rpcserver+firewall: obfuscate configuration

We obfuscate pubkeys, channel points and ids entered in configurations.

The channel id lengths for different block heights can be checked with:
```python
len(str(1 << 40 | 2923 << 16 | 30))
len(str(10_000_000 << 40 | 2923 << 16 | 30))
```

Author: bitromortac

firewall/privacy_mapper.go

@@ -3,9 +3,13 @@ package firewall
 import (
 	"context"
 	"crypto/rand"
+	"encoding/hex"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"math/big"
+	"strconv"
+	"strings"
 	"time"
 
 	"github.com/lightninglabs/lightning-terminal/firewalldb"
@@ -30,6 +34,15 @@ const (
 	// between which timeVariation can be set.
 	minTimeVariation = time.Minute
 	maxTimeVariation = time.Duration(24) * time.Hour
+
+	// min and maxChanIDLen are the lengths to consider an int to be a
+	// channel id. 13 corresponds to block height 1 and 20 to block height
+	// 10_000_000.
+	minChanIDLen = 13
+	maxChanIDLen = 20
+
+	// pubKeyLen is the length of a node pubkey.
+	pubKeyLen = 66
 )
 
 var (
@@ -833,3 +846,103 @@ func CryptoRandIntn(n int) (int, error) {
 
 	return int(nBig.Int64()), nil
 }
+
+// ObfuscateConfig alters the config string by replacing sensitive data with
+// random values and updates the privacy pair map. We only substitute items in
+// strings, numbers are left unchanged.
+func ObfuscateConfig(privacyPairs map[string]string, configB []byte) ([]byte,
+	error) {
+
+	if len(configB) == 0 {
+		return nil, nil
+	}
+
+	// We assume that the config is a json dict.
+	var configMap map[string]any
+	err := json.Unmarshal(configB, &configMap)
+	if err != nil {
+		return nil, err
+	}
+
+	// Split the value into a slice of strings.
+	newConfigMap := make(map[string]any)
+	for k, v := range configMap {
+		stringValue, ok := v.(string)
+		// We only substitute items in strings.
+		if !ok {
+			newConfigMap[k] = v
+			continue
+		}
+
+		// If the value is a string, it is a single entry or a list of
+		// pubkeys, channel ids or channel points separated by commas.
+		values := strings.Split(stringValue, ",")
+
+		newValues := make([]string, len(values))
+		for i, value := range values {
+			value := strings.TrimSpace(value)
+
+			// Try to replace with a chan point.
+			_, _, err := firewalldb.DecodeChannelPoint(value)
+
+			if err == nil {
+				newValue, err := firewalldb.NewPseudoChanPoint()
+				if err != nil {
+					return nil, err
+				}
+
+				newValues[i] = newValue
+				privacyPairs[value] = newValue
+
+				continue
+			}
+
+			// If the value is a pubkey, replace it with a random
+			// value.
+			_, err = hex.DecodeString(value)
+			if err == nil && len(value) == pubKeyLen {
+				newValue, err := firewalldb.NewPseudoStr(
+					len(value),
+				)
+				if err != nil {
+					return nil, err
+				}
+
+				newValues[i] = newValue
+				privacyPairs[value] = newValue
+
+				continue
+			}
+
+			// If the value is a channel id, replace it with
+			// a random value.
+			_, err = strconv.ParseInt(value, 10, 64)
+			length := len(value)
+
+			// Channel ids can have different lenghts depending on
+			// the blockheight, 20 is equivalent to 10E9 blocks.
+			if err == nil && minChanIDLen <= length &&
+				length <= maxChanIDLen {
+
+				newValue, err := firewalldb.NewPseudoStr(
+					len(value),
+				)
+				if err != nil {
+					return nil, err
+				}
+
+				newValues[i] = newValue
+				privacyPairs[value] = newValue
+
+				continue
+			}
+
+			newValues[i] = value
+		}
+		v = strings.Join(newValues, ",")
+		newConfigMap[k] = v
+	}
+
+	// Marshal the map back into a JSON blob.
+	return json.Marshal(newConfigMap)
+}

firewall/privacy_mapper_test.go

@@ -675,6 +675,93 @@ func TestHideBool(t *testing.T) {
 	require.False(t, val)
 }
 
+// TestObfuscateConfig tests that we substitute substrings in the config
+// correctly.
+func TestObfuscateConfig(t *testing.T) {
+	tests := []struct {
+		name                  string
+		config                []byte
+		expectedReplacements  int
+		sameLengthNotExpected bool
+	}{
+		{
+			name: "empty",
+		},
+		{
+			name: "several pubkeys",
+			config: []byte(`{"version":1,"pubkeys":` +
+				`"d23da57575cdcb878ac191e1e0c8a5c4f061b11cfdc7a8ec5c9d495270de66fdbf,` +
+				`0e092708c9e737115ff14a85b65466561280d77c1b8cd666bc655536ad81ccca85,` +
+				`DEAD2708c9e737115ff14a85b65466561280d77c1b8cd666bc655536ad81ccca85,` +
+				`586b59212da4623c40dcc68c4573da1719e5893630790c9f2db8940fff3efd8cd4"}`),
+			expectedReplacements: 4,
+		},
+		{
+			name: "single pubkey",
+			config: []byte(`{"version":1,"pubkeys":` +
+				`"586b59212da4623c40dcc68c4573da1719e5893630790c9f2db8940fff3efd8cd4"}`),
+			expectedReplacements: 1,
+		},
+		{
+			name: "invalid pubkeys",
+			config: []byte(`{"version":1,"pubkeys":` +
+				`"d23da57575cdcb878ac191e1e0c8a5c4f061b11,` +
+				`586b59212da4623c40dcc68c4573da1719e5893630790c9f2db8940fff3efd8cd4dead,` +
+				`x86b59212da4623c40dcc68c4573da1719e5893630790c9f2db8940fff3efd8cd4"}`),
+			expectedReplacements: 0,
+		},
+		{
+			name: "channel ids",
+			config: []byte(`{"version":1,"channels":` +
+				`"1,` +
+				`12345,` +
+				`1234567890123,` +
+				`1234567890123456789,` +
+				`123456789012345678901"}`),
+			expectedReplacements: 2,
+		},
+		{
+			name: "channel points",
+			config: []byte(`{"version":1,"channels":"` +
+				`0e092708c9e737115ff14a85b65466561280d77c1b8cd666bc655536ad81ccca:1,` +
+				`e092708c9e737115ff14a85b65466561280d77c1b8cd666bc655536ad81ccca:1,` +
+				`0e092708c9e737115ff14a85b65466561280d77c1b8cd666bc655536ad81ccca3:1,` +
+				`0e092708c9e737115ff14a85b65466561280d77c1b8cd666bc655536ad81ccca:3000"}`),
+			expectedReplacements:  2,
+			sameLengthNotExpected: true,
+		},
+		{
+			name:                 "number",
+			config:               []byte(`{"version":1,"number":12345678901234567890}`),
+			expectedReplacements: 0,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+
+		t.Run(tt.name, func(t *testing.T) {
+			privacyPairMap := make(map[string]string)
+			config, err := ObfuscateConfig(
+				privacyPairMap, tt.config,
+			)
+			require.NoError(t, err)
+
+			// We expect the config to be obfuscated only if there
+			// is sensitive data.
+			if tt.expectedReplacements > 0 {
+				require.NotEqual(t, config, tt.config)
+			}
+			require.Equal(t, tt.expectedReplacements,
+				len(privacyPairMap))
+
+			if !tt.sameLengthNotExpected {
+				require.Equal(t, len(tt.config), len(config))
+			}
+		})
+	}
+}
+
 // mean computes the mean of the given slice of numbers.
 func mean(numbers []uint64) uint64 {
 	sum := uint64(0)

session_rpcserver.go

@@ -1015,10 +1015,28 @@ func (s *sessionRpcServer) AddAutopilotSession(ctx context.Context,
 		return nil, err
 	}
 
+	// The feature configurations may contain sensitive data like pubkeys,
+	// which we replace here and add to to the privacy map.
+	obfuscatedConfig := make(map[string][]byte, len(featureConfig))
+	if privacy {
+		for name, configB := range featureConfig {
+			configB, err = firewall.ObfuscateConfig(
+				privacyMapPairs, configB,
+			)
+			if err != nil {
+				return nil, err
+			}
+
+			obfuscatedConfig[name] = configB
+		}
+	} else {
+		obfuscatedConfig = featureConfig
+	}
+
 	// Attempt to register the session with the Autopilot server.
 	remoteKey, err := s.cfg.autopilot.RegisterSession(
 		ctx, sess.LocalPublicKey, sess.ServerAddr, sess.DevServer,
-		featureConfig,
+		obfuscatedConfig,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("error registering session with "+