basepoints/secrets: add htlc entry

Currently derive_basepoints just sets it to match the payment point/secret.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

channeld/full_channel.c

@@ -242,6 +242,8 @@ struct bitcoin_tx **channel_txs(const tal_t *ctx,
 	if (!derive_keyset(per_commitment_point,
 			   &channel->basepoints[side].payment,
 			   &channel->basepoints[!side].payment,
+			   &channel->basepoints[side].htlc,
+			   &channel->basepoints[!side].htlc,
 			   &channel->basepoints[side].delayed_payment,
 			   &channel->basepoints[!side].revocation,
 			   &keyset))

common/derive_basepoints.c

@@ -22,6 +22,8 @@ bool derive_basepoints(const struct privkey *seed,
 		secrets->funding_privkey = keys.f;
 		secrets->revocation_basepoint_secret = keys.r.secret;
 		secrets->payment_basepoint_secret = keys.p.secret;
+		/* We currently make htlc_basepoint_secret the same */
+		secrets->htlc_basepoint_secret = keys.p.secret;
 		secrets->delayed_payment_basepoint_secret = keys.d.secret;
 	}
 
@@ -32,6 +34,7 @@ bool derive_basepoints(const struct privkey *seed,
 
 	if (basepoints) {
 		if (!pubkey_from_privkey(&keys.r, &basepoints->revocation)
+		    || !pubkey_from_privkey(&keys.p, &basepoints->htlc)
 		    || !pubkey_from_privkey(&keys.p, &basepoints->payment)
 		    || !pubkey_from_privkey(&keys.d, &basepoints->delayed_payment))
 			return false;

common/derive_basepoints.h

@@ -12,6 +12,7 @@ struct sha256;
 struct basepoints {
 	struct pubkey revocation;
 	struct pubkey payment;
+	struct pubkey htlc;
 	struct pubkey delayed_payment;
 };
 
@@ -19,6 +20,7 @@ struct secrets {
 	struct privkey funding_privkey;
 	struct secret revocation_basepoint_secret;
 	struct secret payment_basepoint_secret;
+	struct secret htlc_basepoint_secret;
 	struct secret delayed_payment_basepoint_secret;
 };
 

common/initial_channel.c

@@ -75,6 +75,8 @@ struct bitcoin_tx *initial_channel_tx(const tal_t *ctx,
 	if (!derive_keyset(per_commitment_point,
 			   &channel->basepoints[side].payment,
 			   &channel->basepoints[!side].payment,
+			   &channel->basepoints[side].htlc,
+			   &channel->basepoints[!side].htlc,
 			   &channel->basepoints[side].delayed_payment,
 			   &channel->basepoints[!side].revocation,
 			   &keyset))

common/key_derive.c

@@ -7,7 +7,7 @@
 
 /* BOLT #3:
  *
- * ### `localkey`, `remotekey`, `local_delayedkey` and `remote_delayedkey` Derivation
+ * ### `localkey`, `remotekey`, `local_htlckey`, `remote_htlckey`, `local_delayedkey` and `remote_delayedkey` Derivation
  *
  * These keys are simply generated by addition from their base points:
  *
@@ -15,9 +15,9 @@
  *
  * The `localkey` uses the local node's `payment_basepoint`, `remotekey`
  * uses the remote node's `payment_basepoint`, the `local_delayedkey`
- * uses the local node's `delayed_payment_basepoint`, and the
+ * uses the local node's `delayed_payment_basepoint`, the `local_htlckey`
- * `remote_delayedkey` uses the remote node's
+ * uses the local node's `htlc_basepoint` and the `remote_delayedkey` uses
- * `delayed_payment_basepoint`.
+ * the remote node's `delayed_payment_basepoint`.
  */
 bool derive_simple_key(const struct pubkey *basepoint,
 		    const struct pubkey *per_commitment_point,
@@ -54,7 +54,8 @@ bool derive_simple_key(const struct pubkey *basepoint,
 /* BOLT #3:
  *
  * The corresponding private keys can be derived similarly if the basepoint
- * secrets are known (i.e., `localkey` and `local_delayedkey` only):
+ * secrets are known (i.e., `localkey`, `local_htlckey` and `local_delayedkey`
+ * only):
  *
  *     secretkey = basepoint_secret + SHA256(per_commitment_point || basepoint)
  */

common/keyset.c

@@ -4,14 +4,16 @@
 bool derive_keyset(const struct pubkey *per_commitment_point,
 		   const struct pubkey *self_payment_basepoint,
 		   const struct pubkey *other_payment_basepoint,
+		   const struct pubkey *self_htlc_basepoint,
+		   const struct pubkey *other_htlc_basepoint,
 		   const struct pubkey *self_delayed_basepoint,
 		   const struct pubkey *other_revocation_basepoint,
 		   struct keyset *keyset)
 {
 	/* BOLT #3:
 	 *
-	 * ### `localkey`, `remotekey`, `local_delayedkey` and
+	 * ### `localkey`, `remotekey`, `local_htlckey`, `remote_htlckey`,
-         *     `remote_delayedkey` Derivation
+	 *     `local_delayedkey` and `remote_delayedkey` Derivation
 	 *
 	 * These keys are simply generated by addition from their base points:
 	 *
@@ -20,7 +22,8 @@ bool derive_keyset(const struct pubkey *per_commitment_point,
 	 * The `localkey` uses the local node's `payment_basepoint`,
 	 * `remotekey` uses the remote node's `payment_basepoint`, the
 	 * `local_delayedkey` uses the local node's
-	 * `delayed_payment_basepoint`, and the `remote_delayedkey` uses the
+	 * `delayed_payment_basepoint`, the `local_htlckey` uses the local
+	 * node's `htlc_basepoint` and the `remote_delayedkey` uses the
 	 * remote node's `delayed_payment_basepoint`.
 	 */
 	if (!derive_simple_key(self_payment_basepoint,
@@ -33,6 +36,16 @@ bool derive_keyset(const struct pubkey *per_commitment_point,
 			       &keyset->other_payment_key))
 		return false;
 
+	if (!derive_simple_key(self_htlc_basepoint,
+			       per_commitment_point,
+			       &keyset->self_htlc_key))
+		return false;
+
+	if (!derive_simple_key(other_htlc_basepoint,
+			       per_commitment_point,
+			       &keyset->other_htlc_key))
+		return false;
+
 	if (!derive_simple_key(self_delayed_basepoint,
 			       per_commitment_point,
 			       &keyset->self_delayed_payment_key))

common/keyset.h

@@ -7,6 +7,7 @@
 /* Keys needed to derive a particular commitment tx. */
 struct keyset {
 	struct pubkey self_revocation_key;
+	struct pubkey self_htlc_key, other_htlc_key;
 	struct pubkey self_delayed_payment_key;
 	struct pubkey self_payment_key, other_payment_key;
 };
@@ -14,6 +15,8 @@ struct keyset {
 bool derive_keyset(const struct pubkey *per_commitment_point,
 		   const struct pubkey *self_payment_basepoint,
 		   const struct pubkey *other_payment_basepoint,
+		   const struct pubkey *self_htlc_basepoint,
+		   const struct pubkey *other_htlc_basepoint,
 		   const struct pubkey *self_delayed_basepoint,
 		   const struct pubkey *other_revocation_basepoint,
 		   struct keyset *keyset);

lightningd/test/run-channel.c

@@ -388,6 +388,10 @@ int main(void)
 	localbase.payment = pubkey_from_hex("034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa");
 	remotebase.payment = pubkey_from_hex("032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991");
 
+	/* FIXME: Update bolt */
+	localbase.htlc = localbase.payment;
+	remotebase.htlc = remotebase.payment;
+
 	/* We put unknown in for some things; valgrind will warn if used. */
 	localbase.revocation = *unknown;
 	remotebase.delayed_payment = *unknown;
@@ -452,6 +456,10 @@ int main(void)
 	keyset.self_delayed_payment_key = pubkey_from_hex("03fd5960528dc152014952efdb702a88f71e3c1653b2314431701ec77e57fde83c");
 	keyset.self_revocation_key = pubkey_from_hex("0212a140cd0c6539d07cd08dfe09984dec3251ea808b892efeac3ede9402bf2b19");
 
+	/* FIXME: Update bolt */
+	keyset.self_htlc_key = keyset.self_payment_key;
+	keyset.other_htlc_key = keyset.other_payment_key;
+
 	raw_tx = commit_tx(tmpctx, &funding_txid, funding_output_index,
 			   funding_amount_satoshi,
 			   LOCAL, remote_config->to_self_delay,

onchaind/onchain.c

@@ -1140,6 +1140,8 @@ static void handle_our_unilateral(const struct bitcoin_tx *tx,
 				  const struct pubkey *remote_revocation_basepoint,
 				  const struct pubkey *remote_payment_basepoint,
 				  const struct pubkey *local_payment_basepoint,
+				  const struct pubkey *remote_htlc_basepoint,
+				  const struct pubkey *local_htlc_basepoint,
 				  const struct pubkey *local_delayed_payment_basepoint,
 				  u64 commit_num,
 				  const struct htlc_stub *htlcs,
@@ -1180,6 +1182,8 @@ static void handle_our_unilateral(const struct bitcoin_tx *tx,
 	if (!derive_keyset(&local_per_commitment_point,
 			   local_payment_basepoint,
 			   remote_payment_basepoint,
+			   local_htlc_basepoint,
+			   remote_htlc_basepoint,
 			   local_delayed_payment_basepoint,
 			   remote_revocation_basepoint,
 			   ks))
@@ -1191,7 +1195,9 @@ static void handle_our_unilateral(const struct bitcoin_tx *tx,
 		     " self_revocation_key: %s"
 		     " self_delayed_payment_key: %s"
 		     " self_payment_key: %s"
-		     " other_payment_key: %s",
+		     " other_payment_key: %s"
+		     " self_htlc_key: %s"
+		     " other_htlc_key: %s",
 		     commit_num,
 		     type_to_string(trc, struct pubkey,
 				    &keyset->self_revocation_key),
@@ -1200,7 +1206,11 @@ static void handle_our_unilateral(const struct bitcoin_tx *tx,
 		     type_to_string(trc, struct pubkey,
 				    &keyset->self_payment_key),
 		     type_to_string(trc, struct pubkey,
-				    &keyset->other_payment_key));
+				    &keyset->other_payment_key),
+		     type_to_string(trc, struct pubkey,
+				    &keyset->self_htlc_key),
+		     type_to_string(trc, struct pubkey,
+				    &keyset->other_htlc_key));
 
 	if (!derive_simple_privkey(&secrets->delayed_payment_basepoint_secret,
 				   local_delayed_payment_basepoint,
@@ -1422,6 +1432,8 @@ static void handle_their_cheat(const struct bitcoin_tx *tx,
 			       const struct pubkey *local_revocation_basepoint,
 			       const struct pubkey *local_payment_basepoint,
 			       const struct pubkey *remote_payment_basepoint,
+			       const struct pubkey *remote_htlc_basepoint,
+			       const struct pubkey *local_htlc_basepoint,
 			       const struct pubkey *remote_delayed_payment_basepoint,
 			       u64 commit_num,
 			       const struct htlc_stub *htlcs,
@@ -1468,6 +1480,8 @@ static void handle_their_cheat(const struct bitcoin_tx *tx,
 		     ": per_commit_point=%s"
 		     " self_payment_basepoint=%s"
 		     " other_payment_basepoint=%s"
+		     " self_htlc_basepoint=%s"
+		     " other_htlc_basepoint=%s"
 		     " self_delayed_basepoint=%s"
 		     " other_revocation_basepoint=%s",
 		     commit_num,
@@ -1477,6 +1491,10 @@ static void handle_their_cheat(const struct bitcoin_tx *tx,
 				    remote_payment_basepoint),
 		     type_to_string(trc, struct pubkey,
 				    local_payment_basepoint),
+		     type_to_string(trc, struct pubkey,
+				    remote_htlc_basepoint),
+		     type_to_string(trc, struct pubkey,
+				    local_htlc_basepoint),
 		     type_to_string(trc, struct pubkey,
 				    remote_delayed_payment_basepoint),
 		     type_to_string(trc, struct pubkey,
@@ -1487,6 +1505,8 @@ static void handle_their_cheat(const struct bitcoin_tx *tx,
 	if (!derive_keyset(&per_commitment_point,
 			   remote_payment_basepoint,
 			   local_payment_basepoint,
+			   local_htlc_basepoint,
+			   remote_htlc_basepoint,
 			   remote_delayed_payment_basepoint,
 			   local_revocation_basepoint,
 			   ks))
@@ -1498,7 +1518,9 @@ static void handle_their_cheat(const struct bitcoin_tx *tx,
 		     " self_revocation_key: %s"
 		     " self_delayed_payment_key: %s"
 		     " self_payment_key: %s"
-		     " other_payment_key: %s",
+		     " other_payment_key: %s"
+		     " self_htlc_key: %s"
+		     " other_htlc_key: %s",
 		     commit_num,
 		     type_to_string(trc, struct pubkey,
 				    &keyset->self_revocation_key),
@@ -1507,7 +1529,11 @@ static void handle_their_cheat(const struct bitcoin_tx *tx,
 		     type_to_string(trc, struct pubkey,
 				    &keyset->self_payment_key),
 		     type_to_string(trc, struct pubkey,
-				    &keyset->other_payment_key));
+				    &keyset->other_payment_key),
+		     type_to_string(trc, struct pubkey,
+				    &keyset->self_htlc_key),
+		     type_to_string(trc, struct pubkey,
+				    &keyset->other_htlc_key));
 
 	revocation_privkey = tal(tx, struct privkey);
 	if (!derive_revocation_privkey(&secrets->revocation_basepoint_secret,
@@ -1670,6 +1696,8 @@ static void handle_their_unilateral(const struct bitcoin_tx *tx,
 				    const struct pubkey *local_revocation_basepoint,
 				    const struct pubkey *local_payment_basepoint,
 				    const struct pubkey *remote_payment_basepoint,
+				    const struct pubkey *remote_htlc_basepoint,
+				    const struct pubkey *local_htlc_basepoint,
 				    const struct pubkey *remote_delayed_payment_basepoint,
 				    u64 commit_num,
 				    const struct htlc_stub *htlcs,
@@ -1701,6 +1729,8 @@ static void handle_their_unilateral(const struct bitcoin_tx *tx,
 		     ": per_commit_point=%s"
 		     " self_payment_basepoint=%s"
 		     " other_payment_basepoint=%s"
+		     " self_htlc_basepoint=%s"
+		     " other_htlc_basepoint=%s"
 		     " self_delayed_basepoint=%s"
 		     " other_revocation_basepoint=%s",
 		     commit_num,
@@ -1710,6 +1740,10 @@ static void handle_their_unilateral(const struct bitcoin_tx *tx,
 				    remote_payment_basepoint),
 		     type_to_string(trc, struct pubkey,
 				    local_payment_basepoint),
+		     type_to_string(trc, struct pubkey,
+				    remote_htlc_basepoint),
+		     type_to_string(trc, struct pubkey,
+				    local_htlc_basepoint),
 		     type_to_string(trc, struct pubkey,
 				    remote_delayed_payment_basepoint),
 		     type_to_string(trc, struct pubkey,
@@ -1720,6 +1754,8 @@ static void handle_their_unilateral(const struct bitcoin_tx *tx,
 	if (!derive_keyset(remote_per_commitment_point,
 			   remote_payment_basepoint,
 			   local_payment_basepoint,
+			   remote_htlc_basepoint,
+			   local_htlc_basepoint,
 			   remote_delayed_payment_basepoint,
 			   local_revocation_basepoint,
 			   ks))
@@ -1731,7 +1767,9 @@ static void handle_their_unilateral(const struct bitcoin_tx *tx,
 		     " self_revocation_key: %s"
 		     " self_delayed_payment_key: %s"
 		     " self_payment_key: %s"
-		     " other_payment_key: %s",
+		     " other_payment_key: %s"
+		     " self_htlc_key: %s"
+		     " other_htlc_key: %s",
 		     commit_num,
 		     type_to_string(trc, struct pubkey,
 				    &keyset->self_revocation_key),
@@ -1740,7 +1778,11 @@ static void handle_their_unilateral(const struct bitcoin_tx *tx,
 		     type_to_string(trc, struct pubkey,
 				    &keyset->self_payment_key),
 		     type_to_string(trc, struct pubkey,
-				    &keyset->other_payment_key));
+				    &keyset->other_payment_key),
+		     type_to_string(trc, struct pubkey,
+				    &keyset->self_htlc_key),
+		     type_to_string(trc, struct pubkey,
+				    &keyset->other_htlc_key));
 
 	if (!derive_simple_privkey(&secrets->payment_basepoint_secret,
 				   local_payment_basepoint,
@@ -1865,7 +1907,7 @@ int main(int argc, char *argv[])
 	const tal_t *ctx = tal_tmpctx(NULL);
 	u8 *msg;
 	struct privkey seed;
-	struct pubkey remote_payment_basepoint,
+	struct pubkey remote_payment_basepoint, remote_htlc_basepoint,
 		remote_per_commit_point, old_remote_per_commit_point,
 		remote_revocation_basepoint, remote_delayed_payment_basepoint;
 	enum side funder;
@@ -1924,6 +1966,7 @@ int main(int argc, char *argv[])
 				   &num_htlcs)) {
 		master_badmsg(WIRE_ONCHAIN_INIT, msg);
 	}
+	remote_htlc_basepoint = remote_payment_basepoint;
 	derive_basepoints(&seed, NULL, &basepoints, &secrets, &shaseed);
 	bitcoin_txid(tx, &txid);
 
@@ -1994,6 +2037,8 @@ int main(int argc, char *argv[])
 					      &remote_revocation_basepoint,
 					      &remote_payment_basepoint,
 					      &basepoints.payment,
+					      &remote_htlc_basepoint,
+					      &basepoints.htlc,
 					      &basepoints.delayed_payment,
 					      commit_num,
 					      htlcs,
@@ -2017,6 +2062,8 @@ int main(int argc, char *argv[])
 					   &basepoints.revocation,
 					   &basepoints.payment,
 					   &remote_payment_basepoint,
+					   &basepoints.htlc,
+					   &remote_htlc_basepoint,
 					   &remote_delayed_payment_basepoint,
 					   commit_num,
 					   htlcs,
@@ -2039,6 +2086,8 @@ int main(int argc, char *argv[])
 						&basepoints.revocation,
 						&basepoints.payment,
 						&remote_payment_basepoint,
+						&basepoints.htlc,
+						&remote_htlc_basepoint,
 						&remote_delayed_payment_basepoint,
 						commit_num,
 						htlcs,
@@ -2053,6 +2102,8 @@ int main(int argc, char *argv[])
 						&basepoints.revocation,
 						&basepoints.payment,
 						&remote_payment_basepoint,
+						&basepoints.htlc,
+						&remote_htlc_basepoint,
 						&remote_delayed_payment_basepoint,
 						commit_num,
 						htlcs,