session: add new ID-to-key index

This commit does a few things:

1. Instead of deriving IDs using the first 4 bytes of the session's
   serialised local pub key, we instead use bytes [1:5] in order to skip
   the first byte which is either 0x02 or 0x03. This results in a
   greater entropy set.
2. We also add a new index from ID to key and we write to this index
   each time a new session is added.
3. We add a `ReserveNewSessionID` method to the session store which will
   grind through private keys until it finds one that does not clash
   with the current ID set.
4. A migration is added to back-fill the ID-to-key index. If any old
   sessions are found that _do_ have a colliding ID, they are sorted by
   created time and all but the newest session is revoked. Only an entry
   for the newest session will be added to the ID-to-key index.

Author: ellemouton

session/db.go

@@ -105,7 +105,13 @@ func initDB(filepath string, firstInit bool) (*bbolt.DB, error) {
 			}
 		}
 
-		_, err = tx.CreateBucketIfNotExists(sessionBucketKey)
+		sessionBkt, err := tx.CreateBucketIfNotExists(sessionBucketKey)
+		if err != nil {
+			return err
+		}
+
+		_, err = sessionBkt.CreateBucketIfNotExists(idIndexKey)
+
 		return err
 	})
 	if err != nil {

session/interface.go

@@ -70,27 +70,20 @@ type MacaroonBaker func(ctx context.Context, rootKeyID uint64,
 	recipe *MacaroonRecipe) (string, error)
 
 // NewSession creates a new session with the given user-defined parameters.
-func NewSession(label string, typ Type, expiry time.Time, serverAddr string,
-	devServer bool, perms []bakery.Op, caveats []macaroon.Caveat,
-	featureConfig FeaturesConfig, privacy bool) (*Session, error) {
+func NewSession(id ID, localPrivKey *btcec.PrivateKey, label string, typ Type,
+	expiry time.Time, serverAddr string, devServer bool, perms []bakery.Op,
+	caveats []macaroon.Caveat, featureConfig FeaturesConfig,
+	privacy bool) (*Session, error) {
 
 	_, pairingSecret, err := mailbox.NewPassphraseEntropy()
 	if err != nil {
 		return nil, fmt.Errorf("error deriving pairing secret: %v", err)
 	}
 
-	privateKey, err := btcec.NewPrivateKey()
-	if err != nil {
-		return nil, fmt.Errorf("error deriving private key: %v", err)
-	}
-	pubKey := privateKey.PubKey()
-
-	var macRootKeyBase [4]byte
-	copy(macRootKeyBase[:], pubKey.SerializeCompressed())
-	macRootKey := NewSuperMacaroonRootKeyID(macRootKeyBase)
+	macRootKey := NewSuperMacaroonRootKeyID(id)
 
 	sess := &Session{
-		ID:                macRootKeyBase,
+		ID:                id,
 		Label:             label,
 		State:             StateCreated,
 		Type:              typ,
@@ -100,8 +93,8 @@ func NewSession(label string, typ Type, expiry time.Time, serverAddr string,
 		DevServer:         devServer,
 		MacaroonRootKey:   macRootKey,
 		PairingSecret:     pairingSecret,
-		LocalPrivateKey:   privateKey,
-		LocalPublicKey:    pubKey,
+		LocalPrivateKey:   localPrivKey,
+		LocalPublicKey:    localPrivKey.PubKey(),
 		RemotePublicKey:   nil,
 		WithPrivacyMapper: privacy,
 	}
@@ -123,8 +116,10 @@ func NewSession(label string, typ Type, expiry time.Time, serverAddr string,
 // Store is the interface a persistent storage must implement for storing and
 // retrieving Terminal Connect sessions.
 type Store interface {
-	// CreateSession adds a new session to the store. If a session with the same
-	// local public key already exists an error is returned.
+	// CreateSession adds a new session to the store. If a session with the
+	// same local public key already exists an error is returned. This
+	// can only be called with a Session with an ID that the Store has
+	// reserved.
 	CreateSession(*Session) error
 
 	// GetSession fetches the session with the given key.
@@ -141,4 +136,13 @@ type Store interface {
 	// to the session with the given local pub key.
 	UpdateSessionRemotePubKey(localPubKey,
 		remotePubKey *btcec.PublicKey) error
+
+	// GetUnusedIDAndKeyPair can be used to generate a new, unused, local
+	// private key and session ID pair. Care must be taken to ensure that no
+	// other thread calls this before the returned ID and key pair from this
+	// method are either used or discarded.
+	GetUnusedIDAndKeyPair() (ID, *btcec.PrivateKey, error)
+
+	// GetSessionByID fetches the session with the given ID.
+	GetSessionByID(id ID) (*Session, error)
 }

session/macaroon.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"strconv"
 
+	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/lightningnetwork/lnd/lnrpc"
 	"google.golang.org/protobuf/proto"
 	"gopkg.in/macaroon-bakery.v2/bakery"
@@ -127,3 +128,28 @@ func RootKeyIDFromMacaroon(mac *macaroon.Macaroon) (uint64, error) {
 	// number.
 	return strconv.ParseUint(string(decodedID.StorageId), 10, 64)
 }
+
+// NewSessionPrivKeyAndID randomly derives a new private key and session ID
+// pair.
+func NewSessionPrivKeyAndID() (*btcec.PrivateKey, ID, error) {
+	var id ID
+
+	privateKey, err := btcec.NewPrivateKey()
+	if err != nil {
+		return nil, id, fmt.Errorf("error deriving private key: %v",
+			err)
+	}
+
+	pubKey := privateKey.PubKey()
+
+	// NOTE: we use 4 bytes [1:5] of the serialised public key to create the
+	// macaroon root key base along with the Session ID. This will provide
+	// 4 bytes of entropy. Previously, bytes [0:4] where used but this
+	// resulted in lower entropy due to the first byte always being either
+	// 0x02 or 0x03.
+	copy(id[:], pubKey.SerializeCompressed()[1:5])
+
+	log.Debugf("Generated new Session ID: %x", id)
+
+	return privateKey, id, nil
+}

session/metadata.go

@@ -3,7 +3,9 @@ package session
 import (
 	"errors"
 	"fmt"
+	"time"
 
+	"github.com/lightninglabs/lightning-terminal/session/migration1"
 	"go.etcd.io/bbolt"
 )
 
@@ -29,7 +31,13 @@ var (
 	// version of the database doesn't match the latest version this list
 	// will be used for retrieving all migration function that are need to
 	// apply to the current db.
-	dbVersions []migration
+	dbVersions = []migration{
+		func(tx *bbolt.Tx) error {
+			return migration1.MigrateSessionIDToKeyIndex(
+				tx, time.Now,
+			)
+		},
+	}
 
 	latestDBVersion = uint32(len(dbVersions))
 )

session/migration1/id_to_key_index.go

@@ -0,0 +1,155 @@
+package migration1
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"sort"
+	"time"
+
+	"go.etcd.io/bbolt"
+)
+
+var (
+	// sessionBucketKey is the top level bucket where we can find all
+	// information about sessions. These sessions are indexed by their
+	// public key.
+	//
+	// The session bucket has the following structure:
+	// session -> <key>       -> <serialised session>
+	//	   -> id-index    -> <session-id> -> key -> <session key>
+	sessionBucketKey = []byte("session")
+
+	// idIndexKey is the key used to define the id-index sub-bucket within
+	// the main session bucket. This bucket will be used to store the
+	// mapping from session ID to various other fields.
+	idIndexKey = []byte("id-index")
+
+	// sessionKeyKey is the key used within the id-index bucket to store the
+	// session key (serialised local public key) associated with the given
+	// session ID.
+	sessionKeyKey = []byte("key")
+
+	// ErrDBInitErr is returned when a bucket that we expect to have been
+	// set up during DB initialisation is not found.
+	ErrDBInitErr = errors.New("db did not initialise properly")
+)
+
+type sessionInfo struct {
+	key       []byte
+	state     State
+	createdAt time.Time
+}
+
+// MigrateSessionIDToKeyIndex back-fills the session ID to key index so that it
+// has an entry for all sessions that the session store is currently aware of.
+func MigrateSessionIDToKeyIndex(tx *bbolt.Tx, timeNow func() time.Time) error {
+	sessionBucket := tx.Bucket(sessionBucketKey)
+	if sessionBucket == nil {
+		return fmt.Errorf("session bucket not found")
+	}
+
+	idIndexBkt := sessionBucket.Bucket(idIndexKey)
+	if idIndexBkt == nil {
+		return ErrDBInitErr
+	}
+
+	// Collect all the index entries.
+	idToSessionPairs := make(map[ID][]*sessionInfo)
+	err := sessionBucket.ForEach(func(key, sessionBytes []byte) error {
+		// The session bucket contains both keys and sub-buckets. So
+		// here we ensure that we skip any sub-buckets.
+		if len(sessionBytes) == 0 {
+			return nil
+		}
+
+		session, err := DeserializeSession(
+			bytes.NewReader(sessionBytes),
+		)
+		if err != nil {
+			return err
+		}
+
+		var id ID
+		copy(id[:], key[0:4])
+
+		idToSessionPairs[id] = append(
+			idToSessionPairs[id], &sessionInfo{
+				key:       key,
+				createdAt: session.CreatedAt,
+				state:     session.State,
+			},
+		)
+
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	addIndexEntry := func(id ID, key []byte) error {
+		idBkt, err := idIndexBkt.CreateBucket(id[:])
+		if err != nil {
+			return err
+		}
+
+		return idBkt.Put(sessionKeyKey[:], key)
+	}
+
+	for id, sessions := range idToSessionPairs {
+		if len(sessions) == 1 {
+			err = addIndexEntry(id, sessions[0].key)
+			if err != nil {
+				return err
+			}
+
+			continue
+		}
+
+		// Sort the sessions from oldest to newest.
+		sort.Slice(sessions, func(i, j int) bool {
+			return sessions[i].createdAt.Before(
+				sessions[j].createdAt,
+			)
+		})
+
+		// For each session other than the newest one, we ensure that
+		// the session is revoked. We do this in case there was a
+		// collision in the ID used for the session since now we want to
+		// populate the ID-to-key index which should be a one-to-one
+		// mapping. So there is a small chance that the DB contains a
+		// session with no entry in this ID-to-key index but at least
+		// this will not be an active session.
+		for _, session := range sessions[:len(sessions)-1] {
+			serialisedSession := sessionBucket.Get(session.key)
+
+			sess, err := DeserializeSession(
+				bytes.NewReader(serialisedSession),
+			)
+			if err != nil {
+				return err
+			}
+
+			sess.State = StateRevoked
+			sess.RevokedAt = timeNow()
+
+			var buf bytes.Buffer
+			if err := SerializeSession(&buf, sess); err != nil {
+				return err
+			}
+
+			err = sessionBucket.Put(session.key, buf.Bytes())
+			if err != nil {
+				return err
+			}
+		}
+
+		// Add an entry for the last session in the set.
+		err = addIndexEntry(id, sessions[len(sessions)-1].key)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}