BOLTs: update which renames blinding terminology.

No code changes, just catching up with the BOLT changes which rework our
blinded path terminology (for the better!).

Another patch will sweep the rest of our internal names, this tries only to
make things compile and fix up the BOLT quotes.

1. Inside payload: current_blinding_point -> current_path_key
2. Inside update_add_htlc TLV: blinding_point -> blinded_path
3. Inside blinded_path: blinding -> first_path_key
4. Inside onion_message: blinding -> path_key.
5. Inside encrypted_data_tlv: next_blinding_override -> next_path_key_override

Signed-off-by: Rusty Russell <[email protected]>

Author: rustyrussell

Makefile

@@ -26,7 +26,7 @@ CCANDIR := ccan
 
 # Where we keep the BOLT RFCs
 BOLTDIR := ../bolts/
-DEFAULT_BOLTVERSION := 6a51861d93ad617438fe24195768e2742d7708ac
+DEFAULT_BOLTVERSION := 6c0f0d878f52ee189be9649b06a0dd86e52a517a
 # Can be overridden on cmdline.
 BOLTVERSION := $(DEFAULT_BOLTVERSION)
 

channeld/channeld.c

@@ -622,7 +622,7 @@ static void handle_peer_add_htlc(struct peer *peer, const u8 *msg)
 	}
 	add_err = channel_add_htlc(peer->channel, REMOTE, id, amount,
 				   cltv_expiry, &payment_hash,
-				   onion_routing_packet, tlvs->blinding_point, &htlc, NULL,
+				   onion_routing_packet, tlvs->blinded_path, &htlc, NULL,
 				   /* We don't immediately fail incoming htlcs,
 				    * instead we wait and fail them after
 				    * they've been committed */
@@ -4412,8 +4412,8 @@ static void resend_commitment(struct peer *peer, struct changed_htlc *last)
 			struct tlv_update_add_htlc_tlvs *tlvs;
 			if (h->blinding) {
 				tlvs = tlv_update_add_htlc_tlvs_new(tmpctx);
-				tlvs->blinding_point = tal_dup(tlvs, struct pubkey,
-							       h->blinding);
+				tlvs->blinded_path = tal_dup(tlvs, struct pubkey,
+							     h->blinding);
 			} else
 				tlvs = NULL;
 			msg = towire_update_add_htlc(NULL, &peer->channel_id,
@@ -5360,7 +5360,7 @@ static void handle_offer_htlc(struct peer *peer, const u8 *inmsg)
 
 	if (blinding) {
 		tlvs = tlv_update_add_htlc_tlvs_new(tmpctx);
-		tlvs->blinding_point = tal_dup(tlvs, struct pubkey, blinding);
+		tlvs->blinded_path = tal_dup(tlvs, struct pubkey, blinding);
 	} else
 		tlvs = NULL;
 

common/blindedpath.c

@@ -14,13 +14,13 @@
 #endif
 
 /* Blinds node_id and calculates next blinding factor. */
-static bool blind_node(const struct privkey *blinding,
+static bool blind_node(const struct privkey *path_privkey,
 		       const struct secret *ss,
 		       const struct pubkey *node,
 		       struct pubkey *node_alias,
-		       struct privkey *next_blinding)
+		       struct privkey *next_path_privkey)
 {
-	struct pubkey blinding_pubkey;
+	struct pubkey path_pubkey;
 	struct sha256 h;
 
 	if (!blindedpath_get_alias(ss, node, node_alias))
@@ -30,32 +30,32 @@ static bool blind_node(const struct privkey *blinding,
 
 	/* BOLT #4:
 	 *  - $`E_{i+1} = SHA256(E_i || ss_i) * E_i`$
-	 *     (NB: $`N_i`$ MUST NOT learn $`e_i`$)
+	 *     (`path_key`. NB: $`N_i`$ MUST NOT learn $`e_i`$)
 	 */
-	if (!pubkey_from_privkey(blinding, &blinding_pubkey))
+	if (!pubkey_from_privkey(path_privkey, &path_pubkey))
 		return false;
 	SUPERVERBOSE("\t\"E\": \"%s\",\n",
-		     fmt_pubkey(tmpctx, &blinding_pubkey));
+		     fmt_pubkey(tmpctx, &path_pubkey));
 
 	/* BOLT #4:
 	 *  - $`e_{i+1} = SHA256(E_i || ss_i) * e_i`$
-	 *     (blinding ephemeral private key, only known by $`N_r`$)
+	 *     (ephemeral private path key, only known by $`N_r`$)
 	 */
-	blinding_hash_e_and_ss(&blinding_pubkey, ss, &h);
+	blinding_hash_e_and_ss(&path_pubkey, ss, &h);
 	SUPERVERBOSE("\t\"H(E || ss)\": \"%s\",\n",
 		     fmt_sha256(tmpctx, &h));
-	blinding_next_privkey(blinding, &h, next_blinding);
+	blinding_next_path_privkey(path_privkey, &h, next_path_privkey);
 	SUPERVERBOSE("\t\"next_e\": \"%s\",\n",
-		     fmt_privkey(tmpctx, next_blinding));
+		     fmt_privkey(tmpctx, next_path_privkey));
 
 	return true;
 }
 
 static u8 *enctlv_from_encmsg_raw(const tal_t *ctx,
-				  const struct privkey *blinding,
+				  const struct privkey *path_privkey,
 				  const struct pubkey *node,
 				  const u8 *raw_encmsg TAKES,
-				  struct privkey *next_blinding,
+				  struct privkey *next_path_privkey,
 				  struct pubkey *node_alias)
 {
 	struct secret ss, rho;
@@ -65,33 +65,33 @@ static u8 *enctlv_from_encmsg_raw(const tal_t *ctx,
 	static const unsigned char npub[crypto_aead_chacha20poly1305_ietf_NPUBBYTES];
 
 	/* BOLT #4:
-	 *     - $`ss_i = SHA256(e_i * N_i) = SHA256(k_i * E_i)$`
+	 *     - $`ss_i = SHA256(e_i * N_i) = SHA256(k_i * E_i)`$
 	 *        (ECDH shared secret known only by $`N_r`$ and $`N_i`$)
 	 */
 	if (secp256k1_ecdh(secp256k1_ctx, ss.data,
-			   &node->pubkey, blinding->secret.data,
+			   &node->pubkey, path_privkey->secret.data,
 			   NULL, NULL) != 1)
 		return NULL;
 	SUPERVERBOSE("\t\"ss\": \"%s\",\n",
 		     fmt_secret(tmpctx, &ss));
 
-	/* This calculates the node's alias, and next blinding */
-	if (!blind_node(blinding, &ss, node, node_alias, next_blinding))
+	/* This calculates the node's alias, and next path_key */
+	if (!blind_node(path_privkey, &ss, node, node_alias, next_path_privkey))
 		return NULL;
 
 	ret = tal_dup_talarr(ctx, u8, raw_encmsg);
 
 	/* BOLT #4:
 	 * - $`rho_i = HMAC256(\text{"rho"}, ss_i)`$
-	 *    (key used to encrypt the payload for $`N_i`$ by $`N_r`$)
+	 *    (key used to encrypt `encrypted_recipient_data` for $`N_i`$ by $`N_r`$)
 	 */
 	subkey_from_hmac("rho", &ss, &rho);
 	SUPERVERBOSE("\t\"rho\": \"%s\",\n",
 		     fmt_secret(tmpctx, &rho));
 
 	/* BOLT #4:
 	 * - MUST encrypt each `encrypted_data_tlv[i]` with ChaCha20-Poly1305 using
-	 *   the corresponding `rho_i` key and an all-zero nonce to produce
+	 *   the corresponding $`rho_i`$ key and an all-zero nonce to produce
 	 *   `encrypted_recipient_data[i]`
 	 */
 	/* Encrypt in place */
@@ -109,24 +109,24 @@ static u8 *enctlv_from_encmsg_raw(const tal_t *ctx,
 }
 
 u8 *encrypt_tlv_encrypted_data(const tal_t *ctx,
-			       const struct privkey *blinding,
+			       const struct privkey *path_privkey,
 			       const struct pubkey *node,
-			       const struct tlv_encrypted_data_tlv *encmsg,
-			       struct privkey *next_blinding,
+			       const struct tlv_encrypted_data_tlv *tlv,
+			       struct privkey *next_path_privkey,
 			       struct pubkey *node_alias)
 {
 	struct privkey unused;
-	u8 *encmsg_raw = tal_arr(NULL, u8, 0);
-	towire_tlv_encrypted_data_tlv(&encmsg_raw, encmsg);
+	u8 *tlv_wire = tal_arr(NULL, u8, 0);
+	towire_tlv_encrypted_data_tlv(&tlv_wire, tlv);
 
-	/* last hop doesn't care about next_blinding */
-	if (!next_blinding)
-		next_blinding = &unused;
-	return enctlv_from_encmsg_raw(ctx, blinding, node, take(encmsg_raw),
-				      next_blinding, node_alias);
+	/* last hop doesn't care about next path_key */
+	if (!next_path_privkey)
+		next_path_privkey = &unused;
+	return enctlv_from_encmsg_raw(ctx, path_privkey, node, take(tlv_wire),
+				      next_path_privkey, node_alias);
 }
 
-bool unblind_onion(const struct pubkey *blinding,
+bool unblind_onion(const struct pubkey *path_key,
 		   void (*ecdh)(const struct pubkey *point, struct secret *ss),
 		   struct pubkey *onion_key,
 		   struct secret *ss)
@@ -140,7 +140,7 @@ bool unblind_onion(const struct pubkey *blinding,
 	 *   - $`ss_i = SHA256(k_i * E_i)`$ (standard ECDH)
 	 *   - $`b_i = HMAC256(\text{"blinded\_node\_id"}, ss_i) * k_i`$
 	 */
-	ecdh(blinding, ss);
+	ecdh(path_key, ss);
 	subkey_from_hmac("blinded_node_id", ss, &hmac);
 
 	/* We instead tweak the *ephemeral* key from the onion and use
@@ -149,15 +149,14 @@ bool unblind_onion(const struct pubkey *blinding,
 	/* BOLT #4:
 	 * - MUST use $`b_i`$ instead of its private key $`k_i`$ to decrypt the onion. Note
 	 *   that the node may instead tweak the onion ephemeral key with
-	 *   $`HMAC256(\text{"blinded\_node\_id}", ss_i)`$ which achieves the same result.
+	 *   $`HMAC256(\text{"blinded\_node\_id"}, ss_i)`$ which achieves the same result.
 	 */
 	return secp256k1_ec_pubkey_tweak_mul(secp256k1_ctx,
 					     &onion_key->pubkey,
 					     hmac.data) == 1;
 }
 
 u8 *decrypt_encmsg_raw(const tal_t *ctx,
-		       const struct pubkey *blinding,
 		       const struct secret *ss,
 		       const u8 *enctlv)
 {
@@ -197,17 +196,16 @@ u8 *decrypt_encmsg_raw(const tal_t *ctx,
 }
 
 struct tlv_encrypted_data_tlv *decrypt_encrypted_data(const tal_t *ctx,
-						      const struct pubkey *blinding,
 						      const struct secret *ss,
 						      const u8 *enctlv)
 {
-	const u8 *cursor = decrypt_encmsg_raw(tmpctx, blinding, ss, enctlv);
+	const u8 *cursor = decrypt_encmsg_raw(tmpctx, ss, enctlv);
 	size_t maxlen = tal_bytelen(cursor);
 
 	/* BOLT #4:
 	 *
 	 * - MUST return an error if `encrypted_recipient_data` does not decrypt
-	 *   using the blinding point as described in
+	 *   using the `path_key` as described in
 	 *   [Route Blinding](#route-blinding).
 	 */
 	/* Note: our parser consider nothing is a valid TLV, but decrypt_encmsg_raw
@@ -237,27 +235,27 @@ bool blindedpath_get_alias(const struct secret *ss,
 					     node_id_blinding.data) == 1;
 }
 
-void blindedpath_next_blinding(const struct tlv_encrypted_data_tlv *enc,
-			       const struct pubkey *blinding,
+void blindedpath_next_path_key(const struct tlv_encrypted_data_tlv *enc,
+			       const struct pubkey *path_key,
 			       const struct secret *ss,
-			       struct pubkey *next_blinding)
+			       struct pubkey *next_path_key)
 {
 	/* BOLT #4:
 	 *   - $`E_{i+1} = SHA256(E_i || ss_i) * E_i`$
 	 * ...
-	 * - If `encrypted_data` contains a `next_blinding_override`:
-	 *   - MUST use it as the next blinding point instead of $`E_{i+1}`$
+	 * - If `encrypted_data` contains a `next_path_key_override`:
+	 *   - MUST use it as the next `path_key` instead of $`E_{i+1}`$
 	 *   - Otherwise:
-	 *     - MUST use $`E_{i+1}`$ as the next blinding point
+	 *     - MUST use $`E_{i+1}`$ as the next `path_key`
 	 */
-	if (enc->next_blinding_override)
-		*next_blinding = *enc->next_blinding_override;
+	if (enc->next_path_key_override)
+		*next_path_key = *enc->next_path_key_override;
 	else {
 		/* BOLT #4:
 		 * $`E_{i+1} = SHA256(E_i || ss_i) * E_i`$
 		 */
 		struct sha256 h;
-		blinding_hash_e_and_ss(blinding, ss, &h);
-		blinding_next_pubkey(blinding, &h, next_blinding);
+		blinding_hash_e_and_ss(path_key, ss, &h);
+		blinding_next_path_key(path_key, &h, next_path_key);
 	}
 }

common/blindedpath.h

@@ -17,33 +17,33 @@ struct tlv_encrypted_data_tlv_payment_relay;
 /**
  * encrypt_tlv_encrypted_data - Encrypt a tlv_encrypted_data_tlv.
  * @ctx: tal context
- * @blinding: e(i), the blinding secret
+ * @path_privkey: e(i), the path key
  * @node: the pubkey of the node to encrypt for
  * @tlv: the message to encrypt.
- * @next_blinding: (out) e(i+1), the next blinding secret (optional)
+ * @next_path_privkey: (out) e(i+1), the next blinding secret (optional)
  * @node_alias: (out) the blinded pubkey of the node to tell the recipient.
  *
  * You create a blinding secret using randombytes_buf(), then call this
  * iteratively for each node in the path.
  */
 u8 *encrypt_tlv_encrypted_data(const tal_t *ctx,
-			       const struct privkey *blinding,
+			       const struct privkey *path_privkey,
 			       const struct pubkey *node,
 			       const struct tlv_encrypted_data_tlv *tlv,
-			       struct privkey *next_blinding,
+			       struct privkey *next_path_privkey,
 			       struct pubkey *node_alias)
 	NON_NULL_ARGS(2, 3, 4, 6);
 
 /**
  * unblind_onion - tweak onion epheremeral key so we can decode it with ours.
- * @blinding: E(i), the blinding pubkey the previous peer gave us.
+ * @path_key: E(i), the blinding pubkey the previous peer gave us.
  * @ecdh: the ecdh routine (usually ecdh from common/ecdh_hsmd).
  * @onion_key: (in, out) the onionpacket->ephemeralkey to tweak.
  * @ss: (out) the shared secret we gained from blinding pubkey.
  *
  * The shared secret is needed to decrypt the enctlv we expect to find, too.
  */
-bool unblind_onion(const struct pubkey *blinding,
+bool unblind_onion(const struct pubkey *path_key,
 		   void (*ecdh)(const struct pubkey *point, struct secret *ss),
 		   struct pubkey *onion_key,
 		   struct secret *ss)
@@ -64,30 +64,27 @@ bool blindedpath_get_alias(const struct secret *ss,
 /**
  * decrypt_encrypted_data - Decrypt an encmsg to form an tlv_encrypted_data_tlv.
  * @ctx: the context to allocate off.
- * @blinding: E(i), the blinding pubkey the previous peer gave us.
  * @ss: the blinding secret from unblind_onion().
  * @enctlv: the enctlv from the onion (tal, may be NULL).
  *
  * Returns NULL if decryption failed or encmsg was malformed.
  */
 struct tlv_encrypted_data_tlv *decrypt_encrypted_data(const tal_t *ctx,
-						      const struct pubkey *blinding,
 						      const struct secret *ss,
 						      const u8 *enctlv)
 	NON_NULL_ARGS(2, 3);
 
 /* Low-level accessor */
 u8 *decrypt_encmsg_raw(const tal_t *ctx,
-		       const struct pubkey *blinding,
 		       const struct secret *ss,
 		       const u8 *enctlv);
 
 /**
- * blindedpath_next_blinding - Calculate or extract next blinding pubkey
+ * blindedpath_next_path_key - Calculate or extract next blinding pubkey
  */
-void blindedpath_next_blinding(const struct tlv_encrypted_data_tlv *enc,
-			       const struct pubkey *blinding,
+void blindedpath_next_path_key(const struct tlv_encrypted_data_tlv *enc,
+			       const struct pubkey *path_key,
 			       const struct secret *ss,
-			       struct pubkey *next_blinding);
+			       struct pubkey *next_path_key);
 
 #endif /* LIGHTNING_COMMON_BLINDEDPATH_H */

common/blindedpay.c

@@ -23,8 +23,8 @@ u8 **blinded_onion_hops(const tal_t *ctx,
 		 *   - MUST include the `encrypted_recipient_data` provided by the
 		 *     recipient
 		 *   - For the first node in the blinded route:
-		 *     - MUST include the `blinding_point` provided by the
-		 *       recipient in `current_blinding_point`
+		 *     - MUST include the `path_key` provided by the
+		 *       recipient in `current_path_key`
 		 *   - If it is the final node:
 		 *     - MUST include `amt_to_forward`, `outgoing_cltv_value` and `total_amount_msat`.
 		 *...
@@ -35,7 +35,7 @@ u8 **blinded_onion_hops(const tal_t *ctx,
 					      final ? &total_amount : NULL,
 					      final ? &final_cltv : NULL,
 					      path->path[i]->encrypted_recipient_data,
-					      first ? &path->blinding : NULL);
+					      first ? &path->first_path_key : NULL);
 	}
 	return onions;
 }

common/blinding.c

@@ -19,9 +19,9 @@ void blinding_hash_e_and_ss(const struct pubkey *e,
 }
 
 /* E(i+1) = H(E(i) || ss(i)) * E(i) */
-bool blinding_next_pubkey(const struct pubkey *pk,
-			  const struct sha256 *h,
-			  struct pubkey *next)
+bool blinding_next_path_key(const struct pubkey *pk,
+			    const struct sha256 *h,
+			    struct pubkey *next)
 {
 
 	*next = *pk;
@@ -30,9 +30,9 @@ bool blinding_next_pubkey(const struct pubkey *pk,
 }
 
 /* e(i+1) = H(E(i) || ss(i)) * e(i) */
-bool blinding_next_privkey(const struct privkey *e,
-			   const struct sha256 *h,
-			   struct privkey *next)
+bool blinding_next_path_privkey(const struct privkey *e,
+				const struct sha256 *h,
+				struct privkey *next)
 {
 	*next = *e;
 	return secp256k1_ec_seckey_tweak_mul(secp256k1_ctx, next->secret.data,

common/blinding.h

@@ -13,13 +13,13 @@ void blinding_hash_e_and_ss(const struct pubkey *e,
 			    struct sha256 *sha);
 
 /* E(i+1) = H(E(i) || ss(i)) * E(i) */
-bool blinding_next_pubkey(const struct pubkey *pk,
-			  const struct sha256 *h,
-			  struct pubkey *next);
+bool blinding_next_path_key(const struct pubkey *pk,
+			    const struct sha256 *h,
+			    struct pubkey *next);
 
 /* e(i+1) = H(E(i) || ss(i)) * e(i) */
-bool blinding_next_privkey(const struct privkey *e,
-			   const struct sha256 *h,
-			   struct privkey *next);
+bool blinding_next_path_privkey(const struct privkey *e,
+				const struct sha256 *h,
+				struct privkey *next);
 
 #endif /* LIGHTNING_COMMON_BLINDING_H */