hsmd: rename "capabilities" flags for hsm fds to "permissions"

I obviously like the word "capabilities" since I reused it to refer to the HSM's overall features :( Suggested-by: @ksedgwic Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-11-19 01:43:36 +01:00 · 2023-08-07 15:21:40 +09:30 · 2023-08-07 15:21:40 +09:30 · d95cfc0b64
commit d95cfc0b64
parent 32b88a2340
16 changed files with 64 additions and 63 deletions
--- a/common/hsm_version.h
+++ b/common/hsm_version.h
@ -16,6 +16,7 @@
 * v4 with sign_anchorspend: 8a30722e38b56e82af566b9629ff18da01fcebd1e80ec67f04d8b3a2fa66d81c
 * v4 with sign_htlc_tx_mingle: b9247e75d41ee1b3fc2f7db0bac8f4e92d544ab2f017d430ae3a000589c384e5
 * v4 with splicing: 06f21012936f825913af289fa81af1512c9ada1cb97c611698975a8fd287edbb
 * v4 with capabilities called permissions: 7c5bf8ec7cf30302740db85260a9d1ac2c5b0323a2376c28df6b611831f91655
 */
 #define HSM_MIN_VERSION 3
 #define HSM_MAX_VERSION 4
--- a/hsmd/Makefile
+++ b/hsmd/Makefile
@ -4,7 +4,7 @@ HSMD_SRC := hsmd/hsmd.c	\
 	hsmd/hsmd_wiregen.c \
 	hsmd/libhsmd.c
-HSMD_HEADERS := hsmd/hsmd_wiregen.h
+HSMD_HEADERS := hsmd/hsmd_wiregen.h hsmd/permissions.h
 HSMD_OBJS := $(HSMD_SRC:.c=.o)
 $(HSMD_OBJS): $(HSMD_HEADERS)
--- a/hsmd/capabilities.h
+++ b/hsmd/capabilities.h
@ -1,14 +0,0 @@
 #ifndef LIGHTNING_HSMD_CAPABILITIES_H
 #define LIGHTNING_HSMD_CAPABILITIES_H
 #include "config.h"
 #define HSM_CAP_ECDH 1
 #define HSM_CAP_SIGN_GOSSIP 2
 #define HSM_CAP_SIGN_ONCHAIN_TX 4
 #define HSM_CAP_COMMITMENT_POINT 8
 #define HSM_CAP_SIGN_REMOTE_TX 16
 #define HSM_CAP_SIGN_CLOSING_TX 32
 #define HSM_CAP_SIGN_WILL_FUND_OFFER 64
 #define HSM_CAP_MASTER 1024
 #endif /* LIGHTNING_HSMD_CAPABILITIES_H */
--- a/hsmd/hsmd.c
+++ b/hsmd/hsmd.c
@ -22,9 +22,9 @@
 #include <common/type_to_string.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <hsmd/capabilities.h>
 /*~ _wiregen files are autogenerated by tools/generate-wire.py */
 #include <hsmd/libhsmd.h>
 #include <hsmd/permissions.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <wire/wire_io.h>
@ -754,7 +754,7 @@ int main(int argc, char *argv[])
 	uintmap_init(&clients);
 	master = new_client(NULL, NULL, NULL, 0,
-			    HSM_CAP_MASTER | HSM_CAP_SIGN_GOSSIP | HSM_CAP_ECDH,
+			    HSM_PERM_MASTER | HSM_PERM_SIGN_GOSSIP | HSM_PERM_ECDH,
 			    REQ_FD);
 	/* First client == lightningd. */
--- a/hsmd/hsmd_wire.csv
+++ b/hsmd/hsmd_wire.csv
@ -46,13 +46,13 @@ msgdata,hsmd_new_channel,dbid,u64,
 # No value returned.
 msgtype,hsmd_new_channel_reply,130
-# Get a new HSM FD, with the specified capabilities
+# Get a new HSM FD, with the specified permissions
 msgtype,hsmd_client_hsmfd,9
 # Which identity to use for requests
 msgdata,hsmd_client_hsmfd,id,node_id,
 # Database id for this client, if any.
 msgdata,hsmd_client_hsmfd,dbid,u64,
-msgdata,hsmd_client_hsmfd,capabilities,u64,
+msgdata,hsmd_client_hsmfd,permissions,u64,
 # No content, just an fd.
 msgtype,hsmd_client_hsmfd_reply,109
--- a/hsmd/libhsmd.c
+++ b/hsmd/libhsmd.c
@ -8,8 +8,8 @@
 #include <common/key_derive.h>
 #include <common/lease_rates.h>
 #include <common/type_to_string.h>
 #include <hsmd/capabilities.h>
 #include <hsmd/libhsmd.h>
 #include <hsmd/permissions.h>
 #include <inttypes.h>
 #include <secp256k1_ecdh.h>
 #include <secp256k1_schnorrsig.h>
@ -79,38 +79,38 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
 	 */
 	switch (t) {
 	case WIRE_HSMD_ECDH_REQ:
-		return (client->capabilities & HSM_CAP_ECDH) != 0;
+		return (client->capabilities & HSM_PERM_ECDH) != 0;
 	case WIRE_HSMD_CANNOUNCEMENT_SIG_REQ:
 	case WIRE_HSMD_CUPDATE_SIG_REQ:
 	case WIRE_HSMD_NODE_ANNOUNCEMENT_SIG_REQ:
-		return (client->capabilities & HSM_CAP_SIGN_GOSSIP) != 0;
+		return (client->capabilities & HSM_PERM_SIGN_GOSSIP) != 0;
 	case WIRE_HSMD_SIGN_DELAYED_PAYMENT_TO_US:
 	case WIRE_HSMD_SIGN_REMOTE_HTLC_TO_US:
 	case WIRE_HSMD_SIGN_PENALTY_TO_US:
 	case WIRE_HSMD_SIGN_LOCAL_HTLC_TX:
-		return (client->capabilities & HSM_CAP_SIGN_ONCHAIN_TX) != 0;
+		return (client->capabilities & HSM_PERM_SIGN_ONCHAIN_TX) != 0;
 	case WIRE_HSMD_GET_PER_COMMITMENT_POINT:
 	case WIRE_HSMD_CHECK_FUTURE_SECRET:
 	case WIRE_HSMD_READY_CHANNEL:
-		return (client->capabilities & HSM_CAP_COMMITMENT_POINT) != 0;
+		return (client->capabilities & HSM_PERM_COMMITMENT_POINT) != 0;
 	case WIRE_HSMD_SIGN_REMOTE_COMMITMENT_TX:
 	case WIRE_HSMD_SIGN_REMOTE_HTLC_TX:
 	case WIRE_HSMD_VALIDATE_COMMITMENT_TX:
 	case WIRE_HSMD_VALIDATE_REVOCATION:
-		return (client->capabilities & HSM_CAP_SIGN_REMOTE_TX) != 0;
+		return (client->capabilities & HSM_PERM_SIGN_REMOTE_TX) != 0;
 	case WIRE_HSMD_SIGN_MUTUAL_CLOSE_TX:
-		return (client->capabilities & HSM_CAP_SIGN_CLOSING_TX) != 0;
+		return (client->capabilities & HSM_PERM_SIGN_CLOSING_TX) != 0;
 	case WIRE_HSMD_SIGN_SPLICE_TX:
 		return (client->capabilities & WIRE_HSMD_SIGN_SPLICE_TX) != 0;
 	case WIRE_HSMD_SIGN_OPTION_WILL_FUND_OFFER:
-		return (client->capabilities & HSM_CAP_SIGN_WILL_FUND_OFFER) != 0;
+		return (client->capabilities & HSM_PERM_SIGN_WILL_FUND_OFFER) != 0;
 	case WIRE_HSMD_INIT:
 	case WIRE_HSMD_NEW_CHANNEL:
@ -133,7 +133,7 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
 	case WIRE_HSMD_SIGN_ANY_LOCAL_HTLC_TX:
 	case WIRE_HSMD_SIGN_ANCHORSPEND:
 	case WIRE_HSMD_SIGN_HTLC_TX_MINGLE:
-		return (client->capabilities & HSM_CAP_MASTER) != 0;
+		return (client->capabilities & HSM_PERM_MASTER) != 0;
 	/*~ These are messages sent by the HSM so we should never receive them. */
 	/* FIXME: Since we autogenerate these, we should really generate separate
--- a/hsmd/permissions.h
+++ b/hsmd/permissions.h
@ -0,0 +1,14 @@
 #ifndef LIGHTNING_HSMD_PERMISSIONS_H
 #define LIGHTNING_HSMD_PERMISSIONS_H
 #include "config.h"
 #define HSM_PERM_ECDH 1
 #define HSM_PERM_SIGN_GOSSIP 2
 #define HSM_PERM_SIGN_ONCHAIN_TX 4
 #define HSM_PERM_COMMITMENT_POINT 8
 #define HSM_PERM_SIGN_REMOTE_TX 16
 #define HSM_PERM_SIGN_CLOSING_TX 32
 #define HSM_PERM_SIGN_WILL_FUND_OFFER 64
 #define HSM_PERM_MASTER 1024
 #endif /* LIGHTNING_HSMD_PERMISSIONS_H */
--- a/lightningd/channel_control.c
+++ b/lightningd/channel_control.c
@ -13,7 +13,7 @@
 #include <connectd/connectd_wiregen.h>
 #include <errno.h>
 #include <fcntl.h>
-#include <hsmd/capabilities.h>
+#include <hsmd/permissions.h>
 #include <lightningd/chaintopology.h>
 #include <lightningd/channel.h>
 #include <lightningd/channel_control.h>
@ -1264,12 +1264,12 @@ bool peer_start_channeld(struct channel *channel,
 	hsmfd = hsm_get_client_fd(ld, &channel->peer->id,
 				  channel->dbid,
-				  HSM_CAP_SIGN_GOSSIP
+				  HSM_PERM_SIGN_GOSSIP
-				  | HSM_CAP_ECDH
+				  | HSM_PERM_ECDH
-				  | HSM_CAP_COMMITMENT_POINT
+				  | HSM_PERM_COMMITMENT_POINT
-				  | HSM_CAP_SIGN_REMOTE_TX
+				  | HSM_PERM_SIGN_REMOTE_TX
-				  | HSM_CAP_SIGN_ONCHAIN_TX
+				  | HSM_PERM_SIGN_ONCHAIN_TX
-				  | HSM_CAP_SIGN_CLOSING_TX);
+				  | HSM_PERM_SIGN_CLOSING_TX);
 	channel_set_owner(channel,
 			  new_channel_subd(channel, ld,
--- a/lightningd/closing_control.c
+++ b/lightningd/closing_control.c
@ -20,7 +20,7 @@
 #include <connectd/connectd_wiregen.h>
 #include <errno.h>
 #include <gossipd/gossipd_wiregen.h>
-#include <hsmd/capabilities.h>
+#include <hsmd/permissions.h>
 #include <inttypes.h>
 #include <lightningd/bitcoind.h>
 #include <lightningd/chaintopology.h>
@ -379,8 +379,8 @@ void peer_start_closingd(struct channel *channel, struct peer_fd *peer_fd)
 	}
 	hsmfd = hsm_get_client_fd(ld, &channel->peer->id, channel->dbid,
-				  HSM_CAP_SIGN_CLOSING_TX
+				  HSM_PERM_SIGN_CLOSING_TX
-				  | HSM_CAP_COMMITMENT_POINT);
+				  | HSM_PERM_COMMITMENT_POINT);
 	channel_set_owner(channel,
 			  new_channel_subd(channel, ld,
--- a/lightningd/connect_control.c
+++ b/lightningd/connect_control.c
@ -10,7 +10,7 @@
 #include <common/type_to_string.h>
 #include <connectd/connectd_wiregen.h>
 #include <gossipd/gossipd_wiregen.h>
-#include <hsmd/capabilities.h>
+#include <hsmd/permissions.h>
 #include <lightningd/channel.h>
 #include <lightningd/connect_control.h>
 #include <lightningd/dual_open_control.h>
@ -661,7 +661,7 @@ int connectd_init(struct lightningd *ld)
 	if (socketpair(AF_LOCAL, SOCK_STREAM, 0, fds) != 0)
 		fatal("Could not socketpair for connectd<->gossipd");
-	hsmfd = hsm_get_global_fd(ld, HSM_CAP_ECDH);
+	hsmfd = hsm_get_global_fd(ld, HSM_PERM_ECDH);
 	ld->connectd = new_global_subd(ld, "lightning_connectd",
 				       connectd_wire_name, connectd_msg,
--- a/lightningd/dual_open_control.c
+++ b/lightningd/dual_open_control.c
@ -17,7 +17,7 @@
 #include <common/wire_error.h>
 #include <connectd/connectd_wiregen.h>
 #include <errno.h>
-#include <hsmd/capabilities.h>
+#include <hsmd/permissions.h>
 #include <lightningd/chaintopology.h>
 #include <lightningd/channel.h>
 #include <lightningd/channel_control.h>
@ -3695,9 +3695,9 @@ bool peer_start_dualopend(struct peer *peer,
 	const u8 *msg;
 	hsmfd = hsm_get_client_fd(peer->ld, &peer->id, channel->unsaved_dbid,
-				  HSM_CAP_COMMITMENT_POINT
+				  HSM_PERM_COMMITMENT_POINT
-				  | HSM_CAP_SIGN_REMOTE_TX
+				  | HSM_PERM_SIGN_REMOTE_TX
-				  | HSM_CAP_SIGN_WILL_FUND_OFFER);
+				  | HSM_PERM_SIGN_WILL_FUND_OFFER);
 	channel->owner = new_channel_subd(channel,
 					  peer->ld,
@ -3767,9 +3767,9 @@ bool peer_restart_dualopend(struct peer *peer,
 		return peer_start_dualopend(peer, peer_fd, channel);
 	hsmfd = hsm_get_client_fd(peer->ld, &peer->id, channel->dbid,
-				  HSM_CAP_COMMITMENT_POINT
+				  HSM_PERM_COMMITMENT_POINT
-				  | HSM_CAP_SIGN_REMOTE_TX
+				  | HSM_PERM_SIGN_REMOTE_TX
-				  | HSM_CAP_SIGN_WILL_FUND_OFFER);
+				  | HSM_PERM_SIGN_WILL_FUND_OFFER);
 	channel_set_owner(channel,
 			  new_channel_subd(channel, peer->ld,
--- a/lightningd/gossip_control.c
+++ b/lightningd/gossip_control.c
@ -7,7 +7,7 @@
 #include <common/json_stream.h>
 #include <common/type_to_string.h>
 #include <gossipd/gossipd_wiregen.h>
-#include <hsmd/capabilities.h>
+#include <hsmd/permissions.h>
 #include <lightningd/bitcoind.h>
 #include <lightningd/chaintopology.h>
 #include <lightningd/channel.h>
@ -270,7 +270,7 @@ void gossip_init(struct lightningd *ld, int connectd_fd)
 	int hsmfd;
 	void *ret;
-	hsmfd = hsm_get_global_fd(ld, HSM_CAP_ECDH|HSM_CAP_SIGN_GOSSIP);
+	hsmfd = hsm_get_global_fd(ld, HSM_PERM_ECDH|HSM_PERM_SIGN_GOSSIP);
 	ld->gossip = new_global_subd(ld, "lightning_gossipd",
 				     gossipd_wire_name, gossip_msg,
--- a/lightningd/hsm_control.c
+++ b/lightningd/hsm_control.c
@ -24,12 +24,12 @@
 static int hsm_get_fd(struct lightningd *ld,
 		      const struct node_id *id,
 		      u64 dbid,
-		      int capabilities)
+		      u64 permissions)
 {
 	int hsm_fd;
 	const u8 *msg;
-	msg = towire_hsmd_client_hsmfd(NULL, id, dbid, capabilities);
+	msg = towire_hsmd_client_hsmfd(NULL, id, dbid, permissions);
 	msg = hsm_sync_req(tmpctx, ld, take(msg));
 	if (!fromwire_hsmd_client_hsmfd_reply(msg))
 		fatal("Bad reply from HSM: %s", tal_hex(tmpctx, msg));
@ -43,16 +43,16 @@ static int hsm_get_fd(struct lightningd *ld,
 int hsm_get_client_fd(struct lightningd *ld,
 		      const struct node_id *id,
 		      u64 dbid,
-		      int capabilities)
+		      u64 permissions)
 {
 	assert(dbid);
-	return hsm_get_fd(ld, id, dbid, capabilities);
+	return hsm_get_fd(ld, id, dbid, permissions);
 }
-int hsm_get_global_fd(struct lightningd *ld, int capabilities)
+int hsm_get_global_fd(struct lightningd *ld, u64 permissions)
 {
-	return hsm_get_fd(ld, &ld->id, 0, capabilities);
+	return hsm_get_fd(ld, &ld->id, 0, permissions);
 }
 static unsigned int hsm_msg(struct subd *hsmd,
--- a/lightningd/hsm_control.h
+++ b/lightningd/hsm_control.h
@ -11,10 +11,10 @@ struct ext_key;
 int hsm_get_client_fd(struct lightningd *ld,
 		      const struct node_id *id,
 		      u64 dbid,
-		      int capabilities);
+		      u64 permissions);
 /* Ask HSM for an fd for a global subdaemon to use (gossipd, connectd) */
-int hsm_get_global_fd(struct lightningd *ld, int capabilities);
+int hsm_get_global_fd(struct lightningd *ld, u64 permissions);
 /* Is this capability supported by the HSM? (So far, always a message
 * number) */
--- a/lightningd/onchain_control.c
+++ b/lightningd/onchain_control.c
@ -9,8 +9,8 @@
 #include <common/type_to_string.h>
 #include <db/exec.h>
 #include <errno.h>
 #include <hsmd/capabilities.h>
 #include <hsmd/hsmd_wiregen.h>
 #include <hsmd/permissions.h>
 #include <inttypes.h>
 #include <lightningd/chaintopology.h>
 #include <lightningd/channel.h>
@ -1553,8 +1553,8 @@ enum watch_result onchaind_funding_spent(struct channel *channel,
 	hsmfd = hsm_get_client_fd(ld, &channel->peer->id,
 				  channel->dbid,
-				  HSM_CAP_SIGN_ONCHAIN_TX
+				  HSM_PERM_SIGN_ONCHAIN_TX
-				  | HSM_CAP_COMMITMENT_POINT);
+				  | HSM_PERM_COMMITMENT_POINT);
 	channel_set_owner(channel, new_channel_subd(channel, ld,
 						    "lightning_onchaind",
--- a/lightningd/opening_control.c
+++ b/lightningd/opening_control.c
@ -15,7 +15,7 @@
 #include <common/type_to_string.h>
 #include <connectd/connectd_wiregen.h>
 #include <errno.h>
-#include <hsmd/capabilities.h>
+#include <hsmd/permissions.h>
 #include <lightningd/chaintopology.h>
 #include <lightningd/channel.h>
 #include <lightningd/channel_control.h>
@ -933,8 +933,8 @@ bool peer_start_openingd(struct peer *peer, struct peer_fd *peer_fd)
 	assert(!uc->open_daemon);
 	hsmfd = hsm_get_client_fd(peer->ld, &uc->peer->id, uc->dbid,
-				  HSM_CAP_COMMITMENT_POINT
+				  HSM_PERM_COMMITMENT_POINT
-				  | HSM_CAP_SIGN_REMOTE_TX);
+				  | HSM_PERM_SIGN_REMOTE_TX);
 	uc->open_daemon = new_channel_subd(peer, peer->ld,
 					"lightning_openingd",