lightningd/derive_basepoints: helper to increment our per_commit_point.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

lightningd/derive_basepoints.c

@@ -1,3 +1,4 @@
+#include <assert.h>
 #include <ccan/crypto/hkdf_sha256/hkdf_sha256.h>
 #include <ccan/crypto/sha256/sha256.h>
 #include <ccan/crypto/shachain/shachain.h>
@@ -59,3 +60,37 @@ bool derive_basepoints(const struct privkey *seed,
 
 	return true;
 }
+
+bool next_per_commit_point(const struct sha256 *shaseed,
+			   struct sha256 *old_commit_secret,
+			   struct pubkey *per_commit_point,
+			   u64 per_commit_index)
+{
+	struct sha256 per_commit_secret;
+
+
+	/* Get old secret. */
+	if (per_commit_index > 0)
+		shachain_from_seed(shaseed, 281474976710655ULL
+				   - (per_commit_index - 1),
+				   old_commit_secret);
+	else
+		assert(old_commit_secret == NULL);
+
+	/* Derive new per-commitment-point. */
+	shachain_from_seed(shaseed, 281474976710655ULL - (per_commit_index + 1),
+			   &per_commit_secret);
+
+	/* BOLT #3:
+	 *
+	 * The `per-commitment-point` is generated using EC multiplication:
+	 *
+	 * 	per-commitment-point = per-commitment-secret * G
+	 */
+	if (secp256k1_ec_pubkey_create(secp256k1_ctx,
+				       &per_commit_point->pubkey,
+				       per_commit_secret.u.u8) != 1)
+		return false;
+
+	return true;
+}

lightningd/derive_basepoints.h

@@ -27,4 +27,10 @@ bool derive_basepoints(const struct privkey *seed,
 		       struct pubkey *per_commit_point,
 		       u64 per_commit_index);
 
+/* Give up secret for index-1, and generate per-commitment point for N+1. */
+bool next_per_commit_point(const struct sha256 *shaseed,
+			   struct sha256 *old_commit_secret,
+			   struct pubkey *per_commit_point,
+			   u64 per_commit_index);
+
 #endif /* LIGHTNING_LIGHTNINGD_DERIVE_BASEPOINTS_H */