Commit Graph

26 Commits

Author SHA1 Message Date
Rusty Russell
e8a38f111d hsmd: create an hsm variant to sign a bolt12 invoice using a tweak on our key.
The current interface, if given a tweak, uses a *different secret key*
and tweaks it.  This was an early experiment: we will switch to using
a secret tweak for invoice_requests like we do for invoice path ids.

To make sure there's no funny business, *hsmd* hashes to form the
tweak (i.e. no zero tweaks!).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-08-01 12:31:48 +09:30
Ken Sedgwick
eda0b28cbb hsmd: HSM_VERSION 6: get_per_commitment_point never returns secret
Changelog-Changed: hsmd: HSM_VERSION 6: get_per_commitment_point does
not imply index - 2 is revoked, makes it safe to call on any index.
2024-05-14 10:39:12 -05:00
Rusty Russell
6ea95da342 hsmd: add variant of preapprove commands to have it check only, not do anything.
Apparently VLS actually does something when we preapprove: if caller is just
checking we want to tell it not to do that!

I put in a flag so we can test both old and new APIs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-05-06 20:51:19 -05:00
Rusty Russell
33cfef84d8 hsmd: add preinit message to set HSM dev flags.
This should make VLS's life easier: they can ignore dev flags they
don't understand, but we will know their capabilites after init and so
know what they didn't understand (if required).

The only flag for now is a flag to force failure for "preapprove" calls.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-05-06 20:51:19 -05:00
Vincenzo Palazzo
af41cd5192 hsmd: remove deprecated init v2
Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>
2024-02-27 14:04:44 +01:00
Vincenzo Palazzo
ef40b2face hsmd: increase the min version
Increasing the min version of the hsmd due that we
added new code that required the hsmd to sign an announcements.

One of the solution is to increase the min version in this way
a signer like VLS fails directly during the init phase.

Link: https://github.com/ElementsProject/lightning/issues/7074
Changelog-None: hsmd: increase the min version
Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>
2024-02-27 14:04:44 +01:00
Rusty Russell
ad4a8a510d hsmd: add command to allow lightningd to sign channel announcement.
Before this it was channeld doing it, which was tied to a particular
channel.  Create an API for lightningd to sign for any channel.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-01-31 14:47:33 +10:30
Devrandom
e6c7b58a8a hsmd: separate revoke_commitment_tx
ChangeLog-Added: Added hsmd_revoke_commitment_tx to ensure synchronization of local state with remote signers.
2024-01-29 12:02:37 +10:30
Ken Sedgwick
e9ff50df96 hsmd: Implement hsmd_forget_channel for Channel Deletion in HSMD
Changelog-Added: hsmd: Added hsmd_forget_channel to enable explicit channel deletion. ([#6987])

Motivation: Previously, a signer prematurely forgetting a channel led
to failures in unresolved channel requests. This update introduces
hsmd_forget_channel, allowing nodes to explicitly notify signers when
a channel is irrevocably resolved and can be safely forgotten. This
ensures synchronized channel cleanup between nodes and signers.

This change maintains backward and forward compatibility. Nodes
explicitly check whether a signer has `WIRE_HSMD_FORGET_CHANNEL`
capability before sending the message.  Nodes without
`WIRE_HSMD_FORGET_CHANNEL` capability won't send this message. Signers
capable of handling this message but not receiving it will continue to
use conservative pruning methods.

Fixes #6987
2024-01-17 13:34:20 +01:00
Ken Sedgwick
485cabb25e splice: Add hsmd_check_outpoint and hsmd_lock_outpoint
In general, a validating signer may be under a different operational
environment than the node, and therefore may have a different
source of on-chain data. The signer may therefore temporarily disagree
on whether a funding or splice transaction is locked (buried).

We would like to ensure agreement between the signer and the
node on how to progress a channel's state.

The following message are added to provide a solution:

- `check_outpoint(outpoint) -> bool` - check if the signer agrees that a funding candidate outpoint is buried
- `lock_outpoint(outpoint)` - change the funding/splice state to locked

Link: https://github.com/ElementsProject/lightning/issues/6722
Suggested-by: @devrandom
Co-Developed-by: Ken Sedgwick <ken@bonsai.com>
Changelog-Added: hsmd protocol: Added hsmd_check_outpoint and hsmd_lock_outpoint
Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>
2023-10-26 16:42:47 +10:30
Vincenzo Palazzo
f4bf89b315 hsmd: name the hsmd_ready_channel to hsmd_setup_channel
Originally VLS used hsmd_ready_channel as an early call during channel
setup, but later the BOLT-2 spec changed the name of funding_locked to channel_ready.

This is very confusing because the hsmd_ready_channel is not directly
related to the new channel_ready.

This commit is renaming the hsmd_ready_channel to hsmd_setup_channel.

Link: https://github.com/ElementsProject/lightning/issues/6717
Suggested-by: Ken Sedgwick
Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>
2023-10-23 16:04:30 +10:30
Rusty Russell
d95cfc0b64 hsmd: rename "capabilities" flags for hsm fds to "permissions"
I obviously like the word "capabilities" since I reused it to refer
to the HSM's overall features :(

Suggested-by: @ksedgwic
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2023-08-08 14:31:47 +09:30
Dusty Daemon
eda570c095 hsmd: Add sign splice command
Changelog-None
2023-07-31 21:00:22 +09:30
Rusty Russell
662b2687e2 hsmd: routine to sign HTLC tx merged with our own tx.
Since HTLC txs when using anchors are
SIGHASH_SINGLE|SIGHASH_ANYONECANPAY, we can attach other inputs to
give it a higher feerate.  But we need the HSMd to actually sign the
combo.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2023-06-29 11:28:47 -04:00
Rusty Russell
c2dffcab0f hsmd: command to sign anchor spends.
This is kind of a withdrawl to ourselves, except we also spend a
channel to-local anchor.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2023-06-29 11:28:47 -04:00
Rusty Russell
87264540c3 hsmd: add support for lightningd signing onchain txs.
We previously used WIRE_HSMD_SIGN_DELAYED_PAYMENT_TO_US,
WIRE_HSMD_SIGN_REMOTE_HTLC_TO_US, WIRE_HSMD_SIGN_PENALTY_TO_US and
WIRE_HSMD_SIGN_LOCAL_HTLC_TX which allow onchaind to sign txs,
but only for its specific channel.

We now want lightningd to sign these, but it's not bound to a specific
channel.  So let's add variants that don't require that.

We are also now explicit about *what input* to sign.  It's always zero
for now, but future combinations may change that.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2023-04-07 11:49:09 +09:30
Rusty Russell
91a9cf3512 hsmd: capability addition: ability to check pubkeys.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2023-03-22 13:50:32 +10:30
Rusty Russell
e02f5f5bb8 hsmd: new version, which tells us the HSM version, and capabilities.
Importantly, adds the version number at the *front* to help future
parsing.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>


Header from folded patch 'fix-hsm-check-pubkey.patch':

fixup! hsmd: capability addition: ability to check pubkeys.
2023-03-22 13:50:32 +10:30
Rusty Russell
21a1b4e6aa common: update HSM_MIN_VERSION to reflect reality.
We were handing 3 to hsmd (and Ken added that in 7b2c5617c1,
so I guess he's OK with that being the minimum supported version!).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2023-03-22 13:50:32 +10:30
Rusty Russell
1c4f6ab2c5 hsmd: deprecate reply_v1.
We promised two versions after v0.12, and here we are.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2023-03-18 15:55:49 +10:30
Rusty Russell
fd04f46a92 common/hsm_version: list sha256 for every known version.
Makes it easier when we remove support for a version.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2023-03-18 15:55:49 +10:30
Ken Sedgwick
7b2c5617c1 hsmd: increase HSM_MAX_VERSION to 3 2023-01-26 21:10:15 -06:00
Rusty Russell
5becfa6ee1 onion_message: don't use general secret, use per-message secret.
We had a scheme where lightningd itself would put a per-node secret in
the blinded path, then we'd tell the caller when it was used.  Then it
simply checks the alias to determine if the correct path was used.

But this doesn't work when we start to offer multiple blinded paths.
So go for a far simpler scheme, where the secret is generated (and
stored) by the caller, and hand it back to them.

We keep the split "with secret" or "without secret" API, since I'm
sure callers who don't care about the secret won't check that it
doesn't exist!  And without that, someone can use a blinded path for a
different message and get a response which may reveal the node.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-11-09 15:08:03 +01:00
Rusty Russell
4e39b3ff3d hsmd: don't use point32 for bolt12, but use pubkeys (though still always 02)
This is the one place where we hand point32 over the wire internally, so
remove it.

This is also our first hsm version change!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-10-26 11:29:06 +10:30
Rusty Russell
987adb9718 Makefile: check that hsm_version.h changes if wire/hsmd_wire.csv contents does
Otherwise I know we'll miss it.  Simply check for a mention: we could well
change things multiple times within a single release.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-10-26 11:29:06 +10:30
Rusty Russell
fee9a7ce04 hsmd: introduce a simple API versioning scheme.
With the rise of external HSMs like VLS, this is no longer an
internal-only API.  Fortunately, it doesn't change very fast so
maintenance should not be a huge burden.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-10-26 11:29:06 +10:30