From b51721fc8a87c531a23937d2df9cd684393eb8ba Mon Sep 17 00:00:00 2001 From: Antoine Riard Date: Thu, 27 Aug 2020 13:24:37 -0400 Subject: [PATCH] Underscore TxCreationKeys ownership A TxCreationKeys set represents the key which will be embedded in output scripts of a party's commitment tx state. Among them there is a always a key belonging to counter-party, the HTLC pubkey. To dissociate strongly, prefix keys with broadcaster/countersignatory. A revocation keypair is attributed to the broadcaster as it's used to punish a fraudulent broadcast while minding that such keypair derivation method will be always used by countersignatory as it's its task to enforce punishement thanks to the release secret. --- .../src/chain/keysinterface.rs | 8 +-- lightning-c-bindings/src/ln/chan_utils.rs | 22 +++---- lightning/src/chain/keysinterface.rs | 2 +- lightning/src/ln/chan_utils.rs | 60 ++++++++++--------- lightning/src/ln/channel.rs | 6 +- lightning/src/ln/channelmonitor.rs | 4 +- lightning/src/ln/functional_tests.rs | 2 +- lightning/src/ln/onchaintx.rs | 2 +- lightning/src/util/enforcing_trait_impls.rs | 2 +- 9 files changed, 55 insertions(+), 53 deletions(-) diff --git a/lightning-c-bindings/src/chain/keysinterface.rs b/lightning-c-bindings/src/chain/keysinterface.rs index 1a871ce9..8b0d313f 100644 --- a/lightning-c-bindings/src/chain/keysinterface.rs +++ b/lightning-c-bindings/src/chain/keysinterface.rs @@ -666,7 +666,7 @@ pub extern "C" fn InMemoryChannelKeys_new(mut funding_key: crate::c_types::Secre crate::chain::keysinterface::InMemoryChannelKeys { inner: Box::into_raw(Box::new(ret)), is_owned: true } } -/// Remote pubkeys. +/// Counterparty pubkeys. /// Will panic if on_accept wasn't called. #[must_use] #[no_mangle] @@ -675,10 +675,10 @@ pub extern "C" fn InMemoryChannelKeys_counterparty_pubkeys(this_arg: &InMemoryCh crate::ln::chan_utils::ChannelPublicKeys { inner: unsafe { ( (&(*ret) as *const _) as *mut _) }, is_owned: false } } -/// The to_self_delay value specified by our counterparty and applied on locally-broadcastable +/// The contest delay value specified by our counterparty and applied on holder-broadcastable /// transactions, ie the amount of time that we have to wait to recover our funds if we /// broadcast a transaction. You'll likely want to pass this to the -/// ln::chan_utils::build*_transaction functions when signing local transactions. +/// ln::chan_utils::build*_transaction functions when signing holder transactions. /// Will panic if on_accept wasn't called. #[must_use] #[no_mangle] @@ -687,7 +687,7 @@ pub extern "C" fn InMemoryChannelKeys_counterparty_selected_contest_delay(this_a ret } -/// The to_self_delay value specified by us and applied on transactions broadcastable +/// The to_contest delay value specified by us and applied on transactions broadcastable /// by our counterparty, ie the amount of time that they have to wait to recover their funds /// if they broadcast a transaction. /// Will panic if on_accept wasn't called. diff --git a/lightning-c-bindings/src/ln/chan_utils.rs b/lightning-c-bindings/src/ln/chan_utils.rs index 241e3503..c946ad52 100644 --- a/lightning-c-bindings/src/ln/chan_utils.rs +++ b/lightning-c-bindings/src/ln/chan_utils.rs @@ -167,24 +167,24 @@ pub extern "C" fn TxCreationKeys_set_countersignatory_htlc_key(this_ptr: &mut Tx } /// Payment Key (which isn't allowed to be spent from for some delay) #[no_mangle] -pub extern "C" fn TxCreationKeys_get_delayed_payment_key(this_ptr: &TxCreationKeys) -> crate::c_types::PublicKey { - let mut inner_val = &mut unsafe { &mut *this_ptr.inner }.delayed_payment_key; +pub extern "C" fn TxCreationKeys_get_broadcaster_delayed_payment_key(this_ptr: &TxCreationKeys) -> crate::c_types::PublicKey { + let mut inner_val = &mut unsafe { &mut *this_ptr.inner }.broadcaster_delayed_payment_key; crate::c_types::PublicKey::from_rust(&(*inner_val)) } /// Payment Key (which isn't allowed to be spent from for some delay) #[no_mangle] -pub extern "C" fn TxCreationKeys_set_delayed_payment_key(this_ptr: &mut TxCreationKeys, mut val: crate::c_types::PublicKey) { - unsafe { &mut *this_ptr.inner }.delayed_payment_key = val.into_rust(); +pub extern "C" fn TxCreationKeys_set_broadcaster_delayed_payment_key(this_ptr: &mut TxCreationKeys, mut val: crate::c_types::PublicKey) { + unsafe { &mut *this_ptr.inner }.broadcaster_delayed_payment_key = val.into_rust(); } #[must_use] #[no_mangle] -pub extern "C" fn TxCreationKeys_new(mut per_commitment_point_arg: crate::c_types::PublicKey, mut revocation_key_arg: crate::c_types::PublicKey, mut broadcaster_htlc_key_arg: crate::c_types::PublicKey, mut countersignatory_htlc_key_arg: crate::c_types::PublicKey, mut delayed_payment_key_arg: crate::c_types::PublicKey) -> TxCreationKeys { +pub extern "C" fn TxCreationKeys_new(mut per_commitment_point_arg: crate::c_types::PublicKey, mut revocation_key_arg: crate::c_types::PublicKey, mut broadcaster_htlc_key_arg: crate::c_types::PublicKey, mut countersignatory_htlc_key_arg: crate::c_types::PublicKey, mut broadcaster_delayed_payment_key_arg: crate::c_types::PublicKey) -> TxCreationKeys { TxCreationKeys { inner: Box::into_raw(Box::new(nativeTxCreationKeys { per_commitment_point: per_commitment_point_arg.into_rust(), revocation_key: revocation_key_arg.into_rust(), broadcaster_htlc_key: broadcaster_htlc_key_arg.into_rust(), countersignatory_htlc_key: countersignatory_htlc_key_arg.into_rust(), - delayed_payment_key: delayed_payment_key_arg.into_rust(), + broadcaster_delayed_payment_key: broadcaster_delayed_payment_key_arg.into_rust(), })), is_owned: true } } #[no_mangle] @@ -422,11 +422,11 @@ pub extern "C" fn TxCreationKeys_derive_new(per_commitment_point: crate::c_types } /// A script either spendable by the revocation -/// key or the delayed_payment_key and satisfying the relative-locktime OP_CSV constrain. +/// key or the broadcaster_delayed_payment_key and satisfying the relative-locktime OP_CSV constrain. /// Encumbering a `to_local` output on a commitment transaction or 2nd-stage HTLC transactions. #[no_mangle] -pub extern "C" fn get_revokeable_redeemscript(revocation_key: crate::c_types::PublicKey, mut to_self_delay: u16, delayed_payment_key: crate::c_types::PublicKey) -> crate::c_types::derived::CVec_u8Z { - let mut ret = lightning::ln::chan_utils::get_revokeable_redeemscript(&revocation_key.into_rust(), to_self_delay, &delayed_payment_key.into_rust()); +pub extern "C" fn get_revokeable_redeemscript(revocation_key: crate::c_types::PublicKey, mut to_self_delay: u16, broadcaster_delayed_payment_key: crate::c_types::PublicKey) -> crate::c_types::derived::CVec_u8Z { + let mut ret = lightning::ln::chan_utils::get_revokeable_redeemscript(&revocation_key.into_rust(), to_self_delay, &broadcaster_delayed_payment_key.into_rust()); ret.into_bytes().into() } @@ -563,8 +563,8 @@ pub extern "C" fn make_funding_redeemscript(a: crate::c_types::PublicKey, b: cra /// panics if htlc.transaction_output_index.is_none()! #[no_mangle] -pub extern "C" fn build_htlc_transaction(prev_hash: *const [u8; 32], mut feerate_per_kw: u32, mut to_self_delay: u16, htlc: &crate::ln::chan_utils::HTLCOutputInCommitment, a_delayed_payment_key: crate::c_types::PublicKey, revocation_key: crate::c_types::PublicKey) -> crate::c_types::derived::CVec_u8Z { - let mut ret = lightning::ln::chan_utils::build_htlc_transaction(&::bitcoin::hash_types::Txid::from_slice(&unsafe { &*prev_hash }[..]).unwrap(), feerate_per_kw, to_self_delay, unsafe { &*htlc.inner }, &a_delayed_payment_key.into_rust(), &revocation_key.into_rust()); +pub extern "C" fn build_htlc_transaction(prev_hash: *const [u8; 32], mut feerate_per_kw: u32, mut to_self_delay: u16, htlc: &crate::ln::chan_utils::HTLCOutputInCommitment, broadcaster_delayed_payment_key: crate::c_types::PublicKey, revocation_key: crate::c_types::PublicKey) -> crate::c_types::derived::CVec_u8Z { + let mut ret = lightning::ln::chan_utils::build_htlc_transaction(&::bitcoin::hash_types::Txid::from_slice(&unsafe { &*prev_hash }[..]).unwrap(), feerate_per_kw, to_self_delay, unsafe { &*htlc.inner }, &broadcaster_delayed_payment_key.into_rust(), &revocation_key.into_rust()); let mut local_ret = ::bitcoin::consensus::encode::serialize(&ret); local_ret.into() } diff --git a/lightning/src/chain/keysinterface.rs b/lightning/src/chain/keysinterface.rs index f922a692..4373bfcb 100644 --- a/lightning/src/chain/keysinterface.rs +++ b/lightning/src/chain/keysinterface.rs @@ -485,7 +485,7 @@ impl ChannelKeys for InMemoryChannelKeys { let mut htlc_sigs = Vec::with_capacity(htlcs.len()); for ref htlc in htlcs { if let Some(_) = htlc.transaction_output_index { - let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, feerate_per_kw, accepted_data.locally_selected_contest_delay, htlc, &keys.delayed_payment_key, &keys.revocation_key); + let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, feerate_per_kw, accepted_data.locally_selected_contest_delay, htlc, &keys.broadcaster_delayed_payment_key, &keys.revocation_key); let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, &keys); let htlc_sighash = hash_to_message!(&bip143::SigHashCache::new(&htlc_tx).signature_hash(0, &htlc_redeemscript, htlc.amount_msat / 1000, SigHashType::All)[..]); let our_htlc_key = match chan_utils::derive_private_key(&secp_ctx, &keys.per_commitment_point, &self.htlc_base_key) { diff --git a/lightning/src/ln/chan_utils.rs b/lightning/src/ln/chan_utils.rs index ebd553e3..87a03b14 100644 --- a/lightning/src/ln/chan_utils.rs +++ b/lightning/src/ln/chan_utils.rs @@ -217,15 +217,20 @@ pub fn derive_public_key(secp_ctx: &Secp256k1, per_com /// Derives a per-commitment-transaction revocation key from its constituent parts. /// +/// Only the cheating participant owns a valid witness to propagate a revoked +/// commitment transaction, thus per_commitment_secret always come from cheater +/// and revocation_base_secret always come from punisher, which is the broadcaster +/// of the transaction spending with this key knowledge. +/// /// Note that this is infallible iff we trust that at least one of the two input keys are randomly /// generated (ie our own). -pub fn derive_private_revocation_key(secp_ctx: &Secp256k1, per_commitment_secret: &SecretKey, revocation_base_secret: &SecretKey) -> Result { - let revocation_base_point = PublicKey::from_secret_key(&secp_ctx, &revocation_base_secret); +pub fn derive_private_revocation_key(secp_ctx: &Secp256k1, per_commitment_secret: &SecretKey, countersignatory_revocation_base_secret: &SecretKey) -> Result { + let countersignatory_revocation_base_point = PublicKey::from_secret_key(&secp_ctx, &countersignatory_revocation_base_secret); let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret); let rev_append_commit_hash_key = { let mut sha = Sha256::engine(); - sha.input(&revocation_base_point.serialize()); + sha.input(&countersignatory_revocation_base_point.serialize()); sha.input(&per_commitment_point.serialize()); Sha256::from_engine(sha).into_inner() @@ -233,16 +238,12 @@ pub fn derive_private_revocation_key(secp_ctx: &Secp256k1 let commit_append_rev_hash_key = { let mut sha = Sha256::engine(); sha.input(&per_commitment_point.serialize()); - sha.input(&revocation_base_point.serialize()); + sha.input(&countersignatory_revocation_base_point.serialize()); Sha256::from_engine(sha).into_inner() }; - // Only the transaction broadcaster owns a valid witness to propagate - // a revoked commitment transaction, thus per_commitment_secret always - // come from broadcaster and revocation_base_secret always come - // from countersignatory of the transaction. - let mut countersignatory_contrib = revocation_base_secret.clone(); + let mut countersignatory_contrib = countersignatory_revocation_base_secret.clone(); countersignatory_contrib.mul_assign(&rev_append_commit_hash_key)?; let mut broadcaster_contrib = per_commitment_secret.clone(); broadcaster_contrib.mul_assign(&commit_append_rev_hash_key)?; @@ -254,12 +255,17 @@ pub fn derive_private_revocation_key(secp_ctx: &Secp256k1 /// the public equivalend of derive_private_revocation_key - using only public keys to derive a /// public key instead of private keys. /// +/// Only the cheating participant owns a valid witness to propagate a revoked +/// commitment transaction, thus per_commitment_point always come from cheater +/// and revocation_base_point always come from punisher, which is the broadcaster +/// of the transaction spending with this key knowledge. +/// /// Note that this is infallible iff we trust that at least one of the two input keys are randomly /// generated (ie our own). -pub fn derive_public_revocation_key(secp_ctx: &Secp256k1, per_commitment_point: &PublicKey, revocation_base_point: &PublicKey) -> Result { +pub fn derive_public_revocation_key(secp_ctx: &Secp256k1, per_commitment_point: &PublicKey, countersignatory_revocation_base_point: &PublicKey) -> Result { let rev_append_commit_hash_key = { let mut sha = Sha256::engine(); - sha.input(&revocation_base_point.serialize()); + sha.input(&countersignatory_revocation_base_point.serialize()); sha.input(&per_commitment_point.serialize()); Sha256::from_engine(sha).into_inner() @@ -267,16 +273,12 @@ pub fn derive_public_revocation_key(secp_ctx: &Secp2 let commit_append_rev_hash_key = { let mut sha = Sha256::engine(); sha.input(&per_commitment_point.serialize()); - sha.input(&revocation_base_point.serialize()); + sha.input(&countersignatory_revocation_base_point.serialize()); Sha256::from_engine(sha).into_inner() }; - // Only the transaction broadcaster owns a valid witness to propagate - // a revoked commitment transaction, thus per_commitment_point always - // come from broadcaster and revocation_base_point always come - // from countersignatory of the transaction. - let mut countersignatory_contrib = revocation_base_point.clone(); + let mut countersignatory_contrib = countersignatory_revocation_base_point.clone(); countersignatory_contrib.mul_assign(&secp_ctx, &rev_append_commit_hash_key)?; let mut broadcaster_contrib = per_commitment_point.clone(); broadcaster_contrib.mul_assign(&secp_ctx, &commit_append_rev_hash_key)?; @@ -298,7 +300,7 @@ pub fn derive_public_revocation_key(secp_ctx: &Secp2 pub struct TxCreationKeys { /// The broadcaster's per-commitment public key which was used to derive the other keys. pub per_commitment_point: PublicKey, - /// The broadcaster's revocation key which is used to allow the broadcaster of the commitment + /// The revocation key which is used to allow the broadcaster of the commitment /// transaction to provide their counterparty the ability to punish them if they broadcast /// an old state. pub revocation_key: PublicKey, @@ -307,10 +309,10 @@ pub struct TxCreationKeys { /// Countersignatory's HTLC Key pub countersignatory_htlc_key: PublicKey, /// Broadcaster's Payment Key (which isn't allowed to be spent from for some delay) - pub delayed_payment_key: PublicKey, + pub broadcaster_delayed_payment_key: PublicKey, } impl_writeable!(TxCreationKeys, 33*6, - { per_commitment_point, revocation_key, broadcaster_htlc_key, countersignatory_htlc_key, delayed_payment_key }); + { per_commitment_point, revocation_key, broadcaster_htlc_key, countersignatory_htlc_key, broadcaster_delayed_payment_key }); /// The per-commitment point and a set of pre-calculated public keys used for transaction creation /// in the signer. @@ -377,22 +379,22 @@ impl TxCreationKeys { revocation_key: derive_public_revocation_key(&secp_ctx, &per_commitment_point, &countersignatory_revocation_base)?, broadcaster_htlc_key: derive_public_key(&secp_ctx, &per_commitment_point, &broadcaster_htlc_base)?, countersignatory_htlc_key: derive_public_key(&secp_ctx, &per_commitment_point, &countersignatory_htlc_base)?, - delayed_payment_key: derive_public_key(&secp_ctx, &per_commitment_point, &broadcaster_delayed_payment_base)?, + broadcaster_delayed_payment_key: derive_public_key(&secp_ctx, &per_commitment_point, &broadcaster_delayed_payment_base)?, }) } } /// A script either spendable by the revocation -/// key or the delayed_payment_key and satisfying the relative-locktime OP_CSV constrain. +/// key or the broadcaster_delayed_payment_key and satisfying the relative-locktime OP_CSV constrain. /// Encumbering a `to_local` output on a commitment transaction or 2nd-stage HTLC transactions. -pub fn get_revokeable_redeemscript(revocation_key: &PublicKey, contest_delay: u16, delayed_payment_key: &PublicKey) -> Script { +pub fn get_revokeable_redeemscript(revocation_key: &PublicKey, contest_delay: u16, broadcaster_delayed_payment_key: &PublicKey) -> Script { Builder::new().push_opcode(opcodes::all::OP_IF) .push_slice(&revocation_key.serialize()) .push_opcode(opcodes::all::OP_ELSE) .push_int(contest_delay as i64) .push_opcode(opcodes::all::OP_CSV) .push_opcode(opcodes::all::OP_DROP) - .push_slice(&delayed_payment_key.serialize()) + .push_slice(&broadcaster_delayed_payment_key.serialize()) .push_opcode(opcodes::all::OP_ENDIF) .push_opcode(opcodes::all::OP_CHECKSIG) .into_script() @@ -516,7 +518,7 @@ pub fn make_funding_redeemscript(broadcaster: &PublicKey, countersignatory: &Pub } /// panics if htlc.transaction_output_index.is_none()! -pub fn build_htlc_transaction(prev_hash: &Txid, feerate_per_kw: u32, contest_delay: u16, htlc: &HTLCOutputInCommitment, delayed_payment_key: &PublicKey, revocation_key: &PublicKey) -> Transaction { +pub fn build_htlc_transaction(prev_hash: &Txid, feerate_per_kw: u32, contest_delay: u16, htlc: &HTLCOutputInCommitment, broadcaster_delayed_payment_key: &PublicKey, revocation_key: &PublicKey) -> Transaction { let mut txins: Vec = Vec::new(); txins.push(TxIn { previous_output: OutPoint { @@ -536,7 +538,7 @@ pub fn build_htlc_transaction(prev_hash: &Txid, feerate_per_kw: u32, contest_del let mut txouts: Vec = Vec::new(); txouts.push(TxOut { - script_pubkey: get_revokeable_redeemscript(revocation_key, contest_delay, delayed_payment_key).to_v0_p2wsh(), + script_pubkey: get_revokeable_redeemscript(revocation_key, contest_delay, broadcaster_delayed_payment_key).to_v0_p2wsh(), value: htlc.amount_msat / 1000 - total_fee //TODO: BOLT 3 does not specify if we should add amount_msat before dividing or if we should divide by 1000 before subtracting (as we do here) }); @@ -605,7 +607,7 @@ impl LocalCommitmentTransaction { revocation_key: dummy_key.clone(), broadcaster_htlc_key: dummy_key.clone(), countersignatory_htlc_key: dummy_key.clone(), - delayed_payment_key: dummy_key.clone(), + broadcaster_delayed_payment_key: dummy_key.clone(), }, feerate_per_kw: 0, per_htlc: Vec::new() @@ -701,7 +703,7 @@ impl LocalCommitmentTransaction { for this_htlc in self.per_htlc.iter() { if this_htlc.0.transaction_output_index.is_some() { - let htlc_tx = build_htlc_transaction(&txid, self.feerate_per_kw, local_csv, &this_htlc.0, &self.local_keys.delayed_payment_key, &self.local_keys.revocation_key); + let htlc_tx = build_htlc_transaction(&txid, self.feerate_per_kw, local_csv, &this_htlc.0, &self.local_keys.broadcaster_delayed_payment_key, &self.local_keys.revocation_key); let htlc_redeemscript = get_htlc_redeemscript_with_explicit_keys(&this_htlc.0, &self.local_keys.broadcaster_htlc_key, &self.local_keys.countersignatory_htlc_key, &self.local_keys.revocation_key); @@ -724,7 +726,7 @@ impl LocalCommitmentTransaction { // Further, we should never be provided the preimage for an HTLC-Timeout transaction. if this_htlc.0.offered && preimage.is_some() { unreachable!(); } - let mut htlc_tx = build_htlc_transaction(&txid, self.feerate_per_kw, local_csv, &this_htlc.0, &self.local_keys.delayed_payment_key, &self.local_keys.revocation_key); + let mut htlc_tx = build_htlc_transaction(&txid, self.feerate_per_kw, local_csv, &this_htlc.0, &self.local_keys.broadcaster_delayed_payment_key, &self.local_keys.revocation_key); // Channel should have checked that we have a remote signature for this HTLC at // creation, and we should have a sensible htlc transaction: assert!(this_htlc.1.is_some()); diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs index 394016a1..aee16c60 100644 --- a/lightning/src/ln/channel.rs +++ b/lightning/src/ln/channel.rs @@ -990,7 +990,7 @@ impl Channel { txouts.push((TxOut { script_pubkey: chan_utils::get_revokeable_redeemscript(&keys.revocation_key, if local { self.counterparty_selected_contest_delay } else { self.holder_selected_contest_delay }, - &keys.delayed_payment_key).to_v0_p2wsh(), + &keys.broadcaster_delayed_payment_key).to_v0_p2wsh(), value: value_to_a as u64 }, None)); } @@ -1153,7 +1153,7 @@ impl Channel { /// @local is used only to convert relevant internal structures which refer to remote vs local /// to decide value of outputs and direction of HTLCs. fn build_htlc_transaction(&self, prev_hash: &Txid, htlc: &HTLCOutputInCommitment, local: bool, keys: &TxCreationKeys, feerate_per_kw: u32) -> Transaction { - chan_utils::build_htlc_transaction(prev_hash, feerate_per_kw, if local { self.counterparty_selected_contest_delay } else { self.holder_selected_contest_delay }, htlc, &keys.delayed_payment_key, &keys.revocation_key) + chan_utils::build_htlc_transaction(prev_hash, feerate_per_kw, if local { self.counterparty_selected_contest_delay } else { self.holder_selected_contest_delay }, htlc, &keys.broadcaster_delayed_payment_key, &keys.revocation_key) } /// Per HTLC, only one get_update_fail_htlc or get_update_fulfill_htlc call may be made. @@ -3883,7 +3883,7 @@ impl Channel { for (ref htlc_sig, ref htlc) in htlc_signatures.iter().zip(htlcs) { log_trace!(logger, "Signed remote HTLC tx {} with redeemscript {} with pubkey {} -> {}", - encode::serialize_hex(&chan_utils::build_htlc_transaction(&counterparty_commitment_tx.0.txid(), feerate_per_kw, self.holder_selected_contest_delay, htlc, &counterparty_keys.delayed_payment_key, &counterparty_keys.revocation_key)), + encode::serialize_hex(&chan_utils::build_htlc_transaction(&counterparty_commitment_tx.0.txid(), feerate_per_kw, self.holder_selected_contest_delay, htlc, &counterparty_keys.broadcaster_delayed_payment_key, &counterparty_keys.revocation_key)), encode::serialize_hex(&chan_utils::get_htlc_redeemscript(&htlc, counterparty_keys)), log_bytes!(counterparty_keys.broadcaster_htlc_key.serialize()), log_bytes!(htlc_sig.serialize_compact()[..])); diff --git a/lightning/src/ln/channelmonitor.rs b/lightning/src/ln/channelmonitor.rs index 3b131805..23dd2fc1 100644 --- a/lightning/src/ln/channelmonitor.rs +++ b/lightning/src/ln/channelmonitor.rs @@ -1162,7 +1162,7 @@ impl ChannelMonitor { revocation_key: initial_local_commitment_tx.local_keys.revocation_key, a_htlc_key: initial_local_commitment_tx.local_keys.broadcaster_htlc_key, b_htlc_key: initial_local_commitment_tx.local_keys.countersignatory_htlc_key, - delayed_payment_key: initial_local_commitment_tx.local_keys.delayed_payment_key, + delayed_payment_key: initial_local_commitment_tx.local_keys.broadcaster_delayed_payment_key, per_commitment_point: initial_local_commitment_tx.local_keys.per_commitment_point, feerate_per_kw: initial_local_commitment_tx.feerate_per_kw, htlc_outputs: Vec::new(), // There are never any HTLCs in the initial commitment transactions @@ -1338,7 +1338,7 @@ impl ChannelMonitor { revocation_key: commitment_tx.local_keys.revocation_key, a_htlc_key: commitment_tx.local_keys.broadcaster_htlc_key, b_htlc_key: commitment_tx.local_keys.countersignatory_htlc_key, - delayed_payment_key: commitment_tx.local_keys.delayed_payment_key, + delayed_payment_key: commitment_tx.local_keys.broadcaster_delayed_payment_key, per_commitment_point: commitment_tx.local_keys.per_commitment_point, feerate_per_kw: commitment_tx.feerate_per_kw, htlc_outputs: htlc_outputs, diff --git a/lightning/src/ln/functional_tests.rs b/lightning/src/ln/functional_tests.rs index 6a3fcfd3..70030d1d 100644 --- a/lightning/src/ln/functional_tests.rs +++ b/lightning/src/ln/functional_tests.rs @@ -1652,7 +1652,7 @@ fn test_fee_spike_violation_fails_htlc() { let local_commit_tx_output = TxOut { script_pubkey: chan_utils::get_revokeable_redeemscript(&commit_tx_keys.revocation_key, BREAKDOWN_TIMEOUT, - &commit_tx_keys.delayed_payment_key).to_v0_p2wsh(), + &commit_tx_keys.broadcaster_delayed_payment_key).to_v0_p2wsh(), value: 95000, }; diff --git a/lightning/src/ln/onchaintx.rs b/lightning/src/ln/onchaintx.rs index 1292f8e4..ec11215d 100644 --- a/lightning/src/ln/onchaintx.rs +++ b/lightning/src/ln/onchaintx.rs @@ -588,7 +588,7 @@ impl OnchainTxHandler { let witness_script = if let Some(ref htlc) = *htlc { chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, &chan_keys.broadcaster_htlc_key, &chan_keys.countersignatory_htlc_key, &chan_keys.revocation_key) } else { - chan_utils::get_revokeable_redeemscript(&chan_keys.revocation_key, *on_remote_tx_csv, &chan_keys.delayed_payment_key) + chan_utils::get_revokeable_redeemscript(&chan_keys.revocation_key, *on_remote_tx_csv, &chan_keys.broadcaster_delayed_payment_key) }; if let Ok(sig) = self.key_storage.sign_justice_transaction(&bumped_tx, i, *amount, &per_commitment_key, htlc, &self.secp_ctx) { diff --git a/lightning/src/util/enforcing_trait_impls.rs b/lightning/src/util/enforcing_trait_impls.rs index e31e774f..8f73ee8f 100644 --- a/lightning/src/util/enforcing_trait_impls.rs +++ b/lightning/src/util/enforcing_trait_impls.rs @@ -104,7 +104,7 @@ impl ChannelKeys for EnforcingChannelKeys { for this_htlc in local_commitment_tx.per_htlc.iter() { if this_htlc.0.transaction_output_index.is_some() { - let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, local_commitment_tx.feerate_per_kw, local_csv, &this_htlc.0, &local_commitment_tx.local_keys.delayed_payment_key, &local_commitment_tx.local_keys.revocation_key); + let htlc_tx = chan_utils::build_htlc_transaction(&commitment_txid, local_commitment_tx.feerate_per_kw, local_csv, &this_htlc.0, &local_commitment_tx.local_keys.broadcaster_delayed_payment_key, &local_commitment_tx.local_keys.revocation_key); let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&this_htlc.0, &local_commitment_tx.local_keys); -- 2.30.2