lnd: use distinct pubkey for watchtowers and server

This commit is contained in:
Conner Fromknecht 2019-06-20 16:55:52 -07:00
parent a7415336bc
commit ea311649b4
No known key found for this signature in database
GPG Key ID: E7D737B67FA592C7
2 changed files with 50 additions and 7 deletions

14
lnd.go

@ -344,6 +344,18 @@ func Main() error {
}
defer towerDB.Close()
towerPrivKey, err := activeChainControl.wallet.DerivePrivKey(
keychain.KeyDescriptor{
KeyLocator: keychain.KeyLocator{
Family: keychain.KeyFamilyTowerID,
Index: 0,
},
},
)
if err != nil {
return err
}
wtConfig, err := cfg.Watchtower.Apply(&watchtower.Config{
BlockFetcher: activeChainControl.chainIO,
DB: towerDB,
@ -354,7 +366,7 @@ func Main() error {
lnwallet.WitnessPubKey, false,
)
},
NodePrivKey: idPrivKey,
NodePrivKey: towerPrivKey,
PublishTx: activeChainControl.wallet.PublishTransaction,
ChainHash: *activeNetParams.GenesisHash,
}, lncfg.NormalizeAddresses)

@ -42,6 +42,7 @@ import (
"github.com/lightningnetwork/lnd/lnrpc"
"github.com/lightningnetwork/lnd/lnrpc/invoicesrpc"
"github.com/lightningnetwork/lnd/lnrpc/routerrpc"
"github.com/lightningnetwork/lnd/lnrpc/watchtowerrpc"
"github.com/lightningnetwork/lnd/lntest"
"github.com/lightningnetwork/lnd/lntypes"
"github.com/lightningnetwork/lnd/lnwire"
@ -7620,6 +7621,7 @@ func testRevokedCloseRetributionAltruistWatchtower(net *lntest.NetworkHarness,
chanAmt = lnd.MaxBtcFundingAmount
paymentAmt = 10000
numInvoices = 6
externalIP = "1.2.3.4"
)
// Since we'd like to test some multi-hop failure scenarios, we'll
@ -7635,28 +7637,57 @@ func testRevokedCloseRetributionAltruistWatchtower(net *lntest.NetworkHarness,
// Willy the watchtower will protect Dave from Carol's breach. He will
// remain online in order to punish Carol on Dave's behalf, since the
// breach will happen while Dave is offline.
willy, err := net.NewNode("Willy", []string{"--watchtower.active"})
willy, err := net.NewNode("Willy", []string{
"--watchtower.active",
"--watchtower.externalip=" + externalIP,
})
if err != nil {
t.Fatalf("unable to create new nodes: %v", err)
}
defer shutdownAndAssert(net, t, willy)
ctxt, _ := context.WithTimeout(ctxb, defaultTimeout)
willyInfo, err := willy.GetInfo(ctxt, &lnrpc.GetInfoRequest{})
willyInfo, err := willy.WatchtowerClient.GetInfo(
ctxt, &watchtowerrpc.GetInfoRequest{},
)
if err != nil {
t.Fatalf("unable to getinfo from willy: %v", err)
}
willyAddr := willyInfo.Uris[0]
parts := strings.Split(willyAddr, ":")
willyTowerAddr := parts[0]
// Assert that Willy has one listener and it is 0.0.0.0:9911 or
// [::]:9911. Since no listener is explicitly specified, one of these
// should be the default depending on whether the host supports IPv6 or
// not.
if len(willyInfo.Listeners) != 1 {
t.Fatalf("Willy should have 1 listener, has %d",
len(willyInfo.Listeners))
}
listener := willyInfo.Listeners[0]
if listener != "0.0.0.0:9911" && listener != "[::]:9911" {
t.Fatalf("expected listener on 0.0.0.0:9911 or [::]:9911, "+
"got %v", listener)
}
// Assert the Willy's URIs properly display the chosen external IP.
if len(willyInfo.Uris) != 1 {
t.Fatalf("Willy should have 1 uri, has %d",
len(willyInfo.Uris))
}
if !strings.Contains(willyInfo.Uris[0], externalIP) {
t.Fatalf("expected uri with %v, got %v",
externalIP, willyInfo.Uris[0])
}
// Construct a URI from listening port and public key, since aren't
// actually connecting remotely.
willyTowerURI := fmt.Sprintf("%x@%s", willyInfo.Pubkey, listener)
// Dave will be the breached party. We set --nolisten to ensure Carol
// won't be able to connect to him and trigger the channel data
// protection logic automatically.
dave, err := net.NewNode("Dave", []string{
"--nolisten",
"--wtclient.private-tower-uris=" + willyTowerAddr,
"--wtclient.private-tower-uris=" + willyTowerURI,
})
if err != nil {
t.Fatalf("unable to create new node: %v", err)