Expose TxCreationKeys in LocalCommitmentTransaction via a method

This makes it obvious to signer implementers that the pre-derived keys are a local cache and should not be trusted in a validating signer.

diff --git a/lightning/src/ln/chan_utils.rs b/lightning/src/ln/chan_utils.rs
index 1e49782b85e30f5f0c30f4d67d93580c77d5bb7c..b5d4d490774ecf8eb8c044501f926c7f74236ae3 100644 (file)
--- a/lightning/src/ln/chan_utils.rs
+++ b/lightning/src/ln/chan_utils.rs
@@ -540,8 +540,7 @@ pub struct LocalCommitmentTransaction {
        // Which order the signatures should go in when constructing the final commitment tx witness.
        // The user should be able to reconstruc this themselves, so we don't bother to expose it.
        our_sig_first: bool,
-       /// The key derivation parameters for this commitment transaction
-       pub local_keys: TxCreationKeys,
+       pub(crate) local_keys: TxCreationKeys,
        /// The feerate paid per 1000-weight-unit in this commitment transaction. This value is
        /// controlled by the channel initiator.
        pub feerate_per_kw: u32,
@@ -606,6 +605,12 @@ impl LocalCommitmentTransaction {
                }
        }
 
+       /// The pre-calculated transaction creation public keys.
+       /// An external validating signer should not trust these keys.
+       pub fn trust_key_derivation(&self) -> &TxCreationKeys {
+               &self.local_keys
+       }
+
        /// Get the txid of the local commitment transaction contained in this
        /// LocalCommitmentTransaction
        pub fn txid(&self) -> Txid {