channeld: save old remote_per_commit and return it in init.

We need the old remote per_commitment_point so we can validate the
per_commitment_secret when we get it.

We unify this housekeeping in the master daemon using
update_per_commit_point().

This patch also saves whether remote funding is locked, and disallows
doing that twice (channeld should ignore it).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

lightningd/channel/channel.c

@@ -1568,6 +1568,7 @@ static void init_channel(struct peer *peer)
 				   &points[REMOTE].payment,
 				   &points[REMOTE].delayed_payment,
 				   &peer->remote_per_commit,
+				   &peer->old_remote_per_commit,
 				   &am_funder,
 				   &peer->fee_base,
 				   &peer->fee_per_satoshi,

lightningd/channel/channel_wire.csv

@@ -30,7 +30,8 @@ channel_init,,remote_fundingkey,33
 channel_init,,revocation_basepoint,33
 channel_init,,payment_basepoint,33
 channel_init,,delayed_payment_basepoint,33
-channel_init,,their_per_commit_point,33
+channel_init,,remote_per_commit,33
+channel_init,,old_remote_per_commit,33
 channel_init,,am_funder,bool
 channel_init,,fee_base,4
 channel_init,,fee_proportional,4

lightningd/peer_control.c

@@ -284,18 +284,18 @@ void add_peer(struct lightningd *ld, u64 unique_id,
 	peer->ld = ld;
 	peer->unique_id = unique_id;
 	peer->owner = NULL;
-	peer->scid = NULL;
 	peer->id = *id;
 	peer->fd = fd;
 	peer->reconnected = false;
 	peer->gossip_client_fd = -1;
 	peer->cs = tal_dup(peer, struct crypto_state, cs);
 	peer->funding_txid = NULL;
+	peer->remote_funding_locked = false;
+	peer->scid = NULL;
 	peer->seed = NULL;
 	peer->balance = NULL;
 	peer->state = UNINITIALIZED;
 	peer->channel_info = NULL;
-	peer->next_per_commitment_point = NULL;
 	peer->last_was_revoke = false;
 	peer->last_sent_commit = NULL;
 	peer->num_commits_sent = peer->num_commits_received
@@ -859,12 +859,14 @@ static int peer_got_funding_locked(struct peer *peer, const u8 *msg)
 		return -1;
 	}
 
-	/* In case of re-transmit. */
-	peer->next_per_commitment_point
-		= tal_free(peer->next_per_commitment_point);
-	peer->next_per_commitment_point
-		= tal_dup(peer, struct pubkey, &next_per_commitment_point);
+	if (peer->remote_funding_locked) {
+		log_broken(peer->log, "channel_got_funding_locked twice");
+		return -1;
+	}
+	update_per_commit_point(peer, &next_per_commitment_point);
+
 	log_debug(peer->log, "Got funding_locked");
+	peer->remote_funding_locked = true;
 	return 0;
 }
 
@@ -953,7 +955,7 @@ static bool peer_start_channeld_hsmfd(struct subd *hsm, const u8 *resp,
 
 	if (peer->scid) {
 		funding_channel_id = *peer->scid;
-		log_debug(peer->log, "Got funding confirmations");
+		log_debug(peer->log, "Already have funding locked in");
 		peer_set_condition(peer, GETTING_HSMFD, CHANNELD_NORMAL);
 	} else {
 		log_debug(peer->log, "Waiting for funding confirmations");
@@ -974,7 +976,8 @@ static bool peer_start_channeld_hsmfd(struct subd *hsm, const u8 *resp,
 				      &peer->channel_info->theirbase.revocation,
 				      &peer->channel_info->theirbase.payment,
 				      &peer->channel_info->theirbase.delayed_payment,
-				      &peer->channel_info->their_per_commit_point,
+				      &peer->channel_info->remote_per_commit,
+				      &peer->channel_info->old_remote_per_commit,
 				      peer->funder == LOCAL,
 				      cfg->fee_base,
 				      cfg->fee_per_satoshi,
@@ -994,7 +997,7 @@ static bool peer_start_channeld_hsmfd(struct subd *hsm, const u8 *resp,
 				      fulfilled_htlcs, fulfilled_sides,
 				      failed_htlcs, failed_sides,
 				      peer->scid != NULL,
-				      peer->next_per_commitment_point != NULL,
+				      peer->remote_funding_locked,
 				      &funding_channel_id,
 				      peer->reconnected,
 				      peer->funding_signed);
@@ -1064,7 +1067,7 @@ static bool opening_funder_finished(struct subd *opening, const u8 *resp,
 					   &channel_info->theirbase.revocation,
 					   &channel_info->theirbase.payment,
 					   &channel_info->theirbase.delayed_payment,
-					   &channel_info->their_per_commit_point,
+					   &channel_info->remote_per_commit,
 					   &fc->peer->minimum_depth,
 					   &channel_info->remote_fundingkey,
 					   &funding_txid)) {
@@ -1074,6 +1077,9 @@ static bool opening_funder_finished(struct subd *opening, const u8 *resp,
 		return false;
 	}
 
+	/* old_remote_per_commit not valid yet, copy valid one. */
+	channel_info->old_remote_per_commit = channel_info->remote_per_commit;
+
 	/* Generate the funding tx. */
 	if (fc->change
 	    && !bip32_pubkey(fc->peer->ld->bip32_base,
@@ -1145,7 +1151,6 @@ static bool opening_fundee_finished(struct subd *opening,
 
 	/* At this point, we care about peer */
 	peer->channel_info = channel_info = tal(peer, struct channel_info);
-
 	peer->funding_txid = tal(peer, struct sha256_double);
 	if (!fromwire_opening_fundee_reply(peer, reply, NULL,
 					   &channel_info->their_config,
@@ -1154,7 +1159,7 @@ static bool opening_fundee_finished(struct subd *opening,
 					   &channel_info->theirbase.revocation,
 					   &channel_info->theirbase.payment,
 					   &channel_info->theirbase.delayed_payment,
-					   &channel_info->their_per_commit_point,
+					   &channel_info->remote_per_commit,
 					   &channel_info->remote_fundingkey,
 					   peer->funding_txid,
 					   &peer->funding_outnum,
@@ -1165,6 +1170,8 @@ static bool opening_fundee_finished(struct subd *opening,
 			   tal_hex(reply, reply));
 		return false;
 	}
+	/* old_remote_per_commit not valid yet, copy valid one. */
+	channel_info->old_remote_per_commit = channel_info->remote_per_commit;
 
 	/* We should have sent and received the first commitsig */
 	if (!peer_save_commitsig_received(peer, 0)

lightningd/peer_control.h

@@ -60,9 +60,6 @@ struct peer {
 	/* funding_signed packet for fundee, waiting to send. */
 	const u8 *funding_signed;
 
-	/* Channel if locked. */
-	struct short_channel_id *scid;
-
 	/* Minimum funding depth (specified by us if they fund). */
 	u32 minimum_depth;
 
@@ -74,6 +71,9 @@ struct peer {
 	struct sha256_double *funding_txid;
 	u16 funding_outnum;
 	u64 funding_satoshi, push_msat;
+	bool remote_funding_locked;
+	/* Channel if locked locally. */
+	struct short_channel_id *scid;
 
 	/* Amount going to us, not counting unfinished HTLCs; if we have one. */
 	u64 *balance;
@@ -81,9 +81,6 @@ struct peer {
 	/* Keys for channel. */
 	struct channel_info *channel_info;
 
-	/* Their next per-commit point, if known. */
-	struct pubkey *next_per_commitment_point;
-
 	/* Secret seed (FIXME: Move to hsm!) */
 	struct privkey *seed;
 

lightningd/peer_htlcs.c

@@ -1047,14 +1047,12 @@ int peer_got_commitsig(struct peer *peer, const u8 *msg)
 }
 
 /* Shuffle them over, forgetting the ancient one. */
-static void update_per_commit_point(struct peer *peer,
-				    const struct pubkey *per_commitment_point)
+void update_per_commit_point(struct peer *peer,
+			     const struct pubkey *per_commitment_point)
 {
-	peer->channel_info->their_per_commit_point
-		= *peer->next_per_commitment_point;
-	tal_free(peer->next_per_commitment_point);
-	peer->next_per_commitment_point = tal_dup(peer, struct pubkey,
-						  per_commitment_point);
+	struct channel_info *ci = peer->channel_info;
+	ci->old_remote_per_commit = ci->remote_per_commit;
+	ci->remote_per_commit = *per_commitment_point;
 }
 
 int peer_got_revoke(struct peer *peer, const u8 *msg)

lightningd/peer_htlcs.h

@@ -11,7 +11,7 @@ struct channel_info {
 	struct channel_config their_config;
 	struct pubkey remote_fundingkey;
 	struct basepoints theirbase;
-	struct pubkey their_per_commit_point;
+	struct pubkey remote_per_commit, old_remote_per_commit;
 };
 
 /* Get all HTLCs for a peer, to send in init message. */
@@ -31,6 +31,9 @@ int peer_sending_commitsig(struct peer *peer, const u8 *msg);
 int peer_got_commitsig(struct peer *peer, const u8 *msg);
 int peer_got_revoke(struct peer *peer, const u8 *msg);
 
+void update_per_commit_point(struct peer *peer,
+			     const struct pubkey *per_commitment_point);
+
 enum onion_type send_htlc_out(struct peer *out, u64 amount, u32 cltv,
 			      const struct sha256 *payment_hash,
 			      const u8 *onion_routing_packet,