aljaz/lightning
1
0
Fork 0
mirror of https://github.com/aljazceru/lightning.git synced 2026-01-06 15:44:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

hsmd: encrypt hsm_secret if 'lightningd' pass an encryption key

Browse Source 
This splits maybe_create_hsm_secret() in two parts (either encrypted
or in clear) for clarity, and adds an encryption detection in load_hsm().
There are actually three cases if an encryption key is passed:
- There is no hsm_secret => just create it and store the encrypted seed
- There is an encrypted hsm_secret => the provided key should be able to
decrypt the seed, if the wrong key is passed libsodium will nicely error
and hsmd will exit() to not throw a backtrace (using status_failed() as for
other errors) at the face of an user who mistyped its password.
- There is a non-encrypted hsm_secret => load the seed, delete the
hsm_secret, create the hsm_secret, store the encrypted seed.
This commit is contained in:
darosior
2019-10-03 21:55:32 +02:00
committed by neil saitug
parent 62896566d0
commit d393cda215
3 changed files with 141 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lightningd/hsm_control.c
View File

@@ -106,6 +106,9 @@ void hsm_init(struct lightningd *ld)
ld->wallet->bip32_base = tal(ld->wallet, struct ext_key);
msg = wire_sync_read(tmpctx, ld->hsm_fd);
if (!fromwire_hsm_init_reply(msg,
&ld->id, ld->wallet->bip32_base))
&ld->id, ld->wallet->bip32_base)) {
if (ld->config.keypass)
errx(1, "Wrong password for encrypted hsm_secret.");
errx(1, "HSM did not give init reply");
}
}