Update to latest BOLT version.

And remove the FIXMEs now that the gossip_query extension is merged. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2025-01-18 21:35:11 +01:00 · 2018-06-28 11:31:21 +09:30 · 2018-06-28 11:31:21 +09:30 · 82ff891202
commit 82ff891202
parent c46f373205
11 changed files with 56 additions and 54 deletions
--- a/2
+++ b/2
@ -9,7 +9,7 @@ CCANDIR := ccan

 # Where we keep the BOLT RFCs
 BOLTDIR := ../lightning-rfc/
-BOLTVERSION := e7dc7594f57ad6cab262c093396d0f438fb162bb
+BOLTVERSION := fd9da9b95eb5d585252d7e749212151502e0cc17

 -include config.vars

--- a/common/bolt11.c
+++ b/common/bolt11.c
@ -489,8 +489,9 @@ struct bolt11 *bolt11_decode(const tal_t *ctx, const char *str,
         *
         * The human-readable part of a Lightning invoice consists of two
 	 * sections:
-	 * 1. `prefix`: `ln` + BIP-0173 currency prefix (e.g. `lnbc` for
-	 *     bitcoins or `lntb` for testnet bitcoins)
+	 * 1. `prefix`: `ln` + BIP-0173 currency prefix (e.g. `lnbc` for bitcoin
+	 *     mainnet, `lntb` for bitcoin testnet and `lnbcrt` for bitcoin
+	 *     regtest)
         * 1. `amount`: optional number in that currency, followed by an optional
         *    `multiplier` letter
         */
--- a/common/cryptomsg.c
+++ b/common/cryptomsg.c
@ -42,8 +42,8 @@ static void maybe_rotate_key(u64 *n, struct secret *k, struct secret *ck)

 	/* BOLT #8:
 	 *
-	 * A key is to be rotated after a party sends or decrypts
-	 * 1000 messages with it.  This can be properly accounted
+	 * A key is to be rotated after a party encrypts or decrypts 1000 times
+	 * with it (i.e. every 500 messages). This can be properly accounted
 	 * for by rotating the key once the nonce dedicated to it
 	 * exceeds 1000.
 	 */
@ -52,7 +52,8 @@ static void maybe_rotate_key(u64 *n, struct secret *k, struct secret *ck)

 	/* BOLT #8:
 	 *
-	 * Key rotation for a key `k` is performed according to the following:
+	 * Key rotation for a key `k` is performed according to the following
+	 * steps:
 	 *
 	 * 1. Let `ck` be the chaining key obtained at the end of Act Three.
 	 * 2. `ck', k' = HKDF(ck, k)`
@ -78,8 +79,8 @@ static void le64_nonce(unsigned char *npub, u64 nonce)
 	/* BOLT #8:
 	 *
 	 * ...with nonce `n` encoded as 32 zero bits, followed by a
-	 * *little-endian* 64-bit value (this follows the Noise Protocol
-	 * convention, rather than our normal endian).
+	 * *little-endian* 64-bit value.  Note: this follows the Noise Protocol
+	 * convention, rather than our normal endian
 	 */
 	le64 le_nonce = cpu_to_le64(nonce);
 	const size_t zerolen = crypto_aead_chacha20poly1305_ietf_NPUBBYTES - sizeof(le_nonce);
@ -171,7 +172,7 @@ bool cryptomsg_decrypt_header(struct crypto_state *cs, u8 hdr[18], u16 *lenp)

 	/* BOLT #8:
 	 *
-	 *  2. Let the encrypted length prefix be known as `lc`
+	 *  2. Let the encrypted length prefix be known as `lc`.
 	 *  3. Decrypt `lc` (using `ChaCha20-Poly1305`, `rn`, and `rk`), to
 	 *     obtain the size of the encrypted packet `l`.
 	 *    * A zero-length byte slice is to be passed as the AD
@ -205,7 +206,7 @@ static struct io_plan *peer_decrypt_header(struct io_conn *conn,

 	/* BOLT #8:
 	 *
-	 * 4. Read _exactly_ `l+16` bytes from the network buffer, let
+	 * 4. Read _exactly_ `l+16` bytes from the network buffer, and let
 	 *    the bytes be known as `c`.
 	 */
 	pcs->in = tal_arr(conn, u8, (u32)len + 16);
@ -225,7 +226,7 @@ struct io_plan *peer_read_message(struct io_conn *conn,
 	 * ### Receiving and Decrypting Messages
 	 *
 	 * In order to decrypt the _next_ message in the network
-	 * stream, the following is done:
+	 * stream, the following steps are completed:
 	 *
 	 *  1. Read _exactly_ 18 bytes from the network buffer.
 	 */
@ -258,9 +259,9 @@ u8 *cryptomsg_encrypt_msg(const tal_t *ctx,
 	 *
 	 * In order to encrypt and send a Lightning message (`m`) to the
 	 * network stream, given a sending key (`sk`) and a nonce (`sn`), the
-	 * following is done:
+	 * following steps are completed:
 	 *
-	 *   1. let `l = len(m)`
+	 *   1. Let `l = len(m)`.
 	 *      * where `len` obtains the length in bytes of the Lightning
 	 *        message
 	 *
@ -274,7 +275,7 @@ u8 *cryptomsg_encrypt_msg(const tal_t *ctx,
 	 *    `lc` (18 bytes)
 	 *    * The nonce `sn` is encoded as a 96-bit little-endian number. As
 	 *      the decoded nonce is 64 bits, the 96-bit nonce is encoded as:
-	 *      32 bits of leading zeroes followed by a 64-bit value.
+	 *      32 bits of leading 0s followed by a 64-bit value.
 	 *        * The nonce `sn` MUST be incremented after this step.
 	 *    * A zero-length byte slice is to be passed as the AD (associated
                data).
--- a/common/decode_short_channel_ids.h
+++ b/common/decode_short_channel_ids.h
@ -8,8 +8,7 @@
 *
 * Encoding types:
 * * `0`: uncompressed array of `short_channel_id` types, in ascending order.
- * * `1`: array of `short_channel_id` types, in ascending order, compressed with
- *        zlib<sup>[1](#reference-1)</sup>
+ * * `1`: array of `short_channel_id` types, in ascending order, compressed with zlib deflate<sup>[1](#reference-1)</sup>
 */
 enum scid_encode_types {
 	SHORTIDS_UNCOMPRESSED = 0,
--- a/common/features.h
+++ b/common/features.h
@ -22,7 +22,7 @@ bool feature_offered(const u8 *features, size_t f);
 * ## Assigned `localfeatures` flags
 *...
 * | Bits | Name                             |...
- * | 0/1  | `option-data-loss-protect`       |...
+ * | 0/1  | `option_data_loss_protect`       |...
 * | 3    | `initial_routing_sync`           |...
 * | 4/5  | `option_upfront_shutdown_script` |...
 * | 6/7  | `gossip_queries`                 |...
--- a/common/read_peer_msg.c
+++ b/common/read_peer_msg.c
@ -134,7 +134,7 @@ u8 *read_peer_msg_(const tal_t *ctx,
 		 * The receiving node:
 		 *   - upon receiving `error`:
 		 *    - MUST fail the channel referred to by the error
-		 *       message.
+		 *       message, if that channel is with the sending node.
 		 *  - if no existing channel is referred to by the
 		 *    message:
 		 *    - MUST ignore the message.
--- a/gossipd/gossip.c
+++ b/gossipd/gossip.c
@ -664,8 +664,7 @@ static struct io_plan *peer_connected(struct io_conn *conn, struct peer *peer)
 		 *
 		 * - upon receiving an `init` message with the
 		 *   `initial_routing_sync` flag set to 1:
-		 *   - SHOULD send `channel_announcement`s, `channel_update`s
-		 *    and `node_announcement`s for all known channels and
+		 *   - SHOULD send gossip messages for all known channels and
 		 *    nodes, as if they were just received.
 		 * - if the `initial_routing_sync` flag is set to 0, OR if the
 		 *   initial sync was completed:
--- a/gossipd/handshake.c
+++ b/gossipd/handshake.c
@ -35,7 +35,7 @@ enum bolt8_side {
 *
 * Act One is sent from initiator to responder. During Act One, the
 * initiator attempts to satisfy an implicit challenge by the responder. To
- * complete this challenge, the initiator _must_ know the static public key of
+ * complete this challenge, the initiator must know the static public key of
 * the responder.
 */
 struct act_one {
@ -123,7 +123,7 @@ static inline void check_act_three(const struct act_three *act3)
 /* BOLT #8:
 *
 *  * `generateKey()`: generates and returns a fresh `secp256k1` keypair
- *      * where the object returned by `generateKey` has two attributes:
+ *      * Where the object returned by `generateKey` has two attributes:
 *          * `.pub`, which returns an abstract object representing the
 *            public key
 *          * `.priv`, which represents the private key used to generate the
@ -138,19 +138,19 @@ struct keypair {
 *
 * Throughout the handshake process, each side maintains these variables:
 *
- *  * `ck`: The **chaining key**. This value is the accumulated hash of all
+ *  * `ck`: the **chaining key**. This value is the accumulated hash of all
 *    previous ECDH outputs. At the end of the handshake, `ck` is used to
 *    derive the encryption keys for Lightning messages.
 *
- *  * `h`: The **handshake hash**. This value is the accumulated hash of _all_
+ *  * `h`: the **handshake hash**. This value is the accumulated hash of _all_
 *    handshake data that has been sent and received so far during the
 *    handshake process.
 *
- * * `temp_k1`, `temp_k2`, `temp_k3`: **intermediate keys**. These are used to
+ * * `temp_k1`, `temp_k2`, `temp_k3`: the **intermediate keys**. These are used to
 *    encrypt and decrypt the zero-length AEAD payloads at the end of each
 *    handshake message.
 *
- *  * `e`: A party's **ephemeral keypair**. For each session a node MUST
+ *  * `e`: a party's **ephemeral keypair**. For each session, a node MUST
 *    generate a new ephemeral key with strong cryptographic randomness.
 *
 *  * `s`: a party's **static public key** (`ls` for local, `rs` for remote)
@ -253,8 +253,8 @@ static void le64_nonce(unsigned char *npub, u64 nonce)
 	/* BOLT #8:
 	 *
 	 * ...with nonce `n` encoded as 32 zero bits, followed by a
-	 * *little-endian* 64-bit value (this follows the Noise Protocol
-	 * convention, rather than our normal endian).
+	 * *little-endian* 64-bit value. Note: this follows the Noise
+	 * Protocol convention, rather than our normal endian
 	 */
 	le64 le_nonce = cpu_to_le64(nonce);
 	const size_t zerolen = crypto_aead_chacha20poly1305_ietf_NPUBBYTES - sizeof(le_nonce);
@ -268,7 +268,7 @@ static void le64_nonce(unsigned char *npub, u64 nonce)
 /* BOLT #8:
 *   * `encryptWithAD(k, n, ad, plaintext)`: outputs `encrypt(k, n, ad,
 *      plaintext)`
- *      * where `encrypt` is an evaluation of `ChaCha20-Poly1305` (IETF
+ *      * Where `encrypt` is an evaluation of `ChaCha20-Poly1305` (IETF
 *	  variant) with the passed arguments, with nonce `n`
 */
 static void encrypt_ad(const struct secret *k, u64 nonce,
@ -302,7 +302,7 @@ static void encrypt_ad(const struct secret *k, u64 nonce,
 /* BOLT #8:
 *    * `decryptWithAD(k, n, ad, ciphertext)`: outputs `decrypt(k, n, ad,
 *       ciphertext)`
- *      * where `decrypt` is an evaluation of `ChaCha20-Poly1305` (IETF
+ *      * Where `decrypt` is an evaluation of `ChaCha20-Poly1305` (IETF
 *        variant) with the passed arguments, with nonce `n`
 */
 static bool decrypt(const struct secret *k, u64 nonce,
@ -367,8 +367,8 @@ static struct io_plan *handshake_succeeded(struct io_conn *conn,
 	 *        initiator, and `sk` is the key to be used by the responder
 	 *        to encrypt messages to the initiator
 	 *
-	 *      * The final encryption keys to be used for sending and
-	 *        receiving messages for the duration of the session are
+	 *      * The final encryption keys, to be used for sending and
+	 *        receiving messages for the duration of the session, are
 	 *        generated.
 	 */
 	if (h->side == RESPONDER)
@ -395,12 +395,12 @@ static struct handshake *new_handshake(const tal_t *ctx,

 	/* BOLT #8:
 	 *
-	 * Before the start of the first act, both sides initialize their
+	 * Before the start of Act One, both sides initialize their
 	 * per-sessions state as follows:
 	 *
 	 *  1. `h = SHA-256(protocolName)`
 	 *   *  where `protocolName = "Noise_XK_secp256k1_ChaChaPoly_SHA256"`
-	 *      encoded as an ASCII string.
+	 *      encoded as an ASCII string
 	 */
 	sha256(&handshake->h, "Noise_XK_secp256k1_ChaChaPoly_SHA256",
 	       strlen("Noise_XK_secp256k1_ChaChaPoly_SHA256"));
@ -417,7 +417,7 @@ static struct handshake *new_handshake(const tal_t *ctx,
 	/* BOLT #8:
 	 *
 	 * 3. `h = SHA-256(h || prologue)`
-	 *    *  where `prologue` is the ASCII string: `lightning`.
+	 *    *  where `prologue` is the ASCII string: `lightning`
 	 */
 	sha_mix_in(&handshake->h, "lightning", strlen("lightning"));

@ -471,7 +471,7 @@ static struct io_plan *act_three_initiator(struct io_conn *conn,
 	/* BOLT #8:
 	 *
 	 * 3. `ss = ECDH(re, s.priv)`
-	 *     * where `re` is the ephemeral public key of the responder.
+	 *     * where `re` is the ephemeral public key of the responder
 	 *
 	 */
 	if (!hsm_do_ecdh(&h->ss, &h->re))
@ -599,7 +599,7 @@ static struct io_plan *act_two_initiator(struct io_conn *conn,
 	 *
 	 * 1. Read _exactly_ 50 bytes from the network buffer.
 	 *
-	 * 2. Parse the read message (`m`) into `v`, `re` and `c`:
+	 * 2. Parse the read message (`m`) into `v`, `re`, and `c`:
 	 *    * where `v` is the _first_ byte of `m`, `re` is the next 33
 	 *      bytes of `m`, and `c` is the last 16 bytes of `m`.
 	 */
@ -698,9 +698,9 @@ static struct io_plan *act_three_responder2(struct io_conn *conn,

 	/* BOLT #8:
 	 *
-	 * 2. Parse the read message (`m`) into `v`, `c` and `t`:
+	 * 2. Parse the read message (`m`) into `v`, `c`, and `t`:
 	 *    * where `v` is the _first_ byte of `m`, `c` is the next 49
-	 *      bytes of `m`, and `t` is the last 16 bytes of `m`.
+	 *      bytes of `m`, and `t` is the last 16 bytes of `m`
 	 */

 	/* BOLT #8:
@ -923,9 +923,9 @@ static struct io_plan *act_one_responder2(struct io_conn *conn,
 	 *
 	 * 7. `p = decryptWithAD(temp_k1, 0, h, c)`
 	 *     * If the MAC check in this operation fails, then the initiator
-	 *       does _not_ know the responder's static public key. If so, then
-	 *       the responder MUST terminate the connection without any further
-	 *       messages.
+	 *       does _not_ know the responder's static public key. If this
+	 *       is the case, then the responder MUST terminate the connection
+	 *       without any further messages.
 	 */
 	if (!decrypt(&h->temp_k, 0, &h->h, sizeof(h->h),
 		     h->act1.tag, sizeof(h->act1.tag), NULL, 0))
@ -954,7 +954,7 @@ static struct io_plan *act_one_responder(struct io_conn *conn,
 	 *
 	 * 1. Read _exactly_ 50 bytes from the network buffer.
 	 *
-	 * 2. Parse the read message (`m`) into `v`, `re` and `c`:
+	 * 2. Parse the read message (`m`) into `v`, `re`, and `c`:
 	 *     * where `v` is the _first_ byte of `m`, `re` is the next 33
 	 *       bytes of `m`, and `c` is the last 16 bytes of `m`.
 	 */
--- a/lightningd/options.c
+++ b/lightningd/options.c
@ -268,8 +268,8 @@ static char *opt_set_rgb(const char *arg, struct lightningd *ld)
 	ld->rgb = tal_free(ld->rgb);
 	/* BOLT #7:
 	 *
-	 *    - Note: the first byte of `rgb` is the red value, the second byte
-	 *      is the green value, and the last byte is the blue value.
+	 *    - Note: the first byte of `rgb_color` is the red value, the second
+	 *      byte is the green value, and the last byte is the blue value.
 	 */
 	ld->rgb = tal_hexdata(ld, arg, strlen(arg));
 	if (!ld->rgb || tal_len(ld->rgb) != 3)
--- a/lightningd/peer_control.c
+++ b/lightningd/peer_control.c
@ -392,7 +392,7 @@ void channel_errmsg(struct channel *channel,
 	 * A sending node:
 	 *...
 	 *   - when `channel_id` is 0:
-	 *    - MUST fail all channels.
+	 *    - MUST fail all channels with the receiving node.
 	 *    - MUST close the connection.
 	 */
 	/* FIXME: Gossipd closes connection, but doesn't fail channels. */
@ -405,7 +405,8 @@ void channel_errmsg(struct channel *channel,
 	 *...
 	 * The receiving node:
 	 *  - upon receiving `error`:
-	 *    - MUST fail the channel referred to by the error message.
+	 *    - MUST fail the channel referred to by the error message,
+	 *      if that channel is with the sending node.
 	 */
 	channel_fail_permanent(channel, "%s: %s ERROR %s",
 			       channel->owner->name,
@ -651,7 +652,8 @@ static enum watch_result funding_lockin_cb(struct channel *channel,
 	/* BOLT #7:
 	 *
 	 * A node:
-	 *   - if the `open_channel` message has the `announce_channel` bit set:
+	 *   - if the `open_channel` message has the `announce_channel` bit set
+	 *     AND a `shutdown` message has not been sent:
 	 *     - MUST send the `announcement_signatures` message.
 	 *       - MUST NOT send `announcement_signatures` messages until
 	 *         `funding_locked` has been sent AND the funding transaction has
--- a/openingd/opening.c
+++ b/openingd/opening.c
@ -179,7 +179,7 @@ static void check_config_bounds(struct state *state,
 				   "max_accepted_htlcs %u too large",
 				   remoteconf->max_accepted_htlcs);

-	/* FIXME #2:
+	/* BOLT #2:
 	 *
 	 * The receiving node MUST fail the channel if:
 	 *...
@ -201,7 +201,7 @@ static void set_reserve(struct state *state)
 	state->localconf.channel_reserve_satoshis
 		= (state->funding_satoshis + 99) / 100;

-	/* FIXME #2:
+	/* BOLT #2:
 	 *
 	 * The sending node:
 	 *...
@ -363,7 +363,7 @@ static u8 *funder_channel(struct state *state,
 				   "minimum_depth %u larger than %u",
 				   minimum_depth, 10);

-	/* FIXME #2:
+	/* BOLT #2:
 	 *
 	 * The receiver:
 	 *...
@ -463,7 +463,7 @@ static u8 *funder_channel(struct state *state,
 	 * ### The `funding_signed` Message
 	 *
 	 * This message gives the funder the signature it needs for the first
-	 * commitment transaction, so it can broadcast the signature knowing
+	 * commitment transaction, so it can broadcast the transaction knowing
 	 * that funds can be redeemed, if need be.
 	 */
 	peer_billboard(false,
@ -644,7 +644,7 @@ static u8 *fundee_channel(struct state *state,

 	set_reserve(state);

-	/* FIXME #2:
+	/* BOLT #2:
 	 *
 	 * The sender:
 	 *...
@ -770,7 +770,7 @@ static u8 *fundee_channel(struct state *state,
 	 * ### The `funding_signed` Message
 	 *
 	 * This message gives the funder the signature it needs for the first
-	 * commitment transaction, so it can broadcast the signature knowing
+	 * commitment transaction, so it can broadcast the transaction knowing
 	 * that funds can be redeemed, if need be.
 	 */
 	our_commit = initial_channel_tx(state, &wscript, state->channel,