keychain/derivation: adds watchtower session key family

2019-04-23 20:03:48 -07:00 · 2019-04-23 20:03:48 -07:00 · 2f9f46cf24
commit 2f9f46cf24
parent 3af6eafc8e
2 changed files with 30 additions and 0 deletions
--- a/keychain/derivation.go
+++ b/keychain/derivation.go
@ -90,6 +90,12 @@ const (
 	// a payment, or self stored on disk in a single file containing all
 	// the static channel backups.
 	KeyFamilyStaticBackup KeyFamily = 7
+
+	// KeyFamilyTowerSession is the family of keys that will be used to
+	// derive session keys when negotiating sessions with watchtowers. The
+	// session keys are limited to the lifetime of the session and are used
+	// to increase privacy in the watchtower protocol.
+	KeyFamilyTowerSession KeyFamily = 8
 )

 // KeyLocator is a two-tuple that can be used to derive *any* key that has ever
--- a/watchtower/wtclient/derivation.go
+++ b/watchtower/wtclient/derivation.go
@ -0,0 +1,24 @@
+package wtclient
+
+import (
+	"github.com/btcsuite/btcd/btcec"
+	"github.com/lightningnetwork/lnd/keychain"
+)
+
+// DeriveSessionKey accepts an session key index for an existing session and
+// derives the HD private key to be used to authenticate the brontide transport
+// and authenticate requests sent to the tower. The key will use the
+// keychain.KeyFamilyTowerSession and the provided index, giving a BIP43
+// derivation path of:
+//
+//  * m/1017'/coinType'/8/0/index
+func DeriveSessionKey(keyRing SecretKeyRing,
+	index uint32) (*btcec.PrivateKey, error) {
+
+	return keyRing.DerivePrivKey(keychain.KeyDescriptor{
+		KeyLocator: keychain.KeyLocator{
+			Family: keychain.KeyFamilyTowerSession,
+			Index:  index,
+		},
+	})
+}