lightningd/derive_basepoints: hoist derivation logic.

All the daemons will use a common seed for point derivation, so drag it out of lightningd/opening. This also provide a nice struct wrapper to reduce argument count. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
8 years ago · c64447a929
7 changed files with 196 additions and 199 deletions
--- a/lightningd/Makefile
+++ b/lightningd/Makefile
@ -42,6 +42,7 @@ LIGHTNINGD_LIB_SRC :=				\
 	lightningd/cryptomsg.c			\
 	lightningd/crypto_sync.c		\
 	lightningd/debug.c			\
+	lightningd/derive_basepoints.c		\
 	lightningd/funding_tx.c			\
 	lightningd/htlc_tx.c			\
 	lightningd/key_derive.c			\
--- a/lightningd/channel.c
+++ b/lightningd/channel.c
@ -108,12 +108,8 @@ struct channel *new_channel(const tal_t *ctx,
 			    u32 feerate_per_kw,
 			    const struct channel_config *local,
 			    const struct channel_config *remote,
-			    const struct pubkey *local_revocation_basepoint,
-			    const struct pubkey *remote_revocation_basepoint,
-			    const struct pubkey *local_payment_basepoint,
-			    const struct pubkey *remote_payment_basepoint,
-			    const struct pubkey *local_delayed_payment_basepoint,
-			    const struct pubkey *remote_delayed_payment_basepoint,
+			    const struct basepoints *local_basepoints,
+			    const struct basepoints *remote_basepoints,
 			    enum side funder)
 {
 	struct channel *channel = tal(ctx, struct channel);
@ -147,18 +143,12 @@ struct channel *new_channel(const tal_t *ctx,
 		= channel->view[REMOTE].commitment_number
 		= 0;

-	channel->revocation_basepoint[LOCAL] = *local_revocation_basepoint;
-	channel->revocation_basepoint[REMOTE] = *remote_revocation_basepoint;
-	channel->payment_basepoint[LOCAL] = *local_payment_basepoint;
-	channel->payment_basepoint[REMOTE] = *remote_payment_basepoint;
-	channel->delayed_payment_basepoint[LOCAL]
-		= *local_delayed_payment_basepoint;
-	channel->delayed_payment_basepoint[REMOTE]
-		= *remote_delayed_payment_basepoint;
+	channel->basepoints[LOCAL] = *local_basepoints;
+	channel->basepoints[REMOTE] = *remote_basepoints;

 	channel->commitment_number_obscurer
-		= commit_number_obscurer(&channel->payment_basepoint[funder],
-					 &channel->payment_basepoint[!funder]);
+		= commit_number_obscurer(&channel->basepoints[funder].payment,
+					 &channel->basepoints[!funder].payment);

 	tal_add_destructor(channel, destroy_htlc_map);
 	return channel;
@ -180,22 +170,22 @@ struct bitcoin_tx *channel_tx(const tal_t *ctx,
 	/* Revocation payment key for @side */
 	struct pubkey side_revocation_key;

-	if (!derive_simple_key(&channel->payment_basepoint[side],
+	if (!derive_simple_key(&channel->basepoints[side].payment,
 			       per_commitment_point,
 			       &side_payment_key))
 		return NULL;

-	if (!derive_simple_key(&channel->payment_basepoint[!side],
+	if (!derive_simple_key(&channel->basepoints[!side].payment,
 			       per_commitment_point,
 			       &other_payment_key))
 		return NULL;

-	if (!derive_simple_key(&channel->delayed_payment_basepoint[side],
+	if (!derive_simple_key(&channel->basepoints[side].delayed_payment,
 			       per_commitment_point,
 			       &side_delayed_payment_key))
 		return NULL;

-	if (!derive_revocation_key(&channel->revocation_basepoint[side],
+	if (!derive_revocation_key(&channel->basepoints[side].revocation,
 				   per_commitment_point,
 				   &side_revocation_key))
 		return NULL;
--- a/lightningd/channel.h
+++ b/lightningd/channel.h
@ -7,6 +7,7 @@
 #include <ccan/tal/tal.h>
 #include <daemon/htlc.h>
 #include <lightningd/channel_config.h>
+#include <lightningd/derive_basepoints.h>
 #include <stdbool.h>

 struct signature;
@ -38,9 +39,7 @@ struct channel {
 	const struct channel_config *config[NUM_SIDES];

 	/* Basepoints for deriving keys. */
-	struct pubkey revocation_basepoint[NUM_SIDES];
-	struct pubkey payment_basepoint[NUM_SIDES];
-	struct pubkey delayed_payment_basepoint[NUM_SIDES];
+	struct basepoints basepoints[NUM_SIDES];

 	/* Mask for obscuring the encoding of the commitment number. */
 	u64 commitment_number_obscurer;
@ -125,12 +124,8 @@ static inline u16 to_self_delay(const struct channel *channel, enum side side)
 * @feerate_per_kw: feerate per kiloweight (satoshis)
 * @local: local channel configuration
 * @remote: remote channel configuration
- * @local_revocation_basepoint: local basepoint for revocations.
- * @remote_revocation_basepoint: remote basepoint for revocations.
- * @local_payment_basepoint: local basepoint for payments.
- * @remote_payment_basepoint: remote basepoint for payments.
- * @local_delayed_payment_basepoint: local basepoint for delayed payments.
- * @remote_delayed_payment_basepoint: remote basepoint for delayed payments.
+ * @local_basepoints: local basepoints.
+ * @remote_basepoints: remote basepoints.
 * @funder: which side initiated it.
 *
 * Returns state, or NULL if malformed.
@ -143,12 +138,8 @@ struct channel *new_channel(const tal_t *ctx,
 			    u32 feerate_per_kw,
 			    const struct channel_config *local,
 			    const struct channel_config *remote,
-			    const struct pubkey *local_revocation_basepoint,
-			    const struct pubkey *remote_revocation_basepoint,
-			    const struct pubkey *local_payment_basepoint,
-			    const struct pubkey *remote_payment_basepoint,
-			    const struct pubkey *local_delayed_payment_basepoint,
-			    const struct pubkey *remote_delayed_payment_basepoint,
+			    const struct basepoints *local_basepoints,
+			    const struct basepoints *remote_basepoints,
 			    enum side funder);
 /**
 * channel_tx: Get the current commitment transaction for the channel.
--- a/lightningd/derive_basepoints.c
+++ b/lightningd/derive_basepoints.c
@ -0,0 +1,61 @@
+#include <ccan/crypto/hkdf_sha256/hkdf_sha256.h>
+#include <ccan/crypto/sha256/sha256.h>
+#include <ccan/crypto/shachain/shachain.h>
+#include <lightningd/derive_basepoints.h>
+#include <utils.h>
+
+bool derive_basepoints(const struct privkey *seed,
+		       struct pubkey *funding_pubkey,
+		       struct basepoints *basepoints,
+		       struct secrets *secrets,
+		       struct sha256 *shaseed,
+		       struct pubkey *per_commit_point,
+		       u64 per_commit_index)
+{
+	struct sha256 per_commit_secret;
+	struct keys {
+		struct privkey f, r, p, d;
+		struct sha256 shaseed;
+	} keys;
+
+	hkdf_sha256(&keys, sizeof(keys), NULL, 0, seed, sizeof(*seed),
+		    "c-lightning", strlen("c-lightning"));
+
+	secrets->funding_privkey = keys.f;
+	secrets->revocation_basepoint_secret = keys.r;
+	secrets->payment_basepoint_secret = keys.p;
+	secrets->delayed_payment_basepoint_secret = keys.d;
+
+	if (!pubkey_from_privkey(&keys.f, funding_pubkey)
+	    || !pubkey_from_privkey(&keys.r, &basepoints->revocation)
+	    || !pubkey_from_privkey(&keys.p, &basepoints->payment)
+	    || !pubkey_from_privkey(&keys.d, &basepoints->delayed_payment))
+		return false;
+
+	/* BOLT #3:
+	 *
+	 * A node MUST select an unguessable 256-bit seed for each connection,
+	 * and MUST NOT reveal the seed.
+	 */
+	*shaseed = keys.shaseed;
+
+	/* BOLT #3:
+	 *
+	 * the first secret used MUST be index 281474976710655, and then the
+	 * index decremented. */
+	shachain_from_seed(shaseed, 281474976710655ULL - per_commit_index,
+			   &per_commit_secret);
+
+	/* BOLT #3:
+	 *
+	 * The `per-commitment-point` is generated using EC multiplication:
+	 *
+	 * 	per-commitment-point = per-commitment-secret * G
+	 */
+	if (secp256k1_ec_pubkey_create(secp256k1_ctx,
+				       &per_commit_point->pubkey,
+				       per_commit_secret.u.u8) != 1)
+		return false;
+
+	return true;
+}
--- a/lightningd/derive_basepoints.h
+++ b/lightningd/derive_basepoints.h
@ -0,0 +1,30 @@
+#ifndef LIGHTNING_LIGHTNINGD_DERIVE_BASEPOINTS_H
+#define LIGHTNING_LIGHTNINGD_DERIVE_BASEPOINTS_H
+#include "config.h"
+#include <bitcoin/privkey.h>
+#include <bitcoin/pubkey.h>
+
+struct sha256;
+
+struct basepoints {
+	struct pubkey revocation;
+	struct pubkey payment;
+	struct pubkey delayed_payment;
+};
+
+struct secrets {
+	struct privkey funding_privkey;
+	struct privkey revocation_basepoint_secret;
+	struct privkey payment_basepoint_secret;
+	struct privkey delayed_payment_basepoint_secret;
+};
+
+bool derive_basepoints(const struct privkey *seed,
+		       struct pubkey *funding_pubkey,
+		       struct basepoints *basepoints,
+		       struct secrets *secrets,
+		       struct sha256 *shaseed,
+		       struct pubkey *per_commit_point,
+		       u64 per_commit_index);
+
+#endif /* LIGHTNING_LIGHTNINGD_DERIVE_BASEPOINTS_H */
--- a/lightningd/opening/opening.c
+++ b/lightningd/opening/opening.c
@ -3,8 +3,6 @@
 #include <bitcoin/script.h>
 #include <ccan/breakpoint/breakpoint.h>
 #include <ccan/build_assert/build_assert.h>
-#include <ccan/crypto/hkdf_sha256/hkdf_sha256.h>
-#include <ccan/crypto/shachain/shachain.h>
 #include <ccan/fdpass/fdpass.h>
 #include <ccan/structeq/structeq.h>
 #include <errno.h>
@ -13,6 +11,7 @@
 #include <lightningd/commit_tx.h>
 #include <lightningd/crypto_sync.h>
 #include <lightningd/debug.h>
+#include <lightningd/derive_basepoints.h>
 #include <lightningd/key_derive.h>
 #include <lightningd/opening/gen_opening_control_wire.h>
 #include <lightningd/opening/gen_opening_status_wire.h>
@ -32,20 +31,6 @@
 #define REQ_FD STDIN_FILENO
 #define PEER_FD 3

-struct points {
-	struct pubkey funding_pubkey;
-	struct pubkey revocation_basepoint;
-	struct pubkey payment_basepoint;
-	struct pubkey delayed_payment_basepoint;
-};
-
-struct secrets {
-	struct privkey funding_privkey;
-	struct privkey revocation_basepoint_secret;
-	struct privkey payment_basepoint_secret;
-	struct privkey delayed_payment_basepoint_secret;
-};
-
 struct state {
 	struct crypto_state cs;
 	struct pubkey next_per_commit[NUM_SIDES];
@ -70,62 +55,6 @@ struct state {
 	struct channel *channel;
 };

-static void derive_our_basepoints(const struct privkey *seed,
-				  struct points *points,
-				  struct secrets *secrets,
-				  struct sha256 *shaseed,
-				  struct pubkey *first_per_commit)
-{
-	struct sha256 per_commit_secret;
-	struct keys {
-		struct privkey f, r, p, d;
-		struct sha256 shaseed;
-	} keys;
-
-	hkdf_sha256(&keys, sizeof(keys), NULL, 0, seed, sizeof(*seed),
-		    "c-lightning", strlen("c-lightning"));
-
-	secrets->funding_privkey = keys.f;
-	secrets->revocation_basepoint_secret = keys.r;
-	secrets->payment_basepoint_secret = keys.p;
-	secrets->delayed_payment_basepoint_secret = keys.d;
-
-	if (!pubkey_from_privkey(&keys.f, &points->funding_pubkey)
-	    || !pubkey_from_privkey(&keys.r, &points->revocation_basepoint)
-	    || !pubkey_from_privkey(&keys.p, &points->payment_basepoint)
-	    || !pubkey_from_privkey(&keys.d, &points->delayed_payment_basepoint))
-		status_failed(WIRE_OPENING_KEY_DERIVATION_FAILED,
-			      "seed = %s",
-			      type_to_string(trc, struct privkey, seed));
-
-	/* BOLT #3:
-	 *
-	 * A node MUST select an unguessable 256-bit seed for each connection,
-	 * and MUST NOT reveal the seed.
-	 */
-	*shaseed = keys.shaseed;
-
-	/* BOLT #3:
-	 *
-	 * the first secret used MUST be index 281474976710655, and then the
-	 * index decremented. */
-	shachain_from_seed(shaseed, 281474976710655ULL, &per_commit_secret);
-
-	/* BOLT #3:
-	 *
-	 * The `per-commitment-point` is generated using EC multiplication:
-	 *
-	 * 	per-commitment-point = per-commitment-secret * G
-	 */
-	if (secp256k1_ec_pubkey_create(secp256k1_ctx,
-				       &first_per_commit->pubkey,
-				       per_commit_secret.u.u8) != 1)
-		status_failed(WIRE_OPENING_KEY_DERIVATION_FAILED,
-			      "first_per_commit create failed, secret = %s",
-			      type_to_string(trc, struct sha256,
-					     &per_commit_secret));
-}
-
 static void check_config_bounds(struct state *state,
 				const struct channel_config *remoteconf)
 {
@ -287,13 +216,16 @@ static void temporary_channel_id(struct channel_id *channel_id)
 		channel_id->id[i] = pseudorand(256);
 }

-static u8 *open_channel(struct state *state, const struct points *ours,
+static u8 *open_channel(struct state *state,
+			const struct pubkey *our_funding_pubkey,
+			const struct basepoints *ours,
 			u32 max_minimum_depth)
 {
 	struct channel_id channel_id, id_in;
 	u8 *msg;
 	struct bitcoin_tx *tx;
-	struct points theirs;
+	struct basepoints theirs;
+	struct pubkey their_funding_pubkey;
 	secp256k1_ecdsa_signature sig;

 	set_reserve(&state->localconf.channel_reserve_satoshis,
@ -327,10 +259,10 @@ static u8 *open_channel(struct state *state, const struct points *ours,
 				  state->feerate_per_kw,
 				  state->localconf.to_self_delay,
 				  state->localconf.max_accepted_htlcs,
-				  &ours->funding_pubkey,
-				  &ours->revocation_basepoint,
-				  &ours->payment_basepoint,
-				  &ours->delayed_payment_basepoint,
+				  our_funding_pubkey,
+				  &ours->revocation,
+				  &ours->payment,
+				  &ours->delayed_payment,
 				  &state->next_per_commit[LOCAL]);
 	if (!sync_crypto_write(&state->cs, PEER_FD, msg))
 		peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_WRITE_FAILED,
@ -360,10 +292,10 @@ static u8 *open_channel(struct state *state, const struct points *ours,
 				     &state->remoteconf->htlc_minimum_msat,
 				     &state->remoteconf->to_self_delay,
 				     &state->remoteconf->max_accepted_htlcs,
-				     &theirs.funding_pubkey,
-				     &theirs.revocation_basepoint,
-				     &theirs.payment_basepoint,
-				     &theirs.delayed_payment_basepoint,
+				     &their_funding_pubkey,
+				     &theirs.revocation,
+				     &theirs.payment,
+				     &theirs.delayed_payment,
 				     &state->next_per_commit[REMOTE]))
 		peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_READ_FAILED,
 			      "Parsing accept_channel %s", tal_hex(msg, msg));
@ -393,8 +325,8 @@ static u8 *open_channel(struct state *state, const struct points *ours,
 	check_config_bounds(state, state->remoteconf);

 	/* Now, ask master create a transaction to pay those two addresses. */
-	msg = towire_opening_open_resp(state, &ours->funding_pubkey,
-				       &theirs.funding_pubkey);
+	msg = towire_opening_open_resp(state, our_funding_pubkey,
+				       &their_funding_pubkey);
 	wire_sync_write(REQ_FD, msg);

 	/* Expect funding tx. */
@ -408,20 +340,15 @@ static u8 *open_channel(struct state *state, const struct points *ours,
 			    tal_hex(trc, msg));

 	state->channel = new_channel(state,
-				      &state->funding_txid,
-				      state->funding_txout,
-				      state->funding_satoshis,
-				      state->push_msat,
-				      state->feerate_per_kw,
-				      &state->localconf,
-				      state->remoteconf,
-				      &ours->revocation_basepoint,
-				      &theirs.revocation_basepoint,
-				      &ours->payment_basepoint,
-				      &theirs.payment_basepoint,
-				      &ours->delayed_payment_basepoint,
-				      &theirs.delayed_payment_basepoint,
-				      LOCAL);
+				     &state->funding_txid,
+				     state->funding_txout,
+				     state->funding_satoshis,
+				     state->push_msat,
+				     state->feerate_per_kw,
+				     &state->localconf,
+				     state->remoteconf,
+				     ours, &theirs,
+				     LOCAL);
 	if (!state->channel)
 		peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_BAD_PARAM,
 			      "could not create channel with given config");
@ -437,12 +364,12 @@ static u8 *open_channel(struct state *state, const struct points *ours,
 	tx = channel_tx(state, state->channel,
 			&state->next_per_commit[REMOTE], NULL, REMOTE);
 	sig = sign_remote_commit(state,
-				 &ours->funding_pubkey, &theirs.funding_pubkey,
+				 our_funding_pubkey, &their_funding_pubkey,
 				 tx);
 	status_trace("signature %s on tx %s using key %s",
 		     type_to_string(trc, secp256k1_ecdsa_signature, &sig),
 		     type_to_string(trc, struct bitcoin_tx, tx),
-		     type_to_string(trc, struct pubkey, &ours->funding_pubkey));
+		     type_to_string(trc, struct pubkey, our_funding_pubkey));

 	msg = towire_funding_created(state, &channel_id,
 				     &state->funding_txid.sha,
@ -494,15 +421,15 @@ static u8 *open_channel(struct state *state, const struct points *ours,
 	tx = channel_tx(state, state->channel,
 		       &state->next_per_commit[LOCAL], NULL, LOCAL);

-	if (!check_commit_sig(state, &ours->funding_pubkey,
-			      &theirs.funding_pubkey, tx, &sig))
+	if (!check_commit_sig(state, our_funding_pubkey,
+			      &their_funding_pubkey, tx, &sig))
 		peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_READ_FAILED,
 			      "Bad signature %s on tx %s using key %s",
 			      type_to_string(trc, secp256k1_ecdsa_signature,
 					     &sig),
 			      type_to_string(trc, struct bitcoin_tx, tx),
 			      type_to_string(trc, struct pubkey,
-					     &theirs.funding_pubkey));
+					     &their_funding_pubkey));

 	/* BOLT #2:
 	 *
@ -513,19 +440,22 @@ static u8 *open_channel(struct state *state, const struct points *ours,
 						state->remoteconf,
 						&sig,
 						&state->cs,
-						&theirs.revocation_basepoint,
-						&theirs.payment_basepoint,
-						&theirs.delayed_payment_basepoint,
+						&theirs.revocation,
+						&theirs.payment,
+						&theirs.delayed_payment,
 						&state->next_per_commit[REMOTE]);
 }

 /* This is handed the message the peer sent which caused gossip to stop:
 * it should be an open_channel */
-static u8 *recv_channel(struct state *state, const struct points *ours,
+static u8 *recv_channel(struct state *state,
+			const struct pubkey *our_funding_pubkey,
+			const struct basepoints *ours,
 			u32 min_feerate, u32 max_feerate, const u8 *peer_msg)
 {
 	struct channel_id id_in, channel_id;
-	struct points theirs;
+	struct basepoints theirs;
+	struct pubkey their_funding_pubkey;
 	secp256k1_ecdsa_signature theirsig, sig;
 	struct bitcoin_tx *tx;
 	u8 *msg;
@ -548,10 +478,10 @@ static u8 *recv_channel(struct state *state, const struct points *ours,
 				   &state->feerate_per_kw,
 				   &state->remoteconf->to_self_delay,
 				   &state->remoteconf->max_accepted_htlcs,
-				   &theirs.funding_pubkey,
-				   &theirs.revocation_basepoint,
-				   &theirs.payment_basepoint,
-				   &theirs.delayed_payment_basepoint,
+				   &their_funding_pubkey,
+				   &theirs.revocation,
+				   &theirs.payment,
+				   &theirs.delayed_payment,
 				   &state->next_per_commit[REMOTE]))
 		peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_BAD_INITIAL_MESSAGE,
 			      "Parsing open_channel %s",
@ -605,10 +535,10 @@ static u8 *recv_channel(struct state *state, const struct points *ours,
 				    state->localconf.htlc_minimum_msat,
 				    state->localconf.to_self_delay,
 				    state->localconf.max_accepted_htlcs,
-				    &ours->funding_pubkey,
-				    &ours->revocation_basepoint,
-				    &ours->payment_basepoint,
-				    &ours->delayed_payment_basepoint,
+				    our_funding_pubkey,
+				    &ours->revocation,
+				    &ours->payment,
+				    &ours->delayed_payment,
 				    &state->next_per_commit[LOCAL]);

 	if (!sync_crypto_write(&state->cs, PEER_FD, msg))
@ -638,20 +568,15 @@ static u8 *recv_channel(struct state *state, const struct points *ours,
 			    type_to_string(msg, struct channel_id, &id_in));

 	state->channel = new_channel(state,
-				      &state->funding_txid,
-				      state->funding_txout,
-				      state->funding_satoshis,
-				      state->push_msat,
-				      state->feerate_per_kw,
-				      &state->localconf,
-				      state->remoteconf,
-				      &ours->revocation_basepoint,
-				      &theirs.revocation_basepoint,
-				      &ours->payment_basepoint,
-				      &theirs.payment_basepoint,
-				      &ours->delayed_payment_basepoint,
-				      &theirs.delayed_payment_basepoint,
-				      REMOTE);
+				     &state->funding_txid,
+				     state->funding_txout,
+				     state->funding_satoshis,
+				     state->push_msat,
+				     state->feerate_per_kw,
+				     &state->localconf,
+				     state->remoteconf,
+				     ours, &theirs,
+				     REMOTE);
 	if (!state->channel)
 		peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_BAD_PARAM,
 			      "could not create channel with given config");
@ -677,15 +602,15 @@ static u8 *recv_channel(struct state *state, const struct points *ours,
 	tx = channel_tx(state, state->channel,
 			&state->next_per_commit[LOCAL], NULL, LOCAL);

-	if (!check_commit_sig(state, &ours->funding_pubkey,
-			      &theirs.funding_pubkey, tx, &theirsig))
+	if (!check_commit_sig(state, our_funding_pubkey,
+			      &their_funding_pubkey, tx, &theirsig))
 		peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_READ_FAILED,
 			      "Bad signature %s on tx %s using key %s",
 			      type_to_string(trc, secp256k1_ecdsa_signature,
 					     &theirsig),
 			      type_to_string(trc, struct bitcoin_tx, tx),
 			      type_to_string(trc, struct pubkey,
-					     &theirs.funding_pubkey));
+					     &their_funding_pubkey));

 	/* BOLT #2:
 	 *
@ -709,7 +634,7 @@ static u8 *recv_channel(struct state *state, const struct points *ours,
 	tx = channel_tx(state, state->channel,
 			&state->next_per_commit[REMOTE], NULL, REMOTE);
 	sig = sign_remote_commit(state,
-				 &ours->funding_pubkey, &theirs.funding_pubkey,
+				 our_funding_pubkey, &their_funding_pubkey,
 				 tx);

 	msg = towire_funding_signed(state, &channel_id, &sig);
@ -722,10 +647,10 @@ static u8 *recv_channel(struct state *state, const struct points *ours,
 						 state->remoteconf,
 						 &theirsig,
 						 &state->cs,
-						 &theirs.funding_pubkey,
-						 &theirs.revocation_basepoint,
-						 &theirs.payment_basepoint,
-						 &theirs.delayed_payment_basepoint,
+						 &their_funding_pubkey,
+						 &theirs.revocation,
+						 &theirs.payment,
+						 &theirs.delayed_payment,
 						 &state->next_per_commit[REMOTE]);
 }

@ -735,7 +660,8 @@ int main(int argc, char *argv[])
 	u8 *msg, *peer_msg;
 	struct state *state = tal(NULL, struct state);
 	struct privkey seed;
-	struct points our_points;
+	struct basepoints our_points;
+	struct pubkey our_funding_pubkey;
 	u32 max_minimum_depth;
 	u32 min_feerate, max_feerate;

@ -766,19 +692,25 @@ int main(int argc, char *argv[])
 	tal_free(msg);

 	/* We derive everything from the one secret seed. */
-	derive_our_basepoints(&seed, &our_points, &state->our_secrets,
-			      &state->shaseed, &state->next_per_commit[LOCAL]);
+	if (!derive_basepoints(&seed, &our_funding_pubkey,
+			       &our_points, &state->our_secrets,
+			       &state->shaseed, &state->next_per_commit[LOCAL],
+			       0))
+		status_failed(WIRE_OPENING_KEY_DERIVATION_FAILED,
+			      "Secret derivation failed, secret = %s",
+			      type_to_string(trc, struct privkey, &seed));

 	msg = wire_sync_read(state, REQ_FD);
 	if (fromwire_opening_open(msg, NULL,
 				  &state->funding_satoshis,
 				  &state->push_msat,
 				  &state->feerate_per_kw, &max_minimum_depth))
-		msg = open_channel(state, &our_points, max_minimum_depth);
+		msg = open_channel(state, &our_funding_pubkey, &our_points,
+				   max_minimum_depth);
 	else if (fromwire_opening_accept(state, msg, NULL, &min_feerate,
 					 &max_feerate, &peer_msg))
-		msg = recv_channel(state, &our_points, min_feerate, max_feerate,
-				   peer_msg);
+		msg = recv_channel(state, &our_funding_pubkey, &our_points,
+				   min_feerate, max_feerate, peer_msg);

 	/* Write message and hand back the fd. */
 	wire_sync_write(REQ_FD, msg);
--- a/lightningd/test/run-channel.c
+++ b/lightningd/test/run-channel.c
@ -264,9 +264,8 @@ int main(void)
 	struct pubkey localkey, remotekey;
 	struct pubkey local_delayedkey;
 	struct pubkey local_revocation_key;
-	struct pubkey local_revocation_basepoint, local_delayed_payment_basepoint,
-		local_payment_basepoint, remote_payment_basepoint,
-		local_per_commitment_point;
+	struct pubkey local_per_commitment_point;
+	struct basepoints localbase, remotebase;
 	struct pubkey *unknown = tal(tmpctx, struct pubkey);
 	struct bitcoin_tx *raw_tx, *tx;
 	struct channel_config *local_config = tal(tmpctx, struct channel_config);
@ -330,8 +329,8 @@ int main(void)
 	 * # From local_delayed_payment_basepoint_secret
 	 * INTERNAL: local_delayed_payment_basepoint: 023c72addb4fdf09af94f0c94d7fe92a386a7e70cf8a1d85916386bb2535c7b1b1
 	*/
-	local_revocation_basepoint = pubkey_from_hex("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27");
-	local_delayed_payment_basepoint = pubkey_from_hex("023c72addb4fdf09af94f0c94d7fe92a386a7e70cf8a1d85916386bb2535c7b1b1");
+	localbase.revocation = pubkey_from_hex("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27");
+	localbase.delayed_payment = pubkey_from_hex("023c72addb4fdf09af94f0c94d7fe92a386a7e70cf8a1d85916386bb2535c7b1b1");

 	/* BOLT #3:
 	 *
@ -339,8 +338,12 @@ int main(void)
 	 * remote_payment_basepoint: 032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991
 	 * # obscured commitment transaction number = 0x2bb038521914 ^ 42
 	 */
-	local_payment_basepoint = pubkey_from_hex("034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa");
-	remote_payment_basepoint = pubkey_from_hex("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991");
+	localbase.payment = pubkey_from_hex("034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa");
+	remotebase.payment = pubkey_from_hex("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991");
+
+	/* We put unknown in for some things; valgrind will warn if used. */
+	remotebase.revocation = *unknown;
+	remotebase.delayed_payment = *unknown;

 	/* BOLT #3:
 	 *
@ -350,7 +353,6 @@ int main(void)
 	 *    feerate_per_kw: 15000
 	 */

-	/* We put unknown in for some things; valgrind will warn if used. */
 	to_local_msat = 7000000000;
 	to_remote_msat = 3000000000;
 	feerate_per_kw = 15000;
@ -359,12 +361,7 @@ int main(void)
 			       feerate_per_kw,
 			       local_config,
 			       remote_config,
-			       &local_revocation_basepoint,
-			       unknown,
-			       &local_payment_basepoint,
-			       &remote_payment_basepoint,
-			       &local_delayed_payment_basepoint,
-			       unknown,
+			       &localbase, &remotebase,
 			       LOCAL);

 	rchannel = new_channel(tmpctx, &funding_txid, funding_output_index,
@ -372,12 +369,7 @@ int main(void)
 			       feerate_per_kw,
 			       remote_config,
 			       local_config,
-			       unknown,
-			       &local_revocation_basepoint,
-			       &remote_payment_basepoint,
-			       &local_payment_basepoint,
-			       unknown,
-			       &local_delayed_payment_basepoint,
+			       &remotebase, &localbase,
 			       REMOTE);
 	/* BOLT #3:
 	 *