mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2025-03-01 17:47:30 +01:00
Code Issues Projects Releases Wiki Activity

lightningd/derive_basepoints: hoist derivation logic.

Browse source 
All the daemons will use a common seed for point derivation, so drag
it out of lightningd/opening.

This also provide a nice struct wrapper to reduce argument count.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell 2017-03-07 11:37:06 +10:30
parent 39993f229d
commit c64447a929
7 changed files with 196 additions and 199 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lightningd/Makefile
View file

@ -42,6 +42,7 @@ LIGHTNINGD_LIB_SRC := \
lightningd/cryptomsg.c \ lightningd/cryptomsg.c \
lightningd/crypto_sync.c \ lightningd/crypto_sync.c \
lightningd/debug.c \ lightningd/debug.c \
lightningd/derive_basepoints.c \
lightningd/funding_tx.c \ lightningd/funding_tx.c \
lightningd/htlc_tx.c \ lightningd/htlc_tx.c \
lightningd/key_derive.c \ lightningd/key_derive.c \

30
lightningd/channel.c
View file

@ -108,12 +108,8 @@ struct channel *new_channel(const tal_t *ctx,
u32 feerate_per_kw, u32 feerate_per_kw,
const struct channel_config *local, const struct channel_config *local,
const struct channel_config *remote, const struct channel_config *remote,
const struct pubkey *local_revocation_basepoint, const struct basepoints *local_basepoints,
const struct pubkey *remote_revocation_basepoint, const struct basepoints *remote_basepoints,
const struct pubkey *local_payment_basepoint,
const struct pubkey *remote_payment_basepoint,
const struct pubkey *local_delayed_payment_basepoint,
const struct pubkey *remote_delayed_payment_basepoint,
enum side funder) enum side funder)
{ {
struct channel *channel = tal(ctx, struct channel); struct channel *channel = tal(ctx, struct channel);
@ -147,18 +143,12 @@ struct channel *new_channel(const tal_t *ctx,
= channel->view[REMOTE].commitment_number = channel->view[REMOTE].commitment_number
= 0; = 0;
channel->revocation_basepoint[LOCAL] = *local_revocation_basepoint; channel->basepoints[LOCAL] = *local_basepoints;
channel->revocation_basepoint[REMOTE] = *remote_revocation_basepoint; channel->basepoints[REMOTE] = *remote_basepoints;
channel->payment_basepoint[LOCAL] = *local_payment_basepoint;
channel->payment_basepoint[REMOTE] = *remote_payment_basepoint;
channel->delayed_payment_basepoint[LOCAL]
= *local_delayed_payment_basepoint;
channel->delayed_payment_basepoint[REMOTE]
= *remote_delayed_payment_basepoint;
channel->commitment_number_obscurer channel->commitment_number_obscurer
= commit_number_obscurer(&channel->payment_basepoint[funder], = commit_number_obscurer(&channel->basepoints[funder].payment,
&channel->payment_basepoint[!funder]); &channel->basepoints[!funder].payment);
tal_add_destructor(channel, destroy_htlc_map); tal_add_destructor(channel, destroy_htlc_map);
return channel; return channel;
@ -180,22 +170,22 @@ struct bitcoin_tx *channel_tx(const tal_t *ctx,
/* Revocation payment key for @side */ /* Revocation payment key for @side */
struct pubkey side_revocation_key; struct pubkey side_revocation_key;
if (!derive_simple_key(&channel->payment_basepoint[side], if (!derive_simple_key(&channel->basepoints[side].payment,
per_commitment_point, per_commitment_point,
&side_payment_key)) &side_payment_key))
return NULL; return NULL;
if (!derive_simple_key(&channel->payment_basepoint[!side], if (!derive_simple_key(&channel->basepoints[!side].payment,
per_commitment_point, per_commitment_point,
&other_payment_key)) &other_payment_key))
return NULL; return NULL;
if (!derive_simple_key(&channel->delayed_payment_basepoint[side], if (!derive_simple_key(&channel->basepoints[side].delayed_payment,
per_commitment_point, per_commitment_point,
&side_delayed_payment_key)) &side_delayed_payment_key))
return NULL; return NULL;
if (!derive_revocation_key(&channel->revocation_basepoint[side], if (!derive_revocation_key(&channel->basepoints[side].revocation,
per_commitment_point, per_commitment_point,
&side_revocation_key)) &side_revocation_key))
return NULL; return NULL;

21
lightningd/channel.h
View file

@ -7,6 +7,7 @@
#include <ccan/tal/tal.h> #include <ccan/tal/tal.h>
#include <daemon/htlc.h> #include <daemon/htlc.h>
#include <lightningd/channel_config.h> #include <lightningd/channel_config.h>
#include <lightningd/derive_basepoints.h>
#include <stdbool.h> #include <stdbool.h>
struct signature; struct signature;
@ -38,9 +39,7 @@ struct channel {
const struct channel_config *config[NUM_SIDES]; const struct channel_config *config[NUM_SIDES];
/* Basepoints for deriving keys. */ /* Basepoints for deriving keys. */
struct pubkey revocation_basepoint[NUM_SIDES]; struct basepoints basepoints[NUM_SIDES];
struct pubkey payment_basepoint[NUM_SIDES];
struct pubkey delayed_payment_basepoint[NUM_SIDES];
/* Mask for obscuring the encoding of the commitment number. */ /* Mask for obscuring the encoding of the commitment number. */
u64 commitment_number_obscurer; u64 commitment_number_obscurer;
@ -125,12 +124,8 @@ static inline u16 to_self_delay(const struct channel *channel, enum side side)
* @feerate_per_kw: feerate per kiloweight (satoshis) * @feerate_per_kw: feerate per kiloweight (satoshis)
* @local: local channel configuration * @local: local channel configuration
* @remote: remote channel configuration * @remote: remote channel configuration
* @local_revocation_basepoint: local basepoint for revocations. * @local_basepoints: local basepoints.
* @remote_revocation_basepoint: remote basepoint for revocations. * @remote_basepoints: remote basepoints.
* @local_payment_basepoint: local basepoint for payments.
* @remote_payment_basepoint: remote basepoint for payments.
* @local_delayed_payment_basepoint: local basepoint for delayed payments.
* @remote_delayed_payment_basepoint: remote basepoint for delayed payments.
* @funder: which side initiated it. * @funder: which side initiated it.
* *
* Returns state, or NULL if malformed. * Returns state, or NULL if malformed.
@ -143,12 +138,8 @@ struct channel *new_channel(const tal_t *ctx,
u32 feerate_per_kw, u32 feerate_per_kw,
const struct channel_config *local, const struct channel_config *local,
const struct channel_config *remote, const struct channel_config *remote,
const struct pubkey *local_revocation_basepoint, const struct basepoints *local_basepoints,
const struct pubkey *remote_revocation_basepoint, const struct basepoints *remote_basepoints,
const struct pubkey *local_payment_basepoint,
const struct pubkey *remote_payment_basepoint,
const struct pubkey *local_delayed_payment_basepoint,
const struct pubkey *remote_delayed_payment_basepoint,
enum side funder); enum side funder);
/** /**
* channel_tx: Get the current commitment transaction for the channel. * channel_tx: Get the current commitment transaction for the channel.

61
lightningd/derive_basepoints.c Normal file
View file

@ -0,0 +1,61 @@
#include <ccan/crypto/hkdf_sha256/hkdf_sha256.h>
#include <ccan/crypto/sha256/sha256.h>
#include <ccan/crypto/shachain/shachain.h>
#include <lightningd/derive_basepoints.h>
#include <utils.h>
bool derive_basepoints(const struct privkey *seed,
struct pubkey *funding_pubkey,
struct basepoints *basepoints,
struct secrets *secrets,
struct sha256 *shaseed,
struct pubkey *per_commit_point,
u64 per_commit_index)
{
struct sha256 per_commit_secret;
struct keys {
struct privkey f, r, p, d;
struct sha256 shaseed;
} keys;
hkdf_sha256(&keys, sizeof(keys), NULL, 0, seed, sizeof(*seed),
"c-lightning", strlen("c-lightning"));
secrets->funding_privkey = keys.f;
secrets->revocation_basepoint_secret = keys.r;
secrets->payment_basepoint_secret = keys.p;
secrets->delayed_payment_basepoint_secret = keys.d;
if (!pubkey_from_privkey(&keys.f, funding_pubkey)
|| !pubkey_from_privkey(&keys.r, &basepoints->revocation)
|| !pubkey_from_privkey(&keys.p, &basepoints->payment)
|| !pubkey_from_privkey(&keys.d, &basepoints->delayed_payment))
return false;
/* BOLT #3:
*
* A node MUST select an unguessable 256-bit seed for each connection,
* and MUST NOT reveal the seed.
*/
*shaseed = keys.shaseed;
/* BOLT #3:
*
* the first secret used MUST be index 281474976710655, and then the
* index decremented. */
shachain_from_seed(shaseed, 281474976710655ULL - per_commit_index,
&per_commit_secret);
/* BOLT #3:
*
* The `per-commitment-point` is generated using EC multiplication:
*
* per-commitment-point = per-commitment-secret * G
*/
if (secp256k1_ec_pubkey_create(secp256k1_ctx,
&per_commit_point->pubkey,
per_commit_secret.u.u8) != 1)
return false;
return true;
}

30
lightningd/derive_basepoints.h Normal file
View file

@ -0,0 +1,30 @@
#ifndef LIGHTNING_LIGHTNINGD_DERIVE_BASEPOINTS_H
#define LIGHTNING_LIGHTNINGD_DERIVE_BASEPOINTS_H
#include "config.h"
#include <bitcoin/privkey.h>
#include <bitcoin/pubkey.h>
struct sha256;
struct basepoints {
struct pubkey revocation;
struct pubkey payment;
struct pubkey delayed_payment;
};
struct secrets {
struct privkey funding_privkey;
struct privkey revocation_basepoint_secret;
struct privkey payment_basepoint_secret;
struct privkey delayed_payment_basepoint_secret;
};
bool derive_basepoints(const struct privkey *seed,
struct pubkey *funding_pubkey,
struct basepoints *basepoints,
struct secrets *secrets,
struct sha256 *shaseed,
struct pubkey *per_commit_point,
u64 per_commit_index);
#endif /* LIGHTNING_LIGHTNINGD_DERIVE_BASEPOINTS_H */

220
lightningd/opening/opening.c
View file

@ -3,8 +3,6 @@
#include <bitcoin/script.h> #include <bitcoin/script.h>
#include <ccan/breakpoint/breakpoint.h> #include <ccan/breakpoint/breakpoint.h>
#include <ccan/build_assert/build_assert.h> #include <ccan/build_assert/build_assert.h>
#include <ccan/crypto/hkdf_sha256/hkdf_sha256.h>
#include <ccan/crypto/shachain/shachain.h>
#include <ccan/fdpass/fdpass.h> #include <ccan/fdpass/fdpass.h>
#include <ccan/structeq/structeq.h> #include <ccan/structeq/structeq.h>
#include <errno.h> #include <errno.h>
@ -13,6 +11,7 @@
#include <lightningd/commit_tx.h> #include <lightningd/commit_tx.h>
#include <lightningd/crypto_sync.h> #include <lightningd/crypto_sync.h>
#include <lightningd/debug.h> #include <lightningd/debug.h>
#include <lightningd/derive_basepoints.h>
#include <lightningd/key_derive.h> #include <lightningd/key_derive.h>
#include <lightningd/opening/gen_opening_control_wire.h> #include <lightningd/opening/gen_opening_control_wire.h>
#include <lightningd/opening/gen_opening_status_wire.h> #include <lightningd/opening/gen_opening_status_wire.h>
@ -32,20 +31,6 @@
#define REQ_FD STDIN_FILENO #define REQ_FD STDIN_FILENO
#define PEER_FD 3 #define PEER_FD 3
struct points {
struct pubkey funding_pubkey;
struct pubkey revocation_basepoint;
struct pubkey payment_basepoint;
struct pubkey delayed_payment_basepoint;
};
struct secrets {
struct privkey funding_privkey;
struct privkey revocation_basepoint_secret;
struct privkey payment_basepoint_secret;
struct privkey delayed_payment_basepoint_secret;
};
struct state { struct state {
struct crypto_state cs; struct crypto_state cs;
struct pubkey next_per_commit[NUM_SIDES]; struct pubkey next_per_commit[NUM_SIDES];
@ -70,62 +55,6 @@ struct state {
struct channel *channel; struct channel *channel;
}; };
static void derive_our_basepoints(const struct privkey *seed,
struct points *points,
struct secrets *secrets,
struct sha256 *shaseed,
struct pubkey *first_per_commit)
{
struct sha256 per_commit_secret;
struct keys {
struct privkey f, r, p, d;
struct sha256 shaseed;
} keys;
hkdf_sha256(&keys, sizeof(keys), NULL, 0, seed, sizeof(*seed),
"c-lightning", strlen("c-lightning"));
secrets->funding_privkey = keys.f;
secrets->revocation_basepoint_secret = keys.r;
secrets->payment_basepoint_secret = keys.p;
secrets->delayed_payment_basepoint_secret = keys.d;
if (!pubkey_from_privkey(&keys.f, &points->funding_pubkey)
|| !pubkey_from_privkey(&keys.r, &points->revocation_basepoint)
|| !pubkey_from_privkey(&keys.p, &points->payment_basepoint)
|| !pubkey_from_privkey(&keys.d, &points->delayed_payment_basepoint))
status_failed(WIRE_OPENING_KEY_DERIVATION_FAILED,
"seed = %s",
type_to_string(trc, struct privkey, seed));
/* BOLT #3:
*
* A node MUST select an unguessable 256-bit seed for each connection,
* and MUST NOT reveal the seed.
*/
*shaseed = keys.shaseed;
/* BOLT #3:
*
* the first secret used MUST be index 281474976710655, and then the
* index decremented. */
shachain_from_seed(shaseed, 281474976710655ULL, &per_commit_secret);
/* BOLT #3:
*
* The `per-commitment-point` is generated using EC multiplication:
*
* per-commitment-point = per-commitment-secret * G
*/
if (secp256k1_ec_pubkey_create(secp256k1_ctx,
&first_per_commit->pubkey,
per_commit_secret.u.u8) != 1)
status_failed(WIRE_OPENING_KEY_DERIVATION_FAILED,
"first_per_commit create failed, secret = %s",
type_to_string(trc, struct sha256,
&per_commit_secret));
}
static void check_config_bounds(struct state *state, static void check_config_bounds(struct state *state,
const struct channel_config *remoteconf) const struct channel_config *remoteconf)
{ {
@ -287,13 +216,16 @@ static void temporary_channel_id(struct channel_id *channel_id)
channel_id->id[i] = pseudorand(256); channel_id->id[i] = pseudorand(256);
} }
static u8 *open_channel(struct state *state, const struct points *ours, static u8 *open_channel(struct state *state,
const struct pubkey *our_funding_pubkey,
const struct basepoints *ours,
u32 max_minimum_depth) u32 max_minimum_depth)
{ {
struct channel_id channel_id, id_in; struct channel_id channel_id, id_in;
u8 *msg; u8 *msg;
struct bitcoin_tx *tx; struct bitcoin_tx *tx;
struct points theirs; struct basepoints theirs;
struct pubkey their_funding_pubkey;
secp256k1_ecdsa_signature sig; secp256k1_ecdsa_signature sig;
set_reserve(&state->localconf.channel_reserve_satoshis, set_reserve(&state->localconf.channel_reserve_satoshis,
@ -327,10 +259,10 @@ static u8 *open_channel(struct state *state, const struct points *ours,
state->feerate_per_kw, state->feerate_per_kw,
state->localconf.to_self_delay, state->localconf.to_self_delay,
state->localconf.max_accepted_htlcs, state->localconf.max_accepted_htlcs,
&ours->funding_pubkey, our_funding_pubkey,
&ours->revocation_basepoint, &ours->revocation,
&ours->payment_basepoint, &ours->payment,
&ours->delayed_payment_basepoint, &ours->delayed_payment,
&state->next_per_commit[LOCAL]); &state->next_per_commit[LOCAL]);
if (!sync_crypto_write(&state->cs, PEER_FD, msg)) if (!sync_crypto_write(&state->cs, PEER_FD, msg))
peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_WRITE_FAILED, peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_WRITE_FAILED,
@ -360,10 +292,10 @@ static u8 *open_channel(struct state *state, const struct points *ours,
&state->remoteconf->htlc_minimum_msat, &state->remoteconf->htlc_minimum_msat,
&state->remoteconf->to_self_delay, &state->remoteconf->to_self_delay,
&state->remoteconf->max_accepted_htlcs, &state->remoteconf->max_accepted_htlcs,
&theirs.funding_pubkey, &their_funding_pubkey,
&theirs.revocation_basepoint, &theirs.revocation,
&theirs.payment_basepoint, &theirs.payment,
&theirs.delayed_payment_basepoint, &theirs.delayed_payment,
&state->next_per_commit[REMOTE])) &state->next_per_commit[REMOTE]))
peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_READ_FAILED, peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_READ_FAILED,
"Parsing accept_channel %s", tal_hex(msg, msg)); "Parsing accept_channel %s", tal_hex(msg, msg));
@ -393,8 +325,8 @@ static u8 *open_channel(struct state *state, const struct points *ours,
check_config_bounds(state, state->remoteconf); check_config_bounds(state, state->remoteconf);
/* Now, ask master create a transaction to pay those two addresses. */ /* Now, ask master create a transaction to pay those two addresses. */
msg = towire_opening_open_resp(state, &ours->funding_pubkey, msg = towire_opening_open_resp(state, our_funding_pubkey,
&theirs.funding_pubkey); &their_funding_pubkey);
wire_sync_write(REQ_FD, msg); wire_sync_write(REQ_FD, msg);
/* Expect funding tx. */ /* Expect funding tx. */
@ -408,20 +340,15 @@ static u8 *open_channel(struct state *state, const struct points *ours,
tal_hex(trc, msg)); tal_hex(trc, msg));
state->channel = new_channel(state, state->channel = new_channel(state,
&state->funding_txid, &state->funding_txid,
state->funding_txout, state->funding_txout,
state->funding_satoshis, state->funding_satoshis,
state->push_msat, state->push_msat,
state->feerate_per_kw, state->feerate_per_kw,
&state->localconf, &state->localconf,
state->remoteconf, state->remoteconf,
&ours->revocation_basepoint, ours, &theirs,
&theirs.revocation_basepoint, LOCAL);
&ours->payment_basepoint,
&theirs.payment_basepoint,
&ours->delayed_payment_basepoint,
&theirs.delayed_payment_basepoint,
LOCAL);
if (!state->channel) if (!state->channel)
peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_BAD_PARAM, peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_BAD_PARAM,
"could not create channel with given config"); "could not create channel with given config");
@ -437,12 +364,12 @@ static u8 *open_channel(struct state *state, const struct points *ours,
tx = channel_tx(state, state->channel, tx = channel_tx(state, state->channel,
&state->next_per_commit[REMOTE], NULL, REMOTE); &state->next_per_commit[REMOTE], NULL, REMOTE);
sig = sign_remote_commit(state, sig = sign_remote_commit(state,
&ours->funding_pubkey, &theirs.funding_pubkey, our_funding_pubkey, &their_funding_pubkey,
tx); tx);
status_trace("signature %s on tx %s using key %s", status_trace("signature %s on tx %s using key %s",
type_to_string(trc, secp256k1_ecdsa_signature, &sig), type_to_string(trc, secp256k1_ecdsa_signature, &sig),
type_to_string(trc, struct bitcoin_tx, tx), type_to_string(trc, struct bitcoin_tx, tx),
type_to_string(trc, struct pubkey, &ours->funding_pubkey)); type_to_string(trc, struct pubkey, our_funding_pubkey));
msg = towire_funding_created(state, &channel_id, msg = towire_funding_created(state, &channel_id,
&state->funding_txid.sha, &state->funding_txid.sha,
@ -494,15 +421,15 @@ static u8 *open_channel(struct state *state, const struct points *ours,
tx = channel_tx(state, state->channel, tx = channel_tx(state, state->channel,
&state->next_per_commit[LOCAL], NULL, LOCAL); &state->next_per_commit[LOCAL], NULL, LOCAL);
if (!check_commit_sig(state, &ours->funding_pubkey, if (!check_commit_sig(state, our_funding_pubkey,
&theirs.funding_pubkey, tx, &sig)) &their_funding_pubkey, tx, &sig))
peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_READ_FAILED, peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_READ_FAILED,
"Bad signature %s on tx %s using key %s", "Bad signature %s on tx %s using key %s",
type_to_string(trc, secp256k1_ecdsa_signature, type_to_string(trc, secp256k1_ecdsa_signature,
&sig), &sig),
type_to_string(trc, struct bitcoin_tx, tx), type_to_string(trc, struct bitcoin_tx, tx),
type_to_string(trc, struct pubkey, type_to_string(trc, struct pubkey,
&theirs.funding_pubkey)); &their_funding_pubkey));
/* BOLT #2: /* BOLT #2:
* *
@ -513,19 +440,22 @@ static u8 *open_channel(struct state *state, const struct points *ours,
state->remoteconf, state->remoteconf,
&sig, &sig,
&state->cs, &state->cs,
&theirs.revocation_basepoint, &theirs.revocation,
&theirs.payment_basepoint, &theirs.payment,
&theirs.delayed_payment_basepoint, &theirs.delayed_payment,
&state->next_per_commit[REMOTE]); &state->next_per_commit[REMOTE]);
} }
/* This is handed the message the peer sent which caused gossip to stop: /* This is handed the message the peer sent which caused gossip to stop:
* it should be an open_channel */ * it should be an open_channel */
static u8 *recv_channel(struct state *state, const struct points *ours, static u8 *recv_channel(struct state *state,
const struct pubkey *our_funding_pubkey,
const struct basepoints *ours,
u32 min_feerate, u32 max_feerate, const u8 *peer_msg) u32 min_feerate, u32 max_feerate, const u8 *peer_msg)
{ {
struct channel_id id_in, channel_id; struct channel_id id_in, channel_id;
struct points theirs; struct basepoints theirs;
struct pubkey their_funding_pubkey;
secp256k1_ecdsa_signature theirsig, sig; secp256k1_ecdsa_signature theirsig, sig;
struct bitcoin_tx *tx; struct bitcoin_tx *tx;
u8 *msg; u8 *msg;
@ -548,10 +478,10 @@ static u8 *recv_channel(struct state *state, const struct points *ours,
&state->feerate_per_kw, &state->feerate_per_kw,
&state->remoteconf->to_self_delay, &state->remoteconf->to_self_delay,
&state->remoteconf->max_accepted_htlcs, &state->remoteconf->max_accepted_htlcs,
&theirs.funding_pubkey, &their_funding_pubkey,
&theirs.revocation_basepoint, &theirs.revocation,
&theirs.payment_basepoint, &theirs.payment,
&theirs.delayed_payment_basepoint, &theirs.delayed_payment,
&state->next_per_commit[REMOTE])) &state->next_per_commit[REMOTE]))
peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_BAD_INITIAL_MESSAGE, peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_BAD_INITIAL_MESSAGE,
"Parsing open_channel %s", "Parsing open_channel %s",
@ -605,10 +535,10 @@ static u8 *recv_channel(struct state *state, const struct points *ours,
state->localconf.htlc_minimum_msat, state->localconf.htlc_minimum_msat,
state->localconf.to_self_delay, state->localconf.to_self_delay,
state->localconf.max_accepted_htlcs, state->localconf.max_accepted_htlcs,
&ours->funding_pubkey, our_funding_pubkey,
&ours->revocation_basepoint, &ours->revocation,
&ours->payment_basepoint, &ours->payment,
&ours->delayed_payment_basepoint, &ours->delayed_payment,
&state->next_per_commit[LOCAL]); &state->next_per_commit[LOCAL]);
if (!sync_crypto_write(&state->cs, PEER_FD, msg)) if (!sync_crypto_write(&state->cs, PEER_FD, msg))
@ -638,20 +568,15 @@ static u8 *recv_channel(struct state *state, const struct points *ours,
type_to_string(msg, struct channel_id, &id_in)); type_to_string(msg, struct channel_id, &id_in));
state->channel = new_channel(state, state->channel = new_channel(state,
&state->funding_txid, &state->funding_txid,
state->funding_txout, state->funding_txout,
state->funding_satoshis, state->funding_satoshis,
state->push_msat, state->push_msat,
state->feerate_per_kw, state->feerate_per_kw,
&state->localconf, &state->localconf,
state->remoteconf, state->remoteconf,
&ours->revocation_basepoint, ours, &theirs,
&theirs.revocation_basepoint, REMOTE);
&ours->payment_basepoint,
&theirs.payment_basepoint,
&ours->delayed_payment_basepoint,
&theirs.delayed_payment_basepoint,
REMOTE);
if (!state->channel) if (!state->channel)
peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_BAD_PARAM, peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_BAD_PARAM,
"could not create channel with given config"); "could not create channel with given config");
@ -677,15 +602,15 @@ static u8 *recv_channel(struct state *state, const struct points *ours,
tx = channel_tx(state, state->channel, tx = channel_tx(state, state->channel,
&state->next_per_commit[LOCAL], NULL, LOCAL); &state->next_per_commit[LOCAL], NULL, LOCAL);
if (!check_commit_sig(state, &ours->funding_pubkey, if (!check_commit_sig(state, our_funding_pubkey,
&theirs.funding_pubkey, tx, &theirsig)) &their_funding_pubkey, tx, &theirsig))
peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_READ_FAILED, peer_failed(PEER_FD, &state->cs, NULL, WIRE_OPENING_PEER_READ_FAILED,
"Bad signature %s on tx %s using key %s", "Bad signature %s on tx %s using key %s",
type_to_string(trc, secp256k1_ecdsa_signature, type_to_string(trc, secp256k1_ecdsa_signature,
&theirsig), &theirsig),
type_to_string(trc, struct bitcoin_tx, tx), type_to_string(trc, struct bitcoin_tx, tx),
type_to_string(trc, struct pubkey, type_to_string(trc, struct pubkey,
&theirs.funding_pubkey)); &their_funding_pubkey));
/* BOLT #2: /* BOLT #2:
* *
@ -709,7 +634,7 @@ static u8 *recv_channel(struct state *state, const struct points *ours,
tx = channel_tx(state, state->channel, tx = channel_tx(state, state->channel,
&state->next_per_commit[REMOTE], NULL, REMOTE); &state->next_per_commit[REMOTE], NULL, REMOTE);
sig = sign_remote_commit(state, sig = sign_remote_commit(state,
&ours->funding_pubkey, &theirs.funding_pubkey, our_funding_pubkey, &their_funding_pubkey,
tx); tx);
msg = towire_funding_signed(state, &channel_id, &sig); msg = towire_funding_signed(state, &channel_id, &sig);
@ -722,10 +647,10 @@ static u8 *recv_channel(struct state *state, const struct points *ours,
state->remoteconf, state->remoteconf,
&theirsig, &theirsig,
&state->cs, &state->cs,
&theirs.funding_pubkey, &their_funding_pubkey,
&theirs.revocation_basepoint, &theirs.revocation,
&theirs.payment_basepoint, &theirs.payment,
&theirs.delayed_payment_basepoint, &theirs.delayed_payment,
&state->next_per_commit[REMOTE]); &state->next_per_commit[REMOTE]);
} }
@ -735,7 +660,8 @@ int main(int argc, char *argv[])
u8 *msg, *peer_msg; u8 *msg, *peer_msg;
struct state *state = tal(NULL, struct state); struct state *state = tal(NULL, struct state);
struct privkey seed; struct privkey seed;
struct points our_points; struct basepoints our_points;
struct pubkey our_funding_pubkey;
u32 max_minimum_depth; u32 max_minimum_depth;
u32 min_feerate, max_feerate; u32 min_feerate, max_feerate;
@ -766,19 +692,25 @@ int main(int argc, char *argv[])
tal_free(msg); tal_free(msg);
/* We derive everything from the one secret seed. */ /* We derive everything from the one secret seed. */
derive_our_basepoints(&seed, &our_points, &state->our_secrets, if (!derive_basepoints(&seed, &our_funding_pubkey,
&state->shaseed, &state->next_per_commit[LOCAL]); &our_points, &state->our_secrets,
&state->shaseed, &state->next_per_commit[LOCAL],
0))
status_failed(WIRE_OPENING_KEY_DERIVATION_FAILED,
"Secret derivation failed, secret = %s",
type_to_string(trc, struct privkey, &seed));
msg = wire_sync_read(state, REQ_FD); msg = wire_sync_read(state, REQ_FD);
if (fromwire_opening_open(msg, NULL, if (fromwire_opening_open(msg, NULL,
&state->funding_satoshis, &state->funding_satoshis,
&state->push_msat, &state->push_msat,
&state->feerate_per_kw, &max_minimum_depth)) &state->feerate_per_kw, &max_minimum_depth))
msg = open_channel(state, &our_points, max_minimum_depth); msg = open_channel(state, &our_funding_pubkey, &our_points,
max_minimum_depth);
else if (fromwire_opening_accept(state, msg, NULL, &min_feerate, else if (fromwire_opening_accept(state, msg, NULL, &min_feerate,
&max_feerate, &peer_msg)) &max_feerate, &peer_msg))
msg = recv_channel(state, &our_points, min_feerate, max_feerate, msg = recv_channel(state, &our_funding_pubkey, &our_points,
peer_msg); min_feerate, max_feerate, peer_msg);
/* Write message and hand back the fd. */ /* Write message and hand back the fd. */
wire_sync_write(REQ_FD, msg); wire_sync_write(REQ_FD, msg);

32
lightningd/test/run-channel.c
View file

@ -264,9 +264,8 @@ int main(void)
struct pubkey localkey, remotekey; struct pubkey localkey, remotekey;
struct pubkey local_delayedkey; struct pubkey local_delayedkey;
struct pubkey local_revocation_key; struct pubkey local_revocation_key;
struct pubkey local_revocation_basepoint, local_delayed_payment_basepoint, struct pubkey local_per_commitment_point;
local_payment_basepoint, remote_payment_basepoint, struct basepoints localbase, remotebase;
local_per_commitment_point;
struct pubkey *unknown = tal(tmpctx, struct pubkey); struct pubkey *unknown = tal(tmpctx, struct pubkey);
struct bitcoin_tx *raw_tx, *tx; struct bitcoin_tx *raw_tx, *tx;
struct channel_config *local_config = tal(tmpctx, struct channel_config); struct channel_config *local_config = tal(tmpctx, struct channel_config);
@ -330,8 +329,8 @@ int main(void)
* # From local_delayed_payment_basepoint_secret * # From local_delayed_payment_basepoint_secret
* INTERNAL: local_delayed_payment_basepoint: 023c72addb4fdf09af94f0c94d7fe92a386a7e70cf8a1d85916386bb2535c7b1b1 * INTERNAL: local_delayed_payment_basepoint: 023c72addb4fdf09af94f0c94d7fe92a386a7e70cf8a1d85916386bb2535c7b1b1
*/ */
local_revocation_basepoint = pubkey_from_hex("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27"); localbase.revocation = pubkey_from_hex("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27");
local_delayed_payment_basepoint = pubkey_from_hex("023c72addb4fdf09af94f0c94d7fe92a386a7e70cf8a1d85916386bb2535c7b1b1"); localbase.delayed_payment = pubkey_from_hex("023c72addb4fdf09af94f0c94d7fe92a386a7e70cf8a1d85916386bb2535c7b1b1");
/* BOLT #3: /* BOLT #3:
* *
@ -339,8 +338,12 @@ int main(void)
* remote_payment_basepoint: 032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991 * remote_payment_basepoint: 032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991
* # obscured commitment transaction number = 0x2bb038521914 ^ 42 * # obscured commitment transaction number = 0x2bb038521914 ^ 42
*/ */
local_payment_basepoint = pubkey_from_hex("034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa"); localbase.payment = pubkey_from_hex("034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa");
remote_payment_basepoint = pubkey_from_hex("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991"); remotebase.payment = pubkey_from_hex("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991");
/* We put unknown in for some things; valgrind will warn if used. */
remotebase.revocation = *unknown;
remotebase.delayed_payment = *unknown;
/* BOLT #3: /* BOLT #3:
* *
@ -350,7 +353,6 @@ int main(void)
* feerate_per_kw: 15000 * feerate_per_kw: 15000
*/ */
/* We put unknown in for some things; valgrind will warn if used. */
to_local_msat = 7000000000; to_local_msat = 7000000000;
to_remote_msat = 3000000000; to_remote_msat = 3000000000;
feerate_per_kw = 15000; feerate_per_kw = 15000;
@ -359,12 +361,7 @@ int main(void)
feerate_per_kw, feerate_per_kw,
local_config, local_config,
remote_config, remote_config,
&local_revocation_basepoint, &localbase, &remotebase,
unknown,
&local_payment_basepoint,
&remote_payment_basepoint,
&local_delayed_payment_basepoint,
unknown,
LOCAL); LOCAL);
rchannel = new_channel(tmpctx, &funding_txid, funding_output_index, rchannel = new_channel(tmpctx, &funding_txid, funding_output_index,
@ -372,12 +369,7 @@ int main(void)
feerate_per_kw, feerate_per_kw,
remote_config, remote_config,
local_config, local_config,
unknown, &remotebase, &localbase,
&local_revocation_basepoint,
&remote_payment_basepoint,
&local_payment_basepoint,
unknown,
&local_delayed_payment_basepoint,
REMOTE); REMOTE);
/* BOLT #3: /* BOLT #3:
* *