mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2025-02-22 06:41:44 +01:00
Code Issues Projects Releases Wiki Activity

hsmd: routine to sign HTLC tx merged with our own tx.

Browse source 
Since HTLC txs when using anchors are
SIGHASH_SINGLE|SIGHASH_ANYONECANPAY, we can attach other inputs to
give it a higher feerate.  But we need the HSMd to actually sign the
combo.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell 2023-06-26 08:44:21 +09:30
parent a9d8f84c7e
commit 662b2687e2
4 changed files with 39 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
common/hsm_version.h
View file

@ -14,6 +14,7 @@
* v4 with check_pubkey: 48b3992745aa3c6ab6ce5cdaee9082cb7d70017f523d322015e9710bf49fd193 * v4 with check_pubkey: 48b3992745aa3c6ab6ce5cdaee9082cb7d70017f523d322015e9710bf49fd193
* v4 with sign_any_penalty_to_us: ead7963185194a515d1f14d2c44401392575299d68ce9a13d8a12baff3cf4f35 * v4 with sign_any_penalty_to_us: ead7963185194a515d1f14d2c44401392575299d68ce9a13d8a12baff3cf4f35
* v4 with sign_anchorspend: 8a30722e38b56e82af566b9629ff18da01fcebd1e80ec67f04d8b3a2fa66d81c * v4 with sign_anchorspend: 8a30722e38b56e82af566b9629ff18da01fcebd1e80ec67f04d8b3a2fa66d81c
* v4 with sign_htlc_tx_mingle: b9247e75d41ee1b3fc2f7db0bac8f4e92d544ab2f017d430ae3a000589c384e5
*/ */
#define HSM_MIN_VERSION 3 #define HSM_MIN_VERSION 3
#define HSM_MAX_VERSION 4 #define HSM_MAX_VERSION 4

2
hsmd/hsmd.c
View file

@ -686,6 +686,7 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
case WIRE_HSMD_SIGN_ANY_REMOTE_HTLC_TO_US: case WIRE_HSMD_SIGN_ANY_REMOTE_HTLC_TO_US:
case WIRE_HSMD_SIGN_ANY_LOCAL_HTLC_TX: case WIRE_HSMD_SIGN_ANY_LOCAL_HTLC_TX:
case WIRE_HSMD_SIGN_ANCHORSPEND: case WIRE_HSMD_SIGN_ANCHORSPEND:
case WIRE_HSMD_SIGN_HTLC_TX_MINGLE:
/* Hand off to libhsmd for processing */ /* Hand off to libhsmd for processing */
return req_reply(conn, c, return req_reply(conn, c,
take(hsmd_handle_client_message( take(hsmd_handle_client_message(
@ -720,6 +721,7 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
case WIRE_HSMD_PREAPPROVE_KEYSEND_REPLY: case WIRE_HSMD_PREAPPROVE_KEYSEND_REPLY:
case WIRE_HSMD_CHECK_PUBKEY_REPLY: case WIRE_HSMD_CHECK_PUBKEY_REPLY:
case WIRE_HSMD_SIGN_ANCHORSPEND_REPLY: case WIRE_HSMD_SIGN_ANCHORSPEND_REPLY:
case WIRE_HSMD_SIGN_HTLC_TX_MINGLE_REPLY:
return bad_req_fmt(conn, c, c->msg_in, return bad_req_fmt(conn, c, c->msg_in,
"Received an incoming message of type %s, " "Received an incoming message of type %s, "
"which is not a request", "which is not a request",

10
hsmd/hsmd_wire.csv
View file

@ -380,3 +380,13 @@ msgdata,hsmd_sign_any_local_htlc_tx,option_anchor_outputs,bool,
msgdata,hsmd_sign_any_local_htlc_tx,input,u32, msgdata,hsmd_sign_any_local_htlc_tx,input,u32,
msgdata,hsmd_sign_any_local_htlc_tx,peerid,node_id, msgdata,hsmd_sign_any_local_htlc_tx,peerid,node_id,
msgdata,hsmd_sign_any_local_htlc_tx,channel_dbid,u64, msgdata,hsmd_sign_any_local_htlc_tx,channel_dbid,u64,
msgtype,hsmd_sign_htlc_tx_mingle,149
msgdata,hsmd_sign_htlc_tx_mingle,peerid,node_id,
msgdata,hsmd_sign_htlc_tx_mingle,channel_dbid,u64,
msgdata,hsmd_sign_htlc_tx_mingle,num_inputs,u16,
msgdata,hsmd_sign_htlc_tx_mingle,inputs,utxo,num_inputs
msgdata,hsmd_sign_htlc_tx_mingle,psbt,wally_psbt,
msgtype,hsmd_sign_htlc_tx_mingle_reply,150
msgdata,hsmd_sign_htlc_tx_mingle_reply,psbt,wally_psbt,

1 # Clients should not give a bad request but not the HSM's decision to crash.
380
381
382
383
384
385
386
387
388
389
390
391
392

26
hsmd/libhsmd.c
View file

@ -129,6 +129,7 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
case WIRE_HSMD_SIGN_ANY_REMOTE_HTLC_TO_US: case WIRE_HSMD_SIGN_ANY_REMOTE_HTLC_TO_US:
case WIRE_HSMD_SIGN_ANY_LOCAL_HTLC_TX: case WIRE_HSMD_SIGN_ANY_LOCAL_HTLC_TX:
case WIRE_HSMD_SIGN_ANCHORSPEND: case WIRE_HSMD_SIGN_ANCHORSPEND:
case WIRE_HSMD_SIGN_HTLC_TX_MINGLE:
return (client->capabilities & HSM_CAP_MASTER) != 0; return (client->capabilities & HSM_CAP_MASTER) != 0;
/*~ These are messages sent by the HSM so we should never receive them. */ /*~ These are messages sent by the HSM so we should never receive them. */
@ -163,6 +164,7 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
case WIRE_HSMD_DERIVE_SECRET_REPLY: case WIRE_HSMD_DERIVE_SECRET_REPLY:
case WIRE_HSMD_CHECK_PUBKEY_REPLY: case WIRE_HSMD_CHECK_PUBKEY_REPLY:
case WIRE_HSMD_SIGN_ANCHORSPEND_REPLY: case WIRE_HSMD_SIGN_ANCHORSPEND_REPLY:
case WIRE_HSMD_SIGN_HTLC_TX_MINGLE_REPLY:
break; break;
} }
return false; return false;
@ -1504,6 +1506,26 @@ static u8 *handle_sign_anchorspend(struct hsmd_client *c, const u8 *msg_in)
return towire_hsmd_sign_anchorspend_reply(NULL, psbt); return towire_hsmd_sign_anchorspend_reply(NULL, psbt);
} }
/*~ Called from lightningd */
static u8 *handle_sign_htlc_tx_mingle(struct hsmd_client *c, const u8 *msg_in)
{
struct node_id peer_id;
u64 dbid;
struct utxo **utxos;
struct wally_psbt *psbt;
/* FIXME: Check output goes to us. */
if (!fromwire_hsmd_sign_htlc_tx_mingle(tmpctx, msg_in,
&peer_id, &dbid, &utxos, &psbt))
return hsmd_status_malformed_request(c, msg_in);
/* Sign all the UTXOs (htlc_inout input is already signed with
* SIGHASH_SINGLE|SIGHASH_ANYONECANPAY) */
sign_our_inputs(utxos, psbt);
return towire_hsmd_sign_htlc_tx_mingle_reply(NULL, psbt);
}
/*~ This is another lightningd-only interface; signing a commit transaction. /*~ This is another lightningd-only interface; signing a commit transaction.
* This is dangerous, since if we sign a revoked commitment tx we'll lose * This is dangerous, since if we sign a revoked commitment tx we'll lose
* funds, thus it's only available to lightningd. * funds, thus it's only available to lightningd.
@ -1909,6 +1931,8 @@ u8 *hsmd_handle_client_message(const tal_t *ctx, struct hsmd_client *client,
return handle_sign_any_penalty_to_us(client, msg); return handle_sign_any_penalty_to_us(client, msg);
case WIRE_HSMD_SIGN_ANCHORSPEND: case WIRE_HSMD_SIGN_ANCHORSPEND:
return handle_sign_anchorspend(client, msg); return handle_sign_anchorspend(client, msg);
case WIRE_HSMD_SIGN_HTLC_TX_MINGLE:
return handle_sign_htlc_tx_mingle(client, msg);
case WIRE_HSMD_DEV_MEMLEAK: case WIRE_HSMD_DEV_MEMLEAK:
case WIRE_HSMD_ECDH_RESP: case WIRE_HSMD_ECDH_RESP:
@ -1940,6 +1964,7 @@ u8 *hsmd_handle_client_message(const tal_t *ctx, struct hsmd_client *client,
case WIRE_HSMD_PREAPPROVE_KEYSEND_REPLY: case WIRE_HSMD_PREAPPROVE_KEYSEND_REPLY:
case WIRE_HSMD_CHECK_PUBKEY_REPLY: case WIRE_HSMD_CHECK_PUBKEY_REPLY:
case WIRE_HSMD_SIGN_ANCHORSPEND_REPLY: case WIRE_HSMD_SIGN_ANCHORSPEND_REPLY:
case WIRE_HSMD_SIGN_HTLC_TX_MINGLE_REPLY:
break; break;
} }
return hsmd_status_bad_request(client, msg, "Unknown request"); return hsmd_status_bad_request(client, msg, "Unknown request");
@ -1957,6 +1982,7 @@ u8 *hsmd_init(struct secret hsm_secret,
WIRE_HSMD_CHECK_PUBKEY, WIRE_HSMD_CHECK_PUBKEY,
WIRE_HSMD_SIGN_ANY_DELAYED_PAYMENT_TO_US, WIRE_HSMD_SIGN_ANY_DELAYED_PAYMENT_TO_US,
WIRE_HSMD_SIGN_ANCHORSPEND, WIRE_HSMD_SIGN_ANCHORSPEND,
WIRE_HSMD_SIGN_HTLC_TX_MINGLE,
}; };
/*~ Don't swap this. */ /*~ Don't swap this. */