onchaind: use the HSM to get the per-commitment-point.

This means onchaind doesn't need the per-channel secret at all (aka. peer seed)
so we remove that from the onchaind_init message.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

lightningd/onchain_control.c

@@ -400,7 +400,8 @@ enum watch_result onchaind_funding_spent(struct channel *channel,
 
 	hsmfd = hsm_get_client_fd(ld, &channel->peer->id,
 				  channel->dbid,
-				  HSM_CAP_SIGN_ONCHAIN_TX);
+				  HSM_CAP_SIGN_ONCHAIN_TX
+				  | HSM_CAP_COMMITMENT_POINT);
 
 	channel_set_owner(channel, new_channel_subd(ld,
 						    "lightning_onchaind",
@@ -435,7 +436,7 @@ enum watch_result onchaind_funding_spent(struct channel *channel,
 	bitcoin_txid(channel->last_tx, &our_last_txid);
 
 	msg = towire_onchain_init(channel,
-				  &channel->seed, &channel->their_shachain.chain,
+				  &channel->their_shachain.chain,
 				  channel->funding_satoshi,
 				  &channel->channel_info.old_remote_per_commit,
 				  &channel->channel_info.remote_per_commit,
@@ -455,6 +456,7 @@ enum watch_result onchaind_funding_spent(struct channel *channel,
 				  channel->remote_shutdown_scriptpubkey,
 				  &final_key,
 				  channel->funder,
+				  &channel->local_basepoints,
 				  &channel->channel_info.theirbase,
 				  tx,
 				  blockheight,

onchaind/onchain.c

@@ -368,6 +368,23 @@ static void hsm_sign_local_htlc_tx(struct bitcoin_tx *tx,
 			      tal_hex(tmpctx, msg));
 }
 
+static void hsm_get_per_commitment_point(struct pubkey *per_commitment_point)
+{
+	u8 *msg = towire_hsm_get_per_commitment_point(NULL, commit_num);
+	struct secret *unused;
+
+	if (!wire_sync_write(HSM_FD, take(msg)))
+		status_failed(STATUS_FAIL_HSM_IO, "Writing sign_htlc_tx to hsm");
+	msg = wire_sync_read(tmpctx, HSM_FD);
+	if (!msg
+	    || !fromwire_hsm_get_per_commitment_point_reply(tmpctx, msg,
+							    per_commitment_point,
+							    &unused))
+		status_failed(STATUS_FAIL_HSM_IO,
+			      "Reading hsm_get_per_commitment_point_reply: %s",
+			      tal_hex(tmpctx, msg));
+}
+
 static struct tracked_output *
 	new_tracked_output(struct tracked_output ***outs,
 			   const struct bitcoin_txid *txid,
@@ -1415,7 +1432,6 @@ static void note_missing_htlcs(u8 **htlc_scripts,
 static void handle_our_unilateral(const struct bitcoin_tx *tx,
 				  u32 tx_blockheight,
 				  const struct bitcoin_txid *txid,
-				  const struct sha256 *shaseed,
 				  const struct basepoints basepoints[NUM_SIDES],
 				  const struct htlc_stub *htlcs,
 				  const bool *tell_if_missing,
@@ -1439,10 +1455,7 @@ static void handle_our_unilateral(const struct bitcoin_tx *tx,
 	resolved_by_other(outs[0], txid, OUR_UNILATERAL);
 
 	/* Figure out what delayed to-us output looks like */
-	if (!per_commit_point(shaseed, &local_per_commitment_point, commit_num))
-		status_failed(STATUS_FAIL_INTERNAL_ERROR,
-			      "Deriving local_per_commit_point for %"PRIu64,
-			      commit_num);
+	hsm_get_per_commitment_point(&local_per_commitment_point);
 
 	/* keyset is const, we need a non-const ptr to set it up */
 	keyset = ks = tal(tx, struct keyset);
@@ -2102,13 +2115,11 @@ int main(int argc, char *argv[])
 
 	const tal_t *ctx = tal(NULL, char);
 	u8 *msg;
-	struct secret seed;
 	struct pubkey remote_per_commit_point, old_remote_per_commit_point;
 	enum side funder;
 	struct basepoints basepoints[NUM_SIDES];
 	struct shachain shachain;
 	struct bitcoin_tx *tx;
-	struct sha256 shaseed;
 	struct tracked_output **outs;
 	struct bitcoin_txid our_broadcast_txid, txid;
 	secp256k1_ecdsa_signature *remote_htlc_sigs;
@@ -2126,7 +2137,7 @@ int main(int argc, char *argv[])
 
 	msg = wire_sync_read(tmpctx, REQ_FD);
 	if (!fromwire_onchain_init(ctx, msg,
-				   &seed, &shachain,
+				   &shachain,
 				   &funding_amount_satoshi,
 				   &old_remote_per_commit_point,
 				   &remote_per_commit_point,
@@ -2139,6 +2150,7 @@ int main(int argc, char *argv[])
 				   &scriptpubkey[REMOTE],
 				   &our_wallet_pubkey,
 				   &funder,
+				   &basepoints[LOCAL],
 				   &basepoints[REMOTE],
 				   &tx,
 				   &tx_blockheight,
@@ -2150,7 +2162,6 @@ int main(int argc, char *argv[])
 		master_badmsg(WIRE_ONCHAIN_INIT, msg);
 	}
 
-	derive_basepoints(&seed, NULL, &basepoints[LOCAL], NULL, &shaseed);
 	bitcoin_txid(tx, &txid);
 
 	/* FIXME: Filter as we go, don't load them all into mem! */
@@ -2215,7 +2226,6 @@ int main(int argc, char *argv[])
 
 		if (is_local_commitment(&txid, &our_broadcast_txid))
 			handle_our_unilateral(tx, tx_blockheight, &txid,
-					      &shaseed,
 					      basepoints,
 					      htlcs,
 					      tell_if_missing, tell_immediately,

onchaind/onchain_wire.csv

@@ -3,7 +3,6 @@
 
 # Begin!  Here's the onchain tx which spends funding tx, followed by all HTLCs.
 onchain_init,5001
-onchain_init,,seed,struct secret
 onchain_init,,shachain,struct shachain
 onchain_init,,funding_amount_satoshi,u64
 # Remote per commit point for committed tx.
@@ -23,6 +22,7 @@ onchain_init,,remote_scriptpubkey,remote_scriptpubkey_len*u8
 onchain_init,,ourwallet_pubkey,struct pubkey
 # We need these two for commit number obscurer
 onchain_init,,funder,enum side
+onchain_init,,local_basepoints,struct basepoints
 onchain_init,,remote_basepoints,struct basepoints
 onchain_init,,tx,struct bitcoin_tx
 onchain_init,,tx_blockheight,u32

onchaind/test/run-grind_feerate.c

@@ -18,19 +18,15 @@ u64 commit_number_obscurer(const struct pubkey *opener_payment_basepoint UNNEEDE
 /* Generated stub for daemon_shutdown */
 void daemon_shutdown(void)
 { fprintf(stderr, "daemon_shutdown called!\n"); abort(); }
-/* Generated stub for derive_basepoints */
-bool derive_basepoints(const struct secret *seed UNNEEDED,
-		       struct pubkey *funding_pubkey UNNEEDED,
-		       struct basepoints *basepoints UNNEEDED,
-		       struct secrets *secrets UNNEEDED,
-		       struct sha256 *shaseed UNNEEDED)
-{ fprintf(stderr, "derive_basepoints called!\n"); abort(); }
 /* Generated stub for derive_keyset */
 bool derive_keyset(const struct pubkey *per_commitment_point UNNEEDED,
 		   const struct basepoints *self UNNEEDED,
 		   const struct basepoints *other UNNEEDED,
 		   struct keyset *keyset UNNEEDED)
 { fprintf(stderr, "derive_keyset called!\n"); abort(); }
+/* Generated stub for fromwire_hsm_get_per_commitment_point_reply */
+bool fromwire_hsm_get_per_commitment_point_reply(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, struct pubkey *per_commitment_point UNNEEDED, struct secret **old_commitment_secret UNNEEDED)
+{ fprintf(stderr, "fromwire_hsm_get_per_commitment_point_reply called!\n"); abort(); }
 /* Generated stub for fromwire_hsm_sign_tx_reply */
 bool fromwire_hsm_sign_tx_reply(const void *p UNNEEDED, secp256k1_ecdsa_signature *sig UNNEEDED)
 { fprintf(stderr, "fromwire_hsm_sign_tx_reply called!\n"); abort(); }
@@ -41,7 +37,7 @@ bool fromwire_onchain_depth(const void *p UNNEEDED, struct bitcoin_txid *txid UN
 bool fromwire_onchain_htlc(const void *p UNNEEDED, struct htlc_stub *htlc UNNEEDED, bool *tell_if_missing UNNEEDED, bool *tell_immediately UNNEEDED)
 { fprintf(stderr, "fromwire_onchain_htlc called!\n"); abort(); }
 /* Generated stub for fromwire_onchain_init */
-bool fromwire_onchain_init(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, struct secret *seed UNNEEDED, struct shachain *shachain UNNEEDED, u64 *funding_amount_satoshi UNNEEDED, struct pubkey *old_remote_per_commitment_point UNNEEDED, struct pubkey *remote_per_commitment_point UNNEEDED, u32 *local_to_self_delay UNNEEDED, u32 *remote_to_self_delay UNNEEDED, u32 *feerate_per_kw UNNEEDED, u64 *local_dust_limit_satoshi UNNEEDED, struct bitcoin_txid *our_broadcast_txid UNNEEDED, u8 **local_scriptpubkey UNNEEDED, u8 **remote_scriptpubkey UNNEEDED, struct pubkey *ourwallet_pubkey UNNEEDED, enum side *funder UNNEEDED, struct basepoints *remote_basepoints UNNEEDED, struct bitcoin_tx **tx UNNEEDED, u32 *tx_blockheight UNNEEDED, u32 *reasonable_depth UNNEEDED, secp256k1_ecdsa_signature **htlc_signature UNNEEDED, u64 *num_htlcs UNNEEDED, u32 *min_possible_feerate UNNEEDED, u32 *max_possible_feerate UNNEEDED)
+bool fromwire_onchain_init(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, struct shachain *shachain UNNEEDED, u64 *funding_amount_satoshi UNNEEDED, struct pubkey *old_remote_per_commitment_point UNNEEDED, struct pubkey *remote_per_commitment_point UNNEEDED, u32 *local_to_self_delay UNNEEDED, u32 *remote_to_self_delay UNNEEDED, u32 *feerate_per_kw UNNEEDED, u64 *local_dust_limit_satoshi UNNEEDED, struct bitcoin_txid *our_broadcast_txid UNNEEDED, u8 **local_scriptpubkey UNNEEDED, u8 **remote_scriptpubkey UNNEEDED, struct pubkey *ourwallet_pubkey UNNEEDED, enum side *funder UNNEEDED, struct basepoints *local_basepoints UNNEEDED, struct basepoints *remote_basepoints UNNEEDED, struct bitcoin_tx **tx UNNEEDED, u32 *tx_blockheight UNNEEDED, u32 *reasonable_depth UNNEEDED, secp256k1_ecdsa_signature **htlc_signature UNNEEDED, u64 *num_htlcs UNNEEDED, u32 *min_possible_feerate UNNEEDED, u32 *max_possible_feerate UNNEEDED)
 { fprintf(stderr, "fromwire_onchain_init called!\n"); abort(); }
 /* Generated stub for fromwire_onchain_known_preimage */
 bool fromwire_onchain_known_preimage(const void *p UNNEEDED, struct preimage *preimage UNNEEDED)
@@ -85,11 +81,6 @@ void master_badmsg(u32 type_expected UNNEEDED, const u8 *msg)
 /* Generated stub for peer_billboard */
 void peer_billboard(bool perm UNNEEDED, const char *fmt UNNEEDED, ...)
 { fprintf(stderr, "peer_billboard called!\n"); abort(); }
-/* Generated stub for per_commit_point */
-bool per_commit_point(const struct sha256 *shaseed UNNEEDED,
-		      struct pubkey *commit_point UNNEEDED,
-		      u64 per_commit_index UNNEEDED)
-{ fprintf(stderr, "per_commit_point called!\n"); abort(); }
 /* Generated stub for status_failed */
 void status_failed(enum status_failreason code UNNEEDED,
 		   const char *fmt UNNEEDED, ...)
@@ -109,6 +100,9 @@ u8 *to_self_wscript(const tal_t *ctx UNNEEDED,
 		    u16 to_self_delay UNNEEDED,
 		    const struct keyset *keyset UNNEEDED)
 { fprintf(stderr, "to_self_wscript called!\n"); abort(); }
+/* Generated stub for towire_hsm_get_per_commitment_point */
+u8 *towire_hsm_get_per_commitment_point(const tal_t *ctx UNNEEDED, u64 n UNNEEDED)
+{ fprintf(stderr, "towire_hsm_get_per_commitment_point called!\n"); abort(); }
 /* Generated stub for towire_hsm_sign_delayed_payment_to_us */
 u8 *towire_hsm_sign_delayed_payment_to_us(const tal_t *ctx UNNEEDED, u64 commit_num UNNEEDED, const struct bitcoin_tx *tx UNNEEDED, const u8 *wscript UNNEEDED, u64 input_amount UNNEEDED)
 { fprintf(stderr, "towire_hsm_sign_delayed_payment_to_us called!\n"); abort(); }