lightning: Add a key inside NodeSigner which would be used to encrypt or decrpt the peerstorage and send PeerStorage on every RAA and upon reconnection.

Author: Aditya Sharma

lightning/src/ln/channelmanager.rs

@@ -2332,6 +2332,9 @@ where
 
 	inbound_payment_key: inbound_payment::ExpandedKey,
 
+	/// The key used to encrypt our peer storage that would be sent to our peers.
+	our_peerstorage_encryption_key: [u8;32],
+
 	/// LDK puts the [fake scids] that it generates into namespaces, to identify the type of an
 	/// incoming payment. To make it harder for a third-party to identify the type of a payment,
 	/// we encrypt the namespace identifier using these bytes.
@@ -3212,6 +3215,7 @@ where
 		secp_ctx.seeded_randomize(&entropy_source.get_secure_random_bytes());
 		let inbound_pmt_key_material = node_signer.get_inbound_payment_key_material();
 		let expanded_inbound_key = inbound_payment::ExpandedKey::new(&inbound_pmt_key_material);
+		let our_peerstorage_encryption_key = node_signer.get_peer_storage_key();
 		ChannelManager {
 			default_configuration: config.clone(),
 			chain_hash: ChainHash::using_genesis_block(params.network),
@@ -3237,6 +3241,8 @@ where
 			secp_ctx,
 
 			inbound_payment_key: expanded_inbound_key,
+			our_peerstorage_encryption_key,
+
 			fake_scid_rand_bytes: entropy_source.get_secure_random_bytes(),
 
 			probing_cookie_secret: entropy_source.get_secure_random_bytes(),
@@ -3274,6 +3280,13 @@ where
 		&self.default_configuration
 	}
 
+	/// Returns the encrypted [`OurPeerStorage`] which can be distributed among our peers.
+	/// We use a key derived from our seed to encrypt this.
+	pub fn get_encrypted_our_peer_storage(&self) -> Vec<u8> {
+		let our_peer_storage = self.our_peer_storage.read().unwrap();
+		our_peer_storage.encrypt_our_peer_storage(self.our_peerstorage_encryption_key)
+	}
+
 	fn create_and_insert_outbound_scid_alias(&self) -> u64 {
 		let height = self.best_block.read().unwrap().height;
 		let mut outbound_scid_alias = 0;
@@ -8597,6 +8610,30 @@ where
 				hash_map::Entry::Vacant(_) => return Err(MsgHandleErrInternal::send_err_msg_no_close(format!("Got a message for a channel from the wrong node! No such channel for the passed counterparty_node_id {}", counterparty_node_id), msg.channel_id))
 			}
 		};
+
+		{
+			let per_peer_state = self.per_peer_state.read().unwrap();
+			let mut peer_state_lock = per_peer_state.get(counterparty_node_id)
+				.ok_or_else(|| {
+					debug_assert!(false);
+					MsgHandleErrInternal::send_err_msg_no_close(format!("Can't find a peer matching the passed counterparty node_id {}", counterparty_node_id), msg.channel_id)
+				}).map(|mtx| mtx.lock().unwrap())?;
+			let peer_state = &mut *peer_state_lock;
+			let our_peer_storage = self.get_encrypted_our_peer_storage();
+
+			for context in peer_state.channel_by_id.iter().map(|(_, phase)| phase.context()) {
+				// Update latest PeerStorage for the peer.
+				peer_state.pending_msg_events.push(
+					events::MessageSendEvent::SendPeerStorageMessage {
+						node_id: context.get_counterparty_node_id(),
+						msg: msgs::PeerStorageMessage {
+							data: our_peer_storage.clone()
+						},
+					}
+				);
+			}
+		}
+
 		self.fail_holding_cell_htlcs(htlcs_to_fail, msg.channel_id, counterparty_node_id);
 		Ok(())
 	}
@@ -10898,6 +10935,7 @@ where
 			if let Some(peer_state_mutex) = per_peer_state.get(&counterparty_node_id) {
 				let mut peer_state_lock = peer_state_mutex.lock().unwrap();
 				let peer_state = &mut *peer_state_lock;
+				let num_channels = peer_state.total_channel_count();
 				let pending_msg_events = &mut peer_state.pending_msg_events;
 
 				if !peer_state.peer_storage.is_empty() {
@@ -10909,6 +10947,15 @@ where
 					});
 				}
 
+				if peer_state.latest_features.supports_provide_peer_storage() && num_channels > 0 {
+					let our_peer_storage = self.get_encrypted_our_peer_storage();
+					pending_msg_events.push(events::MessageSendEvent::SendPeerStorageMessage { 
+						node_id: counterparty_node_id.clone(),
+						msg: msgs::PeerStorageMessage {
+							data: our_peer_storage
+						},
+					});
+				}
 
 				for (_, phase) in peer_state.channel_by_id.iter_mut() {
 					match phase {
@@ -12952,6 +12999,7 @@ where
 
 		let inbound_pmt_key_material = args.node_signer.get_inbound_payment_key_material();
 		let expanded_inbound_key = inbound_payment::ExpandedKey::new(&inbound_pmt_key_material);
+		let our_peerstorage_encryption_key = args.node_signer.get_peer_storage_key();
 
 		let mut claimable_payments = hash_map_with_capacity(claimable_htlcs_list.len());
 		if let Some(purposes) = claimable_htlc_purposes {
@@ -13177,6 +13225,7 @@ where
 			best_block: RwLock::new(BestBlock::new(best_block_hash, best_block_height)),
 
 			inbound_payment_key: expanded_inbound_key,
+			our_peerstorage_encryption_key,
 			pending_inbound_payments: Mutex::new(pending_inbound_payments),
 			pending_outbound_payments: pending_outbounds,
 			pending_intercepted_htlcs: Mutex::new(pending_intercepted_htlcs.unwrap()),

lightning/src/sign/mod.rs

@@ -835,6 +835,35 @@ pub trait NodeSigner {
 	/// [phantom node payments]: PhantomKeysManager
 	fn get_inbound_payment_key_material(&self) -> KeyMaterial;
 
+	/// Generates a 32-byte key used for peer storage encryption.
+	///
+	/// This function derives an encryption key for peer storage by using the HKDF
+	/// (HMAC-based Key Derivation Function) with a specific label and the node
+	/// secret key. The derived key is used for encrypting or decrypting peer storage
+	/// data.
+	///
+	/// The process involves the following steps:
+	/// 1. Retrieves the node secret key.
+	/// 2. Uses the node secret key and the label `"Peer Storage Encryption Key"`
+	///    to perform HKDF extraction and expansion.
+	/// 3. Returns the first part of the derived key, which is a 32-byte array.
+	///
+	/// # Returns
+	///
+	/// Returns a 32-byte array that serves as the encryption key for peer storage.
+	///
+	/// # Panics
+	///
+	/// This function does not panic under normal circumstances, but failures in
+	/// obtaining the node secret key or issues within the HKDF function may cause
+	/// unexpected behavior.
+	///
+	/// # Notes
+	///
+	/// Ensure that the node secret key is securely managed, as it is crucial for
+	/// the security of the derived encryption key.
+	fn get_peer_storage_key(&self) -> [u8; 32];
+
 	/// Get node id based on the provided [`Recipient`].
 	///
 	/// This method must return the same value each time it is called with a given [`Recipient`]
@@ -2174,6 +2203,14 @@ impl NodeSigner for KeysManager {
 		self.inbound_payment_key.clone()
 	}
 
+	fn get_peer_storage_key(&self) -> [u8; 32] {
+		let (t1, _) = hkdf_extract_expand_twice(
+			b"Peer Storage Encryption Key",
+			&self.get_node_secret_key().secret_bytes(),
+		);
+		t1
+	}
+
 	fn sign_invoice(
 		&self, invoice: &RawBolt11Invoice, recipient: Recipient,
 	) -> Result<RecoverableSignature, ()> {
@@ -2352,6 +2389,14 @@ impl NodeSigner for PhantomKeysManager {
 		self.inbound_payment_key.clone()
 	}
 
+	fn get_peer_storage_key(&self) -> [u8; 32] {
+		let (t1, _) = hkdf_extract_expand_twice(
+			b"Peer Storage Encryption Key",
+			&self.get_node_secret_key().secret_bytes(),
+		);
+		t1
+	}
+
 	fn sign_invoice(
 		&self, invoice: &RawBolt11Invoice, recipient: Recipient,
 	) -> Result<RecoverableSignature, ()> {