Store channel alongside channel monitor

lightning/Cargo.toml

@@ -22,6 +22,7 @@ _externalize_tests = ["inventory", "_test_utils"]
 # Allow signing of local transactions that may have been revoked or will be revoked, for functional testing (e.g. justice tx handling).
 # This is unsafe to use in production because it may result in the counterparty publishing taking our funds.
 unsafe_revoked_tx_signing = []
+safe_channels = []
 
 std = []
 

lightning/src/chain/channelmonitor.rs

@@ -50,7 +50,7 @@ use crate::ln::chan_utils::{
 	self, ChannelTransactionParameters, CommitmentTransaction, CounterpartyCommitmentSecrets,
 	HTLCClaim, HTLCOutputInCommitment, HolderCommitmentTransaction,
 };
-use crate::ln::channel::INITIAL_COMMITMENT_NUMBER;
+use crate::ln::channel::{read_check_data, INITIAL_COMMITMENT_NUMBER};
 use crate::ln::channel_keys::{
 	DelayedPaymentBasepoint, DelayedPaymentKey, HtlcBasepoint, HtlcKey, RevocationBasepoint,
 	RevocationKey,
@@ -111,6 +111,9 @@ pub struct ChannelMonitorUpdate {
 	/// Will be `None` for `ChannelMonitorUpdate`s constructed on LDK versions prior to 0.0.121 and
 	/// always `Some` otherwise.
 	pub channel_id: Option<ChannelId>,
+
+	/// The encoded channel data associated with this ChannelMonitor, if any.
+	pub encoded_channel: Option<Vec<u8>>,
 }
 
 impl ChannelMonitorUpdate {
@@ -156,6 +159,13 @@ impl Writeable for ChannelMonitorUpdate {
 		for update_step in self.updates.iter() {
 			update_step.write(w)?;
 		}
+		#[cfg(feature = "safe_channels")]
+		write_tlv_fields!(w, {
+			// 1 was previously used to store `counterparty_node_id`
+			(3, self.channel_id, option),
+			(5, self.encoded_channel, option)
+		});
+		#[cfg(not(feature = "safe_channels"))]
 		write_tlv_fields!(w, {
 			// 1 was previously used to store `counterparty_node_id`
 			(3, self.channel_id, option),
@@ -176,11 +186,13 @@ impl Readable for ChannelMonitorUpdate {
 			}
 		}
 		let mut channel_id = None;
+		let mut encoded_channel = None;
 		read_tlv_fields!(r, {
 			// 1 was previously used to store `counterparty_node_id`
 			(3, channel_id, option),
+			(5, encoded_channel, option)
 		});
-		Ok(Self { update_id, updates, channel_id })
+		Ok(Self { update_id, updates, channel_id, encoded_channel })
 	}
 }
 
@@ -1402,6 +1414,8 @@ pub(crate) struct ChannelMonitorImpl<Signer: EcdsaChannelSigner> {
 	/// make deciding whether to do so simple, here we track whether this monitor was last written
 	/// prior to 0.1.
 	written_by_0_1_or_later: bool,
+
+	encoded_channel: Option<Vec<u8>>,
 }
 
 // Returns a `&FundingScope` for the one we are currently observing/handling commitment transactions
@@ -1521,6 +1535,9 @@ const MIN_SERIALIZATION_VERSION: u8 = 1;
 pub(crate) fn write_chanmon_internal<Signer: EcdsaChannelSigner, W: Writer>(
 	channel_monitor: &ChannelMonitorImpl<Signer>, _is_stub: bool, writer: &mut W,
 ) -> Result<(), Error> {
+	if let Some(ref encoded_channel) = channel_monitor.encoded_channel {
+		channel_monitor.check_encoded_channel_consistency(encoded_channel);
+	}
 	write_ver_prefix!(writer, SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
 
 	channel_monitor.latest_update_id.write(writer)?;
@@ -1733,6 +1750,32 @@ pub(crate) fn write_chanmon_internal<Signer: EcdsaChannelSigner, W: Writer>(
 			_ => channel_monitor.pending_monitor_events.clone(),
 		};
 
+	#[cfg(feature = "safe_channels")]
+	write_tlv_fields!(writer, {
+		(1, channel_monitor.funding_spend_confirmed, option),
+		(3, channel_monitor.htlcs_resolved_on_chain, required_vec),
+		(5, pending_monitor_events, required_vec),
+		(7, channel_monitor.funding_spend_seen, required),
+		(9, channel_monitor.counterparty_node_id, required),
+		(11, channel_monitor.confirmed_commitment_tx_counterparty_output, option),
+		(13, channel_monitor.spendable_txids_confirmed, required_vec),
+		(15, channel_monitor.counterparty_fulfilled_htlcs, required),
+		(17, channel_monitor.initial_counterparty_commitment_info, option),
+		(19, channel_monitor.channel_id, required),
+		(21, channel_monitor.balances_empty_height, option),
+		(23, channel_monitor.holder_pays_commitment_tx_fee, option),
+		(25, channel_monitor.payment_preimages, required),
+		(27, channel_monitor.first_negotiated_funding_txo, required),
+		(29, channel_monitor.initial_counterparty_commitment_tx, option),
+		(31, channel_monitor.funding.channel_parameters, required),
+		(32, channel_monitor.pending_funding, optional_vec),
+		(33, channel_monitor.htlcs_resolved_to_user, required),
+		(34, channel_monitor.alternative_funding_confirmed, option),
+		(35, channel_monitor.is_manual_broadcast, required),
+		(37, channel_monitor.funding_seen_onchain, required),
+		(39, channel_monitor.encoded_channel, option),
+	});
+	#[cfg(not(feature = "safe_channels"))]
 	write_tlv_fields!(writer, {
 		(1, channel_monitor.funding_spend_confirmed, option),
 		(3, channel_monitor.htlcs_resolved_on_chain, required_vec),
@@ -1994,6 +2037,7 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitor<Signer> {
 			alternative_funding_confirmed: None,
 
 			written_by_0_1_or_later: true,
+			encoded_channel: None,
 		})
 	}
 
@@ -2114,6 +2158,17 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitor<Signer> {
 		inner.update_monitor(updates, broadcaster, fee_estimator, &logger)
 	}
 
+	/// Gets the encoded channel data, if any, associated with this ChannelMonitor.
+	pub fn get_encoded_channel(&self) -> Option<Vec<u8>> {
+		self.inner.lock().unwrap().encoded_channel.clone()
+	}
+
+	/// Updates the encoded channel data associated with this ChannelMonitor. To clear the encoded channel data (for
+	/// example after shut down of a channel), pass an empty vector.
+	pub fn update_encoded_channel(&self, encoded: Vec<u8>) {
+		self.inner.lock().unwrap().update_encoded_channel(encoded);
+	}
+
 	/// Gets the update_id from the latest ChannelMonitorUpdate which was applied to this
 	/// ChannelMonitor.
 	///
@@ -2719,6 +2774,37 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitor<Signer> {
 }
 
 impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
+	fn check_encoded_channel_consistency(&self, encoded: &[u8]) {
+		let encoded_channel_reader = &mut &encoded[..];
+		let check_res = read_check_data(encoded_channel_reader);
+		if let Ok(check_data) = check_res {
+			debug_assert!(
+				check_data.cur_holder_commitment_transaction_number
+					== self.get_cur_holder_commitment_number()
+			);
+			debug_assert!(
+				check_data.revoked_counterparty_commitment_transaction_number
+					== self.get_min_seen_secret()
+			);
+			debug_assert!(
+				check_data.cur_counterparty_commitment_transaction_number
+					== self.get_cur_counterparty_commitment_number()
+			);
+			debug_assert!(check_data.latest_monitor_update_id == self.get_latest_update_id());
+		} else {
+			debug_assert!(false, "Failed to read check data from encoded channel");
+		}
+	}
+
+	fn update_encoded_channel(&mut self, encoded: Vec<u8>) {
+		if encoded.len() > 0 {
+			self.check_encoded_channel_consistency(&encoded);
+			self.encoded_channel = Some(encoded);
+		} else {
+			self.encoded_channel = None;
+		}
+	}
+
 	/// Helper for get_claimable_balances which does the work for an individual HTLC, generating up
 	/// to one `Balance` for the HTLC.
 	#[rustfmt::skip]
@@ -4405,9 +4491,18 @@ impl<Signer: EcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 			}
 		}
 
-		if ret.is_ok() && self.no_further_updates_allowed() && is_pre_close_update {
-			log_error!(logger, "Refusing Channel Monitor Update as counterparty attempted to update commitment after funding was spent");
-			Err(())
+		if ret.is_ok() {
+			if self.no_further_updates_allowed() && is_pre_close_update {
+				log_error!(logger, "Refusing Channel Monitor Update as counterparty attempted to update commitment after funding was spent");
+				Err(())
+			} else {
+				// Assume that if the updates contains no encoded channel, that the channel remained unchanged. We
+				// therefore do not update the monitor.
+				if let Some(encoded_channel) = updates.encoded_channel.as_ref() {
+					self.update_encoded_channel(encoded_channel.clone());
+				}
+				Ok(())
+			}
 		} else { ret }
 	}
 
@@ -6645,6 +6740,7 @@ impl<'a, 'b, ES: EntropySource, SP: SignerProvider> ReadableArgs<(&'a ES, &'b SP
 		let mut alternative_funding_confirmed = None;
 		let mut is_manual_broadcast = RequiredWrapper(None);
 		let mut funding_seen_onchain = RequiredWrapper(None);
+		let mut encoded_channel = None;
 		read_tlv_fields!(reader, {
 			(1, funding_spend_confirmed, option),
 			(3, htlcs_resolved_on_chain, optional_vec),
@@ -6667,6 +6763,7 @@ impl<'a, 'b, ES: EntropySource, SP: SignerProvider> ReadableArgs<(&'a ES, &'b SP
 			(34, alternative_funding_confirmed, option),
 			(35, is_manual_broadcast, (default_value, false)),
 			(37, funding_seen_onchain, (default_value, true)),
+			(39, encoded_channel, option),
 		});
 		// Note that `payment_preimages_with_info` was added (and is always written) in LDK 0.1, so
 		// we can use it to determine if this monitor was last written by LDK 0.1 or later.
@@ -6844,6 +6941,7 @@ impl<'a, 'b, ES: EntropySource, SP: SignerProvider> ReadableArgs<(&'a ES, &'b SP
 			alternative_funding_confirmed,
 
 			written_by_0_1_or_later,
+			encoded_channel,
 		});
 
 		if counterparty_node_id.is_none() {
@@ -7016,6 +7114,7 @@ mod tests {
 		check_added_monitors(&nodes[1], 1);
 	}
 
+	#[cfg(not(feature = "safe_channels"))]
 	#[test]
 	fn test_funding_spend_refuses_updates() {
 		do_test_funding_spend_refuses_updates(true);

lightning/src/ln/chanmon_update_fail_tests.rs

@@ -2839,6 +2839,8 @@ fn do_channel_holding_cell_serialize(disconnect: bool, reload_a: bool) {
 	claim_payment(&nodes[0], &[&nodes[1]], payment_preimage_1);
 	claim_payment(&nodes[0], &[&nodes[1]], payment_preimage_2);
 }
+
+#[cfg(not(feature = "safe_channels"))]
 #[test]
 fn channel_holding_cell_serialize() {
 	do_channel_holding_cell_serialize(true, true);
@@ -3320,6 +3322,7 @@ fn do_test_outbound_reload_without_init_mon(use_0conf: bool) {
 	assert!(nodes[0].node.list_channels().is_empty());
 }
 
+#[cfg(not(feature = "safe_channels"))]
 #[test]
 fn test_outbound_reload_without_init_mon() {
 	do_test_outbound_reload_without_init_mon(true);
@@ -3428,6 +3431,7 @@ fn do_test_inbound_reload_without_init_mon(use_0conf: bool, lock_commitment: boo
 	assert!(nodes[1].node.list_channels().is_empty());
 }
 
+#[cfg(not(feature = "safe_channels"))]
 #[test]
 fn test_inbound_reload_without_init_mon() {
 	do_test_inbound_reload_without_init_mon(true, true);
@@ -3577,6 +3581,7 @@ fn do_test_blocked_chan_preimage_release(completion_mode: BlockedUpdateComplMode
 	expect_payment_sent(&nodes[2], payment_preimage_2, None, true, true);
 }
 
+#[cfg(not(feature = "safe_channels"))]
 #[test]
 fn test_blocked_chan_preimage_release() {
 	do_test_blocked_chan_preimage_release(BlockedUpdateComplMode::AtReload);
@@ -3767,6 +3772,7 @@ fn do_test_inverted_mon_completion_order(
 	expect_payment_sent(&nodes[0], payment_preimage, None, true, true);
 }
 
+#[cfg(not(feature = "safe_channels"))]
 #[test]
 fn test_inverted_mon_completion_order() {
 	do_test_inverted_mon_completion_order(true, true);
@@ -3969,6 +3975,7 @@ fn do_test_durable_preimages_on_closed_channel(
 	}
 }
 
+#[cfg(not(feature = "safe_channels"))]
 #[test]
 fn test_durable_preimages_on_closed_channel() {
 	do_test_durable_preimages_on_closed_channel(true, true, true);
@@ -4093,6 +4100,7 @@ fn do_test_reload_mon_update_completion_actions(close_during_reload: bool) {
 	send_payment(&nodes[1], &[&nodes[2]], 100_000);
 }
 
+#[cfg(not(feature = "safe_channels"))]
 #[test]
 fn test_reload_mon_update_completion_actions() {
 	do_test_reload_mon_update_completion_actions(true);
@@ -4459,6 +4467,7 @@ fn do_test_partial_claim_mon_update_compl_actions(reload_a: bool, reload_b: bool
 	assert!(!get_monitor!(nodes[3], chan_4_id).get_stored_preimages().contains_key(&payment_hash));
 }
 
+#[cfg(not(feature = "safe_channels"))]
 #[test]
 fn test_partial_claim_mon_update_compl_actions() {
 	do_test_partial_claim_mon_update_compl_actions(true, true);