splice: use old per_commit point for splicing

Author: ksedgwic

channeld/channeld.c

@@ -1321,6 +1321,7 @@ static struct bitcoin_signature *calc_commitsigs(const tal_t *ctx,
 						  struct bitcoin_tx **txs,
 						  const u8 *funding_wscript,
 						  const struct htlc **htlc_map,
+						  const struct pubkey *remote_per_commit,
 						  u64 commit_index,
 						  struct bitcoin_signature *commit_sig)
 {
@@ -1333,7 +1334,7 @@ static struct bitcoin_signature *calc_commitsigs(const tal_t *ctx,
 	htlcs = collect_htlcs(tmpctx, htlc_map);
 	msg = towire_hsmd_sign_remote_commitment_tx(NULL, txs[0],
 						   &peer->channel->funding_pubkey[REMOTE],
-						   &peer->remote_per_commit,
+						    remote_per_commit,
 						    channel_has(peer->channel,
 								OPT_STATIC_REMOTEKEY),
 						    commit_index,
@@ -1357,7 +1358,7 @@ static struct bitcoin_signature *calc_commitsigs(const tal_t *ctx,
 	dump_htlcs(peer->channel, "Sending commit_sig");
 
 	if (!derive_simple_key(&peer->channel->basepoints[LOCAL].htlc,
-			       &peer->remote_per_commit,
+			       remote_per_commit,
 			       &local_htlckey))
 		status_failed(STATUS_FAIL_INTERNAL_ERROR,
 			      "Deriving local_htlckey");
@@ -1377,7 +1378,7 @@ static struct bitcoin_signature *calc_commitsigs(const tal_t *ctx,
 		wscript = bitcoin_tx_output_get_witscript(tmpctx, txs[0],
 							  txs[i+1]->wtx->inputs[0].index);
 		msg = towire_hsmd_sign_remote_htlc_tx(NULL, txs[i + 1], wscript,
-						      &peer->remote_per_commit,
+						      remote_per_commit,
 						      channel_has_anchors(peer->channel));
 
 		msg = hsm_req(tmpctx, take(msg));
@@ -1530,6 +1531,32 @@ static u8 *send_commit_part(const tal_t *ctx,
 	int local_anchor_outnum;
 	struct tlv_commitment_signed_tlvs *cs_tlv
 		= tlv_commitment_signed_tlvs_new(tmpctx);
+	const struct pubkey *remote_per_commit;
+
+	status_debug("send_commit_part: "
+		     "remote_index=%"PRIu64" "
+		     "remote_next_index=%"PRIu64" "
+		     "old_remote_per_commit=%s "
+		     "remote_per_commit=%s",
+		     remote_index,
+		     peer->next_index[REMOTE],
+		     type_to_string(tmpctx, struct pubkey, &peer->old_remote_per_commit),
+		     type_to_string(tmpctx, struct pubkey, &peer->remote_per_commit));
+
+	/* We need to be able to sign at the current commitment number for retries
+	 * and splice candidates or the next commitment number for state advances
+	 */
+	if (remote_index == peer->next_index[REMOTE] - 1)
+		remote_per_commit = &peer->old_remote_per_commit;
+	else if (remote_index == peer->next_index[REMOTE])
+		remote_per_commit = &peer->remote_per_commit;
+	else {
+		status_broken("send_commit_part called with remote_index=%"PRIu64" "
+			      "when peer->next_index[REMOTE]=%"PRIu64"",
+			      remote_index,
+			      peer->next_index[REMOTE]);
+		abort();
+	}
 
 	/* In theory, peer will ignore TLV 1 as unknown, but while
 	 * spec is in flux this is dangerous, as it may change: so don't
@@ -1546,12 +1573,12 @@ static u8 *send_commit_part(const tal_t *ctx,
 
 	txs = channel_txs(tmpctx, funding, funding_sats, &htlc_map,
 			  direct_outputs, &funding_wscript,
-			  peer->channel, &peer->remote_per_commit,
+			  peer->channel, remote_per_commit,
 			  remote_index, REMOTE,
 			  splice_amnt, remote_splice_amnt, &local_anchor_outnum);
 	htlc_sigs =
 	    calc_commitsigs(tmpctx, peer, txs, funding_wscript, htlc_map,
-			    remote_index, &commit_sig);
+			    remote_per_commit, remote_index, &commit_sig);
 
 	if (direct_outputs[LOCAL] != NULL) {
 		pbase = penalty_base_new(tmpctx, remote_index,
@@ -2009,6 +2036,8 @@ static struct commitsig_info *handle_peer_commit_sig(struct peer *peer,
 	struct channel_id active_id;
 	const struct commitsig **commitsigs;
 	int remote_anchor_outnum;
+	struct pubkey old_local_per_commit;
+	const struct pubkey *local_per_commit;
 
 	status_debug("handle_peer_commit_sig(splice: %d, remote_splice: %d)",
 		     (int)splice_amnt, (int)remote_splice_amnt);
@@ -2089,9 +2118,37 @@ static struct commitsig_info *handle_peer_commit_sig(struct peer *peer,
 		funding_sats = peer->channel->funding_sats;
 	}
 
+	get_per_commitment_point(peer->next_index[LOCAL] - 1,
+				 &old_local_per_commit, NULL);
+
+	status_debug("handle_peer_commit_sig: "
+		     "local_index=%"PRIu64" "
+		     "local_next_index=%"PRIu64" "
+		     "old_local_per_commit=%s "
+		     "local_per_commit=%s",
+		     local_index,
+		     peer->next_index[LOCAL],
+		     type_to_string(tmpctx, struct pubkey, &old_local_per_commit),
+		     type_to_string(tmpctx, struct pubkey, &peer->next_local_per_commit));
+
+	/* We need to be able to sign/validate at the current commitment number for retries
+	 * and splice candidates or the next commitment number for state advances
+	 */
+	if (local_index == peer->next_index[LOCAL] - 1)
+		local_per_commit = &old_local_per_commit;
+	else if (local_index == peer->next_index[LOCAL])
+		local_per_commit = &peer->next_local_per_commit;
+	else {
+		status_broken("handle_peer_commit_sig called with local_index=%"PRIu64" "
+			      "when peer->next_index[LOCAL]=%"PRIu64"",
+			      local_index,
+			      peer->next_index[LOCAL]);
+		abort();
+	}
+
 	txs = channel_txs(tmpctx, &outpoint, funding_sats, &htlc_map,
 			  NULL, &funding_wscript, peer->channel,
-			  &peer->next_local_per_commit,
+			  local_per_commit,
 			  local_index, LOCAL, splice_amnt,
 			  remote_splice_amnt, &remote_anchor_outnum);
 
@@ -2103,15 +2160,15 @@ static struct commitsig_info *handle_peer_commit_sig(struct peer *peer,
 			      "Unable to set signature internally");
 
 	if (!derive_simple_key(&peer->channel->basepoints[REMOTE].htlc,
-			       &peer->next_local_per_commit, &remote_htlckey))
+			       local_per_commit, &remote_htlckey))
 		status_failed(STATUS_FAIL_INTERNAL_ERROR,
 			      "Deriving remote_htlckey");
 	status_debug("Derived key %s from basepoint %s, point %s",
 		     type_to_string(tmpctx, struct pubkey, &remote_htlckey),
 		     type_to_string(tmpctx, struct pubkey,
 				    &peer->channel->basepoints[REMOTE].htlc),
 		     type_to_string(tmpctx, struct pubkey,
-				    &peer->next_local_per_commit));
+				    local_per_commit));
 	/* BOLT #2:
 	 *
 	 * A receiving node: