From 57488cde132839b63bdbe2c9fe85733d9b07d084 Mon Sep 17 00:00:00 2001 From: niftynei Date: Tue, 26 May 2020 16:06:13 -0500 Subject: [PATCH] hsm: decouple hsm from wallet; init before wallet We're going to use the hsm for a migration, so we need to set up the HSM before we get to the wallet migration code. All that this requires is removing the places in HSM init that we touch the database struct -- easy enough to accomplish by passing the required field back out from init, and then associating it onto the wallet after it's been initialized. --- lightningd/hsm_control.c | 9 ++++++--- lightningd/hsm_control.h | 3 ++- lightningd/lightningd.c | 20 +++++++++++--------- lightningd/test/run-find_my_abspath.c | 2 +- 4 files changed, 20 insertions(+), 14 deletions(-) diff --git a/lightningd/hsm_control.c b/lightningd/hsm_control.c index 22b6b715e..3a97a516f 100644 --- a/lightningd/hsm_control.c +++ b/lightningd/hsm_control.c @@ -84,10 +84,11 @@ static unsigned int hsm_msg(struct subd *hsmd, return 0; } -void hsm_init(struct lightningd *ld) +struct ext_key *hsm_init(struct lightningd *ld) { u8 *msg; int fds[2]; + struct ext_key *bip32_base; /* We actually send requests synchronously: only status is async. */ if (socketpair(AF_LOCAL, SOCK_STREAM, 0, fds) != 0) @@ -121,14 +122,16 @@ void hsm_init(struct lightningd *ld) IFDEV(ld->dev_force_channel_secrets_shaseed, NULL)))) err(1, "Writing init msg to hsm"); - ld->wallet->bip32_base = tal(ld->wallet, struct ext_key); + bip32_base = tal(ld, struct ext_key); msg = wire_sync_read(tmpctx, ld->hsm_fd); if (!fromwire_hsm_init_reply(msg, - &ld->id, ld->wallet->bip32_base)) { + &ld->id, bip32_base)) { if (ld->config.keypass) errx(1, "Wrong password for encrypted hsm_secret."); errx(1, "HSM did not give init reply"); } + + return bip32_base; } static struct command_result *json_getsharedsecret(struct command *cmd, diff --git a/lightningd/hsm_control.h b/lightningd/hsm_control.h index 26533ceaf..8060c721d 100644 --- a/lightningd/hsm_control.h +++ b/lightningd/hsm_control.h @@ -8,6 +8,7 @@ struct lightningd; struct node_id; +struct ext_key; /* Ask HSM for a new fd for a subdaemon to use. */ int hsm_get_client_fd(struct lightningd *ld, @@ -18,5 +19,5 @@ int hsm_get_client_fd(struct lightningd *ld, /* Ask HSM for an fd for a global subdaemon to use (gossipd, connectd) */ int hsm_get_global_fd(struct lightningd *ld, int capabilities); -void hsm_init(struct lightningd *ld); +struct ext_key *hsm_init(struct lightningd *ld); #endif /* LIGHTNING_LIGHTNINGD_HSM_CONTROL_H */ diff --git a/lightningd/lightningd.c b/lightningd/lightningd.c index 2d4599d93..b44e7be30 100644 --- a/lightningd/lightningd.c +++ b/lightningd/lightningd.c @@ -759,6 +759,7 @@ int main(int argc, char *argv[]) struct timers *timers; const char *stop_response; struct htlc_in_map *unconnected_htlcs_in; + struct ext_key *bip32_base; struct rlimit nofile = {1024, 1024}; /*~ Make sure that we limit ourselves to something reasonable. Modesty @@ -822,10 +823,20 @@ int main(int argc, char *argv[]) /*~ Make sure we can reach the subdaemons, and versions match. */ test_subdaemons(ld); + /*~ Set up the HSM daemon, which knows our node secret key, so tells + * us who we are. + * + * HSM stands for Hardware Security Module, which is the industry + * standard of key storage; ours is in software for now, so the name + * doesn't really make sense, but we can't call it the Badly-named + * Daemon Software Module. */ + bip32_base = hsm_init(ld); + /*~ Our "wallet" code really wraps the db, which is more than a simple * bitcoin wallet (though it's that too). It also stores channel * states, invoices, payments, blocks and bitcoin transactions. */ ld->wallet = wallet_new(ld, ld->timers); + ld->wallet->bip32_base = tal_steal(ld->wallet, bip32_base); /*~ We keep track of how many 'coin moves' we've ever made. * Initialize the starting value from the database here. */ @@ -837,15 +848,6 @@ int main(int argc, char *argv[]) /*~ This is the ccan/io central poll override from above. */ io_poll_override(io_poll_lightningd); - /*~ Set up the HSM daemon, which knows our node secret key, so tells - * us who we are. - * - * HSM stands for Hardware Security Module, which is the industry - * standard of key storage; ours is in software for now, so the name - * doesn't really make sense, but we can't call it the Badly-named - * Daemon Software Module. */ - hsm_init(ld); - /*~ If hsm_secret is encrypted, we don't need its encryption key * anymore. Note that sodium_munlock() also zeroes the memory.*/ if (ld->config.keypass) diff --git a/lightningd/test/run-find_my_abspath.c b/lightningd/test/run-find_my_abspath.c index 241aa797a..41c74e071 100644 --- a/lightningd/test/run-find_my_abspath.c +++ b/lightningd/test/run-find_my_abspath.c @@ -110,7 +110,7 @@ void handle_opts(struct lightningd *ld UNNEEDED, int argc UNNEEDED, char *argv[] size_t hash_htlc_key(const struct htlc_key *htlc_key UNNEEDED) { fprintf(stderr, "hash_htlc_key called!\n"); abort(); } /* Generated stub for hsm_init */ -void hsm_init(struct lightningd *ld UNNEEDED) +struct ext_key *hsm_init(struct lightningd *ld UNNEEDED) { fprintf(stderr, "hsm_init called!\n"); abort(); } /* Generated stub for htlcs_notify_new_block */ void htlcs_notify_new_block(struct lightningd *ld UNNEEDED, u32 height UNNEEDED)