openingd: take hsmfd, use it to sign commitment transaction and get commitment_point

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

lightningd/opening_control.c

@@ -696,6 +696,7 @@ u8 *peer_accept_channel(const tal_t *ctx,
 	u64 min_effective_htlc_capacity_msat;
 	u8 *msg;
 	struct uncommitted_channel *uc;
+	int hsmfd;
 
 	assert(fromwire_peektype(open_msg) == WIRE_OPEN_CHANNEL);
 
@@ -705,12 +706,16 @@ u8 *peer_accept_channel(const tal_t *ctx,
 		return towire_errorfmt(ctx, channel_id,
 				       "Multiple channels unsupported");
 
+	hsmfd = hsm_get_client_fd(ld, &uc->peer->id, uc->dbid,
+				  HSM_CAP_COMMITMENT_POINT
+				  | HSM_CAP_SIGN_REMOTE_TX);
+
 	uc->openingd = new_channel_subd(ld, "lightning_openingd", uc, uc->log,
 					true, opening_wire_type_name, NULL,
 					opening_channel_errmsg,
 					opening_channel_set_billboard,
 					take(&peer_fd), take(&gossip_fd),
-					NULL);
+					take(&hsmfd), NULL);
 	if (!uc->openingd) {
 		u8 *errpkt;
 		char *errmsg;
@@ -744,7 +749,8 @@ u8 *peer_accept_channel(const tal_t *ctx,
 				  &uc->our_config,
 				  max_to_self_delay,
 				  min_effective_htlc_capacity_msat,
-				  cs, &uc->seed);
+				  cs, &uc->local_basepoints,
+				  &uc->local_funding_pubkey);
 
 	subd_send_msg(uc->openingd, take(msg));
 
@@ -767,6 +773,7 @@ static void peer_offer_channel(struct lightningd *ld,
 	u8 *msg;
 	u32 max_to_self_delay;
 	u64 min_effective_htlc_capacity_msat;
+	int hsmfd;
 
 	/* Remove from list, it's not pending any more. */
 	list_del_from(&ld->fundchannels, &fc->list);
@@ -786,6 +793,10 @@ static void peer_offer_channel(struct lightningd *ld,
 	/* Channel now owns fc; if it dies, we free fc. */
 	tal_steal(fc->uc, fc);
 
+	hsmfd = hsm_get_client_fd(ld, &fc->uc->peer->id, fc->uc->dbid,
+				  HSM_CAP_COMMITMENT_POINT
+				  | HSM_CAP_SIGN_REMOTE_TX);
+
 	fc->uc->openingd = new_channel_subd(ld,
 					    "lightning_openingd",
 					    fc->uc, fc->uc->log,
@@ -793,6 +804,7 @@ static void peer_offer_channel(struct lightningd *ld,
 					    opening_channel_errmsg,
 					    opening_channel_set_billboard,
 					    take(&peer_fd), take(&gossip_fd),
+					    take(&hsmfd),
 					    NULL);
 	if (!fc->uc->openingd) {
 		/* We don't send them an error packet: for them, nothing
@@ -815,7 +827,8 @@ static void peer_offer_channel(struct lightningd *ld,
 				  &fc->uc->our_config,
 				  max_to_self_delay,
 				  min_effective_htlc_capacity_msat,
-				  cs, &fc->uc->seed);
+				  cs, &fc->uc->local_basepoints,
+				  &fc->uc->local_funding_pubkey);
 	subd_send_msg(fc->uc->openingd, take(msg));
 
 	msg = towire_opening_funder(fc, fc->wtx.amount,

openingd/opening.c

@@ -22,6 +22,7 @@
 #include <common/version.h>
 #include <common/wire_error.h>
 #include <errno.h>
+#include <hsmd/gen_hsm_client_wire.h>
 #include <inttypes.h>
 #include <openingd/gen_opening_wire.h>
 #include <secp256k1.h>
@@ -36,6 +37,7 @@
 #define REQ_FD STDIN_FILENO
 #define PEER_FD 3
 #define GOSSIP_FD 4
+#define HSM_FD 5
 
 struct state {
 	struct crypto_state cs;
@@ -50,11 +52,6 @@ struct state {
 	struct bitcoin_txid funding_txid;
 	u16 funding_txout;
 
-	/* Secret keys and basepoint secrets. */
-	struct secrets our_secrets;
-
-	/* Our shaseed for generating per-commitment-secrets. */
-	struct sha256 shaseed;
 	struct channel_config localconf, *remoteconf;
 
 	/* Limits on what remote config we accept */
@@ -441,9 +438,17 @@ static u8 *funder_channel(struct state *state,
 		negotiation_failed(state,
 				   "Could not meet their fees and reserve");
 
-	sign_tx_input(tx, 0, NULL, wscript,
+	msg = towire_hsm_sign_remote_commitment_tx(NULL,
-		      &state->our_secrets.funding_privkey,
+						   tx,
-		      our_funding_pubkey, &sig);
+						   &state->channel->funding_pubkey[REMOTE],
+						   state->channel->funding_msat / 1000);
+
+	wire_sync_write(HSM_FD, take(msg));
+	msg = wire_sync_read(tmpctx, HSM_FD);
+	if (!fromwire_hsm_sign_tx_reply(msg, &sig))
+		status_failed(STATUS_FAIL_HSM_IO, "Bad sign_tx_reply %s",
+			      tal_hex(tmpctx, msg));
+
 	status_trace("signature %s on tx %s using key %s",
 		     type_to_string(tmpctx, secp256k1_ecdsa_signature, &sig),
 		     type_to_string(tmpctx, struct bitcoin_tx, tx),
@@ -779,9 +784,16 @@ static u8 *fundee_channel(struct state *state,
 		negotiation_failed(state,
 				   "Could not meet their fees and reserve");
 
-	sign_tx_input(remote_commit, 0, NULL, wscript,
+	msg = towire_hsm_sign_remote_commitment_tx(NULL,
-		      &state->our_secrets.funding_privkey,
+						   remote_commit,
-		      our_funding_pubkey, &sig);
+						   &state->channel->funding_pubkey[REMOTE],
+						   state->channel->funding_msat / 1000);
+
+	wire_sync_write(HSM_FD, take(msg));
+	msg = wire_sync_read(tmpctx, HSM_FD);
+	if (!fromwire_hsm_sign_tx_reply(msg, &sig))
+		status_failed(STATUS_FAIL_HSM_IO,
+			      "Bad sign_tx_reply %s", tal_hex(tmpctx, msg));
 
 	/* We don't send this ourselves: channeld does, because master needs
 	 * to save state to disk before doing so. */
@@ -814,7 +826,6 @@ int main(int argc, char *argv[])
 
 	u8 *msg, *peer_msg;
 	struct state *state = tal(NULL, struct state);
-	struct secret seed;
 	struct basepoints our_points;
 	struct pubkey our_funding_pubkey;
 	u32 minimum_depth;
@@ -825,6 +836,7 @@ int main(int argc, char *argv[])
 	struct utxo **utxos;
 	struct ext_key bip32_base;
 	u32 network_index;
+	struct secret *none;
 
 	subdaemon_setup(argc, argv);
 
@@ -837,28 +849,24 @@ int main(int argc, char *argv[])
 				   &state->max_to_self_delay,
 				   &state->min_effective_htlc_capacity_msat,
 				   &state->cs,
-				   &seed))
+				   &our_points,
+				   &our_funding_pubkey))
 		master_badmsg(WIRE_OPENING_INIT, msg);
 
 	tal_free(msg);
 
 	state->chainparams = chainparams_by_index(network_index);
 
-	/* We derive everything from the one secret seed. */
+	wire_sync_write(HSM_FD,
-	if (!derive_basepoints(&seed, &our_funding_pubkey,
+			take(towire_hsm_get_per_commitment_point(NULL, 0)));
-			       &our_points, &state->our_secrets,
+	msg = wire_sync_read(tmpctx, HSM_FD);
-			       &state->shaseed))
+	if (!fromwire_hsm_get_per_commitment_point_reply(tmpctx, msg,
-		status_failed(STATUS_FAIL_INTERNAL_ERROR,
+							 &state->next_per_commit[LOCAL],
-			      "Secret derivation failed, secret = %s",
+							 &none))
-			      type_to_string(tmpctx, struct secret, &seed));
+		status_failed(STATUS_FAIL_HSM_IO,
-
+			      "Bad get_per_commitment_point_reply %s",
-	if (!per_commit_point(&state->shaseed, &state->next_per_commit[LOCAL],
+			      tal_hex(tmpctx, msg));
-			      0))
+	assert(none == NULL);
-		status_failed(STATUS_FAIL_INTERNAL_ERROR,
-			      "First per_commitment_point derivation failed,"
-			      " secret = %s",
-			      type_to_string(tmpctx, struct secret, &seed));
-
 	status_trace("First per_commit_point = %s",
 		     type_to_string(tmpctx, struct pubkey,
 				    &state->next_per_commit[LOCAL]));

openingd/opening_wire.csv

@@ -1,5 +1,7 @@
 #include <common/cryptomsg.h>
 #include <common/channel_config.h>
+#include <common/derive_basepoints.h>
+
 opening_init,6000
 # Which network are we configured for (as index into the chainparams)?
 opening_init,,network_index,u32
@@ -9,8 +11,8 @@ opening_init,,our_config,struct channel_config
 opening_init,,max_to_self_delay,u32
 opening_init,,min_effective_htlc_capacity_msat,u64
 opening_init,,crypto_state,struct crypto_state
-# Seed to generate all the keys from
+opening_init,,our_basepoints,struct basepoints
-opening_init,,seed,struct secret
+opening_init,,our_funding_pubkey,struct pubkey
 
 #include <common/bip32.h>
 #include <common/htlc_wire.h>