diff --git a/common/hsm_version.h b/common/hsm_version.h index 8470dce64..3f7ea9f6f 100644 --- a/common/hsm_version.h +++ b/common/hsm_version.h @@ -16,6 +16,7 @@ * v4 with sign_anchorspend: 8a30722e38b56e82af566b9629ff18da01fcebd1e80ec67f04d8b3a2fa66d81c * v4 with sign_htlc_tx_mingle: b9247e75d41ee1b3fc2f7db0bac8f4e92d544ab2f017d430ae3a000589c384e5 * v4 with splicing: 06f21012936f825913af289fa81af1512c9ada1cb97c611698975a8fd287edbb + * v4 with capabilities called permissions: 7c5bf8ec7cf30302740db85260a9d1ac2c5b0323a2376c28df6b611831f91655 */ #define HSM_MIN_VERSION 3 #define HSM_MAX_VERSION 4 diff --git a/hsmd/Makefile b/hsmd/Makefile index 40f74edb5..c50c7a4e0 100644 --- a/hsmd/Makefile +++ b/hsmd/Makefile @@ -4,7 +4,7 @@ HSMD_SRC := hsmd/hsmd.c \ hsmd/hsmd_wiregen.c \ hsmd/libhsmd.c -HSMD_HEADERS := hsmd/hsmd_wiregen.h +HSMD_HEADERS := hsmd/hsmd_wiregen.h hsmd/permissions.h HSMD_OBJS := $(HSMD_SRC:.c=.o) $(HSMD_OBJS): $(HSMD_HEADERS) diff --git a/hsmd/capabilities.h b/hsmd/capabilities.h deleted file mode 100644 index e538ed35b..000000000 --- a/hsmd/capabilities.h +++ /dev/null @@ -1,14 +0,0 @@ -#ifndef LIGHTNING_HSMD_CAPABILITIES_H -#define LIGHTNING_HSMD_CAPABILITIES_H -#include "config.h" - -#define HSM_CAP_ECDH 1 -#define HSM_CAP_SIGN_GOSSIP 2 -#define HSM_CAP_SIGN_ONCHAIN_TX 4 -#define HSM_CAP_COMMITMENT_POINT 8 -#define HSM_CAP_SIGN_REMOTE_TX 16 -#define HSM_CAP_SIGN_CLOSING_TX 32 -#define HSM_CAP_SIGN_WILL_FUND_OFFER 64 - -#define HSM_CAP_MASTER 1024 -#endif /* LIGHTNING_HSMD_CAPABILITIES_H */ diff --git a/hsmd/hsmd.c b/hsmd/hsmd.c index 73119731d..1af682ffe 100644 --- a/hsmd/hsmd.c +++ b/hsmd/hsmd.c @@ -22,9 +22,9 @@ #include #include #include -#include /*~ _wiregen files are autogenerated by tools/generate-wire.py */ #include +#include #include #include #include @@ -754,7 +754,7 @@ int main(int argc, char *argv[]) uintmap_init(&clients); master = new_client(NULL, NULL, NULL, 0, - HSM_CAP_MASTER | HSM_CAP_SIGN_GOSSIP | HSM_CAP_ECDH, + HSM_PERM_MASTER | HSM_PERM_SIGN_GOSSIP | HSM_PERM_ECDH, REQ_FD); /* First client == lightningd. */ diff --git a/hsmd/hsmd_wire.csv b/hsmd/hsmd_wire.csv index 66179b3c9..2eefd6962 100644 --- a/hsmd/hsmd_wire.csv +++ b/hsmd/hsmd_wire.csv @@ -46,13 +46,13 @@ msgdata,hsmd_new_channel,dbid,u64, # No value returned. msgtype,hsmd_new_channel_reply,130 -# Get a new HSM FD, with the specified capabilities +# Get a new HSM FD, with the specified permissions msgtype,hsmd_client_hsmfd,9 # Which identity to use for requests msgdata,hsmd_client_hsmfd,id,node_id, # Database id for this client, if any. msgdata,hsmd_client_hsmfd,dbid,u64, -msgdata,hsmd_client_hsmfd,capabilities,u64, +msgdata,hsmd_client_hsmfd,permissions,u64, # No content, just an fd. msgtype,hsmd_client_hsmfd_reply,109 diff --git a/hsmd/libhsmd.c b/hsmd/libhsmd.c index b157f4f25..204ae3971 100644 --- a/hsmd/libhsmd.c +++ b/hsmd/libhsmd.c @@ -8,8 +8,8 @@ #include #include #include -#include #include +#include #include #include #include @@ -79,38 +79,38 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client, */ switch (t) { case WIRE_HSMD_ECDH_REQ: - return (client->capabilities & HSM_CAP_ECDH) != 0; + return (client->capabilities & HSM_PERM_ECDH) != 0; case WIRE_HSMD_CANNOUNCEMENT_SIG_REQ: case WIRE_HSMD_CUPDATE_SIG_REQ: case WIRE_HSMD_NODE_ANNOUNCEMENT_SIG_REQ: - return (client->capabilities & HSM_CAP_SIGN_GOSSIP) != 0; + return (client->capabilities & HSM_PERM_SIGN_GOSSIP) != 0; case WIRE_HSMD_SIGN_DELAYED_PAYMENT_TO_US: case WIRE_HSMD_SIGN_REMOTE_HTLC_TO_US: case WIRE_HSMD_SIGN_PENALTY_TO_US: case WIRE_HSMD_SIGN_LOCAL_HTLC_TX: - return (client->capabilities & HSM_CAP_SIGN_ONCHAIN_TX) != 0; + return (client->capabilities & HSM_PERM_SIGN_ONCHAIN_TX) != 0; case WIRE_HSMD_GET_PER_COMMITMENT_POINT: case WIRE_HSMD_CHECK_FUTURE_SECRET: case WIRE_HSMD_READY_CHANNEL: - return (client->capabilities & HSM_CAP_COMMITMENT_POINT) != 0; + return (client->capabilities & HSM_PERM_COMMITMENT_POINT) != 0; case WIRE_HSMD_SIGN_REMOTE_COMMITMENT_TX: case WIRE_HSMD_SIGN_REMOTE_HTLC_TX: case WIRE_HSMD_VALIDATE_COMMITMENT_TX: case WIRE_HSMD_VALIDATE_REVOCATION: - return (client->capabilities & HSM_CAP_SIGN_REMOTE_TX) != 0; + return (client->capabilities & HSM_PERM_SIGN_REMOTE_TX) != 0; case WIRE_HSMD_SIGN_MUTUAL_CLOSE_TX: - return (client->capabilities & HSM_CAP_SIGN_CLOSING_TX) != 0; + return (client->capabilities & HSM_PERM_SIGN_CLOSING_TX) != 0; case WIRE_HSMD_SIGN_SPLICE_TX: return (client->capabilities & WIRE_HSMD_SIGN_SPLICE_TX) != 0; case WIRE_HSMD_SIGN_OPTION_WILL_FUND_OFFER: - return (client->capabilities & HSM_CAP_SIGN_WILL_FUND_OFFER) != 0; + return (client->capabilities & HSM_PERM_SIGN_WILL_FUND_OFFER) != 0; case WIRE_HSMD_INIT: case WIRE_HSMD_NEW_CHANNEL: @@ -133,7 +133,7 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client, case WIRE_HSMD_SIGN_ANY_LOCAL_HTLC_TX: case WIRE_HSMD_SIGN_ANCHORSPEND: case WIRE_HSMD_SIGN_HTLC_TX_MINGLE: - return (client->capabilities & HSM_CAP_MASTER) != 0; + return (client->capabilities & HSM_PERM_MASTER) != 0; /*~ These are messages sent by the HSM so we should never receive them. */ /* FIXME: Since we autogenerate these, we should really generate separate diff --git a/hsmd/permissions.h b/hsmd/permissions.h new file mode 100644 index 000000000..d91ea2272 --- /dev/null +++ b/hsmd/permissions.h @@ -0,0 +1,14 @@ +#ifndef LIGHTNING_HSMD_PERMISSIONS_H +#define LIGHTNING_HSMD_PERMISSIONS_H +#include "config.h" + +#define HSM_PERM_ECDH 1 +#define HSM_PERM_SIGN_GOSSIP 2 +#define HSM_PERM_SIGN_ONCHAIN_TX 4 +#define HSM_PERM_COMMITMENT_POINT 8 +#define HSM_PERM_SIGN_REMOTE_TX 16 +#define HSM_PERM_SIGN_CLOSING_TX 32 +#define HSM_PERM_SIGN_WILL_FUND_OFFER 64 + +#define HSM_PERM_MASTER 1024 +#endif /* LIGHTNING_HSMD_PERMISSIONS_H */ diff --git a/lightningd/channel_control.c b/lightningd/channel_control.c index f3c6bc633..0553692a5 100644 --- a/lightningd/channel_control.c +++ b/lightningd/channel_control.c @@ -13,7 +13,7 @@ #include #include #include -#include +#include #include #include #include @@ -1264,12 +1264,12 @@ bool peer_start_channeld(struct channel *channel, hsmfd = hsm_get_client_fd(ld, &channel->peer->id, channel->dbid, - HSM_CAP_SIGN_GOSSIP - | HSM_CAP_ECDH - | HSM_CAP_COMMITMENT_POINT - | HSM_CAP_SIGN_REMOTE_TX - | HSM_CAP_SIGN_ONCHAIN_TX - | HSM_CAP_SIGN_CLOSING_TX); + HSM_PERM_SIGN_GOSSIP + | HSM_PERM_ECDH + | HSM_PERM_COMMITMENT_POINT + | HSM_PERM_SIGN_REMOTE_TX + | HSM_PERM_SIGN_ONCHAIN_TX + | HSM_PERM_SIGN_CLOSING_TX); channel_set_owner(channel, new_channel_subd(channel, ld, diff --git a/lightningd/closing_control.c b/lightningd/closing_control.c index 53732c0c6..93d2602fd 100644 --- a/lightningd/closing_control.c +++ b/lightningd/closing_control.c @@ -20,7 +20,7 @@ #include #include #include -#include +#include #include #include #include @@ -379,8 +379,8 @@ void peer_start_closingd(struct channel *channel, struct peer_fd *peer_fd) } hsmfd = hsm_get_client_fd(ld, &channel->peer->id, channel->dbid, - HSM_CAP_SIGN_CLOSING_TX - | HSM_CAP_COMMITMENT_POINT); + HSM_PERM_SIGN_CLOSING_TX + | HSM_PERM_COMMITMENT_POINT); channel_set_owner(channel, new_channel_subd(channel, ld, diff --git a/lightningd/connect_control.c b/lightningd/connect_control.c index 290bc1fd7..ae253c5a4 100644 --- a/lightningd/connect_control.c +++ b/lightningd/connect_control.c @@ -10,7 +10,7 @@ #include #include #include -#include +#include #include #include #include @@ -661,7 +661,7 @@ int connectd_init(struct lightningd *ld) if (socketpair(AF_LOCAL, SOCK_STREAM, 0, fds) != 0) fatal("Could not socketpair for connectd<->gossipd"); - hsmfd = hsm_get_global_fd(ld, HSM_CAP_ECDH); + hsmfd = hsm_get_global_fd(ld, HSM_PERM_ECDH); ld->connectd = new_global_subd(ld, "lightning_connectd", connectd_wire_name, connectd_msg, diff --git a/lightningd/dual_open_control.c b/lightningd/dual_open_control.c index eb0f9b792..6f70dd436 100644 --- a/lightningd/dual_open_control.c +++ b/lightningd/dual_open_control.c @@ -17,7 +17,7 @@ #include #include #include -#include +#include #include #include #include @@ -3695,9 +3695,9 @@ bool peer_start_dualopend(struct peer *peer, const u8 *msg; hsmfd = hsm_get_client_fd(peer->ld, &peer->id, channel->unsaved_dbid, - HSM_CAP_COMMITMENT_POINT - | HSM_CAP_SIGN_REMOTE_TX - | HSM_CAP_SIGN_WILL_FUND_OFFER); + HSM_PERM_COMMITMENT_POINT + | HSM_PERM_SIGN_REMOTE_TX + | HSM_PERM_SIGN_WILL_FUND_OFFER); channel->owner = new_channel_subd(channel, peer->ld, @@ -3767,9 +3767,9 @@ bool peer_restart_dualopend(struct peer *peer, return peer_start_dualopend(peer, peer_fd, channel); hsmfd = hsm_get_client_fd(peer->ld, &peer->id, channel->dbid, - HSM_CAP_COMMITMENT_POINT - | HSM_CAP_SIGN_REMOTE_TX - | HSM_CAP_SIGN_WILL_FUND_OFFER); + HSM_PERM_COMMITMENT_POINT + | HSM_PERM_SIGN_REMOTE_TX + | HSM_PERM_SIGN_WILL_FUND_OFFER); channel_set_owner(channel, new_channel_subd(channel, peer->ld, diff --git a/lightningd/gossip_control.c b/lightningd/gossip_control.c index 7b2779d49..bc9b89447 100644 --- a/lightningd/gossip_control.c +++ b/lightningd/gossip_control.c @@ -7,7 +7,7 @@ #include #include #include -#include +#include #include #include #include @@ -270,7 +270,7 @@ void gossip_init(struct lightningd *ld, int connectd_fd) int hsmfd; void *ret; - hsmfd = hsm_get_global_fd(ld, HSM_CAP_ECDH|HSM_CAP_SIGN_GOSSIP); + hsmfd = hsm_get_global_fd(ld, HSM_PERM_ECDH|HSM_PERM_SIGN_GOSSIP); ld->gossip = new_global_subd(ld, "lightning_gossipd", gossipd_wire_name, gossip_msg, diff --git a/lightningd/hsm_control.c b/lightningd/hsm_control.c index c4e660647..bd703c75c 100644 --- a/lightningd/hsm_control.c +++ b/lightningd/hsm_control.c @@ -24,12 +24,12 @@ static int hsm_get_fd(struct lightningd *ld, const struct node_id *id, u64 dbid, - int capabilities) + u64 permissions) { int hsm_fd; const u8 *msg; - msg = towire_hsmd_client_hsmfd(NULL, id, dbid, capabilities); + msg = towire_hsmd_client_hsmfd(NULL, id, dbid, permissions); msg = hsm_sync_req(tmpctx, ld, take(msg)); if (!fromwire_hsmd_client_hsmfd_reply(msg)) fatal("Bad reply from HSM: %s", tal_hex(tmpctx, msg)); @@ -43,16 +43,16 @@ static int hsm_get_fd(struct lightningd *ld, int hsm_get_client_fd(struct lightningd *ld, const struct node_id *id, u64 dbid, - int capabilities) + u64 permissions) { assert(dbid); - return hsm_get_fd(ld, id, dbid, capabilities); + return hsm_get_fd(ld, id, dbid, permissions); } -int hsm_get_global_fd(struct lightningd *ld, int capabilities) +int hsm_get_global_fd(struct lightningd *ld, u64 permissions) { - return hsm_get_fd(ld, &ld->id, 0, capabilities); + return hsm_get_fd(ld, &ld->id, 0, permissions); } static unsigned int hsm_msg(struct subd *hsmd, diff --git a/lightningd/hsm_control.h b/lightningd/hsm_control.h index 9a8fcc01b..355f8bd51 100644 --- a/lightningd/hsm_control.h +++ b/lightningd/hsm_control.h @@ -11,10 +11,10 @@ struct ext_key; int hsm_get_client_fd(struct lightningd *ld, const struct node_id *id, u64 dbid, - int capabilities); + u64 permissions); /* Ask HSM for an fd for a global subdaemon to use (gossipd, connectd) */ -int hsm_get_global_fd(struct lightningd *ld, int capabilities); +int hsm_get_global_fd(struct lightningd *ld, u64 permissions); /* Is this capability supported by the HSM? (So far, always a message * number) */ diff --git a/lightningd/onchain_control.c b/lightningd/onchain_control.c index edb143cd1..1982ba6b1 100644 --- a/lightningd/onchain_control.c +++ b/lightningd/onchain_control.c @@ -9,8 +9,8 @@ #include #include #include -#include #include +#include #include #include #include @@ -1553,8 +1553,8 @@ enum watch_result onchaind_funding_spent(struct channel *channel, hsmfd = hsm_get_client_fd(ld, &channel->peer->id, channel->dbid, - HSM_CAP_SIGN_ONCHAIN_TX - | HSM_CAP_COMMITMENT_POINT); + HSM_PERM_SIGN_ONCHAIN_TX + | HSM_PERM_COMMITMENT_POINT); channel_set_owner(channel, new_channel_subd(channel, ld, "lightning_onchaind", diff --git a/lightningd/opening_control.c b/lightningd/opening_control.c index 180a9067c..85f9c9c6e 100644 --- a/lightningd/opening_control.c +++ b/lightningd/opening_control.c @@ -15,7 +15,7 @@ #include #include #include -#include +#include #include #include #include @@ -933,8 +933,8 @@ bool peer_start_openingd(struct peer *peer, struct peer_fd *peer_fd) assert(!uc->open_daemon); hsmfd = hsm_get_client_fd(peer->ld, &uc->peer->id, uc->dbid, - HSM_CAP_COMMITMENT_POINT - | HSM_CAP_SIGN_REMOTE_TX); + HSM_PERM_COMMITMENT_POINT + | HSM_PERM_SIGN_REMOTE_TX); uc->open_daemon = new_channel_subd(peer, peer->ld, "lightning_openingd",