Re-derive signers upon deserializing Channel

wpaulino · wpaulino · commit 234b7d8ca250 · 2022-11-21T13:36:51.000-08:00
To do so, we introduce a new serialization version that doesn't store a
channel's signer, and instead stores its signer's `channel_keys_id`.
This is a unique identifier that can be provided to our `KeysInterface`
to re-derive all private key material for said channel.

We choose to not upgrade the minimum compatible serialization version
until a later time, which will also remove any signer serialization
logic on implementations of `KeysInterface` and `Sign`.
diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
@@ -34,9 +34,9 @@ use crate::chain::BestBlock;
 use crate::chain::chaininterface::{FeeEstimator, ConfirmationTarget, LowerBoundedFeeEstimator};
 use crate::chain::channelmonitor::{ChannelMonitor, ChannelMonitorUpdate, ChannelMonitorUpdateStep, LATENCY_GRACE_PERIOD_BLOCKS};
 use crate::chain::transaction::{OutPoint, TransactionData};
-use crate::chain::keysinterface::{Sign, KeysInterface};
+use crate::chain::keysinterface::{Sign, KeysInterface, BaseSign};
 use crate::util::events::ClosureReason;
-use crate::util::ser::{Readable, ReadableArgs, Writeable, Writer, VecWriter};
+use crate::util::ser::{Readable, ReadableArgs, Writeable, Writer};
 use crate::util::logger::Logger;
 use crate::util::errors::APIError;
 use crate::util::config::{UserConfig, ChannelConfig, LegacyChannelConfig, ChannelHandshakeConfig, ChannelHandshakeLimits};
@@ -739,6 +739,10 @@ pub(super) struct Channel<Signer: Sign> {
 
 	// We track whether we already emitted a `ChannelReady` event.
 	channel_ready_event_emitted: bool,
+
+	/// The unique identifier used to re-derive the private key material for the channel through
+	/// [`KeysInterface::derive_channel_signer`].
+	_channel_keys_id: [u8; 32],
 }
 
 #[cfg(any(test, fuzzing))]
@@ -912,6 +916,7 @@ impl<Signer: Sign> Channel<Signer> {
 
 		let holder_selected_contest_delay = config.channel_handshake_config.our_to_self_delay;
 		let holder_signer = keys_provider.get_channel_signer(false, channel_value_satoshis);
+		let channel_keys_id = holder_signer.channel_keys_id();
 		let pubkeys = holder_signer.pubkeys().clone();
 
 		if !their_features.supports_wumbo() && channel_value_satoshis > MAX_FUNDING_SATOSHIS_NO_WUMBO {
@@ -1072,6 +1077,7 @@ impl<Signer: Sign> Channel<Signer> {
 			historical_inbound_htlc_fulfills: HashSet::new(),
 
 			channel_type: Self::get_initial_channel_type(&config),
+			_channel_keys_id: channel_keys_id,
 		})
 	}
 
@@ -1155,6 +1161,7 @@ impl<Signer: Sign> Channel<Signer> {
 		}
 
 		let holder_signer = keys_provider.get_channel_signer(true, msg.funding_satoshis);
+		let channel_keys_id = holder_signer.channel_keys_id();
 		let pubkeys = holder_signer.pubkeys().clone();
 		let counterparty_pubkeys = ChannelPublicKeys {
 			funding_pubkey: msg.funding_pubkey,
@@ -1417,6 +1424,7 @@ impl<Signer: Sign> Channel<Signer> {
 			historical_inbound_htlc_fulfills: HashSet::new(),
 
 			channel_type,
+			_channel_keys_id: channel_keys_id,
 		};
 
 		Ok(chan)
@@ -5963,7 +5971,7 @@ impl<Signer: Sign> Channel<Signer> {
 	}
 }
 
-const SERIALIZATION_VERSION: u8 = 2;
+const SERIALIZATION_VERSION: u8 = 3;
 const MIN_SERIALIZATION_VERSION: u8 = 2;
 
 impl_writeable_tlv_based_enum!(InboundHTLCRemovalReason,;
@@ -6044,13 +6052,6 @@ impl<Signer: Sign> Writeable for Channel<Signer> {
 
 		self.latest_monitor_update_id.write(writer)?;
 
-		let mut key_data = VecWriter(Vec::new());
-		self.holder_signer.write(&mut key_data)?;
-		assert!(key_data.0.len() < core::usize::MAX);
-		assert!(key_data.0.len() < core::u32::MAX as usize);
-		(key_data.0.len() as u32).write(writer)?;
-		writer.write_all(&key_data.0[..])?;
-
 		// Write out the old serialization for shutdown_pubkey for backwards compatibility, if
 		// deserialized from that format.
 		match self.shutdown_scriptpubkey.as_ref().and_then(|script| script.as_legacy_pubkey()) {
@@ -6283,6 +6284,10 @@ impl<Signer: Sign> Writeable for Channel<Signer> {
 		// we write the high bytes as an option here.
 		let user_id_high_opt = Some((self.user_id >> 64) as u64);
 
+		// `channel_keys_id` is serialized as an option to remain backwards compatible until we bump
+		// `MIN_SERIALIZATION_VERSION` to 3.
+		let channel_keys_id = Some(self._channel_keys_id);
+
 		write_tlv_fields!(writer, {
 			(0, self.announcement_sigs, option),
 			// minimum_depth and counterparty_selected_channel_reserve_satoshis used to have a
@@ -6298,6 +6303,7 @@ impl<Signer: Sign> Writeable for Channel<Signer> {
 			(5, self.config, required),
 			(6, serialized_holder_htlc_max_in_flight, option),
 			(7, self.shutdown_scriptpubkey, option),
+			(8, channel_keys_id, option),
 			(9, self.target_closing_feerate_sats_per_kw, option),
 			(11, self.monitor_pending_finalized_fulfills, vec_type),
 			(13, self.channel_creation_height, required),
@@ -6343,16 +6349,19 @@ impl<'a, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<<K::Target as KeysInte
 
 		let latest_monitor_update_id = Readable::read(reader)?;
 
-		let keys_len: u32 = Readable::read(reader)?;
-		let mut keys_data = Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE));
-		while keys_data.len() != keys_len as usize {
-			// Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
-			let mut data = [0; 1024];
-			let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - keys_data.len())];
-			reader.read_exact(read_slice)?;
-			keys_data.extend_from_slice(read_slice);
+		let mut holder_signer = None;
+		if ver <= 2 {
+			let keys_len: u32 = Readable::read(reader)?;
+			let mut keys_data = Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE));
+			while keys_data.len() != keys_len as usize {
+				// Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
+				let mut data = [0; 1024];
+				let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - keys_data.len())];
+				reader.read_exact(read_slice)?;
+				keys_data.extend_from_slice(read_slice);
+			}
+			holder_signer = Some(keys_source.read_chan_signer(&keys_data)?);
 		}
-		let holder_signer = keys_source.read_chan_signer(&keys_data)?;
 
 		// Read the old serialization for shutdown_pubkey, preferring the TLV field later if set.
 		let mut shutdown_scriptpubkey = match <PublicKey as Readable>::read(reader) {
@@ -6570,6 +6579,7 @@ impl<'a, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<<K::Target as KeysInte
 		let mut channel_ready_event_emitted = None;
 
 		let mut user_id_high_opt: Option<u64> = None;
+		let mut channel_keys_id: Option<[u8; 32]> = None;
 
 		read_tlv_fields!(reader, {
 			(0, announcement_sigs, option),
@@ -6580,6 +6590,7 @@ impl<'a, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<<K::Target as KeysInte
 			(5, config, option), // Note that if none is provided we will *not* overwrite the existing one.
 			(6, holder_max_htlc_value_in_flight_msat, option),
 			(7, shutdown_scriptpubkey, option),
+			(8, channel_keys_id, option),
 			(9, target_closing_feerate_sats_per_kw, option),
 			(11, monitor_pending_finalized_fulfills, vec_type),
 			(13, channel_creation_height, option),
@@ -6591,6 +6602,22 @@ impl<'a, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<<K::Target as KeysInte
 			(25, user_id_high_opt, option),
 		});
 
+		let (channel_keys_id, mut holder_signer) = if ver <= 2 {
+			assert!(holder_signer.is_some() && channel_keys_id.is_none());
+			let holder_signer = holder_signer.unwrap();
+			(holder_signer.channel_keys_id(), holder_signer)
+		} else {
+			assert!(holder_signer.is_none() && channel_keys_id.is_some());
+			let channel_keys_id = channel_keys_id.unwrap();
+			(channel_keys_id, keys_source.derive_channel_signer(channel_value_satoshis, channel_keys_id))
+		};
+		// If we've gotten to the funding stage of the channel, populate the signer with its
+		// required channel parameters.
+		let non_shutdown_state = channel_state & (!MULTI_STATE_FLAGS);
+		if non_shutdown_state >= (ChannelState::FundingCreated as u32) {
+			holder_signer.ready_channel(&channel_parameters);
+		}
+
 		if let Some(preimages) = preimages_opt {
 			let mut iter = preimages.into_iter();
 			for htlc in pending_outbound_htlcs.iter_mut() {
@@ -6740,6 +6767,7 @@ impl<'a, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<<K::Target as KeysInte
 			historical_inbound_htlc_fulfills,
 
 			channel_type: channel_type.unwrap(),
+			_channel_keys_id: channel_keys_id,
 		})
 	}
 }
