1 #include <common/derive_basepoints.h>
2 #include <common/key_derive.h>
3 #include <common/keyset.h>
4
derive_keyset(const struct pubkey * per_commitment_point,const struct basepoints * self,const struct basepoints * other,bool option_static_remotekey,struct keyset * keyset)5 bool derive_keyset(const struct pubkey *per_commitment_point,
6 const struct basepoints *self,
7 const struct basepoints *other,
8 bool option_static_remotekey,
9 struct keyset *keyset)
10 {
11 /* BOLT #3:
12 *
13 * ### `localpubkey`, `local_htlcpubkey`, `remote_htlcpubkey`, `local_delayedpubkey`, and `remote_delayedpubkey` Derivation
14 *
15 * These pubkeys are simply generated by addition from their base points:
16 *
17 * pubkey = basepoint + SHA256(per_commitment_point || basepoint) * G
18 *
19 * The `localpubkey` uses the local node's `payment_basepoint`;
20 * The `remotepubkey` uses the remote node's `payment_basepoint`;
21 * the `local_htlcpubkey` uses the local node's `htlc_basepoint`;
22 * the `remote_htlcpubkey` uses the remote node's `htlc_basepoint`;
23 * the `local_delayedpubkey` uses the local node's `delayed_payment_basepoint`;
24 * and the `remote_delayedpubkey` uses the remote node's `delayed_payment_basepoint`.
25 */
26 if (!derive_simple_key(&self->payment,
27 per_commitment_point,
28 &keyset->self_payment_key))
29 return false;
30
31 /* BOLT #3:
32 *
33 * ### `remotepubkey` Derivation
34 *
35 * If `option_static_remotekey` or `option_anchors` is
36 * negotiated, the `remotepubkey` is simply the remote node's
37 * `payment_basepoint`, otherwise it is calculated as above using the
38 * remote node's `payment_basepoint`.
39 */
40 if (option_static_remotekey)
41 keyset->other_payment_key = other->payment;
42 else if (!derive_simple_key(&other->payment,
43 per_commitment_point,
44 &keyset->other_payment_key))
45 return false;
46
47 if (!derive_simple_key(&self->htlc,
48 per_commitment_point,
49 &keyset->self_htlc_key))
50 return false;
51
52 if (!derive_simple_key(&other->htlc,
53 per_commitment_point,
54 &keyset->other_htlc_key))
55 return false;
56
57 if (!derive_simple_key(&self->delayed_payment,
58 per_commitment_point,
59 &keyset->self_delayed_payment_key))
60 return false;
61
62 /* BOLT #3:
63 *
64 * ### `revocationpubkey` Derivation
65 *
66 * The `revocationpubkey` is a blinded key: when the local node wishes
67 * to create a new commitment for the remote node, it uses its own
68 * `revocation_basepoint` and the remote node's `per_commitment_point`
69 * to derive a new `revocationpubkey` for the commitment.
70 */
71 if (!derive_revocation_key(&other->revocation,
72 per_commitment_point,
73 &keyset->self_revocation_key))
74 return false;
75
76 return true;
77 }
78