Add OurPeerStorage for serialized Peer Storage backups

adi2011 · adi2011 · commit a743beacedf2 · 2025-05-22T10:00:18.000+05:30
Introduce the OurPeerStorage struct to manage serialized channel data for peer storage backups.
This struct facilitates the distribution of peer storage to channel partners and includes
versioning and timestamping for comparison between retrieved peer storage instances.

 - Add the OurPeerStorage struct with fields for version, timestamp, and serialized channel data (ser_channels).
 - Implement methods to encrypt and decrypt peer storage securely.
 - Add functionality to update channel data within OurPeerStorage.
diff --git a/fuzz/src/full_stack.rs b/fuzz/src/full_stack.rs
@@ -56,8 +56,9 @@ use lightning::routing::router::{
 	InFlightHtlcs, PaymentParameters, Route, RouteParameters, Router,
 };
 use lightning::routing::utxo::UtxoLookup;
-use lightning::sign::PeerStorageKey;
-use lightning::sign::{EntropySource, InMemorySigner, NodeSigner, Recipient, SignerProvider};
+use lightning::sign::{
+	EntropySource, InMemorySigner, NodeSigner, PeerStorageKey, Recipient, SignerProvider,
+};
 use lightning::types::payment::{PaymentHash, PaymentPreimage, PaymentSecret};
 use lightning::util::config::{ChannelConfig, UserConfig};
 use lightning::util::errors::APIError;
diff --git a/lightning/src/ln/mod.rs b/lightning/src/ln/mod.rs
@@ -24,6 +24,7 @@ pub mod chan_utils;
 mod features;
 pub mod script;
 pub mod types;
+pub mod our_peer_storage;
 
 // TODO: These modules were moved from lightning-invoice and need to be better integrated into this
 // crate now:
diff --git a/lightning/src/ln/our_peer_storage.rs b/lightning/src/ln/our_peer_storage.rs
@@ -0,0 +1,186 @@
+// This file is Copyright its original authors, visible in version control
+// history.
+//
+// This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
+// or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
+// You may not use this file except in accordance with one or both of these
+// licenses.
+
+//! `DecryptedOurPeerStorage` enables storage of encrypted serialized channel data.
+//! It provides encryption of data to maintain data integrity and
+//! security during transmission.
+
+use bitcoin::hashes::sha256::Hash as Sha256;
+use bitcoin::hashes::{Hash, HashEngine, Hmac, HmacEngine};
+
+use crate::sign::PeerStorageKey;
+
+use crate::crypto::chacha20poly1305rfc::ChaCha20Poly1305RFC;
+use crate::prelude::*;
+
+/// [`DecryptedOurPeerStorage`] is used to store serialised channel information that allows for the creation of a
+/// `peer_storage` backup.
+///
+/// This structure is designed to serialize channel data for backup and supports encryption
+/// using `ChaCha20Poly1305RFC` for transmission.
+///
+/// # Key Methods
+/// - [`DecryptedOurPeerStorage::new`]: Returns [`DecryptedOurPeerStorage`] with the given data.
+/// - [`DecryptedOurPeerStorage::encrypt`]: Returns [`EncryptedOurPeerStorage`] created from encrypting the provided data.
+/// - [`DecryptedOurPeerStorage::into_vec`]: Returns the data in [`Vec<u8>`] format.
+///
+/// ## Example
+/// ```
+/// use lightning::ln::our_peer_storage::DecryptedOurPeerStorage;
+/// use lightning::sign::{KeysManager, NodeSigner};
+/// let seed = [1u8; 32];
+/// let keys_mgr = KeysManager::new(&seed, 42, 42);
+/// let key = keys_mgr.get_peer_storage_key();
+/// let decrypted_ops = DecryptedOurPeerStorage::new(vec![1, 2, 3]);
+/// let our_peer_storage = decrypted_ops.encrypt(&key, [0u8; 32]);
+/// let decrypted_data = our_peer_storage.decrypt(&key).unwrap();
+/// assert_eq!(decrypted_data.into_vec(), vec![1, 2, 3]);
+/// ```
+pub struct DecryptedOurPeerStorage {
+	data: Vec<u8>,
+}
+
+impl DecryptedOurPeerStorage {
+	/// Returns [`DecryptedOurPeerStorage`] with the given data.
+	pub fn new(data: Vec<u8>) -> Self {
+		Self { data }
+	}
+
+	/// Returns data stored in [`Vec<u8>`] format.
+	pub fn into_vec(self) -> Vec<u8> {
+		self.data
+	}
+
+	/// Encrypts the data inside [`DecryptedOurPeerStorage`] using [`PeerStorageKey`] and `random_bytes`
+	/// and returns [`EncryptedOurPeerStorage`].
+	pub fn encrypt(self, key: &PeerStorageKey, random_bytes: [u8; 32]) -> EncryptedOurPeerStorage {
+		let mut data = self.data;
+		let plaintext_len = data.len();
+		let nonce = derive_nonce(key, &random_bytes);
+
+		let mut chacha = ChaCha20Poly1305RFC::new(&key.inner, &nonce, b"");
+		let mut tag = [0; 16];
+		chacha.encrypt_full_message_in_place(&mut data[0..plaintext_len], &mut tag);
+
+		data.extend_from_slice(&tag);
+
+		// Prepend `random_bytes` in front of the encrypted_blob.
+		data.splice(0..0, random_bytes);
+
+		EncryptedOurPeerStorage { cipher: data }
+	}
+}
+
+/// [`EncryptedOurPeerStorage`] represents encrypted state of the corresponding [`DecryptedOurPeerStorage`].
+///
+/// # Key Methods
+/// - [`EncryptedOurPeerStorage::new`]: Returns [`EncryptedOurPeerStorage`] with the given encrypted cipher.
+/// - [`EncryptedOurPeerStorage::decrypt`]: Returns [`DecryptedOurPeerStorage`] created from decrypting the cipher.
+/// - [`EncryptedOurPeerStorage::into_vec`]: Returns the cipher in [`Vec<u8>`] format.
+pub struct EncryptedOurPeerStorage {
+	cipher: Vec<u8>,
+}
+
+impl EncryptedOurPeerStorage {
+	// Ciphertext is of the form: random_bytes(32 bytes) + encrypted_data + tag(16 bytes).
+	const MIN_CIPHERTEXT_LEN: usize = 32 + 16;
+
+	/// Returns [`EncryptedOurPeerStorage`] if cipher is of appropriate length, else returns error.
+	pub fn new(cipher: Vec<u8>) -> Result<Self, ()> {
+		if cipher.len() < Self::MIN_CIPHERTEXT_LEN {
+			return Err(());
+		}
+		return Ok(Self { cipher });
+	}
+
+	/// Returns cipher in the format [`Vec<u8>`].
+	pub fn into_vec(self) -> Vec<u8> {
+		self.cipher
+	}
+
+	/// Returns [`DecryptedOurPeerStorage`] if it successfully decrypts the ciphertext with the `key`,
+	/// else returns error.
+	pub fn decrypt(self, key: &PeerStorageKey) -> Result<DecryptedOurPeerStorage, ()> {
+		let mut cipher = self.cipher;
+		let cyphertext_len = cipher.len();
+
+		if cipher.len() < Self::MIN_CIPHERTEXT_LEN {
+			return Err(());
+		}
+
+		// Ciphertext is of the form: random_bytes(32 bytes) + encrypted_data + tag(16 bytes).
+		let (data_mut, tag) = cipher.split_at_mut(cyphertext_len - 16);
+		let (random_bytes, encrypted_data) = data_mut.split_at_mut(32);
+
+		let nonce = derive_nonce(key, random_bytes);
+
+		let mut chacha = ChaCha20Poly1305RFC::new(&key.inner, &nonce, b"");
+
+		if chacha.check_decrypt_in_place(encrypted_data, tag).is_err() {
+			return Err(());
+		}
+
+		cipher.truncate(cyphertext_len - 16);
+		cipher.drain(0..32);
+
+		Ok(DecryptedOurPeerStorage { data: cipher })
+	}
+}
+
+/// Nonce for encryption and decryption: Hmac(Sha256(key) + random_bytes).
+fn derive_nonce(key: &PeerStorageKey, random_bytes: &[u8]) -> [u8; 12] {
+	let key_hash = Sha256::const_hash(&key.inner);
+
+	let mut hmac = HmacEngine::<Sha256>::new(key_hash.as_byte_array());
+	hmac.input(&random_bytes);
+	let mut nonce = [0u8; 12];
+	// First 4 bytes of the nonce should be 0.
+	nonce[4..].copy_from_slice(&Hmac::from_engine(hmac).to_byte_array()[0..8]);
+
+	nonce
+}
+
+#[cfg(test)]
+mod tests {
+	use crate::ln::our_peer_storage::{derive_nonce, DecryptedOurPeerStorage};
+	use crate::sign::PeerStorageKey;
+
+	#[test]
+	fn test_peer_storage_encryption_decryption() {
+		let key1 = PeerStorageKey { inner: [0u8; 32] };
+		let key2 = PeerStorageKey { inner: [1u8; 32] };
+		let random_bytes1 = [200; 32];
+		let random_bytes2 = [201; 32];
+
+		// Happy Path
+		let decrypted_ops = DecryptedOurPeerStorage::new(vec![42u8; 32]);
+		let decrypted_ops_res: DecryptedOurPeerStorage =
+			decrypted_ops.encrypt(&key1, random_bytes1).decrypt(&key1).unwrap();
+		assert_eq!(decrypted_ops_res.into_vec(), vec![42u8; 32]);
+
+		// Changing Key
+		let decrypted_ops_wrong_key = DecryptedOurPeerStorage::new(vec![42u8; 32]);
+		let decrypted_ops_wrong_key_res =
+			decrypted_ops_wrong_key.encrypt(&key2, random_bytes2).decrypt(&key1);
+		assert!(decrypted_ops_wrong_key_res.is_err());
+
+		// Nonce derivation happy path
+		let nonce = derive_nonce(&key1, &random_bytes1);
+		let nonce_happy_path = derive_nonce(&key1, &random_bytes1);
+		assert_eq!(nonce, nonce_happy_path);
+
+		// Nonce derivation with different `random_bytes` & `key`
+		let nonce_diff_random_bytes = derive_nonce(&key1, &random_bytes2);
+		let nonce_diff_key = derive_nonce(&key2, &random_bytes1);
+		let nonce_diff_key_random_bytes = derive_nonce(&key2, &random_bytes2);
+		assert_ne!(nonce, nonce_diff_random_bytes);
+		assert_ne!(nonce, nonce_diff_key);
+		assert_ne!(nonce, nonce_diff_key_random_bytes);
+	}
+}
diff --git a/lightning/src/sign/mod.rs b/lightning/src/sign/mod.rs
@@ -796,7 +796,7 @@ pub trait ChannelSigner {
 	fn channel_keys_id(&self) -> [u8; 32];
 }
 
-/// Represents Secret Key used for encrypting Peer Storage.
+/// Represents the secret key material used for encrypting Peer Storage.
 #[derive(Clone, Copy, PartialEq, Eq)]
 pub struct PeerStorageKey {
 	/// In chanmon_consistency we derive this key.

Original file line number	Diff line number	Diff line change
`@@ -796,7 +796,7 @@ pub trait ChannelSigner {`
`796`	`796`	`fn channel_keys_id(&self) -> [u8; 32];`
`797`	`797`	`}`
`798`	`798`
`799`		`-/// Represents Secret Key used for encrypting Peer Storage.`
	`799`	`+/// Represents the secret key material used for encrypting Peer Storage.`
`800`	`800`	`#[derive(Clone, Copy, PartialEq, Eq)]`
`801`	`801`	`pub struct PeerStorageKey {`
`802`	`802`	`/// In chanmon_consistency we derive this key.`