mirror of
https://github.com/ElementsProject/lightning.git
synced 2024-11-19 09:54:16 +01:00
5becfa6ee1
We had a scheme where lightningd itself would put a per-node secret in the blinded path, then we'd tell the caller when it was used. Then it simply checks the alias to determine if the correct path was used. But this doesn't work when we start to offer multiple blinded paths. So go for a far simpler scheme, where the secret is generated (and stored) by the caller, and hand it back to them. We keep the split "with secret" or "without secret" API, since I'm sure callers who don't care about the secret won't check that it doesn't exist! And without that, someone can use a blinded path for a different message and get a response which may reveal the node. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
12 KiB
12 KiB
| 1 | # Clients should not give a bad request but not the HSM's decision to crash. |
|---|---|
| 2 | msgtype,hsmstatus_client_bad_request,1000 |
| 3 | msgdata,hsmstatus_client_bad_request,id,node_id, |
| 4 | msgdata,hsmstatus_client_bad_request,description,wirestring, |
| 5 | msgdata,hsmstatus_client_bad_request,len,u16, |
| 6 | msgdata,hsmstatus_client_bad_request,msg,u8,len |
| 7 | #include <bitcoin/chainparams.h> |
| 8 | # Start the HSM. |
| 9 | msgtype,hsmd_init,11 |
| 10 | msgdata,hsmd_init,bip32_key_version,bip32_key_version, |
| 11 | msgdata,hsmd_init,chainparams,chainparams, |
| 12 | msgdata,hsmd_init,hsm_encryption_key,?secret, |
| 13 | msgdata,hsmd_init,dev_force_privkey,?privkey, |
| 14 | msgdata,hsmd_init,dev_force_bip32_seed,?secret, |
| 15 | msgdata,hsmd_init,dev_force_channel_secrets,?secrets, |
| 16 | msgdata,hsmd_init,dev_force_channel_secrets_shaseed,?sha256, |
| 17 | msgdata,hsmd_init,hsm_wire_min_version,u32, |
| 18 | msgdata,hsmd_init,hsm_wire_max_version,u32, |
| 19 | #include <common/bip32.h> |
| 20 | # DEPRECATED after v0.12, remove in two versions! |
| 21 | msgtype,hsmd_init_reply_v1,111 |
| 22 | msgdata,hsmd_init_reply_v1,node_id,node_id, |
| 23 | msgdata,hsmd_init_reply_v1,bip32,ext_key, |
| 24 | msgdata,hsmd_init_reply_v1,bolt12,u8,32 |
| 25 | msgdata,hsmd_init_reply_v1,onion_reply_secret,secret, |
| 26 | msgtype,hsmd_init_reply_v2,113 |
| 27 | msgdata,hsmd_init_reply_v2,node_id,node_id, |
| 28 | msgdata,hsmd_init_reply_v2,bip32,ext_key, |
| 29 | msgdata,hsmd_init_reply_v2,bolt12,pubkey, |
| 30 | # Declare a new channel. |
| 31 | msgtype,hsmd_new_channel,30 |
| 32 | msgdata,hsmd_new_channel,id,node_id, |
| 33 | msgdata,hsmd_new_channel,dbid,u64, |
| 34 | # No value returned. |
| 35 | msgtype,hsmd_new_channel_reply,130 |
| 36 | # Get a new HSM FD, with the specified capabilities |
| 37 | msgtype,hsmd_client_hsmfd,9 |
| 38 | # Which identity to use for requests |
| 39 | msgdata,hsmd_client_hsmfd,id,node_id, |
| 40 | # Database id for this client, if any. |
| 41 | msgdata,hsmd_client_hsmfd,dbid,u64, |
| 42 | msgdata,hsmd_client_hsmfd,capabilities,u64, |
| 43 | # No content, just an fd. |
| 44 | msgtype,hsmd_client_hsmfd_reply,109 |
| 45 | #include <common/derive_basepoints.h> |
| 46 | # Get the basepoints and funding key for this specific channel. |
| 47 | msgtype,hsmd_get_channel_basepoints,10 |
| 48 | msgdata,hsmd_get_channel_basepoints,peerid,node_id, |
| 49 | msgdata,hsmd_get_channel_basepoints,dbid,u64, |
| 50 | msgtype,hsmd_get_channel_basepoints_reply,110 |
| 51 | msgdata,hsmd_get_channel_basepoints_reply,basepoints,basepoints, |
| 52 | msgdata,hsmd_get_channel_basepoints_reply,funding_pubkey,pubkey, |
| 53 | #include <common/channel_type.h> |
| 54 | # Provide channel parameters. |
| 55 | msgtype,hsmd_ready_channel,31 |
| 56 | msgdata,hsmd_ready_channel,is_outbound,bool, |
| 57 | msgdata,hsmd_ready_channel,channel_value,amount_sat, |
| 58 | msgdata,hsmd_ready_channel,push_value,amount_msat, |
| 59 | msgdata,hsmd_ready_channel,funding_txid,bitcoin_txid, |
| 60 | msgdata,hsmd_ready_channel,funding_txout,u16, |
| 61 | msgdata,hsmd_ready_channel,local_to_self_delay,u16, |
| 62 | msgdata,hsmd_ready_channel,local_shutdown_script_len,u16, |
| 63 | msgdata,hsmd_ready_channel,local_shutdown_script,u8,local_shutdown_script_len |
| 64 | msgdata,hsmd_ready_channel,local_shutdown_wallet_index,?u32, |
| 65 | msgdata,hsmd_ready_channel,remote_basepoints,basepoints, |
| 66 | msgdata,hsmd_ready_channel,remote_funding_pubkey,pubkey, |
| 67 | msgdata,hsmd_ready_channel,remote_to_self_delay,u16, |
| 68 | msgdata,hsmd_ready_channel,remote_shutdown_script_len,u16, |
| 69 | msgdata,hsmd_ready_channel,remote_shutdown_script,u8,remote_shutdown_script_len |
| 70 | msgdata,hsmd_ready_channel,channel_type,channel_type, |
| 71 | # No value returned. |
| 72 | msgtype,hsmd_ready_channel_reply,131 |
| 73 | # Return signature for a funding tx. |
| 74 | #include <common/utxo.h> |
| 75 | # Master asks the HSM to sign a node_announcement |
| 76 | msgtype,hsmd_node_announcement_sig_req,6 |
| 77 | msgdata,hsmd_node_announcement_sig_req,annlen,u16, |
| 78 | msgdata,hsmd_node_announcement_sig_req,announcement,u8,annlen |
| 79 | msgtype,hsmd_node_announcement_sig_reply,106 |
| 80 | msgdata,hsmd_node_announcement_sig_reply,signature,secp256k1_ecdsa_signature, |
| 81 | # Sign a withdrawal request |
| 82 | #include <bitcoin/psbt.h> |
| 83 | msgtype,hsmd_sign_withdrawal,7 |
| 84 | msgdata,hsmd_sign_withdrawal,num_inputs,u16, |
| 85 | msgdata,hsmd_sign_withdrawal,inputs,utxo,num_inputs |
| 86 | msgdata,hsmd_sign_withdrawal,psbt,wally_psbt, |
| 87 | msgtype,hsmd_sign_withdrawal_reply,107 |
| 88 | msgdata,hsmd_sign_withdrawal_reply,psbt,wally_psbt, |
| 89 | # Sign an invoice |
| 90 | msgtype,hsmd_sign_invoice,8 |
| 91 | msgdata,hsmd_sign_invoice,len,u16, |
| 92 | msgdata,hsmd_sign_invoice,u5bytes,u8,len |
| 93 | msgdata,hsmd_sign_invoice,hrplen,u16, |
| 94 | msgdata,hsmd_sign_invoice,hrp,u8,hrplen |
| 95 | msgtype,hsmd_sign_invoice_reply,108 |
| 96 | msgdata,hsmd_sign_invoice_reply,sig,secp256k1_ecdsa_recoverable_signature, |
| 97 | # Give me ECDH(node-id-secret,point) |
| 98 | msgtype,hsmd_ecdh_req,1 |
| 99 | msgdata,hsmd_ecdh_req,point,pubkey, |
| 100 | msgtype,hsmd_ecdh_resp,100 |
| 101 | msgdata,hsmd_ecdh_resp,ss,secret, |
| 102 | msgtype,hsmd_cannouncement_sig_req,2 |
| 103 | msgdata,hsmd_cannouncement_sig_req,calen,u16, |
| 104 | msgdata,hsmd_cannouncement_sig_req,ca,u8,calen |
| 105 | msgtype,hsmd_cannouncement_sig_reply,102 |
| 106 | msgdata,hsmd_cannouncement_sig_reply,node_signature,secp256k1_ecdsa_signature, |
| 107 | msgdata,hsmd_cannouncement_sig_reply,bitcoin_signature,secp256k1_ecdsa_signature, |
| 108 | msgtype,hsmd_cupdate_sig_req,3 |
| 109 | msgdata,hsmd_cupdate_sig_req,culen,u16, |
| 110 | msgdata,hsmd_cupdate_sig_req,cu,u8,culen |
| 111 | msgtype,hsmd_cupdate_sig_reply,103 |
| 112 | msgdata,hsmd_cupdate_sig_reply,culen,u16, |
| 113 | msgdata,hsmd_cupdate_sig_reply,cu,u8,culen |
| 114 | # Master asks HSM to sign a commitment transaction. |
| 115 | msgtype,hsmd_sign_commitment_tx,5 |
| 116 | msgdata,hsmd_sign_commitment_tx,peer_id,node_id, |
| 117 | msgdata,hsmd_sign_commitment_tx,channel_dbid,u64, |
| 118 | msgdata,hsmd_sign_commitment_tx,tx,bitcoin_tx, |
| 119 | msgdata,hsmd_sign_commitment_tx,remote_funding_key,pubkey, |
| 120 | msgdata,hsmd_sign_commitment_tx,commit_num,u64, |
| 121 | msgtype,hsmd_sign_commitment_tx_reply,105 |
| 122 | msgdata,hsmd_sign_commitment_tx_reply,sig,bitcoin_signature, |
| 123 | # Validate the counterparty's commitment signatures. |
| 124 | msgtype,hsmd_validate_commitment_tx,35 |
| 125 | msgdata,hsmd_validate_commitment_tx,tx,bitcoin_tx, |
| 126 | msgdata,hsmd_validate_commitment_tx,num_htlcs,u16, |
| 127 | msgdata,hsmd_validate_commitment_tx,htlcs,simple_htlc,num_htlcs |
| 128 | msgdata,hsmd_validate_commitment_tx,commit_num,u64, |
| 129 | msgdata,hsmd_validate_commitment_tx,feerate,u32, |
| 130 | msgdata,hsmd_validate_commitment_tx,sig,bitcoin_signature, |
| 131 | msgdata,hsmd_validate_commitment_tx,num_htlc_sigs,u16, |
| 132 | msgdata,hsmd_validate_commitment_tx,htlc_sigs,bitcoin_signature,num_htlc_sigs |
| 133 | msgtype,hsmd_validate_commitment_tx_reply,135 |
| 134 | msgdata,hsmd_validate_commitment_tx_reply,old_commitment_secret,?secret, |
| 135 | msgdata,hsmd_validate_commitment_tx_reply,next_per_commitment_point,pubkey, |
| 136 | # Vaidate the counterparty's revocation secret |
| 137 | msgtype,hsmd_validate_revocation,36 |
| 138 | msgdata,hsmd_validate_revocation,revoke_num,u64, |
| 139 | msgdata,hsmd_validate_revocation,per_commitment_secret,secret, |
| 140 | # No value returned. |
| 141 | msgtype,hsmd_validate_revocation_reply,136 |
| 142 | # Onchaind asks HSM to sign a spend to-us. Four variants, since each set |
| 143 | # of keys is derived differently... |
| 144 | # FIXME: Have master tell hsmd the keyindex, so it can validate output! |
| 145 | msgtype,hsmd_sign_delayed_payment_to_us,12 |
| 146 | msgdata,hsmd_sign_delayed_payment_to_us,commit_num,u64, |
| 147 | msgdata,hsmd_sign_delayed_payment_to_us,tx,bitcoin_tx, |
| 148 | msgdata,hsmd_sign_delayed_payment_to_us,wscript_len,u16, |
| 149 | msgdata,hsmd_sign_delayed_payment_to_us,wscript,u8,wscript_len |
| 150 | msgtype,hsmd_sign_remote_htlc_to_us,13 |
| 151 | msgdata,hsmd_sign_remote_htlc_to_us,remote_per_commitment_point,pubkey, |
| 152 | msgdata,hsmd_sign_remote_htlc_to_us,tx,bitcoin_tx, |
| 153 | msgdata,hsmd_sign_remote_htlc_to_us,wscript_len,u16, |
| 154 | msgdata,hsmd_sign_remote_htlc_to_us,wscript,u8,wscript_len |
| 155 | msgdata,hsmd_sign_remote_htlc_to_us,option_anchor_outputs,bool, |
| 156 | msgtype,hsmd_sign_penalty_to_us,14 |
| 157 | msgdata,hsmd_sign_penalty_to_us,revocation_secret,secret, |
| 158 | msgdata,hsmd_sign_penalty_to_us,tx,bitcoin_tx, |
| 159 | msgdata,hsmd_sign_penalty_to_us,wscript_len,u16, |
| 160 | msgdata,hsmd_sign_penalty_to_us,wscript,u8,wscript_len |
| 161 | # Onchaind asks HSM to sign a local HTLC success or HTLC timeout tx. |
| 162 | msgtype,hsmd_sign_local_htlc_tx,16 |
| 163 | msgdata,hsmd_sign_local_htlc_tx,commit_num,u64, |
| 164 | msgdata,hsmd_sign_local_htlc_tx,tx,bitcoin_tx, |
| 165 | msgdata,hsmd_sign_local_htlc_tx,wscript_len,u16, |
| 166 | msgdata,hsmd_sign_local_htlc_tx,wscript,u8,wscript_len |
| 167 | msgdata,hsmd_sign_local_htlc_tx,option_anchor_outputs,bool, |
| 168 | # Openingd/channeld asks HSM to sign the other sides' commitment tx. |
| 169 | #include <common/htlc_wire.h> |
| 170 | msgtype,hsmd_sign_remote_commitment_tx,19 |
| 171 | msgdata,hsmd_sign_remote_commitment_tx,tx,bitcoin_tx, |
| 172 | msgdata,hsmd_sign_remote_commitment_tx,remote_funding_key,pubkey, |
| 173 | msgdata,hsmd_sign_remote_commitment_tx,remote_per_commit,pubkey, |
| 174 | msgdata,hsmd_sign_remote_commitment_tx,option_static_remotekey,bool, |
| 175 | msgdata,hsmd_sign_remote_commitment_tx,commit_num,u64, |
| 176 | msgdata,hsmd_sign_remote_commitment_tx,num_htlcs,u16, |
| 177 | msgdata,hsmd_sign_remote_commitment_tx,htlcs,simple_htlc,num_htlcs |
| 178 | msgdata,hsmd_sign_remote_commitment_tx,feerate,u32, |
| 179 | # channeld asks HSM to sign remote HTLC tx. |
| 180 | msgtype,hsmd_sign_remote_htlc_tx,20 |
| 181 | msgdata,hsmd_sign_remote_htlc_tx,tx,bitcoin_tx, |
| 182 | msgdata,hsmd_sign_remote_htlc_tx,len,u16, |
| 183 | msgdata,hsmd_sign_remote_htlc_tx,wscript,u8,len |
| 184 | msgdata,hsmd_sign_remote_htlc_tx,remote_per_commit_point,pubkey, |
| 185 | msgdata,hsmd_sign_remote_htlc_tx,option_anchor_outputs,bool, |
| 186 | # closingd asks HSM to sign mutual close tx. |
| 187 | msgtype,hsmd_sign_mutual_close_tx,21 |
| 188 | msgdata,hsmd_sign_mutual_close_tx,tx,bitcoin_tx, |
| 189 | msgdata,hsmd_sign_mutual_close_tx,remote_funding_key,pubkey, |
| 190 | # Reply for all the above requests. |
| 191 | msgtype,hsmd_sign_tx_reply,112 |
| 192 | msgdata,hsmd_sign_tx_reply,sig,bitcoin_signature, |
| 193 | # Openingd/channeld/onchaind asks for Nth per_commitment_point, if > 2, gets N-2 secret. |
| 194 | msgtype,hsmd_get_per_commitment_point,18 |
| 195 | msgdata,hsmd_get_per_commitment_point,n,u64, |
| 196 | msgtype,hsmd_get_per_commitment_point_reply,118 |
| 197 | msgdata,hsmd_get_per_commitment_point_reply,per_commitment_point,pubkey, |
| 198 | msgdata,hsmd_get_per_commitment_point_reply,old_commitment_secret,?secret, |
| 199 | # master -> hsmd: do you have a memleak? |
| 200 | msgtype,hsmd_dev_memleak,33 |
| 201 | msgtype,hsmd_dev_memleak_reply,133 |
| 202 | msgdata,hsmd_dev_memleak_reply,leak,bool, |
| 203 | # channeld asks to check if claimed future commitment_secret is correct. |
| 204 | msgtype,hsmd_check_future_secret,22 |
| 205 | msgdata,hsmd_check_future_secret,n,u64, |
| 206 | msgdata,hsmd_check_future_secret,commitment_secret,secret, |
| 207 | msgtype,hsmd_check_future_secret_reply,122 |
| 208 | msgdata,hsmd_check_future_secret_reply,correct,bool, |
| 209 | # lightningd asks us to sign a string. |
| 210 | msgtype,hsmd_sign_message,23 |
| 211 | msgdata,hsmd_sign_message,len,u16, |
| 212 | msgdata,hsmd_sign_message,msg,u8,len |
| 213 | msgtype,hsmd_sign_message_reply,123 |
| 214 | msgdata,hsmd_sign_message_reply,sig,secp256k1_ecdsa_recoverable_signature, |
| 215 | # lightningd needs to get a scriptPubkey for a utxo with closeinfo |
| 216 | msgtype,hsmd_get_output_scriptpubkey,24 |
| 217 | msgdata,hsmd_get_output_scriptpubkey,channel_id,u64, |
| 218 | msgdata,hsmd_get_output_scriptpubkey,peer_id,node_id, |
| 219 | msgdata,hsmd_get_output_scriptpubkey,commitment_point,?pubkey, |
| 220 | msgtype,hsmd_get_output_scriptpubkey_reply,124 |
| 221 | msgdata,hsmd_get_output_scriptpubkey_reply,script_len,u16, |
| 222 | msgdata,hsmd_get_output_scriptpubkey_reply,script,u8,script_len |
| 223 | # Sign a bolt12-style merkle hash |
| 224 | msgtype,hsmd_sign_bolt12,25 |
| 225 | msgdata,hsmd_sign_bolt12,messagename,wirestring, |
| 226 | msgdata,hsmd_sign_bolt12,fieldname,wirestring, |
| 227 | msgdata,hsmd_sign_bolt12,merkleroot,sha256, |
| 228 | # This is for invreq payer_id (temporary keys) |
| 229 | msgdata,hsmd_sign_bolt12,publictweaklen,u16, |
| 230 | msgdata,hsmd_sign_bolt12,publictweak,u8,publictweaklen |
| 231 | msgtype,hsmd_sign_bolt12_reply,125 |
| 232 | msgdata,hsmd_sign_bolt12_reply,sig,bip340sig, |
| 233 | # Sign an option_will_fund offer hash |
| 234 | msgtype,hsmd_sign_option_will_fund_offer,26 |
| 235 | msgdata,hsmd_sign_option_will_fund_offer,funding_pubkey,pubkey, |
| 236 | msgdata,hsmd_sign_option_will_fund_offer,blockheight,u32, |
| 237 | msgdata,hsmd_sign_option_will_fund_offer,channel_fee_base_max_msat,u32, |
| 238 | msgdata,hsmd_sign_option_will_fund_offer,channel_fee_proportional_basis_max,u16, |
| 239 | msgtype,hsmd_sign_option_will_fund_offer_reply,126 |
| 240 | msgdata,hsmd_sign_option_will_fund_offer_reply,rsig,secp256k1_ecdsa_signature, |
| 241 | # Derive pseudorandom secret |
| 242 | msgtype,hsmd_derive_secret,27 |
| 243 | msgdata,hsmd_derive_secret,len,u16, |
| 244 | msgdata,hsmd_derive_secret,info,u8,len |
| 245 | # Reply with the derived secret |
| 246 | msgtype,hsmd_derive_secret_reply,127 |
| 247 | msgdata,hsmd_derive_secret_reply,secret,secret, |