hsm: Stabilize the hsm encryption and decryption tests

We were using sleeps to hope we catch the password prompt. This makes the test
flaky. So I added a help text followed by a `fflush` to make sure we catcht he
right moment, instead of guessing. The `fflush` is also useful for debugging
if a user ever pipes the output to a file it'd get buffered and the user would
wait forever. The same applies for automated systems such as `expect` or
`pexpect` based scripts that enter the password on prompt.
This commit is contained in:
Christian Decker 2019-11-25 17:15:39 +01:00
parent 9e59740268
commit c84473f82c
2 changed files with 29 additions and 24 deletions

View File

@ -331,7 +331,12 @@ static char *opt_set_hsm_password(struct lightningd *ld)
temp_term.c_lflag &= ~ECHO; temp_term.c_lflag &= ~ECHO;
if (tcsetattr(fileno(stdin), TCSAFLUSH, &temp_term) != 0) if (tcsetattr(fileno(stdin), TCSAFLUSH, &temp_term) != 0)
return "Could not disable password echoing."; return "Could not disable password echoing.";
printf("Enter hsm_secret password : "); printf("The hsm_secret is encrypted with a password. In order to "
"decrypt it and start the node you must provide the password.\n");
printf("Enter hsm_secret password: ");
/* If we don't flush we might end up being buffered and we might seem
* to hang while we wait for the password. */
fflush(stdout);
if (getline(&passwd, &passwd_size, stdin) < 0) if (getline(&passwd, &passwd_size, stdin) < 0)
return "Could not read password from stdin."; return "Could not read password from stdin.";
if(passwd[strlen(passwd) - 1] == '\n') if(passwd[strlen(passwd) - 1] == '\n')

View File

@ -3,7 +3,7 @@ from fixtures import * # noqa: F401,F403
from fixtures import TEST_NETWORK from fixtures import TEST_NETWORK
from flaky import flaky # noqa: F401 from flaky import flaky # noqa: F401
from lightning import RpcError, Millisatoshi from lightning import RpcError, Millisatoshi
from utils import only_one, wait_for, sync_blockheight, EXPERIMENTAL_FEATURES, COMPAT, VALGRIND, SLOW_MACHINE from utils import only_one, wait_for, sync_blockheight, EXPERIMENTAL_FEATURES, COMPAT, VALGRIND
import os import os
import pytest import pytest
@ -574,34 +574,32 @@ def test_hsm_secret_encryption(node_factory):
master_fd, slave_fd = os.openpty() master_fd, slave_fd = os.openpty()
# Test we can encrypt an already-existing and not encrypted hsm_secret # Test we can encrypt an already-existing and not encrypted hsm_secret
l1.rpc.stop() l1.stop()
l1.daemon.opts.update({"encrypted-hsm": None}) l1.daemon.opts.update({"encrypted-hsm": None})
l1.daemon.start(stdin=slave_fd, wait_for_initialized=False) l1.daemon.start(stdin=slave_fd, wait_for_initialized=False)
time.sleep(3 if SLOW_MACHINE else 1) l1.daemon.wait_for_log(r'The hsm_secret is encrypted')
os.write(master_fd, password.encode("utf-8")) os.write(master_fd, password.encode("utf-8"))
l1.daemon.wait_for_log("Server started with public key") l1.daemon.wait_for_log("Server started with public key")
id = l1.rpc.getinfo()["id"] id = l1.rpc.getinfo()["id"]
l1.stop()
# Test we cannot start the same wallet without specifying --encrypted-hsm # Test we cannot start the same wallet without specifying --encrypted-hsm
l1.stop()
l1.daemon.opts.pop("encrypted-hsm") l1.daemon.opts.pop("encrypted-hsm")
l1.daemon.start(stdin=slave_fd, stderr=subprocess.STDOUT, with pytest.raises(subprocess.CalledProcessError, match=r'returned non-zero exit status 1'):
wait_for_initialized=False) subprocess.check_call(l1.daemon.cmd_line)
time.sleep(3 if SLOW_MACHINE else 1)
err = "hsm_secret is encrypted, you need to pass the --encrypted-hsm startup option."
assert l1.daemon.is_in_log(err)
# Test we cannot restore the same wallet with another password # Test we cannot restore the same wallet with another password
l1.daemon.opts.update({"encrypted-hsm": None}) l1.daemon.opts.update({"encrypted-hsm": None})
l1.daemon.start(stdin=slave_fd, stderr=subprocess.STDOUT, l1.daemon.start(stdin=slave_fd, stderr=subprocess.STDOUT,
wait_for_initialized=False) wait_for_initialized=False)
time.sleep(3 if SLOW_MACHINE else 1) l1.daemon.wait_for_log(r'The hsm_secret is encrypted')
os.write(master_fd, password[2:].encode("utf-8")) os.write(master_fd, password[2:].encode("utf-8"))
l1.daemon.wait_for_log("Wrong password for encrypted hsm_secret.") l1.daemon.wait_for_log("Wrong password for encrypted hsm_secret.")
# Test we can restore the same wallet with the same password # Test we can restore the same wallet with the same password
l1.daemon.start(stdin=slave_fd, wait_for_initialized=False) l1.daemon.start(stdin=slave_fd, wait_for_initialized=False)
time.sleep(3 if SLOW_MACHINE else 1) l1.daemon.wait_for_log(r'The hsm_secret is encrypted')
os.write(master_fd, password.encode("utf-8")) os.write(master_fd, password.encode("utf-8"))
l1.daemon.wait_for_log("Server started with public key") l1.daemon.wait_for_log("Server started with public key")
assert id == l1.rpc.getinfo()["id"] assert id == l1.rpc.getinfo()["id"]
@ -616,10 +614,10 @@ def test_hsmtool_secret_decryption(node_factory):
master_fd, slave_fd = os.openpty() master_fd, slave_fd = os.openpty()
# Encrypt the master seed # Encrypt the master seed
l1.rpc.stop() l1.stop()
l1.daemon.opts.update({"encrypted-hsm": None}) l1.daemon.opts.update({"encrypted-hsm": None})
l1.daemon.start(stdin=slave_fd, wait_for_initialized=False) l1.daemon.start(stdin=slave_fd, wait_for_initialized=False)
time.sleep(3 if SLOW_MACHINE else 1) l1.daemon.wait_for_log(r'The hsm_secret is encrypted')
os.write(master_fd, password.encode("utf-8")) os.write(master_fd, password.encode("utf-8"))
l1.daemon.wait_for_log("Server started with public key") l1.daemon.wait_for_log("Server started with public key")
node_id = l1.rpc.getinfo()["id"] node_id = l1.rpc.getinfo()["id"]
@ -627,11 +625,12 @@ def test_hsmtool_secret_decryption(node_factory):
# We can't use a wrong password ! # We can't use a wrong password !
cmd_line = ["tools/hsmtool", "decrypt", hsm_path, "A wrong pass"] cmd_line = ["tools/hsmtool", "decrypt", hsm_path, "A wrong pass"]
assert subprocess.Popen(cmd_line).wait() != 0 with pytest.raises(subprocess.CalledProcessError):
subprocess.check_call(cmd_line)
# Decrypt it with hsmtool # Decrypt it with hsmtool
cmd_line[3] = password[:-1] cmd_line[3] = password[:-1]
assert subprocess.Popen(cmd_line).wait() == 0 subprocess.check_call(cmd_line)
# Then test we can now start it without password # Then test we can now start it without password
l1.daemon.opts.pop("encrypted-hsm") l1.daemon.opts.pop("encrypted-hsm")
l1.daemon.start(stdin=slave_fd, wait_for_initialized=True) l1.daemon.start(stdin=slave_fd, wait_for_initialized=True)
@ -640,18 +639,19 @@ def test_hsmtool_secret_decryption(node_factory):
# Test we can encrypt it offline # Test we can encrypt it offline
cmd_line[1] = "encrypt" cmd_line[1] = "encrypt"
assert subprocess.Popen(cmd_line).wait() == 0 subprocess.check_call(cmd_line)
# Now we need to pass the encrypted-hsm startup option # Now we need to pass the encrypted-hsm startup option
l1.stop() l1.stop()
l1.daemon.start(stdin=slave_fd, stderr=subprocess.STDOUT,
wait_for_initialized=False) with pytest.raises(subprocess.CalledProcessError, match=r'returned non-zero exit status 1'):
time.sleep(3 if SLOW_MACHINE else 1) subprocess.check_call(l1.daemon.cmd_line)
err = "hsm_secret is encrypted, you need to pass the --encrypted-hsm startup option."
assert l1.daemon.is_in_log(err)
l1.daemon.opts.update({"encrypted-hsm": None}) l1.daemon.opts.update({"encrypted-hsm": None})
master_fd, slave_fd = os.openpty()
l1.daemon.start(stdin=slave_fd, stderr=subprocess.STDOUT, l1.daemon.start(stdin=slave_fd, stderr=subprocess.STDOUT,
wait_for_initialized=False) wait_for_initialized=False)
time.sleep(3 if SLOW_MACHINE else 1)
l1.daemon.wait_for_log(r'The hsm_secret is encrypted')
os.write(master_fd, password.encode("utf-8")) os.write(master_fd, password.encode("utf-8"))
l1.daemon.wait_for_log("Server started with public key") l1.daemon.wait_for_log("Server started with public key")
assert node_id == l1.rpc.getinfo()["id"] assert node_id == l1.rpc.getinfo()["id"]
@ -659,7 +659,7 @@ def test_hsmtool_secret_decryption(node_factory):
# And finally test that we can also decrypt if encrypted with hsmtool # And finally test that we can also decrypt if encrypted with hsmtool
cmd_line[1] = "decrypt" cmd_line[1] = "decrypt"
assert subprocess.Popen(cmd_line).wait() == 0 subprocess.check_call(cmd_line)
l1.daemon.opts.pop("encrypted-hsm") l1.daemon.opts.pop("encrypted-hsm")
l1.daemon.start(stdin=slave_fd, wait_for_initialized=True) l1.daemon.start(stdin=slave_fd, wait_for_initialized=True)
assert node_id == l1.rpc.getinfo()["id"] assert node_id == l1.rpc.getinfo()["id"]