diff --git a/channeld/channel.c b/channeld/channel.c index d5be2260c..626b4eb69 100644 --- a/channeld/channel.c +++ b/channeld/channel.c @@ -2054,6 +2054,8 @@ static void init_channel(struct peer *peer) &funding_signed)) master_badmsg(WIRE_CHANNEL_INIT, msg); + points[REMOTE].htlc = points[REMOTE].payment; + status_trace("init %s: remote_per_commit = %s, old_remote_per_commit = %s" " next_idx_local = %"PRIu64 " next_idx_remote = %"PRIu64 diff --git a/channeld/full_channel.c b/channeld/full_channel.c index a0ba3da53..765fae555 100644 --- a/channeld/full_channel.c +++ b/channeld/full_channel.c @@ -197,8 +197,8 @@ static void add_htlcs(struct bitcoin_tx ***txs, feerate_per_kw, keyset); wscript = bitcoin_wscript_htlc_offer(*wscripts, - &keyset->self_payment_key, - &keyset->other_payment_key, + &keyset->self_htlc_key, + &keyset->other_htlc_key, &htlc->rhash, &keyset->self_revocation_key); } else { @@ -209,8 +209,8 @@ static void add_htlcs(struct bitcoin_tx ***txs, keyset); wscript = bitcoin_wscript_htlc_receive(*wscripts, &htlc->expiry, - &keyset->self_payment_key, - &keyset->other_payment_key, + &keyset->self_htlc_key, + &keyset->other_htlc_key, &htlc->rhash, &keyset->self_revocation_key); } diff --git a/common/htlc_tx.c b/common/htlc_tx.c index ec8e6898a..666cd4f28 100644 --- a/common/htlc_tx.c +++ b/common/htlc_tx.c @@ -92,10 +92,10 @@ struct bitcoin_tx *htlc_success_tx(const tal_t *ctx, /* Fill in the witness for HTLC-success tx produced above. */ void htlc_success_tx_add_witness(struct bitcoin_tx *htlc_success, const struct abs_locktime *htlc_abstimeout, - const struct pubkey *localkey, - const struct pubkey *remotekey, - const secp256k1_ecdsa_signature *localsig, - const secp256k1_ecdsa_signature *remotesig, + const struct pubkey *localhtlckey, + const struct pubkey *remotehtlckey, + const secp256k1_ecdsa_signature *localhtlcsig, + const secp256k1_ecdsa_signature *remotehtlcsig, const struct preimage *payment_preimage, const struct pubkey *revocationkey) { @@ -105,12 +105,12 @@ void htlc_success_tx_add_witness(struct bitcoin_tx *htlc_success, sha256(&hash, payment_preimage, sizeof(*payment_preimage)); wscript = bitcoin_wscript_htlc_receive(htlc_success, htlc_abstimeout, - localkey, remotekey, + localhtlckey, remotehtlckey, &hash, revocationkey); htlc_success->input[0].witness = bitcoin_witness_htlc_success_tx(htlc_success->input, - localsig, remotesig, + localhtlcsig, remotehtlcsig, payment_preimage, wscript); tal_free(wscript); @@ -138,20 +138,20 @@ struct bitcoin_tx *htlc_timeout_tx(const tal_t *ctx, /* Fill in the witness for HTLC-timeout tx produced above. */ void htlc_timeout_tx_add_witness(struct bitcoin_tx *htlc_timeout, - const struct pubkey *localkey, - const struct pubkey *remotekey, + const struct pubkey *localhtlckey, + const struct pubkey *remotehtlckey, const struct sha256 *payment_hash, const struct pubkey *revocationkey, - const secp256k1_ecdsa_signature *localsig, - const secp256k1_ecdsa_signature *remotesig) + const secp256k1_ecdsa_signature *localhtlcsig, + const secp256k1_ecdsa_signature *remotehtlcsig) { u8 *wscript = bitcoin_wscript_htlc_offer(htlc_timeout, - localkey, remotekey, + localhtlckey, remotehtlckey, payment_hash, revocationkey); htlc_timeout->input[0].witness = bitcoin_witness_htlc_timeout_tx(htlc_timeout->input, - localsig, remotesig, + localhtlcsig, remotehtlcsig, wscript); tal_free(wscript); } @@ -161,8 +161,8 @@ u8 *htlc_offered_wscript(const tal_t *ctx, const struct keyset *keyset) { return bitcoin_wscript_htlc_offer_ripemd160(ctx, - &keyset->self_payment_key, - &keyset->other_payment_key, + &keyset->self_htlc_key, + &keyset->other_htlc_key, ripemd, &keyset->self_revocation_key); } @@ -174,8 +174,8 @@ u8 *htlc_received_wscript(const tal_t *ctx, { return bitcoin_wscript_htlc_receive_ripemd(ctx, expiry, - &keyset->self_payment_key, - &keyset->other_payment_key, + &keyset->self_htlc_key, + &keyset->other_htlc_key, ripemd, &keyset->self_revocation_key); } diff --git a/lightningd/test/run-commit_tx.c b/lightningd/test/run-commit_tx.c index 28e9f66f8..5a7184ccd 100644 --- a/lightningd/test/run-commit_tx.c +++ b/lightningd/test/run-commit_tx.c @@ -196,11 +196,13 @@ static struct pubkey pubkey_from_hex(const char *hex) static void report_htlcs(const struct bitcoin_tx *tx, const struct htlc **htlc_map, u16 to_self_delay, - const struct privkey *local_secretkey, + const struct privkey *local_htlcsecretkey, const struct pubkey *localkey, + const struct pubkey *local_htlckey, const struct pubkey *local_delayedkey, - const struct privkey *x_remote_secretkey, + const struct privkey *x_remote_htlcsecretkey, const struct pubkey *remotekey, + const struct pubkey *remote_htlckey, const struct pubkey *remote_revocation_key, u64 feerate_per_kw) { @@ -208,13 +210,13 @@ static void report_htlcs(const struct bitcoin_tx *tx, size_t i, n; struct sha256_double txid; struct bitcoin_tx **htlc_tx; - secp256k1_ecdsa_signature *remotesig; + secp256k1_ecdsa_signature *remotehtlcsig; struct keyset keyset; u8 **wscript; htlc_tx = tal_arrz(tmpctx, struct bitcoin_tx *, tal_count(htlc_map)); - remotesig = tal_arr(tmpctx, secp256k1_ecdsa_signature, - tal_count(htlc_map)); + remotehtlcsig = tal_arr(tmpctx, secp256k1_ecdsa_signature, + tal_count(htlc_map)); wscript = tal_arr(tmpctx, u8 *, tal_count(htlc_map)); bitcoin_txid(tx, &txid); @@ -232,6 +234,8 @@ static void report_htlcs(const struct bitcoin_tx *tx, keyset.self_delayed_payment_key = *local_delayedkey; keyset.self_payment_key = *localkey; keyset.other_payment_key = *remotekey; + keyset.self_htlc_key = *local_htlckey; + keyset.other_htlc_key = *remote_htlckey; for (i = 0; i < tal_count(htlc_map); i++) { const struct htlc *htlc = htlc_map[i]; @@ -247,8 +251,8 @@ static void report_htlcs(const struct bitcoin_tx *tx, feerate_per_kw, &keyset); wscript[i] = bitcoin_wscript_htlc_offer(tmpctx, - localkey, - remotekey, + local_htlckey, + remote_htlckey, &htlc->rhash, remote_revocation_key); } else { @@ -259,25 +263,25 @@ static void report_htlcs(const struct bitcoin_tx *tx, &keyset); wscript[i] = bitcoin_wscript_htlc_receive(tmpctx, &htlc->expiry, - localkey, - remotekey, + local_htlckey, + remote_htlckey, &htlc->rhash, remote_revocation_key); } sign_tx_input(htlc_tx[i], 0, NULL, wscript[i], - x_remote_secretkey, remotekey, - &remotesig[i]); + x_remote_htlcsecretkey, remote_htlckey, + &remotehtlcsig[i]); printf("# signature for output %zi (htlc %"PRIu64")\n", i, htlc->id); printf("remote_htlc_signature = %s\n", type_to_string(tmpctx, secp256k1_ecdsa_signature, - &remotesig[i])); + &remotehtlcsig[i])); } /* For any HTLC outputs, produce htlc_tx */ for (i = 0; i < tal_count(htlc_map); i++) { - secp256k1_ecdsa_signature localsig; + secp256k1_ecdsa_signature localhtlcsig; const struct htlc *htlc = htlc_map[i]; if (!htlc) @@ -286,22 +290,26 @@ static void report_htlcs(const struct bitcoin_tx *tx, sign_tx_input(htlc_tx[i], 0, NULL, wscript[i], - local_secretkey, localkey, - &localsig); + local_htlcsecretkey, local_htlckey, + &localhtlcsig); printf("# local_signature = %s\n", type_to_string(tmpctx, secp256k1_ecdsa_signature, - &localsig)); + &localhtlcsig)); if (htlc_owner(htlc) == LOCAL) { htlc_timeout_tx_add_witness(htlc_tx[i], - localkey, remotekey, + local_htlckey, + remote_htlckey, &htlc->rhash, remote_revocation_key, - &localsig, &remotesig[i]); + &localhtlcsig, + &remotehtlcsig[i]); } else { htlc_success_tx_add_witness(htlc_tx[i], &htlc->expiry, - localkey, remotekey, - &localsig, &remotesig[i], + local_htlckey, + remote_htlckey, + &localhtlcsig, + &remotehtlcsig[i], htlc->r, remote_revocation_key); } @@ -320,11 +328,13 @@ static void report(struct bitcoin_tx *tx, const struct privkey *local_funding_privkey, const struct pubkey *local_funding_pubkey, u16 to_self_delay, - const struct privkey *local_secretkey, + const struct privkey *local_htlcsecretkey, const struct pubkey *localkey, + const struct pubkey *local_htlckey, const struct pubkey *local_delayedkey, - const struct privkey *x_remote_secretkey, + const struct privkey *x_remote_htlcsecretkey, const struct pubkey *remotekey, + const struct pubkey *remote_htlckey, const struct pubkey *remote_revocation_key, u64 feerate_per_kw, const struct htlc **htlc_map) @@ -355,10 +365,10 @@ static void report(struct bitcoin_tx *tx, printf("output commit_tx: %s\n", txhex); report_htlcs(tx, htlc_map, to_self_delay, - local_secretkey, localkey, + local_htlcsecretkey, localkey, local_htlckey, local_delayedkey, - x_remote_secretkey, - remotekey, + x_remote_htlcsecretkey, + remotekey, remote_htlckey, remote_revocation_key, feerate_per_kw); tal_free(tmpctx); @@ -439,17 +449,20 @@ int main(void) /* x_ prefix means internal vars we used to derive spec */ struct privkey local_funding_privkey, x_remote_funding_privkey; struct secret x_local_payment_basepoint_secret, x_remote_payment_basepoint_secret; + struct secret x_local_htlc_basepoint_secret, x_remote_htlc_basepoint_secret; struct secret x_local_per_commitment_secret; struct secret x_local_delayed_payment_basepoint_secret; struct secret x_remote_revocation_basepoint_secret; - struct privkey local_secretkey, x_remote_secretkey; + struct privkey local_htlcsecretkey, x_remote_htlcsecretkey; struct privkey x_local_delayed_secretkey; struct pubkey local_funding_pubkey, remote_funding_pubkey; struct pubkey local_payment_basepoint, remote_payment_basepoint; + struct pubkey local_htlc_basepoint, remote_htlc_basepoint; struct pubkey x_local_delayed_payment_basepoint; struct pubkey x_remote_revocation_basepoint; struct pubkey x_local_per_commitment_point; struct pubkey localkey, remotekey, tmpkey; + struct pubkey local_htlckey, remote_htlckey; struct pubkey local_delayedkey; struct pubkey remote_revocation_key; struct bitcoin_tx *tx, *tx2; @@ -579,13 +592,19 @@ int main(void) &remote_payment_basepoint)) abort(); - if (!derive_simple_privkey(&x_remote_payment_basepoint_secret, - &remote_payment_basepoint, + /* FIXME: BOLT should include separate HTLC keys */ + local_htlc_basepoint = local_payment_basepoint; + remote_htlc_basepoint = remote_payment_basepoint; + x_local_htlc_basepoint_secret = x_local_payment_basepoint_secret; + x_remote_htlc_basepoint_secret = x_remote_payment_basepoint_secret; + + if (!derive_simple_privkey(&x_remote_htlc_basepoint_secret, + &remote_htlc_basepoint, &x_local_per_commitment_point, - &x_remote_secretkey)) + &x_remote_htlcsecretkey)) abort(); SUPERVERBOSE("INTERNAL: remote_secretkey: %s\n", - type_to_string(tmpctx, struct privkey, &x_remote_secretkey)); + type_to_string(tmpctx, struct privkey, &x_remote_htlcsecretkey)); if (!derive_simple_privkey(&x_local_delayed_payment_basepoint_secret, &x_local_delayed_payment_basepoint, @@ -620,21 +639,18 @@ int main(void) printf("remote_funding_pubkey: %s\n", type_to_string(tmpctx, struct pubkey, &remote_funding_pubkey)); - if (!derive_simple_privkey(&x_local_payment_basepoint_secret, + if (!derive_simple_privkey(&x_local_htlc_basepoint_secret, &local_payment_basepoint, &x_local_per_commitment_point, - &local_secretkey)) + &local_htlcsecretkey)) abort(); printf("local_secretkey: %s\n", - type_to_string(tmpctx, struct privkey, &local_secretkey)); + type_to_string(tmpctx, struct privkey, &local_htlcsecretkey)); - if (!pubkey_from_privkey(&local_secretkey, &localkey)) - abort(); if (!derive_simple_key(&local_payment_basepoint, &x_local_per_commitment_point, - &tmpkey)) + &localkey)) abort(); - assert(pubkey_eq(&tmpkey, &localkey)); printf("localkey: %s\n", type_to_string(tmpctx, struct pubkey, &localkey)); @@ -645,6 +661,22 @@ int main(void) printf("remotekey: %s\n", type_to_string(tmpctx, struct pubkey, &remotekey)); + if (!pubkey_from_privkey(&local_htlcsecretkey, &local_htlckey)) + abort(); + if (!derive_simple_key(&local_htlc_basepoint, + &x_local_per_commitment_point, + &tmpkey)) + abort(); + assert(pubkey_eq(&tmpkey, &local_htlckey)); + printf("local_htlckey: %s\n", + type_to_string(tmpctx, struct pubkey, &local_htlckey)); + + if (!derive_simple_key(&remote_htlc_basepoint, + &x_local_per_commitment_point, + &remote_htlckey)) + abort(); + printf("remote_htlckey: %s\n", + type_to_string(tmpctx, struct pubkey, &remote_htlckey)); if (!pubkey_from_privkey(&x_local_delayed_secretkey, &local_delayedkey)) abort(); @@ -688,6 +720,8 @@ int main(void) keyset.self_delayed_payment_key = local_delayedkey; keyset.self_payment_key = localkey; keyset.other_payment_key = remotekey; + keyset.self_htlc_key = local_htlckey; + keyset.other_htlc_key = remote_htlckey; print_superverbose = true; tx = commit_tx(tmpctx, &funding_txid, funding_output_index, @@ -715,11 +749,13 @@ int main(void) report(tx, wscript, &x_remote_funding_privkey, &remote_funding_pubkey, &local_funding_privkey, &local_funding_pubkey, to_self_delay, - &local_secretkey, + &local_htlcsecretkey, &localkey, + &local_htlckey, &local_delayedkey, - &x_remote_secretkey, + &x_remote_htlcsecretkey, &remotekey, + &remote_htlckey, &remote_revocation_key, feerate_per_kw, htlc_map); @@ -768,11 +804,13 @@ int main(void) report(tx, wscript, &x_remote_funding_privkey, &remote_funding_pubkey, &local_funding_privkey, &local_funding_pubkey, to_self_delay, - &local_secretkey, + &local_htlcsecretkey, &localkey, + &local_htlckey, &local_delayedkey, - &x_remote_secretkey, + &x_remote_htlcsecretkey, &remotekey, + &remote_htlckey, &remote_revocation_key, feerate_per_kw, htlc_map); @@ -840,11 +878,13 @@ int main(void) &x_remote_funding_privkey, &remote_funding_pubkey, &local_funding_privkey, &local_funding_pubkey, to_self_delay, - &local_secretkey, + &local_htlcsecretkey, &localkey, + &local_htlckey, &local_delayedkey, - &x_remote_secretkey, + &x_remote_htlcsecretkey, &remotekey, + &remote_htlckey, &remote_revocation_key, feerate_per_kw-1, htlc_map); @@ -874,11 +914,13 @@ int main(void) &x_remote_funding_privkey, &remote_funding_pubkey, &local_funding_privkey, &local_funding_pubkey, to_self_delay, - &local_secretkey, + &local_htlcsecretkey, &localkey, + &local_htlckey, &local_delayedkey, - &x_remote_secretkey, + &x_remote_htlcsecretkey, &remotekey, + &remote_htlckey, &remote_revocation_key, feerate_per_kw, htlc_map); @@ -930,11 +972,13 @@ int main(void) &x_remote_funding_privkey, &remote_funding_pubkey, &local_funding_privkey, &local_funding_pubkey, to_self_delay, - &local_secretkey, + &local_htlcsecretkey, &localkey, + &local_htlckey, &local_delayedkey, - &x_remote_secretkey, + &x_remote_htlcsecretkey, &remotekey, + &remote_htlckey, &remote_revocation_key, feerate_per_kw, htlc_map); diff --git a/openingd/opening.c b/openingd/opening.c index e924e741d..9df9adc0f 100644 --- a/openingd/opening.c +++ b/openingd/opening.c @@ -269,7 +269,7 @@ static u8 *funder_channel(struct state *state, /* BOLT #2: * * The receiver MUST fail the channel if `funding_pubkey`, - * `revocation_basepoint`, `payment_basepoint` or + * `revocation_basepoint`, `htlc_basepoint`, `payment_basepoint` or * `delayed_payment_basepoint` are not valid DER-encoded compressed * secp256k1 pubkeys. */ @@ -291,6 +291,9 @@ static u8 *funder_channel(struct state *state, peer_failed(PEER_FD, &state->cs, &state->channel_id, "Parsing accept_channel %s", tal_hex(msg, msg)); + /* FIXME */ + theirs.htlc = theirs.payment; + /* BOLT #2: * * The `temporary_channel_id` MUST be the same as the @@ -471,7 +474,7 @@ static u8 *fundee_channel(struct state *state, /* BOLT #2: * * The receiver MUST fail the channel if `funding_pubkey`, - * `revocation_basepoint`, `payment_basepoint` or + * `revocation_basepoint`, `htlc_basepoint`, `payment_basepoint` or * `delayed_payment_basepoint` are not valid DER-encoded compressed * secp256k1 pubkeys. */ @@ -495,6 +498,9 @@ static u8 *fundee_channel(struct state *state, "Bad open_channel %s", tal_hex(peer_msg, peer_msg)); + /* FIXME */ + theirs.htlc = theirs.payment; + /* BOLT #2: * * The receiving node MUST reject the channel if the `chain_hash` value