hsmd: rename "capabilities" flags for hsm fds to "permissions"

I obviously like the word "capabilities" since I reused it to refer
to the HSM's overall features :(

Suggested-by: @ksedgwic
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell 2023-08-07 15:21:40 +09:30
parent 32b88a2340
commit d95cfc0b64
16 changed files with 64 additions and 63 deletions

View File

@ -16,6 +16,7 @@
* v4 with sign_anchorspend: 8a30722e38b56e82af566b9629ff18da01fcebd1e80ec67f04d8b3a2fa66d81c
* v4 with sign_htlc_tx_mingle: b9247e75d41ee1b3fc2f7db0bac8f4e92d544ab2f017d430ae3a000589c384e5
* v4 with splicing: 06f21012936f825913af289fa81af1512c9ada1cb97c611698975a8fd287edbb
* v4 with capabilities called permissions: 7c5bf8ec7cf30302740db85260a9d1ac2c5b0323a2376c28df6b611831f91655
*/
#define HSM_MIN_VERSION 3
#define HSM_MAX_VERSION 4

View File

@ -4,7 +4,7 @@ HSMD_SRC := hsmd/hsmd.c \
hsmd/hsmd_wiregen.c \
hsmd/libhsmd.c
HSMD_HEADERS := hsmd/hsmd_wiregen.h
HSMD_HEADERS := hsmd/hsmd_wiregen.h hsmd/permissions.h
HSMD_OBJS := $(HSMD_SRC:.c=.o)
$(HSMD_OBJS): $(HSMD_HEADERS)

View File

@ -1,14 +0,0 @@
#ifndef LIGHTNING_HSMD_CAPABILITIES_H
#define LIGHTNING_HSMD_CAPABILITIES_H
#include "config.h"
#define HSM_CAP_ECDH 1
#define HSM_CAP_SIGN_GOSSIP 2
#define HSM_CAP_SIGN_ONCHAIN_TX 4
#define HSM_CAP_COMMITMENT_POINT 8
#define HSM_CAP_SIGN_REMOTE_TX 16
#define HSM_CAP_SIGN_CLOSING_TX 32
#define HSM_CAP_SIGN_WILL_FUND_OFFER 64
#define HSM_CAP_MASTER 1024
#endif /* LIGHTNING_HSMD_CAPABILITIES_H */

View File

@ -22,9 +22,9 @@
#include <common/type_to_string.h>
#include <errno.h>
#include <fcntl.h>
#include <hsmd/capabilities.h>
/*~ _wiregen files are autogenerated by tools/generate-wire.py */
#include <hsmd/libhsmd.h>
#include <hsmd/permissions.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <wire/wire_io.h>
@ -754,7 +754,7 @@ int main(int argc, char *argv[])
uintmap_init(&clients);
master = new_client(NULL, NULL, NULL, 0,
HSM_CAP_MASTER | HSM_CAP_SIGN_GOSSIP | HSM_CAP_ECDH,
HSM_PERM_MASTER | HSM_PERM_SIGN_GOSSIP | HSM_PERM_ECDH,
REQ_FD);
/* First client == lightningd. */

View File

@ -46,13 +46,13 @@ msgdata,hsmd_new_channel,dbid,u64,
# No value returned.
msgtype,hsmd_new_channel_reply,130
# Get a new HSM FD, with the specified capabilities
# Get a new HSM FD, with the specified permissions
msgtype,hsmd_client_hsmfd,9
# Which identity to use for requests
msgdata,hsmd_client_hsmfd,id,node_id,
# Database id for this client, if any.
msgdata,hsmd_client_hsmfd,dbid,u64,
msgdata,hsmd_client_hsmfd,capabilities,u64,
msgdata,hsmd_client_hsmfd,permissions,u64,
# No content, just an fd.
msgtype,hsmd_client_hsmfd_reply,109

1 # Clients should not give a bad request but not the HSM's decision to crash.
46 msgdata,hsmd_client_hsmfd,id,node_id,
47 # Database id for this client, if any.
48 msgdata,hsmd_client_hsmfd,dbid,u64,
49 msgdata,hsmd_client_hsmfd,capabilities,u64, msgdata,hsmd_client_hsmfd,permissions,u64,
50 # No content, just an fd.
51 msgtype,hsmd_client_hsmfd_reply,109
52 #include <common/derive_basepoints.h>
53 # Get the basepoints and funding key for this specific channel.
54 msgtype,hsmd_get_channel_basepoints,10
55 msgdata,hsmd_get_channel_basepoints,peerid,node_id,
56 msgdata,hsmd_get_channel_basepoints,dbid,u64,
57 msgtype,hsmd_get_channel_basepoints_reply,110
58 msgdata,hsmd_get_channel_basepoints_reply,basepoints,basepoints,

View File

@ -8,8 +8,8 @@
#include <common/key_derive.h>
#include <common/lease_rates.h>
#include <common/type_to_string.h>
#include <hsmd/capabilities.h>
#include <hsmd/libhsmd.h>
#include <hsmd/permissions.h>
#include <inttypes.h>
#include <secp256k1_ecdh.h>
#include <secp256k1_schnorrsig.h>
@ -79,38 +79,38 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
*/
switch (t) {
case WIRE_HSMD_ECDH_REQ:
return (client->capabilities & HSM_CAP_ECDH) != 0;
return (client->capabilities & HSM_PERM_ECDH) != 0;
case WIRE_HSMD_CANNOUNCEMENT_SIG_REQ:
case WIRE_HSMD_CUPDATE_SIG_REQ:
case WIRE_HSMD_NODE_ANNOUNCEMENT_SIG_REQ:
return (client->capabilities & HSM_CAP_SIGN_GOSSIP) != 0;
return (client->capabilities & HSM_PERM_SIGN_GOSSIP) != 0;
case WIRE_HSMD_SIGN_DELAYED_PAYMENT_TO_US:
case WIRE_HSMD_SIGN_REMOTE_HTLC_TO_US:
case WIRE_HSMD_SIGN_PENALTY_TO_US:
case WIRE_HSMD_SIGN_LOCAL_HTLC_TX:
return (client->capabilities & HSM_CAP_SIGN_ONCHAIN_TX) != 0;
return (client->capabilities & HSM_PERM_SIGN_ONCHAIN_TX) != 0;
case WIRE_HSMD_GET_PER_COMMITMENT_POINT:
case WIRE_HSMD_CHECK_FUTURE_SECRET:
case WIRE_HSMD_READY_CHANNEL:
return (client->capabilities & HSM_CAP_COMMITMENT_POINT) != 0;
return (client->capabilities & HSM_PERM_COMMITMENT_POINT) != 0;
case WIRE_HSMD_SIGN_REMOTE_COMMITMENT_TX:
case WIRE_HSMD_SIGN_REMOTE_HTLC_TX:
case WIRE_HSMD_VALIDATE_COMMITMENT_TX:
case WIRE_HSMD_VALIDATE_REVOCATION:
return (client->capabilities & HSM_CAP_SIGN_REMOTE_TX) != 0;
return (client->capabilities & HSM_PERM_SIGN_REMOTE_TX) != 0;
case WIRE_HSMD_SIGN_MUTUAL_CLOSE_TX:
return (client->capabilities & HSM_CAP_SIGN_CLOSING_TX) != 0;
return (client->capabilities & HSM_PERM_SIGN_CLOSING_TX) != 0;
case WIRE_HSMD_SIGN_SPLICE_TX:
return (client->capabilities & WIRE_HSMD_SIGN_SPLICE_TX) != 0;
case WIRE_HSMD_SIGN_OPTION_WILL_FUND_OFFER:
return (client->capabilities & HSM_CAP_SIGN_WILL_FUND_OFFER) != 0;
return (client->capabilities & HSM_PERM_SIGN_WILL_FUND_OFFER) != 0;
case WIRE_HSMD_INIT:
case WIRE_HSMD_NEW_CHANNEL:
@ -133,7 +133,7 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
case WIRE_HSMD_SIGN_ANY_LOCAL_HTLC_TX:
case WIRE_HSMD_SIGN_ANCHORSPEND:
case WIRE_HSMD_SIGN_HTLC_TX_MINGLE:
return (client->capabilities & HSM_CAP_MASTER) != 0;
return (client->capabilities & HSM_PERM_MASTER) != 0;
/*~ These are messages sent by the HSM so we should never receive them. */
/* FIXME: Since we autogenerate these, we should really generate separate

14
hsmd/permissions.h Normal file
View File

@ -0,0 +1,14 @@
#ifndef LIGHTNING_HSMD_PERMISSIONS_H
#define LIGHTNING_HSMD_PERMISSIONS_H
#include "config.h"
#define HSM_PERM_ECDH 1
#define HSM_PERM_SIGN_GOSSIP 2
#define HSM_PERM_SIGN_ONCHAIN_TX 4
#define HSM_PERM_COMMITMENT_POINT 8
#define HSM_PERM_SIGN_REMOTE_TX 16
#define HSM_PERM_SIGN_CLOSING_TX 32
#define HSM_PERM_SIGN_WILL_FUND_OFFER 64
#define HSM_PERM_MASTER 1024
#endif /* LIGHTNING_HSMD_PERMISSIONS_H */

View File

@ -13,7 +13,7 @@
#include <connectd/connectd_wiregen.h>
#include <errno.h>
#include <fcntl.h>
#include <hsmd/capabilities.h>
#include <hsmd/permissions.h>
#include <lightningd/chaintopology.h>
#include <lightningd/channel.h>
#include <lightningd/channel_control.h>
@ -1264,12 +1264,12 @@ bool peer_start_channeld(struct channel *channel,
hsmfd = hsm_get_client_fd(ld, &channel->peer->id,
channel->dbid,
HSM_CAP_SIGN_GOSSIP
| HSM_CAP_ECDH
| HSM_CAP_COMMITMENT_POINT
| HSM_CAP_SIGN_REMOTE_TX
| HSM_CAP_SIGN_ONCHAIN_TX
| HSM_CAP_SIGN_CLOSING_TX);
HSM_PERM_SIGN_GOSSIP
| HSM_PERM_ECDH
| HSM_PERM_COMMITMENT_POINT
| HSM_PERM_SIGN_REMOTE_TX
| HSM_PERM_SIGN_ONCHAIN_TX
| HSM_PERM_SIGN_CLOSING_TX);
channel_set_owner(channel,
new_channel_subd(channel, ld,

View File

@ -20,7 +20,7 @@
#include <connectd/connectd_wiregen.h>
#include <errno.h>
#include <gossipd/gossipd_wiregen.h>
#include <hsmd/capabilities.h>
#include <hsmd/permissions.h>
#include <inttypes.h>
#include <lightningd/bitcoind.h>
#include <lightningd/chaintopology.h>
@ -379,8 +379,8 @@ void peer_start_closingd(struct channel *channel, struct peer_fd *peer_fd)
}
hsmfd = hsm_get_client_fd(ld, &channel->peer->id, channel->dbid,
HSM_CAP_SIGN_CLOSING_TX
| HSM_CAP_COMMITMENT_POINT);
HSM_PERM_SIGN_CLOSING_TX
| HSM_PERM_COMMITMENT_POINT);
channel_set_owner(channel,
new_channel_subd(channel, ld,

View File

@ -10,7 +10,7 @@
#include <common/type_to_string.h>
#include <connectd/connectd_wiregen.h>
#include <gossipd/gossipd_wiregen.h>
#include <hsmd/capabilities.h>
#include <hsmd/permissions.h>
#include <lightningd/channel.h>
#include <lightningd/connect_control.h>
#include <lightningd/dual_open_control.h>
@ -661,7 +661,7 @@ int connectd_init(struct lightningd *ld)
if (socketpair(AF_LOCAL, SOCK_STREAM, 0, fds) != 0)
fatal("Could not socketpair for connectd<->gossipd");
hsmfd = hsm_get_global_fd(ld, HSM_CAP_ECDH);
hsmfd = hsm_get_global_fd(ld, HSM_PERM_ECDH);
ld->connectd = new_global_subd(ld, "lightning_connectd",
connectd_wire_name, connectd_msg,

View File

@ -17,7 +17,7 @@
#include <common/wire_error.h>
#include <connectd/connectd_wiregen.h>
#include <errno.h>
#include <hsmd/capabilities.h>
#include <hsmd/permissions.h>
#include <lightningd/chaintopology.h>
#include <lightningd/channel.h>
#include <lightningd/channel_control.h>
@ -3695,9 +3695,9 @@ bool peer_start_dualopend(struct peer *peer,
const u8 *msg;
hsmfd = hsm_get_client_fd(peer->ld, &peer->id, channel->unsaved_dbid,
HSM_CAP_COMMITMENT_POINT
| HSM_CAP_SIGN_REMOTE_TX
| HSM_CAP_SIGN_WILL_FUND_OFFER);
HSM_PERM_COMMITMENT_POINT
| HSM_PERM_SIGN_REMOTE_TX
| HSM_PERM_SIGN_WILL_FUND_OFFER);
channel->owner = new_channel_subd(channel,
peer->ld,
@ -3767,9 +3767,9 @@ bool peer_restart_dualopend(struct peer *peer,
return peer_start_dualopend(peer, peer_fd, channel);
hsmfd = hsm_get_client_fd(peer->ld, &peer->id, channel->dbid,
HSM_CAP_COMMITMENT_POINT
| HSM_CAP_SIGN_REMOTE_TX
| HSM_CAP_SIGN_WILL_FUND_OFFER);
HSM_PERM_COMMITMENT_POINT
| HSM_PERM_SIGN_REMOTE_TX
| HSM_PERM_SIGN_WILL_FUND_OFFER);
channel_set_owner(channel,
new_channel_subd(channel, peer->ld,

View File

@ -7,7 +7,7 @@
#include <common/json_stream.h>
#include <common/type_to_string.h>
#include <gossipd/gossipd_wiregen.h>
#include <hsmd/capabilities.h>
#include <hsmd/permissions.h>
#include <lightningd/bitcoind.h>
#include <lightningd/chaintopology.h>
#include <lightningd/channel.h>
@ -270,7 +270,7 @@ void gossip_init(struct lightningd *ld, int connectd_fd)
int hsmfd;
void *ret;
hsmfd = hsm_get_global_fd(ld, HSM_CAP_ECDH|HSM_CAP_SIGN_GOSSIP);
hsmfd = hsm_get_global_fd(ld, HSM_PERM_ECDH|HSM_PERM_SIGN_GOSSIP);
ld->gossip = new_global_subd(ld, "lightning_gossipd",
gossipd_wire_name, gossip_msg,

View File

@ -24,12 +24,12 @@
static int hsm_get_fd(struct lightningd *ld,
const struct node_id *id,
u64 dbid,
int capabilities)
u64 permissions)
{
int hsm_fd;
const u8 *msg;
msg = towire_hsmd_client_hsmfd(NULL, id, dbid, capabilities);
msg = towire_hsmd_client_hsmfd(NULL, id, dbid, permissions);
msg = hsm_sync_req(tmpctx, ld, take(msg));
if (!fromwire_hsmd_client_hsmfd_reply(msg))
fatal("Bad reply from HSM: %s", tal_hex(tmpctx, msg));
@ -43,16 +43,16 @@ static int hsm_get_fd(struct lightningd *ld,
int hsm_get_client_fd(struct lightningd *ld,
const struct node_id *id,
u64 dbid,
int capabilities)
u64 permissions)
{
assert(dbid);
return hsm_get_fd(ld, id, dbid, capabilities);
return hsm_get_fd(ld, id, dbid, permissions);
}
int hsm_get_global_fd(struct lightningd *ld, int capabilities)
int hsm_get_global_fd(struct lightningd *ld, u64 permissions)
{
return hsm_get_fd(ld, &ld->id, 0, capabilities);
return hsm_get_fd(ld, &ld->id, 0, permissions);
}
static unsigned int hsm_msg(struct subd *hsmd,

View File

@ -11,10 +11,10 @@ struct ext_key;
int hsm_get_client_fd(struct lightningd *ld,
const struct node_id *id,
u64 dbid,
int capabilities);
u64 permissions);
/* Ask HSM for an fd for a global subdaemon to use (gossipd, connectd) */
int hsm_get_global_fd(struct lightningd *ld, int capabilities);
int hsm_get_global_fd(struct lightningd *ld, u64 permissions);
/* Is this capability supported by the HSM? (So far, always a message
* number) */

View File

@ -9,8 +9,8 @@
#include <common/type_to_string.h>
#include <db/exec.h>
#include <errno.h>
#include <hsmd/capabilities.h>
#include <hsmd/hsmd_wiregen.h>
#include <hsmd/permissions.h>
#include <inttypes.h>
#include <lightningd/chaintopology.h>
#include <lightningd/channel.h>
@ -1553,8 +1553,8 @@ enum watch_result onchaind_funding_spent(struct channel *channel,
hsmfd = hsm_get_client_fd(ld, &channel->peer->id,
channel->dbid,
HSM_CAP_SIGN_ONCHAIN_TX
| HSM_CAP_COMMITMENT_POINT);
HSM_PERM_SIGN_ONCHAIN_TX
| HSM_PERM_COMMITMENT_POINT);
channel_set_owner(channel, new_channel_subd(channel, ld,
"lightning_onchaind",

View File

@ -15,7 +15,7 @@
#include <common/type_to_string.h>
#include <connectd/connectd_wiregen.h>
#include <errno.h>
#include <hsmd/capabilities.h>
#include <hsmd/permissions.h>
#include <lightningd/chaintopology.h>
#include <lightningd/channel.h>
#include <lightningd/channel_control.h>
@ -933,8 +933,8 @@ bool peer_start_openingd(struct peer *peer, struct peer_fd *peer_fd)
assert(!uc->open_daemon);
hsmfd = hsm_get_client_fd(peer->ld, &uc->peer->id, uc->dbid,
HSM_CAP_COMMITMENT_POINT
| HSM_CAP_SIGN_REMOTE_TX);
HSM_PERM_COMMITMENT_POINT
| HSM_PERM_SIGN_REMOTE_TX);
uc->open_daemon = new_channel_subd(peer, peer->ld,
"lightning_openingd",