hsmd: HSM_VERSION 6: get_per_commitment_point never returns secret

Changelog-Changed: hsmd: HSM_VERSION 6: get_per_commitment_point does not imply index - 2 is revoked, makes it safe to call on any index.
ElementsProject · May 14, 2024 · eda0b28 · eda0b28
1 parent 37fe32a
commit eda0b28
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/channeld/channeld.c b/channeld/channeld.c
@@ -1420,11 +1420,8 @@ static void start_commit_timer(struct peer *peer)
 }
 
 /* Fetch the requested point. The secret is no longer returned, use
- * revoke_commitment.
- *
- * NOTE - Because the internals of this call also release the secret
- * from a revoked commitment it is an error to call this past the next
- * commitment.
+ * revoke_commitment instead.  It is legal to call this on any
+ * commitment (including distant future).
  */
 static void get_per_commitment_point(u64 index, struct pubkey *point)
 {

diff --git a/common/hsm_version.h b/common/hsm_version.h
@@ -25,7 +25,8 @@
  * v5 drop init v2: 5024454532fe5a78bb7558000cb344190888b9915360d3d56ddca22eaba9b872
  * v5 with dev_preinit: b93e18534a468a4aa9f7015db42e9c363c32aeee5f9146b36dc953ebbdc3d33c
  * v5 with preapprove_check: 0ed6dd4ea2c02b67c51b1420b3d07ab2227a4c06ce7e2942d946967687e9baf7
+ * v6 no secret from get_per_commitment_point: 0cad1790beb3473d64355f4cb4f64daa80c28c8a241998b7ef0223385d7ffff9
 */
 #define HSM_MIN_VERSION 5
-#define HSM_MAX_VERSION 5
+#define HSM_MAX_VERSION 6
 #endif /* LIGHTNING_COMMON_HSM_VERSION_H */
diff --git a/hsmd/hsmd_wire.csv b/hsmd/hsmd_wire.csv
@@ -324,10 +324,12 @@ msgdata,hsmd_sign_splice_tx,input_index,u32,
 msgtype,hsmd_sign_tx_reply,112
 msgdata,hsmd_sign_tx_reply,sig,bitcoin_signature,
 
-# Openingd/channeld/onchaind asks for Nth per_commitment_point, if > 2, gets N-2 secret.
+# Openingd/channeld/onchaind asks for Nth per_commitment_point
+# Prior to HSM_VERSION 6 we will return an old_commitment_secret
 msgtype,hsmd_get_per_commitment_point,18
 msgdata,hsmd_get_per_commitment_point,n,u64,
 
+# IMPORTANT - Beginning HSM_VERSION 6 we never return an old_commitment_secret
 msgtype,hsmd_get_per_commitment_point_reply,118
 msgdata,hsmd_get_per_commitment_point_reply,per_commitment_point,pubkey,
 msgdata,hsmd_get_per_commitment_point_reply,old_commitment_secret,?secret,