lnd/watchtower/wtclient/interface.go

package wtclient

import (
	"net"

	"github.com/btcsuite/btcd/btcec/v2"
	"github.com/lightningnetwork/lnd/keychain"
	"github.com/lightningnetwork/lnd/lnwire"
	"github.com/lightningnetwork/lnd/tor"
	"github.com/lightningnetwork/lnd/watchtower/blob"
	"github.com/lightningnetwork/lnd/watchtower/wtdb"
	"github.com/lightningnetwork/lnd/watchtower/wtserver"
)

// DB abstracts the required database operations required by the watchtower
// client.
type DB interface {
	// CreateTower initialize an address record used to communicate with a
	// watchtower. Each Tower is assigned a unique ID, that is used to
	// amortize storage costs of the public key when used by multiple
	// sessions. If the tower already exists, the address is appended to the
	// list of all addresses used to that tower previously and its
	// corresponding sessions are marked as active.
	CreateTower(*lnwire.NetAddress) (*wtdb.Tower, error)

	// RemoveTower modifies a tower's record within the database. If an
	// address is provided, then _only_ the address record should be removed
	// from the tower's persisted state. Otherwise, we'll attempt to mark
	// the tower as inactive by marking all of its sessions inactive. If any
	// of its sessions has unacked updates, then ErrTowerUnackedUpdates is
	// returned. If the tower doesn't have any sessions at all, it'll be
	// completely removed from the database.
	//
	// NOTE: An error is not returned if the tower doesn't exist.
	RemoveTower(*btcec.PublicKey, net.Addr) error

	// LoadTower retrieves a tower by its public key.
	LoadTower(*btcec.PublicKey) (*wtdb.Tower, error)

	// LoadTowerByID retrieves a tower by its tower ID.
	LoadTowerByID(wtdb.TowerID) (*wtdb.Tower, error)

	// ListTowers retrieves the list of towers available within the
	// database.
	ListTowers() ([]*wtdb.Tower, error)

	// NextSessionKeyIndex reserves a new session key derivation index for a
	// particular tower id and blob type. The index is reserved for that
	// (tower, blob type) pair until CreateClientSession is invoked for that
	// tower and index, at which point a new index for that tower can be
	// reserved. Multiple calls to this method before CreateClientSession is
	// invoked should return the same index.
	NextSessionKeyIndex(wtdb.TowerID, blob.Type) (uint32, error)

	// CreateClientSession saves a newly negotiated client session to the
	// client's database. This enables the session to be used across
	// restarts.
	CreateClientSession(*wtdb.ClientSession) error

	// ListClientSessions returns the set of all client sessions known to
	// the db. An optional tower ID can be used to filter out any client
	// sessions in the response that do not correspond to this tower.
	ListClientSessions(*wtdb.TowerID, ...wtdb.ClientSessionListOption) (
		map[wtdb.SessionID]*wtdb.ClientSession, error)

	// FetchSessionCommittedUpdates retrieves the current set of un-acked
	// updates of the given session.
	FetchSessionCommittedUpdates(id *wtdb.SessionID) (
		[]wtdb.CommittedUpdate, error)

	// FetchChanSummaries loads a mapping from all registered channels to
	// their channel summaries.
	FetchChanSummaries() (wtdb.ChannelSummaries, error)

	// RegisterChannel registers a channel for use within the client
	// database. For now, all that is stored in the channel summary is the
	// sweep pkscript that we'd like any tower sweeps to pay into. In the
	// future, this will be extended to contain more info to allow the
	// client efficiently request historical states to be backed up under
	// the client's active policy.
	RegisterChannel(lnwire.ChannelID, []byte) error

	// MarkBackupIneligible records that the state identified by the
	// (channel id, commit height) tuple was ineligible for being backed up
	// under the current policy. This state can be retried later under a
	// different policy.
	MarkBackupIneligible(chanID lnwire.ChannelID, commitHeight uint64) error

	// CommitUpdate writes the next state update for a particular
	// session, so that we can be sure to resend it after a restart if it
	// hasn't been ACK'd by the tower. The sequence number of the update
	// should be exactly one greater than the existing entry, and less that
	// or equal to the session's MaxUpdates.
	CommitUpdate(id *wtdb.SessionID,
		update *wtdb.CommittedUpdate) (uint16, error)

	// AckUpdate records an acknowledgment from the watchtower that the
	// update identified by seqNum was received and saved. The returned
	// lastApplied will be recorded.
	AckUpdate(id *wtdb.SessionID, seqNum, lastApplied uint16) error
}

// AuthDialer connects to a remote node using an authenticated transport, such
// as brontide. The dialer argument is used to specify a resolver, which allows
// this method to be used over Tor or clear net connections.
type AuthDialer func(localKey keychain.SingleKeyECDH,
	netAddr *lnwire.NetAddress,
	dialer tor.DialFunc) (wtserver.Peer, error)

// ECDHKeyRing abstracts the ability to derive shared ECDH keys given a
// description of the derivation path of a private key.
type ECDHKeyRing interface {
	keychain.ECDHRing

	// DeriveKey attempts to derive an arbitrary key specified by the
	// passed KeyLocator. This may be used in several recovery scenarios,
	// or when manually rotating something like our current default node
	// key.
	DeriveKey(keyLoc keychain.KeyLocator) (keychain.KeyDescriptor, error)
}

// Tower represents the info about a watchtower server that a watchtower client
// needs in order to connect to it.
type Tower struct {
	// ID is the unique, db-assigned, identifier for this tower.
	ID wtdb.TowerID

	// IdentityKey is the public key of the remote node, used to
	// authenticate the brontide transport.
	IdentityKey *btcec.PublicKey

	// Addresses is an AddressIterator that can be used to manage the
	// addresses for this tower.
	Addresses AddressIterator
}

// NewTowerFromDBTower converts a wtdb.Tower, which uses a static address list,
// into a Tower which uses an address iterator.
func NewTowerFromDBTower(t *wtdb.Tower) (*Tower, error) {
	addrs, err := newAddressIterator(t.Addresses...)
	if err != nil {
		return nil, err
	}

	return &Tower{
		ID:          t.ID,
		IdentityKey: t.IdentityKey,
		Addresses:   addrs,
	}, nil
}

// ClientSession represents the session that a tower client has with a server.
type ClientSession struct {
	// ID is the client's public key used when authenticating with the
	// tower.
	ID wtdb.SessionID

	wtdb.ClientSessionBody

	// Tower represents the tower that the client session has been made
	// with.
	Tower *Tower

	// SessionKeyECDH is the ECDH capable wrapper of the ephemeral secret
	// key used to connect to the watchtower.
	SessionKeyECDH keychain.SingleKeyECDH
}
watchtower/wtclient/interface: add DB ifaces 2019-03-15 02:30:47 -07:00			`package wtclient`

			`import (`
			`"net"`

multi: use btcd's btcec/v2 and btcutil modules This commit was previously split into the following parts to ease review: - 2d746f68: replace imports - 4008f0fd: use ecdsa.Signature - 849e33d1: remove btcec.S256() - b8f6ebbd: use v2 library correctly - fa80bca9: bump go modules 2022-02-23 14:48:00 +01:00			`"github.com/btcsuite/btcd/btcec/v2"`
watchtower/wtclient/interface: add SecretKeyRing iface 2019-04-23 20:03:15 -07:00			`"github.com/lightningnetwork/lnd/keychain"`
watchtower/wtclient/interface: add DB ifaces 2019-03-15 02:30:47 -07:00			`"github.com/lightningnetwork/lnd/lnwire"`
multi: use timeout field in dialer 2020-08-25 12:50:48 +08:00			`"github.com/lightningnetwork/lnd/tor"`
wtdb+wtclient: segregate session-key-index reservations by blob-type This commit introduces a change in the key format used to reserve/lookup session-key-indexes. Currently the reservations are stored under the tower id, however this creates issues when multiple clients are using the same database since only one reservation is permitted per tower. We fix this by appending the blob type to the session-key-index locator. This allows multiple clients to reserve keys for the same tower, but still limits each client to one outstanding reservation. The changes are made in a way such that we fall back to the legacy format if the a reservation under the new format is not found, but only if the blob type matches blob.TypeAltruistCommit, which is so far the only actively deployed blob type. 2020-12-01 13:03:18 -08:00			`"github.com/lightningnetwork/lnd/watchtower/blob"`
watchtower/wtclient/interface: add DB ifaces 2019-03-15 02:30:47 -07:00			`"github.com/lightningnetwork/lnd/watchtower/wtdb"`
			`"github.com/lightningnetwork/lnd/watchtower/wtserver"`
			`)`

			`// DB abstracts the required database operations required by the watchtower`
			`// client.`
			`type DB interface {`
			`// CreateTower initialize an address record used to communicate with a`
			`// watchtower. Each Tower is assigned a unique ID, that is used to`
			`// amortize storage costs of the public key when used by multiple`
watchtower: extend client databse with CRUD operations for towers These operations are currently unused, but will be integrated into the TowerClient at a later point as future preparation for the WatchtowerClient RPC subserver, which will allow users to add, remove, and list the watchtowers currntly in use. 2019-06-07 17:45:11 -07:00			`// sessions. If the tower already exists, the address is appended to the`
			`// list of all addresses used to that tower previously and its`
			`// corresponding sessions are marked as active.`
watchtower/wtclient/interface: add DB ifaces 2019-03-15 02:30:47 -07:00			`CreateTower(lnwire.NetAddress) (wtdb.Tower, error)`

watchtower: extend client databse with CRUD operations for towers These operations are currently unused, but will be integrated into the TowerClient at a later point as future preparation for the WatchtowerClient RPC subserver, which will allow users to add, remove, and list the watchtowers currntly in use. 2019-06-07 17:45:11 -07:00			`// RemoveTower modifies a tower's record within the database. If an`
			`// address is provided, then _only_ the address record should be removed`
			`// from the tower's persisted state. Otherwise, we'll attempt to mark`
			`// the tower as inactive by marking all of its sessions inactive. If any`
			`// of its sessions has unacked updates, then ErrTowerUnackedUpdates is`
			`// returned. If the tower doesn't have any sessions at all, it'll be`
			`// completely removed from the database.`
			`//`
			`// NOTE: An error is not returned if the tower doesn't exist.`
			`RemoveTower(*btcec.PublicKey, net.Addr) error`

			`// LoadTower retrieves a tower by its public key.`
			`LoadTower(btcec.PublicKey) (wtdb.Tower, error)`

			`// LoadTowerByID retrieves a tower by its tower ID.`
			`LoadTowerByID(wtdb.TowerID) (*wtdb.Tower, error)`

			`// ListTowers retrieves the list of towers available within the`
			`// database.`
			`ListTowers() ([]*wtdb.Tower, error)`
watchtower/wtclient/interface: add LoadTower and mock impl 2019-03-27 16:50:59 -07:00
watchtower/wtclient/interface+wtmock: add session key reservation 2019-04-23 20:04:40 -07:00			`// NextSessionKeyIndex reserves a new session key derivation index for a`
wtdb+wtclient: segregate session-key-index reservations by blob-type This commit introduces a change in the key format used to reserve/lookup session-key-indexes. Currently the reservations are stored under the tower id, however this creates issues when multiple clients are using the same database since only one reservation is permitted per tower. We fix this by appending the blob type to the session-key-index locator. This allows multiple clients to reserve keys for the same tower, but still limits each client to one outstanding reservation. The changes are made in a way such that we fall back to the legacy format if the a reservation under the new format is not found, but only if the blob type matches blob.TypeAltruistCommit, which is so far the only actively deployed blob type. 2020-12-01 13:03:18 -08:00			`// particular tower id and blob type. The index is reserved for that`
			`// (tower, blob type) pair until CreateClientSession is invoked for that`
			`// tower and index, at which point a new index for that tower can be`
			`// reserved. Multiple calls to this method before CreateClientSession is`
			`// invoked should return the same index.`
			`NextSessionKeyIndex(wtdb.TowerID, blob.Type) (uint32, error)`
watchtower/wtclient/interface+wtmock: add session key reservation 2019-04-23 20:04:40 -07:00
watchtower/wtclient/interface: add DB ifaces 2019-03-15 02:30:47 -07:00			`// CreateClientSession saves a newly negotiated client session to the`
			`// client's database. This enables the session to be used across`
			`// restarts.`
			`CreateClientSession(*wtdb.ClientSession) error`

wtclient: fix documentation [skip ci] the implementation also returns exhausted sessions 2022-10-16 11:18:30 +02:00			`// ListClientSessions returns the set of all client sessions known to`
			`// the db. An optional tower ID can be used to filter out any client`
			`// sessions in the response that do not correspond to this tower.`
watchtower: add ListClientSessions functional options This commit adds functional options to the ListClientSessions call that can be used to perform a variety of extra operations during the DB query. These functional options are not yet used in this commit. 2022-10-13 13:46:52 +02:00			`ListClientSessions(*wtdb.TowerID, ...wtdb.ClientSessionListOption) (`
watchtower: fix formatting In order to make upcoming commits in the PR easier to parse, this commit makes some basic formatting changes to some of the watchtower files. 2022-10-04 14:59:11 +02:00			`map[wtdb.SessionID]*wtdb.ClientSession, error)`
watchtower/wtclient/interface: add DB ifaces 2019-03-15 02:30:47 -07:00
watchtower: add FetchSessionCommittedUpdates func to DB In this commit, a new tower client db function is added that can be used to fetch all the committed updates for a given session ID. This is done in preparation for an upcoming commit where the CommittedUpdates will be removed from the ClientSession struct. 2022-09-30 11:47:54 +02:00			`// FetchSessionCommittedUpdates retrieves the current set of un-acked`
			`// updates of the given session.`
			`FetchSessionCommittedUpdates(id *wtdb.SessionID) (`
			`[]wtdb.CommittedUpdate, error)`

watchtower/wtclient: integrate ClientChannelSummaries In this commit, we utilize the more generic ClientChanSummary instead of exposing methods that only allow us to set and fetch sweep pkscripts. 2019-05-23 20:48:50 -07:00			`// FetchChanSummaries loads a mapping from all registered channels to`
			`// their channel summaries.`
			`FetchChanSummaries() (wtdb.ChannelSummaries, error)`

			`// RegisterChannel registers a channel for use within the client`
			`// database. For now, all that is stored in the channel summary is the`
			`// sweep pkscript that we'd like any tower sweeps to pay into. In the`
			`// future, this will be extended to contain more info to allow the`
			`// client efficiently request historical states to be backed up under`
			`// the client's active policy.`
			`RegisterChannel(lnwire.ChannelID, []byte) error`
watchtower/wtclient/interface: add DB ifaces 2019-03-15 02:30:47 -07:00
			`// MarkBackupIneligible records that the state identified by the`
			`// (channel id, commit height) tuple was ineligible for being backed up`
			`// under the current policy. This state can be retried later under a`
			`// different policy.`
			`MarkBackupIneligible(chanID lnwire.ChannelID, commitHeight uint64) error`

			`// CommitUpdate writes the next state update for a particular`
			`// session, so that we can be sure to resend it after a restart if it`
			`// hasn't been ACK'd by the tower. The sequence number of the update`
			`// should be exactly one greater than the existing entry, and less that`
			`// or equal to the session's MaxUpdates.`
watchtower/wtdb: return sorted ClientSession.CommittedUpdates This commit replaces the map-based CommittedUpdates field with a slice. When reading from disk, these will already be sorted by bbolt, so the client restore the updates as presented without needing to sort them first. Since the key in the map variant was the sequence number, we refactor the CommittedUpdate struct to have a sequence number and an embedded CommittedUpdateBody (which is equivalent to the old CommittedUpdate). The database is then expected to populate the sequence number from the key on disk. Since the sequence number is now directly integrated in the CommittedUpdate struct, this allow allows us to remove the now redundant seqNum argument from CommitUpdate. 2019-05-23 20:47:36 -07:00			`CommitUpdate(id *wtdb.SessionID,`
watchtower/wtclient/interface: add DB ifaces 2019-03-15 02:30:47 -07:00			`update *wtdb.CommittedUpdate) (uint16, error)`

			`// AckUpdate records an acknowledgment from the watchtower that the`
			`// update identified by seqNum was received and saved. The returned`
			`// lastApplied will be recorded.`
			`AckUpdate(id *wtdb.SessionID, seqNum, lastApplied uint16) error`
			`}`

watchtower: fix formatting In order to make upcoming commits in the PR easier to parse, this commit makes some basic formatting changes to some of the watchtower files. 2022-10-04 14:59:11 +02:00			`// AuthDialer connects to a remote node using an authenticated transport, such`
			`// as brontide. The dialer argument is used to specify a resolver, which allows`
watchtower/wtclient/interface: add DB ifaces 2019-03-15 02:30:47 -07:00			`// this method to be used over Tor or clear net connections.`
multi: use timeout field in dialer 2020-08-25 12:50:48 +08:00			`type AuthDialer func(localKey keychain.SingleKeyECDH,`
			`netAddr *lnwire.NetAddress,`
			`dialer tor.DialFunc) (wtserver.Peer, error)`
watchtower/wtclient/interface: add SecretKeyRing iface 2019-04-23 20:03:15 -07:00
watchtower: extend and rename SecretKeyRing 2020-04-28 10:06:25 +02:00			`// ECDHKeyRing abstracts the ability to derive shared ECDH keys given a`
			`// description of the derivation path of a private key.`
			`type ECDHKeyRing interface {`
			`keychain.ECDHRing`

			`// DeriveKey attempts to derive an arbitrary key specified by the`
			`// passed KeyLocator. This may be used in several recovery scenarios,`
			`// or when manually rotating something like our current default node`
			`// key.`
			`DeriveKey(keyLoc keychain.KeyLocator) (keychain.KeyDescriptor, error)`
watchtower/wtclient/interface: add SecretKeyRing iface 2019-04-23 20:03:15 -07:00			`}`
watchtower: make use of the new AddressIterator This commit upgrades the wtclient package to make use of the new `AddressIterator`. It does so by first creating new `Tower` and `ClientSession` types. The new `Tower` type has an `AddressIterator` instead of a list of addresses. The `ClientSession` type contains a `Tower`. 2022-10-12 09:47:38 +02:00
			`// Tower represents the info about a watchtower server that a watchtower client`
			`// needs in order to connect to it.`
			`type Tower struct {`
			`// ID is the unique, db-assigned, identifier for this tower.`
			`ID wtdb.TowerID`

			`// IdentityKey is the public key of the remote node, used to`
			`// authenticate the brontide transport.`
			`IdentityKey *btcec.PublicKey`

			`// Addresses is an AddressIterator that can be used to manage the`
			`// addresses for this tower.`
			`Addresses AddressIterator`
			`}`

			`// NewTowerFromDBTower converts a wtdb.Tower, which uses a static address list,`
			`// into a Tower which uses an address iterator.`
			`func NewTowerFromDBTower(t wtdb.Tower) (Tower, error) {`
			`addrs, err := newAddressIterator(t.Addresses...)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return &Tower{`
			`ID: t.ID,`
			`IdentityKey: t.IdentityKey,`
			`Addresses: addrs,`
			`}, nil`
			`}`

			`// ClientSession represents the session that a tower client has with a server.`
			`type ClientSession struct {`
			`// ID is the client's public key used when authenticating with the`
			`// tower.`
			`ID wtdb.SessionID`

			`wtdb.ClientSessionBody`

			`// Tower represents the tower that the client session has been made`
			`// with.`
			`Tower *Tower`

			`// SessionKeyECDH is the ECDH capable wrapper of the ephemeral secret`
			`// key used to connect to the watchtower.`
			`SessionKeyECDH keychain.SingleKeyECDH`
			`}`