# These are fatal.
hsmstatus_init_failed,0x8000
hsmstatus_writemsg_failed,0x8001
hsmstatus_bad_request,0x8002
hsmstatus_fd_failed,0x8003
hsmstatus_key_failed,0x8004

# Clients should not give a bad request but not the HSM's decision to crash.
hsmstatus_client_bad_request,1000
hsmstatus_client_bad_request,0,unique-id,8
hsmstatus_client_bad_request,8,len,2
hsmstatus_client_bad_request,10,msg,len*u8

# Start the HSM.
hsmctl_init,1
hsmctl_init,0,new,bool

hsmctl_init_reply,101
hsmctl_init_reply,0,node_id,33
hsmctl_init_reply,33,peer_seed,struct privkey
hsmctl_init_reply,65,bip32_len,2
hsmctl_init_reply,67,bip32_seed,bip32_len*u8

# ECDH returns an fd.
hsmctl_hsmfd_ecdh,3
hsmctl_hsmfd_ecdh,0,unique_id,8

# No contents, just an fd.
hsmctl_hsmfd_ecdh_fd_reply,103

# Return signature for a funding tx.
#include <lightningd/utxo.h>
# FIXME: This should also take their commit sig & details, to verify.
hsmctl_sign_funding,4
hsmctl_sign_funding,0,satoshi_out,8
hsmctl_sign_funding,8,change_out,8
hsmctl_sign_funding,16,change_keyindex,4
hsmctl_sign_funding,20,our_pubkey,33
hsmctl_sign_funding,52,their_pubkey,33
hsmctl_sign_funding,85,num_inputs,2
hsmctl_sign_funding,87,inputs,num_inputs*struct utxo

hsmctl_sign_funding_reply,104
hsmctl_sign_funding_reply,0,num_sigs,2
hsmctl_sign_funding_reply,0,sig,num_sigs*secp256k1_ecdsa_signature

# Request a client socket for a `channeld`, allows signing announcements 
hsmctl_hsmfd_channeld,5
hsmctl_hsmfd_channeld,0,unique_id,8

# Empty reply, just an fd
hsmctl_hsmfd_channeld_reply,105