Offers initial cleanups

.github/workflows/bsd.yml

@@ -69,7 +69,7 @@ jobs:
             pytest-custom-exit-code==0.3.0 \
             pytest-json-report
 
-          git clone https://github.com/lightningnetwork/lightning-rfc.git ../lightning-rfc
+          git clone https://github.com/lightning/bolts.git ../bolts
           # fatal: unsafe repository ('/Users/runner/work/lightning/lightning' is owned by someone else)
           git config --global --add safe.directory `pwd`
           git submodule update --init --recursive

README.md

@@ -183,7 +183,7 @@ lightning-cli invoice <amount> <label> <description>
 
 This returns some internal details, and a standard invoice string called `bolt11` (named after the [BOLT #11 lightning spec][BOLT11]).
 
-[BOLT11]: https://github.com/lightningnetwork/lightning-rfc/blob/master/11-payment-encoding.md
+[BOLT11]: https://github.com/lightning/bolts/blob/master/11-payment-encoding.md
 
 The sender can feed this `bolt11` string to the `decodepay` command to see what it is, and pay it simply using the `pay` command:
 
@@ -225,7 +225,7 @@ Developers wishing to contribute should start with the developer guide [here](do
 You should also configure with `--enable-developer` to get additional checks and options.
 
 [blockstream-store-blog]: https://blockstream.com/2018/01/16/en-lightning-charge/
-[std]: https://github.com/lightningnetwork/lightning-rfc
+[std]: https://github.com/lightning/bolts
 [prs]: https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat
 [prs-link]: http://makeapullrequest.com
 [IRC]: https://img.shields.io/badge/chat-on%20libera-brightgreen.svg

bitcoin/signature.c

@@ -9,6 +9,7 @@
 #include <bitcoin/tx.h>
 #include <ccan/mem/mem.h>
 #include <common/type_to_string.h>
+#include <secp256k1_schnorrsig.h>
 #include <wire/wire.h>
 
 #undef DEBUG
@@ -415,3 +416,27 @@ void bip340_sighash_init(struct sha256_ctx *sctx,
 	sha256_update(sctx, &taghash, sizeof(taghash));
 }
 
+
+bool check_schnorr_sig(const struct sha256 *hash,
+		       const secp256k1_pubkey *pubkey,
+		       const struct bip340sig *sig)
+{
+	/* FIXME: uuuugly!  There's no non-xonly verify function. */
+	u8 raw[PUBKEY_CMPR_LEN];
+	size_t outlen = sizeof(raw);
+	secp256k1_xonly_pubkey xonly_pubkey;
+
+	if (!secp256k1_ec_pubkey_serialize(secp256k1_ctx, raw, &outlen,
+					   pubkey,
+					   SECP256K1_EC_COMPRESSED))
+		abort();
+	assert(outlen == PUBKEY_CMPR_LEN);
+	if (!secp256k1_xonly_pubkey_parse(secp256k1_ctx, &xonly_pubkey, raw+1))
+		abort();
+
+ 	return secp256k1_schnorrsig_verify(secp256k1_ctx,
+ 					   sig->u8,
+ 					   hash->u.u8,
+ 					   sizeof(hash->u.u8),
+					   &xonly_pubkey) == 1;
+}

bitcoin/signature.h

@@ -5,12 +5,14 @@
 #include <ccan/tal/tal.h>
 #include <secp256k1.h>
 
+struct sha256;
 struct sha256_double;
 struct sha256_ctx;
 struct bitcoin_tx;
 struct pubkey;
 struct privkey;
 struct bitcoin_tx_output;
+struct bip340sig;
 
 enum sighash_type {
     SIGHASH_ALL = 1,
@@ -121,6 +123,13 @@ bool check_tx_sig(const struct bitcoin_tx *tx, size_t input_num,
 		  const struct pubkey *key,
 		  const struct bitcoin_signature *sig);
 
+/**
+ * check a Schnorr signature
+ */
+bool check_schnorr_sig(const struct sha256 *hash,
+		       const secp256k1_pubkey *pubkey,
+		       const struct bip340sig *sig);
+
 /* Give DER encoding of signature: returns length used (<= 73). */
 size_t signature_to_der(u8 der[73], const struct bitcoin_signature *sig);
 

channeld/Makefile

@@ -64,7 +64,6 @@ CHANNELD_COMMON_OBJS :=				\
 	common/memleak.o			\
 	common/msg_queue.o			\
 	common/node_id.o			\
-	common/onion.o				\
 	common/onionreply.o			\
 	common/peer_billboard.o			\
 	common/peer_failed.o			\
@@ -78,7 +77,6 @@ CHANNELD_COMMON_OBJS :=				\
 	common/pseudorand.o			\
 	common/read_peer_msg.o			\
 	common/setup.o				\
-	common/sphinx.o				\
 	common/status.o				\
 	common/status_wire.o			\
 	common/subdaemon.o			\

channeld/channeld.c

@@ -2311,7 +2311,6 @@ static void peer_in(struct peer *peer, const u8 *msg)
 	case WIRE_PONG:
 	case WIRE_WARNING:
 	case WIRE_ERROR:
-	case WIRE_OBS2_ONION_MESSAGE:
 	case WIRE_ONION_MESSAGE:
 		abort();
 	}
@@ -3803,9 +3802,6 @@ static void init_channel(struct peer *peer)
 	struct channel_type *channel_type;
 	u32 *dev_disable_commit; /* Always NULL */
 	bool dev_fast_gossip;
-#if !DEVELOPER
-	bool dev_fail_process_onionpacket; /* Ignored */
-#endif
 
 	assert(!(fcntl(MASTER_FD, F_GETFL) & O_NONBLOCK));
 
@@ -3868,7 +3864,6 @@ static void init_channel(struct peer *peer)
 				    &remote_ann_bitcoin_sig,
 				    &channel_type,
 				    &dev_fast_gossip,
-				    &dev_fail_process_onionpacket,
 				    &dev_disable_commit,
 				    &pbases,
 				    &reestablish_only,

channeld/channeld_wire.csv

@@ -76,7 +76,6 @@ msgdata,channeld_init,remote_ann_node_sig,?secp256k1_ecdsa_signature,
 msgdata,channeld_init,remote_ann_bitcoin_sig,?secp256k1_ecdsa_signature,
 msgdata,channeld_init,desired_type,channel_type,
 msgdata,channeld_init,dev_fast_gossip,bool,
-msgdata,channeld_init,dev_fail_process_onionpacket,bool,
 msgdata,channeld_init,dev_disable_commit,?u32,
 msgdata,channeld_init,num_penalty_bases,u32,
 msgdata,channeld_init,pbases,penalty_base,num_penalty_bases

common/blindedpath.c

@@ -66,7 +66,7 @@ static u8 *enctlv_from_encmsg_raw(const tal_t *ctx,
 				  struct privkey *next_blinding,
 				  struct pubkey *node_alias)
 {
-	/* https://github.com/lightningnetwork/lightning-rfc/blob/route-blinding/proposals/route-blinding.md */
+	/* https://github.com/lightning/bolts/blob/route-blinding/proposals/route-blinding.md */
 	struct secret ss, rho;
 	u8 *ret;
 	int ok;
@@ -114,19 +114,6 @@ static u8 *enctlv_from_encmsg_raw(const tal_t *ctx,
 	return ret;
 }
 
-static u8 *enctlv_from_obs2_encmsg(const tal_t *ctx,
-				   const struct privkey *blinding,
-				   const struct pubkey *node,
-				   const struct tlv_obs2_encmsg_tlvs *encmsg,
-				   struct privkey *next_blinding,
-				   struct pubkey *node_alias)
-{
-	u8 *encmsg_raw = tal_arr(NULL, u8, 0);
-	towire_tlv_obs2_encmsg_tlvs(&encmsg_raw, encmsg);
-	return enctlv_from_encmsg_raw(ctx, blinding, node, take(encmsg_raw),
-				      next_blinding, node_alias);
-}
-
 static u8 *enctlv_from_encmsg(const tal_t *ctx,
 			      const struct privkey *blinding,
 			      const struct pubkey *node,
@@ -196,22 +183,6 @@ static u8 *decrypt_encmsg_raw(const tal_t *ctx,
 	return dec;
 }
 
-static struct tlv_obs2_encmsg_tlvs *decrypt_obs2_encmsg(const tal_t *ctx,
-							const struct pubkey *blinding,
-							const struct secret *ss,
-							const u8 *enctlv)
-{
-	const u8 *cursor = decrypt_encmsg_raw(tmpctx, blinding, ss, enctlv);
-	size_t maxlen = tal_bytelen(cursor);
-
-	/* BOLT-onion-message #4:
-	 *
-	 * - if the `enctlv` is not a valid TLV...
-	 *   - MUST drop the message.
-	 */
-	return fromwire_tlv_obs2_encmsg_tlvs(ctx, &cursor, &maxlen);
-}
-
 static struct tlv_encrypted_data_tlv *decrypt_encmsg(const tal_t *ctx,
 						     const struct pubkey *blinding,
 						     const struct secret *ss,
@@ -354,131 +325,3 @@ u8 *create_final_enctlv(const tal_t *ctx,
 	return enctlv_from_encmsg(ctx, blinding, final_node, encmsg,
 				  &unused_next_blinding, node_alias);
 }
-
-/* Obsolete variants */
-bool decrypt_obs2_enctlv(const struct pubkey *blinding,
-			 const struct secret *ss,
-			 const u8 *enctlv,
-			 struct pubkey *next_node,
-			 struct pubkey *next_blinding)
-{
-	struct tlv_obs2_encmsg_tlvs *encmsg;
-
-	encmsg = decrypt_obs2_encmsg(tmpctx, blinding, ss, enctlv);
-	if (!encmsg)
-		return false;
-
-	/* BOLT-onion-message #4:
-	 *
-	 * The reader:
-	 *  - if it is not the final node according to the onion encryption:
-	 *...
-	 *    - if the `enctlv` ... does not contain
-	 *      `next_node_id`:
-	 *      - MUST drop the message.
-	 */
-	if (!encmsg->next_node_id)
-		return false;
-
-	/* BOLT-onion-message #4:
-	 * The reader:
-	 *  - if it is not the final node according to the onion encryption:
-	 *...
-	 *    - if the `enctlv` contains `self_id`:
-	 *      - MUST drop the message.
-	 */
-	if (encmsg->self_id)
-		return false;
-
-	/* BOLT-onion-message #4:
-	 * The reader:
-	 *  - if it is not the final node according to the onion encryption:
-	 *...
-	 *    - if `blinding` is specified in the `enctlv`:
-	 *       - MUST pass that as `blinding` in the `onion_message`
-	 *    - otherwise:
-	 *       - MUST pass `blinding` derived as in
-	 *         [Route Blinding][route-blinding] (i.e.
-	 *         `E(i+1) = H(E(i) || ss(i)) * E(i)`).
-	 */
-	*next_node = *encmsg->next_node_id;
-	if (encmsg->next_blinding)
-		*next_blinding = *encmsg->next_blinding;
-	else {
-		/* E(i-1) = H(E(i) || ss(i)) * E(i) */
-		struct sha256 h;
-		blinding_hash_e_and_ss(blinding, ss, &h);
-		blinding_next_pubkey(blinding, &h, next_blinding);
-	}
-	return true;
-}
-
-bool decrypt_obs2_final_enctlv(const tal_t *ctx,
-			       const struct pubkey *blinding,
-			       const struct secret *ss,
-			       const u8 *enctlv,
-			       const struct pubkey *my_id,
-			       struct pubkey *alias,
-			       struct secret **self_id)
-{
-	struct tlv_obs2_encmsg_tlvs *encmsg;
-	struct secret node_id_blinding;
-
-	/* Repeat the tweak to get the alias it was using for us */
-	subkey_from_hmac("blinded_node_id", ss, &node_id_blinding);
-	*alias = *my_id;
-	if (secp256k1_ec_pubkey_tweak_mul(secp256k1_ctx,
-					  &alias->pubkey,
-					  node_id_blinding.data) != 1)
-		return false;
-
-	encmsg = decrypt_obs2_encmsg(tmpctx, blinding, ss, enctlv);
-	if (!encmsg)
-		return false;
-
-	if (tal_bytelen(encmsg->self_id) == sizeof(**self_id)) {
-		*self_id = tal(ctx, struct secret);
-		memcpy(*self_id, encmsg->self_id, sizeof(**self_id));
-	} else
-		*self_id = NULL;
-
-	return true;
-}
-
-u8 *create_obs2_enctlv(const tal_t *ctx,
-		       const struct privkey *blinding,
-		       const struct pubkey *node,
-		       const struct pubkey *next_node,
-		       size_t padlen,
-		       const struct pubkey *override_blinding,
-		       struct privkey *next_blinding,
-		       struct pubkey *node_alias)
-{
-	struct tlv_obs2_encmsg_tlvs *encmsg = tlv_obs2_encmsg_tlvs_new(tmpctx);
-	if (padlen)
-		encmsg->padding = tal_arrz(encmsg, u8, padlen);
-	encmsg->next_node_id = cast_const(struct pubkey *, next_node);
-	encmsg->next_blinding = cast_const(struct pubkey *, override_blinding);
-
-	return enctlv_from_obs2_encmsg(ctx, blinding, node, encmsg,
-				       next_blinding, node_alias);
-}
-
-u8 *create_obs2_final_enctlv(const tal_t *ctx,
-			     const struct privkey *blinding,
-			     const struct pubkey *final_node,
-			     size_t padlen,
-			     const struct secret *self_id,
-			     struct pubkey *node_alias)
-{
-	struct tlv_obs2_encmsg_tlvs *encmsg = tlv_obs2_encmsg_tlvs_new(tmpctx);
-	struct privkey unused_next_blinding;
-
-	if (padlen)
-		encmsg->padding = tal_arrz(encmsg, u8, padlen);
-	if (self_id)
-		encmsg->self_id = (u8 *)tal_dup(encmsg, struct secret, self_id);
-
-	return enctlv_from_obs2_encmsg(ctx, blinding, final_node, encmsg,
-				       &unused_next_blinding, node_alias);
-}

common/blindedpath.h

@@ -105,36 +105,4 @@ bool decrypt_final_enctlv(const tal_t *ctx,
 			  struct secret **path_id)
 	NON_NULL_ARGS(1, 2, 4, 5);
 
-/* Obsolete variants */
-u8 *create_obs2_enctlv(const tal_t *ctx,
-		       const struct privkey *blinding,
-		       const struct pubkey *node,
-		       const struct pubkey *next_node,
-		       size_t padlen,
-		       const struct pubkey *override_blinding,
-		       struct privkey *next_blinding,
-		       struct pubkey *node_alias)
-	NON_NULL_ARGS(2, 3, 4, 7, 8);
-u8 *create_obs2_final_enctlv(const tal_t *ctx,
-			     const struct privkey *blinding,
-			     const struct pubkey *final_node,
-			     size_t padlen,
-			     const struct secret *self_id,
-			     struct pubkey *node_alias)
-	NON_NULL_ARGS(2, 3, 6);
-bool decrypt_obs2_enctlv(const struct pubkey *blinding,
-			 const struct secret *ss,
-			 const u8 *enctlv,
-			 struct pubkey *next_node,
-			 struct pubkey *next_blinding)
-	NON_NULL_ARGS(1, 2, 4, 5);
-bool decrypt_obs2_final_enctlv(const tal_t *ctx,
-			       const struct pubkey *blinding,
-			       const struct secret *ss,
-			       const u8 *enctlv,
-			       const struct pubkey *my_id,
-			       struct pubkey *alias,
-			       struct secret **self_id)
-	NON_NULL_ARGS(1, 2, 4, 5);
-
 #endif /* LIGHTNING_COMMON_BLINDEDPATH_H */

common/features.c

@@ -436,16 +436,16 @@ const char *feature_name(const tal_t *ctx, size_t f)
 		"option_support_large_channel",
 		"option_anchor_outputs", 	/* 20/21 */
 		"option_anchors_zero_fee_htlc_tx",
-		"option_trampoline_routing", /* https://github.com/lightningnetwork/lightning-rfc/pull/836 */
+		"option_trampoline_routing", /* https://github.com/lightning/bolts/pull/836 */
 		"option_shutdown_anysegwit",
 		"option_dual_fund",
-		"option_amp", /* 30/31 */ /* https://github.com/lightningnetwork/lightning-rfc/pull/658 */
+		"option_amp", /* 30/31 */ /* https://github.com/lightning/bolts/pull/658 */
 		NULL,
-		"option_quiesce", /* https://github.com/lightningnetwork/lightning-rfc/pull/869 */
+		"option_quiesce", /* https://github.com/lightning/bolts/pull/869 */
 		NULL,
-		"option_onion_messages",  /* https://github.com/lightningnetwork/lightning-rfc/pull/759 */
-		"option_want_peer_backup", /* 40/41 */ /* https://github.com/lightningnetwork/lightning-rfc/pull/881 */
-		"option_provide_peer_backup", /* https://github.com/lightningnetwork/lightning-rfc/pull/881 */
+		"option_onion_messages",  /* https://github.com/lightning/bolts/pull/759 */
+		"option_want_peer_backup", /* 40/41 */ /* https://github.com/lightning/bolts/pull/881 */
+		"option_provide_peer_backup", /* https://github.com/lightning/bolts/pull/881 */
 		"option_channel_type",
 		"option_scid_alias", /* https://github.com/lightning/bolts/pull/910 */
 		"option_payment_metadata",

common/gossip_store.c

@@ -91,7 +91,6 @@ static bool public_msg_type(enum peer_wire type)
 	case WIRE_QUERY_CHANNEL_RANGE:
 	case WIRE_REPLY_CHANNEL_RANGE:
 	case WIRE_GOSSIP_TIMESTAMP_FILTER:
-	case WIRE_OBS2_ONION_MESSAGE:
 	case WIRE_ONION_MESSAGE:
 #if EXPERIMENTAL_FEATURES
 	case WIRE_STFU: