fixup! hsmd: capability addition: ability to check pubkeys.

hsmd/hsmd_wire.csv

@@ -324,10 +324,11 @@ msgdata,hsmd_derive_secret,info,u8,len
 msgtype,hsmd_derive_secret_reply,127
 msgdata,hsmd_derive_secret_reply,secret,secret,
 
-# Sanity check this pubkey derivation is correct.
+# Sanity check this pubkey derivation is correct (unhardened only)
 msgtype,hsmd_check_pubkey,28
 msgdata,hsmd_check_pubkey,index,u32,
 msgdata,hsmd_check_pubkey,pubkey,pubkey,
 
-# Reply (if it's bad, it simple aborts.)
+# Reply
 msgtype,hsmd_check_pubkey_reply,128
+msgdata,hsmd_check_pubkey_reply,ok,bool,

hsmd/libhsmd.c

@@ -560,7 +560,7 @@ static u8 *handle_check_pubkey(struct hsmd_client *c, const u8 *msg_in)
 						  &our_pubkey));
 	}
 
-	return towire_hsmd_check_pubkey_reply(NULL);
+	return towire_hsmd_check_pubkey_reply(NULL, true);
 }
 
 /*~ lightningd asks us to sign a message.  I tweeted the spec

lightningd/hsm_control.c

@@ -195,14 +195,17 @@ void bip32_pubkey(struct lightningd *ld, struct pubkey *pubkey, u32 index)
 				       ext.pub_key, sizeof(ext.pub_key)))
 		fatal("Can't parse derived key %u", index);
 
-	/* If the pubkey is wrong, the hsm exits, so the reply is to just make
-	 * sure we check before proceeding!  Don't assume hsmd supports it! */
+	/* Don't assume hsmd supports it! */
 	if (hsm_capable(ld, WIRE_HSMD_CHECK_PUBKEY)) {
+		bool ok;
 		u8 *msg = towire_hsmd_check_pubkey(NULL, index, pubkey);
 		wire_sync_write(ld->hsm_fd, take(msg));
 		msg = wire_sync_read(tmpctx, ld->hsm_fd);
-		if (!fromwire_hsmd_check_pubkey_reply(msg))
+		if (!fromwire_hsmd_check_pubkey_reply(msg, &ok))
 			fatal("Invalid check_pubkey_reply from hsm");
+		if (!ok)
+			fatal("HSM said key derivation of %u != %s",
+			      index, type_to_string(tmpctx, struct pubkey, pubkey));
 	}
 }