From bb574be839968a471bf52062d59c367c195f5a1f Mon Sep 17 00:00:00 2001
From: Ken Sedgwick <ken@bonsai.com>
Date: Thu, 4 Nov 2021 10:02:12 -0700
Subject: [PATCH] hsmd: Add hsmd_new_channel

---
 hsmd/hsmd.c                 |  2 ++
 hsmd/hsmd_wire.csv          |  8 ++++++++
 hsmd/libhsmd.c              | 20 ++++++++++++++++++++
 lightningd/channel.c        |  9 +++++++++
 lightningd/opening_common.c | 13 +++++++++++++
 wallet/test/run-wallet.c    |  4 ++++
 6 files changed, 56 insertions(+)

diff --git a/hsmd/hsmd.c b/hsmd/hsmd.c
index 015f7c126..1775de8a7 100644
--- a/hsmd/hsmd.c
+++ b/hsmd/hsmd.c
@@ -640,6 +640,7 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
 	case WIRE_HSMD_DEV_MEMLEAK:
 #endif /* DEVELOPER */
 
+	case WIRE_HSMD_NEW_CHANNEL:
 	case WIRE_HSMD_SIGN_COMMITMENT_TX:
 	case WIRE_HSMD_VALIDATE_REVOCATION:
 	case WIRE_HSMD_SIGN_PENALTY_TO_US:
@@ -671,6 +672,7 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
 	case WIRE_HSMD_CANNOUNCEMENT_SIG_REPLY:
 	case WIRE_HSMD_CUPDATE_SIG_REPLY:
 	case WIRE_HSMD_CLIENT_HSMFD_REPLY:
+	case WIRE_HSMD_NEW_CHANNEL_REPLY:
 	case WIRE_HSMD_NODE_ANNOUNCEMENT_SIG_REPLY:
 	case WIRE_HSMD_SIGN_WITHDRAWAL_REPLY:
 	case WIRE_HSMD_SIGN_INVOICE_REPLY:
diff --git a/hsmd/hsmd_wire.csv b/hsmd/hsmd_wire.csv
index c67d79fce..6b1de36a3 100644
--- a/hsmd/hsmd_wire.csv
+++ b/hsmd/hsmd_wire.csv
@@ -23,6 +23,14 @@ msgdata,hsmd_init_reply,bip32,ext_key,
 msgdata,hsmd_init_reply,bolt12,point32,
 msgdata,hsmd_init_reply,onion_reply_secret,secret,
 
+# Declare a new channel.
+msgtype,hsmd_new_channel,30
+msgdata,hsmd_new_channel,id,node_id,
+msgdata,hsmd_new_channel,dbid,u64,
+
+# No value returned.
+msgtype,hsmd_new_channel_reply,130
+
 # Get a new HSM FD, with the specified capabilities
 msgtype,hsmd_client_hsmfd,9
 # Which identity to use for requests
diff --git a/hsmd/libhsmd.c b/hsmd/libhsmd.c
index a74a0a82e..7ca5b333a 100644
--- a/hsmd/libhsmd.c
+++ b/hsmd/libhsmd.c
@@ -105,6 +105,7 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
 		return (client->capabilities & HSM_CAP_SIGN_WILL_FUND_OFFER) != 0;
 
 	case WIRE_HSMD_INIT:
+	case WIRE_HSMD_NEW_CHANNEL:
 	case WIRE_HSMD_CLIENT_HSMFD:
 	case WIRE_HSMD_SIGN_WITHDRAWAL:
 	case WIRE_HSMD_SIGN_INVOICE:
@@ -123,6 +124,7 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
 	case WIRE_HSMD_CANNOUNCEMENT_SIG_REPLY:
 	case WIRE_HSMD_CUPDATE_SIG_REPLY:
 	case WIRE_HSMD_CLIENT_HSMFD_REPLY:
+	case WIRE_HSMD_NEW_CHANNEL_REPLY:
 	case WIRE_HSMD_NODE_ANNOUNCEMENT_SIG_REPLY:
 	case WIRE_HSMD_SIGN_WITHDRAWAL_REPLY:
 	case WIRE_HSMD_SIGN_INVOICE_REPLY:
@@ -279,6 +281,21 @@ static void get_channel_seed(const struct node_id *peer_id, u64 dbid,
 		    info, strlen(info));
 }
 
+/* ~This stub implementation is overriden by fully validating signers
+ * that need to manage per-channel state. */
+static u8 *handle_new_channel(struct hsmd_client *c, const u8 *msg_in)
+{
+	struct node_id peer_id;
+	u64 dbid;
+
+	if (!fromwire_hsmd_new_channel(msg_in, &peer_id, &dbid))
+		return hsmd_status_malformed_request(c, msg_in);
+
+	/* Stub implementation */
+
+	return towire_hsmd_new_channel_reply(NULL);
+}
+
 /*~ For almost every wallet tx we use the BIP32 seed, but not for onchain
  * unilateral closes from a peer: they (may) have an output to us using a
  * public key based on the channel basepoints.  It's a bit spammy to spend
@@ -1412,6 +1429,8 @@ u8 *hsmd_handle_client_message(const tal_t *ctx, struct hsmd_client *client,
 		    "libhsmd",
 		    hsmd_wire_name(t));
 
+	case WIRE_HSMD_NEW_CHANNEL:
+		return handle_new_channel(client, msg);
 	case WIRE_HSMD_GET_OUTPUT_SCRIPTPUBKEY:
 		return handle_get_output_scriptpubkey(client, msg);
 	case WIRE_HSMD_CHECK_FUTURE_SECRET:
@@ -1462,6 +1481,7 @@ u8 *hsmd_handle_client_message(const tal_t *ctx, struct hsmd_client *client,
 	case WIRE_HSMD_CANNOUNCEMENT_SIG_REPLY:
 	case WIRE_HSMD_CUPDATE_SIG_REPLY:
 	case WIRE_HSMD_CLIENT_HSMFD_REPLY:
+	case WIRE_HSMD_NEW_CHANNEL_REPLY:
 	case WIRE_HSMD_NODE_ANNOUNCEMENT_SIG_REPLY:
 	case WIRE_HSMD_SIGN_WITHDRAWAL_REPLY:
 	case WIRE_HSMD_SIGN_INVOICE_REPLY:
diff --git a/lightningd/channel.c b/lightningd/channel.c
index 4f7b3a0be..617b89ad9 100644
--- a/lightningd/channel.c
+++ b/lightningd/channel.c
@@ -218,6 +218,7 @@ struct channel *new_unsaved_channel(struct peer *peer,
 {
 	struct lightningd *ld = peer->ld;
 	struct channel *channel = tal(ld, struct channel);
+	u8 *msg;
 
 	channel->peer = peer;
 	/* Not saved to the database yet! */
@@ -284,6 +285,14 @@ struct channel *new_unsaved_channel(struct peer *peer,
 	channel->their_shachain.id = 0;
 	shachain_init(&channel->their_shachain.chain);
 
+	msg = towire_hsmd_new_channel(NULL, &peer->id, channel->unsaved_dbid);
+	if (!wire_sync_write(ld->hsm_fd, take(msg)))
+		fatal("Could not write to HSM: %s", strerror(errno));
+	msg = wire_sync_read(tmpctx, ld->hsm_fd);
+	if (!fromwire_hsmd_new_channel_reply(msg))
+		fatal("HSM gave bad hsm_new_channel_reply %s",
+		      tal_hex(msg, msg));
+
 	get_channel_basepoints(ld, &peer->id, channel->unsaved_dbid,
 			       &channel->local_basepoints,
 			       &channel->local_funding_pubkey);
diff --git a/lightningd/opening_common.c b/lightningd/opening_common.c
index 9af928d28..635aaeef5 100644
--- a/lightningd/opening_common.c
+++ b/lightningd/opening_common.c
@@ -4,6 +4,8 @@
 #include <common/type_to_string.h>
 #include <common/wire_error.h>
 #include <connectd/connectd_wiregen.h>
+#include <errno.h>
+#include <hsmd/hsmd_wiregen.h>
 #include <lightningd/channel.h>
 #include <lightningd/channel_control.h>
 #include <lightningd/notification.h>
@@ -11,6 +13,7 @@
 #include <lightningd/peer_control.h>
 #include <lightningd/subd.h>
 #include <openingd/openingd_wiregen.h>
+#include <wire/wire_sync.h>
 
 static void destroy_uncommitted_channel(struct uncommitted_channel *uc)
 {
@@ -34,6 +37,7 @@ new_uncommitted_channel(struct peer *peer)
 {
 	struct lightningd *ld = peer->ld;
 	struct uncommitted_channel *uc = tal(ld, struct uncommitted_channel);
+	u8 *new_channel_msg;
 
 	uc->peer = peer;
 	assert(!peer->uncommitted_channel);
@@ -49,6 +53,15 @@ new_uncommitted_channel(struct peer *peer)
 
 	memset(&uc->cid, 0xFF, sizeof(uc->cid));
 
+	/* Declare the new channel to the HSM. */
+	new_channel_msg = towire_hsmd_new_channel(NULL, &uc->peer->id, uc->dbid);
+	if (!wire_sync_write(ld->hsm_fd, take(new_channel_msg)))
+		fatal("Could not write to HSM: %s", strerror(errno));
+	new_channel_msg = wire_sync_read(tmpctx, ld->hsm_fd);
+	if (!fromwire_hsmd_new_channel_reply(new_channel_msg))
+		fatal("HSM gave bad hsm_new_channel_reply %s",
+		      tal_hex(new_channel_msg, new_channel_msg));
+
 	get_channel_basepoints(ld, &uc->peer->id, uc->dbid,
 			       &uc->local_basepoints, &uc->local_funding_pubkey);
 
diff --git a/wallet/test/run-wallet.c b/wallet/test/run-wallet.c
index 213b54c44..2d65f6e7f 100644
--- a/wallet/test/run-wallet.c
+++ b/wallet/test/run-wallet.c
@@ -138,6 +138,10 @@ bool fromwire_custommsg_in(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u8
 /* Generated stub for fromwire_gossipd_get_stripped_cupdate_reply */
 bool fromwire_gossipd_get_stripped_cupdate_reply(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u8 **stripped_update UNNEEDED)
 { fprintf(stderr, "fromwire_gossipd_get_stripped_cupdate_reply called!\n"); abort(); }
+u8 *towire_hsmd_new_channel(const tal_t *ctx UNNEEDED, const struct node_id *id UNNEEDED, u64 dbid UNNEEDED)
+{ fprintf(stderr, "towire_hsmd_new_channel called!\n"); abort(); }
+bool fromwire_hsmd_new_channel_reply(const void *p UNNEEDED)
+{ fprintf(stderr, "fromwire_hsmd_new_channel_reply called!\n"); abort(); }
 /* Generated stub for fromwire_hsmd_get_output_scriptpubkey_reply */
 bool fromwire_hsmd_get_output_scriptpubkey_reply(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u8 **script UNNEEDED)
 { fprintf(stderr, "fromwire_hsmd_get_output_scriptpubkey_reply called!\n"); abort(); }