mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2024-11-19 09:54:16 +01:00
Code Issues Projects Releases Wiki Activity
72345c5fbc
core-lightning/plugins/exposesecret.c

164 lines
5.0 KiB
C
Raw Normal View History

exposesecret: new plugin and command to get hsm_secret. Being able to back up the hsm_secret is critical, but you cannot do this through a UI, because of course we do not allow such access. People have lost funds because they didn't back up. This allows access to the hsm_secret if you use a password set in the config file. (If it's not set, the command does not work). This is a compromise, of course. Changelog-Added: `exposesecret` command for encouraging hsm_secret backups. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-09-06 07:37:57 +02:00
#include "config.h"
#include <bitcoin/privkey.h>
#include <ccan/array_size/array_size.h>
#include <ccan/crypto/hkdf_sha256/hkdf_sha256.h>
#include <ccan/crypto/sha256/sha256.h>
#include <ccan/tal/grab_file/grab_file.h>
#include <ccan/tal/str/str.h>
#include <common/bech32.h>
#include <common/codex32.h>
#include <common/json_param.h>
#include <common/json_stream.h>
#include <errno.h>
#include <plugins/libplugin.h>
/* Information this plugin wants to keep. */
struct exposesecret {
char *exposure_passphrase;
struct pubkey our_node_id;
const char *our_node_alias;
};
static struct exposesecret *exposesecret_data(struct plugin *plugin)
{
return plugin_get_data(plugin, struct exposesecret);
}
/* Don't let compiler do clever things, which would allow the caller
* to measure time, and figure out how much of the passphrase matched! */
static bool compare_passphrases(const char *a, const char *b)
{
struct sha256 a_sha, b_sha;
/* Technically, this gives information about passphrase length, but
* they can also just brute force it if it is small, so this doesn't
* add much! Also, hashing messes with timing quite a bit. */
sha256(&a_sha, a, strlen(a));
sha256(&b_sha, b, strlen(b));
return sha256_eq(&a_sha, &b_sha);
}
static struct command_result *json_exposesecret(struct command *cmd,
const char *buffer,
const jsmntok_t *params)
{
const struct exposesecret *exposesecret = exposesecret_data(cmd->plugin);
struct json_stream *js;
u8 *contents;
const char *id, *passphrase, *err;
struct secret hsm_secret;
struct privkey node_privkey;
struct pubkey node_id;
char *bip93;
u32 salt = 0;
if (!param_check(cmd, buffer, params,
p_req("passphrase", param_string, &passphrase),
p_opt("identifier", param_string, &id),
NULL))
return command_param_failed();
if (!exposesecret->exposure_passphrase)
return command_fail(cmd, LIGHTNINGD, "exposesecrets-passphrase is not set");
/* Technically, this could become a timing oracle. */
if (!compare_passphrases(exposesecret->exposure_passphrase, passphrase))
return command_fail(cmd, LIGHTNINGD, "passphrase does not match exposesecrets-passphrase");
contents = grab_file(tmpctx, "hsm_secret");
if (!contents)
return command_fail(cmd, LIGHTNINGD, "Could not open hsm_secret: %s", strerror(errno));
/* grab_file adds a \0 byte at the end for convenience */
if (tal_bytelen(contents) == sizeof(hsm_secret) + 1) {
memcpy(&hsm_secret, contents, sizeof(hsm_secret));
} else {
return command_fail(cmd, LIGHTNINGD, "Not a valid hsm_secret file? Bad length (maybe encrypted?)");
}
/* Before we expose it, check it's correct! */
hkdf_sha256(&node_privkey, sizeof(node_privkey),
&salt, sizeof(salt),
&hsm_secret,
sizeof(hsm_secret),
"nodeid", 6);
/* Should not happen! */
if (!pubkey_from_privkey(&node_privkey, &node_id))
return command_fail(cmd, LIGHTNINGD, "Invalid private key?");
if (!pubkey_eq(&node_id, &exposesecret->our_node_id))
return command_fail(cmd, LIGHTNINGD, "This hsm_secret is not for the current node");
/* If they didn't give an identifier, we make an appropriate one! */
if (!id) {
size_t off = 0;
/* If we run out of alias, use x. */
char idstr[] = "xxxx";
for (size_t i = 0; idstr[off]; i++) {
unsigned char c = exposesecret->our_node_alias[i];
if (c == 0)
break;
if (c >= sizeof(bech32_charset_rev))
continue;
/* Convert to lower case */
c = tolower(c);
/* Must be a valid bech32 char now */
if (bech32_charset_rev[c] == -1)
continue;
idstr[off++] = c;
}
id = tal_strdup(cmd, idstr);
}
/* This also cannot fail! */
err = codex32_secret_encode(tmpctx, "cl", id, 0, hsm_secret.data, 32, &bip93);
if (err)
return command_fail(cmd, LIGHTNINGD, "Unexpected failure encoding hsm_secret: %s", err);
/* If we're just checking, stop */
if (command_check_only(cmd))
return command_check_done(cmd);
js = jsonrpc_stream_success(cmd);
json_add_string(js, "identifier", id);
json_add_string(js, "codex32", bip93);
return command_finished(cmd, js);
}
plugins/exposesecret: fix for API change. That will teach me to merge without rebasing. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-11-13 01:13:10 +01:00
static const char *init(struct command *init_cmd,
exposesecret: new plugin and command to get hsm_secret. Being able to back up the hsm_secret is critical, but you cannot do this through a UI, because of course we do not allow such access. People have lost funds because they didn't back up. This allows access to the hsm_secret if you use a password set in the config file. (If it's not set, the command does not work). This is a compromise, of course. Changelog-Added: `exposesecret` command for encouraging hsm_secret backups. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-09-06 07:37:57 +02:00
const char *buf UNUSED, const jsmntok_t *config UNUSED)
{
plugins/exposesecret: fix for API change. That will teach me to merge without rebasing. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-11-13 01:13:10 +01:00
struct exposesecret *exposesecret = exposesecret_data(init_cmd->plugin);
rpc_scan(init_cmd, "getinfo",
exposesecret: new plugin and command to get hsm_secret. Being able to back up the hsm_secret is critical, but you cannot do this through a UI, because of course we do not allow such access. People have lost funds because they didn't back up. This allows access to the hsm_secret if you use a password set in the config file. (If it's not set, the command does not work). This is a compromise, of course. Changelog-Added: `exposesecret` command for encouraging hsm_secret backups. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-09-06 07:37:57 +02:00
take(json_out_obj(NULL, NULL, NULL)),
"{id:%,alias:%}",
JSON_SCAN(json_to_pubkey, &exposesecret->our_node_id),
JSON_SCAN_TAL(exposesecret, json_strdup, &exposesecret->our_node_alias));
return NULL;
}
static const struct plugin_command commands[] = {
{
"exposesecret",
json_exposesecret,
}
};
int main(int argc, char *argv[])
{
setup_locale();
struct exposesecret *exposesecret = talz(NULL, struct exposesecret);
plugin_main(argv, init, take(exposesecret),
PLUGIN_RESTARTABLE, true, NULL, commands, ARRAY_SIZE(commands),
NULL, 0, NULL, 0, NULL, 0,
config: add the ability for plugins to specify that config values should be concealed. And use it for `exposesecret-passphrase`. This is probably overly cautious, but it makes me feel a little better that we won't leak it to someone with read-only access. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-09-06 08:21:52 +02:00
plugin_option("exposesecret-passphrase", "string-conceal",
exposesecret: new plugin and command to get hsm_secret. Being able to back up the hsm_secret is critical, but you cannot do this through a UI, because of course we do not allow such access. People have lost funds because they didn't back up. This allows access to the hsm_secret if you use a password set in the config file. (If it's not set, the command does not work). This is a compromise, of course. Changelog-Added: `exposesecret` command for encouraging hsm_secret backups. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-09-06 07:37:57 +02:00
"Enable exposesecret command to allow HSM Secret backup, with this passphrase",
charp_option, NULL, &exposesecret->exposure_passphrase),
NULL);
}
Reference in New Issue Copy Permalink