Revert to using hkdf

G8XSU · G8XSU · commit aff49368cd3d · 2024-10-17T01:44:05.000-07:00
diff --git a/src/io/vss_store.rs b/src/io/vss_store.rs
@@ -6,9 +6,7 @@
 // accordance with one or both of these licenses.
 
 use crate::io::utils::check_namespace_key_validity;
-use bitcoin::bip32::{ChildNumber, Xpriv};
-use bitcoin::secp256k1::Secp256k1;
-use bitcoin::Network;
+use bitcoin::hashes::{sha256, Hash, HashEngine, Hmac, HmacEngine};
 use lightning::io::{self, Error, ErrorKind};
 use lightning::util::persist::KVStore;
 use prost::Message;
@@ -48,27 +46,14 @@ pub struct VssStore {
 	key_obfuscator: KeyObfuscator,
 }
 
-// Used to derive `data_encryption_key` from `vss_seed`, which is then used by the `StorableBuilder`.
-const DATA_ENCRYPTION_KEY_DERIVATION_INDEX: u32 = 1;
-
-// Used to derive `obfuscation_master_key` from `vss_seed`, which is then used by the `KeyObfuscator`.
-const OBFUSCATION_KEY_DERIVATION_INDEX: u32 = 2;
-
 impl VssStore {
 	pub(crate) fn new(
 		base_url: String, store_id: String, vss_seed: [u8; 32],
 		header_provider: Arc<dyn VssHeaderProvider>,
 	) -> io::Result<Self> {
 		let runtime = tokio::runtime::Builder::new_multi_thread().enable_all().build()?;
-		// The selected bitcoin network doesn't matter here.
-		let vss_master_xprv = Xpriv::new_master(Network::Bitcoin, &vss_seed).map_err(|e| {
-			let msg = format!("Failed to create Vss master key, error: {}", e);
-			io::Error::new(ErrorKind::Other, msg)
-		})?;
-		let data_encryption_key =
-			derive_hardened_key(&vss_master_xprv, DATA_ENCRYPTION_KEY_DERIVATION_INDEX)?;
-		let obfuscation_master_key =
-			derive_hardened_key(&vss_master_xprv, OBFUSCATION_KEY_DERIVATION_INDEX)?;
+		let (data_encryption_key, obfuscation_master_key) =
+			derive_data_encryption_and_obfuscation_keys(&vss_seed);
 		let key_obfuscator = KeyObfuscator::new(obfuscation_master_key);
 		let storable_builder = StorableBuilder::new(data_encryption_key, RandEntropySource);
 		let retry_policy = ExponentialBackoffRetryPolicy::new(Duration::from_millis(10))
@@ -248,18 +233,17 @@ impl KVStore for VssStore {
 	}
 }
 
-fn derive_hardened_key(vss_seed: &Xpriv, index: u32) -> io::Result<[u8; 32]> {
-	let derived_key_xprv = vss_seed
-		.derive_priv(&Secp256k1::new(), &[ChildNumber::Hardened { index }])
-		.map_err(|e| {
-			let msg = format!(
-				"Failed to derive an extended private key from VSS seed with index: {}, error: {}",
-				index, e
-			);
-			Error::new(ErrorKind::Other, msg)
-		})?;
-	let derived_key = derived_key_xprv.private_key.secret_bytes();
-	Ok(derived_key)
+fn derive_data_encryption_and_obfuscation_keys(vss_seed: &[u8; 32]) -> ([u8; 32], [u8; 32]) {
+	let hkdf = |initial_key_material: &[u8], salt: &[u8]| -> [u8; 32] {
+		let mut engine = HmacEngine::<sha256::Hash>::new(salt);
+		engine.input(initial_key_material);
+		Hmac::from_engine(engine).to_byte_array()
+	};
+
+	let prk = hkdf(vss_seed, "pseudo_random_key".as_bytes());
+	let k1 = hkdf(&prk, "data_encryption_key".as_bytes());
+	let k2 = hkdf(&prk, &[&k1[..], "obfuscation_key".as_bytes()].concat());
+	(k1, k2)
 }
 
 /// A source for generating entropy/randomness using [`rand`].
