HSMD: add new wire api to sign messages ...

with custom keys.

Changelog-Added: HSMD: add new wire api to sign messages with bitcoin wallet keys.

Signed-off-by: Lagrang3 <lagrang3@protonmail.com>

Author: Lagrang3

common/hsm_version.h

@@ -27,6 +27,7 @@
  * v5 with preapprove_check: 0ed6dd4ea2c02b67c51b1420b3d07ab2227a4c06ce7e2942d946967687e9baf7
  * v6 no secret from get_per_commitment_point: 0cad1790beb3473d64355f4cb4f64daa80c28c8a241998b7ef0223385d7ffff9
  * v6 with sign_bolt12_2 (tweak using node id): 8fcb731279a10af3f95aeb8be1da6b2ced76a1984afa18c5f46a03515d70ea0e
+ * v7 with sign_message_with_key: e919c58fb80be639feb8502a740f0ed80a87c5885154c5632a0dacf2d96b9899
 */
 #define HSM_MIN_VERSION 5
 #define HSM_MAX_VERSION 6

hsmd/hsmd.c

@@ -689,6 +689,7 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
 	case WIRE_HSMD_GET_CHANNEL_BASEPOINTS:
 	case WIRE_HSMD_SIGN_INVOICE:
 	case WIRE_HSMD_SIGN_MESSAGE:
+	case WIRE_HSMD_SIGN_MESSAGE_WITH_KEY:
 	case WIRE_HSMD_SIGN_OPTION_WILL_FUND_OFFER:
 	case WIRE_HSMD_SIGN_BOLT12:
 	case WIRE_HSMD_SIGN_BOLT12_2:
@@ -745,6 +746,7 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
 	case WIRE_HSMD_GET_CHANNEL_BASEPOINTS_REPLY:
 	case WIRE_HSMD_DEV_MEMLEAK_REPLY:
 	case WIRE_HSMD_SIGN_MESSAGE_REPLY:
+	case WIRE_HSMD_SIGN_MESSAGE_WITH_KEY_REPLY:
 	case WIRE_HSMD_GET_OUTPUT_SCRIPTPUBKEY_REPLY:
 	case WIRE_HSMD_SIGN_BOLT12_REPLY:
 	case WIRE_HSMD_SIGN_BOLT12_2_REPLY:

hsmd/hsmd_wire.csv

@@ -356,6 +356,15 @@ msgdata,hsmd_sign_message,msg,u8,len
 msgtype,hsmd_sign_message_reply,123
 msgdata,hsmd_sign_message_reply,sig,secp256k1_ecdsa_recoverable_signature,
 
+# sign a raw message with a derived key
+msgtype,hsmd_sign_message_with_key,45
+msgdata,hsmd_sign_message_with_key,len,u16,
+msgdata,hsmd_sign_message_with_key,msg,u8,len
+msgdata,hsmd_sign_message_with_key,keyidx,u32,
+
+msgtype,hsmd_sign_message_with_key_reply,145
+msgdata,hsmd_sign_message_with_key_reply,sig,secp256k1_ecdsa_recoverable_signature,
+
 # lightningd needs to get a scriptPubkey for a utxo with closeinfo
 msgtype,hsmd_get_output_scriptpubkey,24
 msgdata,hsmd_get_output_scriptpubkey,channel_id,u64,

hsmd/libhsmd.c

@@ -135,6 +135,7 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
 	case WIRE_HSMD_GET_CHANNEL_BASEPOINTS:
 	case WIRE_HSMD_DEV_MEMLEAK:
 	case WIRE_HSMD_SIGN_MESSAGE:
+	case WIRE_HSMD_SIGN_MESSAGE_WITH_KEY:
 	case WIRE_HSMD_GET_OUTPUT_SCRIPTPUBKEY:
 	case WIRE_HSMD_SIGN_BOLT12:
 	case WIRE_HSMD_SIGN_BOLT12_2:
@@ -181,6 +182,7 @@ bool hsmd_check_client_capabilities(struct hsmd_client *client,
 	case WIRE_HSMD_GET_CHANNEL_BASEPOINTS_REPLY:
 	case WIRE_HSMD_DEV_MEMLEAK_REPLY:
 	case WIRE_HSMD_SIGN_MESSAGE_REPLY:
+	case WIRE_HSMD_SIGN_MESSAGE_WITH_KEY_REPLY:
 	case WIRE_HSMD_GET_OUTPUT_SCRIPTPUBKEY_REPLY:
 	case WIRE_HSMD_SIGN_BOLT12_REPLY:
 	case WIRE_HSMD_SIGN_BOLT12_2_REPLY:
@@ -701,6 +703,51 @@ static u8 *handle_sign_message(struct hsmd_client *c, const u8 *msg_in)
 	return towire_hsmd_sign_message_reply(NULL, &rsig);
 }
 
+/* FIXME: implement BIP0322 signature scheme so that we can support any type of
+ * address. */
+/* Sign a message with a private key (see BIP137):
+ * signature = base64(SigRec(SHA256(SHA256(
+ *      "\x18Bitcoin Signed Message:\n" + var_int(len(message)) + message
+ *      )))) */
+static u8 *handle_sign_message_with_key(struct hsmd_client *c, const u8 *msg_in)
+{
+	u8 *msg;
+	u32 keyidx;
+	struct sha256_ctx sctx = SHA256_INIT;
+	struct sha256_double shad;
+	secp256k1_ecdsa_recoverable_signature rsig;
+	struct privkey privkey;
+	struct pubkey pubkey;
+
+	if (!fromwire_hsmd_sign_message_with_key(tmpctx, msg_in, &msg, &keyidx))
+		return hsmd_status_malformed_request(c, msg_in);
+
+	/* double sha256 the message */
+	const char header[] = "\x18"
+			      "Bitcoin Signed Message:\n";
+	sha256_update(&sctx, (const u8 *)header, strlen(header));
+
+	u8 vt[VARINT_MAX_LEN];
+	size_t msg_len = tal_count(msg);
+	size_t vtlen = varint_put(vt, msg_len);
+	sha256_update(&sctx, vt, vtlen);
+
+	sha256_update(&sctx, msg, msg_len);
+	sha256_double_done(&sctx, &shad);
+
+	/* get the private key BIP32 */
+	bitcoin_key(&privkey, &pubkey, keyidx);
+
+	if (!secp256k1_ecdsa_sign_recoverable(
+		secp256k1_ctx, &rsig, shad.sha.u.u8, privkey.secret.data, NULL,
+		NULL)) {
+		return hsmd_status_bad_request(c, msg_in,
+					       "Failed to sign message");
+	}
+
+	return towire_hsmd_sign_message_with_key_reply(NULL, &rsig);
+}
+
 /*~ lightningd asks us to sign a liquidity ad offer */
 static u8 *handle_sign_option_will_fund_offer(struct hsmd_client *c,
 					      const u8 *msg_in)
@@ -2167,6 +2214,8 @@ u8 *hsmd_handle_client_message(const tal_t *ctx, struct hsmd_client *client,
 		return handle_preapprove_keysend(client, msg);
 	case WIRE_HSMD_SIGN_MESSAGE:
 		return handle_sign_message(client, msg);
+	case WIRE_HSMD_SIGN_MESSAGE_WITH_KEY:
+		return handle_sign_message_with_key(client, msg);
 	case WIRE_HSMD_GET_CHANNEL_BASEPOINTS:
 		return handle_get_channel_basepoints(client, msg);
 	case WIRE_HSMD_CANNOUNCEMENT_SIG_REQ:
@@ -2249,6 +2298,7 @@ u8 *hsmd_handle_client_message(const tal_t *ctx, struct hsmd_client *client,
 	case WIRE_HSMD_GET_CHANNEL_BASEPOINTS_REPLY:
 	case WIRE_HSMD_DEV_MEMLEAK_REPLY:
 	case WIRE_HSMD_SIGN_MESSAGE_REPLY:
+	case WIRE_HSMD_SIGN_MESSAGE_WITH_KEY_REPLY:
 	case WIRE_HSMD_GET_OUTPUT_SCRIPTPUBKEY_REPLY:
 	case WIRE_HSMD_SIGN_BOLT12_REPLY:
 	case WIRE_HSMD_SIGN_BOLT12_2_REPLY: