mirror of
https://github.com/ElementsProject/lightning.git
synced 2025-03-15 20:09:18 +01:00
hsmd: Add hsmd_validate_revocation.
This commit is contained in:
parent
405239e353
commit
fe9f426e07
4 changed files with 46 additions and 0 deletions
|
@ -1785,6 +1785,7 @@ static void handle_peer_revoke_and_ack(struct peer *peer, const u8 *msg)
|
|||
struct secret old_commit_secret;
|
||||
struct privkey privkey;
|
||||
struct channel_id channel_id;
|
||||
const u8 *revocation_msg;
|
||||
struct pubkey per_commit_point, next_per_commit;
|
||||
const struct htlc **changed_htlcs = tal_arr(msg, const struct htlc *, 0);
|
||||
|
||||
|
@ -1799,6 +1800,19 @@ static void handle_peer_revoke_and_ack(struct peer *peer, const u8 *msg)
|
|||
"Unexpected revoke_and_ack");
|
||||
}
|
||||
|
||||
/* Submit the old revocation secret to the signer so it can
|
||||
* independently verify that the latest state is commited. It
|
||||
* is also validated in this routine after the signer returns.
|
||||
*/
|
||||
revocation_msg = towire_hsmd_validate_revocation(tmpctx,
|
||||
peer->next_index[REMOTE] - 2,
|
||||
&old_commit_secret);
|
||||
revocation_msg = hsm_req(tmpctx, take(revocation_msg));
|
||||
if (!fromwire_hsmd_validate_revocation_reply(revocation_msg))
|
||||
status_failed(STATUS_FAIL_HSM_IO,
|
||||
"Bad hsmd_validate_revocation_reply: %s",
|
||||
tal_hex(tmpctx, revocation_msg));
|
||||
|
||||
/* BOLT #2:
|
||||
*
|
||||
* A receiving node:
|
||||
|
|
|
@ -641,6 +641,7 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
|
|||
#endif /* DEVELOPER */
|
||||
|
||||
case WIRE_HSMD_SIGN_COMMITMENT_TX:
|
||||
case WIRE_HSMD_VALIDATE_REVOCATION:
|
||||
case WIRE_HSMD_SIGN_PENALTY_TO_US:
|
||||
case WIRE_HSMD_SIGN_REMOTE_COMMITMENT_TX:
|
||||
case WIRE_HSMD_SIGN_REMOTE_HTLC_TX:
|
||||
|
@ -676,6 +677,7 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
|
|||
case WIRE_HSMD_INIT_REPLY:
|
||||
case WIRE_HSMSTATUS_CLIENT_BAD_REQUEST:
|
||||
case WIRE_HSMD_SIGN_COMMITMENT_TX_REPLY:
|
||||
case WIRE_HSMD_VALIDATE_REVOCATION_REPLY:
|
||||
case WIRE_HSMD_SIGN_TX_REPLY:
|
||||
case WIRE_HSMD_SIGN_OPTION_WILL_FUND_OFFER_REPLY:
|
||||
case WIRE_HSMD_GET_PER_COMMITMENT_POINT_REPLY:
|
||||
|
|
|
@ -107,6 +107,14 @@ msgdata,hsmd_sign_commitment_tx,remote_funding_key,pubkey,
|
|||
msgtype,hsmd_sign_commitment_tx_reply,105
|
||||
msgdata,hsmd_sign_commitment_tx_reply,sig,bitcoin_signature,
|
||||
|
||||
# Vaidate the counterparty's revocation secret
|
||||
msgtype,hsmd_validate_revocation,36
|
||||
msgdata,hsmd_validate_revocation,revoke_num,u64,
|
||||
msgdata,hsmd_validate_revocation,per_commitment_secret,secret,
|
||||
|
||||
# No value returned.
|
||||
msgtype,hsmd_validate_revocation_reply,136
|
||||
|
||||
# Onchaind asks HSM to sign a spend to-us. Four variants, since each set
|
||||
# of keys is derived differently...
|
||||
# FIXME: Have master tell hsmd the keyindex, so it can validate output!
|
||||
|
|
|
|
@ -95,6 +95,7 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
|
|||
|
||||
case WIRE_HSMD_SIGN_REMOTE_COMMITMENT_TX:
|
||||
case WIRE_HSMD_SIGN_REMOTE_HTLC_TX:
|
||||
case WIRE_HSMD_VALIDATE_REVOCATION:
|
||||
return (client->capabilities & HSM_CAP_SIGN_REMOTE_TX) != 0;
|
||||
|
||||
case WIRE_HSMD_SIGN_MUTUAL_CLOSE_TX:
|
||||
|
@ -128,6 +129,7 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
|
|||
case WIRE_HSMD_INIT_REPLY:
|
||||
case WIRE_HSMSTATUS_CLIENT_BAD_REQUEST:
|
||||
case WIRE_HSMD_SIGN_COMMITMENT_TX_REPLY:
|
||||
case WIRE_HSMD_VALIDATE_REVOCATION_REPLY:
|
||||
case WIRE_HSMD_SIGN_TX_REPLY:
|
||||
case WIRE_HSMD_SIGN_OPTION_WILL_FUND_OFFER_REPLY:
|
||||
case WIRE_HSMD_GET_PER_COMMITMENT_POINT_REPLY:
|
||||
|
@ -1258,6 +1260,23 @@ static u8 *handle_sign_commitment_tx(struct hsmd_client *c, const u8 *msg_in)
|
|||
return towire_hsmd_sign_commitment_tx_reply(NULL, &sig);
|
||||
}
|
||||
|
||||
/* This stub implementation is overriden by fully validating signers
|
||||
* that need to independently verify that the latest state is
|
||||
* commited. */
|
||||
static u8 *handle_validate_revocation(struct hsmd_client *c, const u8 *msg_in)
|
||||
{
|
||||
u64 revoke_num;
|
||||
struct secret old_secret;
|
||||
|
||||
if (!fromwire_hsmd_validate_revocation(msg_in,
|
||||
&revoke_num, &old_secret))
|
||||
return hsmd_status_malformed_request(c, msg_in);
|
||||
|
||||
/* Stub implementation, relies on validation in channeld. */
|
||||
|
||||
return towire_hsmd_validate_revocation_reply(NULL);
|
||||
}
|
||||
|
||||
/*~ This is used when a commitment transaction is onchain, and has an HTLC
|
||||
* output paying to us (because we have the preimage); this signs that
|
||||
* transaction, which lightningd will broadcast to collect the funds. */
|
||||
|
@ -1431,6 +1450,8 @@ u8 *hsmd_handle_client_message(const tal_t *ctx, struct hsmd_client *client,
|
|||
return handle_sign_penalty_to_us(client, msg);
|
||||
case WIRE_HSMD_SIGN_COMMITMENT_TX:
|
||||
return handle_sign_commitment_tx(client, msg);
|
||||
case WIRE_HSMD_VALIDATE_REVOCATION:
|
||||
return handle_validate_revocation(client, msg);
|
||||
case WIRE_HSMD_SIGN_REMOTE_HTLC_TO_US:
|
||||
return handle_sign_remote_htlc_to_us(client, msg);
|
||||
case WIRE_HSMD_SIGN_DELAYED_PAYMENT_TO_US:
|
||||
|
@ -1447,6 +1468,7 @@ u8 *hsmd_handle_client_message(const tal_t *ctx, struct hsmd_client *client,
|
|||
case WIRE_HSMD_INIT_REPLY:
|
||||
case WIRE_HSMSTATUS_CLIENT_BAD_REQUEST:
|
||||
case WIRE_HSMD_SIGN_COMMITMENT_TX_REPLY:
|
||||
case WIRE_HSMD_VALIDATE_REVOCATION_REPLY:
|
||||
case WIRE_HSMD_SIGN_TX_REPLY:
|
||||
case WIRE_HSMD_SIGN_OPTION_WILL_FUND_OFFER_REPLY:
|
||||
case WIRE_HSMD_GET_PER_COMMITMENT_POINT_REPLY:
|
||||
|
|
Loading…
Add table
Reference in a new issue