d393cda215
This splits maybe_create_hsm_secret() in two parts (either encrypted or in clear) for clarity, and adds an encryption detection in load_hsm(). There are actually three cases if an encryption key is passed: - There is no hsm_secret => just create it and store the encrypted seed - There is an encrypted hsm_secret => the provided key should be able to decrypt the seed, if the wrong key is passed libsodium will nicely error and hsmd will exit() to not throw a backtrace (using status_failed() as for other errors) at the face of an user who mistyped its password. - There is a non-encrypted hsm_secret => load the seed, delete the hsm_secret, create the hsm_secret, store the encrypted seed. |
||
|---|---|---|
| .. | ||
| Makefile | ||
| capabilities.h | ||
| hsm_wire.csv | ||
| hsmd.c | ||