per-commit-secret is a struct secret, not a sha256.

Well, it's generated by shachain, so technically it is a sha256, but that's an internal detail. It's a secret. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2025-01-19 05:44:12 +01:00 · 2018-07-09 20:47:58 +09:30 · 2018-07-09 20:47:58 +09:30 · e217bc1220
commit e217bc1220
parent 6c98457ef2
12 changed files with 30 additions and 16 deletions
--- a/channeld/channel.c
+++ b/channeld/channel.c
@ -1119,7 +1119,7 @@ static void start_commit_timer(struct peer *peer)
 static u8 *make_revocation_msg(const struct peer *peer, u64 revoke_index)
 {
 	struct pubkey oldpoint, point;
-	struct sha256 old_commit_secret;
+	struct secret old_commit_secret;

 	/* Get secret. */
 	per_commit_secret(&peer->shaseed, &old_commit_secret, revoke_index);
@ -1363,7 +1363,7 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg)
 }

 static u8 *got_revoke_msg(const tal_t *ctx, u64 revoke_num,
-			  const struct sha256 *per_commitment_secret,
+			  const struct secret *per_commitment_secret,
 			  const struct pubkey *next_per_commit_point,
 			  const struct htlc **changed_htlcs)
 {
@ -1389,7 +1389,7 @@ static u8 *got_revoke_msg(const tal_t *ctx, u64 revoke_num,

 static void handle_peer_revoke_and_ack(struct peer *peer, const u8 *msg)
 {
-	struct sha256 old_commit_secret;
+	struct secret old_commit_secret;
 	struct privkey privkey;
 	struct channel_id channel_id;
 	struct pubkey per_commit_point, next_per_commit;
--- a/channeld/channel_wire.csv
+++ b/channeld/channel_wire.csv
@ -151,7 +151,7 @@ channel_got_commitsig_reply,1121

 channel_got_revoke,1022
 channel_got_revoke,,revokenum,u64
-channel_got_revoke,,per_commitment_secret,struct sha256
+channel_got_revoke,,per_commitment_secret,struct secret
 channel_got_revoke,,next_per_commit_point,struct pubkey
 # RCVD_ADD_ACK_REVOCATION, RCVD_REMOVE_ACK_REVOCATION, RCVD_ADD_REVOCATION, RCVD_REMOVE_REVOCATION
 channel_got_revoke,,num_changed,u16
--- a/common/derive_basepoints.c
+++ b/common/derive_basepoints.c
@ -51,11 +51,14 @@ bool derive_basepoints(const struct secret *seed,
 }

 void per_commit_secret(const struct sha256 *shaseed,
-		       struct sha256 *commit_secret,
+		       struct secret *commit_secret,
 		       u64 per_commit_index)
 {
-	shachain_from_seed(shaseed, shachain_index(per_commit_index),
-			   commit_secret);
+	struct sha256 s;
+	shachain_from_seed(shaseed, shachain_index(per_commit_index), &s);
+
+	BUILD_ASSERT(sizeof(s) == sizeof(*commit_secret));
+	memcpy(commit_secret, &s, sizeof(s));
 }

 bool per_commit_point(const struct sha256 *shaseed,
--- a/common/derive_basepoints.h
+++ b/common/derive_basepoints.h
@ -45,7 +45,7 @@ bool derive_basepoints(const struct secret *seed,
 * @per_commit_index: (in) which @commit_secret to return.
 */
 void per_commit_secret(const struct sha256 *shaseed,
-		       struct sha256 *commit_secret,
+		       struct secret *commit_secret,
 		       u64 per_commit_index);

 /**
--- a/devtools/print_wire.c
+++ b/devtools/print_wire.c
@ -179,5 +179,6 @@ PRINTWIRE_STRUCT_TYPE_TO_STRING(channel_id);
 PRINTWIRE_STRUCT_TYPE_TO_STRING(preimage);
 PRINTWIRE_STRUCT_TYPE_TO_STRING(pubkey);
 PRINTWIRE_STRUCT_TYPE_TO_STRING(sha256);
+PRINTWIRE_STRUCT_TYPE_TO_STRING(secret);
 PRINTWIRE_STRUCT_TYPE_TO_STRING(short_channel_id);
 PRINTWIRE_TYPE_TO_STRING(secp256k1_ecdsa_signature, secp256k1_ecdsa_signature);
--- a/devtools/print_wire.h
+++ b/devtools/print_wire.h
@ -18,6 +18,7 @@ void printwire_preimage(const char *fieldname, const struct preimage *preimage);
 void printwire_pubkey(const char *fieldname, const struct pubkey *pubkey);
 void printwire_secp256k1_ecdsa_signature(const char *fieldname, const secp256k1_ecdsa_signature *);
 void printwire_sha256(const char *fieldname, const struct sha256 *sha256);
+void printwire_secret(const char *fieldname, const struct secret *secret);
 void printwire_short_channel_id(const char *fieldname, const struct short_channel_id *short_channel_id);

 #endif /* LIGHTNING_DEVTOOLS_PRINT_WIRE_H */
--- a/lightningd/peer_htlcs.c
+++ b/lightningd/peer_htlcs.c
@ -1245,7 +1245,7 @@ void update_per_commit_point(struct channel *channel,
 void peer_got_revoke(struct channel *channel, const u8 *msg)
 {
 	u64 revokenum;
-	struct sha256 per_commitment_secret;
+	struct secret per_commitment_secret;
 	struct pubkey next_per_commitment_point;
 	struct changed_htlc *changed;
 	enum onion_type *failcodes;
@ -1307,7 +1307,7 @@ void peer_got_revoke(struct channel *channel, const u8 *msg)
 				      &per_commitment_secret)) {
 		channel_fail_permanent(channel,
 				    "Bad per_commitment_secret %s for %"PRIu64,
-				    type_to_string(msg, struct sha256,
+				    type_to_string(msg, struct secret,
 						   &per_commitment_secret),
 				    revokenum);
 		return;
--- a/tools/generate-wire.py
+++ b/tools/generate-wire.py
@ -21,6 +21,7 @@ type2size = {
    'struct sha256': 32,
    'struct bitcoin_blkid': 32,
    'struct bitcoin_txid': 32,
+    'struct secret': 32,
    'u64': 8,
    'u32': 4,
    'u16': 2,
@ -75,7 +76,8 @@ typemap = {
    ('node_announcement', 'ipv6'): FieldType('struct ipv6'),
    ('announcement_signatures', 'short_channel_id'): FieldType('struct short_channel_id'),
    ('channel_announcement', 'short_channel_id'): FieldType('struct short_channel_id'),
-    ('channel_update', 'short_channel_id'): FieldType('struct short_channel_id')
+    ('channel_update', 'short_channel_id'): FieldType('struct short_channel_id'),
+    ('revoke_and_ack', 'per_commitment_secret'): FieldType('struct secret')
 }

 # Partial names that map to a datatype
--- a/wallet/test/run-wallet.c
+++ b/wallet/test/run-wallet.c
@ -599,6 +599,7 @@ static bool test_shachain_crud(struct lightningd *ld, const tal_t *ctx)
 	struct wallet_shachain a, b;
 	struct wallet *w = create_test_wallet(ld, ctx);
 	struct sha256 seed, hash;
+	struct secret secret;
 	uint64_t index = UINT64_MAX >> (64 - SHACHAIN_BITS);

 	memset(&seed, 'A', sizeof(seed));
@ -617,7 +618,8 @@ static bool test_shachain_crud(struct lightningd *ld, const tal_t *ctx)

 	for (int i=0; i<100; i++) {
 		shachain_from_seed(&seed, index, &hash);
-		CHECK(wallet_shachain_add_hash(w, &a, index, &hash));
+		memcpy(&secret, &hash, sizeof(secret));
+		CHECK(wallet_shachain_add_hash(w, &a, index, &secret));
 		index--;
 	}

--- a/wallet/wallet.c
+++ b/wallet/wallet.c
@ -424,12 +424,17 @@ static unsigned int count_trailing_zeroes(uint64_t index)
 bool wallet_shachain_add_hash(struct wallet *wallet,
 			      struct wallet_shachain *chain,
 			      uint64_t index,
-			      const struct sha256 *hash)
+			      const struct secret *hash)
 {
 	sqlite3_stmt *stmt;
 	u32 pos = count_trailing_zeroes(index);
+	struct sha256 s;
+
+	BUILD_ASSERT(sizeof(s) == sizeof(*hash));
+	memcpy(&s, hash, sizeof(s));
+
 	assert(index < SQLITE_MAX_UINT);
-	if (!shachain_add_hash(&chain->chain, index, hash)) {
+	if (!shachain_add_hash(&chain->chain, index, &s)) {
 		return false;
 	}

--- a/wallet/wallet.h
+++ b/wallet/wallet.h
@ -228,7 +228,7 @@ s64 wallet_get_newindex(struct lightningd *ld);
 bool wallet_shachain_add_hash(struct wallet *wallet,
 			      struct wallet_shachain *chain,
 			      uint64_t index,
-			      const struct sha256 *hash);
+			      const struct secret *hash);

 /**
 * wallet_shachain_load -- Load an existing shachain from the wallet.
--- a/wire/test/run-peer-wire.c
+++ b/wire/test/run-peer-wire.c
@ -117,7 +117,7 @@ struct msg_funding_signed {
 };
 struct msg_revoke_and_ack {
 	struct channel_id channel_id;
-	struct sha256 per_commitment_secret;
+	struct secret per_commitment_secret;
 	struct pubkey next_per_commitment_point;
 };
 struct msg_channel_update {