-
Notifications
You must be signed in to change notification settings - Fork 890
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hsmtool (and hsm_secret encryption) refactorings #4307
Commits on Jan 4, 2021
-
hsmtool: use errx() instead of err() everywhere
errx() was printing the confusing errno as well ("Error could not [...] :Success") Signed-off-by: Antoine Poinsot <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for afa66e7 - Browse repository at this point
Copy the full SHA afa66e7View commit details -
lightning: confirm password on hsm_secret encryption
Changelog-changed: lightningd: the `--encrypted-hsm` now asks you to confirm your password when first set Changelog-changed: hsmtool: the `encrypt` now asks you to confirm your password Signed-off-by: Antoine Poinsot <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4225221 - Browse repository at this point
Copy the full SHA 4225221View commit details -
lightningd: group hsm_secret encryption key derivation
This avoids duplication of both logic and error-prone values, such as the salt. Grouping all hsm encryption logic into a public API will also allow us to fuzz it. Signed-off-by: Antoine Poinsot <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2d21bf8 - Browse repository at this point
Copy the full SHA 2d21bf8View commit details -
lightningd: regroup hsm_secret password input logic
Signed-off-by: Antoine Poinsot <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fe7834c - Browse repository at this point
Copy the full SHA fe7834cView commit details -
hsmd: group hsm_secret encryption
Signed-off-by: Antoine Poinsot <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a57fb38 - Browse repository at this point
Copy the full SHA a57fb38View commit details -
hsmd: regroup hsm_secret decryption logic
Signed-off-by: Antoine Poinsot <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for aa7f5e1 - Browse repository at this point
Copy the full SHA aa7f5e1View commit details -
hsmd: cleanup encrypted hsm_secret detection
This makes use of the constant defined in the previous commits to more accurately detect plaintext, encrypted, and invalid seeds. We now error on invalid seeds. Changelog-changed: hsmd: we now error at startup on invalid hsm_secret Changelog-changed: hsmtool: all commands now error on invalid hsm_secret Signed-off-by: Antoine Poinsot <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0b5dbc2 - Browse repository at this point
Copy the full SHA 0b5dbc2View commit details -
libfuzz: add a NULL-termination in to_string
It's more useful if we actually want to use the output as, well, a string.. Signed-off-by: Antoine Poinsot <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 47b52bf - Browse repository at this point
Copy the full SHA 47b52bfView commit details -
tests/fuzz: add a fuzz target for hsm_encryption
Signed-off-by: Antoine Poinsot <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dc5c2db - Browse repository at this point
Copy the full SHA dc5c2dbView commit details