Update next_funding_txid logic for channel_reestablish

The splicing spec updates the logic pertaining to next_funding_txid when
handling a channel_reestablish message. Specifically:

A receiving node:
  - if `next_funding_txid` is set:
    - if `next_funding_txid` matches the latest interactive funding transaction
      or the current channel funding transaction:
      - if `next_commitment_number` is equal to the commitment number of the
        `commitment_signed` message it sent for this funding transaction:
        - MUST retransmit its `commitment_signed` for that funding transaction.
      - if it has already received `commitment_signed` and it should sign first,
        as specified in the [`tx_signatures` requirements](#the-tx_signatures-message):
        - MUST send its `tx_signatures` for that funding transaction.
      - if it has already received `tx_signatures` for that funding transaction:
        - MUST send its `tx_signatures` for that funding transaction.
    - if it also sets `next_funding_txid` in its own `channel_reestablish`, but the
      values don't match:
      - MUST send an `error` and fail the channel.
    - otherwise:
      - MUST send `tx_abort` to let the sending node know that they can forget
        this funding transaction.

This commit updates FundedChannel::channel_reestablish accordingly.

Co-authored-by: Wilmer Paulino <[email protected]>
Co-authored-by: Jeffrey Czyz <[email protected]>

Author: jkczyz

lightning/src/ln/channel.rs

@@ -8795,91 +8795,106 @@ where
 			self.get_channel_ready(logger)
 		} else { None };
 
-		if msg.next_local_commitment_number == next_counterparty_commitment_number {
-			if required_revoke.is_some() || self.context.signer_pending_revoke_and_ack {
-				log_debug!(logger, "Reconnected channel {} with only lost outbound RAA", &self.context.channel_id());
-			} else {
-				log_debug!(logger, "Reconnected channel {} with no loss", &self.context.channel_id());
-			}
+		let mut commitment_update = None;
+		let mut tx_signatures = None;
+		let mut tx_abort = None;
+
+		// if next_funding_txid is set:
+		if let Some(next_funding_txid) = msg.next_funding_txid {
+			// - if `next_funding_txid` matches the latest interactive funding transaction
+			//   or the current channel funding transaction:
+			if let Some(session) = &self.interactive_tx_signing_session {
+				let our_next_funding_txid = self.maybe_get_next_funding_txid();
+				if let Some(our_next_funding_txid) = our_next_funding_txid {
+					if our_next_funding_txid != next_funding_txid {
+						return Err(ChannelError::close(format!(
+							"Unexpected next_funding_txid: {}; expected: {}",
+							next_funding_txid, our_next_funding_txid,
+						)));
+					}
 
-			// if next_funding_txid is set:
-			let (commitment_update, tx_signatures, tx_abort) = if let Some(next_funding_txid) = msg.next_funding_txid {
-				if let Some(session) = &self.interactive_tx_signing_session {
-					// if next_funding_txid matches the latest interactive funding transaction:
-					let our_next_funding_txid = session.unsigned_tx().compute_txid();
-					if our_next_funding_txid == next_funding_txid {
-						debug_assert_eq!(session.unsigned_tx().compute_txid(), self.maybe_get_next_funding_txid().unwrap());
-
-						let commitment_update = if !self.context.channel_state.is_their_tx_signatures_sent() && msg.next_local_commitment_number == 0 {
-							// if it has not received tx_signatures for that funding transaction AND
-							// if next_commitment_number is zero:
-							//   MUST retransmit its commitment_signed for that funding transaction.
-							let commitment_signed = self.context.get_initial_commitment_signed_v2(&self.funding, logger)
-								// TODO(splicing): Support async signing
-								.ok_or_else(|| {
-									let message = "Failed to get signatures for new commitment_signed".to_owned();
-									ChannelError::Close(
-										(
-											message.clone(),
-											ClosureReason::HolderForceClosed { message, broadcasted_latest_txn: Some(false) },
-										)
-								)})?;
-							Some(msgs::CommitmentUpdate {
-								commitment_signed: vec![commitment_signed],
-								update_add_htlcs: vec![],
-								update_fulfill_htlcs: vec![],
-								update_fail_htlcs: vec![],
-								update_fail_malformed_htlcs: vec![],
-								update_fee: None,
-							})
-						} else { None };
-						let tx_signatures = if (
-							// if it has not received tx_signatures for that funding transaction AND
-							// if it has already received commitment_signed AND it should sign first, as specified in the tx_signatures requirements:
-							//   MUST send its tx_signatures for that funding transaction.
-							!self.context.channel_state.is_their_tx_signatures_sent() && session.has_received_commitment_signed() && session.holder_sends_tx_signatures_first()
-							// else if it has already received tx_signatures for that funding transaction:
-							//   MUST send its tx_signatures for that funding transaction.
-						) || self.context.channel_state.is_their_tx_signatures_sent() {
-							// If `holder_tx_signatures` is `None` here, the `tx_signatures` message will be sent
-							// when the holder provides their witnesses as this will queue a `tx_signatures` if the
-							// holder must send one.
-							if session.holder_tx_signatures().is_none() {
-								log_debug!(logger, "Waiting for funding transaction signatures to be provided");
-								None
-							} else {
-								session.holder_tx_signatures().clone()
-							}
+					if !session.has_received_commitment_signed() {
+						self.context.expecting_peer_commitment_signed = true;
+					}
+
+					// - if `next_commitment_number` is equal to the commitment number of the
+					//   `commitment_signed` message it sent for this funding transaction:
+					//   -  MUST retransmit its `commitment_signed` for that funding transaction.
+					if msg.next_local_commitment_number == next_counterparty_commitment_number {
+						// `next_counterparty_commitment_number` is guaranteed to always be the
+						// commitment number of the `commitment_signed` message we sent for this
+						// funding transaction. If they set `next_funding_txid`, then they should
+						// not have processed our `tx_signatures` yet, which implies that our state
+						// machine is still paused and no updates can happen that would increment
+						// our `next_counterparty_commitment_number`.
+						//
+						// If they did set `next_funding_txid` even after processing our
+						// `tx_signatures` erroneously, this may end up resulting in a force close.
+						let commitment_signed = self.context.get_initial_commitment_signed_v2(&self.funding, logger)
+							// TODO(splicing): Support async signing
+							.ok_or_else(|| {
+								let message = "Failed to get signatures for new commitment_signed".to_owned();
+								ChannelError::Close(
+									(
+										message.clone(),
+										ClosureReason::HolderForceClosed { message, broadcasted_latest_txn: Some(false) },
+									)
+							)})?;
+						commitment_update = Some(msgs::CommitmentUpdate {
+							commitment_signed: vec![commitment_signed],
+							update_add_htlcs: vec![],
+							update_fulfill_htlcs: vec![],
+							update_fail_htlcs: vec![],
+							update_fail_malformed_htlcs: vec![],
+							update_fee: None,
+						});
+					}
+
+					// - if it has already received `commitment_signed` and it should sign first
+					//   - MUST send its `tx_signatures` for that funding transaction.
+					//
+					// - if it has already received `tx_signatures` for that funding transaction:
+					//   - MUST send its `tx_signatures` for that funding transaction.
+					if (session.has_received_commitment_signed() && session.holder_sends_tx_signatures_first())
+						|| self.context.channel_state.is_their_tx_signatures_sent()
+					{
+						// If `holder_tx_signatures` is `None` here, the `tx_signatures` message will be sent
+						// when the holder provides their witnesses as this will queue a `tx_signatures` if the
+						// holder must send one.
+						if session.holder_tx_signatures().is_none() {
+							log_debug!(logger, "Waiting for funding transaction signatures to be provided");
 						} else {
-							None
-						};
-						if !session.has_received_commitment_signed() {
-							self.context.expecting_peer_commitment_signed = true;
+							tx_signatures = session.holder_tx_signatures().clone();
 						}
-						(commitment_update, tx_signatures, None)
-					} else {
-						// The `next_funding_txid` does not match the latest interactive funding transaction so we
-						// MUST send tx_abort to let the remote  know that they can forget this funding transaction.
-						(None, None, Some(msgs::TxAbort {
-							channel_id: self.context.channel_id(),
-							data: format!(
-								"next_funding_txid {} does match our latest interactive funding txid {}",
-								next_funding_txid, our_next_funding_txid,
-							).into_bytes() }))
 					}
 				} else {
-					// We'll just send a `tx_abort` here if we don't have a signing session for this channel
-					// on reestablish and tell our peer to just forget about it.
-					// Our peer is doing something strange, but it doesn't warrant closing the channel.
-					(None, None, Some(msgs::TxAbort {
+					// The `next_funding_txid` does not match the latest interactive funding
+					// transaction so we MUST send tx_abort to let the remote know that they can
+					// forget this funding transaction.
+					tx_abort = Some(msgs::TxAbort {
 						channel_id: self.context.channel_id(),
-						data:
-							"No active signing session. The associated funding transaction may have already been broadcast.".as_bytes().to_vec() }))
+						data: format!(
+							"Unexpected next_funding_txid {}",
+							next_funding_txid,
+						).into_bytes() });
 				}
 			} else {
-				// Don't send anything related to interactive signing if `next_funding_txid` is not set.
-				(None, None, None)
-			};
+				// We'll just send a `tx_abort` here if we don't have a signing session for this channel
+				// on reestablish and tell our peer to just forget about it.
+				// Our peer is doing something strange, but it doesn't warrant closing the channel.
+				tx_abort = Some(msgs::TxAbort {
+					channel_id: self.context.channel_id(),
+					data:
+						"No active signing session. The associated funding transaction may have already been broadcast.".as_bytes().to_vec() });
+			}
+		}
+
+		if msg.next_local_commitment_number == next_counterparty_commitment_number {
+			if required_revoke.is_some() || self.context.signer_pending_revoke_and_ack {
+				log_debug!(logger, "Reconnected channel {} with only lost outbound RAA", &self.context.channel_id());
+			} else {
+				log_debug!(logger, "Reconnected channel {} with no loss", &self.context.channel_id());
+			}
 
 			Ok(ReestablishResponses {
 				channel_ready, shutdown_msg, announcement_sigs,
@@ -8890,6 +8905,11 @@ where
 				tx_abort,
 			})
 		} else if msg.next_local_commitment_number == next_counterparty_commitment_number - 1 {
+			// We've made an update so we must have exchanged `tx_signatures`, implying that
+			// `commitment_signed` was also exchanged. However, we may still need to retransmit our
+			// `tx_signatures` if the counterparty sent theirs first but didn't get to process ours.
+			debug_assert!(commitment_update.is_none());
+
 			if required_revoke.is_some() || self.context.signer_pending_revoke_and_ack {
 				log_debug!(logger, "Reconnected channel {} with lost outbound RAA and lost remote commitment tx", &self.context.channel_id());
 			} else {
@@ -8902,8 +8922,8 @@ where
 					channel_ready, shutdown_msg, announcement_sigs,
 					commitment_update: None, raa: None,
 					order: self.context.resend_order.clone(),
-					tx_signatures: None,
-					tx_abort: None,
+					tx_signatures,
+					tx_abort,
 				})
 			} else {
 				let commitment_update = if self.context.resend_order == RAACommitmentOrder::RevokeAndACKFirst
@@ -8926,8 +8946,8 @@ where
 					channel_ready, shutdown_msg, announcement_sigs,
 					raa, commitment_update,
 					order: self.context.resend_order.clone(),
-					tx_signatures: None,
-					tx_abort: None,
+					tx_signatures,
+					tx_abort,
 				})
 			}
 		} else if msg.next_local_commitment_number < next_counterparty_commitment_number {