lightning-signer · ksedgwic · May 22, 2020
diff --git a/hsmd/hsm_wire.csv b/hsmd/hsm_wire.csv
@@ -21,6 +21,16 @@ msgtype,hsm_init_reply,111
 msgdata,hsm_init_reply,node_id,node_id,
 msgdata,hsm_init_reply,bip32,ext_key,
 
+# Declare a new channel.
+msgtype,hsm_new_channel,25
+# Which identity to use for requests
+msgdata,hsm_new_channel,id,node_id,
+# Database id for this client.
+msgdata,hsm_new_channel,dbid,u64,
+
+# No value returned.
+msgtype,hsm_new_channel_reply,125
+
 # Get a new HSM FD, with the specified capabilities
 msgtype,hsm_client_hsmfd,9
 # Which identity to use for requests
@@ -42,6 +52,26 @@ msgtype,hsm_get_channel_basepoints_reply,110
 msgdata,hsm_get_channel_basepoints_reply,basepoints,basepoints,
 msgdata,hsm_get_channel_basepoints_reply,funding_pubkey,pubkey,
 
+# Provide channel parameters.
+msgtype,hsm_ready_channel,24
+msgdata,hsm_ready_channel,is_outbound,bool,
+msgdata,hsm_ready_channel,channel_value,amount_sat,
+msgdata,hsm_ready_channel,push_value,amount_msat,
+msgdata,hsm_ready_channel,funding_txid,bitcoin_txid,
+msgdata,hsm_ready_channel,funding_txout,u16,
+msgdata,hsm_ready_channel,local_to_self_delay,u16,
+msgdata,hsm_ready_channel,local_shutdown_script_len,u16,
+msgdata,hsm_ready_channel,local_shutdown_script,u8,local_shutdown_script_len
+msgdata,hsm_ready_channel,remote_basepoints,basepoints,
+msgdata,hsm_ready_channel,remote_funding_pubkey,pubkey,
+msgdata,hsm_ready_channel,remote_to_self_delay,u16,
+msgdata,hsm_ready_channel,remote_shutdown_script_len,u16,
+msgdata,hsm_ready_channel,remote_shutdown_script,u8,remote_shutdown_script_len
+msgdata,hsm_ready_channel,option_static_remotekey,bool,
+
+# No value returned.
+msgtype,hsm_ready_channel_reply,124
+
 # Return signature for a funding tx.
 #include <common/utxo.h>
 # FIXME: This should also take their commit sig & details, to verify.

diff --git a/hsmd/hsmd.c b/hsmd/hsmd.c
@@ -1491,6 +1491,74 @@ static struct io_plan *pass_client_hsmfd(struct io_conn *conn,
 			     send_pending_client_fd, c);
 }
 
+/*~ This is used to declare a new channel. */
+static struct io_plan *handle_new_channel(struct io_conn *conn,
+					  struct client *c,
+					  const u8 *msg_in)
+{
+	struct node_id peer_id;
+	u64 dbid;
+
+	if (!fromwire_hsm_new_channel(msg_in, &peer_id, &dbid))
+		return bad_req(conn, c, msg_in);
+
+	return req_reply(conn, c,
+			 take(towire_hsm_new_channel_reply(NULL)));
+}
+
+static bool mem_is_zero(const void *mem, size_t len)
+{
+	size_t i;
+	for (i = 0; i < len; ++i)
+		if (((const unsigned char *)mem)[i])
+			return false;
+	return true;
+}
+
+/*~ This is used to provide all unchanging public channel parameters. */
+static struct io_plan *handle_ready_channel(struct io_conn *conn,
+					    struct client *c,
+					    const u8 *msg_in)
+{
+	bool is_outbound;
+	struct amount_sat channel_value;
+	struct amount_msat push_value;
+	struct bitcoin_txid funding_txid;
+	u16 funding_txout;
+	u16 local_to_self_delay;
+	u8 *local_shutdown_script;
+	struct basepoints remote_basepoints;
+	struct pubkey remote_funding_pubkey;
+	u16 remote_to_self_delay;
+	u8 *remote_shutdown_script;
+	bool option_static_remotekey;
+	struct amount_msat value_msat;
+
+	if (!fromwire_hsm_ready_channel(tmpctx, msg_in, &is_outbound,
+					&channel_value, &push_value, &funding_txid,
+					&funding_txout, &local_to_self_delay,
+					&local_shutdown_script,
+					&remote_basepoints,
+					&remote_funding_pubkey,
+					&remote_to_self_delay,
+					&remote_shutdown_script,
+					&option_static_remotekey))
+		return bad_req(conn, c, msg_in);
+
+	/* Fail fast if any values are obviously uninitialized. */
+	assert(amount_sat_greater(channel_value, AMOUNT_SAT(0)));
+	assert(amount_sat_to_msat(&value_msat, channel_value));
+	assert(amount_msat_less_eq(push_value, value_msat));
+	assert(!mem_is_zero(&funding_txid, sizeof(funding_txid)));
+	assert(local_to_self_delay > 0);
+	assert(!mem_is_zero(&remote_basepoints, sizeof(remote_basepoints)));
+	assert(!mem_is_zero(&remote_funding_pubkey, sizeof(remote_funding_pubkey)));
+	assert(remote_to_self_delay > 0);
+
+	return req_reply(conn, c,
+			 take(towire_hsm_ready_channel_reply(NULL)));
+}
+
 /*~ For almost every wallet tx we use the BIP32 seed, but not for onchain
  * unilateral closes from a peer: they (may) have an output to us using a
  * public key based on the channel basepoints.  It's a bit spammy to spend
@@ -1891,6 +1959,7 @@ static bool check_client_capabilities(struct client *client,
 
 	case WIRE_HSM_GET_PER_COMMITMENT_POINT:
 	case WIRE_HSM_CHECK_FUTURE_SECRET:
+	case WIRE_HSM_READY_CHANNEL:
 		return (client->capabilities & HSM_CAP_COMMITMENT_POINT) != 0;
 
 	case WIRE_HSM_SIGN_REMOTE_COMMITMENT_TX:
@@ -1901,6 +1970,7 @@ static bool check_client_capabilities(struct client *client,
 		return (client->capabilities & HSM_CAP_SIGN_CLOSING_TX) != 0;
 
 	case WIRE_HSM_INIT:
+	case WIRE_HSM_NEW_CHANNEL:
 	case WIRE_HSM_CLIENT_HSMFD:
 	case WIRE_HSM_SIGN_FUNDING:
 	case WIRE_HSM_SIGN_WITHDRAWAL:
@@ -1918,6 +1988,8 @@ static bool check_client_capabilities(struct client *client,
 	case WIRE_HSM_CANNOUNCEMENT_SIG_REPLY:
 	case WIRE_HSM_CUPDATE_SIG_REPLY:
 	case WIRE_HSM_CLIENT_HSMFD_REPLY:
+	case WIRE_HSM_NEW_CHANNEL_REPLY:
+	case WIRE_HSM_READY_CHANNEL_REPLY:
 	case WIRE_HSM_SIGN_FUNDING_REPLY:
 	case WIRE_HSM_NODE_ANNOUNCEMENT_SIG_REPLY:
 	case WIRE_HSM_SIGN_WITHDRAWAL_REPLY:
@@ -1957,6 +2029,12 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
 	case WIRE_HSM_CLIENT_HSMFD:
 		return pass_client_hsmfd(conn, c, c->msg_in);
 
+	case WIRE_HSM_NEW_CHANNEL:
+		return handle_new_channel(conn, c, c->msg_in);
+
+	case WIRE_HSM_READY_CHANNEL:
+		return handle_ready_channel(conn, c, c->msg_in);
+
 	case WIRE_HSM_GET_CHANNEL_BASEPOINTS:
 		return handle_get_channel_basepoints(conn, c, c->msg_in);
 
@@ -2023,6 +2101,8 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
 	case WIRE_HSM_CANNOUNCEMENT_SIG_REPLY:
 	case WIRE_HSM_CUPDATE_SIG_REPLY:
 	case WIRE_HSM_CLIENT_HSMFD_REPLY:
+	case WIRE_HSM_NEW_CHANNEL_REPLY:
+	case WIRE_HSM_READY_CHANNEL_REPLY:
 	case WIRE_HSM_SIGN_FUNDING_REPLY:
 	case WIRE_HSM_NODE_ANNOUNCEMENT_SIG_REPLY:
 	case WIRE_HSM_SIGN_WITHDRAWAL_REPLY:

diff --git a/lightningd/opening_control.c b/lightningd/opening_control.c
@@ -644,6 +644,7 @@ new_uncommitted_channel(struct peer *peer)
 {
 	struct lightningd *ld = peer->ld;
 	struct uncommitted_channel *uc = tal(ld, struct uncommitted_channel);
+	u8 *msg;
 
 	uc->peer = peer;
 	assert(!peer->uncommitted_channel);
@@ -657,6 +658,15 @@ new_uncommitted_channel(struct peer *peer)
 	uc->fc = NULL;
 	uc->our_config.id = 0;
 
+	/* Declare the new channel to the HSM. */
+	msg = towire_hsm_new_channel(NULL, &uc->peer->id, uc->dbid);
+	if (!wire_sync_write(ld->hsm_fd, take(msg)))
+		fatal("Could not write to HSM: %s", strerror(errno));
+	msg = wire_sync_read(tmpctx, ld->hsm_fd);
+	if (!fromwire_hsm_new_channel_reply(msg))
+		fatal("HSM gave bad hsm_new_channel_reply %s",
+		      tal_hex(msg, msg));
+
 	get_channel_basepoints(ld, &uc->peer->id, uc->dbid,
 			       &uc->local_basepoints, &uc->local_funding_pubkey);
 

diff --git a/openingd/openingd.c b/openingd/openingd.c
@@ -669,6 +669,26 @@ static bool funder_finalize_channel_setup(struct state *state,
 	char *err_reason;
 	struct wally_tx_output *direct_outputs[NUM_SIDES];
 
+	/*~ Channel is ready; Report the channel parameters to the signer. */
+	msg = towire_hsm_ready_channel(NULL,
+				       true,	/* is_outbound */
+				       state->funding,
+				       state->push_msat,
+				       &state->funding_txid,
+				       state->funding_txout,
+				       state->localconf.to_self_delay,
+				       state->upfront_shutdown_script[LOCAL],
+				       &state->their_points,
+				       &state->their_funding_pubkey,
+				       state->remoteconf.to_self_delay,
+				       state->upfront_shutdown_script[REMOTE],
+				       state->option_static_remotekey);
+	wire_sync_write(HSM_FD, take(msg));
+	msg = wire_sync_read(tmpctx, HSM_FD);
+	if (!fromwire_hsm_ready_channel_reply(msg))
+		status_failed(STATUS_FAIL_HSM_IO, "Bad ready_channel_reply %s",
+			      tal_hex(tmpctx, msg));
+
 	/*~ Now we can initialize the `struct channel`.  This represents
 	 * the current channel state and is how we can generate the current
 	 * commitment transaction.
@@ -1168,6 +1188,26 @@ static u8 *fundee_channel(struct state *state, const u8 *open_channel_msg)
 					   &state->channel_id),
 			    type_to_string(msg, struct channel_id, &id_in));
 
+	/*~ Channel is ready; Report the channel parameters to the signer. */
+	msg = towire_hsm_ready_channel(NULL,
+				       false,	/* is_outbound */
+				       state->funding,
+				       state->push_msat,
+				       &state->funding_txid,
+				       state->funding_txout,
+				       state->localconf.to_self_delay,
+				       state->upfront_shutdown_script[LOCAL],
+				       &theirs,
+				       &their_funding_pubkey,
+				       state->remoteconf.to_self_delay,
+				       state->upfront_shutdown_script[REMOTE],
+				       state->option_static_remotekey);
+	wire_sync_write(HSM_FD, take(msg));
+	msg = wire_sync_read(tmpctx, HSM_FD);
+	if (!fromwire_hsm_ready_channel_reply(msg))
+		status_failed(STATUS_FAIL_HSM_IO, "Bad ready_channel_reply %s",
+			      tal_hex(tmpctx, msg));
+
 	/* Now we can create the channel structure. */
 	state->channel = new_initial_channel(state,
 					     &state->funding_txid,