Handle fallible per commitment point in channel establishment #3109
Conversation
alecchendev
force-pushed
the
2024-06-async-commit-point-funding
branch
from
3fbf2e6
to
1e5b210
Compare
Codecov ReportAttention: Patch coverage is
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #3109 +/- ##
==========================================
- Coverage 89.79% 89.78% -0.02%
==========================================
Files 119 119
Lines 97884 97966 +82
Branches 97884 97966 +82
==========================================
+ Hits 87894 87955 +61
- Misses 7415 7435 +20
- Partials 2575 2576 +1 ☔ View full report in Codecov by Sentry. |
alecchendev
force-pushed
the
2024-06-async-commit-point-funding
branch
from
1e5b210
to
07991fa
Compare
|
the commits from #3115 are second from the end, will rebase on top later this week, but generally most of the stuff here is in place |
alecchendev
force-pushed
the
2024-06-async-commit-point-funding
branch
from
07991fa
to
744f2ca
Compare
| @@ -995,9 +1003,12 @@ impl HolderCommitmentPoint { | |||
| } | |||
|
|
|||
| if let HolderCommitmentPoint::PendingNext { transaction_number, current } = self { | |||
| let next = signer.as_ref().get_per_commitment_point(*transaction_number - 1, secp_ctx); | |||
There was a problem hiding this comment.
Actually, looking at this again this API is super weird - advance may reduce the commitment transaction number by one....or it may not. ISTM the callsites mostly want it to actually advance, and are wrong in cases where we're PendingNext or otherwise don't advance here. Should this return a Result?
There was a problem hiding this comment.
there's the callsites 1. in funding_created/signed + commitment update where it wants to advance and is expected to be Available and go to PendingNext and then there are the callsites 2. in signer_unblocked where we call advance to try to go from PendingNext to Available if the signer has the commitment point. Not sure how to best enforce this. Maybe should these be two separate functions to distinguish what we're trying to do at each of these?
if advance returned Result, what would be an example of how we'd want to handle the err case at a callsite?
There was a problem hiding this comment.
Not sure about this PR, but in git HEAD (after the previous PR was merged) all callsites currently want to move to the next point. The current code always first sees that we're Available, then sets us to PendingNext with the number one lower, then also checks and sees that we're now PendingNext (cause we just set it), and sets us to Available at the same number. Thus, the net result of the method today is we always transition from Available to Available with a tx number one lower and the correct points.
There was a problem hiding this comment.
split into different functions, advance and try_resolve_pending (not sure if its the best name), and made advance return a Result and just defaulted to returning a closing error if we failed to advance the commitment number.
alecchendev
force-pushed
the
2024-06-async-commit-point-funding
branch
2 times, most recently
from
e053af5
to
73583e7
Compare
- Remove unused unavailable signers in TestKeysInterface - Remove unnecessary display implementation for SignerOp - Move set of test disabled signer ops to EnforcementState
This makes things more consistent with the overall style we use for async signing. We try to generate a signature for a message, if it's not there, we set a pending flag, and only in `signer_unblocked` we clear the flag and retry the signature/message.
Includes simple changes to test util signers and tests, as well as
handling the error case for get_per_commitment_point in
HolderCommitmentPoint. This leaves an `.expect("TODO")` in places
that will be addressed in upcoming commits.
alecchendev
force-pushed
the
2024-06-async-commit-point-funding
branch
from
73583e7
to
b798ffa
Compare
| // TODO: add a variant for before our first commitment point is retrieved | ||
| /// We have just created or accepted a channel and are pending our very | ||
| /// first commitment point. | ||
| Uninitialized { transaction_number: u64 }, |
There was a problem hiding this comment.
I thought we were going to first handle all the async cases post-funding and then add support for handling the async case during initial channel bring up in a separate PR?
Builds on
#3086,#3096,#3115. First PR to handle fallibleget_per_commitment_pointsigner method.We make
get_per_commitment_pointreturn a result type so that in theErrcase, we (LDK) can resume operation while an async signer fetches the commitment point. This will typically block sending out a message, but otherwise most state updates will occur. When the signature arrives, the user is expected to callChannelManager::signer_unblockedand we will retryget_per_commitment_pointhowever this time the signer will return the commitment point withOk, and we'll send out our message.This PR implements this flow for channel establishment, i.e.
open_channel,accept_channel, andchannel_ready.Rough outline of how our
HolderCommitmentPointadvances and gets new signatures:open_channel- creates new outbound channel, immediately requests the first commit point, waits to have the first 2 commit points to be unblocked to send the messageaccept_channel- same ^funding_created- no op regarding commit pointsfunding_created- uses point to verify first commitment, then advances commitment, requesting next pointfunding_signed- no opfunding_signed- same as above, verifies, advances, requests next pointchannel_ready- waits to have the next commit point ready, then once unblocked sends the current point in thechannel_readymessageTo do
channel_readyupon the signer being unblockedchannel_readyHolderCommitmentPointstruct to track commitment points #3086