Skip to content

Commit 1c7c967

Browse files
committed
Re-derive signers upon deserializing Channel
To do so, we introduce a new serialization version that doesn't store a channel's signer, and instead stores its signer's `channel_keys_id`. This is a unique identifier that can be provided to our `KeysInterface` to re-derive all private key material for said channel. We choose to not upgrade the minimum compatible serialization version until a later time, which will also remove any signer serialization logic on implementations of `KeysInterface` and `Sign`.
1 parent 36396c8 commit 1c7c967

File tree

1 file changed

+47
-12
lines changed

1 file changed

+47
-12
lines changed

lightning/src/ln/channel.rs

Lines changed: 47 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ use crate::chain::BestBlock;
3434
use crate::chain::chaininterface::{FeeEstimator, ConfirmationTarget, LowerBoundedFeeEstimator};
3535
use crate::chain::channelmonitor::{ChannelMonitor, ChannelMonitorUpdate, ChannelMonitorUpdateStep, LATENCY_GRACE_PERIOD_BLOCKS};
3636
use crate::chain::transaction::{OutPoint, TransactionData};
37-
use crate::chain::keysinterface::{Sign, KeysInterface};
37+
use crate::chain::keysinterface::{Sign, KeysInterface, BaseSign};
3838
use crate::util::events::ClosureReason;
3939
use crate::util::ser::{Readable, ReadableArgs, Writeable, Writer, VecWriter};
4040
use crate::util::logger::Logger;
@@ -737,6 +737,10 @@ pub(super) struct Channel<Signer: Sign> {
737737

738738
// We track whether we already emitted a `ChannelReady` event.
739739
channel_ready_event_emitted: bool,
740+
741+
/// The unique identifier used to re-derive the private key material for the channel through
742+
/// [`KeysInterface::derive_channel_signer`].
743+
channel_keys_id: [u8; 32],
740744
}
741745

742746
#[cfg(any(test, fuzzing))]
@@ -1072,6 +1076,7 @@ impl<Signer: Sign> Channel<Signer> {
10721076
historical_inbound_htlc_fulfills: HashSet::new(),
10731077

10741078
channel_type: Self::get_initial_channel_type(&config),
1079+
channel_keys_id,
10751080
})
10761081
}
10771082

@@ -1419,6 +1424,7 @@ impl<Signer: Sign> Channel<Signer> {
14191424
historical_inbound_htlc_fulfills: HashSet::new(),
14201425

14211426
channel_type,
1427+
channel_keys_id,
14221428
};
14231429

14241430
Ok(chan)
@@ -5936,7 +5942,7 @@ impl<Signer: Sign> Channel<Signer> {
59365942
}
59375943
}
59385944

5939-
const SERIALIZATION_VERSION: u8 = 2;
5945+
const SERIALIZATION_VERSION: u8 = 3;
59405946
const MIN_SERIALIZATION_VERSION: u8 = 2;
59415947

59425948
impl_writeable_tlv_based_enum!(InboundHTLCRemovalReason,;
@@ -5998,7 +6004,7 @@ impl<Signer: Sign> Writeable for Channel<Signer> {
59986004
// Note that we write out as if remove_uncommitted_htlcs_and_mark_paused had just been
59996005
// called.
60006006

6001-
write_ver_prefix!(writer, SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
6007+
write_ver_prefix!(writer, MIN_SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
60026008

60036009
// `user_id` used to be a single u64 value. In order to remain backwards compatible with
60046010
// versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We write
@@ -6256,6 +6262,10 @@ impl<Signer: Sign> Writeable for Channel<Signer> {
62566262
// we write the high bytes as an option here.
62576263
let user_id_high_opt = Some((self.user_id >> 64) as u64);
62586264

6265+
// `channel_keys_id` is serialized as an option to remain backwards compatible until we
6266+
// start writing with `SERIALIZATION_VERSION` 3.
6267+
let channel_keys_id = Some(self.channel_keys_id);
6268+
62596269
write_tlv_fields!(writer, {
62606270
(0, self.announcement_sigs, option),
62616271
// minimum_depth and counterparty_selected_channel_reserve_satoshis used to have a
@@ -6280,6 +6290,7 @@ impl<Signer: Sign> Writeable for Channel<Signer> {
62806290
(21, self.outbound_scid_alias, required),
62816291
(23, channel_ready_event_emitted, option),
62826292
(25, user_id_high_opt, option),
6293+
(27, channel_keys_id, option),
62836294
});
62846295

62856296
Ok(())
@@ -6316,16 +6327,21 @@ impl<'a, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<<K::Target as KeysInte
63166327

63176328
let latest_monitor_update_id = Readable::read(reader)?;
63186329

6319-
let keys_len: u32 = Readable::read(reader)?;
6320-
let mut keys_data = Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE));
6321-
while keys_data.len() != keys_len as usize {
6322-
// Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
6323-
let mut data = [0; 1024];
6324-
let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - keys_data.len())];
6325-
reader.read_exact(read_slice)?;
6326-
keys_data.extend_from_slice(read_slice);
6330+
let mut holder_signer = None;
6331+
if ver <= 2 {
6332+
// Read the serialize signer bytes. We'll choose to deserialize them or not based on whether
6333+
// the `channel_keys_id` TLV is present below.
6334+
let keys_len: u32 = Readable::read(reader)?;
6335+
let mut keys_data = Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE));
6336+
while keys_data.len() != keys_len as usize {
6337+
// Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
6338+
let mut data = [0; 1024];
6339+
let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - keys_data.len())];
6340+
reader.read_exact(read_slice)?;
6341+
keys_data.extend_from_slice(read_slice);
6342+
}
6343+
holder_signer = Some(keys_source.read_chan_signer(&keys_data)?);
63276344
}
6328-
let holder_signer = keys_source.read_chan_signer(&keys_data)?;
63296345

63306346
// Read the old serialization for shutdown_pubkey, preferring the TLV field later if set.
63316347
let mut shutdown_scriptpubkey = match <PublicKey as Readable>::read(reader) {
@@ -6543,6 +6559,7 @@ impl<'a, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<<K::Target as KeysInte
65436559
let mut channel_ready_event_emitted = None;
65446560

65456561
let mut user_id_high_opt: Option<u64> = None;
6562+
let mut channel_keys_id: Option<[u8; 32]> = None;
65466563

65476564
read_tlv_fields!(reader, {
65486565
(0, announcement_sigs, option),
@@ -6562,8 +6579,25 @@ impl<'a, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<<K::Target as KeysInte
65626579
(21, outbound_scid_alias, option),
65636580
(23, channel_ready_event_emitted, option),
65646581
(25, user_id_high_opt, option),
6582+
(27, channel_keys_id, option),
65656583
});
65666584

6585+
let (channel_keys_id, holder_signer) = if ver <= 2 {
6586+
let holder_signer = holder_signer.unwrap();
6587+
(holder_signer.channel_keys_id(), holder_signer)
6588+
} else {
6589+
assert!(holder_signer.is_none());
6590+
let channel_keys_id = channel_keys_id.unwrap();
6591+
let mut holder_signer = keys_source.derive_channel_signer(channel_value_satoshis, channel_keys_id);
6592+
// If we've gotten to the funding stage of the channel, populate the signer with its
6593+
// required channel parameters.
6594+
let non_shutdown_state = channel_state & (!MULTI_STATE_FLAGS);
6595+
if non_shutdown_state >= (ChannelState::FundingCreated as u32) {
6596+
holder_signer.provide_channel_parameters(&channel_parameters);
6597+
}
6598+
(channel_keys_id, holder_signer)
6599+
};
6600+
65676601
if let Some(preimages) = preimages_opt {
65686602
let mut iter = preimages.into_iter();
65696603
for htlc in pending_outbound_htlcs.iter_mut() {
@@ -6713,6 +6747,7 @@ impl<'a, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<<K::Target as KeysInte
67136747
historical_inbound_htlc_fulfills,
67146748

67156749
channel_type: channel_type.unwrap(),
6750+
channel_keys_id,
67166751
})
67176752
}
67186753
}

0 commit comments

Comments
 (0)