lightningd: support hsm error code

Suggested-by: Rusty Russell Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com> Changelog-Changed: Support hsm specific error error code in lightning-cli
2025-12-21 08:04:26 +01:00 · 2021-12-14 22:57:21 +01:00
parent 9a85b02c6f
commit 43ff949ea7
7 changed files with 109 additions and 59 deletions
--- a/common/errcode.h
+++ b/common/errcode.h
@@ -9,4 +9,10 @@ typedef s32 errcode_t;

 #define PRIerrcode PRId32

+// HSM errors code
+#define HSM_GENERIC_ERROR 20
+#define HSM_ERROR_IS_ENCRYPT 21
+#define HSM_BAD_PASSWORD 22
+#define HSM_PASSWORD_INPUT_ERR 23
+
 #endif /* LIGHTNING_COMMON_ERRCODE_H */
--- a/common/hsm_encryption.c
+++ b/common/hsm_encryption.c
@@ -1,21 +1,28 @@
 #include "config.h"
+#include <common/errcode.h>
 #include <common/hsm_encryption.h>
 #include <termios.h>
 #include <unistd.h>

-char *hsm_secret_encryption_key(const char *pass, struct secret *key)
+int hsm_secret_encryption_key_with_exitcode(const char *pass, struct secret *key,
+					      char **err_msg)
 {
 	u8 salt[16] = "c-lightning\0\0\0\0\0";

 	/* Don't swap the encryption key ! */
-	if (sodium_mlock(key->data, sizeof(key->data)) != 0)
-		return "Could not lock hsm_secret encryption key memory.";
+	if (sodium_mlock(key->data, sizeof(key->data)) != 0) {
+		*err_msg = "Could not lock hsm_secret encryption key memory.";
+		return HSM_GENERIC_ERROR;
+	}

 	/* Check bounds. */
-	if (strlen(pass) < crypto_pwhash_argon2id_PASSWD_MIN)
-		return "Password too short to be able to derive a key from it.";
-	if (strlen(pass) > crypto_pwhash_argon2id_PASSWD_MAX)
-		return "Password too long to be able to derive a key from it.";
+	if (strlen(pass) < crypto_pwhash_argon2id_PASSWD_MIN) {
+		*err_msg = "Password too short to be able to derive a key from it.";
+		return HSM_BAD_PASSWORD;
+	} else if (strlen(pass) > crypto_pwhash_argon2id_PASSWD_MAX) {
+		*err_msg = "Password too long to be able to derive a key from it.";
+		return HSM_BAD_PASSWORD;
+	}

 	/* Now derive the key. */
 	if (crypto_pwhash(key->data, sizeof(key->data), pass, strlen(pass), salt,
@@ -23,10 +30,12 @@ char *hsm_secret_encryption_key(const char *pass, struct secret *key)
 			   * and SENSITIVE needs 1024. */
 			  crypto_pwhash_argon2id_OPSLIMIT_MODERATE,
 			  crypto_pwhash_argon2id_MEMLIMIT_MODERATE,
-			  crypto_pwhash_ALG_ARGON2ID13) != 0)
-		return "Could not derive a key from the password.";
+			  crypto_pwhash_ALG_ARGON2ID13) != 0) {
+		*err_msg = "Could not derive a key from the password.";
+		return HSM_BAD_PASSWORD;
+	}

-	return NULL;
+	return 0;
 }

 bool encrypt_hsm_secret(const struct secret *encryption_key,
@@ -90,7 +99,7 @@ static bool getline_stdin_pass(char **passwd, size_t *passwd_size)
 	return true;
 }

-char *read_stdin_pass(char **reason)
+char *read_stdin_pass_with_exit_code(char **reason, int *exit_code)
 {
 	struct termios current_term, temp_term;
 	char *passwd = NULL;
@@ -100,17 +109,20 @@ char *read_stdin_pass(char **reason)
 		/* Set a temporary term, same as current but with ECHO disabled. */
 		if (tcgetattr(fileno(stdin), &current_term) != 0) {
 			*reason = "Could not get current terminal options.";
+			*exit_code = HSM_PASSWORD_INPUT_ERR;
 			return NULL;
 		}
 		temp_term = current_term;
 		temp_term.c_lflag &= ~ECHO;
 		if (tcsetattr(fileno(stdin), TCSANOW, &temp_term) != 0) {
 			*reason = "Could not disable pass echoing.";
+			*exit_code = HSM_PASSWORD_INPUT_ERR;
 			return NULL;
 		}

 		if (!getline_stdin_pass(&passwd, &passwd_size)) {
 			*reason = "Could not read pass from stdin.";
+			*exit_code = HSM_PASSWORD_INPUT_ERR;
 			return NULL;
 		}

@@ -118,12 +130,13 @@ char *read_stdin_pass(char **reason)
 		if (tcsetattr(fileno(stdin), TCSANOW, &current_term) != 0) {
 			*reason = "Could not restore terminal options.";
 			free(passwd);
+			*exit_code = HSM_PASSWORD_INPUT_ERR;
 			return NULL;
 		}
 	} else if (!getline_stdin_pass(&passwd, &passwd_size)) {
 		*reason = "Could not read pass from stdin.";
+		*exit_code = HSM_PASSWORD_INPUT_ERR;
 		return NULL;
 	}
-
 	return passwd;
 }
--- a/common/hsm_encryption.h
+++ b/common/hsm_encryption.h
@@ -21,10 +21,12 @@ struct encrypted_hsm_secret {
 /** Derive the hsm_secret encryption key from a passphrase.
 * @pass: the passphrase string.
 * @encryption_key: the output key derived from the passphrase.
+ * @err_msg: if not NULL the error message contains the reason of the failure.
 *
- * On success, NULL is returned. On error, a human-readable error is.
+ * On success, 0 is returned, on error a value > 0 is returned and it can be used as exit code.
 */
-char *hsm_secret_encryption_key(const char *pass, struct secret *encryption_key);
+int hsm_secret_encryption_key_with_exitcode(const char *pass, struct secret *key,
+					    char **err_msg);

 /** Encrypt the hsm_secret using a previously derived encryption key.
 * @encryption_key: the key derived from the passphrase.
@@ -54,10 +56,11 @@ bool decrypt_hsm_secret(const struct secret *encryption_key,
 void discard_key(struct secret *key TAKES);

 /** Read hsm_secret encryption pass from stdin, disabling echoing.
- * @reason: if NULL is returned, will point to the human-readable error.
+ * @reason: if NULL is returned, will point to the human-readable error,
+ * and the correct exit code is returned by the exit_code parameter.
 *
 * Caller must free the string as it does tal-reallocate getline's output.
 */
-char *read_stdin_pass(char **reason);
+char *read_stdin_pass_with_exit_code(char **reason, int *exit_code);

 #endif /* LIGHTNING_COMMON_HSM_ENCRYPTION_H */