Add method to derive Peer Storage encryption key

Add get_peer_storage_key method to derive a 32-byte encryption key for securing Peer Storage.
This method utilizes HKDF with the node's secret key as input and a fixed info string to generate the encryption key.

 - Add 'get_peer_storage_key' to NodeSigner.
 - Implement 'get_peer_storage_key' for KeysManager & PhantomKeysManager.

Author: Aditya Sharma

fuzz/src/chanmon_consistency.rs

@@ -337,6 +337,10 @@ impl NodeSigner for KeyProvider {
 		unreachable!()
 	}
 
+	fn get_peer_storage_key(&self) -> [u8; 32] {
+		[0; 32]
+	}
+
 	fn sign_bolt12_invoice(
 		&self, _invoice: &UnsignedBolt12Invoice,
 	) -> Result<schnorr::Signature, ()> {

fuzz/src/full_stack.rs

@@ -420,6 +420,10 @@ impl NodeSigner for KeyProvider {
 		let secp_ctx = Secp256k1::signing_only();
 		Ok(secp_ctx.sign_ecdsa(&msg_hash, &self.node_secret))
 	}
+
+	fn get_peer_storage_key(&self) -> [u8; 32] {
+		[0; 32]
+	}
 }
 
 impl SignerProvider for KeyProvider {
@@ -608,6 +612,14 @@ pub fn do_test(mut data: &[u8], logger: &Arc<dyn Logger>) {
 	];
 
 	let broadcast = Arc::new(TestBroadcaster { txn_broadcasted: Mutex::new(Vec::new()) });
+
+	let keys_manager = Arc::new(KeyProvider {
+		node_secret: our_network_key.clone(),
+		inbound_payment_key: ExpandedKey::new(inbound_payment_key),
+		counter: AtomicU64::new(0),
+		signer_state: RefCell::new(new_hash_map()),
+	});
+
 	let monitor = Arc::new(chainmonitor::ChainMonitor::new(
 		None,
 		broadcast.clone(),
@@ -616,12 +628,6 @@ pub fn do_test(mut data: &[u8], logger: &Arc<dyn Logger>) {
 		Arc::new(TestPersister { update_ret: Mutex::new(ChannelMonitorUpdateStatus::Completed) }),
 	));
 
-	let keys_manager = Arc::new(KeyProvider {
-		node_secret: our_network_key.clone(),
-		inbound_payment_key: ExpandedKey::new(inbound_payment_key),
-		counter: AtomicU64::new(0),
-		signer_state: RefCell::new(new_hash_map()),
-	});
 	let network = Network::Bitcoin;
 	let best_block_timestamp = genesis_block(network).header.time;
 	let params = ChainParameters { network, best_block: BestBlock::from_network(network) };

fuzz/src/onion_message.rs

@@ -246,6 +246,10 @@ impl NodeSigner for KeyProvider {
 	) -> Result<bitcoin::secp256k1::ecdsa::Signature, ()> {
 		unreachable!()
 	}
+
+	fn get_peer_storage_key(&self) -> [u8; 32] {
+		unreachable!()
+	}
 }
 
 impl SignerProvider for KeyProvider {

lightning/src/ln/blinded_payment_tests.rs

@@ -1609,6 +1609,7 @@ fn route_blinding_spec_test_vector() {
 		fn sign_invoice(
 			&self, _invoice: &RawBolt11Invoice, _recipient: Recipient,
 		) -> Result<RecoverableSignature, ()> { unreachable!() }
+		fn get_peer_storage_key(&self) -> [u8;32] { unreachable!() }
 		fn sign_bolt12_invoice(
 			&self, _invoice: &UnsignedBolt12Invoice,
 		) -> Result<schnorr::Signature, ()> { unreachable!() }

lightning/src/ln/channelmanager.rs

@@ -16386,19 +16386,19 @@ pub mod bench {
 		config.channel_config.max_dust_htlc_exposure = MaxDustHTLCExposure::FeeRateMultiplier(5_000_000 / 253);
 		config.channel_handshake_config.minimum_depth = 1;
 
-		let chain_monitor_a = ChainMonitor::new(None, &tx_broadcaster, &logger_a, &fee_estimator, &persister_a);
 		let seed_a = [1u8; 32];
 		let keys_manager_a = KeysManager::new(&seed_a, 42, 42);
+		let chain_monitor_a = ChainMonitor::new(None, &tx_broadcaster, &logger_a, &fee_estimator, &persister_a, keys_manager_a.get_peer_storage_key());
 		let node_a = ChannelManager::new(&fee_estimator, &chain_monitor_a, &tx_broadcaster, &router, &message_router, &logger_a, &keys_manager_a, &keys_manager_a, &keys_manager_a, config.clone(), ChainParameters {
 			network,
 			best_block: BestBlock::from_network(network),
 		}, genesis_block.header.time);
 		let node_a_holder = ANodeHolder { node: &node_a };
 
 		let logger_b = test_utils::TestLogger::with_id("node a".to_owned());
-		let chain_monitor_b = ChainMonitor::new(None, &tx_broadcaster, &logger_a, &fee_estimator, &persister_b);
 		let seed_b = [2u8; 32];
 		let keys_manager_b = KeysManager::new(&seed_b, 42, 42);
+		let chain_monitor_b = ChainMonitor::new(None, &tx_broadcaster, &logger_a, &fee_estimator, &persister_b, keys_manager_b.get_peer_storage_key());
 		let node_b = ChannelManager::new(&fee_estimator, &chain_monitor_b, &tx_broadcaster, &router, &message_router, &logger_b, &keys_manager_b, &keys_manager_b, &keys_manager_b, config.clone(), ChainParameters {
 			network,
 			best_block: BestBlock::from_network(network),

lightning/src/sign/mod.rs

@@ -829,6 +829,30 @@ pub trait NodeSigner {
 	/// [phantom node payments]: PhantomKeysManager
 	fn get_inbound_payment_key(&self) -> ExpandedKey;
 
+	/// Defines a method to derive a 32-byte encryption key for peer storage.
+	///
+	/// Implementations of this method must derive a secure encryption key using a
+	/// cryptographically strong key derivation function (e.g., HKDF or a hardened
+	/// child key derivation). The derived key is used to encrypt or decrypt peer
+	/// storage data, ensuring confidentiality and integrity.
+	///
+	/// # Implementation Details
+	///
+	/// - The key must be derived from a node-specific secret to ensure uniqueness.
+	/// - The derived key must be exactly **32 bytes** and suitable for symmetric
+	///   encryption algorithms.
+	///
+	/// # Returns
+	///
+	/// A **32-byte array** representing the encryption key for peer storage.
+	///
+	/// # Usage
+	///
+	/// This method is invoked when encrypting or decrypting peer storage data.
+	/// It must return the same key every time it is called, ensuring consistency
+	/// for encryption and decryption operations.
+	fn get_peer_storage_key(&self) -> [u8; 32];
+
 	/// Get node id based on the provided [`Recipient`].
 	///
 	/// This method must return the same value each time it is called with a given [`Recipient`]
@@ -1778,6 +1802,7 @@ pub struct KeysManager {
 	shutdown_pubkey: PublicKey,
 	channel_master_key: Xpriv,
 	channel_child_index: AtomicUsize,
+	peer_storage_key: SecretKey,
 
 	#[cfg(test)]
 	pub(crate) entropy_source: RandomBytes,
@@ -1846,6 +1871,10 @@ impl KeysManager {
 					.private_key;
 				let mut inbound_pmt_key_bytes = [0; 32];
 				inbound_pmt_key_bytes.copy_from_slice(&inbound_payment_key[..]);
+				let peer_storage_key: SecretKey = master_key
+					.derive_priv(&secp_ctx, &ChildNumber::from_hardened_idx(6).unwrap())
+					.expect("Your RNG is busted")
+					.private_key;
 
 				let mut rand_bytes_engine = Sha256::engine();
 				rand_bytes_engine.input(&starting_time_secs.to_be_bytes());
@@ -1861,6 +1890,8 @@ impl KeysManager {
 					node_id,
 					inbound_payment_key: ExpandedKey::new(inbound_pmt_key_bytes),
 
+					peer_storage_key,
+
 					destination_script,
 					shutdown_pubkey,
 
@@ -2086,6 +2117,10 @@ impl NodeSigner for KeysManager {
 		self.inbound_payment_key.clone()
 	}
 
+	fn get_peer_storage_key(&self) -> [u8; 32] {
+		self.peer_storage_key.secret_bytes()
+	}
+
 	fn sign_invoice(
 		&self, invoice: &RawBolt11Invoice, recipient: Recipient,
 	) -> Result<RecoverableSignature, ()> {
@@ -2247,6 +2282,10 @@ impl NodeSigner for PhantomKeysManager {
 		self.inbound_payment_key.clone()
 	}
 
+	fn get_peer_storage_key(&self) -> [u8; 32] {
+		self.inner.peer_storage_key.secret_bytes()
+	}
+
 	fn sign_invoice(
 		&self, invoice: &RawBolt11Invoice, recipient: Recipient,
 	) -> Result<RecoverableSignature, ()> {

lightning/src/util/dyn_signer.rs

@@ -220,7 +220,8 @@ inner,
 	fn sign_bolt12_invoice(,
 		invoice: &crate::offers::invoice::UnsignedBolt12Invoice
 	) -> Result<secp256k1::schnorr::Signature, ()>,
-	fn get_inbound_payment_key(,) -> ExpandedKey
+	fn get_inbound_payment_key(,) -> ExpandedKey,
+	fn get_peer_storage_key(,) -> [u8; 32]
 );
 
 delegate!(DynKeysInterface, SignerProvider,
@@ -288,7 +289,8 @@ delegate!(DynPhantomKeysInterface, NodeSigner,
 	fn sign_invoice(, invoice: &RawBolt11Invoice, recipient: Recipient) -> Result<RecoverableSignature, ()>,
 	fn sign_bolt12_invoice(, invoice: &crate::offers::invoice::UnsignedBolt12Invoice
 	) -> Result<secp256k1::schnorr::Signature, ()>,
-	fn get_inbound_payment_key(,) -> ExpandedKey
+	fn get_inbound_payment_key(,) -> ExpandedKey,
+	fn get_peer_storage_key(,) -> [u8; 32]
 );
 
 impl SignerProvider for DynPhantomKeysInterface {

lightning/src/util/test_utils.rs

@@ -1451,6 +1451,10 @@ impl NodeSigner for TestNodeSigner {
 		unreachable!()
 	}
 
+	fn get_peer_storage_key(&self) -> [u8; 32] {
+		unreachable!()
+	}
+
 	fn get_node_id(&self, recipient: Recipient) -> Result<PublicKey, ()> {
 		let node_secret = match recipient {
 			Recipient::Node => Ok(&self.node_secret),
@@ -1529,6 +1533,10 @@ impl NodeSigner for TestKeysInterface {
 		self.backing.sign_invoice(invoice, recipient)
 	}
 
+	fn get_peer_storage_key(&self) -> [u8; 32] {
+		self.backing.get_peer_storage_key()
+	}
+
 	fn sign_bolt12_invoice(
 		&self, invoice: &UnsignedBolt12Invoice,
 	) -> Result<schnorr::Signature, ()> {