mirror of
https://github.com/ElementsProject/lightning.git
synced 2024-11-19 01:43:36 +01:00
c31b57c32a
That will teach me to merge without rebasing. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
164 lines
5.0 KiB
C
164 lines
5.0 KiB
C
#include "config.h"
|
|
#include <bitcoin/privkey.h>
|
|
#include <ccan/array_size/array_size.h>
|
|
#include <ccan/crypto/hkdf_sha256/hkdf_sha256.h>
|
|
#include <ccan/crypto/sha256/sha256.h>
|
|
#include <ccan/tal/grab_file/grab_file.h>
|
|
#include <ccan/tal/str/str.h>
|
|
#include <common/bech32.h>
|
|
#include <common/codex32.h>
|
|
#include <common/json_param.h>
|
|
#include <common/json_stream.h>
|
|
#include <errno.h>
|
|
#include <plugins/libplugin.h>
|
|
|
|
/* Information this plugin wants to keep. */
|
|
struct exposesecret {
|
|
char *exposure_passphrase;
|
|
struct pubkey our_node_id;
|
|
const char *our_node_alias;
|
|
};
|
|
|
|
static struct exposesecret *exposesecret_data(struct plugin *plugin)
|
|
{
|
|
return plugin_get_data(plugin, struct exposesecret);
|
|
}
|
|
|
|
/* Don't let compiler do clever things, which would allow the caller
|
|
* to measure time, and figure out how much of the passphrase matched! */
|
|
static bool compare_passphrases(const char *a, const char *b)
|
|
{
|
|
struct sha256 a_sha, b_sha;
|
|
|
|
/* Technically, this gives information about passphrase length, but
|
|
* they can also just brute force it if it is small, so this doesn't
|
|
* add much! Also, hashing messes with timing quite a bit. */
|
|
sha256(&a_sha, a, strlen(a));
|
|
sha256(&b_sha, b, strlen(b));
|
|
|
|
return sha256_eq(&a_sha, &b_sha);
|
|
}
|
|
|
|
static struct command_result *json_exposesecret(struct command *cmd,
|
|
const char *buffer,
|
|
const jsmntok_t *params)
|
|
{
|
|
const struct exposesecret *exposesecret = exposesecret_data(cmd->plugin);
|
|
struct json_stream *js;
|
|
u8 *contents;
|
|
const char *id, *passphrase, *err;
|
|
struct secret hsm_secret;
|
|
struct privkey node_privkey;
|
|
struct pubkey node_id;
|
|
char *bip93;
|
|
u32 salt = 0;
|
|
|
|
if (!param_check(cmd, buffer, params,
|
|
p_req("passphrase", param_string, &passphrase),
|
|
p_opt("identifier", param_string, &id),
|
|
NULL))
|
|
return command_param_failed();
|
|
|
|
if (!exposesecret->exposure_passphrase)
|
|
return command_fail(cmd, LIGHTNINGD, "exposesecrets-passphrase is not set");
|
|
|
|
/* Technically, this could become a timing oracle. */
|
|
if (!compare_passphrases(exposesecret->exposure_passphrase, passphrase))
|
|
return command_fail(cmd, LIGHTNINGD, "passphrase does not match exposesecrets-passphrase");
|
|
|
|
contents = grab_file(tmpctx, "hsm_secret");
|
|
if (!contents)
|
|
return command_fail(cmd, LIGHTNINGD, "Could not open hsm_secret: %s", strerror(errno));
|
|
|
|
/* grab_file adds a \0 byte at the end for convenience */
|
|
if (tal_bytelen(contents) == sizeof(hsm_secret) + 1) {
|
|
memcpy(&hsm_secret, contents, sizeof(hsm_secret));
|
|
} else {
|
|
return command_fail(cmd, LIGHTNINGD, "Not a valid hsm_secret file? Bad length (maybe encrypted?)");
|
|
}
|
|
|
|
/* Before we expose it, check it's correct! */
|
|
hkdf_sha256(&node_privkey, sizeof(node_privkey),
|
|
&salt, sizeof(salt),
|
|
&hsm_secret,
|
|
sizeof(hsm_secret),
|
|
"nodeid", 6);
|
|
|
|
/* Should not happen! */
|
|
if (!pubkey_from_privkey(&node_privkey, &node_id))
|
|
return command_fail(cmd, LIGHTNINGD, "Invalid private key?");
|
|
|
|
if (!pubkey_eq(&node_id, &exposesecret->our_node_id))
|
|
return command_fail(cmd, LIGHTNINGD, "This hsm_secret is not for the current node");
|
|
|
|
/* If they didn't give an identifier, we make an appropriate one! */
|
|
if (!id) {
|
|
size_t off = 0;
|
|
/* If we run out of alias, use x. */
|
|
char idstr[] = "xxxx";
|
|
|
|
for (size_t i = 0; idstr[off]; i++) {
|
|
unsigned char c = exposesecret->our_node_alias[i];
|
|
if (c == 0)
|
|
break;
|
|
if (c >= sizeof(bech32_charset_rev))
|
|
continue;
|
|
/* Convert to lower case */
|
|
c = tolower(c);
|
|
/* Must be a valid bech32 char now */
|
|
if (bech32_charset_rev[c] == -1)
|
|
continue;
|
|
idstr[off++] = c;
|
|
}
|
|
|
|
id = tal_strdup(cmd, idstr);
|
|
}
|
|
|
|
/* This also cannot fail! */
|
|
err = codex32_secret_encode(tmpctx, "cl", id, 0, hsm_secret.data, 32, &bip93);
|
|
if (err)
|
|
return command_fail(cmd, LIGHTNINGD, "Unexpected failure encoding hsm_secret: %s", err);
|
|
|
|
/* If we're just checking, stop */
|
|
if (command_check_only(cmd))
|
|
return command_check_done(cmd);
|
|
|
|
js = jsonrpc_stream_success(cmd);
|
|
json_add_string(js, "identifier", id);
|
|
json_add_string(js, "codex32", bip93);
|
|
return command_finished(cmd, js);
|
|
}
|
|
|
|
static const char *init(struct command *init_cmd,
|
|
const char *buf UNUSED, const jsmntok_t *config UNUSED)
|
|
{
|
|
struct exposesecret *exposesecret = exposesecret_data(init_cmd->plugin);
|
|
rpc_scan(init_cmd, "getinfo",
|
|
take(json_out_obj(NULL, NULL, NULL)),
|
|
"{id:%,alias:%}",
|
|
JSON_SCAN(json_to_pubkey, &exposesecret->our_node_id),
|
|
JSON_SCAN_TAL(exposesecret, json_strdup, &exposesecret->our_node_alias));
|
|
return NULL;
|
|
}
|
|
|
|
static const struct plugin_command commands[] = {
|
|
{
|
|
"exposesecret",
|
|
json_exposesecret,
|
|
}
|
|
};
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
setup_locale();
|
|
|
|
struct exposesecret *exposesecret = talz(NULL, struct exposesecret);
|
|
plugin_main(argv, init, take(exposesecret),
|
|
PLUGIN_RESTARTABLE, true, NULL, commands, ARRAY_SIZE(commands),
|
|
NULL, 0, NULL, 0, NULL, 0,
|
|
plugin_option("exposesecret-passphrase", "string-conceal",
|
|
"Enable exposesecret command to allow HSM Secret backup, with this passphrase",
|
|
charp_option, NULL, &exposesecret->exposure_passphrase),
|
|
NULL);
|
|
}
|