doc: update to BOLT 7f53a3e46ed59f19463447d5fa63b3e484c708a5 "BOLT 8: make it clear that there are *two* chaining keys."

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

Makefile

@@ -23,7 +23,7 @@ CCANDIR := ccan
 
 # Where we keep the BOLT RFCs
 BOLTDIR := ../bolts/
-DEFAULT_BOLTVERSION := aad959a297ff66946effb165518143be15777dd6
+DEFAULT_BOLTVERSION := 7f53a3e46ed59f19463447d5fa63b3e484c708a5
 # Can be overridden on cmdline.
 BOLTVERSION := $(DEFAULT_BOLTVERSION)
 

common/cryptomsg.c

@@ -37,7 +37,7 @@ static void maybe_rotate_key(u64 *n, struct secret *k, struct secret *ck)
 	 * A key is to be rotated after a party encrypts or decrypts 1000 times
 	 * with it (i.e. every 500 messages). This can be properly accounted
 	 * for by rotating the key once the nonce dedicated to it
-	 * exceeds 1000.
+	 * reaches 1000.
 	 */
 	if (*n != 1000)
 		return;
@@ -47,7 +47,7 @@ static void maybe_rotate_key(u64 *n, struct secret *k, struct secret *ck)
 	 * Key rotation for a key `k` is performed according to the following
 	 * steps:
 	 *
-	 * 1. Let `ck` be the chaining key obtained at the end of Act Three.
+	 * 1. Let `ck` be the chaining key (i.e. `rck` for `rk` or `sck` for `sk`)
 	 * 2. `ck', k' = HKDF(ck, k)`
 	 * 3. Reset the nonce for the key to `n = 0`.
 	 * 4. `k = k'`

connectd/handshake.c

@@ -383,6 +383,12 @@ static struct io_plan *handshake_succeeded(struct io_conn *conn,
 		hkdf_two_keys(&cs.sk, &cs.rk, &h->ck, NULL, 0);
 
 	cs.rn = cs.sn = 0;
+	/* BOLT #8:
+	 *
+	 * 11. `rck = sck = ck`
+	 *      * The sending and receiving chaining keys are initialized the same.
+	 */
+
 	cs.r_ck = cs.s_ck = h->ck;
 
 	cb = h->cb;
@@ -509,7 +515,7 @@ static struct io_plan *act_three_initiator(struct io_conn *conn,
 
 	/* BOLT #8:
 	 *
-	 * 8.  Send `m = 0 || c || t` over the network buffer.
+	 * 9.  Send `m = 0 || c || t` over the network buffer.
 	 *
 	 */
 	h->act3.v = 0;