zombierecovery: make compatible with CLN

cln/derivation.go

@@ -0,0 +1,72 @@
+package cln
+
+import (
+	"crypto/sha256"
+	"encoding/binary"
+
+	"github.com/btcsuite/btcd/btcec/v2"
+	"golang.org/x/crypto/hkdf"
+)
+
+var (
+	InfoNodeID     = []byte("nodeid")
+	InfoPeerSeed   = []byte("peer seed")
+	InfoPerPeer    = []byte("per-peer seed")
+	InfoCLightning = []byte("c-lightning")
+)
+
+// NodeKey derives a CLN node key from the given HSM secret.
+func NodeKey(hsmSecret [32]byte) (*btcec.PublicKey, error) {
+	salt := make([]byte, 4)
+	privKeyBytes, err := HkdfSha256(hsmSecret[:], salt, InfoNodeID)
+	if err != nil {
+		return nil, err
+	}
+
+	_, pubKey := btcec.PrivKeyFromBytes(privKeyBytes[:])
+	return pubKey, nil
+}
+
+// FundingKey derives a CLN channel funding key for the given peer and channel
+// number (incrementing database index).
+func FundingKey(hsmSecret [32]byte, peerPubKey *btcec.PublicKey,
+	channelNum uint64) (*btcec.PublicKey, error) {
+
+	channelBase, err := HkdfSha256(hsmSecret[:], nil, InfoPeerSeed)
+	if err != nil {
+		return nil, err
+	}
+
+	peerAndChannel := make([]byte, 33+8)
+	copy(peerAndChannel[:33], peerPubKey.SerializeCompressed())
+	binary.LittleEndian.PutUint64(peerAndChannel[33:], channelNum)
+
+	channelSeed, err := HkdfSha256(
+		channelBase[:], peerAndChannel[:], InfoPerPeer,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	fundingKey, err := HkdfSha256(channelSeed[:], nil, InfoCLightning)
+	if err != nil {
+		return nil, err
+	}
+
+	_, pubKey := btcec.PrivKeyFromBytes(fundingKey[:])
+	return pubKey, nil
+}
+
+// HkdfSha256 derives a 32-byte key from the given input key material, salt, and
+// info using the HKDF-SHA256 key derivation function.
+func HkdfSha256(key, salt, info []byte) ([32]byte, error) {
+	expander := hkdf.New(sha256.New, key, salt, info)
+	var outputKey [32]byte
+
+	_, err := expander.Read(outputKey[:])
+	if err != nil {
+		return [32]byte{}, err
+	}
+
+	return outputKey, nil
+}

cln/derivation_test.go

@@ -0,0 +1,49 @@
+package cln
+
+import (
+	"encoding/hex"
+	"testing"
+
+	"github.com/btcsuite/btcd/btcec/v2"
+	"github.com/stretchr/testify/require"
+)
+
+var (
+	hsmSecret = [32]byte{
+		0x3f, 0x0a, 0x06, 0xc6, 0x38, 0x5b, 0x74, 0x93,
+		0xf7, 0x5a, 0xa0, 0x08, 0x9f, 0x31, 0x6a, 0x13,
+		0xbf, 0x72, 0xbe, 0xb4, 0x30, 0xe5, 0x9e, 0x71,
+		0xb5, 0xac, 0x5a, 0x73, 0x58, 0x1a, 0x62, 0x70,
+	}
+	nodeKeyBytes, _ = hex.DecodeString(
+		"035149629152c1bee83f1e148a51400b5f24bf3e2ca53384dd801418446e" +
+			"1f53fe",
+	)
+
+	peerPubKeyBytes, _ = hex.DecodeString(
+		"02678187ca43e6a6f62f9185be98a933bf485313061e6a05578bbd83c54e" +
+			"88d460",
+	)
+	peerPubKey, _ = btcec.ParsePubKey(peerPubKeyBytes)
+
+	expectedFundingKeyBytes, _ = hex.DecodeString(
+		"0326a2171c97673cc8cd7a04a043f0224c59591fc8c9de320a48f7c9b68a" +
+			"b0ae2b",
+	)
+)
+
+func TestNodeKey(t *testing.T) {
+	nodeKey, err := NodeKey(hsmSecret)
+	require.NoError(t, err)
+
+	require.Equal(t, nodeKeyBytes, nodeKey.SerializeCompressed())
+}
+
+func TestFundingKey(t *testing.T) {
+	fundingKey, err := FundingKey(hsmSecret, peerPubKey, 1)
+	require.NoError(t, err)
+
+	require.Equal(
+		t, expectedFundingKeyBytes, fundingKey.SerializeCompressed(),
+	)
+}

cmd/chantools/zombierecovery_makeoffer.go

@@ -181,22 +181,6 @@ func (c *zombieRecoveryMakeOfferCommand) Execute(_ *cobra.Command,
 		}
 	}
 
-	// If we're only matching, we can stop here.
-	if c.MatchOnly {
-		ourPubKeys, err := parseKeys(keys1.Node1.MultisigKeys)
-		if err != nil {
-			return fmt.Errorf("error parsing their keys: %w", err)
-		}
-
-		theirPubKeys, err := parseKeys(keys2.Node2.MultisigKeys)
-		if err != nil {
-			return fmt.Errorf("error parsing our keys: %w", err)
-		}
-		return matchKeys(
-			keys1.Channels, ourPubKeys, theirPubKeys, chainParams,
-		)
-	}
-
 	// Make sure one of the nodes is ours.
 	_, pubKey, _, err := lnd.DeriveKey(
 		extendedKey, lnd.IdentityPath(chainParams), chainParams,
@@ -275,6 +259,11 @@ func (c *zombieRecoveryMakeOfferCommand) Execute(_ *cobra.Command,
 		return err
 	}
 
+	// If we're only matching, we can stop here.
+	if c.MatchOnly {
+		return nil
+	}
+
 	// Let's prepare the PSBT.
 	packet, err := psbt.NewFromUnsignedTx(wire.NewMsgTx(2))
 	if err != nil {

cmd/chantools/zombierecovery_makeoffer_test.go

@@ -9,23 +9,37 @@
 	"github.com/stretchr/testify/require"
 )
 
-var (
-	key1Bytes, _ = hex.DecodeString(
-		"0201943d78d61c8ad50ba57164830f536c156d8d89d979448bef3e67f564" +
-			"ea0ab6",
-	)
-	key1, _      = btcec.ParsePubKey(key1Bytes)
-	key2Bytes, _ = hex.DecodeString(
-		"038b88de18064024e9da4dfc9c804283b3077a265dcd73ad3615b50badcb" +
-			"debd5b",
-	)
-	key2, _ = btcec.ParsePubKey(key2Bytes)
-	addr    = "bc1qp5jnhnavt32fjwhnf5ttpvvym7e0syp79q5l9skz545q62d8u2uq05" +
-		"ul63"
-)
-
 func TestMatchScript(t *testing.T) {
-	ok, _, _, err := matchScript(addr, key1, key2, &chaincfg.MainNetParams)
-	require.NoError(t, err)
-	require.True(t, ok)
+	testCases := []struct {
+		key1   string
+		key2   string
+		addr   string
+		params *chaincfg.Params
+	}{{
+		key1:   "0201943d78d61c8ad50ba57164830f536c156d8d89d979448bef3e67f564ea0ab6",
+		key2:   "038b88de18064024e9da4dfc9c804283b3077a265dcd73ad3615b50badcbdebd5b",
+		addr:   "bc1qp5jnhnavt32fjwhnf5ttpvvym7e0syp79q5l9skz545q62d8u2uq05ul63",
+		params: &chaincfg.MainNetParams,
+	}, {
+		key1:   "03585d8e760bd0925da67d9c22a69dcad9f51f90a39f9a681971268555975ea30d",
+		key2:   "0326a2171c97673cc8cd7a04a043f0224c59591fc8c9de320a48f7c9b68ab0ae2b",
+		addr:   "bcrt1qhcn39q6jc0krkh9va230y2z6q96zadt8fhxw3erv92fzlrw83cyq40nwek",
+		params: &chaincfg.RegressionNetParams,
+	}}
+
+	for _, tc := range testCases {
+		key1Bytes, err := hex.DecodeString(tc.key1)
+		require.NoError(t, err)
+		key1, err := btcec.ParsePubKey(key1Bytes)
+		require.NoError(t, err)
+
+		key2Bytes, err := hex.DecodeString(tc.key2)
+		require.NoError(t, err)
+		key2, err := btcec.ParsePubKey(key2Bytes)
+		require.NoError(t, err)
+
+		ok, _, err := matchScript(tc.addr, key1, key2, tc.params)
+		require.NoError(t, err)
+		require.True(t, ok)
+	}
 }