channeld: make per_commit_point and per_commit_secret handling clearer.

All the +1 and -1 in the existing combination routine were confusing. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
8 years ago · 90284af249
3 changed files with 45 additions and 28 deletions
--- a/lightningd/channel/channel.c
+++ b/lightningd/channel/channel.c
@ -583,11 +583,10 @@ static struct io_plan *send_revocation(struct io_conn *conn, struct peer *peer)
 	u8 *msg;

 	peer->old_per_commit[LOCAL] = peer->current_per_commit[LOCAL];
-	if (!next_per_commit_point(&peer->shaseed, &old_commit_secret,
-				   &peer->current_per_commit[LOCAL],
-				   peer->commit_index[LOCAL]))
-		status_failed(WIRE_CHANNEL_CRYPTO_FAILED,
-			      "Deriving next commit_point");
+
+	/* Get N-1th secret. */
+	per_commit_secret(&peer->shaseed, &old_commit_secret,
+			  peer->commit_index[LOCAL] - 1);

 	pubkey_from_privkey((struct privkey *)&old_commit_secret, &test);
 	if (!pubkey_eq(&test, &oldpoint))
@ -596,7 +595,12 @@ static struct io_plan *send_revocation(struct io_conn *conn, struct peer *peer)
 			      tal_hexstr(trc, &old_commit_secret,
 					 sizeof(old_commit_secret)));

-	peer->commit_index[LOCAL]++;
+	/* Send N+1th point. */
+	if (!per_commit_point(&peer->shaseed,
+			      &peer->current_per_commit[LOCAL],
+			      ++peer->commit_index[LOCAL]))
+		status_failed(WIRE_CHANNEL_CRYPTO_FAILED,
+			      "Deriving next commit_point");

 	/* If this queues more changes on the other end, send commit. */
 	if (channel_sending_revoke_and_ack(peer->channel)) {
@ -1348,9 +1352,9 @@ static void handle_funding_locked(struct peer *peer, const u8 *msg)
 					     &peer->short_channel_ids[LOCAL]))
 		status_failed(WIRE_CHANNEL_BAD_COMMAND, "%s", tal_hex(msg, msg));

-	next_per_commit_point(&peer->shaseed, NULL,
-			      &peer->current_per_commit[LOCAL],
-			      peer->commit_index[LOCAL]++);
+	per_commit_point(&peer->shaseed,
+			 &peer->current_per_commit[LOCAL],
+			 ++peer->commit_index[LOCAL]);

 	msg = towire_funding_locked(peer,
 				    &peer->channel_id,
--- a/lightningd/derive_basepoints.c
+++ b/lightningd/derive_basepoints.c
@ -68,23 +68,22 @@ bool derive_basepoints(const struct privkey *seed,
 	return true;
 }

-bool next_per_commit_point(const struct sha256 *shaseed,
-			   struct sha256 *old_commit_secret,
-			   struct pubkey *per_commit_point,
-			   u64 per_commit_index)
+void per_commit_secret(const struct sha256 *shaseed,
+		       struct sha256 *commit_secret,
+		       u64 per_commit_index)
 {
-	struct sha256 per_commit_secret;
-
+	shachain_from_seed(shaseed, shachain_index(per_commit_index),
+			   commit_secret);
+}

-	/* Get old secret. */
-	if (per_commit_index > 0)
-		shachain_from_seed(shaseed, shachain_index(per_commit_index - 1),
-				   old_commit_secret);
-	else
-		assert(old_commit_secret == NULL);
+bool per_commit_point(const struct sha256 *shaseed,
+		      struct pubkey *commit_point,
+		      u64 per_commit_index)
+{
+	struct sha256 per_commit_secret;

 	/* Derive new per-commitment-point. */
-	shachain_from_seed(shaseed, shachain_index(per_commit_index + 1),
+	shachain_from_seed(shaseed, shachain_index(per_commit_index),
 			   &per_commit_secret);

 	/* BOLT #3:
@ -94,7 +93,7 @@ bool next_per_commit_point(const struct sha256 *shaseed,
 	 * 	per_commitment_point = per_commitment_secret * G
 	 */
 	if (secp256k1_ec_pubkey_create(secp256k1_ctx,
-				       &per_commit_point->pubkey,
+				       &commit_point->pubkey,
 				       per_commit_secret.u.u8) != 1)
 		return false;

--- a/lightningd/derive_basepoints.h
+++ b/lightningd/derive_basepoints.h
@ -37,11 +37,25 @@ bool derive_basepoints(const struct privkey *seed,
 		       struct pubkey *per_commit_point,
 		       u64 per_commit_index);

-/* Give up secret for index-1, and generate per-commitment point for N+1. */
-bool next_per_commit_point(const struct sha256 *shaseed,
-			   struct sha256 *old_commit_secret,
-			   struct pubkey *per_commit_point,
-			   u64 per_commit_index);
+/**
+ * per_commit_secret - get a secret for this index.
+ * @shaseed: the sha256 seed
+ * @commit_secret: the returned per-commit secret.
+ * @per_commit_index: (in) which @commit_secret to return.
+ */
+void per_commit_secret(const struct sha256 *shaseed,
+		       struct sha256 *commit_secret,
+		       u64 per_commit_index);
+
+/**
+ * per_commit_point - get the per-commit-point for this index.
+ * @shaseed: the sha256 seed
+ * @commit_point: the returned per-commit point.
+ * @per_commit_index: (in) which @commit_point to return.
+ */
+bool per_commit_point(const struct sha256 *shaseed,
+		      struct pubkey *commit_point,
+		      u64 per_commit_index);

 /* BOLT #3:
 *