aljaz/lightning
1
0
Fork 0
mirror of https://github.com/aljazceru/lightning.git synced 2026-01-04 14:54:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

hsmd: cleanup encrypted hsm_secret detection

Browse Source 
This makes use of the constant defined in the previous commits to more
accurately detect plaintext, encrypted, and invalid seeds. We now error
on invalid seeds.

Changelog-changed: hsmd: we now error at startup on invalid hsm_secret
Changelog-changed: hsmtool: all commands now error on invalid hsm_secret
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
This commit is contained in:
Antoine Poinsot
2021-01-03 16:59:24 +01:00
committed by Christian Decker
parent d2a903992c
commit 45bb1bfa3c
3 changed files with 21 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lightningd/hsm_control.c
View File

@@ -6,6 +6,7 @@
#include <ccan/io/io.h>
#include <ccan/take/take.h>
#include <common/ecdh.h>
#include <common/hsm_encryption.h>
#include <common/json.h>
#include <common/json_helpers.h>
#include <common/jsonrpc_errors.h>
@@ -106,7 +107,8 @@ struct ext_key *hsm_init(struct lightningd *ld)
* actual secret. */
if (!ld->config.keypass) {
struct stat st;
if (stat("hsm_secret", &st) == 0 && st.st_size > 32)
if (stat("hsm_secret", &st) == 0 &&
st.st_size == ENCRYPTED_HSM_SECRET_LEN)
errx(1, "hsm_secret is encrypted, you need to pass the "
"--encrypted-hsm startup option.");
}