htlc_tx: wire up the htlc points.

All the callers need to pass it in: currently channeld and openingd just
fake it by copying the payment point.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

channeld/channel.c

@@ -2054,6 +2054,8 @@ static void init_channel(struct peer *peer)
 				   &funding_signed))
 		master_badmsg(WIRE_CHANNEL_INIT, msg);
 
+	points[REMOTE].htlc = points[REMOTE].payment;
+
 	status_trace("init %s: remote_per_commit = %s, old_remote_per_commit = %s"
 		     " next_idx_local = %"PRIu64
 		     " next_idx_remote = %"PRIu64

channeld/full_channel.c

@@ -197,8 +197,8 @@ static void add_htlcs(struct bitcoin_tx ***txs,
 					     feerate_per_kw,
 					     keyset);
 			wscript	= bitcoin_wscript_htlc_offer(*wscripts,
-						     &keyset->self_payment_key,
+						     &keyset->self_htlc_key,
-						     &keyset->other_payment_key,
+						     &keyset->other_htlc_key,
 						     &htlc->rhash,
 						     &keyset->self_revocation_key);
 		} else {
@@ -209,8 +209,8 @@ static void add_htlcs(struct bitcoin_tx ***txs,
 					     keyset);
 			wscript	= bitcoin_wscript_htlc_receive(*wscripts,
 						       &htlc->expiry,
-						       &keyset->self_payment_key,
+						       &keyset->self_htlc_key,
-						       &keyset->other_payment_key,
+						       &keyset->other_htlc_key,
 						       &htlc->rhash,
 						       &keyset->self_revocation_key);
 		}

common/htlc_tx.c

@@ -92,10 +92,10 @@ struct bitcoin_tx *htlc_success_tx(const tal_t *ctx,
 /* Fill in the witness for HTLC-success tx produced above. */
 void htlc_success_tx_add_witness(struct bitcoin_tx *htlc_success,
 				 const struct abs_locktime *htlc_abstimeout,
-				 const struct pubkey *localkey,
+				 const struct pubkey *localhtlckey,
-				 const struct pubkey *remotekey,
+				 const struct pubkey *remotehtlckey,
-				 const secp256k1_ecdsa_signature *localsig,
+				 const secp256k1_ecdsa_signature *localhtlcsig,
-				 const secp256k1_ecdsa_signature *remotesig,
+				 const secp256k1_ecdsa_signature *remotehtlcsig,
 				 const struct preimage *payment_preimage,
 				 const struct pubkey *revocationkey)
 {
@@ -105,12 +105,12 @@ void htlc_success_tx_add_witness(struct bitcoin_tx *htlc_success,
 	sha256(&hash, payment_preimage, sizeof(*payment_preimage));
 	wscript = bitcoin_wscript_htlc_receive(htlc_success,
 					       htlc_abstimeout,
-					       localkey, remotekey,
+					       localhtlckey, remotehtlckey,
 					       &hash, revocationkey);
 
 	htlc_success->input[0].witness
 		= bitcoin_witness_htlc_success_tx(htlc_success->input,
-						  localsig, remotesig,
+						  localhtlcsig, remotehtlcsig,
 						  payment_preimage,
 						  wscript);
 	tal_free(wscript);
@@ -138,20 +138,20 @@ struct bitcoin_tx *htlc_timeout_tx(const tal_t *ctx,
 
 /* Fill in the witness for HTLC-timeout tx produced above. */
 void htlc_timeout_tx_add_witness(struct bitcoin_tx *htlc_timeout,
-				 const struct pubkey *localkey,
+				 const struct pubkey *localhtlckey,
-				 const struct pubkey *remotekey,
+				 const struct pubkey *remotehtlckey,
 				 const struct sha256 *payment_hash,
 				 const struct pubkey *revocationkey,
-				 const secp256k1_ecdsa_signature *localsig,
+				 const secp256k1_ecdsa_signature *localhtlcsig,
-				 const secp256k1_ecdsa_signature *remotesig)
+				 const secp256k1_ecdsa_signature *remotehtlcsig)
 {
 	u8 *wscript = bitcoin_wscript_htlc_offer(htlc_timeout,
-						 localkey, remotekey,
+						 localhtlckey, remotehtlckey,
 						 payment_hash, revocationkey);
 
 	htlc_timeout->input[0].witness
 		= bitcoin_witness_htlc_timeout_tx(htlc_timeout->input,
-						  localsig, remotesig,
+						  localhtlcsig, remotehtlcsig,
 						  wscript);
 	tal_free(wscript);
 }
@@ -161,8 +161,8 @@ u8 *htlc_offered_wscript(const tal_t *ctx,
 			 const struct keyset *keyset)
 {
 	return bitcoin_wscript_htlc_offer_ripemd160(ctx,
-						    &keyset->self_payment_key,
+						    &keyset->self_htlc_key,
-						    &keyset->other_payment_key,
+						    &keyset->other_htlc_key,
 						    ripemd,
 						    &keyset->self_revocation_key);
 }
@@ -174,8 +174,8 @@ u8 *htlc_received_wscript(const tal_t *ctx,
 {
 	return bitcoin_wscript_htlc_receive_ripemd(ctx,
 						   expiry,
-						   &keyset->self_payment_key,
+						   &keyset->self_htlc_key,
-						   &keyset->other_payment_key,
+						   &keyset->other_htlc_key,
 						   ripemd,
 						   &keyset->self_revocation_key);
 }

lightningd/test/run-commit_tx.c

@@ -196,11 +196,13 @@ static struct pubkey pubkey_from_hex(const char *hex)
 static void report_htlcs(const struct bitcoin_tx *tx,
 			 const struct htlc **htlc_map,
 			 u16 to_self_delay,
-			 const struct privkey *local_secretkey,
+			 const struct privkey *local_htlcsecretkey,
 			 const struct pubkey *localkey,
+			 const struct pubkey *local_htlckey,
 			 const struct pubkey *local_delayedkey,
-			 const struct privkey *x_remote_secretkey,
+			 const struct privkey *x_remote_htlcsecretkey,
 			 const struct pubkey *remotekey,
+			 const struct pubkey *remote_htlckey,
 			 const struct pubkey *remote_revocation_key,
 			 u64 feerate_per_kw)
 {
@@ -208,13 +210,13 @@ static void report_htlcs(const struct bitcoin_tx *tx,
 	size_t i, n;
 	struct sha256_double txid;
 	struct bitcoin_tx **htlc_tx;
-	secp256k1_ecdsa_signature *remotesig;
+	secp256k1_ecdsa_signature *remotehtlcsig;
 	struct keyset keyset;
 	u8 **wscript;
 
 	htlc_tx = tal_arrz(tmpctx, struct bitcoin_tx *, tal_count(htlc_map));
-	remotesig = tal_arr(tmpctx, secp256k1_ecdsa_signature,
+	remotehtlcsig = tal_arr(tmpctx, secp256k1_ecdsa_signature,
-			    tal_count(htlc_map));
+				tal_count(htlc_map));
 	wscript = tal_arr(tmpctx, u8 *, tal_count(htlc_map));
 
 	bitcoin_txid(tx, &txid);
@@ -232,6 +234,8 @@ static void report_htlcs(const struct bitcoin_tx *tx,
 	keyset.self_delayed_payment_key = *local_delayedkey;
 	keyset.self_payment_key = *localkey;
 	keyset.other_payment_key = *remotekey;
+	keyset.self_htlc_key = *local_htlckey;
+	keyset.other_htlc_key = *remote_htlckey;
 
 	for (i = 0; i < tal_count(htlc_map); i++) {
 		const struct htlc *htlc = htlc_map[i];
@@ -247,8 +251,8 @@ static void report_htlcs(const struct bitcoin_tx *tx,
 						     feerate_per_kw,
 						     &keyset);
 			wscript[i] = bitcoin_wscript_htlc_offer(tmpctx,
-								localkey,
+								local_htlckey,
-								remotekey,
+								remote_htlckey,
 								&htlc->rhash,
 								remote_revocation_key);
 		} else {
@@ -259,25 +263,25 @@ static void report_htlcs(const struct bitcoin_tx *tx,
 						     &keyset);
 			wscript[i] = bitcoin_wscript_htlc_receive(tmpctx,
 								  &htlc->expiry,
-								  localkey,
+								  local_htlckey,
-								  remotekey,
+								  remote_htlckey,
 								  &htlc->rhash,
 								  remote_revocation_key);
 		}
 		sign_tx_input(htlc_tx[i], 0,
 			      NULL,
 			      wscript[i],
-			      x_remote_secretkey, remotekey,
+			      x_remote_htlcsecretkey, remote_htlckey,
-			      &remotesig[i]);
+			      &remotehtlcsig[i]);
 		printf("# signature for output %zi (htlc %"PRIu64")\n", i, htlc->id);
 		printf("remote_htlc_signature = %s\n",
 		       type_to_string(tmpctx, secp256k1_ecdsa_signature,
-				      &remotesig[i]));
+				      &remotehtlcsig[i]));
 	}
 
 	/* For any HTLC outputs, produce htlc_tx */
 	for (i = 0; i < tal_count(htlc_map); i++) {
-		secp256k1_ecdsa_signature localsig;
+		secp256k1_ecdsa_signature localhtlcsig;
 		const struct htlc *htlc = htlc_map[i];
 
 		if (!htlc)
@@ -286,22 +290,26 @@ static void report_htlcs(const struct bitcoin_tx *tx,
 		sign_tx_input(htlc_tx[i], 0,
 			      NULL,
 			      wscript[i],
-			      local_secretkey, localkey,
+			      local_htlcsecretkey, local_htlckey,
-			      &localsig);
+			      &localhtlcsig);
 		printf("# local_signature = %s\n",
 		       type_to_string(tmpctx, secp256k1_ecdsa_signature,
-				      &localsig));
+				      &localhtlcsig));
 		if (htlc_owner(htlc) == LOCAL) {
 			htlc_timeout_tx_add_witness(htlc_tx[i],
-						    localkey, remotekey,
+						    local_htlckey,
+						    remote_htlckey,
 						    &htlc->rhash,
 						    remote_revocation_key,
-						    &localsig, &remotesig[i]);
+						    &localhtlcsig,
+						    &remotehtlcsig[i]);
 		} else {
 			htlc_success_tx_add_witness(htlc_tx[i],
 						    &htlc->expiry,
-						    localkey, remotekey,
+						    local_htlckey,
-						    &localsig, &remotesig[i],
+						    remote_htlckey,
+						    &localhtlcsig,
+						    &remotehtlcsig[i],
 						    htlc->r,
 						    remote_revocation_key);
 		}
@@ -320,11 +328,13 @@ static void report(struct bitcoin_tx *tx,
 		   const struct privkey *local_funding_privkey,
 		   const struct pubkey *local_funding_pubkey,
 		   u16 to_self_delay,
-		   const struct privkey *local_secretkey,
+		   const struct privkey *local_htlcsecretkey,
 		   const struct pubkey *localkey,
+		   const struct pubkey *local_htlckey,
 		   const struct pubkey *local_delayedkey,
-		   const struct privkey *x_remote_secretkey,
+		   const struct privkey *x_remote_htlcsecretkey,
 		   const struct pubkey *remotekey,
+		   const struct pubkey *remote_htlckey,
 		   const struct pubkey *remote_revocation_key,
 		   u64 feerate_per_kw,
 		   const struct htlc **htlc_map)
@@ -355,10 +365,10 @@ static void report(struct bitcoin_tx *tx,
 	printf("output commit_tx: %s\n", txhex);
 
 	report_htlcs(tx, htlc_map, to_self_delay,
-		     local_secretkey, localkey,
+		     local_htlcsecretkey, localkey, local_htlckey,
 		     local_delayedkey,
-		     x_remote_secretkey,
+		     x_remote_htlcsecretkey,
-		     remotekey,
+		     remotekey, remote_htlckey,
 		     remote_revocation_key,
 		     feerate_per_kw);
 	tal_free(tmpctx);
@@ -439,17 +449,20 @@ int main(void)
 	/* x_ prefix means internal vars we used to derive spec */
 	struct privkey local_funding_privkey, x_remote_funding_privkey;
 	struct secret x_local_payment_basepoint_secret, x_remote_payment_basepoint_secret;
+	struct secret x_local_htlc_basepoint_secret, x_remote_htlc_basepoint_secret;
 	struct secret x_local_per_commitment_secret;
 	struct secret x_local_delayed_payment_basepoint_secret;
 	struct secret x_remote_revocation_basepoint_secret;
-	struct privkey local_secretkey, x_remote_secretkey;
+	struct privkey local_htlcsecretkey, x_remote_htlcsecretkey;
 	struct privkey x_local_delayed_secretkey;
 	struct pubkey local_funding_pubkey, remote_funding_pubkey;
 	struct pubkey local_payment_basepoint, remote_payment_basepoint;
+	struct pubkey local_htlc_basepoint, remote_htlc_basepoint;
 	struct pubkey x_local_delayed_payment_basepoint;
 	struct pubkey x_remote_revocation_basepoint;
 	struct pubkey x_local_per_commitment_point;
 	struct pubkey localkey, remotekey, tmpkey;
+	struct pubkey local_htlckey, remote_htlckey;
 	struct pubkey local_delayedkey;
 	struct pubkey remote_revocation_key;
 	struct bitcoin_tx *tx, *tx2;
@@ -579,13 +592,19 @@ int main(void)
 				&remote_payment_basepoint))
 		abort();
 
-	if (!derive_simple_privkey(&x_remote_payment_basepoint_secret,
+	/* FIXME: BOLT should include separate HTLC keys */
-				   &remote_payment_basepoint,
+	local_htlc_basepoint = local_payment_basepoint;
+	remote_htlc_basepoint = remote_payment_basepoint;
+	x_local_htlc_basepoint_secret = x_local_payment_basepoint_secret;
+	x_remote_htlc_basepoint_secret = x_remote_payment_basepoint_secret;
+
+	if (!derive_simple_privkey(&x_remote_htlc_basepoint_secret,
+				   &remote_htlc_basepoint,
 				   &x_local_per_commitment_point,
-				   &x_remote_secretkey))
+				   &x_remote_htlcsecretkey))
 		abort();
 	SUPERVERBOSE("INTERNAL: remote_secretkey: %s\n",
-		     type_to_string(tmpctx, struct privkey, &x_remote_secretkey));
+		     type_to_string(tmpctx, struct privkey, &x_remote_htlcsecretkey));
 
 	if (!derive_simple_privkey(&x_local_delayed_payment_basepoint_secret,
 				   &x_local_delayed_payment_basepoint,
@@ -620,21 +639,18 @@ int main(void)
 	printf("remote_funding_pubkey: %s\n",
 	       type_to_string(tmpctx, struct pubkey, &remote_funding_pubkey));
 
-	if (!derive_simple_privkey(&x_local_payment_basepoint_secret,
+	if (!derive_simple_privkey(&x_local_htlc_basepoint_secret,
 				   &local_payment_basepoint,
 				   &x_local_per_commitment_point,
-				   &local_secretkey))
+				   &local_htlcsecretkey))
 		abort();
 	printf("local_secretkey: %s\n",
-	       type_to_string(tmpctx, struct privkey, &local_secretkey));
+	       type_to_string(tmpctx, struct privkey, &local_htlcsecretkey));
 
-	if (!pubkey_from_privkey(&local_secretkey, &localkey))
-		abort();
 	if (!derive_simple_key(&local_payment_basepoint,
 			       &x_local_per_commitment_point,
-			       &tmpkey))
+			       &localkey))
 		abort();
-	assert(pubkey_eq(&tmpkey, &localkey));
 	printf("localkey: %s\n",
 	       type_to_string(tmpctx, struct pubkey, &localkey));
 
@@ -645,6 +661,22 @@ int main(void)
 	printf("remotekey: %s\n",
 	       type_to_string(tmpctx, struct pubkey, &remotekey));
 
+	if (!pubkey_from_privkey(&local_htlcsecretkey, &local_htlckey))
+		abort();
+	if (!derive_simple_key(&local_htlc_basepoint,
+			       &x_local_per_commitment_point,
+			       &tmpkey))
+		abort();
+	assert(pubkey_eq(&tmpkey, &local_htlckey));
+	printf("local_htlckey: %s\n",
+	       type_to_string(tmpctx, struct pubkey, &local_htlckey));
+
+	if (!derive_simple_key(&remote_htlc_basepoint,
+			       &x_local_per_commitment_point,
+			       &remote_htlckey))
+		abort();
+	printf("remote_htlckey: %s\n",
+	       type_to_string(tmpctx, struct pubkey, &remote_htlckey));
 
 	if (!pubkey_from_privkey(&x_local_delayed_secretkey, &local_delayedkey))
 		abort();
@@ -688,6 +720,8 @@ int main(void)
 	keyset.self_delayed_payment_key = local_delayedkey;
 	keyset.self_payment_key = localkey;
 	keyset.other_payment_key = remotekey;
+	keyset.self_htlc_key = local_htlckey;
+	keyset.other_htlc_key = remote_htlckey;
 
 	print_superverbose = true;
 	tx = commit_tx(tmpctx, &funding_txid, funding_output_index,
@@ -715,11 +749,13 @@ int main(void)
 	report(tx, wscript, &x_remote_funding_privkey, &remote_funding_pubkey,
 	       &local_funding_privkey, &local_funding_pubkey,
 	       to_self_delay,
-	       &local_secretkey,
+	       &local_htlcsecretkey,
 	       &localkey,
+	       &local_htlckey,
 	       &local_delayedkey,
-	       &x_remote_secretkey,
+	       &x_remote_htlcsecretkey,
 	       &remotekey,
+	       &remote_htlckey,
 	       &remote_revocation_key,
 	       feerate_per_kw,
 	       htlc_map);
@@ -768,11 +804,13 @@ int main(void)
 	report(tx, wscript, &x_remote_funding_privkey, &remote_funding_pubkey,
 	       &local_funding_privkey, &local_funding_pubkey,
 	       to_self_delay,
-	       &local_secretkey,
+	       &local_htlcsecretkey,
 	       &localkey,
+	       &local_htlckey,
 	       &local_delayedkey,
-	       &x_remote_secretkey,
+	       &x_remote_htlcsecretkey,
 	       &remotekey,
+	       &remote_htlckey,
 	       &remote_revocation_key,
 	       feerate_per_kw,
 	       htlc_map);
@@ -840,11 +878,13 @@ int main(void)
 		       &x_remote_funding_privkey, &remote_funding_pubkey,
 		       &local_funding_privkey, &local_funding_pubkey,
 		       to_self_delay,
-		       &local_secretkey,
+		       &local_htlcsecretkey,
 		       &localkey,
+		       &local_htlckey,
 		       &local_delayedkey,
-		       &x_remote_secretkey,
+		       &x_remote_htlcsecretkey,
 		       &remotekey,
+		       &remote_htlckey,
 		       &remote_revocation_key,
 		       feerate_per_kw-1,
 		       htlc_map);
@@ -874,11 +914,13 @@ int main(void)
 		       &x_remote_funding_privkey, &remote_funding_pubkey,
 		       &local_funding_privkey, &local_funding_pubkey,
 		       to_self_delay,
-		       &local_secretkey,
+		       &local_htlcsecretkey,
 		       &localkey,
+		       &local_htlckey,
 		       &local_delayedkey,
-		       &x_remote_secretkey,
+		       &x_remote_htlcsecretkey,
 		       &remotekey,
+		       &remote_htlckey,
 		       &remote_revocation_key,
 		       feerate_per_kw,
 		       htlc_map);
@@ -930,11 +972,13 @@ int main(void)
 		       &x_remote_funding_privkey, &remote_funding_pubkey,
 		       &local_funding_privkey, &local_funding_pubkey,
 		       to_self_delay,
-		       &local_secretkey,
+		       &local_htlcsecretkey,
 		       &localkey,
+		       &local_htlckey,
 		       &local_delayedkey,
-		       &x_remote_secretkey,
+		       &x_remote_htlcsecretkey,
 		       &remotekey,
+		       &remote_htlckey,
 		       &remote_revocation_key,
 		       feerate_per_kw,
 		       htlc_map);

openingd/opening.c

@@ -269,7 +269,7 @@ static u8 *funder_channel(struct state *state,
 	/* BOLT #2:
 	 *
 	 * The receiver MUST fail the channel if `funding_pubkey`,
-	 * `revocation_basepoint`, `payment_basepoint` or
+	 * `revocation_basepoint`, `htlc_basepoint`, `payment_basepoint` or
 	 * `delayed_payment_basepoint` are not valid DER-encoded compressed
 	 * secp256k1 pubkeys.
 	 */
@@ -291,6 +291,9 @@ static u8 *funder_channel(struct state *state,
 		peer_failed(PEER_FD, &state->cs, &state->channel_id,
 			    "Parsing accept_channel %s", tal_hex(msg, msg));
 
+	/* FIXME */
+	theirs.htlc = theirs.payment;
+
 	/* BOLT #2:
 	 *
 	 * The `temporary_channel_id` MUST be the same as the
@@ -471,7 +474,7 @@ static u8 *fundee_channel(struct state *state,
 	/* BOLT #2:
 	 *
 	 * The receiver MUST fail the channel if `funding_pubkey`,
-	 * `revocation_basepoint`, `payment_basepoint` or
+	 * `revocation_basepoint`, `htlc_basepoint`, `payment_basepoint` or
 	 * `delayed_payment_basepoint` are not valid DER-encoded compressed
 	 * secp256k1 pubkeys.
 	 */
@@ -495,6 +498,9 @@ static u8 *fundee_channel(struct state *state,
 			    "Bad open_channel %s",
 			    tal_hex(peer_msg, peer_msg));
 
+	/* FIXME */
+	theirs.htlc = theirs.payment;
+
 	/* BOLT #2:
 	 *
 	 * The receiving node MUST reject the channel if the `chain_hash` value