From ea311649b43b10aca45c5e50107eb3256859a837 Mon Sep 17 00:00:00 2001 From: Conner Fromknecht Date: Thu, 20 Jun 2019 16:55:52 -0700 Subject: [PATCH] lnd: use distinct pubkey for watchtowers and server --- lnd.go | 14 ++++++++++++- lntest/itest/lnd_test.go | 43 ++++++++++++++++++++++++++++++++++------ 2 files changed, 50 insertions(+), 7 deletions(-) diff --git a/lnd.go b/lnd.go index eaf8f877..650e47b9 100644 --- a/lnd.go +++ b/lnd.go @@ -344,6 +344,18 @@ func Main() error { } defer towerDB.Close() + towerPrivKey, err := activeChainControl.wallet.DerivePrivKey( + keychain.KeyDescriptor{ + KeyLocator: keychain.KeyLocator{ + Family: keychain.KeyFamilyTowerID, + Index: 0, + }, + }, + ) + if err != nil { + return err + } + wtConfig, err := cfg.Watchtower.Apply(&watchtower.Config{ BlockFetcher: activeChainControl.chainIO, DB: towerDB, @@ -354,7 +366,7 @@ func Main() error { lnwallet.WitnessPubKey, false, ) }, - NodePrivKey: idPrivKey, + NodePrivKey: towerPrivKey, PublishTx: activeChainControl.wallet.PublishTransaction, ChainHash: *activeNetParams.GenesisHash, }, lncfg.NormalizeAddresses) diff --git a/lntest/itest/lnd_test.go b/lntest/itest/lnd_test.go index b34fe433..220fb53f 100644 --- a/lntest/itest/lnd_test.go +++ b/lntest/itest/lnd_test.go @@ -42,6 +42,7 @@ import ( "github.com/lightningnetwork/lnd/lnrpc" "github.com/lightningnetwork/lnd/lnrpc/invoicesrpc" "github.com/lightningnetwork/lnd/lnrpc/routerrpc" + "github.com/lightningnetwork/lnd/lnrpc/watchtowerrpc" "github.com/lightningnetwork/lnd/lntest" "github.com/lightningnetwork/lnd/lntypes" "github.com/lightningnetwork/lnd/lnwire" @@ -7620,6 +7621,7 @@ func testRevokedCloseRetributionAltruistWatchtower(net *lntest.NetworkHarness, chanAmt = lnd.MaxBtcFundingAmount paymentAmt = 10000 numInvoices = 6 + externalIP = "1.2.3.4" ) // Since we'd like to test some multi-hop failure scenarios, we'll @@ -7635,28 +7637,57 @@ func testRevokedCloseRetributionAltruistWatchtower(net *lntest.NetworkHarness, // Willy the watchtower will protect Dave from Carol's breach. He will // remain online in order to punish Carol on Dave's behalf, since the // breach will happen while Dave is offline. - willy, err := net.NewNode("Willy", []string{"--watchtower.active"}) + willy, err := net.NewNode("Willy", []string{ + "--watchtower.active", + "--watchtower.externalip=" + externalIP, + }) if err != nil { t.Fatalf("unable to create new nodes: %v", err) } defer shutdownAndAssert(net, t, willy) ctxt, _ := context.WithTimeout(ctxb, defaultTimeout) - willyInfo, err := willy.GetInfo(ctxt, &lnrpc.GetInfoRequest{}) + willyInfo, err := willy.WatchtowerClient.GetInfo( + ctxt, &watchtowerrpc.GetInfoRequest{}, + ) if err != nil { t.Fatalf("unable to getinfo from willy: %v", err) } - willyAddr := willyInfo.Uris[0] - parts := strings.Split(willyAddr, ":") - willyTowerAddr := parts[0] + // Assert that Willy has one listener and it is 0.0.0.0:9911 or + // [::]:9911. Since no listener is explicitly specified, one of these + // should be the default depending on whether the host supports IPv6 or + // not. + if len(willyInfo.Listeners) != 1 { + t.Fatalf("Willy should have 1 listener, has %d", + len(willyInfo.Listeners)) + } + listener := willyInfo.Listeners[0] + if listener != "0.0.0.0:9911" && listener != "[::]:9911" { + t.Fatalf("expected listener on 0.0.0.0:9911 or [::]:9911, "+ + "got %v", listener) + } + + // Assert the Willy's URIs properly display the chosen external IP. + if len(willyInfo.Uris) != 1 { + t.Fatalf("Willy should have 1 uri, has %d", + len(willyInfo.Uris)) + } + if !strings.Contains(willyInfo.Uris[0], externalIP) { + t.Fatalf("expected uri with %v, got %v", + externalIP, willyInfo.Uris[0]) + } + + // Construct a URI from listening port and public key, since aren't + // actually connecting remotely. + willyTowerURI := fmt.Sprintf("%x@%s", willyInfo.Pubkey, listener) // Dave will be the breached party. We set --nolisten to ensure Carol // won't be able to connect to him and trigger the channel data // protection logic automatically. dave, err := net.NewNode("Dave", []string{ "--nolisten", - "--wtclient.private-tower-uris=" + willyTowerAddr, + "--wtclient.private-tower-uris=" + willyTowerURI, }) if err != nil { t.Fatalf("unable to create new node: %v", err)