Support p2tr bitcoin wallet (#3026)

* Add an address type parameter to our bitcoin core RPC client

We defined an new AddressType type that can optionally be passed to calls tp `getReceiveAddress()`.
This type can represent p2wpkh or p2tr addresses.

* Add a "chain hash" property to the bitcoin rpc client

* Replace getP2wpkhPubkeyHashForChange() with getChangePublicKeyScript()

We should not hardcode the type of change output that we want but instead use the default change type configured in bitcoin core.

* Simplify SingleKeyOnChainWallet

Use a key manager to generate a local address and sign transactions (instead of signing them manually).

* LocalOnChainKeyManager: support signing BIP86 transactions

* make InteractiveTxBuilder compatible with p2tr wallets

If our wallets adds p2tr inputs, to sign them we need to know all the utxos spent by the tx we're building, not just the one spent by the tx we're signing.

* Cache both onchain public key and public key scripts

* Test bitcoin core change output type selection

If the -changetype option is not set, then bitcoin core will fund transactions with inputs that match transaction's outputs (i.e it will add p2wpkh change outputs if the tx sends to p2wpkh outputs, p2tr change outputs if it sends to p2tr outputs...).

* Integration tests: change default bitcoin core address type to p2tr

* Rework `OnChainAddressRefresher`

* Reformat / clean-up code and comments

 * Improve tests

* sendonchain: unlock utxos if publishing fails

* Add signing test with mixed p2wpkh/p2tr inputs and an eclair-backed bitcoin core wallet

---------

Co-authored-by: Bastien Teinturier <[email protected]>

Author: sstone

eclair-core/src/main/scala/fr/acinq/eclair/Eclair.scala

@@ -30,7 +30,7 @@ import fr.acinq.eclair.balance.{BalanceActor, ChannelsListener}
 import fr.acinq.eclair.blockchain.OnChainWallet.OnChainBalance
 import fr.acinq.eclair.blockchain.bitcoind.ZmqWatcher.WatchFundingSpentTriggered
 import fr.acinq.eclair.blockchain.bitcoind.rpc.BitcoinCoreClient
-import fr.acinq.eclair.blockchain.bitcoind.rpc.BitcoinCoreClient.{Descriptors, WalletTx}
+import fr.acinq.eclair.blockchain.bitcoind.rpc.BitcoinCoreClient.{AddressType, Descriptors, WalletTx}
 import fr.acinq.eclair.blockchain.fee.{ConfirmationTarget, FeeratePerByte, FeeratePerKw}
 import fr.acinq.eclair.channel._
 import fr.acinq.eclair.crypto.Sphinx
@@ -132,7 +132,7 @@ trait Eclair {
 
   def listOffers(onlyActive: Boolean = true)(implicit timeout: Timeout): Future[Seq[OfferData]]
 
-  def newAddress(): Future[String]
+  def newAddress(addressType_opt: Option[AddressType] = None): Future[String]
 
   def receivedInfo(paymentHash: ByteVector32)(implicit timeout: Timeout): Future[Option[IncomingPayment]]
 
@@ -413,9 +413,9 @@ class EclairImpl(val appKit: Kit) extends Eclair with Logging with SpendFromChan
     appKit.nodeParams.db.offers.listOffers(onlyActive)
   }
 
-  override def newAddress(): Future[String] = {
+  override def newAddress(addressType_opt: Option[AddressType] = None): Future[String] = {
     appKit.wallet match {
-      case w: BitcoinCoreClient => w.getReceiveAddress()
+      case w: BitcoinCoreClient => w.getReceiveAddress(addressType_opt)
       case _ => Future.failed(new IllegalArgumentException("this call is only available with a bitcoin core backend"))
     }
   }
@@ -837,7 +837,7 @@ class EclairImpl(val appKit: Kit) extends Eclair with Logging with SpendFromChan
   }
 
   override def getOnChainMasterPubKey(account: Long): String = appKit.nodeParams.onChainKeyManager_opt match {
-    case Some(keyManager) => keyManager.masterPubKey(account)
+    case Some(keyManager) => keyManager.masterPubKey(account, AddressType.P2wpkh)
     case _ => throw new RuntimeException("on-chain seed is not configured")
   }
 

eclair-core/src/main/scala/fr/acinq/eclair/Setup.scala

@@ -23,13 +23,14 @@ import akka.actor.{ActorRef, ActorSystem, Props, SupervisorStrategy, typed}
 import akka.pattern.after
 import akka.util.Timeout
 import fr.acinq.bitcoin.scalacompat.Crypto.PublicKey
-import fr.acinq.bitcoin.scalacompat.{Block, BlockHash, BlockId, ByteVector32, Satoshi, Script, addressToPublicKeyScript}
+import fr.acinq.bitcoin.scalacompat.{Block, BlockHash, BlockId, ByteVector32, Satoshi, Script, ScriptElt, addressToPublicKeyScript}
+import fr.acinq.eclair.NodeParams.hashFromChain
 import fr.acinq.eclair.Setup.Seeds
 import fr.acinq.eclair.balance.{BalanceActor, ChannelsListener}
 import fr.acinq.eclair.blockchain._
 import fr.acinq.eclair.blockchain.bitcoind.rpc.{BasicBitcoinJsonRPCClient, BatchingBitcoinJsonRPCClient, BitcoinCoreClient, BitcoinJsonRPCAuthMethod}
 import fr.acinq.eclair.blockchain.bitcoind.zmq.ZMQActor
-import fr.acinq.eclair.blockchain.bitcoind.{OnchainPubkeyRefresher, ZmqWatcher}
+import fr.acinq.eclair.blockchain.bitcoind.{OnChainAddressRefresher, ZmqWatcher}
 import fr.acinq.eclair.blockchain.fee._
 import fr.acinq.eclair.channel.Register
 import fr.acinq.eclair.channel.fsm.Channel
@@ -177,6 +178,7 @@ class Setup(val datadir: File,
     }
 
     val bitcoinClient = new BasicBitcoinJsonRPCClient(
+      chainHash = hashFromChain(chain),
       rpcAuthMethod = rpcAuthMethod,
       host = config.getString("bitcoind.host"),
       port = config.getInt("bitcoind.rpcport"),
@@ -262,6 +264,7 @@ class Setup(val datadir: File,
       _ <- feeratesRetrieved.future
 
       finalPubkey = new AtomicReference[PublicKey](null)
+      finalPubkeyScript = new AtomicReference[Seq[ScriptElt]](null)
       pubkeyRefreshDelay = FiniteDuration(config.getDuration("bitcoind.final-pubkey-refresh-delay").getSeconds, TimeUnit.SECONDS)
       // there are 3 possibilities regarding onchain key management:
       // 1) there is no `eclair-signer.conf` file in Eclair's data directory, Eclair will not manage Bitcoin core keys, and Eclair's API will not return bitcoin core descriptors. This is the default mode.
@@ -270,18 +273,27 @@ class Setup(val datadir: File,
       // This is how you would create a new bitcoin wallet whose private keys are managed by Eclair.
       // 3) there is an `eclair-signer.conf` file in Eclair's data directory, and the name of the wallet set in `eclair-signer.conf` matches the `eclair.bitcoind.wallet` setting in `eclair.conf`.
       // Eclair will assume that this is a watch-only bitcoin wallet that has been created from descriptors generated by Eclair, and will manage its private keys, and here we pass the onchain key manager to our bitcoin client.
-      bitcoinClient = new BitcoinCoreClient(bitcoin, nodeParams.liquidityAdsConfig.lockUtxos, if (bitcoin.wallet == onChainKeyManager_opt.map(_.walletName)) onChainKeyManager_opt else None) with OnchainPubkeyCache {
-        val refresher: typed.ActorRef[OnchainPubkeyRefresher.Command] = system.spawn(Behaviors.supervise(OnchainPubkeyRefresher(this, finalPubkey, pubkeyRefreshDelay)).onFailure(typed.SupervisorStrategy.restart), name = "onchain-address-manager")
+      bitcoinClient = new BitcoinCoreClient(bitcoin, nodeParams.liquidityAdsConfig.lockUtxos, if (bitcoin.wallet == onChainKeyManager_opt.map(_.walletName)) onChainKeyManager_opt else None) with OnChainPubkeyCache {
+        val refresher: typed.ActorRef[OnChainAddressRefresher.Command] = system.spawn(Behaviors.supervise(OnChainAddressRefresher(this, finalPubkey, finalPubkeyScript, pubkeyRefreshDelay)).onFailure(typed.SupervisorStrategy.restart), name = "onchain-address-manager")
 
         override def getP2wpkhPubkey(renew: Boolean): PublicKey = {
           val key = finalPubkey.get()
-          if (renew) refresher ! OnchainPubkeyRefresher.Renew
+          if (renew) refresher ! OnChainAddressRefresher.RenewPubkey
           key
         }
+
+        override def getReceivePublicKeyScript(renew: Boolean): Seq[ScriptElt] = {
+          val script = finalPubkeyScript.get()
+          if (renew) refresher ! OnChainAddressRefresher.RenewPubkeyScript
+          script
+        }
       }
       _ = if (bitcoinClient.useEclairSigner) logger.info("using eclair to sign bitcoin core transactions")
       initialPubkey <- bitcoinClient.getP2wpkhPubkey()
       _ = finalPubkey.set(initialPubkey)
+      // We use the default address type configured on the Bitcoin Core node.
+      initialPubkeyScript <- bitcoinClient.getReceivePublicKeyScript(addressType_opt = None)
+      _ = finalPubkeyScript.set(initialPubkeyScript)
 
       // If we started funding a transaction and restarted before signing it, we may have utxos that stay locked forever.
       // We want to do something about it: we can unlock them automatically, or let the node operator decide what to do.
@@ -472,7 +484,7 @@ case class Kit(nodeParams: NodeParams,
                postman: typed.ActorRef[Postman.Command],
                offerManager: typed.ActorRef[OfferManager.Command],
                defaultOfferHandler: typed.ActorRef[OfferManager.HandlerCommand],
-               wallet: OnChainWallet with OnchainPubkeyCache)
+               wallet: OnChainWallet with OnChainPubkeyCache)
 
 object Kit {
 

eclair-core/src/main/scala/fr/acinq/eclair/blockchain/OnChainWallet.scala

@@ -18,7 +18,8 @@ package fr.acinq.eclair.blockchain
 
 import fr.acinq.bitcoin.psbt.Psbt
 import fr.acinq.bitcoin.scalacompat.Crypto.PublicKey
-import fr.acinq.bitcoin.scalacompat.{OutPoint, Satoshi, Transaction, TxId}
+import fr.acinq.bitcoin.scalacompat.{OutPoint, Satoshi, ScriptElt, Transaction, TxId}
+import fr.acinq.eclair.blockchain.bitcoind.rpc.BitcoinCoreClient.AddressType
 import fr.acinq.eclair.blockchain.fee.FeeratePerKw
 import scodec.bits.ByteVector
 
@@ -116,22 +117,27 @@ trait OnChainChannelFunder {
 /** This trait lets users generate on-chain addresses and public keys. */
 trait OnChainAddressGenerator {
 
-  /**
-   * @param label used if implemented with bitcoin core, can be ignored by implementation
-   */
-  def getReceiveAddress(label: String = "")(implicit ec: ExecutionContext): Future[String]
+  /** Generate the public key script for a new wallet address. */
+  def getReceivePublicKeyScript(addressType_opt: Option[AddressType] = None)(implicit ec: ExecutionContext): Future[Seq[ScriptElt]]
 
   /** Generate a p2wpkh wallet address and return the corresponding public key. */
   def getP2wpkhPubkey()(implicit ec: ExecutionContext): Future[PublicKey]
 
 }
 
-trait OnchainPubkeyCache {
+/** A caching layer for [[OnChainAddressGenerator]] that provides synchronous access to wallet addresses and keys. */
+trait OnChainPubkeyCache {
+
+  /**
+   * @param renew applies after requesting the current pubkey, and is asynchronous.
+   */
+  def getP2wpkhPubkey(renew: Boolean): PublicKey
 
   /**
-   * @param renew applies after requesting the current pubkey, and is asynchronous
+   * @param renew applies after requesting the current script, and is asynchronous.
    */
-  def getP2wpkhPubkey(renew: Boolean = true): PublicKey
+  def getReceivePublicKeyScript(renew: Boolean): Seq[ScriptElt]
+
 }
 
 /** This trait lets users check the wallet's on-chain balance. */

eclair-core/src/main/scala/fr/acinq/eclair/blockchain/bitcoind/OnChainAddressRefresher.scala

@@ -0,0 +1,115 @@
+package fr.acinq.eclair.blockchain.bitcoind
+
+
+import akka.actor.typed.Behavior
+import akka.actor.typed.scaladsl.{ActorContext, Behaviors, TimerScheduler}
+import fr.acinq.bitcoin.scalacompat.Crypto.PublicKey
+import fr.acinq.bitcoin.scalacompat.{Script, ScriptElt}
+import fr.acinq.eclair.blockchain.OnChainAddressGenerator
+
+import java.util.concurrent.atomic.AtomicReference
+import scala.concurrent.ExecutionContext.Implicits.global
+import scala.concurrent.duration.FiniteDuration
+import scala.util.{Failure, Success}
+
+/**
+ * Handles the renewal of on-chain addresses generated by bitcoin core and used to receive on-chain funds when channels get closed.
+ */
+object OnChainAddressRefresher {
+
+  // @formatter:off
+  sealed trait Command
+  case object RenewPubkey extends Command
+  case object RenewPubkeyScript extends Command
+  private case class SetPubkey(pubkey: PublicKey) extends Command
+  private case class SetPubkeyScript(script: Seq[ScriptElt]) extends Command
+  private case class Error(reason: Throwable) extends Command
+  private case object Done extends Command
+  // @formatter:on
+
+  def apply(generator: OnChainAddressGenerator, finalPubkey: AtomicReference[PublicKey], finalPubkeyScript: AtomicReference[Seq[ScriptElt]], delay: FiniteDuration): Behavior[Command] = {
+    Behaviors.setup { context =>
+      Behaviors.withTimers { timers =>
+        val refresher = new OnChainAddressRefresher(generator, finalPubkey, finalPubkeyScript, context, timers, delay)
+        refresher.idle()
+      }
+    }
+  }
+}
+
+private class OnChainAddressRefresher(generator: OnChainAddressGenerator,
+                                      finalPubkey: AtomicReference[PublicKey],
+                                      finalPubkeyScript: AtomicReference[Seq[ScriptElt]],
+                                      context: ActorContext[OnChainAddressRefresher.Command],
+                                      timers: TimerScheduler[OnChainAddressRefresher.Command], delay: FiniteDuration) {
+
+  import OnChainAddressRefresher._
+
+  /** In that state, we're ready to renew our on-chain address whenever requested. */
+  def idle(): Behavior[Command] = Behaviors.receiveMessage {
+    case RenewPubkey =>
+      context.log.debug("renewing pubkey (current={})", finalPubkey.get())
+      context.pipeToSelf(generator.getP2wpkhPubkey()) {
+        case Success(pubkey) => SetPubkey(pubkey)
+        case Failure(reason) => Error(reason)
+      }
+      renewing()
+    case RenewPubkeyScript =>
+      context.log.debug("renewing script (current={})", Script.write(finalPubkeyScript.get()).toHex)
+      context.pipeToSelf(generator.getReceivePublicKeyScript()) {
+        case Success(script) => SetPubkeyScript(script)
+        case Failure(reason) => Error(reason)
+      }
+      renewing()
+    case cmd =>
+      context.log.debug("ignoring command={} while idle", cmd)
+      Behaviors.same
+  }
+
+  /** We ignore concurrent requests while waiting for bitcoind to respond. */
+  private def renewing(): Behavior[Command] = Behaviors.receiveMessage {
+    case SetPubkey(pubkey) =>
+      timers.startSingleTimer(Done, delay)
+      delaying(Some(pubkey), None)
+    case SetPubkeyScript(script) =>
+      timers.startSingleTimer(Done, delay)
+      delaying(None, Some(script))
+    case Error(reason) =>
+      context.log.error("cannot renew public key or script", reason)
+      idle()
+    case cmd =>
+      context.log.debug("ignoring command={} while waiting for bitcoin core's response", cmd)
+      Behaviors.same
+  }
+
+  /**
+   * After receiving our new script or pubkey from bitcoind, we wait before updating our current values.
+   * While waiting, we ignore additional requests to renew.
+   *
+   * This ensures that a burst of requests during a mass force-close use the same final on-chain address instead of
+   * creating a lot of address churn on our bitcoin wallet.
+   *
+   * Note that while we're updating our final script, we will ignore requests to update our final public key (and the
+   * other way around). This is fine, since the public key is only used:
+   *  - when opening static_remotekey channels, which is disabled by default
+   *  - when closing channels with peers that don't support shutdown_anysegwit (which should be widely supported)
+   *
+   * In practice, we most likely always use [[RenewPubkeyScript]].
+   */
+  private def delaying(nextPubkey_opt: Option[PublicKey], nextScript_opt: Option[Seq[ScriptElt]]): Behavior[Command] = Behaviors.receiveMessage {
+    case Done =>
+      nextPubkey_opt.foreach { nextPubkey =>
+        context.log.info("setting pubkey to {}", nextPubkey)
+        finalPubkey.set(nextPubkey)
+      }
+      nextScript_opt.foreach { nextScript =>
+        context.log.info("setting script to {}", Script.write(nextScript).toHex)
+        finalPubkeyScript.set(nextScript)
+      }
+      idle()
+    case cmd =>
+      context.log.debug("rate-limiting command={}", cmd)
+      Behaviors.same
+  }
+
+}

eclair-core/src/main/scala/fr/acinq/eclair/blockchain/bitcoind/OnchainPubkeyRefresher.scala

@@ -16,6 +16,7 @@
 
 package fr.acinq.eclair.blockchain.bitcoind.rpc
 
+import fr.acinq.bitcoin.scalacompat.BlockHash
 import fr.acinq.eclair.KamonExt
 import fr.acinq.eclair.blockchain.Monitoring.{Metrics, Tags}
 import fr.acinq.eclair.json._
@@ -32,7 +33,7 @@ import java.util.concurrent.atomic.AtomicReference
 import scala.concurrent.{ExecutionContext, Future}
 import scala.util.{Failure, Success, Try}
 
-class BasicBitcoinJsonRPCClient(rpcAuthMethod: BitcoinJsonRPCAuthMethod, host: String = "127.0.0.1", port: Int = 8332, ssl: Boolean = false, override val wallet: Option[String] = None)(implicit sb: SttpBackend[Future, _]) extends BitcoinJsonRPCClient {
+class BasicBitcoinJsonRPCClient(override val chainHash: BlockHash, rpcAuthMethod: BitcoinJsonRPCAuthMethod, host: String = "127.0.0.1", port: Int = 8332, ssl: Boolean = false, override val wallet: Option[String] = None)(implicit sb: SttpBackend[Future, _]) extends BitcoinJsonRPCClient {
 
   implicit val formats: Formats = DefaultFormats.withBigDecimal +
     ByteVector32Serializer + ByteVector32KmpSerializer +

eclair-core/src/main/scala/fr/acinq/eclair/blockchain/bitcoind/rpc/BasicBitcoinJsonRPCClient.scala

@@ -19,6 +19,7 @@ package fr.acinq.eclair.blockchain.bitcoind.rpc
 import akka.actor.{ActorSystem, Props}
 import akka.pattern.ask
 import akka.util.Timeout
+import fr.acinq.bitcoin.scalacompat.BlockHash
 import fr.acinq.eclair.KamonExt
 import fr.acinq.eclair.blockchain.Monitoring.Metrics
 import org.json4s.JsonAST
@@ -27,6 +28,7 @@ import scala.concurrent.duration._
 import scala.concurrent.{ExecutionContext, Future}
 
 class BatchingBitcoinJsonRPCClient(rpcClient: BasicBitcoinJsonRPCClient)(implicit system: ActorSystem, ec: ExecutionContext) extends BitcoinJsonRPCClient {
+  override def chainHash: BlockHash = rpcClient.chainHash
   override def wallet: Option[String] = rpcClient.wallet
 
   implicit val timeout: Timeout = Timeout(1 hour)