Commit Graph

139 Commits

Author SHA1 Message Date
adi2011
64c03f8990 hsmd: Create derive_secret and makesecret RPC for deriving pseudorandom keys from HSM 2022-07-14 12:24:48 -05:00
Dustin Dettmer
49c6459148 Update hsm error formatting.
Changelog-None
2022-06-24 13:57:17 +09:30
Rusty Russell
836c1b805b doc: update c-lightning to Core Lightning almost everywhere.
Mostly comments and docs: some places are actually paths, which
I have avoided changing.  We may migrate them slowly, particularly
when they're user-visible.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-04-07 06:53:26 +09:30
Ken Sedgwick
8994b8dade hsmd: Add validate_commitment_tx 2022-03-20 13:06:16 +10:30
Rusty Russell
6c8ea95f6e hsmd: remove unnecessary memleak_remove_region.
The current client is in dbid_zero_clients (i.e. it's lightningd).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-02-27 07:44:26 +10:30
Matt Whitlock
ec6d91fd54 hsmd: don't leak message buffers
client_read_next(…) calls io_read_wire(…), passing &c->msg_in as the
address of a pointer that will be set to the address of the buffer that
io_read_wire_(…) will allocate, and passing c (a pointer to the struct
client instance) as the parent for the new allocation. As long as the
struct client instance eventually gets freed, the allocated message
buffer will be freed too, so there is no "leak" in the strict sense of
the term, but the freeing of the buffer may not occur for an arbitrarily
long time after the buffer has become disused, and indeed many millions
of message buffers may be allocated within the lifetime of one struct
client instance.

handle_client(…) ultimately hands off the c->msg_in to one of several
message-type-specific handler functions, and those functions are not
TAKES or STEALS on their message buffer parameters and do not free their
message buffer arguments. Consequently, each successive call to
client_read_next(…) will cause io_read_wire_(…) to overwrite the
c->msg_in pointer with the address of a newly allocated message buffer,
and the old buffer will be left dangling off of the struct client
instance indefinitely.

Fix this by initializing c->msg_in to NULL in new_client(…) and then
having client_read_next(…) do `c->msg_in = tal_free(c->msg_in)` prior to
calling io_read_wire(…). That way, the previous message buffer will be
freed just before beginning to read the next message. The same strategy
is already employed in common/daemon_conn.c, albeit without nulling out
dc->msg_in after freeing it.

Fixes: #5035
Changelog-Fixed: hsmd: Fixed a significant memory leak
2022-02-26 11:15:22 +10:30
Rusty Russell
6115ed02e8 subdaemons: don't stream gossip_store at all.
We now let gossipd do it.

This also means there's nothing left in 'struct per_peer_state' to
send across the wire (the fds are sent separately), so that gets
removed from wire messages too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-01-20 15:24:06 +10:30
Rusty Russell
7a514112ec connectd: do dev_disconnect logic.
As connectd handles more packets itself, or diverts them to/from gossipd,
it's the only place we can implement the dev_disconnect logic.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-01-20 15:24:06 +10:30
Ken Sedgwick
335ef3fb69 hsmd: Add hsmd_ready_channel 2021-12-14 11:24:52 +10:30
Ken Sedgwick
bb574be839 hsmd: Add hsmd_new_channel 2021-12-14 11:24:52 +10:30
Ken Sedgwick
fe9f426e07 hsmd: Add hsmd_validate_revocation. 2021-12-14 11:03:13 +10:30
Rusty Russell
4ffda340d3 check: make sure all files outside contrib/ include "config.h" first.
And turn "" includes into full-path (which makes it easier to put
config.h first, and finds some cases check-includes.sh missed
previously).

config.h sets _GNU_SOURCE which really needs to be done before any
'#includes': we mainly got away with it with glibc, but other platforms
like Alpine may have stricter requirements.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-12-06 10:05:39 +10:30
Christian Decker
91497b7ee5 hsmd: Remove duplicate status message for incoming messages 2021-09-22 09:08:48 +09:30
Rusty Russell
7401b26824 cleanup: remove unneeded includes in C files.
Before:
 Ten builds, laptop -j5, no ccache:

```
real	0m36.686000-38.956000(38.608+/-0.65)s
user	2m32.864000-42.253000(40.7545+/-2.7)s
sys	0m16.618000-18.316000(17.8531+/-0.48)s
```

 Ten builds, laptop -j5, ccache (warm):

```
real	0m8.212000-8.577000(8.39989+/-0.13)s
user	0m12.731000-13.212000(12.9751+/-0.17)s
sys	0m3.697000-3.902000(3.83722+/-0.064)s
```

After:
 Ten builds, laptop -j5, no ccache: 8% faster

```
real	0m33.802000-35.773000(35.468+/-0.54)s
user	2m19.073000-27.754000(26.2542+/-2.3)s
sys	0m15.784000-17.173000(16.7165+/-0.37)s
```

 Ten builds, laptop -j5, ccache (warm): 1% faster

```
real	0m8.200000-8.485000(8.30138+/-0.097)s
user	0m12.485000-13.100000(12.7344+/-0.19)s
sys	0m3.702000-3.889000(3.78787+/-0.056)s
```

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-09-17 09:43:22 +09:30
Rusty Russell
ea30c34d82 cleanup: remove unneeded includes in header files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-09-17 09:43:22 +09:30
Rusty Russell
a5fee67b91 common/memleak: take over dump_memleak(), allow print pointer.
This will let plugins use it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-09-08 19:11:47 +02:00
niftynei
3a7b3762a1 hsmd: method to sign liquidity ad offer
When we accept a bid to create a channel lease, we send back a signature
committing to our max channel lease amounts.
2021-07-20 13:28:38 -04:00
Christian Decker
96acafcef3 libhsmd: Prefix check_client_capabilities
I wante to hide it inside the library, but it is good to have a single
place to verify that the client was permitted to send a message we are
handling, so make it officially part of the interface by prefixing it.
2021-05-04 11:18:52 +09:30
Christian Decker
fb2b107bef libhsmd: Cleanup the bip32_key_version 2021-05-04 11:18:52 +09:30
Christian Decker
4d43e84afd libhsmd: Finalize encapsulation of hsmd data in libhsmd
Changelog-Added: libhsmd: Extracted the `hsmd` logic into its own library for other projects to use
2021-05-04 11:18:52 +09:30
Christian Decker
c9e9581b35 libhsmd: Migrate bolt12 initialization into hsmd_init 2021-05-04 11:18:52 +09:30
Christian Decker
d30392c432 libhsmd: Start migrating initialization to hsmd_init 2021-05-04 11:18:52 +09:30
Christian Decker
befa7fb9f0 libhsmd: Clean up includes in hsmd.c 2021-05-04 11:18:52 +09:30
Christian Decker
1efa792edc libhsmd: Migrate handle_sign_delayer_payment_to_us 2021-05-04 11:18:52 +09:30
Christian Decker
fe82181fe3 libhsmd: Migrate handle_sign_remote_htlc_to_us 2021-05-04 11:18:52 +09:30
Christian Decker
e643594104 libhsmd: handle_sign_commitment_tx 2021-05-04 11:18:52 +09:30
Christian Decker
4764ebd879 libhsmd: Migrate handle_sign_penalty_to_us 2021-05-04 11:18:52 +09:30
Christian Decker
bee7a65170 libhsmd: Migrate handle_sign_remote_commitment_tx 2021-05-04 11:18:52 +09:30
Christian Decker
c2d035d377 libhsmd: Migrate handle_sign_remote_htlc_tx 2021-05-04 11:18:52 +09:30
Christian Decker
7b2c6ec4d3 libhsmd: Migrate handle_sign_local_htlc_tx 2021-05-04 11:18:52 +09:30
Christian Decker
cd8fb641cf libhsmd: Migrate handle_sign_mutual_tx 2021-05-04 11:18:52 +09:30
Christian Decker
9aa4b5198d libhsmd: Migrate handle_sign_withdrawal_tx 2021-05-04 11:18:52 +09:30
Christian Decker
e7007a7f36 libhsmd: Migrate handle_get_per_commitment_point 2021-05-04 11:18:52 +09:30
Christian Decker
eab4aeaed3 libhsmd: Migrate handle_channel_update_sig 2021-05-04 11:18:52 +09:30
Christian Decker
166f0ade04 libhsmd: Migrate handle_sign_node_announcement 2021-05-04 11:18:52 +09:30
Christian Decker
4a3f24a737 libhsmd: Migrate handle_cannouncement_sig 2021-05-04 11:18:52 +09:30
Christian Decker
e9cc8644b6 libhsmd: Migrate handle_get_output_scriptpubkey 2021-05-04 11:18:52 +09:30
Christian Decker
ec5d40c0e7 libhsmd: Migrate handle_check_future_secret 2021-05-04 11:18:52 +09:30
Christian Decker
0e61ed32e3 libhsmd: Migrate handle_ecdh 2021-05-04 11:18:52 +09:30
Christian Decker
d1b3a5b1aa libhsmd: Migrate handle_get_channel_basepoints 2021-05-04 11:18:52 +09:30
Christian Decker
2cb25a16e0 libhsmd: Migrate handle_sign_invoice 2021-05-04 11:18:52 +09:30
Christian Decker
79ec4b4808 libhsmd: Migrate handle_sign_bolt12 2021-05-04 11:18:52 +09:30
Christian Decker
3d959e128d libhsmd: Add dispatcher function 2021-05-04 11:18:52 +09:30
Christian Decker
ac836bbd1b libhsmd: Add status functions to report to whoever is listening
These are currently just shims that replicate the old behavior, but
when compiling as a library we can relink the status_* functions to
something that makes sense in the context of the user, and not assume
we're running as a subdaemon.
2021-05-04 11:18:52 +09:30
Christian Decker
b5a2ddd384 libhsmd: Migrate check_client_capabilities to libhsmd 2021-05-04 11:18:52 +09:30
Christian Decker
ed4676bea8 libhsmd: Add scaffolding to start separating hsmd from io logic 2021-05-04 11:18:52 +09:30
Rusty Russell
9dbac21d3b doc: remove suffix for included-in-master BOLTs.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-04-07 14:34:39 +09:30
Christian Decker
65bf347ad3 hsmd: Ensure the hsmd is initialized before anything else is called
Just a security measure to avoid alternative use-cases of the hsmd
running into the issue that they need to send a `WIRE_HSMD_INIT`
message as first message. If that is not done, the `secretstuff` won't
get initialized and we'd be producing signatures from uninitialized
memory, which are completely useless.

Changelog-None: Internal change only
2021-03-09 14:40:02 +10:30
Rusty Russell
001b5d6416 offers: make it a runtime option.
The fetchinvoice and offers plugins disable themselves if the option
isn't enabled (it's enabled by default on EXPERIMENTAL_FEATURES).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Changelog-Added: `experimental-offers` enables fetch, payment and creation of (early draft) offers.
2021-01-13 14:45:36 +01:00
Antoine Poinsot
45bb1bfa3c hsmd: cleanup encrypted hsm_secret detection
This makes use of the constant defined in the previous commits to more
accurately detect plaintext, encrypted, and invalid seeds. We now error
on invalid seeds.

Changelog-changed: hsmd: we now error at startup on invalid hsm_secret
Changelog-changed: hsmtool: all commands now error on invalid hsm_secret
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
2021-01-06 13:50:01 +01:00