hsmd: rename "capabilities" flags for hsm fds to "permissions"

I obviously like the word "capabilities" since I reused it to refer
to the HSM's overall features :(

Suggested-by: @ksedgwic
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

common/hsm_version.h

@@ -16,6 +16,7 @@
  * v4 with sign_anchorspend: 8a30722e38b56e82af566b9629ff18da01fcebd1e80ec67f04d8b3a2fa66d81c
  * v4 with sign_htlc_tx_mingle: b9247e75d41ee1b3fc2f7db0bac8f4e92d544ab2f017d430ae3a000589c384e5
  * v4 with splicing: 06f21012936f825913af289fa81af1512c9ada1cb97c611698975a8fd287edbb
+ * v4 with capabilities called permissions: 7c5bf8ec7cf30302740db85260a9d1ac2c5b0323a2376c28df6b611831f91655
  */
 #define HSM_MIN_VERSION 3
 #define HSM_MAX_VERSION 4

hsmd/Makefile

@@ -4,7 +4,7 @@ HSMD_SRC := hsmd/hsmd.c	\
 	hsmd/hsmd_wiregen.c \
 	hsmd/libhsmd.c
 
-HSMD_HEADERS := hsmd/hsmd_wiregen.h
+HSMD_HEADERS := hsmd/hsmd_wiregen.h hsmd/permissions.h
 HSMD_OBJS := $(HSMD_SRC:.c=.o)
 
 $(HSMD_OBJS): $(HSMD_HEADERS)

hsmd/capabilities.h

@@ -1,14 +0,0 @@
-#ifndef LIGHTNING_HSMD_CAPABILITIES_H
-#define LIGHTNING_HSMD_CAPABILITIES_H
-#include "config.h"
-
-#define HSM_CAP_ECDH 1
-#define HSM_CAP_SIGN_GOSSIP 2
-#define HSM_CAP_SIGN_ONCHAIN_TX 4
-#define HSM_CAP_COMMITMENT_POINT 8
-#define HSM_CAP_SIGN_REMOTE_TX 16
-#define HSM_CAP_SIGN_CLOSING_TX 32
-#define HSM_CAP_SIGN_WILL_FUND_OFFER 64
-
-#define HSM_CAP_MASTER 1024
-#endif /* LIGHTNING_HSMD_CAPABILITIES_H */

hsmd/hsmd.c

@@ -22,9 +22,9 @@
 #include <common/type_to_string.h>
 #include <errno.h>
 #include <fcntl.h>
-#include <hsmd/capabilities.h>
 /*~ _wiregen files are autogenerated by tools/generate-wire.py */
 #include <hsmd/libhsmd.h>
+#include <hsmd/permissions.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <wire/wire_io.h>
@@ -754,7 +754,7 @@ int main(int argc, char *argv[])
 	uintmap_init(&clients);
 
 	master = new_client(NULL, NULL, NULL, 0,
-			    HSM_CAP_MASTER | HSM_CAP_SIGN_GOSSIP | HSM_CAP_ECDH,
+			    HSM_PERM_MASTER | HSM_PERM_SIGN_GOSSIP | HSM_PERM_ECDH,
 			    REQ_FD);
 
 	/* First client == lightningd. */

hsmd/hsmd_wire.csv

@@ -46,13 +46,13 @@ msgdata,hsmd_new_channel,dbid,u64,
 # No value returned.
 msgtype,hsmd_new_channel_reply,130
 
-# Get a new HSM FD, with the specified capabilities
+# Get a new HSM FD, with the specified permissions
 msgtype,hsmd_client_hsmfd,9
 # Which identity to use for requests
 msgdata,hsmd_client_hsmfd,id,node_id,
 # Database id for this client, if any.
 msgdata,hsmd_client_hsmfd,dbid,u64,
-msgdata,hsmd_client_hsmfd,capabilities,u64,
+msgdata,hsmd_client_hsmfd,permissions,u64,
 
 # No content, just an fd.
 msgtype,hsmd_client_hsmfd_reply,109

hsmd/libhsmd.c

@@ -8,8 +8,8 @@
 #include <common/key_derive.h>
 #include <common/lease_rates.h>
 #include <common/type_to_string.h>
-#include <hsmd/capabilities.h>
 #include <hsmd/libhsmd.h>
+#include <hsmd/permissions.h>
 #include <inttypes.h>
 #include <secp256k1_ecdh.h>
 #include <secp256k1_schnorrsig.h>
@@ -79,38 +79,38 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
 	 */
 	switch (t) {
 	case WIRE_HSMD_ECDH_REQ:
-		return (client->capabilities & HSM_CAP_ECDH) != 0;
+		return (client->capabilities & HSM_PERM_ECDH) != 0;
 
 	case WIRE_HSMD_CANNOUNCEMENT_SIG_REQ:
 	case WIRE_HSMD_CUPDATE_SIG_REQ:
 	case WIRE_HSMD_NODE_ANNOUNCEMENT_SIG_REQ:
-		return (client->capabilities & HSM_CAP_SIGN_GOSSIP) != 0;
+		return (client->capabilities & HSM_PERM_SIGN_GOSSIP) != 0;
 
 	case WIRE_HSMD_SIGN_DELAYED_PAYMENT_TO_US:
 	case WIRE_HSMD_SIGN_REMOTE_HTLC_TO_US:
 	case WIRE_HSMD_SIGN_PENALTY_TO_US:
 	case WIRE_HSMD_SIGN_LOCAL_HTLC_TX:
-		return (client->capabilities & HSM_CAP_SIGN_ONCHAIN_TX) != 0;
+		return (client->capabilities & HSM_PERM_SIGN_ONCHAIN_TX) != 0;
 
 	case WIRE_HSMD_GET_PER_COMMITMENT_POINT:
 	case WIRE_HSMD_CHECK_FUTURE_SECRET:
 	case WIRE_HSMD_READY_CHANNEL:
-		return (client->capabilities & HSM_CAP_COMMITMENT_POINT) != 0;
+		return (client->capabilities & HSM_PERM_COMMITMENT_POINT) != 0;
 
 	case WIRE_HSMD_SIGN_REMOTE_COMMITMENT_TX:
 	case WIRE_HSMD_SIGN_REMOTE_HTLC_TX:
 	case WIRE_HSMD_VALIDATE_COMMITMENT_TX:
 	case WIRE_HSMD_VALIDATE_REVOCATION:
-		return (client->capabilities & HSM_CAP_SIGN_REMOTE_TX) != 0;
+		return (client->capabilities & HSM_PERM_SIGN_REMOTE_TX) != 0;
 
 	case WIRE_HSMD_SIGN_MUTUAL_CLOSE_TX:
-		return (client->capabilities & HSM_CAP_SIGN_CLOSING_TX) != 0;
+		return (client->capabilities & HSM_PERM_SIGN_CLOSING_TX) != 0;
 
 	case WIRE_HSMD_SIGN_SPLICE_TX:
 		return (client->capabilities & WIRE_HSMD_SIGN_SPLICE_TX) != 0;
 
 	case WIRE_HSMD_SIGN_OPTION_WILL_FUND_OFFER:
-		return (client->capabilities & HSM_CAP_SIGN_WILL_FUND_OFFER) != 0;
+		return (client->capabilities & HSM_PERM_SIGN_WILL_FUND_OFFER) != 0;
 
 	case WIRE_HSMD_INIT:
 	case WIRE_HSMD_NEW_CHANNEL:
@@ -133,7 +133,7 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
 	case WIRE_HSMD_SIGN_ANY_LOCAL_HTLC_TX:
 	case WIRE_HSMD_SIGN_ANCHORSPEND:
 	case WIRE_HSMD_SIGN_HTLC_TX_MINGLE:
-		return (client->capabilities & HSM_CAP_MASTER) != 0;
+		return (client->capabilities & HSM_PERM_MASTER) != 0;
 
 	/*~ These are messages sent by the HSM so we should never receive them. */
 	/* FIXME: Since we autogenerate these, we should really generate separate

hsmd/permissions.h

@@ -0,0 +1,14 @@
+#ifndef LIGHTNING_HSMD_PERMISSIONS_H
+#define LIGHTNING_HSMD_PERMISSIONS_H
+#include "config.h"
+
+#define HSM_PERM_ECDH 1
+#define HSM_PERM_SIGN_GOSSIP 2
+#define HSM_PERM_SIGN_ONCHAIN_TX 4
+#define HSM_PERM_COMMITMENT_POINT 8
+#define HSM_PERM_SIGN_REMOTE_TX 16
+#define HSM_PERM_SIGN_CLOSING_TX 32
+#define HSM_PERM_SIGN_WILL_FUND_OFFER 64
+
+#define HSM_PERM_MASTER 1024
+#endif /* LIGHTNING_HSMD_PERMISSIONS_H */

lightningd/channel_control.c

@@ -13,7 +13,7 @@
 #include <connectd/connectd_wiregen.h>
 #include <errno.h>
 #include <fcntl.h>
-#include <hsmd/capabilities.h>
+#include <hsmd/permissions.h>
 #include <lightningd/chaintopology.h>
 #include <lightningd/channel.h>
 #include <lightningd/channel_control.h>
@@ -1264,12 +1264,12 @@ bool peer_start_channeld(struct channel *channel,
 
 	hsmfd = hsm_get_client_fd(ld, &channel->peer->id,
 				  channel->dbid,
-				  HSM_CAP_SIGN_GOSSIP
-				  | HSM_CAP_ECDH
-				  | HSM_CAP_COMMITMENT_POINT
-				  | HSM_CAP_SIGN_REMOTE_TX
-				  | HSM_CAP_SIGN_ONCHAIN_TX
-				  | HSM_CAP_SIGN_CLOSING_TX);
+				  HSM_PERM_SIGN_GOSSIP
+				  | HSM_PERM_ECDH
+				  | HSM_PERM_COMMITMENT_POINT
+				  | HSM_PERM_SIGN_REMOTE_TX
+				  | HSM_PERM_SIGN_ONCHAIN_TX
+				  | HSM_PERM_SIGN_CLOSING_TX);
 
 	channel_set_owner(channel,
 			  new_channel_subd(channel, ld,

lightningd/closing_control.c

@@ -20,7 +20,7 @@
 #include <connectd/connectd_wiregen.h>
 #include <errno.h>
 #include <gossipd/gossipd_wiregen.h>
-#include <hsmd/capabilities.h>
+#include <hsmd/permissions.h>
 #include <inttypes.h>
 #include <lightningd/bitcoind.h>
 #include <lightningd/chaintopology.h>
@@ -379,8 +379,8 @@ void peer_start_closingd(struct channel *channel, struct peer_fd *peer_fd)
 	}
 
 	hsmfd = hsm_get_client_fd(ld, &channel->peer->id, channel->dbid,
-				  HSM_CAP_SIGN_CLOSING_TX
-				  | HSM_CAP_COMMITMENT_POINT);
+				  HSM_PERM_SIGN_CLOSING_TX
+				  | HSM_PERM_COMMITMENT_POINT);
 
 	channel_set_owner(channel,
 			  new_channel_subd(channel, ld,

lightningd/connect_control.c

@@ -10,7 +10,7 @@
 #include <common/type_to_string.h>
 #include <connectd/connectd_wiregen.h>
 #include <gossipd/gossipd_wiregen.h>
-#include <hsmd/capabilities.h>
+#include <hsmd/permissions.h>
 #include <lightningd/channel.h>
 #include <lightningd/connect_control.h>
 #include <lightningd/dual_open_control.h>
@@ -661,7 +661,7 @@ int connectd_init(struct lightningd *ld)
 	if (socketpair(AF_LOCAL, SOCK_STREAM, 0, fds) != 0)
 		fatal("Could not socketpair for connectd<->gossipd");
 
-	hsmfd = hsm_get_global_fd(ld, HSM_CAP_ECDH);
+	hsmfd = hsm_get_global_fd(ld, HSM_PERM_ECDH);
 
 	ld->connectd = new_global_subd(ld, "lightning_connectd",
 				       connectd_wire_name, connectd_msg,

lightningd/dual_open_control.c

@@ -17,7 +17,7 @@
 #include <common/wire_error.h>
 #include <connectd/connectd_wiregen.h>
 #include <errno.h>
-#include <hsmd/capabilities.h>
+#include <hsmd/permissions.h>
 #include <lightningd/chaintopology.h>
 #include <lightningd/channel.h>
 #include <lightningd/channel_control.h>
@@ -3695,9 +3695,9 @@ bool peer_start_dualopend(struct peer *peer,
 	const u8 *msg;
 
 	hsmfd = hsm_get_client_fd(peer->ld, &peer->id, channel->unsaved_dbid,
-				  HSM_CAP_COMMITMENT_POINT
-				  | HSM_CAP_SIGN_REMOTE_TX
-				  | HSM_CAP_SIGN_WILL_FUND_OFFER);
+				  HSM_PERM_COMMITMENT_POINT
+				  | HSM_PERM_SIGN_REMOTE_TX
+				  | HSM_PERM_SIGN_WILL_FUND_OFFER);
 
 	channel->owner = new_channel_subd(channel,
 					  peer->ld,
@@ -3767,9 +3767,9 @@ bool peer_restart_dualopend(struct peer *peer,
 		return peer_start_dualopend(peer, peer_fd, channel);
 
 	hsmfd = hsm_get_client_fd(peer->ld, &peer->id, channel->dbid,
-				  HSM_CAP_COMMITMENT_POINT
-				  | HSM_CAP_SIGN_REMOTE_TX
-				  | HSM_CAP_SIGN_WILL_FUND_OFFER);
+				  HSM_PERM_COMMITMENT_POINT
+				  | HSM_PERM_SIGN_REMOTE_TX
+				  | HSM_PERM_SIGN_WILL_FUND_OFFER);
 
 	channel_set_owner(channel,
 			  new_channel_subd(channel, peer->ld,

lightningd/gossip_control.c

@@ -7,7 +7,7 @@
 #include <common/json_stream.h>
 #include <common/type_to_string.h>
 #include <gossipd/gossipd_wiregen.h>
-#include <hsmd/capabilities.h>
+#include <hsmd/permissions.h>
 #include <lightningd/bitcoind.h>
 #include <lightningd/chaintopology.h>
 #include <lightningd/channel.h>
@@ -270,7 +270,7 @@ void gossip_init(struct lightningd *ld, int connectd_fd)
 	int hsmfd;
 	void *ret;
 
-	hsmfd = hsm_get_global_fd(ld, HSM_CAP_ECDH|HSM_CAP_SIGN_GOSSIP);
+	hsmfd = hsm_get_global_fd(ld, HSM_PERM_ECDH|HSM_PERM_SIGN_GOSSIP);
 
 	ld->gossip = new_global_subd(ld, "lightning_gossipd",
 				     gossipd_wire_name, gossip_msg,

lightningd/hsm_control.c

@@ -24,12 +24,12 @@
 static int hsm_get_fd(struct lightningd *ld,
 		      const struct node_id *id,
 		      u64 dbid,
-		      int capabilities)
+		      u64 permissions)
 {
 	int hsm_fd;
 	const u8 *msg;
 
-	msg = towire_hsmd_client_hsmfd(NULL, id, dbid, capabilities);
+	msg = towire_hsmd_client_hsmfd(NULL, id, dbid, permissions);
 	msg = hsm_sync_req(tmpctx, ld, take(msg));
 	if (!fromwire_hsmd_client_hsmfd_reply(msg))
 		fatal("Bad reply from HSM: %s", tal_hex(tmpctx, msg));
@@ -43,16 +43,16 @@ static int hsm_get_fd(struct lightningd *ld,
 int hsm_get_client_fd(struct lightningd *ld,
 		      const struct node_id *id,
 		      u64 dbid,
-		      int capabilities)
+		      u64 permissions)
 {
 	assert(dbid);
 
-	return hsm_get_fd(ld, id, dbid, capabilities);
+	return hsm_get_fd(ld, id, dbid, permissions);
 }
 
-int hsm_get_global_fd(struct lightningd *ld, int capabilities)
+int hsm_get_global_fd(struct lightningd *ld, u64 permissions)
 {
-	return hsm_get_fd(ld, &ld->id, 0, capabilities);
+	return hsm_get_fd(ld, &ld->id, 0, permissions);
 }
 
 static unsigned int hsm_msg(struct subd *hsmd,

lightningd/hsm_control.h

@@ -11,10 +11,10 @@ struct ext_key;
 int hsm_get_client_fd(struct lightningd *ld,
 		      const struct node_id *id,
 		      u64 dbid,
-		      int capabilities);
+		      u64 permissions);
 
 /* Ask HSM for an fd for a global subdaemon to use (gossipd, connectd) */
-int hsm_get_global_fd(struct lightningd *ld, int capabilities);
+int hsm_get_global_fd(struct lightningd *ld, u64 permissions);
 
 /* Is this capability supported by the HSM? (So far, always a message
  * number) */

lightningd/onchain_control.c

@@ -9,8 +9,8 @@
 #include <common/type_to_string.h>
 #include <db/exec.h>
 #include <errno.h>
-#include <hsmd/capabilities.h>
 #include <hsmd/hsmd_wiregen.h>
+#include <hsmd/permissions.h>
 #include <inttypes.h>
 #include <lightningd/chaintopology.h>
 #include <lightningd/channel.h>
@@ -1553,8 +1553,8 @@ enum watch_result onchaind_funding_spent(struct channel *channel,
 
 	hsmfd = hsm_get_client_fd(ld, &channel->peer->id,
 				  channel->dbid,
-				  HSM_CAP_SIGN_ONCHAIN_TX
-				  | HSM_CAP_COMMITMENT_POINT);
+				  HSM_PERM_SIGN_ONCHAIN_TX
+				  | HSM_PERM_COMMITMENT_POINT);
 
 	channel_set_owner(channel, new_channel_subd(channel, ld,
 						    "lightning_onchaind",

lightningd/opening_control.c

@@ -15,7 +15,7 @@
 #include <common/type_to_string.h>
 #include <connectd/connectd_wiregen.h>
 #include <errno.h>
-#include <hsmd/capabilities.h>
+#include <hsmd/permissions.h>
 #include <lightningd/chaintopology.h>
 #include <lightningd/channel.h>
 #include <lightningd/channel_control.h>
@@ -933,8 +933,8 @@ bool peer_start_openingd(struct peer *peer, struct peer_fd *peer_fd)
 	assert(!uc->open_daemon);
 
 	hsmfd = hsm_get_client_fd(peer->ld, &uc->peer->id, uc->dbid,
-				  HSM_CAP_COMMITMENT_POINT
-				  | HSM_CAP_SIGN_REMOTE_TX);
+				  HSM_PERM_COMMITMENT_POINT
+				  | HSM_PERM_SIGN_REMOTE_TX);
 
 	uc->open_daemon = new_channel_subd(peer, peer->ld,
 					"lightning_openingd",