splice: Add hsmd_check_outpoint and hsmd_lock_outpoint ([ElementsProject#6722])

Changelog-Added: Added hsmd_check_outpoint and hsmd_lock_outpoint per ([ElementsProject#6722])

Author: ksedgwic

hsmd/hsmd.c

@@ -655,6 +655,8 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
 	case WIRE_HSMD_NEW_CHANNEL:
 	case WIRE_HSMD_SETUP_CHANNEL:
 	case WIRE_HSMD_NEXT_FUNDING_PUBKEY:
+ 	case WIRE_HSMD_CHECK_OUTPOINT:
+ 	case WIRE_HSMD_LOCK_OUTPOINT:
 	case WIRE_HSMD_SIGN_COMMITMENT_TX:
 	case WIRE_HSMD_VALIDATE_COMMITMENT_TX:
 	case WIRE_HSMD_VALIDATE_REVOCATION:
@@ -701,6 +703,8 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
 	case WIRE_HSMD_NEW_CHANNEL_REPLY:
 	case WIRE_HSMD_SETUP_CHANNEL_REPLY:
 	case WIRE_HSMD_NEXT_FUNDING_PUBKEY_REPLY:
+	case WIRE_HSMD_CHECK_OUTPOINT_REPLY:
+	case WIRE_HSMD_LOCK_OUTPOINT_REPLY:
 	case WIRE_HSMD_NODE_ANNOUNCEMENT_SIG_REPLY:
 	case WIRE_HSMD_SIGN_WITHDRAWAL_REPLY:
 	case WIRE_HSMD_SIGN_INVOICE_REPLY:

hsmd/hsmd_wire.csv

@@ -100,6 +100,22 @@ msgdata,hsmd_next_funding_pubkey,funding_txout,u32,
 msgtype,hsmd_next_funding_pubkey_reply,134
 msgdata,hsmd_next_funding_pubkey_reply,next_funding_pubkey,pubkey,
 
+# check if the signer agrees that a funding candidate outpoint is buried
+msgtype,hsmd_check_outpoint,32
+msgdata,hsmd_check_outpoint,funding_txid,bitcoin_txid,
+msgdata,hsmd_check_outpoint,funding_txout,u16,
+
+msgtype,hsmd_check_outpoint_reply,132
+msgdata,hsmd_check_outpoint_reply,is_buried,bool,
+
+# change the funding/splice state to locked
+msgtype,hsmd_lock_outpoint,37
+msgdata,hsmd_lock_outpoint,funding_txid,bitcoin_txid,
+msgdata,hsmd_lock_outpoint,funding_txout,u16,
+
+# No value returned.
+msgtype,hsmd_lock_outpoint_reply,137
+
 # Return signature for a funding tx.
 #include <common/utxo.h>
 

hsmd/libhsmd.c

@@ -112,6 +112,10 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
 	case WIRE_HSMD_SIGN_OPTION_WILL_FUND_OFFER:
 		return (client->capabilities & HSM_PERM_SIGN_WILL_FUND_OFFER) != 0;
 
+	case WIRE_HSMD_CHECK_OUTPOINT:
+	case WIRE_HSMD_LOCK_OUTPOINT:
+		return (client->capabilities & HSM_PERM_LOCK_OUTPOINT) != 0;
+
 	case WIRE_HSMD_INIT:
 	case WIRE_HSMD_NEW_CHANNEL:
 	case WIRE_HSMD_CLIENT_HSMFD:
@@ -145,6 +149,8 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
 	case WIRE_HSMD_CLIENT_HSMFD_REPLY:
 	case WIRE_HSMD_NEW_CHANNEL_REPLY:
 	case WIRE_HSMD_SETUP_CHANNEL_REPLY:
+	case WIRE_HSMD_CHECK_OUTPOINT_REPLY:
+	case WIRE_HSMD_LOCK_OUTPOINT_REPLY:
 	case WIRE_HSMD_NODE_ANNOUNCEMENT_SIG_REPLY:
 	case WIRE_HSMD_SIGN_WITHDRAWAL_REPLY:
 	case WIRE_HSMD_SIGN_INVOICE_REPLY:
@@ -402,6 +408,38 @@ static u8 *handle_next_funding_pubkey(struct hsmd_client *c, const u8 *msg_in)
 	return towire_hsmd_setup_channel_reply(NULL);
 }
 
+/* ~This stub implementation is overriden by fully validating signers
+ * to ensure they are caught up when outpoints are freshly buried */
+static u8 *handle_check_outpoint(struct hsmd_client *c, const u8 *msg_in)
+{
+	struct bitcoin_txid funding_txid;
+	u16 funding_txout;
+	bool is_buried;
+
+	if (!fromwire_hsmd_check_outpoint(msg_in, &funding_txid, &funding_txout))
+		return hsmd_status_malformed_request(c, msg_in);
+
+	/* This stub always approves */
+	is_buried = true;
+
+	return towire_hsmd_check_outpoint_reply(NULL, is_buried);
+}
+
+/* ~This stub implementation is overriden by fully validating signers to
+ * change their funding/splice state to locked */
+static u8 *handle_lock_outpoint(struct hsmd_client *c, const u8 *msg_in)
+{
+	struct bitcoin_txid funding_txid;
+	u16 funding_txout;
+
+	if (!fromwire_hsmd_lock_outpoint(msg_in, &funding_txid, &funding_txout))
+		return hsmd_status_malformed_request(c, msg_in);
+
+	/* Stub implementation */
+
+	return towire_hsmd_lock_outpoint_reply(NULL);
+}
+
 /*~ For almost every wallet tx we use the BIP32 seed, but not for onchain
  * unilateral closes from a peer: they (may) have an output to us using a
  * public key based on the channel basepoints.  It's a bit spammy to spend
@@ -1931,6 +1969,10 @@ u8 *hsmd_handle_client_message(const tal_t *ctx, struct hsmd_client *client,
 		return handle_setup_channel(client, msg);
 	case WIRE_HSMD_NEXT_FUNDING_PUBKEY:
 		return handle_next_funding_pubkey(client, msg);
+	case WIRE_HSMD_CHECK_OUTPOINT:
+		return handle_check_outpoint(client, msg);
+	case WIRE_HSMD_LOCK_OUTPOINT:
+		return handle_lock_outpoint(client, msg);
 	case WIRE_HSMD_GET_OUTPUT_SCRIPTPUBKEY:
 		return handle_get_output_scriptpubkey(client, msg);
 	case WIRE_HSMD_CHECK_FUTURE_SECRET:
@@ -2009,6 +2051,8 @@ u8 *hsmd_handle_client_message(const tal_t *ctx, struct hsmd_client *client,
 	case WIRE_HSMD_NEW_CHANNEL_REPLY:
 	case WIRE_HSMD_SETUP_CHANNEL_REPLY:
 	case WIRE_HSMD_NEXT_FUNDING_PUBKEY_REPLY:
+	case WIRE_HSMD_CHECK_OUTPOINT_REPLY:
+	case WIRE_HSMD_LOCK_OUTPOINT_REPLY:
 	case WIRE_HSMD_NODE_ANNOUNCEMENT_SIG_REPLY:
 	case WIRE_HSMD_SIGN_WITHDRAWAL_REPLY:
 	case WIRE_HSMD_SIGN_INVOICE_REPLY:
@@ -2051,6 +2095,8 @@ u8 *hsmd_init(struct secret hsm_secret,
 		WIRE_HSMD_SIGN_ANCHORSPEND,
 		WIRE_HSMD_SIGN_HTLC_TX_MINGLE,
 		WIRE_HSMD_SIGN_SPLICE_TX,
+		WIRE_HSMD_CHECK_OUTPOINT,
+		WIRE_HSMD_LOCK_OUTPOINT,
 	};
 
 	/*~ Don't swap this. */

hsmd/permissions.h

@@ -10,6 +10,7 @@
 #define HSM_PERM_SIGN_CLOSING_TX 32
 #define HSM_PERM_SIGN_WILL_FUND_OFFER 64
 #define HSM_PERM_SIGN_SPLICE_TX 128
+#define HSM_PERM_LOCK_OUTPOINT 256
 
 #define HSM_PERM_MASTER 1024
 #endif /* LIGHTNING_HSMD_PERMISSIONS_H */