-
Notifications
You must be signed in to change notification settings - Fork 909
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hsmtool: enable dumping output descriptors of onchain wallet #4171
Hsmtool: enable dumping output descriptors of onchain wallet #4171
Conversation
fd74279
to
fc008f4
Compare
Ok, added a test, documented (and rebased on #4146 so that i can build locally) |
Travis failure is an unrelated timeout |
fc008f4
to
f9c2d4f
Compare
Rebased on master after #4146 merge, added a missing changelog. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool addition. I'm not sure how anchor outputs affects the assumption that all outputs are some variant of p2wpkh
, may not be relevant for this patch.
|
||
/* The root seed is derived from hsm_secret using hkdf.. */ | ||
do { | ||
hkdf_sha256(bip32_seed, sizeof(bip32_seed), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Duplicating this code from hsmd/hsmd.c#populate_secretstuff
is a bad idea. Needs to be a shared routine that both hsmd and here use.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's how we've created tool since now ?..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't follow. We really want this code to be shared so that if one changes, the other also gets updated.
tools/hsmtool.c
Outdated
{ | ||
struct secret hsm_secret; | ||
u8 bip32_seed[BIP32_ENTROPY_LEN_256]; | ||
u32 salt = 0; | ||
u32 version = testnet ? BIP32_VER_TEST_PRIVATE : BIP32_VER_MAIN_PRIVATE; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we infer this from the directory structure or some other info source?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, as we can use all commands of the hsmtool
on a hsm_secret
without depending on its environment at all
and this would be quite convoluted too..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have all of these parameters in chainparams.c
, so why not use them? We can even steal the --network
option from lightningd
itself :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This'd mean bringing the opt()
system here: that's a much bigger change :/
You are right that we actually don't sweep the Edit: ah also, i could make it a miniscript descriptor then but i think it's a bad idea because there is virtually no support for them (including |
This functionality is Cool and Interesting, but until miniscript is widely adopted I think it's best to advertise this as a subset of your lightning funds tracking, at best. There's definitely "outputs we own, eventually" that haven't been swept to a 'recognizable wallet output' that will be missed by this -- if for some reason you take your lightning node down before these are swept there's a possibility that they'll be lost. With these considerations in mind, I'd also be tempted to remove the xpriv. Rationale: it gives the false impression of 'total wallet funds control' when that's really not the case.
I agree, this is a good intuition. I suspect that when miniscript descriptors are more formally nailed down the lightning spec itself will also move that direction, which will then make this export functionality extremely powerful. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
few more things I noticed while testing.
tools/hsmtool.c
Outdated
return dumponchaindescriptors(argv[2], argc > 3 ? argv[3] : NULL); | ||
return dumponchaindescriptors(argv[2], | ||
argc > 3 && !streq(argv[3], "") ? argv[3] : NULL, | ||
argc > 4 && streq(argv[4], "private")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's weird to me that you have to physically type in the phrase "private" and not look for a true/false here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I find it better: at usage typing testnet
is way more meaningful than true
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Update the parameter name then. As written, the parameter testnet
suggests to say 'flag true if testnet'.
f9c2d4f
to
11c1a11
Compare
|
tools/hsmtool.c
Outdated
{ | ||
struct secret hsm_secret; | ||
u8 bip32_seed[BIP32_ENTROPY_LEN_256]; | ||
u32 salt = 0; | ||
u32 version = testnet ? BIP32_VER_TEST_PRIVATE : BIP32_VER_MAIN_PRIVATE; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have all of these parameters in chainparams.c
, so why not use them? We can even steal the --network
option from lightningd
itself :-)
if not bitcoind.rpc.listwallets(): | ||
bitcoind.rpc.createwallet("lightningd-tests") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is slightly nicer than 90f4ea6
@@ -1045,6 +1045,36 @@ def test_hsmtool_secret_decryption(node_factory): | |||
assert node_id == l1.rpc.getinfo()["id"] | |||
|
|||
|
|||
@unittest.skipIf(TEST_NETWORK == 'liquid-regtest', '') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a comment saying that this is only supported for mainnet
and testnet
(technically we'd require it to be regtest
but that appears to match testnet
).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah descriptors for regtest are the same than for testnet (but addresses the same as mainnet!! 😭 )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hurray for consistency 🤦
I opened an issue for the password inputs for all of the |
You should use ccan/opt, now that cmdline parsing is non-trivial. But can be added after.... |
11c1a11
to
f49d84a
Compare
This is stolen from William's clightning-dumpkeys (https://github.com/jb55/clightning-dumpkeys), itself adapted from https://github.com/bitcoin/bitcoin/blob/42b66a6b814bca130a9ccf0a3f747cf33d628232/src/script/descriptor.cpp#L25 Co-authored-by: William Casarin <[email protected]> Signed-off-by: Antoine Poinsot <[email protected]>
We want to use it outside of fuzz-amount Signed-off-by: Antoine Poinsot <[email protected]>
A small one just to check that we don't crash nor go out of bounds! Signed-off-by: Antoine Poinsot <[email protected]>
This adds a command which outputs the two output descriptors corresponding to our onchain wallet. This can be useful for an external service to monitor / send fund to our wallet. Further, an "xpriv" version of such descriptors could be used to import onchain funds on a new wallet. Changelog-Added: lightning-hsmtool: a new command was added to hsmtool for dumping descriptors of the onchain wallet Signed-off-by: Antoine Poinsot <[email protected]>
Actually, it's more complex to translate the xpub descriptor to testnet because of the descriptor checksum. Signed-off-by: Antoine Poinsot <[email protected]>
Signed-off-by: Antoine Poinsot <[email protected]>
Signed-off-by: Antoine Poinsot <[email protected]>
Touch a bit about it as a backup/recovery mechanism in the FAQ Signed-off-by: Antoine Poinsot <[email protected]>
f49d84a
to
29e5764
Compare
Updated the interface to use "network" instead of 'testnet', rebased on master now that #4065 is merged. |
ACK 29e5764 Thanks.. |
This adds a new
dumponchaindescriptors
command tohsmtool
which can:xpub
-based descriptors (one for each scriptPubKey type we create)Possibly dump 2Removed: footgun with anchor outputs (thanks niftynei!)xpriv
-based descriptors (one for each scriptPubKey type we create)Useful for backing up / restoring the onchain wallet easilyTODO:
bitcoind
asserting we retrieve all the fundsbitcoind
EDIT: maybe output both main and test extended keys ?..EDIT 2: added atestnet
parameterFixes #4110
Ping @jb55 : finally got to jb55/clightning-dumpkeys#2 :-)