multi: add DeriveSharedKey to key ring

We'll need to be able to derive a shared key using ECDH against a wallet
key (while supporting remote signing) for the ECIES encryption in part 4
of the on-chain group key address support PR series.
We can prepare for that by adding the already exising RPC method to the
lnd key ring.

Author: guggero

key_ring.go

@@ -2,8 +2,10 @@ package taprootassets
 
 import (
 	"context"
+	"crypto/sha256"
 	"fmt"
 
+	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/lightninglabs/lndclient"
 	"github.com/lightninglabs/taproot-assets/asset"
 	"github.com/lightninglabs/taproot-assets/tapgarden"
@@ -88,6 +90,23 @@ func (l *LndRpcKeyRing) IsLocalKey(ctx context.Context,
 	return derived.PubKey.IsEqual(desc.PubKey)
 }
 
+// DeriveSharedKey returns a shared secret key by performing
+// Diffie-Hellman key derivation between the ephemeral public key and
+// the key specified by the key locator (or the node's identity private
+// key if no key locator is specified):
+//
+//	P_shared = privKeyNode * ephemeralPubkey
+//
+// The resulting shared public key is serialized in the compressed
+// format and hashed with SHA256, resulting in a final key length of 256
+// bits.
+func (l *LndRpcKeyRing) DeriveSharedKey(ctx context.Context,
+	ephemeralPubKey *btcec.PublicKey,
+	keyLocator *keychain.KeyLocator) ([sha256.Size]byte, error) {
+
+	return l.lnd.Signer.DeriveSharedKey(ctx, ephemeralPubKey, keyLocator)
+}
+
 // A compile time assertion to ensure LndRpcKeyRing meets the
 // tapgarden.KeyRing interface.
 var _ tapgarden.KeyRing = (*LndRpcKeyRing)(nil)

tapgarden/interface.go

@@ -2,6 +2,7 @@ package tapgarden
 
 import (
 	"context"
+	"crypto/sha256"
 	"errors"
 	"fmt"
 
@@ -402,6 +403,19 @@ type KeyRing interface {
 	// IsLocalKey returns true if the key is under the control of the wallet
 	// and can be derived by it.
 	IsLocalKey(context.Context, keychain.KeyDescriptor) bool
+
+	// DeriveSharedKey returns a shared secret key by performing
+	// Diffie-Hellman key derivation between the ephemeral public key and
+	// the key specified by the key locator (or the node's identity private
+	// key if no key locator is specified):
+	//
+	//	P_shared = privKeyNode * ephemeralPubkey
+	//
+	// The resulting shared public key is serialized in the compressed
+	// format and hashed with SHA256, resulting in a final key length of 256
+	// bits.
+	DeriveSharedKey(context.Context, *btcec.PublicKey,
+		*keychain.KeyLocator) ([sha256.Size]byte, error)
 }
 
 var (

tapgarden/mock.go

@@ -3,6 +3,7 @@ package tapgarden
 import (
 	"bytes"
 	"context"
+	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
 	"math/rand"
@@ -972,6 +973,28 @@ func (m *MockKeyRing) ScriptKeyAt(t *testing.T, idx uint32) asset.ScriptKey {
 	})
 }
 
+func (m *MockKeyRing) DeriveSharedKey(_ context.Context, key *btcec.PublicKey,
+	locator *keychain.KeyLocator) ([sha256.Size]byte, error) {
+
+	if locator == nil {
+		return [32]byte{}, fmt.Errorf("locator is nil")
+	}
+
+	m.RLock()
+	defer m.RUnlock()
+
+	priv, ok := m.Keys[*locator]
+	if !ok {
+		return [32]byte{}, fmt.Errorf("script key not found at index "+
+			"%d", locator.Index)
+	}
+
+	ecdh := &keychain.PrivKeyECDH{
+		PrivKey: priv,
+	}
+	return ecdh.ECDH(key)
+}
+
 type MockGenSigner struct {
 	KeyRing     *MockKeyRing
 	failSigning atomic.Bool