Hsmtool (and hsm_secret encryption) refactorings #4307
Merged
Commits on Jan 4, 2021
-
hsmtool: use errx() instead of err() everywhere
errx() was printing the confusing errno as well ("Error could not [...] :Success") Signed-off-by: Antoine Poinsot <[email protected]> -
lightning: confirm password on hsm_secret encryption
Changelog-changed: lightningd: the `--encrypted-hsm` now asks you to confirm your password when first set Changelog-changed: hsmtool: the `encrypt` now asks you to confirm your password Signed-off-by: Antoine Poinsot <[email protected]>
-
lightningd: group hsm_secret encryption key derivation
This avoids duplication of both logic and error-prone values, such as the salt. Grouping all hsm encryption logic into a public API will also allow us to fuzz it. Signed-off-by: Antoine Poinsot <[email protected]>
-
lightningd: regroup hsm_secret password input logic
Signed-off-by: Antoine Poinsot <[email protected]>
-
hsmd: group hsm_secret encryption
Signed-off-by: Antoine Poinsot <[email protected]>
-
hsmd: regroup hsm_secret decryption logic
Signed-off-by: Antoine Poinsot <[email protected]>
-
hsmd: cleanup encrypted hsm_secret detection
This makes use of the constant defined in the previous commits to more accurately detect plaintext, encrypted, and invalid seeds. We now error on invalid seeds. Changelog-changed: hsmd: we now error at startup on invalid hsm_secret Changelog-changed: hsmtool: all commands now error on invalid hsm_secret Signed-off-by: Antoine Poinsot <[email protected]>
-
libfuzz: add a NULL-termination in to_string
It's more useful if we actually want to use the output as, well, a string.. Signed-off-by: Antoine Poinsot <[email protected]>
-
tests/fuzz: add a fuzz target for hsm_encryption
Signed-off-by: Antoine Poinsot <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.