2021-12-04 12:23:56 +01:00
|
|
|
#include "config.h"
|
2021-12-14 22:57:21 +01:00
|
|
|
#include <common/errcode.h>
|
2021-01-03 12:32:43 +01:00
|
|
|
#include <common/hsm_encryption.h>
|
2021-01-03 14:54:13 +01:00
|
|
|
#include <termios.h>
|
2021-06-01 19:38:16 +02:00
|
|
|
#include <unistd.h>
|
2021-01-03 12:32:43 +01:00
|
|
|
|
2021-12-14 22:57:21 +01:00
|
|
|
int hsm_secret_encryption_key_with_exitcode(const char *pass, struct secret *key,
|
|
|
|
char **err_msg)
|
2021-01-03 12:32:43 +01:00
|
|
|
{
|
|
|
|
u8 salt[16] = "c-lightning\0\0\0\0\0";
|
|
|
|
|
|
|
|
/* Don't swap the encryption key ! */
|
2021-12-14 22:57:21 +01:00
|
|
|
if (sodium_mlock(key->data, sizeof(key->data)) != 0) {
|
|
|
|
*err_msg = "Could not lock hsm_secret encryption key memory.";
|
|
|
|
return HSM_GENERIC_ERROR;
|
|
|
|
}
|
2021-01-03 12:32:43 +01:00
|
|
|
|
|
|
|
/* Check bounds. */
|
2021-12-14 22:57:21 +01:00
|
|
|
if (strlen(pass) < crypto_pwhash_argon2id_PASSWD_MIN) {
|
|
|
|
*err_msg = "Password too short to be able to derive a key from it.";
|
|
|
|
return HSM_BAD_PASSWORD;
|
|
|
|
} else if (strlen(pass) > crypto_pwhash_argon2id_PASSWD_MAX) {
|
|
|
|
*err_msg = "Password too long to be able to derive a key from it.";
|
|
|
|
return HSM_BAD_PASSWORD;
|
|
|
|
}
|
2021-01-03 12:32:43 +01:00
|
|
|
|
|
|
|
/* Now derive the key. */
|
|
|
|
if (crypto_pwhash(key->data, sizeof(key->data), pass, strlen(pass), salt,
|
|
|
|
/* INTERACTIVE needs 64 MiB of RAM, MODERATE needs 256,
|
|
|
|
* and SENSITIVE needs 1024. */
|
|
|
|
crypto_pwhash_argon2id_OPSLIMIT_MODERATE,
|
|
|
|
crypto_pwhash_argon2id_MEMLIMIT_MODERATE,
|
2021-12-14 22:57:21 +01:00
|
|
|
crypto_pwhash_ALG_ARGON2ID13) != 0) {
|
|
|
|
*err_msg = "Could not derive a key from the password.";
|
|
|
|
return HSM_BAD_PASSWORD;
|
|
|
|
}
|
2021-01-03 12:32:43 +01:00
|
|
|
|
2021-12-14 22:57:21 +01:00
|
|
|
return 0;
|
2021-01-03 12:32:43 +01:00
|
|
|
}
|
|
|
|
|
2021-01-03 16:35:58 +01:00
|
|
|
bool encrypt_hsm_secret(const struct secret *encryption_key,
|
|
|
|
const struct secret *hsm_secret,
|
|
|
|
struct encrypted_hsm_secret *output)
|
|
|
|
{
|
|
|
|
crypto_secretstream_xchacha20poly1305_state crypto_state;
|
|
|
|
|
|
|
|
if (crypto_secretstream_xchacha20poly1305_init_push(&crypto_state, output->data,
|
|
|
|
encryption_key->data) != 0)
|
|
|
|
return false;
|
|
|
|
if (crypto_secretstream_xchacha20poly1305_push(&crypto_state,
|
|
|
|
output->data + HS_HEADER_LEN,
|
|
|
|
NULL, hsm_secret->data,
|
|
|
|
sizeof(hsm_secret->data),
|
|
|
|
/* Additional data and tag */
|
|
|
|
NULL, 0, 0))
|
|
|
|
return false;
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2021-01-03 16:49:40 +01:00
|
|
|
bool decrypt_hsm_secret(const struct secret *encryption_key,
|
|
|
|
const struct encrypted_hsm_secret *cipher,
|
|
|
|
struct secret *output)
|
|
|
|
{
|
|
|
|
crypto_secretstream_xchacha20poly1305_state crypto_state;
|
|
|
|
|
|
|
|
/* The header part */
|
|
|
|
if (crypto_secretstream_xchacha20poly1305_init_pull(&crypto_state, cipher->data,
|
|
|
|
encryption_key->data) != 0)
|
|
|
|
return false;
|
|
|
|
/* The ciphertext part */
|
|
|
|
if (crypto_secretstream_xchacha20poly1305_pull(&crypto_state, output->data,
|
|
|
|
NULL, 0,
|
|
|
|
cipher->data + HS_HEADER_LEN,
|
|
|
|
HS_CIPHERTEXT_LEN,
|
|
|
|
NULL, 0) != 0)
|
|
|
|
return false;
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2021-01-03 12:32:43 +01:00
|
|
|
void discard_key(struct secret *key TAKES)
|
|
|
|
{
|
|
|
|
/* sodium_munlock() also zeroes the memory. */
|
|
|
|
sodium_munlock(key->data, sizeof(key->data));
|
|
|
|
if (taken(key))
|
|
|
|
tal_free(key);
|
|
|
|
}
|
2021-01-03 14:54:13 +01:00
|
|
|
|
2021-06-15 01:22:34 +02:00
|
|
|
/* Read a line from stdin, do not take the newline character into account. */
|
|
|
|
static bool getline_stdin_pass(char **passwd, size_t *passwd_size)
|
|
|
|
{
|
|
|
|
if (getline(passwd, passwd_size, stdin) < 0)
|
|
|
|
return false;
|
|
|
|
|
|
|
|
if ((*passwd)[strlen(*passwd) - 1] == '\n')
|
|
|
|
(*passwd)[strlen(*passwd) - 1] = '\0';
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2021-12-14 22:57:21 +01:00
|
|
|
char *read_stdin_pass_with_exit_code(char **reason, int *exit_code)
|
2021-01-03 14:54:13 +01:00
|
|
|
{
|
|
|
|
struct termios current_term, temp_term;
|
|
|
|
char *passwd = NULL;
|
|
|
|
size_t passwd_size = 0;
|
|
|
|
|
2021-06-01 19:38:16 +02:00
|
|
|
if (isatty(fileno(stdin))) {
|
|
|
|
/* Set a temporary term, same as current but with ECHO disabled. */
|
|
|
|
if (tcgetattr(fileno(stdin), ¤t_term) != 0) {
|
|
|
|
*reason = "Could not get current terminal options.";
|
2021-12-14 22:57:21 +01:00
|
|
|
*exit_code = HSM_PASSWORD_INPUT_ERR;
|
2021-06-01 19:38:16 +02:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
temp_term = current_term;
|
|
|
|
temp_term.c_lflag &= ~ECHO;
|
2021-11-23 12:01:56 +01:00
|
|
|
if (tcsetattr(fileno(stdin), TCSANOW, &temp_term) != 0) {
|
2021-06-01 19:38:16 +02:00
|
|
|
*reason = "Could not disable pass echoing.";
|
2021-12-14 22:57:21 +01:00
|
|
|
*exit_code = HSM_PASSWORD_INPUT_ERR;
|
2021-06-01 19:38:16 +02:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2021-06-15 01:22:34 +02:00
|
|
|
if (!getline_stdin_pass(&passwd, &passwd_size)) {
|
2021-06-01 19:38:16 +02:00
|
|
|
*reason = "Could not read pass from stdin.";
|
2021-12-14 22:57:21 +01:00
|
|
|
*exit_code = HSM_PASSWORD_INPUT_ERR;
|
2021-06-01 19:38:16 +02:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Restore the original terminal */
|
2021-11-23 12:01:56 +01:00
|
|
|
if (tcsetattr(fileno(stdin), TCSANOW, ¤t_term) != 0) {
|
2021-06-01 19:38:16 +02:00
|
|
|
*reason = "Could not restore terminal options.";
|
|
|
|
free(passwd);
|
2021-12-14 22:57:21 +01:00
|
|
|
*exit_code = HSM_PASSWORD_INPUT_ERR;
|
2021-06-01 19:38:16 +02:00
|
|
|
return NULL;
|
|
|
|
}
|
2021-06-15 01:22:34 +02:00
|
|
|
} else if (!getline_stdin_pass(&passwd, &passwd_size)) {
|
|
|
|
*reason = "Could not read pass from stdin.";
|
2021-12-14 22:57:21 +01:00
|
|
|
*exit_code = HSM_PASSWORD_INPUT_ERR;
|
2021-06-15 01:22:34 +02:00
|
|
|
return NULL;
|
2021-01-03 14:54:13 +01:00
|
|
|
}
|
|
|
|
return passwd;
|
|
|
|
}
|