removing some of the encrypted-hsm specific logic

Author: sangbida

hsmd/hsmd.c

@@ -422,26 +422,17 @@ static void load_hsm(const char *passphrase)
 	struct hsm_secret *hsms;
 	enum hsm_secret_error err;
 
-	status_debug("HSM: Starting load_hsm with passphrase=%s", passphrase ? "provided" : "none");
-
-	/* Initialize wally tal context for libwally operations */
-	
-	status_debug("HSM: Initialized wally tal context for load_hsm");
-
 	/* Read the hsm_secret file */
 	hsm_secret_contents = grab_file(tmpctx, "hsm_secret");
 	if (!hsm_secret_contents) {
 		status_failed(STATUS_FAIL_INTERNAL_ERROR,
 			      "Could not read hsm_secret: %s", strerror(errno));
 	}
-	status_debug("HSM: Successfully read hsm_secret file, size=%zu", tal_bytelen(hsm_secret_contents));
 
 	/* Remove the NUL terminator that grab_file adds */
 	tal_resize(&hsm_secret_contents, tal_bytelen(hsm_secret_contents) - 1);
-	status_debug("HSM: Removed NUL terminator, new size=%zu", tal_bytelen(hsm_secret_contents));
 
 	/* Extract the secret using the new hsm_secret module */
-	status_debug("HSM: Calling extract_hsm_secret");
 	tal_wally_start();
 	hsms = extract_hsm_secret(tmpctx, hsm_secret_contents, 
 				 tal_bytelen(hsm_secret_contents),
@@ -451,11 +442,9 @@ static void load_hsm(const char *passphrase)
 		status_failed(STATUS_FAIL_INTERNAL_ERROR,
 			      "Failed to load hsm_secret: %s", hsm_secret_error_str(err));
 	}
-	status_debug("HSM: Successfully extracted hsm_secret");
 
 	/* Copy the extracted secret to our global hsm_secret */
 	memcpy(&hsm_secret, &hsms->secret, sizeof(hsm_secret));
-	status_debug("HSM: Copied secret to global hsm_secret");
 }
 
 /*~ We have a pre-init call in developer mode, to set dev flags */

lightningd/hsm_control.c

@@ -82,38 +82,13 @@ bool hsm_capable(struct lightningd *ld, u32 msgtype)
 	return hsm_is_capable(ld->hsm_capabilities, msgtype);
 }
 
-/* Read hsm passphrase if needed for mnemonic-based hsm_secret */
-static const char *read_hsm_passphrase_if_needed(struct lightningd *ld)
-{
-	if (!ld->hsm_passphrase_required)
-		return NULL;
-
-	log_info(ld->log, "The hsm_secret uses a mnemonic with a passphrase. In order to "
-		"derive the seed and start the node you must provide the passphrase.");
-	log_info(ld->log, "Enter hsm_secret passphrase: ");
-
-	enum hsm_secret_error err;
-	const char *passphrase = read_stdin_pass(tmpctx, &err);
-	if (err != HSM_SECRET_OK) {
-		fatal("Failed to read passphrase: %s", hsm_secret_error_str(err));
-	}
-
-	return passphrase;
-}
-
 struct ext_key *hsm_init(struct lightningd *ld)
 {
 	u8 *msg;
 	int fds[2];
 	struct ext_key *bip32_base;
 	u32 hsm_version;
 	struct pubkey unused;
-	const char *hsm_passphrase = NULL;
-
-	/* Read passphrase if needed for mnemonic-based hsm_secret */
-	if (ld->hsm_passphrase_required) {
-		hsm_passphrase = read_hsm_passphrase_if_needed(ld);
-	}
 
 	/* We actually send requests synchronously: only status is async. */
 	if (socketpair(AF_LOCAL, SOCK_STREAM, 0, fds) != 0)
@@ -126,15 +101,6 @@ struct ext_key *hsm_init(struct lightningd *ld)
 	if (!ld->hsm)
 		err(EXITCODE_HSM_GENERIC_ERROR, "Could not subd hsm");
 
-	/* If hsm_secret is encrypted and the --encrypted-hsm startup option is
-	 * not passed, don't let hsmd use the first 32 bytes of the cypher as the
-	 * actual secret. */
-	if (!ld->config.keypass) {
-		if (is_legacy_hsm_secret_encrypted("hsm_secret") == 1)
-			errx(EXITCODE_HSM_ERROR_IS_ENCRYPT, "hsm_secret is encrypted, you need to pass the "
-			     "--encrypted-hsm startup option.");
-	}
-
 	ld->hsm_fd = fds[0];
 
 	if (ld->developer) {
@@ -155,15 +121,15 @@ struct ext_key *hsm_init(struct lightningd *ld)
 
 	/* Create TLV for passphrase if needed */
 	struct tlv_hsmd_init_tlvs *tlv = NULL;
-	if (hsm_passphrase) {
+	if (ld->hsm_passphrase) {
 		tlv = tlv_hsmd_init_tlvs_new(tmpctx);
-		tlv->hsm_passphrase = tal_strdup(tlv, hsm_passphrase);
+		tlv->hsm_passphrase = tal_strdup(tlv, ld->hsm_passphrase);
 	}
 
 	if (!wire_sync_write(ld->hsm_fd, towire_hsmd_init(tmpctx,
 							  &chainparams->bip32_key_version,
 							  chainparams,
-							  ld->config.keypass,
+							  NULL,
 							  ld->dev_force_privkey,
 							  ld->dev_force_bip32_seed,
 							  ld->dev_force_channel_secrets,
@@ -182,8 +148,8 @@ struct ext_key *hsm_init(struct lightningd *ld)
 					&unused)) {
 		/* nothing to do. */
 	} else {
-		if (ld->config.keypass)
-			errx(EXITCODE_HSM_BAD_PASSWORD, "Wrong password for encrypted hsm_secret.");
+		if (ld->hsm_passphrase)
+			errx(EXITCODE_HSM_BAD_PASSWORD, "Wrong passphrase for hsm_secret.");
 		errx(EXITCODE_HSM_GENERIC_ERROR, "HSM did not give init reply");
 	}
 

lightningd/lightningd.c

@@ -236,7 +236,7 @@ static struct lightningd *new_lightningd(const tal_t *ctx)
 	ld->alias = NULL;
 	ld->rgb = NULL;
 	ld->recover = NULL;
-	ld->hsm_passphrase_required = false;
+	ld->hsm_passphrase = NULL;
 	list_head_init(&ld->connects);
 	list_head_init(&ld->waitsendpay_commands);
 	list_head_init(&ld->close_commands);
@@ -316,10 +316,11 @@ static struct lightningd *new_lightningd(const tal_t *ctx)
 	/*~ This is set when a JSON RPC command comes in to shut us down. */
 	ld->stop_conn = NULL;
 
-	/*~ This is used to signal that `hsm_secret` is encrypted, and will
-	 * be set to `true` if the `--encrypted-hsm` option is passed at startup.
+	/*~ This is used to store the passphrase for hsm_secret if needed.
+	 * It will be set if the `--hsm-passphrase` option is passed at startup.
 	 */
-	ld->encrypted_hsm = false;
+
+	ld->hsm_passphrase = NULL;
 
 	/* This is used to override subdaemons */
 	strmap_init(&ld->alt_subdaemons);
@@ -1312,14 +1313,6 @@ int main(int argc, char *argv[])
 	/*~ This is the ccan/io central poll override from above. */
 	io_poll_override(io_poll_lightningd);
 
-	/*~ If hsm_secret is encrypted, we don't need its encryption key
-	 * anymore. Note that sodium_munlock() also zeroes the memory.*/
-	if (ld->config.keypass) {
-		destroy_secret(ld->config.keypass);
-		tal_free(ld->config.keypass);
-		ld->config.keypass = NULL;
-	}
-
 	/*~ Our default color and alias are derived from our node id, so we
 	 * can only set those now (if not set by config options). */
 	setup_color_and_alias(ld);

lightningd/lightningd.h

@@ -69,8 +69,7 @@ struct config {
 	/* Minimal amount of effective funding_satoshis for accepting channels */
 	u64 min_capacity_sat;
 
-	/* This is the key we use to encrypt `hsm_secret`. */
-	struct secret *keypass;
+	/* Encryption key derivation is now handled by hsmd internally */
 
 	/* How long before we give up waiting for INIT msg */
 	u32 connection_timeout_secs;
@@ -379,12 +378,10 @@ struct lightningd {
 	char *wallet_dsn;
 
 
-	/* Whether hsm_secret requires a passphrase */
-	bool hsm_passphrase_required;
+	/* HSM passphrase for any format that needs it */
+	char *hsm_passphrase;
+
 
-	/* Legacy encrypted hsm_secret support */
-	bool encrypted_hsm;
-	struct secret *keypass;
 	/* What (additional) messages the HSM accepts */
 	u32 *hsm_capabilities;
 

lightningd/options.c

@@ -559,6 +559,46 @@ static void prompt(struct lightningd *ld, const char *str)
 	fflush(stdout);
 }
 
+/* Read HSM passphrase from user input */
+static char *read_hsm_passphrase(struct lightningd *ld)
+{
+	const char *passphrase, *passphrase_confirmation;
+	enum hsm_secret_error err;
+
+	prompt(ld, "The hsm_secret requires a passphrase. In order to "
+	       "access it and start the node you must provide the passphrase.");
+	prompt(ld, "Enter hsm_secret passphrase:");
+
+	passphrase = read_stdin_pass(tmpctx, &err);
+	if (err != HSM_SECRET_OK) {
+		opt_exitcode = EXITCODE_HSM_PASSWORD_INPUT_ERR;
+		return tal_strdup(tmpctx, hsm_secret_error_str(err));
+	}
+
+	/* We need confirmation if the hsm_secret file doesn't exist yet */
+	if (!path_is_file("hsm_secret")) {
+		prompt(ld, "Confirm hsm_secret passphrase:");
+		fflush(stdout);
+		passphrase_confirmation = read_stdin_pass(tmpctx, &err);
+		if (err != HSM_SECRET_OK) {
+			opt_exitcode = EXITCODE_HSM_PASSWORD_INPUT_ERR;
+			return tal_strdup(tmpctx, hsm_secret_error_str(err));
+		}
+
+		if (!streq(passphrase, passphrase_confirmation)) {
+			opt_exitcode = EXITCODE_HSM_BAD_PASSWORD;
+			return "Passphrase confirmation mismatch.";
+		}
+	}
+
+	/* Store passphrase in lightningd struct */
+	ld->hsm_passphrase = tal_strdup(ld, passphrase);
+
+	/* Encryption key derivation is handled by hsmd internally */
+
+	return NULL;
+}
+
 /* Prompt the user to enter a password, from which will be derived the key used
  * for `hsm_secret` encryption.
  * The algorithm used to derive the key is Argon2(id), to which libsodium
@@ -569,8 +609,6 @@ static void prompt(struct lightningd *ld, const char *str)
  */
 static char *opt_set_hsm_password(struct lightningd *ld)
 {
-	const char *passwd, *passwd_confirmation;
-	enum hsm_secret_error err;
 	int is_encrypted;
 
 	/* Show deprecation warning */
@@ -590,43 +628,10 @@ static char *opt_set_hsm_password(struct lightningd *ld)
 		log_info(ld->log, "'hsm_secret' does not exist (%s)",
 			 strerror(errno));
 
-	prompt(ld, "The hsm_secret is encrypted with a password. In order to "
-	       "decrypt it and start the node you must provide the password.");
-	prompt(ld, "Enter hsm_secret password:");
-
-	passwd = read_stdin_pass(tmpctx, &err);
-	if (err != HSM_SECRET_OK) {
-		opt_exitcode = EXITCODE_HSM_PASSWORD_INPUT_ERR;
-		return tal_strdup(tmpctx, hsm_secret_error_str(err));
-	}
-	
-	if (!is_encrypted) {
-		prompt(ld, "Confirm hsm_secret password:");
-		fflush(stdout);
-		passwd_confirmation = read_stdin_pass(tmpctx, &err);
-		if (err != HSM_SECRET_OK) {
-			opt_exitcode = EXITCODE_HSM_PASSWORD_INPUT_ERR;
-			return tal_strdup(tmpctx, hsm_secret_error_str(err));
-		}
-
-		if (!streq(passwd, passwd_confirmation)) {
-			opt_exitcode = EXITCODE_HSM_BAD_PASSWORD;
-			return "Passwords confirmation mismatch.";
-		}
-	}
-	prompt(ld, "");
-
-	ld->config.keypass = tal(NULL, struct secret);
-
-	/* Derive encryption key from passphrase using the same function as hsm_secret.c */
-	ld->config.keypass = get_encryption_key(tmpctx, passwd);
-	if (!ld->config.keypass) {
-		opt_exitcode = EXITCODE_HSM_BAD_PASSWORD;
-		return "Could not derive encryption key from password.";
-	}
-
-	ld->encrypted_hsm = true;
-
+	/* Read passphrase from user */
+	char *err = read_hsm_passphrase(ld);
+	if (err)
+		return err;
 	return NULL;
 }
 
@@ -635,7 +640,11 @@ static char *opt_set_hsm_password(struct lightningd *ld)
  */
 static char *opt_set_hsm_passphrase(struct lightningd *ld)
 {
-	ld->hsm_passphrase_required = true;
+	/* Read passphrase from user */
+	char *err = read_hsm_passphrase(ld);
+	if (err)
+		return err;
+
 	return NULL;
 }