]> git.bitcoin.ninja Git - rust-lightning/blob - lightning/src/ln/channel.rs
Adapt intro node process_pending_htlcs test for non-intro nodes
[rust-lightning] / lightning / src / ln / channel.rs
1 // This file is Copyright its original authors, visible in version control
2 // history.
3 //
4 // This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
5 // or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
7 // You may not use this file except in accordance with one or both of these
8 // licenses.
9
10 use bitcoin::blockdata::constants::ChainHash;
11 use bitcoin::blockdata::script::{Script, ScriptBuf, Builder};
12 use bitcoin::blockdata::transaction::Transaction;
13 use bitcoin::sighash;
14 use bitcoin::sighash::EcdsaSighashType;
15 use bitcoin::consensus::encode;
16
17 use bitcoin::hashes::Hash;
18 use bitcoin::hashes::sha256::Hash as Sha256;
19 use bitcoin::hashes::sha256d::Hash as Sha256d;
20 use bitcoin::hash_types::{Txid, BlockHash};
21
22 use bitcoin::secp256k1::constants::PUBLIC_KEY_SIZE;
23 use bitcoin::secp256k1::{PublicKey,SecretKey};
24 use bitcoin::secp256k1::{Secp256k1,ecdsa::Signature};
25 use bitcoin::secp256k1;
26
27 use crate::ln::{ChannelId, PaymentPreimage, PaymentHash};
28 use crate::ln::features::{ChannelTypeFeatures, InitFeatures};
29 use crate::ln::msgs;
30 use crate::ln::msgs::DecodeError;
31 use crate::ln::script::{self, ShutdownScript};
32 use crate::ln::channelmanager::{self, CounterpartyForwardingInfo, PendingHTLCStatus, HTLCSource, SentHTLCId, HTLCFailureMsg, PendingHTLCInfo, RAACommitmentOrder, BREAKDOWN_TIMEOUT, MIN_CLTV_EXPIRY_DELTA, MAX_LOCAL_BREAKDOWN_TIMEOUT, ChannelShutdownState};
33 use crate::ln::chan_utils::{CounterpartyCommitmentSecrets, TxCreationKeys, HTLCOutputInCommitment, htlc_success_tx_weight, htlc_timeout_tx_weight, make_funding_redeemscript, ChannelPublicKeys, CommitmentTransaction, HolderCommitmentTransaction, ChannelTransactionParameters, CounterpartyChannelTransactionParameters, MAX_HTLCS, get_commitment_transaction_number_obscure_factor, ClosingTransaction};
34 use crate::ln::chan_utils;
35 use crate::ln::onion_utils::HTLCFailReason;
36 use crate::chain::BestBlock;
37 use crate::chain::chaininterface::{FeeEstimator, ConfirmationTarget, LowerBoundedFeeEstimator};
38 use crate::chain::channelmonitor::{ChannelMonitor, ChannelMonitorUpdate, ChannelMonitorUpdateStep, LATENCY_GRACE_PERIOD_BLOCKS, CLOSED_CHANNEL_UPDATE_ID};
39 use crate::chain::transaction::{OutPoint, TransactionData};
40 use crate::sign::ecdsa::{EcdsaChannelSigner, WriteableEcdsaChannelSigner};
41 use crate::sign::{EntropySource, ChannelSigner, SignerProvider, NodeSigner, Recipient};
42 use crate::events::ClosureReason;
43 use crate::routing::gossip::NodeId;
44 use crate::util::ser::{Readable, ReadableArgs, Writeable, Writer};
45 use crate::util::logger::{Logger, Record, WithContext};
46 use crate::util::errors::APIError;
47 use crate::util::config::{UserConfig, ChannelConfig, LegacyChannelConfig, ChannelHandshakeConfig, ChannelHandshakeLimits, MaxDustHTLCExposure};
48 use crate::util::scid_utils::scid_from_parts;
49
50 use crate::io;
51 use crate::prelude::*;
52 use core::{cmp,mem,fmt};
53 use core::convert::TryInto;
54 use core::ops::Deref;
55 #[cfg(any(test, fuzzing, debug_assertions))]
56 use crate::sync::Mutex;
57 use crate::sign::type_resolver::ChannelSignerType;
58
59 use super::channel_keys::{DelayedPaymentBasepoint, HtlcBasepoint, RevocationBasepoint};
60
61 #[cfg(test)]
62 pub struct ChannelValueStat {
63         pub value_to_self_msat: u64,
64         pub channel_value_msat: u64,
65         pub channel_reserve_msat: u64,
66         pub pending_outbound_htlcs_amount_msat: u64,
67         pub pending_inbound_htlcs_amount_msat: u64,
68         pub holding_cell_outbound_amount_msat: u64,
69         pub counterparty_max_htlc_value_in_flight_msat: u64, // outgoing
70         pub counterparty_dust_limit_msat: u64,
71 }
72
73 pub struct AvailableBalances {
74         /// The amount that would go to us if we close the channel, ignoring any on-chain fees.
75         pub balance_msat: u64,
76         /// Total amount available for our counterparty to send to us.
77         pub inbound_capacity_msat: u64,
78         /// Total amount available for us to send to our counterparty.
79         pub outbound_capacity_msat: u64,
80         /// The maximum value we can assign to the next outbound HTLC
81         pub next_outbound_htlc_limit_msat: u64,
82         /// The minimum value we can assign to the next outbound HTLC
83         pub next_outbound_htlc_minimum_msat: u64,
84 }
85
86 #[derive(Debug, Clone, Copy, PartialEq)]
87 enum FeeUpdateState {
88         // Inbound states mirroring InboundHTLCState
89         RemoteAnnounced,
90         AwaitingRemoteRevokeToAnnounce,
91         // Note that we do not have a AwaitingAnnouncedRemoteRevoke variant here as it is universally
92         // handled the same as `Committed`, with the only exception in `InboundHTLCState` being the
93         // distinction of when we allow ourselves to forward the HTLC. Because we aren't "forwarding"
94         // the fee update anywhere, we can simply consider the fee update `Committed` immediately
95         // instead of setting it to AwaitingAnnouncedRemoteRevoke.
96
97         // Outbound state can only be `LocalAnnounced` or `Committed`
98         Outbound,
99 }
100
101 enum InboundHTLCRemovalReason {
102         FailRelay(msgs::OnionErrorPacket),
103         FailMalformed(([u8; 32], u16)),
104         Fulfill(PaymentPreimage),
105 }
106
107 enum InboundHTLCState {
108         /// Offered by remote, to be included in next local commitment tx. I.e., the remote sent an
109         /// update_add_htlc message for this HTLC.
110         RemoteAnnounced(PendingHTLCStatus),
111         /// Included in a received commitment_signed message (implying we've
112         /// revoke_and_ack'd it), but the remote hasn't yet revoked their previous
113         /// state (see the example below). We have not yet included this HTLC in a
114         /// commitment_signed message because we are waiting on the remote's
115         /// aforementioned state revocation. One reason this missing remote RAA
116         /// (revoke_and_ack) blocks us from constructing a commitment_signed message
117         /// is because every time we create a new "state", i.e. every time we sign a
118         /// new commitment tx (see [BOLT #2]), we need a new per_commitment_point,
119         /// which are provided one-at-a-time in each RAA. E.g., the last RAA they
120         /// sent provided the per_commitment_point for our current commitment tx.
121         /// The other reason we should not send a commitment_signed without their RAA
122         /// is because their RAA serves to ACK our previous commitment_signed.
123         ///
124         /// Here's an example of how an HTLC could come to be in this state:
125         /// remote --> update_add_htlc(prev_htlc)   --> local
126         /// remote --> commitment_signed(prev_htlc) --> local
127         /// remote <-- revoke_and_ack               <-- local
128         /// remote <-- commitment_signed(prev_htlc) <-- local
129         /// [note that here, the remote does not respond with a RAA]
130         /// remote --> update_add_htlc(this_htlc)   --> local
131         /// remote --> commitment_signed(prev_htlc, this_htlc) --> local
132         /// Now `this_htlc` will be assigned this state. It's unable to be officially
133         /// accepted, i.e. included in a commitment_signed, because we're missing the
134         /// RAA that provides our next per_commitment_point. The per_commitment_point
135         /// is used to derive commitment keys, which are used to construct the
136         /// signatures in a commitment_signed message.
137         /// Implies AwaitingRemoteRevoke.
138         ///
139         /// [BOLT #2]: https://github.com/lightning/bolts/blob/master/02-peer-protocol.md
140         AwaitingRemoteRevokeToAnnounce(PendingHTLCStatus),
141         /// Included in a received commitment_signed message (implying we've revoke_and_ack'd it).
142         /// We have also included this HTLC in our latest commitment_signed and are now just waiting
143         /// on the remote's revoke_and_ack to make this HTLC an irrevocable part of the state of the
144         /// channel (before it can then get forwarded and/or removed).
145         /// Implies AwaitingRemoteRevoke.
146         AwaitingAnnouncedRemoteRevoke(PendingHTLCStatus),
147         Committed,
148         /// Removed by us and a new commitment_signed was sent (if we were AwaitingRemoteRevoke when we
149         /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
150         /// we'll drop it.
151         /// Note that we have to keep an eye on the HTLC until we've received a broadcastable
152         /// commitment transaction without it as otherwise we'll have to force-close the channel to
153         /// claim it before the timeout (obviously doesn't apply to revoked HTLCs that we can't claim
154         /// anyway). That said, ChannelMonitor does this for us (see
155         /// ChannelMonitor::should_broadcast_holder_commitment_txn) so we actually remove the HTLC from
156         /// our own local state before then, once we're sure that the next commitment_signed and
157         /// ChannelMonitor::provide_latest_local_commitment_tx will not include this HTLC.
158         LocalRemoved(InboundHTLCRemovalReason),
159 }
160
161 /// Exposes the state of pending inbound HTLCs.
162 ///
163 /// At a high level, an HTLC being forwarded from one Lightning node to another Lightning node goes
164 /// through the following states in the state machine:
165 /// - Announced for addition by the originating node through the update_add_htlc message.
166 /// - Added to the commitment transaction of the receiving node and originating node in turn
167 ///   through the exchange of commitment_signed and revoke_and_ack messages.
168 /// - Announced for resolution (fulfillment or failure) by the receiving node through either one of
169 ///   the update_fulfill_htlc, update_fail_htlc, and update_fail_malformed_htlc messages.
170 /// - Removed from the commitment transaction of the originating node and receiving node in turn
171 ///   through the exchange of commitment_signed and revoke_and_ack messages.
172 ///
173 /// This can be used to inspect what next message an HTLC is waiting for to advance its state.
174 #[derive(Clone, Debug, PartialEq)]
175 pub enum InboundHTLCStateDetails {
176         /// We have added this HTLC in our commitment transaction by receiving commitment_signed and
177         /// returning revoke_and_ack. We are awaiting the appropriate revoke_and_ack's from the remote
178         /// before this HTLC is included on the remote commitment transaction.
179         AwaitingRemoteRevokeToAdd,
180         /// This HTLC has been included in the commitment_signed and revoke_and_ack messages on both sides
181         /// and is included in both commitment transactions.
182         ///
183         /// This HTLC is now safe to either forward or be claimed as a payment by us. The HTLC will
184         /// remain in this state until the forwarded upstream HTLC has been resolved and we resolve this
185         /// HTLC correspondingly, or until we claim it as a payment. If it is part of a multipart
186         /// payment, it will only be claimed together with other required parts.
187         Committed,
188         /// We have received the preimage for this HTLC and it is being removed by fulfilling it with
189         /// update_fulfill_htlc. This HTLC is still on both commitment transactions, but we are awaiting
190         /// the appropriate revoke_and_ack's from the remote before this HTLC is removed from the remote
191         /// commitment transaction after update_fulfill_htlc.
192         AwaitingRemoteRevokeToRemoveFulfill,
193         /// The HTLC is being removed by failing it with update_fail_htlc or update_fail_malformed_htlc.
194         /// This HTLC is still on both commitment transactions, but we are awaiting the appropriate
195         /// revoke_and_ack's from the remote before this HTLC is removed from the remote commitment
196         /// transaction.
197         AwaitingRemoteRevokeToRemoveFail,
198 }
199
200 impl From<&InboundHTLCState> for Option<InboundHTLCStateDetails> {
201         fn from(state: &InboundHTLCState) -> Option<InboundHTLCStateDetails> {
202                 match state {
203                         InboundHTLCState::RemoteAnnounced(_) => None,
204                         InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) =>
205                                 Some(InboundHTLCStateDetails::AwaitingRemoteRevokeToAdd),
206                         InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) =>
207                                 Some(InboundHTLCStateDetails::AwaitingRemoteRevokeToAdd),
208                         InboundHTLCState::Committed =>
209                                 Some(InboundHTLCStateDetails::Committed),
210                         InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(_)) =>
211                                 Some(InboundHTLCStateDetails::AwaitingRemoteRevokeToRemoveFail),
212                         InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailMalformed(_)) =>
213                                 Some(InboundHTLCStateDetails::AwaitingRemoteRevokeToRemoveFail),
214                         InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(_)) =>
215                                 Some(InboundHTLCStateDetails::AwaitingRemoteRevokeToRemoveFulfill),
216                 }
217         }
218 }
219
220 impl_writeable_tlv_based_enum_upgradable!(InboundHTLCStateDetails,
221         (0, AwaitingRemoteRevokeToAdd) => {},
222         (2, Committed) => {},
223         (4, AwaitingRemoteRevokeToRemoveFulfill) => {},
224         (6, AwaitingRemoteRevokeToRemoveFail) => {};
225 );
226
227 struct InboundHTLCOutput {
228         htlc_id: u64,
229         amount_msat: u64,
230         cltv_expiry: u32,
231         payment_hash: PaymentHash,
232         state: InboundHTLCState,
233 }
234
235 /// Exposes details around pending inbound HTLCs.
236 #[derive(Clone, Debug, PartialEq)]
237 pub struct InboundHTLCDetails {
238         /// The HTLC ID.
239         /// The IDs are incremented by 1 starting from 0 for each offered HTLC.
240         /// They are unique per channel and inbound/outbound direction, unless an HTLC was only announced
241         /// and not part of any commitment transaction.
242         pub htlc_id: u64,
243         /// The amount in msat.
244         pub amount_msat: u64,
245         /// The block height at which this HTLC expires.
246         pub cltv_expiry: u32,
247         /// The payment hash.
248         pub payment_hash: PaymentHash,
249         /// The state of the HTLC in the state machine.
250         ///
251         /// Determines on which commitment transactions the HTLC is included and what message the HTLC is
252         /// waiting for to advance to the next state.
253         ///
254         /// See [`InboundHTLCStateDetails`] for information on the specific states.
255         ///
256         /// LDK will always fill this field in, but when downgrading to prior versions of LDK, new
257         /// states may result in `None` here.
258         pub state: Option<InboundHTLCStateDetails>,
259         /// Whether the HTLC has an output below the local dust limit. If so, the output will be trimmed
260         /// from the local commitment transaction and added to the commitment transaction fee.
261         /// For non-anchor channels, this takes into account the cost of the second-stage HTLC
262         /// transactions as well.
263         ///
264         /// When the local commitment transaction is broadcasted as part of a unilateral closure,
265         /// the value of this HTLC will therefore not be claimable but instead burned as a transaction
266         /// fee.
267         ///
268         /// Note that dust limits are specific to each party. An HTLC can be dust for the local
269         /// commitment transaction but not for the counterparty's commitment transaction and vice versa.
270         pub is_dust: bool,
271 }
272
273 impl_writeable_tlv_based!(InboundHTLCDetails, {
274         (0, htlc_id, required),
275         (2, amount_msat, required),
276         (4, cltv_expiry, required),
277         (6, payment_hash, required),
278         (7, state, upgradable_option),
279         (8, is_dust, required),
280 });
281
282 #[cfg_attr(test, derive(Clone, Debug, PartialEq))]
283 enum OutboundHTLCState {
284         /// Added by us and included in a commitment_signed (if we were AwaitingRemoteRevoke when we
285         /// created it we would have put it in the holding cell instead). When they next revoke_and_ack
286         /// we will promote to Committed (note that they may not accept it until the next time we
287         /// revoke, but we don't really care about that:
288         ///  * they've revoked, so worst case we can announce an old state and get our (option on)
289         ///    money back (though we won't), and,
290         ///  * we'll send them a revoke when they send a commitment_signed, and since only they're
291         ///    allowed to remove it, the "can only be removed once committed on both sides" requirement
292         ///    doesn't matter to us and it's up to them to enforce it, worst-case they jump ahead but
293         ///    we'll never get out of sync).
294         /// Note that we Box the OnionPacket as it's rather large and we don't want to blow up
295         /// OutboundHTLCOutput's size just for a temporary bit
296         LocalAnnounced(Box<msgs::OnionPacket>),
297         Committed,
298         /// Remote removed this (outbound) HTLC. We're waiting on their commitment_signed to finalize
299         /// the change (though they'll need to revoke before we fail the payment).
300         RemoteRemoved(OutboundHTLCOutcome),
301         /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
302         /// the remote side hasn't yet revoked their previous state, which we need them to do before we
303         /// can do any backwards failing. Implies AwaitingRemoteRevoke.
304         /// We also have not yet removed this HTLC in a commitment_signed message, and are waiting on a
305         /// remote revoke_and_ack on a previous state before we can do so.
306         AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome),
307         /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
308         /// the remote side hasn't yet revoked their previous state, which we need them to do before we
309         /// can do any backwards failing. Implies AwaitingRemoteRevoke.
310         /// We have removed this HTLC in our latest commitment_signed and are now just waiting on a
311         /// revoke_and_ack to drop completely.
312         AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome),
313 }
314
315 /// Exposes the state of pending outbound HTLCs.
316 ///
317 /// At a high level, an HTLC being forwarded from one Lightning node to another Lightning node goes
318 /// through the following states in the state machine:
319 /// - Announced for addition by the originating node through the update_add_htlc message.
320 /// - Added to the commitment transaction of the receiving node and originating node in turn
321 ///   through the exchange of commitment_signed and revoke_and_ack messages.
322 /// - Announced for resolution (fulfillment or failure) by the receiving node through either one of
323 ///   the update_fulfill_htlc, update_fail_htlc, and update_fail_malformed_htlc messages.
324 /// - Removed from the commitment transaction of the originating node and receiving node in turn
325 ///   through the exchange of commitment_signed and revoke_and_ack messages.
326 ///
327 /// This can be used to inspect what next message an HTLC is waiting for to advance its state.
328 #[derive(Clone, Debug, PartialEq)]
329 pub enum OutboundHTLCStateDetails {
330         /// We are awaiting the appropriate revoke_and_ack's from the remote before the HTLC is added
331         /// on the remote's commitment transaction after update_add_htlc.
332         AwaitingRemoteRevokeToAdd,
333         /// The HTLC has been added to the remote's commitment transaction by sending commitment_signed
334         /// and receiving revoke_and_ack in return.
335         ///
336         /// The HTLC will remain in this state until the remote node resolves the HTLC, or until we
337         /// unilaterally close the channel due to a timeout with an uncooperative remote node.
338         Committed,
339         /// The HTLC has been fulfilled successfully by the remote with a preimage in update_fulfill_htlc,
340         /// and we removed the HTLC from our commitment transaction by receiving commitment_signed and
341         /// returning revoke_and_ack. We are awaiting the appropriate revoke_and_ack's from the remote
342         /// for the removal from its commitment transaction.
343         AwaitingRemoteRevokeToRemoveSuccess,
344         /// The HTLC has been failed by the remote with update_fail_htlc or update_fail_malformed_htlc,
345         /// and we removed the HTLC from our commitment transaction by receiving commitment_signed and
346         /// returning revoke_and_ack. We are awaiting the appropriate revoke_and_ack's from the remote
347         /// for the removal from its commitment transaction.
348         AwaitingRemoteRevokeToRemoveFailure,
349 }
350
351 impl From<&OutboundHTLCState> for OutboundHTLCStateDetails {
352         fn from(state: &OutboundHTLCState) -> OutboundHTLCStateDetails {
353                 match state {
354                         OutboundHTLCState::LocalAnnounced(_) =>
355                                 OutboundHTLCStateDetails::AwaitingRemoteRevokeToAdd,
356                         OutboundHTLCState::Committed =>
357                                 OutboundHTLCStateDetails::Committed,
358                         // RemoteRemoved states are ignored as the state is transient and the remote has not committed to
359                         // the state yet.
360                         OutboundHTLCState::RemoteRemoved(_) =>
361                                 OutboundHTLCStateDetails::Committed,
362                         OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_)) =>
363                                 OutboundHTLCStateDetails::AwaitingRemoteRevokeToRemoveSuccess,
364                         OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Failure(_)) =>
365                                 OutboundHTLCStateDetails::AwaitingRemoteRevokeToRemoveFailure,
366                         OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) =>
367                                 OutboundHTLCStateDetails::AwaitingRemoteRevokeToRemoveSuccess,
368                         OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Failure(_)) =>
369                                 OutboundHTLCStateDetails::AwaitingRemoteRevokeToRemoveFailure,
370                 }
371         }
372 }
373
374 impl_writeable_tlv_based_enum_upgradable!(OutboundHTLCStateDetails,
375         (0, AwaitingRemoteRevokeToAdd) => {},
376         (2, Committed) => {},
377         (4, AwaitingRemoteRevokeToRemoveSuccess) => {},
378         (6, AwaitingRemoteRevokeToRemoveFailure) => {};
379 );
380
381 #[derive(Clone)]
382 #[cfg_attr(test, derive(Debug, PartialEq))]
383 enum OutboundHTLCOutcome {
384         /// LDK version 0.0.105+ will always fill in the preimage here.
385         Success(Option<PaymentPreimage>),
386         Failure(HTLCFailReason),
387 }
388
389 impl From<Option<HTLCFailReason>> for OutboundHTLCOutcome {
390         fn from(o: Option<HTLCFailReason>) -> Self {
391                 match o {
392                         None => OutboundHTLCOutcome::Success(None),
393                         Some(r) => OutboundHTLCOutcome::Failure(r)
394                 }
395         }
396 }
397
398 impl<'a> Into<Option<&'a HTLCFailReason>> for &'a OutboundHTLCOutcome {
399         fn into(self) -> Option<&'a HTLCFailReason> {
400                 match self {
401                         OutboundHTLCOutcome::Success(_) => None,
402                         OutboundHTLCOutcome::Failure(ref r) => Some(r)
403                 }
404         }
405 }
406
407 #[cfg_attr(test, derive(Clone, Debug, PartialEq))]
408 struct OutboundHTLCOutput {
409         htlc_id: u64,
410         amount_msat: u64,
411         cltv_expiry: u32,
412         payment_hash: PaymentHash,
413         state: OutboundHTLCState,
414         source: HTLCSource,
415         blinding_point: Option<PublicKey>,
416         skimmed_fee_msat: Option<u64>,
417 }
418
419 /// Exposes details around pending outbound HTLCs.
420 #[derive(Clone, Debug, PartialEq)]
421 pub struct OutboundHTLCDetails {
422         /// The HTLC ID.
423         /// The IDs are incremented by 1 starting from 0 for each offered HTLC.
424         /// They are unique per channel and inbound/outbound direction, unless an HTLC was only announced
425         /// and not part of any commitment transaction.
426         ///
427         /// Not present when we are awaiting a remote revocation and the HTLC is not added yet.
428         pub htlc_id: Option<u64>,
429         /// The amount in msat.
430         pub amount_msat: u64,
431         /// The block height at which this HTLC expires.
432         pub cltv_expiry: u32,
433         /// The payment hash.
434         pub payment_hash: PaymentHash,
435         /// The state of the HTLC in the state machine.
436         ///
437         /// Determines on which commitment transactions the HTLC is included and what message the HTLC is
438         /// waiting for to advance to the next state.
439         ///
440         /// See [`OutboundHTLCStateDetails`] for information on the specific states.
441         ///
442         /// LDK will always fill this field in, but when downgrading to prior versions of LDK, new
443         /// states may result in `None` here.
444         pub state: Option<OutboundHTLCStateDetails>,
445         /// The extra fee being skimmed off the top of this HTLC.
446         pub skimmed_fee_msat: Option<u64>,
447         /// Whether the HTLC has an output below the local dust limit. If so, the output will be trimmed
448         /// from the local commitment transaction and added to the commitment transaction fee.
449         /// For non-anchor channels, this takes into account the cost of the second-stage HTLC
450         /// transactions as well.
451         ///
452         /// When the local commitment transaction is broadcasted as part of a unilateral closure,
453         /// the value of this HTLC will therefore not be claimable but instead burned as a transaction
454         /// fee.
455         ///
456         /// Note that dust limits are specific to each party. An HTLC can be dust for the local
457         /// commitment transaction but not for the counterparty's commitment transaction and vice versa.
458         pub is_dust: bool,
459 }
460
461 impl_writeable_tlv_based!(OutboundHTLCDetails, {
462         (0, htlc_id, required),
463         (2, amount_msat, required),
464         (4, cltv_expiry, required),
465         (6, payment_hash, required),
466         (7, state, upgradable_option),
467         (8, skimmed_fee_msat, required),
468         (10, is_dust, required),
469 });
470
471 /// See AwaitingRemoteRevoke ChannelState for more info
472 #[cfg_attr(test, derive(Clone, Debug, PartialEq))]
473 enum HTLCUpdateAwaitingACK {
474         AddHTLC { // TODO: Time out if we're getting close to cltv_expiry
475                 // always outbound
476                 amount_msat: u64,
477                 cltv_expiry: u32,
478                 payment_hash: PaymentHash,
479                 source: HTLCSource,
480                 onion_routing_packet: msgs::OnionPacket,
481                 // The extra fee we're skimming off the top of this HTLC.
482                 skimmed_fee_msat: Option<u64>,
483                 blinding_point: Option<PublicKey>,
484         },
485         ClaimHTLC {
486                 payment_preimage: PaymentPreimage,
487                 htlc_id: u64,
488         },
489         FailHTLC {
490                 htlc_id: u64,
491                 err_packet: msgs::OnionErrorPacket,
492         },
493         FailMalformedHTLC {
494                 htlc_id: u64,
495                 failure_code: u16,
496                 sha256_of_onion: [u8; 32],
497         },
498 }
499
500 macro_rules! define_state_flags {
501         ($flag_type_doc: expr, $flag_type: ident, [$(($flag_doc: expr, $flag: ident, $value: expr, $get: ident, $set: ident, $clear: ident)),+], $extra_flags: expr) => {
502                 #[doc = $flag_type_doc]
503                 #[derive(Copy, Clone, Debug, PartialEq, PartialOrd, Eq)]
504                 struct $flag_type(u32);
505
506                 impl $flag_type {
507                         $(
508                                 #[doc = $flag_doc]
509                                 const $flag: $flag_type = $flag_type($value);
510                         )*
511
512                         /// All flags that apply to the specified [`ChannelState`] variant.
513                         #[allow(unused)]
514                         const ALL: $flag_type = Self($(Self::$flag.0 | )* $extra_flags);
515
516                         #[allow(unused)]
517                         fn new() -> Self { Self(0) }
518
519                         #[allow(unused)]
520                         fn from_u32(flags: u32) -> Result<Self, ()> {
521                                 if flags & !Self::ALL.0 != 0 {
522                                         Err(())
523                                 } else {
524                                         Ok($flag_type(flags))
525                                 }
526                         }
527
528                         #[allow(unused)]
529                         fn is_empty(&self) -> bool { self.0 == 0 }
530                         #[allow(unused)]
531                         fn is_set(&self, flag: Self) -> bool { *self & flag == flag }
532                         #[allow(unused)]
533                         fn set(&mut self, flag: Self) { *self |= flag }
534                         #[allow(unused)]
535                         fn clear(&mut self, flag: Self) -> Self { self.0 &= !flag.0; *self }
536                 }
537
538                 $(
539                         define_state_flags!($flag_type, Self::$flag, $get, $set, $clear);
540                 )*
541
542                 impl core::ops::BitOr for $flag_type {
543                         type Output = Self;
544                         fn bitor(self, rhs: Self) -> Self::Output { Self(self.0 | rhs.0) }
545                 }
546                 impl core::ops::BitOrAssign for $flag_type {
547                         fn bitor_assign(&mut self, rhs: Self) { self.0 |= rhs.0; }
548                 }
549                 impl core::ops::BitAnd for $flag_type {
550                         type Output = Self;
551                         fn bitand(self, rhs: Self) -> Self::Output { Self(self.0 & rhs.0) }
552                 }
553                 impl core::ops::BitAndAssign for $flag_type {
554                         fn bitand_assign(&mut self, rhs: Self) { self.0 &= rhs.0; }
555                 }
556         };
557         ($flag_type_doc: expr, $flag_type: ident, $flags: tt) => {
558                 define_state_flags!($flag_type_doc, $flag_type, $flags, 0);
559         };
560         ($flag_type: ident, $flag: expr, $get: ident, $set: ident, $clear: ident) => {
561                 impl $flag_type {
562                         #[allow(unused)]
563                         fn $get(&self) -> bool { self.is_set($flag_type::new() | $flag) }
564                         #[allow(unused)]
565                         fn $set(&mut self) { self.set($flag_type::new() | $flag) }
566                         #[allow(unused)]
567                         fn $clear(&mut self) -> Self { self.clear($flag_type::new() | $flag) }
568                 }
569         };
570         ($flag_type_doc: expr, FUNDED_STATE, $flag_type: ident, $flags: tt) => {
571                 define_state_flags!($flag_type_doc, $flag_type, $flags, FundedStateFlags::ALL.0);
572
573                 define_state_flags!($flag_type, FundedStateFlags::PEER_DISCONNECTED,
574                         is_peer_disconnected, set_peer_disconnected, clear_peer_disconnected);
575                 define_state_flags!($flag_type, FundedStateFlags::MONITOR_UPDATE_IN_PROGRESS,
576                         is_monitor_update_in_progress, set_monitor_update_in_progress, clear_monitor_update_in_progress);
577                 define_state_flags!($flag_type, FundedStateFlags::REMOTE_SHUTDOWN_SENT,
578                         is_remote_shutdown_sent, set_remote_shutdown_sent, clear_remote_shutdown_sent);
579                 define_state_flags!($flag_type, FundedStateFlags::LOCAL_SHUTDOWN_SENT,
580                         is_local_shutdown_sent, set_local_shutdown_sent, clear_local_shutdown_sent);
581
582                 impl core::ops::BitOr<FundedStateFlags> for $flag_type {
583                         type Output = Self;
584                         fn bitor(self, rhs: FundedStateFlags) -> Self::Output { Self(self.0 | rhs.0) }
585                 }
586                 impl core::ops::BitOrAssign<FundedStateFlags> for $flag_type {
587                         fn bitor_assign(&mut self, rhs: FundedStateFlags) { self.0 |= rhs.0; }
588                 }
589                 impl core::ops::BitAnd<FundedStateFlags> for $flag_type {
590                         type Output = Self;
591                         fn bitand(self, rhs: FundedStateFlags) -> Self::Output { Self(self.0 & rhs.0) }
592                 }
593                 impl core::ops::BitAndAssign<FundedStateFlags> for $flag_type {
594                         fn bitand_assign(&mut self, rhs: FundedStateFlags) { self.0 &= rhs.0; }
595                 }
596                 impl PartialEq<FundedStateFlags> for $flag_type {
597                         fn eq(&self, other: &FundedStateFlags) -> bool { self.0 == other.0 }
598                 }
599                 impl From<FundedStateFlags> for $flag_type {
600                         fn from(flags: FundedStateFlags) -> Self { Self(flags.0) }
601                 }
602         };
603 }
604
605 /// We declare all the states/flags here together to help determine which bits are still available
606 /// to choose.
607 mod state_flags {
608         pub const OUR_INIT_SENT: u32 = 1 << 0;
609         pub const THEIR_INIT_SENT: u32 = 1 << 1;
610         pub const FUNDING_NEGOTIATED: u32 = 1 << 2;
611         pub const AWAITING_CHANNEL_READY: u32 = 1 << 3;
612         pub const THEIR_CHANNEL_READY: u32 = 1 << 4;
613         pub const OUR_CHANNEL_READY: u32 = 1 << 5;
614         pub const CHANNEL_READY: u32 = 1 << 6;
615         pub const PEER_DISCONNECTED: u32 = 1 << 7;
616         pub const MONITOR_UPDATE_IN_PROGRESS: u32 = 1 << 8;
617         pub const AWAITING_REMOTE_REVOKE: u32 = 1 << 9;
618         pub const REMOTE_SHUTDOWN_SENT: u32 = 1 << 10;
619         pub const LOCAL_SHUTDOWN_SENT: u32 = 1 << 11;
620         pub const SHUTDOWN_COMPLETE: u32 = 1 << 12;
621         pub const WAITING_FOR_BATCH: u32 = 1 << 13;
622 }
623
624 define_state_flags!(
625         "Flags that apply to all [`ChannelState`] variants in which the channel is funded.",
626         FundedStateFlags, [
627                 ("Indicates the remote side is considered \"disconnected\" and no updates are allowed \
628                         until after we've done a `channel_reestablish` dance.", PEER_DISCONNECTED, state_flags::PEER_DISCONNECTED,
629                         is_peer_disconnected, set_peer_disconnected, clear_peer_disconnected),
630                 ("Indicates the user has told us a `ChannelMonitor` update is pending async persistence \
631                         somewhere and we should pause sending any outbound messages until they've managed to \
632                         complete it.", MONITOR_UPDATE_IN_PROGRESS, state_flags::MONITOR_UPDATE_IN_PROGRESS,
633                         is_monitor_update_in_progress, set_monitor_update_in_progress, clear_monitor_update_in_progress),
634                 ("Indicates we received a `shutdown` message from the remote end. If set, they may not add \
635                         any new HTLCs to the channel, and we are expected to respond with our own `shutdown` \
636                         message when possible.", REMOTE_SHUTDOWN_SENT, state_flags::REMOTE_SHUTDOWN_SENT,
637                         is_remote_shutdown_sent, set_remote_shutdown_sent, clear_remote_shutdown_sent),
638                 ("Indicates we sent a `shutdown` message. At this point, we may not add any new HTLCs to \
639                         the channel.", LOCAL_SHUTDOWN_SENT, state_flags::LOCAL_SHUTDOWN_SENT,
640                         is_local_shutdown_sent, set_local_shutdown_sent, clear_local_shutdown_sent)
641         ]
642 );
643
644 define_state_flags!(
645         "Flags that only apply to [`ChannelState::NegotiatingFunding`].",
646         NegotiatingFundingFlags, [
647                 ("Indicates we have (or are prepared to) send our `open_channel`/`accept_channel` message.",
648                         OUR_INIT_SENT, state_flags::OUR_INIT_SENT, is_our_init_sent, set_our_init_sent, clear_our_init_sent),
649                 ("Indicates we have received their `open_channel`/`accept_channel` message.",
650                         THEIR_INIT_SENT, state_flags::THEIR_INIT_SENT, is_their_init_sent, set_their_init_sent, clear_their_init_sent)
651         ]
652 );
653
654 define_state_flags!(
655         "Flags that only apply to [`ChannelState::AwaitingChannelReady`].",
656         FUNDED_STATE, AwaitingChannelReadyFlags, [
657                 ("Indicates they sent us a `channel_ready` message. Once both `THEIR_CHANNEL_READY` and \
658                         `OUR_CHANNEL_READY` are set, our state moves on to `ChannelReady`.",
659                         THEIR_CHANNEL_READY, state_flags::THEIR_CHANNEL_READY,
660                         is_their_channel_ready, set_their_channel_ready, clear_their_channel_ready),
661                 ("Indicates we sent them a `channel_ready` message. Once both `THEIR_CHANNEL_READY` and \
662                         `OUR_CHANNEL_READY` are set, our state moves on to `ChannelReady`.",
663                         OUR_CHANNEL_READY, state_flags::OUR_CHANNEL_READY,
664                         is_our_channel_ready, set_our_channel_ready, clear_our_channel_ready),
665                 ("Indicates the channel was funded in a batch and the broadcast of the funding transaction \
666                         is being held until all channels in the batch have received `funding_signed` and have \
667                         their monitors persisted.", WAITING_FOR_BATCH, state_flags::WAITING_FOR_BATCH,
668                         is_waiting_for_batch, set_waiting_for_batch, clear_waiting_for_batch)
669         ]
670 );
671
672 define_state_flags!(
673         "Flags that only apply to [`ChannelState::ChannelReady`].",
674         FUNDED_STATE, ChannelReadyFlags, [
675                 ("Indicates that we have sent a `commitment_signed` but are awaiting the responding \
676                         `revoke_and_ack` message. During this period, we can't generate new `commitment_signed` \
677                         messages as we'd be unable to determine which HTLCs they included in their `revoke_and_ack` \
678                         implicit ACK, so instead we have to hold them away temporarily to be sent later.",
679                         AWAITING_REMOTE_REVOKE, state_flags::AWAITING_REMOTE_REVOKE,
680                         is_awaiting_remote_revoke, set_awaiting_remote_revoke, clear_awaiting_remote_revoke)
681         ]
682 );
683
684 // Note that the order of this enum is implicitly defined by where each variant is placed. Take this
685 // into account when introducing new states and update `test_channel_state_order` accordingly.
686 #[derive(Copy, Clone, Debug, PartialEq, PartialOrd, Eq)]
687 enum ChannelState {
688         /// We are negotiating the parameters required for the channel prior to funding it.
689         NegotiatingFunding(NegotiatingFundingFlags),
690         /// We have sent `funding_created` and are awaiting a `funding_signed` to advance to
691         /// `AwaitingChannelReady`. Note that this is nonsense for an inbound channel as we immediately generate
692         /// `funding_signed` upon receipt of `funding_created`, so simply skip this state.
693         FundingNegotiated,
694         /// We've received/sent `funding_created` and `funding_signed` and are thus now waiting on the
695         /// funding transaction to confirm.
696         AwaitingChannelReady(AwaitingChannelReadyFlags),
697         /// Both we and our counterparty consider the funding transaction confirmed and the channel is
698         /// now operational.
699         ChannelReady(ChannelReadyFlags),
700         /// We've successfully negotiated a `closing_signed` dance. At this point, the `ChannelManager`
701         /// is about to drop us, but we store this anyway.
702         ShutdownComplete,
703 }
704
705 macro_rules! impl_state_flag {
706         ($get: ident, $set: ident, $clear: ident, [$($state: ident),+]) => {
707                 #[allow(unused)]
708                 fn $get(&self) -> bool {
709                         match self {
710                                 $(
711                                         ChannelState::$state(flags) => flags.$get(),
712                                 )*
713                                 _ => false,
714                         }
715                 }
716                 #[allow(unused)]
717                 fn $set(&mut self) {
718                         match self {
719                                 $(
720                                         ChannelState::$state(flags) => flags.$set(),
721                                 )*
722                                 _ => debug_assert!(false, "Attempted to set flag on unexpected ChannelState"),
723                         }
724                 }
725                 #[allow(unused)]
726                 fn $clear(&mut self) {
727                         match self {
728                                 $(
729                                         ChannelState::$state(flags) => { let _ = flags.$clear(); },
730                                 )*
731                                 _ => debug_assert!(false, "Attempted to clear flag on unexpected ChannelState"),
732                         }
733                 }
734         };
735         ($get: ident, $set: ident, $clear: ident, FUNDED_STATES) => {
736                 impl_state_flag!($get, $set, $clear, [AwaitingChannelReady, ChannelReady]);
737         };
738         ($get: ident, $set: ident, $clear: ident, $state: ident) => {
739                 impl_state_flag!($get, $set, $clear, [$state]);
740         };
741 }
742
743 impl ChannelState {
744         fn from_u32(state: u32) -> Result<Self, ()> {
745                 match state {
746                         state_flags::FUNDING_NEGOTIATED => Ok(ChannelState::FundingNegotiated),
747                         state_flags::SHUTDOWN_COMPLETE => Ok(ChannelState::ShutdownComplete),
748                         val => {
749                                 if val & state_flags::AWAITING_CHANNEL_READY == state_flags::AWAITING_CHANNEL_READY {
750                                         AwaitingChannelReadyFlags::from_u32(val & !state_flags::AWAITING_CHANNEL_READY)
751                                                 .map(|flags| ChannelState::AwaitingChannelReady(flags))
752                                 } else if val & state_flags::CHANNEL_READY == state_flags::CHANNEL_READY {
753                                         ChannelReadyFlags::from_u32(val & !state_flags::CHANNEL_READY)
754                                                 .map(|flags| ChannelState::ChannelReady(flags))
755                                 } else if let Ok(flags) = NegotiatingFundingFlags::from_u32(val) {
756                                         Ok(ChannelState::NegotiatingFunding(flags))
757                                 } else {
758                                         Err(())
759                                 }
760                         },
761                 }
762         }
763
764         fn to_u32(&self) -> u32 {
765                 match self {
766                         ChannelState::NegotiatingFunding(flags) => flags.0,
767                         ChannelState::FundingNegotiated => state_flags::FUNDING_NEGOTIATED,
768                         ChannelState::AwaitingChannelReady(flags) => state_flags::AWAITING_CHANNEL_READY | flags.0,
769                         ChannelState::ChannelReady(flags) => state_flags::CHANNEL_READY | flags.0,
770                         ChannelState::ShutdownComplete => state_flags::SHUTDOWN_COMPLETE,
771                 }
772         }
773
774         fn is_pre_funded_state(&self) -> bool {
775                 matches!(self, ChannelState::NegotiatingFunding(_)|ChannelState::FundingNegotiated)
776         }
777
778         fn is_both_sides_shutdown(&self) -> bool {
779                 self.is_local_shutdown_sent() && self.is_remote_shutdown_sent()
780         }
781
782         fn with_funded_state_flags_mask(&self) -> FundedStateFlags {
783                 match self {
784                         ChannelState::AwaitingChannelReady(flags) => FundedStateFlags((*flags & FundedStateFlags::ALL).0),
785                         ChannelState::ChannelReady(flags) => FundedStateFlags((*flags & FundedStateFlags::ALL).0),
786                         _ => FundedStateFlags::new(),
787                 }
788         }
789
790         fn can_generate_new_commitment(&self) -> bool {
791                 match self {
792                         ChannelState::ChannelReady(flags) =>
793                                 !flags.is_set(ChannelReadyFlags::AWAITING_REMOTE_REVOKE) &&
794                                         !flags.is_set(FundedStateFlags::MONITOR_UPDATE_IN_PROGRESS.into()) &&
795                                         !flags.is_set(FundedStateFlags::PEER_DISCONNECTED.into()),
796                         _ => {
797                                 debug_assert!(false, "Can only generate new commitment within ChannelReady");
798                                 false
799                         },
800                 }
801         }
802
803         impl_state_flag!(is_peer_disconnected, set_peer_disconnected, clear_peer_disconnected, FUNDED_STATES);
804         impl_state_flag!(is_monitor_update_in_progress, set_monitor_update_in_progress, clear_monitor_update_in_progress, FUNDED_STATES);
805         impl_state_flag!(is_local_shutdown_sent, set_local_shutdown_sent, clear_local_shutdown_sent, FUNDED_STATES);
806         impl_state_flag!(is_remote_shutdown_sent, set_remote_shutdown_sent, clear_remote_shutdown_sent, FUNDED_STATES);
807         impl_state_flag!(is_our_channel_ready, set_our_channel_ready, clear_our_channel_ready, AwaitingChannelReady);
808         impl_state_flag!(is_their_channel_ready, set_their_channel_ready, clear_their_channel_ready, AwaitingChannelReady);
809         impl_state_flag!(is_waiting_for_batch, set_waiting_for_batch, clear_waiting_for_batch, AwaitingChannelReady);
810         impl_state_flag!(is_awaiting_remote_revoke, set_awaiting_remote_revoke, clear_awaiting_remote_revoke, ChannelReady);
811 }
812
813 pub const INITIAL_COMMITMENT_NUMBER: u64 = (1 << 48) - 1;
814
815 pub const DEFAULT_MAX_HTLCS: u16 = 50;
816
817 pub(crate) fn commitment_tx_base_weight(channel_type_features: &ChannelTypeFeatures) -> u64 {
818         const COMMITMENT_TX_BASE_WEIGHT: u64 = 724;
819         const COMMITMENT_TX_BASE_ANCHOR_WEIGHT: u64 = 1124;
820         if channel_type_features.supports_anchors_zero_fee_htlc_tx() { COMMITMENT_TX_BASE_ANCHOR_WEIGHT } else { COMMITMENT_TX_BASE_WEIGHT }
821 }
822
823 #[cfg(not(test))]
824 const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
825 #[cfg(test)]
826 pub const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
827
828 pub const ANCHOR_OUTPUT_VALUE_SATOSHI: u64 = 330;
829
830 /// The percentage of the channel value `holder_max_htlc_value_in_flight_msat` used to be set to,
831 /// before this was made configurable. The percentage was made configurable in LDK 0.0.107,
832 /// although LDK 0.0.104+ enabled serialization of channels with a different value set for
833 /// `holder_max_htlc_value_in_flight_msat`.
834 pub const MAX_IN_FLIGHT_PERCENT_LEGACY: u8 = 10;
835
836 /// Maximum `funding_satoshis` value according to the BOLT #2 specification, if
837 /// `option_support_large_channel` (aka wumbo channels) is not supported.
838 /// It's 2^24 - 1.
839 pub const MAX_FUNDING_SATOSHIS_NO_WUMBO: u64 = (1 << 24) - 1;
840
841 /// Total bitcoin supply in satoshis.
842 pub const TOTAL_BITCOIN_SUPPLY_SATOSHIS: u64 = 21_000_000 * 1_0000_0000;
843
844 /// The maximum network dust limit for standard script formats. This currently represents the
845 /// minimum output value for a P2SH output before Bitcoin Core 22 considers the entire
846 /// transaction non-standard and thus refuses to relay it.
847 /// We also use this as the maximum counterparty `dust_limit_satoshis` allowed, given many
848 /// implementations use this value for their dust limit today.
849 pub const MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS: u64 = 546;
850
851 /// The maximum channel dust limit we will accept from our counterparty.
852 pub const MAX_CHAN_DUST_LIMIT_SATOSHIS: u64 = MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS;
853
854 /// The dust limit is used for both the commitment transaction outputs as well as the closing
855 /// transactions. For cooperative closing transactions, we require segwit outputs, though accept
856 /// *any* segwit scripts, which are allowed to be up to 42 bytes in length.
857 /// In order to avoid having to concern ourselves with standardness during the closing process, we
858 /// simply require our counterparty to use a dust limit which will leave any segwit output
859 /// standard.
860 /// See <https://github.com/lightning/bolts/issues/905> for more details.
861 pub const MIN_CHAN_DUST_LIMIT_SATOSHIS: u64 = 354;
862
863 // Just a reasonable implementation-specific safe lower bound, higher than the dust limit.
864 pub const MIN_THEIR_CHAN_RESERVE_SATOSHIS: u64 = 1000;
865
866 /// Used to return a simple Error back to ChannelManager. Will get converted to a
867 /// msgs::ErrorAction::SendErrorMessage or msgs::ErrorAction::IgnoreError as appropriate with our
868 /// channel_id in ChannelManager.
869 pub(super) enum ChannelError {
870         Ignore(String),
871         Warn(String),
872         Close(String),
873 }
874
875 impl fmt::Debug for ChannelError {
876         fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
877                 match self {
878                         &ChannelError::Ignore(ref e) => write!(f, "Ignore : {}", e),
879                         &ChannelError::Warn(ref e) => write!(f, "Warn : {}", e),
880                         &ChannelError::Close(ref e) => write!(f, "Close : {}", e),
881                 }
882         }
883 }
884
885 impl fmt::Display for ChannelError {
886         fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
887                 match self {
888                         &ChannelError::Ignore(ref e) => write!(f, "{}", e),
889                         &ChannelError::Warn(ref e) => write!(f, "{}", e),
890                         &ChannelError::Close(ref e) => write!(f, "{}", e),
891                 }
892         }
893 }
894
895 pub(super) struct WithChannelContext<'a, L: Deref> where L::Target: Logger {
896         pub logger: &'a L,
897         pub peer_id: Option<PublicKey>,
898         pub channel_id: Option<ChannelId>,
899 }
900
901 impl<'a, L: Deref> Logger for WithChannelContext<'a, L> where L::Target: Logger {
902         fn log(&self, mut record: Record) {
903                 record.peer_id = self.peer_id;
904                 record.channel_id = self.channel_id;
905                 self.logger.log(record)
906         }
907 }
908
909 impl<'a, 'b, L: Deref> WithChannelContext<'a, L>
910 where L::Target: Logger {
911         pub(super) fn from<S: Deref>(logger: &'a L, context: &'b ChannelContext<S>) -> Self
912         where S::Target: SignerProvider
913         {
914                 WithChannelContext {
915                         logger,
916                         peer_id: Some(context.counterparty_node_id),
917                         channel_id: Some(context.channel_id),
918                 }
919         }
920 }
921
922 macro_rules! secp_check {
923         ($res: expr, $err: expr) => {
924                 match $res {
925                         Ok(thing) => thing,
926                         Err(_) => return Err(ChannelError::Close($err)),
927                 }
928         };
929 }
930
931 /// The "channel disabled" bit in channel_update must be set based on whether we are connected to
932 /// our counterparty or not. However, we don't want to announce updates right away to avoid
933 /// spamming the network with updates if the connection is flapping. Instead, we "stage" updates to
934 /// our channel_update message and track the current state here.
935 /// See implementation at [`super::channelmanager::ChannelManager::timer_tick_occurred`].
936 #[derive(Clone, Copy, PartialEq)]
937 pub(super) enum ChannelUpdateStatus {
938         /// We've announced the channel as enabled and are connected to our peer.
939         Enabled,
940         /// Our channel is no longer live, but we haven't announced the channel as disabled yet.
941         DisabledStaged(u8),
942         /// Our channel is live again, but we haven't announced the channel as enabled yet.
943         EnabledStaged(u8),
944         /// We've announced the channel as disabled.
945         Disabled,
946 }
947
948 /// We track when we sent an `AnnouncementSignatures` to our peer in a few states, described here.
949 #[derive(PartialEq)]
950 pub enum AnnouncementSigsState {
951         /// We have not sent our peer an `AnnouncementSignatures` yet, or our peer disconnected since
952         /// we sent the last `AnnouncementSignatures`.
953         NotSent,
954         /// We sent an `AnnouncementSignatures` to our peer since the last time our peer disconnected.
955         /// This state never appears on disk - instead we write `NotSent`.
956         MessageSent,
957         /// We sent a `CommitmentSigned` after the last `AnnouncementSignatures` we sent. Because we
958         /// only ever have a single `CommitmentSigned` pending at once, if we sent one after sending
959         /// `AnnouncementSignatures` then we know the peer received our `AnnouncementSignatures` if
960         /// they send back a `RevokeAndACK`.
961         /// This state never appears on disk - instead we write `NotSent`.
962         Committed,
963         /// We received a `RevokeAndACK`, effectively ack-ing our `AnnouncementSignatures`, at this
964         /// point we no longer need to re-send our `AnnouncementSignatures` again on reconnect.
965         PeerReceived,
966 }
967
968 /// An enum indicating whether the local or remote side offered a given HTLC.
969 enum HTLCInitiator {
970         LocalOffered,
971         RemoteOffered,
972 }
973
974 /// An enum gathering stats on pending HTLCs, either inbound or outbound side.
975 struct HTLCStats {
976         pending_htlcs: u32,
977         pending_htlcs_value_msat: u64,
978         on_counterparty_tx_dust_exposure_msat: u64,
979         on_holder_tx_dust_exposure_msat: u64,
980         holding_cell_msat: u64,
981         on_holder_tx_holding_cell_htlcs_count: u32, // dust HTLCs *non*-included
982 }
983
984 /// An enum gathering stats on commitment transaction, either local or remote.
985 struct CommitmentStats<'a> {
986         tx: CommitmentTransaction, // the transaction info
987         feerate_per_kw: u32, // the feerate included to build the transaction
988         total_fee_sat: u64, // the total fee included in the transaction
989         num_nondust_htlcs: usize,  // the number of HTLC outputs (dust HTLCs *non*-included)
990         htlcs_included: Vec<(HTLCOutputInCommitment, Option<&'a HTLCSource>)>, // the list of HTLCs (dust HTLCs *included*) which were not ignored when building the transaction
991         local_balance_msat: u64, // local balance before fees *not* considering dust limits
992         remote_balance_msat: u64, // remote balance before fees *not* considering dust limits
993         outbound_htlc_preimages: Vec<PaymentPreimage>, // preimages for successful offered HTLCs since last commitment
994         inbound_htlc_preimages: Vec<PaymentPreimage>, // preimages for successful received HTLCs since last commitment
995 }
996
997 /// Used when calculating whether we or the remote can afford an additional HTLC.
998 struct HTLCCandidate {
999         amount_msat: u64,
1000         origin: HTLCInitiator,
1001 }
1002
1003 impl HTLCCandidate {
1004         fn new(amount_msat: u64, origin: HTLCInitiator) -> Self {
1005                 Self {
1006                         amount_msat,
1007                         origin,
1008                 }
1009         }
1010 }
1011
1012 /// A return value enum for get_update_fulfill_htlc. See UpdateFulfillCommitFetch variants for
1013 /// description
1014 enum UpdateFulfillFetch {
1015         NewClaim {
1016                 monitor_update: ChannelMonitorUpdate,
1017                 htlc_value_msat: u64,
1018                 msg: Option<msgs::UpdateFulfillHTLC>,
1019         },
1020         DuplicateClaim {},
1021 }
1022
1023 /// The return type of get_update_fulfill_htlc_and_commit.
1024 pub enum UpdateFulfillCommitFetch {
1025         /// Indicates the HTLC fulfill is new, and either generated an update_fulfill message, placed
1026         /// it in the holding cell, or re-generated the update_fulfill message after the same claim was
1027         /// previously placed in the holding cell (and has since been removed).
1028         NewClaim {
1029                 /// The ChannelMonitorUpdate which places the new payment preimage in the channel monitor
1030                 monitor_update: ChannelMonitorUpdate,
1031                 /// The value of the HTLC which was claimed, in msat.
1032                 htlc_value_msat: u64,
1033         },
1034         /// Indicates the HTLC fulfill is duplicative and already existed either in the holding cell
1035         /// or has been forgotten (presumably previously claimed).
1036         DuplicateClaim {},
1037 }
1038
1039 /// The return value of `monitor_updating_restored`
1040 pub(super) struct MonitorRestoreUpdates {
1041         pub raa: Option<msgs::RevokeAndACK>,
1042         pub commitment_update: Option<msgs::CommitmentUpdate>,
1043         pub order: RAACommitmentOrder,
1044         pub accepted_htlcs: Vec<(PendingHTLCInfo, u64)>,
1045         pub failed_htlcs: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
1046         pub finalized_claimed_htlcs: Vec<HTLCSource>,
1047         pub funding_broadcastable: Option<Transaction>,
1048         pub channel_ready: Option<msgs::ChannelReady>,
1049         pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
1050 }
1051
1052 /// The return value of `signer_maybe_unblocked`
1053 #[allow(unused)]
1054 pub(super) struct SignerResumeUpdates {
1055         pub commitment_update: Option<msgs::CommitmentUpdate>,
1056         pub funding_signed: Option<msgs::FundingSigned>,
1057         pub channel_ready: Option<msgs::ChannelReady>,
1058 }
1059
1060 /// The return value of `channel_reestablish`
1061 pub(super) struct ReestablishResponses {
1062         pub channel_ready: Option<msgs::ChannelReady>,
1063         pub raa: Option<msgs::RevokeAndACK>,
1064         pub commitment_update: Option<msgs::CommitmentUpdate>,
1065         pub order: RAACommitmentOrder,
1066         pub announcement_sigs: Option<msgs::AnnouncementSignatures>,
1067         pub shutdown_msg: Option<msgs::Shutdown>,
1068 }
1069
1070 /// The result of a shutdown that should be handled.
1071 #[must_use]
1072 pub(crate) struct ShutdownResult {
1073         pub(crate) closure_reason: ClosureReason,
1074         /// A channel monitor update to apply.
1075         pub(crate) monitor_update: Option<(PublicKey, OutPoint, ChannelId, ChannelMonitorUpdate)>,
1076         /// A list of dropped outbound HTLCs that can safely be failed backwards immediately.
1077         pub(crate) dropped_outbound_htlcs: Vec<(HTLCSource, PaymentHash, PublicKey, ChannelId)>,
1078         /// An unbroadcasted batch funding transaction id. The closure of this channel should be
1079         /// propagated to the remainder of the batch.
1080         pub(crate) unbroadcasted_batch_funding_txid: Option<Txid>,
1081         pub(crate) channel_id: ChannelId,
1082         pub(crate) user_channel_id: u128,
1083         pub(crate) channel_capacity_satoshis: u64,
1084         pub(crate) counterparty_node_id: PublicKey,
1085         pub(crate) unbroadcasted_funding_tx: Option<Transaction>,
1086         pub(crate) channel_funding_txo: Option<OutPoint>,
1087 }
1088
1089 /// If the majority of the channels funds are to the fundee and the initiator holds only just
1090 /// enough funds to cover their reserve value, channels are at risk of getting "stuck". Because the
1091 /// initiator controls the feerate, if they then go to increase the channel fee, they may have no
1092 /// balance but the fundee is unable to send a payment as the increase in fee more than drains
1093 /// their reserve value. Thus, neither side can send a new HTLC and the channel becomes useless.
1094 /// Thus, before sending an HTLC when we are the initiator, we check that the feerate can increase
1095 /// by this multiple without hitting this case, before sending.
1096 /// This multiple is effectively the maximum feerate "jump" we expect until more HTLCs flow over
1097 /// the channel. Sadly, there isn't really a good number for this - if we expect to have no new
1098 /// HTLCs for days we may need this to suffice for feerate increases across days, but that may
1099 /// leave the channel less usable as we hold a bigger reserve.
1100 #[cfg(any(fuzzing, test))]
1101 pub const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
1102 #[cfg(not(any(fuzzing, test)))]
1103 const FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE: u64 = 2;
1104
1105 /// If we fail to see a funding transaction confirmed on-chain within this many blocks after the
1106 /// channel creation on an inbound channel, we simply force-close and move on.
1107 /// This constant is the one suggested in BOLT 2.
1108 pub(crate) const FUNDING_CONF_DEADLINE_BLOCKS: u32 = 2016;
1109
1110 /// In case of a concurrent update_add_htlc proposed by our counterparty, we might
1111 /// not have enough balance value remaining to cover the onchain cost of this new
1112 /// HTLC weight. If this happens, our counterparty fails the reception of our
1113 /// commitment_signed including this new HTLC due to infringement on the channel
1114 /// reserve.
1115 /// To prevent this case, we compute our outbound update_fee with an HTLC buffer of
1116 /// size 2. However, if the number of concurrent update_add_htlc is higher, this still
1117 /// leads to a channel force-close. Ultimately, this is an issue coming from the
1118 /// design of LN state machines, allowing asynchronous updates.
1119 pub(crate) const CONCURRENT_INBOUND_HTLC_FEE_BUFFER: u32 = 2;
1120
1121 /// When a channel is opened, we check that the funding amount is enough to pay for relevant
1122 /// commitment transaction fees, with at least this many HTLCs present on the commitment
1123 /// transaction (not counting the value of the HTLCs themselves).
1124 pub(crate) const MIN_AFFORDABLE_HTLC_COUNT: usize = 4;
1125
1126 /// When a [`Channel`] has its [`ChannelConfig`] updated, its existing one is stashed for up to this
1127 /// number of ticks to allow forwarding HTLCs by nodes that have yet to receive the new
1128 /// ChannelUpdate prompted by the config update. This value was determined as follows:
1129 ///
1130 ///   * The expected interval between ticks (1 minute).
1131 ///   * The average convergence delay of updates across the network, i.e., ~300 seconds on average
1132 ///      for a node to see an update as seen on `<https://arxiv.org/pdf/2205.12737.pdf>`.
1133 ///   * `EXPIRE_PREV_CONFIG_TICKS` = convergence_delay / tick_interval
1134 pub(crate) const EXPIRE_PREV_CONFIG_TICKS: usize = 5;
1135
1136 /// The number of ticks that may elapse while we're waiting for a response to a
1137 /// [`msgs::RevokeAndACK`] or [`msgs::ChannelReestablish`] message before we attempt to disconnect
1138 /// them.
1139 ///
1140 /// See [`ChannelContext::sent_message_awaiting_response`] for more information.
1141 pub(crate) const DISCONNECT_PEER_AWAITING_RESPONSE_TICKS: usize = 2;
1142
1143 /// The number of ticks that may elapse while we're waiting for an unfunded outbound/inbound channel
1144 /// to be promoted to a [`Channel`] since the unfunded channel was created. An unfunded channel
1145 /// exceeding this age limit will be force-closed and purged from memory.
1146 pub(crate) const UNFUNDED_CHANNEL_AGE_LIMIT_TICKS: usize = 60;
1147
1148 /// Number of blocks needed for an output from a coinbase transaction to be spendable.
1149 pub(crate) const COINBASE_MATURITY: u32 = 100;
1150
1151 struct PendingChannelMonitorUpdate {
1152         update: ChannelMonitorUpdate,
1153 }
1154
1155 impl_writeable_tlv_based!(PendingChannelMonitorUpdate, {
1156         (0, update, required),
1157 });
1158
1159 /// The `ChannelPhase` enum describes the current phase in life of a lightning channel with each of
1160 /// its variants containing an appropriate channel struct.
1161 pub(super) enum ChannelPhase<SP: Deref> where SP::Target: SignerProvider {
1162         UnfundedOutboundV1(OutboundV1Channel<SP>),
1163         UnfundedInboundV1(InboundV1Channel<SP>),
1164         #[cfg(dual_funding)]
1165         UnfundedOutboundV2(OutboundV2Channel<SP>),
1166         #[cfg(dual_funding)]
1167         UnfundedInboundV2(InboundV2Channel<SP>),
1168         Funded(Channel<SP>),
1169 }
1170
1171 impl<'a, SP: Deref> ChannelPhase<SP> where
1172         SP::Target: SignerProvider,
1173         <SP::Target as SignerProvider>::EcdsaSigner: ChannelSigner,
1174 {
1175         pub fn context(&'a self) -> &'a ChannelContext<SP> {
1176                 match self {
1177                         ChannelPhase::Funded(chan) => &chan.context,
1178                         ChannelPhase::UnfundedOutboundV1(chan) => &chan.context,
1179                         ChannelPhase::UnfundedInboundV1(chan) => &chan.context,
1180                         #[cfg(dual_funding)]
1181                         ChannelPhase::UnfundedOutboundV2(chan) => &chan.context,
1182                         #[cfg(dual_funding)]
1183                         ChannelPhase::UnfundedInboundV2(chan) => &chan.context,
1184                 }
1185         }
1186
1187         pub fn context_mut(&'a mut self) -> &'a mut ChannelContext<SP> {
1188                 match self {
1189                         ChannelPhase::Funded(ref mut chan) => &mut chan.context,
1190                         ChannelPhase::UnfundedOutboundV1(ref mut chan) => &mut chan.context,
1191                         ChannelPhase::UnfundedInboundV1(ref mut chan) => &mut chan.context,
1192                         #[cfg(dual_funding)]
1193                         ChannelPhase::UnfundedOutboundV2(ref mut chan) => &mut chan.context,
1194                         #[cfg(dual_funding)]
1195                         ChannelPhase::UnfundedInboundV2(ref mut chan) => &mut chan.context,
1196                 }
1197         }
1198 }
1199
1200 /// Contains all state common to unfunded inbound/outbound channels.
1201 pub(super) struct UnfundedChannelContext {
1202         /// A counter tracking how many ticks have elapsed since this unfunded channel was
1203         /// created. If this unfunded channel reaches peer has yet to respond after reaching
1204         /// `UNFUNDED_CHANNEL_AGE_LIMIT_TICKS`, it will be force-closed and purged from memory.
1205         ///
1206         /// This is so that we don't keep channels around that haven't progressed to a funded state
1207         /// in a timely manner.
1208         unfunded_channel_age_ticks: usize,
1209 }
1210
1211 impl UnfundedChannelContext {
1212         /// Determines whether we should force-close and purge this unfunded channel from memory due to it
1213         /// having reached the unfunded channel age limit.
1214         ///
1215         /// This should be called on every [`super::channelmanager::ChannelManager::timer_tick_occurred`].
1216         pub fn should_expire_unfunded_channel(&mut self) -> bool {
1217                 self.unfunded_channel_age_ticks += 1;
1218                 self.unfunded_channel_age_ticks >= UNFUNDED_CHANNEL_AGE_LIMIT_TICKS
1219         }
1220 }
1221
1222 /// Contains everything about the channel including state, and various flags.
1223 pub(super) struct ChannelContext<SP: Deref> where SP::Target: SignerProvider {
1224         config: LegacyChannelConfig,
1225
1226         // Track the previous `ChannelConfig` so that we can continue forwarding HTLCs that were
1227         // constructed using it. The second element in the tuple corresponds to the number of ticks that
1228         // have elapsed since the update occurred.
1229         prev_config: Option<(ChannelConfig, usize)>,
1230
1231         inbound_handshake_limits_override: Option<ChannelHandshakeLimits>,
1232
1233         user_id: u128,
1234
1235         /// The current channel ID.
1236         channel_id: ChannelId,
1237         /// The temporary channel ID used during channel setup. Value kept even after transitioning to a final channel ID.
1238         /// Will be `None` for channels created prior to 0.0.115.
1239         temporary_channel_id: Option<ChannelId>,
1240         channel_state: ChannelState,
1241
1242         // When we reach max(6 blocks, minimum_depth), we need to send an AnnouncementSigs message to
1243         // our peer. However, we want to make sure they received it, or else rebroadcast it when we
1244         // next connect.
1245         // We do so here, see `AnnouncementSigsSent` for more details on the state(s).
1246         // Note that a number of our tests were written prior to the behavior here which retransmits
1247         // AnnouncementSignatures until after an RAA completes, so the behavior is short-circuited in
1248         // many tests.
1249         #[cfg(any(test, feature = "_test_utils"))]
1250         pub(crate) announcement_sigs_state: AnnouncementSigsState,
1251         #[cfg(not(any(test, feature = "_test_utils")))]
1252         announcement_sigs_state: AnnouncementSigsState,
1253
1254         secp_ctx: Secp256k1<secp256k1::All>,
1255         channel_value_satoshis: u64,
1256
1257         latest_monitor_update_id: u64,
1258
1259         holder_signer: ChannelSignerType<SP>,
1260         shutdown_scriptpubkey: Option<ShutdownScript>,
1261         destination_script: ScriptBuf,
1262
1263         // Our commitment numbers start at 2^48-1 and count down, whereas the ones used in transaction
1264         // generation start at 0 and count up...this simplifies some parts of implementation at the
1265         // cost of others, but should really just be changed.
1266
1267         cur_holder_commitment_transaction_number: u64,
1268         cur_counterparty_commitment_transaction_number: u64,
1269         value_to_self_msat: u64, // Excluding all pending_htlcs, fees, and anchor outputs
1270         pending_inbound_htlcs: Vec<InboundHTLCOutput>,
1271         pending_outbound_htlcs: Vec<OutboundHTLCOutput>,
1272         holding_cell_htlc_updates: Vec<HTLCUpdateAwaitingACK>,
1273
1274         /// When resending CS/RAA messages on channel monitor restoration or on reconnect, we always
1275         /// need to ensure we resend them in the order we originally generated them. Note that because
1276         /// there can only ever be one in-flight CS and/or one in-flight RAA at any time, it is
1277         /// sufficient to simply set this to the opposite of any message we are generating as we
1278         /// generate it. ie when we generate a CS, we set this to RAAFirst as, if there is a pending
1279         /// in-flight RAA to resend, it will have been the first thing we generated, and thus we should
1280         /// send it first.
1281         resend_order: RAACommitmentOrder,
1282
1283         monitor_pending_channel_ready: bool,
1284         monitor_pending_revoke_and_ack: bool,
1285         monitor_pending_commitment_signed: bool,
1286
1287         // TODO: If a channel is drop'd, we don't know whether the `ChannelMonitor` is ultimately
1288         // responsible for some of the HTLCs here or not - we don't know whether the update in question
1289         // completed or not. We currently ignore these fields entirely when force-closing a channel,
1290         // but need to handle this somehow or we run the risk of losing HTLCs!
1291         monitor_pending_forwards: Vec<(PendingHTLCInfo, u64)>,
1292         monitor_pending_failures: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
1293         monitor_pending_finalized_fulfills: Vec<HTLCSource>,
1294
1295         /// If we went to send a commitment update (ie some messages then [`msgs::CommitmentSigned`])
1296         /// but our signer (initially) refused to give us a signature, we should retry at some point in
1297         /// the future when the signer indicates it may have a signature for us.
1298         ///
1299         /// This flag is set in such a case. Note that we don't need to persist this as we'll end up
1300         /// setting it again as a side-effect of [`Channel::channel_reestablish`].
1301         signer_pending_commitment_update: bool,
1302         /// Similar to [`Self::signer_pending_commitment_update`] but we're waiting to send either a
1303         /// [`msgs::FundingCreated`] or [`msgs::FundingSigned`] depending on if this channel is
1304         /// outbound or inbound.
1305         signer_pending_funding: bool,
1306
1307         // pending_update_fee is filled when sending and receiving update_fee.
1308         //
1309         // Because it follows the same commitment flow as HTLCs, `FeeUpdateState` is either `Outbound`
1310         // or matches a subset of the `InboundHTLCOutput` variants. It is then updated/used when
1311         // generating new commitment transactions with exactly the same criteria as inbound/outbound
1312         // HTLCs with similar state.
1313         pending_update_fee: Option<(u32, FeeUpdateState)>,
1314         // If a `send_update_fee()` call is made with ChannelState::AwaitingRemoteRevoke set, we place
1315         // it here instead of `pending_update_fee` in the same way as we place outbound HTLC updates in
1316         // `holding_cell_htlc_updates` instead of `pending_outbound_htlcs`. It is released into
1317         // `pending_update_fee` with the same criteria as outbound HTLC updates but can be updated by
1318         // further `send_update_fee` calls, dropping the previous holding cell update entirely.
1319         holding_cell_update_fee: Option<u32>,
1320         next_holder_htlc_id: u64,
1321         next_counterparty_htlc_id: u64,
1322         feerate_per_kw: u32,
1323
1324         /// The timestamp set on our latest `channel_update` message for this channel. It is updated
1325         /// when the channel is updated in ways which may impact the `channel_update` message or when a
1326         /// new block is received, ensuring it's always at least moderately close to the current real
1327         /// time.
1328         update_time_counter: u32,
1329
1330         #[cfg(debug_assertions)]
1331         /// Max to_local and to_remote outputs in a locally-generated commitment transaction
1332         holder_max_commitment_tx_output: Mutex<(u64, u64)>,
1333         #[cfg(debug_assertions)]
1334         /// Max to_local and to_remote outputs in a remote-generated commitment transaction
1335         counterparty_max_commitment_tx_output: Mutex<(u64, u64)>,
1336
1337         last_sent_closing_fee: Option<(u64, Signature)>, // (fee, holder_sig)
1338         target_closing_feerate_sats_per_kw: Option<u32>,
1339
1340         /// If our counterparty sent us a closing_signed while we were waiting for a `ChannelMonitor`
1341         /// update, we need to delay processing it until later. We do that here by simply storing the
1342         /// closing_signed message and handling it in `maybe_propose_closing_signed`.
1343         pending_counterparty_closing_signed: Option<msgs::ClosingSigned>,
1344
1345         /// The minimum and maximum absolute fee, in satoshis, we are willing to place on the closing
1346         /// transaction. These are set once we reach `closing_negotiation_ready`.
1347         #[cfg(test)]
1348         pub(crate) closing_fee_limits: Option<(u64, u64)>,
1349         #[cfg(not(test))]
1350         closing_fee_limits: Option<(u64, u64)>,
1351
1352         /// If we remove an HTLC (or fee update), commit, and receive our counterparty's
1353         /// `revoke_and_ack`, we remove all knowledge of said HTLC (or fee update). However, the latest
1354         /// local commitment transaction that we can broadcast still contains the HTLC (or old fee)
1355         /// until we receive a further `commitment_signed`. Thus we are not eligible for initiating the
1356         /// `closing_signed` negotiation if we're expecting a counterparty `commitment_signed`.
1357         ///
1358         /// To ensure we don't send a `closing_signed` too early, we track this state here, waiting
1359         /// until we see a `commitment_signed` before doing so.
1360         ///
1361         /// We don't bother to persist this - we anticipate this state won't last longer than a few
1362         /// milliseconds, so any accidental force-closes here should be exceedingly rare.
1363         expecting_peer_commitment_signed: bool,
1364
1365         /// The hash of the block in which the funding transaction was included.
1366         funding_tx_confirmed_in: Option<BlockHash>,
1367         funding_tx_confirmation_height: u32,
1368         short_channel_id: Option<u64>,
1369         /// Either the height at which this channel was created or the height at which it was last
1370         /// serialized if it was serialized by versions prior to 0.0.103.
1371         /// We use this to close if funding is never broadcasted.
1372         channel_creation_height: u32,
1373
1374         counterparty_dust_limit_satoshis: u64,
1375
1376         #[cfg(test)]
1377         pub(super) holder_dust_limit_satoshis: u64,
1378         #[cfg(not(test))]
1379         holder_dust_limit_satoshis: u64,
1380
1381         #[cfg(test)]
1382         pub(super) counterparty_max_htlc_value_in_flight_msat: u64,
1383         #[cfg(not(test))]
1384         counterparty_max_htlc_value_in_flight_msat: u64,
1385
1386         #[cfg(test)]
1387         pub(super) holder_max_htlc_value_in_flight_msat: u64,
1388         #[cfg(not(test))]
1389         holder_max_htlc_value_in_flight_msat: u64,
1390
1391         /// minimum channel reserve for self to maintain - set by them.
1392         counterparty_selected_channel_reserve_satoshis: Option<u64>,
1393
1394         #[cfg(test)]
1395         pub(super) holder_selected_channel_reserve_satoshis: u64,
1396         #[cfg(not(test))]
1397         holder_selected_channel_reserve_satoshis: u64,
1398
1399         counterparty_htlc_minimum_msat: u64,
1400         holder_htlc_minimum_msat: u64,
1401         #[cfg(test)]
1402         pub counterparty_max_accepted_htlcs: u16,
1403         #[cfg(not(test))]
1404         counterparty_max_accepted_htlcs: u16,
1405         holder_max_accepted_htlcs: u16,
1406         minimum_depth: Option<u32>,
1407
1408         counterparty_forwarding_info: Option<CounterpartyForwardingInfo>,
1409
1410         pub(crate) channel_transaction_parameters: ChannelTransactionParameters,
1411         funding_transaction: Option<Transaction>,
1412         is_batch_funding: Option<()>,
1413
1414         counterparty_cur_commitment_point: Option<PublicKey>,
1415         counterparty_prev_commitment_point: Option<PublicKey>,
1416         counterparty_node_id: PublicKey,
1417
1418         counterparty_shutdown_scriptpubkey: Option<ScriptBuf>,
1419
1420         commitment_secrets: CounterpartyCommitmentSecrets,
1421
1422         channel_update_status: ChannelUpdateStatus,
1423         /// Once we reach `closing_negotiation_ready`, we set this, indicating if closing_signed does
1424         /// not complete within a single timer tick (one minute), we should force-close the channel.
1425         /// This prevents us from keeping unusable channels around forever if our counterparty wishes
1426         /// to DoS us.
1427         /// Note that this field is reset to false on deserialization to give us a chance to connect to
1428         /// our peer and start the closing_signed negotiation fresh.
1429         closing_signed_in_flight: bool,
1430
1431         /// Our counterparty's channel_announcement signatures provided in announcement_signatures.
1432         /// This can be used to rebroadcast the channel_announcement message later.
1433         announcement_sigs: Option<(Signature, Signature)>,
1434
1435         // We save these values so we can make sure `next_local_commit_tx_fee_msat` and
1436         // `next_remote_commit_tx_fee_msat` properly predict what the next commitment transaction fee will
1437         // be, by comparing the cached values to the fee of the tranaction generated by
1438         // `build_commitment_transaction`.
1439         #[cfg(any(test, fuzzing))]
1440         next_local_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
1441         #[cfg(any(test, fuzzing))]
1442         next_remote_commitment_tx_fee_info_cached: Mutex<Option<CommitmentTxInfoCached>>,
1443
1444         /// lnd has a long-standing bug where, upon reconnection, if the channel is not yet confirmed
1445         /// they will not send a channel_reestablish until the channel locks in. Then, they will send a
1446         /// channel_ready *before* sending the channel_reestablish (which is clearly a violation of
1447         /// the BOLT specs). We copy c-lightning's workaround here and simply store the channel_ready
1448         /// message until we receive a channel_reestablish.
1449         ///
1450         /// See-also <https://github.com/lightningnetwork/lnd/issues/4006>
1451         pub workaround_lnd_bug_4006: Option<msgs::ChannelReady>,
1452
1453         /// An option set when we wish to track how many ticks have elapsed while waiting for a response
1454         /// from our counterparty after sending a message. If the peer has yet to respond after reaching
1455         /// `DISCONNECT_PEER_AWAITING_RESPONSE_TICKS`, a reconnection should be attempted to try to
1456         /// unblock the state machine.
1457         ///
1458         /// This behavior is mostly motivated by a lnd bug in which we don't receive a message we expect
1459         /// to in a timely manner, which may lead to channels becoming unusable and/or force-closed. An
1460         /// example of such can be found at <https://github.com/lightningnetwork/lnd/issues/7682>.
1461         ///
1462         /// This is currently only used when waiting for a [`msgs::ChannelReestablish`] or
1463         /// [`msgs::RevokeAndACK`] message from the counterparty.
1464         sent_message_awaiting_response: Option<usize>,
1465
1466         #[cfg(any(test, fuzzing))]
1467         // When we receive an HTLC fulfill on an outbound path, we may immediately fulfill the
1468         // corresponding HTLC on the inbound path. If, then, the outbound path channel is
1469         // disconnected and reconnected (before we've exchange commitment_signed and revoke_and_ack
1470         // messages), they may re-broadcast their update_fulfill_htlc, causing a duplicate claim. This
1471         // is fine, but as a sanity check in our failure to generate the second claim, we check here
1472         // that the original was a claim, and that we aren't now trying to fulfill a failed HTLC.
1473         historical_inbound_htlc_fulfills: HashSet<u64>,
1474
1475         /// This channel's type, as negotiated during channel open
1476         channel_type: ChannelTypeFeatures,
1477
1478         // Our counterparty can offer us SCID aliases which they will map to this channel when routing
1479         // outbound payments. These can be used in invoice route hints to avoid explicitly revealing
1480         // the channel's funding UTXO.
1481         //
1482         // We also use this when sending our peer a channel_update that isn't to be broadcasted
1483         // publicly - allowing them to re-use their map of SCID -> channel for channel_update ->
1484         // associated channel mapping.
1485         //
1486         // We only bother storing the most recent SCID alias at any time, though our counterparty has
1487         // to store all of them.
1488         latest_inbound_scid_alias: Option<u64>,
1489
1490         // We always offer our counterparty a static SCID alias, which we recognize as for this channel
1491         // if we see it in HTLC forwarding instructions. We don't bother rotating the alias given we
1492         // don't currently support node id aliases and eventually privacy should be provided with
1493         // blinded paths instead of simple scid+node_id aliases.
1494         outbound_scid_alias: u64,
1495
1496         // We track whether we already emitted a `ChannelPending` event.
1497         channel_pending_event_emitted: bool,
1498
1499         // We track whether we already emitted a `ChannelReady` event.
1500         channel_ready_event_emitted: bool,
1501
1502         /// Some if we initiated to shut down the channel.
1503         local_initiated_shutdown: Option<()>,
1504
1505         /// The unique identifier used to re-derive the private key material for the channel through
1506         /// [`SignerProvider::derive_channel_signer`].
1507         #[cfg(not(test))]
1508         channel_keys_id: [u8; 32],
1509         #[cfg(test)]
1510         pub channel_keys_id: [u8; 32],
1511
1512         /// If we can't release a [`ChannelMonitorUpdate`] until some external action completes, we
1513         /// store it here and only release it to the `ChannelManager` once it asks for it.
1514         blocked_monitor_updates: Vec<PendingChannelMonitorUpdate>,
1515 }
1516
1517 impl<SP: Deref> ChannelContext<SP> where SP::Target: SignerProvider  {
1518         fn new_for_inbound_channel<'a, ES: Deref, F: Deref, L: Deref>(
1519                 fee_estimator: &'a LowerBoundedFeeEstimator<F>,
1520                 entropy_source: &'a ES,
1521                 signer_provider: &'a SP,
1522                 counterparty_node_id: PublicKey,
1523                 their_features: &'a InitFeatures,
1524                 user_id: u128,
1525                 config: &'a UserConfig,
1526                 current_chain_height: u32,
1527                 logger: &'a L,
1528                 is_0conf: bool,
1529                 our_funding_satoshis: u64,
1530                 counterparty_pubkeys: ChannelPublicKeys,
1531                 channel_type: ChannelTypeFeatures,
1532                 holder_selected_channel_reserve_satoshis: u64,
1533                 msg_channel_reserve_satoshis: u64,
1534                 msg_push_msat: u64,
1535                 open_channel_fields: msgs::CommonOpenChannelFields,
1536         ) -> Result<ChannelContext<SP>, ChannelError>
1537                 where
1538                         ES::Target: EntropySource,
1539                         F::Target: FeeEstimator,
1540                         L::Target: Logger,
1541                         SP::Target: SignerProvider,
1542         {
1543                 let logger = WithContext::from(logger, Some(counterparty_node_id), Some(open_channel_fields.temporary_channel_id));
1544                 let announced_channel = if (open_channel_fields.channel_flags & 1) == 1 { true } else { false };
1545
1546                 let channel_value_satoshis = our_funding_satoshis.saturating_add(open_channel_fields.funding_satoshis);
1547
1548                 let channel_keys_id = signer_provider.generate_channel_keys_id(true, channel_value_satoshis, user_id);
1549                 let holder_signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
1550                 let pubkeys = holder_signer.pubkeys().clone();
1551
1552                 if config.channel_handshake_config.our_to_self_delay < BREAKDOWN_TIMEOUT {
1553                         return Err(ChannelError::Close(format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks. It must be greater than {}", config.channel_handshake_config.our_to_self_delay, BREAKDOWN_TIMEOUT)));
1554                 }
1555
1556                 // Check sanity of message fields:
1557                 if channel_value_satoshis > config.channel_handshake_limits.max_funding_satoshis {
1558                         return Err(ChannelError::Close(format!(
1559                                 "Per our config, funding must be at most {}. It was {}. Peer contribution: {}. Our contribution: {}",
1560                                 config.channel_handshake_limits.max_funding_satoshis, channel_value_satoshis,
1561                                 open_channel_fields.funding_satoshis, our_funding_satoshis)));
1562                 }
1563                 if channel_value_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
1564                         return Err(ChannelError::Close(format!("Funding must be smaller than the total bitcoin supply. It was {}", channel_value_satoshis)));
1565                 }
1566                 if msg_channel_reserve_satoshis > channel_value_satoshis {
1567                         return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must be no greater than channel_value_satoshis: {}", msg_channel_reserve_satoshis, channel_value_satoshis)));
1568                 }
1569                 let full_channel_value_msat = (channel_value_satoshis - msg_channel_reserve_satoshis) * 1000;
1570                 if msg_push_msat > full_channel_value_msat {
1571                         return Err(ChannelError::Close(format!("push_msat {} was larger than channel amount minus reserve ({})", msg_push_msat, full_channel_value_msat)));
1572                 }
1573                 if open_channel_fields.dust_limit_satoshis > channel_value_satoshis {
1574                         return Err(ChannelError::Close(format!("dust_limit_satoshis {} was larger than channel_value_satoshis {}. Peer never wants payout outputs?", open_channel_fields.dust_limit_satoshis, channel_value_satoshis)));
1575                 }
1576                 if open_channel_fields.htlc_minimum_msat >= full_channel_value_msat {
1577                         return Err(ChannelError::Close(format!("Minimum htlc value ({}) was larger than full channel value ({})", open_channel_fields.htlc_minimum_msat, full_channel_value_msat)));
1578                 }
1579                 Channel::<SP>::check_remote_fee(&channel_type, fee_estimator, open_channel_fields.commitment_feerate_sat_per_1000_weight, None, &&logger)?;
1580
1581                 let max_counterparty_selected_contest_delay = u16::min(config.channel_handshake_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
1582                 if open_channel_fields.to_self_delay > max_counterparty_selected_contest_delay {
1583                         return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_counterparty_selected_contest_delay, open_channel_fields.to_self_delay)));
1584                 }
1585                 if open_channel_fields.max_accepted_htlcs < 1 {
1586                         return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
1587                 }
1588                 if open_channel_fields.max_accepted_htlcs > MAX_HTLCS {
1589                         return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", open_channel_fields.max_accepted_htlcs, MAX_HTLCS)));
1590                 }
1591
1592                 // Now check against optional parameters as set by config...
1593                 if channel_value_satoshis < config.channel_handshake_limits.min_funding_satoshis {
1594                         return Err(ChannelError::Close(format!("Funding satoshis ({}) is less than the user specified limit ({})", channel_value_satoshis, config.channel_handshake_limits.min_funding_satoshis)));
1595                 }
1596                 if open_channel_fields.htlc_minimum_msat > config.channel_handshake_limits.max_htlc_minimum_msat {
1597                         return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", open_channel_fields.htlc_minimum_msat, config.channel_handshake_limits.max_htlc_minimum_msat)));
1598                 }
1599                 if open_channel_fields.max_htlc_value_in_flight_msat < config.channel_handshake_limits.min_max_htlc_value_in_flight_msat {
1600                         return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", open_channel_fields.max_htlc_value_in_flight_msat, config.channel_handshake_limits.min_max_htlc_value_in_flight_msat)));
1601                 }
1602                 if msg_channel_reserve_satoshis > config.channel_handshake_limits.max_channel_reserve_satoshis {
1603                         return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg_channel_reserve_satoshis, config.channel_handshake_limits.max_channel_reserve_satoshis)));
1604                 }
1605                 if open_channel_fields.max_accepted_htlcs < config.channel_handshake_limits.min_max_accepted_htlcs {
1606                         return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", open_channel_fields.max_accepted_htlcs, config.channel_handshake_limits.min_max_accepted_htlcs)));
1607                 }
1608                 if open_channel_fields.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
1609                         return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", open_channel_fields.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
1610                 }
1611                 if open_channel_fields.dust_limit_satoshis >  MAX_CHAN_DUST_LIMIT_SATOSHIS {
1612                         return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", open_channel_fields.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
1613                 }
1614
1615                 // Convert things into internal flags and prep our state:
1616
1617                 if config.channel_handshake_limits.force_announced_channel_preference {
1618                         if config.channel_handshake_config.announced_channel != announced_channel {
1619                                 return Err(ChannelError::Close("Peer tried to open channel but their announcement preference is different from ours".to_owned()));
1620                         }
1621                 }
1622
1623                 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
1624                         // Protocol level safety check in place, although it should never happen because
1625                         // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
1626                         return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({}). dust_limit_satoshis is ({}).", holder_selected_channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
1627                 }
1628                 if holder_selected_channel_reserve_satoshis * 1000 >= full_channel_value_msat {
1629                         return Err(ChannelError::Close(format!("Suitable channel reserve not found. remote_channel_reserve was ({})msats. Channel value is ({} - {})msats.", holder_selected_channel_reserve_satoshis * 1000, full_channel_value_msat, msg_push_msat)));
1630                 }
1631                 if msg_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
1632                         log_debug!(logger, "channel_reserve_satoshis ({}) is smaller than our dust limit ({}). We can broadcast stale states without any risk, implying this channel is very insecure for our counterparty.",
1633                                 msg_channel_reserve_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS);
1634                 }
1635                 if holder_selected_channel_reserve_satoshis < open_channel_fields.dust_limit_satoshis {
1636                         return Err(ChannelError::Close(format!("Dust limit ({}) too high for the channel reserve we require the remote to keep ({})", open_channel_fields.dust_limit_satoshis, holder_selected_channel_reserve_satoshis)));
1637                 }
1638
1639                 // check if the funder's amount for the initial commitment tx is sufficient
1640                 // for full fee payment plus a few HTLCs to ensure the channel will be useful.
1641                 let anchor_outputs_value = if channel_type.supports_anchors_zero_fee_htlc_tx() {
1642                         ANCHOR_OUTPUT_VALUE_SATOSHI * 2
1643                 } else {
1644                         0
1645                 };
1646                 let funders_amount_msat = open_channel_fields.funding_satoshis * 1000 - msg_push_msat;
1647                 let commitment_tx_fee = commit_tx_fee_msat(open_channel_fields.commitment_feerate_sat_per_1000_weight, MIN_AFFORDABLE_HTLC_COUNT, &channel_type) / 1000;
1648                 if (funders_amount_msat / 1000).saturating_sub(anchor_outputs_value) < commitment_tx_fee {
1649                         return Err(ChannelError::Close(format!("Funding amount ({} sats) can't even pay fee for initial commitment transaction fee of {} sats.", (funders_amount_msat / 1000).saturating_sub(anchor_outputs_value), commitment_tx_fee)));
1650                 }
1651
1652                 let to_remote_satoshis = funders_amount_msat / 1000 - commitment_tx_fee - anchor_outputs_value;
1653                 // While it's reasonable for us to not meet the channel reserve initially (if they don't
1654                 // want to push much to us), our counterparty should always have more than our reserve.
1655                 if to_remote_satoshis < holder_selected_channel_reserve_satoshis {
1656                         return Err(ChannelError::Close("Insufficient funding amount for initial reserve".to_owned()));
1657                 }
1658
1659                 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
1660                         match &open_channel_fields.shutdown_scriptpubkey {
1661                                 &Some(ref script) => {
1662                                         // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
1663                                         if script.len() == 0 {
1664                                                 None
1665                                         } else {
1666                                                 if !script::is_bolt2_compliant(&script, their_features) {
1667                                                         return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)))
1668                                                 }
1669                                                 Some(script.clone())
1670                                         }
1671                                 },
1672                                 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
1673                                 &None => {
1674                                         return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
1675                                 }
1676                         }
1677                 } else { None };
1678
1679                 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
1680                         match signer_provider.get_shutdown_scriptpubkey() {
1681                                 Ok(scriptpubkey) => Some(scriptpubkey),
1682                                 Err(_) => return Err(ChannelError::Close("Failed to get upfront shutdown scriptpubkey".to_owned())),
1683                         }
1684                 } else { None };
1685
1686                 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
1687                         if !shutdown_scriptpubkey.is_compatible(&their_features) {
1688                                 return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
1689                         }
1690                 }
1691
1692                 let destination_script = match signer_provider.get_destination_script(channel_keys_id) {
1693                         Ok(script) => script,
1694                         Err(_) => return Err(ChannelError::Close("Failed to get destination script".to_owned())),
1695                 };
1696
1697                 let mut secp_ctx = Secp256k1::new();
1698                 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
1699
1700                 let minimum_depth = if is_0conf {
1701                         Some(0)
1702                 } else {
1703                         Some(cmp::max(config.channel_handshake_config.minimum_depth, 1))
1704                 };
1705
1706                 let value_to_self_msat = our_funding_satoshis * 1000 + msg_push_msat;
1707
1708                 // TODO(dual_funding): Checks for `funding_feerate_sat_per_1000_weight`?
1709
1710                 let channel_context = ChannelContext {
1711                         user_id,
1712
1713                         config: LegacyChannelConfig {
1714                                 options: config.channel_config.clone(),
1715                                 announced_channel,
1716                                 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
1717                         },
1718
1719                         prev_config: None,
1720
1721                         inbound_handshake_limits_override: None,
1722
1723                         temporary_channel_id: Some(open_channel_fields.temporary_channel_id),
1724                         channel_id: open_channel_fields.temporary_channel_id,
1725                         channel_state: ChannelState::NegotiatingFunding(
1726                                 NegotiatingFundingFlags::OUR_INIT_SENT | NegotiatingFundingFlags::THEIR_INIT_SENT
1727                         ),
1728                         announcement_sigs_state: AnnouncementSigsState::NotSent,
1729                         secp_ctx,
1730
1731                         latest_monitor_update_id: 0,
1732
1733                         holder_signer: ChannelSignerType::Ecdsa(holder_signer),
1734                         shutdown_scriptpubkey,
1735                         destination_script,
1736
1737                         cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
1738                         cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
1739                         value_to_self_msat,
1740
1741                         pending_inbound_htlcs: Vec::new(),
1742                         pending_outbound_htlcs: Vec::new(),
1743                         holding_cell_htlc_updates: Vec::new(),
1744                         pending_update_fee: None,
1745                         holding_cell_update_fee: None,
1746                         next_holder_htlc_id: 0,
1747                         next_counterparty_htlc_id: 0,
1748                         update_time_counter: 1,
1749
1750                         resend_order: RAACommitmentOrder::CommitmentFirst,
1751
1752                         monitor_pending_channel_ready: false,
1753                         monitor_pending_revoke_and_ack: false,
1754                         monitor_pending_commitment_signed: false,
1755                         monitor_pending_forwards: Vec::new(),
1756                         monitor_pending_failures: Vec::new(),
1757                         monitor_pending_finalized_fulfills: Vec::new(),
1758
1759                         signer_pending_commitment_update: false,
1760                         signer_pending_funding: false,
1761
1762
1763                         #[cfg(debug_assertions)]
1764                         holder_max_commitment_tx_output: Mutex::new((value_to_self_msat, (channel_value_satoshis * 1000 - msg_push_msat).saturating_sub(value_to_self_msat))),
1765                         #[cfg(debug_assertions)]
1766                         counterparty_max_commitment_tx_output: Mutex::new((value_to_self_msat, (channel_value_satoshis * 1000 - msg_push_msat).saturating_sub(value_to_self_msat))),
1767
1768                         last_sent_closing_fee: None,
1769                         pending_counterparty_closing_signed: None,
1770                         expecting_peer_commitment_signed: false,
1771                         closing_fee_limits: None,
1772                         target_closing_feerate_sats_per_kw: None,
1773
1774                         funding_tx_confirmed_in: None,
1775                         funding_tx_confirmation_height: 0,
1776                         short_channel_id: None,
1777                         channel_creation_height: current_chain_height,
1778
1779                         feerate_per_kw: open_channel_fields.commitment_feerate_sat_per_1000_weight,
1780                         channel_value_satoshis,
1781                         counterparty_dust_limit_satoshis: open_channel_fields.dust_limit_satoshis,
1782                         holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
1783                         counterparty_max_htlc_value_in_flight_msat: cmp::min(open_channel_fields.max_htlc_value_in_flight_msat, channel_value_satoshis * 1000),
1784                         holder_max_htlc_value_in_flight_msat: get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &config.channel_handshake_config),
1785                         counterparty_selected_channel_reserve_satoshis: Some(msg_channel_reserve_satoshis),
1786                         holder_selected_channel_reserve_satoshis,
1787                         counterparty_htlc_minimum_msat: open_channel_fields.htlc_minimum_msat,
1788                         holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
1789                         counterparty_max_accepted_htlcs: open_channel_fields.max_accepted_htlcs,
1790                         holder_max_accepted_htlcs: cmp::min(config.channel_handshake_config.our_max_accepted_htlcs, MAX_HTLCS),
1791                         minimum_depth,
1792
1793                         counterparty_forwarding_info: None,
1794
1795                         channel_transaction_parameters: ChannelTransactionParameters {
1796                                 holder_pubkeys: pubkeys,
1797                                 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
1798                                 is_outbound_from_holder: false,
1799                                 counterparty_parameters: Some(CounterpartyChannelTransactionParameters {
1800                                         selected_contest_delay: open_channel_fields.to_self_delay,
1801                                         pubkeys: counterparty_pubkeys,
1802                                 }),
1803                                 funding_outpoint: None,
1804                                 channel_type_features: channel_type.clone()
1805                         },
1806                         funding_transaction: None,
1807                         is_batch_funding: None,
1808
1809                         counterparty_cur_commitment_point: Some(open_channel_fields.first_per_commitment_point),
1810                         counterparty_prev_commitment_point: None,
1811                         counterparty_node_id,
1812
1813                         counterparty_shutdown_scriptpubkey,
1814
1815                         commitment_secrets: CounterpartyCommitmentSecrets::new(),
1816
1817                         channel_update_status: ChannelUpdateStatus::Enabled,
1818                         closing_signed_in_flight: false,
1819
1820                         announcement_sigs: None,
1821
1822                         #[cfg(any(test, fuzzing))]
1823                         next_local_commitment_tx_fee_info_cached: Mutex::new(None),
1824                         #[cfg(any(test, fuzzing))]
1825                         next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
1826
1827                         workaround_lnd_bug_4006: None,
1828                         sent_message_awaiting_response: None,
1829
1830                         latest_inbound_scid_alias: None,
1831                         outbound_scid_alias: 0,
1832
1833                         channel_pending_event_emitted: false,
1834                         channel_ready_event_emitted: false,
1835
1836                         #[cfg(any(test, fuzzing))]
1837                         historical_inbound_htlc_fulfills: new_hash_set(),
1838
1839                         channel_type,
1840                         channel_keys_id,
1841
1842                         local_initiated_shutdown: None,
1843
1844                         blocked_monitor_updates: Vec::new(),
1845                 };
1846
1847                 Ok(channel_context)
1848         }
1849
1850         fn new_for_outbound_channel<'a, ES: Deref, F: Deref>(
1851                 fee_estimator: &'a LowerBoundedFeeEstimator<F>,
1852                 entropy_source: &'a ES,
1853                 signer_provider: &'a SP,
1854                 counterparty_node_id: PublicKey,
1855                 their_features: &'a InitFeatures,
1856                 funding_satoshis: u64,
1857                 push_msat: u64,
1858                 user_id: u128,
1859                 config: &'a UserConfig,
1860                 current_chain_height: u32,
1861                 outbound_scid_alias: u64,
1862                 temporary_channel_id: Option<ChannelId>,
1863                 holder_selected_channel_reserve_satoshis: u64,
1864                 channel_keys_id: [u8; 32],
1865                 holder_signer: <SP::Target as SignerProvider>::EcdsaSigner,
1866                 pubkeys: ChannelPublicKeys,
1867         ) -> Result<ChannelContext<SP>, APIError>
1868                 where
1869                         ES::Target: EntropySource,
1870                         F::Target: FeeEstimator,
1871                         SP::Target: SignerProvider,
1872         {
1873                 // This will be updated with the counterparty contribution if this is a dual-funded channel
1874                 let channel_value_satoshis = funding_satoshis;
1875
1876                 let holder_selected_contest_delay = config.channel_handshake_config.our_to_self_delay;
1877
1878                 if !their_features.supports_wumbo() && channel_value_satoshis > MAX_FUNDING_SATOSHIS_NO_WUMBO {
1879                         return Err(APIError::APIMisuseError{err: format!("funding_value must not exceed {}, it was {}", MAX_FUNDING_SATOSHIS_NO_WUMBO, channel_value_satoshis)});
1880                 }
1881                 if channel_value_satoshis >= TOTAL_BITCOIN_SUPPLY_SATOSHIS {
1882                         return Err(APIError::APIMisuseError{err: format!("funding_value must be smaller than the total bitcoin supply, it was {}", channel_value_satoshis)});
1883                 }
1884                 let channel_value_msat = channel_value_satoshis * 1000;
1885                 if push_msat > channel_value_msat {
1886                         return Err(APIError::APIMisuseError { err: format!("Push value ({}) was larger than channel_value ({})", push_msat, channel_value_msat) });
1887                 }
1888                 if holder_selected_contest_delay < BREAKDOWN_TIMEOUT {
1889                         return Err(APIError::APIMisuseError {err: format!("Configured with an unreasonable our_to_self_delay ({}) putting user funds at risks", holder_selected_contest_delay)});
1890                 }
1891
1892                 let channel_type = get_initial_channel_type(&config, their_features);
1893                 debug_assert!(channel_type.is_subset(&channelmanager::provided_channel_type_features(&config)));
1894
1895                 let (commitment_conf_target, anchor_outputs_value_msat)  = if channel_type.supports_anchors_zero_fee_htlc_tx() {
1896                         (ConfirmationTarget::AnchorChannelFee, ANCHOR_OUTPUT_VALUE_SATOSHI * 2 * 1000)
1897                 } else {
1898                         (ConfirmationTarget::NonAnchorChannelFee, 0)
1899                 };
1900                 let commitment_feerate = fee_estimator.bounded_sat_per_1000_weight(commitment_conf_target);
1901
1902                 let value_to_self_msat = channel_value_satoshis * 1000 - push_msat;
1903                 let commitment_tx_fee = commit_tx_fee_msat(commitment_feerate, MIN_AFFORDABLE_HTLC_COUNT, &channel_type);
1904                 if value_to_self_msat.saturating_sub(anchor_outputs_value_msat) < commitment_tx_fee {
1905                         return Err(APIError::APIMisuseError{ err: format!("Funding amount ({}) can't even pay fee for initial commitment transaction fee of {}.", value_to_self_msat / 1000, commitment_tx_fee / 1000) });
1906                 }
1907
1908                 let mut secp_ctx = Secp256k1::new();
1909                 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
1910
1911                 let shutdown_scriptpubkey = if config.channel_handshake_config.commit_upfront_shutdown_pubkey {
1912                         match signer_provider.get_shutdown_scriptpubkey() {
1913                                 Ok(scriptpubkey) => Some(scriptpubkey),
1914                                 Err(_) => return Err(APIError::ChannelUnavailable { err: "Failed to get shutdown scriptpubkey".to_owned()}),
1915                         }
1916                 } else { None };
1917
1918                 if let Some(shutdown_scriptpubkey) = &shutdown_scriptpubkey {
1919                         if !shutdown_scriptpubkey.is_compatible(&their_features) {
1920                                 return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
1921                         }
1922                 }
1923
1924                 let destination_script = match signer_provider.get_destination_script(channel_keys_id) {
1925                         Ok(script) => script,
1926                         Err(_) => return Err(APIError::ChannelUnavailable { err: "Failed to get destination script".to_owned()}),
1927                 };
1928
1929                 let temporary_channel_id = temporary_channel_id.unwrap_or_else(|| ChannelId::temporary_from_entropy_source(entropy_source));
1930
1931                 Ok(Self {
1932                         user_id,
1933
1934                         config: LegacyChannelConfig {
1935                                 options: config.channel_config.clone(),
1936                                 announced_channel: config.channel_handshake_config.announced_channel,
1937                                 commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
1938                         },
1939
1940                         prev_config: None,
1941
1942                         inbound_handshake_limits_override: Some(config.channel_handshake_limits.clone()),
1943
1944                         channel_id: temporary_channel_id,
1945                         temporary_channel_id: Some(temporary_channel_id),
1946                         channel_state: ChannelState::NegotiatingFunding(NegotiatingFundingFlags::OUR_INIT_SENT),
1947                         announcement_sigs_state: AnnouncementSigsState::NotSent,
1948                         secp_ctx,
1949                         // We'll add our counterparty's `funding_satoshis` when we receive `accept_channel2`.
1950                         channel_value_satoshis,
1951
1952                         latest_monitor_update_id: 0,
1953
1954                         holder_signer: ChannelSignerType::Ecdsa(holder_signer),
1955                         shutdown_scriptpubkey,
1956                         destination_script,
1957
1958                         cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
1959                         cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
1960                         value_to_self_msat,
1961
1962                         pending_inbound_htlcs: Vec::new(),
1963                         pending_outbound_htlcs: Vec::new(),
1964                         holding_cell_htlc_updates: Vec::new(),
1965                         pending_update_fee: None,
1966                         holding_cell_update_fee: None,
1967                         next_holder_htlc_id: 0,
1968                         next_counterparty_htlc_id: 0,
1969                         update_time_counter: 1,
1970
1971                         resend_order: RAACommitmentOrder::CommitmentFirst,
1972
1973                         monitor_pending_channel_ready: false,
1974                         monitor_pending_revoke_and_ack: false,
1975                         monitor_pending_commitment_signed: false,
1976                         monitor_pending_forwards: Vec::new(),
1977                         monitor_pending_failures: Vec::new(),
1978                         monitor_pending_finalized_fulfills: Vec::new(),
1979
1980                         signer_pending_commitment_update: false,
1981                         signer_pending_funding: false,
1982
1983                         // We'll add our counterparty's `funding_satoshis` to these max commitment output assertions
1984                         // when we receive `accept_channel2`.
1985                         #[cfg(debug_assertions)]
1986                         holder_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
1987                         #[cfg(debug_assertions)]
1988                         counterparty_max_commitment_tx_output: Mutex::new((channel_value_satoshis * 1000 - push_msat, push_msat)),
1989
1990                         last_sent_closing_fee: None,
1991                         pending_counterparty_closing_signed: None,
1992                         expecting_peer_commitment_signed: false,
1993                         closing_fee_limits: None,
1994                         target_closing_feerate_sats_per_kw: None,
1995
1996                         funding_tx_confirmed_in: None,
1997                         funding_tx_confirmation_height: 0,
1998                         short_channel_id: None,
1999                         channel_creation_height: current_chain_height,
2000
2001                         feerate_per_kw: commitment_feerate,
2002                         counterparty_dust_limit_satoshis: 0,
2003                         holder_dust_limit_satoshis: MIN_CHAN_DUST_LIMIT_SATOSHIS,
2004                         counterparty_max_htlc_value_in_flight_msat: 0,
2005                         // We'll adjust this to include our counterparty's `funding_satoshis` when we
2006                         // receive `accept_channel2`.
2007                         holder_max_htlc_value_in_flight_msat: get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &config.channel_handshake_config),
2008                         counterparty_selected_channel_reserve_satoshis: None, // Filled in in accept_channel
2009                         holder_selected_channel_reserve_satoshis,
2010                         counterparty_htlc_minimum_msat: 0,
2011                         holder_htlc_minimum_msat: if config.channel_handshake_config.our_htlc_minimum_msat == 0 { 1 } else { config.channel_handshake_config.our_htlc_minimum_msat },
2012                         counterparty_max_accepted_htlcs: 0,
2013                         holder_max_accepted_htlcs: cmp::min(config.channel_handshake_config.our_max_accepted_htlcs, MAX_HTLCS),
2014                         minimum_depth: None, // Filled in in accept_channel
2015
2016                         counterparty_forwarding_info: None,
2017
2018                         channel_transaction_parameters: ChannelTransactionParameters {
2019                                 holder_pubkeys: pubkeys,
2020                                 holder_selected_contest_delay: config.channel_handshake_config.our_to_self_delay,
2021                                 is_outbound_from_holder: true,
2022                                 counterparty_parameters: None,
2023                                 funding_outpoint: None,
2024                                 channel_type_features: channel_type.clone()
2025                         },
2026                         funding_transaction: None,
2027                         is_batch_funding: None,
2028
2029                         counterparty_cur_commitment_point: None,
2030                         counterparty_prev_commitment_point: None,
2031                         counterparty_node_id,
2032
2033                         counterparty_shutdown_scriptpubkey: None,
2034
2035                         commitment_secrets: CounterpartyCommitmentSecrets::new(),
2036
2037                         channel_update_status: ChannelUpdateStatus::Enabled,
2038                         closing_signed_in_flight: false,
2039
2040                         announcement_sigs: None,
2041
2042                         #[cfg(any(test, fuzzing))]
2043                         next_local_commitment_tx_fee_info_cached: Mutex::new(None),
2044                         #[cfg(any(test, fuzzing))]
2045                         next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
2046
2047                         workaround_lnd_bug_4006: None,
2048                         sent_message_awaiting_response: None,
2049
2050                         latest_inbound_scid_alias: None,
2051                         outbound_scid_alias,
2052
2053                         channel_pending_event_emitted: false,
2054                         channel_ready_event_emitted: false,
2055
2056                         #[cfg(any(test, fuzzing))]
2057                         historical_inbound_htlc_fulfills: new_hash_set(),
2058
2059                         channel_type,
2060                         channel_keys_id,
2061
2062                         blocked_monitor_updates: Vec::new(),
2063                         local_initiated_shutdown: None,
2064                 })
2065         }
2066
2067         /// Allowed in any state (including after shutdown)
2068         pub fn get_update_time_counter(&self) -> u32 {
2069                 self.update_time_counter
2070         }
2071
2072         pub fn get_latest_monitor_update_id(&self) -> u64 {
2073                 self.latest_monitor_update_id
2074         }
2075
2076         pub fn should_announce(&self) -> bool {
2077                 self.config.announced_channel
2078         }
2079
2080         pub fn is_outbound(&self) -> bool {
2081                 self.channel_transaction_parameters.is_outbound_from_holder
2082         }
2083
2084         /// Gets the fee we'd want to charge for adding an HTLC output to this Channel
2085         /// Allowed in any state (including after shutdown)
2086         pub fn get_outbound_forwarding_fee_base_msat(&self) -> u32 {
2087                 self.config.options.forwarding_fee_base_msat
2088         }
2089
2090         /// Returns true if we've ever received a message from the remote end for this Channel
2091         pub fn have_received_message(&self) -> bool {
2092                 self.channel_state > ChannelState::NegotiatingFunding(NegotiatingFundingFlags::OUR_INIT_SENT)
2093         }
2094
2095         /// Returns true if this channel is fully established and not known to be closing.
2096         /// Allowed in any state (including after shutdown)
2097         pub fn is_usable(&self) -> bool {
2098                 matches!(self.channel_state, ChannelState::ChannelReady(_)) &&
2099                         !self.channel_state.is_local_shutdown_sent() &&
2100                         !self.channel_state.is_remote_shutdown_sent() &&
2101                         !self.monitor_pending_channel_ready
2102         }
2103
2104         /// shutdown state returns the state of the channel in its various stages of shutdown
2105         pub fn shutdown_state(&self) -> ChannelShutdownState {
2106                 match self.channel_state {
2107                         ChannelState::AwaitingChannelReady(_)|ChannelState::ChannelReady(_) =>
2108                                 if self.channel_state.is_local_shutdown_sent() && !self.channel_state.is_remote_shutdown_sent() {
2109                                         ChannelShutdownState::ShutdownInitiated
2110                                 } else if (self.channel_state.is_local_shutdown_sent() || self.channel_state.is_remote_shutdown_sent()) && !self.closing_negotiation_ready() {
2111                                         ChannelShutdownState::ResolvingHTLCs
2112                                 } else if (self.channel_state.is_local_shutdown_sent() || self.channel_state.is_remote_shutdown_sent()) && self.closing_negotiation_ready() {
2113                                         ChannelShutdownState::NegotiatingClosingFee
2114                                 } else {
2115                                         ChannelShutdownState::NotShuttingDown
2116                                 },
2117                         ChannelState::ShutdownComplete => ChannelShutdownState::ShutdownComplete,
2118                         _ => ChannelShutdownState::NotShuttingDown,
2119                 }
2120         }
2121
2122         fn closing_negotiation_ready(&self) -> bool {
2123                 let is_ready_to_close = match self.channel_state {
2124                         ChannelState::AwaitingChannelReady(flags) =>
2125                                 flags & FundedStateFlags::ALL == FundedStateFlags::LOCAL_SHUTDOWN_SENT | FundedStateFlags::REMOTE_SHUTDOWN_SENT,
2126                         ChannelState::ChannelReady(flags) =>
2127                                 flags == FundedStateFlags::LOCAL_SHUTDOWN_SENT | FundedStateFlags::REMOTE_SHUTDOWN_SENT,
2128                         _ => false,
2129                 };
2130                 self.pending_inbound_htlcs.is_empty() &&
2131                         self.pending_outbound_htlcs.is_empty() &&
2132                         self.pending_update_fee.is_none() &&
2133                         is_ready_to_close
2134         }
2135
2136         /// Returns true if this channel is currently available for use. This is a superset of
2137         /// is_usable() and considers things like the channel being temporarily disabled.
2138         /// Allowed in any state (including after shutdown)
2139         pub fn is_live(&self) -> bool {
2140                 self.is_usable() && !self.channel_state.is_peer_disconnected()
2141         }
2142
2143         // Public utilities:
2144
2145         pub fn channel_id(&self) -> ChannelId {
2146                 self.channel_id
2147         }
2148
2149         // Return the `temporary_channel_id` used during channel establishment.
2150         //
2151         // Will return `None` for channels created prior to LDK version 0.0.115.
2152         pub fn temporary_channel_id(&self) -> Option<ChannelId> {
2153                 self.temporary_channel_id
2154         }
2155
2156         pub fn minimum_depth(&self) -> Option<u32> {
2157                 self.minimum_depth
2158         }
2159
2160         /// Gets the "user_id" value passed into the construction of this channel. It has no special
2161         /// meaning and exists only to allow users to have a persistent identifier of a channel.
2162         pub fn get_user_id(&self) -> u128 {
2163                 self.user_id
2164         }
2165
2166         /// Gets the channel's type
2167         pub fn get_channel_type(&self) -> &ChannelTypeFeatures {
2168                 &self.channel_type
2169         }
2170
2171         /// Gets the channel's `short_channel_id`.
2172         ///
2173         /// Will return `None` if the channel hasn't been confirmed yet.
2174         pub fn get_short_channel_id(&self) -> Option<u64> {
2175                 self.short_channel_id
2176         }
2177
2178         /// Allowed in any state (including after shutdown)
2179         pub fn latest_inbound_scid_alias(&self) -> Option<u64> {
2180                 self.latest_inbound_scid_alias
2181         }
2182
2183         /// Allowed in any state (including after shutdown)
2184         pub fn outbound_scid_alias(&self) -> u64 {
2185                 self.outbound_scid_alias
2186         }
2187
2188         /// Returns the holder signer for this channel.
2189         #[cfg(test)]
2190         pub fn get_signer(&self) -> &ChannelSignerType<SP> {
2191                 return &self.holder_signer
2192         }
2193
2194         /// Only allowed immediately after deserialization if get_outbound_scid_alias returns 0,
2195         /// indicating we were written by LDK prior to 0.0.106 which did not set outbound SCID aliases
2196         /// or prior to any channel actions during `Channel` initialization.
2197         pub fn set_outbound_scid_alias(&mut self, outbound_scid_alias: u64) {
2198                 debug_assert_eq!(self.outbound_scid_alias, 0);
2199                 self.outbound_scid_alias = outbound_scid_alias;
2200         }
2201
2202         /// Returns the funding_txo we either got from our peer, or were given by
2203         /// get_funding_created.
2204         pub fn get_funding_txo(&self) -> Option<OutPoint> {
2205                 self.channel_transaction_parameters.funding_outpoint
2206         }
2207
2208         /// Returns the height in which our funding transaction was confirmed.
2209         pub fn get_funding_tx_confirmation_height(&self) -> Option<u32> {
2210                 let conf_height = self.funding_tx_confirmation_height;
2211                 if conf_height > 0 {
2212                         Some(conf_height)
2213                 } else {
2214                         None
2215                 }
2216         }
2217
2218         /// Returns the block hash in which our funding transaction was confirmed.
2219         pub fn get_funding_tx_confirmed_in(&self) -> Option<BlockHash> {
2220                 self.funding_tx_confirmed_in
2221         }
2222
2223         /// Returns the current number of confirmations on the funding transaction.
2224         pub fn get_funding_tx_confirmations(&self, height: u32) -> u32 {
2225                 if self.funding_tx_confirmation_height == 0 {
2226                         // We either haven't seen any confirmation yet, or observed a reorg.
2227                         return 0;
2228                 }
2229
2230                 height.checked_sub(self.funding_tx_confirmation_height).map_or(0, |c| c + 1)
2231         }
2232
2233         fn get_holder_selected_contest_delay(&self) -> u16 {
2234                 self.channel_transaction_parameters.holder_selected_contest_delay
2235         }
2236
2237         fn get_holder_pubkeys(&self) -> &ChannelPublicKeys {
2238                 &self.channel_transaction_parameters.holder_pubkeys
2239         }
2240
2241         pub fn get_counterparty_selected_contest_delay(&self) -> Option<u16> {
2242                 self.channel_transaction_parameters.counterparty_parameters
2243                         .as_ref().map(|params| params.selected_contest_delay)
2244         }
2245
2246         fn get_counterparty_pubkeys(&self) -> &ChannelPublicKeys {
2247                 &self.channel_transaction_parameters.counterparty_parameters.as_ref().unwrap().pubkeys
2248         }
2249
2250         /// Allowed in any state (including after shutdown)
2251         pub fn get_counterparty_node_id(&self) -> PublicKey {
2252                 self.counterparty_node_id
2253         }
2254
2255         /// Allowed in any state (including after shutdown)
2256         pub fn get_holder_htlc_minimum_msat(&self) -> u64 {
2257                 self.holder_htlc_minimum_msat
2258         }
2259
2260         /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
2261         pub fn get_holder_htlc_maximum_msat(&self) -> Option<u64> {
2262                 self.get_htlc_maximum_msat(self.holder_max_htlc_value_in_flight_msat)
2263         }
2264
2265         /// Allowed in any state (including after shutdown)
2266         pub fn get_announced_htlc_max_msat(&self) -> u64 {
2267                 return cmp::min(
2268                         // Upper bound by capacity. We make it a bit less than full capacity to prevent attempts
2269                         // to use full capacity. This is an effort to reduce routing failures, because in many cases
2270                         // channel might have been used to route very small values (either by honest users or as DoS).
2271                         self.channel_value_satoshis * 1000 * 9 / 10,
2272
2273                         self.counterparty_max_htlc_value_in_flight_msat
2274                 );
2275         }
2276
2277         /// Allowed in any state (including after shutdown)
2278         pub fn get_counterparty_htlc_minimum_msat(&self) -> u64 {
2279                 self.counterparty_htlc_minimum_msat
2280         }
2281
2282         /// Allowed in any state (including after shutdown), but will return none before TheirInitSent
2283         pub fn get_counterparty_htlc_maximum_msat(&self) -> Option<u64> {
2284                 self.get_htlc_maximum_msat(self.counterparty_max_htlc_value_in_flight_msat)
2285         }
2286
2287         fn get_htlc_maximum_msat(&self, party_max_htlc_value_in_flight_msat: u64) -> Option<u64> {
2288                 self.counterparty_selected_channel_reserve_satoshis.map(|counterparty_reserve| {
2289                         let holder_reserve = self.holder_selected_channel_reserve_satoshis;
2290                         cmp::min(
2291                                 (self.channel_value_satoshis - counterparty_reserve - holder_reserve) * 1000,
2292                                 party_max_htlc_value_in_flight_msat
2293                         )
2294                 })
2295         }
2296
2297         pub fn get_value_satoshis(&self) -> u64 {
2298                 self.channel_value_satoshis
2299         }
2300
2301         pub fn get_fee_proportional_millionths(&self) -> u32 {
2302                 self.config.options.forwarding_fee_proportional_millionths
2303         }
2304
2305         pub fn get_cltv_expiry_delta(&self) -> u16 {
2306                 cmp::max(self.config.options.cltv_expiry_delta, MIN_CLTV_EXPIRY_DELTA)
2307         }
2308
2309         pub fn get_max_dust_htlc_exposure_msat<F: Deref>(&self,
2310                 fee_estimator: &LowerBoundedFeeEstimator<F>) -> u64
2311         where F::Target: FeeEstimator
2312         {
2313                 match self.config.options.max_dust_htlc_exposure {
2314                         MaxDustHTLCExposure::FeeRateMultiplier(multiplier) => {
2315                                 let feerate_per_kw = fee_estimator.bounded_sat_per_1000_weight(
2316                                         ConfirmationTarget::OnChainSweep) as u64;
2317                                 feerate_per_kw.saturating_mul(multiplier)
2318                         },
2319                         MaxDustHTLCExposure::FixedLimitMsat(limit) => limit,
2320                 }
2321         }
2322
2323         /// Returns the previous [`ChannelConfig`] applied to this channel, if any.
2324         pub fn prev_config(&self) -> Option<ChannelConfig> {
2325                 self.prev_config.map(|prev_config| prev_config.0)
2326         }
2327
2328         // Checks whether we should emit a `ChannelPending` event.
2329         pub(crate) fn should_emit_channel_pending_event(&mut self) -> bool {
2330                 self.is_funding_broadcast() && !self.channel_pending_event_emitted
2331         }
2332
2333         // Returns whether we already emitted a `ChannelPending` event.
2334         pub(crate) fn channel_pending_event_emitted(&self) -> bool {
2335                 self.channel_pending_event_emitted
2336         }
2337
2338         // Remembers that we already emitted a `ChannelPending` event.
2339         pub(crate) fn set_channel_pending_event_emitted(&mut self) {
2340                 self.channel_pending_event_emitted = true;
2341         }
2342
2343         // Checks whether we should emit a `ChannelReady` event.
2344         pub(crate) fn should_emit_channel_ready_event(&mut self) -> bool {
2345                 self.is_usable() && !self.channel_ready_event_emitted
2346         }
2347
2348         // Remembers that we already emitted a `ChannelReady` event.
2349         pub(crate) fn set_channel_ready_event_emitted(&mut self) {
2350                 self.channel_ready_event_emitted = true;
2351         }
2352
2353         /// Tracks the number of ticks elapsed since the previous [`ChannelConfig`] was updated. Once
2354         /// [`EXPIRE_PREV_CONFIG_TICKS`] is reached, the previous config is considered expired and will
2355         /// no longer be considered when forwarding HTLCs.
2356         pub fn maybe_expire_prev_config(&mut self) {
2357                 if self.prev_config.is_none() {
2358                         return;
2359                 }
2360                 let prev_config = self.prev_config.as_mut().unwrap();
2361                 prev_config.1 += 1;
2362                 if prev_config.1 == EXPIRE_PREV_CONFIG_TICKS {
2363                         self.prev_config = None;
2364                 }
2365         }
2366
2367         /// Returns the current [`ChannelConfig`] applied to the channel.
2368         pub fn config(&self) -> ChannelConfig {
2369                 self.config.options
2370         }
2371
2372         /// Updates the channel's config. A bool is returned indicating whether the config update
2373         /// applied resulted in a new ChannelUpdate message.
2374         pub fn update_config(&mut self, config: &ChannelConfig) -> bool {
2375                 let did_channel_update =
2376                         self.config.options.forwarding_fee_proportional_millionths != config.forwarding_fee_proportional_millionths ||
2377                         self.config.options.forwarding_fee_base_msat != config.forwarding_fee_base_msat ||
2378                         self.config.options.cltv_expiry_delta != config.cltv_expiry_delta;
2379                 if did_channel_update {
2380                         self.prev_config = Some((self.config.options, 0));
2381                         // Update the counter, which backs the ChannelUpdate timestamp, to allow the relay
2382                         // policy change to propagate throughout the network.
2383                         self.update_time_counter += 1;
2384                 }
2385                 self.config.options = *config;
2386                 did_channel_update
2387         }
2388
2389         /// Returns true if funding_signed was sent/received and the
2390         /// funding transaction has been broadcast if necessary.
2391         pub fn is_funding_broadcast(&self) -> bool {
2392                 !self.channel_state.is_pre_funded_state() &&
2393                         !matches!(self.channel_state, ChannelState::AwaitingChannelReady(flags) if flags.is_set(AwaitingChannelReadyFlags::WAITING_FOR_BATCH))
2394         }
2395
2396         /// Transaction nomenclature is somewhat confusing here as there are many different cases - a
2397         /// transaction is referred to as "a's transaction" implying that a will be able to broadcast
2398         /// the transaction. Thus, b will generally be sending a signature over such a transaction to
2399         /// a, and a can revoke the transaction by providing b the relevant per_commitment_secret. As
2400         /// such, a transaction is generally the result of b increasing the amount paid to a (or adding
2401         /// an HTLC to a).
2402         /// @local is used only to convert relevant internal structures which refer to remote vs local
2403         /// to decide value of outputs and direction of HTLCs.
2404         /// @generated_by_local is used to determine *which* HTLCs to include - noting that the HTLC
2405         /// state may indicate that one peer has informed the other that they'd like to add an HTLC but
2406         /// have not yet committed it. Such HTLCs will only be included in transactions which are being
2407         /// generated by the peer which proposed adding the HTLCs, and thus we need to understand both
2408         /// which peer generated this transaction and "to whom" this transaction flows.
2409         #[inline]
2410         fn build_commitment_transaction<L: Deref>(&self, commitment_number: u64, keys: &TxCreationKeys, local: bool, generated_by_local: bool, logger: &L) -> CommitmentStats
2411                 where L::Target: Logger
2412         {
2413                 let mut included_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::new();
2414                 let num_htlcs = self.pending_inbound_htlcs.len() + self.pending_outbound_htlcs.len();
2415                 let mut included_non_dust_htlcs: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::with_capacity(num_htlcs);
2416
2417                 let broadcaster_dust_limit_satoshis = if local { self.holder_dust_limit_satoshis } else { self.counterparty_dust_limit_satoshis };
2418                 let mut remote_htlc_total_msat = 0;
2419                 let mut local_htlc_total_msat = 0;
2420                 let mut value_to_self_msat_offset = 0;
2421
2422                 let mut feerate_per_kw = self.feerate_per_kw;
2423                 if let Some((feerate, update_state)) = self.pending_update_fee {
2424                         if match update_state {
2425                                 // Note that these match the inclusion criteria when scanning
2426                                 // pending_inbound_htlcs below.
2427                                 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.is_outbound()); !generated_by_local },
2428                                 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => { debug_assert!(!self.is_outbound()); !generated_by_local },
2429                                 FeeUpdateState::Outbound => { assert!(self.is_outbound());  generated_by_local },
2430                         } {
2431                                 feerate_per_kw = feerate;
2432                         }
2433                 }
2434
2435                 log_trace!(logger, "Building commitment transaction number {} (really {} xor {}) for channel {} for {}, generated by {} with fee {}...",
2436                         commitment_number, (INITIAL_COMMITMENT_NUMBER - commitment_number),
2437                         get_commitment_transaction_number_obscure_factor(&self.get_holder_pubkeys().payment_point, &self.get_counterparty_pubkeys().payment_point, self.is_outbound()),
2438                         &self.channel_id,
2439                         if local { "us" } else { "remote" }, if generated_by_local { "us" } else { "remote" }, feerate_per_kw);
2440
2441                 macro_rules! get_htlc_in_commitment {
2442                         ($htlc: expr, $offered: expr) => {
2443                                 HTLCOutputInCommitment {
2444                                         offered: $offered,
2445                                         amount_msat: $htlc.amount_msat,
2446                                         cltv_expiry: $htlc.cltv_expiry,
2447                                         payment_hash: $htlc.payment_hash,
2448                                         transaction_output_index: None
2449                                 }
2450                         }
2451                 }
2452
2453                 macro_rules! add_htlc_output {
2454                         ($htlc: expr, $outbound: expr, $source: expr, $state_name: expr) => {
2455                                 if $outbound == local { // "offered HTLC output"
2456                                         let htlc_in_tx = get_htlc_in_commitment!($htlc, true);
2457                                         let htlc_tx_fee = if self.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2458                                                 0
2459                                         } else {
2460                                                 feerate_per_kw as u64 * htlc_timeout_tx_weight(self.get_channel_type()) / 1000
2461                                         };
2462                                         if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
2463                                                 log_trace!(logger, "   ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
2464                                                 included_non_dust_htlcs.push((htlc_in_tx, $source));
2465                                         } else {
2466                                                 log_trace!(logger, "   ...including {} {} dust HTLC {} (hash {}) with value {} due to dust limit", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
2467                                                 included_dust_htlcs.push((htlc_in_tx, $source));
2468                                         }
2469                                 } else {
2470                                         let htlc_in_tx = get_htlc_in_commitment!($htlc, false);
2471                                         let htlc_tx_fee = if self.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2472                                                 0
2473                                         } else {
2474                                                 feerate_per_kw as u64 * htlc_success_tx_weight(self.get_channel_type()) / 1000
2475                                         };
2476                                         if $htlc.amount_msat / 1000 >= broadcaster_dust_limit_satoshis + htlc_tx_fee {
2477                                                 log_trace!(logger, "   ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
2478                                                 included_non_dust_htlcs.push((htlc_in_tx, $source));
2479                                         } else {
2480                                                 log_trace!(logger, "   ...including {} {} dust HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, &$htlc.payment_hash, $htlc.amount_msat);
2481                                                 included_dust_htlcs.push((htlc_in_tx, $source));
2482                                         }
2483                                 }
2484                         }
2485                 }
2486
2487                 let mut inbound_htlc_preimages: Vec<PaymentPreimage> = Vec::new();
2488
2489                 for ref htlc in self.pending_inbound_htlcs.iter() {
2490                         let (include, state_name) = match htlc.state {
2491                                 InboundHTLCState::RemoteAnnounced(_) => (!generated_by_local, "RemoteAnnounced"),
2492                                 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) => (!generated_by_local, "AwaitingRemoteRevokeToAnnounce"),
2493                                 InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => (true, "AwaitingAnnouncedRemoteRevoke"),
2494                                 InboundHTLCState::Committed => (true, "Committed"),
2495                                 InboundHTLCState::LocalRemoved(_) => (!generated_by_local, "LocalRemoved"),
2496                         };
2497
2498                         if include {
2499                                 add_htlc_output!(htlc, false, None, state_name);
2500                                 remote_htlc_total_msat += htlc.amount_msat;
2501                         } else {
2502                                 log_trace!(logger, "   ...not including inbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, &htlc.payment_hash, htlc.amount_msat, state_name);
2503                                 match &htlc.state {
2504                                         &InboundHTLCState::LocalRemoved(ref reason) => {
2505                                                 if generated_by_local {
2506                                                         if let &InboundHTLCRemovalReason::Fulfill(preimage) = reason {
2507                                                                 inbound_htlc_preimages.push(preimage);
2508                                                                 value_to_self_msat_offset += htlc.amount_msat as i64;
2509                                                         }
2510                                                 }
2511                                         },
2512                                         _ => {},
2513                                 }
2514                         }
2515                 }
2516
2517
2518                 let mut outbound_htlc_preimages: Vec<PaymentPreimage> = Vec::new();
2519
2520                 for ref htlc in self.pending_outbound_htlcs.iter() {
2521                         let (include, state_name) = match htlc.state {
2522                                 OutboundHTLCState::LocalAnnounced(_) => (generated_by_local, "LocalAnnounced"),
2523                                 OutboundHTLCState::Committed => (true, "Committed"),
2524                                 OutboundHTLCState::RemoteRemoved(_) => (generated_by_local, "RemoteRemoved"),
2525                                 OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) => (generated_by_local, "AwaitingRemoteRevokeToRemove"),
2526                                 OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) => (false, "AwaitingRemovedRemoteRevoke"),
2527                         };
2528
2529                         let preimage_opt = match htlc.state {
2530                                 OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(p)) => p,
2531                                 OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(p)) => p,
2532                                 OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(p)) => p,
2533                                 _ => None,
2534                         };
2535
2536                         if let Some(preimage) = preimage_opt {
2537                                 outbound_htlc_preimages.push(preimage);
2538                         }
2539
2540                         if include {
2541                                 add_htlc_output!(htlc, true, Some(&htlc.source), state_name);
2542                                 local_htlc_total_msat += htlc.amount_msat;
2543                         } else {
2544                                 log_trace!(logger, "   ...not including outbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, &htlc.payment_hash, htlc.amount_msat, state_name);
2545                                 match htlc.state {
2546                                         OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_))|OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) => {
2547                                                 value_to_self_msat_offset -= htlc.amount_msat as i64;
2548                                         },
2549                                         OutboundHTLCState::RemoteRemoved(OutboundHTLCOutcome::Success(_)) => {
2550                                                 if !generated_by_local {
2551                                                         value_to_self_msat_offset -= htlc.amount_msat as i64;
2552                                                 }
2553                                         },
2554                                         _ => {},
2555                                 }
2556                         }
2557                 }
2558
2559                 let value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset;
2560                 assert!(value_to_self_msat >= 0);
2561                 // Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie
2562                 // AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to
2563                 // "violate" their reserve value by couting those against it. Thus, we have to convert
2564                 // everything to i64 before subtracting as otherwise we can overflow.
2565                 let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset;
2566                 assert!(value_to_remote_msat >= 0);
2567
2568                 #[cfg(debug_assertions)]
2569                 {
2570                         // Make sure that the to_self/to_remote is always either past the appropriate
2571                         // channel_reserve *or* it is making progress towards it.
2572                         let mut broadcaster_max_commitment_tx_output = if generated_by_local {
2573                                 self.holder_max_commitment_tx_output.lock().unwrap()
2574                         } else {
2575                                 self.counterparty_max_commitment_tx_output.lock().unwrap()
2576                         };
2577                         debug_assert!(broadcaster_max_commitment_tx_output.0 <= value_to_self_msat as u64 || value_to_self_msat / 1000 >= self.counterparty_selected_channel_reserve_satoshis.unwrap() as i64);
2578                         broadcaster_max_commitment_tx_output.0 = cmp::max(broadcaster_max_commitment_tx_output.0, value_to_self_msat as u64);
2579                         debug_assert!(broadcaster_max_commitment_tx_output.1 <= value_to_remote_msat as u64 || value_to_remote_msat / 1000 >= self.holder_selected_channel_reserve_satoshis as i64);
2580                         broadcaster_max_commitment_tx_output.1 = cmp::max(broadcaster_max_commitment_tx_output.1, value_to_remote_msat as u64);
2581                 }
2582
2583                 let total_fee_sat = commit_tx_fee_sat(feerate_per_kw, included_non_dust_htlcs.len(), &self.channel_transaction_parameters.channel_type_features);
2584                 let anchors_val = if self.channel_transaction_parameters.channel_type_features.supports_anchors_zero_fee_htlc_tx() { ANCHOR_OUTPUT_VALUE_SATOSHI * 2 } else { 0 } as i64;
2585                 let (value_to_self, value_to_remote) = if self.is_outbound() {
2586                         (value_to_self_msat / 1000 - anchors_val - total_fee_sat as i64, value_to_remote_msat / 1000)
2587                 } else {
2588                         (value_to_self_msat / 1000, value_to_remote_msat / 1000 - anchors_val - total_fee_sat as i64)
2589                 };
2590
2591                 let mut value_to_a = if local { value_to_self } else { value_to_remote };
2592                 let mut value_to_b = if local { value_to_remote } else { value_to_self };
2593                 let (funding_pubkey_a, funding_pubkey_b) = if local {
2594                         (self.get_holder_pubkeys().funding_pubkey, self.get_counterparty_pubkeys().funding_pubkey)
2595                 } else {
2596                         (self.get_counterparty_pubkeys().funding_pubkey, self.get_holder_pubkeys().funding_pubkey)
2597                 };
2598
2599                 if value_to_a >= (broadcaster_dust_limit_satoshis as i64) {
2600                         log_trace!(logger, "   ...including {} output with value {}", if local { "to_local" } else { "to_remote" }, value_to_a);
2601                 } else {
2602                         value_to_a = 0;
2603                 }
2604
2605                 if value_to_b >= (broadcaster_dust_limit_satoshis as i64) {
2606                         log_trace!(logger, "   ...including {} output with value {}", if local { "to_remote" } else { "to_local" }, value_to_b);
2607                 } else {
2608                         value_to_b = 0;
2609                 }
2610
2611                 let num_nondust_htlcs = included_non_dust_htlcs.len();
2612
2613                 let channel_parameters =
2614                         if local { self.channel_transaction_parameters.as_holder_broadcastable() }
2615                         else { self.channel_transaction_parameters.as_counterparty_broadcastable() };
2616                 let tx = CommitmentTransaction::new_with_auxiliary_htlc_data(commitment_number,
2617                                                                              value_to_a as u64,
2618                                                                              value_to_b as u64,
2619                                                                              funding_pubkey_a,
2620                                                                              funding_pubkey_b,
2621                                                                              keys.clone(),
2622                                                                              feerate_per_kw,
2623                                                                              &mut included_non_dust_htlcs,
2624                                                                              &channel_parameters
2625                 );
2626                 let mut htlcs_included = included_non_dust_htlcs;
2627                 // The unwrap is safe, because all non-dust HTLCs have been assigned an output index
2628                 htlcs_included.sort_unstable_by_key(|h| h.0.transaction_output_index.unwrap());
2629                 htlcs_included.append(&mut included_dust_htlcs);
2630
2631                 CommitmentStats {
2632                         tx,
2633                         feerate_per_kw,
2634                         total_fee_sat,
2635                         num_nondust_htlcs,
2636                         htlcs_included,
2637                         local_balance_msat: value_to_self_msat as u64,
2638                         remote_balance_msat: value_to_remote_msat as u64,
2639                         inbound_htlc_preimages,
2640                         outbound_htlc_preimages,
2641                 }
2642         }
2643
2644         #[inline]
2645         /// Creates a set of keys for build_commitment_transaction to generate a transaction which our
2646         /// counterparty will sign (ie DO NOT send signatures over a transaction created by this to
2647         /// our counterparty!)
2648         /// The result is a transaction which we can revoke broadcastership of (ie a "local" transaction)
2649         /// TODO Some magic rust shit to compile-time check this?
2650         fn build_holder_transaction_keys(&self, commitment_number: u64) -> TxCreationKeys {
2651                 let per_commitment_point = self.holder_signer.as_ref().get_per_commitment_point(commitment_number, &self.secp_ctx);
2652                 let delayed_payment_base = &self.get_holder_pubkeys().delayed_payment_basepoint;
2653                 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
2654                 let counterparty_pubkeys = self.get_counterparty_pubkeys();
2655
2656                 TxCreationKeys::derive_new(&self.secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint)
2657         }
2658
2659         #[inline]
2660         /// Creates a set of keys for build_commitment_transaction to generate a transaction which we
2661         /// will sign and send to our counterparty.
2662         /// If an Err is returned, it is a ChannelError::Close (for get_funding_created)
2663         fn build_remote_transaction_keys(&self) -> TxCreationKeys {
2664                 let revocation_basepoint = &self.get_holder_pubkeys().revocation_basepoint;
2665                 let htlc_basepoint = &self.get_holder_pubkeys().htlc_basepoint;
2666                 let counterparty_pubkeys = self.get_counterparty_pubkeys();
2667
2668                 TxCreationKeys::derive_new(&self.secp_ctx, &self.counterparty_cur_commitment_point.unwrap(), &counterparty_pubkeys.delayed_payment_basepoint, &counterparty_pubkeys.htlc_basepoint, revocation_basepoint, htlc_basepoint)
2669         }
2670
2671         /// Gets the redeemscript for the funding transaction output (ie the funding transaction output
2672         /// pays to get_funding_redeemscript().to_v0_p2wsh()).
2673         /// Panics if called before accept_channel/InboundV1Channel::new
2674         pub fn get_funding_redeemscript(&self) -> ScriptBuf {
2675                 make_funding_redeemscript(&self.get_holder_pubkeys().funding_pubkey, self.counterparty_funding_pubkey())
2676         }
2677
2678         fn counterparty_funding_pubkey(&self) -> &PublicKey {
2679                 &self.get_counterparty_pubkeys().funding_pubkey
2680         }
2681
2682         pub fn get_feerate_sat_per_1000_weight(&self) -> u32 {
2683                 self.feerate_per_kw
2684         }
2685
2686         pub fn get_dust_buffer_feerate(&self, outbound_feerate_update: Option<u32>) -> u32 {
2687                 // When calculating our exposure to dust HTLCs, we assume that the channel feerate
2688                 // may, at any point, increase by at least 10 sat/vB (i.e 2530 sat/kWU) or 25%,
2689                 // whichever is higher. This ensures that we aren't suddenly exposed to significantly
2690                 // more dust balance if the feerate increases when we have several HTLCs pending
2691                 // which are near the dust limit.
2692                 let mut feerate_per_kw = self.feerate_per_kw;
2693                 // If there's a pending update fee, use it to ensure we aren't under-estimating
2694                 // potential feerate updates coming soon.
2695                 if let Some((feerate, _)) = self.pending_update_fee {
2696                         feerate_per_kw = cmp::max(feerate_per_kw, feerate);
2697                 }
2698                 if let Some(feerate) = outbound_feerate_update {
2699                         feerate_per_kw = cmp::max(feerate_per_kw, feerate);
2700                 }
2701                 let feerate_plus_quarter = feerate_per_kw.checked_mul(1250).map(|v| v / 1000);
2702                 cmp::max(2530, feerate_plus_quarter.unwrap_or(u32::max_value()))
2703         }
2704
2705         /// Get forwarding information for the counterparty.
2706         pub fn counterparty_forwarding_info(&self) -> Option<CounterpartyForwardingInfo> {
2707                 self.counterparty_forwarding_info.clone()
2708         }
2709
2710         /// Returns a HTLCStats about inbound pending htlcs
2711         fn get_inbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
2712                 let context = self;
2713                 let mut stats = HTLCStats {
2714                         pending_htlcs: context.pending_inbound_htlcs.len() as u32,
2715                         pending_htlcs_value_msat: 0,
2716                         on_counterparty_tx_dust_exposure_msat: 0,
2717                         on_holder_tx_dust_exposure_msat: 0,
2718                         holding_cell_msat: 0,
2719                         on_holder_tx_holding_cell_htlcs_count: 0,
2720                 };
2721
2722                 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2723                         (0, 0)
2724                 } else {
2725                         let dust_buffer_feerate = context.get_dust_buffer_feerate(outbound_feerate_update) as u64;
2726                         (dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000,
2727                                 dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000)
2728                 };
2729                 let counterparty_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.counterparty_dust_limit_satoshis;
2730                 let holder_dust_limit_success_sat = htlc_success_dust_limit + context.holder_dust_limit_satoshis;
2731                 for ref htlc in context.pending_inbound_htlcs.iter() {
2732                         stats.pending_htlcs_value_msat += htlc.amount_msat;
2733                         if htlc.amount_msat / 1000 < counterparty_dust_limit_timeout_sat {
2734                                 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
2735                         }
2736                         if htlc.amount_msat / 1000 < holder_dust_limit_success_sat {
2737                                 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
2738                         }
2739                 }
2740                 stats
2741         }
2742
2743         /// Returns a HTLCStats about pending outbound htlcs, *including* pending adds in our holding cell.
2744         fn get_outbound_pending_htlc_stats(&self, outbound_feerate_update: Option<u32>) -> HTLCStats {
2745                 let context = self;
2746                 let mut stats = HTLCStats {
2747                         pending_htlcs: context.pending_outbound_htlcs.len() as u32,
2748                         pending_htlcs_value_msat: 0,
2749                         on_counterparty_tx_dust_exposure_msat: 0,
2750                         on_holder_tx_dust_exposure_msat: 0,
2751                         holding_cell_msat: 0,
2752                         on_holder_tx_holding_cell_htlcs_count: 0,
2753                 };
2754
2755                 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2756                         (0, 0)
2757                 } else {
2758                         let dust_buffer_feerate = context.get_dust_buffer_feerate(outbound_feerate_update) as u64;
2759                         (dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000,
2760                                 dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000)
2761                 };
2762                 let counterparty_dust_limit_success_sat = htlc_success_dust_limit + context.counterparty_dust_limit_satoshis;
2763                 let holder_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.holder_dust_limit_satoshis;
2764                 for ref htlc in context.pending_outbound_htlcs.iter() {
2765                         stats.pending_htlcs_value_msat += htlc.amount_msat;
2766                         if htlc.amount_msat / 1000 < counterparty_dust_limit_success_sat {
2767                                 stats.on_counterparty_tx_dust_exposure_msat += htlc.amount_msat;
2768                         }
2769                         if htlc.amount_msat / 1000 < holder_dust_limit_timeout_sat {
2770                                 stats.on_holder_tx_dust_exposure_msat += htlc.amount_msat;
2771                         }
2772                 }
2773
2774                 for update in context.holding_cell_htlc_updates.iter() {
2775                         if let &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, .. } = update {
2776                                 stats.pending_htlcs += 1;
2777                                 stats.pending_htlcs_value_msat += amount_msat;
2778                                 stats.holding_cell_msat += amount_msat;
2779                                 if *amount_msat / 1000 < counterparty_dust_limit_success_sat {
2780                                         stats.on_counterparty_tx_dust_exposure_msat += amount_msat;
2781                                 }
2782                                 if *amount_msat / 1000 < holder_dust_limit_timeout_sat {
2783                                         stats.on_holder_tx_dust_exposure_msat += amount_msat;
2784                                 } else {
2785                                         stats.on_holder_tx_holding_cell_htlcs_count += 1;
2786                                 }
2787                         }
2788                 }
2789                 stats
2790         }
2791
2792         /// Returns information on all pending inbound HTLCs.
2793         pub fn get_pending_inbound_htlc_details(&self) -> Vec<InboundHTLCDetails> {
2794                 let mut holding_cell_states = new_hash_map();
2795                 for holding_cell_update in self.holding_cell_htlc_updates.iter() {
2796                         match holding_cell_update {
2797                                 HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
2798                                         holding_cell_states.insert(
2799                                                 htlc_id,
2800                                                 InboundHTLCStateDetails::AwaitingRemoteRevokeToRemoveFulfill,
2801                                         );
2802                                 },
2803                                 HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } => {
2804                                         holding_cell_states.insert(
2805                                                 htlc_id,
2806                                                 InboundHTLCStateDetails::AwaitingRemoteRevokeToRemoveFail,
2807                                         );
2808                                 },
2809                                 HTLCUpdateAwaitingACK::FailMalformedHTLC { htlc_id, .. } => {
2810                                         holding_cell_states.insert(
2811                                                 htlc_id,
2812                                                 InboundHTLCStateDetails::AwaitingRemoteRevokeToRemoveFail,
2813                                         );
2814                                 },
2815                                 // Outbound HTLC.
2816                                 HTLCUpdateAwaitingACK::AddHTLC { .. } => {},
2817                         }
2818                 }
2819                 let mut inbound_details = Vec::new();
2820                 let htlc_success_dust_limit = if self.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2821                         0
2822                 } else {
2823                         let dust_buffer_feerate = self.get_dust_buffer_feerate(None) as u64;
2824                         dust_buffer_feerate * htlc_success_tx_weight(self.get_channel_type()) / 1000
2825                 };
2826                 let holder_dust_limit_success_sat = htlc_success_dust_limit + self.holder_dust_limit_satoshis;
2827                 for htlc in self.pending_inbound_htlcs.iter() {
2828                         if let Some(state_details) = (&htlc.state).into() {
2829                                 inbound_details.push(InboundHTLCDetails{
2830                                         htlc_id: htlc.htlc_id,
2831                                         amount_msat: htlc.amount_msat,
2832                                         cltv_expiry: htlc.cltv_expiry,
2833                                         payment_hash: htlc.payment_hash,
2834                                         state: Some(holding_cell_states.remove(&htlc.htlc_id).unwrap_or(state_details)),
2835                                         is_dust: htlc.amount_msat / 1000 < holder_dust_limit_success_sat,
2836                                 });
2837                         }
2838                 }
2839                 inbound_details
2840         }
2841
2842         /// Returns information on all pending outbound HTLCs.
2843         pub fn get_pending_outbound_htlc_details(&self) -> Vec<OutboundHTLCDetails> {
2844                 let mut outbound_details = Vec::new();
2845                 let htlc_timeout_dust_limit = if self.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2846                         0
2847                 } else {
2848                         let dust_buffer_feerate = self.get_dust_buffer_feerate(None) as u64;
2849                         dust_buffer_feerate * htlc_success_tx_weight(self.get_channel_type()) / 1000
2850                 };
2851                 let holder_dust_limit_timeout_sat = htlc_timeout_dust_limit + self.holder_dust_limit_satoshis;
2852                 for htlc in self.pending_outbound_htlcs.iter() {
2853                         outbound_details.push(OutboundHTLCDetails{
2854                                 htlc_id: Some(htlc.htlc_id),
2855                                 amount_msat: htlc.amount_msat,
2856                                 cltv_expiry: htlc.cltv_expiry,
2857                                 payment_hash: htlc.payment_hash,
2858                                 skimmed_fee_msat: htlc.skimmed_fee_msat,
2859                                 state: Some((&htlc.state).into()),
2860                                 is_dust: htlc.amount_msat / 1000 < holder_dust_limit_timeout_sat,
2861                         });
2862                 }
2863                 for holding_cell_update in self.holding_cell_htlc_updates.iter() {
2864                         if let HTLCUpdateAwaitingACK::AddHTLC {
2865                                 amount_msat,
2866                                 cltv_expiry,
2867                                 payment_hash,
2868                                 skimmed_fee_msat,
2869                                 ..
2870                         } = *holding_cell_update {
2871                                 outbound_details.push(OutboundHTLCDetails{
2872                                         htlc_id: None,
2873                                         amount_msat: amount_msat,
2874                                         cltv_expiry: cltv_expiry,
2875                                         payment_hash: payment_hash,
2876                                         skimmed_fee_msat: skimmed_fee_msat,
2877                                         state: Some(OutboundHTLCStateDetails::AwaitingRemoteRevokeToAdd),
2878                                         is_dust: amount_msat / 1000 < holder_dust_limit_timeout_sat,
2879                                 });
2880                         }
2881                 }
2882                 outbound_details
2883         }
2884
2885         /// Get the available balances, see [`AvailableBalances`]'s fields for more info.
2886         /// Doesn't bother handling the
2887         /// if-we-removed-it-already-but-haven't-fully-resolved-they-can-still-send-an-inbound-HTLC
2888         /// corner case properly.
2889         pub fn get_available_balances<F: Deref>(&self, fee_estimator: &LowerBoundedFeeEstimator<F>)
2890         -> AvailableBalances
2891         where F::Target: FeeEstimator
2892         {
2893                 let context = &self;
2894                 // Note that we have to handle overflow due to the above case.
2895                 let inbound_stats = context.get_inbound_pending_htlc_stats(None);
2896                 let outbound_stats = context.get_outbound_pending_htlc_stats(None);
2897
2898                 let mut balance_msat = context.value_to_self_msat;
2899                 for ref htlc in context.pending_inbound_htlcs.iter() {
2900                         if let InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(_)) = htlc.state {
2901                                 balance_msat += htlc.amount_msat;
2902                         }
2903                 }
2904                 balance_msat -= outbound_stats.pending_htlcs_value_msat;
2905
2906                 let outbound_capacity_msat = context.value_to_self_msat
2907                                 .saturating_sub(outbound_stats.pending_htlcs_value_msat)
2908                                 .saturating_sub(
2909                                         context.counterparty_selected_channel_reserve_satoshis.unwrap_or(0) * 1000);
2910
2911                 let mut available_capacity_msat = outbound_capacity_msat;
2912
2913                 let anchor_outputs_value_msat = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2914                         ANCHOR_OUTPUT_VALUE_SATOSHI * 2 * 1000
2915                 } else {
2916                         0
2917                 };
2918                 if context.is_outbound() {
2919                         // We should mind channel commit tx fee when computing how much of the available capacity
2920                         // can be used in the next htlc. Mirrors the logic in send_htlc.
2921                         //
2922                         // The fee depends on whether the amount we will be sending is above dust or not,
2923                         // and the answer will in turn change the amount itself â€” making it a circular
2924                         // dependency.
2925                         // This complicates the computation around dust-values, up to the one-htlc-value.
2926                         let mut real_dust_limit_timeout_sat = context.holder_dust_limit_satoshis;
2927                         if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2928                                 real_dust_limit_timeout_sat += context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000;
2929                         }
2930
2931                         let htlc_above_dust = HTLCCandidate::new(real_dust_limit_timeout_sat * 1000, HTLCInitiator::LocalOffered);
2932                         let mut max_reserved_commit_tx_fee_msat = context.next_local_commit_tx_fee_msat(htlc_above_dust, Some(()));
2933                         let htlc_dust = HTLCCandidate::new(real_dust_limit_timeout_sat * 1000 - 1, HTLCInitiator::LocalOffered);
2934                         let mut min_reserved_commit_tx_fee_msat = context.next_local_commit_tx_fee_msat(htlc_dust, Some(()));
2935                         if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2936                                 max_reserved_commit_tx_fee_msat *= FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE;
2937                                 min_reserved_commit_tx_fee_msat *= FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE;
2938                         }
2939
2940                         // We will first subtract the fee as if we were above-dust. Then, if the resulting
2941                         // value ends up being below dust, we have this fee available again. In that case,
2942                         // match the value to right-below-dust.
2943                         let mut capacity_minus_commitment_fee_msat: i64 = available_capacity_msat as i64 -
2944                                 max_reserved_commit_tx_fee_msat as i64 - anchor_outputs_value_msat as i64;
2945                         if capacity_minus_commitment_fee_msat < (real_dust_limit_timeout_sat as i64) * 1000 {
2946                                 let one_htlc_difference_msat = max_reserved_commit_tx_fee_msat - min_reserved_commit_tx_fee_msat;
2947                                 debug_assert!(one_htlc_difference_msat != 0);
2948                                 capacity_minus_commitment_fee_msat += one_htlc_difference_msat as i64;
2949                                 capacity_minus_commitment_fee_msat = cmp::min(real_dust_limit_timeout_sat as i64 * 1000 - 1, capacity_minus_commitment_fee_msat);
2950                                 available_capacity_msat = cmp::max(0, cmp::min(capacity_minus_commitment_fee_msat, available_capacity_msat as i64)) as u64;
2951                         } else {
2952                                 available_capacity_msat = capacity_minus_commitment_fee_msat as u64;
2953                         }
2954                 } else {
2955                         // If the channel is inbound (i.e. counterparty pays the fee), we need to make sure
2956                         // sending a new HTLC won't reduce their balance below our reserve threshold.
2957                         let mut real_dust_limit_success_sat = context.counterparty_dust_limit_satoshis;
2958                         if !context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2959                                 real_dust_limit_success_sat += context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000;
2960                         }
2961
2962                         let htlc_above_dust = HTLCCandidate::new(real_dust_limit_success_sat * 1000, HTLCInitiator::LocalOffered);
2963                         let max_reserved_commit_tx_fee_msat = context.next_remote_commit_tx_fee_msat(htlc_above_dust, None);
2964
2965                         let holder_selected_chan_reserve_msat = context.holder_selected_channel_reserve_satoshis * 1000;
2966                         let remote_balance_msat = (context.channel_value_satoshis * 1000 - context.value_to_self_msat)
2967                                 .saturating_sub(inbound_stats.pending_htlcs_value_msat);
2968
2969                         if remote_balance_msat < max_reserved_commit_tx_fee_msat + holder_selected_chan_reserve_msat + anchor_outputs_value_msat {
2970                                 // If another HTLC's fee would reduce the remote's balance below the reserve limit
2971                                 // we've selected for them, we can only send dust HTLCs.
2972                                 available_capacity_msat = cmp::min(available_capacity_msat, real_dust_limit_success_sat * 1000 - 1);
2973                         }
2974                 }
2975
2976                 let mut next_outbound_htlc_minimum_msat = context.counterparty_htlc_minimum_msat;
2977
2978                 // If we get close to our maximum dust exposure, we end up in a situation where we can send
2979                 // between zero and the remaining dust exposure limit remaining OR above the dust limit.
2980                 // Because we cannot express this as a simple min/max, we prefer to tell the user they can
2981                 // send above the dust limit (as the router can always overpay to meet the dust limit).
2982                 let mut remaining_msat_below_dust_exposure_limit = None;
2983                 let mut dust_exposure_dust_limit_msat = 0;
2984                 let max_dust_htlc_exposure_msat = context.get_max_dust_htlc_exposure_msat(fee_estimator);
2985
2986                 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
2987                         (context.counterparty_dust_limit_satoshis, context.holder_dust_limit_satoshis)
2988                 } else {
2989                         let dust_buffer_feerate = context.get_dust_buffer_feerate(None) as u64;
2990                         (context.counterparty_dust_limit_satoshis + dust_buffer_feerate * htlc_success_tx_weight(context.get_channel_type()) / 1000,
2991                          context.holder_dust_limit_satoshis       + dust_buffer_feerate * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
2992                 };
2993                 let on_counterparty_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
2994                 if on_counterparty_dust_htlc_exposure_msat as i64 + htlc_success_dust_limit as i64 * 1000 - 1 > max_dust_htlc_exposure_msat.try_into().unwrap_or(i64::max_value()) {
2995                         remaining_msat_below_dust_exposure_limit =
2996                                 Some(max_dust_htlc_exposure_msat.saturating_sub(on_counterparty_dust_htlc_exposure_msat));
2997                         dust_exposure_dust_limit_msat = cmp::max(dust_exposure_dust_limit_msat, htlc_success_dust_limit * 1000);
2998                 }
2999
3000                 let on_holder_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
3001                 if on_holder_dust_htlc_exposure_msat as i64 + htlc_timeout_dust_limit as i64 * 1000 - 1 > max_dust_htlc_exposure_msat.try_into().unwrap_or(i64::max_value()) {
3002                         remaining_msat_below_dust_exposure_limit = Some(cmp::min(
3003                                 remaining_msat_below_dust_exposure_limit.unwrap_or(u64::max_value()),
3004                                 max_dust_htlc_exposure_msat.saturating_sub(on_holder_dust_htlc_exposure_msat)));
3005                         dust_exposure_dust_limit_msat = cmp::max(dust_exposure_dust_limit_msat, htlc_timeout_dust_limit * 1000);
3006                 }
3007
3008                 if let Some(remaining_limit_msat) = remaining_msat_below_dust_exposure_limit {
3009                         if available_capacity_msat < dust_exposure_dust_limit_msat {
3010                                 available_capacity_msat = cmp::min(available_capacity_msat, remaining_limit_msat);
3011                         } else {
3012                                 next_outbound_htlc_minimum_msat = cmp::max(next_outbound_htlc_minimum_msat, dust_exposure_dust_limit_msat);
3013                         }
3014                 }
3015
3016                 available_capacity_msat = cmp::min(available_capacity_msat,
3017                         context.counterparty_max_htlc_value_in_flight_msat - outbound_stats.pending_htlcs_value_msat);
3018
3019                 if outbound_stats.pending_htlcs + 1 > context.counterparty_max_accepted_htlcs as u32 {
3020                         available_capacity_msat = 0;
3021                 }
3022
3023                 AvailableBalances {
3024                         inbound_capacity_msat: cmp::max(context.channel_value_satoshis as i64 * 1000
3025                                         - context.value_to_self_msat as i64
3026                                         - context.get_inbound_pending_htlc_stats(None).pending_htlcs_value_msat as i64
3027                                         - context.holder_selected_channel_reserve_satoshis as i64 * 1000,
3028                                 0) as u64,
3029                         outbound_capacity_msat,
3030                         next_outbound_htlc_limit_msat: available_capacity_msat,
3031                         next_outbound_htlc_minimum_msat,
3032                         balance_msat,
3033                 }
3034         }
3035
3036         pub fn get_holder_counterparty_selected_channel_reserve_satoshis(&self) -> (u64, Option<u64>) {
3037                 let context = &self;
3038                 (context.holder_selected_channel_reserve_satoshis, context.counterparty_selected_channel_reserve_satoshis)
3039         }
3040
3041         /// Get the commitment tx fee for the local's (i.e. our) next commitment transaction based on the
3042         /// number of pending HTLCs that are on track to be in our next commitment tx.
3043         ///
3044         /// Optionally includes the `HTLCCandidate` given by `htlc` and an additional non-dust HTLC if
3045         /// `fee_spike_buffer_htlc` is `Some`.
3046         ///
3047         /// The first extra HTLC is useful for determining whether we can accept a further HTLC, the
3048         /// second allows for creating a buffer to ensure a further HTLC can always be accepted/added.
3049         ///
3050         /// Dust HTLCs are excluded.
3051         fn next_local_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
3052                 let context = &self;
3053                 assert!(context.is_outbound());
3054
3055                 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
3056                         (0, 0)
3057                 } else {
3058                         (context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000,
3059                                 context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
3060                 };
3061                 let real_dust_limit_success_sat = htlc_success_dust_limit + context.holder_dust_limit_satoshis;
3062                 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.holder_dust_limit_satoshis;
3063
3064                 let mut addl_htlcs = 0;
3065                 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
3066                 match htlc.origin {
3067                         HTLCInitiator::LocalOffered => {
3068                                 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
3069                                         addl_htlcs += 1;
3070                                 }
3071                         },
3072                         HTLCInitiator::RemoteOffered => {
3073                                 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
3074                                         addl_htlcs += 1;
3075                                 }
3076                         }
3077                 }
3078
3079                 let mut included_htlcs = 0;
3080                 for ref htlc in context.pending_inbound_htlcs.iter() {
3081                         if htlc.amount_msat / 1000 < real_dust_limit_success_sat {
3082                                 continue
3083                         }
3084                         // We include LocalRemoved HTLCs here because we may still need to broadcast a commitment
3085                         // transaction including this HTLC if it times out before they RAA.
3086                         included_htlcs += 1;
3087                 }
3088
3089                 for ref htlc in context.pending_outbound_htlcs.iter() {
3090                         if htlc.amount_msat / 1000 < real_dust_limit_timeout_sat {
3091                                 continue
3092                         }
3093                         match htlc.state {
3094                                 OutboundHTLCState::LocalAnnounced {..} => included_htlcs += 1,
3095                                 OutboundHTLCState::Committed => included_htlcs += 1,
3096                                 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
3097                                 // We don't include AwaitingRemoteRevokeToRemove HTLCs because our next commitment
3098                                 // transaction won't be generated until they send us their next RAA, which will mean
3099                                 // dropping any HTLCs in this state.
3100                                 _ => {},
3101                         }
3102                 }
3103
3104                 for htlc in context.holding_cell_htlc_updates.iter() {
3105                         match htlc {
3106                                 &HTLCUpdateAwaitingACK::AddHTLC { amount_msat, .. } => {
3107                                         if amount_msat / 1000 < real_dust_limit_timeout_sat {
3108                                                 continue
3109                                         }
3110                                         included_htlcs += 1
3111                                 },
3112                                 _ => {}, // Don't include claims/fails that are awaiting ack, because once we get the
3113                                          // ack we're guaranteed to never include them in commitment txs anymore.
3114                         }
3115                 }
3116
3117                 let num_htlcs = included_htlcs + addl_htlcs;
3118                 let res = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs, &context.channel_type);
3119                 #[cfg(any(test, fuzzing))]
3120                 {
3121                         let mut fee = res;
3122                         if fee_spike_buffer_htlc.is_some() {
3123                                 fee = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs - 1, &context.channel_type);
3124                         }
3125                         let total_pending_htlcs = context.pending_inbound_htlcs.len() + context.pending_outbound_htlcs.len()
3126                                 + context.holding_cell_htlc_updates.len();
3127                         let commitment_tx_info = CommitmentTxInfoCached {
3128                                 fee,
3129                                 total_pending_htlcs,
3130                                 next_holder_htlc_id: match htlc.origin {
3131                                         HTLCInitiator::LocalOffered => context.next_holder_htlc_id + 1,
3132                                         HTLCInitiator::RemoteOffered => context.next_holder_htlc_id,
3133                                 },
3134                                 next_counterparty_htlc_id: match htlc.origin {
3135                                         HTLCInitiator::LocalOffered => context.next_counterparty_htlc_id,
3136                                         HTLCInitiator::RemoteOffered => context.next_counterparty_htlc_id + 1,
3137                                 },
3138                                 feerate: context.feerate_per_kw,
3139                         };
3140                         *context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
3141                 }
3142                 res
3143         }
3144
3145         /// Get the commitment tx fee for the remote's next commitment transaction based on the number of
3146         /// pending HTLCs that are on track to be in their next commitment tx
3147         ///
3148         /// Optionally includes the `HTLCCandidate` given by `htlc` and an additional non-dust HTLC if
3149         /// `fee_spike_buffer_htlc` is `Some`.
3150         ///
3151         /// The first extra HTLC is useful for determining whether we can accept a further HTLC, the
3152         /// second allows for creating a buffer to ensure a further HTLC can always be accepted/added.
3153         ///
3154         /// Dust HTLCs are excluded.
3155         fn next_remote_commit_tx_fee_msat(&self, htlc: HTLCCandidate, fee_spike_buffer_htlc: Option<()>) -> u64 {
3156                 let context = &self;
3157                 assert!(!context.is_outbound());
3158
3159                 let (htlc_success_dust_limit, htlc_timeout_dust_limit) = if context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
3160                         (0, 0)
3161                 } else {
3162                         (context.feerate_per_kw as u64 * htlc_success_tx_weight(context.get_channel_type()) / 1000,
3163                                 context.feerate_per_kw as u64 * htlc_timeout_tx_weight(context.get_channel_type()) / 1000)
3164                 };
3165                 let real_dust_limit_success_sat = htlc_success_dust_limit + context.counterparty_dust_limit_satoshis;
3166                 let real_dust_limit_timeout_sat = htlc_timeout_dust_limit + context.counterparty_dust_limit_satoshis;
3167
3168                 let mut addl_htlcs = 0;
3169                 if fee_spike_buffer_htlc.is_some() { addl_htlcs += 1; }
3170                 match htlc.origin {
3171                         HTLCInitiator::LocalOffered => {
3172                                 if htlc.amount_msat / 1000 >= real_dust_limit_success_sat {
3173                                         addl_htlcs += 1;
3174                                 }
3175                         },
3176                         HTLCInitiator::RemoteOffered => {
3177                                 if htlc.amount_msat / 1000 >= real_dust_limit_timeout_sat {
3178                                         addl_htlcs += 1;
3179                                 }
3180                         }
3181                 }
3182
3183                 // When calculating the set of HTLCs which will be included in their next commitment_signed, all
3184                 // non-dust inbound HTLCs are included (as all states imply it will be included) and only
3185                 // committed outbound HTLCs, see below.
3186                 let mut included_htlcs = 0;
3187                 for ref htlc in context.pending_inbound_htlcs.iter() {
3188                         if htlc.amount_msat / 1000 <= real_dust_limit_timeout_sat {
3189                                 continue
3190                         }
3191                         included_htlcs += 1;
3192                 }
3193
3194                 for ref htlc in context.pending_outbound_htlcs.iter() {
3195                         if htlc.amount_msat / 1000 <= real_dust_limit_success_sat {
3196                                 continue
3197                         }
3198                         // We only include outbound HTLCs if it will not be included in their next commitment_signed,
3199                         // i.e. if they've responded to us with an RAA after announcement.
3200                         match htlc.state {
3201                                 OutboundHTLCState::Committed => included_htlcs += 1,
3202                                 OutboundHTLCState::RemoteRemoved {..} => included_htlcs += 1,
3203                                 OutboundHTLCState::LocalAnnounced { .. } => included_htlcs += 1,
3204                                 _ => {},
3205                         }
3206                 }
3207
3208                 let num_htlcs = included_htlcs + addl_htlcs;
3209                 let res = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs, &context.channel_type);
3210                 #[cfg(any(test, fuzzing))]
3211                 {
3212                         let mut fee = res;
3213                         if fee_spike_buffer_htlc.is_some() {
3214                                 fee = commit_tx_fee_msat(context.feerate_per_kw, num_htlcs - 1, &context.channel_type);
3215                         }
3216                         let total_pending_htlcs = context.pending_inbound_htlcs.len() + context.pending_outbound_htlcs.len();
3217                         let commitment_tx_info = CommitmentTxInfoCached {
3218                                 fee,
3219                                 total_pending_htlcs,
3220                                 next_holder_htlc_id: match htlc.origin {
3221                                         HTLCInitiator::LocalOffered => context.next_holder_htlc_id + 1,
3222                                         HTLCInitiator::RemoteOffered => context.next_holder_htlc_id,
3223                                 },
3224                                 next_counterparty_htlc_id: match htlc.origin {
3225                                         HTLCInitiator::LocalOffered => context.next_counterparty_htlc_id,
3226                                         HTLCInitiator::RemoteOffered => context.next_counterparty_htlc_id + 1,
3227                                 },
3228                                 feerate: context.feerate_per_kw,
3229                         };
3230                         *context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = Some(commitment_tx_info);
3231                 }
3232                 res
3233         }
3234
3235         fn if_unbroadcasted_funding<F, O>(&self, f: F) -> Option<O> where F: Fn() -> Option<O> {
3236                 match self.channel_state {
3237                         ChannelState::FundingNegotiated => f(),
3238                         ChannelState::AwaitingChannelReady(flags) =>
3239                                 if flags.is_set(AwaitingChannelReadyFlags::WAITING_FOR_BATCH) ||
3240                                         flags.is_set(FundedStateFlags::MONITOR_UPDATE_IN_PROGRESS.into())
3241                                 {
3242                                         f()
3243                                 } else {
3244                                         None
3245                                 },
3246                         _ => None,
3247                 }
3248         }
3249
3250         /// Returns the transaction if there is a pending funding transaction that is yet to be
3251         /// broadcast.
3252         pub fn unbroadcasted_funding(&self) -> Option<Transaction> {
3253                 self.if_unbroadcasted_funding(|| self.funding_transaction.clone())
3254         }
3255
3256         /// Returns the transaction ID if there is a pending funding transaction that is yet to be
3257         /// broadcast.
3258         pub fn unbroadcasted_funding_txid(&self) -> Option<Txid> {
3259                 self.if_unbroadcasted_funding(||
3260                         self.channel_transaction_parameters.funding_outpoint.map(|txo| txo.txid)
3261                 )
3262         }
3263
3264         /// Returns whether the channel is funded in a batch.
3265         pub fn is_batch_funding(&self) -> bool {
3266                 self.is_batch_funding.is_some()
3267         }
3268
3269         /// Returns the transaction ID if there is a pending batch funding transaction that is yet to be
3270         /// broadcast.
3271         pub fn unbroadcasted_batch_funding_txid(&self) -> Option<Txid> {
3272                 self.unbroadcasted_funding_txid().filter(|_| self.is_batch_funding())
3273         }
3274
3275         /// Gets the latest commitment transaction and any dependent transactions for relay (forcing
3276         /// shutdown of this channel - no more calls into this Channel may be made afterwards except
3277         /// those explicitly stated to be allowed after shutdown completes, eg some simple getters).
3278         /// Also returns the list of payment_hashes for channels which we can safely fail backwards
3279         /// immediately (others we will have to allow to time out).
3280         pub fn force_shutdown(&mut self, should_broadcast: bool, closure_reason: ClosureReason) -> ShutdownResult {
3281                 // Note that we MUST only generate a monitor update that indicates force-closure - we're
3282                 // called during initialization prior to the chain_monitor in the encompassing ChannelManager
3283                 // being fully configured in some cases. Thus, its likely any monitor events we generate will
3284                 // be delayed in being processed! See the docs for `ChannelManagerReadArgs` for more.
3285                 assert!(!matches!(self.channel_state, ChannelState::ShutdownComplete));
3286
3287                 // We go ahead and "free" any holding cell HTLCs or HTLCs we haven't yet committed to and
3288                 // return them to fail the payment.
3289                 let mut dropped_outbound_htlcs = Vec::with_capacity(self.holding_cell_htlc_updates.len());
3290                 let counterparty_node_id = self.get_counterparty_node_id();
3291                 for htlc_update in self.holding_cell_htlc_updates.drain(..) {
3292                         match htlc_update {
3293                                 HTLCUpdateAwaitingACK::AddHTLC { source, payment_hash, .. } => {
3294                                         dropped_outbound_htlcs.push((source, payment_hash, counterparty_node_id, self.channel_id));
3295                                 },
3296                                 _ => {}
3297                         }
3298                 }
3299                 let monitor_update = if let Some(funding_txo) = self.get_funding_txo() {
3300                         // If we haven't yet exchanged funding signatures (ie channel_state < AwaitingChannelReady),
3301                         // returning a channel monitor update here would imply a channel monitor update before
3302                         // we even registered the channel monitor to begin with, which is invalid.
3303                         // Thus, if we aren't actually at a point where we could conceivably broadcast the
3304                         // funding transaction, don't return a funding txo (which prevents providing the
3305                         // monitor update to the user, even if we return one).
3306                         // See test_duplicate_chan_id and test_pre_lockin_no_chan_closed_update for more.
3307                         if !self.channel_state.is_pre_funded_state() {
3308                                 self.latest_monitor_update_id = CLOSED_CHANNEL_UPDATE_ID;
3309                                 Some((self.get_counterparty_node_id(), funding_txo, self.channel_id(), ChannelMonitorUpdate {
3310                                         update_id: self.latest_monitor_update_id,
3311                                         counterparty_node_id: Some(self.counterparty_node_id),
3312                                         updates: vec![ChannelMonitorUpdateStep::ChannelForceClosed { should_broadcast }],
3313                                         channel_id: Some(self.channel_id()),
3314                                 }))
3315                         } else { None }
3316                 } else { None };
3317                 let unbroadcasted_batch_funding_txid = self.unbroadcasted_batch_funding_txid();
3318                 let unbroadcasted_funding_tx = self.unbroadcasted_funding();
3319
3320                 self.channel_state = ChannelState::ShutdownComplete;
3321                 self.update_time_counter += 1;
3322                 ShutdownResult {
3323                         closure_reason,
3324                         monitor_update,
3325                         dropped_outbound_htlcs,
3326                         unbroadcasted_batch_funding_txid,
3327                         channel_id: self.channel_id,
3328                         user_channel_id: self.user_id,
3329                         channel_capacity_satoshis: self.channel_value_satoshis,
3330                         counterparty_node_id: self.counterparty_node_id,
3331                         unbroadcasted_funding_tx,
3332                         channel_funding_txo: self.get_funding_txo(),
3333                 }
3334         }
3335
3336         /// Only allowed after [`Self::channel_transaction_parameters`] is set.
3337         fn get_funding_signed_msg<L: Deref>(&mut self, logger: &L) -> (CommitmentTransaction, Option<msgs::FundingSigned>) where L::Target: Logger {
3338                 let counterparty_keys = self.build_remote_transaction_keys();
3339                 let counterparty_initial_commitment_tx = self.build_commitment_transaction(self.cur_counterparty_commitment_transaction_number + 1, &counterparty_keys, false, false, logger).tx;
3340
3341                 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
3342                 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
3343                 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
3344                         &self.channel_id(), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
3345
3346                 match &self.holder_signer {
3347                         // TODO (arik): move match into calling method for Taproot
3348                         ChannelSignerType::Ecdsa(ecdsa) => {
3349                                 let funding_signed = ecdsa.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), Vec::new(), &self.secp_ctx)
3350                                         .map(|(signature, _)| msgs::FundingSigned {
3351                                                 channel_id: self.channel_id(),
3352                                                 signature,
3353                                                 #[cfg(taproot)]
3354                                                 partial_signature_with_nonce: None,
3355                                         })
3356                                         .ok();
3357
3358                                 if funding_signed.is_none() {
3359                                         #[cfg(not(async_signing))] {
3360                                                 panic!("Failed to get signature for funding_signed");
3361                                         }
3362                                         #[cfg(async_signing)] {
3363                                                 log_trace!(logger, "Counterparty commitment signature not available for funding_signed message; setting signer_pending_funding");
3364                                                 self.signer_pending_funding = true;
3365                                         }
3366                                 } else if self.signer_pending_funding {
3367                                         log_trace!(logger, "Counterparty commitment signature available for funding_signed message; clearing signer_pending_funding");
3368                                         self.signer_pending_funding = false;
3369                                 }
3370
3371                                 // We sign "counterparty" commitment transaction, allowing them to broadcast the tx if they wish.
3372                                 (counterparty_initial_commitment_tx, funding_signed)
3373                         },
3374                         // TODO (taproot|arik)
3375                         #[cfg(taproot)]
3376                         _ => todo!()
3377                 }
3378         }
3379
3380         /// If we receive an error message when attempting to open a channel, it may only be a rejection
3381         /// of the channel type we tried, not of our ability to open any channel at all. We can see if a
3382         /// downgrade of channel features would be possible so that we can still open the channel.
3383         pub(crate) fn maybe_downgrade_channel_features<F: Deref>(
3384                 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>
3385         ) -> Result<(), ()>
3386         where
3387                 F::Target: FeeEstimator
3388         {
3389                 if !self.is_outbound() ||
3390                         !matches!(
3391                                 self.channel_state, ChannelState::NegotiatingFunding(flags)
3392                                 if flags == NegotiatingFundingFlags::OUR_INIT_SENT
3393                         )
3394                 {
3395                         return Err(());
3396                 }
3397                 if self.channel_type == ChannelTypeFeatures::only_static_remote_key() {
3398                         // We've exhausted our options
3399                         return Err(());
3400                 }
3401                 // We support opening a few different types of channels. Try removing our additional
3402                 // features one by one until we've either arrived at our default or the counterparty has
3403                 // accepted one.
3404                 //
3405                 // Due to the order below, we may not negotiate `option_anchors_zero_fee_htlc_tx` if the
3406                 // counterparty doesn't support `option_scid_privacy`. Since `get_initial_channel_type`
3407                 // checks whether the counterparty supports every feature, this would only happen if the
3408                 // counterparty is advertising the feature, but rejecting channels proposing the feature for
3409                 // whatever reason.
3410                 if self.channel_type.supports_anchors_zero_fee_htlc_tx() {
3411                         self.channel_type.clear_anchors_zero_fee_htlc_tx();
3412                         self.feerate_per_kw = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::NonAnchorChannelFee);
3413                         assert!(!self.channel_transaction_parameters.channel_type_features.supports_anchors_nonzero_fee_htlc_tx());
3414                 } else if self.channel_type.supports_scid_privacy() {
3415                         self.channel_type.clear_scid_privacy();
3416                 } else {
3417                         self.channel_type = ChannelTypeFeatures::only_static_remote_key();
3418                 }
3419                 self.channel_transaction_parameters.channel_type_features = self.channel_type.clone();
3420                 Ok(())
3421         }
3422 }
3423
3424 // Internal utility functions for channels
3425
3426 /// Returns the value to use for `holder_max_htlc_value_in_flight_msat` as a percentage of the
3427 /// `channel_value_satoshis` in msat, set through
3428 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]
3429 ///
3430 /// The effective percentage is lower bounded by 1% and upper bounded by 100%.
3431 ///
3432 /// [`ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel`]: crate::util::config::ChannelHandshakeConfig::max_inbound_htlc_value_in_flight_percent_of_channel
3433 fn get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis: u64, config: &ChannelHandshakeConfig) -> u64 {
3434         let configured_percent = if config.max_inbound_htlc_value_in_flight_percent_of_channel < 1 {
3435                 1
3436         } else if config.max_inbound_htlc_value_in_flight_percent_of_channel > 100 {
3437                 100
3438         } else {
3439                 config.max_inbound_htlc_value_in_flight_percent_of_channel as u64
3440         };
3441         channel_value_satoshis * 10 * configured_percent
3442 }
3443
3444 /// Returns a minimum channel reserve value the remote needs to maintain,
3445 /// required by us according to the configured or default
3446 /// [`ChannelHandshakeConfig::their_channel_reserve_proportional_millionths`]
3447 ///
3448 /// Guaranteed to return a value no larger than channel_value_satoshis
3449 ///
3450 /// This is used both for outbound and inbound channels and has lower bound
3451 /// of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`.
3452 pub(crate) fn get_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64, config: &UserConfig) -> u64 {
3453         let calculated_reserve = channel_value_satoshis.saturating_mul(config.channel_handshake_config.their_channel_reserve_proportional_millionths as u64) / 1_000_000;
3454         cmp::min(channel_value_satoshis, cmp::max(calculated_reserve, MIN_THEIR_CHAN_RESERVE_SATOSHIS))
3455 }
3456
3457 /// This is for legacy reasons, present for forward-compatibility.
3458 /// LDK versions older than 0.0.104 don't know how read/handle values other than default
3459 /// from storage. Hence, we use this function to not persist default values of
3460 /// `holder_selected_channel_reserve_satoshis` for channels into storage.
3461 pub(crate) fn get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis: u64) -> u64 {
3462         let (q, _) = channel_value_satoshis.overflowing_div(100);
3463         cmp::min(channel_value_satoshis, cmp::max(q, 1000))
3464 }
3465
3466 /// Returns a minimum channel reserve value each party needs to maintain, fixed in the spec to a
3467 /// default of 1% of the total channel value.
3468 ///
3469 /// Guaranteed to return a value no larger than channel_value_satoshis
3470 ///
3471 /// This is used both for outbound and inbound channels and has lower bound
3472 /// of `dust_limit_satoshis`.
3473 #[cfg(dual_funding)]
3474 fn get_v2_channel_reserve_satoshis(channel_value_satoshis: u64, dust_limit_satoshis: u64) -> u64 {
3475         // Fixed at 1% of channel value by spec.
3476         let (q, _) = channel_value_satoshis.overflowing_div(100);
3477         cmp::min(channel_value_satoshis, cmp::max(q, dust_limit_satoshis))
3478 }
3479
3480 // Get the fee cost in SATS of a commitment tx with a given number of HTLC outputs.
3481 // Note that num_htlcs should not include dust HTLCs.
3482 #[inline]
3483 fn commit_tx_fee_sat(feerate_per_kw: u32, num_htlcs: usize, channel_type_features: &ChannelTypeFeatures) -> u64 {
3484         feerate_per_kw as u64 * (commitment_tx_base_weight(channel_type_features) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) / 1000
3485 }
3486
3487 // Get the fee cost in MSATS of a commitment tx with a given number of HTLC outputs.
3488 // Note that num_htlcs should not include dust HTLCs.
3489 pub(crate) fn commit_tx_fee_msat(feerate_per_kw: u32, num_htlcs: usize, channel_type_features: &ChannelTypeFeatures) -> u64 {
3490         // Note that we need to divide before multiplying to round properly,
3491         // since the lowest denomination of bitcoin on-chain is the satoshi.
3492         (commitment_tx_base_weight(channel_type_features) + num_htlcs as u64 * COMMITMENT_TX_WEIGHT_PER_HTLC) * feerate_per_kw as u64 / 1000 * 1000
3493 }
3494
3495 /// Context for dual-funded channels.
3496 #[cfg(dual_funding)]
3497 pub(super) struct DualFundingChannelContext {
3498         /// The amount in satoshis we will be contributing to the channel.
3499         pub our_funding_satoshis: u64,
3500         /// The amount in satoshis our counterparty will be contributing to the channel.
3501         pub their_funding_satoshis: u64,
3502         /// The funding transaction locktime suggested by the initiator. If set by us, it is always set
3503         /// to the current block height to align incentives against fee-sniping.
3504         pub funding_tx_locktime: u32,
3505         /// The feerate set by the initiator to be used for the funding transaction.
3506         pub funding_feerate_sat_per_1000_weight: u32,
3507 }
3508
3509 // Holder designates channel data owned for the benefit of the user client.
3510 // Counterparty designates channel data owned by the another channel participant entity.
3511 pub(super) struct Channel<SP: Deref> where SP::Target: SignerProvider {
3512         pub context: ChannelContext<SP>,
3513         #[cfg(dual_funding)]
3514         pub dual_funding_channel_context: Option<DualFundingChannelContext>,
3515 }
3516
3517 #[cfg(any(test, fuzzing))]
3518 struct CommitmentTxInfoCached {
3519         fee: u64,
3520         total_pending_htlcs: usize,
3521         next_holder_htlc_id: u64,
3522         next_counterparty_htlc_id: u64,
3523         feerate: u32,
3524 }
3525
3526 /// Contents of a wire message that fails an HTLC backwards. Useful for [`Channel::fail_htlc`] to
3527 /// fail with either [`msgs::UpdateFailMalformedHTLC`] or [`msgs::UpdateFailHTLC`] as needed.
3528 trait FailHTLCContents {
3529         type Message: FailHTLCMessageName;
3530         fn to_message(self, htlc_id: u64, channel_id: ChannelId) -> Self::Message;
3531         fn to_inbound_htlc_state(self) -> InboundHTLCState;
3532         fn to_htlc_update_awaiting_ack(self, htlc_id: u64) -> HTLCUpdateAwaitingACK;
3533 }
3534 impl FailHTLCContents for msgs::OnionErrorPacket {
3535         type Message = msgs::UpdateFailHTLC;
3536         fn to_message(self, htlc_id: u64, channel_id: ChannelId) -> Self::Message {
3537                 msgs::UpdateFailHTLC { htlc_id, channel_id, reason: self }
3538         }
3539         fn to_inbound_htlc_state(self) -> InboundHTLCState {
3540                 InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(self))
3541         }
3542         fn to_htlc_update_awaiting_ack(self, htlc_id: u64) -> HTLCUpdateAwaitingACK {
3543                 HTLCUpdateAwaitingACK::FailHTLC { htlc_id, err_packet: self }
3544         }
3545 }
3546 impl FailHTLCContents for ([u8; 32], u16) {
3547         type Message = msgs::UpdateFailMalformedHTLC;
3548         fn to_message(self, htlc_id: u64, channel_id: ChannelId) -> Self::Message {
3549                 msgs::UpdateFailMalformedHTLC {
3550                         htlc_id,
3551                         channel_id,
3552                         sha256_of_onion: self.0,
3553                         failure_code: self.1
3554                 }
3555         }
3556         fn to_inbound_htlc_state(self) -> InboundHTLCState {
3557                 InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailMalformed(self))
3558         }
3559         fn to_htlc_update_awaiting_ack(self, htlc_id: u64) -> HTLCUpdateAwaitingACK {
3560                 HTLCUpdateAwaitingACK::FailMalformedHTLC {
3561                         htlc_id,
3562                         sha256_of_onion: self.0,
3563                         failure_code: self.1
3564                 }
3565         }
3566 }
3567
3568 trait FailHTLCMessageName {
3569         fn name() -> &'static str;
3570 }
3571 impl FailHTLCMessageName for msgs::UpdateFailHTLC {
3572         fn name() -> &'static str {
3573                 "update_fail_htlc"
3574         }
3575 }
3576 impl FailHTLCMessageName for msgs::UpdateFailMalformedHTLC {
3577         fn name() -> &'static str {
3578                 "update_fail_malformed_htlc"
3579         }
3580 }
3581
3582 impl<SP: Deref> Channel<SP> where
3583         SP::Target: SignerProvider,
3584         <SP::Target as SignerProvider>::EcdsaSigner: WriteableEcdsaChannelSigner
3585 {
3586         fn check_remote_fee<F: Deref, L: Deref>(
3587                 channel_type: &ChannelTypeFeatures, fee_estimator: &LowerBoundedFeeEstimator<F>,
3588                 feerate_per_kw: u32, cur_feerate_per_kw: Option<u32>, logger: &L
3589         ) -> Result<(), ChannelError> where F::Target: FeeEstimator, L::Target: Logger,
3590         {
3591                 let lower_limit_conf_target = if channel_type.supports_anchors_zero_fee_htlc_tx() {
3592                         ConfirmationTarget::MinAllowedAnchorChannelRemoteFee
3593                 } else {
3594                         ConfirmationTarget::MinAllowedNonAnchorChannelRemoteFee
3595                 };
3596                 let lower_limit = fee_estimator.bounded_sat_per_1000_weight(lower_limit_conf_target);
3597                 if feerate_per_kw < lower_limit {
3598                         if let Some(cur_feerate) = cur_feerate_per_kw {
3599                                 if feerate_per_kw > cur_feerate {
3600                                         log_warn!(logger,
3601                                                 "Accepting feerate that may prevent us from closing this channel because it's higher than what we have now. Had {} s/kW, now {} s/kW.",
3602                                                 cur_feerate, feerate_per_kw);
3603                                         return Ok(());
3604                                 }
3605                         }
3606                         return Err(ChannelError::Close(format!("Peer's feerate much too low. Actual: {}. Our expected lower limit: {}", feerate_per_kw, lower_limit)));
3607                 }
3608                 Ok(())
3609         }
3610
3611         #[inline]
3612         fn get_closing_scriptpubkey(&self) -> ScriptBuf {
3613                 // The shutdown scriptpubkey is set on channel opening when option_upfront_shutdown_script
3614                 // is signaled. Otherwise, it is set when sending a shutdown message. Calling this method
3615                 // outside of those situations will fail.
3616                 self.context.shutdown_scriptpubkey.clone().unwrap().into_inner()
3617         }
3618
3619         #[inline]
3620         fn get_closing_transaction_weight(&self, a_scriptpubkey: Option<&Script>, b_scriptpubkey: Option<&Script>) -> u64 {
3621                 let mut ret =
3622                 (4 +                                                   // version
3623                  1 +                                                   // input count
3624                  36 +                                                  // prevout
3625                  1 +                                                   // script length (0)
3626                  4 +                                                   // sequence
3627                  1 +                                                   // output count
3628                  4                                                     // lock time
3629                  )*4 +                                                 // * 4 for non-witness parts
3630                 2 +                                                    // witness marker and flag
3631                 1 +                                                    // witness element count
3632                 4 +                                                    // 4 element lengths (2 sigs, multisig dummy, and witness script)
3633                 self.context.get_funding_redeemscript().len() as u64 + // funding witness script
3634                 2*(1 + 71);                                            // two signatures + sighash type flags
3635                 if let Some(spk) = a_scriptpubkey {
3636                         ret += ((8+1) +                                    // output values and script length
3637                                 spk.len() as u64) * 4;                         // scriptpubkey and witness multiplier
3638                 }
3639                 if let Some(spk) = b_scriptpubkey {
3640                         ret += ((8+1) +                                    // output values and script length
3641                                 spk.len() as u64) * 4;                         // scriptpubkey and witness multiplier
3642                 }
3643                 ret
3644         }
3645
3646         #[inline]
3647         fn build_closing_transaction(&self, proposed_total_fee_satoshis: u64, skip_remote_output: bool) -> (ClosingTransaction, u64) {
3648                 assert!(self.context.pending_inbound_htlcs.is_empty());
3649                 assert!(self.context.pending_outbound_htlcs.is_empty());
3650                 assert!(self.context.pending_update_fee.is_none());
3651
3652                 let mut total_fee_satoshis = proposed_total_fee_satoshis;
3653                 let mut value_to_holder: i64 = (self.context.value_to_self_msat as i64) / 1000 - if self.context.is_outbound() { total_fee_satoshis as i64 } else { 0 };
3654                 let mut value_to_counterparty: i64 = ((self.context.channel_value_satoshis * 1000 - self.context.value_to_self_msat) as i64 / 1000) - if self.context.is_outbound() { 0 } else { total_fee_satoshis as i64 };
3655
3656                 if value_to_holder < 0 {
3657                         assert!(self.context.is_outbound());
3658                         total_fee_satoshis += (-value_to_holder) as u64;
3659                 } else if value_to_counterparty < 0 {
3660                         assert!(!self.context.is_outbound());
3661                         total_fee_satoshis += (-value_to_counterparty) as u64;
3662                 }
3663
3664                 if skip_remote_output || value_to_counterparty as u64 <= self.context.holder_dust_limit_satoshis {
3665                         value_to_counterparty = 0;
3666                 }
3667
3668                 if value_to_holder as u64 <= self.context.holder_dust_limit_satoshis {
3669                         value_to_holder = 0;
3670                 }
3671
3672                 assert!(self.context.shutdown_scriptpubkey.is_some());
3673                 let holder_shutdown_script = self.get_closing_scriptpubkey();
3674                 let counterparty_shutdown_script = self.context.counterparty_shutdown_scriptpubkey.clone().unwrap();
3675                 let funding_outpoint = self.funding_outpoint().into_bitcoin_outpoint();
3676
3677                 let closing_transaction = ClosingTransaction::new(value_to_holder as u64, value_to_counterparty as u64, holder_shutdown_script, counterparty_shutdown_script, funding_outpoint);
3678                 (closing_transaction, total_fee_satoshis)
3679         }
3680
3681         fn funding_outpoint(&self) -> OutPoint {
3682                 self.context.channel_transaction_parameters.funding_outpoint.unwrap()
3683         }
3684
3685         /// Claims an HTLC while we're disconnected from a peer, dropping the [`ChannelMonitorUpdate`]
3686         /// entirely.
3687         ///
3688         /// The [`ChannelMonitor`] for this channel MUST be updated out-of-band with the preimage
3689         /// provided (i.e. without calling [`crate::chain::Watch::update_channel`]).
3690         ///
3691         /// The HTLC claim will end up in the holding cell (because the caller must ensure the peer is
3692         /// disconnected).
3693         pub fn claim_htlc_while_disconnected_dropping_mon_update<L: Deref>
3694                 (&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L)
3695         where L::Target: Logger {
3696                 // Assert that we'll add the HTLC claim to the holding cell in `get_update_fulfill_htlc`
3697                 // (see equivalent if condition there).
3698                 assert!(!self.context.channel_state.can_generate_new_commitment());
3699                 let mon_update_id = self.context.latest_monitor_update_id; // Forget the ChannelMonitor update
3700                 let fulfill_resp = self.get_update_fulfill_htlc(htlc_id_arg, payment_preimage_arg, logger);
3701                 self.context.latest_monitor_update_id = mon_update_id;
3702                 if let UpdateFulfillFetch::NewClaim { msg, .. } = fulfill_resp {
3703                         assert!(msg.is_none()); // The HTLC must have ended up in the holding cell.
3704                 }
3705         }
3706
3707         fn get_update_fulfill_htlc<L: Deref>(&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage, logger: &L) -> UpdateFulfillFetch where L::Target: Logger {
3708                 // Either ChannelReady got set (which means it won't be unset) or there is no way any
3709                 // caller thought we could have something claimed (cause we wouldn't have accepted in an
3710                 // incoming HTLC anyway). If we got to ShutdownComplete, callers aren't allowed to call us,
3711                 // either.
3712                 if !matches!(self.context.channel_state, ChannelState::ChannelReady(_)) {
3713                         panic!("Was asked to fulfill an HTLC when channel was not in an operational state");
3714                 }
3715
3716                 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
3717                 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
3718                 // these, but for now we just have to treat them as normal.
3719
3720                 let mut pending_idx = core::usize::MAX;
3721                 let mut htlc_value_msat = 0;
3722                 for (idx, htlc) in self.context.pending_inbound_htlcs.iter().enumerate() {
3723                         if htlc.htlc_id == htlc_id_arg {
3724                                 debug_assert_eq!(htlc.payment_hash, PaymentHash(Sha256::hash(&payment_preimage_arg.0[..]).to_byte_array()));
3725                                 log_debug!(logger, "Claiming inbound HTLC id {} with payment hash {} with preimage {}",
3726                                         htlc.htlc_id, htlc.payment_hash, payment_preimage_arg);
3727                                 match htlc.state {
3728                                         InboundHTLCState::Committed => {},
3729                                         InboundHTLCState::LocalRemoved(ref reason) => {
3730                                                 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
3731                                                 } else {
3732                                                         log_warn!(logger, "Have preimage and want to fulfill HTLC with payment hash {} we already failed against channel {}", &htlc.payment_hash, &self.context.channel_id());
3733                                                         debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
3734                                                 }
3735                                                 return UpdateFulfillFetch::DuplicateClaim {};
3736                                         },
3737                                         _ => {
3738                                                 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
3739                                                 // Don't return in release mode here so that we can update channel_monitor
3740                                         }
3741                                 }
3742                                 pending_idx = idx;
3743                                 htlc_value_msat = htlc.amount_msat;
3744                                 break;
3745                         }
3746                 }
3747                 if pending_idx == core::usize::MAX {
3748                         #[cfg(any(test, fuzzing))]
3749                         // If we failed to find an HTLC to fulfill, make sure it was previously fulfilled and
3750                         // this is simply a duplicate claim, not previously failed and we lost funds.
3751                         debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
3752                         return UpdateFulfillFetch::DuplicateClaim {};
3753                 }
3754
3755                 // Now update local state:
3756                 //
3757                 // We have to put the payment_preimage in the channel_monitor right away here to ensure we
3758                 // can claim it even if the channel hits the chain before we see their next commitment.
3759                 self.context.latest_monitor_update_id += 1;
3760                 let monitor_update = ChannelMonitorUpdate {
3761                         update_id: self.context.latest_monitor_update_id,
3762                         counterparty_node_id: Some(self.context.counterparty_node_id),
3763                         updates: vec![ChannelMonitorUpdateStep::PaymentPreimage {
3764                                 payment_preimage: payment_preimage_arg.clone(),
3765                         }],
3766                         channel_id: Some(self.context.channel_id()),
3767                 };
3768
3769                 if !self.context.channel_state.can_generate_new_commitment() {
3770                         // Note that this condition is the same as the assertion in
3771                         // `claim_htlc_while_disconnected_dropping_mon_update` and must match exactly -
3772                         // `claim_htlc_while_disconnected_dropping_mon_update` would not work correctly if we
3773                         // do not not get into this branch.
3774                         for pending_update in self.context.holding_cell_htlc_updates.iter() {
3775                                 match pending_update {
3776                                         &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
3777                                                 if htlc_id_arg == htlc_id {
3778                                                         // Make sure we don't leave latest_monitor_update_id incremented here:
3779                                                         self.context.latest_monitor_update_id -= 1;
3780                                                         #[cfg(any(test, fuzzing))]
3781                                                         debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
3782                                                         return UpdateFulfillFetch::DuplicateClaim {};
3783                                                 }
3784                                         },
3785                                         &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } |
3786                                                 &HTLCUpdateAwaitingACK::FailMalformedHTLC { htlc_id, .. } =>
3787                                         {
3788                                                 if htlc_id_arg == htlc_id {
3789                                                         log_warn!(logger, "Have preimage and want to fulfill HTLC with pending failure against channel {}", &self.context.channel_id());
3790                                                         // TODO: We may actually be able to switch to a fulfill here, though its
3791                                                         // rare enough it may not be worth the complexity burden.
3792                                                         debug_assert!(false, "Tried to fulfill an HTLC that was already failed");
3793                                                         return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
3794                                                 }
3795                                         },
3796                                         _ => {}
3797                                 }
3798                         }
3799                         log_trace!(logger, "Adding HTLC claim to holding_cell in channel {}! Current state: {}", &self.context.channel_id(), self.context.channel_state.to_u32());
3800                         self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::ClaimHTLC {
3801                                 payment_preimage: payment_preimage_arg, htlc_id: htlc_id_arg,
3802                         });
3803                         #[cfg(any(test, fuzzing))]
3804                         self.context.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
3805                         return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
3806                 }
3807                 #[cfg(any(test, fuzzing))]
3808                 self.context.historical_inbound_htlc_fulfills.insert(htlc_id_arg);
3809
3810                 {
3811                         let htlc = &mut self.context.pending_inbound_htlcs[pending_idx];
3812                         if let InboundHTLCState::Committed = htlc.state {
3813                         } else {
3814                                 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
3815                                 return UpdateFulfillFetch::NewClaim { monitor_update, htlc_value_msat, msg: None };
3816                         }
3817                         log_trace!(logger, "Upgrading HTLC {} to LocalRemoved with a Fulfill in channel {}!", &htlc.payment_hash, &self.context.channel_id);
3818                         htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(payment_preimage_arg.clone()));
3819                 }
3820
3821                 UpdateFulfillFetch::NewClaim {
3822                         monitor_update,
3823                         htlc_value_msat,
3824                         msg: Some(msgs::UpdateFulfillHTLC {
3825                                 channel_id: self.context.channel_id(),
3826                                 htlc_id: htlc_id_arg,
3827                                 payment_preimage: payment_preimage_arg,
3828                         }),
3829                 }
3830         }
3831
3832         pub fn get_update_fulfill_htlc_and_commit<L: Deref>(&mut self, htlc_id: u64, payment_preimage: PaymentPreimage, logger: &L) -> UpdateFulfillCommitFetch where L::Target: Logger {
3833                 let release_cs_monitor = self.context.blocked_monitor_updates.is_empty();
3834                 match self.get_update_fulfill_htlc(htlc_id, payment_preimage, logger) {
3835                         UpdateFulfillFetch::NewClaim { mut monitor_update, htlc_value_msat, msg } => {
3836                                 // Even if we aren't supposed to let new monitor updates with commitment state
3837                                 // updates run, we still need to push the preimage ChannelMonitorUpdateStep no
3838                                 // matter what. Sadly, to push a new monitor update which flies before others
3839                                 // already queued, we have to insert it into the pending queue and update the
3840                                 // update_ids of all the following monitors.
3841                                 if release_cs_monitor && msg.is_some() {
3842                                         let mut additional_update = self.build_commitment_no_status_check(logger);
3843                                         // build_commitment_no_status_check may bump latest_monitor_id but we want them
3844                                         // to be strictly increasing by one, so decrement it here.
3845                                         self.context.latest_monitor_update_id = monitor_update.update_id;
3846                                         monitor_update.updates.append(&mut additional_update.updates);
3847                                 } else {
3848                                         let new_mon_id = self.context.blocked_monitor_updates.get(0)
3849                                                 .map(|upd| upd.update.update_id).unwrap_or(monitor_update.update_id);
3850                                         monitor_update.update_id = new_mon_id;
3851                                         for held_update in self.context.blocked_monitor_updates.iter_mut() {
3852                                                 held_update.update.update_id += 1;
3853                                         }
3854                                         if msg.is_some() {
3855                                                 debug_assert!(false, "If there is a pending blocked monitor we should have MonitorUpdateInProgress set");
3856                                                 let update = self.build_commitment_no_status_check(logger);
3857                                                 self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
3858                                                         update,
3859                                                 });
3860                                         }
3861                                 }
3862
3863                                 self.monitor_updating_paused(false, msg.is_some(), false, Vec::new(), Vec::new(), Vec::new());
3864                                 UpdateFulfillCommitFetch::NewClaim { monitor_update, htlc_value_msat, }
3865                         },
3866                         UpdateFulfillFetch::DuplicateClaim {} => UpdateFulfillCommitFetch::DuplicateClaim {},
3867                 }
3868         }
3869
3870         /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
3871         /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
3872         /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
3873         /// before we fail backwards.
3874         ///
3875         /// If we do fail twice, we `debug_assert!(false)` and return `Ok(None)`. Thus, this will always
3876         /// return `Ok(_)` if preconditions are met. In any case, `Err`s will only be
3877         /// [`ChannelError::Ignore`].
3878         pub fn queue_fail_htlc<L: Deref>(&mut self, htlc_id_arg: u64, err_packet: msgs::OnionErrorPacket, logger: &L)
3879         -> Result<(), ChannelError> where L::Target: Logger {
3880                 self.fail_htlc(htlc_id_arg, err_packet, true, logger)
3881                         .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
3882         }
3883
3884         /// Used for failing back with [`msgs::UpdateFailMalformedHTLC`]. For now, this is used when we
3885         /// want to fail blinded HTLCs where we are not the intro node.
3886         ///
3887         /// See [`Self::queue_fail_htlc`] for more info.
3888         pub fn queue_fail_malformed_htlc<L: Deref>(
3889                 &mut self, htlc_id_arg: u64, failure_code: u16, sha256_of_onion: [u8; 32], logger: &L
3890         ) -> Result<(), ChannelError> where L::Target: Logger {
3891                 self.fail_htlc(htlc_id_arg, (sha256_of_onion, failure_code), true, logger)
3892                         .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
3893         }
3894
3895         /// We can only have one resolution per HTLC. In some cases around reconnect, we may fulfill
3896         /// an HTLC more than once or fulfill once and then attempt to fail after reconnect. We cannot,
3897         /// however, fail more than once as we wait for an upstream failure to be irrevocably committed
3898         /// before we fail backwards.
3899         ///
3900         /// If we do fail twice, we `debug_assert!(false)` and return `Ok(None)`. Thus, this will always
3901         /// return `Ok(_)` if preconditions are met. In any case, `Err`s will only be
3902         /// [`ChannelError::Ignore`].
3903         fn fail_htlc<L: Deref, E: FailHTLCContents + Clone>(
3904                 &mut self, htlc_id_arg: u64, err_contents: E, mut force_holding_cell: bool,
3905                 logger: &L
3906         ) -> Result<Option<E::Message>, ChannelError> where L::Target: Logger {
3907                 if !matches!(self.context.channel_state, ChannelState::ChannelReady(_)) {
3908                         panic!("Was asked to fail an HTLC when channel was not in an operational state");
3909                 }
3910
3911                 // ChannelManager may generate duplicate claims/fails due to HTLC update events from
3912                 // on-chain ChannelsMonitors during block rescan. Ideally we'd figure out a way to drop
3913                 // these, but for now we just have to treat them as normal.
3914
3915                 let mut pending_idx = core::usize::MAX;
3916                 for (idx, htlc) in self.context.pending_inbound_htlcs.iter().enumerate() {
3917                         if htlc.htlc_id == htlc_id_arg {
3918                                 match htlc.state {
3919                                         InboundHTLCState::Committed => {},
3920                                         InboundHTLCState::LocalRemoved(ref reason) => {
3921                                                 if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
3922                                                 } else {
3923                                                         debug_assert!(false, "Tried to fail an HTLC that was already failed");
3924                                                 }
3925                                                 return Ok(None);
3926                                         },
3927                                         _ => {
3928                                                 debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
3929                                                 return Err(ChannelError::Ignore(format!("Unable to find a pending HTLC which matched the given HTLC ID ({})", htlc.htlc_id)));
3930                                         }
3931                                 }
3932                                 pending_idx = idx;
3933                         }
3934                 }
3935                 if pending_idx == core::usize::MAX {
3936                         #[cfg(any(test, fuzzing))]
3937                         // If we failed to find an HTLC to fail, make sure it was previously fulfilled and this
3938                         // is simply a duplicate fail, not previously failed and we failed-back too early.
3939                         debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
3940                         return Ok(None);
3941                 }
3942
3943                 if !self.context.channel_state.can_generate_new_commitment() {
3944                         debug_assert!(force_holding_cell, "!force_holding_cell is only called when emptying the holding cell, so we shouldn't end up back in it!");
3945                         force_holding_cell = true;
3946                 }
3947
3948                 // Now update local state:
3949                 if force_holding_cell {
3950                         for pending_update in self.context.holding_cell_htlc_updates.iter() {
3951                                 match pending_update {
3952                                         &HTLCUpdateAwaitingACK::ClaimHTLC { htlc_id, .. } => {
3953                                                 if htlc_id_arg == htlc_id {
3954                                                         #[cfg(any(test, fuzzing))]
3955                                                         debug_assert!(self.context.historical_inbound_htlc_fulfills.contains(&htlc_id_arg));
3956                                                         return Ok(None);
3957                                                 }
3958                                         },
3959                                         &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, .. } |
3960                                                 &HTLCUpdateAwaitingACK::FailMalformedHTLC { htlc_id, .. } =>
3961                                         {
3962                                                 if htlc_id_arg == htlc_id {
3963                                                         debug_assert!(false, "Tried to fail an HTLC that was already failed");
3964                                                         return Err(ChannelError::Ignore("Unable to find a pending HTLC which matched the given HTLC ID".to_owned()));
3965                                                 }
3966                                         },
3967                                         _ => {}
3968                                 }
3969                         }
3970                         log_trace!(logger, "Placing failure for HTLC ID {} in holding cell in channel {}.", htlc_id_arg, &self.context.channel_id());
3971                         self.context.holding_cell_htlc_updates.push(err_contents.to_htlc_update_awaiting_ack(htlc_id_arg));
3972                         return Ok(None);
3973                 }
3974
3975                 log_trace!(logger, "Failing HTLC ID {} back with {} message in channel {}.", htlc_id_arg,
3976                         E::Message::name(), &self.context.channel_id());
3977                 {
3978                         let htlc = &mut self.context.pending_inbound_htlcs[pending_idx];
3979                         htlc.state = err_contents.clone().to_inbound_htlc_state();
3980                 }
3981
3982                 Ok(Some(err_contents.to_message(htlc_id_arg, self.context.channel_id())))
3983         }
3984
3985         // Message handlers:
3986         /// Updates the state of the channel to indicate that all channels in the batch have received
3987         /// funding_signed and persisted their monitors.
3988         /// The funding transaction is consequently allowed to be broadcast, and the channel can be
3989         /// treated as a non-batch channel going forward.
3990         pub fn set_batch_ready(&mut self) {
3991                 self.context.is_batch_funding = None;
3992                 self.context.channel_state.clear_waiting_for_batch();
3993         }
3994
3995         /// Unsets the existing funding information.
3996         ///
3997         /// This must only be used if the channel has not yet completed funding and has not been used.
3998         ///
3999         /// Further, the channel must be immediately shut down after this with a call to
4000         /// [`ChannelContext::force_shutdown`].
4001         pub fn unset_funding_info(&mut self, temporary_channel_id: ChannelId) {
4002                 debug_assert!(matches!(
4003                         self.context.channel_state, ChannelState::AwaitingChannelReady(_)
4004                 ));
4005                 self.context.channel_transaction_parameters.funding_outpoint = None;
4006                 self.context.channel_id = temporary_channel_id;
4007         }
4008
4009         /// Handles a channel_ready message from our peer. If we've already sent our channel_ready
4010         /// and the channel is now usable (and public), this may generate an announcement_signatures to
4011         /// reply with.
4012         pub fn channel_ready<NS: Deref, L: Deref>(
4013                 &mut self, msg: &msgs::ChannelReady, node_signer: &NS, chain_hash: ChainHash,
4014                 user_config: &UserConfig, best_block: &BestBlock, logger: &L
4015         ) -> Result<Option<msgs::AnnouncementSignatures>, ChannelError>
4016         where
4017                 NS::Target: NodeSigner,
4018                 L::Target: Logger
4019         {
4020                 if self.context.channel_state.is_peer_disconnected() {
4021                         self.context.workaround_lnd_bug_4006 = Some(msg.clone());
4022                         return Err(ChannelError::Ignore("Peer sent channel_ready when we needed a channel_reestablish. The peer is likely lnd, see https://github.com/lightningnetwork/lnd/issues/4006".to_owned()));
4023                 }
4024
4025                 if let Some(scid_alias) = msg.short_channel_id_alias {
4026                         if Some(scid_alias) != self.context.short_channel_id {
4027                                 // The scid alias provided can be used to route payments *from* our counterparty,
4028                                 // i.e. can be used for inbound payments and provided in invoices, but is not used
4029                                 // when routing outbound payments.
4030                                 self.context.latest_inbound_scid_alias = Some(scid_alias);
4031                         }
4032                 }
4033
4034                 // Our channel_ready shouldn't have been sent if we are waiting for other channels in the
4035                 // batch, but we can receive channel_ready messages.
4036                 let mut check_reconnection = false;
4037                 match &self.context.channel_state {
4038                         ChannelState::AwaitingChannelReady(flags) => {
4039                                 let flags = flags.clone().clear(FundedStateFlags::ALL.into());
4040                                 debug_assert!(!flags.is_set(AwaitingChannelReadyFlags::OUR_CHANNEL_READY) || !flags.is_set(AwaitingChannelReadyFlags::WAITING_FOR_BATCH));
4041                                 if flags.clone().clear(AwaitingChannelReadyFlags::WAITING_FOR_BATCH) == AwaitingChannelReadyFlags::THEIR_CHANNEL_READY {
4042                                         // If we reconnected before sending our `channel_ready` they may still resend theirs.
4043                                         check_reconnection = true;
4044                                 } else if flags.clone().clear(AwaitingChannelReadyFlags::WAITING_FOR_BATCH).is_empty() {
4045                                         self.context.channel_state.set_their_channel_ready();
4046                                 } else if flags == AwaitingChannelReadyFlags::OUR_CHANNEL_READY {
4047                                         self.context.channel_state = ChannelState::ChannelReady(self.context.channel_state.with_funded_state_flags_mask().into());
4048                                         self.context.update_time_counter += 1;
4049                                 } else {
4050                                         // We're in `WAITING_FOR_BATCH`, so we should wait until we're ready.
4051                                         debug_assert!(flags.is_set(AwaitingChannelReadyFlags::WAITING_FOR_BATCH));
4052                                 }
4053                         }
4054                         // If we reconnected before sending our `channel_ready` they may still resend theirs.
4055                         ChannelState::ChannelReady(_) => check_reconnection = true,
4056                         _ => return Err(ChannelError::Close("Peer sent a channel_ready at a strange time".to_owned())),
4057                 }
4058                 if check_reconnection {
4059                         // They probably disconnected/reconnected and re-sent the channel_ready, which is
4060                         // required, or they're sending a fresh SCID alias.
4061                         let expected_point =
4062                                 if self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
4063                                         // If they haven't ever sent an updated point, the point they send should match
4064                                         // the current one.
4065                                         self.context.counterparty_cur_commitment_point
4066                                 } else if self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 2 {
4067                                         // If we've advanced the commitment number once, the second commitment point is
4068                                         // at `counterparty_prev_commitment_point`, which is not yet revoked.
4069                                         debug_assert!(self.context.counterparty_prev_commitment_point.is_some());
4070                                         self.context.counterparty_prev_commitment_point
4071                                 } else {
4072                                         // If they have sent updated points, channel_ready is always supposed to match
4073                                         // their "first" point, which we re-derive here.
4074                                         Some(PublicKey::from_secret_key(&self.context.secp_ctx, &SecretKey::from_slice(
4075                                                         &self.context.commitment_secrets.get_secret(INITIAL_COMMITMENT_NUMBER - 1).expect("We should have all prev secrets available")
4076                                                 ).expect("We already advanced, so previous secret keys should have been validated already")))
4077                                 };
4078                         if expected_point != Some(msg.next_per_commitment_point) {
4079                                 return Err(ChannelError::Close("Peer sent a reconnect channel_ready with a different point".to_owned()));
4080                         }
4081                         return Ok(None);
4082                 }
4083
4084                 self.context.counterparty_prev_commitment_point = self.context.counterparty_cur_commitment_point;
4085                 self.context.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
4086
4087                 log_info!(logger, "Received channel_ready from peer for channel {}", &self.context.channel_id());
4088
4089                 Ok(self.get_announcement_sigs(node_signer, chain_hash, user_config, best_block.height(), logger))
4090         }
4091
4092         pub fn update_add_htlc<F, FE: Deref, L: Deref>(
4093                 &mut self, msg: &msgs::UpdateAddHTLC, mut pending_forward_status: PendingHTLCStatus,
4094                 create_pending_htlc_status: F, fee_estimator: &LowerBoundedFeeEstimator<FE>, logger: &L
4095         ) -> Result<(), ChannelError>
4096         where F: for<'a> Fn(&'a Self, PendingHTLCStatus, u16) -> PendingHTLCStatus,
4097                 FE::Target: FeeEstimator, L::Target: Logger,
4098         {
4099                 if !matches!(self.context.channel_state, ChannelState::ChannelReady(_)) {
4100                         return Err(ChannelError::Close("Got add HTLC message when channel was not in an operational state".to_owned()));
4101                 }
4102                 // We can't accept HTLCs sent after we've sent a shutdown.
4103                 if self.context.channel_state.is_local_shutdown_sent() {
4104                         pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x4000|8);
4105                 }
4106                 // If the remote has sent a shutdown prior to adding this HTLC, then they are in violation of the spec.
4107                 if self.context.channel_state.is_remote_shutdown_sent() {
4108                         return Err(ChannelError::Close("Got add HTLC message when channel was not in an operational state".to_owned()));
4109                 }
4110                 if self.context.channel_state.is_peer_disconnected() {
4111                         return Err(ChannelError::Close("Peer sent update_add_htlc when we needed a channel_reestablish".to_owned()));
4112                 }
4113                 if msg.amount_msat > self.context.channel_value_satoshis * 1000 {
4114                         return Err(ChannelError::Close("Remote side tried to send more than the total value of the channel".to_owned()));
4115                 }
4116                 if msg.amount_msat == 0 {
4117                         return Err(ChannelError::Close("Remote side tried to send a 0-msat HTLC".to_owned()));
4118                 }
4119                 if msg.amount_msat < self.context.holder_htlc_minimum_msat {
4120                         return Err(ChannelError::Close(format!("Remote side tried to send less than our minimum HTLC value. Lower limit: ({}). Actual: ({})", self.context.holder_htlc_minimum_msat, msg.amount_msat)));
4121                 }
4122
4123                 let inbound_stats = self.context.get_inbound_pending_htlc_stats(None);
4124                 let outbound_stats = self.context.get_outbound_pending_htlc_stats(None);
4125                 if inbound_stats.pending_htlcs + 1 > self.context.holder_max_accepted_htlcs as u32 {
4126                         return Err(ChannelError::Close(format!("Remote tried to push more than our max accepted HTLCs ({})", self.context.holder_max_accepted_htlcs)));
4127                 }
4128                 if inbound_stats.pending_htlcs_value_msat + msg.amount_msat > self.context.holder_max_htlc_value_in_flight_msat {
4129                         return Err(ChannelError::Close(format!("Remote HTLC add would put them over our max HTLC value ({})", self.context.holder_max_htlc_value_in_flight_msat)));
4130                 }
4131
4132                 // Check holder_selected_channel_reserve_satoshis (we're getting paid, so they have to at least meet
4133                 // the reserve_satoshis we told them to always have as direct payment so that they lose
4134                 // something if we punish them for broadcasting an old state).
4135                 // Note that we don't really care about having a small/no to_remote output in our local
4136                 // commitment transactions, as the purpose of the channel reserve is to ensure we can
4137                 // punish *them* if they misbehave, so we discount any outbound HTLCs which will not be
4138                 // present in the next commitment transaction we send them (at least for fulfilled ones,
4139                 // failed ones won't modify value_to_self).
4140                 // Note that we will send HTLCs which another instance of rust-lightning would think
4141                 // violate the reserve value if we do not do this (as we forget inbound HTLCs from the
4142                 // Channel state once they will not be present in the next received commitment
4143                 // transaction).
4144                 let mut removed_outbound_total_msat = 0;
4145                 for ref htlc in self.context.pending_outbound_htlcs.iter() {
4146                         if let OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(_)) = htlc.state {
4147                                 removed_outbound_total_msat += htlc.amount_msat;
4148                         } else if let OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(_)) = htlc.state {
4149                                 removed_outbound_total_msat += htlc.amount_msat;
4150                         }
4151                 }
4152
4153                 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
4154                 let (htlc_timeout_dust_limit, htlc_success_dust_limit) = if self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
4155                         (0, 0)
4156                 } else {
4157                         let dust_buffer_feerate = self.context.get_dust_buffer_feerate(None) as u64;
4158                         (dust_buffer_feerate * htlc_timeout_tx_weight(self.context.get_channel_type()) / 1000,
4159                                 dust_buffer_feerate * htlc_success_tx_weight(self.context.get_channel_type()) / 1000)
4160                 };
4161                 let exposure_dust_limit_timeout_sats = htlc_timeout_dust_limit + self.context.counterparty_dust_limit_satoshis;
4162                 if msg.amount_msat / 1000 < exposure_dust_limit_timeout_sats {
4163                         let on_counterparty_tx_dust_htlc_exposure_msat = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat + msg.amount_msat;
4164                         if on_counterparty_tx_dust_htlc_exposure_msat > max_dust_htlc_exposure_msat {
4165                                 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on counterparty commitment tx",
4166                                         on_counterparty_tx_dust_htlc_exposure_msat, max_dust_htlc_exposure_msat);
4167                                 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
4168                         }
4169                 }
4170
4171                 let exposure_dust_limit_success_sats = htlc_success_dust_limit + self.context.holder_dust_limit_satoshis;
4172                 if msg.amount_msat / 1000 < exposure_dust_limit_success_sats {
4173                         let on_holder_tx_dust_htlc_exposure_msat = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat + msg.amount_msat;
4174                         if on_holder_tx_dust_htlc_exposure_msat > max_dust_htlc_exposure_msat {
4175                                 log_info!(logger, "Cannot accept value that would put our exposure to dust HTLCs at {} over the limit {} on holder commitment tx",
4176                                         on_holder_tx_dust_htlc_exposure_msat, max_dust_htlc_exposure_msat);
4177                                 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
4178                         }
4179                 }
4180
4181                 let pending_value_to_self_msat =
4182                         self.context.value_to_self_msat + inbound_stats.pending_htlcs_value_msat - removed_outbound_total_msat;
4183                 let pending_remote_value_msat =
4184                         self.context.channel_value_satoshis * 1000 - pending_value_to_self_msat;
4185                 if pending_remote_value_msat < msg.amount_msat {
4186                         return Err(ChannelError::Close("Remote HTLC add would overdraw remaining funds".to_owned()));
4187                 }
4188
4189                 // Check that the remote can afford to pay for this HTLC on-chain at the current
4190                 // feerate_per_kw, while maintaining their channel reserve (as required by the spec).
4191                 {
4192                         let remote_commit_tx_fee_msat = if self.context.is_outbound() { 0 } else {
4193                                 let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
4194                                 self.context.next_remote_commit_tx_fee_msat(htlc_candidate, None) // Don't include the extra fee spike buffer HTLC in calculations
4195                         };
4196                         let anchor_outputs_value_msat = if !self.context.is_outbound() && self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
4197                                 ANCHOR_OUTPUT_VALUE_SATOSHI * 2 * 1000
4198                         } else {
4199                                 0
4200                         };
4201                         if pending_remote_value_msat.saturating_sub(msg.amount_msat).saturating_sub(anchor_outputs_value_msat) < remote_commit_tx_fee_msat {
4202                                 return Err(ChannelError::Close("Remote HTLC add would not leave enough to pay for fees".to_owned()));
4203                         };
4204                         if pending_remote_value_msat.saturating_sub(msg.amount_msat).saturating_sub(remote_commit_tx_fee_msat).saturating_sub(anchor_outputs_value_msat) < self.context.holder_selected_channel_reserve_satoshis * 1000 {
4205                                 return Err(ChannelError::Close("Remote HTLC add would put them under remote reserve value".to_owned()));
4206                         }
4207                 }
4208
4209                 let anchor_outputs_value_msat = if self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
4210                         ANCHOR_OUTPUT_VALUE_SATOSHI * 2 * 1000
4211                 } else {
4212                         0
4213                 };
4214                 if !self.context.is_outbound() {
4215                         // `Some(())` is for the fee spike buffer we keep for the remote. This deviates from
4216                         // the spec because the fee spike buffer requirement doesn't exist on the receiver's
4217                         // side, only on the sender's. Note that with anchor outputs we are no longer as
4218                         // sensitive to fee spikes, so we need to account for them.
4219                         let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
4220                         let mut remote_fee_cost_incl_stuck_buffer_msat = self.context.next_remote_commit_tx_fee_msat(htlc_candidate, Some(()));
4221                         if !self.context.get_channel_type().supports_anchors_zero_fee_htlc_tx() {
4222                                 remote_fee_cost_incl_stuck_buffer_msat *= FEE_SPIKE_BUFFER_FEE_INCREASE_MULTIPLE;
4223                         }
4224                         if pending_remote_value_msat.saturating_sub(msg.amount_msat).saturating_sub(self.context.holder_selected_channel_reserve_satoshis * 1000).saturating_sub(anchor_outputs_value_msat) < remote_fee_cost_incl_stuck_buffer_msat {
4225                                 // Note that if the pending_forward_status is not updated here, then it's because we're already failing
4226                                 // the HTLC, i.e. its status is already set to failing.
4227                                 log_info!(logger, "Attempting to fail HTLC due to fee spike buffer violation in channel {}. Rebalancing is required.", &self.context.channel_id());
4228                                 pending_forward_status = create_pending_htlc_status(self, pending_forward_status, 0x1000|7);
4229                         }
4230                 } else {
4231                         // Check that they won't violate our local required channel reserve by adding this HTLC.
4232                         let htlc_candidate = HTLCCandidate::new(msg.amount_msat, HTLCInitiator::RemoteOffered);
4233                         let local_commit_tx_fee_msat = self.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
4234                         if self.context.value_to_self_msat < self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 + local_commit_tx_fee_msat + anchor_outputs_value_msat {
4235                                 return Err(ChannelError::Close("Cannot accept HTLC that would put our balance under counterparty-announced channel reserve value".to_owned()));
4236                         }
4237                 }
4238                 if self.context.next_counterparty_htlc_id != msg.htlc_id {
4239                         return Err(ChannelError::Close(format!("Remote skipped HTLC ID (skipped ID: {})", self.context.next_counterparty_htlc_id)));
4240                 }
4241                 if msg.cltv_expiry >= 500000000 {
4242                         return Err(ChannelError::Close("Remote provided CLTV expiry in seconds instead of block height".to_owned()));
4243                 }
4244
4245                 if self.context.channel_state.is_local_shutdown_sent() {
4246                         if let PendingHTLCStatus::Forward(_) = pending_forward_status {
4247                                 panic!("ChannelManager shouldn't be trying to add a forwardable HTLC after we've started closing");
4248                         }
4249                 }
4250
4251                 // Now update local state:
4252                 self.context.next_counterparty_htlc_id += 1;
4253                 self.context.pending_inbound_htlcs.push(InboundHTLCOutput {
4254                         htlc_id: msg.htlc_id,
4255                         amount_msat: msg.amount_msat,
4256                         payment_hash: msg.payment_hash,
4257                         cltv_expiry: msg.cltv_expiry,
4258                         state: InboundHTLCState::RemoteAnnounced(pending_forward_status),
4259                 });
4260                 Ok(())
4261         }
4262
4263         /// Marks an outbound HTLC which we have received update_fail/fulfill/malformed
4264         #[inline]
4265         fn mark_outbound_htlc_removed(&mut self, htlc_id: u64, check_preimage: Option<PaymentPreimage>, fail_reason: Option<HTLCFailReason>) -> Result<&OutboundHTLCOutput, ChannelError> {
4266                 assert!(!(check_preimage.is_some() && fail_reason.is_some()), "cannot fail while we have a preimage");
4267                 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
4268                         if htlc.htlc_id == htlc_id {
4269                                 let outcome = match check_preimage {
4270                                         None => fail_reason.into(),
4271                                         Some(payment_preimage) => {
4272                                                 let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0[..]).to_byte_array());
4273                                                 if payment_hash != htlc.payment_hash {
4274                                                         return Err(ChannelError::Close(format!("Remote tried to fulfill HTLC ({}) with an incorrect preimage", htlc_id)));
4275                                                 }
4276                                                 OutboundHTLCOutcome::Success(Some(payment_preimage))
4277                                         }
4278                                 };
4279                                 match htlc.state {
4280                                         OutboundHTLCState::LocalAnnounced(_) =>
4281                                                 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) before it had been committed", htlc_id))),
4282                                         OutboundHTLCState::Committed => {
4283                                                 htlc.state = OutboundHTLCState::RemoteRemoved(outcome);
4284                                         },
4285                                         OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) | OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) | OutboundHTLCState::RemoteRemoved(_) =>
4286                                                 return Err(ChannelError::Close(format!("Remote tried to fulfill/fail HTLC ({}) that they'd already fulfilled/failed", htlc_id))),
4287                                 }
4288                                 return Ok(htlc);
4289                         }
4290                 }
4291                 Err(ChannelError::Close("Remote tried to fulfill/fail an HTLC we couldn't find".to_owned()))
4292         }
4293
4294         pub fn update_fulfill_htlc(&mut self, msg: &msgs::UpdateFulfillHTLC) -> Result<(HTLCSource, u64, Option<u64>), ChannelError> {
4295                 if !matches!(self.context.channel_state, ChannelState::ChannelReady(_)) {
4296                         return Err(ChannelError::Close("Got fulfill HTLC message when channel was not in an operational state".to_owned()));
4297                 }
4298                 if self.context.channel_state.is_peer_disconnected() {
4299                         return Err(ChannelError::Close("Peer sent update_fulfill_htlc when we needed a channel_reestablish".to_owned()));
4300                 }
4301
4302                 self.mark_outbound_htlc_removed(msg.htlc_id, Some(msg.payment_preimage), None).map(|htlc| (htlc.source.clone(), htlc.amount_msat, htlc.skimmed_fee_msat))
4303         }
4304
4305         pub fn update_fail_htlc(&mut self, msg: &msgs::UpdateFailHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
4306                 if !matches!(self.context.channel_state, ChannelState::ChannelReady(_)) {
4307                         return Err(ChannelError::Close("Got fail HTLC message when channel was not in an operational state".to_owned()));
4308                 }
4309                 if self.context.channel_state.is_peer_disconnected() {
4310                         return Err(ChannelError::Close("Peer sent update_fail_htlc when we needed a channel_reestablish".to_owned()));
4311                 }
4312
4313                 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
4314                 Ok(())
4315         }
4316
4317         pub fn update_fail_malformed_htlc(&mut self, msg: &msgs::UpdateFailMalformedHTLC, fail_reason: HTLCFailReason) -> Result<(), ChannelError> {
4318                 if !matches!(self.context.channel_state, ChannelState::ChannelReady(_)) {
4319                         return Err(ChannelError::Close("Got fail malformed HTLC message when channel was not in an operational state".to_owned()));
4320                 }
4321                 if self.context.channel_state.is_peer_disconnected() {
4322                         return Err(ChannelError::Close("Peer sent update_fail_malformed_htlc when we needed a channel_reestablish".to_owned()));
4323                 }
4324
4325                 self.mark_outbound_htlc_removed(msg.htlc_id, None, Some(fail_reason))?;
4326                 Ok(())
4327         }
4328
4329         pub fn commitment_signed<L: Deref>(&mut self, msg: &msgs::CommitmentSigned, logger: &L) -> Result<Option<ChannelMonitorUpdate>, ChannelError>
4330                 where L::Target: Logger
4331         {
4332                 if !matches!(self.context.channel_state, ChannelState::ChannelReady(_)) {
4333                         return Err(ChannelError::Close("Got commitment signed message when channel was not in an operational state".to_owned()));
4334                 }
4335                 if self.context.channel_state.is_peer_disconnected() {
4336                         return Err(ChannelError::Close("Peer sent commitment_signed when we needed a channel_reestablish".to_owned()));
4337                 }
4338                 if self.context.channel_state.is_both_sides_shutdown() && self.context.last_sent_closing_fee.is_some() {
4339                         return Err(ChannelError::Close("Peer sent commitment_signed after we'd started exchanging closing_signeds".to_owned()));
4340                 }
4341
4342                 let funding_script = self.context.get_funding_redeemscript();
4343
4344                 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
4345
4346                 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, false, logger);
4347                 let commitment_txid = {
4348                         let trusted_tx = commitment_stats.tx.trust();
4349                         let bitcoin_tx = trusted_tx.built_transaction();
4350                         let sighash = bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
4351
4352                         log_trace!(logger, "Checking commitment tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}",
4353                                 log_bytes!(msg.signature.serialize_compact()[..]),
4354                                 log_bytes!(self.context.counterparty_funding_pubkey().serialize()), encode::serialize_hex(&bitcoin_tx.transaction),
4355                                 log_bytes!(sighash[..]), encode::serialize_hex(&funding_script), &self.context.channel_id());
4356                         if let Err(_) = self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.counterparty_funding_pubkey()) {
4357                                 return Err(ChannelError::Close("Invalid commitment tx signature from peer".to_owned()));
4358                         }
4359                         bitcoin_tx.txid
4360                 };
4361                 let mut htlcs_cloned: Vec<_> = commitment_stats.htlcs_included.iter().map(|htlc| (htlc.0.clone(), htlc.1.map(|h| h.clone()))).collect();
4362
4363                 // If our counterparty updated the channel fee in this commitment transaction, check that
4364                 // they can actually afford the new fee now.
4365                 let update_fee = if let Some((_, update_state)) = self.context.pending_update_fee {
4366                         update_state == FeeUpdateState::RemoteAnnounced
4367                 } else { false };
4368                 if update_fee {
4369                         debug_assert!(!self.context.is_outbound());
4370                         let counterparty_reserve_we_require_msat = self.context.holder_selected_channel_reserve_satoshis * 1000;
4371                         if commitment_stats.remote_balance_msat < commitment_stats.total_fee_sat * 1000 + counterparty_reserve_we_require_msat {
4372                                 return Err(ChannelError::Close("Funding remote cannot afford proposed new fee".to_owned()));
4373                         }
4374                 }
4375                 #[cfg(any(test, fuzzing))]
4376                 {
4377                         if self.context.is_outbound() {
4378                                 let projected_commit_tx_info = self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap().take();
4379                                 *self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
4380                                 if let Some(info) = projected_commit_tx_info {
4381                                         let total_pending_htlcs = self.context.pending_inbound_htlcs.len() + self.context.pending_outbound_htlcs.len()
4382                                                 + self.context.holding_cell_htlc_updates.len();
4383                                         if info.total_pending_htlcs == total_pending_htlcs
4384                                                 && info.next_holder_htlc_id == self.context.next_holder_htlc_id
4385                                                 && info.next_counterparty_htlc_id == self.context.next_counterparty_htlc_id
4386                                                 && info.feerate == self.context.feerate_per_kw {
4387                                                         assert_eq!(commitment_stats.total_fee_sat, info.fee / 1000);
4388                                                 }
4389                                 }
4390                         }
4391                 }
4392
4393                 if msg.htlc_signatures.len() != commitment_stats.num_nondust_htlcs {
4394                         return Err(ChannelError::Close(format!("Got wrong number of HTLC signatures ({}) from remote. It must be {}", msg.htlc_signatures.len(), commitment_stats.num_nondust_htlcs)));
4395                 }
4396
4397                 // Up to LDK 0.0.115, HTLC information was required to be duplicated in the
4398                 // `htlcs_and_sigs` vec and in the `holder_commitment_tx` itself, both of which were passed
4399                 // in the `ChannelMonitorUpdate`. In 0.0.115, support for having a separate set of
4400                 // outbound-non-dust-HTLCSources in the `ChannelMonitorUpdate` was added, however for
4401                 // backwards compatibility, we never use it in production. To provide test coverage, here,
4402                 // we randomly decide (in test/fuzzing builds) to use the new vec sometimes.
4403                 #[allow(unused_assignments, unused_mut)]
4404                 let mut separate_nondust_htlc_sources = false;
4405                 #[cfg(all(feature = "std", any(test, fuzzing)))] {
4406                         use core::hash::{BuildHasher, Hasher};
4407                         // Get a random value using the only std API to do so - the DefaultHasher
4408                         let rand_val = std::collections::hash_map::RandomState::new().build_hasher().finish();
4409                         separate_nondust_htlc_sources = rand_val % 2 == 0;
4410                 }
4411
4412                 let mut nondust_htlc_sources = Vec::with_capacity(htlcs_cloned.len());
4413                 let mut htlcs_and_sigs = Vec::with_capacity(htlcs_cloned.len());
4414                 for (idx, (htlc, mut source_opt)) in htlcs_cloned.drain(..).enumerate() {
4415                         if let Some(_) = htlc.transaction_output_index {
4416                                 let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, commitment_stats.feerate_per_kw,
4417                                         self.context.get_counterparty_selected_contest_delay().unwrap(), &htlc, &self.context.channel_type,
4418                                         &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
4419
4420                                 let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, &self.context.channel_type, &keys);
4421                                 let htlc_sighashtype = if self.context.channel_type.supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
4422                                 let htlc_sighash = hash_to_message!(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]);
4423                                 log_trace!(logger, "Checking HTLC tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} in channel {}.",
4424                                         log_bytes!(msg.htlc_signatures[idx].serialize_compact()[..]), log_bytes!(keys.countersignatory_htlc_key.to_public_key().serialize()),
4425                                         encode::serialize_hex(&htlc_tx), log_bytes!(htlc_sighash[..]), encode::serialize_hex(&htlc_redeemscript), &self.context.channel_id());
4426                                 if let Err(_) = self.context.secp_ctx.verify_ecdsa(&htlc_sighash, &msg.htlc_signatures[idx], &keys.countersignatory_htlc_key.to_public_key()) {
4427                                         return Err(ChannelError::Close("Invalid HTLC tx signature from peer".to_owned()));
4428                                 }
4429                                 if !separate_nondust_htlc_sources {
4430                                         htlcs_and_sigs.push((htlc, Some(msg.htlc_signatures[idx]), source_opt.take()));
4431                                 }
4432                         } else {
4433                                 htlcs_and_sigs.push((htlc, None, source_opt.take()));
4434                         }
4435                         if separate_nondust_htlc_sources {
4436                                 if let Some(source) = source_opt.take() {
4437                                         nondust_htlc_sources.push(source);
4438                                 }
4439                         }
4440                         debug_assert!(source_opt.is_none(), "HTLCSource should have been put somewhere");
4441                 }
4442
4443                 let holder_commitment_tx = HolderCommitmentTransaction::new(
4444                         commitment_stats.tx,
4445                         msg.signature,
4446                         msg.htlc_signatures.clone(),
4447                         &self.context.get_holder_pubkeys().funding_pubkey,
4448                         self.context.counterparty_funding_pubkey()
4449                 );
4450
4451                 self.context.holder_signer.as_ref().validate_holder_commitment(&holder_commitment_tx, commitment_stats.outbound_htlc_preimages)
4452                         .map_err(|_| ChannelError::Close("Failed to validate our commitment".to_owned()))?;
4453
4454                 // Update state now that we've passed all the can-fail calls...
4455                 let mut need_commitment = false;
4456                 if let &mut Some((_, ref mut update_state)) = &mut self.context.pending_update_fee {
4457                         if *update_state == FeeUpdateState::RemoteAnnounced {
4458                                 *update_state = FeeUpdateState::AwaitingRemoteRevokeToAnnounce;
4459                                 need_commitment = true;
4460                         }
4461                 }
4462
4463                 for htlc in self.context.pending_inbound_htlcs.iter_mut() {
4464                         let new_forward = if let &InboundHTLCState::RemoteAnnounced(ref forward_info) = &htlc.state {
4465                                 Some(forward_info.clone())
4466                         } else { None };
4467                         if let Some(forward_info) = new_forward {
4468                                 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToAnnounce due to commitment_signed in channel {}.",
4469                                         &htlc.payment_hash, &self.context.channel_id);
4470                                 htlc.state = InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info);
4471                                 need_commitment = true;
4472                         }
4473                 }
4474                 let mut claimed_htlcs = Vec::new();
4475                 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
4476                         if let &mut OutboundHTLCState::RemoteRemoved(ref mut outcome) = &mut htlc.state {
4477                                 log_trace!(logger, "Updating HTLC {} to AwaitingRemoteRevokeToRemove due to commitment_signed in channel {}.",
4478                                         &htlc.payment_hash, &self.context.channel_id);
4479                                 // Grab the preimage, if it exists, instead of cloning
4480                                 let mut reason = OutboundHTLCOutcome::Success(None);
4481                                 mem::swap(outcome, &mut reason);
4482                                 if let OutboundHTLCOutcome::Success(Some(preimage)) = reason {
4483                                         // If a user (a) receives an HTLC claim using LDK 0.0.104 or before, then (b)
4484                                         // upgrades to LDK 0.0.114 or later before the HTLC is fully resolved, we could
4485                                         // have a `Success(None)` reason. In this case we could forget some HTLC
4486                                         // claims, but such an upgrade is unlikely and including claimed HTLCs here
4487                                         // fixes a bug which the user was exposed to on 0.0.104 when they started the
4488                                         // claim anyway.
4489                                         claimed_htlcs.push((SentHTLCId::from_source(&htlc.source), preimage));
4490                                 }
4491                                 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(reason);
4492                                 need_commitment = true;
4493                         }
4494                 }
4495
4496                 self.context.latest_monitor_update_id += 1;
4497                 let mut monitor_update = ChannelMonitorUpdate {
4498                         update_id: self.context.latest_monitor_update_id,
4499                         counterparty_node_id: Some(self.context.counterparty_node_id),
4500                         updates: vec![ChannelMonitorUpdateStep::LatestHolderCommitmentTXInfo {
4501                                 commitment_tx: holder_commitment_tx,
4502                                 htlc_outputs: htlcs_and_sigs,
4503                                 claimed_htlcs,
4504                                 nondust_htlc_sources,
4505                         }],
4506                         channel_id: Some(self.context.channel_id()),
4507                 };
4508
4509                 self.context.cur_holder_commitment_transaction_number -= 1;
4510                 self.context.expecting_peer_commitment_signed = false;
4511                 // Note that if we need_commitment & !AwaitingRemoteRevoke we'll call
4512                 // build_commitment_no_status_check() next which will reset this to RAAFirst.
4513                 self.context.resend_order = RAACommitmentOrder::CommitmentFirst;
4514
4515                 if self.context.channel_state.is_monitor_update_in_progress() {
4516                         // In case we initially failed monitor updating without requiring a response, we need
4517                         // to make sure the RAA gets sent first.
4518                         self.context.monitor_pending_revoke_and_ack = true;
4519                         if need_commitment && !self.context.channel_state.is_awaiting_remote_revoke() {
4520                                 // If we were going to send a commitment_signed after the RAA, go ahead and do all
4521                                 // the corresponding HTLC status updates so that
4522                                 // get_last_commitment_update_for_send includes the right HTLCs.
4523                                 self.context.monitor_pending_commitment_signed = true;
4524                                 let mut additional_update = self.build_commitment_no_status_check(logger);
4525                                 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
4526                                 // strictly increasing by one, so decrement it here.
4527                                 self.context.latest_monitor_update_id = monitor_update.update_id;
4528                                 monitor_update.updates.append(&mut additional_update.updates);
4529                         }
4530                         log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updated HTLC state but awaiting a monitor update resolution to reply.",
4531                                 &self.context.channel_id);
4532                         return Ok(self.push_ret_blockable_mon_update(monitor_update));
4533                 }
4534
4535                 let need_commitment_signed = if need_commitment && !self.context.channel_state.is_awaiting_remote_revoke() {
4536                         // If we're AwaitingRemoteRevoke we can't send a new commitment here, but that's ok -
4537                         // we'll send one right away when we get the revoke_and_ack when we
4538                         // free_holding_cell_htlcs().
4539                         let mut additional_update = self.build_commitment_no_status_check(logger);
4540                         // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
4541                         // strictly increasing by one, so decrement it here.
4542                         self.context.latest_monitor_update_id = monitor_update.update_id;
4543                         monitor_update.updates.append(&mut additional_update.updates);
4544                         true
4545                 } else { false };
4546
4547                 log_debug!(logger, "Received valid commitment_signed from peer in channel {}, updating HTLC state and responding with{} a revoke_and_ack.",
4548                         &self.context.channel_id(), if need_commitment_signed { " our own commitment_signed and" } else { "" });
4549                 self.monitor_updating_paused(true, need_commitment_signed, false, Vec::new(), Vec::new(), Vec::new());
4550                 return Ok(self.push_ret_blockable_mon_update(monitor_update));
4551         }
4552
4553         /// Public version of the below, checking relevant preconditions first.
4554         /// If we're not in a state where freeing the holding cell makes sense, this is a no-op and
4555         /// returns `(None, Vec::new())`.
4556         pub fn maybe_free_holding_cell_htlcs<F: Deref, L: Deref>(
4557                 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
4558         ) -> (Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>)
4559         where F::Target: FeeEstimator, L::Target: Logger
4560         {
4561                 if matches!(self.context.channel_state, ChannelState::ChannelReady(_)) && self.context.channel_state.can_generate_new_commitment() {
4562                         self.free_holding_cell_htlcs(fee_estimator, logger)
4563                 } else { (None, Vec::new()) }
4564         }
4565
4566         /// Frees any pending commitment updates in the holding cell, generating the relevant messages
4567         /// for our counterparty.
4568         fn free_holding_cell_htlcs<F: Deref, L: Deref>(
4569                 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
4570         ) -> (Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>)
4571         where F::Target: FeeEstimator, L::Target: Logger
4572         {
4573                 assert!(!self.context.channel_state.is_monitor_update_in_progress());
4574                 if self.context.holding_cell_htlc_updates.len() != 0 || self.context.holding_cell_update_fee.is_some() {
4575                         log_trace!(logger, "Freeing holding cell with {} HTLC updates{} in channel {}", self.context.holding_cell_htlc_updates.len(),
4576                                 if self.context.holding_cell_update_fee.is_some() { " and a fee update" } else { "" }, &self.context.channel_id());
4577
4578                         let mut monitor_update = ChannelMonitorUpdate {
4579                                 update_id: self.context.latest_monitor_update_id + 1, // We don't increment this yet!
4580                                 counterparty_node_id: Some(self.context.counterparty_node_id),
4581                                 updates: Vec::new(),
4582                                 channel_id: Some(self.context.channel_id()),
4583                         };
4584
4585                         let mut htlc_updates = Vec::new();
4586                         mem::swap(&mut htlc_updates, &mut self.context.holding_cell_htlc_updates);
4587                         let mut update_add_count = 0;
4588                         let mut update_fulfill_count = 0;
4589                         let mut update_fail_count = 0;
4590                         let mut htlcs_to_fail = Vec::new();
4591                         for htlc_update in htlc_updates.drain(..) {
4592                                 // Note that this *can* fail, though it should be due to rather-rare conditions on
4593                                 // fee races with adding too many outputs which push our total payments just over
4594                                 // the limit. In case it's less rare than I anticipate, we may want to revisit
4595                                 // handling this case better and maybe fulfilling some of the HTLCs while attempting
4596                                 // to rebalance channels.
4597                                 let fail_htlc_res = match &htlc_update {
4598                                         &HTLCUpdateAwaitingACK::AddHTLC {
4599                                                 amount_msat, cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet,
4600                                                 skimmed_fee_msat, blinding_point, ..
4601                                         } => {
4602                                                 match self.send_htlc(
4603                                                         amount_msat, *payment_hash, cltv_expiry, source.clone(), onion_routing_packet.clone(),
4604                                                         false, skimmed_fee_msat, blinding_point, fee_estimator, logger
4605                                                 ) {
4606                                                         Ok(_) => update_add_count += 1,
4607                                                         Err(e) => {
4608                                                                 match e {
4609                                                                         ChannelError::Ignore(ref msg) => {
4610                                                                                 log_info!(logger, "Failed to send HTLC with payment_hash {} due to {} in channel {}", &payment_hash, msg, &self.context.channel_id());
4611                                                                                 // If we fail to send here, then this HTLC should
4612                                                                                 // be failed backwards. Failing to send here
4613                                                                                 // indicates that this HTLC may keep being put back
4614                                                                                 // into the holding cell without ever being
4615                                                                                 // successfully forwarded/failed/fulfilled, causing
4616                                                                                 // our counterparty to eventually close on us.
4617                                                                                 htlcs_to_fail.push((source.clone(), *payment_hash));
4618                                                                         },
4619                                                                         _ => {
4620                                                                                 panic!("Got a non-IgnoreError action trying to send holding cell HTLC");
4621                                                                         },
4622                                                                 }
4623                                                         }
4624                                                 }
4625                                                 None
4626                                         },
4627                                         &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, htlc_id, .. } => {
4628                                                 // If an HTLC claim was previously added to the holding cell (via
4629                                                 // `get_update_fulfill_htlc`, then generating the claim message itself must
4630                                                 // not fail - any in between attempts to claim the HTLC will have resulted
4631                                                 // in it hitting the holding cell again and we cannot change the state of a
4632                                                 // holding cell HTLC from fulfill to anything else.
4633                                                 let mut additional_monitor_update =
4634                                                         if let UpdateFulfillFetch::NewClaim { monitor_update, .. } =
4635                                                                 self.get_update_fulfill_htlc(htlc_id, *payment_preimage, logger)
4636                                                         { monitor_update } else { unreachable!() };
4637                                                 update_fulfill_count += 1;
4638                                                 monitor_update.updates.append(&mut additional_monitor_update.updates);
4639                                                 None
4640                                         },
4641                                         &HTLCUpdateAwaitingACK::FailHTLC { htlc_id, ref err_packet } => {
4642                                                 Some(self.fail_htlc(htlc_id, err_packet.clone(), false, logger)
4643                                                  .map(|fail_msg_opt| fail_msg_opt.map(|_| ())))
4644                                         },
4645                                         &HTLCUpdateAwaitingACK::FailMalformedHTLC { htlc_id, failure_code, sha256_of_onion } => {
4646                                                 Some(self.fail_htlc(htlc_id, (sha256_of_onion, failure_code), false, logger)
4647                                                  .map(|fail_msg_opt| fail_msg_opt.map(|_| ())))
4648                                         }
4649                                 };
4650                                 if let Some(res) = fail_htlc_res {
4651                                         match res {
4652                                                 Ok(fail_msg_opt) => {
4653                                                         // If an HTLC failure was previously added to the holding cell (via
4654                                                         // `queue_fail_{malformed_}htlc`) then generating the fail message itself must
4655                                                         // not fail - we should never end up in a state where we double-fail
4656                                                         // an HTLC or fail-then-claim an HTLC as it indicates we didn't wait
4657                                                         // for a full revocation before failing.
4658                                                         debug_assert!(fail_msg_opt.is_some());
4659                                                         update_fail_count += 1;
4660                                                 },
4661                                                 Err(ChannelError::Ignore(_)) => {},
4662                                                 Err(_) => {
4663                                                         panic!("Got a non-IgnoreError action trying to fail holding cell HTLC");
4664                                                 },
4665                                         }
4666                                 }
4667                         }
4668                         if update_add_count == 0 && update_fulfill_count == 0 && update_fail_count == 0 && self.context.holding_cell_update_fee.is_none() {
4669                                 return (None, htlcs_to_fail);
4670                         }
4671                         let update_fee = if let Some(feerate) = self.context.holding_cell_update_fee.take() {
4672                                 self.send_update_fee(feerate, false, fee_estimator, logger)
4673                         } else {
4674                                 None
4675                         };
4676
4677                         let mut additional_update = self.build_commitment_no_status_check(logger);
4678                         // build_commitment_no_status_check and get_update_fulfill_htlc may bump latest_monitor_id
4679                         // but we want them to be strictly increasing by one, so reset it here.
4680                         self.context.latest_monitor_update_id = monitor_update.update_id;
4681                         monitor_update.updates.append(&mut additional_update.updates);
4682
4683                         log_debug!(logger, "Freeing holding cell in channel {} resulted in {}{} HTLCs added, {} HTLCs fulfilled, and {} HTLCs failed.",
4684                                 &self.context.channel_id(), if update_fee.is_some() { "a fee update, " } else { "" },
4685                                 update_add_count, update_fulfill_count, update_fail_count);
4686
4687                         self.monitor_updating_paused(false, true, false, Vec::new(), Vec::new(), Vec::new());
4688                         (self.push_ret_blockable_mon_update(monitor_update), htlcs_to_fail)
4689                 } else {
4690                         (None, Vec::new())
4691                 }
4692         }
4693
4694         /// Handles receiving a remote's revoke_and_ack. Note that we may return a new
4695         /// commitment_signed message here in case we had pending outbound HTLCs to add which were
4696         /// waiting on this revoke_and_ack. The generation of this new commitment_signed may also fail,
4697         /// generating an appropriate error *after* the channel state has been updated based on the
4698         /// revoke_and_ack message.
4699         pub fn revoke_and_ack<F: Deref, L: Deref>(&mut self, msg: &msgs::RevokeAndACK,
4700                 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L, hold_mon_update: bool,
4701         ) -> Result<(Vec<(HTLCSource, PaymentHash)>, Option<ChannelMonitorUpdate>), ChannelError>
4702         where F::Target: FeeEstimator, L::Target: Logger,
4703         {
4704                 if !matches!(self.context.channel_state, ChannelState::ChannelReady(_)) {
4705                         return Err(ChannelError::Close("Got revoke/ACK message when channel was not in an operational state".to_owned()));
4706                 }
4707                 if self.context.channel_state.is_peer_disconnected() {
4708                         return Err(ChannelError::Close("Peer sent revoke_and_ack when we needed a channel_reestablish".to_owned()));
4709                 }
4710                 if self.context.channel_state.is_both_sides_shutdown() && self.context.last_sent_closing_fee.is_some() {
4711                         return Err(ChannelError::Close("Peer sent revoke_and_ack after we'd started exchanging closing_signeds".to_owned()));
4712                 }
4713
4714                 let secret = secp_check!(SecretKey::from_slice(&msg.per_commitment_secret), "Peer provided an invalid per_commitment_secret".to_owned());
4715
4716                 if let Some(counterparty_prev_commitment_point) = self.context.counterparty_prev_commitment_point {
4717                         if PublicKey::from_secret_key(&self.context.secp_ctx, &secret) != counterparty_prev_commitment_point {
4718                                 return Err(ChannelError::Close("Got a revoke commitment secret which didn't correspond to their current pubkey".to_owned()));
4719                         }
4720                 }
4721
4722                 if !self.context.channel_state.is_awaiting_remote_revoke() {
4723                         // Our counterparty seems to have burned their coins to us (by revoking a state when we
4724                         // haven't given them a new commitment transaction to broadcast). We should probably
4725                         // take advantage of this by updating our channel monitor, sending them an error, and
4726                         // waiting for them to broadcast their latest (now-revoked claim). But, that would be a
4727                         // lot of work, and there's some chance this is all a misunderstanding anyway.
4728                         // We have to do *something*, though, since our signer may get mad at us for otherwise
4729                         // jumping a remote commitment number, so best to just force-close and move on.
4730                         return Err(ChannelError::Close("Received an unexpected revoke_and_ack".to_owned()));
4731                 }
4732
4733                 #[cfg(any(test, fuzzing))]
4734                 {
4735                         *self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
4736                         *self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap() = None;
4737                 }
4738
4739                 match &self.context.holder_signer {
4740                         ChannelSignerType::Ecdsa(ecdsa) => {
4741                                 ecdsa.validate_counterparty_revocation(
4742                                         self.context.cur_counterparty_commitment_transaction_number + 1,
4743                                         &secret
4744                                 ).map_err(|_| ChannelError::Close("Failed to validate revocation from peer".to_owned()))?;
4745                         },
4746                         // TODO (taproot|arik)
4747                         #[cfg(taproot)]
4748                         _ => todo!()
4749                 };
4750
4751                 self.context.commitment_secrets.provide_secret(self.context.cur_counterparty_commitment_transaction_number + 1, msg.per_commitment_secret)
4752                         .map_err(|_| ChannelError::Close("Previous secrets did not match new one".to_owned()))?;
4753                 self.context.latest_monitor_update_id += 1;
4754                 let mut monitor_update = ChannelMonitorUpdate {
4755                         update_id: self.context.latest_monitor_update_id,
4756                         counterparty_node_id: Some(self.context.counterparty_node_id),
4757                         updates: vec![ChannelMonitorUpdateStep::CommitmentSecret {
4758                                 idx: self.context.cur_counterparty_commitment_transaction_number + 1,
4759                                 secret: msg.per_commitment_secret,
4760                         }],
4761                         channel_id: Some(self.context.channel_id()),
4762                 };
4763
4764                 // Update state now that we've passed all the can-fail calls...
4765                 // (note that we may still fail to generate the new commitment_signed message, but that's
4766                 // OK, we step the channel here and *then* if the new generation fails we can fail the
4767                 // channel based on that, but stepping stuff here should be safe either way.
4768                 self.context.channel_state.clear_awaiting_remote_revoke();
4769                 self.context.sent_message_awaiting_response = None;
4770                 self.context.counterparty_prev_commitment_point = self.context.counterparty_cur_commitment_point;
4771                 self.context.counterparty_cur_commitment_point = Some(msg.next_per_commitment_point);
4772                 self.context.cur_counterparty_commitment_transaction_number -= 1;
4773
4774                 if self.context.announcement_sigs_state == AnnouncementSigsState::Committed {
4775                         self.context.announcement_sigs_state = AnnouncementSigsState::PeerReceived;
4776                 }
4777
4778                 log_trace!(logger, "Updating HTLCs on receipt of RAA in channel {}...", &self.context.channel_id());
4779                 let mut to_forward_infos = Vec::new();
4780                 let mut revoked_htlcs = Vec::new();
4781                 let mut finalized_claimed_htlcs = Vec::new();
4782                 let mut update_fail_htlcs = Vec::new();
4783                 let mut update_fail_malformed_htlcs = Vec::new();
4784                 let mut require_commitment = false;
4785                 let mut value_to_self_msat_diff: i64 = 0;
4786
4787                 {
4788                         // Take references explicitly so that we can hold multiple references to self.context.
4789                         let pending_inbound_htlcs: &mut Vec<_> = &mut self.context.pending_inbound_htlcs;
4790                         let pending_outbound_htlcs: &mut Vec<_> = &mut self.context.pending_outbound_htlcs;
4791                         let expecting_peer_commitment_signed = &mut self.context.expecting_peer_commitment_signed;
4792
4793                         // We really shouldnt have two passes here, but retain gives a non-mutable ref (Rust bug)
4794                         pending_inbound_htlcs.retain(|htlc| {
4795                                 if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
4796                                         log_trace!(logger, " ...removing inbound LocalRemoved {}", &htlc.payment_hash);
4797                                         if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
4798                                                 value_to_self_msat_diff += htlc.amount_msat as i64;
4799                                         }
4800                                         *expecting_peer_commitment_signed = true;
4801                                         false
4802                                 } else { true }
4803                         });
4804                         pending_outbound_htlcs.retain(|htlc| {
4805                                 if let &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) = &htlc.state {
4806                                         log_trace!(logger, " ...removing outbound AwaitingRemovedRemoteRevoke {}", &htlc.payment_hash);
4807                                         if let OutboundHTLCOutcome::Failure(reason) = outcome.clone() { // We really want take() here, but, again, non-mut ref :(
4808                                                 revoked_htlcs.push((htlc.source.clone(), htlc.payment_hash, reason));
4809                                         } else {
4810                                                 finalized_claimed_htlcs.push(htlc.source.clone());
4811                                                 // They fulfilled, so we sent them money
4812                                                 value_to_self_msat_diff -= htlc.amount_msat as i64;
4813                                         }
4814                                         false
4815                                 } else { true }
4816                         });
4817                         for htlc in pending_inbound_htlcs.iter_mut() {
4818                                 let swap = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) = &htlc.state {
4819                                         true
4820                                 } else if let &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) = &htlc.state {
4821                                         true
4822                                 } else { false };
4823                                 if swap {
4824                                         let mut state = InboundHTLCState::Committed;
4825                                         mem::swap(&mut state, &mut htlc.state);
4826
4827                                         if let InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info) = state {
4828                                                 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", &htlc.payment_hash);
4829                                                 htlc.state = InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info);
4830                                                 require_commitment = true;
4831                                         } else if let InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info) = state {
4832                                                 match forward_info {
4833                                                         PendingHTLCStatus::Fail(fail_msg) => {
4834                                                                 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to LocalRemoved due to PendingHTLCStatus indicating failure", &htlc.payment_hash);
4835                                                                 require_commitment = true;
4836                                                                 match fail_msg {
4837                                                                         HTLCFailureMsg::Relay(msg) => {
4838                                                                                 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(msg.reason.clone()));
4839                                                                                 update_fail_htlcs.push(msg)
4840                                                                         },
4841                                                                         HTLCFailureMsg::Malformed(msg) => {
4842                                                                                 htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailMalformed((msg.sha256_of_onion, msg.failure_code)));
4843                                                                                 update_fail_malformed_htlcs.push(msg)
4844                                                                         },
4845                                                                 }
4846                                                         },
4847                                                         PendingHTLCStatus::Forward(forward_info) => {
4848                                                                 log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to Committed", &htlc.payment_hash);
4849                                                                 to_forward_infos.push((forward_info, htlc.htlc_id));
4850                                                                 htlc.state = InboundHTLCState::Committed;
4851                                                         }
4852                                                 }
4853                                         }
4854                                 }
4855                         }
4856                         for htlc in pending_outbound_htlcs.iter_mut() {
4857                                 if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
4858                                         log_trace!(logger, " ...promoting outbound LocalAnnounced {} to Committed", &htlc.payment_hash);
4859                                         htlc.state = OutboundHTLCState::Committed;
4860                                         *expecting_peer_commitment_signed = true;
4861                                 }
4862                                 if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
4863                                         log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", &htlc.payment_hash);
4864                                         // Grab the preimage, if it exists, instead of cloning
4865                                         let mut reason = OutboundHTLCOutcome::Success(None);
4866                                         mem::swap(outcome, &mut reason);
4867                                         htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
4868                                         require_commitment = true;
4869                                 }
4870                         }
4871                 }
4872                 self.context.value_to_self_msat = (self.context.value_to_self_msat as i64 + value_to_self_msat_diff) as u64;
4873
4874                 if let Some((feerate, update_state)) = self.context.pending_update_fee {
4875                         match update_state {
4876                                 FeeUpdateState::Outbound => {
4877                                         debug_assert!(self.context.is_outbound());
4878                                         log_trace!(logger, " ...promoting outbound fee update {} to Committed", feerate);
4879                                         self.context.feerate_per_kw = feerate;
4880                                         self.context.pending_update_fee = None;
4881                                         self.context.expecting_peer_commitment_signed = true;
4882                                 },
4883                                 FeeUpdateState::RemoteAnnounced => { debug_assert!(!self.context.is_outbound()); },
4884                                 FeeUpdateState::AwaitingRemoteRevokeToAnnounce => {
4885                                         debug_assert!(!self.context.is_outbound());
4886                                         log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
4887                                         require_commitment = true;
4888                                         self.context.feerate_per_kw = feerate;
4889                                         self.context.pending_update_fee = None;
4890                                 },
4891                         }
4892                 }
4893
4894                 let release_monitor = self.context.blocked_monitor_updates.is_empty() && !hold_mon_update;
4895                 let release_state_str =
4896                         if hold_mon_update { "Holding" } else if release_monitor { "Releasing" } else { "Blocked" };
4897                 macro_rules! return_with_htlcs_to_fail {
4898                         ($htlcs_to_fail: expr) => {
4899                                 if !release_monitor {
4900                                         self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
4901                                                 update: monitor_update,
4902                                         });
4903                                         return Ok(($htlcs_to_fail, None));
4904                                 } else {
4905                                         return Ok(($htlcs_to_fail, Some(monitor_update)));
4906                                 }
4907                         }
4908                 }
4909
4910                 if self.context.channel_state.is_monitor_update_in_progress() {
4911                         // We can't actually generate a new commitment transaction (incl by freeing holding
4912                         // cells) while we can't update the monitor, so we just return what we have.
4913                         if require_commitment {
4914                                 self.context.monitor_pending_commitment_signed = true;
4915                                 // When the monitor updating is restored we'll call
4916                                 // get_last_commitment_update_for_send(), which does not update state, but we're
4917                                 // definitely now awaiting a remote revoke before we can step forward any more, so
4918                                 // set it here.
4919                                 let mut additional_update = self.build_commitment_no_status_check(logger);
4920                                 // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
4921                                 // strictly increasing by one, so decrement it here.
4922                                 self.context.latest_monitor_update_id = monitor_update.update_id;
4923                                 monitor_update.updates.append(&mut additional_update.updates);
4924                         }
4925                         self.context.monitor_pending_forwards.append(&mut to_forward_infos);
4926                         self.context.monitor_pending_failures.append(&mut revoked_htlcs);
4927                         self.context.monitor_pending_finalized_fulfills.append(&mut finalized_claimed_htlcs);
4928                         log_debug!(logger, "Received a valid revoke_and_ack for channel {} but awaiting a monitor update resolution to reply.", &self.context.channel_id());
4929                         return_with_htlcs_to_fail!(Vec::new());
4930                 }
4931
4932                 match self.free_holding_cell_htlcs(fee_estimator, logger) {
4933                         (Some(mut additional_update), htlcs_to_fail) => {
4934                                 // free_holding_cell_htlcs may bump latest_monitor_id multiple times but we want them to be
4935                                 // strictly increasing by one, so decrement it here.
4936                                 self.context.latest_monitor_update_id = monitor_update.update_id;
4937                                 monitor_update.updates.append(&mut additional_update.updates);
4938
4939                                 log_debug!(logger, "Received a valid revoke_and_ack for channel {} with holding cell HTLCs freed. {} monitor update.",
4940                                         &self.context.channel_id(), release_state_str);
4941
4942                                 self.monitor_updating_paused(false, true, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
4943                                 return_with_htlcs_to_fail!(htlcs_to_fail);
4944                         },
4945                         (None, htlcs_to_fail) => {
4946                                 if require_commitment {
4947                                         let mut additional_update = self.build_commitment_no_status_check(logger);
4948
4949                                         // build_commitment_no_status_check may bump latest_monitor_id but we want them to be
4950                                         // strictly increasing by one, so decrement it here.
4951                                         self.context.latest_monitor_update_id = monitor_update.update_id;
4952                                         monitor_update.updates.append(&mut additional_update.updates);
4953
4954                                         log_debug!(logger, "Received a valid revoke_and_ack for channel {}. Responding with a commitment update with {} HTLCs failed. {} monitor update.",
4955                                                 &self.context.channel_id(),
4956                                                 update_fail_htlcs.len() + update_fail_malformed_htlcs.len(),
4957                                                 release_state_str);
4958
4959                                         self.monitor_updating_paused(false, true, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
4960                                         return_with_htlcs_to_fail!(htlcs_to_fail);
4961                                 } else {
4962                                         log_debug!(logger, "Received a valid revoke_and_ack for channel {} with no reply necessary. {} monitor update.",
4963                                                 &self.context.channel_id(), release_state_str);
4964
4965                                         self.monitor_updating_paused(false, false, false, to_forward_infos, revoked_htlcs, finalized_claimed_htlcs);
4966                                         return_with_htlcs_to_fail!(htlcs_to_fail);
4967                                 }
4968                         }
4969                 }
4970         }
4971
4972         /// Queues up an outbound update fee by placing it in the holding cell. You should call
4973         /// [`Self::maybe_free_holding_cell_htlcs`] in order to actually generate and send the
4974         /// commitment update.
4975         pub fn queue_update_fee<F: Deref, L: Deref>(&mut self, feerate_per_kw: u32,
4976                 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
4977         where F::Target: FeeEstimator, L::Target: Logger
4978         {
4979                 let msg_opt = self.send_update_fee(feerate_per_kw, true, fee_estimator, logger);
4980                 assert!(msg_opt.is_none(), "We forced holding cell?");
4981         }
4982
4983         /// Adds a pending update to this channel. See the doc for send_htlc for
4984         /// further details on the optionness of the return value.
4985         /// If our balance is too low to cover the cost of the next commitment transaction at the
4986         /// new feerate, the update is cancelled.
4987         ///
4988         /// You MUST call [`Self::send_commitment_no_state_update`] prior to any other calls on this
4989         /// [`Channel`] if `force_holding_cell` is false.
4990         fn send_update_fee<F: Deref, L: Deref>(
4991                 &mut self, feerate_per_kw: u32, mut force_holding_cell: bool,
4992                 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
4993         ) -> Option<msgs::UpdateFee>
4994         where F::Target: FeeEstimator, L::Target: Logger
4995         {
4996                 if !self.context.is_outbound() {
4997                         panic!("Cannot send fee from inbound channel");
4998                 }
4999                 if !self.context.is_usable() {
5000                         panic!("Cannot update fee until channel is fully established and we haven't started shutting down");
5001                 }
5002                 if !self.context.is_live() {
5003                         panic!("Cannot update fee while peer is disconnected/we're awaiting a monitor update (ChannelManager should have caught this)");
5004                 }
5005
5006                 // Before proposing a feerate update, check that we can actually afford the new fee.
5007                 let inbound_stats = self.context.get_inbound_pending_htlc_stats(Some(feerate_per_kw));
5008                 let outbound_stats = self.context.get_outbound_pending_htlc_stats(Some(feerate_per_kw));
5009                 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
5010                 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, true, logger);
5011                 let buffer_fee_msat = commit_tx_fee_sat(feerate_per_kw, commitment_stats.num_nondust_htlcs + outbound_stats.on_holder_tx_holding_cell_htlcs_count as usize + CONCURRENT_INBOUND_HTLC_FEE_BUFFER as usize, self.context.get_channel_type()) * 1000;
5012                 let holder_balance_msat = commitment_stats.local_balance_msat - outbound_stats.holding_cell_msat;
5013                 if holder_balance_msat < buffer_fee_msat  + self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000 {
5014                         //TODO: auto-close after a number of failures?
5015                         log_debug!(logger, "Cannot afford to send new feerate at {}", feerate_per_kw);
5016                         return None;
5017                 }
5018
5019                 // Note, we evaluate pending htlc "preemptive" trimmed-to-dust threshold at the proposed `feerate_per_kw`.
5020                 let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
5021                 let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
5022                 let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
5023                 if holder_tx_dust_exposure > max_dust_htlc_exposure_msat {
5024                         log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
5025                         return None;
5026                 }
5027                 if counterparty_tx_dust_exposure > max_dust_htlc_exposure_msat {
5028                         log_debug!(logger, "Cannot afford to send new feerate at {} without infringing max dust htlc exposure", feerate_per_kw);
5029                         return None;
5030                 }
5031
5032                 if self.context.channel_state.is_awaiting_remote_revoke() || self.context.channel_state.is_monitor_update_in_progress() {
5033                         force_holding_cell = true;
5034                 }
5035
5036                 if force_holding_cell {
5037                         self.context.holding_cell_update_fee = Some(feerate_per_kw);
5038                         return None;
5039                 }
5040
5041                 debug_assert!(self.context.pending_update_fee.is_none());
5042                 self.context.pending_update_fee = Some((feerate_per_kw, FeeUpdateState::Outbound));
5043
5044                 Some(msgs::UpdateFee {
5045                         channel_id: self.context.channel_id,
5046                         feerate_per_kw,
5047                 })
5048         }
5049
5050         /// Removes any uncommitted inbound HTLCs and resets the state of uncommitted outbound HTLC
5051         /// updates, to be used on peer disconnection. After this, update_*_htlc messages need to be
5052         /// resent.
5053         /// No further message handling calls may be made until a channel_reestablish dance has
5054         /// completed.
5055         /// May return `Err(())`, which implies [`ChannelContext::force_shutdown`] should be called immediately.
5056         pub fn remove_uncommitted_htlcs_and_mark_paused<L: Deref>(&mut self, logger: &L) -> Result<(), ()> where L::Target: Logger {
5057                 assert!(!matches!(self.context.channel_state, ChannelState::ShutdownComplete));
5058                 if self.context.channel_state.is_pre_funded_state() {
5059                         return Err(())
5060                 }
5061
5062                 if self.context.channel_state.is_peer_disconnected() {
5063                         // While the below code should be idempotent, it's simpler to just return early, as
5064                         // redundant disconnect events can fire, though they should be rare.
5065                         return Ok(());
5066                 }
5067
5068                 if self.context.announcement_sigs_state == AnnouncementSigsState::MessageSent || self.context.announcement_sigs_state == AnnouncementSigsState::Committed {
5069                         self.context.announcement_sigs_state = AnnouncementSigsState::NotSent;
5070                 }
5071
5072                 // Upon reconnect we have to start the closing_signed dance over, but shutdown messages
5073                 // will be retransmitted.
5074                 self.context.last_sent_closing_fee = None;
5075                 self.context.pending_counterparty_closing_signed = None;
5076                 self.context.closing_fee_limits = None;
5077
5078                 let mut inbound_drop_count = 0;
5079                 self.context.pending_inbound_htlcs.retain(|htlc| {
5080                         match htlc.state {
5081                                 InboundHTLCState::RemoteAnnounced(_) => {
5082                                         // They sent us an update_add_htlc but we never got the commitment_signed.
5083                                         // We'll tell them what commitment_signed we're expecting next and they'll drop
5084                                         // this HTLC accordingly
5085                                         inbound_drop_count += 1;
5086                                         false
5087                                 },
5088                                 InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_)|InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => {
5089                                         // We received a commitment_signed updating this HTLC and (at least hopefully)
5090                                         // sent a revoke_and_ack (which we can re-transmit) and have heard nothing
5091                                         // in response to it yet, so don't touch it.
5092                                         true
5093                                 },
5094                                 InboundHTLCState::Committed => true,
5095                                 InboundHTLCState::LocalRemoved(_) => {
5096                                         // We (hopefully) sent a commitment_signed updating this HTLC (which we can
5097                                         // re-transmit if needed) and they may have even sent a revoke_and_ack back
5098                                         // (that we missed). Keep this around for now and if they tell us they missed
5099                                         // the commitment_signed we can re-transmit the update then.
5100                                         true
5101                                 },
5102                         }
5103                 });
5104                 self.context.next_counterparty_htlc_id -= inbound_drop_count;
5105
5106                 if let Some((_, update_state)) = self.context.pending_update_fee {
5107                         if update_state == FeeUpdateState::RemoteAnnounced {
5108                                 debug_assert!(!self.context.is_outbound());
5109                                 self.context.pending_update_fee = None;
5110                         }
5111                 }
5112
5113                 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
5114                         if let OutboundHTLCState::RemoteRemoved(_) = htlc.state {
5115                                 // They sent us an update to remove this but haven't yet sent the corresponding
5116                                 // commitment_signed, we need to move it back to Committed and they can re-send
5117                                 // the update upon reconnection.
5118                                 htlc.state = OutboundHTLCState::Committed;
5119                         }
5120                 }
5121
5122                 self.context.sent_message_awaiting_response = None;
5123
5124                 self.context.channel_state.set_peer_disconnected();
5125                 log_trace!(logger, "Peer disconnection resulted in {} remote-announced HTLC drops on channel {}", inbound_drop_count, &self.context.channel_id());
5126                 Ok(())
5127         }
5128
5129         /// Indicates that a ChannelMonitor update is in progress and has not yet been fully persisted.
5130         /// This must be called before we return the [`ChannelMonitorUpdate`] back to the
5131         /// [`ChannelManager`], which will call [`Self::monitor_updating_restored`] once the monitor
5132         /// update completes (potentially immediately).
5133         /// The messages which were generated with the monitor update must *not* have been sent to the
5134         /// remote end, and must instead have been dropped. They will be regenerated when
5135         /// [`Self::monitor_updating_restored`] is called.
5136         ///
5137         /// [`ChannelManager`]: super::channelmanager::ChannelManager
5138         /// [`chain::Watch`]: crate::chain::Watch
5139         /// [`ChannelMonitorUpdateStatus::InProgress`]: crate::chain::ChannelMonitorUpdateStatus::InProgress
5140         fn monitor_updating_paused(&mut self, resend_raa: bool, resend_commitment: bool,
5141                 resend_channel_ready: bool, mut pending_forwards: Vec<(PendingHTLCInfo, u64)>,
5142                 mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
5143                 mut pending_finalized_claimed_htlcs: Vec<HTLCSource>
5144         ) {
5145                 self.context.monitor_pending_revoke_and_ack |= resend_raa;
5146                 self.context.monitor_pending_commitment_signed |= resend_commitment;
5147                 self.context.monitor_pending_channel_ready |= resend_channel_ready;
5148                 self.context.monitor_pending_forwards.append(&mut pending_forwards);
5149                 self.context.monitor_pending_failures.append(&mut pending_fails);
5150                 self.context.monitor_pending_finalized_fulfills.append(&mut pending_finalized_claimed_htlcs);
5151                 self.context.channel_state.set_monitor_update_in_progress();
5152         }
5153
5154         /// Indicates that the latest ChannelMonitor update has been committed by the client
5155         /// successfully and we should restore normal operation. Returns messages which should be sent
5156         /// to the remote side.
5157         pub fn monitor_updating_restored<L: Deref, NS: Deref>(
5158                 &mut self, logger: &L, node_signer: &NS, chain_hash: ChainHash,
5159                 user_config: &UserConfig, best_block_height: u32
5160         ) -> MonitorRestoreUpdates
5161         where
5162                 L::Target: Logger,
5163                 NS::Target: NodeSigner
5164         {
5165                 assert!(self.context.channel_state.is_monitor_update_in_progress());
5166                 self.context.channel_state.clear_monitor_update_in_progress();
5167
5168                 // If we're past (or at) the AwaitingChannelReady stage on an outbound channel, try to
5169                 // (re-)broadcast the funding transaction as we may have declined to broadcast it when we
5170                 // first received the funding_signed.
5171                 let mut funding_broadcastable =
5172                         if self.context.is_outbound() &&
5173                                 (matches!(self.context.channel_state, ChannelState::AwaitingChannelReady(flags) if !flags.is_set(AwaitingChannelReadyFlags::WAITING_FOR_BATCH)) ||
5174                                 matches!(self.context.channel_state, ChannelState::ChannelReady(_)))
5175                         {
5176                                 self.context.funding_transaction.take()
5177                         } else { None };
5178                 // That said, if the funding transaction is already confirmed (ie we're active with a
5179                 // minimum_depth over 0) don't bother re-broadcasting the confirmed funding tx.
5180                 if matches!(self.context.channel_state, ChannelState::ChannelReady(_)) && self.context.minimum_depth != Some(0) {
5181                         funding_broadcastable = None;
5182                 }
5183
5184                 // We will never broadcast the funding transaction when we're in MonitorUpdateInProgress
5185                 // (and we assume the user never directly broadcasts the funding transaction and waits for
5186                 // us to do it). Thus, we can only ever hit monitor_pending_channel_ready when we're
5187                 // * an inbound channel that failed to persist the monitor on funding_created and we got
5188                 //   the funding transaction confirmed before the monitor was persisted, or
5189                 // * a 0-conf channel and intended to send the channel_ready before any broadcast at all.
5190                 let channel_ready = if self.context.monitor_pending_channel_ready {
5191                         assert!(!self.context.is_outbound() || self.context.minimum_depth == Some(0),
5192                                 "Funding transaction broadcast by the local client before it should have - LDK didn't do it!");
5193                         self.context.monitor_pending_channel_ready = false;
5194                         let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
5195                         Some(msgs::ChannelReady {
5196                                 channel_id: self.context.channel_id(),
5197                                 next_per_commitment_point,
5198                                 short_channel_id_alias: Some(self.context.outbound_scid_alias),
5199                         })
5200                 } else { None };
5201
5202                 let announcement_sigs = self.get_announcement_sigs(node_signer, chain_hash, user_config, best_block_height, logger);
5203
5204                 let mut accepted_htlcs = Vec::new();
5205                 mem::swap(&mut accepted_htlcs, &mut self.context.monitor_pending_forwards);
5206                 let mut failed_htlcs = Vec::new();
5207                 mem::swap(&mut failed_htlcs, &mut self.context.monitor_pending_failures);
5208                 let mut finalized_claimed_htlcs = Vec::new();
5209                 mem::swap(&mut finalized_claimed_htlcs, &mut self.context.monitor_pending_finalized_fulfills);
5210
5211                 if self.context.channel_state.is_peer_disconnected() {
5212                         self.context.monitor_pending_revoke_and_ack = false;
5213                         self.context.monitor_pending_commitment_signed = false;
5214                         return MonitorRestoreUpdates {
5215                                 raa: None, commitment_update: None, order: RAACommitmentOrder::RevokeAndACKFirst,
5216                                 accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
5217                         };
5218                 }
5219
5220                 let raa = if self.context.monitor_pending_revoke_and_ack {
5221                         Some(self.get_last_revoke_and_ack())
5222                 } else { None };
5223                 let commitment_update = if self.context.monitor_pending_commitment_signed {
5224                         self.get_last_commitment_update_for_send(logger).ok()
5225                 } else { None };
5226                 if commitment_update.is_some() {
5227                         self.mark_awaiting_response();
5228                 }
5229
5230                 self.context.monitor_pending_revoke_and_ack = false;
5231                 self.context.monitor_pending_commitment_signed = false;
5232                 let order = self.context.resend_order.clone();
5233                 log_debug!(logger, "Restored monitor updating in channel {} resulting in {}{} commitment update and {} RAA, with {} first",
5234                         &self.context.channel_id(), if funding_broadcastable.is_some() { "a funding broadcastable, " } else { "" },
5235                         if commitment_update.is_some() { "a" } else { "no" }, if raa.is_some() { "an" } else { "no" },
5236                         match order { RAACommitmentOrder::CommitmentFirst => "commitment", RAACommitmentOrder::RevokeAndACKFirst => "RAA"});
5237                 MonitorRestoreUpdates {
5238                         raa, commitment_update, order, accepted_htlcs, failed_htlcs, finalized_claimed_htlcs, funding_broadcastable, channel_ready, announcement_sigs
5239                 }
5240         }
5241
5242         pub fn update_fee<F: Deref, L: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::UpdateFee, logger: &L) -> Result<(), ChannelError>
5243                 where F::Target: FeeEstimator, L::Target: Logger
5244         {
5245                 if self.context.is_outbound() {
5246                         return Err(ChannelError::Close("Non-funding remote tried to update channel fee".to_owned()));
5247                 }
5248                 if self.context.channel_state.is_peer_disconnected() {
5249                         return Err(ChannelError::Close("Peer sent update_fee when we needed a channel_reestablish".to_owned()));
5250                 }
5251                 Channel::<SP>::check_remote_fee(&self.context.channel_type, fee_estimator, msg.feerate_per_kw, Some(self.context.feerate_per_kw), logger)?;
5252
5253                 self.context.pending_update_fee = Some((msg.feerate_per_kw, FeeUpdateState::RemoteAnnounced));
5254                 self.context.update_time_counter += 1;
5255                 // Check that we won't be pushed over our dust exposure limit by the feerate increase.
5256                 if !self.context.channel_type.supports_anchors_zero_fee_htlc_tx() {
5257                         let inbound_stats = self.context.get_inbound_pending_htlc_stats(None);
5258                         let outbound_stats = self.context.get_outbound_pending_htlc_stats(None);
5259                         let holder_tx_dust_exposure = inbound_stats.on_holder_tx_dust_exposure_msat + outbound_stats.on_holder_tx_dust_exposure_msat;
5260                         let counterparty_tx_dust_exposure = inbound_stats.on_counterparty_tx_dust_exposure_msat + outbound_stats.on_counterparty_tx_dust_exposure_msat;
5261                         let max_dust_htlc_exposure_msat = self.context.get_max_dust_htlc_exposure_msat(fee_estimator);
5262                         if holder_tx_dust_exposure > max_dust_htlc_exposure_msat {
5263                                 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our own transactions (totaling {} msat)",
5264                                         msg.feerate_per_kw, holder_tx_dust_exposure)));
5265                         }
5266                         if counterparty_tx_dust_exposure > max_dust_htlc_exposure_msat {
5267                                 return Err(ChannelError::Close(format!("Peer sent update_fee with a feerate ({}) which may over-expose us to dust-in-flight on our counterparty's transactions (totaling {} msat)",
5268                                         msg.feerate_per_kw, counterparty_tx_dust_exposure)));
5269                         }
5270                 }
5271                 Ok(())
5272         }
5273
5274         /// Indicates that the signer may have some signatures for us, so we should retry if we're
5275         /// blocked.
5276         #[cfg(async_signing)]
5277         pub fn signer_maybe_unblocked<L: Deref>(&mut self, logger: &L) -> SignerResumeUpdates where L::Target: Logger {
5278                 let commitment_update = if self.context.signer_pending_commitment_update {
5279                         self.get_last_commitment_update_for_send(logger).ok()
5280                 } else { None };
5281                 let funding_signed = if self.context.signer_pending_funding && !self.context.is_outbound() {
5282                         self.context.get_funding_signed_msg(logger).1
5283                 } else { None };
5284                 let channel_ready = if funding_signed.is_some() {
5285                         self.check_get_channel_ready(0)
5286                 } else { None };
5287
5288                 log_trace!(logger, "Signer unblocked with {} commitment_update, {} funding_signed and {} channel_ready",
5289                         if commitment_update.is_some() { "a" } else { "no" },
5290                         if funding_signed.is_some() { "a" } else { "no" },
5291                         if channel_ready.is_some() { "a" } else { "no" });
5292
5293                 SignerResumeUpdates {
5294                         commitment_update,
5295                         funding_signed,
5296                         channel_ready,
5297                 }
5298         }
5299
5300         fn get_last_revoke_and_ack(&self) -> msgs::RevokeAndACK {
5301                 let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
5302                 let per_commitment_secret = self.context.holder_signer.as_ref().release_commitment_secret(self.context.cur_holder_commitment_transaction_number + 2);
5303                 msgs::RevokeAndACK {
5304                         channel_id: self.context.channel_id,
5305                         per_commitment_secret,
5306                         next_per_commitment_point,
5307                         #[cfg(taproot)]
5308                         next_local_nonce: None,
5309                 }
5310         }
5311
5312         /// Gets the last commitment update for immediate sending to our peer.
5313         fn get_last_commitment_update_for_send<L: Deref>(&mut self, logger: &L) -> Result<msgs::CommitmentUpdate, ()> where L::Target: Logger {
5314                 let mut update_add_htlcs = Vec::new();
5315                 let mut update_fulfill_htlcs = Vec::new();
5316                 let mut update_fail_htlcs = Vec::new();
5317                 let mut update_fail_malformed_htlcs = Vec::new();
5318
5319                 for htlc in self.context.pending_outbound_htlcs.iter() {
5320                         if let &OutboundHTLCState::LocalAnnounced(ref onion_packet) = &htlc.state {
5321                                 update_add_htlcs.push(msgs::UpdateAddHTLC {
5322                                         channel_id: self.context.channel_id(),
5323                                         htlc_id: htlc.htlc_id,
5324                                         amount_msat: htlc.amount_msat,
5325                                         payment_hash: htlc.payment_hash,
5326                                         cltv_expiry: htlc.cltv_expiry,
5327                                         onion_routing_packet: (**onion_packet).clone(),
5328                                         skimmed_fee_msat: htlc.skimmed_fee_msat,
5329                                         blinding_point: htlc.blinding_point,
5330                                 });
5331                         }
5332                 }
5333
5334                 for htlc in self.context.pending_inbound_htlcs.iter() {
5335                         if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
5336                                 match reason {
5337                                         &InboundHTLCRemovalReason::FailRelay(ref err_packet) => {
5338                                                 update_fail_htlcs.push(msgs::UpdateFailHTLC {
5339                                                         channel_id: self.context.channel_id(),
5340                                                         htlc_id: htlc.htlc_id,
5341                                                         reason: err_packet.clone()
5342                                                 });
5343                                         },
5344                                         &InboundHTLCRemovalReason::FailMalformed((ref sha256_of_onion, ref failure_code)) => {
5345                                                 update_fail_malformed_htlcs.push(msgs::UpdateFailMalformedHTLC {
5346                                                         channel_id: self.context.channel_id(),
5347                                                         htlc_id: htlc.htlc_id,
5348                                                         sha256_of_onion: sha256_of_onion.clone(),
5349                                                         failure_code: failure_code.clone(),
5350                                                 });
5351                                         },
5352                                         &InboundHTLCRemovalReason::Fulfill(ref payment_preimage) => {
5353                                                 update_fulfill_htlcs.push(msgs::UpdateFulfillHTLC {
5354                                                         channel_id: self.context.channel_id(),
5355                                                         htlc_id: htlc.htlc_id,
5356                                                         payment_preimage: payment_preimage.clone(),
5357                                                 });
5358                                         },
5359                                 }
5360                         }
5361                 }
5362
5363                 let update_fee = if self.context.is_outbound() && self.context.pending_update_fee.is_some() {
5364                         Some(msgs::UpdateFee {
5365                                 channel_id: self.context.channel_id(),
5366                                 feerate_per_kw: self.context.pending_update_fee.unwrap().0,
5367                         })
5368                 } else { None };
5369
5370                 log_trace!(logger, "Regenerating latest commitment update in channel {} with{} {} update_adds, {} update_fulfills, {} update_fails, and {} update_fail_malformeds",
5371                                 &self.context.channel_id(), if update_fee.is_some() { " update_fee," } else { "" },
5372                                 update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len(), update_fail_malformed_htlcs.len());
5373                 let commitment_signed = if let Ok(update) = self.send_commitment_no_state_update(logger).map(|(cu, _)| cu) {
5374                         if self.context.signer_pending_commitment_update {
5375                                 log_trace!(logger, "Commitment update generated: clearing signer_pending_commitment_update");
5376                                 self.context.signer_pending_commitment_update = false;
5377                         }
5378                         update
5379                 } else {
5380                         #[cfg(not(async_signing))] {
5381                                 panic!("Failed to get signature for new commitment state");
5382                         }
5383                         #[cfg(async_signing)] {
5384                                 if !self.context.signer_pending_commitment_update {
5385                                         log_trace!(logger, "Commitment update awaiting signer: setting signer_pending_commitment_update");
5386                                         self.context.signer_pending_commitment_update = true;
5387                                 }
5388                                 return Err(());
5389                         }
5390                 };
5391                 Ok(msgs::CommitmentUpdate {
5392                         update_add_htlcs, update_fulfill_htlcs, update_fail_htlcs, update_fail_malformed_htlcs, update_fee,
5393                         commitment_signed,
5394                 })
5395         }
5396
5397         /// Gets the `Shutdown` message we should send our peer on reconnect, if any.
5398         pub fn get_outbound_shutdown(&self) -> Option<msgs::Shutdown> {
5399                 if self.context.channel_state.is_local_shutdown_sent() {
5400                         assert!(self.context.shutdown_scriptpubkey.is_some());
5401                         Some(msgs::Shutdown {
5402                                 channel_id: self.context.channel_id,
5403                                 scriptpubkey: self.get_closing_scriptpubkey(),
5404                         })
5405                 } else { None }
5406         }
5407
5408         /// May panic if some calls other than message-handling calls (which will all Err immediately)
5409         /// have been called between remove_uncommitted_htlcs_and_mark_paused and this call.
5410         ///
5411         /// Some links printed in log lines are included here to check them during build (when run with
5412         /// `cargo doc --document-private-items`):
5413         /// [`super::channelmanager::ChannelManager::force_close_without_broadcasting_txn`] and
5414         /// [`super::channelmanager::ChannelManager::force_close_all_channels_without_broadcasting_txn`].
5415         pub fn channel_reestablish<L: Deref, NS: Deref>(
5416                 &mut self, msg: &msgs::ChannelReestablish, logger: &L, node_signer: &NS,
5417                 chain_hash: ChainHash, user_config: &UserConfig, best_block: &BestBlock
5418         ) -> Result<ReestablishResponses, ChannelError>
5419         where
5420                 L::Target: Logger,
5421                 NS::Target: NodeSigner
5422         {
5423                 if !self.context.channel_state.is_peer_disconnected() {
5424                         // While BOLT 2 doesn't indicate explicitly we should error this channel here, it
5425                         // almost certainly indicates we are going to end up out-of-sync in some way, so we
5426                         // just close here instead of trying to recover.
5427                         return Err(ChannelError::Close("Peer sent a loose channel_reestablish not after reconnect".to_owned()));
5428                 }
5429
5430                 if msg.next_local_commitment_number >= INITIAL_COMMITMENT_NUMBER || msg.next_remote_commitment_number >= INITIAL_COMMITMENT_NUMBER ||
5431                         msg.next_local_commitment_number == 0 {
5432                         return Err(ChannelError::Close("Peer sent an invalid channel_reestablish to force close in a non-standard way".to_owned()));
5433                 }
5434
5435                 let our_commitment_transaction = INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number - 1;
5436                 if msg.next_remote_commitment_number > 0 {
5437                         let expected_point = self.context.holder_signer.as_ref().get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - msg.next_remote_commitment_number + 1, &self.context.secp_ctx);
5438                         let given_secret = SecretKey::from_slice(&msg.your_last_per_commitment_secret)
5439                                 .map_err(|_| ChannelError::Close("Peer sent a garbage channel_reestablish with unparseable secret key".to_owned()))?;
5440                         if expected_point != PublicKey::from_secret_key(&self.context.secp_ctx, &given_secret) {
5441                                 return Err(ChannelError::Close("Peer sent a garbage channel_reestablish with secret key not matching the commitment height provided".to_owned()));
5442                         }
5443                         if msg.next_remote_commitment_number > our_commitment_transaction {
5444                                 macro_rules! log_and_panic {
5445                                         ($err_msg: expr) => {
5446                                                 log_error!(logger, $err_msg, &self.context.channel_id, log_pubkey!(self.context.counterparty_node_id));
5447                                                 panic!($err_msg, &self.context.channel_id, log_pubkey!(self.context.counterparty_node_id));
5448                                         }
5449                                 }
5450                                 log_and_panic!("We have fallen behind - we have received proof that if we broadcast our counterparty is going to claim all our funds.\n\
5451                                         This implies you have restarted with lost ChannelMonitor and ChannelManager state, the first of which is a violation of the LDK chain::Watch requirements.\n\
5452                                         More specifically, this means you have a bug in your implementation that can cause loss of funds, or you are running with an old backup, which is unsafe.\n\
5453                                         If you have restored from an old backup and wish to force-close channels and return to operation, you should start up, call\n\
5454                                         ChannelManager::force_close_without_broadcasting_txn on channel {} with counterparty {} or\n\
5455                                         ChannelManager::force_close_all_channels_without_broadcasting_txn, then reconnect to peer(s).\n\
5456                                         Note that due to a long-standing bug in lnd you may have to reach out to peers running lnd-based nodes to ask them to manually force-close channels\n\
5457                                         See https://github.com/lightningdevkit/rust-lightning/issues/1565 for more info.");
5458                         }
5459                 }
5460
5461                 // Before we change the state of the channel, we check if the peer is sending a very old
5462                 // commitment transaction number, if yes we send a warning message.
5463                 if msg.next_remote_commitment_number + 1 < our_commitment_transaction {
5464                         return Err(ChannelError::Warn(format!(
5465                                 "Peer attempted to reestablish channel with a very old local commitment transaction: {} (received) vs {} (expected)",
5466                                 msg.next_remote_commitment_number,
5467                                 our_commitment_transaction
5468                         )));
5469                 }
5470
5471                 // Go ahead and unmark PeerDisconnected as various calls we may make check for it (and all
5472                 // remaining cases either succeed or ErrorMessage-fail).
5473                 self.context.channel_state.clear_peer_disconnected();
5474                 self.context.sent_message_awaiting_response = None;
5475
5476                 let shutdown_msg = self.get_outbound_shutdown();
5477
5478                 let announcement_sigs = self.get_announcement_sigs(node_signer, chain_hash, user_config, best_block.height(), logger);
5479
5480                 if matches!(self.context.channel_state, ChannelState::AwaitingChannelReady(_)) {
5481                         // If we're waiting on a monitor update, we shouldn't re-send any channel_ready's.
5482                         if !self.context.channel_state.is_our_channel_ready() ||
5483                                         self.context.channel_state.is_monitor_update_in_progress() {
5484                                 if msg.next_remote_commitment_number != 0 {
5485                                         return Err(ChannelError::Close("Peer claimed they saw a revoke_and_ack but we haven't sent channel_ready yet".to_owned()));
5486                                 }
5487                                 // Short circuit the whole handler as there is nothing we can resend them
5488                                 return Ok(ReestablishResponses {
5489                                         channel_ready: None,
5490                                         raa: None, commitment_update: None,
5491                                         order: RAACommitmentOrder::CommitmentFirst,
5492                                         shutdown_msg, announcement_sigs,
5493                                 });
5494                         }
5495
5496                         // We have OurChannelReady set!
5497                         let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
5498                         return Ok(ReestablishResponses {
5499                                 channel_ready: Some(msgs::ChannelReady {
5500                                         channel_id: self.context.channel_id(),
5501                                         next_per_commitment_point,
5502                                         short_channel_id_alias: Some(self.context.outbound_scid_alias),
5503                                 }),
5504                                 raa: None, commitment_update: None,
5505                                 order: RAACommitmentOrder::CommitmentFirst,
5506                                 shutdown_msg, announcement_sigs,
5507                         });
5508                 }
5509
5510                 let required_revoke = if msg.next_remote_commitment_number == our_commitment_transaction {
5511                         // Remote isn't waiting on any RevokeAndACK from us!
5512                         // Note that if we need to repeat our ChannelReady we'll do that in the next if block.
5513                         None
5514                 } else if msg.next_remote_commitment_number + 1 == our_commitment_transaction {
5515                         if self.context.channel_state.is_monitor_update_in_progress() {
5516                                 self.context.monitor_pending_revoke_and_ack = true;
5517                                 None
5518                         } else {
5519                                 Some(self.get_last_revoke_and_ack())
5520                         }
5521                 } else {
5522                         debug_assert!(false, "All values should have been handled in the four cases above");
5523                         return Err(ChannelError::Close(format!(
5524                                 "Peer attempted to reestablish channel expecting a future local commitment transaction: {} (received) vs {} (expected)",
5525                                 msg.next_remote_commitment_number,
5526                                 our_commitment_transaction
5527                         )));
5528                 };
5529
5530                 // We increment cur_counterparty_commitment_transaction_number only upon receipt of
5531                 // revoke_and_ack, not on sending commitment_signed, so we add one if have
5532                 // AwaitingRemoteRevoke set, which indicates we sent a commitment_signed but haven't gotten
5533                 // the corresponding revoke_and_ack back yet.
5534                 let is_awaiting_remote_revoke = self.context.channel_state.is_awaiting_remote_revoke();
5535                 if is_awaiting_remote_revoke && !self.is_awaiting_monitor_update() {
5536                         self.mark_awaiting_response();
5537                 }
5538                 let next_counterparty_commitment_number = INITIAL_COMMITMENT_NUMBER - self.context.cur_counterparty_commitment_transaction_number + if is_awaiting_remote_revoke { 1 } else { 0 };
5539
5540                 let channel_ready = if msg.next_local_commitment_number == 1 && INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number == 1 {
5541                         // We should never have to worry about MonitorUpdateInProgress resending ChannelReady
5542                         let next_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
5543                         Some(msgs::ChannelReady {
5544                                 channel_id: self.context.channel_id(),
5545                                 next_per_commitment_point,
5546                                 short_channel_id_alias: Some(self.context.outbound_scid_alias),
5547                         })
5548                 } else { None };
5549
5550                 if msg.next_local_commitment_number == next_counterparty_commitment_number {
5551                         if required_revoke.is_some() {
5552                                 log_debug!(logger, "Reconnected channel {} with only lost outbound RAA", &self.context.channel_id());
5553                         } else {
5554                                 log_debug!(logger, "Reconnected channel {} with no loss", &self.context.channel_id());
5555                         }
5556
5557                         Ok(ReestablishResponses {
5558                                 channel_ready, shutdown_msg, announcement_sigs,
5559                                 raa: required_revoke,
5560                                 commitment_update: None,
5561                                 order: self.context.resend_order.clone(),
5562                         })
5563                 } else if msg.next_local_commitment_number == next_counterparty_commitment_number - 1 {
5564                         if required_revoke.is_some() {
5565                                 log_debug!(logger, "Reconnected channel {} with lost outbound RAA and lost remote commitment tx", &self.context.channel_id());
5566                         } else {
5567                                 log_debug!(logger, "Reconnected channel {} with only lost remote commitment tx", &self.context.channel_id());
5568                         }
5569
5570                         if self.context.channel_state.is_monitor_update_in_progress() {
5571                                 self.context.monitor_pending_commitment_signed = true;
5572                                 Ok(ReestablishResponses {
5573                                         channel_ready, shutdown_msg, announcement_sigs,
5574                                         commitment_update: None, raa: None,
5575                                         order: self.context.resend_order.clone(),
5576                                 })
5577                         } else {
5578                                 Ok(ReestablishResponses {
5579                                         channel_ready, shutdown_msg, announcement_sigs,
5580                                         raa: required_revoke,
5581                                         commitment_update: self.get_last_commitment_update_for_send(logger).ok(),
5582                                         order: self.context.resend_order.clone(),
5583                                 })
5584                         }
5585                 } else if msg.next_local_commitment_number < next_counterparty_commitment_number {
5586                         Err(ChannelError::Close(format!(
5587                                 "Peer attempted to reestablish channel with a very old remote commitment transaction: {} (received) vs {} (expected)",
5588                                 msg.next_local_commitment_number,
5589                                 next_counterparty_commitment_number,
5590                         )))
5591                 } else {
5592                         Err(ChannelError::Close(format!(
5593                                 "Peer attempted to reestablish channel with a future remote commitment transaction: {} (received) vs {} (expected)",
5594                                 msg.next_local_commitment_number,
5595                                 next_counterparty_commitment_number,
5596                         )))
5597                 }
5598         }
5599
5600         /// Calculates and returns our minimum and maximum closing transaction fee amounts, in whole
5601         /// satoshis. The amounts remain consistent unless a peer disconnects/reconnects or we restart,
5602         /// at which point they will be recalculated.
5603         fn calculate_closing_fee_limits<F: Deref>(&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>)
5604                 -> (u64, u64)
5605                 where F::Target: FeeEstimator
5606         {
5607                 if let Some((min, max)) = self.context.closing_fee_limits { return (min, max); }
5608
5609                 // Propose a range from our current Background feerate to our Normal feerate plus our
5610                 // force_close_avoidance_max_fee_satoshis.
5611                 // If we fail to come to consensus, we'll have to force-close.
5612                 let mut proposed_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::ChannelCloseMinimum);
5613                 // Use NonAnchorChannelFee because this should be an estimate for a channel close
5614                 // that we don't expect to need fee bumping
5615                 let normal_feerate = fee_estimator.bounded_sat_per_1000_weight(ConfirmationTarget::NonAnchorChannelFee);
5616                 let mut proposed_max_feerate = if self.context.is_outbound() { normal_feerate } else { u32::max_value() };
5617
5618                 // The spec requires that (when the channel does not have anchors) we only send absolute
5619                 // channel fees no greater than the absolute channel fee on the current commitment
5620                 // transaction. It's unclear *which* commitment transaction this refers to, and there isn't
5621                 // very good reason to apply such a limit in any case. We don't bother doing so, risking
5622                 // some force-closure by old nodes, but we wanted to close the channel anyway.
5623
5624                 if let Some(target_feerate) = self.context.target_closing_feerate_sats_per_kw {
5625                         let min_feerate = if self.context.is_outbound() { target_feerate } else { cmp::min(self.context.feerate_per_kw, target_feerate) };
5626                         proposed_feerate = cmp::max(proposed_feerate, min_feerate);
5627                         proposed_max_feerate = cmp::max(proposed_max_feerate, min_feerate);
5628                 }
5629
5630                 // Note that technically we could end up with a lower minimum fee if one sides' balance is
5631                 // below our dust limit, causing the output to disappear. We don't bother handling this
5632                 // case, however, as this should only happen if a channel is closed before any (material)
5633                 // payments have been made on it. This may cause slight fee overpayment and/or failure to
5634                 // come to consensus with our counterparty on appropriate fees, however it should be a
5635                 // relatively rare case. We can revisit this later, though note that in order to determine
5636                 // if the funders' output is dust we have to know the absolute fee we're going to use.
5637                 let tx_weight = self.get_closing_transaction_weight(Some(&self.get_closing_scriptpubkey()), Some(self.context.counterparty_shutdown_scriptpubkey.as_ref().unwrap()));
5638                 let proposed_total_fee_satoshis = proposed_feerate as u64 * tx_weight / 1000;
5639                 let proposed_max_total_fee_satoshis = if self.context.is_outbound() {
5640                                 // We always add force_close_avoidance_max_fee_satoshis to our normal
5641                                 // feerate-calculated fee, but allow the max to be overridden if we're using a
5642                                 // target feerate-calculated fee.
5643                                 cmp::max(normal_feerate as u64 * tx_weight / 1000 + self.context.config.options.force_close_avoidance_max_fee_satoshis,
5644                                         proposed_max_feerate as u64 * tx_weight / 1000)
5645                         } else {
5646                                 self.context.channel_value_satoshis - (self.context.value_to_self_msat + 999) / 1000
5647                         };
5648
5649                 self.context.closing_fee_limits = Some((proposed_total_fee_satoshis, proposed_max_total_fee_satoshis));
5650                 self.context.closing_fee_limits.clone().unwrap()
5651         }
5652
5653         /// Returns true if we're ready to commence the closing_signed negotiation phase. This is true
5654         /// after both sides have exchanged a `shutdown` message and all HTLCs have been drained. At
5655         /// this point if we're the funder we should send the initial closing_signed, and in any case
5656         /// shutdown should complete within a reasonable timeframe.
5657         fn closing_negotiation_ready(&self) -> bool {
5658                 self.context.closing_negotiation_ready()
5659         }
5660
5661         /// Checks if the closing_signed negotiation is making appropriate progress, possibly returning
5662         /// an Err if no progress is being made and the channel should be force-closed instead.
5663         /// Should be called on a one-minute timer.
5664         pub fn timer_check_closing_negotiation_progress(&mut self) -> Result<(), ChannelError> {
5665                 if self.closing_negotiation_ready() {
5666                         if self.context.closing_signed_in_flight {
5667                                 return Err(ChannelError::Close("closing_signed negotiation failed to finish within two timer ticks".to_owned()));
5668                         } else {
5669                                 self.context.closing_signed_in_flight = true;
5670                         }
5671                 }
5672                 Ok(())
5673         }
5674
5675         pub fn maybe_propose_closing_signed<F: Deref, L: Deref>(
5676                 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L)
5677                 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>, Option<ShutdownResult>), ChannelError>
5678                 where F::Target: FeeEstimator, L::Target: Logger
5679         {
5680                 // If we're waiting on a monitor persistence, that implies we're also waiting to send some
5681                 // message to our counterparty (probably a `revoke_and_ack`). In such a case, we shouldn't
5682                 // initiate `closing_signed` negotiation until we're clear of all pending messages. Note
5683                 // that closing_negotiation_ready checks this case (as well as a few others).
5684                 if self.context.last_sent_closing_fee.is_some() || !self.closing_negotiation_ready() {
5685                         return Ok((None, None, None));
5686                 }
5687
5688                 if !self.context.is_outbound() {
5689                         if let Some(msg) = &self.context.pending_counterparty_closing_signed.take() {
5690                                 return self.closing_signed(fee_estimator, &msg);
5691                         }
5692                         return Ok((None, None, None));
5693                 }
5694
5695                 // If we're waiting on a counterparty `commitment_signed` to clear some updates from our
5696                 // local commitment transaction, we can't yet initiate `closing_signed` negotiation.
5697                 if self.context.expecting_peer_commitment_signed {
5698                         return Ok((None, None, None));
5699                 }
5700
5701                 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
5702
5703                 assert!(self.context.shutdown_scriptpubkey.is_some());
5704                 let (closing_tx, total_fee_satoshis) = self.build_closing_transaction(our_min_fee, false);
5705                 log_trace!(logger, "Proposing initial closing_signed for our counterparty with a fee range of {}-{} sat (with initial proposal {} sats)",
5706                         our_min_fee, our_max_fee, total_fee_satoshis);
5707
5708                 match &self.context.holder_signer {
5709                         ChannelSignerType::Ecdsa(ecdsa) => {
5710                                 let sig = ecdsa
5711                                         .sign_closing_transaction(&closing_tx, &self.context.secp_ctx)
5712                                         .map_err(|()| ChannelError::Close("Failed to get signature for closing transaction.".to_owned()))?;
5713
5714                                 self.context.last_sent_closing_fee = Some((total_fee_satoshis, sig.clone()));
5715                                 Ok((Some(msgs::ClosingSigned {
5716                                         channel_id: self.context.channel_id,
5717                                         fee_satoshis: total_fee_satoshis,
5718                                         signature: sig,
5719                                         fee_range: Some(msgs::ClosingSignedFeeRange {
5720                                                 min_fee_satoshis: our_min_fee,
5721                                                 max_fee_satoshis: our_max_fee,
5722                                         }),
5723                                 }), None, None))
5724                         },
5725                         // TODO (taproot|arik)
5726                         #[cfg(taproot)]
5727                         _ => todo!()
5728                 }
5729         }
5730
5731         // Marks a channel as waiting for a response from the counterparty. If it's not received
5732         // [`DISCONNECT_PEER_AWAITING_RESPONSE_TICKS`] after sending our own to them, then we'll attempt
5733         // a reconnection.
5734         fn mark_awaiting_response(&mut self) {
5735                 self.context.sent_message_awaiting_response = Some(0);
5736         }
5737
5738         /// Determines whether we should disconnect the counterparty due to not receiving a response
5739         /// within our expected timeframe.
5740         ///
5741         /// This should be called on every [`super::channelmanager::ChannelManager::timer_tick_occurred`].
5742         pub fn should_disconnect_peer_awaiting_response(&mut self) -> bool {
5743                 let ticks_elapsed = if let Some(ticks_elapsed) = self.context.sent_message_awaiting_response.as_mut() {
5744                         ticks_elapsed
5745                 } else {
5746                         // Don't disconnect when we're not waiting on a response.
5747                         return false;
5748                 };
5749                 *ticks_elapsed += 1;
5750                 *ticks_elapsed >= DISCONNECT_PEER_AWAITING_RESPONSE_TICKS
5751         }
5752
5753         pub fn shutdown(
5754                 &mut self, signer_provider: &SP, their_features: &InitFeatures, msg: &msgs::Shutdown
5755         ) -> Result<(Option<msgs::Shutdown>, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), ChannelError>
5756         {
5757                 if self.context.channel_state.is_peer_disconnected() {
5758                         return Err(ChannelError::Close("Peer sent shutdown when we needed a channel_reestablish".to_owned()));
5759                 }
5760                 if self.context.channel_state.is_pre_funded_state() {
5761                         // Spec says we should fail the connection, not the channel, but that's nonsense, there
5762                         // are plenty of reasons you may want to fail a channel pre-funding, and spec says you
5763                         // can do that via error message without getting a connection fail anyway...
5764                         return Err(ChannelError::Close("Peer sent shutdown pre-funding generation".to_owned()));
5765                 }
5766                 for htlc in self.context.pending_inbound_htlcs.iter() {
5767                         if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
5768                                 return Err(ChannelError::Close("Got shutdown with remote pending HTLCs".to_owned()));
5769                         }
5770                 }
5771                 assert!(!matches!(self.context.channel_state, ChannelState::ShutdownComplete));
5772
5773                 if !script::is_bolt2_compliant(&msg.scriptpubkey, their_features) {
5774                         return Err(ChannelError::Warn(format!("Got a nonstandard scriptpubkey ({}) from remote peer", msg.scriptpubkey.to_hex_string())));
5775                 }
5776
5777                 if self.context.counterparty_shutdown_scriptpubkey.is_some() {
5778                         if Some(&msg.scriptpubkey) != self.context.counterparty_shutdown_scriptpubkey.as_ref() {
5779                                 return Err(ChannelError::Warn(format!("Got shutdown request with a scriptpubkey ({}) which did not match their previous scriptpubkey.", msg.scriptpubkey.to_hex_string())));
5780                         }
5781                 } else {
5782                         self.context.counterparty_shutdown_scriptpubkey = Some(msg.scriptpubkey.clone());
5783                 }
5784
5785                 // If we have any LocalAnnounced updates we'll probably just get back an update_fail_htlc
5786                 // immediately after the commitment dance, but we can send a Shutdown because we won't send
5787                 // any further commitment updates after we set LocalShutdownSent.
5788                 let send_shutdown = !self.context.channel_state.is_local_shutdown_sent();
5789
5790                 let update_shutdown_script = match self.context.shutdown_scriptpubkey {
5791                         Some(_) => false,
5792                         None => {
5793                                 assert!(send_shutdown);
5794                                 let shutdown_scriptpubkey = match signer_provider.get_shutdown_scriptpubkey() {
5795                                         Ok(scriptpubkey) => scriptpubkey,
5796                                         Err(_) => return Err(ChannelError::Close("Failed to get shutdown scriptpubkey".to_owned())),
5797                                 };
5798                                 if !shutdown_scriptpubkey.is_compatible(their_features) {
5799                                         return Err(ChannelError::Close(format!("Provided a scriptpubkey format not accepted by peer: {}", shutdown_scriptpubkey)));
5800                                 }
5801                                 self.context.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
5802                                 true
5803                         },
5804                 };
5805
5806                 // From here on out, we may not fail!
5807
5808                 self.context.channel_state.set_remote_shutdown_sent();
5809                 self.context.update_time_counter += 1;
5810
5811                 let monitor_update = if update_shutdown_script {
5812                         self.context.latest_monitor_update_id += 1;
5813                         let monitor_update = ChannelMonitorUpdate {
5814                                 update_id: self.context.latest_monitor_update_id,
5815                                 counterparty_node_id: Some(self.context.counterparty_node_id),
5816                                 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
5817                                         scriptpubkey: self.get_closing_scriptpubkey(),
5818                                 }],
5819                                 channel_id: Some(self.context.channel_id()),
5820                         };
5821                         self.monitor_updating_paused(false, false, false, Vec::new(), Vec::new(), Vec::new());
5822                         self.push_ret_blockable_mon_update(monitor_update)
5823                 } else { None };
5824                 let shutdown = if send_shutdown {
5825                         Some(msgs::Shutdown {
5826                                 channel_id: self.context.channel_id,
5827                                 scriptpubkey: self.get_closing_scriptpubkey(),
5828                         })
5829                 } else { None };
5830
5831                 // We can't send our shutdown until we've committed all of our pending HTLCs, but the
5832                 // remote side is unlikely to accept any new HTLCs, so we go ahead and "free" any holding
5833                 // cell HTLCs and return them to fail the payment.
5834                 self.context.holding_cell_update_fee = None;
5835                 let mut dropped_outbound_htlcs = Vec::with_capacity(self.context.holding_cell_htlc_updates.len());
5836                 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
5837                         match htlc_update {
5838                                 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
5839                                         dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
5840                                         false
5841                                 },
5842                                 _ => true
5843                         }
5844                 });
5845
5846                 self.context.channel_state.set_local_shutdown_sent();
5847                 self.context.update_time_counter += 1;
5848
5849                 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
5850         }
5851
5852         fn build_signed_closing_transaction(&self, closing_tx: &ClosingTransaction, counterparty_sig: &Signature, sig: &Signature) -> Transaction {
5853                 let mut tx = closing_tx.trust().built_transaction().clone();
5854
5855                 tx.input[0].witness.push(Vec::new()); // First is the multisig dummy
5856
5857                 let funding_key = self.context.get_holder_pubkeys().funding_pubkey.serialize();
5858                 let counterparty_funding_key = self.context.counterparty_funding_pubkey().serialize();
5859                 let mut holder_sig = sig.serialize_der().to_vec();
5860                 holder_sig.push(EcdsaSighashType::All as u8);
5861                 let mut cp_sig = counterparty_sig.serialize_der().to_vec();
5862                 cp_sig.push(EcdsaSighashType::All as u8);
5863                 if funding_key[..] < counterparty_funding_key[..] {
5864                         tx.input[0].witness.push(holder_sig);
5865                         tx.input[0].witness.push(cp_sig);
5866                 } else {
5867                         tx.input[0].witness.push(cp_sig);
5868                         tx.input[0].witness.push(holder_sig);
5869                 }
5870
5871                 tx.input[0].witness.push(self.context.get_funding_redeemscript().into_bytes());
5872                 tx
5873         }
5874
5875         pub fn closing_signed<F: Deref>(
5876                 &mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, msg: &msgs::ClosingSigned)
5877                 -> Result<(Option<msgs::ClosingSigned>, Option<Transaction>, Option<ShutdownResult>), ChannelError>
5878                 where F::Target: FeeEstimator
5879         {
5880                 if !self.context.channel_state.is_both_sides_shutdown() {
5881                         return Err(ChannelError::Close("Remote end sent us a closing_signed before both sides provided a shutdown".to_owned()));
5882                 }
5883                 if self.context.channel_state.is_peer_disconnected() {
5884                         return Err(ChannelError::Close("Peer sent closing_signed when we needed a channel_reestablish".to_owned()));
5885                 }
5886                 if !self.context.pending_inbound_htlcs.is_empty() || !self.context.pending_outbound_htlcs.is_empty() {
5887                         return Err(ChannelError::Close("Remote end sent us a closing_signed while there were still pending HTLCs".to_owned()));
5888                 }
5889                 if msg.fee_satoshis > TOTAL_BITCOIN_SUPPLY_SATOSHIS { // this is required to stop potential overflow in build_closing_transaction
5890                         return Err(ChannelError::Close("Remote tried to send us a closing tx with > 21 million BTC fee".to_owned()));
5891                 }
5892
5893                 if self.context.is_outbound() && self.context.last_sent_closing_fee.is_none() {
5894                         return Err(ChannelError::Close("Remote tried to send a closing_signed when we were supposed to propose the first one".to_owned()));
5895                 }
5896
5897                 if self.context.channel_state.is_monitor_update_in_progress() {
5898                         self.context.pending_counterparty_closing_signed = Some(msg.clone());
5899                         return Ok((None, None, None));
5900                 }
5901
5902                 let funding_redeemscript = self.context.get_funding_redeemscript();
5903                 let (mut closing_tx, used_total_fee) = self.build_closing_transaction(msg.fee_satoshis, false);
5904                 if used_total_fee != msg.fee_satoshis {
5905                         return Err(ChannelError::Close(format!("Remote sent us a closing_signed with a fee other than the value they can claim. Fee in message: {}. Actual closing tx fee: {}", msg.fee_satoshis, used_total_fee)));
5906                 }
5907                 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.context.channel_value_satoshis);
5908
5909                 match self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.get_counterparty_pubkeys().funding_pubkey) {
5910                         Ok(_) => {},
5911                         Err(_e) => {
5912                                 // The remote end may have decided to revoke their output due to inconsistent dust
5913                                 // limits, so check for that case by re-checking the signature here.
5914                                 closing_tx = self.build_closing_transaction(msg.fee_satoshis, true).0;
5915                                 let sighash = closing_tx.trust().get_sighash_all(&funding_redeemscript, self.context.channel_value_satoshis);
5916                                 secp_check!(self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, self.context.counterparty_funding_pubkey()), "Invalid closing tx signature from peer".to_owned());
5917                         },
5918                 };
5919
5920                 for outp in closing_tx.trust().built_transaction().output.iter() {
5921                         if !outp.script_pubkey.is_witness_program() && outp.value < MAX_STD_OUTPUT_DUST_LIMIT_SATOSHIS {
5922                                 return Err(ChannelError::Close("Remote sent us a closing_signed with a dust output. Always use segwit closing scripts!".to_owned()));
5923                         }
5924                 }
5925
5926                 let closure_reason = if self.initiated_shutdown() {
5927                         ClosureReason::LocallyInitiatedCooperativeClosure
5928                 } else {
5929                         ClosureReason::CounterpartyInitiatedCooperativeClosure
5930                 };
5931
5932                 assert!(self.context.shutdown_scriptpubkey.is_some());
5933                 if let Some((last_fee, sig)) = self.context.last_sent_closing_fee {
5934                         if last_fee == msg.fee_satoshis {
5935                                 let shutdown_result = ShutdownResult {
5936                                         closure_reason,
5937                                         monitor_update: None,
5938                                         dropped_outbound_htlcs: Vec::new(),
5939                                         unbroadcasted_batch_funding_txid: self.context.unbroadcasted_batch_funding_txid(),
5940                                         channel_id: self.context.channel_id,
5941                                         user_channel_id: self.context.user_id,
5942                                         channel_capacity_satoshis: self.context.channel_value_satoshis,
5943                                         counterparty_node_id: self.context.counterparty_node_id,
5944                                         unbroadcasted_funding_tx: self.context.unbroadcasted_funding(),
5945                                         channel_funding_txo: self.context.get_funding_txo(),
5946                                 };
5947                                 let tx = self.build_signed_closing_transaction(&mut closing_tx, &msg.signature, &sig);
5948                                 self.context.channel_state = ChannelState::ShutdownComplete;
5949                                 self.context.update_time_counter += 1;
5950                                 return Ok((None, Some(tx), Some(shutdown_result)));
5951                         }
5952                 }
5953
5954                 let (our_min_fee, our_max_fee) = self.calculate_closing_fee_limits(fee_estimator);
5955
5956                 macro_rules! propose_fee {
5957                         ($new_fee: expr) => {
5958                                 let (closing_tx, used_fee) = if $new_fee == msg.fee_satoshis {
5959                                         (closing_tx, $new_fee)
5960                                 } else {
5961                                         self.build_closing_transaction($new_fee, false)
5962                                 };
5963
5964                                 return match &self.context.holder_signer {
5965                                         ChannelSignerType::Ecdsa(ecdsa) => {
5966                                                 let sig = ecdsa
5967                                                         .sign_closing_transaction(&closing_tx, &self.context.secp_ctx)
5968                                                         .map_err(|_| ChannelError::Close("External signer refused to sign closing transaction".to_owned()))?;
5969                                                 let (signed_tx, shutdown_result) = if $new_fee == msg.fee_satoshis {
5970                                                         let shutdown_result = ShutdownResult {
5971                                                                 closure_reason,
5972                                                                 monitor_update: None,
5973                                                                 dropped_outbound_htlcs: Vec::new(),
5974                                                                 unbroadcasted_batch_funding_txid: self.context.unbroadcasted_batch_funding_txid(),
5975                                                                 channel_id: self.context.channel_id,
5976                                                                 user_channel_id: self.context.user_id,
5977                                                                 channel_capacity_satoshis: self.context.channel_value_satoshis,
5978                                                                 counterparty_node_id: self.context.counterparty_node_id,
5979                                                                 unbroadcasted_funding_tx: self.context.unbroadcasted_funding(),
5980                                                                 channel_funding_txo: self.context.get_funding_txo(),
5981                                                         };
5982                                                         self.context.channel_state = ChannelState::ShutdownComplete;
5983                                                         self.context.update_time_counter += 1;
5984                                                         let tx = self.build_signed_closing_transaction(&closing_tx, &msg.signature, &sig);
5985                                                         (Some(tx), Some(shutdown_result))
5986                                                 } else {
5987                                                         (None, None)
5988                                                 };
5989
5990                                                 self.context.last_sent_closing_fee = Some((used_fee, sig.clone()));
5991                                                 Ok((Some(msgs::ClosingSigned {
5992                                                         channel_id: self.context.channel_id,
5993                                                         fee_satoshis: used_fee,
5994                                                         signature: sig,
5995                                                         fee_range: Some(msgs::ClosingSignedFeeRange {
5996                                                                 min_fee_satoshis: our_min_fee,
5997                                                                 max_fee_satoshis: our_max_fee,
5998                                                         }),
5999                                                 }), signed_tx, shutdown_result))
6000                                         },
6001                                         // TODO (taproot|arik)
6002                                         #[cfg(taproot)]
6003                                         _ => todo!()
6004                                 }
6005                         }
6006                 }
6007
6008                 if let Some(msgs::ClosingSignedFeeRange { min_fee_satoshis, max_fee_satoshis }) = msg.fee_range {
6009                         if msg.fee_satoshis < min_fee_satoshis || msg.fee_satoshis > max_fee_satoshis {
6010                                 return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in their desired range of {} sat - {} sat", msg.fee_satoshis, min_fee_satoshis, max_fee_satoshis)));
6011                         }
6012                         if max_fee_satoshis < our_min_fee {
6013                                 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's max fee ({} sat) was smaller than our min fee ({} sat)", max_fee_satoshis, our_min_fee)));
6014                         }
6015                         if min_fee_satoshis > our_max_fee {
6016                                 return Err(ChannelError::Warn(format!("Unable to come to consensus about closing feerate, remote's min fee ({} sat) was greater than our max fee ({} sat)", min_fee_satoshis, our_max_fee)));
6017                         }
6018
6019                         if !self.context.is_outbound() {
6020                                 // They have to pay, so pick the highest fee in the overlapping range.
6021                                 // We should never set an upper bound aside from their full balance
6022                                 debug_assert_eq!(our_max_fee, self.context.channel_value_satoshis - (self.context.value_to_self_msat + 999) / 1000);
6023                                 propose_fee!(cmp::min(max_fee_satoshis, our_max_fee));
6024                         } else {
6025                                 if msg.fee_satoshis < our_min_fee || msg.fee_satoshis > our_max_fee {
6026                                         return Err(ChannelError::Close(format!("Peer sent a bogus closing_signed - suggested fee of {} sat was not in our desired range of {} sat - {} sat after we informed them of our range.",
6027                                                 msg.fee_satoshis, our_min_fee, our_max_fee)));
6028                                 }
6029                                 // The proposed fee is in our acceptable range, accept it and broadcast!
6030                                 propose_fee!(msg.fee_satoshis);
6031                         }
6032                 } else {
6033                         // Old fee style negotiation. We don't bother to enforce whether they are complying
6034                         // with the "making progress" requirements, we just comply and hope for the best.
6035                         if let Some((last_fee, _)) = self.context.last_sent_closing_fee {
6036                                 if msg.fee_satoshis > last_fee {
6037                                         if msg.fee_satoshis < our_max_fee {
6038                                                 propose_fee!(msg.fee_satoshis);
6039                                         } else if last_fee < our_max_fee {
6040                                                 propose_fee!(our_max_fee);
6041                                         } else {
6042                                                 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) higher than our max fee ({} sat)", msg.fee_satoshis, our_max_fee)));
6043                                         }
6044                                 } else {
6045                                         if msg.fee_satoshis > our_min_fee {
6046                                                 propose_fee!(msg.fee_satoshis);
6047                                         } else if last_fee > our_min_fee {
6048                                                 propose_fee!(our_min_fee);
6049                                         } else {
6050                                                 return Err(ChannelError::Close(format!("Unable to come to consensus about closing feerate, remote wants something ({} sat) lower than our min fee ({} sat)", msg.fee_satoshis, our_min_fee)));
6051                                         }
6052                                 }
6053                         } else {
6054                                 if msg.fee_satoshis < our_min_fee {
6055                                         propose_fee!(our_min_fee);
6056                                 } else if msg.fee_satoshis > our_max_fee {
6057                                         propose_fee!(our_max_fee);
6058                                 } else {
6059                                         propose_fee!(msg.fee_satoshis);
6060                                 }
6061                         }
6062                 }
6063         }
6064
6065         fn internal_htlc_satisfies_config(
6066                 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32, config: &ChannelConfig,
6067         ) -> Result<(), (&'static str, u16)> {
6068                 let fee = amt_to_forward.checked_mul(config.forwarding_fee_proportional_millionths as u64)
6069                         .and_then(|prop_fee| (prop_fee / 1000000).checked_add(config.forwarding_fee_base_msat as u64));
6070                 if fee.is_none() || htlc.amount_msat < fee.unwrap() ||
6071                         (htlc.amount_msat - fee.unwrap()) < amt_to_forward {
6072                         return Err((
6073                                 "Prior hop has deviated from specified fees parameters or origin node has obsolete ones",
6074                                 0x1000 | 12, // fee_insufficient
6075                         ));
6076                 }
6077                 if (htlc.cltv_expiry as u64) < outgoing_cltv_value as u64 + config.cltv_expiry_delta as u64 {
6078                         return Err((
6079                                 "Forwarding node has tampered with the intended HTLC values or origin node has an obsolete cltv_expiry_delta",
6080                                 0x1000 | 13, // incorrect_cltv_expiry
6081                         ));
6082                 }
6083                 Ok(())
6084         }
6085
6086         /// Determines whether the parameters of an incoming HTLC to be forwarded satisfy the channel's
6087         /// [`ChannelConfig`]. This first looks at the channel's current [`ChannelConfig`], and if
6088         /// unsuccessful, falls back to the previous one if one exists.
6089         pub fn htlc_satisfies_config(
6090                 &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32,
6091         ) -> Result<(), (&'static str, u16)> {
6092                 self.internal_htlc_satisfies_config(&htlc, amt_to_forward, outgoing_cltv_value, &self.context.config())
6093                         .or_else(|err| {
6094                                 if let Some(prev_config) = self.context.prev_config() {
6095                                         self.internal_htlc_satisfies_config(htlc, amt_to_forward, outgoing_cltv_value, &prev_config)
6096                                 } else {
6097                                         Err(err)
6098                                 }
6099                         })
6100         }
6101
6102         pub fn get_cur_holder_commitment_transaction_number(&self) -> u64 {
6103                 self.context.cur_holder_commitment_transaction_number + 1
6104         }
6105
6106         pub fn get_cur_counterparty_commitment_transaction_number(&self) -> u64 {
6107                 self.context.cur_counterparty_commitment_transaction_number + 1 - if self.context.channel_state.is_awaiting_remote_revoke() { 1 } else { 0 }
6108         }
6109
6110         pub fn get_revoked_counterparty_commitment_transaction_number(&self) -> u64 {
6111                 self.context.cur_counterparty_commitment_transaction_number + 2
6112         }
6113
6114         #[cfg(test)]
6115         pub fn get_signer(&self) -> &ChannelSignerType<SP> {
6116                 &self.context.holder_signer
6117         }
6118
6119         #[cfg(test)]
6120         pub fn get_value_stat(&self) -> ChannelValueStat {
6121                 ChannelValueStat {
6122                         value_to_self_msat: self.context.value_to_self_msat,
6123                         channel_value_msat: self.context.channel_value_satoshis * 1000,
6124                         channel_reserve_msat: self.context.counterparty_selected_channel_reserve_satoshis.unwrap() * 1000,
6125                         pending_outbound_htlcs_amount_msat: self.context.pending_outbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
6126                         pending_inbound_htlcs_amount_msat: self.context.pending_inbound_htlcs.iter().map(|ref h| h.amount_msat).sum::<u64>(),
6127                         holding_cell_outbound_amount_msat: {
6128                                 let mut res = 0;
6129                                 for h in self.context.holding_cell_htlc_updates.iter() {
6130                                         match h {
6131                                                 &HTLCUpdateAwaitingACK::AddHTLC{amount_msat, .. } => {
6132                                                         res += amount_msat;
6133                                                 }
6134                                                 _ => {}
6135                                         }
6136                                 }
6137                                 res
6138                         },
6139                         counterparty_max_htlc_value_in_flight_msat: self.context.counterparty_max_htlc_value_in_flight_msat,
6140                         counterparty_dust_limit_msat: self.context.counterparty_dust_limit_satoshis * 1000,
6141                 }
6142         }
6143
6144         /// Returns true if this channel has been marked as awaiting a monitor update to move forward.
6145         /// Allowed in any state (including after shutdown)
6146         pub fn is_awaiting_monitor_update(&self) -> bool {
6147                 self.context.channel_state.is_monitor_update_in_progress()
6148         }
6149
6150         /// Gets the latest [`ChannelMonitorUpdate`] ID which has been released and is in-flight.
6151         pub fn get_latest_unblocked_monitor_update_id(&self) -> u64 {
6152                 if self.context.blocked_monitor_updates.is_empty() { return self.context.get_latest_monitor_update_id(); }
6153                 self.context.blocked_monitor_updates[0].update.update_id - 1
6154         }
6155
6156         /// Returns the next blocked monitor update, if one exists, and a bool which indicates a
6157         /// further blocked monitor update exists after the next.
6158         pub fn unblock_next_blocked_monitor_update(&mut self) -> Option<(ChannelMonitorUpdate, bool)> {
6159                 if self.context.blocked_monitor_updates.is_empty() { return None; }
6160                 Some((self.context.blocked_monitor_updates.remove(0).update,
6161                         !self.context.blocked_monitor_updates.is_empty()))
6162         }
6163
6164         /// Pushes a new monitor update into our monitor update queue, returning it if it should be
6165         /// immediately given to the user for persisting or `None` if it should be held as blocked.
6166         fn push_ret_blockable_mon_update(&mut self, update: ChannelMonitorUpdate)
6167         -> Option<ChannelMonitorUpdate> {
6168                 let release_monitor = self.context.blocked_monitor_updates.is_empty();
6169                 if !release_monitor {
6170                         self.context.blocked_monitor_updates.push(PendingChannelMonitorUpdate {
6171                                 update,
6172                         });
6173                         None
6174                 } else {
6175                         Some(update)
6176                 }
6177         }
6178
6179         pub fn blocked_monitor_updates_pending(&self) -> usize {
6180                 self.context.blocked_monitor_updates.len()
6181         }
6182
6183         /// Returns true if the channel is awaiting the persistence of the initial ChannelMonitor.
6184         /// If the channel is outbound, this implies we have not yet broadcasted the funding
6185         /// transaction. If the channel is inbound, this implies simply that the channel has not
6186         /// advanced state.
6187         pub fn is_awaiting_initial_mon_persist(&self) -> bool {
6188                 if !self.is_awaiting_monitor_update() { return false; }
6189                 if matches!(
6190                         self.context.channel_state, ChannelState::AwaitingChannelReady(flags)
6191                         if flags.clone().clear(AwaitingChannelReadyFlags::THEIR_CHANNEL_READY | FundedStateFlags::PEER_DISCONNECTED | FundedStateFlags::MONITOR_UPDATE_IN_PROGRESS | AwaitingChannelReadyFlags::WAITING_FOR_BATCH).is_empty()
6192                 ) {
6193                         // If we're not a 0conf channel, we'll be waiting on a monitor update with only
6194                         // AwaitingChannelReady set, though our peer could have sent their channel_ready.
6195                         debug_assert!(self.context.minimum_depth.unwrap_or(1) > 0);
6196                         return true;
6197                 }
6198                 if self.context.cur_holder_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 &&
6199                         self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
6200                         // If we're a 0-conf channel, we'll move beyond AwaitingChannelReady immediately even while
6201                         // waiting for the initial monitor persistence. Thus, we check if our commitment
6202                         // transaction numbers have both been iterated only exactly once (for the
6203                         // funding_signed), and we're awaiting monitor update.
6204                         //
6205                         // If we got here, we shouldn't have yet broadcasted the funding transaction (as the
6206                         // only way to get an awaiting-monitor-update state during initial funding is if the
6207                         // initial monitor persistence is still pending).
6208                         //
6209                         // Because deciding we're awaiting initial broadcast spuriously could result in
6210                         // funds-loss (as we don't have a monitor, but have the funding transaction confirmed),
6211                         // we hard-assert here, even in production builds.
6212                         if self.context.is_outbound() { assert!(self.context.funding_transaction.is_some()); }
6213                         assert!(self.context.monitor_pending_channel_ready);
6214                         assert_eq!(self.context.latest_monitor_update_id, 0);
6215                         return true;
6216                 }
6217                 false
6218         }
6219
6220         /// Returns true if our channel_ready has been sent
6221         pub fn is_our_channel_ready(&self) -> bool {
6222                 matches!(self.context.channel_state, ChannelState::AwaitingChannelReady(flags) if flags.is_set(AwaitingChannelReadyFlags::OUR_CHANNEL_READY)) ||
6223                         matches!(self.context.channel_state, ChannelState::ChannelReady(_))
6224         }
6225
6226         /// Returns true if our peer has either initiated or agreed to shut down the channel.
6227         pub fn received_shutdown(&self) -> bool {
6228                 self.context.channel_state.is_remote_shutdown_sent()
6229         }
6230
6231         /// Returns true if we either initiated or agreed to shut down the channel.
6232         pub fn sent_shutdown(&self) -> bool {
6233                 self.context.channel_state.is_local_shutdown_sent()
6234         }
6235
6236         /// Returns true if we initiated to shut down the channel.
6237         pub fn initiated_shutdown(&self) -> bool {
6238                 self.context.local_initiated_shutdown.is_some()
6239         }
6240
6241         /// Returns true if this channel is fully shut down. True here implies that no further actions
6242         /// may/will be taken on this channel, and thus this object should be freed. Any future changes
6243         /// will be handled appropriately by the chain monitor.
6244         pub fn is_shutdown(&self) -> bool {
6245                 matches!(self.context.channel_state, ChannelState::ShutdownComplete)
6246         }
6247
6248         pub fn channel_update_status(&self) -> ChannelUpdateStatus {
6249                 self.context.channel_update_status
6250         }
6251
6252         pub fn set_channel_update_status(&mut self, status: ChannelUpdateStatus) {
6253                 self.context.update_time_counter += 1;
6254                 self.context.channel_update_status = status;
6255         }
6256
6257         fn check_get_channel_ready(&mut self, height: u32) -> Option<msgs::ChannelReady> {
6258                 // Called:
6259                 //  * always when a new block/transactions are confirmed with the new height
6260                 //  * when funding is signed with a height of 0
6261                 if self.context.funding_tx_confirmation_height == 0 && self.context.minimum_depth != Some(0) {
6262                         return None;
6263                 }
6264
6265                 let funding_tx_confirmations = height as i64 - self.context.funding_tx_confirmation_height as i64 + 1;
6266                 if funding_tx_confirmations <= 0 {
6267                         self.context.funding_tx_confirmation_height = 0;
6268                 }
6269
6270                 if funding_tx_confirmations < self.context.minimum_depth.unwrap_or(0) as i64 {
6271                         return None;
6272                 }
6273
6274                 // If we're still pending the signature on a funding transaction, then we're not ready to send a
6275                 // channel_ready yet.
6276                 if self.context.signer_pending_funding {
6277                         return None;
6278                 }
6279
6280                 // Note that we don't include ChannelState::WaitingForBatch as we don't want to send
6281                 // channel_ready until the entire batch is ready.
6282                 let need_commitment_update = if matches!(self.context.channel_state, ChannelState::AwaitingChannelReady(f) if f.clone().clear(FundedStateFlags::ALL.into()).is_empty()) {
6283                         self.context.channel_state.set_our_channel_ready();
6284                         true
6285                 } else if matches!(self.context.channel_state, ChannelState::AwaitingChannelReady(f) if f.clone().clear(FundedStateFlags::ALL.into()) == AwaitingChannelReadyFlags::THEIR_CHANNEL_READY) {
6286                         self.context.channel_state = ChannelState::ChannelReady(self.context.channel_state.with_funded_state_flags_mask().into());
6287                         self.context.update_time_counter += 1;
6288                         true
6289                 } else if matches!(self.context.channel_state, ChannelState::AwaitingChannelReady(f) if f.clone().clear(FundedStateFlags::ALL.into()) == AwaitingChannelReadyFlags::OUR_CHANNEL_READY) {
6290                         // We got a reorg but not enough to trigger a force close, just ignore.
6291                         false
6292                 } else {
6293                         if self.context.funding_tx_confirmation_height != 0 &&
6294                                 self.context.channel_state < ChannelState::ChannelReady(ChannelReadyFlags::new())
6295                         {
6296                                 // We should never see a funding transaction on-chain until we've received
6297                                 // funding_signed (if we're an outbound channel), or seen funding_generated (if we're
6298                                 // an inbound channel - before that we have no known funding TXID). The fuzzer,
6299                                 // however, may do this and we shouldn't treat it as a bug.
6300                                 #[cfg(not(fuzzing))]
6301                                 panic!("Started confirming a channel in a state pre-AwaitingChannelReady: {}.\n\
6302                                         Do NOT broadcast a funding transaction manually - let LDK do it for you!",
6303                                         self.context.channel_state.to_u32());
6304                         }
6305                         // We got a reorg but not enough to trigger a force close, just ignore.
6306                         false
6307                 };
6308
6309                 if need_commitment_update {
6310                         if !self.context.channel_state.is_monitor_update_in_progress() {
6311                                 if !self.context.channel_state.is_peer_disconnected() {
6312                                         let next_per_commitment_point =
6313                                                 self.context.holder_signer.as_ref().get_per_commitment_point(INITIAL_COMMITMENT_NUMBER - 1, &self.context.secp_ctx);
6314                                         return Some(msgs::ChannelReady {
6315                                                 channel_id: self.context.channel_id,
6316                                                 next_per_commitment_point,
6317                                                 short_channel_id_alias: Some(self.context.outbound_scid_alias),
6318                                         });
6319                                 }
6320                         } else {
6321                                 self.context.monitor_pending_channel_ready = true;
6322                         }
6323                 }
6324                 None
6325         }
6326
6327         /// When a transaction is confirmed, we check whether it is or spends the funding transaction
6328         /// In the first case, we store the confirmation height and calculating the short channel id.
6329         /// In the second, we simply return an Err indicating we need to be force-closed now.
6330         pub fn transactions_confirmed<NS: Deref, L: Deref>(
6331                 &mut self, block_hash: &BlockHash, height: u32, txdata: &TransactionData,
6332                 chain_hash: ChainHash, node_signer: &NS, user_config: &UserConfig, logger: &L
6333         ) -> Result<(Option<msgs::ChannelReady>, Option<msgs::AnnouncementSignatures>), ClosureReason>
6334         where
6335                 NS::Target: NodeSigner,
6336                 L::Target: Logger
6337         {
6338                 let mut msgs = (None, None);
6339                 if let Some(funding_txo) = self.context.get_funding_txo() {
6340                         for &(index_in_block, tx) in txdata.iter() {
6341                                 // Check if the transaction is the expected funding transaction, and if it is,
6342                                 // check that it pays the right amount to the right script.
6343                                 if self.context.funding_tx_confirmation_height == 0 {
6344                                         if tx.txid() == funding_txo.txid {
6345                                                 let txo_idx = funding_txo.index as usize;
6346                                                 if txo_idx >= tx.output.len() || tx.output[txo_idx].script_pubkey != self.context.get_funding_redeemscript().to_v0_p2wsh() ||
6347                                                                 tx.output[txo_idx].value != self.context.channel_value_satoshis {
6348                                                         if self.context.is_outbound() {
6349                                                                 // If we generated the funding transaction and it doesn't match what it
6350                                                                 // should, the client is really broken and we should just panic and
6351                                                                 // tell them off. That said, because hash collisions happen with high
6352                                                                 // probability in fuzzing mode, if we're fuzzing we just close the
6353                                                                 // channel and move on.
6354                                                                 #[cfg(not(fuzzing))]
6355                                                                 panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
6356                                                         }
6357                                                         self.context.update_time_counter += 1;
6358                                                         let err_reason = "funding tx had wrong script/value or output index";
6359                                                         return Err(ClosureReason::ProcessingError { err: err_reason.to_owned() });
6360                                                 } else {
6361                                                         if self.context.is_outbound() {
6362                                                                 if !tx.is_coin_base() {
6363                                                                         for input in tx.input.iter() {
6364                                                                                 if input.witness.is_empty() {
6365                                                                                         // We generated a malleable funding transaction, implying we've
6366                                                                                         // just exposed ourselves to funds loss to our counterparty.
6367                                                                                         #[cfg(not(fuzzing))]
6368                                                                                         panic!("Client called ChannelManager::funding_transaction_generated with bogus transaction!");
6369                                                                                 }
6370                                                                         }
6371                                                                 }
6372                                                         }
6373                                                         self.context.funding_tx_confirmation_height = height;
6374                                                         self.context.funding_tx_confirmed_in = Some(*block_hash);
6375                                                         self.context.short_channel_id = match scid_from_parts(height as u64, index_in_block as u64, txo_idx as u64) {
6376                                                                 Ok(scid) => Some(scid),
6377                                                                 Err(_) => panic!("Block was bogus - either height was > 16 million, had > 16 million transactions, or had > 65k outputs"),
6378                                                         }
6379                                                 }
6380                                                 // If this is a coinbase transaction and not a 0-conf channel
6381                                                 // we should update our min_depth to 100 to handle coinbase maturity
6382                                                 if tx.is_coin_base() &&
6383                                                         self.context.minimum_depth.unwrap_or(0) > 0 &&
6384                                                         self.context.minimum_depth.unwrap_or(0) < COINBASE_MATURITY {
6385                                                         self.context.minimum_depth = Some(COINBASE_MATURITY);
6386                                                 }
6387                                         }
6388                                         // If we allow 1-conf funding, we may need to check for channel_ready here and
6389                                         // send it immediately instead of waiting for a best_block_updated call (which
6390                                         // may have already happened for this block).
6391                                         if let Some(channel_ready) = self.check_get_channel_ready(height) {
6392                                                 log_info!(logger, "Sending a channel_ready to our peer for channel {}", &self.context.channel_id);
6393                                                 let announcement_sigs = self.get_announcement_sigs(node_signer, chain_hash, user_config, height, logger);
6394                                                 msgs = (Some(channel_ready), announcement_sigs);
6395                                         }
6396                                 }
6397                                 for inp in tx.input.iter() {
6398                                         if inp.previous_output == funding_txo.into_bitcoin_outpoint() {
6399                                                 log_info!(logger, "Detected channel-closing tx {} spending {}:{}, closing channel {}", tx.txid(), inp.previous_output.txid, inp.previous_output.vout, &self.context.channel_id());
6400                                                 return Err(ClosureReason::CommitmentTxConfirmed);
6401                                         }
6402                                 }
6403                         }
6404                 }
6405                 Ok(msgs)
6406         }
6407
6408         /// When a new block is connected, we check the height of the block against outbound holding
6409         /// cell HTLCs in case we need to give up on them prematurely and time them out. Everything
6410         /// else (e.g. commitment transaction broadcasts, HTLC transaction broadcasting, etc) is
6411         /// handled by the ChannelMonitor.
6412         ///
6413         /// If we return Err, the channel may have been closed, at which point the standard
6414         /// requirements apply - no calls may be made except those explicitly stated to be allowed
6415         /// post-shutdown.
6416         ///
6417         /// May return some HTLCs (and their payment_hash) which have timed out and should be failed
6418         /// back.
6419         pub fn best_block_updated<NS: Deref, L: Deref>(
6420                 &mut self, height: u32, highest_header_time: u32, chain_hash: ChainHash,
6421                 node_signer: &NS, user_config: &UserConfig, logger: &L
6422         ) -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason>
6423         where
6424                 NS::Target: NodeSigner,
6425                 L::Target: Logger
6426         {
6427                 self.do_best_block_updated(height, highest_header_time, Some((chain_hash, node_signer, user_config)), logger)
6428         }
6429
6430         fn do_best_block_updated<NS: Deref, L: Deref>(
6431                 &mut self, height: u32, highest_header_time: u32,
6432                 chain_node_signer: Option<(ChainHash, &NS, &UserConfig)>, logger: &L
6433         ) -> Result<(Option<msgs::ChannelReady>, Vec<(HTLCSource, PaymentHash)>, Option<msgs::AnnouncementSignatures>), ClosureReason>
6434         where
6435                 NS::Target: NodeSigner,
6436                 L::Target: Logger
6437         {
6438                 let mut timed_out_htlcs = Vec::new();
6439                 // This mirrors the check in ChannelManager::decode_update_add_htlc_onion, refusing to
6440                 // forward an HTLC when our counterparty should almost certainly just fail it for expiring
6441                 // ~now.
6442                 let unforwarded_htlc_cltv_limit = height + LATENCY_GRACE_PERIOD_BLOCKS;
6443                 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
6444                         match htlc_update {
6445                                 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, ref cltv_expiry, .. } => {
6446                                         if *cltv_expiry <= unforwarded_htlc_cltv_limit {
6447                                                 timed_out_htlcs.push((source.clone(), payment_hash.clone()));
6448                                                 false
6449                                         } else { true }
6450                                 },
6451                                 _ => true
6452                         }
6453                 });
6454
6455                 self.context.update_time_counter = cmp::max(self.context.update_time_counter, highest_header_time);
6456
6457                 if let Some(channel_ready) = self.check_get_channel_ready(height) {
6458                         let announcement_sigs = if let Some((chain_hash, node_signer, user_config)) = chain_node_signer {
6459                                 self.get_announcement_sigs(node_signer, chain_hash, user_config, height, logger)
6460                         } else { None };
6461                         log_info!(logger, "Sending a channel_ready to our peer for channel {}", &self.context.channel_id);
6462                         return Ok((Some(channel_ready), timed_out_htlcs, announcement_sigs));
6463                 }
6464
6465                 if matches!(self.context.channel_state, ChannelState::ChannelReady(_)) ||
6466                         self.context.channel_state.is_our_channel_ready() {
6467                         let mut funding_tx_confirmations = height as i64 - self.context.funding_tx_confirmation_height as i64 + 1;
6468                         if self.context.funding_tx_confirmation_height == 0 {
6469                                 // Note that check_get_channel_ready may reset funding_tx_confirmation_height to
6470                                 // zero if it has been reorged out, however in either case, our state flags
6471                                 // indicate we've already sent a channel_ready
6472                                 funding_tx_confirmations = 0;
6473                         }
6474
6475                         // If we've sent channel_ready (or have both sent and received channel_ready), and
6476                         // the funding transaction has become unconfirmed,
6477                         // close the channel and hope we can get the latest state on chain (because presumably
6478                         // the funding transaction is at least still in the mempool of most nodes).
6479                         //
6480                         // Note that ideally we wouldn't force-close if we see *any* reorg on a 1-conf or
6481                         // 0-conf channel, but not doing so may lead to the
6482                         // `ChannelManager::short_to_chan_info` map  being inconsistent, so we currently have
6483                         // to.
6484                         if funding_tx_confirmations == 0 && self.context.funding_tx_confirmed_in.is_some() {
6485                                 let err_reason = format!("Funding transaction was un-confirmed. Locked at {} confs, now have {} confs.",
6486                                         self.context.minimum_depth.unwrap(), funding_tx_confirmations);
6487                                 return Err(ClosureReason::ProcessingError { err: err_reason });
6488                         }
6489                 } else if !self.context.is_outbound() && self.context.funding_tx_confirmed_in.is_none() &&
6490                                 height >= self.context.channel_creation_height + FUNDING_CONF_DEADLINE_BLOCKS {
6491                         log_info!(logger, "Closing channel {} due to funding timeout", &self.context.channel_id);
6492                         // If funding_tx_confirmed_in is unset, the channel must not be active
6493                         assert!(self.context.channel_state <= ChannelState::ChannelReady(ChannelReadyFlags::new()));
6494                         assert!(!self.context.channel_state.is_our_channel_ready());
6495                         return Err(ClosureReason::FundingTimedOut);
6496                 }
6497
6498                 let announcement_sigs = if let Some((chain_hash, node_signer, user_config)) = chain_node_signer {
6499                         self.get_announcement_sigs(node_signer, chain_hash, user_config, height, logger)
6500                 } else { None };
6501                 Ok((None, timed_out_htlcs, announcement_sigs))
6502         }
6503
6504         /// Indicates the funding transaction is no longer confirmed in the main chain. This may
6505         /// force-close the channel, but may also indicate a harmless reorganization of a block or two
6506         /// before the channel has reached channel_ready and we can just wait for more blocks.
6507         pub fn funding_transaction_unconfirmed<L: Deref>(&mut self, logger: &L) -> Result<(), ClosureReason> where L::Target: Logger {
6508                 if self.context.funding_tx_confirmation_height != 0 {
6509                         // We handle the funding disconnection by calling best_block_updated with a height one
6510                         // below where our funding was connected, implying a reorg back to conf_height - 1.
6511                         let reorg_height = self.context.funding_tx_confirmation_height - 1;
6512                         // We use the time field to bump the current time we set on channel updates if its
6513                         // larger. If we don't know that time has moved forward, we can just set it to the last
6514                         // time we saw and it will be ignored.
6515                         let best_time = self.context.update_time_counter;
6516                         match self.do_best_block_updated(reorg_height, best_time, None::<(ChainHash, &&dyn NodeSigner, &UserConfig)>, logger) {
6517                                 Ok((channel_ready, timed_out_htlcs, announcement_sigs)) => {
6518                                         assert!(channel_ready.is_none(), "We can't generate a funding with 0 confirmations?");
6519                                         assert!(timed_out_htlcs.is_empty(), "We can't have accepted HTLCs with a timeout before our funding confirmation?");
6520                                         assert!(announcement_sigs.is_none(), "We can't generate an announcement_sigs with 0 confirmations?");
6521                                         Ok(())
6522                                 },
6523                                 Err(e) => Err(e)
6524                         }
6525                 } else {
6526                         // We never learned about the funding confirmation anyway, just ignore
6527                         Ok(())
6528                 }
6529         }
6530
6531         // Methods to get unprompted messages to send to the remote end (or where we already returned
6532         // something in the handler for the message that prompted this message):
6533
6534         /// Gets an UnsignedChannelAnnouncement for this channel. The channel must be publicly
6535         /// announceable and available for use (have exchanged [`ChannelReady`] messages in both
6536         /// directions). Should be used for both broadcasted announcements and in response to an
6537         /// AnnouncementSignatures message from the remote peer.
6538         ///
6539         /// Will only fail if we're not in a state where channel_announcement may be sent (including
6540         /// closing).
6541         ///
6542         /// This will only return ChannelError::Ignore upon failure.
6543         ///
6544         /// [`ChannelReady`]: crate::ln::msgs::ChannelReady
6545         fn get_channel_announcement<NS: Deref>(
6546                 &self, node_signer: &NS, chain_hash: ChainHash, user_config: &UserConfig,
6547         ) -> Result<msgs::UnsignedChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
6548                 if !self.context.config.announced_channel {
6549                         return Err(ChannelError::Ignore("Channel is not available for public announcements".to_owned()));
6550                 }
6551                 if !self.context.is_usable() {
6552                         return Err(ChannelError::Ignore("Cannot get a ChannelAnnouncement if the channel is not currently usable".to_owned()));
6553                 }
6554
6555                 let short_channel_id = self.context.get_short_channel_id()
6556                         .ok_or(ChannelError::Ignore("Cannot get a ChannelAnnouncement if the channel has not been confirmed yet".to_owned()))?;
6557                 let node_id = NodeId::from_pubkey(&node_signer.get_node_id(Recipient::Node)
6558                         .map_err(|_| ChannelError::Ignore("Failed to retrieve own public key".to_owned()))?);
6559                 let counterparty_node_id = NodeId::from_pubkey(&self.context.get_counterparty_node_id());
6560                 let were_node_one = node_id.as_slice() < counterparty_node_id.as_slice();
6561
6562                 let msg = msgs::UnsignedChannelAnnouncement {
6563                         features: channelmanager::provided_channel_features(&user_config),
6564                         chain_hash,
6565                         short_channel_id,
6566                         node_id_1: if were_node_one { node_id } else { counterparty_node_id },
6567                         node_id_2: if were_node_one { counterparty_node_id } else { node_id },
6568                         bitcoin_key_1: NodeId::from_pubkey(if were_node_one { &self.context.get_holder_pubkeys().funding_pubkey } else { self.context.counterparty_funding_pubkey() }),
6569                         bitcoin_key_2: NodeId::from_pubkey(if were_node_one { self.context.counterparty_funding_pubkey() } else { &self.context.get_holder_pubkeys().funding_pubkey }),
6570                         excess_data: Vec::new(),
6571                 };
6572
6573                 Ok(msg)
6574         }
6575
6576         fn get_announcement_sigs<NS: Deref, L: Deref>(
6577                 &mut self, node_signer: &NS, chain_hash: ChainHash, user_config: &UserConfig,
6578                 best_block_height: u32, logger: &L
6579         ) -> Option<msgs::AnnouncementSignatures>
6580         where
6581                 NS::Target: NodeSigner,
6582                 L::Target: Logger
6583         {
6584                 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
6585                         return None;
6586                 }
6587
6588                 if !self.context.is_usable() {
6589                         return None;
6590                 }
6591
6592                 if self.context.channel_state.is_peer_disconnected() {
6593                         log_trace!(logger, "Cannot create an announcement_signatures as our peer is disconnected");
6594                         return None;
6595                 }
6596
6597                 if self.context.announcement_sigs_state != AnnouncementSigsState::NotSent {
6598                         return None;
6599                 }
6600
6601                 log_trace!(logger, "Creating an announcement_signatures message for channel {}", &self.context.channel_id());
6602                 let announcement = match self.get_channel_announcement(node_signer, chain_hash, user_config) {
6603                         Ok(a) => a,
6604                         Err(e) => {
6605                                 log_trace!(logger, "{:?}", e);
6606                                 return None;
6607                         }
6608                 };
6609                 let our_node_sig = match node_signer.sign_gossip_message(msgs::UnsignedGossipMessage::ChannelAnnouncement(&announcement)) {
6610                         Err(_) => {
6611                                 log_error!(logger, "Failed to generate node signature for channel_announcement. Channel will not be announced!");
6612                                 return None;
6613                         },
6614                         Ok(v) => v
6615                 };
6616                 match &self.context.holder_signer {
6617                         ChannelSignerType::Ecdsa(ecdsa) => {
6618                                 let our_bitcoin_sig = match ecdsa.sign_channel_announcement_with_funding_key(&announcement, &self.context.secp_ctx) {
6619                                         Err(_) => {
6620                                                 log_error!(logger, "Signer rejected channel_announcement signing. Channel will not be announced!");
6621                                                 return None;
6622                                         },
6623                                         Ok(v) => v
6624                                 };
6625                                 let short_channel_id = match self.context.get_short_channel_id() {
6626                                         Some(scid) => scid,
6627                                         None => return None,
6628                                 };
6629
6630                                 self.context.announcement_sigs_state = AnnouncementSigsState::MessageSent;
6631
6632                                 Some(msgs::AnnouncementSignatures {
6633                                         channel_id: self.context.channel_id(),
6634                                         short_channel_id,
6635                                         node_signature: our_node_sig,
6636                                         bitcoin_signature: our_bitcoin_sig,
6637                                 })
6638                         },
6639                         // TODO (taproot|arik)
6640                         #[cfg(taproot)]
6641                         _ => todo!()
6642                 }
6643         }
6644
6645         /// Signs the given channel announcement, returning a ChannelError::Ignore if no keys are
6646         /// available.
6647         fn sign_channel_announcement<NS: Deref>(
6648                 &self, node_signer: &NS, announcement: msgs::UnsignedChannelAnnouncement
6649         ) -> Result<msgs::ChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
6650                 if let Some((their_node_sig, their_bitcoin_sig)) = self.context.announcement_sigs {
6651                         let our_node_key = NodeId::from_pubkey(&node_signer.get_node_id(Recipient::Node)
6652                                 .map_err(|_| ChannelError::Ignore("Signer failed to retrieve own public key".to_owned()))?);
6653                         let were_node_one = announcement.node_id_1 == our_node_key;
6654
6655                         let our_node_sig = node_signer.sign_gossip_message(msgs::UnsignedGossipMessage::ChannelAnnouncement(&announcement))
6656                                 .map_err(|_| ChannelError::Ignore("Failed to generate node signature for channel_announcement".to_owned()))?;
6657                         match &self.context.holder_signer {
6658                                 ChannelSignerType::Ecdsa(ecdsa) => {
6659                                         let our_bitcoin_sig = ecdsa.sign_channel_announcement_with_funding_key(&announcement, &self.context.secp_ctx)
6660                                                 .map_err(|_| ChannelError::Ignore("Signer rejected channel_announcement".to_owned()))?;
6661                                         Ok(msgs::ChannelAnnouncement {
6662                                                 node_signature_1: if were_node_one { our_node_sig } else { their_node_sig },
6663                                                 node_signature_2: if were_node_one { their_node_sig } else { our_node_sig },
6664                                                 bitcoin_signature_1: if were_node_one { our_bitcoin_sig } else { their_bitcoin_sig },
6665                                                 bitcoin_signature_2: if were_node_one { their_bitcoin_sig } else { our_bitcoin_sig },
6666                                                 contents: announcement,
6667                                         })
6668                                 },
6669                                 // TODO (taproot|arik)
6670                                 #[cfg(taproot)]
6671                                 _ => todo!()
6672                         }
6673                 } else {
6674                         Err(ChannelError::Ignore("Attempted to sign channel announcement before we'd received announcement_signatures".to_string()))
6675                 }
6676         }
6677
6678         /// Processes an incoming announcement_signatures message, providing a fully-signed
6679         /// channel_announcement message which we can broadcast and storing our counterparty's
6680         /// signatures for later reconstruction/rebroadcast of the channel_announcement.
6681         pub fn announcement_signatures<NS: Deref>(
6682                 &mut self, node_signer: &NS, chain_hash: ChainHash, best_block_height: u32,
6683                 msg: &msgs::AnnouncementSignatures, user_config: &UserConfig
6684         ) -> Result<msgs::ChannelAnnouncement, ChannelError> where NS::Target: NodeSigner {
6685                 let announcement = self.get_channel_announcement(node_signer, chain_hash, user_config)?;
6686
6687                 let msghash = hash_to_message!(&Sha256d::hash(&announcement.encode()[..])[..]);
6688
6689                 if self.context.secp_ctx.verify_ecdsa(&msghash, &msg.node_signature, &self.context.get_counterparty_node_id()).is_err() {
6690                         return Err(ChannelError::Close(format!(
6691                                 "Bad announcement_signatures. Failed to verify node_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_node_key is {:?}",
6692                                  &announcement, self.context.get_counterparty_node_id())));
6693                 }
6694                 if self.context.secp_ctx.verify_ecdsa(&msghash, &msg.bitcoin_signature, self.context.counterparty_funding_pubkey()).is_err() {
6695                         return Err(ChannelError::Close(format!(
6696                                 "Bad announcement_signatures. Failed to verify bitcoin_signature. UnsignedChannelAnnouncement used for verification is {:?}. their_bitcoin_key is ({:?})",
6697                                 &announcement, self.context.counterparty_funding_pubkey())));
6698                 }
6699
6700                 self.context.announcement_sigs = Some((msg.node_signature, msg.bitcoin_signature));
6701                 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
6702                         return Err(ChannelError::Ignore(
6703                                 "Got announcement_signatures prior to the required six confirmations - we may not have received a block yet that our peer has".to_owned()));
6704                 }
6705
6706                 self.sign_channel_announcement(node_signer, announcement)
6707         }
6708
6709         /// Gets a signed channel_announcement for this channel, if we previously received an
6710         /// announcement_signatures from our counterparty.
6711         pub fn get_signed_channel_announcement<NS: Deref>(
6712                 &self, node_signer: &NS, chain_hash: ChainHash, best_block_height: u32, user_config: &UserConfig
6713         ) -> Option<msgs::ChannelAnnouncement> where NS::Target: NodeSigner {
6714                 if self.context.funding_tx_confirmation_height == 0 || self.context.funding_tx_confirmation_height + 5 > best_block_height {
6715                         return None;
6716                 }
6717                 let announcement = match self.get_channel_announcement(node_signer, chain_hash, user_config) {
6718                         Ok(res) => res,
6719                         Err(_) => return None,
6720                 };
6721                 match self.sign_channel_announcement(node_signer, announcement) {
6722                         Ok(res) => Some(res),
6723                         Err(_) => None,
6724                 }
6725         }
6726
6727         /// May panic if called on a channel that wasn't immediately-previously
6728         /// self.remove_uncommitted_htlcs_and_mark_paused()'d
6729         pub fn get_channel_reestablish<L: Deref>(&mut self, logger: &L) -> msgs::ChannelReestablish where L::Target: Logger {
6730                 assert!(self.context.channel_state.is_peer_disconnected());
6731                 assert_ne!(self.context.cur_counterparty_commitment_transaction_number, INITIAL_COMMITMENT_NUMBER);
6732                 // Prior to static_remotekey, my_current_per_commitment_point was critical to claiming
6733                 // current to_remote balances. However, it no longer has any use, and thus is now simply
6734                 // set to a dummy (but valid, as required by the spec) public key.
6735                 // fuzzing mode marks a subset of pubkeys as invalid so that we can hit "invalid pubkey"
6736                 // branches, but we unwrap it below, so we arbitrarily select a dummy pubkey which is both
6737                 // valid, and valid in fuzzing mode's arbitrary validity criteria:
6738                 let mut pk = [2; 33]; pk[1] = 0xff;
6739                 let dummy_pubkey = PublicKey::from_slice(&pk).unwrap();
6740                 let remote_last_secret = if self.context.cur_counterparty_commitment_transaction_number + 1 < INITIAL_COMMITMENT_NUMBER {
6741                         let remote_last_secret = self.context.commitment_secrets.get_secret(self.context.cur_counterparty_commitment_transaction_number + 2).unwrap();
6742                         log_trace!(logger, "Enough info to generate a Data Loss Protect with per_commitment_secret {} for channel {}", log_bytes!(remote_last_secret), &self.context.channel_id());
6743                         remote_last_secret
6744                 } else {
6745                         log_info!(logger, "Sending a data_loss_protect with no previous remote per_commitment_secret for channel {}", &self.context.channel_id());
6746                         [0;32]
6747                 };
6748                 self.mark_awaiting_response();
6749                 msgs::ChannelReestablish {
6750                         channel_id: self.context.channel_id(),
6751                         // The protocol has two different commitment number concepts - the "commitment
6752                         // transaction number", which starts from 0 and counts up, and the "revocation key
6753                         // index" which starts at INITIAL_COMMITMENT_NUMBER and counts down. We track
6754                         // commitment transaction numbers by the index which will be used to reveal the
6755                         // revocation key for that commitment transaction, which means we have to convert them
6756                         // to protocol-level commitment numbers here...
6757
6758                         // next_local_commitment_number is the next commitment_signed number we expect to
6759                         // receive (indicating if they need to resend one that we missed).
6760                         next_local_commitment_number: INITIAL_COMMITMENT_NUMBER - self.context.cur_holder_commitment_transaction_number,
6761                         // We have to set next_remote_commitment_number to the next revoke_and_ack we expect to
6762                         // receive, however we track it by the next commitment number for a remote transaction
6763                         // (which is one further, as they always revoke previous commitment transaction, not
6764                         // the one we send) so we have to decrement by 1. Note that if
6765                         // cur_counterparty_commitment_transaction_number is INITIAL_COMMITMENT_NUMBER we will have
6766                         // dropped this channel on disconnect as it hasn't yet reached AwaitingChannelReady so we can't
6767                         // overflow here.
6768                         next_remote_commitment_number: INITIAL_COMMITMENT_NUMBER - self.context.cur_counterparty_commitment_transaction_number - 1,
6769                         your_last_per_commitment_secret: remote_last_secret,
6770                         my_current_per_commitment_point: dummy_pubkey,
6771                         // TODO(dual_funding): If we've sent `commtiment_signed` for an interactive transaction
6772                         // construction but have not received `tx_signatures` we MUST set `next_funding_txid` to the
6773                         // txid of that interactive transaction, else we MUST NOT set it.
6774                         next_funding_txid: None,
6775                 }
6776         }
6777
6778
6779         // Send stuff to our remote peers:
6780
6781         /// Queues up an outbound HTLC to send by placing it in the holding cell. You should call
6782         /// [`Self::maybe_free_holding_cell_htlcs`] in order to actually generate and send the
6783         /// commitment update.
6784         ///
6785         /// `Err`s will only be [`ChannelError::Ignore`].
6786         pub fn queue_add_htlc<F: Deref, L: Deref>(
6787                 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource,
6788                 onion_routing_packet: msgs::OnionPacket, skimmed_fee_msat: Option<u64>,
6789                 blinding_point: Option<PublicKey>, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
6790         ) -> Result<(), ChannelError>
6791         where F::Target: FeeEstimator, L::Target: Logger
6792         {
6793                 self
6794                         .send_htlc(amount_msat, payment_hash, cltv_expiry, source, onion_routing_packet, true,
6795                                 skimmed_fee_msat, blinding_point, fee_estimator, logger)
6796                         .map(|msg_opt| assert!(msg_opt.is_none(), "We forced holding cell?"))
6797                         .map_err(|err| {
6798                                 if let ChannelError::Ignore(_) = err { /* fine */ }
6799                                 else { debug_assert!(false, "Queueing cannot trigger channel failure"); }
6800                                 err
6801                         })
6802         }
6803
6804         /// Adds a pending outbound HTLC to this channel, note that you probably want
6805         /// [`Self::send_htlc_and_commit`] instead cause you'll want both messages at once.
6806         ///
6807         /// This returns an optional UpdateAddHTLC as we may be in a state where we cannot add HTLCs on
6808         /// the wire:
6809         /// * In cases where we're waiting on the remote peer to send us a revoke_and_ack, we
6810         ///   wouldn't be able to determine what they actually ACK'ed if we have two sets of updates
6811         ///   awaiting ACK.
6812         /// * In cases where we're marked MonitorUpdateInProgress, we cannot commit to a new state as
6813         ///   we may not yet have sent the previous commitment update messages and will need to
6814         ///   regenerate them.
6815         ///
6816         /// You MUST call [`Self::send_commitment_no_state_update`] prior to calling any other methods
6817         /// on this [`Channel`] if `force_holding_cell` is false.
6818         ///
6819         /// `Err`s will only be [`ChannelError::Ignore`].
6820         fn send_htlc<F: Deref, L: Deref>(
6821                 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource,
6822                 onion_routing_packet: msgs::OnionPacket, mut force_holding_cell: bool,
6823                 skimmed_fee_msat: Option<u64>, blinding_point: Option<PublicKey>,
6824                 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
6825         ) -> Result<Option<msgs::UpdateAddHTLC>, ChannelError>
6826         where F::Target: FeeEstimator, L::Target: Logger
6827         {
6828                 if !matches!(self.context.channel_state, ChannelState::ChannelReady(_)) ||
6829                         self.context.channel_state.is_local_shutdown_sent() ||
6830                         self.context.channel_state.is_remote_shutdown_sent()
6831                 {
6832                         return Err(ChannelError::Ignore("Cannot send HTLC until channel is fully established and we haven't started shutting down".to_owned()));
6833                 }
6834                 let channel_total_msat = self.context.channel_value_satoshis * 1000;
6835                 if amount_msat > channel_total_msat {
6836                         return Err(ChannelError::Ignore(format!("Cannot send amount {}, because it is more than the total value of the channel {}", amount_msat, channel_total_msat)));
6837                 }
6838
6839                 if amount_msat == 0 {
6840                         return Err(ChannelError::Ignore("Cannot send 0-msat HTLC".to_owned()));
6841                 }
6842
6843                 let available_balances = self.context.get_available_balances(fee_estimator);
6844                 if amount_msat < available_balances.next_outbound_htlc_minimum_msat {
6845                         return Err(ChannelError::Ignore(format!("Cannot send less than our next-HTLC minimum - {} msat",
6846                                 available_balances.next_outbound_htlc_minimum_msat)));
6847                 }
6848
6849                 if amount_msat > available_balances.next_outbound_htlc_limit_msat {
6850                         return Err(ChannelError::Ignore(format!("Cannot send more than our next-HTLC maximum - {} msat",
6851                                 available_balances.next_outbound_htlc_limit_msat)));
6852                 }
6853
6854                 if self.context.channel_state.is_peer_disconnected() {
6855                         // Note that this should never really happen, if we're !is_live() on receipt of an
6856                         // incoming HTLC for relay will result in us rejecting the HTLC and we won't allow
6857                         // the user to send directly into a !is_live() channel. However, if we
6858                         // disconnected during the time the previous hop was doing the commitment dance we may
6859                         // end up getting here after the forwarding delay. In any case, returning an
6860                         // IgnoreError will get ChannelManager to do the right thing and fail backwards now.
6861                         return Err(ChannelError::Ignore("Cannot send an HTLC while disconnected from channel counterparty".to_owned()));
6862                 }
6863
6864                 let need_holding_cell = !self.context.channel_state.can_generate_new_commitment();
6865                 log_debug!(logger, "Pushing new outbound HTLC with hash {} for {} msat {}",
6866                         payment_hash, amount_msat,
6867                         if force_holding_cell { "into holding cell" }
6868                         else if need_holding_cell { "into holding cell as we're awaiting an RAA or monitor" }
6869                         else { "to peer" });
6870
6871                 if need_holding_cell {
6872                         force_holding_cell = true;
6873                 }
6874
6875                 // Now update local state:
6876                 if force_holding_cell {
6877                         self.context.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::AddHTLC {
6878                                 amount_msat,
6879                                 payment_hash,
6880                                 cltv_expiry,
6881                                 source,
6882                                 onion_routing_packet,
6883                                 skimmed_fee_msat,
6884                                 blinding_point,
6885                         });
6886                         return Ok(None);
6887                 }
6888
6889                 self.context.pending_outbound_htlcs.push(OutboundHTLCOutput {
6890                         htlc_id: self.context.next_holder_htlc_id,
6891                         amount_msat,
6892                         payment_hash: payment_hash.clone(),
6893                         cltv_expiry,
6894                         state: OutboundHTLCState::LocalAnnounced(Box::new(onion_routing_packet.clone())),
6895                         source,
6896                         blinding_point,
6897                         skimmed_fee_msat,
6898                 });
6899
6900                 let res = msgs::UpdateAddHTLC {
6901                         channel_id: self.context.channel_id,
6902                         htlc_id: self.context.next_holder_htlc_id,
6903                         amount_msat,
6904                         payment_hash,
6905                         cltv_expiry,
6906                         onion_routing_packet,
6907                         skimmed_fee_msat,
6908                         blinding_point,
6909                 };
6910                 self.context.next_holder_htlc_id += 1;
6911
6912                 Ok(Some(res))
6913         }
6914
6915         fn build_commitment_no_status_check<L: Deref>(&mut self, logger: &L) -> ChannelMonitorUpdate where L::Target: Logger {
6916                 log_trace!(logger, "Updating HTLC state for a newly-sent commitment_signed...");
6917                 // We can upgrade the status of some HTLCs that are waiting on a commitment, even if we
6918                 // fail to generate this, we still are at least at a position where upgrading their status
6919                 // is acceptable.
6920                 for htlc in self.context.pending_inbound_htlcs.iter_mut() {
6921                         let new_state = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref forward_info) = &htlc.state {
6922                                 Some(InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info.clone()))
6923                         } else { None };
6924                         if let Some(state) = new_state {
6925                                 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to AwaitingAnnouncedRemoteRevoke", &htlc.payment_hash);
6926                                 htlc.state = state;
6927                         }
6928                 }
6929                 for htlc in self.context.pending_outbound_htlcs.iter_mut() {
6930                         if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut outcome) = &mut htlc.state {
6931                                 log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", &htlc.payment_hash);
6932                                 // Grab the preimage, if it exists, instead of cloning
6933                                 let mut reason = OutboundHTLCOutcome::Success(None);
6934                                 mem::swap(outcome, &mut reason);
6935                                 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(reason);
6936                         }
6937                 }
6938                 if let Some((feerate, update_state)) = self.context.pending_update_fee {
6939                         if update_state == FeeUpdateState::AwaitingRemoteRevokeToAnnounce {
6940                                 debug_assert!(!self.context.is_outbound());
6941                                 log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce fee update {} to Committed", feerate);
6942                                 self.context.feerate_per_kw = feerate;
6943                                 self.context.pending_update_fee = None;
6944                         }
6945                 }
6946                 self.context.resend_order = RAACommitmentOrder::RevokeAndACKFirst;
6947
6948                 let (mut htlcs_ref, counterparty_commitment_tx) =
6949                         self.build_commitment_no_state_update(logger);
6950                 let counterparty_commitment_txid = counterparty_commitment_tx.trust().txid();
6951                 let htlcs: Vec<(HTLCOutputInCommitment, Option<Box<HTLCSource>>)> =
6952                         htlcs_ref.drain(..).map(|(htlc, htlc_source)| (htlc, htlc_source.map(|source_ref| Box::new(source_ref.clone())))).collect();
6953
6954                 if self.context.announcement_sigs_state == AnnouncementSigsState::MessageSent {
6955                         self.context.announcement_sigs_state = AnnouncementSigsState::Committed;
6956                 }
6957
6958                 self.context.latest_monitor_update_id += 1;
6959                 let monitor_update = ChannelMonitorUpdate {
6960                         update_id: self.context.latest_monitor_update_id,
6961                         counterparty_node_id: Some(self.context.counterparty_node_id),
6962                         updates: vec![ChannelMonitorUpdateStep::LatestCounterpartyCommitmentTXInfo {
6963                                 commitment_txid: counterparty_commitment_txid,
6964                                 htlc_outputs: htlcs.clone(),
6965                                 commitment_number: self.context.cur_counterparty_commitment_transaction_number,
6966                                 their_per_commitment_point: self.context.counterparty_cur_commitment_point.unwrap(),
6967                                 feerate_per_kw: Some(counterparty_commitment_tx.feerate_per_kw()),
6968                                 to_broadcaster_value_sat: Some(counterparty_commitment_tx.to_broadcaster_value_sat()),
6969                                 to_countersignatory_value_sat: Some(counterparty_commitment_tx.to_countersignatory_value_sat()),
6970                         }],
6971                         channel_id: Some(self.context.channel_id()),
6972                 };
6973                 self.context.channel_state.set_awaiting_remote_revoke();
6974                 monitor_update
6975         }
6976
6977         fn build_commitment_no_state_update<L: Deref>(&self, logger: &L)
6978         -> (Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>, CommitmentTransaction)
6979         where L::Target: Logger
6980         {
6981                 let counterparty_keys = self.context.build_remote_transaction_keys();
6982                 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, true, logger);
6983                 let counterparty_commitment_tx = commitment_stats.tx;
6984
6985                 #[cfg(any(test, fuzzing))]
6986                 {
6987                         if !self.context.is_outbound() {
6988                                 let projected_commit_tx_info = self.context.next_remote_commitment_tx_fee_info_cached.lock().unwrap().take();
6989                                 *self.context.next_local_commitment_tx_fee_info_cached.lock().unwrap() = None;
6990                                 if let Some(info) = projected_commit_tx_info {
6991                                         let total_pending_htlcs = self.context.pending_inbound_htlcs.len() + self.context.pending_outbound_htlcs.len();
6992                                         if info.total_pending_htlcs == total_pending_htlcs
6993                                                 && info.next_holder_htlc_id == self.context.next_holder_htlc_id
6994                                                 && info.next_counterparty_htlc_id == self.context.next_counterparty_htlc_id
6995                                                 && info.feerate == self.context.feerate_per_kw {
6996                                                         let actual_fee = commit_tx_fee_msat(self.context.feerate_per_kw, commitment_stats.num_nondust_htlcs, self.context.get_channel_type());
6997                                                         assert_eq!(actual_fee, info.fee);
6998                                                 }
6999                                 }
7000                         }
7001                 }
7002
7003                 (commitment_stats.htlcs_included, counterparty_commitment_tx)
7004         }
7005
7006         /// Only fails in case of signer rejection. Used for channel_reestablish commitment_signed
7007         /// generation when we shouldn't change HTLC/channel state.
7008         fn send_commitment_no_state_update<L: Deref>(&self, logger: &L) -> Result<(msgs::CommitmentSigned, (Txid, Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)>)), ChannelError> where L::Target: Logger {
7009                 // Get the fee tests from `build_commitment_no_state_update`
7010                 #[cfg(any(test, fuzzing))]
7011                 self.build_commitment_no_state_update(logger);
7012
7013                 let counterparty_keys = self.context.build_remote_transaction_keys();
7014                 let commitment_stats = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, true, logger);
7015                 let counterparty_commitment_txid = commitment_stats.tx.trust().txid();
7016
7017                 match &self.context.holder_signer {
7018                         ChannelSignerType::Ecdsa(ecdsa) => {
7019                                 let (signature, htlc_signatures);
7020
7021                                 {
7022                                         let mut htlcs = Vec::with_capacity(commitment_stats.htlcs_included.len());
7023                                         for &(ref htlc, _) in commitment_stats.htlcs_included.iter() {
7024                                                 htlcs.push(htlc);
7025                                         }
7026
7027                                         let res = ecdsa.sign_counterparty_commitment(
7028                                                         &commitment_stats.tx,
7029                                                         commitment_stats.inbound_htlc_preimages,
7030                                                         commitment_stats.outbound_htlc_preimages,
7031                                                         &self.context.secp_ctx,
7032                                                 ).map_err(|_| ChannelError::Ignore("Failed to get signatures for new commitment_signed".to_owned()))?;
7033                                         signature = res.0;
7034                                         htlc_signatures = res.1;
7035
7036                                         log_trace!(logger, "Signed remote commitment tx {} (txid {}) with redeemscript {} -> {} in channel {}",
7037                                                 encode::serialize_hex(&commitment_stats.tx.trust().built_transaction().transaction),
7038                                                 &counterparty_commitment_txid, encode::serialize_hex(&self.context.get_funding_redeemscript()),
7039                                                 log_bytes!(signature.serialize_compact()[..]), &self.context.channel_id());
7040
7041                                         for (ref htlc_sig, ref htlc) in htlc_signatures.iter().zip(htlcs) {
7042                                                 log_trace!(logger, "Signed remote HTLC tx {} with redeemscript {} with pubkey {} -> {} in channel {}",
7043                                                         encode::serialize_hex(&chan_utils::build_htlc_transaction(&counterparty_commitment_txid, commitment_stats.feerate_per_kw, self.context.get_holder_selected_contest_delay(), htlc, &self.context.channel_type, &counterparty_keys.broadcaster_delayed_payment_key, &counterparty_keys.revocation_key)),
7044                                                         encode::serialize_hex(&chan_utils::get_htlc_redeemscript(&htlc, &self.context.channel_type, &counterparty_keys)),
7045                                                         log_bytes!(counterparty_keys.broadcaster_htlc_key.to_public_key().serialize()),
7046                                                         log_bytes!(htlc_sig.serialize_compact()[..]), &self.context.channel_id());
7047                                         }
7048                                 }
7049
7050                                 Ok((msgs::CommitmentSigned {
7051                                         channel_id: self.context.channel_id,
7052                                         signature,
7053                                         htlc_signatures,
7054                                         #[cfg(taproot)]
7055                                         partial_signature_with_nonce: None,
7056                                 }, (counterparty_commitment_txid, commitment_stats.htlcs_included)))
7057                         },
7058                         // TODO (taproot|arik)
7059                         #[cfg(taproot)]
7060                         _ => todo!()
7061                 }
7062         }
7063
7064         /// Adds a pending outbound HTLC to this channel, and builds a new remote commitment
7065         /// transaction and generates the corresponding [`ChannelMonitorUpdate`] in one go.
7066         ///
7067         /// Shorthand for calling [`Self::send_htlc`] followed by a commitment update, see docs on
7068         /// [`Self::send_htlc`] and [`Self::build_commitment_no_state_update`] for more info.
7069         pub fn send_htlc_and_commit<F: Deref, L: Deref>(
7070                 &mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32,
7071                 source: HTLCSource, onion_routing_packet: msgs::OnionPacket, skimmed_fee_msat: Option<u64>,
7072                 fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L
7073         ) -> Result<Option<ChannelMonitorUpdate>, ChannelError>
7074         where F::Target: FeeEstimator, L::Target: Logger
7075         {
7076                 let send_res = self.send_htlc(amount_msat, payment_hash, cltv_expiry, source,
7077                         onion_routing_packet, false, skimmed_fee_msat, None, fee_estimator, logger);
7078                 if let Err(e) = &send_res { if let ChannelError::Ignore(_) = e {} else { debug_assert!(false, "Sending cannot trigger channel failure"); } }
7079                 match send_res? {
7080                         Some(_) => {
7081                                 let monitor_update = self.build_commitment_no_status_check(logger);
7082                                 self.monitor_updating_paused(false, true, false, Vec::new(), Vec::new(), Vec::new());
7083                                 Ok(self.push_ret_blockable_mon_update(monitor_update))
7084                         },
7085                         None => Ok(None)
7086                 }
7087         }
7088
7089         /// Applies the `ChannelUpdate` and returns a boolean indicating whether a change actually
7090         /// happened.
7091         pub fn channel_update(&mut self, msg: &msgs::ChannelUpdate) -> Result<bool, ChannelError> {
7092                 let new_forwarding_info = Some(CounterpartyForwardingInfo {
7093                         fee_base_msat: msg.contents.fee_base_msat,
7094                         fee_proportional_millionths: msg.contents.fee_proportional_millionths,
7095                         cltv_expiry_delta: msg.contents.cltv_expiry_delta
7096                 });
7097                 let did_change = self.context.counterparty_forwarding_info != new_forwarding_info;
7098                 if did_change {
7099                         self.context.counterparty_forwarding_info = new_forwarding_info;
7100                 }
7101
7102                 Ok(did_change)
7103         }
7104
7105         /// Begins the shutdown process, getting a message for the remote peer and returning all
7106         /// holding cell HTLCs for payment failure.
7107         pub fn get_shutdown(&mut self, signer_provider: &SP, their_features: &InitFeatures,
7108                 target_feerate_sats_per_kw: Option<u32>, override_shutdown_script: Option<ShutdownScript>)
7109         -> Result<(msgs::Shutdown, Option<ChannelMonitorUpdate>, Vec<(HTLCSource, PaymentHash)>), APIError>
7110         {
7111                 for htlc in self.context.pending_outbound_htlcs.iter() {
7112                         if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
7113                                 return Err(APIError::APIMisuseError{err: "Cannot begin shutdown with pending HTLCs. Process pending events first".to_owned()});
7114                         }
7115                 }
7116                 if self.context.channel_state.is_local_shutdown_sent() {
7117                         return Err(APIError::APIMisuseError{err: "Shutdown already in progress".to_owned()});
7118                 }
7119                 else if self.context.channel_state.is_remote_shutdown_sent() {
7120                         return Err(APIError::ChannelUnavailable{err: "Shutdown already in progress by remote".to_owned()});
7121                 }
7122                 if self.context.shutdown_scriptpubkey.is_some() && override_shutdown_script.is_some() {
7123                         return Err(APIError::APIMisuseError{err: "Cannot override shutdown script for a channel with one already set".to_owned()});
7124                 }
7125                 assert!(!matches!(self.context.channel_state, ChannelState::ShutdownComplete));
7126                 if self.context.channel_state.is_peer_disconnected() || self.context.channel_state.is_monitor_update_in_progress() {
7127                         return Err(APIError::ChannelUnavailable{err: "Cannot begin shutdown while peer is disconnected or we're waiting on a monitor update, maybe force-close instead?".to_owned()});
7128                 }
7129
7130                 let update_shutdown_script = match self.context.shutdown_scriptpubkey {
7131                         Some(_) => false,
7132                         None => {
7133                                 // use override shutdown script if provided
7134                                 let shutdown_scriptpubkey = match override_shutdown_script {
7135                                         Some(script) => script,
7136                                         None => {
7137                                                 // otherwise, use the shutdown scriptpubkey provided by the signer
7138                                                 match signer_provider.get_shutdown_scriptpubkey() {
7139                                                         Ok(scriptpubkey) => scriptpubkey,
7140                                                         Err(_) => return Err(APIError::ChannelUnavailable{err: "Failed to get shutdown scriptpubkey".to_owned()}),
7141                                                 }
7142                                         },
7143                                 };
7144                                 if !shutdown_scriptpubkey.is_compatible(their_features) {
7145                                         return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
7146                                 }
7147                                 self.context.shutdown_scriptpubkey = Some(shutdown_scriptpubkey);
7148                                 true
7149                         },
7150                 };
7151
7152                 // From here on out, we may not fail!
7153                 self.context.target_closing_feerate_sats_per_kw = target_feerate_sats_per_kw;
7154                 self.context.channel_state.set_local_shutdown_sent();
7155                 self.context.local_initiated_shutdown = Some(());
7156                 self.context.update_time_counter += 1;
7157
7158                 let monitor_update = if update_shutdown_script {
7159                         self.context.latest_monitor_update_id += 1;
7160                         let monitor_update = ChannelMonitorUpdate {
7161                                 update_id: self.context.latest_monitor_update_id,
7162                                 counterparty_node_id: Some(self.context.counterparty_node_id),
7163                                 updates: vec![ChannelMonitorUpdateStep::ShutdownScript {
7164                                         scriptpubkey: self.get_closing_scriptpubkey(),
7165                                 }],
7166                                 channel_id: Some(self.context.channel_id()),
7167                         };
7168                         self.monitor_updating_paused(false, false, false, Vec::new(), Vec::new(), Vec::new());
7169                         self.push_ret_blockable_mon_update(monitor_update)
7170                 } else { None };
7171                 let shutdown = msgs::Shutdown {
7172                         channel_id: self.context.channel_id,
7173                         scriptpubkey: self.get_closing_scriptpubkey(),
7174                 };
7175
7176                 // Go ahead and drop holding cell updates as we'd rather fail payments than wait to send
7177                 // our shutdown until we've committed all of the pending changes.
7178                 self.context.holding_cell_update_fee = None;
7179                 let mut dropped_outbound_htlcs = Vec::with_capacity(self.context.holding_cell_htlc_updates.len());
7180                 self.context.holding_cell_htlc_updates.retain(|htlc_update| {
7181                         match htlc_update {
7182                                 &HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, .. } => {
7183                                         dropped_outbound_htlcs.push((source.clone(), payment_hash.clone()));
7184                                         false
7185                                 },
7186                                 _ => true
7187                         }
7188                 });
7189
7190                 debug_assert!(!self.is_shutdown() || monitor_update.is_none(),
7191                         "we can't both complete shutdown and return a monitor update");
7192
7193                 Ok((shutdown, monitor_update, dropped_outbound_htlcs))
7194         }
7195
7196         pub fn inflight_htlc_sources(&self) -> impl Iterator<Item=(&HTLCSource, &PaymentHash)> {
7197                 self.context.holding_cell_htlc_updates.iter()
7198                         .flat_map(|htlc_update| {
7199                                 match htlc_update {
7200                                         HTLCUpdateAwaitingACK::AddHTLC { source, payment_hash, .. }
7201                                                 => Some((source, payment_hash)),
7202                                         _ => None,
7203                                 }
7204                         })
7205                         .chain(self.context.pending_outbound_htlcs.iter().map(|htlc| (&htlc.source, &htlc.payment_hash)))
7206         }
7207 }
7208
7209 /// A not-yet-funded outbound (from holder) channel using V1 channel establishment.
7210 pub(super) struct OutboundV1Channel<SP: Deref> where SP::Target: SignerProvider {
7211         pub context: ChannelContext<SP>,
7212         pub unfunded_context: UnfundedChannelContext,
7213 }
7214
7215 impl<SP: Deref> OutboundV1Channel<SP> where SP::Target: SignerProvider {
7216         pub fn new<ES: Deref, F: Deref>(
7217                 fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP, counterparty_node_id: PublicKey, their_features: &InitFeatures,
7218                 channel_value_satoshis: u64, push_msat: u64, user_id: u128, config: &UserConfig, current_chain_height: u32,
7219                 outbound_scid_alias: u64, temporary_channel_id: Option<ChannelId>
7220         ) -> Result<OutboundV1Channel<SP>, APIError>
7221         where ES::Target: EntropySource,
7222               F::Target: FeeEstimator
7223         {
7224                 let holder_selected_channel_reserve_satoshis = get_holder_selected_channel_reserve_satoshis(channel_value_satoshis, config);
7225                 if holder_selected_channel_reserve_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
7226                         // Protocol level safety check in place, although it should never happen because
7227                         // of `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
7228                         return Err(APIError::APIMisuseError { err: format!("Holder selected channel reserve below \
7229                                 implemention limit dust_limit_satoshis {}", holder_selected_channel_reserve_satoshis) });
7230                 }
7231
7232                 let channel_keys_id = signer_provider.generate_channel_keys_id(false, channel_value_satoshis, user_id);
7233                 let holder_signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
7234                 let pubkeys = holder_signer.pubkeys().clone();
7235
7236                 let chan = Self {
7237                         context: ChannelContext::new_for_outbound_channel(
7238                                 fee_estimator,
7239                                 entropy_source,
7240                                 signer_provider,
7241                                 counterparty_node_id,
7242                                 their_features,
7243                                 channel_value_satoshis,
7244                                 push_msat,
7245                                 user_id,
7246                                 config,
7247                                 current_chain_height,
7248                                 outbound_scid_alias,
7249                                 temporary_channel_id,
7250                                 holder_selected_channel_reserve_satoshis,
7251                                 channel_keys_id,
7252                                 holder_signer,
7253                                 pubkeys,
7254                         )?,
7255                         unfunded_context: UnfundedChannelContext { unfunded_channel_age_ticks: 0 }
7256                 };
7257                 Ok(chan)
7258         }
7259
7260         /// Only allowed after [`ChannelContext::channel_transaction_parameters`] is set.
7261         fn get_funding_created_msg<L: Deref>(&mut self, logger: &L) -> Option<msgs::FundingCreated> where L::Target: Logger {
7262                 let counterparty_keys = self.context.build_remote_transaction_keys();
7263                 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
7264                 let signature = match &self.context.holder_signer {
7265                         // TODO (taproot|arik): move match into calling method for Taproot
7266                         ChannelSignerType::Ecdsa(ecdsa) => {
7267                                 ecdsa.sign_counterparty_commitment(&counterparty_initial_commitment_tx, Vec::new(), Vec::new(), &self.context.secp_ctx)
7268                                         .map(|(sig, _)| sig).ok()?
7269                         },
7270                         // TODO (taproot|arik)
7271                         #[cfg(taproot)]
7272                         _ => todo!()
7273                 };
7274
7275                 if self.context.signer_pending_funding {
7276                         log_trace!(logger, "Counterparty commitment signature ready for funding_created message: clearing signer_pending_funding");
7277                         self.context.signer_pending_funding = false;
7278                 }
7279
7280                 Some(msgs::FundingCreated {
7281                         temporary_channel_id: self.context.temporary_channel_id.unwrap(),
7282                         funding_txid: self.context.channel_transaction_parameters.funding_outpoint.as_ref().unwrap().txid,
7283                         funding_output_index: self.context.channel_transaction_parameters.funding_outpoint.as_ref().unwrap().index,
7284                         signature,
7285                         #[cfg(taproot)]
7286                         partial_signature_with_nonce: None,
7287                         #[cfg(taproot)]
7288                         next_local_nonce: None,
7289                 })
7290         }
7291
7292         /// Updates channel state with knowledge of the funding transaction's txid/index, and generates
7293         /// a funding_created message for the remote peer.
7294         /// Panics if called at some time other than immediately after initial handshake, if called twice,
7295         /// or if called on an inbound channel.
7296         /// Note that channel_id changes during this call!
7297         /// Do NOT broadcast the funding transaction until after a successful funding_signed call!
7298         /// If an Err is returned, it is a ChannelError::Close.
7299         pub fn get_funding_created<L: Deref>(&mut self, funding_transaction: Transaction, funding_txo: OutPoint, is_batch_funding: bool, logger: &L)
7300         -> Result<Option<msgs::FundingCreated>, (Self, ChannelError)> where L::Target: Logger {
7301                 if !self.context.is_outbound() {
7302                         panic!("Tried to create outbound funding_created message on an inbound channel!");
7303                 }
7304                 if !matches!(
7305                         self.context.channel_state, ChannelState::NegotiatingFunding(flags)
7306                         if flags == (NegotiatingFundingFlags::OUR_INIT_SENT | NegotiatingFundingFlags::THEIR_INIT_SENT)
7307                 ) {
7308                         panic!("Tried to get a funding_created messsage at a time other than immediately after initial handshake completion (or tried to get funding_created twice)");
7309                 }
7310                 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
7311                                 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
7312                                 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
7313                         panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
7314                 }
7315
7316                 self.context.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
7317                 self.context.holder_signer.as_mut().provide_channel_parameters(&self.context.channel_transaction_parameters);
7318
7319                 // Now that we're past error-generating stuff, update our local state:
7320
7321                 self.context.channel_state = ChannelState::FundingNegotiated;
7322                 self.context.channel_id = ChannelId::v1_from_funding_outpoint(funding_txo);
7323
7324                 // If the funding transaction is a coinbase transaction, we need to set the minimum depth to 100.
7325                 // We can skip this if it is a zero-conf channel.
7326                 if funding_transaction.is_coin_base() &&
7327                         self.context.minimum_depth.unwrap_or(0) > 0 &&
7328                         self.context.minimum_depth.unwrap_or(0) < COINBASE_MATURITY {
7329                         self.context.minimum_depth = Some(COINBASE_MATURITY);
7330                 }
7331
7332                 self.context.funding_transaction = Some(funding_transaction);
7333                 self.context.is_batch_funding = Some(()).filter(|_| is_batch_funding);
7334
7335                 let funding_created = self.get_funding_created_msg(logger);
7336                 if funding_created.is_none() {
7337                         #[cfg(not(async_signing))] {
7338                                 panic!("Failed to get signature for new funding creation");
7339                         }
7340                         #[cfg(async_signing)] {
7341                                 if !self.context.signer_pending_funding {
7342                                         log_trace!(logger, "funding_created awaiting signer; setting signer_pending_funding");
7343                                         self.context.signer_pending_funding = true;
7344                                 }
7345                         }
7346                 }
7347
7348                 Ok(funding_created)
7349         }
7350
7351         /// If we receive an error message, it may only be a rejection of the channel type we tried,
7352         /// not of our ability to open any channel at all. Thus, on error, we should first call this
7353         /// and see if we get a new `OpenChannel` message, otherwise the channel is failed.
7354         pub(crate) fn maybe_handle_error_without_close<F: Deref>(
7355                 &mut self, chain_hash: ChainHash, fee_estimator: &LowerBoundedFeeEstimator<F>
7356         ) -> Result<msgs::OpenChannel, ()>
7357         where
7358                 F::Target: FeeEstimator
7359         {
7360                 self.context.maybe_downgrade_channel_features(fee_estimator)?;
7361                 Ok(self.get_open_channel(chain_hash))
7362         }
7363
7364         pub fn get_open_channel(&self, chain_hash: ChainHash) -> msgs::OpenChannel {
7365                 if !self.context.is_outbound() {
7366                         panic!("Tried to open a channel for an inbound channel?");
7367                 }
7368                 if self.context.have_received_message() {
7369                         panic!("Cannot generate an open_channel after we've moved forward");
7370                 }
7371
7372                 if self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
7373                         panic!("Tried to send an open_channel for a channel that has already advanced");
7374                 }
7375
7376                 let first_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
7377                 let keys = self.context.get_holder_pubkeys();
7378
7379                 msgs::OpenChannel {
7380                         common_fields: msgs::CommonOpenChannelFields {
7381                                 chain_hash,
7382                                 temporary_channel_id: self.context.channel_id,
7383                                 funding_satoshis: self.context.channel_value_satoshis,
7384                                 dust_limit_satoshis: self.context.holder_dust_limit_satoshis,
7385                                 max_htlc_value_in_flight_msat: self.context.holder_max_htlc_value_in_flight_msat,
7386                                 htlc_minimum_msat: self.context.holder_htlc_minimum_msat,
7387                                 commitment_feerate_sat_per_1000_weight: self.context.feerate_per_kw as u32,
7388                                 to_self_delay: self.context.get_holder_selected_contest_delay(),
7389                                 max_accepted_htlcs: self.context.holder_max_accepted_htlcs,
7390                                 funding_pubkey: keys.funding_pubkey,
7391                                 revocation_basepoint: keys.revocation_basepoint.to_public_key(),
7392                                 payment_basepoint: keys.payment_point,
7393                                 delayed_payment_basepoint: keys.delayed_payment_basepoint.to_public_key(),
7394                                 htlc_basepoint: keys.htlc_basepoint.to_public_key(),
7395                                 first_per_commitment_point,
7396                                 channel_flags: if self.context.config.announced_channel {1} else {0},
7397                                 shutdown_scriptpubkey: Some(match &self.context.shutdown_scriptpubkey {
7398                                         Some(script) => script.clone().into_inner(),
7399                                         None => Builder::new().into_script(),
7400                                 }),
7401                                 channel_type: Some(self.context.channel_type.clone()),
7402                         },
7403                         push_msat: self.context.channel_value_satoshis * 1000 - self.context.value_to_self_msat,
7404                         channel_reserve_satoshis: self.context.holder_selected_channel_reserve_satoshis,
7405                 }
7406         }
7407
7408         // Message handlers
7409         pub fn accept_channel(&mut self, msg: &msgs::AcceptChannel, default_limits: &ChannelHandshakeLimits, their_features: &InitFeatures) -> Result<(), ChannelError> {
7410                 let peer_limits = if let Some(ref limits) = self.context.inbound_handshake_limits_override { limits } else { default_limits };
7411
7412                 // Check sanity of message fields:
7413                 if !self.context.is_outbound() {
7414                         return Err(ChannelError::Close("Got an accept_channel message from an inbound peer".to_owned()));
7415                 }
7416                 if !matches!(self.context.channel_state, ChannelState::NegotiatingFunding(flags) if flags == NegotiatingFundingFlags::OUR_INIT_SENT) {
7417                         return Err(ChannelError::Close("Got an accept_channel message at a strange time".to_owned()));
7418                 }
7419                 if msg.common_fields.dust_limit_satoshis > 21000000 * 100000000 {
7420                         return Err(ChannelError::Close(format!("Peer never wants payout outputs? dust_limit_satoshis was {}", msg.common_fields.dust_limit_satoshis)));
7421                 }
7422                 if msg.channel_reserve_satoshis > self.context.channel_value_satoshis {
7423                         return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than ({})", msg.channel_reserve_satoshis, self.context.channel_value_satoshis)));
7424                 }
7425                 if msg.common_fields.dust_limit_satoshis > self.context.holder_selected_channel_reserve_satoshis {
7426                         return Err(ChannelError::Close(format!("Dust limit ({}) is bigger than our channel reserve ({})", msg.common_fields.dust_limit_satoshis, self.context.holder_selected_channel_reserve_satoshis)));
7427                 }
7428                 if msg.channel_reserve_satoshis > self.context.channel_value_satoshis - self.context.holder_selected_channel_reserve_satoshis {
7429                         return Err(ChannelError::Close(format!("Bogus channel_reserve_satoshis ({}). Must not be greater than channel value minus our reserve ({})",
7430                                 msg.channel_reserve_satoshis, self.context.channel_value_satoshis - self.context.holder_selected_channel_reserve_satoshis)));
7431                 }
7432                 let full_channel_value_msat = (self.context.channel_value_satoshis - msg.channel_reserve_satoshis) * 1000;
7433                 if msg.common_fields.htlc_minimum_msat >= full_channel_value_msat {
7434                         return Err(ChannelError::Close(format!("Minimum htlc value ({}) is full channel value ({})", msg.common_fields.htlc_minimum_msat, full_channel_value_msat)));
7435                 }
7436                 let max_delay_acceptable = u16::min(peer_limits.their_to_self_delay, MAX_LOCAL_BREAKDOWN_TIMEOUT);
7437                 if msg.common_fields.to_self_delay > max_delay_acceptable {
7438                         return Err(ChannelError::Close(format!("They wanted our payments to be delayed by a needlessly long period. Upper limit: {}. Actual: {}", max_delay_acceptable, msg.common_fields.to_self_delay)));
7439                 }
7440                 if msg.common_fields.max_accepted_htlcs < 1 {
7441                         return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel".to_owned()));
7442                 }
7443                 if msg.common_fields.max_accepted_htlcs > MAX_HTLCS {
7444                         return Err(ChannelError::Close(format!("max_accepted_htlcs was {}. It must not be larger than {}", msg.common_fields.max_accepted_htlcs, MAX_HTLCS)));
7445                 }
7446
7447                 // Now check against optional parameters as set by config...
7448                 if msg.common_fields.htlc_minimum_msat > peer_limits.max_htlc_minimum_msat {
7449                         return Err(ChannelError::Close(format!("htlc_minimum_msat ({}) is higher than the user specified limit ({})", msg.common_fields.htlc_minimum_msat, peer_limits.max_htlc_minimum_msat)));
7450                 }
7451                 if msg.common_fields.max_htlc_value_in_flight_msat < peer_limits.min_max_htlc_value_in_flight_msat {
7452                         return Err(ChannelError::Close(format!("max_htlc_value_in_flight_msat ({}) is less than the user specified limit ({})", msg.common_fields.max_htlc_value_in_flight_msat, peer_limits.min_max_htlc_value_in_flight_msat)));
7453                 }
7454                 if msg.channel_reserve_satoshis > peer_limits.max_channel_reserve_satoshis {
7455                         return Err(ChannelError::Close(format!("channel_reserve_satoshis ({}) is higher than the user specified limit ({})", msg.channel_reserve_satoshis, peer_limits.max_channel_reserve_satoshis)));
7456                 }
7457                 if msg.common_fields.max_accepted_htlcs < peer_limits.min_max_accepted_htlcs {
7458                         return Err(ChannelError::Close(format!("max_accepted_htlcs ({}) is less than the user specified limit ({})", msg.common_fields.max_accepted_htlcs, peer_limits.min_max_accepted_htlcs)));
7459                 }
7460                 if msg.common_fields.dust_limit_satoshis < MIN_CHAN_DUST_LIMIT_SATOSHIS {
7461                         return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is less than the implementation limit ({})", msg.common_fields.dust_limit_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS)));
7462                 }
7463                 if msg.common_fields.dust_limit_satoshis > MAX_CHAN_DUST_LIMIT_SATOSHIS {
7464                         return Err(ChannelError::Close(format!("dust_limit_satoshis ({}) is greater than the implementation limit ({})", msg.common_fields.dust_limit_satoshis, MAX_CHAN_DUST_LIMIT_SATOSHIS)));
7465                 }
7466                 if msg.common_fields.minimum_depth > peer_limits.max_minimum_depth {
7467                         return Err(ChannelError::Close(format!("We consider the minimum depth to be unreasonably large. Expected minimum: ({}). Actual: ({})", peer_limits.max_minimum_depth, msg.common_fields.minimum_depth)));
7468                 }
7469
7470                 if let Some(ty) = &msg.common_fields.channel_type {
7471                         if *ty != self.context.channel_type {
7472                                 return Err(ChannelError::Close("Channel Type in accept_channel didn't match the one sent in open_channel.".to_owned()));
7473                         }
7474                 } else if their_features.supports_channel_type() {
7475                         // Assume they've accepted the channel type as they said they understand it.
7476                 } else {
7477                         let channel_type = ChannelTypeFeatures::from_init(&their_features);
7478                         if channel_type != ChannelTypeFeatures::only_static_remote_key() {
7479                                 return Err(ChannelError::Close("Only static_remote_key is supported for non-negotiated channel types".to_owned()));
7480                         }
7481                         self.context.channel_type = channel_type.clone();
7482                         self.context.channel_transaction_parameters.channel_type_features = channel_type;
7483                 }
7484
7485                 let counterparty_shutdown_scriptpubkey = if their_features.supports_upfront_shutdown_script() {
7486                         match &msg.common_fields.shutdown_scriptpubkey {
7487                                 &Some(ref script) => {
7488                                         // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
7489                                         if script.len() == 0 {
7490                                                 None
7491                                         } else {
7492                                                 if !script::is_bolt2_compliant(&script, their_features) {
7493                                                         return Err(ChannelError::Close(format!("Peer is signaling upfront_shutdown but has provided an unacceptable scriptpubkey format: {}", script)));
7494                                                 }
7495                                                 Some(script.clone())
7496                                         }
7497                                 },
7498                                 // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
7499                                 &None => {
7500                                         return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out".to_owned()));
7501                                 }
7502                         }
7503                 } else { None };
7504
7505                 self.context.counterparty_dust_limit_satoshis = msg.common_fields.dust_limit_satoshis;
7506                 self.context.counterparty_max_htlc_value_in_flight_msat = cmp::min(msg.common_fields.max_htlc_value_in_flight_msat, self.context.channel_value_satoshis * 1000);
7507                 self.context.counterparty_selected_channel_reserve_satoshis = Some(msg.channel_reserve_satoshis);
7508                 self.context.counterparty_htlc_minimum_msat = msg.common_fields.htlc_minimum_msat;
7509                 self.context.counterparty_max_accepted_htlcs = msg.common_fields.max_accepted_htlcs;
7510
7511                 if peer_limits.trust_own_funding_0conf {
7512                         self.context.minimum_depth = Some(msg.common_fields.minimum_depth);
7513                 } else {
7514                         self.context.minimum_depth = Some(cmp::max(1, msg.common_fields.minimum_depth));
7515                 }
7516
7517                 let counterparty_pubkeys = ChannelPublicKeys {
7518                         funding_pubkey: msg.common_fields.funding_pubkey,
7519                         revocation_basepoint: RevocationBasepoint::from(msg.common_fields.revocation_basepoint),
7520                         payment_point: msg.common_fields.payment_basepoint,
7521                         delayed_payment_basepoint: DelayedPaymentBasepoint::from(msg.common_fields.delayed_payment_basepoint),
7522                         htlc_basepoint: HtlcBasepoint::from(msg.common_fields.htlc_basepoint)
7523                 };
7524
7525                 self.context.channel_transaction_parameters.counterparty_parameters = Some(CounterpartyChannelTransactionParameters {
7526                         selected_contest_delay: msg.common_fields.to_self_delay,
7527                         pubkeys: counterparty_pubkeys,
7528                 });
7529
7530                 self.context.counterparty_cur_commitment_point = Some(msg.common_fields.first_per_commitment_point);
7531                 self.context.counterparty_shutdown_scriptpubkey = counterparty_shutdown_scriptpubkey;
7532
7533                 self.context.channel_state = ChannelState::NegotiatingFunding(
7534                         NegotiatingFundingFlags::OUR_INIT_SENT | NegotiatingFundingFlags::THEIR_INIT_SENT
7535                 );
7536                 self.context.inbound_handshake_limits_override = None; // We're done enforcing limits on our peer's handshake now.
7537
7538                 Ok(())
7539         }
7540
7541         /// Handles a funding_signed message from the remote end.
7542         /// If this call is successful, broadcast the funding transaction (and not before!)
7543         pub fn funding_signed<L: Deref>(
7544                 mut self, msg: &msgs::FundingSigned, best_block: BestBlock, signer_provider: &SP, logger: &L
7545         ) -> Result<(Channel<SP>, ChannelMonitor<<SP::Target as SignerProvider>::EcdsaSigner>), (OutboundV1Channel<SP>, ChannelError)>
7546         where
7547                 L::Target: Logger
7548         {
7549                 if !self.context.is_outbound() {
7550                         return Err((self, ChannelError::Close("Received funding_signed for an inbound channel?".to_owned())));
7551                 }
7552                 if !matches!(self.context.channel_state, ChannelState::FundingNegotiated) {
7553                         return Err((self, ChannelError::Close("Received funding_signed in strange state!".to_owned())));
7554                 }
7555                 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
7556                                 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
7557                                 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
7558                         panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
7559                 }
7560
7561                 let funding_script = self.context.get_funding_redeemscript();
7562
7563                 let counterparty_keys = self.context.build_remote_transaction_keys();
7564                 let counterparty_initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_counterparty_commitment_transaction_number, &counterparty_keys, false, false, logger).tx;
7565                 let counterparty_trusted_tx = counterparty_initial_commitment_tx.trust();
7566                 let counterparty_initial_bitcoin_tx = counterparty_trusted_tx.built_transaction();
7567
7568                 log_trace!(logger, "Initial counterparty tx for channel {} is: txid {} tx {}",
7569                         &self.context.channel_id(), counterparty_initial_bitcoin_tx.txid, encode::serialize_hex(&counterparty_initial_bitcoin_tx.transaction));
7570
7571                 let holder_signer = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
7572                 let initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &holder_signer, true, false, logger).tx;
7573                 {
7574                         let trusted_tx = initial_commitment_tx.trust();
7575                         let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
7576                         let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
7577                         // They sign our commitment transaction, allowing us to broadcast the tx if we wish.
7578                         if let Err(_) = self.context.secp_ctx.verify_ecdsa(&sighash, &msg.signature, &self.context.get_counterparty_pubkeys().funding_pubkey) {
7579                                 return Err((self, ChannelError::Close("Invalid funding_signed signature from peer".to_owned())));
7580                         }
7581                 }
7582
7583                 let holder_commitment_tx = HolderCommitmentTransaction::new(
7584                         initial_commitment_tx,
7585                         msg.signature,
7586                         Vec::new(),
7587                         &self.context.get_holder_pubkeys().funding_pubkey,
7588                         self.context.counterparty_funding_pubkey()
7589                 );
7590
7591                 let validated =
7592                         self.context.holder_signer.as_ref().validate_holder_commitment(&holder_commitment_tx, Vec::new());
7593                 if validated.is_err() {
7594                         return Err((self, ChannelError::Close("Failed to validate our commitment".to_owned())));
7595                 }
7596
7597                 let funding_redeemscript = self.context.get_funding_redeemscript();
7598                 let funding_txo = self.context.get_funding_txo().unwrap();
7599                 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
7600                 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.context.get_holder_pubkeys().payment_point, &self.context.get_counterparty_pubkeys().payment_point, self.context.is_outbound());
7601                 let shutdown_script = self.context.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
7602                 let mut monitor_signer = signer_provider.derive_channel_signer(self.context.channel_value_satoshis, self.context.channel_keys_id);
7603                 monitor_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
7604                 let channel_monitor = ChannelMonitor::new(self.context.secp_ctx.clone(), monitor_signer,
7605                                                           shutdown_script, self.context.get_holder_selected_contest_delay(),
7606                                                           &self.context.destination_script, (funding_txo, funding_txo_script),
7607                                                           &self.context.channel_transaction_parameters,
7608                                                           funding_redeemscript.clone(), self.context.channel_value_satoshis,
7609                                                           obscure_factor,
7610                                                           holder_commitment_tx, best_block, self.context.counterparty_node_id, self.context.channel_id());
7611                 channel_monitor.provide_initial_counterparty_commitment_tx(
7612                         counterparty_initial_bitcoin_tx.txid, Vec::new(),
7613                         self.context.cur_counterparty_commitment_transaction_number,
7614                         self.context.counterparty_cur_commitment_point.unwrap(),
7615                         counterparty_initial_commitment_tx.feerate_per_kw(),
7616                         counterparty_initial_commitment_tx.to_broadcaster_value_sat(),
7617                         counterparty_initial_commitment_tx.to_countersignatory_value_sat(), logger);
7618
7619                 assert!(!self.context.channel_state.is_monitor_update_in_progress()); // We have no had any monitor(s) yet to fail update!
7620                 if self.context.is_batch_funding() {
7621                         self.context.channel_state = ChannelState::AwaitingChannelReady(AwaitingChannelReadyFlags::WAITING_FOR_BATCH);
7622                 } else {
7623                         self.context.channel_state = ChannelState::AwaitingChannelReady(AwaitingChannelReadyFlags::new());
7624                 }
7625                 self.context.cur_holder_commitment_transaction_number -= 1;
7626                 self.context.cur_counterparty_commitment_transaction_number -= 1;
7627
7628                 log_info!(logger, "Received funding_signed from peer for channel {}", &self.context.channel_id());
7629
7630                 let mut channel = Channel {
7631                         context: self.context,
7632                         #[cfg(dual_funding)]
7633                         dual_funding_channel_context: None,
7634                 };
7635
7636                 let need_channel_ready = channel.check_get_channel_ready(0).is_some();
7637                 channel.monitor_updating_paused(false, false, need_channel_ready, Vec::new(), Vec::new(), Vec::new());
7638                 Ok((channel, channel_monitor))
7639         }
7640
7641         /// Indicates that the signer may have some signatures for us, so we should retry if we're
7642         /// blocked.
7643         #[cfg(async_signing)]
7644         pub fn signer_maybe_unblocked<L: Deref>(&mut self, logger: &L) -> Option<msgs::FundingCreated> where L::Target: Logger {
7645                 if self.context.signer_pending_funding && self.context.is_outbound() {
7646                         log_trace!(logger, "Signer unblocked a funding_created");
7647                         self.get_funding_created_msg(logger)
7648                 } else { None }
7649         }
7650 }
7651
7652 /// A not-yet-funded inbound (from counterparty) channel using V1 channel establishment.
7653 pub(super) struct InboundV1Channel<SP: Deref> where SP::Target: SignerProvider {
7654         pub context: ChannelContext<SP>,
7655         pub unfunded_context: UnfundedChannelContext,
7656 }
7657
7658 /// Fetches the [`ChannelTypeFeatures`] that will be used for a channel built from a given
7659 /// [`msgs::CommonOpenChannelFields`].
7660 pub(super) fn channel_type_from_open_channel(
7661         common_fields: &msgs::CommonOpenChannelFields, their_features: &InitFeatures,
7662         our_supported_features: &ChannelTypeFeatures
7663 ) -> Result<ChannelTypeFeatures, ChannelError> {
7664         if let Some(channel_type) = &common_fields.channel_type {
7665                 if channel_type.supports_any_optional_bits() {
7666                         return Err(ChannelError::Close("Channel Type field contained optional bits - this is not allowed".to_owned()));
7667                 }
7668
7669                 // We only support the channel types defined by the `ChannelManager` in
7670                 // `provided_channel_type_features`. The channel type must always support
7671                 // `static_remote_key`.
7672                 if !channel_type.requires_static_remote_key() {
7673                         return Err(ChannelError::Close("Channel Type was not understood - we require static remote key".to_owned()));
7674                 }
7675                 // Make sure we support all of the features behind the channel type.
7676                 if !channel_type.is_subset(our_supported_features) {
7677                         return Err(ChannelError::Close("Channel Type contains unsupported features".to_owned()));
7678                 }
7679                 let announced_channel = if (common_fields.channel_flags & 1) == 1 { true } else { false };
7680                 if channel_type.requires_scid_privacy() && announced_channel {
7681                         return Err(ChannelError::Close("SCID Alias/Privacy Channel Type cannot be set on a public channel".to_owned()));
7682                 }
7683                 Ok(channel_type.clone())
7684         } else {
7685                 let channel_type = ChannelTypeFeatures::from_init(&their_features);
7686                 if channel_type != ChannelTypeFeatures::only_static_remote_key() {
7687                         return Err(ChannelError::Close("Only static_remote_key is supported for non-negotiated channel types".to_owned()));
7688                 }
7689                 Ok(channel_type)
7690         }
7691 }
7692
7693 impl<SP: Deref> InboundV1Channel<SP> where SP::Target: SignerProvider {
7694         /// Creates a new channel from a remote sides' request for one.
7695         /// Assumes chain_hash has already been checked and corresponds with what we expect!
7696         pub fn new<ES: Deref, F: Deref, L: Deref>(
7697                 fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP,
7698                 counterparty_node_id: PublicKey, our_supported_features: &ChannelTypeFeatures,
7699                 their_features: &InitFeatures, msg: &msgs::OpenChannel, user_id: u128, config: &UserConfig,
7700                 current_chain_height: u32, logger: &L, is_0conf: bool,
7701         ) -> Result<InboundV1Channel<SP>, ChannelError>
7702                 where ES::Target: EntropySource,
7703                           F::Target: FeeEstimator,
7704                           L::Target: Logger,
7705         {
7706                 let logger = WithContext::from(logger, Some(counterparty_node_id), Some(msg.common_fields.temporary_channel_id));
7707
7708                 // First check the channel type is known, failing before we do anything else if we don't
7709                 // support this channel type.
7710                 let channel_type = channel_type_from_open_channel(&msg.common_fields, their_features, our_supported_features)?;
7711
7712                 let holder_selected_channel_reserve_satoshis = get_holder_selected_channel_reserve_satoshis(msg.common_fields.funding_satoshis, config);
7713                 let counterparty_pubkeys = ChannelPublicKeys {
7714                         funding_pubkey: msg.common_fields.funding_pubkey,
7715                         revocation_basepoint: RevocationBasepoint::from(msg.common_fields.revocation_basepoint),
7716                         payment_point: msg.common_fields.payment_basepoint,
7717                         delayed_payment_basepoint: DelayedPaymentBasepoint::from(msg.common_fields.delayed_payment_basepoint),
7718                         htlc_basepoint: HtlcBasepoint::from(msg.common_fields.htlc_basepoint)
7719                 };
7720
7721                 let chan = Self {
7722                         context: ChannelContext::new_for_inbound_channel(
7723                                 fee_estimator,
7724                                 entropy_source,
7725                                 signer_provider,
7726                                 counterparty_node_id,
7727                                 their_features,
7728                                 user_id,
7729                                 config,
7730                                 current_chain_height,
7731                                 &&logger,
7732                                 is_0conf,
7733                                 0,
7734
7735                                 counterparty_pubkeys,
7736                                 channel_type,
7737                                 holder_selected_channel_reserve_satoshis,
7738                                 msg.channel_reserve_satoshis,
7739                                 msg.push_msat,
7740                                 msg.common_fields.clone(),
7741                         )?,
7742                         unfunded_context: UnfundedChannelContext { unfunded_channel_age_ticks: 0 }
7743                 };
7744                 Ok(chan)
7745         }
7746
7747         /// Marks an inbound channel as accepted and generates a [`msgs::AcceptChannel`] message which
7748         /// should be sent back to the counterparty node.
7749         ///
7750         /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
7751         pub fn accept_inbound_channel(&mut self) -> msgs::AcceptChannel {
7752                 if self.context.is_outbound() {
7753                         panic!("Tried to send accept_channel for an outbound channel?");
7754                 }
7755                 if !matches!(
7756                         self.context.channel_state, ChannelState::NegotiatingFunding(flags)
7757                         if flags == (NegotiatingFundingFlags::OUR_INIT_SENT | NegotiatingFundingFlags::THEIR_INIT_SENT)
7758                 ) {
7759                         panic!("Tried to send accept_channel after channel had moved forward");
7760                 }
7761                 if self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
7762                         panic!("Tried to send an accept_channel for a channel that has already advanced");
7763                 }
7764
7765                 self.generate_accept_channel_message()
7766         }
7767
7768         /// This function is used to explicitly generate a [`msgs::AcceptChannel`] message for an
7769         /// inbound channel. If the intention is to accept an inbound channel, use
7770         /// [`InboundV1Channel::accept_inbound_channel`] instead.
7771         ///
7772         /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
7773         fn generate_accept_channel_message(&self) -> msgs::AcceptChannel {
7774                 let first_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
7775                 let keys = self.context.get_holder_pubkeys();
7776
7777                 msgs::AcceptChannel {
7778                         common_fields: msgs::CommonAcceptChannelFields {
7779                                 temporary_channel_id: self.context.channel_id,
7780                                 dust_limit_satoshis: self.context.holder_dust_limit_satoshis,
7781                                 max_htlc_value_in_flight_msat: self.context.holder_max_htlc_value_in_flight_msat,
7782                                 htlc_minimum_msat: self.context.holder_htlc_minimum_msat,
7783                                 minimum_depth: self.context.minimum_depth.unwrap(),
7784                                 to_self_delay: self.context.get_holder_selected_contest_delay(),
7785                                 max_accepted_htlcs: self.context.holder_max_accepted_htlcs,
7786                                 funding_pubkey: keys.funding_pubkey,
7787                                 revocation_basepoint: keys.revocation_basepoint.to_public_key(),
7788                                 payment_basepoint: keys.payment_point,
7789                                 delayed_payment_basepoint: keys.delayed_payment_basepoint.to_public_key(),
7790                                 htlc_basepoint: keys.htlc_basepoint.to_public_key(),
7791                                 first_per_commitment_point,
7792                                 shutdown_scriptpubkey: Some(match &self.context.shutdown_scriptpubkey {
7793                                         Some(script) => script.clone().into_inner(),
7794                                         None => Builder::new().into_script(),
7795                                 }),
7796                                 channel_type: Some(self.context.channel_type.clone()),
7797                         },
7798                         channel_reserve_satoshis: self.context.holder_selected_channel_reserve_satoshis,
7799                         #[cfg(taproot)]
7800                         next_local_nonce: None,
7801                 }
7802         }
7803
7804         /// Enables the possibility for tests to extract a [`msgs::AcceptChannel`] message for an
7805         /// inbound channel without accepting it.
7806         ///
7807         /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
7808         #[cfg(test)]
7809         pub fn get_accept_channel_message(&self) -> msgs::AcceptChannel {
7810                 self.generate_accept_channel_message()
7811         }
7812
7813         fn check_funding_created_signature<L: Deref>(&mut self, sig: &Signature, logger: &L) -> Result<CommitmentTransaction, ChannelError> where L::Target: Logger {
7814                 let funding_script = self.context.get_funding_redeemscript();
7815
7816                 let keys = self.context.build_holder_transaction_keys(self.context.cur_holder_commitment_transaction_number);
7817                 let initial_commitment_tx = self.context.build_commitment_transaction(self.context.cur_holder_commitment_transaction_number, &keys, true, false, logger).tx;
7818                 let trusted_tx = initial_commitment_tx.trust();
7819                 let initial_commitment_bitcoin_tx = trusted_tx.built_transaction();
7820                 let sighash = initial_commitment_bitcoin_tx.get_sighash_all(&funding_script, self.context.channel_value_satoshis);
7821                 // They sign the holder commitment transaction...
7822                 log_trace!(logger, "Checking funding_created tx signature {} by key {} against tx {} (sighash {}) with redeemscript {} for channel {}.",
7823                         log_bytes!(sig.serialize_compact()[..]), log_bytes!(self.context.counterparty_funding_pubkey().serialize()),
7824                         encode::serialize_hex(&initial_commitment_bitcoin_tx.transaction), log_bytes!(sighash[..]),
7825                         encode::serialize_hex(&funding_script), &self.context.channel_id());
7826                 secp_check!(self.context.secp_ctx.verify_ecdsa(&sighash, &sig, self.context.counterparty_funding_pubkey()), "Invalid funding_created signature from peer".to_owned());
7827
7828                 Ok(initial_commitment_tx)
7829         }
7830
7831         pub fn funding_created<L: Deref>(
7832                 mut self, msg: &msgs::FundingCreated, best_block: BestBlock, signer_provider: &SP, logger: &L
7833         ) -> Result<(Channel<SP>, Option<msgs::FundingSigned>, ChannelMonitor<<SP::Target as SignerProvider>::EcdsaSigner>), (Self, ChannelError)>
7834         where
7835                 L::Target: Logger
7836         {
7837                 if self.context.is_outbound() {
7838                         return Err((self, ChannelError::Close("Received funding_created for an outbound channel?".to_owned())));
7839                 }
7840                 if !matches!(
7841                         self.context.channel_state, ChannelState::NegotiatingFunding(flags)
7842                         if flags == (NegotiatingFundingFlags::OUR_INIT_SENT | NegotiatingFundingFlags::THEIR_INIT_SENT)
7843                 ) {
7844                         // BOLT 2 says that if we disconnect before we send funding_signed we SHOULD NOT
7845                         // remember the channel, so it's safe to just send an error_message here and drop the
7846                         // channel.
7847                         return Err((self, ChannelError::Close("Received funding_created after we got the channel!".to_owned())));
7848                 }
7849                 if self.context.commitment_secrets.get_min_seen_secret() != (1 << 48) ||
7850                                 self.context.cur_counterparty_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER ||
7851                                 self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
7852                         panic!("Should not have advanced channel commitment tx numbers prior to funding_created");
7853                 }
7854
7855                 let funding_txo = OutPoint { txid: msg.funding_txid, index: msg.funding_output_index };
7856                 self.context.channel_transaction_parameters.funding_outpoint = Some(funding_txo);
7857                 // This is an externally observable change before we finish all our checks.  In particular
7858                 // check_funding_created_signature may fail.
7859                 self.context.holder_signer.as_mut().provide_channel_parameters(&self.context.channel_transaction_parameters);
7860
7861                 let initial_commitment_tx = match self.check_funding_created_signature(&msg.signature, logger) {
7862                         Ok(res) => res,
7863                         Err(ChannelError::Close(e)) => {
7864                                 self.context.channel_transaction_parameters.funding_outpoint = None;
7865                                 return Err((self, ChannelError::Close(e)));
7866                         },
7867                         Err(e) => {
7868                                 // The only error we know how to handle is ChannelError::Close, so we fall over here
7869                                 // to make sure we don't continue with an inconsistent state.
7870                                 panic!("unexpected error type from check_funding_created_signature {:?}", e);
7871                         }
7872                 };
7873
7874                 let holder_commitment_tx = HolderCommitmentTransaction::new(
7875                         initial_commitment_tx,
7876                         msg.signature,
7877                         Vec::new(),
7878                         &self.context.get_holder_pubkeys().funding_pubkey,
7879                         self.context.counterparty_funding_pubkey()
7880                 );
7881
7882                 if let Err(_) = self.context.holder_signer.as_ref().validate_holder_commitment(&holder_commitment_tx, Vec::new()) {
7883                         return Err((self, ChannelError::Close("Failed to validate our commitment".to_owned())));
7884                 }
7885
7886                 // Now that we're past error-generating stuff, update our local state:
7887
7888                 self.context.channel_state = ChannelState::AwaitingChannelReady(AwaitingChannelReadyFlags::new());
7889                 self.context.channel_id = ChannelId::v1_from_funding_outpoint(funding_txo);
7890                 self.context.cur_counterparty_commitment_transaction_number -= 1;
7891                 self.context.cur_holder_commitment_transaction_number -= 1;
7892
7893                 let (counterparty_initial_commitment_tx, funding_signed) = self.context.get_funding_signed_msg(logger);
7894
7895                 let funding_redeemscript = self.context.get_funding_redeemscript();
7896                 let funding_txo_script = funding_redeemscript.to_v0_p2wsh();
7897                 let obscure_factor = get_commitment_transaction_number_obscure_factor(&self.context.get_holder_pubkeys().payment_point, &self.context.get_counterparty_pubkeys().payment_point, self.context.is_outbound());
7898                 let shutdown_script = self.context.shutdown_scriptpubkey.clone().map(|script| script.into_inner());
7899                 let mut monitor_signer = signer_provider.derive_channel_signer(self.context.channel_value_satoshis, self.context.channel_keys_id);
7900                 monitor_signer.provide_channel_parameters(&self.context.channel_transaction_parameters);
7901                 let channel_monitor = ChannelMonitor::new(self.context.secp_ctx.clone(), monitor_signer,
7902                                                           shutdown_script, self.context.get_holder_selected_contest_delay(),
7903                                                           &self.context.destination_script, (funding_txo, funding_txo_script.clone()),
7904                                                           &self.context.channel_transaction_parameters,
7905                                                           funding_redeemscript.clone(), self.context.channel_value_satoshis,
7906                                                           obscure_factor,
7907                                                           holder_commitment_tx, best_block, self.context.counterparty_node_id, self.context.channel_id());
7908                 channel_monitor.provide_initial_counterparty_commitment_tx(
7909                         counterparty_initial_commitment_tx.trust().txid(), Vec::new(),
7910                         self.context.cur_counterparty_commitment_transaction_number + 1,
7911                         self.context.counterparty_cur_commitment_point.unwrap(), self.context.feerate_per_kw,
7912                         counterparty_initial_commitment_tx.to_broadcaster_value_sat(),
7913                         counterparty_initial_commitment_tx.to_countersignatory_value_sat(), logger);
7914
7915                 log_info!(logger, "{} funding_signed for peer for channel {}",
7916                         if funding_signed.is_some() { "Generated" } else { "Waiting for signature on" }, &self.context.channel_id());
7917
7918                 // Promote the channel to a full-fledged one now that we have updated the state and have a
7919                 // `ChannelMonitor`.
7920                 let mut channel = Channel {
7921                         context: self.context,
7922                         #[cfg(dual_funding)]
7923                         dual_funding_channel_context: None,
7924                 };
7925                 let need_channel_ready = channel.check_get_channel_ready(0).is_some();
7926                 channel.monitor_updating_paused(false, false, need_channel_ready, Vec::new(), Vec::new(), Vec::new());
7927
7928                 Ok((channel, funding_signed, channel_monitor))
7929         }
7930 }
7931
7932 // A not-yet-funded outbound (from holder) channel using V2 channel establishment.
7933 #[cfg(dual_funding)]
7934 pub(super) struct OutboundV2Channel<SP: Deref> where SP::Target: SignerProvider {
7935         pub context: ChannelContext<SP>,
7936         pub unfunded_context: UnfundedChannelContext,
7937         #[cfg(dual_funding)]
7938         pub dual_funding_context: DualFundingChannelContext,
7939 }
7940
7941 #[cfg(dual_funding)]
7942 impl<SP: Deref> OutboundV2Channel<SP> where SP::Target: SignerProvider {
7943         pub fn new<ES: Deref, F: Deref>(
7944                 fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP,
7945                 counterparty_node_id: PublicKey, their_features: &InitFeatures, funding_satoshis: u64,
7946                 user_id: u128, config: &UserConfig, current_chain_height: u32, outbound_scid_alias: u64,
7947                 funding_confirmation_target: ConfirmationTarget,
7948         ) -> Result<OutboundV2Channel<SP>, APIError>
7949         where ES::Target: EntropySource,
7950               F::Target: FeeEstimator,
7951         {
7952                 let channel_keys_id = signer_provider.generate_channel_keys_id(false, funding_satoshis, user_id);
7953                 let holder_signer = signer_provider.derive_channel_signer(funding_satoshis, channel_keys_id);
7954                 let pubkeys = holder_signer.pubkeys().clone();
7955
7956                 let temporary_channel_id = Some(ChannelId::temporary_v2_from_revocation_basepoint(&pubkeys.revocation_basepoint));
7957
7958                 let holder_selected_channel_reserve_satoshis = get_v2_channel_reserve_satoshis(
7959                         funding_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS);
7960
7961                 let funding_feerate_sat_per_1000_weight = fee_estimator.bounded_sat_per_1000_weight(funding_confirmation_target);
7962                 let funding_tx_locktime = current_chain_height;
7963
7964                 let chan = Self {
7965                         context: ChannelContext::new_for_outbound_channel(
7966                                 fee_estimator,
7967                                 entropy_source,
7968                                 signer_provider,
7969                                 counterparty_node_id,
7970                                 their_features,
7971                                 funding_satoshis,
7972                                 0,
7973                                 user_id,
7974                                 config,
7975                                 current_chain_height,
7976                                 outbound_scid_alias,
7977                                 temporary_channel_id,
7978                                 holder_selected_channel_reserve_satoshis,
7979                                 channel_keys_id,
7980                                 holder_signer,
7981                                 pubkeys,
7982                         )?,
7983                         unfunded_context: UnfundedChannelContext { unfunded_channel_age_ticks: 0 },
7984                         dual_funding_context: DualFundingChannelContext {
7985                                 our_funding_satoshis: funding_satoshis,
7986                                 their_funding_satoshis: 0,
7987                                 funding_tx_locktime,
7988                                 funding_feerate_sat_per_1000_weight,
7989                         }
7990                 };
7991                 Ok(chan)
7992         }
7993
7994         /// If we receive an error message, it may only be a rejection of the channel type we tried,
7995         /// not of our ability to open any channel at all. Thus, on error, we should first call this
7996         /// and see if we get a new `OpenChannelV2` message, otherwise the channel is failed.
7997         pub(crate) fn maybe_handle_error_without_close<F: Deref>(
7998                 &mut self, chain_hash: ChainHash, fee_estimator: &LowerBoundedFeeEstimator<F>
7999         ) -> Result<msgs::OpenChannelV2, ()>
8000         where
8001                 F::Target: FeeEstimator
8002         {
8003                 self.context.maybe_downgrade_channel_features(fee_estimator)?;
8004                 Ok(self.get_open_channel_v2(chain_hash))
8005         }
8006
8007         pub fn get_open_channel_v2(&self, chain_hash: ChainHash) -> msgs::OpenChannelV2 {
8008                 if self.context.have_received_message() {
8009                         debug_assert!(false, "Cannot generate an open_channel2 after we've moved forward");
8010                 }
8011
8012                 if self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
8013                         debug_assert!(false, "Tried to send an open_channel2 for a channel that has already advanced");
8014                 }
8015
8016                 let first_per_commitment_point = self.context.holder_signer.as_ref()
8017                         .get_per_commitment_point(self.context.cur_holder_commitment_transaction_number,
8018                                 &self.context.secp_ctx);
8019                 let second_per_commitment_point = self.context.holder_signer.as_ref()
8020                         .get_per_commitment_point(self.context.cur_holder_commitment_transaction_number - 1,
8021                                 &self.context.secp_ctx);
8022                 let keys = self.context.get_holder_pubkeys();
8023
8024                 msgs::OpenChannelV2 {
8025                         common_fields: msgs::CommonOpenChannelFields {
8026                                 chain_hash,
8027                                 temporary_channel_id: self.context.temporary_channel_id.unwrap(),
8028                                 funding_satoshis: self.context.channel_value_satoshis,
8029                                 dust_limit_satoshis: self.context.holder_dust_limit_satoshis,
8030                                 max_htlc_value_in_flight_msat: self.context.holder_max_htlc_value_in_flight_msat,
8031                                 htlc_minimum_msat: self.context.holder_htlc_minimum_msat,
8032                                 commitment_feerate_sat_per_1000_weight: self.context.feerate_per_kw,
8033                                 to_self_delay: self.context.get_holder_selected_contest_delay(),
8034                                 max_accepted_htlcs: self.context.holder_max_accepted_htlcs,
8035                                 funding_pubkey: keys.funding_pubkey,
8036                                 revocation_basepoint: keys.revocation_basepoint.to_public_key(),
8037                                 payment_basepoint: keys.payment_point,
8038                                 delayed_payment_basepoint: keys.delayed_payment_basepoint.to_public_key(),
8039                                 htlc_basepoint: keys.htlc_basepoint.to_public_key(),
8040                                 first_per_commitment_point,
8041                                 channel_flags: if self.context.config.announced_channel {1} else {0},
8042                                 shutdown_scriptpubkey: Some(match &self.context.shutdown_scriptpubkey {
8043                                         Some(script) => script.clone().into_inner(),
8044                                         None => Builder::new().into_script(),
8045                                 }),
8046                                 channel_type: Some(self.context.channel_type.clone()),
8047                         },
8048                         funding_feerate_sat_per_1000_weight: self.context.feerate_per_kw,
8049                         second_per_commitment_point,
8050                         locktime: self.dual_funding_context.funding_tx_locktime,
8051                         require_confirmed_inputs: None,
8052                 }
8053         }
8054 }
8055
8056 // A not-yet-funded inbound (from counterparty) channel using V2 channel establishment.
8057 #[cfg(dual_funding)]
8058 pub(super) struct InboundV2Channel<SP: Deref> where SP::Target: SignerProvider {
8059         pub context: ChannelContext<SP>,
8060         pub unfunded_context: UnfundedChannelContext,
8061         pub dual_funding_context: DualFundingChannelContext,
8062 }
8063
8064 #[cfg(dual_funding)]
8065 impl<SP: Deref> InboundV2Channel<SP> where SP::Target: SignerProvider {
8066         /// Creates a new dual-funded channel from a remote side's request for one.
8067         /// Assumes chain_hash has already been checked and corresponds with what we expect!
8068         pub fn new<ES: Deref, F: Deref, L: Deref>(
8069                 fee_estimator: &LowerBoundedFeeEstimator<F>, entropy_source: &ES, signer_provider: &SP,
8070                 counterparty_node_id: PublicKey, our_supported_features: &ChannelTypeFeatures,
8071                 their_features: &InitFeatures, msg: &msgs::OpenChannelV2, funding_satoshis: u64, user_id: u128,
8072                 config: &UserConfig, current_chain_height: u32, logger: &L,
8073         ) -> Result<InboundV2Channel<SP>, ChannelError>
8074                 where ES::Target: EntropySource,
8075                           F::Target: FeeEstimator,
8076                           L::Target: Logger,
8077         {
8078                 let channel_value_satoshis = funding_satoshis.saturating_add(msg.common_fields.funding_satoshis);
8079                 let counterparty_selected_channel_reserve_satoshis = get_v2_channel_reserve_satoshis(
8080                         channel_value_satoshis, msg.common_fields.dust_limit_satoshis);
8081                 let holder_selected_channel_reserve_satoshis = get_v2_channel_reserve_satoshis(
8082                         channel_value_satoshis, MIN_CHAN_DUST_LIMIT_SATOSHIS);
8083
8084                 // First check the channel type is known, failing before we do anything else if we don't
8085                 // support this channel type.
8086                 if msg.common_fields.channel_type.is_none() {
8087                         return Err(ChannelError::Close(format!("Rejecting V2 channel {} missing channel_type",
8088                                 msg.common_fields.temporary_channel_id)))
8089                 }
8090                 let channel_type = channel_type_from_open_channel(&msg.common_fields, their_features, our_supported_features)?;
8091
8092                 let counterparty_pubkeys = ChannelPublicKeys {
8093                         funding_pubkey: msg.common_fields.funding_pubkey,
8094                         revocation_basepoint: RevocationBasepoint(msg.common_fields.revocation_basepoint),
8095                         payment_point: msg.common_fields.payment_basepoint,
8096                         delayed_payment_basepoint: DelayedPaymentBasepoint(msg.common_fields.delayed_payment_basepoint),
8097                         htlc_basepoint: HtlcBasepoint(msg.common_fields.htlc_basepoint)
8098                 };
8099
8100                 let mut context = ChannelContext::new_for_inbound_channel(
8101                         fee_estimator,
8102                         entropy_source,
8103                         signer_provider,
8104                         counterparty_node_id,
8105                         their_features,
8106                         user_id,
8107                         config,
8108                         current_chain_height,
8109                         logger,
8110                         false,
8111
8112                         funding_satoshis,
8113
8114                         counterparty_pubkeys,
8115                         channel_type,
8116                         holder_selected_channel_reserve_satoshis,
8117                         counterparty_selected_channel_reserve_satoshis,
8118                         0 /* push_msat not used in dual-funding */,
8119                         msg.common_fields.clone(),
8120                 )?;
8121                 let channel_id = ChannelId::v2_from_revocation_basepoints(
8122                         &context.get_holder_pubkeys().revocation_basepoint,
8123                         &context.get_counterparty_pubkeys().revocation_basepoint);
8124                 context.channel_id = channel_id;
8125
8126                 let chan = Self {
8127                         context,
8128                         unfunded_context: UnfundedChannelContext { unfunded_channel_age_ticks: 0 },
8129                         dual_funding_context: DualFundingChannelContext {
8130                                 our_funding_satoshis: funding_satoshis,
8131                                 their_funding_satoshis: msg.common_fields.funding_satoshis,
8132                                 funding_tx_locktime: msg.locktime,
8133                                 funding_feerate_sat_per_1000_weight: msg.funding_feerate_sat_per_1000_weight,
8134                         }
8135                 };
8136
8137                 Ok(chan)
8138         }
8139
8140         /// Marks an inbound channel as accepted and generates a [`msgs::AcceptChannelV2`] message which
8141         /// should be sent back to the counterparty node.
8142         ///
8143         /// [`msgs::AcceptChannelV2`]: crate::ln::msgs::AcceptChannelV2
8144         pub fn accept_inbound_dual_funded_channel(&mut self) -> msgs::AcceptChannelV2 {
8145                 if self.context.is_outbound() {
8146                         debug_assert!(false, "Tried to send accept_channel for an outbound channel?");
8147                 }
8148                 if !matches!(
8149                         self.context.channel_state, ChannelState::NegotiatingFunding(flags)
8150                         if flags == (NegotiatingFundingFlags::OUR_INIT_SENT | NegotiatingFundingFlags::THEIR_INIT_SENT)
8151                 ) {
8152                         debug_assert!(false, "Tried to send accept_channel2 after channel had moved forward");
8153                 }
8154                 if self.context.cur_holder_commitment_transaction_number != INITIAL_COMMITMENT_NUMBER {
8155                         debug_assert!(false, "Tried to send an accept_channel2 for a channel that has already advanced");
8156                 }
8157
8158                 self.generate_accept_channel_v2_message()
8159         }
8160
8161         /// This function is used to explicitly generate a [`msgs::AcceptChannel`] message for an
8162         /// inbound channel. If the intention is to accept an inbound channel, use
8163         /// [`InboundV1Channel::accept_inbound_channel`] instead.
8164         ///
8165         /// [`msgs::AcceptChannelV2`]: crate::ln::msgs::AcceptChannelV2
8166         fn generate_accept_channel_v2_message(&self) -> msgs::AcceptChannelV2 {
8167                 let first_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(
8168                         self.context.cur_holder_commitment_transaction_number, &self.context.secp_ctx);
8169                 let second_per_commitment_point = self.context.holder_signer.as_ref().get_per_commitment_point(
8170                         self.context.cur_holder_commitment_transaction_number - 1, &self.context.secp_ctx);
8171                 let keys = self.context.get_holder_pubkeys();
8172
8173                 msgs::AcceptChannelV2 {
8174                         common_fields: msgs::CommonAcceptChannelFields {
8175                                 temporary_channel_id: self.context.temporary_channel_id.unwrap(),
8176                                 dust_limit_satoshis: self.context.holder_dust_limit_satoshis,
8177                                 max_htlc_value_in_flight_msat: self.context.holder_max_htlc_value_in_flight_msat,
8178                                 htlc_minimum_msat: self.context.holder_htlc_minimum_msat,
8179                                 minimum_depth: self.context.minimum_depth.unwrap(),
8180                                 to_self_delay: self.context.get_holder_selected_contest_delay(),
8181                                 max_accepted_htlcs: self.context.holder_max_accepted_htlcs,
8182                                 funding_pubkey: keys.funding_pubkey,
8183                                 revocation_basepoint: keys.revocation_basepoint.to_public_key(),
8184                                 payment_basepoint: keys.payment_point,
8185                                 delayed_payment_basepoint: keys.delayed_payment_basepoint.to_public_key(),
8186                                 htlc_basepoint: keys.htlc_basepoint.to_public_key(),
8187                                 first_per_commitment_point,
8188                                 shutdown_scriptpubkey: Some(match &self.context.shutdown_scriptpubkey {
8189                                         Some(script) => script.clone().into_inner(),
8190                                         None => Builder::new().into_script(),
8191                                 }),
8192                                 channel_type: Some(self.context.channel_type.clone()),
8193                         },
8194                         funding_satoshis: self.dual_funding_context.our_funding_satoshis,
8195                         second_per_commitment_point,
8196                         require_confirmed_inputs: None,
8197                 }
8198         }
8199
8200         /// Enables the possibility for tests to extract a [`msgs::AcceptChannelV2`] message for an
8201         /// inbound channel without accepting it.
8202         ///
8203         /// [`msgs::AcceptChannelV2`]: crate::ln::msgs::AcceptChannelV2
8204         #[cfg(test)]
8205         pub fn get_accept_channel_v2_message(&self) -> msgs::AcceptChannelV2 {
8206                 self.generate_accept_channel_v2_message()
8207         }
8208 }
8209
8210 // Unfunded channel utilities
8211
8212 fn get_initial_channel_type(config: &UserConfig, their_features: &InitFeatures) -> ChannelTypeFeatures {
8213         // The default channel type (ie the first one we try) depends on whether the channel is
8214         // public - if it is, we just go with `only_static_remotekey` as it's the only option
8215         // available. If it's private, we first try `scid_privacy` as it provides better privacy
8216         // with no other changes, and fall back to `only_static_remotekey`.
8217         let mut ret = ChannelTypeFeatures::only_static_remote_key();
8218         if !config.channel_handshake_config.announced_channel &&
8219                 config.channel_handshake_config.negotiate_scid_privacy &&
8220                 their_features.supports_scid_privacy() {
8221                 ret.set_scid_privacy_required();
8222         }
8223
8224         // Optionally, if the user would like to negotiate the `anchors_zero_fee_htlc_tx` option, we
8225         // set it now. If they don't understand it, we'll fall back to our default of
8226         // `only_static_remotekey`.
8227         if config.channel_handshake_config.negotiate_anchors_zero_fee_htlc_tx &&
8228                 their_features.supports_anchors_zero_fee_htlc_tx() {
8229                 ret.set_anchors_zero_fee_htlc_tx_required();
8230         }
8231
8232         ret
8233 }
8234
8235 const SERIALIZATION_VERSION: u8 = 3;
8236 const MIN_SERIALIZATION_VERSION: u8 = 3;
8237
8238 impl_writeable_tlv_based_enum!(InboundHTLCRemovalReason,;
8239         (0, FailRelay),
8240         (1, FailMalformed),
8241         (2, Fulfill),
8242 );
8243
8244 impl Writeable for ChannelUpdateStatus {
8245         fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
8246                 // We only care about writing out the current state as it was announced, ie only either
8247                 // Enabled or Disabled. In the case of DisabledStaged, we most recently announced the
8248                 // channel as enabled, so we write 0. For EnabledStaged, we similarly write a 1.
8249                 match self {
8250                         ChannelUpdateStatus::Enabled => 0u8.write(writer)?,
8251                         ChannelUpdateStatus::DisabledStaged(_) => 0u8.write(writer)?,
8252                         ChannelUpdateStatus::EnabledStaged(_) => 1u8.write(writer)?,
8253                         ChannelUpdateStatus::Disabled => 1u8.write(writer)?,
8254                 }
8255                 Ok(())
8256         }
8257 }
8258
8259 impl Readable for ChannelUpdateStatus {
8260         fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
8261                 Ok(match <u8 as Readable>::read(reader)? {
8262                         0 => ChannelUpdateStatus::Enabled,
8263                         1 => ChannelUpdateStatus::Disabled,
8264                         _ => return Err(DecodeError::InvalidValue),
8265                 })
8266         }
8267 }
8268
8269 impl Writeable for AnnouncementSigsState {
8270         fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
8271                 // We only care about writing out the current state as if we had just disconnected, at
8272                 // which point we always set anything but AnnouncementSigsReceived to NotSent.
8273                 match self {
8274                         AnnouncementSigsState::NotSent => 0u8.write(writer),
8275                         AnnouncementSigsState::MessageSent => 0u8.write(writer),
8276                         AnnouncementSigsState::Committed => 0u8.write(writer),
8277                         AnnouncementSigsState::PeerReceived => 1u8.write(writer),
8278                 }
8279         }
8280 }
8281
8282 impl Readable for AnnouncementSigsState {
8283         fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
8284                 Ok(match <u8 as Readable>::read(reader)? {
8285                         0 => AnnouncementSigsState::NotSent,
8286                         1 => AnnouncementSigsState::PeerReceived,
8287                         _ => return Err(DecodeError::InvalidValue),
8288                 })
8289         }
8290 }
8291
8292 impl<SP: Deref> Writeable for Channel<SP> where SP::Target: SignerProvider {
8293         fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
8294                 // Note that we write out as if remove_uncommitted_htlcs_and_mark_paused had just been
8295                 // called.
8296
8297                 write_ver_prefix!(writer, MIN_SERIALIZATION_VERSION, MIN_SERIALIZATION_VERSION);
8298
8299                 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
8300                 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We write
8301                 // the low bytes now and the optional high bytes later.
8302                 let user_id_low = self.context.user_id as u64;
8303                 user_id_low.write(writer)?;
8304
8305                 // Version 1 deserializers expected to read parts of the config object here. Version 2
8306                 // deserializers (0.0.99) now read config through TLVs, and as we now require them for
8307                 // `minimum_depth` we simply write dummy values here.
8308                 writer.write_all(&[0; 8])?;
8309
8310                 self.context.channel_id.write(writer)?;
8311                 {
8312                         let mut channel_state = self.context.channel_state;
8313                         if matches!(channel_state, ChannelState::AwaitingChannelReady(_)|ChannelState::ChannelReady(_)) {
8314                                 channel_state.set_peer_disconnected();
8315                         } else {
8316                                 debug_assert!(false, "Pre-funded/shutdown channels should not be written");
8317                         }
8318                         channel_state.to_u32().write(writer)?;
8319                 }
8320                 self.context.channel_value_satoshis.write(writer)?;
8321
8322                 self.context.latest_monitor_update_id.write(writer)?;
8323
8324                 // Write out the old serialization for shutdown_pubkey for backwards compatibility, if
8325                 // deserialized from that format.
8326                 match self.context.shutdown_scriptpubkey.as_ref().and_then(|script| script.as_legacy_pubkey()) {
8327                         Some(shutdown_pubkey) => shutdown_pubkey.write(writer)?,
8328                         None => [0u8; PUBLIC_KEY_SIZE].write(writer)?,
8329                 }
8330                 self.context.destination_script.write(writer)?;
8331
8332                 self.context.cur_holder_commitment_transaction_number.write(writer)?;
8333                 self.context.cur_counterparty_commitment_transaction_number.write(writer)?;
8334                 self.context.value_to_self_msat.write(writer)?;
8335
8336                 let mut dropped_inbound_htlcs = 0;
8337                 for htlc in self.context.pending_inbound_htlcs.iter() {
8338                         if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
8339                                 dropped_inbound_htlcs += 1;
8340                         }
8341                 }
8342                 (self.context.pending_inbound_htlcs.len() as u64 - dropped_inbound_htlcs).write(writer)?;
8343                 for htlc in self.context.pending_inbound_htlcs.iter() {
8344                         if let &InboundHTLCState::RemoteAnnounced(_) = &htlc.state {
8345                                 continue; // Drop
8346                         }
8347                         htlc.htlc_id.write(writer)?;
8348                         htlc.amount_msat.write(writer)?;
8349                         htlc.cltv_expiry.write(writer)?;
8350                         htlc.payment_hash.write(writer)?;
8351                         match &htlc.state {
8352                                 &InboundHTLCState::RemoteAnnounced(_) => unreachable!(),
8353                                 &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(ref htlc_state) => {
8354                                         1u8.write(writer)?;
8355                                         htlc_state.write(writer)?;
8356                                 },
8357                                 &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(ref htlc_state) => {
8358                                         2u8.write(writer)?;
8359                                         htlc_state.write(writer)?;
8360                                 },
8361                                 &InboundHTLCState::Committed => {
8362                                         3u8.write(writer)?;
8363                                 },
8364                                 &InboundHTLCState::LocalRemoved(ref removal_reason) => {
8365                                         4u8.write(writer)?;
8366                                         removal_reason.write(writer)?;
8367                                 },
8368                         }
8369                 }
8370
8371                 let mut preimages: Vec<&Option<PaymentPreimage>> = vec![];
8372                 let mut pending_outbound_skimmed_fees: Vec<Option<u64>> = Vec::new();
8373                 let mut pending_outbound_blinding_points: Vec<Option<PublicKey>> = Vec::new();
8374
8375                 (self.context.pending_outbound_htlcs.len() as u64).write(writer)?;
8376                 for htlc in self.context.pending_outbound_htlcs.iter() {
8377                         htlc.htlc_id.write(writer)?;
8378                         htlc.amount_msat.write(writer)?;
8379                         htlc.cltv_expiry.write(writer)?;
8380                         htlc.payment_hash.write(writer)?;
8381                         htlc.source.write(writer)?;
8382                         match &htlc.state {
8383                                 &OutboundHTLCState::LocalAnnounced(ref onion_packet) => {
8384                                         0u8.write(writer)?;
8385                                         onion_packet.write(writer)?;
8386                                 },
8387                                 &OutboundHTLCState::Committed => {
8388                                         1u8.write(writer)?;
8389                                 },
8390                                 &OutboundHTLCState::RemoteRemoved(_) => {
8391                                         // Treat this as a Committed because we haven't received the CS - they'll
8392                                         // resend the claim/fail on reconnect as we all (hopefully) the missing CS.
8393                                         1u8.write(writer)?;
8394                                 },
8395                                 &OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref outcome) => {
8396                                         3u8.write(writer)?;
8397                                         if let OutboundHTLCOutcome::Success(preimage) = outcome {
8398                                                 preimages.push(preimage);
8399                                         }
8400                                         let reason: Option<&HTLCFailReason> = outcome.into();
8401                                         reason.write(writer)?;
8402                                 }
8403                                 &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref outcome) => {
8404                                         4u8.write(writer)?;
8405                                         if let OutboundHTLCOutcome::Success(preimage) = outcome {
8406                                                 preimages.push(preimage);
8407                                         }
8408                                         let reason: Option<&HTLCFailReason> = outcome.into();
8409                                         reason.write(writer)?;
8410                                 }
8411                         }
8412                         pending_outbound_skimmed_fees.push(htlc.skimmed_fee_msat);
8413                         pending_outbound_blinding_points.push(htlc.blinding_point);
8414                 }
8415
8416                 let mut holding_cell_skimmed_fees: Vec<Option<u64>> = Vec::new();
8417                 let mut holding_cell_blinding_points: Vec<Option<PublicKey>> = Vec::new();
8418                 // Vec of (htlc_id, failure_code, sha256_of_onion)
8419                 let mut malformed_htlcs: Vec<(u64, u16, [u8; 32])> = Vec::new();
8420                 (self.context.holding_cell_htlc_updates.len() as u64).write(writer)?;
8421                 for update in self.context.holding_cell_htlc_updates.iter() {
8422                         match update {
8423                                 &HTLCUpdateAwaitingACK::AddHTLC {
8424                                         ref amount_msat, ref cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet,
8425                                         blinding_point, skimmed_fee_msat,
8426                                 } => {
8427                                         0u8.write(writer)?;
8428                                         amount_msat.write(writer)?;
8429                                         cltv_expiry.write(writer)?;
8430                                         payment_hash.write(writer)?;
8431                                         source.write(writer)?;
8432                                         onion_routing_packet.write(writer)?;
8433
8434                                         holding_cell_skimmed_fees.push(skimmed_fee_msat);
8435                                         holding_cell_blinding_points.push(blinding_point);
8436                                 },
8437                                 &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, ref htlc_id } => {
8438                                         1u8.write(writer)?;
8439                                         payment_preimage.write(writer)?;
8440                                         htlc_id.write(writer)?;
8441                                 },
8442                                 &HTLCUpdateAwaitingACK::FailHTLC { ref htlc_id, ref err_packet } => {
8443                                         2u8.write(writer)?;
8444                                         htlc_id.write(writer)?;
8445                                         err_packet.write(writer)?;
8446                                 }
8447                                 &HTLCUpdateAwaitingACK::FailMalformedHTLC {
8448                                         htlc_id, failure_code, sha256_of_onion
8449                                 } => {
8450                                         // We don't want to break downgrading by adding a new variant, so write a dummy
8451                                         // `::FailHTLC` variant and write the real malformed error as an optional TLV.
8452                                         malformed_htlcs.push((htlc_id, failure_code, sha256_of_onion));
8453
8454                                         let dummy_err_packet = msgs::OnionErrorPacket { data: Vec::new() };
8455                                         2u8.write(writer)?;
8456                                         htlc_id.write(writer)?;
8457                                         dummy_err_packet.write(writer)?;
8458                                 }
8459                         }
8460                 }
8461
8462                 match self.context.resend_order {
8463                         RAACommitmentOrder::CommitmentFirst => 0u8.write(writer)?,
8464                         RAACommitmentOrder::RevokeAndACKFirst => 1u8.write(writer)?,
8465                 }
8466
8467                 self.context.monitor_pending_channel_ready.write(writer)?;
8468                 self.context.monitor_pending_revoke_and_ack.write(writer)?;
8469                 self.context.monitor_pending_commitment_signed.write(writer)?;
8470
8471                 (self.context.monitor_pending_forwards.len() as u64).write(writer)?;
8472                 for &(ref pending_forward, ref htlc_id) in self.context.monitor_pending_forwards.iter() {
8473                         pending_forward.write(writer)?;
8474                         htlc_id.write(writer)?;
8475                 }
8476
8477                 (self.context.monitor_pending_failures.len() as u64).write(writer)?;
8478                 for &(ref htlc_source, ref payment_hash, ref fail_reason) in self.context.monitor_pending_failures.iter() {
8479                         htlc_source.write(writer)?;
8480                         payment_hash.write(writer)?;
8481                         fail_reason.write(writer)?;
8482                 }
8483
8484                 if self.context.is_outbound() {
8485                         self.context.pending_update_fee.map(|(a, _)| a).write(writer)?;
8486                 } else if let Some((feerate, FeeUpdateState::AwaitingRemoteRevokeToAnnounce)) = self.context.pending_update_fee {
8487                         Some(feerate).write(writer)?;
8488                 } else {
8489                         // As for inbound HTLCs, if the update was only announced and never committed in a
8490                         // commitment_signed, drop it.
8491                         None::<u32>.write(writer)?;
8492                 }
8493                 self.context.holding_cell_update_fee.write(writer)?;
8494
8495                 self.context.next_holder_htlc_id.write(writer)?;
8496                 (self.context.next_counterparty_htlc_id - dropped_inbound_htlcs).write(writer)?;
8497                 self.context.update_time_counter.write(writer)?;
8498                 self.context.feerate_per_kw.write(writer)?;
8499
8500                 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
8501                 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
8502                 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
8503                 // consider the stale state on reload.
8504                 0u8.write(writer)?;
8505
8506                 self.context.funding_tx_confirmed_in.write(writer)?;
8507                 self.context.funding_tx_confirmation_height.write(writer)?;
8508                 self.context.short_channel_id.write(writer)?;
8509
8510                 self.context.counterparty_dust_limit_satoshis.write(writer)?;
8511                 self.context.holder_dust_limit_satoshis.write(writer)?;
8512                 self.context.counterparty_max_htlc_value_in_flight_msat.write(writer)?;
8513
8514                 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
8515                 self.context.counterparty_selected_channel_reserve_satoshis.unwrap_or(0).write(writer)?;
8516
8517                 self.context.counterparty_htlc_minimum_msat.write(writer)?;
8518                 self.context.holder_htlc_minimum_msat.write(writer)?;
8519                 self.context.counterparty_max_accepted_htlcs.write(writer)?;
8520
8521                 // Note that this field is ignored by 0.0.99+ as the TLV Optional variant is used instead.
8522                 self.context.minimum_depth.unwrap_or(0).write(writer)?;
8523
8524                 match &self.context.counterparty_forwarding_info {
8525                         Some(info) => {
8526                                 1u8.write(writer)?;
8527                                 info.fee_base_msat.write(writer)?;
8528                                 info.fee_proportional_millionths.write(writer)?;
8529                                 info.cltv_expiry_delta.write(writer)?;
8530                         },
8531                         None => 0u8.write(writer)?
8532                 }
8533
8534                 self.context.channel_transaction_parameters.write(writer)?;
8535                 self.context.funding_transaction.write(writer)?;
8536
8537                 self.context.counterparty_cur_commitment_point.write(writer)?;
8538                 self.context.counterparty_prev_commitment_point.write(writer)?;
8539                 self.context.counterparty_node_id.write(writer)?;
8540
8541                 self.context.counterparty_shutdown_scriptpubkey.write(writer)?;
8542
8543                 self.context.commitment_secrets.write(writer)?;
8544
8545                 self.context.channel_update_status.write(writer)?;
8546
8547                 #[cfg(any(test, fuzzing))]
8548                 (self.context.historical_inbound_htlc_fulfills.len() as u64).write(writer)?;
8549                 #[cfg(any(test, fuzzing))]
8550                 for htlc in self.context.historical_inbound_htlc_fulfills.iter() {
8551                         htlc.write(writer)?;
8552                 }
8553
8554                 // If the channel type is something other than only-static-remote-key, then we need to have
8555                 // older clients fail to deserialize this channel at all. If the type is
8556                 // only-static-remote-key, we simply consider it "default" and don't write the channel type
8557                 // out at all.
8558                 let chan_type = if self.context.channel_type != ChannelTypeFeatures::only_static_remote_key() {
8559                         Some(&self.context.channel_type) } else { None };
8560
8561                 // The same logic applies for `holder_selected_channel_reserve_satoshis` values other than
8562                 // the default, and when `holder_max_htlc_value_in_flight_msat` is configured to be set to
8563                 // a different percentage of the channel value then 10%, which older versions of LDK used
8564                 // to set it to before the percentage was made configurable.
8565                 let serialized_holder_selected_reserve =
8566                         if self.context.holder_selected_channel_reserve_satoshis != get_legacy_default_holder_selected_channel_reserve_satoshis(self.context.channel_value_satoshis)
8567                         { Some(self.context.holder_selected_channel_reserve_satoshis) } else { None };
8568
8569                 let mut old_max_in_flight_percent_config = UserConfig::default().channel_handshake_config;
8570                 old_max_in_flight_percent_config.max_inbound_htlc_value_in_flight_percent_of_channel = MAX_IN_FLIGHT_PERCENT_LEGACY;
8571                 let serialized_holder_htlc_max_in_flight =
8572                         if self.context.holder_max_htlc_value_in_flight_msat != get_holder_max_htlc_value_in_flight_msat(self.context.channel_value_satoshis, &old_max_in_flight_percent_config)
8573                         { Some(self.context.holder_max_htlc_value_in_flight_msat) } else { None };
8574
8575                 let channel_pending_event_emitted = Some(self.context.channel_pending_event_emitted);
8576                 let channel_ready_event_emitted = Some(self.context.channel_ready_event_emitted);
8577
8578                 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
8579                 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. Therefore,
8580                 // we write the high bytes as an option here.
8581                 let user_id_high_opt = Some((self.context.user_id >> 64) as u64);
8582
8583                 let holder_max_accepted_htlcs = if self.context.holder_max_accepted_htlcs == DEFAULT_MAX_HTLCS { None } else { Some(self.context.holder_max_accepted_htlcs) };
8584
8585                 write_tlv_fields!(writer, {
8586                         (0, self.context.announcement_sigs, option),
8587                         // minimum_depth and counterparty_selected_channel_reserve_satoshis used to have a
8588                         // default value instead of being Option<>al. Thus, to maintain compatibility we write
8589                         // them twice, once with their original default values above, and once as an option
8590                         // here. On the read side, old versions will simply ignore the odd-type entries here,
8591                         // and new versions map the default values to None and allow the TLV entries here to
8592                         // override that.
8593                         (1, self.context.minimum_depth, option),
8594                         (2, chan_type, option),
8595                         (3, self.context.counterparty_selected_channel_reserve_satoshis, option),
8596                         (4, serialized_holder_selected_reserve, option),
8597                         (5, self.context.config, required),
8598                         (6, serialized_holder_htlc_max_in_flight, option),
8599                         (7, self.context.shutdown_scriptpubkey, option),
8600                         (8, self.context.blocked_monitor_updates, optional_vec),
8601                         (9, self.context.target_closing_feerate_sats_per_kw, option),
8602                         (11, self.context.monitor_pending_finalized_fulfills, required_vec),
8603                         (13, self.context.channel_creation_height, required),
8604                         (15, preimages, required_vec),
8605                         (17, self.context.announcement_sigs_state, required),
8606                         (19, self.context.latest_inbound_scid_alias, option),
8607                         (21, self.context.outbound_scid_alias, required),
8608                         (23, channel_ready_event_emitted, option),
8609                         (25, user_id_high_opt, option),
8610                         (27, self.context.channel_keys_id, required),
8611                         (28, holder_max_accepted_htlcs, option),
8612                         (29, self.context.temporary_channel_id, option),
8613                         (31, channel_pending_event_emitted, option),
8614                         (35, pending_outbound_skimmed_fees, optional_vec),
8615                         (37, holding_cell_skimmed_fees, optional_vec),
8616                         (38, self.context.is_batch_funding, option),
8617                         (39, pending_outbound_blinding_points, optional_vec),
8618                         (41, holding_cell_blinding_points, optional_vec),
8619                         (43, malformed_htlcs, optional_vec), // Added in 0.0.119
8620                         (45, self.context.local_initiated_shutdown, option), // Added in 0.0.122
8621                 });
8622
8623                 Ok(())
8624         }
8625 }
8626
8627 const MAX_ALLOC_SIZE: usize = 64*1024;
8628 impl<'a, 'b, 'c, ES: Deref, SP: Deref> ReadableArgs<(&'a ES, &'b SP, u32, &'c ChannelTypeFeatures)> for Channel<SP>
8629                 where
8630                         ES::Target: EntropySource,
8631                         SP::Target: SignerProvider
8632 {
8633         fn read<R : io::Read>(reader: &mut R, args: (&'a ES, &'b SP, u32, &'c ChannelTypeFeatures)) -> Result<Self, DecodeError> {
8634                 let (entropy_source, signer_provider, serialized_height, our_supported_features) = args;
8635                 let ver = read_ver_prefix!(reader, SERIALIZATION_VERSION);
8636
8637                 // `user_id` used to be a single u64 value. In order to remain backwards compatible with
8638                 // versions prior to 0.0.113, the u128 is serialized as two separate u64 values. We read
8639                 // the low bytes now and the high bytes later.
8640                 let user_id_low: u64 = Readable::read(reader)?;
8641
8642                 let mut config = Some(LegacyChannelConfig::default());
8643                 if ver == 1 {
8644                         // Read the old serialization of the ChannelConfig from version 0.0.98.
8645                         config.as_mut().unwrap().options.forwarding_fee_proportional_millionths = Readable::read(reader)?;
8646                         config.as_mut().unwrap().options.cltv_expiry_delta = Readable::read(reader)?;
8647                         config.as_mut().unwrap().announced_channel = Readable::read(reader)?;
8648                         config.as_mut().unwrap().commit_upfront_shutdown_pubkey = Readable::read(reader)?;
8649                 } else {
8650                         // Read the 8 bytes of backwards-compatibility ChannelConfig data.
8651                         let mut _val: u64 = Readable::read(reader)?;
8652                 }
8653
8654                 let channel_id = Readable::read(reader)?;
8655                 let channel_state = ChannelState::from_u32(Readable::read(reader)?).map_err(|_| DecodeError::InvalidValue)?;
8656                 let channel_value_satoshis = Readable::read(reader)?;
8657
8658                 let latest_monitor_update_id = Readable::read(reader)?;
8659
8660                 let mut keys_data = None;
8661                 if ver <= 2 {
8662                         // Read the serialize signer bytes. We'll choose to deserialize them or not based on whether
8663                         // the `channel_keys_id` TLV is present below.
8664                         let keys_len: u32 = Readable::read(reader)?;
8665                         keys_data = Some(Vec::with_capacity(cmp::min(keys_len as usize, MAX_ALLOC_SIZE)));
8666                         while keys_data.as_ref().unwrap().len() != keys_len as usize {
8667                                 // Read 1KB at a time to avoid accidentally allocating 4GB on corrupted channel keys
8668                                 let mut data = [0; 1024];
8669                                 let read_slice = &mut data[0..cmp::min(1024, keys_len as usize - keys_data.as_ref().unwrap().len())];
8670                                 reader.read_exact(read_slice)?;
8671                                 keys_data.as_mut().unwrap().extend_from_slice(read_slice);
8672                         }
8673                 }
8674
8675                 // Read the old serialization for shutdown_pubkey, preferring the TLV field later if set.
8676                 let mut shutdown_scriptpubkey = match <PublicKey as Readable>::read(reader) {
8677                         Ok(pubkey) => Some(ShutdownScript::new_p2wpkh_from_pubkey(pubkey)),
8678                         Err(_) => None,
8679                 };
8680                 let destination_script = Readable::read(reader)?;
8681
8682                 let cur_holder_commitment_transaction_number = Readable::read(reader)?;
8683                 let cur_counterparty_commitment_transaction_number = Readable::read(reader)?;
8684                 let value_to_self_msat = Readable::read(reader)?;
8685
8686                 let pending_inbound_htlc_count: u64 = Readable::read(reader)?;
8687
8688                 let mut pending_inbound_htlcs = Vec::with_capacity(cmp::min(pending_inbound_htlc_count as usize, DEFAULT_MAX_HTLCS as usize));
8689                 for _ in 0..pending_inbound_htlc_count {
8690                         pending_inbound_htlcs.push(InboundHTLCOutput {
8691                                 htlc_id: Readable::read(reader)?,
8692                                 amount_msat: Readable::read(reader)?,
8693                                 cltv_expiry: Readable::read(reader)?,
8694                                 payment_hash: Readable::read(reader)?,
8695                                 state: match <u8 as Readable>::read(reader)? {
8696                                         1 => InboundHTLCState::AwaitingRemoteRevokeToAnnounce(Readable::read(reader)?),
8697                                         2 => InboundHTLCState::AwaitingAnnouncedRemoteRevoke(Readable::read(reader)?),
8698                                         3 => InboundHTLCState::Committed,
8699                                         4 => InboundHTLCState::LocalRemoved(Readable::read(reader)?),
8700                                         _ => return Err(DecodeError::InvalidValue),
8701                                 },
8702                         });
8703                 }
8704
8705                 let pending_outbound_htlc_count: u64 = Readable::read(reader)?;
8706                 let mut pending_outbound_htlcs = Vec::with_capacity(cmp::min(pending_outbound_htlc_count as usize, DEFAULT_MAX_HTLCS as usize));
8707                 for _ in 0..pending_outbound_htlc_count {
8708                         pending_outbound_htlcs.push(OutboundHTLCOutput {
8709                                 htlc_id: Readable::read(reader)?,
8710                                 amount_msat: Readable::read(reader)?,
8711                                 cltv_expiry: Readable::read(reader)?,
8712                                 payment_hash: Readable::read(reader)?,
8713                                 source: Readable::read(reader)?,
8714                                 state: match <u8 as Readable>::read(reader)? {
8715                                         0 => OutboundHTLCState::LocalAnnounced(Box::new(Readable::read(reader)?)),
8716                                         1 => OutboundHTLCState::Committed,
8717                                         2 => {
8718                                                 let option: Option<HTLCFailReason> = Readable::read(reader)?;
8719                                                 OutboundHTLCState::RemoteRemoved(option.into())
8720                                         },
8721                                         3 => {
8722                                                 let option: Option<HTLCFailReason> = Readable::read(reader)?;
8723                                                 OutboundHTLCState::AwaitingRemoteRevokeToRemove(option.into())
8724                                         },
8725                                         4 => {
8726                                                 let option: Option<HTLCFailReason> = Readable::read(reader)?;
8727                                                 OutboundHTLCState::AwaitingRemovedRemoteRevoke(option.into())
8728                                         },
8729                                         _ => return Err(DecodeError::InvalidValue),
8730                                 },
8731                                 skimmed_fee_msat: None,
8732                                 blinding_point: None,
8733                         });
8734                 }
8735
8736                 let holding_cell_htlc_update_count: u64 = Readable::read(reader)?;
8737                 let mut holding_cell_htlc_updates = Vec::with_capacity(cmp::min(holding_cell_htlc_update_count as usize, DEFAULT_MAX_HTLCS as usize*2));
8738                 for _ in 0..holding_cell_htlc_update_count {
8739                         holding_cell_htlc_updates.push(match <u8 as Readable>::read(reader)? {
8740                                 0 => HTLCUpdateAwaitingACK::AddHTLC {
8741                                         amount_msat: Readable::read(reader)?,
8742                                         cltv_expiry: Readable::read(reader)?,
8743                                         payment_hash: Readable::read(reader)?,
8744                                         source: Readable::read(reader)?,
8745                                         onion_routing_packet: Readable::read(reader)?,
8746                                         skimmed_fee_msat: None,
8747                                         blinding_point: None,
8748                                 },
8749                                 1 => HTLCUpdateAwaitingACK::ClaimHTLC {
8750                                         payment_preimage: Readable::read(reader)?,
8751                                         htlc_id: Readable::read(reader)?,
8752                                 },
8753                                 2 => HTLCUpdateAwaitingACK::FailHTLC {
8754                                         htlc_id: Readable::read(reader)?,
8755                                         err_packet: Readable::read(reader)?,
8756                                 },
8757                                 _ => return Err(DecodeError::InvalidValue),
8758                         });
8759                 }
8760
8761                 let resend_order = match <u8 as Readable>::read(reader)? {
8762                         0 => RAACommitmentOrder::CommitmentFirst,
8763                         1 => RAACommitmentOrder::RevokeAndACKFirst,
8764                         _ => return Err(DecodeError::InvalidValue),
8765                 };
8766
8767                 let monitor_pending_channel_ready = Readable::read(reader)?;
8768                 let monitor_pending_revoke_and_ack = Readable::read(reader)?;
8769                 let monitor_pending_commitment_signed = Readable::read(reader)?;
8770
8771                 let monitor_pending_forwards_count: u64 = Readable::read(reader)?;
8772                 let mut monitor_pending_forwards = Vec::with_capacity(cmp::min(monitor_pending_forwards_count as usize, DEFAULT_MAX_HTLCS as usize));
8773                 for _ in 0..monitor_pending_forwards_count {
8774                         monitor_pending_forwards.push((Readable::read(reader)?, Readable::read(reader)?));
8775                 }
8776
8777                 let monitor_pending_failures_count: u64 = Readable::read(reader)?;
8778                 let mut monitor_pending_failures = Vec::with_capacity(cmp::min(monitor_pending_failures_count as usize, DEFAULT_MAX_HTLCS as usize));
8779                 for _ in 0..monitor_pending_failures_count {
8780                         monitor_pending_failures.push((Readable::read(reader)?, Readable::read(reader)?, Readable::read(reader)?));
8781                 }
8782
8783                 let pending_update_fee_value: Option<u32> = Readable::read(reader)?;
8784
8785                 let holding_cell_update_fee = Readable::read(reader)?;
8786
8787                 let next_holder_htlc_id = Readable::read(reader)?;
8788                 let next_counterparty_htlc_id = Readable::read(reader)?;
8789                 let update_time_counter = Readable::read(reader)?;
8790                 let feerate_per_kw = Readable::read(reader)?;
8791
8792                 // Versions prior to 0.0.100 expected to read the fields of `last_sent_closing_fee` here,
8793                 // however we are supposed to restart shutdown fee negotiation on reconnect (and wipe
8794                 // `last_send_closing_fee` in `remove_uncommitted_htlcs_and_mark_paused`) so we should never
8795                 // consider the stale state on reload.
8796                 match <u8 as Readable>::read(reader)? {
8797                         0 => {},
8798                         1 => {
8799                                 let _: u32 = Readable::read(reader)?;
8800                                 let _: u64 = Readable::read(reader)?;
8801                                 let _: Signature = Readable::read(reader)?;
8802                         },
8803                         _ => return Err(DecodeError::InvalidValue),
8804                 }
8805
8806                 let funding_tx_confirmed_in = Readable::read(reader)?;
8807                 let funding_tx_confirmation_height = Readable::read(reader)?;
8808                 let short_channel_id = Readable::read(reader)?;
8809
8810                 let counterparty_dust_limit_satoshis = Readable::read(reader)?;
8811                 let holder_dust_limit_satoshis = Readable::read(reader)?;
8812                 let counterparty_max_htlc_value_in_flight_msat = Readable::read(reader)?;
8813                 let mut counterparty_selected_channel_reserve_satoshis = None;
8814                 if ver == 1 {
8815                         // Read the old serialization from version 0.0.98.
8816                         counterparty_selected_channel_reserve_satoshis = Some(Readable::read(reader)?);
8817                 } else {
8818                         // Read the 8 bytes of backwards-compatibility data.
8819                         let _dummy: u64 = Readable::read(reader)?;
8820                 }
8821                 let counterparty_htlc_minimum_msat = Readable::read(reader)?;
8822                 let holder_htlc_minimum_msat = Readable::read(reader)?;
8823                 let counterparty_max_accepted_htlcs = Readable::read(reader)?;
8824
8825                 let mut minimum_depth = None;
8826                 if ver == 1 {
8827                         // Read the old serialization from version 0.0.98.
8828                         minimum_depth = Some(Readable::read(reader)?);
8829                 } else {
8830                         // Read the 4 bytes of backwards-compatibility data.
8831                         let _dummy: u32 = Readable::read(reader)?;
8832                 }
8833
8834                 let counterparty_forwarding_info = match <u8 as Readable>::read(reader)? {
8835                         0 => None,
8836                         1 => Some(CounterpartyForwardingInfo {
8837                                 fee_base_msat: Readable::read(reader)?,
8838                                 fee_proportional_millionths: Readable::read(reader)?,
8839                                 cltv_expiry_delta: Readable::read(reader)?,
8840                         }),
8841                         _ => return Err(DecodeError::InvalidValue),
8842                 };
8843
8844                 let mut channel_parameters: ChannelTransactionParameters = Readable::read(reader)?;
8845                 let funding_transaction: Option<Transaction> = Readable::read(reader)?;
8846
8847                 let counterparty_cur_commitment_point = Readable::read(reader)?;
8848
8849                 let counterparty_prev_commitment_point = Readable::read(reader)?;
8850                 let counterparty_node_id = Readable::read(reader)?;
8851
8852                 let counterparty_shutdown_scriptpubkey = Readable::read(reader)?;
8853                 let commitment_secrets = Readable::read(reader)?;
8854
8855                 let channel_update_status = Readable::read(reader)?;
8856
8857                 #[cfg(any(test, fuzzing))]
8858                 let mut historical_inbound_htlc_fulfills = new_hash_set();
8859                 #[cfg(any(test, fuzzing))]
8860                 {
8861                         let htlc_fulfills_len: u64 = Readable::read(reader)?;
8862                         for _ in 0..htlc_fulfills_len {
8863                                 assert!(historical_inbound_htlc_fulfills.insert(Readable::read(reader)?));
8864                         }
8865                 }
8866
8867                 let pending_update_fee = if let Some(feerate) = pending_update_fee_value {
8868                         Some((feerate, if channel_parameters.is_outbound_from_holder {
8869                                 FeeUpdateState::Outbound
8870                         } else {
8871                                 FeeUpdateState::AwaitingRemoteRevokeToAnnounce
8872                         }))
8873                 } else {
8874                         None
8875                 };
8876
8877                 let mut announcement_sigs = None;
8878                 let mut target_closing_feerate_sats_per_kw = None;
8879                 let mut monitor_pending_finalized_fulfills = Some(Vec::new());
8880                 let mut holder_selected_channel_reserve_satoshis = Some(get_legacy_default_holder_selected_channel_reserve_satoshis(channel_value_satoshis));
8881                 let mut holder_max_htlc_value_in_flight_msat = Some(get_holder_max_htlc_value_in_flight_msat(channel_value_satoshis, &UserConfig::default().channel_handshake_config));
8882                 // Prior to supporting channel type negotiation, all of our channels were static_remotekey
8883                 // only, so we default to that if none was written.
8884                 let mut channel_type = Some(ChannelTypeFeatures::only_static_remote_key());
8885                 let mut channel_creation_height = Some(serialized_height);
8886                 let mut preimages_opt: Option<Vec<Option<PaymentPreimage>>> = None;
8887
8888                 // If we read an old Channel, for simplicity we just treat it as "we never sent an
8889                 // AnnouncementSignatures" which implies we'll re-send it on reconnect, but that's fine.
8890                 let mut announcement_sigs_state = Some(AnnouncementSigsState::NotSent);
8891                 let mut latest_inbound_scid_alias = None;
8892                 let mut outbound_scid_alias = None;
8893                 let mut channel_pending_event_emitted = None;
8894                 let mut channel_ready_event_emitted = None;
8895
8896                 let mut user_id_high_opt: Option<u64> = None;
8897                 let mut channel_keys_id: Option<[u8; 32]> = None;
8898                 let mut temporary_channel_id: Option<ChannelId> = None;
8899                 let mut holder_max_accepted_htlcs: Option<u16> = None;
8900
8901                 let mut blocked_monitor_updates = Some(Vec::new());
8902
8903                 let mut pending_outbound_skimmed_fees_opt: Option<Vec<Option<u64>>> = None;
8904                 let mut holding_cell_skimmed_fees_opt: Option<Vec<Option<u64>>> = None;
8905
8906                 let mut is_batch_funding: Option<()> = None;
8907
8908                 let mut local_initiated_shutdown: Option<()> = None;
8909
8910                 let mut pending_outbound_blinding_points_opt: Option<Vec<Option<PublicKey>>> = None;
8911                 let mut holding_cell_blinding_points_opt: Option<Vec<Option<PublicKey>>> = None;
8912
8913                 let mut malformed_htlcs: Option<Vec<(u64, u16, [u8; 32])>> = None;
8914
8915                 read_tlv_fields!(reader, {
8916                         (0, announcement_sigs, option),
8917                         (1, minimum_depth, option),
8918                         (2, channel_type, option),
8919                         (3, counterparty_selected_channel_reserve_satoshis, option),
8920                         (4, holder_selected_channel_reserve_satoshis, option),
8921                         (5, config, option), // Note that if none is provided we will *not* overwrite the existing one.
8922                         (6, holder_max_htlc_value_in_flight_msat, option),
8923                         (7, shutdown_scriptpubkey, option),
8924                         (8, blocked_monitor_updates, optional_vec),
8925                         (9, target_closing_feerate_sats_per_kw, option),
8926                         (11, monitor_pending_finalized_fulfills, optional_vec),
8927                         (13, channel_creation_height, option),
8928                         (15, preimages_opt, optional_vec),
8929                         (17, announcement_sigs_state, option),
8930                         (19, latest_inbound_scid_alias, option),
8931                         (21, outbound_scid_alias, option),
8932                         (23, channel_ready_event_emitted, option),
8933                         (25, user_id_high_opt, option),
8934                         (27, channel_keys_id, option),
8935                         (28, holder_max_accepted_htlcs, option),
8936                         (29, temporary_channel_id, option),
8937                         (31, channel_pending_event_emitted, option),
8938                         (35, pending_outbound_skimmed_fees_opt, optional_vec),
8939                         (37, holding_cell_skimmed_fees_opt, optional_vec),
8940                         (38, is_batch_funding, option),
8941                         (39, pending_outbound_blinding_points_opt, optional_vec),
8942                         (41, holding_cell_blinding_points_opt, optional_vec),
8943                         (43, malformed_htlcs, optional_vec), // Added in 0.0.119
8944                         (45, local_initiated_shutdown, option),
8945                 });
8946
8947                 let (channel_keys_id, holder_signer) = if let Some(channel_keys_id) = channel_keys_id {
8948                         let mut holder_signer = signer_provider.derive_channel_signer(channel_value_satoshis, channel_keys_id);
8949                         // If we've gotten to the funding stage of the channel, populate the signer with its
8950                         // required channel parameters.
8951                         if channel_state >= ChannelState::FundingNegotiated {
8952                                 holder_signer.provide_channel_parameters(&channel_parameters);
8953                         }
8954                         (channel_keys_id, holder_signer)
8955                 } else {
8956                         // `keys_data` can be `None` if we had corrupted data.
8957                         let keys_data = keys_data.ok_or(DecodeError::InvalidValue)?;
8958                         let holder_signer = signer_provider.read_chan_signer(&keys_data)?;
8959                         (holder_signer.channel_keys_id(), holder_signer)
8960                 };
8961
8962                 if let Some(preimages) = preimages_opt {
8963                         let mut iter = preimages.into_iter();
8964                         for htlc in pending_outbound_htlcs.iter_mut() {
8965                                 match &htlc.state {
8966                                         OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(None)) => {
8967                                                 htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
8968                                         }
8969                                         OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(None)) => {
8970                                                 htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(OutboundHTLCOutcome::Success(iter.next().ok_or(DecodeError::InvalidValue)?));
8971                                         }
8972                                         _ => {}
8973                                 }
8974                         }
8975                         // We expect all preimages to be consumed above
8976                         if iter.next().is_some() {
8977                                 return Err(DecodeError::InvalidValue);
8978                         }
8979                 }
8980
8981                 let chan_features = channel_type.as_ref().unwrap();
8982                 if !chan_features.is_subset(our_supported_features) {
8983                         // If the channel was written by a new version and negotiated with features we don't
8984                         // understand yet, refuse to read it.
8985                         return Err(DecodeError::UnknownRequiredFeature);
8986                 }
8987
8988                 // ChannelTransactionParameters may have had an empty features set upon deserialization.
8989                 // To account for that, we're proactively setting/overriding the field here.
8990                 channel_parameters.channel_type_features = chan_features.clone();
8991
8992                 let mut secp_ctx = Secp256k1::new();
8993                 secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
8994
8995                 // `user_id` used to be a single u64 value. In order to remain backwards
8996                 // compatible with versions prior to 0.0.113, the u128 is serialized as two
8997                 // separate u64 values.
8998                 let user_id = user_id_low as u128 + ((user_id_high_opt.unwrap_or(0) as u128) << 64);
8999
9000                 let holder_max_accepted_htlcs = holder_max_accepted_htlcs.unwrap_or(DEFAULT_MAX_HTLCS);
9001
9002                 if let Some(skimmed_fees) = pending_outbound_skimmed_fees_opt {
9003                         let mut iter = skimmed_fees.into_iter();
9004                         for htlc in pending_outbound_htlcs.iter_mut() {
9005                                 htlc.skimmed_fee_msat = iter.next().ok_or(DecodeError::InvalidValue)?;
9006                         }
9007                         // We expect all skimmed fees to be consumed above
9008                         if iter.next().is_some() { return Err(DecodeError::InvalidValue) }
9009                 }
9010                 if let Some(skimmed_fees) = holding_cell_skimmed_fees_opt {
9011                         let mut iter = skimmed_fees.into_iter();
9012                         for htlc in holding_cell_htlc_updates.iter_mut() {
9013                                 if let HTLCUpdateAwaitingACK::AddHTLC { ref mut skimmed_fee_msat, .. } = htlc {
9014                                         *skimmed_fee_msat = iter.next().ok_or(DecodeError::InvalidValue)?;
9015                                 }
9016                         }
9017                         // We expect all skimmed fees to be consumed above
9018                         if iter.next().is_some() { return Err(DecodeError::InvalidValue) }
9019                 }
9020                 if let Some(blinding_pts) = pending_outbound_blinding_points_opt {
9021                         let mut iter = blinding_pts.into_iter();
9022                         for htlc in pending_outbound_htlcs.iter_mut() {
9023                                 htlc.blinding_point = iter.next().ok_or(DecodeError::InvalidValue)?;
9024                         }
9025                         // We expect all blinding points to be consumed above
9026                         if iter.next().is_some() { return Err(DecodeError::InvalidValue) }
9027                 }
9028                 if let Some(blinding_pts) = holding_cell_blinding_points_opt {
9029                         let mut iter = blinding_pts.into_iter();
9030                         for htlc in holding_cell_htlc_updates.iter_mut() {
9031                                 if let HTLCUpdateAwaitingACK::AddHTLC { ref mut blinding_point, .. } = htlc {
9032                                         *blinding_point = iter.next().ok_or(DecodeError::InvalidValue)?;
9033                                 }
9034                         }
9035                         // We expect all blinding points to be consumed above
9036                         if iter.next().is_some() { return Err(DecodeError::InvalidValue) }
9037                 }
9038
9039                 if let Some(malformed_htlcs) = malformed_htlcs {
9040                         for (malformed_htlc_id, failure_code, sha256_of_onion) in malformed_htlcs {
9041                                 let htlc_idx = holding_cell_htlc_updates.iter().position(|htlc| {
9042                                         if let HTLCUpdateAwaitingACK::FailHTLC { htlc_id, err_packet } = htlc {
9043                                                 let matches = *htlc_id == malformed_htlc_id;
9044                                                 if matches { debug_assert!(err_packet.data.is_empty()) }
9045                                                 matches
9046                                         } else { false }
9047                                 }).ok_or(DecodeError::InvalidValue)?;
9048                                 let malformed_htlc = HTLCUpdateAwaitingACK::FailMalformedHTLC {
9049                                         htlc_id: malformed_htlc_id, failure_code, sha256_of_onion
9050                                 };
9051                                 let _ = core::mem::replace(&mut holding_cell_htlc_updates[htlc_idx], malformed_htlc);
9052                         }
9053                 }
9054
9055                 Ok(Channel {
9056                         context: ChannelContext {
9057                                 user_id,
9058
9059                                 config: config.unwrap(),
9060
9061                                 prev_config: None,
9062
9063                                 // Note that we don't care about serializing handshake limits as we only ever serialize
9064                                 // channel data after the handshake has completed.
9065                                 inbound_handshake_limits_override: None,
9066
9067                                 channel_id,
9068                                 temporary_channel_id,
9069                                 channel_state,
9070                                 announcement_sigs_state: announcement_sigs_state.unwrap(),
9071                                 secp_ctx,
9072                                 channel_value_satoshis,
9073
9074                                 latest_monitor_update_id,
9075
9076                                 holder_signer: ChannelSignerType::Ecdsa(holder_signer),
9077                                 shutdown_scriptpubkey,
9078                                 destination_script,
9079
9080                                 cur_holder_commitment_transaction_number,
9081                                 cur_counterparty_commitment_transaction_number,
9082                                 value_to_self_msat,
9083
9084                                 holder_max_accepted_htlcs,
9085                                 pending_inbound_htlcs,
9086                                 pending_outbound_htlcs,
9087                                 holding_cell_htlc_updates,
9088
9089                                 resend_order,
9090
9091                                 monitor_pending_channel_ready,
9092                                 monitor_pending_revoke_and_ack,
9093                                 monitor_pending_commitment_signed,
9094                                 monitor_pending_forwards,
9095                                 monitor_pending_failures,
9096                                 monitor_pending_finalized_fulfills: monitor_pending_finalized_fulfills.unwrap(),
9097
9098                                 signer_pending_commitment_update: false,
9099                                 signer_pending_funding: false,
9100
9101                                 pending_update_fee,
9102                                 holding_cell_update_fee,
9103                                 next_holder_htlc_id,
9104                                 next_counterparty_htlc_id,
9105                                 update_time_counter,
9106                                 feerate_per_kw,
9107
9108                                 #[cfg(debug_assertions)]
9109                                 holder_max_commitment_tx_output: Mutex::new((0, 0)),
9110                                 #[cfg(debug_assertions)]
9111                                 counterparty_max_commitment_tx_output: Mutex::new((0, 0)),
9112
9113                                 last_sent_closing_fee: None,
9114                                 pending_counterparty_closing_signed: None,
9115                                 expecting_peer_commitment_signed: false,
9116                                 closing_fee_limits: None,
9117                                 target_closing_feerate_sats_per_kw,
9118
9119                                 funding_tx_confirmed_in,
9120                                 funding_tx_confirmation_height,
9121                                 short_channel_id,
9122                                 channel_creation_height: channel_creation_height.unwrap(),
9123
9124                                 counterparty_dust_limit_satoshis,
9125                                 holder_dust_limit_satoshis,
9126                                 counterparty_max_htlc_value_in_flight_msat,
9127                                 holder_max_htlc_value_in_flight_msat: holder_max_htlc_value_in_flight_msat.unwrap(),
9128                                 counterparty_selected_channel_reserve_satoshis,
9129                                 holder_selected_channel_reserve_satoshis: holder_selected_channel_reserve_satoshis.unwrap(),
9130                                 counterparty_htlc_minimum_msat,
9131                                 holder_htlc_minimum_msat,
9132                                 counterparty_max_accepted_htlcs,
9133                                 minimum_depth,
9134
9135                                 counterparty_forwarding_info,
9136
9137                                 channel_transaction_parameters: channel_parameters,
9138                                 funding_transaction,
9139                                 is_batch_funding,
9140
9141                                 counterparty_cur_commitment_point,
9142                                 counterparty_prev_commitment_point,
9143                                 counterparty_node_id,
9144
9145                                 counterparty_shutdown_scriptpubkey,
9146
9147                                 commitment_secrets,
9148
9149                                 channel_update_status,
9150                                 closing_signed_in_flight: false,
9151
9152                                 announcement_sigs,
9153
9154                                 #[cfg(any(test, fuzzing))]
9155                                 next_local_commitment_tx_fee_info_cached: Mutex::new(None),
9156                                 #[cfg(any(test, fuzzing))]
9157                                 next_remote_commitment_tx_fee_info_cached: Mutex::new(None),
9158
9159                                 workaround_lnd_bug_4006: None,
9160                                 sent_message_awaiting_response: None,
9161
9162                                 latest_inbound_scid_alias,
9163                                 // Later in the ChannelManager deserialization phase we scan for channels and assign scid aliases if its missing
9164                                 outbound_scid_alias: outbound_scid_alias.unwrap_or(0),
9165
9166                                 channel_pending_event_emitted: channel_pending_event_emitted.unwrap_or(true),
9167                                 channel_ready_event_emitted: channel_ready_event_emitted.unwrap_or(true),
9168
9169                                 #[cfg(any(test, fuzzing))]
9170                                 historical_inbound_htlc_fulfills,
9171
9172                                 channel_type: channel_type.unwrap(),
9173                                 channel_keys_id,
9174
9175                                 local_initiated_shutdown,
9176
9177                                 blocked_monitor_updates: blocked_monitor_updates.unwrap(),
9178                         },
9179                         #[cfg(dual_funding)]
9180                         dual_funding_channel_context: None,
9181                 })
9182         }
9183 }
9184
9185 #[cfg(test)]
9186 mod tests {
9187         use std::cmp;
9188         use bitcoin::blockdata::constants::ChainHash;
9189         use bitcoin::blockdata::script::{ScriptBuf, Builder};
9190         use bitcoin::blockdata::transaction::{Transaction, TxOut};
9191         use bitcoin::blockdata::opcodes;
9192         use bitcoin::network::constants::Network;
9193         use crate::ln::onion_utils::INVALID_ONION_BLINDING;
9194         use crate::ln::{PaymentHash, PaymentPreimage};
9195         use crate::ln::channel_keys::{RevocationKey, RevocationBasepoint};
9196         use crate::ln::channelmanager::{self, HTLCSource, PaymentId};
9197         use crate::ln::channel::InitFeatures;
9198         use crate::ln::channel::{AwaitingChannelReadyFlags, Channel, ChannelState, InboundHTLCOutput, OutboundV1Channel, InboundV1Channel, OutboundHTLCOutput, InboundHTLCState, OutboundHTLCState, HTLCCandidate, HTLCInitiator, HTLCUpdateAwaitingACK, commit_tx_fee_msat};
9199         use crate::ln::channel::{MAX_FUNDING_SATOSHIS_NO_WUMBO, TOTAL_BITCOIN_SUPPLY_SATOSHIS, MIN_THEIR_CHAN_RESERVE_SATOSHIS};
9200         use crate::ln::features::{ChannelFeatures, ChannelTypeFeatures, NodeFeatures};
9201         use crate::ln::msgs;
9202         use crate::ln::msgs::{ChannelUpdate, DecodeError, UnsignedChannelUpdate, MAX_VALUE_MSAT};
9203         use crate::ln::script::ShutdownScript;
9204         use crate::ln::chan_utils::{self, htlc_success_tx_weight, htlc_timeout_tx_weight};
9205         use crate::chain::BestBlock;
9206         use crate::chain::chaininterface::{FeeEstimator, LowerBoundedFeeEstimator, ConfirmationTarget};
9207         use crate::sign::{ChannelSigner, InMemorySigner, EntropySource, SignerProvider};
9208         use crate::chain::transaction::OutPoint;
9209         use crate::routing::router::{Path, RouteHop};
9210         use crate::util::config::UserConfig;
9211         use crate::util::errors::APIError;
9212         use crate::util::ser::{ReadableArgs, Writeable};
9213         use crate::util::test_utils;
9214         use crate::util::test_utils::{OnGetShutdownScriptpubkey, TestKeysInterface};
9215         use bitcoin::secp256k1::{Secp256k1, ecdsa::Signature};
9216         use bitcoin::secp256k1::ffi::Signature as FFISignature;
9217         use bitcoin::secp256k1::{SecretKey,PublicKey};
9218         use bitcoin::hashes::sha256::Hash as Sha256;
9219         use bitcoin::hashes::Hash;
9220         use bitcoin::hashes::hex::FromHex;
9221         use bitcoin::hash_types::WPubkeyHash;
9222         use bitcoin::blockdata::locktime::absolute::LockTime;
9223         use bitcoin::address::{WitnessProgram, WitnessVersion};
9224         use crate::prelude::*;
9225
9226         #[test]
9227         fn test_channel_state_order() {
9228                 use crate::ln::channel::NegotiatingFundingFlags;
9229                 use crate::ln::channel::AwaitingChannelReadyFlags;
9230                 use crate::ln::channel::ChannelReadyFlags;
9231
9232                 assert!(ChannelState::NegotiatingFunding(NegotiatingFundingFlags::new()) < ChannelState::FundingNegotiated);
9233                 assert!(ChannelState::FundingNegotiated < ChannelState::AwaitingChannelReady(AwaitingChannelReadyFlags::new()));
9234                 assert!(ChannelState::AwaitingChannelReady(AwaitingChannelReadyFlags::new()) < ChannelState::ChannelReady(ChannelReadyFlags::new()));
9235                 assert!(ChannelState::ChannelReady(ChannelReadyFlags::new()) < ChannelState::ShutdownComplete);
9236         }
9237
9238         struct TestFeeEstimator {
9239                 fee_est: u32
9240         }
9241         impl FeeEstimator for TestFeeEstimator {
9242                 fn get_est_sat_per_1000_weight(&self, _: ConfirmationTarget) -> u32 {
9243                         self.fee_est
9244                 }
9245         }
9246
9247         #[test]
9248         fn test_max_funding_satoshis_no_wumbo() {
9249                 assert_eq!(TOTAL_BITCOIN_SUPPLY_SATOSHIS, 21_000_000 * 100_000_000);
9250                 assert!(MAX_FUNDING_SATOSHIS_NO_WUMBO <= TOTAL_BITCOIN_SUPPLY_SATOSHIS,
9251                         "MAX_FUNDING_SATOSHIS_NO_WUMBO is greater than all satoshis in existence");
9252         }
9253
9254         struct Keys {
9255                 signer: InMemorySigner,
9256         }
9257
9258         impl EntropySource for Keys {
9259                 fn get_secure_random_bytes(&self) -> [u8; 32] { [0; 32] }
9260         }
9261
9262         impl SignerProvider for Keys {
9263                 type EcdsaSigner = InMemorySigner;
9264                 #[cfg(taproot)]
9265                 type TaprootSigner = InMemorySigner;
9266
9267                 fn generate_channel_keys_id(&self, _inbound: bool, _channel_value_satoshis: u64, _user_channel_id: u128) -> [u8; 32] {
9268                         self.signer.channel_keys_id()
9269                 }
9270
9271                 fn derive_channel_signer(&self, _channel_value_satoshis: u64, _channel_keys_id: [u8; 32]) -> Self::EcdsaSigner {
9272                         self.signer.clone()
9273                 }
9274
9275                 fn read_chan_signer(&self, _data: &[u8]) -> Result<Self::EcdsaSigner, DecodeError> { panic!(); }
9276
9277                 fn get_destination_script(&self, _channel_keys_id: [u8; 32]) -> Result<ScriptBuf, ()> {
9278                         let secp_ctx = Secp256k1::signing_only();
9279                         let channel_monitor_claim_key = SecretKey::from_slice(&<Vec<u8>>::from_hex("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
9280                         let channel_monitor_claim_key_hash = WPubkeyHash::hash(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());
9281                         Ok(Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(channel_monitor_claim_key_hash).into_script())
9282                 }
9283
9284                 fn get_shutdown_scriptpubkey(&self) -> Result<ShutdownScript, ()> {
9285                         let secp_ctx = Secp256k1::signing_only();
9286                         let channel_close_key = SecretKey::from_slice(&<Vec<u8>>::from_hex("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
9287                         Ok(ShutdownScript::new_p2wpkh_from_pubkey(PublicKey::from_secret_key(&secp_ctx, &channel_close_key)))
9288                 }
9289         }
9290
9291         #[cfg(all(feature = "_test_vectors", not(feature = "grind_signatures")))]
9292         fn public_from_secret_hex(secp_ctx: &Secp256k1<bitcoin::secp256k1::All>, hex: &str) -> PublicKey {
9293                 PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&<Vec<u8>>::from_hex(hex).unwrap()[..]).unwrap())
9294         }
9295
9296         #[test]
9297         fn upfront_shutdown_script_incompatibility() {
9298                 let features = channelmanager::provided_init_features(&UserConfig::default()).clear_shutdown_anysegwit();
9299                 let non_v0_segwit_shutdown_script = ShutdownScript::new_witness_program(
9300                         &WitnessProgram::new(WitnessVersion::V16, &[0, 40]).unwrap(),
9301                 ).unwrap();
9302
9303                 let seed = [42; 32];
9304                 let network = Network::Testnet;
9305                 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
9306                 keys_provider.expect(OnGetShutdownScriptpubkey {
9307                         returns: non_v0_segwit_shutdown_script.clone(),
9308                 });
9309
9310                 let secp_ctx = Secp256k1::new();
9311                 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
9312                 let config = UserConfig::default();
9313                 match OutboundV1Channel::<&TestKeysInterface>::new(&LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 253 }), &&keys_provider, &&keys_provider, node_id, &features, 10000000, 100000, 42, &config, 0, 42, None) {
9314                         Err(APIError::IncompatibleShutdownScript { script }) => {
9315                                 assert_eq!(script.into_inner(), non_v0_segwit_shutdown_script.into_inner());
9316                         },
9317                         Err(e) => panic!("Unexpected error: {:?}", e),
9318                         Ok(_) => panic!("Expected error"),
9319                 }
9320         }
9321
9322         // Check that, during channel creation, we use the same feerate in the open channel message
9323         // as we do in the Channel object creation itself.
9324         #[test]
9325         fn test_open_channel_msg_fee() {
9326                 let original_fee = 253;
9327                 let mut fee_est = TestFeeEstimator{fee_est: original_fee };
9328                 let bounded_fee_estimator = LowerBoundedFeeEstimator::new(&fee_est);
9329                 let secp_ctx = Secp256k1::new();
9330                 let seed = [42; 32];
9331                 let network = Network::Testnet;
9332                 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
9333
9334                 let node_a_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
9335                 let config = UserConfig::default();
9336                 let node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&bounded_fee_estimator, &&keys_provider, &&keys_provider, node_a_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42, None).unwrap();
9337
9338                 // Now change the fee so we can check that the fee in the open_channel message is the
9339                 // same as the old fee.
9340                 fee_est.fee_est = 500;
9341                 let open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
9342                 assert_eq!(open_channel_msg.common_fields.commitment_feerate_sat_per_1000_weight, original_fee);
9343         }
9344
9345         #[test]
9346         fn test_holder_vs_counterparty_dust_limit() {
9347                 // Test that when calculating the local and remote commitment transaction fees, the correct
9348                 // dust limits are used.
9349                 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9350                 let secp_ctx = Secp256k1::new();
9351                 let seed = [42; 32];
9352                 let network = Network::Testnet;
9353                 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
9354                 let logger = test_utils::TestLogger::new();
9355                 let best_block = BestBlock::from_network(network);
9356
9357                 // Go through the flow of opening a channel between two nodes, making sure
9358                 // they have different dust limits.
9359
9360                 // Create Node A's channel pointing to Node B's pubkey
9361                 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
9362                 let config = UserConfig::default();
9363                 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42, None).unwrap();
9364
9365                 // Create Node B's channel by receiving Node A's open_channel message
9366                 // Make sure A's dust limit is as we expect.
9367                 let open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
9368                 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
9369                 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false).unwrap();
9370
9371                 // Node B --> Node A: accept channel, explicitly setting B's dust limit.
9372                 let mut accept_channel_msg = node_b_chan.accept_inbound_channel();
9373                 accept_channel_msg.common_fields.dust_limit_satoshis = 546;
9374                 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
9375                 node_a_chan.context.holder_dust_limit_satoshis = 1560;
9376
9377                 // Node A --> Node B: funding created
9378                 let output_script = node_a_chan.context.get_funding_redeemscript();
9379                 let tx = Transaction { version: 1, lock_time: LockTime::ZERO, input: Vec::new(), output: vec![TxOut {
9380                         value: 10000000, script_pubkey: output_script.clone(),
9381                 }]};
9382                 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
9383                 let funding_created_msg = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, false, &&logger).map_err(|_| ()).unwrap();
9384                 let (_, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg.unwrap(), best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
9385
9386                 // Node B --> Node A: funding signed
9387                 let res = node_a_chan.funding_signed(&funding_signed_msg.unwrap(), best_block, &&keys_provider, &&logger);
9388                 let (mut node_a_chan, _) = if let Ok(res) = res { res } else { panic!(); };
9389
9390                 // Put some inbound and outbound HTLCs in A's channel.
9391                 let htlc_amount_msat = 11_092_000; // put an amount below A's effective dust limit but above B's.
9392                 node_a_chan.context.pending_inbound_htlcs.push(InboundHTLCOutput {
9393                         htlc_id: 0,
9394                         amount_msat: htlc_amount_msat,
9395                         payment_hash: PaymentHash(Sha256::hash(&[42; 32]).to_byte_array()),
9396                         cltv_expiry: 300000000,
9397                         state: InboundHTLCState::Committed,
9398                 });
9399
9400                 node_a_chan.context.pending_outbound_htlcs.push(OutboundHTLCOutput {
9401                         htlc_id: 1,
9402                         amount_msat: htlc_amount_msat, // put an amount below A's dust amount but above B's.
9403                         payment_hash: PaymentHash(Sha256::hash(&[43; 32]).to_byte_array()),
9404                         cltv_expiry: 200000000,
9405                         state: OutboundHTLCState::Committed,
9406                         source: HTLCSource::OutboundRoute {
9407                                 path: Path { hops: Vec::new(), blinded_tail: None },
9408                                 session_priv: SecretKey::from_slice(&<Vec<u8>>::from_hex("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
9409                                 first_hop_htlc_msat: 548,
9410                                 payment_id: PaymentId([42; 32]),
9411                         },
9412                         skimmed_fee_msat: None,
9413                         blinding_point: None,
9414                 });
9415
9416                 // Make sure when Node A calculates their local commitment transaction, none of the HTLCs pass
9417                 // the dust limit check.
9418                 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
9419                 let local_commit_tx_fee = node_a_chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
9420                 let local_commit_fee_0_htlcs = commit_tx_fee_msat(node_a_chan.context.feerate_per_kw, 0, node_a_chan.context.get_channel_type());
9421                 assert_eq!(local_commit_tx_fee, local_commit_fee_0_htlcs);
9422
9423                 // Finally, make sure that when Node A calculates the remote's commitment transaction fees, all
9424                 // of the HTLCs are seen to be above the dust limit.
9425                 node_a_chan.context.channel_transaction_parameters.is_outbound_from_holder = false;
9426                 let remote_commit_fee_3_htlcs = commit_tx_fee_msat(node_a_chan.context.feerate_per_kw, 3, node_a_chan.context.get_channel_type());
9427                 let htlc_candidate = HTLCCandidate::new(htlc_amount_msat, HTLCInitiator::LocalOffered);
9428                 let remote_commit_tx_fee = node_a_chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
9429                 assert_eq!(remote_commit_tx_fee, remote_commit_fee_3_htlcs);
9430         }
9431
9432         #[test]
9433         fn test_timeout_vs_success_htlc_dust_limit() {
9434                 // Make sure that when `next_remote_commit_tx_fee_msat` and `next_local_commit_tx_fee_msat`
9435                 // calculate the real dust limits for HTLCs (i.e. the dust limit given by the counterparty
9436                 // *plus* the fees paid for the HTLC) they don't swap `HTLC_SUCCESS_TX_WEIGHT` for
9437                 // `HTLC_TIMEOUT_TX_WEIGHT`, and vice versa.
9438                 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 253 });
9439                 let secp_ctx = Secp256k1::new();
9440                 let seed = [42; 32];
9441                 let network = Network::Testnet;
9442                 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
9443
9444                 let node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
9445                 let config = UserConfig::default();
9446                 let mut chan = OutboundV1Channel::<&TestKeysInterface>::new(&fee_est, &&keys_provider, &&keys_provider, node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42, None).unwrap();
9447
9448                 let commitment_tx_fee_0_htlcs = commit_tx_fee_msat(chan.context.feerate_per_kw, 0, chan.context.get_channel_type());
9449                 let commitment_tx_fee_1_htlc = commit_tx_fee_msat(chan.context.feerate_per_kw, 1, chan.context.get_channel_type());
9450
9451                 // If HTLC_SUCCESS_TX_WEIGHT and HTLC_TIMEOUT_TX_WEIGHT were swapped: then this HTLC would be
9452                 // counted as dust when it shouldn't be.
9453                 let htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.holder_dust_limit_satoshis + 1) * 1000;
9454                 let htlc_candidate = HTLCCandidate::new(htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
9455                 let commitment_tx_fee = chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
9456                 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
9457
9458                 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
9459                 let dust_htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.holder_dust_limit_satoshis - 1) * 1000;
9460                 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_below_success, HTLCInitiator::RemoteOffered);
9461                 let commitment_tx_fee = chan.context.next_local_commit_tx_fee_msat(htlc_candidate, None);
9462                 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
9463
9464                 chan.context.channel_transaction_parameters.is_outbound_from_holder = false;
9465
9466                 // If swapped: this HTLC would be counted as non-dust when it shouldn't be.
9467                 let dust_htlc_amt_above_timeout = ((253 * htlc_timeout_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.counterparty_dust_limit_satoshis + 1) * 1000;
9468                 let htlc_candidate = HTLCCandidate::new(dust_htlc_amt_above_timeout, HTLCInitiator::LocalOffered);
9469                 let commitment_tx_fee = chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
9470                 assert_eq!(commitment_tx_fee, commitment_tx_fee_0_htlcs);
9471
9472                 // If swapped: this HTLC would be counted as dust when it shouldn't be.
9473                 let htlc_amt_below_success = ((253 * htlc_success_tx_weight(chan.context.get_channel_type()) / 1000) + chan.context.counterparty_dust_limit_satoshis - 1) * 1000;
9474                 let htlc_candidate = HTLCCandidate::new(htlc_amt_below_success, HTLCInitiator::RemoteOffered);
9475                 let commitment_tx_fee = chan.context.next_remote_commit_tx_fee_msat(htlc_candidate, None);
9476                 assert_eq!(commitment_tx_fee, commitment_tx_fee_1_htlc);
9477         }
9478
9479         #[test]
9480         fn channel_reestablish_no_updates() {
9481                 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9482                 let logger = test_utils::TestLogger::new();
9483                 let secp_ctx = Secp256k1::new();
9484                 let seed = [42; 32];
9485                 let network = Network::Testnet;
9486                 let best_block = BestBlock::from_network(network);
9487                 let chain_hash = ChainHash::using_genesis_block(network);
9488                 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
9489
9490                 // Go through the flow of opening a channel between two nodes.
9491
9492                 // Create Node A's channel pointing to Node B's pubkey
9493                 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
9494                 let config = UserConfig::default();
9495                 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42, None).unwrap();
9496
9497                 // Create Node B's channel by receiving Node A's open_channel message
9498                 let open_channel_msg = node_a_chan.get_open_channel(chain_hash);
9499                 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
9500                 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false).unwrap();
9501
9502                 // Node B --> Node A: accept channel
9503                 let accept_channel_msg = node_b_chan.accept_inbound_channel();
9504                 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
9505
9506                 // Node A --> Node B: funding created
9507                 let output_script = node_a_chan.context.get_funding_redeemscript();
9508                 let tx = Transaction { version: 1, lock_time: LockTime::ZERO, input: Vec::new(), output: vec![TxOut {
9509                         value: 10000000, script_pubkey: output_script.clone(),
9510                 }]};
9511                 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
9512                 let funding_created_msg = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, false, &&logger).map_err(|_| ()).unwrap();
9513                 let (mut node_b_chan, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg.unwrap(), best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
9514
9515                 // Node B --> Node A: funding signed
9516                 let res = node_a_chan.funding_signed(&funding_signed_msg.unwrap(), best_block, &&keys_provider, &&logger);
9517                 let (mut node_a_chan, _) = if let Ok(res) = res { res } else { panic!(); };
9518
9519                 // Now disconnect the two nodes and check that the commitment point in
9520                 // Node B's channel_reestablish message is sane.
9521                 assert!(node_b_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger).is_ok());
9522                 let msg = node_b_chan.get_channel_reestablish(&&logger);
9523                 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
9524                 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
9525                 assert_eq!(msg.your_last_per_commitment_secret, [0; 32]);
9526
9527                 // Check that the commitment point in Node A's channel_reestablish message
9528                 // is sane.
9529                 assert!(node_a_chan.remove_uncommitted_htlcs_and_mark_paused(&&logger).is_ok());
9530                 let msg = node_a_chan.get_channel_reestablish(&&logger);
9531                 assert_eq!(msg.next_local_commitment_number, 1); // now called next_commitment_number
9532                 assert_eq!(msg.next_remote_commitment_number, 0); // now called next_revocation_number
9533                 assert_eq!(msg.your_last_per_commitment_secret, [0; 32]);
9534         }
9535
9536         #[test]
9537         fn test_configured_holder_max_htlc_value_in_flight() {
9538                 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9539                 let logger = test_utils::TestLogger::new();
9540                 let secp_ctx = Secp256k1::new();
9541                 let seed = [42; 32];
9542                 let network = Network::Testnet;
9543                 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
9544                 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
9545                 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
9546
9547                 let mut config_2_percent = UserConfig::default();
9548                 config_2_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 2;
9549                 let mut config_99_percent = UserConfig::default();
9550                 config_99_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 99;
9551                 let mut config_0_percent = UserConfig::default();
9552                 config_0_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 0;
9553                 let mut config_101_percent = UserConfig::default();
9554                 config_101_percent.channel_handshake_config.max_inbound_htlc_value_in_flight_percent_of_channel = 101;
9555
9556                 // Test that `OutboundV1Channel::new` creates a channel with the correct value for
9557                 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
9558                 // which is set to the lower bound + 1 (2%) of the `channel_value`.
9559                 let chan_1 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_2_percent), 10000000, 100000, 42, &config_2_percent, 0, 42, None).unwrap();
9560                 let chan_1_value_msat = chan_1.context.channel_value_satoshis * 1000;
9561                 assert_eq!(chan_1.context.holder_max_htlc_value_in_flight_msat, (chan_1_value_msat as f64 * 0.02) as u64);
9562
9563                 // Test with the upper bound - 1 of valid values (99%).
9564                 let chan_2 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_99_percent), 10000000, 100000, 42, &config_99_percent, 0, 42, None).unwrap();
9565                 let chan_2_value_msat = chan_2.context.channel_value_satoshis * 1000;
9566                 assert_eq!(chan_2.context.holder_max_htlc_value_in_flight_msat, (chan_2_value_msat as f64 * 0.99) as u64);
9567
9568                 let chan_1_open_channel_msg = chan_1.get_open_channel(ChainHash::using_genesis_block(network));
9569
9570                 // Test that `InboundV1Channel::new` creates a channel with the correct value for
9571                 // `holder_max_htlc_value_in_flight_msat`, when configured with a valid percentage value,
9572                 // which is set to the lower bound - 1 (2%) of the `channel_value`.
9573                 let chan_3 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_2_percent), &channelmanager::provided_init_features(&config_2_percent), &chan_1_open_channel_msg, 7, &config_2_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
9574                 let chan_3_value_msat = chan_3.context.channel_value_satoshis * 1000;
9575                 assert_eq!(chan_3.context.holder_max_htlc_value_in_flight_msat, (chan_3_value_msat as f64 * 0.02) as u64);
9576
9577                 // Test with the upper bound - 1 of valid values (99%).
9578                 let chan_4 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_99_percent), &channelmanager::provided_init_features(&config_99_percent), &chan_1_open_channel_msg, 7, &config_99_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
9579                 let chan_4_value_msat = chan_4.context.channel_value_satoshis * 1000;
9580                 assert_eq!(chan_4.context.holder_max_htlc_value_in_flight_msat, (chan_4_value_msat as f64 * 0.99) as u64);
9581
9582                 // Test that `OutboundV1Channel::new` uses the lower bound of the configurable percentage values (1%)
9583                 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
9584                 let chan_5 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_0_percent), 10000000, 100000, 42, &config_0_percent, 0, 42, None).unwrap();
9585                 let chan_5_value_msat = chan_5.context.channel_value_satoshis * 1000;
9586                 assert_eq!(chan_5.context.holder_max_htlc_value_in_flight_msat, (chan_5_value_msat as f64 * 0.01) as u64);
9587
9588                 // Test that `OutboundV1Channel::new` uses the upper bound of the configurable percentage values
9589                 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
9590                 // than 100.
9591                 let chan_6 = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&config_101_percent), 10000000, 100000, 42, &config_101_percent, 0, 42, None).unwrap();
9592                 let chan_6_value_msat = chan_6.context.channel_value_satoshis * 1000;
9593                 assert_eq!(chan_6.context.holder_max_htlc_value_in_flight_msat, chan_6_value_msat);
9594
9595                 // Test that `InboundV1Channel::new` uses the lower bound of the configurable percentage values (1%)
9596                 // if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a value less than 1.
9597                 let chan_7 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_0_percent), &channelmanager::provided_init_features(&config_0_percent), &chan_1_open_channel_msg, 7, &config_0_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
9598                 let chan_7_value_msat = chan_7.context.channel_value_satoshis * 1000;
9599                 assert_eq!(chan_7.context.holder_max_htlc_value_in_flight_msat, (chan_7_value_msat as f64 * 0.01) as u64);
9600
9601                 // Test that `InboundV1Channel::new` uses the upper bound of the configurable percentage values
9602                 // (100%) if `max_inbound_htlc_value_in_flight_percent_of_channel` is set to a larger value
9603                 // than 100.
9604                 let chan_8 = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&config_101_percent), &channelmanager::provided_init_features(&config_101_percent), &chan_1_open_channel_msg, 7, &config_101_percent, 0, &&logger, /*is_0conf=*/false).unwrap();
9605                 let chan_8_value_msat = chan_8.context.channel_value_satoshis * 1000;
9606                 assert_eq!(chan_8.context.holder_max_htlc_value_in_flight_msat, chan_8_value_msat);
9607         }
9608
9609         #[test]
9610         fn test_configured_holder_selected_channel_reserve_satoshis() {
9611
9612                 // Test that `OutboundV1Channel::new` and `InboundV1Channel::new` create a channel with the correct
9613                 // channel reserves, when `their_channel_reserve_proportional_millionths` is configured.
9614                 test_self_and_counterparty_channel_reserve(10_000_000, 0.02, 0.02);
9615
9616                 // Test with valid but unreasonably high channel reserves
9617                 // Requesting and accepting parties have requested for 49%-49% and 60%-30% channel reserve
9618                 test_self_and_counterparty_channel_reserve(10_000_000, 0.49, 0.49);
9619                 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.30);
9620
9621                 // Test with calculated channel reserve less than lower bound
9622                 // i.e `MIN_THEIR_CHAN_RESERVE_SATOSHIS`
9623                 test_self_and_counterparty_channel_reserve(100_000, 0.00002, 0.30);
9624
9625                 // Test with invalid channel reserves since sum of both is greater than or equal
9626                 // to channel value
9627                 test_self_and_counterparty_channel_reserve(10_000_000, 0.50, 0.50);
9628                 test_self_and_counterparty_channel_reserve(10_000_000, 0.60, 0.50);
9629         }
9630
9631         fn test_self_and_counterparty_channel_reserve(channel_value_satoshis: u64, outbound_selected_channel_reserve_perc: f64, inbound_selected_channel_reserve_perc: f64) {
9632                 let fee_est = LowerBoundedFeeEstimator::new(&TestFeeEstimator { fee_est: 15_000 });
9633                 let logger = test_utils::TestLogger::new();
9634                 let secp_ctx = Secp256k1::new();
9635                 let seed = [42; 32];
9636                 let network = Network::Testnet;
9637                 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
9638                 let outbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
9639                 let inbound_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
9640
9641
9642                 let mut outbound_node_config = UserConfig::default();
9643                 outbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (outbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
9644                 let chan = OutboundV1Channel::<&TestKeysInterface>::new(&&fee_est, &&keys_provider, &&keys_provider, outbound_node_id, &channelmanager::provided_init_features(&outbound_node_config), channel_value_satoshis, 100_000, 42, &outbound_node_config, 0, 42, None).unwrap();
9645
9646                 let expected_outbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.context.channel_value_satoshis as f64 * outbound_selected_channel_reserve_perc) as u64);
9647                 assert_eq!(chan.context.holder_selected_channel_reserve_satoshis, expected_outbound_selected_chan_reserve);
9648
9649                 let chan_open_channel_msg = chan.get_open_channel(ChainHash::using_genesis_block(network));
9650                 let mut inbound_node_config = UserConfig::default();
9651                 inbound_node_config.channel_handshake_config.their_channel_reserve_proportional_millionths = (inbound_selected_channel_reserve_perc * 1_000_000.0) as u32;
9652
9653                 if outbound_selected_channel_reserve_perc + inbound_selected_channel_reserve_perc < 1.0 {
9654                         let chan_inbound_node = InboundV1Channel::<&TestKeysInterface>::new(&&fee_est, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&inbound_node_config), &channelmanager::provided_init_features(&outbound_node_config), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, /*is_0conf=*/false).unwrap();
9655
9656                         let expected_inbound_selected_chan_reserve = cmp::max(MIN_THEIR_CHAN_RESERVE_SATOSHIS, (chan.context.channel_value_satoshis as f64 * inbound_selected_channel_reserve_perc) as u64);
9657
9658                         assert_eq!(chan_inbound_node.context.holder_selected_channel_reserve_satoshis, expected_inbound_selected_chan_reserve);
9659                         assert_eq!(chan_inbound_node.context.counterparty_selected_channel_reserve_satoshis.unwrap(), expected_outbound_selected_chan_reserve);
9660                 } else {
9661                         // Channel Negotiations failed
9662                         let result = InboundV1Channel::<&TestKeysInterface>::new(&&fee_est, &&keys_provider, &&keys_provider, inbound_node_id, &channelmanager::provided_channel_type_features(&inbound_node_config), &channelmanager::provided_init_features(&outbound_node_config), &chan_open_channel_msg, 7, &inbound_node_config, 0, &&logger, /*is_0conf=*/false);
9663                         assert!(result.is_err());
9664                 }
9665         }
9666
9667         #[test]
9668         fn channel_update() {
9669                 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9670                 let logger = test_utils::TestLogger::new();
9671                 let secp_ctx = Secp256k1::new();
9672                 let seed = [42; 32];
9673                 let network = Network::Testnet;
9674                 let best_block = BestBlock::from_network(network);
9675                 let chain_hash = ChainHash::using_genesis_block(network);
9676                 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
9677
9678                 // Create Node A's channel pointing to Node B's pubkey
9679                 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
9680                 let config = UserConfig::default();
9681                 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42, None).unwrap();
9682
9683                 // Create Node B's channel by receiving Node A's open_channel message
9684                 // Make sure A's dust limit is as we expect.
9685                 let open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
9686                 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
9687                 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false).unwrap();
9688
9689                 // Node B --> Node A: accept channel, explicitly setting B's dust limit.
9690                 let mut accept_channel_msg = node_b_chan.accept_inbound_channel();
9691                 accept_channel_msg.common_fields.dust_limit_satoshis = 546;
9692                 node_a_chan.accept_channel(&accept_channel_msg, &config.channel_handshake_limits, &channelmanager::provided_init_features(&config)).unwrap();
9693                 node_a_chan.context.holder_dust_limit_satoshis = 1560;
9694
9695                 // Node A --> Node B: funding created
9696                 let output_script = node_a_chan.context.get_funding_redeemscript();
9697                 let tx = Transaction { version: 1, lock_time: LockTime::ZERO, input: Vec::new(), output: vec![TxOut {
9698                         value: 10000000, script_pubkey: output_script.clone(),
9699                 }]};
9700                 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
9701                 let funding_created_msg = node_a_chan.get_funding_created(tx.clone(), funding_outpoint, false, &&logger).map_err(|_| ()).unwrap();
9702                 let (_, funding_signed_msg, _) = node_b_chan.funding_created(&funding_created_msg.unwrap(), best_block, &&keys_provider, &&logger).map_err(|_| ()).unwrap();
9703
9704                 // Node B --> Node A: funding signed
9705                 let res = node_a_chan.funding_signed(&funding_signed_msg.unwrap(), best_block, &&keys_provider, &&logger);
9706                 let (mut node_a_chan, _) = if let Ok(res) = res { res } else { panic!(); };
9707
9708                 // Make sure that receiving a channel update will update the Channel as expected.
9709                 let update = ChannelUpdate {
9710                         contents: UnsignedChannelUpdate {
9711                                 chain_hash,
9712                                 short_channel_id: 0,
9713                                 timestamp: 0,
9714                                 flags: 0,
9715                                 cltv_expiry_delta: 100,
9716                                 htlc_minimum_msat: 5,
9717                                 htlc_maximum_msat: MAX_VALUE_MSAT,
9718                                 fee_base_msat: 110,
9719                                 fee_proportional_millionths: 11,
9720                                 excess_data: Vec::new(),
9721                         },
9722                         signature: Signature::from(unsafe { FFISignature::new() })
9723                 };
9724                 assert!(node_a_chan.channel_update(&update).unwrap());
9725
9726                 // The counterparty can send an update with a higher minimum HTLC, but that shouldn't
9727                 // change our official htlc_minimum_msat.
9728                 assert_eq!(node_a_chan.context.holder_htlc_minimum_msat, 1);
9729                 match node_a_chan.context.counterparty_forwarding_info() {
9730                         Some(info) => {
9731                                 assert_eq!(info.cltv_expiry_delta, 100);
9732                                 assert_eq!(info.fee_base_msat, 110);
9733                                 assert_eq!(info.fee_proportional_millionths, 11);
9734                         },
9735                         None => panic!("expected counterparty forwarding info to be Some")
9736                 }
9737
9738                 assert!(!node_a_chan.channel_update(&update).unwrap());
9739         }
9740
9741         #[test]
9742         fn blinding_point_skimmed_fee_malformed_ser() {
9743                 // Ensure that channel blinding points, skimmed fees, and malformed HTLCs are (de)serialized
9744                 // properly.
9745                 let logger = test_utils::TestLogger::new();
9746                 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
9747                 let secp_ctx = Secp256k1::new();
9748                 let seed = [42; 32];
9749                 let network = Network::Testnet;
9750                 let best_block = BestBlock::from_network(network);
9751                 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
9752
9753                 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
9754                 let config = UserConfig::default();
9755                 let features = channelmanager::provided_init_features(&config);
9756                 let mut outbound_chan = OutboundV1Channel::<&TestKeysInterface>::new(
9757                         &feeest, &&keys_provider, &&keys_provider, node_b_node_id, &features, 10000000, 100000, 42, &config, 0, 42, None
9758                 ).unwrap();
9759                 let inbound_chan = InboundV1Channel::<&TestKeysInterface>::new(
9760                         &feeest, &&keys_provider, &&keys_provider, node_b_node_id, &channelmanager::provided_channel_type_features(&config),
9761                         &features, &outbound_chan.get_open_channel(ChainHash::using_genesis_block(network)), 7, &config, 0, &&logger, false
9762                 ).unwrap();
9763                 outbound_chan.accept_channel(&inbound_chan.get_accept_channel_message(), &config.channel_handshake_limits, &features).unwrap();
9764                 let tx = Transaction { version: 1, lock_time: LockTime::ZERO, input: Vec::new(), output: vec![TxOut {
9765                         value: 10000000, script_pubkey: outbound_chan.context.get_funding_redeemscript(),
9766                 }]};
9767                 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
9768                 let funding_created = outbound_chan.get_funding_created(tx.clone(), funding_outpoint, false, &&logger).map_err(|_| ()).unwrap().unwrap();
9769                 let mut chan = match inbound_chan.funding_created(&funding_created, best_block, &&keys_provider, &&logger) {
9770                         Ok((chan, _, _)) => chan,
9771                         Err((_, e)) => panic!("{}", e),
9772                 };
9773
9774                 let dummy_htlc_source = HTLCSource::OutboundRoute {
9775                         path: Path {
9776                                 hops: vec![RouteHop {
9777                                         pubkey: test_utils::pubkey(2), channel_features: ChannelFeatures::empty(),
9778                                         node_features: NodeFeatures::empty(), short_channel_id: 0, fee_msat: 0,
9779                                         cltv_expiry_delta: 0, maybe_announced_channel: false,
9780                                 }],
9781                                 blinded_tail: None
9782                         },
9783                         session_priv: test_utils::privkey(42),
9784                         first_hop_htlc_msat: 0,
9785                         payment_id: PaymentId([42; 32]),
9786                 };
9787                 let dummy_outbound_output = OutboundHTLCOutput {
9788                         htlc_id: 0,
9789                         amount_msat: 0,
9790                         payment_hash: PaymentHash([43; 32]),
9791                         cltv_expiry: 0,
9792                         state: OutboundHTLCState::Committed,
9793                         source: dummy_htlc_source.clone(),
9794                         skimmed_fee_msat: None,
9795                         blinding_point: None,
9796                 };
9797                 let mut pending_outbound_htlcs = vec![dummy_outbound_output.clone(); 10];
9798                 for (idx, htlc) in pending_outbound_htlcs.iter_mut().enumerate() {
9799                         if idx % 2 == 0 {
9800                                 htlc.blinding_point = Some(test_utils::pubkey(42 + idx as u8));
9801                         }
9802                         if idx % 3 == 0 {
9803                                 htlc.skimmed_fee_msat = Some(1);
9804                         }
9805                 }
9806                 chan.context.pending_outbound_htlcs = pending_outbound_htlcs.clone();
9807
9808                 let dummy_holding_cell_add_htlc = HTLCUpdateAwaitingACK::AddHTLC {
9809                         amount_msat: 0,
9810                         cltv_expiry: 0,
9811                         payment_hash: PaymentHash([43; 32]),
9812                         source: dummy_htlc_source.clone(),
9813                         onion_routing_packet: msgs::OnionPacket {
9814                                 version: 0,
9815                                 public_key: Ok(test_utils::pubkey(1)),
9816                                 hop_data: [0; 20*65],
9817                                 hmac: [0; 32]
9818                         },
9819                         skimmed_fee_msat: None,
9820                         blinding_point: None,
9821                 };
9822                 let dummy_holding_cell_claim_htlc = HTLCUpdateAwaitingACK::ClaimHTLC {
9823                         payment_preimage: PaymentPreimage([42; 32]),
9824                         htlc_id: 0,
9825                 };
9826                 let dummy_holding_cell_failed_htlc = |htlc_id| HTLCUpdateAwaitingACK::FailHTLC {
9827                         htlc_id, err_packet: msgs::OnionErrorPacket { data: vec![42] }
9828                 };
9829                 let dummy_holding_cell_malformed_htlc = |htlc_id| HTLCUpdateAwaitingACK::FailMalformedHTLC {
9830                         htlc_id, failure_code: INVALID_ONION_BLINDING, sha256_of_onion: [0; 32],
9831                 };
9832                 let mut holding_cell_htlc_updates = Vec::with_capacity(12);
9833                 for i in 0..12 {
9834                         if i % 5 == 0 {
9835                                 holding_cell_htlc_updates.push(dummy_holding_cell_add_htlc.clone());
9836                         } else if i % 5 == 1 {
9837                                 holding_cell_htlc_updates.push(dummy_holding_cell_claim_htlc.clone());
9838                         } else if i % 5 == 2 {
9839                                 let mut dummy_add = dummy_holding_cell_add_htlc.clone();
9840                                 if let HTLCUpdateAwaitingACK::AddHTLC {
9841                                         ref mut blinding_point, ref mut skimmed_fee_msat, ..
9842                                 } = &mut dummy_add {
9843                                         *blinding_point = Some(test_utils::pubkey(42 + i));
9844                                         *skimmed_fee_msat = Some(42);
9845                                 } else { panic!() }
9846                                 holding_cell_htlc_updates.push(dummy_add);
9847                         } else if i % 5 == 3 {
9848                                 holding_cell_htlc_updates.push(dummy_holding_cell_malformed_htlc(i as u64));
9849                         } else {
9850                                 holding_cell_htlc_updates.push(dummy_holding_cell_failed_htlc(i as u64));
9851                         }
9852                 }
9853                 chan.context.holding_cell_htlc_updates = holding_cell_htlc_updates.clone();
9854
9855                 // Encode and decode the channel and ensure that the HTLCs within are the same.
9856                 let encoded_chan = chan.encode();
9857                 let mut s = crate::io::Cursor::new(&encoded_chan);
9858                 let mut reader = crate::util::ser::FixedLengthReader::new(&mut s, encoded_chan.len() as u64);
9859                 let features = channelmanager::provided_channel_type_features(&config);
9860                 let decoded_chan = Channel::read(&mut reader, (&&keys_provider, &&keys_provider, 0, &features)).unwrap();
9861                 assert_eq!(decoded_chan.context.pending_outbound_htlcs, pending_outbound_htlcs);
9862                 assert_eq!(decoded_chan.context.holding_cell_htlc_updates, holding_cell_htlc_updates);
9863         }
9864
9865         #[cfg(all(feature = "_test_vectors", not(feature = "grind_signatures")))]
9866         #[test]
9867         fn outbound_commitment_test() {
9868                 use bitcoin::sighash;
9869                 use bitcoin::consensus::encode::serialize;
9870                 use bitcoin::sighash::EcdsaSighashType;
9871                 use bitcoin::hashes::hex::FromHex;
9872                 use bitcoin::hash_types::Txid;
9873                 use bitcoin::secp256k1::Message;
9874                 use crate::sign::{ChannelDerivationParameters, HTLCDescriptor, ecdsa::EcdsaChannelSigner};
9875                 use crate::ln::PaymentPreimage;
9876                 use crate::ln::channel::{HTLCOutputInCommitment ,TxCreationKeys};
9877                 use crate::ln::channel_keys::{DelayedPaymentBasepoint, HtlcBasepoint};
9878                 use crate::ln::chan_utils::{ChannelPublicKeys, HolderCommitmentTransaction, CounterpartyChannelTransactionParameters};
9879                 use crate::util::logger::Logger;
9880                 use crate::sync::Arc;
9881                 use core::str::FromStr;
9882                 use hex::DisplayHex;
9883
9884                 // Test vectors from BOLT 3 Appendices C and F (anchors):
9885                 let feeest = TestFeeEstimator{fee_est: 15000};
9886                 let logger : Arc<dyn Logger> = Arc::new(test_utils::TestLogger::new());
9887                 let secp_ctx = Secp256k1::new();
9888
9889                 let mut signer = InMemorySigner::new(
9890                         &secp_ctx,
9891                         SecretKey::from_slice(&<Vec<u8>>::from_hex("30ff4956bbdd3222d44cc5e8a1261dab1e07957bdac5ae88fe3261ef321f3749").unwrap()[..]).unwrap(),
9892                         SecretKey::from_slice(&<Vec<u8>>::from_hex("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap(),
9893                         SecretKey::from_slice(&<Vec<u8>>::from_hex("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
9894                         SecretKey::from_slice(&<Vec<u8>>::from_hex("3333333333333333333333333333333333333333333333333333333333333333").unwrap()[..]).unwrap(),
9895                         SecretKey::from_slice(&<Vec<u8>>::from_hex("1111111111111111111111111111111111111111111111111111111111111111").unwrap()[..]).unwrap(),
9896
9897                         // These aren't set in the test vectors:
9898                         [0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff],
9899                         10_000_000,
9900                         [0; 32],
9901                         [0; 32],
9902                 );
9903
9904                 assert_eq!(signer.pubkeys().funding_pubkey.serialize()[..],
9905                                 <Vec<u8>>::from_hex("023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb").unwrap()[..]);
9906                 let keys_provider = Keys { signer: signer.clone() };
9907
9908                 let counterparty_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
9909                 let mut config = UserConfig::default();
9910                 config.channel_handshake_config.announced_channel = false;
9911                 let mut chan = OutboundV1Channel::<&Keys>::new(&LowerBoundedFeeEstimator::new(&feeest), &&keys_provider, &&keys_provider, counterparty_node_id, &channelmanager::provided_init_features(&config), 10_000_000, 0, 42, &config, 0, 42, None).unwrap(); // Nothing uses their network key in this test
9912                 chan.context.holder_dust_limit_satoshis = 546;
9913                 chan.context.counterparty_selected_channel_reserve_satoshis = Some(0); // Filled in in accept_channel
9914
9915                 let funding_info = OutPoint{ txid: Txid::from_str("8984484a580b825b9972d7adb15050b3ab624ccd731946b3eeddb92f4e7ef6be").unwrap(), index: 0 };
9916
9917                 let counterparty_pubkeys = ChannelPublicKeys {
9918                         funding_pubkey: public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13"),
9919                         revocation_basepoint: RevocationBasepoint::from(PublicKey::from_slice(&<Vec<u8>>::from_hex("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27").unwrap()[..]).unwrap()),
9920                         payment_point: public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444"),
9921                         delayed_payment_basepoint: DelayedPaymentBasepoint::from(public_from_secret_hex(&secp_ctx, "1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e13")),
9922                         htlc_basepoint: HtlcBasepoint::from(public_from_secret_hex(&secp_ctx, "4444444444444444444444444444444444444444444444444444444444444444"))
9923                 };
9924                 chan.context.channel_transaction_parameters.counterparty_parameters = Some(
9925                         CounterpartyChannelTransactionParameters {
9926                                 pubkeys: counterparty_pubkeys.clone(),
9927                                 selected_contest_delay: 144
9928                         });
9929                 chan.context.channel_transaction_parameters.funding_outpoint = Some(funding_info);
9930                 signer.provide_channel_parameters(&chan.context.channel_transaction_parameters);
9931
9932                 assert_eq!(counterparty_pubkeys.payment_point.serialize()[..],
9933                            <Vec<u8>>::from_hex("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
9934
9935                 assert_eq!(counterparty_pubkeys.funding_pubkey.serialize()[..],
9936                            <Vec<u8>>::from_hex("030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c1").unwrap()[..]);
9937
9938                 assert_eq!(counterparty_pubkeys.htlc_basepoint.to_public_key().serialize()[..],
9939                            <Vec<u8>>::from_hex("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991").unwrap()[..]);
9940
9941                 // We can't just use build_holder_transaction_keys here as the per_commitment_secret is not
9942                 // derived from a commitment_seed, so instead we copy it here and call
9943                 // build_commitment_transaction.
9944                 let delayed_payment_base = &chan.context.holder_signer.as_ref().pubkeys().delayed_payment_basepoint;
9945                 let per_commitment_secret = SecretKey::from_slice(&<Vec<u8>>::from_hex("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
9946                 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
9947                 let htlc_basepoint = &chan.context.holder_signer.as_ref().pubkeys().htlc_basepoint;
9948                 let keys = TxCreationKeys::derive_new(&secp_ctx, &per_commitment_point, delayed_payment_base, htlc_basepoint, &counterparty_pubkeys.revocation_basepoint, &counterparty_pubkeys.htlc_basepoint);
9949
9950                 macro_rules! test_commitment {
9951                         ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
9952                                 chan.context.channel_transaction_parameters.channel_type_features = ChannelTypeFeatures::only_static_remote_key();
9953                                 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, &ChannelTypeFeatures::only_static_remote_key(), $($remain)*);
9954                         };
9955                 }
9956
9957                 macro_rules! test_commitment_with_anchors {
9958                         ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $($remain:tt)* ) => {
9959                                 chan.context.channel_transaction_parameters.channel_type_features = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
9960                                 test_commitment_common!($counterparty_sig_hex, $sig_hex, $tx_hex, &ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies(), $($remain)*);
9961                         };
9962                 }
9963
9964                 macro_rules! test_commitment_common {
9965                         ( $counterparty_sig_hex: expr, $sig_hex: expr, $tx_hex: expr, $opt_anchors: expr, {
9966                                 $( { $htlc_idx: expr, $counterparty_htlc_sig_hex: expr, $htlc_sig_hex: expr, $htlc_tx_hex: expr } ), *
9967                         } ) => { {
9968                                 let (commitment_tx, htlcs): (_, Vec<HTLCOutputInCommitment>) = {
9969                                         let mut commitment_stats = chan.context.build_commitment_transaction(0xffffffffffff - 42, &keys, true, false, &logger);
9970
9971                                         let htlcs = commitment_stats.htlcs_included.drain(..)
9972                                                 .filter_map(|(htlc, _)| if htlc.transaction_output_index.is_some() { Some(htlc) } else { None })
9973                                                 .collect();
9974                                         (commitment_stats.tx, htlcs)
9975                                 };
9976                                 let trusted_tx = commitment_tx.trust();
9977                                 let unsigned_tx = trusted_tx.built_transaction();
9978                                 let redeemscript = chan.context.get_funding_redeemscript();
9979                                 let counterparty_signature = Signature::from_der(&<Vec<u8>>::from_hex($counterparty_sig_hex).unwrap()[..]).unwrap();
9980                                 let sighash = unsigned_tx.get_sighash_all(&redeemscript, chan.context.channel_value_satoshis);
9981                                 log_trace!(logger, "unsigned_tx = {}", serialize(&unsigned_tx.transaction).as_hex());
9982                                 assert!(secp_ctx.verify_ecdsa(&sighash, &counterparty_signature, chan.context.counterparty_funding_pubkey()).is_ok(), "verify counterparty commitment sig");
9983
9984                                 let mut per_htlc: Vec<(HTLCOutputInCommitment, Option<Signature>)> = Vec::new();
9985                                 per_htlc.clear(); // Don't warn about excess mut for no-HTLC calls
9986                                 let mut counterparty_htlc_sigs = Vec::new();
9987                                 counterparty_htlc_sigs.clear(); // Don't warn about excess mut for no-HTLC calls
9988                                 $({
9989                                         let remote_signature = Signature::from_der(&<Vec<u8>>::from_hex($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
9990                                         per_htlc.push((htlcs[$htlc_idx].clone(), Some(remote_signature)));
9991                                         counterparty_htlc_sigs.push(remote_signature);
9992                                 })*
9993                                 assert_eq!(htlcs.len(), per_htlc.len());
9994
9995                                 let holder_commitment_tx = HolderCommitmentTransaction::new(
9996                                         commitment_tx.clone(),
9997                                         counterparty_signature,
9998                                         counterparty_htlc_sigs,
9999                                         &chan.context.holder_signer.as_ref().pubkeys().funding_pubkey,
10000                                         chan.context.counterparty_funding_pubkey()
10001                                 );
10002                                 let holder_sig = signer.sign_holder_commitment(&holder_commitment_tx, &secp_ctx).unwrap();
10003                                 assert_eq!(Signature::from_der(&<Vec<u8>>::from_hex($sig_hex).unwrap()[..]).unwrap(), holder_sig, "holder_sig");
10004
10005                                 let funding_redeemscript = chan.context.get_funding_redeemscript();
10006                                 let tx = holder_commitment_tx.add_holder_sig(&funding_redeemscript, holder_sig);
10007                                 assert_eq!(serialize(&tx)[..], <Vec<u8>>::from_hex($tx_hex).unwrap()[..], "tx");
10008
10009                                 // ((htlc, counterparty_sig), (index, holder_sig))
10010                                 let mut htlc_counterparty_sig_iter = holder_commitment_tx.counterparty_htlc_sigs.iter();
10011
10012                                 $({
10013                                         log_trace!(logger, "verifying htlc {}", $htlc_idx);
10014                                         let remote_signature = Signature::from_der(&<Vec<u8>>::from_hex($counterparty_htlc_sig_hex).unwrap()[..]).unwrap();
10015
10016                                         let ref htlc = htlcs[$htlc_idx];
10017                                         let mut htlc_tx = chan_utils::build_htlc_transaction(&unsigned_tx.txid, chan.context.feerate_per_kw,
10018                                                 chan.context.get_counterparty_selected_contest_delay().unwrap(),
10019                                                 &htlc, $opt_anchors, &keys.broadcaster_delayed_payment_key, &keys.revocation_key);
10020                                         let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, $opt_anchors, &keys);
10021                                         let htlc_sighashtype = if $opt_anchors.supports_anchors_zero_fee_htlc_tx() { EcdsaSighashType::SinglePlusAnyoneCanPay } else { EcdsaSighashType::All };
10022                                         let htlc_sighash = Message::from_slice(&sighash::SighashCache::new(&htlc_tx).segwit_signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, htlc_sighashtype).unwrap()[..]).unwrap();
10023                                         assert!(secp_ctx.verify_ecdsa(&htlc_sighash, &remote_signature, &keys.countersignatory_htlc_key.to_public_key()).is_ok(), "verify counterparty htlc sig");
10024
10025                                         let mut preimage: Option<PaymentPreimage> = None;
10026                                         if !htlc.offered {
10027                                                 for i in 0..5 {
10028                                                         let out = PaymentHash(Sha256::hash(&[i; 32]).to_byte_array());
10029                                                         if out == htlc.payment_hash {
10030                                                                 preimage = Some(PaymentPreimage([i; 32]));
10031                                                         }
10032                                                 }
10033
10034                                                 assert!(preimage.is_some());
10035                                         }
10036
10037                                         let htlc_counterparty_sig = htlc_counterparty_sig_iter.next().unwrap();
10038                                         let htlc_holder_sig = signer.sign_holder_htlc_transaction(&htlc_tx, 0, &HTLCDescriptor {
10039                                                 channel_derivation_parameters: ChannelDerivationParameters {
10040                                                         value_satoshis: chan.context.channel_value_satoshis,
10041                                                         keys_id: chan.context.channel_keys_id,
10042                                                         transaction_parameters: chan.context.channel_transaction_parameters.clone(),
10043                                                 },
10044                                                 commitment_txid: trusted_tx.txid(),
10045                                                 per_commitment_number: trusted_tx.commitment_number(),
10046                                                 per_commitment_point: trusted_tx.per_commitment_point(),
10047                                                 feerate_per_kw: trusted_tx.feerate_per_kw(),
10048                                                 htlc: htlc.clone(),
10049                                                 preimage: preimage.clone(),
10050                                                 counterparty_sig: *htlc_counterparty_sig,
10051                                         }, &secp_ctx).unwrap();
10052                                         let num_anchors = if $opt_anchors.supports_anchors_zero_fee_htlc_tx() { 2 } else { 0 };
10053                                         assert_eq!(htlc.transaction_output_index, Some($htlc_idx + num_anchors), "output index");
10054
10055                                         let signature = Signature::from_der(&<Vec<u8>>::from_hex($htlc_sig_hex).unwrap()[..]).unwrap();
10056                                         assert_eq!(signature, htlc_holder_sig, "htlc sig");
10057                                         let trusted_tx = holder_commitment_tx.trust();
10058                                         htlc_tx.input[0].witness = trusted_tx.build_htlc_input_witness($htlc_idx, htlc_counterparty_sig, &htlc_holder_sig, &preimage);
10059                                         log_trace!(logger, "htlc_tx = {}", serialize(&htlc_tx).as_hex());
10060                                         assert_eq!(serialize(&htlc_tx)[..], <Vec<u8>>::from_hex($htlc_tx_hex).unwrap()[..], "htlc tx");
10061                                 })*
10062                                 assert!(htlc_counterparty_sig_iter.next().is_none());
10063                         } }
10064                 }
10065
10066                 // anchors: simple commitment tx with no HTLCs and single anchor
10067                 test_commitment_with_anchors!("30440220655bf909fb6fa81d086f1336ac72c97906dce29d1b166e305c99152d810e26e1022051f577faa46412c46707aaac46b65d50053550a66334e00a44af2706f27a8658",
10068                                                  "3044022007cf6b405e9c9b4f527b0ecad9d8bb661fabb8b12abf7d1c0b3ad1855db3ed490220616d5c1eeadccc63bd775a131149455d62d95a42c2a1b01cc7821fc42dce7778",
10069                                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80024a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f10529800000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022007cf6b405e9c9b4f527b0ecad9d8bb661fabb8b12abf7d1c0b3ad1855db3ed490220616d5c1eeadccc63bd775a131149455d62d95a42c2a1b01cc7821fc42dce7778014730440220655bf909fb6fa81d086f1336ac72c97906dce29d1b166e305c99152d810e26e1022051f577faa46412c46707aaac46b65d50053550a66334e00a44af2706f27a865801475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
10070
10071                 // simple commitment tx with no HTLCs
10072                 chan.context.value_to_self_msat = 7000000000;
10073
10074                 test_commitment!("3045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b0",
10075                                                  "30440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae055647142",
10076                                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48454a56a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004730440220616210b2cc4d3afb601013c373bbd8aac54febd9f15400379a8cb65ce7deca60022034236c010991beb7ff770510561ae8dc885b8d38d1947248c38f2ae05564714201483045022100c3127b33dcc741dd6b05b1e63cbd1a9a7d816f37af9b6756fa2376b056f032370220408b96279808fe57eb7e463710804cdf4f108388bc5cf722d8c848d2c7f9f3b001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
10077
10078                 // anchors: simple commitment tx with no HTLCs
10079                 test_commitment_with_anchors!("3045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f3",
10080                                                  "30450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f7",
10081                                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a508b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008266ac6db5ea71aac3c95d97b0e172ff596844851a3216eb88382a8dddfd33d2022050e240974cfd5d708708b4365574517c18e7ae535ef732a3484d43d0d82be9f701483045022100f89034eba16b2be0e5581f750a0a6309192b75cce0f202f0ee2b4ec0cc394850022076c65dc507fe42276152b7a3d90e961e678adbe966e916ecfe85e64d430e75f301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
10082
10083                 chan.context.pending_inbound_htlcs.push({
10084                         let mut out = InboundHTLCOutput{
10085                                 htlc_id: 0,
10086                                 amount_msat: 1000000,
10087                                 cltv_expiry: 500,
10088                                 payment_hash: PaymentHash([0; 32]),
10089                                 state: InboundHTLCState::Committed,
10090                         };
10091                         out.payment_hash.0 = Sha256::hash(&<Vec<u8>>::from_hex("0000000000000000000000000000000000000000000000000000000000000000").unwrap()).to_byte_array();
10092                         out
10093                 });
10094                 chan.context.pending_inbound_htlcs.push({
10095                         let mut out = InboundHTLCOutput{
10096                                 htlc_id: 1,
10097                                 amount_msat: 2000000,
10098                                 cltv_expiry: 501,
10099                                 payment_hash: PaymentHash([0; 32]),
10100                                 state: InboundHTLCState::Committed,
10101                         };
10102                         out.payment_hash.0 = Sha256::hash(&<Vec<u8>>::from_hex("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).to_byte_array();
10103                         out
10104                 });
10105                 chan.context.pending_outbound_htlcs.push({
10106                         let mut out = OutboundHTLCOutput{
10107                                 htlc_id: 2,
10108                                 amount_msat: 2000000,
10109                                 cltv_expiry: 502,
10110                                 payment_hash: PaymentHash([0; 32]),
10111                                 state: OutboundHTLCState::Committed,
10112                                 source: HTLCSource::dummy(),
10113                                 skimmed_fee_msat: None,
10114                                 blinding_point: None,
10115                         };
10116                         out.payment_hash.0 = Sha256::hash(&<Vec<u8>>::from_hex("0202020202020202020202020202020202020202020202020202020202020202").unwrap()).to_byte_array();
10117                         out
10118                 });
10119                 chan.context.pending_outbound_htlcs.push({
10120                         let mut out = OutboundHTLCOutput{
10121                                 htlc_id: 3,
10122                                 amount_msat: 3000000,
10123                                 cltv_expiry: 503,
10124                                 payment_hash: PaymentHash([0; 32]),
10125                                 state: OutboundHTLCState::Committed,
10126                                 source: HTLCSource::dummy(),
10127                                 skimmed_fee_msat: None,
10128                                 blinding_point: None,
10129                         };
10130                         out.payment_hash.0 = Sha256::hash(&<Vec<u8>>::from_hex("0303030303030303030303030303030303030303030303030303030303030303").unwrap()).to_byte_array();
10131                         out
10132                 });
10133                 chan.context.pending_inbound_htlcs.push({
10134                         let mut out = InboundHTLCOutput{
10135                                 htlc_id: 4,
10136                                 amount_msat: 4000000,
10137                                 cltv_expiry: 504,
10138                                 payment_hash: PaymentHash([0; 32]),
10139                                 state: InboundHTLCState::Committed,
10140                         };
10141                         out.payment_hash.0 = Sha256::hash(&<Vec<u8>>::from_hex("0404040404040404040404040404040404040404040404040404040404040404").unwrap()).to_byte_array();
10142                         out
10143                 });
10144
10145                 // commitment tx with all five HTLCs untrimmed (minimum feerate)
10146                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10147                 chan.context.feerate_per_kw = 0;
10148
10149                 test_commitment!("3044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e5",
10150                                  "304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea",
10151                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e0a06a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402206fc2d1f10ea59951eefac0b4b7c396a3c3d87b71ff0b019796ef4535beaf36f902201765b0181e514d04f4c8ad75659d7037be26cdb3f8bb6f78fe61decef484c3ea01473044022009b048187705a8cbc9ad73adbe5af148c3d012e1f067961486c822c7af08158c022006d66f3704cfab3eb2dc49dae24e4aa22a6910fc9b424007583204e3621af2e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10152
10153                                   { 0,
10154                                   "3045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b",
10155                                   "30440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce",
10156                                   "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b00000000000000000001e8030000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d9e29616b8f3959f1d3d7f7ce893ffedcdc407717d0de8e37d808c91d3a7c50d022078c3033f6d00095c8720a4bc943c1b45727818c082e4e3ddbc6d3116435b624b014730440220636de5682ef0c5b61f124ec74e8aa2461a69777521d6998295dcea36bc3338110220165285594b23c50b28b82df200234566628a27bcd17f7f14404bd865354eb3ce012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
10157
10158                                   { 1,
10159                                   "30440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f896004",
10160                                   "3045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f",
10161                                   "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b01000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220649fe8b20e67e46cbb0d09b4acea87dbec001b39b08dee7bdd0b1f03922a8640022037c462dff79df501cecfdb12ea7f4de91f99230bb544726f6e04527b1f89600401483045022100803159dee7935dba4a1d36a61055ce8fd62caa528573cc221ae288515405a252022029c59e7cffce374fe860100a4a63787e105c3cf5156d40b12dd53ff55ac8cf3f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
10162
10163                                   { 2,
10164                                   "30440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d43352",
10165                                   "3045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa",
10166                                   "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b02000000000000000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220770fc321e97a19f38985f2e7732dd9fe08d16a2efa4bcbc0429400a447faf49102204d40b417f3113e1b0944ae0986f517564ab4acd3d190503faf97a6e420d4335201483045022100a437cc2ce77400ecde441b3398fea3c3ad8bdad8132be818227fe3c5b8345989022069d45e7fa0ae551ec37240845e2c561ceb2567eacf3076a6a43a502d05865faa012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
10167
10168                                   { 3,
10169                                   "304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c1363",
10170                                   "304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac7487",
10171                                   "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b03000000000000000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207bcbf4f60a9829b05d2dbab84ed593e0291836be715dc7db6b72a64caf646af802201e489a5a84f7c5cc130398b841d138d031a5137ac8f4c49c770a4959dc3c13630147304402203121d9b9c055f354304b016a36662ee99e1110d9501cb271b087ddb6f382c2c80220549882f3f3b78d9c492de47543cb9a697cecc493174726146536c5954dac748701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
10172
10173                                   { 4,
10174                                   "3044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b87",
10175                                   "3045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95",
10176                                   "02000000000101ab84ff284f162cfbfef241f853b47d4368d171f9e2a1445160cd591c4c7d882b04000000000000000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022076dca5cb81ba7e466e349b7128cdba216d4d01659e29b96025b9524aaf0d1899022060de85697b88b21c749702b7d2cfa7dfeaa1f472c8f1d7d9c23f2bf968464b8701483045022100d9080f103cc92bac15ec42464a95f070c7fb6925014e673ee2ea1374d36a7f7502200c65294d22eb20d48564954d5afe04a385551919d8b2ddb4ae2459daaeee1d95012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
10177                 } );
10178
10179                 // commitment tx with seven outputs untrimmed (maximum feerate)
10180                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10181                 chan.context.feerate_per_kw = 647;
10182
10183                 test_commitment!("3045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee",
10184                                  "30450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb7",
10185                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8007e80300000000000022002052bfef0479d7b293c27e0f1eb294bea154c63a3294ef092c19af51409bce0e2ad007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484e09c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009ec15c687898bb4da8b3a833e5ab8bfc51ec6e9202aaa8e66611edfd4a85ed1102203d7183e45078b9735c93450bc3415d3e5a8c576141a711ec6ddcb4a893926bb701483045022100a135f9e8a5ed25f7277446c67956b00ce6f610ead2bdec2c2f686155b7814772022059f1f6e1a8b336a68efcc1af3fe4d422d4827332b5b067501b099c47b7b5b5ee01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10186
10187                                   { 0,
10188                                   "30450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f",
10189                                   "30440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b",
10190                                   "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221008437627f9ad84ac67052e2a414a4367b8556fd1f94d8b02590f89f50525cd33502205b9c21ff6e7fc864f2352746ad8ba59182510819acb644e25b8a12fc37bbf24f014730440220344b0deb055230d01703e6c7acd45853c4af2328b49b5d8af4f88a060733406602202ea64f2a43d5751edfe75503cbc35a62e3141b5ed032fa03360faf4ca66f670b012000000000000000000000000000000000000000000000000000000000000000008a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a914b8bcb07f6344b42ab04250c86a6e8b75d3fdbbc688527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f401b175ac686800000000" },
10191
10192                                   { 1,
10193                                   "304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c",
10194                                   "30450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f",
10195                                   "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe0100000000000000000124060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205a67f92bf6845cf2892b48d874ac1daf88a36495cf8a06f93d83180d930a6f75022031da1621d95c3f335cc06a3056cf960199dae600b7cf89088f65fc53cdbef28c014830450221009e5e3822b0185c6799a95288c597b671d6cc69ab80f43740f00c6c3d0752bdda02206da947a74bd98f3175324dc56fdba86cc783703a120a6f0297537e60632f4c7f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
10196
10197                                   { 2,
10198                                   "30440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c8",
10199                                   "3045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673",
10200                                   "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe020000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220437e21766054a3eef7f65690c5bcfa9920babbc5af92b819f772f6ea96df6c7402207173622024bd97328cfb26c6665e25c2f5d67c319443ccdc60c903217005d8c801483045022100fcfc47e36b712624677626cef3dc1d67f6583bd46926a6398fe6b00b0c9a37760220525788257b187fc775c6370d04eadf34d06f3650a63f8df851cee0ecb47a1673012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
10201
10202                                   { 3,
10203                                   "304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c64",
10204                                   "3045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee",
10205                                   "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe030000000000000000010c0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207436e10737e4df499fc051686d3e11a5bb2310e4d1f1e691d287cef66514791202207cb58e71a6b7a42dd001b7e3ae672ea4f71ea3e1cd412b742e9124abb0739c6401483045022100e78211b8409afb7255ffe37337da87f38646f1faebbdd61bc1920d69e3ead67a02201a626305adfcd16bfb7e9340928d9b6305464eab4aa4c4a3af6646e9b9f69dee01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
10206
10207                                   { 4,
10208                                   "30450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca",
10209                                   "3044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9",
10210                                   "020000000001012cfb3e4788c206881d38f2996b6cb2109b5935acb527d14bdaa7b908afa9b2fe04000000000000000001da0d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004830450221009acd6a827a76bfee50806178dfe0495cd4e1d9c58279c194c7b01520fe68cb8d022024d439047c368883e570997a7d40f0b430cb5a742f507965e7d3063ae3feccca01473044022048762cf546bbfe474f1536365ea7c416e3c0389d60558bc9412cb148fb6ab68202207215d7083b75c96ff9d2b08c59c34e287b66820f530b486a9aa4cdd9c347d5b9012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
10211                 } );
10212
10213                 // commitment tx with six outputs untrimmed (minimum feerate)
10214                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10215                 chan.context.feerate_per_kw = 648;
10216
10217                 test_commitment!("304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e5",
10218                                  "3045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e9",
10219                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4844e9d6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100b15f72908ba3382a34ca5b32519240a22300cc6015b6f9418635fb41f3d01d8802207adb331b9ed1575383dca0f2355e86c173802feecf8298fbea53b9d4610583e90147304402203948f900a5506b8de36a4d8502f94f21dd84fd9c2314ab427d52feaa7a0a19f2022059b6a37a4adaa2c5419dc8aea63c6e2a2ec4c4bde46207f6dc1fcd22152fc6e501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10220
10221                                   { 0,
10222                                   "3045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e0",
10223                                   "304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec6",
10224                                   "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10000000000000000000123060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100a031202f3be94678f0e998622ee95ebb6ada8da1e9a5110228b5e04a747351e4022010ca6a21e18314ed53cfaae3b1f51998552a61a468e596368829a50ce40110e00148304502210097e1873b57267730154595187a34949d3744f52933070c74757005e61ce2112e02204ecfba2aa42d4f14bdf8bad4206bb97217b702e6c433e0e1b0ce6587e6d46ec601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
10225
10226                                   { 1,
10227                                   "304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d384124",
10228                                   "3044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae",
10229                                   "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf10100000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402202361012a634aee7835c5ecdd6413dcffa8f404b7e77364c792cff984e4ee71e90220715c5e90baa08daa45a7439b1ee4fa4843ed77b19c058240b69406606d38412401473044022019de73b00f1d818fb388e83b2c8c31f6bce35ac624e215bc12f88f9dc33edf48022006ff814bb9f700ee6abc3294e146fac3efd4f13f0005236b41c0a946ee00c9ae012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
10230
10231                                   { 2,
10232                                   "304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc625532989",
10233                                   "3045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e2260796",
10234                                   "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf1020000000000000000010b0a0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207e8e82cd71ed4febeb593732c260456836e97d81896153ecd2b3cf320ca6861702202dd4a30f68f98ced7cc56a36369ac1fdd978248c5ff4ed204fc00cc62553298901483045022100bd0be6100c4fd8f102ec220e1b053e4c4e2ecca25615490150007b40d314dc3902201a1e0ea266965b43164d9e6576f58fa6726d42883dd1c3996d2925c2e226079601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
10235
10236                                   { 3,
10237                                   "3044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be",
10238                                   "3045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6",
10239                                   "020000000001010f44041fdfba175987cf4e6135ba2a154e3b7fb96483dc0ed5efc0678e5b6bf103000000000000000001d90d0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022024cd52e4198c8ae0e414a86d86b5a65ea7450f2eb4e783096736d93395eca5ce022078f0094745b45be4d4b2b04dd5978c9e66ba49109e5704403e84aaf5f387d6be01483045022100bbfb9d0a946d420807c86e985d636cceb16e71c3694ed186316251a00cbd807202207773223f9a337e145f64673825be9b30d07ef1542c82188b264bedcf7cda78c6012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
10240                 } );
10241
10242                 // anchors: commitment tx with six outputs untrimmed (minimum dust limit)
10243                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10244                 chan.context.feerate_per_kw = 645;
10245                 chan.context.holder_dust_limit_satoshis = 1001;
10246
10247                 test_commitment_with_anchors!("3044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc312",
10248                                  "3045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d0051",
10249                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80084a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d0070000000000002200203e68115ae0b15b8de75b6c6bc9af5ac9f01391544e0870dae443a1e8fe7837ead007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5eb80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994abc996a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d57697c707b6f6d053febf24b98e8989f186eea42e37e9e91663ec2c70bb8f70022079b0715a472118f262f43016a674f59c015d9cafccec885968e76d9d9c5d005101473044022025d97466c8049e955a5afce28e322f4b34d2561118e52332fb400f9b908cc0a402205dc6fba3a0d67ee142c428c535580cd1f2ff42e2f89b47e0c8a01847caffc31201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10250
10251                                   { 0,
10252                                   "3045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc282",
10253                                   "3045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef09",
10254                                   "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320002000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e04d160a326432659fe9fb127304c1d348dfeaba840081bdc57d8efd902a48d8022008a824e7cf5492b97e4d9e03c06a09f822775a44f6b5b2533a2088904abfc28283483045022100b7c49846466b13b190ff739bbe3005c105482fc55539e55b1c561f76b6982b6c02200e5c35808619cf543c8405cff9fedd25f333a4a2f6f6d5e8af8150090c40ef0901008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6851b27568f6010000" },
10255
10256                                   { 1,
10257                                   "3045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e",
10258                                   "3045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac",
10259                                   "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320003000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100fbdc3c367ce3bf30796025cc590ee1f2ce0e72ae1ac19f5986d6d0a4fc76211f02207e45ae9267e8e820d188569604f71d1abd11bd385d58853dd7dc034cdb3e9a6e83483045022100d29330f24db213b262068706099b39c15fa7e070c3fcdf8836c09723fc4d365602203ce57d01e9f28601e461a0b5c4a50119b270bde8b70148d133a6849c70b115ac012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
10260
10261                                   { 2,
10262                                   "3044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c1",
10263                                   "304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e",
10264                                   "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320004000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022066c5ef625cee3ddd2bc7b6bfb354b5834cf1cc6d52dd972fb41b7b225437ae4a022066cb85647df65c6b87a54e416dcdcca778a776c36a9643d2b5dc793c9b29f4c18347304402202d4ce515cd9000ec37575972d70b8d24f73909fb7012e8ebd8c2066ef6fe187902202830b53e64ea565fecd0f398100691da6bb2a5cf9bb0d1926f1d71d05828a11e01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
10265
10266                                   { 3,
10267                                   "3044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc615",
10268                                   "3045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226",
10269                                   "02000000000101104f394af4c4fad78337f95e3e9f802f4c0d86ab231853af09b285348561320005000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022022c7e11595c53ee89a57ca76baf0aed730da035952d6ab3fe6459f5eff3b337a022075e10cc5f5fd724a35ce4087a5d03cd616698626c69814032132b50bb97dc61583483045022100b20cd63e0587d1711beaebda4730775c4ac8b8b2ec78fe18a0c44c3f168c25230220079abb7fc4924e2fca5950842e5b9e416735585026914570078c4ef62f286226012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
10270                 } );
10271
10272                 // commitment tx with six outputs untrimmed (maximum feerate)
10273                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10274                 chan.context.feerate_per_kw = 2069;
10275                 chan.context.holder_dust_limit_satoshis = 546;
10276
10277                 test_commitment!("304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc",
10278                                  "3045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e33",
10279                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8006d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2db80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48477956a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100ad9a9bbbb75d506ca3b716b336ee3cf975dd7834fcf129d7dd188146eb58a8b4022061a759ee417339f7fe2ea1e8deb83abb6a74db31a09b7648a932a639cda23e330148304502210090b96a2498ce0c0f2fadbec2aab278fed54c1a7838df793ec4d2c78d96ec096202204fdd439c50f90d483baa7b68feeef4bd33bc277695405447bcd0bfb2ca34d7bc01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10280
10281                                   { 0,
10282                                   "3045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f699",
10283                                   "3045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d",
10284                                   "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0000000000000000000175020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f33513ee38abf1c582876f921f8fddc06acff48e04515532a32d3938de938ffd02203aa308a2c1863b7d6fdf53159a1465bf2e115c13152546cc5d74483ceaa7f69901483045022100a637902a5d4c9ba9e7c472a225337d5aac9e2e3f6744f76e237132e7619ba0400220035c60d784a031c0d9f6df66b7eab8726a5c25397399ee4aa960842059eb3f9d01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
10285
10286                                   { 1,
10287                                   "3045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df",
10288                                   "3045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61",
10289                                   "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d0100000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ce07682cf4b90093c22dc2d9ab2a77ad6803526b655ef857221cc96af5c9e0bf02200f501cee22e7a268af40b555d15a8237c9f36ad67ef1841daf9f6a0267b1e6df01483045022100e57e46234f8782d3ff7aa593b4f7446fb5316c842e693dc63ee324fd49f6a1c302204a2f7b44c48bd26e1554422afae13153eb94b29d3687b733d18930615fb2db61012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
10290
10291                                   { 2,
10292                                   "3045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e0",
10293                                   "3044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c18",
10294                                   "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d020000000000000000015d060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e3e35492e55f82ec0bc2f317ffd7a486d1f7024330fe9743c3559fc39f32ef0c02203d1d4db651fc388a91d5ad8ecdd8e83673063bc8eefe27cfd8c189090e3a23e001473044022068613fb1b98eb3aec7f44c5b115b12343c2f066c4277c82b5f873dfe68f37f50022028109b4650f3f528ca4bfe9a467aff2e3e43893b61b5159157119d5d95cf1c1801008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
10295
10296                                   { 3,
10297                                   "304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df",
10298                                   "3045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33",
10299                                   "02000000000101adbe717a63fb658add30ada1e6e12ed257637581898abe475c11d7bbcd65bd4d03000000000000000001f2090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402207475aeb0212ef9bf5130b60937817ad88c9a87976988ef1f323f026148cc4a850220739fea17ad3257dcad72e509c73eebe86bee30b178467b9fdab213d631b109df01483045022100d315522e09e7d53d2a659a79cb67fef56d6c4bddf3f46df6772d0d20a7beb7c8022070bcc17e288607b6a72be0bd83368bb6d53488db266c1cdb4d72214e4f02ac33012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
10300                 } );
10301
10302                 // commitment tx with five outputs untrimmed (minimum feerate)
10303                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10304                 chan.context.feerate_per_kw = 2070;
10305
10306                 test_commitment!("304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c",
10307                                  "3044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c1",
10308                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484da966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022001014419b5ba00e083ac4e0a85f19afc848aacac2d483b4b525d15e2ae5adbfe022015ebddad6ee1e72b47cb09f3e78459da5be01ccccd95dceca0e056a00cc773c10147304402204ca1ba260dee913d318271d86e10ca0f5883026fb5653155cff600fb40895223022037b145204b7054a40e08bb1fefbd826f827b40838d3e501423bcc57924bcb50c01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10309
10310                                   { 0,
10311                                   "304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b",
10312                                   "30440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e5",
10313                                   "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff0000000000000000000174020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402205f6b6d12d8d2529fb24f4445630566cf4abbd0f9330ab6c2bdb94222d6a2a0c502202f556258ae6f05b193749e4c541dfcc13b525a5422f6291f073f15617ba8579b014730440220150b11069454da70caf2492ded9e0065c9a57f25ac2a4c52657b1d15b6c6ed85022068a38833b603c8892717206383611bad210f1cbb4b1f87ea29c6c65b9e1cb3e501008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
10314
10315                                   { 1,
10316                                   "3045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546",
10317                                   "30450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c6",
10318                                   "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff010000000000000000015c060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f960dfb1c9aee7ce1437efa65b523e399383e8149790e05d8fed27ff6e42fe0002202fe8613e062ffe0b0c518cc4101fba1c6de70f64a5bcc7ae663f2efae43b8546014830450221009a6ed18e6873bc3644332a6ee21c152a5b102821865350df7a8c74451a51f9f2022050d801fb4895d7d7fbf452824c0168347f5c0cbe821cf6a97a63af5b8b2563c601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
10319
10320                                   { 2,
10321                                   "3045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504",
10322                                   "30440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502",
10323                                   "02000000000101403ad7602b43293497a3a2235a12ecefda4f3a1f1d06e49b1786d945685de1ff02000000000000000001f1090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100ae5fc7717ae684bc1fcf9020854e5dbe9842c9e7472879ac06ff95ac2bb10e4e022057728ada4c00083a3e65493fb5d50a232165948a1a0f530ef63185c2c8c56504014730440220408ad3009827a8fccf774cb285587686bfb2ed041f89a89453c311ce9c8ee0f902203c7392d9f8306d3a46522a66bd2723a7eb2628cb2d9b34d4c104f1766bf37502012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
10324                 } );
10325
10326                 // commitment tx with five outputs untrimmed (maximum feerate)
10327                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10328                 chan.context.feerate_per_kw = 2194;
10329
10330                 test_commitment!("304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb3",
10331                                  "3044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d398",
10332                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020403d394747cae42e98ff01734ad5c08f82ba123d3d9a620abda88989651e2ab5b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e48440966a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022072c2e2b1c899b2242656a537dde2892fa3801be0d6df0a87836c550137acde8302201654aa1974d37a829083c3ba15088689f30b56d6a4f6cb14c7bad0ee3116d3980147304402204bb3d6e279d71d9da414c82de42f1f954267c762b2e2eb8b76bc3be4ea07d4b0022014febc009c5edc8c3fc5d94015de163200f780046f1c293bfed8568f08b70fb301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10333
10334                                   { 0,
10335                                   "3045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de8450",
10336                                   "304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e0154301",
10337                                   "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100939726680351a7856c1bc386d4a1f422c7d29bd7b56afc139570f508474e6c40022023175a799ccf44c017fbaadb924c40b2a12115a5b7d0dfd3228df803a2de84500148304502210099c98c2edeeee6ec0fb5f3bea8b79bb016a2717afa9b5072370f34382de281d302206f5e2980a995e045cf90a547f0752a7ee99d48547bc135258fe7bc07e015430101008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a914b43e1b38138a41b37f7cd9a1d274bc63e3a9b5d188ac6868f6010000" },
10338
10339                                   { 1,
10340                                   "3044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a0",
10341                                   "3045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b77",
10342                                   "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd010000000000000000010a060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022021bb883bf324553d085ba2e821cad80c28ef8b303dbead8f98e548783c02d1600220638f9ef2a9bba25869afc923f4b5dc38be3bb459f9efa5d869392d5f7779a4a001483045022100fd85bd7697b89c08ec12acc8ba89b23090637d83abd26ca37e01ae93e67c367302202b551fe69386116c47f984aab9c8dfd25d864dcde5d3389cfbef2447a85c4b7701008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
10343
10344                                   { 2,
10345                                   "3045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b",
10346                                   "30450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3",
10347                                   "02000000000101153cd825fdb3aa624bfe513e8031d5d08c5e582fb3d1d1fe8faf27d3eed410cd020000000000000000019a090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c9e6f0454aa598b905a35e641a70cc9f67b5f38cc4b00843a041238c4a9f1c4a0220260a2822a62da97e44583e837245995ca2e36781769c52f19e498efbdcca262b014830450221008a9f2ea24cd455c2b64c1472a5fa83865b0a5f49a62b661801e884cf2849af8302204d44180e50bf6adfcf1c1e581d75af91aba4e28681ce4a5ee5f3cbf65eca10f3012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
10348                 } );
10349
10350                 // commitment tx with four outputs untrimmed (minimum feerate)
10351                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10352                 chan.context.feerate_per_kw = 2195;
10353
10354                 test_commitment!("304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce403",
10355                                  "3044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d1767",
10356                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484b8976a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400473044022044d592025b610c0d678f65032e87035cdfe89d1598c522cc32524ae8172417c30220749fef9d5b2ae8cdd91ece442ba8809bc891efedae2291e578475f97715d17670147304402201a8c1b1f9671cd9e46c7323a104d7047cc48d3ee80d40d4512e0c72b8dc65666022066d7f9a2ce18c9eb22d2739ffcce05721c767f9b607622a31b6ea5793ddce40301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10357
10358                                   { 0,
10359                                   "3045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e",
10360                                   "3045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d76",
10361                                   "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900000000000000000000109060000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100e57b845066a06ee7c2cbfc29eabffe52daa9bf6f6de760066d04df9f9b250e0002202ffb197f0e6e0a77a75a9aff27014bd3de83b7f748d7efef986abe655e1dd50e01483045022100ecc8c6529d0b2316d046f0f0757c1e1c25a636db168ec4f3aa1b9278df685dc0022067ae6b65e936f1337091f7b18a15935b608c5f2cdddb2f892ed0babfdd376d7601008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
10362
10363                                   { 1,
10364                                   "3045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a",
10365                                   "3044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82",
10366                                   "020000000001018130a10f09b13677ba2885a8bca32860f3a952e5912b829a473639b5a2c07b900100000000000000000199090000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100d193b7ecccad8057571620a0b1ffa6c48e9483311723b59cf536043b20bc51550220546d4bd37b3b101ecda14f6c907af46ec391abce1cd9c7ce22b1a62b534f2f2a01473044022014d66f11f9cacf923807eba49542076c5fe5cccf252fb08fe98c78ef3ca6ab5402201b290dbe043cc512d9d78de074a5a129b8759bc6a6c546b190d120b690bd6e82012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
10367                 } );
10368
10369                 // anchors: commitment tx with four outputs untrimmed (minimum dust limit)
10370                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10371                 chan.context.feerate_per_kw = 2185;
10372                 chan.context.holder_dust_limit_satoshis = 2001;
10373                 let cached_channel_type = chan.context.channel_type;
10374                 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
10375
10376                 test_commitment_with_anchors!("3044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c0",
10377                                  "3045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd5",
10378                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80064a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994b80b000000000000220020f96d0334feb64a4f40eb272031d07afcb038db56aa57446d60308c9f8ccadef9a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ac5916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100cd8479cfe1edb1e5a1d487391e0451a469c7171e51e680183f19eb4321f20e9b02204eab7d5a6384b1b08e03baa6e4d9748dfd2b5ab2bae7e39604a0d0055bbffdd501473044022040f63a16148cf35c8d3d41827f5ae7f7c3746885bb64d4d1b895892a83812b3e02202fcf95c2bf02c466163b3fa3ced6a24926fbb4035095a96842ef516e86ba54c001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10379
10380                                   { 0,
10381                                   "304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb",
10382                                   "30440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f",
10383                                   "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc02000000000100000001b80b0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206870514a72ad6e723ff7f1e0370d7a33c1cd2a0b9272674143ebaf6a1d02dee102205bd953c34faf5e7322e9a1c0103581cb090280fda4f1039ee8552668afa90ebb834730440220669de9ca7910eff65a7773ebd14a9fc371fe88cde5b8e2a81609d85c87ac939b02201ac29472fa4067322e92d75b624942d60be5050139b20bb363db75be79eb946f01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6851b27568f7010000" },
10384
10385                                   { 1,
10386                                   "3045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd7271",
10387                                   "3045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688",
10388                                   "02000000000101ac13a7715f80b8e52dda43c6929cade5521bdced3a405da02b443f1ffb1e33cc03000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100949e8dd938da56445b1cdfdebe1b7efea086edd05d89910d205a1e2e033ce47102202cbd68b5262ab144d9ec12653f87dfb0bb6bd05d1f58ae1e523f028eaefd727183483045022100e3104ed8b239f8019e5f0a1a73d7782a94a8c36e7984f476c3a0b3cb0e62e27902207e3d52884600985f8a2098e53a5c30dd6a5e857733acfaa07ab2162421ed2688012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
10389                 } );
10390
10391                 // commitment tx with four outputs untrimmed (maximum feerate)
10392                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10393                 chan.context.feerate_per_kw = 3702;
10394                 chan.context.holder_dust_limit_satoshis = 546;
10395                 chan.context.channel_type = cached_channel_type.clone();
10396
10397                 test_commitment!("304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee40169",
10398                                  "3045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf75",
10399                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8004b80b000000000000220020c20b5d1f8584fd90443e7b7b720136174fa4b9333c261d04dbbd012635c0f419a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4846f916a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100e5efb73c32d32da2d79702299b6317de6fb24a60476e3855926d78484dd1b3c802203557cb66a42c944ef06e00bcc4da35a5bcb2f185aab0f8e403e519e1d66aaf750148304502210092a587aeb777f869e7ff0d7898ea619ee26a3dacd1f3672b945eea600be431100220077ee9eae3528d15251f2a52b607b189820e57a6ccfac8d1af502b132ee4016901475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10400
10401                                   { 0,
10402                                   "304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb89",
10403                                   "304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f",
10404                                   "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402206fa54c11f98c3bae1e93df43fc7affeb05b476bf8060c03e29c377c69bc08e8b0220672701cce50d5c379ff45a5d2cfe48ac44973adb066ac32608e21221d869bb890147304402206e36c683ebf2cb16bcef3d5439cf8b53cd97280a365ed8acd7abb85a8ba5f21c02206e8621edfc2a5766cbc96eb67fd501127ff163eb6b85518a39f7d4974aef126f01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9148a486ff2e31d6158bf39e2608864d63fefd09d5b88ac6868f7010000" },
10405
10406                                   { 1,
10407                                   "3044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb5817",
10408                                   "304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc",
10409                                   "020000000001018db483bff65c70ee71d8282aeec5a880e2e2b39e45772bda5460403095c62e3f0100000000000000000176050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022057649739b0eb74d541ead0dfdb3d4b2c15aa192720031044c3434c67812e5ca902201e5ede42d960ae551707f4a6b34b09393cf4dee2418507daa022e3550dbb58170147304402207faad26678c8850e01b4a0696d60841f7305e1832b786110ee9075cb92ed14a30220516ef8ee5dfa80824ea28cbcec0dd95f8b847146257c16960db98507db15ffdc012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
10410                 } );
10411
10412                 // commitment tx with three outputs untrimmed (minimum feerate)
10413                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10414                 chan.context.feerate_per_kw = 3703;
10415
10416                 test_commitment!("3045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e",
10417                                  "304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e1",
10418                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484eb936a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402201b736d1773a124c745586217a75bed5f66c05716fbe8c7db4fdb3c3069741cdd02205083f39c321c1bcadfc8d97e3c791a66273d936abac0c6a2fde2ed46019508e101483045022100b495d239772a237ff2cf354b1b11be152fd852704cb184e7356d13f2fb1e5e430220723db5cdb9cbd6ead7bfd3deb419cf41053a932418cbb22a67b581f40bc1f13e01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10419
10420                                   { 0,
10421                                   "3045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a",
10422                                   "3045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05",
10423                                   "0200000000010120060e4a29579d429f0f27c17ee5f1ee282f20d706d6f90b63d35946d8f3029a0000000000000000000175050000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100c34c61735f93f2e324cc873c3b248111ccf8f6db15d5969583757010d4ad2b4602207867bb919b2ddd6387873e425345c9b7fd18d1d66aba41f3607bc2896ef3c30a01483045022100988c143e2110067117d2321bdd4bd16ca1734c98b29290d129384af0962b634e02206c1b02478878c5f547018b833986578f90c3e9be669fe5788ad0072a55acbb05012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
10424                 } );
10425
10426                 // anchors: commitment tx with three outputs untrimmed (minimum dust limit)
10427                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10428                 chan.context.feerate_per_kw = 3687;
10429                 chan.context.holder_dust_limit_satoshis = 3001;
10430                 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
10431
10432                 test_commitment_with_anchors!("3045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c228377",
10433                                  "3045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d",
10434                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80054a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994a00f000000000000220020ce6e751274836ff59622a0d1e07f8831d80bd6730bd48581398bfadd2bb8da9ac0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aa28b6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100c970799bcb33f43179eb43b3378a0a61991cf2923f69b36ef12548c3df0e6d500220413dc27d2e39ee583093adfcb7799be680141738babb31cc7b0669a777a31f5d01483045022100ad6c71569856b2d7ff42e838b4abe74a713426b37f22fa667a195a4c88908c6902202b37272b02a42dc6d9f4f82cab3eaf84ac882d9ed762859e1e75455c2c22837701475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10435
10436                                   { 0,
10437                                   "3044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c",
10438                                   "3045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de",
10439                                   "02000000000101542562b326c08e3a076d9cfca2be175041366591da334d8d513ff1686fd95a6002000000000100000001a00f0000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500473044022017b558a3cf5f0cb94269e2e927b29ed22bd2416abb8a7ce6de4d1256f359b93602202e9ca2b1a23ea3e69f433c704e327739e219804b8c188b1d52f74fd5a9de954c83483045022100af7a8b7c7ff2080c68995254cb66d64d9954edcc5baac3bb4f27ed2d29aaa6120220421c27da7a60574a9263f271e0f3bd34594ec6011095190022b3b54596ea03de012004040404040404040404040404040404040404040404040404040404040404048d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac6851b2756800000000" }
10440                 } );
10441
10442                 // commitment tx with three outputs untrimmed (maximum feerate)
10443                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10444                 chan.context.feerate_per_kw = 4914;
10445                 chan.context.holder_dust_limit_satoshis = 546;
10446                 chan.context.channel_type = cached_channel_type.clone();
10447
10448                 test_commitment!("3045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c95244",
10449                                  "3045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c19",
10450                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484ae8f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100d72638bc6308b88bb6d45861aae83e5b9ff6e10986546e13bce769c70036e2620220320be7c6d66d22f30b9fcd52af66531505b1310ca3b848c19285b38d8a1a8c1901483045022100b4b16d5f8cc9fc4c1aff48831e832a0d8990e133978a66e302c133550954a44d022073573ce127e2200d316f6b612803a5c0c97b8d20e1e44dbe2ac0dd2fb8c9524401475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10451
10452                                   { 0,
10453                                   "3045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374",
10454                                   "30440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10",
10455                                   "02000000000101a9172908eace869cc35128c31fc2ab502f72e4dff31aab23e0244c4b04b11ab00000000000000000000122020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100f43591c156038ba217756006bb3c55f7d113a325cdd7d9303c82115372858d68022016355b5aadf222bc8d12e426c75f4a03423917b2443a103eb2a498a3a2234374014730440220585dee80fafa264beac535c3c0bb5838ac348b156fdc982f86adc08dfc9bfd250220130abb82f9f295cc9ef423dcfef772fde2acd85d9df48cc538981d26a10a9c10012004040404040404040404040404040404040404040404040404040404040404048a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a91418bc1a114ccf9c052d3d23e28d3b0a9d1227434288527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f801b175ac686800000000" }
10456                 } );
10457
10458                 // commitment tx with two outputs untrimmed (minimum feerate)
10459                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10460                 chan.context.feerate_per_kw = 4915;
10461                 chan.context.holder_dust_limit_satoshis = 546;
10462
10463                 test_commitment!("304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a720",
10464                                  "30450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf5",
10465                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8002c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484fa926a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221008a953551f4d67cb4df3037207fc082ddaf6be84d417b0bd14c80aab66f1b01a402207508796dc75034b2dee876fe01dc05a08b019f3e5d689ac8842ade2f1befccf50147304402203a286936e74870ca1459c700c71202af0381910a6bfab687ef494ef1bc3e02c902202506c362d0e3bee15e802aa729bf378e051644648253513f1c085b264cc2a72001475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
10466
10467                 // anchors: commitment tx with two outputs untrimmed (minimum dust limit)
10468                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10469                 chan.context.feerate_per_kw = 4894;
10470                 chan.context.holder_dust_limit_satoshis = 4001;
10471                 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
10472
10473                 test_commitment_with_anchors!("3045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b95",
10474                                  "30450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd",
10475                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80044a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994ad0886a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e04004830450221009f16ac85d232e4eddb3fcd750a68ebf0b58e3356eaada45d3513ede7e817bf4c02207c2b043b4e5f971261975406cb955219fa56bffe5d834a833694b5abc1ce4cfd01483045022100e784a66b1588575801e237d35e510fd92a81ae3a4a2a1b90c031ad803d07b3f3022021bc5f16501f167607d63b681442da193eb0a76b4b7fd25c2ed4f8b28fd35b9501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
10476
10477                 // commitment tx with two outputs untrimmed (maximum feerate)
10478                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10479                 chan.context.feerate_per_kw = 9651180;
10480                 chan.context.holder_dust_limit_satoshis = 546;
10481                 chan.context.channel_type = cached_channel_type.clone();
10482
10483                 test_commitment!("304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd3",
10484                                  "3045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de",
10485                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b800222020000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80ec0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e4840400483045022100e11b638c05c650c2f63a421d36ef8756c5ce82f2184278643520311cdf50aa200220259565fb9c8e4a87ccaf17f27a3b9ca4f20625754a0920d9c6c239d8156a11de0147304402200a8544eba1d216f5c5e530597665fa9bec56943c0f66d98fc3d028df52d84f7002201e45fa5c6bc3a506cc2553e7d1c0043a9811313fc39c954692c0d47cfce2bbd301475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
10486
10487                 // commitment tx with one output untrimmed (minimum feerate)
10488                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10489                 chan.context.feerate_per_kw = 9651181;
10490
10491                 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
10492                                  "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
10493                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
10494
10495                 // anchors: commitment tx with one output untrimmed (minimum dust limit)
10496                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10497                 chan.context.feerate_per_kw = 6216010;
10498                 chan.context.holder_dust_limit_satoshis = 4001;
10499                 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
10500
10501                 test_commitment_with_anchors!("30450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf",
10502                                  "30450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1",
10503                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80024a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994a04004830450221009ad80792e3038fe6968d12ff23e6888a565c3ddd065037f357445f01675d63f3022018384915e5f1f4ae157e15debf4f49b61c8d9d2b073c7d6f97c4a68caa3ed4c1014830450221008fd5dbff02e4b59020d4cd23a3c30d3e287065fda75a0a09b402980adf68ccda022001e0b8b620cd915ddff11f1de32addf23d81d51b90e6841b2cb8dcaf3faa5ecf01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
10504
10505                 // commitment tx with fee greater than funder amount
10506                 chan.context.value_to_self_msat = 6993000000; // 7000000000 - 7000000
10507                 chan.context.feerate_per_kw = 9651936;
10508                 chan.context.holder_dust_limit_satoshis = 546;
10509                 chan.context.channel_type = cached_channel_type;
10510
10511                 test_commitment!("304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a2",
10512                                  "304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a379",
10513                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8001c0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484040047304402207e8d51e0c570a5868a78414f4e0cbfaed1106b171b9581542c30718ee4eb95ba02203af84194c97adf98898c9afe2f2ed4a7f8dba05a2dfab28ac9d9c604aa49a3790147304402202ade0142008309eb376736575ad58d03e5b115499709c6db0b46e36ff394b492022037b63d78d66404d6504d4c4ac13be346f3d1802928a6d3ad95a6a944227161a201475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {});
10514
10515                 // commitment tx with 3 htlc outputs, 2 offered having the same amount and preimage
10516                 chan.context.value_to_self_msat = 7_000_000_000 - 2_000_000;
10517                 chan.context.feerate_per_kw = 253;
10518                 chan.context.pending_inbound_htlcs.clear();
10519                 chan.context.pending_inbound_htlcs.push({
10520                         let mut out = InboundHTLCOutput{
10521                                 htlc_id: 1,
10522                                 amount_msat: 2000000,
10523                                 cltv_expiry: 501,
10524                                 payment_hash: PaymentHash([0; 32]),
10525                                 state: InboundHTLCState::Committed,
10526                         };
10527                         out.payment_hash.0 = Sha256::hash(&<Vec<u8>>::from_hex("0101010101010101010101010101010101010101010101010101010101010101").unwrap()).to_byte_array();
10528                         out
10529                 });
10530                 chan.context.pending_outbound_htlcs.clear();
10531                 chan.context.pending_outbound_htlcs.push({
10532                         let mut out = OutboundHTLCOutput{
10533                                 htlc_id: 6,
10534                                 amount_msat: 5000001,
10535                                 cltv_expiry: 506,
10536                                 payment_hash: PaymentHash([0; 32]),
10537                                 state: OutboundHTLCState::Committed,
10538                                 source: HTLCSource::dummy(),
10539                                 skimmed_fee_msat: None,
10540                                 blinding_point: None,
10541                         };
10542                         out.payment_hash.0 = Sha256::hash(&<Vec<u8>>::from_hex("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).to_byte_array();
10543                         out
10544                 });
10545                 chan.context.pending_outbound_htlcs.push({
10546                         let mut out = OutboundHTLCOutput{
10547                                 htlc_id: 5,
10548                                 amount_msat: 5000000,
10549                                 cltv_expiry: 505,
10550                                 payment_hash: PaymentHash([0; 32]),
10551                                 state: OutboundHTLCState::Committed,
10552                                 source: HTLCSource::dummy(),
10553                                 skimmed_fee_msat: None,
10554                                 blinding_point: None,
10555                         };
10556                         out.payment_hash.0 = Sha256::hash(&<Vec<u8>>::from_hex("0505050505050505050505050505050505050505050505050505050505050505").unwrap()).to_byte_array();
10557                         out
10558                 });
10559
10560                 test_commitment!("304402207d0870964530f97b62497b11153c551dca0a1e226815ef0a336651158da0f82402200f5378beee0e77759147b8a0a284decd11bfd2bc55c8fafa41c134fe996d43c8",
10561                                  "304402200d10bf5bc5397fc59d7188ae438d80c77575595a2d488e41bd6363a810cc8d72022012b57e714fbbfdf7a28c47d5b370cb8ac37c8545f596216e5b21e9b236ef457c",
10562                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8005d007000000000000220020748eba944fedc8827f6b06bc44678f93c0f9e6078b35c6331ed31e75f8ce0c2d8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121b8813000000000000220020305c12e1a0bc21e283c131cea1c66d68857d28b7b2fce0a6fbc40c164852121bc0c62d0000000000160014cc1b07838e387deacd0e5232e1e8b49f4c29e484a69f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402200d10bf5bc5397fc59d7188ae438d80c77575595a2d488e41bd6363a810cc8d72022012b57e714fbbfdf7a28c47d5b370cb8ac37c8545f596216e5b21e9b236ef457c0147304402207d0870964530f97b62497b11153c551dca0a1e226815ef0a336651158da0f82402200f5378beee0e77759147b8a0a284decd11bfd2bc55c8fafa41c134fe996d43c801475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10563
10564                                   { 0,
10565                                   "3045022100b470fe12e5b7fea9eccb8cbff1972cea4f96758041898982a02bcc7f9d56d50b0220338a75b2afaab4ec00cdd2d9273c68c7581ff5a28bcbb40c4d138b81f1d45ce5",
10566                                   "3044022017b90c65207522a907fb6a137f9dd528b3389465a8ae72308d9e1d564f512cf402204fc917b4f0e88604a3e994f85bfae7c7c1f9d9e9f78e8cd112e0889720d9405b",
10567                                   "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec000000000000000000011f070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100b470fe12e5b7fea9eccb8cbff1972cea4f96758041898982a02bcc7f9d56d50b0220338a75b2afaab4ec00cdd2d9273c68c7581ff5a28bcbb40c4d138b81f1d45ce501473044022017b90c65207522a907fb6a137f9dd528b3389465a8ae72308d9e1d564f512cf402204fc917b4f0e88604a3e994f85bfae7c7c1f9d9e9f78e8cd112e0889720d9405b012001010101010101010101010101010101010101010101010101010101010101018a76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac686800000000" },
10568                                   { 1,
10569                                   "3045022100b575379f6d8743cb0087648f81cfd82d17a97fbf8f67e058c65ce8b9d25df9500220554a210d65b02d9f36c6adf0f639430ca8293196ba5089bf67cc3a9813b7b00a",
10570                                   "3045022100ee2e16b90930a479b13f8823a7f14b600198c838161160b9436ed086d3fc57e002202a66fa2324f342a17129949c640bfe934cbc73a869ba7c06aa25c5a3d0bfb53d",
10571                                   "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec01000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100b575379f6d8743cb0087648f81cfd82d17a97fbf8f67e058c65ce8b9d25df9500220554a210d65b02d9f36c6adf0f639430ca8293196ba5089bf67cc3a9813b7b00a01483045022100ee2e16b90930a479b13f8823a7f14b600198c838161160b9436ed086d3fc57e002202a66fa2324f342a17129949c640bfe934cbc73a869ba7c06aa25c5a3d0bfb53d01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868f9010000" },
10572                                   { 2,
10573                                   "30440220471c9f3ad92e49b13b7b8059f43ecf8f7887b0dccbb9fdb54bfe23d62a8ae332022024bd22fae0740e86a44228c35330da9526fd7306dffb2b9dc362d5e78abef7cc",
10574                                   "304402207157f452f2506d73c315192311893800cfb3cc235cc1185b1cfcc136b55230db022014be242dbc6c5da141fec4034e7f387f74d6ff1899453d72ba957467540e1ecb",
10575                                   "020000000001014bdccf28653066a2c554cafeffdfe1e678e64a69b056684deb0c4fba909423ec02000000000000000001e1120000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220471c9f3ad92e49b13b7b8059f43ecf8f7887b0dccbb9fdb54bfe23d62a8ae332022024bd22fae0740e86a44228c35330da9526fd7306dffb2b9dc362d5e78abef7cc0147304402207157f452f2506d73c315192311893800cfb3cc235cc1185b1cfcc136b55230db022014be242dbc6c5da141fec4034e7f387f74d6ff1899453d72ba957467540e1ecb01008576a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6868fa010000" }
10576                 } );
10577
10578                 chan.context.channel_type = ChannelTypeFeatures::anchors_zero_htlc_fee_and_dependencies();
10579                 test_commitment_with_anchors!("3044022027b38dfb654c34032ffb70bb43022981652fce923cbbe3cbe7394e2ade8b34230220584195b78da6e25c2e8da6b4308d9db25b65b64975db9266163ef592abb7c725",
10580                                  "3045022100b4014970d9d7962853f3f85196144671d7d5d87426250f0a5fdaf9a55292e92502205360910c9abb397467e19dbd63d081deb4a3240903114c98cec0a23591b79b76",
10581                                  "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b80074a010000000000002200202b1b5854183c12d3316565972c4668929d314d81c5dcdbb21cb45fe8a9a8114f4a01000000000000220020e9e86e4823faa62e222ebc858a226636856158f07e69898da3b0d1af0ddb3994d007000000000000220020fe0598d74fee2205cc3672e6e6647706b4f3099713b4661b62482c3addd04a5e881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7881300000000000022002018e40f9072c44350f134bdc887bab4d9bdfc8aa468a25616c80e21757ba5dac7c0c62d0000000000220020f3394e1e619b0eca1f91be2fb5ab4dfc59ba5b84ebe014ad1d43a564d012994aad9c6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0400483045022100b4014970d9d7962853f3f85196144671d7d5d87426250f0a5fdaf9a55292e92502205360910c9abb397467e19dbd63d081deb4a3240903114c98cec0a23591b79b7601473044022027b38dfb654c34032ffb70bb43022981652fce923cbbe3cbe7394e2ade8b34230220584195b78da6e25c2e8da6b4308d9db25b65b64975db9266163ef592abb7c72501475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", {
10582
10583                                   { 0,
10584                                   "30440220078fe5343dab88c348a3a8a9c1a9293259dbf35507ae971702cc39dd623ea9af022011ed0c0f35243cd0bb4d9ca3c772379b2b5f4af93140e9fdc5600dfec1cdb0c2",
10585                                   "304402205df665e2908c7690d2d33eb70e6e119958c28febe141a94ed0dd9a55ce7c8cfc0220364d02663a5d019af35c5cd5fda9465d985d85bbd12db207738d61163449a424",
10586                                   "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c402000000000100000001d0070000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e05004730440220078fe5343dab88c348a3a8a9c1a9293259dbf35507ae971702cc39dd623ea9af022011ed0c0f35243cd0bb4d9ca3c772379b2b5f4af93140e9fdc5600dfec1cdb0c28347304402205df665e2908c7690d2d33eb70e6e119958c28febe141a94ed0dd9a55ce7c8cfc0220364d02663a5d019af35c5cd5fda9465d985d85bbd12db207738d61163449a424012001010101010101010101010101010101010101010101010101010101010101018d76a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c8201208763a9144b6b2e5444c2639cc0fb7bcea5afba3f3cdce23988527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae677502f501b175ac6851b2756800000000" },
10587                                   { 1,
10588                                   "304402202df6bf0f98a42cfd0172a16bded7d1b16c14f5f42ba23f5c54648c14b647531302200fe1508626817f23925bb56951d5e4b2654c751743ab6db48a6cce7dda17c01c",
10589                                   "304402203f99ec05cdd89558a23683b471c1dcce8f6a92295f1fff3b0b5d21be4d4f97ea022019d29070690fc2c126fe27cc4ab2f503f289d362721b2efa7418e7fddb939a5b",
10590                                   "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c40300000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e050047304402202df6bf0f98a42cfd0172a16bded7d1b16c14f5f42ba23f5c54648c14b647531302200fe1508626817f23925bb56951d5e4b2654c751743ab6db48a6cce7dda17c01c8347304402203f99ec05cdd89558a23683b471c1dcce8f6a92295f1fff3b0b5d21be4d4f97ea022019d29070690fc2c126fe27cc4ab2f503f289d362721b2efa7418e7fddb939a5b01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568f9010000" },
10591                                   { 2,
10592                                   "3045022100bd206b420c495f3aa714d3ea4766cbe95441deacb5d2f737f1913349aee7c2ae02200249d2c950dd3b15326bf378ae5d2b871d33d6737f5d70735f3de8383140f2a1",
10593                                   "3045022100f2cd35e385b9b7e15b92a5d78d120b6b2c5af4e974bc01e884c5facb3bb5966c0220706e0506477ce809a40022d6de8e041e9ef13136c45abee9c36f58a01fdb188b",
10594                                   "020000000001013d060d0305c9616eaabc21d41fae85bcb5477b5d7f1c92aa429cf15339bbe1c40400000000010000000188130000000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e0500483045022100bd206b420c495f3aa714d3ea4766cbe95441deacb5d2f737f1913349aee7c2ae02200249d2c950dd3b15326bf378ae5d2b871d33d6737f5d70735f3de8383140f2a183483045022100f2cd35e385b9b7e15b92a5d78d120b6b2c5af4e974bc01e884c5facb3bb5966c0220706e0506477ce809a40022d6de8e041e9ef13136c45abee9c36f58a01fdb188b01008876a91414011f7254d96b819c76986c277d115efce6f7b58763ac67210394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b7c820120876475527c21030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e752ae67a9142002cc93ebefbb1b73f0af055dcc27a0b504ad7688ac6851b27568fa010000" }
10595                 } );
10596         }
10597
10598         #[test]
10599         fn test_per_commitment_secret_gen() {
10600                 // Test vectors from BOLT 3 Appendix D:
10601
10602                 let mut seed = [0; 32];
10603                 seed[0..32].clone_from_slice(&<Vec<u8>>::from_hex("0000000000000000000000000000000000000000000000000000000000000000").unwrap());
10604                 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
10605                            <Vec<u8>>::from_hex("02a40c85b6f28da08dfdbe0926c53fab2de6d28c10301f8f7c4073d5e42e3148").unwrap()[..]);
10606
10607                 seed[0..32].clone_from_slice(&<Vec<u8>>::from_hex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF").unwrap());
10608                 assert_eq!(chan_utils::build_commitment_secret(&seed, 281474976710655),
10609                            <Vec<u8>>::from_hex("7cc854b54e3e0dcdb010d7a3fee464a9687be6e8db3be6854c475621e007a5dc").unwrap()[..]);
10610
10611                 assert_eq!(chan_utils::build_commitment_secret(&seed, 0xaaaaaaaaaaa),
10612                            <Vec<u8>>::from_hex("56f4008fb007ca9acf0e15b054d5c9fd12ee06cea347914ddbaed70d1c13a528").unwrap()[..]);
10613
10614                 assert_eq!(chan_utils::build_commitment_secret(&seed, 0x555555555555),
10615                            <Vec<u8>>::from_hex("9015daaeb06dba4ccc05b91b2f73bd54405f2be9f217fbacd3c5ac2e62327d31").unwrap()[..]);
10616
10617                 seed[0..32].clone_from_slice(&<Vec<u8>>::from_hex("0101010101010101010101010101010101010101010101010101010101010101").unwrap());
10618                 assert_eq!(chan_utils::build_commitment_secret(&seed, 1),
10619                            <Vec<u8>>::from_hex("915c75942a26bb3a433a8ce2cb0427c29ec6c1775cfc78328b57f6ba7bfeaa9c").unwrap()[..]);
10620         }
10621
10622         #[test]
10623         fn test_key_derivation() {
10624                 // Test vectors from BOLT 3 Appendix E:
10625                 let secp_ctx = Secp256k1::new();
10626
10627                 let base_secret = SecretKey::from_slice(&<Vec<u8>>::from_hex("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f").unwrap()[..]).unwrap();
10628                 let per_commitment_secret = SecretKey::from_slice(&<Vec<u8>>::from_hex("1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100").unwrap()[..]).unwrap();
10629
10630                 let base_point = PublicKey::from_secret_key(&secp_ctx, &base_secret);
10631                 assert_eq!(base_point.serialize()[..], <Vec<u8>>::from_hex("036d6caac248af96f6afa7f904f550253a0f3ef3f5aa2fe6838a95b216691468e2").unwrap()[..]);
10632
10633                 let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
10634                 assert_eq!(per_commitment_point.serialize()[..], <Vec<u8>>::from_hex("025f7117a78150fe2ef97db7cfc83bd57b2e2c0d0dd25eaf467a4a1c2a45ce1486").unwrap()[..]);
10635
10636                 assert_eq!(chan_utils::derive_private_key(&secp_ctx, &per_commitment_point, &base_secret),
10637                                 SecretKey::from_slice(&<Vec<u8>>::from_hex("cbced912d3b21bf196a766651e436aff192362621ce317704ea2f75d87e7be0f").unwrap()[..]).unwrap());
10638
10639                 assert_eq!(RevocationKey::from_basepoint(&secp_ctx, &RevocationBasepoint::from(base_point), &per_commitment_point).to_public_key().serialize()[..],
10640                                 <Vec<u8>>::from_hex("02916e326636d19c33f13e8c0c3a03dd157f332f3e99c317c141dd865eb01f8ff0").unwrap()[..]);
10641
10642                 assert_eq!(chan_utils::derive_private_revocation_key(&secp_ctx, &per_commitment_secret, &base_secret),
10643                                 SecretKey::from_slice(&<Vec<u8>>::from_hex("d09ffff62ddb2297ab000cc85bcb4283fdeb6aa052affbc9dddcf33b61078110").unwrap()[..]).unwrap());
10644         }
10645
10646         #[test]
10647         fn test_zero_conf_channel_type_support() {
10648                 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
10649                 let secp_ctx = Secp256k1::new();
10650                 let seed = [42; 32];
10651                 let network = Network::Testnet;
10652                 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
10653                 let logger = test_utils::TestLogger::new();
10654
10655                 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
10656                 let config = UserConfig::default();
10657                 let node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider,
10658                         node_b_node_id, &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42, None).unwrap();
10659
10660                 let mut channel_type_features = ChannelTypeFeatures::only_static_remote_key();
10661                 channel_type_features.set_zero_conf_required();
10662
10663                 let mut open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
10664                 open_channel_msg.common_fields.channel_type = Some(channel_type_features);
10665                 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
10666                 let res = InboundV1Channel::<&TestKeysInterface>::new(&feeest, &&keys_provider, &&keys_provider,
10667                         node_b_node_id, &channelmanager::provided_channel_type_features(&config),
10668                         &channelmanager::provided_init_features(&config), &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false);
10669                 assert!(res.is_ok());
10670         }
10671
10672         #[test]
10673         fn test_supports_anchors_zero_htlc_tx_fee() {
10674                 // Tests that if both sides support and negotiate `anchors_zero_fee_htlc_tx`, it is the
10675                 // resulting `channel_type`.
10676                 let secp_ctx = Secp256k1::new();
10677                 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
10678                 let network = Network::Testnet;
10679                 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
10680                 let logger = test_utils::TestLogger::new();
10681
10682                 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
10683                 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
10684
10685                 let mut config = UserConfig::default();
10686                 config.channel_handshake_config.negotiate_anchors_zero_fee_htlc_tx = true;
10687
10688                 // It is not enough for just the initiator to signal `option_anchors_zero_fee_htlc_tx`, both
10689                 // need to signal it.
10690                 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
10691                         &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
10692                         &channelmanager::provided_init_features(&UserConfig::default()), 10000000, 100000, 42,
10693                         &config, 0, 42, None
10694                 ).unwrap();
10695                 assert!(!channel_a.context.channel_type.supports_anchors_zero_fee_htlc_tx());
10696
10697                 let mut expected_channel_type = ChannelTypeFeatures::empty();
10698                 expected_channel_type.set_static_remote_key_required();
10699                 expected_channel_type.set_anchors_zero_fee_htlc_tx_required();
10700
10701                 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
10702                         &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
10703                         &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42,
10704                         None
10705                 ).unwrap();
10706
10707                 let open_channel_msg = channel_a.get_open_channel(ChainHash::using_genesis_block(network));
10708                 let channel_b = InboundV1Channel::<&TestKeysInterface>::new(
10709                         &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
10710                         &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config),
10711                         &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
10712                 ).unwrap();
10713
10714                 assert_eq!(channel_a.context.channel_type, expected_channel_type);
10715                 assert_eq!(channel_b.context.channel_type, expected_channel_type);
10716         }
10717
10718         #[test]
10719         fn test_rejects_implicit_simple_anchors() {
10720                 // Tests that if `option_anchors` is being negotiated implicitly through the intersection of
10721                 // each side's `InitFeatures`, it is rejected.
10722                 let secp_ctx = Secp256k1::new();
10723                 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
10724                 let network = Network::Testnet;
10725                 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
10726                 let logger = test_utils::TestLogger::new();
10727
10728                 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
10729                 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
10730
10731                 let config = UserConfig::default();
10732
10733                 // See feature bit assignments: https://github.com/lightning/bolts/blob/master/09-features.md
10734                 let static_remote_key_required: u64 = 1 << 12;
10735                 let simple_anchors_required: u64 = 1 << 20;
10736                 let raw_init_features = static_remote_key_required | simple_anchors_required;
10737                 let init_features_with_simple_anchors = InitFeatures::from_le_bytes(raw_init_features.to_le_bytes().to_vec());
10738
10739                 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
10740                         &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
10741                         &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42,
10742                         None
10743                 ).unwrap();
10744
10745                 // Set `channel_type` to `None` to force the implicit feature negotiation.
10746                 let mut open_channel_msg = channel_a.get_open_channel(ChainHash::using_genesis_block(network));
10747                 open_channel_msg.common_fields.channel_type = None;
10748
10749                 // Since A supports both `static_remote_key` and `option_anchors`, but B only accepts
10750                 // `static_remote_key`, it will fail the channel.
10751                 let channel_b = InboundV1Channel::<&TestKeysInterface>::new(
10752                         &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
10753                         &channelmanager::provided_channel_type_features(&config), &init_features_with_simple_anchors,
10754                         &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
10755                 );
10756                 assert!(channel_b.is_err());
10757         }
10758
10759         #[test]
10760         fn test_rejects_simple_anchors_channel_type() {
10761                 // Tests that if `option_anchors` is being negotiated through the `channel_type` feature,
10762                 // it is rejected.
10763                 let secp_ctx = Secp256k1::new();
10764                 let fee_estimator = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
10765                 let network = Network::Testnet;
10766                 let keys_provider = test_utils::TestKeysInterface::new(&[42; 32], network);
10767                 let logger = test_utils::TestLogger::new();
10768
10769                 let node_id_a = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[1; 32]).unwrap());
10770                 let node_id_b = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[2; 32]).unwrap());
10771
10772                 let config = UserConfig::default();
10773
10774                 // See feature bit assignments: https://github.com/lightning/bolts/blob/master/09-features.md
10775                 let static_remote_key_required: u64 = 1 << 12;
10776                 let simple_anchors_required: u64 = 1 << 20;
10777                 let simple_anchors_raw_features = static_remote_key_required | simple_anchors_required;
10778                 let simple_anchors_init = InitFeatures::from_le_bytes(simple_anchors_raw_features.to_le_bytes().to_vec());
10779                 let simple_anchors_channel_type = ChannelTypeFeatures::from_le_bytes(simple_anchors_raw_features.to_le_bytes().to_vec());
10780                 assert!(!simple_anchors_init.requires_unknown_bits());
10781                 assert!(!simple_anchors_channel_type.requires_unknown_bits());
10782
10783                 // First, we'll try to open a channel between A and B where A requests a channel type for
10784                 // the original `option_anchors` feature (non zero fee htlc tx). This should be rejected by
10785                 // B as it's not supported by LDK.
10786                 let channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
10787                         &fee_estimator, &&keys_provider, &&keys_provider, node_id_b,
10788                         &channelmanager::provided_init_features(&config), 10000000, 100000, 42, &config, 0, 42,
10789                         None
10790                 ).unwrap();
10791
10792                 let mut open_channel_msg = channel_a.get_open_channel(ChainHash::using_genesis_block(network));
10793                 open_channel_msg.common_fields.channel_type = Some(simple_anchors_channel_type.clone());
10794
10795                 let res = InboundV1Channel::<&TestKeysInterface>::new(
10796                         &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
10797                         &channelmanager::provided_channel_type_features(&config), &simple_anchors_init,
10798                         &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
10799                 );
10800                 assert!(res.is_err());
10801
10802                 // Then, we'll try to open another channel where A requests a channel type for
10803                 // `anchors_zero_fee_htlc_tx`. B is malicious and tries to downgrade the channel type to the
10804                 // original `option_anchors` feature, which should be rejected by A as it's not supported by
10805                 // LDK.
10806                 let mut channel_a = OutboundV1Channel::<&TestKeysInterface>::new(
10807                         &fee_estimator, &&keys_provider, &&keys_provider, node_id_b, &simple_anchors_init,
10808                         10000000, 100000, 42, &config, 0, 42, None
10809                 ).unwrap();
10810
10811                 let open_channel_msg = channel_a.get_open_channel(ChainHash::using_genesis_block(network));
10812
10813                 let channel_b = InboundV1Channel::<&TestKeysInterface>::new(
10814                         &fee_estimator, &&keys_provider, &&keys_provider, node_id_a,
10815                         &channelmanager::provided_channel_type_features(&config), &channelmanager::provided_init_features(&config),
10816                         &open_channel_msg, 7, &config, 0, &&logger, /*is_0conf=*/false
10817                 ).unwrap();
10818
10819                 let mut accept_channel_msg = channel_b.get_accept_channel_message();
10820                 accept_channel_msg.common_fields.channel_type = Some(simple_anchors_channel_type.clone());
10821
10822                 let res = channel_a.accept_channel(
10823                         &accept_channel_msg, &config.channel_handshake_limits, &simple_anchors_init
10824                 );
10825                 assert!(res.is_err());
10826         }
10827
10828         #[test]
10829         fn test_waiting_for_batch() {
10830                 let feeest = LowerBoundedFeeEstimator::new(&TestFeeEstimator{fee_est: 15000});
10831                 let logger = test_utils::TestLogger::new();
10832                 let secp_ctx = Secp256k1::new();
10833                 let seed = [42; 32];
10834                 let network = Network::Testnet;
10835                 let best_block = BestBlock::from_network(network);
10836                 let chain_hash = ChainHash::using_genesis_block(network);
10837                 let keys_provider = test_utils::TestKeysInterface::new(&seed, network);
10838
10839                 let mut config = UserConfig::default();
10840                 // Set trust_own_funding_0conf while ensuring we don't send channel_ready for a
10841                 // channel in a batch before all channels are ready.
10842                 config.channel_handshake_limits.trust_own_funding_0conf = true;
10843
10844                 // Create a channel from node a to node b that will be part of batch funding.
10845                 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
10846                 let mut node_a_chan = OutboundV1Channel::<&TestKeysInterface>::new(
10847                         &feeest,
10848                         &&keys_provider,
10849                         &&keys_provider,
10850                         node_b_node_id,
10851                         &channelmanager::provided_init_features(&config),
10852                         10000000,
10853                         100000,
10854                         42,
10855                         &config,
10856                         0,
10857                         42,
10858                         None
10859                 ).unwrap();
10860
10861                 let open_channel_msg = node_a_chan.get_open_channel(ChainHash::using_genesis_block(network));
10862                 let node_b_node_id = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[7; 32]).unwrap());
10863                 let mut node_b_chan = InboundV1Channel::<&TestKeysInterface>::new(
10864                         &feeest,
10865                         &&keys_provider,
10866                         &&keys_provider,
10867                         node_b_node_id,
10868                         &channelmanager::provided_channel_type_features(&config),
10869                         &channelmanager::provided_init_features(&config),
10870                         &open_channel_msg,
10871                         7,
10872                         &config,
10873                         0,
10874                         &&logger,
10875                         true,  // Allow node b to send a 0conf channel_ready.
10876                 ).unwrap();
10877
10878                 let accept_channel_msg = node_b_chan.accept_inbound_channel();
10879                 node_a_chan.accept_channel(
10880                         &accept_channel_msg,
10881                         &config.channel_handshake_limits,
10882                         &channelmanager::provided_init_features(&config),
10883                 ).unwrap();
10884
10885                 // Fund the channel with a batch funding transaction.
10886                 let output_script = node_a_chan.context.get_funding_redeemscript();
10887                 let tx = Transaction {
10888                         version: 1,
10889                         lock_time: LockTime::ZERO,
10890                         input: Vec::new(),
10891                         output: vec![
10892                                 TxOut {
10893                                         value: 10000000, script_pubkey: output_script.clone(),
10894                                 },
10895                                 TxOut {
10896                                         value: 10000000, script_pubkey: Builder::new().into_script(),
10897                                 },
10898                         ]};
10899                 let funding_outpoint = OutPoint{ txid: tx.txid(), index: 0 };
10900                 let funding_created_msg = node_a_chan.get_funding_created(
10901                         tx.clone(), funding_outpoint, true, &&logger,
10902                 ).map_err(|_| ()).unwrap();
10903                 let (mut node_b_chan, funding_signed_msg, _) = node_b_chan.funding_created(
10904                         &funding_created_msg.unwrap(),
10905                         best_block,
10906                         &&keys_provider,
10907                         &&logger,
10908                 ).map_err(|_| ()).unwrap();
10909                 let node_b_updates = node_b_chan.monitor_updating_restored(
10910                         &&logger,
10911                         &&keys_provider,
10912                         chain_hash,
10913                         &config,
10914                         0,
10915                 );
10916
10917                 // Receive funding_signed, but the channel will be configured to hold sending channel_ready and
10918                 // broadcasting the funding transaction until the batch is ready.
10919                 let res = node_a_chan.funding_signed(
10920                         &funding_signed_msg.unwrap(), best_block, &&keys_provider, &&logger,
10921                 );
10922                 let (mut node_a_chan, _) = if let Ok(res) = res { res } else { panic!(); };
10923                 let node_a_updates = node_a_chan.monitor_updating_restored(
10924                         &&logger,
10925                         &&keys_provider,
10926                         chain_hash,
10927                         &config,
10928                         0,
10929                 );
10930                 // Our channel_ready shouldn't be sent yet, even with trust_own_funding_0conf set,
10931                 // as the funding transaction depends on all channels in the batch becoming ready.
10932                 assert!(node_a_updates.channel_ready.is_none());
10933                 assert!(node_a_updates.funding_broadcastable.is_none());
10934                 assert_eq!(node_a_chan.context.channel_state, ChannelState::AwaitingChannelReady(AwaitingChannelReadyFlags::WAITING_FOR_BATCH));
10935
10936                 // It is possible to receive a 0conf channel_ready from the remote node.
10937                 node_a_chan.channel_ready(
10938                         &node_b_updates.channel_ready.unwrap(),
10939                         &&keys_provider,
10940                         chain_hash,
10941                         &config,
10942                         &best_block,
10943                         &&logger,
10944                 ).unwrap();
10945                 assert_eq!(
10946                         node_a_chan.context.channel_state,
10947                         ChannelState::AwaitingChannelReady(AwaitingChannelReadyFlags::WAITING_FOR_BATCH | AwaitingChannelReadyFlags::THEIR_CHANNEL_READY)
10948                 );
10949
10950                 // Clear the ChannelState::WaitingForBatch only when called by ChannelManager.
10951                 node_a_chan.set_batch_ready();
10952                 assert_eq!(node_a_chan.context.channel_state, ChannelState::AwaitingChannelReady(AwaitingChannelReadyFlags::THEIR_CHANNEL_READY));
10953                 assert!(node_a_chan.check_get_channel_ready(0).is_some());
10954         }
10955 }