We should actually be including this (as it may define _GNU_SOURCE
etc) before any system headers. But where we include <assert.h> we
often didn't, because check-includes would complain that the headers
included it too.
Weaken that check, and include config.h in C files before assert.h.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Sometimes it's v0.9.3 and sometimes it's 0.9.3, and I always get it
wrong. This is painful when you have to create a signed tag after
committing to one of the two only to find out you chose wrong and have
to redo the tagging.
This would cause a segfault on the default network parameter for
`dumponchaindescriptors`.
Introduced in 1513a2d07e
Changelog-Fixed: hsmtool: fix a segfault on `dumponchaindescriptors` without network parameter
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
This makes use of the constant defined in the previous commits to more
accurately detect plaintext, encrypted, and invalid seeds. We now error
on invalid seeds.
Changelog-changed: hsmd: we now error at startup on invalid hsm_secret
Changelog-changed: hsmtool: all commands now error on invalid hsm_secret
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
This avoids duplication of both logic and error-prone values, such as
the salt. Grouping all hsm encryption logic into a public API will also
allow us to fuzz it.
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
Changelog-changed: lightningd: the `--encrypted-hsm` now asks you to confirm your password when first set
Changelog-changed: hsmtool: the `encrypt` now asks you to confirm your password
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
Fixes#4302
Changelog-fixed: hsmtool: the `generatehsm` command now generates an appropriately-sized hsm_secret
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
This slightly breaks the API, but still accept the input: we just don't
take it into account anymore.
For `dumponchaindescriptors`, we have to still take the old place of the
`network` parameter into account to not entirely break the API.
Changelog-Added: hsmtool: password must now be entered on stdin. Password passed on the command line are discarded.
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
This is vital for calculating merkle trees; I previously used
towire+fromwire to get this!
Requires generation change so we can magic the ARRAY_SIZE var (the C
pre-processor can't uppercase things).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Actually, it's more complex to translate the xpub descriptor to
testnet because of the descriptor checksum.
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
This adds a command which outputs the two output descriptors
corresponding to our onchain wallet.
This can be useful for an external service to monitor / send fund to our
wallet.
Further, an "xpriv" version of such descriptors could be used to import
onchain funds on a new wallet.
Changelog-Added: lightning-hsmtool: a new command was added to hsmtool for dumping descriptors of the onchain wallet
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
tools: Add `generatehsm` method to hsmtool to derivate BIP32 seeds from a
mnemonic using the BIP39 standard.
The new method uses libwally for the BIP39 to BIP32 derivation. It also
fails if an hsm_secret file already exists, so we do not overwrite
someone else's wallet without noticing.
It allows the use of passphrases, the ECHO mode in the terminal is
disable for higher security.
It currently supports "en", "es", "fr", "it", "jp", "zhs", "zht".
Changelog-Added: hsmtool: `hsm_secret` generation from a seed-phrase following BIP39.
Note that check-whitespace and check-bolt already do this, so we
can eliminate redundant lines in common/Makefile and bitcoin/Makefile.
We also include the plugin headers in ALL_C_HEADERS so they get
checked.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
There's a lot of it, and it means we can't `make check-source` on
these files.
Also bring bolt quotes up-to-date.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This avoids overwriting the ones in git, and generally makes things neater.
We have convenience headers wire/peer_wire.h and wire/onion_wire.h to
avoid most #ifdefs: simply include those.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We have to handle singletons which are arrays of variable-length entries:
this needs to be a ptr-to-ptr.
```C
struct blinded_payinfo {
u32 fee_base_msat;
u32 fee_proportional_millionths;
u16 cltv_expiry_delta;
u8 *features;
};
```
Before:
```C
struct tlv_invoice_tlvs {
...
struct blinded_payinfo *blindedpay;
```
After:
```C
struct tlv_invoice_tlvs {
...
struct blinded_payinfo **blindedpay;
```
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
has_len_fields() doesn't cover our blacklist of variable types, so if
we have an array of them, this logic is wrong. This happens in the
the bolt13 patch:
```C
struct tlv_offer_tlvs_blindedpath {
struct pubkey blinding;
struct onionmsg_path **path;
};
```
Before:
wire/gen_bolt13_tlv.c:
```C
for (size_t i = 0; i < tal_count(r->blindedpath->path); i++)
towire_onionmsg_path(&ptr, r->blindedpath->path + i);
```
After:
```C
for (size_t i = 0; i < tal_count(r->blindedpath->path); i++)
towire_onionmsg_path(&ptr, r->blindedpath->path[i]);
```
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Otherwise make thinks we're done, and we can get errors. Include
primitive code if we abort build halfway and leave .refresh-submodules dir.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We create ALL_PROGRAMS, ALL_TEST_PROGRAMS, ALL_C_SOURCES and
ALL_C_HEADERS. Then the toplevel Makefile knows which are
autogenerated (by wildcard), so it can have all the rules to clean
them or check the source as necessary.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Changelog-Fixed: Actually make the password argument optional for `guesstoremote` and `dumpcommitments` sub-commands, as shown in our documentation and help text.
Reported by `Barno` on #c-lightning IRC.
Before this, docker image will never detects that
`lightning-rpc` was created if it is running in regtest
or testnet, because the file will be created under
subfolder for each network name, and entrypoint does not
check "lightning-rpc" file in those folders.
By specifying `LIGHTNINGD_NETWORK` environment var
in dockerfile, we can now check correct path.
Changelog-Added: Docker build now includes `LIGHTNINGD_NETWORK` ENV variable which defaults to "bitcoin". An user can override this (e.g. by `-e` option in `docker run`) to run docker container in regtest or testnet or any valid argument to `--network`.
Changelog-Added: We now install `lightning-hsmtool` for your `hsm_secret` needs.
See: https://github.com/ElementsProject/lightning/issues/3717#issuecomment-644844594
It seems reasonable to add this to the standard install, and to document it properly as well, hopefully we can fill in the documentation better later on.