Buffer interactive-tx initial commitment signed from counterparty

This is crucial to enable the splice cancellation use case. When we
process the initial commitment signed from our counterparty, we queue a
monitor update that cannot be undone. To give the user a chance to abort
the splice negotiation before it's committed to, we buffer the message
until a successful call to `Channel::funding_transaction_signed` and
process it then.

Note that this is currently only done for splice and RBF attempts, as
if we want to abort a dual funding negotiation, we can just force close
the channel as it hasn't been funded yet.

Author: wpaulino

lightning/src/ln/channel.rs

@@ -2110,6 +2110,7 @@ where
 									Some(FundingNegotiation::AwaitingSignatures {
 										is_initiator,
 										funding,
+										initial_commitment_signed_from_counterparty: None,
 									});
 								Some(interactive_tx_constructor)
 							} else {
@@ -2203,9 +2204,33 @@ where
 					// which must always come after the initial commitment signed is sent.
 					.unwrap_or(true);
 				let res = if has_negotiated_pending_splice && !session_received_commitment_signed {
-					funded_channel
-						.splice_initial_commitment_signed(msg, fee_estimator, logger)
-						.map(|monitor_update_opt| (None, monitor_update_opt))
+					let has_holder_tx_signatures = funded_channel
+						.context
+						.interactive_tx_signing_session
+						.as_ref()
+						.map(|session| session.holder_tx_signatures().is_some())
+						.unwrap_or(false);
+
+					// We delay processing this until the user manually approves the splice via
+					// [`Channel::funding_transaction_signed`], as otherwise, there would be a
+					// [`ChannelMonitorUpdateStep::RenegotiatedFunding`] committed that we would
+					// need to undo if they no longer wish to proceed.
+					if has_holder_tx_signatures {
+						funded_channel
+							.splice_initial_commitment_signed(msg, fee_estimator, logger)
+							.map(|monitor_update_opt| (None, monitor_update_opt))
+					} else {
+						let pending_splice = funded_channel.pending_splice.as_mut()
+							.expect("We have a pending splice negotiated");
+						let funding_negotiation = pending_splice.funding_negotiation.as_mut()
+							.expect("We have a pending splice negotiated");
+						if let FundingNegotiation::AwaitingSignatures {
+							ref mut initial_commitment_signed_from_counterparty, ..
+						} = funding_negotiation {
+							*initial_commitment_signed_from_counterparty = Some(msg.clone());
+						}
+						Ok((None, None))
+					}
 				} else {
 					funded_channel.commitment_signed(msg, fee_estimator, logger)
 						.map(|monitor_update_opt| (None, monitor_update_opt))
@@ -2689,13 +2714,25 @@ enum FundingNegotiation {
 	AwaitingSignatures {
 		funding: FundingScope,
 		is_initiator: bool,
+		/// The initial [`msgs::CommitmentSigned`] message received for the [`FundingScope`] above.
+		/// We delay processing this until the user manually approves the splice via
+		/// [`Channel::funding_transaction_signed`], as otherwise, there would be a
+		/// [`ChannelMonitorUpdateStep::RenegotiatedFunding`] committed that we would need to undo
+		/// if they no longer wish to proceed.
+		///
+		/// Note that this doesn't need to be done with dual-funded channels as there is no
+		/// equivalent monitor update for them, and we can just force close the channel.
+		///
+		/// This field is not persisted as the message should be resent on reconnections.
+		initial_commitment_signed_from_counterparty: Option<msgs::CommitmentSigned>,
 	},
 }
 
 impl_writeable_tlv_based_enum_upgradable!(FundingNegotiation,
 	(0, AwaitingSignatures) => {
 		(1, funding, required),
 		(3, is_initiator, required),
+		(_unused, initial_commitment_signed_from_counterparty, (static_value, None)),
 	},
 	unread_variants: AwaitingAck, ConstructingTransaction
 );
@@ -9023,6 +9060,50 @@ where
 		}
 	}
 
+	/// If a counterparty's initial `msgs::CommitmentSigned` is currently pending to be processed
+	/// due to the holder signatures not being avialable at the time of receipt, attempt to process
+	/// it now if they are available.
+	pub fn maybe_process_pending_counterparty_initial_commitment_signed<F: Deref, L: Deref>(
+		&mut self, fee_estimator: &LowerBoundedFeeEstimator<F>, logger: &L,
+	) -> Result<Option<ChannelMonitorUpdate>, ChannelError>
+	where
+		F::Target: FeeEstimator,
+		L::Target: Logger,
+	{
+		if self
+			.context
+			.interactive_tx_signing_session
+			.as_ref()
+			.map(|signing_session| {
+				!signing_session.has_local_contribution()
+					&& signing_session.holder_tx_signatures().is_none()
+			})
+			.unwrap_or(true)
+		{
+			return Ok(None);
+		}
+
+		if let Some(commit_sig) = self
+			.pending_splice
+			.as_mut()
+			.and_then(|pending_splice| pending_splice.funding_negotiation.as_mut())
+			.and_then(|funding_negotiation| {
+				if let FundingNegotiation::AwaitingSignatures {
+					ref mut initial_commitment_signed_from_counterparty,
+					..
+				} = funding_negotiation
+				{
+					initial_commitment_signed_from_counterparty.take()
+				} else {
+					None
+				}
+			}) {
+			self.splice_initial_commitment_signed(&commit_sig, fee_estimator, logger)
+		} else {
+			Ok(None)
+		}
+	}
+
 	fn on_tx_signatures_exchange<'a, L: Deref>(
 		&mut self, funding_tx: Transaction, best_block_height: u32,
 		logger: &WithChannelContext<'a, L>,
@@ -9106,6 +9187,7 @@ where
 					// or we're waiting for our counterparty to send theirs first.
 					return Ok(FundingTxSigned {
 						commitment_signed: None,
+
 						tx_signatures: None,
 						funding_tx: None,
 						splice_negotiated: None,