Refactor ChannelTransactionParameters into FundingScope

[jkczyz]

Continues the work of #3592 by moving fields related to the funding transaction into FundingScope. This includes fields from ChannelContext for the funding transaction and ChannelTransactionParameters for the funding outpoint and pubkeys.

This primarily involves moving the entire ChannelTransactionParameters into FundingScope and channel_value_satoshis into ChannelTransactionParameters. The latter result in less API churn at the cost of duplicating parameters that don't change across each FundingScope. To that end, this PR also updates the EcdsaChannelSigner to take ChannelTransactionParameters which removes the need for ChannelSigner::provide_channel_parameters.

Since ChannelTransactionParameters contains channel_value_satoshis, implementation like InMemorySigner no longer need it. Thus, the NodeSigner trait is updated to no longer take the value when deriving signers, which is a breaking change.

[jkczyz]

@wpaulino This primarily moves fields from ChannelContext and duplicates the funding outpoint pubkeys from ChannelTransactionParameters into FundingScope. I skimmed through sign.rs to see how this would be affected. Thinking on it a bit, I'm wondering if instead of duplicating those fields we instead move the entire ChannelTransactionParameters from ChannelContext into FundingScope.

The drawback is we'd be duplicating fields that wouldn't change. But this seems better than duplicating fields that would change and risk having inconsistent data. Also, it could prevent us from needing to worry about changing other uses of ChannelTransactionParameters (e.g., by ChannelMonitor and OnchainTxHandler), outside needing to pass the appropriate ChannelTransactionParameters. Maybe we could reduce the duplication when persisting ChannelMonitor, though.

What are your thoughts?

[wpaulino]

I was thinking we could deprecate the funding scope related fields from ChannelTransactionParameters and eventually remove them, so there wouldn't be any duplicate data in the long run.

[jkczyz]

I was thinking we could deprecate the funding scope related fields from ChannelTransactionParameters and eventually remove them, so there wouldn't be any duplicate data in the long run.

Yeah, this PR takes that approach. But when removing the fields we'd need to update all uses to take both ChannelTransactionParameters and FundingScope anywhere ChannelTransactionParameters is currently needed. So I'm wondering more based on the current uses if it makes sense to include the entire ChannelTransactionParameters in FundingScope?

For instance, writing an OnchainTxHandler writes ChannelTransactionParameters. So removing the deprecated fields would require a custom serialization to include the removed fields from FundingScope. And presumably OnchainTxHandler wouldn't need the other FundingScope fields since it currently doesn't.

There's also DirectedChannelTransactionParameters which has broadcaster_pubkeys and countersignatory_pubkeys methods where the returned ChannelPublicKeys needs to include the funding_pubkey. So we'd need to have AnchorDescriptor hold a FundingScope, for instance, and have a similar Directed variation. But all those additional fields in FundingScope aren't relevant.

I haven't looked exhaustively to see all usages, but it seems simpler to keep ChannelTransactionParameters as it is.

[wpaulino]

Hm, I'm not opposed to always writing ChannelTransactionParameters, especially given the name already conveys it's tied to a specific channel transaction. It would also cover for any other currently static parameters changing due to some future protocol feature/upgrade. We would still be breaking the API somewhat since they are currently intended to be static throughout the channel's lifetime, but we can think of something there.

As for OnchainTxHandler, it will already need to know of the scope (or a subset of its fields) somehow to carry out signing requests. I'd love to avoid all of that completely by having the auxiliary data come from the claim request being handled, but that seems like quite the big change.

[jkczyz]

Here's the alternative approach: https://github.com/jkczyz/rust-lightning/tree/2025-02-channel-funding-pubkeys-alt

[wpaulino]

Here's the alternative approach: https://github.com/jkczyz/rust-lightning/tree/2025-02-channel-funding-pubkeys-alt

Yeah this looks pretty simple, and would also allow us to handle transitioning to new channel types in a splice since it already tracks the channel type features. I don't think the duplicate data is all that bad here once we have multiple scopes since it will eventually go away when the splice confirms. We should at least be able to avoid persisting the duplicate data, if we choose to, by cloning it from the "main" (currently confirmed) scope when reading.

Thoughts on either of these approaches @TheBlueMatt?

[jkczyz]

@TheBlueMatt Added some more commits to the alternative branch after pairing with @wpaulino yesterday. They move channel_value_satoshis from FundingScope to ChannelTransactionParameters, which will be passed to EcdsaChannelSigner methods in lieu of calling provide_channel_parameters. This is done so far for sign_counterparty_commitment. The goal would be to get rid channel_value_satoshis and channel_parameters from InMemorySigner and instead access them through the passed ChannelTransactionParameters.

[TheBlueMatt]

Discussed this being supersceded by an alternative that tries to keep signer operations (across many splice versions) together as one call.

[codecov]

Codecov Report

Attention: Patch coverage is 75.09579% with 65 lines in your changes missing coverage. Please review.

Project coverage is 88.59%. Comparing base (c9fd3a5) to head (aff70ae).

Files with missing lines	Patch %	Lines
lightning/src/util/test_channel_signer.rs	51.51%	9 Missing and 23 partials ⚠️
lightning/src/sign/mod.rs	76.13%	11 Missing and 10 partials ⚠️
lightning/src/ln/channelmanager.rs	85.29%	2 Missing and 3 partials ⚠️
lightning/src/util/test_utils.rs	50.00%	4 Missing ⚠️
lightning/src/chain/channelmonitor.rs	92.30%	0 Missing and 1 partial ⚠️
lightning/src/chain/onchaintx.rs	85.71%	0 Missing and 1 partial ⚠️
lightning/src/events/bump_transaction.rs	75.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3604      +/-   ##
==========================================
- Coverage   88.60%   88.59%   -0.02%     
==========================================
  Files         151      151              
  Lines      118409   118404       -5     
  Branches   118409   118404       -5     
==========================================
- Hits       104918   104900      -18     
+ Misses      10972    10968       -4     
- Partials     2519     2536      +17     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[jkczyz]

Updated the branch to use the alternative version. See updated PR description for details.

[TheBlueMatt]

This needs a pending release note that we no longer support upgrading from versions of LDK prior to 0.0.113 (Dec 16, 2022). Once we include that, we should probably open an issue because there's certainly a lot of fields we can start making required now 🎉.

[jkczyz]

Pending changelog added and opened #3625.

[TheBlueMatt]

Bleh, having a spurious 0 in these seems like it'll cause issues. Shouldn't we make it an Option so that we can check accesses for correctness?

[jkczyz]

Yeah, so currently this needs to be set by the caller. We could have ChannelTransactionParameters use ReadableArgs and pass it in, checking as you described, though.

[wpaulino]

I'd prefer the ReadableArgs over having to deal with the option everywhere

[jkczyz]

Changed to use ReadableArgs in a fixup. This required updating the serialization macros since other structs hold ChannelTransactionParameters. It was a small change, but please check to see if how I'm using it is sane.

[TheBlueMatt]

Since we're providing these to the signer on every call now (and there's so much redundant data) I wonder if (I guess it could happen when we do splicing) we shouldn't have some partial-comparator for these that just checks that two of them are equal for the fields that shouldn't change across a splice?

[wpaulino]

CI is sad

[jkczyz]

CI is sad

Fixed now, I think. Will make add pending CHANGELOG item in a bit. For now, PTAL.

[TheBlueMatt]

Changes LGTM, but CI is still quite sad.

[wpaulino]

We should be able to remove all of this now, no?

[jkczyz]

Yeah, done.

[wpaulino]

Feel free to squash

[jkczyz]

Squashed with the following changes:

diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
index cef3a990c..87f5cff1b 100644
--- a/lightning/src/ln/channel.rs
+++ b/lightning/src/ln/channel.rs
@@ -10260,7 +10260,6 @@ impl<SP: Deref> Writeable for FundedChannel<SP> where SP::Target: SignerProvider
        }
 }
 
-const MAX_ALLOC_SIZE: usize = 64*1024;
 impl<'a, 'b, 'c, ES: Deref, SP: Deref> ReadableArgs<(&'a ES, &'b SP, u32, &'c ChannelTypeFeatures)> for FundedChannel<SP>
                where
                        ES::Target: EntropySource,
@@ -10293,20 +10292,6 @@ impl<'a, 'b, 'c, ES: Deref, SP: Deref> ReadableArgs<(&'a ES, &'b SP, u32, &'c Ch
 
                let latest_monitor_update_id = Readable::read(reader)?;
 
-               let mut _keys_data = None;
-               if ver <= 2 {
-                       // Read the serialize signer bytes. These are no longer used as of version 0.2.0.
-                       let keys_len: u32 = Readable::read(reader)?;
-                       _keys_data = Some(Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE)));
-                       while _keys_data.as_ref().unwrap().len() != keys_len as usize {
-                               // Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
-                               let mut data = [0; 1024];
-                               let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - _keys_data.as_ref().unwrap().len())];
-                               reader.read_exact(read_slice)?;
-                               _keys_data.as_mut().unwrap().extend_from_slice(read_slice);
-                       }
-               }
-
                // Read the old serialization for shutdown_pubkey, preferring the TLV field later if set.
                let mut shutdown_scriptpubkey = match <PublicKey as Readable>::read(reader) {
                        Ok(pubkey) => Some(ShutdownScript::new_p2wpkh_from_pubkey(pubkey)),