lnencrypt: add ECDHEncryptor

With this commit we add a new way to encrypt and decrypt a sensitive payload: By using Diffie-Hellman over a local and remote key to derive at a shared secret key.
lightningnetwork · Jan 9, 2024 · b6abede · b6abede
1 parent 375bc69
commit b6abede
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 54 deletions.
diff --git a/lnencrypt/crypto.go b/lnencrypt/crypto.go
@@ -5,8 +5,8 @@ import (
 	"crypto/sha256"
 	"fmt"
 	"io"
-	"io/ioutil"
 
+	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/lightningnetwork/lnd/keychain"
 	"golang.org/x/crypto/chacha20poly1305"
 )
@@ -69,6 +69,25 @@ func KeyRingEncrypter(keyRing keychain.KeyRing) (*Encrypter, error) {
 	}, nil
 }
 
+// ECDHEncrypter derives an encryption key by performing an ECDH operation on
+// the passed keys. The resulting key is used to encrypt or decrypt files with
+// sensitive content.
+func ECDHEncrypter(localKey *btcec.PrivateKey,
+	remoteKey *btcec.PublicKey) (*Encrypter, error) {
+
+	ecdh := keychain.PrivKeyECDH{
+		PrivKey: localKey,
+	}
+	encryptionKey, err := ecdh.ECDH(remoteKey)
+	if err != nil {
+		return nil, fmt.Errorf("error deriving encryption key: %w", err)
+	}
+
+	return &Encrypter{
+		encryptionKey: encryptionKey[:],
+	}, nil
+}
+
 // EncryptPayloadToWriter attempts to write the set of provided bytes into the
 // passed io.Writer in an encrypted form. We use a 24-byte chachapoly AEAD
 // instance with a randomized nonce that's pre-pended to the final payload and
@@ -112,7 +131,7 @@ func (e Encrypter) DecryptPayloadFromReader(payload io.Reader) ([]byte,
 
 	// Next, we'll read out the entire blob as we need to isolate the nonce
 	// from the rest of the ciphertext.
-	packedPayload, err := ioutil.ReadAll(payload)
+	packedPayload, err := io.ReadAll(payload)
 	if err != nil {
 		return nil, err
 	}

diff --git a/lnencrypt/crypto_test.go b/lnencrypt/crypto_test.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"testing"
 
+	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/stretchr/testify/require"
 )
 
@@ -35,7 +36,8 @@ func TestEncryptDecryptPayload(t *testing.T) {
 		{
 			plaintext: []byte("payload test plain text"),
 			mutator: func(p *[]byte) {
-				// Flip a byte in the payload to render it invalid.
+				// Flip a byte in the payload to render it
+				// invalid.
 				(*p)[0] ^= 1
 			},
 			valid: false,
@@ -53,54 +55,55 @@ func TestEncryptDecryptPayload(t *testing.T) {
 	}
 
 	keyRing := &MockKeyRing{}
-
-	for i, payloadCase := range payloadCases {
-		var cipherBuffer bytes.Buffer
-		encrypter, err := KeyRingEncrypter(keyRing)
-		require.NoError(t, err)
-
-		// First, we'll encrypt the passed payload with our scheme.
-		err = encrypter.EncryptPayloadToWriter(
-			payloadCase.plaintext, &cipherBuffer,
-		)
-		if err != nil {
-			t.Fatalf("unable encrypt paylaod: %v", err)
-		}
-
-		// If we have a mutator, then we'll wrong the mutator over the
-		// cipher text, then reset the main buffer and re-write the new
-		// cipher text.
-		if payloadCase.mutator != nil {
-			cipherText := cipherBuffer.Bytes()
-
-			payloadCase.mutator(&cipherText)
-
-			cipherBuffer.Reset()
-			cipherBuffer.Write(cipherText)
-		}
-
-		plaintext, err := encrypter.DecryptPayloadFromReader(
-			&cipherBuffer,
-		)
-
-		switch {
-		// If this was meant to be a valid decryption, but we failed,
-		// then we'll return an error.
-		case err != nil && payloadCase.valid:
-			t.Fatalf("unable to decrypt valid payload case %v", i)
-
-		// If this was meant to be an invalid decryption, and we didn't
-		// fail, then we'll return an error.
-		case err == nil && !payloadCase.valid:
-			t.Fatalf("payload was invalid yet was able to decrypt")
-		}
-
-		// Only if this case was mean to be valid will we ensure the
-		// resulting decrypted plaintext matches the original input.
-		if payloadCase.valid &&
-			!bytes.Equal(plaintext, payloadCase.plaintext) {
-			t.Fatalf("#%v: expected %v, got %v: ", i,
-				payloadCase.plaintext, plaintext)
+	keyRingEnc, err := KeyRingEncrypter(keyRing)
+	require.NoError(t, err)
+
+	_, pubKey := btcec.PrivKeyFromBytes([]byte{0x01, 0x02, 0x03, 0x04})
+
+	privKey, err := btcec.NewPrivateKey()
+	require.NoError(t, err)
+	privKeyEnc, err := ECDHEncrypter(privKey, pubKey)
+	require.NoError(t, err)
+
+	for _, payloadCase := range payloadCases {
+		payloadCase := payloadCase
+		for _, enc := range []*Encrypter{keyRingEnc, privKeyEnc} {
+			enc := enc
+
+			// First, we'll encrypt the passed payload with our
+			// scheme.
+			var cipherBuffer bytes.Buffer
+			err = enc.EncryptPayloadToWriter(
+				payloadCase.plaintext, &cipherBuffer,
+			)
+			require.NoError(t, err)
+
+			// If we have a mutator, then we'll wrong the mutator
+			// over the cipher text, then reset the main buffer and
+			// re-write the new cipher text.
+			if payloadCase.mutator != nil {
+				cipherText := cipherBuffer.Bytes()
+
+				payloadCase.mutator(&cipherText)
+
+				cipherBuffer.Reset()
+				cipherBuffer.Write(cipherText)
+			}
+
+			plaintext, err := enc.DecryptPayloadFromReader(
+				&cipherBuffer,
+			)
+
+			if !payloadCase.valid {
+				require.Error(t, err)
+
+				continue
+			}
+
+			require.NoError(t, err)
+			require.Equal(
+				t, plaintext, payloadCase.plaintext,
+			)
 		}
 	}
 }
@@ -111,7 +114,5 @@ func TestInvalidKeyGeneration(t *testing.T) {
 	t.Parallel()
 
 	_, err := KeyRingEncrypter(&MockKeyRing{true})
-	if err == nil {
-		t.Fatal("expected error due to fail key gen")
-	}
+	require.Error(t, err)
 }