From: Devrandom <c1.devrandom@niftybox.net>
Date: Sun, 9 Aug 2020 13:56:10 +0000 (+0200)
Subject: Expose TxCreationKeys in LocalCommitmentTransaction via a method
X-Git-Tag: v0.0.12~42^2~1
X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=6f635c6bc3ba30323867125f8ad14f476a0dec43;p=rust-lightning

Expose TxCreationKeys in LocalCommitmentTransaction via a method

This makes it obvious to signer implementers that the pre-derived keys are a local cache and should not be trusted in a validating signer.
---

diff --git a/lightning/src/ln/chan_utils.rs b/lightning/src/ln/chan_utils.rs
index 1e49782b8..b5d4d4907 100644
--- a/lightning/src/ln/chan_utils.rs
+++ b/lightning/src/ln/chan_utils.rs
@@ -540,8 +540,7 @@ pub struct LocalCommitmentTransaction {
 	// Which order the signatures should go in when constructing the final commitment tx witness.
 	// The user should be able to reconstruc this themselves, so we don't bother to expose it.
 	our_sig_first: bool,
-	/// The key derivation parameters for this commitment transaction
-	pub local_keys: TxCreationKeys,
+	pub(crate) local_keys: TxCreationKeys,
 	/// The feerate paid per 1000-weight-unit in this commitment transaction. This value is
 	/// controlled by the channel initiator.
 	pub feerate_per_kw: u32,
@@ -606,6 +605,12 @@ impl LocalCommitmentTransaction {
 		}
 	}
 
+	/// The pre-calculated transaction creation public keys.
+	/// An external validating signer should not trust these keys.
+	pub fn trust_key_derivation(&self) -> &TxCreationKeys {
+		&self.local_keys
+	}
+
 	/// Get the txid of the local commitment transaction contained in this
 	/// LocalCommitmentTransaction
 	pub fn txid(&self) -> Txid {