Expose revokeable output index and building a justice tx from commitment

alecchendev · alecchendev · commit 686365b2d977 · 2023-07-12T15:57:33.000-05:00
For watchtowers to be able to build justice transactions for our
counterparty's revoked commitments, they need to be able to find the
revokeable output for them to sweep. Here we cache `to_self_delay` in
`CommitmentTransaction` to allow for finding this output on the struct
directly. We also add a simple helper method to aid in building the
initial spending transaction.

This also adds a unit test for finding the revokeable output, and
refactors a bit of a previous `CommitmentTransaction` unit test to make
adding this one easier.
diff --git a/lightning/src/ln/chan_utils.rs b/lightning/src/ln/chan_utils.rs
@@ -1308,6 +1308,7 @@ pub struct CommitmentTransaction {
 	commitment_number: u64,
 	to_broadcaster_value_sat: u64,
 	to_countersignatory_value_sat: u64,
+	to_self_delay: Option<u16>, // Added in <TODO: expected version>
 	feerate_per_kw: u32,
 	htlcs: Vec<HTLCOutputInCommitment>,
 	// Note that on upgrades, some features of existing outputs may be missed.
@@ -1341,6 +1342,7 @@ impl Writeable for CommitmentTransaction {
 		let legacy_deserialization_prevention_marker = legacy_deserialization_prevention_marker_for_channel_type_features(&self.channel_type_features);
 		write_tlv_fields!(writer, {
 			(0, self.commitment_number, required),
+			(1, self.to_self_delay, option),
 			(2, self.to_broadcaster_value_sat, required),
 			(4, self.to_countersignatory_value_sat, required),
 			(6, self.feerate_per_kw, required),
@@ -1359,6 +1361,7 @@ impl Readable for CommitmentTransaction {
 		let mut commitment_number = RequiredWrapper(None);
 		let mut to_broadcaster_value_sat = RequiredWrapper(None);
 		let mut to_countersignatory_value_sat = RequiredWrapper(None);
+		let mut to_self_delay = None;
 		let mut feerate_per_kw = RequiredWrapper(None);
 		let mut keys = RequiredWrapper(None);
 		let mut built = RequiredWrapper(None);
@@ -1368,6 +1371,7 @@ impl Readable for CommitmentTransaction {
 
 		read_tlv_fields!(reader, {
 			(0, commitment_number, required),
+			(1, to_self_delay, option),
 			(2, to_broadcaster_value_sat, required),
 			(4, to_countersignatory_value_sat, required),
 			(6, feerate_per_kw, required),
@@ -1386,6 +1390,7 @@ impl Readable for CommitmentTransaction {
 			commitment_number: commitment_number.0.unwrap(),
 			to_broadcaster_value_sat: to_broadcaster_value_sat.0.unwrap(),
 			to_countersignatory_value_sat: to_countersignatory_value_sat.0.unwrap(),
+			to_self_delay,
 			feerate_per_kw: feerate_per_kw.0.unwrap(),
 			keys: keys.0.unwrap(),
 			built: built.0.unwrap(),
@@ -1417,6 +1422,7 @@ impl CommitmentTransaction {
 			commitment_number,
 			to_broadcaster_value_sat,
 			to_countersignatory_value_sat,
+			to_self_delay: Some(channel_parameters.contest_delay()),
 			feerate_per_kw,
 			htlcs,
 			channel_type_features: channel_parameters.channel_type_features().clone(),
@@ -1617,6 +1623,52 @@ impl CommitmentTransaction {
 		&self.htlcs
 	}
 
+	/// Returns the index of the revokeable output in the built transaction, if any exists.
+	/// There are two cases where this may return `None`:
+	/// - The balance of the revokeable output is below the dust limit (only found on commitments
+	/// early in the channel's lifetime, i.e. before the channel reserve is met).
+	/// - This commitment was created before <TODO: expected version>. In this case, the
+	/// commitment transaction previously didn't contain enough information to locate the
+	/// revokeable output.
+	pub fn revokeable_output_index(&self) -> Option<usize> {
+		let revokeable_redeemscript = get_revokeable_redeemscript(
+			&self.keys.revocation_key,
+			self.to_self_delay?,
+			&self.keys.broadcaster_delayed_payment_key,
+		);
+		let revokeable_p2wsh = revokeable_redeemscript.to_v0_p2wsh();
+		let outputs = &self.built.transaction.output;
+		outputs.iter().enumerate()
+			.find(|(_, out)| out.script_pubkey == revokeable_p2wsh)
+			.map(|(idx, _)| idx)
+	}
+
+	/// Helper method to build a basic justice transaction spending `value` sats from an output
+	/// on this transaction to a destination script. Use [`Self::revokeable_output_index`] to get
+	/// the index of the output to spend to create a valid justice transaction.
+	pub fn build_justice_tx(&self, output_idx: u32, value: u64, destination_script: Script)
+	-> Transaction {
+		let input = vec![TxIn {
+				previous_output: OutPoint {
+					txid: self.trust().txid(),
+					vout: output_idx,
+				},
+				script_sig: Script::new(),
+				sequence: Sequence::ENABLE_RBF_NO_LOCKTIME,
+				witness: Witness::new(),
+		}];
+		let output = vec![TxOut {
+			script_pubkey: destination_script,
+			value,
+		}];
+		Transaction {
+			version: 2,
+			lock_time: bitcoin::PackedLockTime::ZERO,
+			input,
+			output,
+		}
+	}
+
 	/// Trust our pre-built transaction and derived transaction creation public keys.
 	///
 	/// Applies a wrapper which allows access to these fields.
@@ -1768,7 +1820,7 @@ pub fn get_commitment_transaction_number_obscure_factor(
 
 #[cfg(test)]
 mod tests {
-	use super::CounterpartyCommitmentSecrets;
+	use super::{CounterpartyCommitmentSecrets, ChannelPublicKeys};
 	use crate::{hex, chain};
 	use crate::prelude::*;
 	use crate::ln::chan_utils::{get_htlc_redeemscript, get_to_countersignatory_with_anchors_redeemscript, CommitmentTransaction, TxCreationKeys, ChannelTransactionParameters, CounterpartyChannelTransactionParameters, HTLCOutputInCommitment};
@@ -1783,74 +1835,86 @@ mod tests {
 	use bitcoin::PublicKey as BitcoinPublicKey;
 	use crate::ln::features::ChannelTypeFeatures;
 
-	#[test]
-	fn test_anchors() {
-		let secp_ctx = Secp256k1::new();
+	struct TestCommitmentTxBuilder {
+		commitment_number: u64,
+		holder_funding_pubkey: PublicKey,
+		counterparty_funding_pubkey: PublicKey,
+		keys: TxCreationKeys,
+		feerate_per_kw: u32,
+		htlcs_with_aux: Vec<(HTLCOutputInCommitment, ())>,
+		channel_parameters: ChannelTransactionParameters,
+		counterparty_pubkeys: ChannelPublicKeys,
+	}
+
+	impl TestCommitmentTxBuilder {
+		fn new() -> Self {
+			let secp_ctx = Secp256k1::new();
+			let seed = [42; 32];
+			let network = Network::Testnet;
+			let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
+			let signer = keys_provider.derive_channel_signer(3000, keys_provider.generate_channel_keys_id(false, 1_000_000, 0));
+			let counterparty_signer = keys_provider.derive_channel_signer(3000, keys_provider.generate_channel_keys_id(true, 1_000_000, 1));
+			let delayed_payment_base = &signer.pubkeys().delayed_payment_basepoint;
+			let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
+			let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
+			let htlc_basepoint = &signer.pubkeys().htlc_basepoint;
+			let holder_pubkeys = signer.pubkeys();
+			let counterparty_pubkeys = counterparty_signer.pubkeys().clone();
+			let keys = TxCreationKeys::derive_new(&secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint);
+			let channel_parameters = ChannelTransactionParameters {
+				holder_pubkeys: holder_pubkeys.clone(),
+				holder_selected_contest_delay: 0,
+				is_outbound_from_holder: false,
+				counterparty_parameters: Some(CounterpartyChannelTransactionParameters { pubkeys: counterparty_pubkeys.clone(), selected_contest_delay: 0 }),
+				funding_outpoint: Some(chain::transaction::OutPoint { txid: Txid::all_zeros(), index: 0 }),
+				channel_type_features: ChannelTypeFeatures::only_static_remote_key(),
+			};
+			let htlcs_with_aux = Vec::new();
+
+			Self {
+				commitment_number: 0,
+				holder_funding_pubkey: holder_pubkeys.funding_pubkey,
+				counterparty_funding_pubkey: counterparty_pubkeys.funding_pubkey,
+				keys,
+				feerate_per_kw: 1,
+				htlcs_with_aux,
+				channel_parameters,
+				counterparty_pubkeys,
+			}
+		}
 
-		let seed = [42; 32];
-		let network = Network::Testnet;
-		let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
-		let signer = keys_provider.derive_channel_signer(3000, keys_provider.generate_channel_keys_id(false, 1_000_000, 0));
-		let counterparty_signer = keys_provider.derive_channel_signer(3000, keys_provider.generate_channel_keys_id(true, 1_000_000, 1));
-		let delayed_payment_base = &signer.pubkeys().delayed_payment_basepoint;
-		let per_commitment_secret = SecretKey::from_slice(&hex::decode("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
-		let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
-		let htlc_basepoint = &signer.pubkeys().htlc_basepoint;
-		let holder_pubkeys = signer.pubkeys();
-		let counterparty_pubkeys = counterparty_signer.pubkeys();
-		let keys = TxCreationKeys::derive_new(&secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint);
-		let mut channel_parameters = ChannelTransactionParameters {
-			holder_pubkeys: holder_pubkeys.clone(),
-			holder_selected_contest_delay: 0,
-			is_outbound_from_holder: false,
-			counterparty_parameters: Some(CounterpartyChannelTransactionParameters { pubkeys: counterparty_pubkeys.clone(), selected_contest_delay: 0 }),
-			funding_outpoint: Some(chain::transaction::OutPoint { txid: Txid::all_zeros(), index: 0 }),
-			channel_type_features: ChannelTypeFeatures::only_static_remote_key(),
-		};
+		fn build(&mut self, to_broadcaster_sats: u64, to_countersignatory_sats: u64) -> CommitmentTransaction {
+			CommitmentTransaction::new_with_auxiliary_htlc_data(
+				self.commitment_number, to_broadcaster_sats, to_countersignatory_sats,
+				self.holder_funding_pubkey.clone(),
+				self.counterparty_funding_pubkey.clone(),
+				self.keys.clone(), self.feerate_per_kw,
+				&mut self.htlcs_with_aux, &self.channel_parameters.as_holder_broadcastable()
+			)
+		}
+	}
 
-		let mut htlcs_with_aux: Vec<(_, ())> = Vec::new();
+	#[test]
+	fn test_anchors() {
+		let mut builder = TestCommitmentTxBuilder::new();
 
 		// Generate broadcaster and counterparty outputs
-		let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(
-			0, 1000, 2000,
-			holder_pubkeys.funding_pubkey,
-			counterparty_pubkeys.funding_pubkey,
-			keys.clone(), 1,
-			&mut htlcs_with_aux, &channel_parameters.as_holder_broadcastable()
-		);
+		let tx = builder.build(1000, 2000);
 		assert_eq!(tx.built.transaction.output.len(), 2);
-		assert_eq!(tx.built.transaction.output[1].script_pubkey, Payload::p2wpkh(&BitcoinPublicKey::new(counterparty_pubkeys.payment_point)).unwrap().script_pubkey());
+		assert_eq!(tx.built.transaction.output[1].script_pubkey, Payload::p2wpkh(&BitcoinPublicKey::new(builder.counterparty_pubkeys.payment_point)).unwrap().script_pubkey());
 
 		// Generate broadcaster and counterparty outputs as well as two anchors
-		channel_parameters.channel_type_features = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
-		let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(
-			0, 1000, 2000,
-			holder_pubkeys.funding_pubkey,
-			counterparty_pubkeys.funding_pubkey,
-			keys.clone(), 1,
-			&mut htlcs_with_aux, &channel_parameters.as_holder_broadcastable()
-		);
+		builder.channel_parameters.channel_type_features = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
+		let tx = builder.build(1000, 2000);
 		assert_eq!(tx.built.transaction.output.len(), 4);
-		assert_eq!(tx.built.transaction.output[3].script_pubkey, get_to_countersignatory_with_anchors_redeemscript(&counterparty_pubkeys.payment_point).to_v0_p2wsh());
+		assert_eq!(tx.built.transaction.output[3].script_pubkey, get_to_countersignatory_with_anchors_redeemscript(&builder.counterparty_pubkeys.payment_point).to_v0_p2wsh());
 
 		// Generate broadcaster output and anchor
-		let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(
-			0, 3000, 0,
-			holder_pubkeys.funding_pubkey,
-			counterparty_pubkeys.funding_pubkey,
-			keys.clone(), 1,
-			&mut htlcs_with_aux, &channel_parameters.as_holder_broadcastable()
-		);
+		let tx = builder.build(3000, 0);
 		assert_eq!(tx.built.transaction.output.len(), 2);
 
 		// Generate counterparty output and anchor
-		let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(
-			0, 0, 3000,
-			holder_pubkeys.funding_pubkey,
-			counterparty_pubkeys.funding_pubkey,
-			keys.clone(), 1,
-			&mut htlcs_with_aux, &channel_parameters.as_holder_broadcastable()
-		);
+		let tx = builder.build(0, 3000);
 		assert_eq!(tx.built.transaction.output.len(), 2);
 
 		let received_htlc = HTLCOutputInCommitment {
@@ -1870,15 +1934,10 @@ mod tests {
 		};
 
 		// Generate broadcaster output and received and offered HTLC outputs,  w/o anchors
-		channel_parameters.channel_type_features = ChannelTypeFeatures::only_static_remote_key();
-		let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(
-			0, 3000, 0,
-			holder_pubkeys.funding_pubkey,
-			counterparty_pubkeys.funding_pubkey,
-			keys.clone(), 1,
-			&mut vec![(received_htlc.clone(), ()), (offered_htlc.clone(), ())],
-			&channel_parameters.as_holder_broadcastable()
-		);
+		builder.channel_parameters.channel_type_features = ChannelTypeFeatures::only_static_remote_key();
+		builder.htlcs_with_aux = vec![(received_htlc.clone(), ()), (offered_htlc.clone(), ())];
+		let tx = builder.build(3000, 0);
+		let keys = &builder.keys.clone();
 		assert_eq!(tx.built.transaction.output.len(), 3);
 		assert_eq!(tx.built.transaction.output[0].script_pubkey, get_htlc_redeemscript(&received_htlc, &ChannelTypeFeatures::only_static_remote_key(), &keys).to_v0_p2wsh());
 		assert_eq!(tx.built.transaction.output[1].script_pubkey, get_htlc_redeemscript(&offered_htlc, &ChannelTypeFeatures::only_static_remote_key(), &keys).to_v0_p2wsh());
@@ -1888,15 +1947,9 @@ mod tests {
 				   "0020215d61bba56b19e9eadb6107f5a85d7f99c40f65992443f69229c290165bc00d");
 
 		// Generate broadcaster output and received and offered HTLC outputs,  with anchors
-		channel_parameters.channel_type_features = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
-		let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(
-			0, 3000, 0,
-			holder_pubkeys.funding_pubkey,
-			counterparty_pubkeys.funding_pubkey,
-			keys.clone(), 1,
-			&mut vec![(received_htlc.clone(), ()), (offered_htlc.clone(), ())],
-			&channel_parameters.as_holder_broadcastable()
-		);
+		builder.channel_parameters.channel_type_features = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
+		builder.htlcs_with_aux = vec![(received_htlc.clone(), ()), (offered_htlc.clone(), ())];
+		let tx = builder.build(3000, 0);
 		assert_eq!(tx.built.transaction.output.len(), 5);
 		assert_eq!(tx.built.transaction.output[2].script_pubkey, get_htlc_redeemscript(&received_htlc, &ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies(), &keys).to_v0_p2wsh());
 		assert_eq!(tx.built.transaction.output[3].script_pubkey, get_htlc_redeemscript(&offered_htlc, &ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies(), &keys).to_v0_p2wsh());
@@ -1906,6 +1959,26 @@ mod tests {
 				   "002087a3faeb1950a469c0e2db4a79b093a41b9526e5a6fc6ef5cb949bde3be379c7");
 	}
 
+	#[test]
+	fn test_finding_revokeable_output_index() {
+		let mut builder = TestCommitmentTxBuilder::new();
+
+		// Revokeable output present
+		let tx = builder.build(1000, 2000);
+		assert_eq!(tx.built.transaction.output.len(), 2);
+		assert_eq!(tx.revokeable_output_index(), Some(0));
+
+		// Revokeable output present (but to_self_delay missing)
+		let tx = CommitmentTransaction { to_self_delay: None, ..tx };
+		assert_eq!(tx.built.transaction.output.len(), 2);
+		assert_eq!(tx.revokeable_output_index(), None);
+
+		// Revokeable output not present (our balance is dust)
+		let tx = builder.build(0, 2000);
+		assert_eq!(tx.built.transaction.output.len(), 1);
+		assert_eq!(tx.revokeable_output_index(), None);
+	}
+
 	#[test]
 	fn test_per_commitment_storage() {
 		// Test vectors from BOLT 3:
