hsm: Cleanup after merging control and client libraries

Change all calls to use the correct serialization and deserialization
functions, include the correct headers and remove the control
messages.

Signed-off-by: Christian Decker <decker.christian@gmail.com>

common/bolt11.c

@@ -11,7 +11,7 @@
 #include <common/bolt11.h>
 #include <common/utils.h>
 #include <errno.h>
-#include <hsmd/gen_hsm_wire.h>
+#include <hsmd/gen_hsm_client_wire.h>
 #include <inttypes.h>
 #include <lightningd/hsm_control.h>
 #include <lightningd/jsonrpc.h>

hsmd/Makefile

@@ -11,14 +11,9 @@ LIGHTNINGD_HSM_CLIENT_HEADERS := hsmd/client.h
 LIGHTNINGD_HSM_CLIENT_SRC := hsmd/client.c hsmd/gen_hsm_client_wire.c
 LIGHTNINGD_HSM_CLIENT_OBJS := $(LIGHTNINGD_HSM_CLIENT_SRC:.c=.o)
 
-# Control daemon uses this:
-LIGHTNINGD_HSM_CONTROL_HEADERS := hsmd/gen_hsm_wire.h
-LIGHTNINGD_HSM_CONTROL_SRC := hsmd/gen_hsm_wire.c
-LIGHTNINGD_HSM_CONTROL_OBJS := $(LIGHTNINGD_HSM_CONTROL_SRC:.c=.o)
-
 # lightningd/hsm needs these:
-LIGHTNINGD_HSM_HEADERS := hsmd/gen_hsm_client_wire.h	\
+LIGHTNINGD_HSM_HEADERS := hsmd/gen_hsm_client_wire.h
-	hsmd/gen_hsm_wire.h
+
 LIGHTNINGD_HSM_SRC := hsmd/hsm.c	\
 	$(LIGHTNINGD_HSM_HEADERS:.h=.c)
 LIGHTNINGD_HSM_OBJS := $(LIGHTNINGD_HSM_SRC:.c=.o)
@@ -50,8 +45,6 @@ LIGHTNINGD_HEADERS_GEN += $(LIGHTNINGD_HSM_HEADERS) $(LIGHTNINGD_HSM_CLIENT_HEAD
 
 $(LIGHTNINGD_HSM_OBJS) $(LIGHTNINGD_HSM_CLIENT_OBJS): $(LIGHTNINGD_HEADERS)
 
-$(LIGHTNINGD_HSM_CONTROL_OBJS) : $(LIGHTNINGD_HSM_CONTROL_HEADERS)
-
 # Make sure these depend on everything.
 ALL_OBJS += $(LIGHTNINGD_HSM_OBJS) $(LIGHTNINGD_HSM_CLIENT_OBJS)
 ALL_PROGRAMS += lightningd/lightning_hsmd
@@ -83,4 +76,4 @@ clean: lightningd/hsm-clean
 lightningd/hsm-clean:
 	$(RM) $(LIGHTNINGD_HSM_OBJS) hsmd/gen_*
 
--include hsmd/test/Makefile 
+-include hsmd/test/Makefile

hsmd/hsm.c

@@ -28,7 +28,6 @@
 #include <hsmd/capabilities.h>
 #include <hsmd/client.h>
 #include <hsmd/gen_hsm_client_wire.h>
-#include <hsmd/gen_hsm_wire.h>
 #include <inttypes.h>
 #include <secp256k1_ecdh.h>
 #include <sodium/randombytes.h>
@@ -266,6 +265,7 @@ static bool check_client_capabilities(struct client *client,
 	case WIRE_HSM_SIGN_WITHDRAWAL_REPLY:
 	case WIRE_HSM_SIGN_INVOICE_REPLY:
 	case WIRE_HSM_INIT_REPLY:
+	case WIRE_HSMSTATUS_CLIENT_BAD_REQUEST:
 		break;
 	}
 	return false;
@@ -333,6 +333,7 @@ static struct io_plan *handle_client(struct io_conn *conn,
 	case WIRE_HSM_SIGN_WITHDRAWAL_REPLY:
 	case WIRE_HSM_SIGN_INVOICE_REPLY:
 	case WIRE_HSM_INIT_REPLY:
+	case WIRE_HSMSTATUS_CLIENT_BAD_REQUEST:
 		break;
 	}
 
@@ -355,8 +356,8 @@ static void send_init_response(struct daemon_conn *master)
 		    "peer seed", strlen("peer seed"));
 	node_key(NULL, &node_id);
 
-	msg = towire_hsmctl_init_reply(master, &node_id, &peer_seed,
+	msg = towire_hsm_init_reply(master, &node_id, &peer_seed,
-				       &secretstuff.bip32);
+				    &secretstuff.bip32);
 	daemon_conn_send(master, take(msg));
 }
 
@@ -503,8 +504,8 @@ static void init_hsm(struct daemon_conn *master, const u8 *msg)
 {
 	bool new;
 
-	if (!fromwire_hsmctl_init(msg, NULL, &new))
+	if (!fromwire_hsm_init(msg, NULL, &new))
-		master_badmsg(WIRE_HSMCTL_INIT, msg);
+		master_badmsg(WIRE_HSM_INIT, msg);
 
 	if (new)
 		create_new_hsm(master);
@@ -520,15 +521,15 @@ static void pass_client_hsmfd(struct daemon_conn *master, const u8 *msg)
 	u64 capabilities;
 	struct pubkey id;
 
-	if (!fromwire_hsmctl_client_hsmfd(msg, NULL, &id, &capabilities))
+	if (!fromwire_hsm_client_hsmfd(msg, NULL, &id, &capabilities))
-		master_badmsg(WIRE_HSMCTL_CLIENT_HSMFD, msg);
+		master_badmsg(WIRE_HSM_CLIENT_HSMFD, msg);
 
 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds) != 0)
 		status_failed(STATUS_FAIL_INTERNAL_ERROR, "creating fds: %s", strerror(errno));
 
 	new_client(master, &id, capabilities, handle_client, fds[0]);
 	daemon_conn_send(master,
-			 take(towire_hsmctl_client_hsmfd_reply(master)));
+			 take(towire_hsm_client_hsmfd_reply(master)));
 	daemon_conn_send_fd(master, fds[1]);
 }
 
@@ -550,11 +551,11 @@ static void sign_funding_tx(struct daemon_conn *master, const u8 *msg)
 	struct pubkey changekey;
 
 	/* FIXME: Check fee is "reasonable" */
-	if (!fromwire_hsmctl_sign_funding(tmpctx, msg, NULL,
+	if (!fromwire_hsm_sign_funding(tmpctx, msg, NULL,
-					  &satoshi_out, &change_out,
+				       &satoshi_out, &change_out,
-					  &change_keyindex, &local_pubkey,
+				       &change_keyindex, &local_pubkey,
-					  &remote_pubkey, &inputs))
+				       &remote_pubkey, &inputs))
-		master_badmsg(WIRE_HSMCTL_SIGN_FUNDING, msg);
+		master_badmsg(WIRE_HSM_SIGN_FUNDING, msg);
 
 	utxomap = to_utxoptr_arr(tmpctx, inputs);
 
@@ -586,7 +587,7 @@ static void sign_funding_tx(struct daemon_conn *master, const u8 *msg)
 	}
 
 	daemon_conn_send(master,
-			 take(towire_hsmctl_sign_funding_reply(tmpctx, sig)));
+			 take(towire_hsm_sign_funding_reply(tmpctx, sig)));
 	tal_free(tmpctx);
 }
 
@@ -606,9 +607,9 @@ static void sign_withdrawal_tx(struct daemon_conn *master, const u8 *msg)
 	struct ext_key ext;
 	struct pubkey changekey;
 
-	if (!fromwire_hsmctl_sign_withdrawal(tmpctx, msg, NULL, &satoshi_out,
+	if (!fromwire_hsm_sign_withdrawal(tmpctx, msg, NULL, &satoshi_out,
-					     &change_out, &change_keyindex,
+					  &change_out, &change_keyindex,
-					     destination.addr.u.u8, &utxos)) {
+					  destination.addr.u.u8, &utxos)) {
 		status_trace("Failed to parse sign_withdrawal: %s",
 			     tal_hex(trc, msg));
 		return;
@@ -644,7 +645,7 @@ static void sign_withdrawal_tx(struct daemon_conn *master, const u8 *msg)
 	}
 
 	daemon_conn_send(master,
-			 take(towire_hsmctl_sign_withdrawal_reply(tmpctx, sigs)));
+			 take(towire_hsm_sign_withdrawal_reply(tmpctx, sigs)));
 	tal_free(tmpctx);
 }
 
@@ -662,7 +663,7 @@ static void sign_invoice(struct daemon_conn *master, const u8 *msg)
 	struct hash_u5 hu5;
 	struct privkey node_pkey;
 
-	if (!fromwire_hsmctl_sign_invoice(tmpctx, msg, NULL, &u5bytes, &hrpu8)) {
+	if (!fromwire_hsm_sign_invoice(tmpctx, msg, NULL, &u5bytes, &hrpu8)) {
 		status_trace("Failed to parse sign_invoice: %s",
 			     tal_hex(trc, msg));
 		return;
@@ -689,7 +690,7 @@ static void sign_invoice(struct daemon_conn *master, const u8 *msg)
 	}
 
 	daemon_conn_send(master,
-			 take(towire_hsmctl_sign_invoice_reply(tmpctx, &rsig)));
+			 take(towire_hsm_sign_invoice_reply(tmpctx, &rsig)));
 	tal_free(tmpctx);
 }
 
@@ -703,7 +704,7 @@ static void sign_node_announcement(struct daemon_conn *master, const u8 *msg)
 	u8 *reply;
 	u8 *ann;
 
-	if (!fromwire_hsmctl_node_announcement_sig_req(msg, msg, NULL, &ann)) {
+	if (!fromwire_hsm_node_announcement_sig_req(msg, msg, NULL, &ann)) {
 		status_trace("Failed to parse node_announcement_sig_req: %s",
 			     tal_hex(trc, msg));
 		return;
@@ -720,7 +721,7 @@ static void sign_node_announcement(struct daemon_conn *master, const u8 *msg)
 
 	sign_hash(&node_pkey, &hash, &sig);
 
-	reply = towire_hsmctl_node_announcement_sig_reply(msg, &sig);
+	reply = towire_hsm_node_announcement_sig_reply(msg, &sig);
 	daemon_conn_send(master, take(reply));
 }
 

hsmd/hsm_client_wire_csv

@@ -1,3 +1,9 @@
+# Clients should not give a bad request but not the HSM's decision to crash.
+hsmstatus_client_bad_request,1000
+hsmstatus_client_bad_request,,id,struct pubkey
+hsmstatus_client_bad_request,,len,u16
+hsmstatus_client_bad_request,,msg,len*u8
+
 # Start the HSM.
 hsm_init,11
 hsm_init,,new,bool

hsmd/hsm_wire.csv

@@ -1,70 +0,0 @@
-# Clients should not give a bad request but not the HSM's decision to crash.
-hsmstatus_client_bad_request,1000
-hsmstatus_client_bad_request,,id,struct pubkey
-hsmstatus_client_bad_request,,len,u16
-hsmstatus_client_bad_request,,msg,len*u8
-
-# Start the HSM.
-hsmctl_init,11
-hsmctl_init,,new,bool
-
-#include <common/bip32.h>
-hsmctl_init_reply,111
-hsmctl_init_reply,,node_id,struct pubkey
-hsmctl_init_reply,,peer_seed,struct secret
-hsmctl_init_reply,,bip32,struct ext_key
-
-# Get a new HSM FD, with the specified capabilities
-hsmctl_client_hsmfd,9
-hsmctl_client_hsmfd,,pubkey,struct pubkey # Which identity to report for requests
-hsmctl_client_hsmfd,,capabilities,u64
-
-# No content, just an fd.
-hsmctl_client_hsmfd_reply,109
-
-# Return signature for a funding tx.
-#include <common/utxo.h>
-# FIXME: This should also take their commit sig & details, to verify.
-hsmctl_sign_funding,4
-hsmctl_sign_funding,,satoshi_out,u64
-hsmctl_sign_funding,,change_out,u64
-hsmctl_sign_funding,,change_keyindex,u32
-hsmctl_sign_funding,,our_pubkey,struct pubkey
-hsmctl_sign_funding,,their_pubkey,struct pubkey
-hsmctl_sign_funding,,num_inputs,u16
-hsmctl_sign_funding,,inputs,num_inputs*struct utxo
-
-hsmctl_sign_funding_reply,104
-hsmctl_sign_funding_reply,,num_sigs,u16
-hsmctl_sign_funding_reply,,sig,num_sigs*secp256k1_ecdsa_signature
-
-# Master asks the HSM to sign a node_announcement
-hsmctl_node_announcement_sig_req,6
-hsmctl_node_announcement_sig_req,,annlen,u16
-hsmctl_node_announcement_sig_req,,announcement,annlen*u8
-
-hsmctl_node_announcement_sig_reply,106
-hsmctl_node_announcement_sig_reply,,signature,secp256k1_ecdsa_signature
-
-# Sign a withdrawal request
-hsmctl_sign_withdrawal,7
-hsmctl_sign_withdrawal,,satoshi_out,u64
-hsmctl_sign_withdrawal,,change_out,u64
-hsmctl_sign_withdrawal,,change_keyindex,u32
-hsmctl_sign_withdrawal,,pkh,20*u8
-hsmctl_sign_withdrawal,,num_inputs,u16
-hsmctl_sign_withdrawal,,inputs,num_inputs*struct utxo
-
-hsmctl_sign_withdrawal_reply,107
-hsmctl_sign_withdrawal_reply,,num_sigs,u16
-hsmctl_sign_withdrawal_reply,,sig,num_sigs*secp256k1_ecdsa_signature
-
-# Sign an invoice
-hsmctl_sign_invoice,8
-hsmctl_sign_invoice,,len,u16
-hsmctl_sign_invoice,,u5bytes,len*u8
-hsmctl_sign_invoice,,hrplen,u16
-hsmctl_sign_invoice,,hrp,hrplen*u8
-
-hsmctl_sign_invoice_reply,108
-hsmctl_sign_invoice_reply,,sig,secp256k1_ecdsa_recoverable_signature

lightningd/Makefile

@@ -101,7 +101,7 @@ check-makefile: check-lightningd-makefile
 check-lightningd-makefile:
 	@for f in lightningd/*.h lightningd/*/*.h; do if ! echo $(LIGHTNINGD_HEADERS_NOGEN) $(LIGHTNINGD_HEADERS_GEN) "" | grep -q "$$f "; then echo $$f not mentioned in LIGHTNINGD_HEADERS_NOGEN or LIGHTNINGD_HEADERS_GEN >&2; exit 1; fi; done
 
-lightningd/lightningd: $(LIGHTNINGD_OBJS) $(LIGHTNINGD_COMMON_OBJS) $(BITCOIN_OBJS) $(WIRE_OBJS) $(WIRE_ONION_OBJS) $(LIGHTNINGD_HSM_CONTROL_OBJS) $(LIGHTNINGD_HANDSHAKE_CONTROL_OBJS) $(LIGHTNINGD_GOSSIP_CONTROL_OBJS) $(LIGHTNINGD_OPENING_CONTROL_OBJS) $(LIGHTNINGD_CHANNEL_CONTROL_OBJS) $(LIGHTNINGD_CLOSING_CONTROL_OBJS) $(LIGHTNINGD_ONCHAIN_CONTROL_OBJS) $(WALLET_LIB_OBJS)
+lightningd/lightningd: $(LIGHTNINGD_OBJS) $(LIGHTNINGD_COMMON_OBJS) $(BITCOIN_OBJS) $(WIRE_OBJS) $(WIRE_ONION_OBJS) $(LIGHTNINGD_HSM_CLIENT_OBJS) $(LIGHTNINGD_HANDSHAKE_CONTROL_OBJS) $(LIGHTNINGD_GOSSIP_CONTROL_OBJS) $(LIGHTNINGD_OPENING_CONTROL_OBJS) $(LIGHTNINGD_CHANNEL_CONTROL_OBJS) $(LIGHTNINGD_CLOSING_CONTROL_OBJS) $(LIGHTNINGD_ONCHAIN_CONTROL_OBJS) $(WALLET_LIB_OBJS)
 
 clean: lightningd-clean
 

lightningd/gossip_control.c

@@ -11,7 +11,7 @@
 #include <errno.h>
 #include <gossipd/gen_gossip_wire.h>
 #include <hsmd/capabilities.h>
-#include <hsmd/gen_hsm_wire.h>
+#include <hsmd/gen_hsm_client_wire.h>
 #include <inttypes.h>
 #include <lightningd/gossip_msg.h>
 #include <lightningd/hsm_control.h>
@@ -104,12 +104,12 @@ void gossip_init(struct lightningd *ld)
 	int hsmfd;
 	u64 capabilities = HSM_CAP_ECDH | HSM_CAP_SIGN_GOSSIP;
 
-	msg = towire_hsmctl_client_hsmfd(tmpctx, &ld->id, capabilities);
+	msg = towire_hsm_client_hsmfd(tmpctx, &ld->id, capabilities);
 	if (!wire_sync_write(ld->hsm_fd, msg))
 		fatal("Could not write to HSM: %s", strerror(errno));
 
 	msg = hsm_sync_read(tmpctx, ld);
-	if (!fromwire_hsmctl_client_hsmfd_reply(msg, NULL))
+	if (!fromwire_hsm_client_hsmfd_reply(msg, NULL))
 		fatal("Malformed hsmfd response: %s", tal_hex(msg, msg));
 
 	hsmfd = fdpass_recv(ld->hsm_fd);

lightningd/hsm_control.c

@@ -7,7 +7,7 @@
 #include <common/status.h>
 #include <common/utils.h>
 #include <errno.h>
-#include <hsmd/gen_hsm_wire.h>
+#include <hsmd/gen_hsm_client_wire.h>
 #include <inttypes.h>
 #include <lightningd/hsm_control.h>
 #include <lightningd/log.h>
@@ -46,12 +46,12 @@ void hsm_init(struct lightningd *ld, bool newdir)
 	else
 		create = (access("hsm_secret", F_OK) != 0);
 
-	if (!wire_sync_write(ld->hsm_fd, towire_hsmctl_init(tmpctx, create)))
+	if (!wire_sync_write(ld->hsm_fd, towire_hsm_init(tmpctx, create)))
 		err(1, "Writing init msg to hsm");
 
 	ld->wallet->bip32_base = tal(ld->wallet, struct ext_key);
 	msg = hsm_sync_read(tmpctx, ld);
-	if (!fromwire_hsmctl_init_reply(msg, NULL,
+	if (!fromwire_hsm_init_reply(msg, NULL,
 					&ld->id,
 					&ld->peer_seed,
 					ld->wallet->bip32_base))

lightningd/invoice.c

@@ -11,7 +11,7 @@
 #include <common/bolt11.h>
 #include <common/utils.h>
 #include <errno.h>
-#include <hsmd/gen_hsm_wire.h>
+#include <hsmd/gen_hsm_client_wire.h>
 #include <inttypes.h>
 #include <lightningd/hsm_control.h>
 #include <lightningd/log.h>
@@ -113,13 +113,13 @@ static bool hsm_sign_b11(const u5 *u5bytes,
 			 secp256k1_ecdsa_recoverable_signature *rsig,
 			 struct lightningd *ld)
 {
-	u8 *msg = towire_hsmctl_sign_invoice(ld, u5bytes, hrpu8);
+	u8 *msg = towire_hsm_sign_invoice(ld, u5bytes, hrpu8);
 
 	if (!wire_sync_write(ld->hsm_fd, take(msg)))
 		fatal("Could not write to HSM: %s", strerror(errno));
 
 	msg = hsm_sync_read(ld, ld);
-        if (!fromwire_hsmctl_sign_invoice_reply(msg, NULL, rsig))
+        if (!fromwire_hsm_sign_invoice_reply(msg, NULL, rsig))
 		fatal("HSM gave bad sign_invoice_reply %s",
 		      tal_hex(msg, msg));
 

lightningd/peer_control.c

@@ -24,7 +24,7 @@
 #include <fcntl.h>
 #include <gossipd/gen_gossip_wire.h>
 #include <hsmd/capabilities.h>
-#include <hsmd/gen_hsm_wire.h>
+#include <hsmd/gen_hsm_client_wire.h>
 #include <inttypes.h>
 #include <lightningd/build_utxos.h>
 #include <lightningd/chaintopology.h>
@@ -1511,7 +1511,7 @@ static void opening_got_hsm_funding_sig(struct funding_channel *fc,
 	struct json_result *response = new_json_result(fc->cmd);
 	size_t i;
 
-	if (!fromwire_hsmctl_sign_funding_reply(fc, resp, NULL, &sigs))
+	if (!fromwire_hsm_sign_funding_reply(fc, resp, NULL, &sigs))
 		fatal("HSM gave bad sign_funding_reply %s",
 		      tal_hex(fc, resp));
 
@@ -1612,14 +1612,14 @@ static void peer_channel_announce(struct peer *peer, const u8 *msg)
 		return;
 	}
 
-	msg = towire_hsmctl_node_announcement_sig_req(
+	msg = towire_hsm_node_announcement_sig_req(
 		tmpctx, create_node_announcement(tmpctx, ld, NULL, timestamp));
 
 	if (!wire_sync_write(ld->hsm_fd, take(msg)))
 		fatal("Could not write to HSM: %s", strerror(errno));
 
 	msg = hsm_sync_read(tmpctx, ld);
-	if (!fromwire_hsmctl_node_announcement_sig_reply(msg, NULL, &sig))
+	if (!fromwire_hsm_node_announcement_sig_reply(msg, NULL, &sig))
 		fatal("HSM returned an invalid node_announcement sig");
 
 	/* We got the signature for out provisional node_announcement back
@@ -2053,12 +2053,12 @@ static bool peer_start_channeld(struct peer *peer,
 	} else
 		assert(peer->our_msatoshi);
 
-	msg = towire_hsmctl_client_hsmfd(tmpctx, &peer->id, HSM_CAP_SIGN_GOSSIP | HSM_CAP_ECDH);
+	msg = towire_hsm_client_hsmfd(tmpctx, &peer->id, HSM_CAP_SIGN_GOSSIP | HSM_CAP_ECDH);
 	if (!wire_sync_write(peer->ld->hsm_fd, take(msg)))
 		fatal("Could not write to HSM: %s", strerror(errno));
 
 	msg = hsm_sync_read(tmpctx, peer->ld);
-	if (!fromwire_hsmctl_client_hsmfd_reply(msg, NULL))
+	if (!fromwire_hsm_client_hsmfd_reply(msg, NULL))
 		fatal("Bad reply from HSM: %s", tal_hex(tmpctx, msg));
 
 	hsmfd = fdpass_recv(peer->ld->hsm_fd);
@@ -2265,7 +2265,7 @@ static void opening_funder_finished(struct subd *opening, const u8 *resp,
 	log_debug(fc->peer->log, "Getting HSM to sign funding tx");
 
 	utxos = from_utxoptr_arr(fc, fc->utxomap);
-	msg = towire_hsmctl_sign_funding(fc, fc->peer->funding_satoshi,
+	msg = towire_hsm_sign_funding(fc, fc->peer->funding_satoshi,
 					 fc->change, fc->change_keyindex,
 					 &local_fundingkey,
 					 &channel_info->remote_fundingkey,

wallet/walletrpc.c

@@ -7,7 +7,7 @@
 #include <common/utxo.h>
 #include <common/withdraw_tx.h>
 #include <errno.h>
-#include <hsmd/gen_hsm_wire.h>
+#include <hsmd/gen_hsm_client_wire.h>
 #include <lightningd/bitcoind.h>
 #include <lightningd/chaintopology.h>
 #include <lightningd/hsm_control.h>
@@ -131,12 +131,12 @@ static void json_withdraw(struct command *cmd,
 	withdraw->change_key_index = wallet_get_newindex(cmd->ld);
 
 	utxos = from_utxoptr_arr(withdraw, withdraw->utxos);
-	u8 *msg = towire_hsmctl_sign_withdrawal(cmd,
+	u8 *msg = towire_hsm_sign_withdrawal(cmd,
-						withdraw->amount,
+					     withdraw->amount,
-						withdraw->changesatoshi,
+					     withdraw->changesatoshi,
-						withdraw->change_key_index,
+					     withdraw->change_key_index,
-						withdraw->destination.addr.u.u8,
+					     withdraw->destination.addr.u.u8,
-						utxos);
+					     utxos);
 	tal_free(utxos);
 
 	if (!wire_sync_write(cmd->ld->hsm_fd, take(msg)))
@@ -145,7 +145,7 @@ static void json_withdraw(struct command *cmd,
 
 	msg = hsm_sync_read(cmd, cmd->ld);
 
-	if (!fromwire_hsmctl_sign_withdrawal_reply(withdraw, msg, NULL, &sigs))
+	if (!fromwire_hsm_sign_withdrawal_reply(withdraw, msg, NULL, &sigs))
 		fatal("HSM gave bad sign_withdrawal_reply %s",
 		      tal_hex(withdraw, msg));