Browse Source

hsm: Cleanup after merging control and client libraries

Change all calls to use the correct serialization and deserialization
functions, include the correct headers and remove the control
messages.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
ppa-0.6.1
Christian Decker 7 years ago
parent
commit
9ba99d2b2d
  1. 2
      common/bolt11.c
  2. 13
      hsmd/Makefile
  3. 45
      hsmd/hsm.c
  4. 6
      hsmd/hsm_client_wire_csv
  5. 70
      hsmd/hsm_wire.csv
  6. 2
      lightningd/Makefile
  7. 6
      lightningd/gossip_control.c
  8. 6
      lightningd/hsm_control.c
  9. 6
      lightningd/invoice.c
  10. 14
      lightningd/peer_control.c
  11. 16
      wallet/walletrpc.c

2
common/bolt11.c

@ -11,7 +11,7 @@
#include <common/bolt11.h>
#include <common/utils.h>
#include <errno.h>
#include <hsmd/gen_hsm_wire.h>
#include <hsmd/gen_hsm_client_wire.h>
#include <inttypes.h>
#include <lightningd/hsm_control.h>
#include <lightningd/jsonrpc.h>

13
hsmd/Makefile

@ -11,14 +11,9 @@ LIGHTNINGD_HSM_CLIENT_HEADERS := hsmd/client.h
LIGHTNINGD_HSM_CLIENT_SRC := hsmd/client.c hsmd/gen_hsm_client_wire.c
LIGHTNINGD_HSM_CLIENT_OBJS := $(LIGHTNINGD_HSM_CLIENT_SRC:.c=.o)
# Control daemon uses this:
LIGHTNINGD_HSM_CONTROL_HEADERS := hsmd/gen_hsm_wire.h
LIGHTNINGD_HSM_CONTROL_SRC := hsmd/gen_hsm_wire.c
LIGHTNINGD_HSM_CONTROL_OBJS := $(LIGHTNINGD_HSM_CONTROL_SRC:.c=.o)
# lightningd/hsm needs these:
LIGHTNINGD_HSM_HEADERS := hsmd/gen_hsm_client_wire.h \
hsmd/gen_hsm_wire.h
LIGHTNINGD_HSM_HEADERS := hsmd/gen_hsm_client_wire.h
LIGHTNINGD_HSM_SRC := hsmd/hsm.c \
$(LIGHTNINGD_HSM_HEADERS:.h=.c)
LIGHTNINGD_HSM_OBJS := $(LIGHTNINGD_HSM_SRC:.c=.o)
@ -50,8 +45,6 @@ LIGHTNINGD_HEADERS_GEN += $(LIGHTNINGD_HSM_HEADERS) $(LIGHTNINGD_HSM_CLIENT_HEAD
$(LIGHTNINGD_HSM_OBJS) $(LIGHTNINGD_HSM_CLIENT_OBJS): $(LIGHTNINGD_HEADERS)
$(LIGHTNINGD_HSM_CONTROL_OBJS) : $(LIGHTNINGD_HSM_CONTROL_HEADERS)
# Make sure these depend on everything.
ALL_OBJS += $(LIGHTNINGD_HSM_OBJS) $(LIGHTNINGD_HSM_CLIENT_OBJS)
ALL_PROGRAMS += lightningd/lightning_hsmd
@ -83,4 +76,4 @@ clean: lightningd/hsm-clean
lightningd/hsm-clean:
$(RM) $(LIGHTNINGD_HSM_OBJS) hsmd/gen_*
-include hsmd/test/Makefile
-include hsmd/test/Makefile

45
hsmd/hsm.c

@ -28,7 +28,6 @@
#include <hsmd/capabilities.h>
#include <hsmd/client.h>
#include <hsmd/gen_hsm_client_wire.h>
#include <hsmd/gen_hsm_wire.h>
#include <inttypes.h>
#include <secp256k1_ecdh.h>
#include <sodium/randombytes.h>
@ -266,6 +265,7 @@ static bool check_client_capabilities(struct client *client,
case WIRE_HSM_SIGN_WITHDRAWAL_REPLY:
case WIRE_HSM_SIGN_INVOICE_REPLY:
case WIRE_HSM_INIT_REPLY:
case WIRE_HSMSTATUS_CLIENT_BAD_REQUEST:
break;
}
return false;
@ -333,6 +333,7 @@ static struct io_plan *handle_client(struct io_conn *conn,
case WIRE_HSM_SIGN_WITHDRAWAL_REPLY:
case WIRE_HSM_SIGN_INVOICE_REPLY:
case WIRE_HSM_INIT_REPLY:
case WIRE_HSMSTATUS_CLIENT_BAD_REQUEST:
break;
}
@ -355,8 +356,8 @@ static void send_init_response(struct daemon_conn *master)
"peer seed", strlen("peer seed"));
node_key(NULL, &node_id);
msg = towire_hsmctl_init_reply(master, &node_id, &peer_seed,
&secretstuff.bip32);
msg = towire_hsm_init_reply(master, &node_id, &peer_seed,
&secretstuff.bip32);
daemon_conn_send(master, take(msg));
}
@ -503,8 +504,8 @@ static void init_hsm(struct daemon_conn *master, const u8 *msg)
{
bool new;
if (!fromwire_hsmctl_init(msg, NULL, &new))
master_badmsg(WIRE_HSMCTL_INIT, msg);
if (!fromwire_hsm_init(msg, NULL, &new))
master_badmsg(WIRE_HSM_INIT, msg);
if (new)
create_new_hsm(master);
@ -520,15 +521,15 @@ static void pass_client_hsmfd(struct daemon_conn *master, const u8 *msg)
u64 capabilities;
struct pubkey id;
if (!fromwire_hsmctl_client_hsmfd(msg, NULL, &id, &capabilities))
master_badmsg(WIRE_HSMCTL_CLIENT_HSMFD, msg);
if (!fromwire_hsm_client_hsmfd(msg, NULL, &id, &capabilities))
master_badmsg(WIRE_HSM_CLIENT_HSMFD, msg);
if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds) != 0)
status_failed(STATUS_FAIL_INTERNAL_ERROR, "creating fds: %s", strerror(errno));
new_client(master, &id, capabilities, handle_client, fds[0]);
daemon_conn_send(master,
take(towire_hsmctl_client_hsmfd_reply(master)));
take(towire_hsm_client_hsmfd_reply(master)));
daemon_conn_send_fd(master, fds[1]);
}
@ -550,11 +551,11 @@ static void sign_funding_tx(struct daemon_conn *master, const u8 *msg)
struct pubkey changekey;
/* FIXME: Check fee is "reasonable" */
if (!fromwire_hsmctl_sign_funding(tmpctx, msg, NULL,
&satoshi_out, &change_out,
&change_keyindex, &local_pubkey,
&remote_pubkey, &inputs))
master_badmsg(WIRE_HSMCTL_SIGN_FUNDING, msg);
if (!fromwire_hsm_sign_funding(tmpctx, msg, NULL,
&satoshi_out, &change_out,
&change_keyindex, &local_pubkey,
&remote_pubkey, &inputs))
master_badmsg(WIRE_HSM_SIGN_FUNDING, msg);
utxomap = to_utxoptr_arr(tmpctx, inputs);
@ -586,7 +587,7 @@ static void sign_funding_tx(struct daemon_conn *master, const u8 *msg)
}
daemon_conn_send(master,
take(towire_hsmctl_sign_funding_reply(tmpctx, sig)));
take(towire_hsm_sign_funding_reply(tmpctx, sig)));
tal_free(tmpctx);
}
@ -606,9 +607,9 @@ static void sign_withdrawal_tx(struct daemon_conn *master, const u8 *msg)
struct ext_key ext;
struct pubkey changekey;
if (!fromwire_hsmctl_sign_withdrawal(tmpctx, msg, NULL, &satoshi_out,
&change_out, &change_keyindex,
destination.addr.u.u8, &utxos)) {
if (!fromwire_hsm_sign_withdrawal(tmpctx, msg, NULL, &satoshi_out,
&change_out, &change_keyindex,
destination.addr.u.u8, &utxos)) {
status_trace("Failed to parse sign_withdrawal: %s",
tal_hex(trc, msg));
return;
@ -644,7 +645,7 @@ static void sign_withdrawal_tx(struct daemon_conn *master, const u8 *msg)
}
daemon_conn_send(master,
take(towire_hsmctl_sign_withdrawal_reply(tmpctx, sigs)));
take(towire_hsm_sign_withdrawal_reply(tmpctx, sigs)));
tal_free(tmpctx);
}
@ -662,7 +663,7 @@ static void sign_invoice(struct daemon_conn *master, const u8 *msg)
struct hash_u5 hu5;
struct privkey node_pkey;
if (!fromwire_hsmctl_sign_invoice(tmpctx, msg, NULL, &u5bytes, &hrpu8)) {
if (!fromwire_hsm_sign_invoice(tmpctx, msg, NULL, &u5bytes, &hrpu8)) {
status_trace("Failed to parse sign_invoice: %s",
tal_hex(trc, msg));
return;
@ -689,7 +690,7 @@ static void sign_invoice(struct daemon_conn *master, const u8 *msg)
}
daemon_conn_send(master,
take(towire_hsmctl_sign_invoice_reply(tmpctx, &rsig)));
take(towire_hsm_sign_invoice_reply(tmpctx, &rsig)));
tal_free(tmpctx);
}
@ -703,7 +704,7 @@ static void sign_node_announcement(struct daemon_conn *master, const u8 *msg)
u8 *reply;
u8 *ann;
if (!fromwire_hsmctl_node_announcement_sig_req(msg, msg, NULL, &ann)) {
if (!fromwire_hsm_node_announcement_sig_req(msg, msg, NULL, &ann)) {
status_trace("Failed to parse node_announcement_sig_req: %s",
tal_hex(trc, msg));
return;
@ -720,7 +721,7 @@ static void sign_node_announcement(struct daemon_conn *master, const u8 *msg)
sign_hash(&node_pkey, &hash, &sig);
reply = towire_hsmctl_node_announcement_sig_reply(msg, &sig);
reply = towire_hsm_node_announcement_sig_reply(msg, &sig);
daemon_conn_send(master, take(reply));
}

6
hsmd/hsm_client_wire_csv

@ -1,3 +1,9 @@
# Clients should not give a bad request but not the HSM's decision to crash.
hsmstatus_client_bad_request,1000
hsmstatus_client_bad_request,,id,struct pubkey
hsmstatus_client_bad_request,,len,u16
hsmstatus_client_bad_request,,msg,len*u8
# Start the HSM.
hsm_init,11
hsm_init,,new,bool

70
hsmd/hsm_wire.csv

@ -1,70 +0,0 @@
# Clients should not give a bad request but not the HSM's decision to crash.
hsmstatus_client_bad_request,1000
hsmstatus_client_bad_request,,id,struct pubkey
hsmstatus_client_bad_request,,len,u16
hsmstatus_client_bad_request,,msg,len*u8
# Start the HSM.
hsmctl_init,11
hsmctl_init,,new,bool
#include <common/bip32.h>
hsmctl_init_reply,111
hsmctl_init_reply,,node_id,struct pubkey
hsmctl_init_reply,,peer_seed,struct secret
hsmctl_init_reply,,bip32,struct ext_key
# Get a new HSM FD, with the specified capabilities
hsmctl_client_hsmfd,9
hsmctl_client_hsmfd,,pubkey,struct pubkey # Which identity to report for requests
hsmctl_client_hsmfd,,capabilities,u64
# No content, just an fd.
hsmctl_client_hsmfd_reply,109
# Return signature for a funding tx.
#include <common/utxo.h>
# FIXME: This should also take their commit sig & details, to verify.
hsmctl_sign_funding,4
hsmctl_sign_funding,,satoshi_out,u64
hsmctl_sign_funding,,change_out,u64
hsmctl_sign_funding,,change_keyindex,u32
hsmctl_sign_funding,,our_pubkey,struct pubkey
hsmctl_sign_funding,,their_pubkey,struct pubkey
hsmctl_sign_funding,,num_inputs,u16
hsmctl_sign_funding,,inputs,num_inputs*struct utxo
hsmctl_sign_funding_reply,104
hsmctl_sign_funding_reply,,num_sigs,u16
hsmctl_sign_funding_reply,,sig,num_sigs*secp256k1_ecdsa_signature
# Master asks the HSM to sign a node_announcement
hsmctl_node_announcement_sig_req,6
hsmctl_node_announcement_sig_req,,annlen,u16
hsmctl_node_announcement_sig_req,,announcement,annlen*u8
hsmctl_node_announcement_sig_reply,106
hsmctl_node_announcement_sig_reply,,signature,secp256k1_ecdsa_signature
# Sign a withdrawal request
hsmctl_sign_withdrawal,7
hsmctl_sign_withdrawal,,satoshi_out,u64
hsmctl_sign_withdrawal,,change_out,u64
hsmctl_sign_withdrawal,,change_keyindex,u32
hsmctl_sign_withdrawal,,pkh,20*u8
hsmctl_sign_withdrawal,,num_inputs,u16
hsmctl_sign_withdrawal,,inputs,num_inputs*struct utxo
hsmctl_sign_withdrawal_reply,107
hsmctl_sign_withdrawal_reply,,num_sigs,u16
hsmctl_sign_withdrawal_reply,,sig,num_sigs*secp256k1_ecdsa_signature
# Sign an invoice
hsmctl_sign_invoice,8
hsmctl_sign_invoice,,len,u16
hsmctl_sign_invoice,,u5bytes,len*u8
hsmctl_sign_invoice,,hrplen,u16
hsmctl_sign_invoice,,hrp,hrplen*u8
hsmctl_sign_invoice_reply,108
hsmctl_sign_invoice_reply,,sig,secp256k1_ecdsa_recoverable_signature
Can't render this file because it has a wrong number of fields in line 2.

2
lightningd/Makefile

@ -101,7 +101,7 @@ check-makefile: check-lightningd-makefile
check-lightningd-makefile:
@for f in lightningd/*.h lightningd/*/*.h; do if ! echo $(LIGHTNINGD_HEADERS_NOGEN) $(LIGHTNINGD_HEADERS_GEN) "" | grep -q "$$f "; then echo $$f not mentioned in LIGHTNINGD_HEADERS_NOGEN or LIGHTNINGD_HEADERS_GEN >&2; exit 1; fi; done
lightningd/lightningd: $(LIGHTNINGD_OBJS) $(LIGHTNINGD_COMMON_OBJS) $(BITCOIN_OBJS) $(WIRE_OBJS) $(WIRE_ONION_OBJS) $(LIGHTNINGD_HSM_CONTROL_OBJS) $(LIGHTNINGD_HANDSHAKE_CONTROL_OBJS) $(LIGHTNINGD_GOSSIP_CONTROL_OBJS) $(LIGHTNINGD_OPENING_CONTROL_OBJS) $(LIGHTNINGD_CHANNEL_CONTROL_OBJS) $(LIGHTNINGD_CLOSING_CONTROL_OBJS) $(LIGHTNINGD_ONCHAIN_CONTROL_OBJS) $(WALLET_LIB_OBJS)
lightningd/lightningd: $(LIGHTNINGD_OBJS) $(LIGHTNINGD_COMMON_OBJS) $(BITCOIN_OBJS) $(WIRE_OBJS) $(WIRE_ONION_OBJS) $(LIGHTNINGD_HSM_CLIENT_OBJS) $(LIGHTNINGD_HANDSHAKE_CONTROL_OBJS) $(LIGHTNINGD_GOSSIP_CONTROL_OBJS) $(LIGHTNINGD_OPENING_CONTROL_OBJS) $(LIGHTNINGD_CHANNEL_CONTROL_OBJS) $(LIGHTNINGD_CLOSING_CONTROL_OBJS) $(LIGHTNINGD_ONCHAIN_CONTROL_OBJS) $(WALLET_LIB_OBJS)
clean: lightningd-clean

6
lightningd/gossip_control.c

@ -11,7 +11,7 @@
#include <errno.h>
#include <gossipd/gen_gossip_wire.h>
#include <hsmd/capabilities.h>
#include <hsmd/gen_hsm_wire.h>
#include <hsmd/gen_hsm_client_wire.h>
#include <inttypes.h>
#include <lightningd/gossip_msg.h>
#include <lightningd/hsm_control.h>
@ -104,12 +104,12 @@ void gossip_init(struct lightningd *ld)
int hsmfd;
u64 capabilities = HSM_CAP_ECDH | HSM_CAP_SIGN_GOSSIP;
msg = towire_hsmctl_client_hsmfd(tmpctx, &ld->id, capabilities);
msg = towire_hsm_client_hsmfd(tmpctx, &ld->id, capabilities);
if (!wire_sync_write(ld->hsm_fd, msg))
fatal("Could not write to HSM: %s", strerror(errno));
msg = hsm_sync_read(tmpctx, ld);
if (!fromwire_hsmctl_client_hsmfd_reply(msg, NULL))
if (!fromwire_hsm_client_hsmfd_reply(msg, NULL))
fatal("Malformed hsmfd response: %s", tal_hex(msg, msg));
hsmfd = fdpass_recv(ld->hsm_fd);

6
lightningd/hsm_control.c

@ -7,7 +7,7 @@
#include <common/status.h>
#include <common/utils.h>
#include <errno.h>
#include <hsmd/gen_hsm_wire.h>
#include <hsmd/gen_hsm_client_wire.h>
#include <inttypes.h>
#include <lightningd/hsm_control.h>
#include <lightningd/log.h>
@ -46,12 +46,12 @@ void hsm_init(struct lightningd *ld, bool newdir)
else
create = (access("hsm_secret", F_OK) != 0);
if (!wire_sync_write(ld->hsm_fd, towire_hsmctl_init(tmpctx, create)))
if (!wire_sync_write(ld->hsm_fd, towire_hsm_init(tmpctx, create)))
err(1, "Writing init msg to hsm");
ld->wallet->bip32_base = tal(ld->wallet, struct ext_key);
msg = hsm_sync_read(tmpctx, ld);
if (!fromwire_hsmctl_init_reply(msg, NULL,
if (!fromwire_hsm_init_reply(msg, NULL,
&ld->id,
&ld->peer_seed,
ld->wallet->bip32_base))

6
lightningd/invoice.c

@ -11,7 +11,7 @@
#include <common/bolt11.h>
#include <common/utils.h>
#include <errno.h>
#include <hsmd/gen_hsm_wire.h>
#include <hsmd/gen_hsm_client_wire.h>
#include <inttypes.h>
#include <lightningd/hsm_control.h>
#include <lightningd/log.h>
@ -113,13 +113,13 @@ static bool hsm_sign_b11(const u5 *u5bytes,
secp256k1_ecdsa_recoverable_signature *rsig,
struct lightningd *ld)
{
u8 *msg = towire_hsmctl_sign_invoice(ld, u5bytes, hrpu8);
u8 *msg = towire_hsm_sign_invoice(ld, u5bytes, hrpu8);
if (!wire_sync_write(ld->hsm_fd, take(msg)))
fatal("Could not write to HSM: %s", strerror(errno));
msg = hsm_sync_read(ld, ld);
if (!fromwire_hsmctl_sign_invoice_reply(msg, NULL, rsig))
if (!fromwire_hsm_sign_invoice_reply(msg, NULL, rsig))
fatal("HSM gave bad sign_invoice_reply %s",
tal_hex(msg, msg));

14
lightningd/peer_control.c

@ -24,7 +24,7 @@
#include <fcntl.h>
#include <gossipd/gen_gossip_wire.h>
#include <hsmd/capabilities.h>
#include <hsmd/gen_hsm_wire.h>
#include <hsmd/gen_hsm_client_wire.h>
#include <inttypes.h>
#include <lightningd/build_utxos.h>
#include <lightningd/chaintopology.h>
@ -1511,7 +1511,7 @@ static void opening_got_hsm_funding_sig(struct funding_channel *fc,
struct json_result *response = new_json_result(fc->cmd);
size_t i;
if (!fromwire_hsmctl_sign_funding_reply(fc, resp, NULL, &sigs))
if (!fromwire_hsm_sign_funding_reply(fc, resp, NULL, &sigs))
fatal("HSM gave bad sign_funding_reply %s",
tal_hex(fc, resp));
@ -1612,14 +1612,14 @@ static void peer_channel_announce(struct peer *peer, const u8 *msg)
return;
}
msg = towire_hsmctl_node_announcement_sig_req(
msg = towire_hsm_node_announcement_sig_req(
tmpctx, create_node_announcement(tmpctx, ld, NULL, timestamp));
if (!wire_sync_write(ld->hsm_fd, take(msg)))
fatal("Could not write to HSM: %s", strerror(errno));
msg = hsm_sync_read(tmpctx, ld);
if (!fromwire_hsmctl_node_announcement_sig_reply(msg, NULL, &sig))
if (!fromwire_hsm_node_announcement_sig_reply(msg, NULL, &sig))
fatal("HSM returned an invalid node_announcement sig");
/* We got the signature for out provisional node_announcement back
@ -2053,12 +2053,12 @@ static bool peer_start_channeld(struct peer *peer,
} else
assert(peer->our_msatoshi);
msg = towire_hsmctl_client_hsmfd(tmpctx, &peer->id, HSM_CAP_SIGN_GOSSIP | HSM_CAP_ECDH);
msg = towire_hsm_client_hsmfd(tmpctx, &peer->id, HSM_CAP_SIGN_GOSSIP | HSM_CAP_ECDH);
if (!wire_sync_write(peer->ld->hsm_fd, take(msg)))
fatal("Could not write to HSM: %s", strerror(errno));
msg = hsm_sync_read(tmpctx, peer->ld);
if (!fromwire_hsmctl_client_hsmfd_reply(msg, NULL))
if (!fromwire_hsm_client_hsmfd_reply(msg, NULL))
fatal("Bad reply from HSM: %s", tal_hex(tmpctx, msg));
hsmfd = fdpass_recv(peer->ld->hsm_fd);
@ -2265,7 +2265,7 @@ static void opening_funder_finished(struct subd *opening, const u8 *resp,
log_debug(fc->peer->log, "Getting HSM to sign funding tx");
utxos = from_utxoptr_arr(fc, fc->utxomap);
msg = towire_hsmctl_sign_funding(fc, fc->peer->funding_satoshi,
msg = towire_hsm_sign_funding(fc, fc->peer->funding_satoshi,
fc->change, fc->change_keyindex,
&local_fundingkey,
&channel_info->remote_fundingkey,

16
wallet/walletrpc.c

@ -7,7 +7,7 @@
#include <common/utxo.h>
#include <common/withdraw_tx.h>
#include <errno.h>
#include <hsmd/gen_hsm_wire.h>
#include <hsmd/gen_hsm_client_wire.h>
#include <lightningd/bitcoind.h>
#include <lightningd/chaintopology.h>
#include <lightningd/hsm_control.h>
@ -131,12 +131,12 @@ static void json_withdraw(struct command *cmd,
withdraw->change_key_index = wallet_get_newindex(cmd->ld);
utxos = from_utxoptr_arr(withdraw, withdraw->utxos);
u8 *msg = towire_hsmctl_sign_withdrawal(cmd,
withdraw->amount,
withdraw->changesatoshi,
withdraw->change_key_index,
withdraw->destination.addr.u.u8,
utxos);
u8 *msg = towire_hsm_sign_withdrawal(cmd,
withdraw->amount,
withdraw->changesatoshi,
withdraw->change_key_index,
withdraw->destination.addr.u.u8,
utxos);
tal_free(utxos);
if (!wire_sync_write(cmd->ld->hsm_fd, take(msg)))
@ -145,7 +145,7 @@ static void json_withdraw(struct command *cmd,
msg = hsm_sync_read(cmd, cmd->ld);
if (!fromwire_hsmctl_sign_withdrawal_reply(withdraw, msg, NULL, &sigs))
if (!fromwire_hsm_sign_withdrawal_reply(withdraw, msg, NULL, &sigs))
fatal("HSM gave bad sign_withdrawal_reply %s",
tal_hex(withdraw, msg));

Loading…
Cancel
Save