signer`]) or when the funding
-	/// information has been generated.
+	/// or when the funding information has been generated.
 	///
 	/// channel_parameters.is_populated() MUST be true.
 	fn provide_channel_parameters(&mut self, channel_parameters: &ChannelTransactionParameters);
@@ -983,21 +980,6 @@ pub trait SignerProvider {
 		&self, channel_value_satoshis: u64, channel_keys_id: [u8; 32],
 	) -> Self::EcdsaSigner;
 
-	/// Reads a [`Signer`] for this [`SignerProvider`] from the given input stream.
-	/// This is only called during deserialization of other objects which contain
-	/// [`EcdsaChannelSigner`]-implementing objects (i.e., [`ChannelMonitor`]s and [`ChannelManager`]s).
-	/// The bytes are exactly those which `<Self::Signer as Writeable>::write()` writes, and
-	/// contain no versioning scheme. You may wish to include your own version prefix and ensure
-	/// you've read all of the provided bytes to ensure no corruption occurred.
-	///
-	/// This method is slowly being phased out -- it will only be called when reading objects
-	/// written by LDK versions prior to 0.0.113.
-	///
-	/// [`Signer`]: Self::EcdsaSigner
-	/// [`ChannelMonitor`]: crate::chain::channelmonitor::ChannelMonitor
-	/// [`ChannelManager`]: crate::ln::channelmanager::ChannelManager
-	fn read_chan_signer(&self, reader: &[u8]) -> Result<Self::EcdsaSigner, DecodeError>;
-
 	/// Get a script pubkey which we send funds to when claiming on-chain contestable outputs.
 	///
 	/// If this function returns an error, this will result in a channel failing to open.
@@ -1789,74 +1771,6 @@ impl TaprootChannelSigner for InMemorySigner {
 	}
 }
 
-const SERIALIZATION_VERSION: u8 = 1;
-
-const MIN_SERIALIZATION_VERSION: u8 = 1;
-
-impl Writeable for InMemorySigner {
-	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), Error> {
-		write_ver_prefix!(writer, SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
-
-		self.funding_key.write(writer)?;
-		self.revocation_base_key.write(writer)?;
-		self.payment_key.write(writer)?;
-		self.delayed_payment_base_key.write(writer)?;
-		self.htlc_base_key.write(writer)?;
-		self.commitment_seed.write(writer)?;
-		self.channel_parameters.write(writer)?;
-		self.channel_value_satoshis.write(writer)?;
-		self.channel_keys_id.write(writer)?;
-
-		write_tlv_fields!(writer, {});
-
-		Ok(())
-	}
-}
-
-impl<ES: Deref> ReadableArgs<ES> for InMemorySigner
-where
-	ES::Target: EntropySource,
-{
-	fn read<R: io::Read>(reader: &mut R, entropy_source: ES) -> Result<Self, DecodeError> {
-		let _ver = read_ver_prefix!(reader, SERIALIZATION_VERSION);
-
-		let funding_key = Readable::read(reader)?;
-		let revocation_base_key = Readable::read(reader)?;
-		let payment_key = Readable::read(reader)?;
-		let delayed_payment_base_key = Readable::read(reader)?;
-		let htlc_base_key = Readable::read(reader)?;
-		let commitment_seed = Readable::read(reader)?;
-		let counterparty_channel_data = Readable::read(reader)?;
-		let channel_value_satoshis = Readable::read(reader)?;
-		let secp_ctx = Secp256k1::signing_only();
-		let holder_channel_pubkeys = InMemorySigner::make_holder_keys(
-			&secp_ctx,
-			&funding_key,
-			&revocation_base_key,
-			&payment_key,
-			&delayed_payment_base_key,
-			&htlc_base_key,
-		);
-		let keys_id = Readable::read(reader)?;
-
-		read_tlv_fields!(reader, {});
-
-		Ok(InMemorySigner {
-			funding_key,
-			revocation_base_key,
-			payment_key,
-			delayed_payment_base_key,
-			htlc_base_key,
-			commitment_seed,
-			channel_value_satoshis,
-			holder_channel_pubkeys,
-			channel_parameters: counterparty_channel_data,
-			channel_keys_id: keys_id,
-			entropy_source: RandomBytes::new(entropy_source.get_secure_random_bytes()),
-		})
-	}
-}
-
 /// Simple implementation of [`EntropySource`], [`NodeSigner`], and [`SignerProvider`] that takes a
 /// 32-byte seed for use as a BIP 32 extended key and derives keys from that.
 ///
@@ -2295,10 +2209,6 @@ impl SignerProvider for KeysManager {
 		self.derive_channel_keys(channel_value_satoshis, &channel_keys_id)
 	}
 
-	fn read_chan_signer(&self, reader: &[u8]) -> Result<Self::EcdsaSigner, DecodeError> {
-		InMemorySigner::read(&mut io::Cursor::new(reader), self)
-	}
-
 	fn get_destination_script(&self, _channel_keys_id: [u8; 32]) -> Result<ScriptBuf, ()> {
 		Ok(self.destination_script.clone())
 	}
@@ -2428,10 +2338,6 @@ impl SignerProvider for PhantomKeysManager {
 		self.inner.derive_channel_signer(channel_value_satoshis, channel_keys_id)
 	}
 
-	fn read_chan_signer(&self, reader: &[u8]) -> Result<Self::EcdsaSigner, DecodeError> {
-		self.inner.read_chan_signer(reader)
-	}
-
 	fn get_destination_script(&self, channel_keys_id: [u8; 32]) -> Result<ScriptBuf, ()> {
 		self.inner.get_destination_script(channel_keys_id)
 	}

lightning/src/util/test_channel_signer.rs

@@ -31,14 +31,12 @@ use bitcoin::sighash;
 use bitcoin::sighash::EcdsaSighashType;
 use bitcoin::transaction::Transaction;
 
-use crate::io::Error;
 #[cfg(taproot)]
 use crate::ln::msgs::PartialSignatureWithNonce;
 #[cfg(taproot)]
 use crate::sign::taproot::TaprootChannelSigner;
 use crate::sign::HTLCDescriptor;
 use crate::types::features::ChannelTypeFeatures;
-use crate::util::ser::{Writeable, Writer};
 use bitcoin::secp256k1;
 #[cfg(taproot)]
 use bitcoin::secp256k1::All;
@@ -530,17 +528,6 @@ impl TaprootChannelSigner for TestChannelSigner {
 	}
 }
 
-impl Writeable for TestChannelSigner {
-	fn write<W: Writer>(&self, writer: &mut W) -> Result<(), Error> {
-		// TestChannelSigner has two fields - `inner` ([`InMemorySigner`]) and `state`
-		// ([`EnforcementState`]). `inner` is serialized here and deserialized by
-		// [`SignerProvider::read_chan_signer`]. `state` is managed by [`SignerProvider`]
-		// and will be serialized as needed by the implementation of that trait.
-		self.inner.write(writer)?;
-		Ok(())
-	}
-}
-
 impl TestChannelSigner {
 	fn verify_counterparty_commitment_tx<'a, T: secp256k1::Signing + secp256k1::Verification>(
 		&self, commitment_tx: &'a CommitmentTransaction, secp_ctx: &Secp256k1<T>,

lightning/src/util/test_utils.rs

@@ -75,9 +75,7 @@ use lightning_invoice::RawBolt11Invoice;
 
 use crate::io;
 use crate::prelude::*;
-use crate::sign::{
-	EntropySource, InMemorySigner, NodeSigner, RandomBytes, Recipient, SignerProvider,
-};
+use crate::sign::{EntropySource, NodeSigner, RandomBytes, Recipient, SignerProvider};
 use crate::sync::{Arc, Mutex};
 use core::cell::RefCell;
 use core::mem;
@@ -370,13 +368,6 @@ impl SignerProvider for OnlyReadsKeysInterface {
 		unreachable!();
 	}
 
-	fn read_chan_signer(&self, mut reader: &[u8]) -> Result<Self::EcdsaSigner, msgs::DecodeError> {
-		let inner: InMemorySigner = ReadableArgs::read(&mut reader, self)?;
-		let state = Arc::new(Mutex::new(EnforcementState::new()));
-
-		Ok(TestChannelSigner::new_with_revoked(inner, state, false))
-	}
-
 	fn get_destination_script(&self, _channel_keys_id: [u8; 32]) -> Result<ScriptBuf, ()> {
 		Err(())
 	}
@@ -1580,15 +1571,6 @@ impl SignerProvider for TestKeysInterface {
 		signer
 	}
 
-	fn read_chan_signer(&self, buffer: &[u8]) -> Result<Self::EcdsaSigner, msgs::DecodeError> {
-		let mut reader = io::Cursor::new(buffer);
-
-		let inner: InMemorySigner = ReadableArgs::read(&mut reader, self)?;
-		let state = self.make_enforcement_state_cell(inner.commitment_seed);
-
-		Ok(TestChannelSigner::new_with_revoked(inner, state, self.disable_revocation_policy_check))
-	}
-
 	fn get_destination_script(&self, channel_keys_id: [u8; 32]) -> Result<ScriptBuf, ()> {
 		self.backing.get_destination_script(channel_keys_id)
 	}

pending_changelog/3604-upgrades-prior-to-113-not-supported.txt

@@ -0,0 +1,2 @@
+## API Updates (0.2)
+ * Upgrading from versions prior to 0.0.113 is no longer supported (#3604).