cln: add CLN node key derivation

Author: guggero

cln/derivation.go

@@ -9,11 +9,24 @@ import (
 )
 
 var (
+	InfoNodeID     = []byte("nodeid")
 	InfoPeerSeed   = []byte("peer seed")
 	InfoPerPeer    = []byte("per-peer seed")
 	InfoCLightning = []byte("c-lightning")
 )
 
+// NodeKey derives a CLN node key from the given HSM secret.
+func NodeKey(hsmSecret [32]byte) (*btcec.PublicKey, error) {
+	salt := make([]byte, 4)
+	privKeyBytes, err := HkdfSha256(hsmSecret[:], salt, InfoNodeID)
+	if err != nil {
+		return nil, err
+	}
+
+	_, pubKey := btcec.PrivKeyFromBytes(privKeyBytes[:])
+	return pubKey, nil
+}
+
 // FundingKey derives a CLN channel funding key for the given peer and channel
 // number (incrementing database index).
 func FundingKey(hsmSecret [32]byte, peerPubKey *btcec.PublicKey,

cln/derivation_test.go

@@ -15,6 +15,11 @@ var (
 		0xbf, 0x72, 0xbe, 0xb4, 0x30, 0xe5, 0x9e, 0x71,
 		0xb5, 0xac, 0x5a, 0x73, 0x58, 0x1a, 0x62, 0x70,
 	}
+	nodeKeyBytes, _ = hex.DecodeString(
+		"035149629152c1bee83f1e148a51400b5f24bf3e2ca53384dd801418446e" +
+			"1f53fe",
+	)
+
 	peerPubKeyBytes, _ = hex.DecodeString(
 		"02678187ca43e6a6f62f9185be98a933bf485313061e6a05578bbd83c54e" +
 			"88d460",
@@ -27,6 +32,13 @@ var (
 	)
 )
 
+func TestNodeKey(t *testing.T) {
+	nodeKey, err := NodeKey(hsmSecret)
+	require.NoError(t, err)
+
+	require.Equal(t, nodeKeyBytes, nodeKey.SerializeCompressed())
+}
+
 func TestFundingKey(t *testing.T) {
 	fundingKey, err := FundingKey(hsmSecret, peerPubKey, 1)
 	require.NoError(t, err)