channeld: make per_commit_point and per_commit_secret handling clearer.

All the +1 and -1 in the existing combination routine were confusing.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

lightningd/channel/channel.c

@@ -583,11 +583,10 @@ static struct io_plan *send_revocation(struct io_conn *conn, struct peer *peer)
 	u8 *msg;
 
 	peer->old_per_commit[LOCAL] = peer->current_per_commit[LOCAL];
-	if (!next_per_commit_point(&peer->shaseed, &old_commit_secret,
-				   &peer->current_per_commit[LOCAL],
-				   peer->commit_index[LOCAL]))
-		status_failed(WIRE_CHANNEL_CRYPTO_FAILED,
-			      "Deriving next commit_point");
+
+	/* Get N-1th secret. */
+	per_commit_secret(&peer->shaseed, &old_commit_secret,
+			  peer->commit_index[LOCAL] - 1);
 
 	pubkey_from_privkey((struct privkey *)&old_commit_secret, &test);
 	if (!pubkey_eq(&test, &oldpoint))
@@ -596,7 +595,12 @@ static struct io_plan *send_revocation(struct io_conn *conn, struct peer *peer)
 			      tal_hexstr(trc, &old_commit_secret,
 					 sizeof(old_commit_secret)));
 
-	peer->commit_index[LOCAL]++;
+	/* Send N+1th point. */
+	if (!per_commit_point(&peer->shaseed,
+			      &peer->current_per_commit[LOCAL],
+			      ++peer->commit_index[LOCAL]))
+		status_failed(WIRE_CHANNEL_CRYPTO_FAILED,
+			      "Deriving next commit_point");
 
 	/* If this queues more changes on the other end, send commit. */
 	if (channel_sending_revoke_and_ack(peer->channel)) {
@@ -1348,9 +1352,9 @@ static void handle_funding_locked(struct peer *peer, const u8 *msg)
 					     &peer->short_channel_ids[LOCAL]))
 		status_failed(WIRE_CHANNEL_BAD_COMMAND, "%s", tal_hex(msg, msg));
 
-	next_per_commit_point(&peer->shaseed, NULL,
-			      &peer->current_per_commit[LOCAL],
-			      peer->commit_index[LOCAL]++);
+	per_commit_point(&peer->shaseed,
+			 &peer->current_per_commit[LOCAL],
+			 ++peer->commit_index[LOCAL]);
 
 	msg = towire_funding_locked(peer,
 				    &peer->channel_id,

lightningd/derive_basepoints.c

@@ -68,23 +68,22 @@ bool derive_basepoints(const struct privkey *seed,
 	return true;
 }
 
-bool next_per_commit_point(const struct sha256 *shaseed,
-			   struct sha256 *old_commit_secret,
-			   struct pubkey *per_commit_point,
-			   u64 per_commit_index)
+void per_commit_secret(const struct sha256 *shaseed,
+		       struct sha256 *commit_secret,
+		       u64 per_commit_index)
+{
+	shachain_from_seed(shaseed, shachain_index(per_commit_index),
+			   commit_secret);
+}
+
+bool per_commit_point(const struct sha256 *shaseed,
+		      struct pubkey *commit_point,
+		      u64 per_commit_index)
 {
 	struct sha256 per_commit_secret;
 
-
-	/* Get old secret. */
-	if (per_commit_index > 0)
-		shachain_from_seed(shaseed, shachain_index(per_commit_index - 1),
-				   old_commit_secret);
-	else
-		assert(old_commit_secret == NULL);
-
 	/* Derive new per-commitment-point. */
-	shachain_from_seed(shaseed, shachain_index(per_commit_index + 1),
+	shachain_from_seed(shaseed, shachain_index(per_commit_index),
 			   &per_commit_secret);
 
 	/* BOLT #3:
@@ -94,7 +93,7 @@ bool next_per_commit_point(const struct sha256 *shaseed,
 	 * 	per_commitment_point = per_commitment_secret * G
 	 */
 	if (secp256k1_ec_pubkey_create(secp256k1_ctx,
-				       &per_commit_point->pubkey,
+				       &commit_point->pubkey,
 				       per_commit_secret.u.u8) != 1)
 		return false;
 

lightningd/derive_basepoints.h

@@ -37,11 +37,25 @@ bool derive_basepoints(const struct privkey *seed,
 		       struct pubkey *per_commit_point,
 		       u64 per_commit_index);
 
-/* Give up secret for index-1, and generate per-commitment point for N+1. */
-bool next_per_commit_point(const struct sha256 *shaseed,
-			   struct sha256 *old_commit_secret,
-			   struct pubkey *per_commit_point,
-			   u64 per_commit_index);
+/**
+ * per_commit_secret - get a secret for this index.
+ * @shaseed: the sha256 seed
+ * @commit_secret: the returned per-commit secret.
+ * @per_commit_index: (in) which @commit_secret to return.
+ */
+void per_commit_secret(const struct sha256 *shaseed,
+		       struct sha256 *commit_secret,
+		       u64 per_commit_index);
+
+/**
+ * per_commit_point - get the per-commit-point for this index.
+ * @shaseed: the sha256 seed
+ * @commit_point: the returned per-commit point.
+ * @per_commit_index: (in) which @commit_point to return.
+ */
+bool per_commit_point(const struct sha256 *shaseed,
+		      struct pubkey *commit_point,
+		      u64 per_commit_index);
 
 /* BOLT #3:
  *