patch hsm_sync_req.patch

ElementsProject · Apr 1, 2023 · 5cacaa1 · 5cacaa1
1 parent afc1996
commit 5cacaa1
Show file tree

Hide file tree

Showing 11 changed files with 67 additions and 85 deletions.
diff --git a/lightningd/channel.c b/lightningd/channel.c
@@ -12,13 +12,13 @@
 #include <lightningd/channel.h>
 #include <lightningd/channel_state_names_gen.h>
 #include <lightningd/connect_control.h>
+#include <lightningd/hsm_control.h>
 #include <lightningd/notification.h>
 #include <lightningd/opening_common.h>
 #include <lightningd/peer_control.h>
 #include <lightningd/subd.h>
 #include <wallet/txfilter.h>
 #include <wire/peer_wire.h>
-#include <wire/wire_sync.h>
 
 void channel_set_owner(struct channel *channel, struct subd *owner)
 {
@@ -103,14 +103,11 @@ void get_channel_basepoints(struct lightningd *ld,
 			    struct basepoints *local_basepoints,
 			    struct pubkey *local_funding_pubkey)
 {
-	u8 *msg;
+	const u8 *msg;
 
 	assert(dbid != 0);
 	msg = towire_hsmd_get_channel_basepoints(NULL, peer_id, dbid);
-	if (!wire_sync_write(ld->hsm_fd, take(msg)))
-		fatal("Could not write to HSM: %s", strerror(errno));
-
-	msg = wire_sync_read(tmpctx, ld->hsm_fd);
+	msg = hsm_sync_req(tmpctx, ld, take(msg));
 	if (!fromwire_hsmd_get_channel_basepoints_reply(msg, local_basepoints,
 						       local_funding_pubkey))
 		fatal("HSM gave bad hsm_get_channel_basepoints_reply %s",
@@ -199,7 +196,7 @@ struct channel *new_unsaved_channel(struct peer *peer,
 {
 	struct lightningd *ld = peer->ld;
 	struct channel *channel = tal(ld, struct channel);
-	u8 *msg;
+	const u8 *msg;
 
 	channel->peer = peer;
 	/* Not saved to the database yet! */
@@ -266,9 +263,7 @@ struct channel *new_unsaved_channel(struct peer *peer,
 	shachain_init(&channel->their_shachain.chain);
 
 	msg = towire_hsmd_new_channel(NULL, &peer->id, channel->unsaved_dbid);
-	if (!wire_sync_write(ld->hsm_fd, take(msg)))
-		fatal("Could not write to HSM: %s", strerror(errno));
-	msg = wire_sync_read(tmpctx, ld->hsm_fd);
+	msg = hsm_sync_req(tmpctx, ld, take(msg));
 	if (!fromwire_hsmd_new_channel_reply(msg))
 		fatal("HSM gave bad hsm_new_channel_reply %s",
 		      tal_hex(msg, msg));

diff --git a/lightningd/hsm_control.c b/lightningd/hsm_control.c
@@ -27,13 +27,10 @@ static int hsm_get_fd(struct lightningd *ld,
 		      int capabilities)
 {
 	int hsm_fd;
-	u8 *msg;
+	const u8 *msg;
 
 	msg = towire_hsmd_client_hsmfd(NULL, id, dbid, capabilities);
-	if (!wire_sync_write(ld->hsm_fd, take(msg)))
-		fatal("Could not write to HSM: %s", strerror(errno));
-
-	msg = wire_sync_read(tmpctx, ld->hsm_fd);
+	msg = hsm_sync_req(tmpctx, ld, take(msg));
 	if (!fromwire_hsmd_client_hsmfd_reply(msg))
 		fatal("Bad reply from HSM: %s", tal_hex(tmpctx, msg));
 
@@ -198,9 +195,8 @@ void bip32_pubkey(struct lightningd *ld, struct pubkey *pubkey, u32 index)
 	/* Don't assume hsmd supports it! */
 	if (hsm_capable(ld, WIRE_HSMD_CHECK_PUBKEY)) {
 		bool ok;
-		u8 *msg = towire_hsmd_check_pubkey(NULL, index, pubkey);
-		wire_sync_write(ld->hsm_fd, take(msg));
-		msg = wire_sync_read(tmpctx, ld->hsm_fd);
+		const u8 *msg = towire_hsmd_check_pubkey(NULL, index, pubkey);
+		msg = hsm_sync_req(tmpctx, ld, take(msg));
 		if (!fromwire_hsmd_check_pubkey_reply(msg, &ok))
 			fatal("Invalid check_pubkey_reply from hsm");
 		if (!ok)
@@ -209,6 +205,18 @@ void bip32_pubkey(struct lightningd *ld, struct pubkey *pubkey, u32 index)
 	}
 }
 
+const u8 *hsm_sync_req(const tal_t *ctx, struct lightningd *ld, const u8 *msg)
+{
+	int type = fromwire_peektype(msg);
+	if (!wire_sync_write(ld->hsm_fd, msg))
+		fatal("Writing %s hsm", hsmd_wire_name(type));
+	msg = wire_sync_read(ctx, ld->hsm_fd);
+	if (!msg)
+		fatal("EOF reading from HSM after %s",
+		      hsmd_wire_name(type));
+	return msg;
+}
+
 static struct command_result *json_makesecret(struct command *cmd,
 					   const char *buffer,
 					   const jsmntok_t *obj UNNEEDED,

diff --git a/lightningd/hsm_control.h b/lightningd/hsm_control.h
@@ -22,6 +22,11 @@ bool hsm_capable(struct lightningd *ld, u32 msgtype);
 
 struct ext_key *hsm_init(struct lightningd *ld);
 
+/* Send request to hsmd, get response. */
+const u8 *hsm_sync_req(const tal_t *ctx,
+		       struct lightningd *ld,
+		       const u8 *msg TAKES);
+
 /* Get (and check!) a bip32 derived pubkey */
 void bip32_pubkey(struct lightningd *ld, struct pubkey *pubkey, u32 index);
 

diff --git a/lightningd/invoice.c b/lightningd/invoice.c
@@ -20,6 +20,7 @@
 #include <errno.h>
 #include <hsmd/hsmd_wiregen.h>
 #include <lightningd/channel.h>
+#include <lightningd/hsm_control.h>
 #include <lightningd/invoice.h>
 #include <lightningd/notification.h>
 #include <lightningd/plugin_hook.h>
@@ -476,12 +477,10 @@ static bool hsm_sign_b11(const u5 *u5bytes,
 			 secp256k1_ecdsa_recoverable_signature *rsig,
 			 struct lightningd *ld)
 {
-	u8 *msg = towire_hsmd_sign_invoice(NULL, u5bytes, hrpu8);
+	const u8 *msg;
 
-	if (!wire_sync_write(ld->hsm_fd, take(msg)))
-		fatal("Could not write to HSM: %s", strerror(errno));
-
-	msg = wire_sync_read(tmpctx, ld->hsm_fd);
+	msg = hsm_sync_req(tmpctx, ld,
+			   take(towire_hsmd_sign_invoice(NULL, u5bytes, hrpu8)));
         if (!fromwire_hsmd_sign_invoice_reply(msg, rsig))
 		fatal("HSM gave bad sign_invoice_reply %s",
 		      tal_hex(msg, msg));
@@ -493,17 +492,14 @@ static void hsm_sign_b12_invoice(struct lightningd *ld,
 				 struct tlv_invoice *invoice)
 {
 	struct sha256 merkle;
-	u8 *msg;
+	const u8 *msg;
 
 	assert(!invoice->signature);
 
  	merkle_tlv(invoice->fields, &merkle);
 	msg = towire_hsmd_sign_bolt12(NULL, "invoice", "signature", &merkle, NULL);
 
-	if (!wire_sync_write(ld->hsm_fd, take(msg)))
-		fatal("Could not write to HSM: %s", strerror(errno));
-
-	msg = wire_sync_read(tmpctx, ld->hsm_fd);
+	msg = hsm_sync_req(tmpctx, ld, take(msg));
 	invoice->signature = tal(invoice, struct bip340sig);
         if (!fromwire_hsmd_sign_bolt12_reply(msg, invoice->signature))
 		fatal("HSM gave bad sign_invoice_reply %s",
@@ -1815,6 +1811,7 @@ static struct command_result *json_preapproveinvoice(struct command *cmd,
 	const char *invstring;
 	struct json_stream *response;
 	bool approved;
+	const u8 *msg;
 
 	if (!param(cmd, buffer, params,
 		   /* FIXME: parameter should be invstring now */
@@ -1827,12 +1824,8 @@ static struct command_result *json_preapproveinvoice(struct command *cmd,
 	    strncmp(invstring, "LIGHTNING:", 10) == 0)
 		invstring += 10;
 
-	u8 *msg = towire_hsmd_preapprove_invoice(NULL, invstring);
-
-	if (!wire_sync_write(cmd->ld->hsm_fd, take(msg)))
-		fatal("Could not write to HSM: %s", strerror(errno));
-
-	msg = wire_sync_read(tmpctx, cmd->ld->hsm_fd);
+	msg = hsm_sync_req(tmpctx, cmd->ld,
+			   take(towire_hsmd_preapprove_invoice(NULL, invstring)));
         if (!fromwire_hsmd_preapprove_invoice_reply(msg, &approved))
 		return command_fail(cmd, JSONRPC2_INVALID_PARAMS,
 				    "HSM gave bad preapprove_invoice_reply %s", tal_hex(msg, msg));
@@ -1860,9 +1853,9 @@ static struct command_result *json_preapprovekeysend(struct command *cmd,
 	struct node_id *destination;
 	struct sha256 *payment_hash;
 	struct amount_msat *amount;
-
 	struct json_stream *response;
 	bool approved;
+	const u8 *msg;
 
 	if (!param(cmd, buffer, params,
 		   p_req("destination", param_node_id, &destination),
@@ -1871,12 +1864,9 @@ static struct command_result *json_preapprovekeysend(struct command *cmd,
 		   NULL))
 		return command_param_failed();
 
-	u8 *msg = towire_hsmd_preapprove_keysend(NULL, destination, payment_hash, *amount);
-
-	if (!wire_sync_write(cmd->ld->hsm_fd, take(msg)))
-		fatal("Could not write to HSM: %s", strerror(errno));
+	msg = towire_hsmd_preapprove_keysend(NULL, destination, payment_hash, *amount);
 
-	msg = wire_sync_read(tmpctx, cmd->ld->hsm_fd);
+	msg = hsm_sync_req(tmpctx, cmd->ld, take(msg));
         if (!fromwire_hsmd_preapprove_keysend_reply(msg, &approved))
 		return command_fail(cmd, JSONRPC2_INVALID_PARAMS,
 				    "HSM gave bad preapprove_keysend_reply %s", tal_hex(msg, msg));

diff --git a/lightningd/memdump.c b/lightningd/memdump.c
@@ -12,13 +12,13 @@
 #include <gossipd/gossipd_wiregen.h>
 #include <hsmd/hsmd_wiregen.h>
 #include <lightningd/chaintopology.h>
+#include <lightningd/hsm_control.h>
 #include <lightningd/jsonrpc.h>
 #include <lightningd/lightningd.h>
 #include <lightningd/memdump.h>
 #include <lightningd/opening_common.h>
 #include <lightningd/peer_control.h>
 #include <lightningd/subd.h>
-#include <wire/wire_sync.h>
 
 static void json_add_ptr(struct json_stream *response, const char *name,
 			 const void *ptr)
@@ -262,7 +262,7 @@ static struct command_result *json_memleak(struct command *cmd,
 					   const jsmntok_t *params)
 {
 	struct lightningd *ld = cmd->ld;
-	u8 *msg;
+	const u8 *msg;
 	bool found_leak;
 	struct leak_detect *leaks;
 
@@ -280,10 +280,7 @@ static struct command_result *json_memleak(struct command *cmd,
 	leaks->leakers = tal_arr(leaks, const char *, 0);
 
 	/* hsmd is sync, so do that first. */
-	if (!wire_sync_write(ld->hsm_fd,
-			     take(towire_hsmd_dev_memleak(NULL))))
-		fatal("Could not write to HSM: %s", strerror(errno));
-	msg = wire_sync_read(tmpctx, ld->hsm_fd);
+	msg = hsm_sync_req(tmpctx, cmd->ld, take(towire_hsmd_dev_memleak(NULL)));
 	if (!fromwire_hsmd_dev_memleak_reply(msg, &found_leak))
 		fatal("Bad HSMD_DEV_MEMLEAK_REPLY: %s", tal_hex(tmpctx, msg));
 

diff --git a/lightningd/offer.c b/lightningd/offer.c
@@ -10,11 +10,11 @@
 #include <common/type_to_string.h>
 #include <errno.h>
 #include <hsmd/hsmd_wiregen.h>
+#include <lightningd/hsm_control.h>
 #include <lightningd/jsonrpc.h>
 #include <lightningd/lightningd.h>
 #include <secp256k1_schnorrsig.h>
 #include <sodium/randombytes.h>
-#include <wire/wire_sync.h>
 
 static void json_populate_offer(struct json_stream *response,
 				const struct sha256 *offer_id,
@@ -54,15 +54,12 @@ static void hsm_sign_b12(struct lightningd *ld,
 			 const struct pubkey *key,
 			 struct bip340sig *sig)
 {
-	u8 *msg;
+	const u8 *msg;
 	struct sha256 sighash;
 
 	msg = towire_hsmd_sign_bolt12(NULL, messagename, fieldname, merkle,
 				      publictweak);
-	if (!wire_sync_write(ld->hsm_fd, take(msg)))
-		fatal("Could not write to HSM: %s", strerror(errno));
-
-	msg = wire_sync_read(tmpctx, ld->hsm_fd);
+	msg = hsm_sync_req(tmpctx, ld, take(msg));
         if (!fromwire_hsmd_sign_bolt12_reply(msg, sig))
 		fatal("HSM gave bad sign_offer_reply %s",
 		      tal_hex(msg, msg));

diff --git a/lightningd/onchain_control.c b/lightningd/onchain_control.c
@@ -787,15 +787,12 @@ static u8 **sign_and_get_witness(const tal_t *ctx,
 				 struct bitcoin_tx *tx,
 				 const struct onchain_signing_info *info)
 {
-	u8 *msg;
+	const u8 *msg;
 	struct bitcoin_signature sig;
 	struct lightningd *ld = channel->peer->ld;
 
-	msg = info->sign(NULL, tx, info);
-	if (!wire_sync_write(ld->hsm_fd, take(msg)))
-		fatal("Writing sign request to hsm");
-	msg = wire_sync_read(tmpctx, ld->hsm_fd);
-	if (!msg || !fromwire_hsmd_sign_tx_reply(msg, &sig))
+	msg = hsm_sync_req(tmpctx, ld, take(info->sign(NULL, tx, info)));
+	if (!fromwire_hsmd_sign_tx_reply(msg, &sig))
 		fatal("Reading sign_tx_reply: %s", tal_hex(tmpctx, msg));
 
 	return bitcoin_witness_sig_and_element(ctx, &sig, info->stack_elem,
@@ -1129,11 +1126,8 @@ static void handle_onchaind_spend_htlc_success(struct channel *channel,
 	info->deadline_block = htlc_incoming_deadline(channel, htlc_id);
 
 	/* Now sign, and set witness */
-	msg = sign_htlc_success(NULL, tx, info);
-	if (!wire_sync_write(ld->hsm_fd, take(msg)))
-		fatal("Writing sign request to hsm");
-	msg = wire_sync_read(tmpctx, ld->hsm_fd);
-	if (!msg || !fromwire_hsmd_sign_tx_reply(msg, &sig))
+	msg = hsm_sync_req(tmpctx, ld, take(sign_htlc_success(NULL, tx, info)));
+	if (!fromwire_hsmd_sign_tx_reply(msg, &sig))
 		fatal("Reading sign_tx_reply: %s", tal_hex(tmpctx, msg));
 
 	witness = bitcoin_witness_htlc_success_tx(NULL, &sig,
@@ -1206,11 +1200,8 @@ static void handle_onchaind_spend_htlc_timeout(struct channel *channel,
 	info->minblock = cltv_expiry + 1;
 
 	/* Now sign, and set witness */
-	msg = sign_htlc_timeout(NULL, tx, info);
-	if (!wire_sync_write(ld->hsm_fd, take(msg)))
-		fatal("Writing sign request to hsm");
-	msg = wire_sync_read(tmpctx, ld->hsm_fd);
-	if (!msg || !fromwire_hsmd_sign_tx_reply(msg, &sig))
+	msg = hsm_sync_req(tmpctx, ld, take(sign_htlc_timeout(NULL, tx, info)));
+	if (!fromwire_hsmd_sign_tx_reply(msg, &sig))
 		fatal("Reading sign_tx_reply: %s", tal_hex(tmpctx, msg));
 
 	witness = bitcoin_witness_htlc_timeout_tx(NULL, &sig,

diff --git a/lightningd/opening_common.c b/lightningd/opening_common.c
@@ -8,13 +8,13 @@
 #include <lightningd/channel.h>
 #include <lightningd/channel_control.h>
 #include <lightningd/connect_control.h>
+#include <lightningd/hsm_control.h>
 #include <lightningd/notification.h>
 #include <lightningd/opening_common.h>
 #include <lightningd/peer_control.h>
 #include <lightningd/peer_fd.h>
 #include <lightningd/subd.h>
 #include <openingd/openingd_wiregen.h>
-#include <wire/wire_sync.h>
 
 static void destroy_uncommitted_channel(struct uncommitted_channel *uc)
 {
@@ -39,7 +39,7 @@ new_uncommitted_channel(struct peer *peer)
 {
 	struct lightningd *ld = peer->ld;
 	struct uncommitted_channel *uc = tal(ld, struct uncommitted_channel);
-	u8 *new_channel_msg;
+	const u8 *new_channel_msg;
 
 	uc->peer = peer;
 	assert(!peer->uncommitted_channel);
@@ -74,9 +74,7 @@ new_uncommitted_channel(struct peer *peer)
 
 	/* Declare the new channel to the HSM. */
 	new_channel_msg = towire_hsmd_new_channel(NULL, &uc->peer->id, uc->dbid);
-	if (!wire_sync_write(ld->hsm_fd, take(new_channel_msg)))
-		fatal("Could not write to HSM: %s", strerror(errno));
-	new_channel_msg = wire_sync_read(tmpctx, ld->hsm_fd);
+	new_channel_msg = hsm_sync_req(tmpctx, ld, take(new_channel_msg));
 	if (!fromwire_hsmd_new_channel_reply(new_channel_msg))
 		fatal("HSM gave bad hsm_new_channel_reply %s",
 		      tal_hex(new_channel_msg, new_channel_msg));

diff --git a/lightningd/peer_control.c b/lightningd/peer_control.c
@@ -224,23 +224,21 @@ static void sign_last_tx(struct channel *channel,
 {
 	struct lightningd *ld = channel->peer->ld;
 	struct bitcoin_signature sig;
-	u8 *msg, **witness;
+	const u8 *msg;
+	u8 **witness;
 
 	u64 commit_index = channel->next_index[LOCAL] - 1;
 
 	assert(!last_tx->wtx->inputs[0].witness);
-	msg = towire_hsmd_sign_commitment_tx(tmpctx,
+	msg = towire_hsmd_sign_commitment_tx(NULL,
 					     &channel->peer->id,
 					     channel->dbid,
 					     last_tx,
 					     &channel->channel_info
 					     .remote_fundingkey,
 					     commit_index);
 
-	if (!wire_sync_write(ld->hsm_fd, take(msg)))
-		fatal("Could not write to HSM: %s", strerror(errno));
-
-	msg = wire_sync_read(tmpctx, ld->hsm_fd);
+	msg = hsm_sync_req(tmpctx, ld, take(msg));
 	if (!fromwire_hsmd_sign_commitment_tx_reply(msg, &sig))
 		fatal("HSM gave bad sign_commitment_tx_reply %s",
 		      tal_hex(tmpctx, msg));