Verify the holder provided valid witnesses and uses SIGHASH_ALL

LDK checks the following:
 * Each input spends an output that is one of P2WPKH, P2WSH, or P2TR.
   These were already checked by LDK when the inputs to be contributed
   were provided.
 * All signatures use the `SIGHASH_ALL` sighash type.
 * P2WPKH and P2TR key path spends are valid (verifies signatures)

NOTE:
 * When checking P2WSH spends, LDK tries to decode 70-72 byte witness
   elements as ECDSA signatures with a sighash flag. If the internal
   DER-decoding fails, then LDK just assumes it wasn't a signature and
   carries with checks. If the element can be decoded as an ECDSA
   signature, the the sighash flag must be `SIGHASH_ALL`.
 * When checking P2TR script-path spends, LDK assumes all elements of
   exactly 65 bytes with the last byte matching any valid sighash flag
   byte are schnorr signatures and checks that the sighash type is
   `SIGHASH_ALL`. If the last byte is not any valid sighash flag, the
   element is assumed not to be a signature and is ignored. Elements of
   64 bytes are not checked because if they were schnorr signatures then
   they would implicitly be `SIGHASH_DEFAULT` which is an alias of
   `SIGHASH_ALL`.

Author: dunxen

lightning/src/ln/channel.rs

@@ -7772,45 +7772,32 @@ where
 		}
 	}
 
-	fn verify_interactive_tx_signatures(&mut self, _witnesses: &Vec<Witness>) {
-		if let Some(ref mut _signing_session) = self.interactive_tx_signing_session {
-			// Check that sighash_all was used:
-			// TODO(dual_funding): Check sig for sighash
-		}
+	#[cfg(splicing)]
+	fn is_splicing(&self) -> bool {
+		self.pending_splice
+			.as_ref()
+			.and_then(|pending_splice| Some(pending_splice.funding.is_some()))
+			.unwrap_or(false)
 	}
 
-	pub fn funding_transaction_signed<L: Deref>(
-		&mut self, witnesses: Vec<Witness>, logger: &L,
-	) -> Result<Option<msgs::TxSignatures>, APIError>
-	where
-		L::Target: Logger,
-	{
-		self.verify_interactive_tx_signatures(&witnesses);
-		if let Some(ref mut signing_session) = self.interactive_tx_signing_session {
-			let logger = WithChannelContext::from(logger, &self.context, None);
-			if let Some(holder_tx_signatures) = signing_session
-				.provide_holder_witnesses(self.context.channel_id, witnesses)
-				.map_err(|err| APIError::APIMisuseError { err })?
-			{
-				if self.is_awaiting_initial_mon_persist() {
-					log_debug!(
-						logger,
-						"Not sending tx_signatures: a monitor update is in progress."
-					);
-					return Ok(None);
-				}
-				return Ok(Some(holder_tx_signatures));
-			} else {
-				return Ok(None);
-			}
-		} else {
-			return Err(APIError::APIMisuseError {
+	pub fn funding_transaction_signed(
+		&mut self, witnesses: Vec<Witness>,
+	) -> Result<Option<msgs::TxSignatures>, APIError> {
+		self.interactive_tx_signing_session
+			.as_mut()
+			.ok_or_else(|| APIError::APIMisuseError {
 				err: format!(
 					"Channel with id {} not expecting funding signatures",
 					self.context.channel_id
 				),
-			});
-		}
+			})
+			.and_then(|signing_session| {
+				signing_session
+					.verify_interactive_tx_signatures(&self.context.secp_ctx, &witnesses)?;
+				signing_session
+					.provide_holder_witnesses(self.context.channel_id, witnesses)
+					.map_err(|err| APIError::APIMisuseError { err })
+			})
 	}
 
 	#[rustfmt::skip]

lightning/src/ln/channelmanager.rs

@@ -5901,19 +5901,32 @@ where
 	/// counterparty's signature(s) the funding transaction will automatically be broadcast via the
 	/// [`BroadcasterInterface`] provided when this `ChannelManager` was constructed.
 	///
-	/// `SIGHASH_ALL` MUST be used for all signatures when providing signatures.
-	///
-	/// <div class="warning">
-	/// WARNING: LDK makes no attempt to prevent the counterparty from using non-standard inputs which
-	///  will prevent the funding transaction from being relayed on the bitcoin network and hence being
-	///  confirmed.
-	/// </div>
+	/// `SIGHASH_ALL` MUST be used for all signatures when providing signatures, otherwise your
+	/// funds can be held hostage!
+	///
+	/// LDK checks the following:
+	///  * Each input spends an output that is one of P2WPKH, P2WSH, or P2TR.
+	///    These were already checked by LDK when the inputs to be contributed were provided.
+	///  * All signatures use the `SIGHASH_ALL` sighash type.
+	///  * P2WPKH and P2TR key path spends are valid (verifies signatures)
+	///
+	/// NOTE:
+	///  * When checking P2WSH spends, LDK tries to decode 70-72 byte witness elements as ECDSA
+	///    signatures with a sighash flag. If the internal DER-decoding fails, then LDK just
+	///    assumes it wasn't a signature and carries with checks. If the element can be decoded
+	///    as an ECDSA signature, the the sighash flag must be `SIGHASH_ALL`.
+	///  * When checking P2TR script-path spends, LDK assumes all elements of exactly 65 bytes
+	///    with the last byte matching any valid sighash flag byte are schnorr signatures and checks
+	///    that the sighash type is `SIGHASH_ALL`. If the last byte is not any valid sighash flag, the
+	///    element is assumed not to be a signature and is ignored. Elements of 64 bytes are not
+	///    checked because if they were schnorr signatures then they would implicitly be `SIGHASH_DEFAULT`
+	///    which is an alias of `SIGHASH_ALL`.
 	///
 	/// Returns [`ChannelUnavailable`] when a channel is not found or an incorrect
 	/// `counterparty_node_id` is provided.
 	///
 	/// Returns [`APIMisuseError`] when a channel is not in a state where it is expecting funding
-	/// signatures.
+	/// signatures or if any of the checks described above fail.
 	///
 	/// [`ChannelUnavailable`]: APIError::ChannelUnavailable
 	/// [`APIMisuseError`]: APIError::APIMisuseError
@@ -5943,9 +5956,7 @@ where
 		match peer_state.channel_by_id.get_mut(channel_id) {
 			Some(channel) => match channel.as_funded_mut() {
 				Some(chan) => {
-					if let Some(tx_signatures) =
-						chan.funding_transaction_signed(witnesses, &self.logger)?
-					{
+					if let Some(tx_signatures) = chan.funding_transaction_signed(witnesses)? {
 						peer_state.pending_msg_events.push(MessageSendEvent::SendTxSignatures {
 							node_id: *counterparty_node_id,
 							msg: tx_signatures,