Merge pull request #6310 from BitGo/BTC-2202.middleware-encryption-key

feat(statics): add middleware public key field to LightningNetwork

Author: davidkaplanbitgo

modules/abstract-lightning/src/lightning/lightningUtils.ts

@@ -1,5 +1,6 @@
 import * as statics from '@bitgo/statics';
 import * as utxolib from '@bitgo/utxo-lib';
+import { randomBytes } from 'crypto';
 import { importMacaroon, bytesToBase64 } from 'macaroon';
 import * as bs58check from 'bs58check';
 import * as sdkcore from '@bitgo/sdk-core';
@@ -206,3 +207,32 @@ export function deriveLightningServiceSharedSecret(coinName: 'lnbtc' | 'tlnbtc',
   const userAuthHdNode = utxolib.bip32.fromBase58(userAuthXprv);
   return sdkcore.getSharedSecret(userAuthHdNode, publicKey);
 }
+
+/**
+ * Derives the shared secret for the middleware using a private key and the middleware's public key.
+ */
+export function deriveMiddlewareSharedSecret(coinName: 'lnbtc' | 'tlnbtc', xprv: string): Buffer {
+  const publicKey = Buffer.from(getStaticsLightningNetwork(coinName).middlewarePubKey, 'hex');
+  const userAuthHdNode = utxolib.bip32.fromBase58(xprv);
+  return sdkcore.getSharedSecret(userAuthHdNode, publicKey);
+}
+
+/**
+ * Derives the shared secret for TAT service using ta private key and the TAT public key.
+ */
+export function deriveTatSharedSecret(coinName: 'lnbtc' | 'tlnbtc', xprv: string): Buffer {
+  const publicKey = Buffer.from(getStaticsLightningNetwork(coinName).tatPubKey, 'hex');
+  const userAuthHdNode = utxolib.bip32.fromBase58(xprv);
+  return sdkcore.getSharedSecret(userAuthHdNode, publicKey);
+}
+
+/**
+ * Given a seed, compute a BIP32 derivation index.
+ * 0 <= index < 4294967295 (largest 4 byte number)
+ * @param seed (optional) If nothing provided, we will generate one randomly
+ */
+export function computeBip32DerivationIndexFromSeed(seed?: string): number {
+  return Buffer.from(utxolib.crypto.sha256(Buffer.from(seed ?? randomBytes(32).toString('hex'), 'utf8'))).readUint32BE(
+    0
+  );
+}

modules/abstract-lightning/test/unit/lightning/lightningUtils.ts

@@ -13,6 +13,9 @@ import {
   createWatchOnly,
   addIPCaveatToMacaroon,
   deriveLightningServiceSharedSecret,
+  deriveMiddlewareSharedSecret,
+  deriveTatSharedSecret,
+  computeBip32DerivationIndexFromSeed,
 } from '../../../src/lightning';
 
 import * as sdkcore from '@bitgo/sdk-core';
@@ -99,4 +102,34 @@ describe('lightning utils', function () {
 
     assert.deepStrictEqual(secret, expectedSecret);
   });
+
+  it(`deriveMiddlewareSharedSecret`, function () {
+    const userAuthXprv =
+      'xprv9s21ZrQH143K4NPkV8riiTnFf72MRyQDVHMmmpekGF1w5QkS2MfTei9KXYvrZVMop4zQ4arnzSF7TRp3Cy73AWaDdADiYMCi5qpYW1bUa5m';
+    const middlewarePubKey = getStaticsLightningNetwork('tlnbtc').middlewarePubKey;
+
+    const expectedSecret = sdkcore.getSharedSecret(
+      utxolib.bip32.fromBase58(userAuthXprv),
+      Buffer.from(middlewarePubKey, 'hex')
+    );
+
+    const secret = deriveMiddlewareSharedSecret('tlnbtc', userAuthXprv);
+
+    assert.deepStrictEqual(secret, expectedSecret);
+  });
+
+  it(`deriveTatSharedSecret`, function () {
+    const userXprv =
+      'xprv9s21ZrQH143K4NPkV8riiTnFf72MRyQDVHMmmpekGF1w5QkS2MfTei9KXYvrZVMop4zQ4arnzSF7TRp3Cy73AWaDdADiYMCi5qpYW1bUa5m';
+    const tatPubKey = getStaticsLightningNetwork('tlnbtc').tatPubKey;
+    const expectedSecret = sdkcore.getSharedSecret(utxolib.bip32.fromBase58(userXprv), Buffer.from(tatPubKey, 'hex'));
+    const secret = deriveTatSharedSecret('tlnbtc', userXprv);
+    assert.deepStrictEqual(secret, expectedSecret);
+  });
+
+  it(`computeBip32DerivationIndexFromSeed`, function () {
+    const seed1 = 'The Times 03/Jan/2009 Chancellor on brink of second bailout for banks.';
+    const seed2 = 'The Times 04/Jan/2009 Chancellor on brink of second bailout for banks.';
+    assert.notDeepStrictEqual(computeBip32DerivationIndexFromSeed(seed1), computeBip32DerivationIndexFromSeed(seed2));
+  });
 });

modules/statics/src/networks.ts

@@ -25,6 +25,16 @@ export interface LightningNetwork extends UtxoNetwork {
    * by enabling the creation of a shared secret for encryption and decryption of data.
    */
   lightningServicePubKey: string;
+  /**
+   * The public key of the middleware service, used for deriving the shared Elliptic Curve Diffie-Hellman (ECDH) secret
+   * between the user's extended private key and the middleware service.
+   */
+  middlewarePubKey: string;
+  /**
+   * The public key of the TAT service, used for deriving the shared Elliptic Curve Diffie-Hellman (ECDH) secret
+   * between the user's extended private key and the TAT service.
+   */
+  tatPubKey: string;
 }
 
 export interface AdaNetwork extends BaseNetwork {
@@ -321,6 +331,8 @@ class LightningBitcoin extends Mainnet implements LightningNetwork {
   utxolibName = 'bitcoin';
   explorerUrl = 'https://mempool.space/lightning';
   lightningServicePubKey = '0338508686f978ceffd7ce05404041b1a5b4f75a39bc92a6d355240ccc081f763e';
+  middlewarePubKey = '020d52f6458b17b565bc03516568d1a65c8cbd131ce03f2207567e4cd3322e82f3';
+  tatPubKey = '03953da20068c096858d3cca60f8c5b0e5a2f5d0383ecf9b6ab392d71e4f3e72df';
 }
 
 class LightningBitcoinTestnet extends Testnet implements LightningNetwork {
@@ -329,6 +341,8 @@ class LightningBitcoinTestnet extends Testnet implements LightningNetwork {
   utxolibName = 'testnet';
   explorerUrl = 'https://mempool.space/testnet/lightning';
   lightningServicePubKey = '024055021db1e7f019ebb783ab0b0810c21a819207d4cb1ec4a6e2150ac07f1482';
+  middlewarePubKey = '027cb3bc6b49fc385d282b42a7be232a94ffcbaffc7818b603b17722582bbf539b';
+  tatPubKey = '02e747c99c371eac9c14fb19913bec8a0e3e46e35ab1a45878e5b9afbb69899c1e';
 }
 
 class Bitcoin extends Mainnet implements UtxoNetwork {