This makes use of the constant defined in the previous commits to more
accurately detect plaintext, encrypted, and invalid seeds. We now error
on invalid seeds.
Changelog-changed: hsmd: we now error at startup on invalid hsm_secret
Changelog-changed: hsmtool: all commands now error on invalid hsm_secret
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
This avoids duplication of both logic and error-prone values, such as
the salt. Grouping all hsm encryption logic into a public API will also
allow us to fuzz it.
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
Changelog-changed: lightningd: the `--encrypted-hsm` now asks you to confirm your password when first set
Changelog-changed: hsmtool: the `encrypt` now asks you to confirm your password
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
Fixes#4302
Changelog-fixed: hsmtool: the `generatehsm` command now generates an appropriately-sized hsm_secret
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
This slightly breaks the API, but still accept the input: we just don't
take it into account anymore.
For `dumponchaindescriptors`, we have to still take the old place of the
`network` parameter into account to not entirely break the API.
Changelog-Added: hsmtool: password must now be entered on stdin. Password passed on the command line are discarded.
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
This is vital for calculating merkle trees; I previously used
towire+fromwire to get this!
Requires generation change so we can magic the ARRAY_SIZE var (the C
pre-processor can't uppercase things).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Actually, it's more complex to translate the xpub descriptor to
testnet because of the descriptor checksum.
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
This adds a command which outputs the two output descriptors
corresponding to our onchain wallet.
This can be useful for an external service to monitor / send fund to our
wallet.
Further, an "xpriv" version of such descriptors could be used to import
onchain funds on a new wallet.
Changelog-Added: lightning-hsmtool: a new command was added to hsmtool for dumping descriptors of the onchain wallet
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
tools: Add `generatehsm` method to hsmtool to derivate BIP32 seeds from a
mnemonic using the BIP39 standard.
The new method uses libwally for the BIP39 to BIP32 derivation. It also
fails if an hsm_secret file already exists, so we do not overwrite
someone else's wallet without noticing.
It allows the use of passphrases, the ECHO mode in the terminal is
disable for higher security.
It currently supports "en", "es", "fr", "it", "jp", "zhs", "zht".
Changelog-Added: hsmtool: `hsm_secret` generation from a seed-phrase following BIP39.
Note that check-whitespace and check-bolt already do this, so we
can eliminate redundant lines in common/Makefile and bitcoin/Makefile.
We also include the plugin headers in ALL_C_HEADERS so they get
checked.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
There's a lot of it, and it means we can't `make check-source` on
these files.
Also bring bolt quotes up-to-date.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This avoids overwriting the ones in git, and generally makes things neater.
We have convenience headers wire/peer_wire.h and wire/onion_wire.h to
avoid most #ifdefs: simply include those.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We have to handle singletons which are arrays of variable-length entries:
this needs to be a ptr-to-ptr.
```C
struct blinded_payinfo {
u32 fee_base_msat;
u32 fee_proportional_millionths;
u16 cltv_expiry_delta;
u8 *features;
};
```
Before:
```C
struct tlv_invoice_tlvs {
...
struct blinded_payinfo *blindedpay;
```
After:
```C
struct tlv_invoice_tlvs {
...
struct blinded_payinfo **blindedpay;
```
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
has_len_fields() doesn't cover our blacklist of variable types, so if
we have an array of them, this logic is wrong. This happens in the
the bolt13 patch:
```C
struct tlv_offer_tlvs_blindedpath {
struct pubkey blinding;
struct onionmsg_path **path;
};
```
Before:
wire/gen_bolt13_tlv.c:
```C
for (size_t i = 0; i < tal_count(r->blindedpath->path); i++)
towire_onionmsg_path(&ptr, r->blindedpath->path + i);
```
After:
```C
for (size_t i = 0; i < tal_count(r->blindedpath->path); i++)
towire_onionmsg_path(&ptr, r->blindedpath->path[i]);
```
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Otherwise make thinks we're done, and we can get errors. Include
primitive code if we abort build halfway and leave .refresh-submodules dir.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We create ALL_PROGRAMS, ALL_TEST_PROGRAMS, ALL_C_SOURCES and
ALL_C_HEADERS. Then the toplevel Makefile knows which are
autogenerated (by wildcard), so it can have all the rules to clean
them or check the source as necessary.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Changelog-Fixed: Actually make the password argument optional for `guesstoremote` and `dumpcommitments` sub-commands, as shown in our documentation and help text.
Reported by `Barno` on #c-lightning IRC.
Before this, docker image will never detects that
`lightning-rpc` was created if it is running in regtest
or testnet, because the file will be created under
subfolder for each network name, and entrypoint does not
check "lightning-rpc" file in those folders.
By specifying `LIGHTNINGD_NETWORK` environment var
in dockerfile, we can now check correct path.
Changelog-Added: Docker build now includes `LIGHTNINGD_NETWORK` ENV variable which defaults to "bitcoin". An user can override this (e.g. by `-e` option in `docker run`) to run docker container in regtest or testnet or any valid argument to `--network`.
Changelog-Added: We now install `lightning-hsmtool` for your `hsm_secret` needs.
See: https://github.com/ElementsProject/lightning/issues/3717#issuecomment-644844594
It seems reasonable to add this to the standard install, and to document it properly as well, hopefully we can fill in the documentation better later on.
According to #3226, it looks like clang's LD error format has changed.
This patch adds the new format so we can parse the mocks successfully.
Apple clang version 11.0.3 (clang-1103.0.32.29)
```
checking for ANSI C header files... Undefined symbols for architecture x86_64:
"_fromwire_amount_msat", referenced from:
_fromwire_tlv_test_n1_tlv3 in ccj4zKdV.o
"_fromwire_bool", referenced from:
_fromwire_test_msg in ccj4zKdV.o
_fromwire_test_msg_option_short_id in ccj4zKdV.o
_fromwire_test_msg_option_one in ccj4zKdV.o
_fromwire_test_msg_option_two in ccj4zKdV.o
"_fromwire_test_enum", referenced from:
_fromwire_test_msg in ccj4zKdV.o
_fromwire_test_msg_option_short_id in ccj4zKdV.o
_fromwire_test_msg_option_one in ccj4zKdV.o
_fromwire_test_msg_option_two in ccj4zKdV.o
"_fromwire_tlvs", referenced from:
_fromwire_test_tlv1 in ccj4zKdV.o
_fromwire_test_tlv2 in ccj4zKdV.o
_fromwire_test_tlv3 in ccj4zKdV.o
"_fromwire_tu32", referenced from:
_fromwire_tlv_test_n2_tlv2 in ccj4zKdV.o
"_fromwire_tu64", referenced from:
_fromwire_tlv_test_n1_tlv1 in ccj4zKdV.o
_fromwire_tlv_test_n2_tlv1 in ccj4zKdV.o
"_fromwire_u16", referenced from:
_fromwire_test_features in ccj4zKdV.o
_fromwire_subtype_var_assign in ccj4zKdV.o
_fromwire_subtype_arrays in ccj4zKdV.o
_fromwire_tlv_test_n1_tlv4 in ccj4zKdV.o
_fromwire_tlv_test_n3_tlv3 in ccj4zKdV.o
_fromwire_test_msg in ccj4zKdV.o
_fromwire_test_tlv1 in ccj4zKdV.o
...
"_fromwire_u32", referenced from:
_fromwire_tlv_test_n3_tlv3 in ccj4zKdV.o
_fromwire_test_msg in ccj4zKdV.o
_fromwire_test_msg_option_short_id in ccj4zKdV.o
_fromwire_test_msg_option_one in ccj4zKdV.o
_fromwire_test_msg_option_two in ccj4zKdV.o
"_fromwire_u64", referenced from:
_fromwire_test_short_id in ccj4zKdV.o
_fromwire_tlv_test_n3_tlv3 in ccj4zKdV.o
"_fromwire_u8", referenced from:
_fromwire_subtype_var_assign in ccj4zKdV.o
_fromwire_subtype_var_len in ccj4zKdV.o
_fromwire_subtype_varlen_varsize in ccj4zKdV.o
_fromwire_tlv_test_n3_tlv3 in ccj4zKdV.o
"_fromwire_u8_array", referenced from:
_fromwire_test_features in ccj4zKdV.o
_fromwire_subtype_arrays in ccj4zKdV.o
_fromwire_tlv_test_n3_tlv3 in ccj4zKdV.o
_fromwire_test_msg in ccj4zKdV.o
_fromwire_test_msg_option_short_id in ccj4zKdV.o
_fromwire_test_msg_option_one in ccj4zKdV.o
_fromwire_test_msg_option_two in ccj4zKdV.o
...
```
Changelog-Fixed: Build for macOS Catalina / Apple clang v11.0.3 fixed
`struct tx_parts` is just a txid and a bunch of inputs and outputs,
some of which may be NULL.
This is both a nod towards a future where we (or our peer) can combine
HTLCs or (in an eltoo world) commitments, although for the moment all
our tx_parts will be complete.
It also matches our plan to split `bitcoin_tx` into two types: this
`struct tx_parts` where we don't know input amounts etc, and `psbt`
where we do.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
now that witness script data is saved into the tx/psbt which is
serialized across the wire, there's no reason to use witscript to do
this. good bye witscript!