keyset: abstraction over what keys we need for a specific commitment.

onchaind will need to do similar logic to channeld, so this allows them
to share much more code.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell 2017-08-18 14:13:53 +09:30
parent af9d763763
commit 4bfaaef408
9 changed files with 214 additions and 138 deletions

View File

@ -53,6 +53,7 @@ LIGHTNINGD_LIB_SRC := \
lightningd/htlc_tx.c \
lightningd/htlc_wire.c \
lightningd/key_derive.c \
lightningd/keyset.c \
lightningd/msg_queue.c \
lightningd/peer_failed.c \
lightningd/ping.c \

View File

@ -15,6 +15,7 @@
#include <lightningd/htlc_tx.h>
#include <lightningd/htlc_wire.h>
#include <lightningd/key_derive.h>
#include <lightningd/keyset.h>
#include <lightningd/status.h>
#include <string.h>
@ -193,10 +194,7 @@ static void add_htlcs(struct bitcoin_tx ***txs,
const u8 ***wscripts,
const struct htlc **htlcmap,
const struct channel *channel,
const struct pubkey *side_payment_key,
const struct pubkey *other_payment_key,
const struct pubkey *side_revocation_key,
const struct pubkey *side_delayed_payment_key,
const struct keyset *keyset,
enum side side)
{
size_t i, n;
@ -218,27 +216,27 @@ static void add_htlcs(struct bitcoin_tx ***txs,
tx = htlc_timeout_tx(*txs, &txid, i,
htlc,
to_self_delay(channel, side),
side_revocation_key,
side_delayed_payment_key,
&keyset->self_revocation_key,
&keyset->self_delayed_payment_key,
feerate_per_kw);
wscript = bitcoin_wscript_htlc_offer(*wscripts,
side_payment_key,
other_payment_key,
&htlc->rhash,
side_revocation_key);
&keyset->self_payment_key,
&keyset->other_payment_key,
&htlc->rhash,
&keyset->self_revocation_key);
} else {
tx = htlc_success_tx(*txs, &txid, i,
htlc,
to_self_delay(channel, side),
side_revocation_key,
side_delayed_payment_key,
&keyset->self_revocation_key,
&keyset->self_delayed_payment_key,
feerate_per_kw);
wscript = bitcoin_wscript_htlc_receive(*wscripts,
&htlc->expiry,
side_payment_key,
other_payment_key,
&htlc->rhash,
side_revocation_key);
&htlc->expiry,
&keyset->self_payment_key,
&keyset->other_payment_key,
&htlc->rhash,
&keyset->self_revocation_key);
}
/* Append to array. */
@ -263,31 +261,14 @@ struct bitcoin_tx **channel_txs(const tal_t *ctx,
{
struct bitcoin_tx **txs;
const struct htlc **committed;
/* Payment keys for @side and !@side */
struct pubkey side_payment_key, other_payment_key;
/* Delayed payment key for @side */
struct pubkey side_delayed_payment_key;
/* Revocation payment key for @side */
struct pubkey side_revocation_key;
struct keyset keyset;
if (!derive_simple_key(&channel->basepoints[side].payment,
per_commitment_point,
&side_payment_key))
return NULL;
if (!derive_simple_key(&channel->basepoints[!side].payment,
per_commitment_point,
&other_payment_key))
return NULL;
if (!derive_simple_key(&channel->basepoints[side].delayed_payment,
per_commitment_point,
&side_delayed_payment_key))
return NULL;
if (!derive_revocation_key(&channel->basepoints[!side].revocation,
per_commitment_point,
&side_revocation_key))
if (!derive_keyset(per_commitment_point,
&channel->basepoints[side].payment,
&channel->basepoints[!side].payment,
&channel->basepoints[side].delayed_payment,
&channel->basepoints[!side].revocation,
&keyset))
return NULL;
/* Figure out what @side will already be committed to. */
@ -303,10 +284,7 @@ struct bitcoin_tx **channel_txs(const tal_t *ctx,
channel->funding_msat / 1000,
channel->funder,
to_self_delay(channel, side),
&side_revocation_key,
&side_delayed_payment_key,
&side_payment_key,
&other_payment_key,
&keyset,
channel->view[side].feerate_per_kw,
dust_limit_satoshis(channel, side),
channel->view[side].owed_msat[side],
@ -322,10 +300,7 @@ struct bitcoin_tx **channel_txs(const tal_t *ctx,
&channel->funding_pubkey[!side]);
if (htlcmap)
add_htlcs(&txs, wscripts, *htlcmap, channel,
&side_payment_key, &other_payment_key,
&side_revocation_key, &side_delayed_payment_key,
side);
add_htlcs(&txs, wscripts, *htlcmap, channel, &keyset, side);
tal_free(committed);
return txs;

View File

@ -1,8 +1,8 @@
#include <bitcoin/pubkey.h>
#include <bitcoin/script.h>
#include <bitcoin/tx.h>
#include <ccan/endian/endian.h>
#include <lightningd/commit_tx.h>
#include <lightningd/keyset.h>
#include <permute_tx.h>
#include <utils.h>
@ -144,16 +144,26 @@ u64 commit_tx_base_fee(u64 feerate_per_kw, size_t num_untrimmed_htlcs)
return feerate_per_kw * weight / 1000;
}
u8 *htlc_offered_wscript(const tal_t *ctx,
const struct ripemd160 *ripemd,
const struct keyset *keyset)
{
return bitcoin_wscript_htlc_offer_ripemd160(ctx,
&keyset->self_payment_key,
&keyset->other_payment_key,
ripemd,
&keyset->self_revocation_key);
}
static void add_offered_htlc_out(struct bitcoin_tx *tx, size_t n,
const struct htlc *htlc,
const struct pubkey *selfkey,
const struct pubkey *otherkey,
const struct pubkey *revocationkey)
const struct keyset *keyset)
{
u8 *wscript = bitcoin_wscript_htlc_offer(tx,
selfkey, otherkey,
&htlc->rhash,
revocationkey);
struct ripemd160 ripemd;
u8 *wscript;
ripemd160(&ripemd, htlc->rhash.u.u8, sizeof(htlc->rhash.u.u8));
wscript = htlc_offered_wscript(tx->output, &ripemd, keyset);
tx->output[n].amount = htlc->msatoshi / 1000;
tx->output[n].script = scriptpubkey_p2wsh(tx, wscript);
SUPERVERBOSE("# HTLC %"PRIu64" offered amount %"PRIu64" wscript %s\n",
@ -161,16 +171,28 @@ static void add_offered_htlc_out(struct bitcoin_tx *tx, size_t n,
tal_free(wscript);
}
u8 *htlc_received_wscript(const tal_t *ctx,
const struct ripemd160 *ripemd,
const struct abs_locktime *expiry,
const struct keyset *keyset)
{
return bitcoin_wscript_htlc_receive_ripemd(ctx,
expiry,
&keyset->self_payment_key,
&keyset->other_payment_key,
ripemd,
&keyset->self_revocation_key);
}
static void add_received_htlc_out(struct bitcoin_tx *tx, size_t n,
const struct htlc *htlc,
const struct pubkey *selfkey,
const struct pubkey *otherkey,
const struct pubkey *revocationkey)
const struct keyset *keyset)
{
u8 *wscript = bitcoin_wscript_htlc_receive(tx,
&htlc->expiry,
selfkey, otherkey,
&htlc->rhash, revocationkey);
struct ripemd160 ripemd;
u8 *wscript;
ripemd160(&ripemd, htlc->rhash.u.u8, sizeof(htlc->rhash.u.u8));
wscript = htlc_received_wscript(tx, &ripemd, &htlc->expiry, keyset);
tx->output[n].amount = htlc->msatoshi / 1000;
tx->output[n].script = scriptpubkey_p2wsh(tx->output, wscript);
SUPERVERBOSE("# HTLC %"PRIu64" received amount %"PRIu64" wscript %s\n",
@ -178,16 +200,22 @@ static void add_received_htlc_out(struct bitcoin_tx *tx, size_t n,
tal_free(wscript);
}
u8 *to_self_wscript(const tal_t *ctx,
u16 to_self_delay,
const struct keyset *keyset)
{
return bitcoin_wscript_to_local(ctx, to_self_delay,
&keyset->self_revocation_key,
&keyset->self_delayed_payment_key);
}
struct bitcoin_tx *commit_tx(const tal_t *ctx,
const struct sha256_double *funding_txid,
unsigned int funding_txout,
u64 funding_satoshis,
enum side funder,
u16 to_self_delay,
const struct pubkey *revocation_pubkey,
const struct pubkey *self_delayedkey,
const struct pubkey *selfkey,
const struct pubkey *otherkey,
const struct keyset *keyset,
u64 feerate_per_kw,
u64 dust_limit_satoshis,
u64 self_pay_msat,
@ -270,8 +298,7 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
continue;
if (trim(htlcs[i], feerate_per_kw, dust_limit_satoshis, side))
continue;
add_offered_htlc_out(tx, n, htlcs[i], selfkey, otherkey,
revocation_pubkey);
add_offered_htlc_out(tx, n, htlcs[i], keyset);
if (htlcmap)
(*htlcmap)[n++] = htlcs[i];
}
@ -286,8 +313,7 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
continue;
if (trim(htlcs[i], feerate_per_kw, dust_limit_satoshis, side))
continue;
add_received_htlc_out(tx, n, htlcs[i],selfkey, otherkey,
revocation_pubkey);
add_received_htlc_out(tx, n, htlcs[i], keyset);
if (htlcmap)
(*htlcmap)[n++] = htlcs[i];
}
@ -299,10 +325,7 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
* Output](#to-local-output).
*/
if (self_pay_msat / 1000 >= dust_limit_satoshis) {
u8 *wscript = bitcoin_wscript_to_local(tmpctx,
to_self_delay,
revocation_pubkey,
self_delayedkey);
u8 *wscript = to_self_wscript(tmpctx, to_self_delay,keyset);
tx->output[n].amount = self_pay_msat / 1000;
tx->output[n].script = scriptpubkey_p2wsh(tx, wscript);
if (htlcmap)
@ -328,12 +351,14 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
* P2WPKH to `remotekey`.
*/
tx->output[n].amount = other_pay_msat / 1000;
tx->output[n].script = scriptpubkey_p2wpkh(tx, otherkey);
tx->output[n].script = scriptpubkey_p2wpkh(tx,
&keyset->other_payment_key);
if (htlcmap)
(*htlcmap)[n] = NULL;
SUPERVERBOSE("# to-remote amount %"PRIu64" P2WPKH(%s)\n",
tx->output[n].amount,
type_to_string(tmpctx, struct pubkey, otherkey));
type_to_string(tmpctx, struct pubkey,
&keyset->other_payment_key));
n++;
}

View File

@ -1,9 +1,10 @@
#ifndef LIGHTNING_LIGHTNINGD_COMMIT_TX_H
#define LIGHTNING_LIGHTNINGD_COMMIT_TX_H
#include "config.h"
#include <bitcoin/pubkey.h>
#include <daemon/htlc.h>
struct pubkey;
struct keyset;
struct sha256_double;
/* BOLT #3:
@ -42,10 +43,7 @@ u64 commit_tx_base_fee(u64 feerate_per_kw, size_t num_untrimmed_htlcs);
* @ctx: context to allocate transaction and @htlc_map from.
* @funding_txid, @funding_out, @funding_satoshis: funding outpoint.
* @funder: is the LOCAL or REMOTE paying the fee?
* @revocation_pubkey: revocation pubkey for this @side
* @self_delayedey: pubkey for delayed payments to this @side
* @selfkey: pubkey for HTLC payments to this @side
* @otherkey: pubkey for direct and HTLC payments to other side @side
* @keyset: keys derived for this commit tx.
* @feerate_per_kw: feerate to use
* @dust_limit_satoshis: dust limit below which to trim outputs.
* @self_pay_msat: amount to pay directly to self
@ -65,10 +63,7 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
u64 funding_satoshis,
enum side funder,
u16 to_self_delay,
const struct pubkey *revocation_pubkey,
const struct pubkey *self_delayedkey,
const struct pubkey *selfkey,
const struct pubkey *otherkey,
const struct keyset *keyset,
u64 feerate_per_kw,
u64 dust_limit_satoshis,
u64 self_pay_msat,
@ -77,4 +72,28 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
const struct htlc ***htlcmap,
u64 obscured_commitment_number,
enum side side);
/* Generate the witness script for an HTLC the other side offered:
* scriptpubkey_p2wsh(ctx, wscript) gives the scriptpubkey */
u8 *htlc_received_wscript(const tal_t *ctx,
const struct ripemd160 *ripemd,
const struct abs_locktime *expiry,
const struct keyset *keyset);
/* Generate the witness script for an HTLC this side offered:
* scriptpubkey_p2wsh(ctx, wscript) gives the scriptpubkey */
u8 *htlc_offered_wscript(const tal_t *ctx,
const struct ripemd160 *ripemd,
const struct keyset *keyset);
/* Generate the witness script for the to-self output:
* scriptpubkey_p2wsh(ctx, wscript) gives the scriptpubkey */
u8 *to_self_wscript(const tal_t *ctx,
u16 to_self_delay,
const struct keyset *keyset);
/* To-other is simply: scriptpubkey_p2wpkh(tx, keyset->other_payment_key) */
#endif /* LIGHTNING_LIGHTNINGD_COMMIT_TX_H */

View File

@ -1,8 +1,11 @@
#ifndef LIGHTNING_LIGHTNINGD_KEY_DERIVE_H
#define LIGHTNING_LIGHTNINGD_KEY_DERIVE_H
#include "config.h"
#include <ccan/short_types/short_types.h>
#include <stdbool.h>
struct pubkey;
struct privkey;
struct secret;
/* For `localkey`, `remotekey`, `local-delayedkey` and `remote-delayedkey` */

61
lightningd/keyset.c Normal file
View File

@ -0,0 +1,61 @@
#include <lightningd/key_derive.h>
#include <lightningd/keyset.h>
bool derive_keyset(const struct pubkey *per_commitment_point,
const struct pubkey *self_payment_basepoint,
const struct pubkey *other_payment_basepoint,
const struct pubkey *self_delayed_basepoint,
const struct pubkey *other_revocation_basepoint,
struct keyset *keyset)
{
/* BOLT #3:
*
* ### `localkey`, `remotekey`, `local_delayedkey` and
* `remote_delayedkey` Derivation
*
* These keys are simply generated by addition from their base points:
*
* pubkey = basepoint + SHA256(per_commitment_point || basepoint)*G
*
* The `localkey` uses the local node's `payment_basepoint`,
* `remotekey` uses the remote node's `payment_basepoint`, the
* `local_delayedkey` uses the local node's
* `delayed_payment_basepoint`, and the `remote_delayedkey` uses the
* remote node's `delayed_payment_basepoint`.
*/
if (!derive_simple_key(self_payment_basepoint,
per_commitment_point,
&keyset->self_payment_key))
return false;
if (!derive_simple_key(other_payment_basepoint,
per_commitment_point,
&keyset->other_payment_key))
return false;
if (!derive_simple_key(self_delayed_basepoint,
per_commitment_point,
&keyset->self_delayed_payment_key))
return NULL;
/* BOLT #3:
*
* ### `revocationkey` Derivation
*
* The `revocationkey` is a blinded key: when a node wishes to create
* a new commitment for a remote node, it uses its own
* `revocation_basepoint` and the remote node's `per_commitment_point`
* to derive a new `revocationkey` for the commitment.
*
* per_commitment_point... is used to derive the revocation key from
* the remote node's `revocation_basepoint`:
*
* revocationkey = revocation_basepoint * SHA256(revocation_basepoint || per_commitment_point) + per_commitment_point*SHA256(per_commitment_point || revocation_basepoint)
*/
if (!derive_revocation_key(other_revocation_basepoint,
per_commitment_point,
&keyset->self_revocation_key))
return false;
return true;
}

20
lightningd/keyset.h Normal file
View File

@ -0,0 +1,20 @@
#ifndef LIGHTNING_LIGHTNINGD_KEYSET_H
#define LIGHTNING_LIGHTNINGD_KEYSET_H
#include "config.h"
#include <bitcoin/pubkey.h>
#include <stdbool.h>
/* Keys needed to derive a particular commitment tx. */
struct keyset {
struct pubkey self_revocation_key;
struct pubkey self_delayed_payment_key;
struct pubkey self_payment_key, other_payment_key;
};
bool derive_keyset(const struct pubkey *per_commitment_point,
const struct pubkey *self_payment_basepoint,
const struct pubkey *other_payment_basepoint,
const struct pubkey *self_delayed_basepoint,
const struct pubkey *other_revocation_basepoint,
struct keyset *keyset);
#endif /* LIGHTNING_LIGHTNINGD_KEYSET_H */

View File

@ -4,6 +4,7 @@
printf(fmt "\n" , ## __VA_ARGS__)
#include "../key_derive.c"
#include "../keyset.c"
#include "../channel.c"
#include "../commit_tx.c"
#include "../htlc_tx.c"
@ -303,10 +304,8 @@ int main(void)
struct channel *lchannel, *rchannel;
u64 funding_amount_satoshi, feerate_per_kw;
unsigned int funding_output_index;
struct pubkey localkey, remotekey;
struct keyset keyset;
struct pubkey local_funding_pubkey, remote_funding_pubkey;
struct pubkey local_delayedkey;
struct pubkey local_revocation_key;
struct pubkey local_per_commitment_point;
struct basepoints localbase, remotebase;
struct pubkey *unknown = tal(tmpctx, struct pubkey);
@ -446,18 +445,15 @@ int main(void)
* local_delayedkey: 03fd5960528dc152014952efdb702a88f71e3c1653b2314431701ec77e57fde83c
* local_revocation_key: 0212a140cd0c6539d07cd08dfe09984dec3251ea808b892efeac3ede9402bf2b19
*/
localkey = pubkey_from_hex("030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e7");
remotekey = pubkey_from_hex("0394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b");
local_delayedkey = pubkey_from_hex("03fd5960528dc152014952efdb702a88f71e3c1653b2314431701ec77e57fde83c");
local_revocation_key = pubkey_from_hex("0212a140cd0c6539d07cd08dfe09984dec3251ea808b892efeac3ede9402bf2b19");
keyset.self_payment_key = pubkey_from_hex("030d417a46946384f88d5f3337267c5e579765875dc4daca813e21734b140639e7");
keyset.other_payment_key = pubkey_from_hex("0394854aa6eab5b2a8122cc726e9dded053a2184d88256816826d6231c068d4a5b");
keyset.self_delayed_payment_key = pubkey_from_hex("03fd5960528dc152014952efdb702a88f71e3c1653b2314431701ec77e57fde83c");
keyset.self_revocation_key = pubkey_from_hex("0212a140cd0c6539d07cd08dfe09984dec3251ea808b892efeac3ede9402bf2b19");
raw_tx = commit_tx(tmpctx, &funding_txid, funding_output_index,
funding_amount_satoshi,
LOCAL, remote_config->to_self_delay,
&local_revocation_key,
&local_delayedkey,
&localkey,
&remotekey,
&keyset,
feerate_per_kw,
local_config->dust_limit_satoshis,
to_local_msat,
@ -575,10 +571,7 @@ int main(void)
raw_tx = commit_tx(tmpctx, &funding_txid, funding_output_index,
funding_amount_satoshi,
LOCAL, remote_config->to_self_delay,
&local_revocation_key,
&local_delayedkey,
&localkey,
&remotekey,
&keyset,
feerate_per_kw,
local_config->dust_limit_satoshis,
to_local_msat,

View File

@ -443,6 +443,7 @@ int main(void)
struct pubkey local_delayedkey;
struct pubkey remote_revocation_key;
struct bitcoin_tx *tx, *tx2;
struct keyset keyset;
u8 *wscript;
unsigned int funding_output_index;
u64 commitment_number, cn_obscurer, to_local_msat, to_remote_msat;
@ -673,14 +674,16 @@ int main(void)
"local_feerate_per_kw: %"PRIu64"\n",
to_local_msat, to_remote_msat, feerate_per_kw);
keyset.self_revocation_key = remote_revocation_key;
keyset.self_delayed_payment_key = local_delayedkey;
keyset.self_payment_key = localkey;
keyset.other_payment_key = remotekey;
print_superverbose = true;
tx = commit_tx(tmpctx, &funding_txid, funding_output_index,
funding_amount_satoshi,
LOCAL, to_self_delay,
&remote_revocation_key,
&local_delayedkey,
&localkey,
&remotekey,
&keyset,
feerate_per_kw,
dust_limit_satoshi,
to_local_msat,
@ -691,10 +694,7 @@ int main(void)
tx2 = commit_tx(tmpctx, &funding_txid, funding_output_index,
funding_amount_satoshi,
REMOTE, to_self_delay,
&remote_revocation_key,
&local_delayedkey,
&localkey,
&remotekey,
&keyset,
feerate_per_kw,
dust_limit_satoshi,
to_local_msat,
@ -735,10 +735,7 @@ int main(void)
tx = commit_tx(tmpctx, &funding_txid, funding_output_index,
funding_amount_satoshi,
LOCAL, to_self_delay,
&remote_revocation_key,
&local_delayedkey,
&localkey,
&remotekey,
&keyset,
feerate_per_kw,
dust_limit_satoshi,
to_local_msat,
@ -749,10 +746,7 @@ int main(void)
tx2 = commit_tx(tmpctx, &funding_txid, funding_output_index,
funding_amount_satoshi,
REMOTE, to_self_delay,
&remote_revocation_key,
&local_delayedkey,
&localkey,
&remotekey,
&keyset,
feerate_per_kw,
dust_limit_satoshi,
to_local_msat,
@ -781,10 +775,7 @@ int main(void)
newtx = commit_tx(tmpctx, &funding_txid, funding_output_index,
funding_amount_satoshi,
LOCAL, to_self_delay,
&remote_revocation_key,
&local_delayedkey,
&localkey,
&remotekey,
&keyset,
feerate_per_kw,
dust_limit_satoshi,
to_local_msat,
@ -796,10 +787,7 @@ int main(void)
tx2 = commit_tx(tmpctx, &funding_txid, funding_output_index,
funding_amount_satoshi,
REMOTE, to_self_delay,
&remote_revocation_key,
&local_delayedkey,
&localkey,
&remotekey,
&keyset,
feerate_per_kw,
dust_limit_satoshi,
to_local_msat,
@ -830,10 +818,7 @@ int main(void)
tx = commit_tx(tmpctx, &funding_txid, funding_output_index,
funding_amount_satoshi,
LOCAL, to_self_delay,
&remote_revocation_key,
&local_delayedkey,
&localkey,
&remotekey,
&keyset,
feerate_per_kw-1,
dust_limit_satoshi,
to_local_msat,
@ -867,10 +852,7 @@ int main(void)
newtx = commit_tx(tmpctx, &funding_txid, funding_output_index,
funding_amount_satoshi,
LOCAL, to_self_delay,
&remote_revocation_key,
&local_delayedkey,
&localkey,
&remotekey,
&keyset,
feerate_per_kw,
dust_limit_satoshi,
to_local_msat,
@ -926,10 +908,7 @@ int main(void)
tx = commit_tx(tmpctx, &funding_txid, funding_output_index,
funding_amount_satoshi,
LOCAL, to_self_delay,
&remote_revocation_key,
&local_delayedkey,
&localkey,
&remotekey,
&keyset,
feerate_per_kw,
dust_limit_satoshi,
to_local_msat,