From 429aad8ac76e1b91998ed102986dda876175c667 Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Mon, 23 Jul 2018 11:53:03 +0930
Subject: [PATCH] closingd: use hsmfd to get signatures, don't use seed.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 closingd/Makefile            |  4 +++-
 closingd/closing.c           | 30 ++++++++++++++++++------------
 closingd/closing_wire.csv    |  2 +-
 lightningd/closing_control.c |  8 +++++++-
 4 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/closingd/Makefile b/closingd/Makefile
index 44b7e7b4a..9a2ad77fb 100644
--- a/closingd/Makefile
+++ b/closingd/Makefile
@@ -43,6 +43,7 @@ $(LIGHTNINGD_CLOSING_OBJS): $(LIGHTNINGD_HEADERS)
 # Common source we use.
 CLOSINGD_COMMON_OBJS :=				\
 	common/base32.o				\
+	common/bip32.o				\
 	common/close_tx.o			\
 	common/crypto_state.o			\
 	common/crypto_sync.o			\
@@ -67,6 +68,7 @@ CLOSINGD_COMMON_OBJS :=				\
 	common/subdaemon.o			\
 	common/type_to_string.o			\
 	common/utils.o				\
+	common/utxo.o				\
 	common/version.o			\
 	common/wire_error.o			\
 	common/wireaddr.o			\
@@ -81,7 +83,7 @@ closingd/gen_closing_wire.c: $(WIRE_GEN) closingd/closing_wire.csv
 
 LIGHTNINGD_CLOSING_OBJS := $(LIGHTNINGD_CLOSING_SRC:.c=.o) $(LIGHTNINGD_CLOSING_GEN_SRC:.c=.o)
 
-lightningd/lightning_closingd: $(LIGHTNINGD_CLOSING_OBJS) $(WIRE_ONION_OBJS) $(CLOSINGD_COMMON_OBJS) $(WIRE_OBJS) $(BITCOIN_OBJS)
+lightningd/lightning_closingd: $(LIGHTNINGD_CLOSING_OBJS) $(WIRE_ONION_OBJS) $(CLOSINGD_COMMON_OBJS) $(WIRE_OBJS) $(BITCOIN_OBJS) $(LIGHTNINGD_HSM_CLIENT_OBJS)
 
 check-source: $(LIGHTNINGD_CLOSING_SRC_NOGEN:%=check-src-include-order/%)
 check-source-bolt: $(LIGHTNINGD_CLOSING_SRC:%=bolt-check/%) $(LIGHTNINGD_CLOSING_HEADERS:%=bolt-check/%)
diff --git a/closingd/closing.c b/closingd/closing.c
index 48b7d80af..f0a9f0357 100644
--- a/closingd/closing.c
+++ b/closingd/closing.c
@@ -16,6 +16,7 @@
 #include <common/version.h>
 #include <common/wire_error.h>
 #include <errno.h>
+#include <hsmd/gen_hsm_client_wire.h>
 #include <inttypes.h>
 #include <stdio.h>
 #include <unistd.h>
@@ -26,6 +27,7 @@
 #define REQ_FD STDIN_FILENO
 #define PEER_FD 3
 #define GOSSIP_FD 4
+#define HSM_FD 5
 
 static struct bitcoin_tx *close_tx(const tal_t *ctx,
 				   struct crypto_state *cs,
@@ -147,7 +149,6 @@ static void send_offer(struct crypto_state *cs,
 		       const u64 satoshi_out[NUM_SIDES],
 		       enum side funder,
 		       uint64_t our_dust_limit,
-		       const struct secrets *secrets,
 		       uint64_t fee_to_offer)
 {
 	struct bitcoin_tx *tx;
@@ -176,10 +177,16 @@ static void send_offer(struct crypto_state *cs,
 	 * own output.
 	 */
 	/* (We don't do this). */
-	sign_tx_input(tx, 0, NULL, funding_wscript,
-		      &secrets->funding_privkey,
-		      &funding_pubkey[LOCAL],
-		      &our_sig);
+	wire_sync_write(HSM_FD,
+			take(towire_hsm_sign_mutual_close_tx(NULL,
+							     tx,
+							     &funding_pubkey[REMOTE],
+							     funding_satoshi)));
+	msg = wire_sync_read(tmpctx, HSM_FD);
+	if (!fromwire_hsm_sign_tx_reply(msg, &our_sig))
+		status_failed(STATUS_FAIL_HSM_IO,
+			      "Bad hsm_sign_mutual_close_tx reply %s",
+			      tal_hex(tmpctx, msg));
 
 	status_trace("sending fee offer %"PRIu64, fee_to_offer);
 
@@ -424,7 +431,6 @@ int main(int argc, char *argv[])
 	struct crypto_state cs;
 	const tal_t *ctx = tal(NULL, char);
 	u8 *msg;
-	struct secret seed;
 	struct pubkey funding_pubkey[NUM_SIDES];
 	struct bitcoin_txid funding_txid;
 	u16 funding_txout;
@@ -435,7 +441,6 @@ int main(int argc, char *argv[])
 	enum side funder;
 	u8 *scriptpubkey[NUM_SIDES], *funding_wscript;
 	struct channel_id channel_id;
-	struct secrets secrets;
 	bool reconnected;
 	u64 next_index[NUM_SIDES], revocations_received;
 	enum side whose_turn;
@@ -448,9 +453,10 @@ int main(int argc, char *argv[])
 
 	msg = wire_sync_read(tmpctx, REQ_FD);
 	if (!fromwire_closing_init(ctx, msg,
-				   &cs, &seed,
+				   &cs,
 				   &funding_txid, &funding_txout,
 				   &funding_satoshi,
+				   &funding_pubkey[LOCAL],
 				   &funding_pubkey[REMOTE],
 				   &funder,
 				   &satoshi_out[LOCAL],
@@ -473,8 +479,6 @@ int main(int argc, char *argv[])
 	status_trace("dustlimit = %"PRIu64, our_dust_limit);
 	status_trace("fee = %"PRIu64, offer[LOCAL]);
 	derive_channel_id(&channel_id, &funding_txid, funding_txout);
-	derive_basepoints(&seed, &funding_pubkey[LOCAL], NULL,
-			  &secrets, NULL);
 
 	funding_wscript = bitcoin_redeem_2of2(ctx,
 					      &funding_pubkey[LOCAL],
@@ -504,7 +508,8 @@ int main(int argc, char *argv[])
 				   funding_wscript,
 				   scriptpubkey, &funding_txid, funding_txout,
 				   funding_satoshi, satoshi_out, funder,
-				   our_dust_limit, &secrets, offer[LOCAL]);
+				   our_dust_limit,
+				   offer[LOCAL]);
 		} else {
 			if (i == 0)
 				peer_billboard(false, "Waiting for their initial"
@@ -552,7 +557,8 @@ int main(int argc, char *argv[])
 				   funding_wscript,
 				   scriptpubkey, &funding_txid, funding_txout,
 				   funding_satoshi, satoshi_out, funder,
-				   our_dust_limit, &secrets, offer[LOCAL]);
+				   our_dust_limit,
+				   offer[LOCAL]);
 		} else {
 			peer_billboard(false, "Waiting for another"
 				       " closing fee offer:"
diff --git a/closingd/closing_wire.csv b/closingd/closing_wire.csv
index c891f0389..e47bf5d0f 100644
--- a/closingd/closing_wire.csv
+++ b/closingd/closing_wire.csv
@@ -3,10 +3,10 @@
 # Begin!  (passes peer fd, gossipd-client fd)
 closing_init,2001
 closing_init,,crypto_state,struct crypto_state
-closing_init,,seed,struct secret
 closing_init,,funding_txid,struct bitcoin_txid
 closing_init,,funding_txout,u16
 closing_init,,funding_satoshi,u64
+closing_init,,local_fundingkey,struct pubkey
 closing_init,,remote_fundingkey,struct pubkey
 closing_init,,funder,enum side
 closing_init,,local_msatoshi,u64
diff --git a/lightningd/closing_control.c b/lightningd/closing_control.c
index 216c518c5..debc67260 100644
--- a/lightningd/closing_control.c
+++ b/lightningd/closing_control.c
@@ -9,6 +9,7 @@
 #include <lightningd/chaintopology.h>
 #include <lightningd/channel.h>
 #include <lightningd/closing_control.h>
+#include <lightningd/hsm_control.h>
 #include <lightningd/lightningd.h>
 #include <lightningd/log.h>
 #include <lightningd/options.h>
@@ -133,6 +134,7 @@ void peer_start_closingd(struct channel *channel,
 	u64 minfee, startfee, feelimit;
 	u64 num_revocations;
 	u64 funding_msatoshi, our_msatoshi, their_msatoshi;
+	int hsmfd;
 	struct lightningd *ld = channel->peer->ld;
 
 	if (!channel->remote_shutdown_scriptpubkey) {
@@ -141,6 +143,9 @@ void peer_start_closingd(struct channel *channel,
 		return;
 	}
 
+	hsmfd = hsm_get_client_fd(ld, &channel->peer->id, channel->dbid,
+				  HSM_CAP_SIGN_CLOSING_TX);
+
 	channel_set_owner(channel,
 			  new_channel_subd(ld,
 					   "lightning_closingd",
@@ -149,6 +154,7 @@ void peer_start_closingd(struct channel *channel,
 					   channel_errmsg,
 					   channel_set_billboard,
 					   take(&peer_fd), take(&gossip_fd),
+					   take(&hsmfd),
 					   NULL));
 	if (!channel->owner) {
 		log_unusual(channel->log, "Could not subdaemon closing: %s",
@@ -191,10 +197,10 @@ void peer_start_closingd(struct channel *channel,
 	their_msatoshi = funding_msatoshi - our_msatoshi;
 	initmsg = towire_closing_init(tmpctx,
 				      cs,
-				      &channel->seed,
 				      &channel->funding_txid,
 				      channel->funding_outnum,
 				      channel->funding_satoshi,
+				      &channel->local_funding_pubkey,
 				      &channel->channel_info.remote_fundingkey,
 				      channel->funder,
 				      our_msatoshi / 1000, /* Rounds down */