From 5cacaa1dc01cd41e6ec92b992badb37d2aed091d Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Sat, 1 Apr 2023 14:28:14 +1030 Subject: [PATCH] patch hsm_sync_req.patch --- lightningd/channel.c | 15 +++------ lightningd/hsm_control.c | 24 ++++++++++----- lightningd/hsm_control.h | 5 +++ lightningd/invoice.c | 34 ++++++++------------- lightningd/memdump.c | 9 ++---- lightningd/offer.c | 9 ++---- lightningd/onchain_control.c | 23 +++++--------- lightningd/opening_common.c | 8 ++--- lightningd/peer_control.c | 10 +++--- lightningd/signmessage.c | 10 +++--- lightningd/test/run-invoice-select-inchan.c | 5 +++ 11 files changed, 67 insertions(+), 85 deletions(-) diff --git a/lightningd/channel.c b/lightningd/channel.c index b8df981d85b1..0a2ebd39f74b 100644 --- a/lightningd/channel.c +++ b/lightningd/channel.c @@ -12,13 +12,13 @@ #include #include #include +#include #include #include #include #include #include #include -#include void channel_set_owner(struct channel *channel, struct subd *owner) { @@ -103,14 +103,11 @@ void get_channel_basepoints(struct lightningd *ld, struct basepoints *local_basepoints, struct pubkey *local_funding_pubkey) { - u8 *msg; + const u8 *msg; assert(dbid != 0); msg = towire_hsmd_get_channel_basepoints(NULL, peer_id, dbid); - if (!wire_sync_write(ld->hsm_fd, take(msg))) - fatal("Could not write to HSM: %s", strerror(errno)); - - msg = wire_sync_read(tmpctx, ld->hsm_fd); + msg = hsm_sync_req(tmpctx, ld, take(msg)); if (!fromwire_hsmd_get_channel_basepoints_reply(msg, local_basepoints, local_funding_pubkey)) fatal("HSM gave bad hsm_get_channel_basepoints_reply %s", @@ -199,7 +196,7 @@ struct channel *new_unsaved_channel(struct peer *peer, { struct lightningd *ld = peer->ld; struct channel *channel = tal(ld, struct channel); - u8 *msg; + const u8 *msg; channel->peer = peer; /* Not saved to the database yet! */ @@ -266,9 +263,7 @@ struct channel *new_unsaved_channel(struct peer *peer, shachain_init(&channel->their_shachain.chain); msg = towire_hsmd_new_channel(NULL, &peer->id, channel->unsaved_dbid); - if (!wire_sync_write(ld->hsm_fd, take(msg))) - fatal("Could not write to HSM: %s", strerror(errno)); - msg = wire_sync_read(tmpctx, ld->hsm_fd); + msg = hsm_sync_req(tmpctx, ld, take(msg)); if (!fromwire_hsmd_new_channel_reply(msg)) fatal("HSM gave bad hsm_new_channel_reply %s", tal_hex(msg, msg)); diff --git a/lightningd/hsm_control.c b/lightningd/hsm_control.c index 0eb281f97593..f553c3e47cd2 100644 --- a/lightningd/hsm_control.c +++ b/lightningd/hsm_control.c @@ -27,13 +27,10 @@ static int hsm_get_fd(struct lightningd *ld, int capabilities) { int hsm_fd; - u8 *msg; + const u8 *msg; msg = towire_hsmd_client_hsmfd(NULL, id, dbid, capabilities); - if (!wire_sync_write(ld->hsm_fd, take(msg))) - fatal("Could not write to HSM: %s", strerror(errno)); - - msg = wire_sync_read(tmpctx, ld->hsm_fd); + msg = hsm_sync_req(tmpctx, ld, take(msg)); if (!fromwire_hsmd_client_hsmfd_reply(msg)) fatal("Bad reply from HSM: %s", tal_hex(tmpctx, msg)); @@ -198,9 +195,8 @@ void bip32_pubkey(struct lightningd *ld, struct pubkey *pubkey, u32 index) /* Don't assume hsmd supports it! */ if (hsm_capable(ld, WIRE_HSMD_CHECK_PUBKEY)) { bool ok; - u8 *msg = towire_hsmd_check_pubkey(NULL, index, pubkey); - wire_sync_write(ld->hsm_fd, take(msg)); - msg = wire_sync_read(tmpctx, ld->hsm_fd); + const u8 *msg = towire_hsmd_check_pubkey(NULL, index, pubkey); + msg = hsm_sync_req(tmpctx, ld, take(msg)); if (!fromwire_hsmd_check_pubkey_reply(msg, &ok)) fatal("Invalid check_pubkey_reply from hsm"); if (!ok) @@ -209,6 +205,18 @@ void bip32_pubkey(struct lightningd *ld, struct pubkey *pubkey, u32 index) } } +const u8 *hsm_sync_req(const tal_t *ctx, struct lightningd *ld, const u8 *msg) +{ + int type = fromwire_peektype(msg); + if (!wire_sync_write(ld->hsm_fd, msg)) + fatal("Writing %s hsm", hsmd_wire_name(type)); + msg = wire_sync_read(ctx, ld->hsm_fd); + if (!msg) + fatal("EOF reading from HSM after %s", + hsmd_wire_name(type)); + return msg; +} + static struct command_result *json_makesecret(struct command *cmd, const char *buffer, const jsmntok_t *obj UNNEEDED, diff --git a/lightningd/hsm_control.h b/lightningd/hsm_control.h index 6fc222fe646f..9a8fcc01bf70 100644 --- a/lightningd/hsm_control.h +++ b/lightningd/hsm_control.h @@ -22,6 +22,11 @@ bool hsm_capable(struct lightningd *ld, u32 msgtype); struct ext_key *hsm_init(struct lightningd *ld); +/* Send request to hsmd, get response. */ +const u8 *hsm_sync_req(const tal_t *ctx, + struct lightningd *ld, + const u8 *msg TAKES); + /* Get (and check!) a bip32 derived pubkey */ void bip32_pubkey(struct lightningd *ld, struct pubkey *pubkey, u32 index); diff --git a/lightningd/invoice.c b/lightningd/invoice.c index 4993b02cf093..136dc7d489c9 100644 --- a/lightningd/invoice.c +++ b/lightningd/invoice.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -476,12 +477,10 @@ static bool hsm_sign_b11(const u5 *u5bytes, secp256k1_ecdsa_recoverable_signature *rsig, struct lightningd *ld) { - u8 *msg = towire_hsmd_sign_invoice(NULL, u5bytes, hrpu8); + const u8 *msg; - if (!wire_sync_write(ld->hsm_fd, take(msg))) - fatal("Could not write to HSM: %s", strerror(errno)); - - msg = wire_sync_read(tmpctx, ld->hsm_fd); + msg = hsm_sync_req(tmpctx, ld, + take(towire_hsmd_sign_invoice(NULL, u5bytes, hrpu8))); if (!fromwire_hsmd_sign_invoice_reply(msg, rsig)) fatal("HSM gave bad sign_invoice_reply %s", tal_hex(msg, msg)); @@ -493,17 +492,14 @@ static void hsm_sign_b12_invoice(struct lightningd *ld, struct tlv_invoice *invoice) { struct sha256 merkle; - u8 *msg; + const u8 *msg; assert(!invoice->signature); merkle_tlv(invoice->fields, &merkle); msg = towire_hsmd_sign_bolt12(NULL, "invoice", "signature", &merkle, NULL); - if (!wire_sync_write(ld->hsm_fd, take(msg))) - fatal("Could not write to HSM: %s", strerror(errno)); - - msg = wire_sync_read(tmpctx, ld->hsm_fd); + msg = hsm_sync_req(tmpctx, ld, take(msg)); invoice->signature = tal(invoice, struct bip340sig); if (!fromwire_hsmd_sign_bolt12_reply(msg, invoice->signature)) fatal("HSM gave bad sign_invoice_reply %s", @@ -1815,6 +1811,7 @@ static struct command_result *json_preapproveinvoice(struct command *cmd, const char *invstring; struct json_stream *response; bool approved; + const u8 *msg; if (!param(cmd, buffer, params, /* FIXME: parameter should be invstring now */ @@ -1827,12 +1824,8 @@ static struct command_result *json_preapproveinvoice(struct command *cmd, strncmp(invstring, "LIGHTNING:", 10) == 0) invstring += 10; - u8 *msg = towire_hsmd_preapprove_invoice(NULL, invstring); - - if (!wire_sync_write(cmd->ld->hsm_fd, take(msg))) - fatal("Could not write to HSM: %s", strerror(errno)); - - msg = wire_sync_read(tmpctx, cmd->ld->hsm_fd); + msg = hsm_sync_req(tmpctx, cmd->ld, + take(towire_hsmd_preapprove_invoice(NULL, invstring))); if (!fromwire_hsmd_preapprove_invoice_reply(msg, &approved)) return command_fail(cmd, JSONRPC2_INVALID_PARAMS, "HSM gave bad preapprove_invoice_reply %s", tal_hex(msg, msg)); @@ -1860,9 +1853,9 @@ static struct command_result *json_preapprovekeysend(struct command *cmd, struct node_id *destination; struct sha256 *payment_hash; struct amount_msat *amount; - struct json_stream *response; bool approved; + const u8 *msg; if (!param(cmd, buffer, params, p_req("destination", param_node_id, &destination), @@ -1871,12 +1864,9 @@ static struct command_result *json_preapprovekeysend(struct command *cmd, NULL)) return command_param_failed(); - u8 *msg = towire_hsmd_preapprove_keysend(NULL, destination, payment_hash, *amount); - - if (!wire_sync_write(cmd->ld->hsm_fd, take(msg))) - fatal("Could not write to HSM: %s", strerror(errno)); + msg = towire_hsmd_preapprove_keysend(NULL, destination, payment_hash, *amount); - msg = wire_sync_read(tmpctx, cmd->ld->hsm_fd); + msg = hsm_sync_req(tmpctx, cmd->ld, take(msg)); if (!fromwire_hsmd_preapprove_keysend_reply(msg, &approved)) return command_fail(cmd, JSONRPC2_INVALID_PARAMS, "HSM gave bad preapprove_keysend_reply %s", tal_hex(msg, msg)); diff --git a/lightningd/memdump.c b/lightningd/memdump.c index dcca47368a4b..f77164c2571f 100644 --- a/lightningd/memdump.c +++ b/lightningd/memdump.c @@ -12,13 +12,13 @@ #include #include #include +#include #include #include #include #include #include #include -#include static void json_add_ptr(struct json_stream *response, const char *name, const void *ptr) @@ -262,7 +262,7 @@ static struct command_result *json_memleak(struct command *cmd, const jsmntok_t *params) { struct lightningd *ld = cmd->ld; - u8 *msg; + const u8 *msg; bool found_leak; struct leak_detect *leaks; @@ -280,10 +280,7 @@ static struct command_result *json_memleak(struct command *cmd, leaks->leakers = tal_arr(leaks, const char *, 0); /* hsmd is sync, so do that first. */ - if (!wire_sync_write(ld->hsm_fd, - take(towire_hsmd_dev_memleak(NULL)))) - fatal("Could not write to HSM: %s", strerror(errno)); - msg = wire_sync_read(tmpctx, ld->hsm_fd); + msg = hsm_sync_req(tmpctx, cmd->ld, take(towire_hsmd_dev_memleak(NULL))); if (!fromwire_hsmd_dev_memleak_reply(msg, &found_leak)) fatal("Bad HSMD_DEV_MEMLEAK_REPLY: %s", tal_hex(tmpctx, msg)); diff --git a/lightningd/offer.c b/lightningd/offer.c index db3ee5b3b88e..1a4b1f7f6c8b 100644 --- a/lightningd/offer.c +++ b/lightningd/offer.c @@ -10,11 +10,11 @@ #include #include #include +#include #include #include #include #include -#include static void json_populate_offer(struct json_stream *response, const struct sha256 *offer_id, @@ -54,15 +54,12 @@ static void hsm_sign_b12(struct lightningd *ld, const struct pubkey *key, struct bip340sig *sig) { - u8 *msg; + const u8 *msg; struct sha256 sighash; msg = towire_hsmd_sign_bolt12(NULL, messagename, fieldname, merkle, publictweak); - if (!wire_sync_write(ld->hsm_fd, take(msg))) - fatal("Could not write to HSM: %s", strerror(errno)); - - msg = wire_sync_read(tmpctx, ld->hsm_fd); + msg = hsm_sync_req(tmpctx, ld, take(msg)); if (!fromwire_hsmd_sign_bolt12_reply(msg, sig)) fatal("HSM gave bad sign_offer_reply %s", tal_hex(msg, msg)); diff --git a/lightningd/onchain_control.c b/lightningd/onchain_control.c index a1e030effa05..7a2614834c75 100644 --- a/lightningd/onchain_control.c +++ b/lightningd/onchain_control.c @@ -787,15 +787,12 @@ static u8 **sign_and_get_witness(const tal_t *ctx, struct bitcoin_tx *tx, const struct onchain_signing_info *info) { - u8 *msg; + const u8 *msg; struct bitcoin_signature sig; struct lightningd *ld = channel->peer->ld; - msg = info->sign(NULL, tx, info); - if (!wire_sync_write(ld->hsm_fd, take(msg))) - fatal("Writing sign request to hsm"); - msg = wire_sync_read(tmpctx, ld->hsm_fd); - if (!msg || !fromwire_hsmd_sign_tx_reply(msg, &sig)) + msg = hsm_sync_req(tmpctx, ld, take(info->sign(NULL, tx, info))); + if (!fromwire_hsmd_sign_tx_reply(msg, &sig)) fatal("Reading sign_tx_reply: %s", tal_hex(tmpctx, msg)); return bitcoin_witness_sig_and_element(ctx, &sig, info->stack_elem, @@ -1129,11 +1126,8 @@ static void handle_onchaind_spend_htlc_success(struct channel *channel, info->deadline_block = htlc_incoming_deadline(channel, htlc_id); /* Now sign, and set witness */ - msg = sign_htlc_success(NULL, tx, info); - if (!wire_sync_write(ld->hsm_fd, take(msg))) - fatal("Writing sign request to hsm"); - msg = wire_sync_read(tmpctx, ld->hsm_fd); - if (!msg || !fromwire_hsmd_sign_tx_reply(msg, &sig)) + msg = hsm_sync_req(tmpctx, ld, take(sign_htlc_success(NULL, tx, info))); + if (!fromwire_hsmd_sign_tx_reply(msg, &sig)) fatal("Reading sign_tx_reply: %s", tal_hex(tmpctx, msg)); witness = bitcoin_witness_htlc_success_tx(NULL, &sig, @@ -1206,11 +1200,8 @@ static void handle_onchaind_spend_htlc_timeout(struct channel *channel, info->minblock = cltv_expiry + 1; /* Now sign, and set witness */ - msg = sign_htlc_timeout(NULL, tx, info); - if (!wire_sync_write(ld->hsm_fd, take(msg))) - fatal("Writing sign request to hsm"); - msg = wire_sync_read(tmpctx, ld->hsm_fd); - if (!msg || !fromwire_hsmd_sign_tx_reply(msg, &sig)) + msg = hsm_sync_req(tmpctx, ld, take(sign_htlc_timeout(NULL, tx, info))); + if (!fromwire_hsmd_sign_tx_reply(msg, &sig)) fatal("Reading sign_tx_reply: %s", tal_hex(tmpctx, msg)); witness = bitcoin_witness_htlc_timeout_tx(NULL, &sig, diff --git a/lightningd/opening_common.c b/lightningd/opening_common.c index e42fd0e558c3..4f27d3e78f1a 100644 --- a/lightningd/opening_common.c +++ b/lightningd/opening_common.c @@ -8,13 +8,13 @@ #include #include #include +#include #include #include #include #include #include #include -#include static void destroy_uncommitted_channel(struct uncommitted_channel *uc) { @@ -39,7 +39,7 @@ new_uncommitted_channel(struct peer *peer) { struct lightningd *ld = peer->ld; struct uncommitted_channel *uc = tal(ld, struct uncommitted_channel); - u8 *new_channel_msg; + const u8 *new_channel_msg; uc->peer = peer; assert(!peer->uncommitted_channel); @@ -74,9 +74,7 @@ new_uncommitted_channel(struct peer *peer) /* Declare the new channel to the HSM. */ new_channel_msg = towire_hsmd_new_channel(NULL, &uc->peer->id, uc->dbid); - if (!wire_sync_write(ld->hsm_fd, take(new_channel_msg))) - fatal("Could not write to HSM: %s", strerror(errno)); - new_channel_msg = wire_sync_read(tmpctx, ld->hsm_fd); + new_channel_msg = hsm_sync_req(tmpctx, ld, take(new_channel_msg)); if (!fromwire_hsmd_new_channel_reply(new_channel_msg)) fatal("HSM gave bad hsm_new_channel_reply %s", tal_hex(new_channel_msg, new_channel_msg)); diff --git a/lightningd/peer_control.c b/lightningd/peer_control.c index 0a6b25d3876c..73a581292207 100644 --- a/lightningd/peer_control.c +++ b/lightningd/peer_control.c @@ -224,12 +224,13 @@ static void sign_last_tx(struct channel *channel, { struct lightningd *ld = channel->peer->ld; struct bitcoin_signature sig; - u8 *msg, **witness; + const u8 *msg; + u8 **witness; u64 commit_index = channel->next_index[LOCAL] - 1; assert(!last_tx->wtx->inputs[0].witness); - msg = towire_hsmd_sign_commitment_tx(tmpctx, + msg = towire_hsmd_sign_commitment_tx(NULL, &channel->peer->id, channel->dbid, last_tx, @@ -237,10 +238,7 @@ static void sign_last_tx(struct channel *channel, .remote_fundingkey, commit_index); - if (!wire_sync_write(ld->hsm_fd, take(msg))) - fatal("Could not write to HSM: %s", strerror(errno)); - - msg = wire_sync_read(tmpctx, ld->hsm_fd); + msg = hsm_sync_req(tmpctx, ld, take(msg)); if (!fromwire_hsmd_sign_commitment_tx_reply(msg, &sig)) fatal("HSM gave bad sign_commitment_tx_reply %s", tal_hex(tmpctx, msg)); diff --git a/lightningd/signmessage.c b/lightningd/signmessage.c index c7811be555cd..2b762e986a2d 100644 --- a/lightningd/signmessage.c +++ b/lightningd/signmessage.c @@ -5,8 +5,8 @@ #include #include #include +#include #include -#include /* These tables copied from zbase32 src: * copyright 2002-2007 Zooko "Zooko" Wilcox-O'Hearn @@ -65,7 +65,8 @@ static struct command_result *json_signmessage(struct command *cmd, const char *message; secp256k1_ecdsa_recoverable_signature rsig; struct json_stream *response; - u8 sig[65], *msg; + u8 sig[65]; + const u8 *msg; int recid; if (!param(cmd, buffer, params, @@ -80,10 +81,7 @@ static struct command_result *json_signmessage(struct command *cmd, msg = towire_hsmd_sign_message(NULL, tal_dup_arr(tmpctx, u8, (u8 *)message, strlen(message), 0)); - if (!wire_sync_write(cmd->ld->hsm_fd, take(msg))) - fatal("Could not write to HSM: %s", strerror(errno)); - - msg = wire_sync_read(tmpctx, cmd->ld->hsm_fd); + msg = hsm_sync_req(tmpctx, cmd->ld, take(msg)); if (!fromwire_hsmd_sign_message_reply(msg, &rsig)) fatal("HSM gave bad hsm_sign_message_reply %s", tal_hex(msg, msg)); diff --git a/lightningd/test/run-invoice-select-inchan.c b/lightningd/test/run-invoice-select-inchan.c index 7f16360c276d..21d06b742c24 100644 --- a/lightningd/test/run-invoice-select-inchan.c +++ b/lightningd/test/run-invoice-select-inchan.c @@ -291,6 +291,11 @@ u32 get_feerate(const struct fee_states *fee_states UNNEEDED, /* Generated stub for hash_htlc_key */ size_t hash_htlc_key(const struct htlc_key *htlc_key UNNEEDED) { fprintf(stderr, "hash_htlc_key called!\n"); abort(); } +/* Generated stub for hsm_sync_req */ +const u8 *hsm_sync_req(const tal_t *ctx UNNEEDED, + struct lightningd *ld UNNEEDED, + const u8 *msg TAKES UNNEEDED) +{ fprintf(stderr, "hsm_sync_req called!\n"); abort(); } /* Generated stub for htlc_is_trimmed */ bool htlc_is_trimmed(enum side htlc_owner UNNEEDED, struct amount_msat htlc_amount UNNEEDED,