Hsmtool: enable dumping output descriptors of onchain wallet #4171
Conversation
darosior
force-pushed
the
hsmtool_descriptors
branch
5 times, most recently
from
fd74279
to
fc008f4
Compare
|
Ok, added a test, documented (and rebased on #4146 so that i can build locally) |
|
Travis failure is an unrelated timeout |
darosior
force-pushed
the
hsmtool_descriptors
branch
from
fc008f4
to
f9c2d4f
Compare
|
Rebased on master after #4146 merge, added a missing changelog. |
|
|
||
| /* The root seed is derived from hsm_secret using hkdf.. */ | ||
| do { | ||
| hkdf_sha256(bip32_seed, sizeof(bip32_seed), |
There was a problem hiding this comment.
Duplicating this code from hsmd/hsmd.c#populate_secretstuff is a bad idea. Needs to be a shared routine that both hsmd and here use.
There was a problem hiding this comment.
That's how we've created tool since now ?..
There was a problem hiding this comment.
I don't follow. We really want this code to be shared so that if one changes, the other also gets updated.
tools/hsmtool.c
Outdated
| { | ||
| struct secret hsm_secret; | ||
| u8 bip32_seed[BIP32_ENTROPY_LEN_256]; | ||
| u32 salt = 0; | ||
| u32 version = testnet ? BIP32_VER_TEST_PRIVATE : BIP32_VER_MAIN_PRIVATE; |
There was a problem hiding this comment.
Can we infer this from the directory structure or some other info source?
There was a problem hiding this comment.
No, as we can use all commands of the hsmtool on a hsm_secret without depending on its environment at all
and this would be quite convoluted too..
There was a problem hiding this comment.
We have all of these parameters in chainparams.c, so why not use them? We can even steal the --network option from lightningd itself :-)
There was a problem hiding this comment.
This'd mean bringing the opt() system here: that's a much bigger change :/
You are right that we actually don't sweep the Edit: ah also, i could make it a miniscript descriptor then but i think it's a bad idea because there is virtually no support for them (including |
|
This functionality is Cool and Interesting, but until miniscript is widely adopted I think it's best to advertise this as a subset of your lightning funds tracking, at best. There's definitely "outputs we own, eventually" that haven't been swept to a 'recognizable wallet output' that will be missed by this -- if for some reason you take your lightning node down before these are swept there's a possibility that they'll be lost. With these considerations in mind, I'd also be tempted to remove the xpriv. Rationale: it gives the false impression of 'total wallet funds control' when that's really not the case.
I agree, this is a good intuition. I suspect that when miniscript descriptors are more formally nailed down the lightning spec itself will also move that direction, which will then make this export functionality extremely powerful. |
tools/hsmtool.c
Outdated
| return dumponchaindescriptors(argv[2], argc > 3 ? argv[3] : NULL); | ||
| return dumponchaindescriptors(argv[2], | ||
| argc > 3 && !streq(argv[3], "") ? argv[3] : NULL, | ||
| argc > 4 && streq(argv[4], "private")); |
There was a problem hiding this comment.
it's weird to me that you have to physically type in the phrase "private" and not look for a true/false here.
There was a problem hiding this comment.
I find it better: at usage typing testnet is way more meaningful than true
There was a problem hiding this comment.
Update the parameter name then. As written, the parameter testnet suggests to say 'flag true if testnet'.
darosior
force-pushed
the
hsmtool_descriptors
branch
from
f9c2d4f
to
11c1a11
Compare
|
tools/hsmtool.c
Outdated
| { | ||
| struct secret hsm_secret; | ||
| u8 bip32_seed[BIP32_ENTROPY_LEN_256]; | ||
| u32 salt = 0; | ||
| u32 version = testnet ? BIP32_VER_TEST_PRIVATE : BIP32_VER_MAIN_PRIVATE; |
There was a problem hiding this comment.
We have all of these parameters in chainparams.c, so why not use them? We can even steal the --network option from lightningd itself :-)
| if not bitcoind.rpc.listwallets(): | ||
| bitcoind.rpc.createwallet("lightningd-tests") |
There was a problem hiding this comment.
This is slightly nicer than 90f4ea6
| @@ -1045,6 +1045,36 @@ def test_hsmtool_secret_decryption(node_factory): | |||
| assert node_id == l1.rpc.getinfo()["id"] | |||
|
|
|||
|
|
|||
| @unittest.skipIf(TEST_NETWORK == 'liquid-regtest', '') | |||
There was a problem hiding this comment.
Add a comment saying that this is only supported for mainnet and testnet (technically we'd require it to be regtest but that appears to match testnet).
There was a problem hiding this comment.
Yeah descriptors for regtest are the same than for testnet (but addresses the same as mainnet!! 😭 )
|
I opened an issue for the password inputs for all of the |
|
You should use ccan/opt, now that cmdline parsing is non-trivial. But can be added after.... |
niftynei
force-pushed
the
hsmtool_descriptors
branch
from
11c1a11
to
f49d84a
Compare
This is stolen from William's clightning-dumpkeys (https://github.com/jb55/clightning-dumpkeys), itself adapted from https://github.com/bitcoin/bitcoin/blob/42b66a6b814bca130a9ccf0a3f747cf33d628232/src/script/descriptor.cpp#L25 Co-authored-by: William Casarin <jb55@jb55.com> Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
We want to use it outside of fuzz-amount Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
A small one just to check that we don't crash nor go out of bounds! Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
This adds a command which outputs the two output descriptors corresponding to our onchain wallet. This can be useful for an external service to monitor / send fund to our wallet. Further, an "xpriv" version of such descriptors could be used to import onchain funds on a new wallet. Changelog-Added: lightning-hsmtool: a new command was added to hsmtool for dumping descriptors of the onchain wallet Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
Actually, it's more complex to translate the xpub descriptor to testnet because of the descriptor checksum. Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
Touch a bit about it as a backup/recovery mechanism in the FAQ Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
niftynei
force-pushed
the
hsmtool_descriptors
branch
from
f49d84a
to
29e5764
Compare
|
Updated the interface to use "network" instead of 'testnet', rebased on master now that #4065 is merged. |
|
ACK 29e5764 Thanks.. |
This adds a new
dumponchaindescriptorscommand tohsmtoolwhich can:xpub-based descriptors (one for each scriptPubKey type we create)Possibly dump 2Removed: footgun with anchor outputs (thanks niftynei!)xpriv-based descriptors (one for each scriptPubKey type we create)Useful for backing up / restoring the onchain wallet easilyTODO:
bitcoindasserting we retrieve all the fundsbitcoindEDIT: maybe output both main and test extended keys ?..EDIT 2: added atestnetparameterFixes #4110
Ping @jb55 : finally got to jb55/clightning-dumpkeys#2 :-)