Make node_id, bip32 xpub, and bolt12 pubkey persistent (#23)

* Persist node_id, bip32 xpub, and bolt12 pubkey

* cleaned up the remotesigner skip predicates

* addressed review comments: rename, let remote signer generate seed

Author: ksedgwic

contrib/remote_hsmd/Makefile

@@ -34,6 +34,7 @@ PROTOS_PATH = contrib/remote_hsmd
 RMTHSMD_COMMON_OBJS :=				\
     hsmd/hsmd_wiregen.o			\
 	common/amount.o				\
+	common/base32.o				\
 	common/bigsize.o			\
 	common/bip32.o				\
 	common/channel_id.o			\
@@ -42,6 +43,9 @@ RMTHSMD_COMMON_OBJS :=				\
 	common/derive_basepoints.o	\
 	common/status_wiregen.o		\
 	common/hash_u5.o			\
+	common/json.o				\
+	common/json_helpers.o		\
+	common/json_stream.o		\
 	common/key_derive.o			\
 	common/memleak.o			\
 	common/msg_queue.o			\
@@ -55,7 +59,8 @@ RMTHSMD_COMMON_OBJS :=				\
 	common/type_to_string.o		\
 	common/utils.o				\
 	common/utxo.o				\
-	common/version.o
+	common/version.o			\
+	common/wireaddr.o
 
 # For checking
 LIGHTNINGD_RMTHSM_ALLSRC_NOGEN := $(filter-out contrib/remote_hsmd/remotesigner.%, $(LIGHTNINGD_RMTHSM_SRC) $(LIGHTNINGD_RMTHSM_SRC))

contrib/remote_hsmd/hsmd.c

@@ -20,14 +20,19 @@
 #include <ccan/intmap/intmap.h>
 #include <ccan/io/fdpass/fdpass.h>
 #include <ccan/io/io.h>
+#include <ccan/json_out/json_out.h>
 #include <ccan/noerr/noerr.h>
 #include <ccan/ptrint/ptrint.h>
 #include <ccan/read_write_all/read_write_all.h>
+#include <ccan/str/hex/hex.h>
 #include <ccan/take/take.h>
+#include <ccan/tal/grab_file/grab_file.h>
 #include <ccan/tal/str/str.h>
 #include <common/daemon_conn.h>
 #include <common/derive_basepoints.h>
 #include <common/hash_u5.h>
+#include <common/json.h>
+#include <common/json_helpers.h>
 #include <common/key_derive.h>
 #include <common/memleak.h>
 #include <common/node_id.h>
@@ -391,6 +396,72 @@ static void workaround_init_bolt12(const struct secret *hsm_secret, struct pubke
 		              "Could derive bolt12 public key.");
 }
 
+static void persist_node_id(const struct node_id *node_id,
+			     const struct ext_key *bip32,
+			     const struct pubkey32 *bolt12)
+{
+	struct json_out *jout = json_out_new(tmpctx);
+	json_out_start(jout, NULL, '{');
+
+	json_out_addstr(jout, "nodeid", type_to_string(jout, struct node_id, node_id));
+
+	char *xpub;
+	tal_wally_start();
+	int rv2 = bip32_key_to_base58(bip32, BIP32_FLAG_KEY_PUBLIC, &xpub);
+	tal_wally_end(NULL);
+	assert(rv2 == WALLY_OK);
+	json_out_addstr(jout, "xpub", xpub);
+	wally_free_string(xpub);
+
+	json_out_addstr(jout, "bolt12", type_to_string(jout, struct pubkey32, bolt12));
+
+	json_out_end(jout, '}');
+	size_t len;
+	const char *p = json_out_contents(jout, &len);
+
+	int fd = open("NODE_ID", O_WRONLY|O_TRUNC|O_CREAT, 0666);
+	assert(fd != -1);
+	write_all(fd, p, len);
+	json_out_consume(jout, len);
+	close(fd);
+}
+
+static bool restore_node_id(struct node_id *node_id,
+			     struct ext_key *bip32,
+			     struct pubkey32 *bolt12)
+{
+	if (access("NODE_ID", F_OK) == -1) {
+		// This is a cold start, we don't have this yet.
+		return false;
+	}
+
+	// This is a warmstart, initialize our node_id.
+	char *buffer = grab_file(tmpctx, "NODE_ID");
+	const jsmntok_t *toks = json_parse_simple(buffer, buffer, strlen(buffer));
+	const jsmntok_t *nodeidtok = json_get_member(buffer, toks, "nodeid");
+	const jsmntok_t *xpubtok = json_get_member(buffer, toks, "xpub");
+	const jsmntok_t *bolt12tok = json_get_member(buffer, toks, "bolt12");
+	assert(nodeidtok != NULL);
+	assert(xpubtok != NULL);
+	assert(bolt12tok != NULL);
+
+	if (!json_to_node_id(buffer, nodeidtok, node_id))
+		abort();
+
+	buffer[xpubtok->end] = '\0';  // need to null-terminate xpub string
+	if (bip32_key_from_base58(buffer + xpubtok->start, bip32) != WALLY_OK)
+		abort();
+
+	u8 raw[32];
+	if (!hex_decode(buffer + bolt12tok->start, bolt12tok->end - bolt12tok->start,
+			raw, sizeof(raw)))
+		abort();
+	if (secp256k1_xonly_pubkey_parse(secp256k1_ctx, &bolt12->pubkey, raw) != 1)
+		abort();
+
+	return true;
+}
+
 /*~ This is the response to lightningd's HSM_INIT request, which is the first
  * thing it sends. */
 static struct io_plan *init_hsm(struct io_conn *conn,
@@ -405,6 +476,7 @@ static struct io_plan *init_hsm(struct io_conn *conn,
 	struct sha256 *force_channel_secrets_shaseed;
 	struct secret *hsm_encryption_key;
 	struct secret hsm_secret;
+	struct secret *use_hsm_secret;
 	bool coldstart;
 
 	/* This must be lightningd. */
@@ -444,41 +516,51 @@ static struct io_plan *init_hsm(struct io_conn *conn,
 	 * will use */
 	c->chainparams = chainparams;
 
-	/* To support integration tests we honor any seed provided
-	 * in the hsm_secret file (testnet only). Otherwise we
-	 * generate a random seed.
-	 */
-	if (!read_test_seed(&hsm_secret)) {
-		randombytes_buf(&hsm_secret, sizeof(hsm_secret));
-	}
-
 	/* Is this a warm start (restart) or a cold start (first time)? */
-	coldstart = access("WARM", F_OK) == -1;
-
-	proxy_stat rv = proxy_init_hsm(&bip32_key_version, chainparams,
-				       coldstart, &hsm_secret,
-				       &node_id, &pubstuff.bip32);
-	if (PROXY_PERMANENT(rv)) {
-		status_failed(STATUS_FAIL_INTERNAL_ERROR,
-		              "proxy_%s failed: %s", __FUNCTION__,
-			      proxy_last_message());
-	}
-	else if (!PROXY_SUCCESS(rv)) {
-		status_unusual("proxy_%s failed: %s", __FUNCTION__,
-			       proxy_last_message());
-		return bad_req_fmt(conn, c, msg_in,
-				   "proxy_%s error: %s", __FUNCTION__,
-				   proxy_last_message());
-	}
+	if (restore_node_id(&node_id, &pubstuff.bip32, &bolt12)) {
+		// This is a warm start.
+		proxy_set_node_id(&node_id);
+	} else {
+		status_unusual("cold start, initializing the remote signer");
+
+		// This is a cold start, initialize the remote signer.
+
+		/* To support integration tests we honor any seed provided
+		 * in the hsm_secret file (testnet only). Otherwise we
+		 * generate a random seed.
+		 */
+		if (read_test_seed(&hsm_secret)) {
+			// We are running integration tests and the secret has been forced.
+			use_hsm_secret = &hsm_secret;
+		} else {
+			// We are not running integration tests, remote signer generates.
+			use_hsm_secret = NULL;
+		}
+
+		coldstart = true; // this can go away in the API.
+		proxy_stat rv = proxy_init_hsm(&bip32_key_version, chainparams,
+					       coldstart, use_hsm_secret,
+					       &node_id, &pubstuff.bip32);
+		if (PROXY_PERMANENT(rv)) {
+			status_failed(STATUS_FAIL_INTERNAL_ERROR,
+				      "proxy_%s failed: %s", __FUNCTION__,
+				      proxy_last_message());
+		}
+		else if (!PROXY_SUCCESS(rv)) {
+			status_unusual("proxy_%s failed: %s", __FUNCTION__,
+				       proxy_last_message());
+			return bad_req_fmt(conn, c, msg_in,
+					   "proxy_%s error: %s", __FUNCTION__,
+					   proxy_last_message());
+		}
 
-	/* Mark this node as already inited. */
-	int fd = open("WARM", O_WRONLY|O_TRUNC|O_CREAT, 0666);
-	assert(fd != -1);
-	close(fd);
 
-	// TODO - add support for bolt12
-	workaround_init_bolt12(&hsm_secret, &bolt12);
+		// TODO - add support for bolt12
+		workaround_init_bolt12(&hsm_secret, &bolt12);
 
+		/* Mark this node as already inited. */
+		persist_node_id(&node_id, &pubstuff.bip32, &bolt12);
+	}
 	/* Now we can consider ourselves initialized, and we won't get
 	 * upset if we get a non-init message. */
 	initialized = true;

contrib/remote_hsmd/proxy.cc

@@ -324,6 +324,11 @@ void proxy_setup()
 	last_message = "";
 }
 
+void proxy_set_node_id(const struct node_id *node_id)
+{
+	self_id = *node_id;
+}
+
 proxy_stat proxy_init_hsm(struct bip32_key_version *bip32_key_version,
 			  struct chainparams const *chainparams,
 			  bool coldstart,
@@ -334,7 +339,7 @@ proxy_stat proxy_init_hsm(struct bip32_key_version *bip32_key_version,
 	STATUS_DEBUG(
 		"%s:%d %s { \"hsm_secret\":%s, \"coldstart\":%s }",
 		__FILE__, __LINE__, __FUNCTION__,
-		dump_secret(hsm_secret).c_str(),
+		hsm_secret != NULL ? dump_secret(hsm_secret).c_str() : "\"\"",
 		coldstart ? "true" : "false"
 		);
 
@@ -351,9 +356,9 @@ proxy_stat proxy_init_hsm(struct bip32_key_version *bip32_key_version,
 
 		req.set_coldstart(coldstart);
 
-		/* FIXME - Sending the secret instead of generating on
-		 * the remote. */
-		marshal_bip32seed(hsm_secret, req.mutable_hsm_secret());
+		// If we are running integration tests the secret will be forced.
+		if (hsm_secret != NULL)
+			marshal_bip32seed(hsm_secret, req.mutable_hsm_secret());
 
 		ClientContext context;
 		InitReply rsp;

contrib/remote_hsmd/proxy.hpp

@@ -37,6 +37,8 @@ char const *proxy_last_message(void);
 
 void proxy_setup(void);
 
+void proxy_set_node_id(const struct node_id *node_id);
+
 proxy_stat proxy_init_hsm(
 	struct bip32_key_version *bip32_key_version,
 	struct chainparams const *chainparams,

tests/test_connection.py

@@ -392,6 +392,7 @@ def test_disconnect_fundee(node_factory):
 @pytest.mark.developer
 @pytest.mark.openchannel('v2')
 @unittest.skipIf(os.getenv('SUBDAEMON', 'xxx') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support dual-funding yet")
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support dual-funding yet")
 def test_disconnect_fundee_v2(node_factory):
     # Now error on fundee side during channel open, with them funding
     disconnects = ['-WIRE_ACCEPT_CHANNEL2',
@@ -593,6 +594,7 @@ def test_reconnect_no_update(node_factory, executor, bitcoind):
     l1.daemon.wait_for_log(r"CLOSINGD_COMPLETE")
 
 
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't like hsm_secret shenanigans")
 def test_connect_stresstest(node_factory, executor):
     # This test is unreliable, but it's better than nothing.
     l1, l2, l3 = node_factory.get_nodes(3, opts={'may_reconnect': True})
@@ -1037,7 +1039,7 @@ def test_funding_toolarge(node_factory, bitcoind):
 
 @unittest.skipIf(TEST_NETWORK != 'regtest', 'elementsd doesnt yet support PSBT features we need')
 @pytest.mark.openchannel('v2')
-@unittest.skipIf(os.getenv('SUBDAEMON', 'xxx') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support dual-funding yet")
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support dual-funding yet")
 def test_v2_open(node_factory, bitcoind, chainparams):
     l1, l2 = node_factory.get_nodes(2)
 
@@ -1638,7 +1640,7 @@ def test_funding_external_wallet(node_factory, bitcoind):
 
 @unittest.skipIf(TEST_NETWORK != 'regtest', 'elementsd doesnt yet support PSBT features we need')
 @pytest.mark.openchannel('v1')  # We manually turn on dual-funding for select nodes
-@unittest.skipIf(os.getenv('SUBDAEMON', 'xxx') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support dual-funding yet")
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support dual-funding yet")
 def test_multifunding_v1_v2_mixed(node_factory, bitcoind):
     '''
     Simple test for multifundchannel, using v1 + v2
@@ -1680,7 +1682,7 @@ def test_multifunding_v1_v2_mixed(node_factory, bitcoind):
 
 @unittest.skipIf(TEST_NETWORK != 'regtest', 'elementsd doesnt yet support PSBT features we need')
 @pytest.mark.openchannel('v2')
-@unittest.skipIf(os.getenv('SUBDAEMON', 'xxx') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support dual-funding yet")
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support dual-funding yet")
 def test_multifunding_v2_exclusive(node_factory, bitcoind):
     '''
     Simple test for multifundchannel, using v2
@@ -3082,7 +3084,7 @@ def test_fail_unconfirmed(node_factory, bitcoind, executor):
 @pytest.mark.developer("need dev-disconnect")
 @unittest.skipIf(TEST_NETWORK != 'regtest', 'elementsd doesnt yet support PSBT features we need')
 @pytest.mark.openchannel('v2')
-@unittest.skipIf(os.getenv('SUBDAEMON', 'xxx') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support dual-funding yet")
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support dual-funding yet")
 def test_fail_unconfirmed_openchannel2(node_factory, bitcoind, executor):
     """Test that if we crash with an unconfirmed connection to a known
     peer, we don't have a dangling peer in db"""
@@ -3370,7 +3372,7 @@ def test_channel_features(node_factory, bitcoind):
 
 
 @pytest.mark.developer("need dev-force-features")
-@unittest.skipIf(os.getenv('SUBDAEMON', 'xxx') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support non-option_static_remotekey")
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support non-option_static_remotekey")
 def test_nonstatic_channel(node_factory, bitcoind):
     """Smoke test for a channel without option_static_remotekey"""
     l1, l2 = node_factory.line_graph(2,

tests/test_db.py

@@ -133,7 +133,7 @@ def test_max_channel_id(node_factory, bitcoind):
 @unittest.skipIf(not COMPAT, "needs COMPAT to convert obsolete db")
 @unittest.skipIf(os.getenv('TEST_DB_PROVIDER', 'sqlite3') != 'sqlite3', "This test is based on a sqlite3 snapshot")
 @unittest.skipIf(TEST_NETWORK != 'regtest', "The network must match the DB snapshot")
-@unittest.skipIf(os.getenv('SUBDAEMON', 'xxx') == 'hsmd:remote_hsmd', "remote_hsmd doesn't like channel_nonce changing")
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't like channel_nonce changing")
 def test_scid_upgrade(node_factory, bitcoind):
     bitcoind.generate_block(1)
 
@@ -169,7 +169,7 @@ def test_last_tx_inflight_psbt_upgrade(node_factory, bitcoind):
 @unittest.skipIf(not COMPAT, "needs COMPAT to convert obsolete db")
 @unittest.skipIf(os.getenv('TEST_DB_PROVIDER', 'sqlite3') != 'sqlite3', "This test is based on a sqlite3 snapshot")
 @unittest.skipIf(TEST_NETWORK != 'regtest', "The network must match the DB snapshot")
-@unittest.skipIf(os.getenv('SUBDAEMON', 'xxx') == 'hsmd:remote_hsmd', "remote_hsmd doesn't like channel_nonce changing")
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't like channel_nonce changing")
 def test_last_tx_psbt_upgrade(node_factory, bitcoind):
     bitcoind.generate_block(12)
 
@@ -206,7 +206,7 @@ def test_last_tx_psbt_upgrade(node_factory, bitcoind):
 
 @unittest.skipIf(os.getenv('TEST_DB_PROVIDER', 'sqlite3') != 'sqlite3', "This test is based on a sqlite3 snapshot")
 @unittest.skipIf(TEST_NETWORK != 'regtest', "The network must match the DB snapshot")
-@unittest.skipIf(os.getenv('SUBDAEMON', 'xxx') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support backfill yet")
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support backfill yet")
 def test_backfill_scriptpubkeys(node_factory, bitcoind):
     bitcoind.generate_block(214)
 
@@ -333,7 +333,7 @@ def get_dsn(self):
     os.getenv('TEST_DB_PROVIDER', 'sqlite3') != 'sqlite3',
     "This test is based on a sqlite3 snapshot"
 )
-@unittest.skipIf(os.getenv('SUBDAEMON', 'xxx') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support DB migration")
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support DB migration")
 def test_local_basepoints_cache(bitcoind, node_factory):
     """XXX started caching the local basepoints as well as the remote ones.
 

tests/test_misc.py

@@ -1110,7 +1110,7 @@ def test_daemon_option(node_factory):
 
 @flaky
 @pytest.mark.developer("needs DEVELOPER=1")
-@unittest.skipIf(os.getenv('SUBDAEMON', 'xxx') == 'hsmd:remote_hsmd', "remote_hsmd doesn't have repeatable random seeding")
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't have repeatable random seeding")
 def test_blockchaintrack(node_factory, bitcoind):
     """Check that we track the blockchain correctly across reorgs
     """
@@ -1817,7 +1817,7 @@ def mock_fail(*args):
 
 @pytest.mark.developer("needs --dev-force-bip32-seed")
 @unittest.skipIf(TEST_NETWORK != 'regtest', "Addresses are network specific")
-@unittest.skipIf(os.getenv('SUBDAEMON', 'xxx') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support forced secrets")
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support forced secrets")
 def test_dev_force_bip32_seed(node_factory):
     l1 = node_factory.get_node(options={'dev-force-bip32-seed': '0000000000000000000000000000000000000000000000000000000000000001'})
     # First is m/0/0/1 ..
@@ -2148,7 +2148,7 @@ def test_regtest_upgrade(node_factory):
 
 @unittest.skipIf(VALGRIND, "valgrind files can't be written since we rmdir")
 @unittest.skipIf(TEST_NETWORK != "regtest", "needs bitcoin mainnet")
-@unittest.skipIf(os.getenv('SUBDAEMON', 'xxx') == 'hsmd:remote_hsmd', "remote_hsmd doesn't create hsm_secret file")
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't create hsm_secret file")
 def test_new_node_is_mainnet(node_factory):
     """Test that an empty directory causes us to be on mainnet"""
     l1 = node_factory.get_node(start=False, may_fail=True)
@@ -2386,7 +2386,7 @@ def test_sendonionmessage_reply(node_factory):
 
 
 @pytest.mark.developer("needs --dev-force-privkey")
-@unittest.skipIf(os.getenv('SUBDAEMON', 'xxx') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support dev-force-privkey")
+@unittest.skipIf(os.getenv('SUBDAEMON') == 'hsmd:remote_hsmd', "remote_hsmd doesn't support dev-force-privkey")
 def test_getsharedsecret(node_factory):
     """
     Test getsharedsecret command.