bolt: Updated the BOLT specification to a07dc3df3b4611989e3359f28f96c574f7822850

This is mainly just copying over the copy-editing from the lightning-rfc repository. [ Split to just perform changes prior to the UNKNOWN_PAYMENT_HASH change --RR ] Signed-off-by: Christian Decker <decker.christian@gmail.com> Reported-by: Rusty Russell <@rustyrussell>
2025-02-21 14:24:09 +01:00 · 2019-01-14 12:52:05 +10:30 · 2019-01-14 12:52:05 +10:30 · 65054ae72e
commit 65054ae72e
parent 0d5f0d79da
11 changed files with 97 additions and 113 deletions
--- a/2
+++ b/2
@ -15,7 +15,7 @@ CCANDIR := ccan

 # Where we keep the BOLT RFCs
 BOLTDIR := ../lightning-rfc/
-BOLTVERSION := bca814e270dcbee2fea51c0a26ca99efef261f2b
+BOLTVERSION := a07dc3df3b4611989e3359f28f96c574f7822850

 -include config.vars

--- a/channeld/channeld.c
+++ b/channeld/channeld.c
@ -425,12 +425,10 @@ static void channel_announcement_negotiate(struct peer *peer)
 	/* BOLT #7:
 	 *
 	 * A node:
-	 *   - if the `open_channel` message has the `announce_channel` bit set
-	 *     AND a `shutdown` message has not been sent:
+	 *   - if the `open_channel` message has the `announce_channel` bit set AND a `shutdown` message has not been sent:
 	 *     - MUST send the `announcement_signatures` message.
-	 *       - MUST NOT send `announcement_signatures` messages until
-	 *         `funding_locked` has been sent AND the funding transaction has
-	 *         at least six confirmations.
+	 *       - MUST NOT send `announcement_signatures` messages until `funding_locked`
+	 *       has been sent and received AND the funding transaction has at least six confirmations.
 	 *   - otherwise:
 	 *     - MUST NOT send the `announcement_signatures` message.
 	 */
@ -439,10 +437,9 @@ static void channel_announcement_negotiate(struct peer *peer)

 	/* BOLT #7:
 	 *
-	 *      - MUST NOT send `announcement_signatures` messages until
-	 *      `funding_locked` has been sent AND the funding transaction has
-	 *      at least six confirmations.
-	 */
+	 *      - MUST NOT send `announcement_signatures` messages until `funding_locked`
+	 *      has been sent and received AND the funding transaction has at least six confirmations.
+ 	 */
 	if (peer->announce_depth_reached && !peer->have_sigs[LOCAL]) {
 		send_announcement_signatures(peer);
 		peer->have_sigs[LOCAL] = true;
--- a/channeld/commit_tx.c
+++ b/channeld/commit_tx.c
@ -268,8 +268,7 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,

 	/* BOLT #3:
 	 *
-	 * * locktime: upper 8 bits are 0x20, lower 24 bits are the lower
-	 *   24 bits of the obscured commitment transaction number
+	 * * locktime: upper 8 bits are 0x20, lower 24 bits are the lower 24 bits of the obscured commitment number
 	 */
 	tx->lock_time
 		= (0x20000000 | (obscured_commitment_number & 0xFFFFFF));
@ -285,8 +284,7 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,

 	/* BOLT #3:
 	 *
-	 *    * `txin[0]` sequence: upper 8 bits are 0x80, lower 24 bits are
-	 *       upper 24 bits of the obscured commitment transaction number
+	 *    * `txin[0]` sequence: upper 8 bits are 0x80, lower 24 bits are upper 24 bits of the obscured commitment number
 	 */
 	tx->input[0].sequence_number
 		= (0x80000000 | ((obscured_commitment_number>>24) & 0xFFFFFF));
--- a/channeld/test/run-commit_tx.c
+++ b/channeld/test/run-commit_tx.c
@ -497,25 +497,25 @@ int main(void)

 	/* BOLT #3:
 	 *
-	 * <!-- The test vector values are derived, as per Key Derivation,
-	 *      though it's not required for this test. They're included here
-	 *      for completeness and in case someone wants to reproduce the
-	 *      test vectors themselves:
-         *
-         * INTERNAL: remote_funding_privkey: 1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e130101
-         * INTERNAL: local_payment_basepoint_secret: 111111111111111111111111111111111111111111111111111111111111111101
-         * INTERNAL: remote_revocation_basepoint_secret: 222222222222222222222222222222222222222222222222222222222222222201
-         * INTERNAL: local_delayed_payment_basepoint_secret: 333333333333333333333333333333333333333333333333333333333333333301
-         * INTERNAL: remote_payment_basepoint_secret: 444444444444444444444444444444444444444444444444444444444444444401
-         * x_local_per_commitment_secret: 1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a0908070605040302010001
-         * # From remote_revocation_basepoint_secret
-         * INTERNAL: remote_revocation_basepoint: 02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27
-         * # From local_delayed_payment_basepoint_secret
-         * INTERNAL: local_delayed_payment_basepoint: 023c72addb4fdf09af94f0c94d7fe92a386a7e70cf8a1d85916386bb2535c7b1b1
-         * INTERNAL: local_per_commitment_point: 025f7117a78150fe2ef97db7cfc83bd57b2e2c0d0dd25eaf467a4a1c2a45ce1486
-         * INTERNAL: remote_privkey: 8deba327a7cc6d638ab0eb025770400a6184afcba6713c210d8d10e199ff2fda01
-         * # From local_delayed_payment_basepoint_secret, local_per_commitment_point and local_delayed_payment_basepoint
-         * INTERNAL: local_delayed_privkey: adf3464ce9c2f230fd2582fda4c6965e4993ca5524e8c9580e3df0cf226981ad01
+	 * <!-- The test vector values are derived, as per Key Derivation, though it's not
+	 * required for this test. They're included here for completeness and
+	 * in case someone wants to reproduce the test vectors themselves:
+	 *
+	 * INTERNAL: remote_funding_privkey: 1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e1301
+	 * INTERNAL: local_payment_basepoint_secret: 111111111111111111111111111111111111111111111111111111111111111101
+	 * INTERNAL: remote_revocation_basepoint_secret: 222222222222222222222222222222222222222222222222222222222222222201
+	 * INTERNAL: local_delayed_payment_basepoint_secret: 333333333333333333333333333333333333333333333333333333333333333301
+	 * INTERNAL: remote_payment_basepoint_secret: 444444444444444444444444444444444444444444444444444444444444444401
+	 * x_local_per_commitment_secret: 1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a0908070605040302010001
+	 * # From remote_revocation_basepoint_secret
+	 * INTERNAL: remote_revocation_basepoint: 02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27
+	 * # From local_delayed_payment_basepoint_secret
+	 * INTERNAL: local_delayed_payment_basepoint: 023c72addb4fdf09af94f0c94d7fe92a386a7e70cf8a1d85916386bb2535c7b1b1
+	 * INTERNAL: local_per_commitment_point: 025f7117a78150fe2ef97db7cfc83bd57b2e2c0d0dd25eaf467a4a1c2a45ce1486
+	 * INTERNAL: remote_privkey: 8deba327a7cc6d638ab0eb025770400a6184afcba6713c210d8d10e199ff2fda01
+	 * # From local_delayed_payment_basepoint_secret, local_per_commitment_point and local_delayed_payment_basepoint
+	 * INTERNAL: local_delayed_privkey: adf3464ce9c2f230fd2582fda4c6965e4993ca5524e8c9580e3df0cf226981ad01
+	 * -->
 	 */
 	local_funding_privkey.secret = secret_from_hex("30ff4956bbdd3222d44cc5e8a1261dab1e07957bdac5ae88fe3261ef321f374901");
 	x_remote_funding_privkey.secret = secret_from_hex("1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e1301");
--- a/channeld/test/run-full_channel.c
+++ b/channeld/test/run-full_channel.c
@ -403,7 +403,7 @@ int main(void)
 	 *
 	 * local_payment_basepoint: 034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa
 	 * remote_payment_basepoint: 032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991
-	 * # obscured commitment transaction number = 0x2bb038521914 ^ 42
+	 * # obscured commitment number = 0x2bb038521914 ^ 42
 	 */
 	localbase.payment = pubkey_from_hex("034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa");
 	remotebase.payment = pubkey_from_hex("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991");
--- a/common/initial_commit_tx.c
+++ b/common/initial_commit_tx.c
@ -10,8 +10,7 @@

 /* BOLT #3:
 *
- * The 48-bit commitment transaction number is obscured by `XOR` with
- * the lower 48 bits of:
+ * The 48-bit commitment number is obscured by `XOR` with the lower 48 bits of:
 *
 *     SHA256(payment_basepoint from open_channel || payment_basepoint from accept_channel)
 */
@ -206,8 +205,8 @@ struct bitcoin_tx *initial_commit_tx(const tal_t *ctx,

 	/* BOLT #3:
 	 *
-	 * * locktime: upper 8 bits are 0x20, lower 24 bits are the lower
-	 *   24 bits of the obscured commitment transaction number
+	 * * locktime: upper 8 bits are 0x20, lower 24 bits are the
+	 * lower 24 bits of the obscured commitment number
 	 */
 	tx->lock_time
 		= (0x20000000 | (obscured_commitment_number & 0xFFFFFF));
@ -223,8 +222,7 @@ struct bitcoin_tx *initial_commit_tx(const tal_t *ctx,

 	/* BOLT #3:
 	 *
-	 *    * `txin[0]` sequence: upper 8 bits are 0x80, lower 24 bits are
-	 *       upper 24 bits of the obscured commitment transaction number
+	 *    * `txin[0]` sequence: upper 8 bits are 0x80, lower 24 bits are upper 24 bits of the obscured commitment number
 	 */
 	tx->input[0].sequence_number
 		= (0x80000000 | ((obscured_commitment_number>>24) & 0xFFFFFF));
--- a/connectd/handshake.c
+++ b/connectd/handshake.c
@ -138,21 +138,21 @@ struct keypair {
 * Throughout the handshake process, each side maintains these variables:
 *
 *  * `ck`: the **chaining key**. This value is the accumulated hash of all
- *    previous ECDH outputs. At the end of the handshake, `ck` is used to
- *    derive the encryption keys for Lightning messages.
+ *    previous ECDH outputs. At the end of the handshake, `ck` is used to derive
+ *    the encryption keys for Lightning messages.
 *
 *  * `h`: the **handshake hash**. This value is the accumulated hash of _all_
- *    handshake data that has been sent and received so far during the
- *    handshake process.
+ *    handshake data that has been sent and received so far during the handshake
+ *    process.
 *
- * * `temp_k1`, `temp_k2`, `temp_k3`: the **intermediate keys**. These are used to
- *    encrypt and decrypt the zero-length AEAD payloads at the end of each
- *    handshake message.
+ *  * `temp_k1`, `temp_k2`, `temp_k3`: the **intermediate keys**. These are used to
+ *    encrypt and decrypt the zero-length AEAD payloads at the end of each handshake
+ *    message.
 *
- *  * `e`: a party's **ephemeral keypair**. For each session, a node MUST
- *    generate a new ephemeral key with strong cryptographic randomness.
+ *  * `e`: a party's **ephemeral keypair**. For each session, a node MUST generate a
+ *    new ephemeral key with strong cryptographic randomness.
 *
- *  * `s`: a party's **static public key** (`ls` for local, `rs` for remote)
+ *  * `s`: a party's **static keypair** (`ls` for local, `rs` for remote)
 */
 struct handshake {
 	struct secret ck;
@ -469,9 +469,8 @@ static struct io_plan *act_three_initiator(struct io_conn *conn,

 	/* BOLT #8:
 	 *
-	 * 3. `ss = ECDH(re, s.priv)`
+	 * 3. `se = ECDH(s.priv, re)`
 	 *     * where `re` is the ephemeral public key of the responder
-	 *
 	 */
 	h->ss = hsm_do_ecdh(h, &h->re);
 	if (!h->ss)
@ -481,9 +480,8 @@ static struct io_plan *act_three_initiator(struct io_conn *conn,

 	/* BOLT #8:
 	 *
-	 * 4. `ck, temp_k3 = HKDF(ck, ss)`
-	 *     * The final intermediate shared secret is mixed into the running
-	 *       chaining key.
+	 * 4. `ck, temp_k3 = HKDF(ck, se)`
+	 *     * The final intermediate shared secret is mixed into the running chaining key.
 	 */
 	hkdf_two_keys(&h->ck, &h->temp_k, &h->ck, h->ss, sizeof(*h->ss));
 	SUPERVERBOSE("# ck,temp_k3=0x%s,0x%s",
@ -547,8 +545,7 @@ static struct io_plan *act_two_initiator2(struct io_conn *conn,

 	/* BOLT #8:
 	 *
-	 * 5. `ss = ECDH(re, e.priv)`
-	 *    * where `re` is the responder's ephemeral public key
+	 * 5. `es = ECDH(s.priv, re)`
 	 */
 	if (!secp256k1_ecdh(secp256k1_ctx, h->ss->data, &h->re.pubkey,
 			    h->e.priv.secret.data))
@ -558,9 +555,9 @@ static struct io_plan *act_two_initiator2(struct io_conn *conn,

 	/* BOLT #8:
 	 *
-	 * 6. `ck, temp_k2 = HKDF(ck, ss)`
-	 *     * A new temporary encryption key is generated, which is
-	 *       used to generate the authenticating MAC.
+	 * 6. `ck, temp_k2 = HKDF(ck, ee)`
+	 *      * A new temporary encryption key is generated, which is
+	 *        used to generate the authenticating MAC.
 	 */
 	hkdf_two_keys(&h->ck, &h->temp_k, &h->ck, h->ss, sizeof(*h->ss));
 	SUPERVERBOSE("# ck,temp_k2=0x%s,0x%s",
@ -636,9 +633,9 @@ static struct io_plan *act_one_initiator(struct io_conn *conn,

 	/* BOLT #8:
 	 *
-	 * 3. `ss = ECDH(rs, e.priv)`
-	 *     * The initiator performs an ECDH between its newly generated
-	 *       ephemeral key and the remote node's static public key.
+	 * 3. `es = ECDH(e.priv, rs)`
+	 *      * The initiator performs an ECDH between its newly generated ephemeral
+	 *        key and the remote node's static public key.
 	 */
 	h->ss = tal(h, struct secret);
 	if (!secp256k1_ecdh(secp256k1_ctx, h->ss->data,
@ -649,9 +646,9 @@ static struct io_plan *act_one_initiator(struct io_conn *conn,

 	/* BOLT #8:
 	 *
-	 * 4. `ck, temp_k1 = HKDF(ck, ss)`
-	 *     * A new temporary encryption key is generated, which is
-	 *       used to generate the authenticating MAC.
+	 * 4. `ck, temp_k1 = HKDF(ck, es)`
+	 *      * A new temporary encryption key is generated, which is
+	 *        used to generate the authenticating MAC.
 	 */
 	hkdf_two_keys(&h->ck, &h->temp_k, &h->ck, h->ss, sizeof(*h->ss));
 	SUPERVERBOSE("# ck,temp_k1=0x%s,0x%s",
@ -739,7 +736,7 @@ static struct io_plan *act_three_responder2(struct io_conn *conn,

 	/* BOLT #8:
 	 *
-	 * 6. `ss = ECDH(rs, e.priv)`
+	 * 6. `se = ECDH(e.priv, rs)`
 	 *      * where `e` is the responder's original ephemeral key
 	 */
 	if (!secp256k1_ecdh(secp256k1_ctx, h->ss->data, &h->their_id.pubkey,
@ -749,7 +746,7 @@ static struct io_plan *act_three_responder2(struct io_conn *conn,
 	SUPERVERBOSE("# ss=0x%s", tal_hexstr(tmpctx, h->ss, sizeof(*h->ss)));

 	/* BOLT #8:
-	 * 7. `ck, temp_k3 = HKDF(ck, ss)`
+	 * 7. `ck, temp_k3 = HKDF(ck, se)`
 	 */
 	hkdf_two_keys(&h->ck, &h->temp_k, &h->ck, h->ss, sizeof(*h->ss));
 	SUPERVERBOSE("# ck,temp_k3=0x%s,0x%s",
@ -813,9 +810,9 @@ static struct io_plan *act_two_responder(struct io_conn *conn,

 	/* BOLT #8:
 	 *
-	 * 3. `ss = ECDH(re, e.priv)`
-	 *      * where `re` is the ephemeral key of the initiator, which was
-	 *        received during Act One
+	 * 3. `ee = ECDH(e.priv, re)`
+	 *      * where `re` is the ephemeral key of the initiator, which was received
+	 *        during Act One
 	 */
 	if (!secp256k1_ecdh(secp256k1_ctx, h->ss->data, &h->re.pubkey,
 			    h->e.priv.secret.data))
@ -824,8 +821,8 @@ static struct io_plan *act_two_responder(struct io_conn *conn,

 	/* BOLT #8:
 	 *
-	 * 4. `ck, temp_k2 = HKDF(ck, ss)`
-	 *     * A new temporary encryption key is generated, which is
+	 * 4. `ck, temp_k2 = HKDF(ck, ee)`
+	 *      * A new temporary encryption key is generated, which is
 	 *       used to generate the authenticating MAC.
 	 */
 	hkdf_two_keys(&h->ck, &h->temp_k, &h->ck, h->ss, sizeof(*h->ss));
@ -879,8 +876,9 @@ static struct io_plan *act_one_responder2(struct io_conn *conn,
 		return handshake_failed(conn, h);

 	/* BOLT #8:
+	 *
 	 *     * The raw bytes of the remote party's ephemeral public key
-	 *       (`e`) are to be deserialized into a point on the curve using
+	 *       (`re`) are to be deserialized into a point on the curve using
 	 *       affine coordinates as encoded by the key's serialized
 	 *       composed format.
 	 */
@ -900,7 +898,8 @@ static struct io_plan *act_one_responder2(struct io_conn *conn,
 	SUPERVERBOSE("# h=0x%s", tal_hexstr(tmpctx, &h->h, sizeof(h->h)));

 	/* BOLT #8:
-	 * 5. `ss = ECDH(re, s.priv)`
+	 *
+	 * 5. `es = ECDH(s.priv, re)`
 	 *    * The responder performs an ECDH between its static private key and
 	 *      the initiator's ephemeral public key.
 	 */
@ -912,9 +911,9 @@ static struct io_plan *act_one_responder2(struct io_conn *conn,

 	/* BOLT #8:
 	 *
-	 * 6. `ck, temp_k1 = HKDF(ck, ss)`
-	 *    * A new temporary encryption key is generated, which will
-	 *      shortly be used to check the authenticating MAC.
+	 * 6. `ck, temp_k1 = HKDF(ck, es)`
+	 *     * A new temporary encryption key is generated, which will
+	 *       shortly be used to check the authenticating MAC.
 	 */
 	hkdf_two_keys(&h->ck, &h->temp_k, &h->ck, h->ss, sizeof(*h->ss));
 	SUPERVERBOSE("# ck,temp_k1=0x%s,0x%s",
--- a/gossipd/gossipd.c
+++ b/gossipd/gossipd.c
@ -328,7 +328,7 @@ check_length:

 /* BOLT #7:
 *
- * An endpoint node:
+ * A node:
 *   - if the `gossip_queries` feature is negotiated:
 * 	- MUST NOT relay any gossip messages unless explicitly requested.
 */
@ -570,8 +570,8 @@ static const u8 *handle_query_short_channel_ids(struct peer *peer, const u8 *msg

 	/* BOLT #7:
 	 *
-	 * - MUST respond to each known `short_channel_id` with a
-	 *   `channel_announcement` and the latest `channel_update`s for each end
+	 * - MUST respond to each known `short_channel_id` with a `channel_announcement`
+	 *   and the latest `channel_update` for each end
 	 *    - SHOULD NOT wait for the next outgoing gossip flush to send
 	 *      these.
 	 */
@ -1002,8 +1002,7 @@ static void maybe_create_next_scid_reply(struct peer *peer)
 	/* BOLT #7:
 	 *
 	 *   - MUST respond to each known `short_channel_id` with a
-	 *     `channel_announcement` and the latest `channel_update`s for
-	 *     each end
+	 *     `channel_announcement` and the latest `channel_update` for each end
 	 *     - SHOULD NOT wait for the next outgoing gossip flush
 	 *       to send these.
 	 */
@ -1116,7 +1115,7 @@ static void maybe_queue_gossip(struct peer *peer)

 	/* BOLT #7:
 	 *
-	 * An endpoint node:
+	 * A node:
 	 *...
 	 *  - SHOULD flush outgoing gossip messages once every 60 seconds,
 	 *    independently of the arrival times of the messages.
@ -1238,9 +1237,9 @@ static void update_local_channel(struct daemon *daemon,
 	/* BOLT #7:
 	 *
 	 * The origin node:
-	 *   - MAY create a `channel_update` to communicate the channel
-	 *   parameters to the final node, even though the channel has not yet
-	 *   been announced
+	 *  - MAY create a `channel_update` to communicate the channel parameters to the
+	 *    channel peer, even though the channel has not yet been announced (i.e. the
+	 *    `announce_channel` bit was not set).
 	 */
 	if (!is_chan_public(chan)) {
 		/* handle_channel_update will not put private updates in the
@ -1749,7 +1748,7 @@ static void gossip_send_keepalive_update(struct daemon *daemon,

 /* BOLT #7:
 *
- * An endpoint node:
+ * A node:
 *  - if a channel's latest `channel_update`s `timestamp` is older than two weeks
 *    (1209600 seconds):
 *     - MAY prune the channel.
--- a/gossipd/routing.c
+++ b/gossipd/routing.c
@ -844,8 +844,7 @@ u8 *handle_channel_announcement(struct routing_state *rstate,
 	}

 	/* BOLT #7:
-	 *
-	 * The final node:
+	 * The receiving node:
 	 *...
 	 *  - if the specified `chain_hash` is unknown to the receiver:
 	 *    - MUST ignore the message.
@ -941,7 +940,7 @@ void handle_pending_cannouncement(struct routing_state *rstate,

 	/* BOLT #7:
 	 *
-	 * The final node:
+	 * The receiving node:
 	 *...
 	 *   - if the `short_channel_id`'s output... is spent:
 	 *    - MUST ignore the message.
@ -956,7 +955,7 @@ void handle_pending_cannouncement(struct routing_state *rstate,

 	/* BOLT #7:
 	 *
-	 * The final node:
+	 * The receiving node:
 	 *...
 	 *   - if the `short_channel_id`'s output does NOT correspond to a P2WSH
 	 *     (using `bitcoin_key_1` and `bitcoin_key_2`, as specified in
@ -1169,7 +1168,7 @@ u8 *handle_channel_update(struct routing_state *rstate, const u8 *update TAKES,

 	/* BOLT #7:
 	 *
-	 * The final node:
+	 * The receiving node:
 	 *...
 	 *  - if the specified `chain_hash` value is unknown (meaning it isn't
 	 *    active on the specified chain):
@ -1292,7 +1291,7 @@ static struct wireaddr *read_addresses(const tal_t *ctx, const u8 *ser)

 		/* BOLT #7:
 		 *
-		 * The final node:
+		 * The receiving node:
 		 *...
 		 *   - SHOULD ignore the first `address descriptor` that does
 		 *     NOT match the types defined above.
@ -1392,7 +1391,7 @@ u8 *handle_node_announcement(struct routing_state *rstate, const u8 *node_ann)

 	/* BOLT #7:
 	 *
-	 * The final node:
+	 * The receiving node:
 	 *...
 	 *  - if `features` field contains _unknown even bits_:
 	 *    - MUST NOT parse the remainder of the message.
@ -1410,12 +1409,13 @@ u8 *handle_node_announcement(struct routing_state *rstate, const u8 *node_ann)
 	if (!check_signed_hash(&hash, &signature, &node_id)) {
 		/* BOLT #7:
 		 *
-		 * - if `signature` is NOT a valid signature (using `node_id`
-		 *  of the double-SHA256 of the entire message following the
-		 *  `signature` field, including unknown fields following
-		 *  `alias`):
-		 *    - SHOULD fail the connection.
+		 * - if `signature` is not a valid signature, using
+                 *   `node_id` of the double-SHA256 of the entire
+                 *   message following the `signature` field
+                 *   (including unknown fields following
+                 *   `fee_proportional_millionths`):
 		 *    - MUST NOT process the message further.
+		 *    - SHOULD fail the connection.
 		 */
 		u8 *err = towire_errorfmt(rstate, NULL,
 					  "Bad signature for %s hash %s"
--- a/lightningd/peer_control.c
+++ b/lightningd/peer_control.c
@ -550,12 +550,10 @@ static enum watch_result funding_lockin_cb(struct lightningd *ld,
 	/* BOLT #7:
 	 *
 	 * A node:
-	 *   - if the `open_channel` message has the `announce_channel` bit set
-	 *     AND a `shutdown` message has not been sent:
+	 *   - if the `open_channel` message has the `announce_channel` bit set AND a `shutdown` message has not been sent:
 	 *     - MUST send the `announcement_signatures` message.
-	 *       - MUST NOT send `announcement_signatures` messages until
-	 *         `funding_locked` has been sent AND the funding transaction has
-	 *         at least six confirmations.
+	 *       - MUST NOT send `announcement_signatures` messages until `funding_locked`
+	 *       has been sent and received AND the funding transaction has at least six confirmations.
 	 *   - otherwise:
 	 *     - MUST NOT send the `announcement_signatures` message.
 	 */
--- a/onchaind/onchaind.c
+++ b/onchaind/onchaind.c
@ -613,20 +613,15 @@ static u64 unmask_commit_number(const struct bitcoin_tx *tx,

 	/* BOLT #3:
 	 *
-	 * The 48-bit commitment transaction number is obscured by
-	 * `XOR` with the lower 48 bits of...
+	 * The 48-bit commitment number is obscured by `XOR` with the lower 48 bits of...
 	 */
 	obscurer = commit_number_obscurer(keys[funder], keys[!funder]);

 	/* BOLT #3:
 	 *
-	 * * locktime: upper 8 bits are 0x20, lower 24 bits are the
-	 *             lower 24 bits of the obscured commitment transaction
-	 *             number
+	 * * locktime: upper 8 bits are 0x20, lower 24 bits are the lower 24 bits of the obscured commitment number
 	 *...
-	 * * `txin[0]` sequence: upper 8 bits are 0x80, lower 24 bits
-	 *                are upper 24 bits of the obscured commitment
-	 *                transaction number
+	 * * `txin[0]` sequence: upper 8 bits are 0x80, lower 24 bits are upper 24 bits of the obscured commitment number
 	 */
 	return ((tx->lock_time & 0x00FFFFFF)
 		| (tx->input[0].sequence_number & (u64)0x00FFFFFF) << 24)