From e217bc122041b808d93922bf90b47ed1b1b988a5 Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Mon, 9 Jul 2018 20:47:58 +0930
Subject: [PATCH] per-commit-secret is a struct secret, not a sha256.

Well, it's generated by shachain, so technically it is a sha256, but
that's an internal detail.  It's a secret.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 channeld/channel.c         | 6 +++---
 channeld/channel_wire.csv  | 2 +-
 common/derive_basepoints.c | 9 ++++++---
 common/derive_basepoints.h | 2 +-
 devtools/print_wire.c      | 1 +
 devtools/print_wire.h      | 1 +
 lightningd/peer_htlcs.c    | 4 ++--
 tools/generate-wire.py     | 4 +++-
 wallet/test/run-wallet.c   | 4 +++-
 wallet/wallet.c            | 9 +++++++--
 wallet/wallet.h            | 2 +-
 wire/test/run-peer-wire.c  | 2 +-
 12 files changed, 30 insertions(+), 16 deletions(-)

diff --git a/channeld/channel.c b/channeld/channel.c
index b8f14ece0..888215bd2 100644
--- a/channeld/channel.c
+++ b/channeld/channel.c
@@ -1119,7 +1119,7 @@ static void start_commit_timer(struct peer *peer)
 static u8 *make_revocation_msg(const struct peer *peer, u64 revoke_index)
 {
 	struct pubkey oldpoint, point;
-	struct sha256 old_commit_secret;
+	struct secret old_commit_secret;
 
 	/* Get secret. */
 	per_commit_secret(&peer->shaseed, &old_commit_secret, revoke_index);
@@ -1363,7 +1363,7 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg)
 }
 
 static u8 *got_revoke_msg(const tal_t *ctx, u64 revoke_num,
-			  const struct sha256 *per_commitment_secret,
+			  const struct secret *per_commitment_secret,
 			  const struct pubkey *next_per_commit_point,
 			  const struct htlc **changed_htlcs)
 {
@@ -1389,7 +1389,7 @@ static u8 *got_revoke_msg(const tal_t *ctx, u64 revoke_num,
 
 static void handle_peer_revoke_and_ack(struct peer *peer, const u8 *msg)
 {
-	struct sha256 old_commit_secret;
+	struct secret old_commit_secret;
 	struct privkey privkey;
 	struct channel_id channel_id;
 	struct pubkey per_commit_point, next_per_commit;
diff --git a/channeld/channel_wire.csv b/channeld/channel_wire.csv
index 87db09a26..681cba28a 100644
--- a/channeld/channel_wire.csv
+++ b/channeld/channel_wire.csv
@@ -151,7 +151,7 @@ channel_got_commitsig_reply,1121
 
 channel_got_revoke,1022
 channel_got_revoke,,revokenum,u64
-channel_got_revoke,,per_commitment_secret,struct sha256
+channel_got_revoke,,per_commitment_secret,struct secret
 channel_got_revoke,,next_per_commit_point,struct pubkey
 # RCVD_ADD_ACK_REVOCATION, RCVD_REMOVE_ACK_REVOCATION, RCVD_ADD_REVOCATION, RCVD_REMOVE_REVOCATION
 channel_got_revoke,,num_changed,u16
diff --git a/common/derive_basepoints.c b/common/derive_basepoints.c
index e2f833e39..92c4806e9 100644
--- a/common/derive_basepoints.c
+++ b/common/derive_basepoints.c
@@ -51,11 +51,14 @@ bool derive_basepoints(const struct secret *seed,
 }
 
 void per_commit_secret(const struct sha256 *shaseed,
-		       struct sha256 *commit_secret,
+		       struct secret *commit_secret,
 		       u64 per_commit_index)
 {
-	shachain_from_seed(shaseed, shachain_index(per_commit_index),
-			   commit_secret);
+	struct sha256 s;
+	shachain_from_seed(shaseed, shachain_index(per_commit_index), &s);
+
+	BUILD_ASSERT(sizeof(s) == sizeof(*commit_secret));
+	memcpy(commit_secret, &s, sizeof(s));
 }
 
 bool per_commit_point(const struct sha256 *shaseed,
diff --git a/common/derive_basepoints.h b/common/derive_basepoints.h
index b9d975dfa..7e119cf13 100644
--- a/common/derive_basepoints.h
+++ b/common/derive_basepoints.h
@@ -45,7 +45,7 @@ bool derive_basepoints(const struct secret *seed,
  * @per_commit_index: (in) which @commit_secret to return.
  */
 void per_commit_secret(const struct sha256 *shaseed,
-		       struct sha256 *commit_secret,
+		       struct secret *commit_secret,
 		       u64 per_commit_index);
 
 /**
diff --git a/devtools/print_wire.c b/devtools/print_wire.c
index 650d765bd..2db2eb6f8 100644
--- a/devtools/print_wire.c
+++ b/devtools/print_wire.c
@@ -179,5 +179,6 @@ PRINTWIRE_STRUCT_TYPE_TO_STRING(channel_id);
 PRINTWIRE_STRUCT_TYPE_TO_STRING(preimage);
 PRINTWIRE_STRUCT_TYPE_TO_STRING(pubkey);
 PRINTWIRE_STRUCT_TYPE_TO_STRING(sha256);
+PRINTWIRE_STRUCT_TYPE_TO_STRING(secret);
 PRINTWIRE_STRUCT_TYPE_TO_STRING(short_channel_id);
 PRINTWIRE_TYPE_TO_STRING(secp256k1_ecdsa_signature, secp256k1_ecdsa_signature);
diff --git a/devtools/print_wire.h b/devtools/print_wire.h
index d23d7a60f..fea9c3904 100644
--- a/devtools/print_wire.h
+++ b/devtools/print_wire.h
@@ -18,6 +18,7 @@ void printwire_preimage(const char *fieldname, const struct preimage *preimage);
 void printwire_pubkey(const char *fieldname, const struct pubkey *pubkey);
 void printwire_secp256k1_ecdsa_signature(const char *fieldname, const secp256k1_ecdsa_signature *);
 void printwire_sha256(const char *fieldname, const struct sha256 *sha256);
+void printwire_secret(const char *fieldname, const struct secret *secret);
 void printwire_short_channel_id(const char *fieldname, const struct short_channel_id *short_channel_id);
 
 #endif /* LIGHTNING_DEVTOOLS_PRINT_WIRE_H */
diff --git a/lightningd/peer_htlcs.c b/lightningd/peer_htlcs.c
index 8914dc756..23e9b5d1c 100644
--- a/lightningd/peer_htlcs.c
+++ b/lightningd/peer_htlcs.c
@@ -1245,7 +1245,7 @@ void update_per_commit_point(struct channel *channel,
 void peer_got_revoke(struct channel *channel, const u8 *msg)
 {
 	u64 revokenum;
-	struct sha256 per_commitment_secret;
+	struct secret per_commitment_secret;
 	struct pubkey next_per_commitment_point;
 	struct changed_htlc *changed;
 	enum onion_type *failcodes;
@@ -1307,7 +1307,7 @@ void peer_got_revoke(struct channel *channel, const u8 *msg)
 				      &per_commitment_secret)) {
 		channel_fail_permanent(channel,
 				    "Bad per_commitment_secret %s for %"PRIu64,
-				    type_to_string(msg, struct sha256,
+				    type_to_string(msg, struct secret,
 						   &per_commitment_secret),
 				    revokenum);
 		return;
diff --git a/tools/generate-wire.py b/tools/generate-wire.py
index 314750978..ebd52c368 100755
--- a/tools/generate-wire.py
+++ b/tools/generate-wire.py
@@ -21,6 +21,7 @@ type2size = {
     'struct sha256': 32,
     'struct bitcoin_blkid': 32,
     'struct bitcoin_txid': 32,
+    'struct secret': 32,
     'u64': 8,
     'u32': 4,
     'u16': 2,
@@ -75,7 +76,8 @@ typemap = {
     ('node_announcement', 'ipv6'): FieldType('struct ipv6'),
     ('announcement_signatures', 'short_channel_id'): FieldType('struct short_channel_id'),
     ('channel_announcement', 'short_channel_id'): FieldType('struct short_channel_id'),
-    ('channel_update', 'short_channel_id'): FieldType('struct short_channel_id')
+    ('channel_update', 'short_channel_id'): FieldType('struct short_channel_id'),
+    ('revoke_and_ack', 'per_commitment_secret'): FieldType('struct secret')
 }
 
 # Partial names that map to a datatype
diff --git a/wallet/test/run-wallet.c b/wallet/test/run-wallet.c
index b1eac0946..f9b25af53 100644
--- a/wallet/test/run-wallet.c
+++ b/wallet/test/run-wallet.c
@@ -599,6 +599,7 @@ static bool test_shachain_crud(struct lightningd *ld, const tal_t *ctx)
 	struct wallet_shachain a, b;
 	struct wallet *w = create_test_wallet(ld, ctx);
 	struct sha256 seed, hash;
+	struct secret secret;
 	uint64_t index = UINT64_MAX >> (64 - SHACHAIN_BITS);
 
 	memset(&seed, 'A', sizeof(seed));
@@ -617,7 +618,8 @@ static bool test_shachain_crud(struct lightningd *ld, const tal_t *ctx)
 
 	for (int i=0; i<100; i++) {
 		shachain_from_seed(&seed, index, &hash);
-		CHECK(wallet_shachain_add_hash(w, &a, index, &hash));
+		memcpy(&secret, &hash, sizeof(secret));
+		CHECK(wallet_shachain_add_hash(w, &a, index, &secret));
 		index--;
 	}
 
diff --git a/wallet/wallet.c b/wallet/wallet.c
index 1b24749fc..b1b71f361 100644
--- a/wallet/wallet.c
+++ b/wallet/wallet.c
@@ -424,12 +424,17 @@ static unsigned int count_trailing_zeroes(uint64_t index)
 bool wallet_shachain_add_hash(struct wallet *wallet,
 			      struct wallet_shachain *chain,
 			      uint64_t index,
-			      const struct sha256 *hash)
+			      const struct secret *hash)
 {
 	sqlite3_stmt *stmt;
 	u32 pos = count_trailing_zeroes(index);
+	struct sha256 s;
+
+	BUILD_ASSERT(sizeof(s) == sizeof(*hash));
+	memcpy(&s, hash, sizeof(s));
+
 	assert(index < SQLITE_MAX_UINT);
-	if (!shachain_add_hash(&chain->chain, index, hash)) {
+	if (!shachain_add_hash(&chain->chain, index, &s)) {
 		return false;
 	}
 
diff --git a/wallet/wallet.h b/wallet/wallet.h
index aa359be7c..1cdb6612c 100644
--- a/wallet/wallet.h
+++ b/wallet/wallet.h
@@ -228,7 +228,7 @@ s64 wallet_get_newindex(struct lightningd *ld);
 bool wallet_shachain_add_hash(struct wallet *wallet,
 			      struct wallet_shachain *chain,
 			      uint64_t index,
-			      const struct sha256 *hash);
+			      const struct secret *hash);
 
 /**
  * wallet_shachain_load -- Load an existing shachain from the wallet.
diff --git a/wire/test/run-peer-wire.c b/wire/test/run-peer-wire.c
index 10f4de91c..7ab361723 100644
--- a/wire/test/run-peer-wire.c
+++ b/wire/test/run-peer-wire.c
@@ -117,7 +117,7 @@ struct msg_funding_signed {
 };
 struct msg_revoke_and_ack {
 	struct channel_id channel_id;
-	struct sha256 per_commitment_secret;
+	struct secret per_commitment_secret;
 	struct pubkey next_per_commitment_point;
 };
 struct msg_channel_update {