keystore: move keystore_secp256k1_pubkey_hash160 to Rust

benma · benma · commit 1f109dea81be · 2022-12-27T00:03:55.000+01:00
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -319,7 +319,6 @@ add_custom_target(rust-bindgen
     --allowlist-function keystore_bip39_mnemonic_to_seed
     --allowlist-function keystore_get_root_fingerprint
     --allowlist-function keystore_mock_unlocked
-    --allowlist-function keystore_secp256k1_pubkey_hash160
     --allowlist-var EC_PUBLIC_KEY_UNCOMPRESSED_LEN
     --allowlist-var EC_PUBLIC_KEY_LEN
     --allowlist-function keystore_encode_xpub_at_keypath
diff --git a/src/keystore.c b/src/keystore.c
@@ -569,19 +569,6 @@ static bool _compressed_to_uncompressed(const uint8_t* pubkey_bytes, uint8_t* un
     return true;
 }
 
-bool keystore_secp256k1_pubkey_hash160(
-    const uint32_t* keypath,
-    size_t keypath_len,
-    uint8_t* hash160_out)
-{
-    struct ext_key xpub __attribute__((__cleanup__(keystore_zero_xkey))) = {0};
-    if (!keystore_get_xpub(keypath, keypath_len, &xpub)) {
-        return false;
-    }
-    memcpy(hash160_out, xpub.hash160, sizeof(xpub.hash160));
-    return true;
-}
-
 bool keystore_secp256k1_pubkey_uncompressed(
     const uint32_t* keypath,
     size_t keypath_len,
diff --git a/src/keystore.h b/src/keystore.h
@@ -175,18 +175,6 @@ void keystore_zero_xkey(struct ext_key* xkey);
  */
 USE_RESULT bool keystore_get_bip39_word(uint16_t idx, char** word_out);
 
-/**
- * Return the hash160 of the secp256k1 public key at the keypath.
- * @param[in] keypath derivation keypath
- * @param[in] keypath_len size of keypath buffer
- * @param[out] hash160_out serialized output. Must be HASH160_LEN bytes.
- * @return true on success, false if the keystore is locked or the input is invalid.
- */
-USE_RESULT bool keystore_secp256k1_pubkey_hash160(
-    const uint32_t* keypath,
-    size_t keypath_len,
-    uint8_t* hash160_out);
-
 /**
  * Return the serialized secp256k1 public key at the keypath, in uncompressed format.
  * @param[in] keypath derivation keypath
diff --git a/src/rust/bitbox02-rust/Cargo.toml b/src/rust/bitbox02-rust/Cargo.toml
@@ -38,7 +38,7 @@ zeroize = "1.5.5"
 num-bigint = { version = "0.4.3", default-features = false, optional = true }
 num-traits = { version = "0.2", default-features = false, optional = true }
 bip32-ed25519 = { git = "https://github.com/digitalbitbox/rust-bip32-ed25519", tag = "v0.1.0", optional = true }
-bs58 = { version = "0.4.0", default-features = false, features = ["alloc", "check"], optional = true }
+bs58 = { version = "0.4.0", default-features = false, features = ["alloc", "check"] }
 bech32 = { version = "0.8.1", default-features = false, optional = true }
 blake2 = { version = "0.10.5", default-features = false, optional = true }
 minicbor = { version = "0.18.0", default-features = false, features = ["alloc"], optional = true }
@@ -78,14 +78,12 @@ app-ethereum = [
 
 app-bitcoin = [
   # enable these dependencies
-  "bs58",
   "bech32",
   # enable this feature in the deps
   "bitbox02/app-bitcoin",
 ]
 app-litecoin = [
   # enable these dependencies
-  "bs58",
   "bech32",
   # enable this feature in the deps
   "bitbox02/app-litecoin",
@@ -100,7 +98,6 @@ app-cardano = [
   # enable these deps
   "bech32",
   "blake2",
-  "bs58",
   "minicbor",
   "crc",
 
diff --git a/src/rust/bitbox02-rust/src/bip32.rs b/src/rust/bitbox02-rust/src/bip32.rs
@@ -61,9 +61,12 @@ pub fn serialize_xpub_str(xpub: &pb::XPub, xpub_type: XPubType) -> Result<String
         .into_string())
 }
 
-#[cfg(test)]
+/// Parses a Base58Check-encoded xpub string. The 4 version bytes are not checked and discarded.
 pub fn parse_xpub(xpub: &str) -> Result<pb::XPub, ()> {
-    let decoded = bs58::decode(xpub).into_vec().or(Err(()))?;
+    let decoded = bs58::decode(xpub).with_check(None).into_vec().or(Err(()))?;
+    if decoded.len() != 78 {
+        return Err(());
+    }
     Ok(pb::XPub {
         depth: decoded[4..5].to_vec(),
         parent_fingerprint: decoded[5..9].to_vec(),
diff --git a/src/rust/bitbox02-rust/src/hww/api/bitcoin/common.rs b/src/rust/bitbox02-rust/src/hww/api/bitcoin/common.rs
@@ -77,14 +77,14 @@ impl Payload {
     ) -> Result<Self, Error> {
         match simple_type {
             SimpleType::P2wpkh => Ok(Payload {
-                data: keystore::secp256k1_pubkey_hash160(keypath)?.to_vec(),
+                data: crate::keystore::secp256k1_pubkey_hash160(keypath)?,
                 output_type: BtcOutputType::P2wpkh,
             }),
             SimpleType::P2wpkhP2sh => {
                 let payload_p2wpkh = Payload::from_simple(params, SimpleType::P2wpkh, keypath)?;
                 let pkscript_p2wpkh = payload_p2wpkh.pk_script(params)?;
                 Ok(Payload {
-                    data: bitbox02::app_btc::hash160(&pkscript_p2wpkh).to_vec(),
+                    data: bitbox02::hash160(&pkscript_p2wpkh).to_vec(),
                     output_type: BtcOutputType::P2sh,
                 })
             }
@@ -134,7 +134,7 @@ impl Payload {
             pb::btc_script_config::multisig::ScriptType::P2wshP2sh => {
                 let pkscript_p2wsh = payload_p2wsh.pk_script(params)?;
                 Ok(Payload {
-                    data: bitbox02::app_btc::hash160(&pkscript_p2wsh).to_vec(),
+                    data: bitbox02::hash160(&pkscript_p2wsh).to_vec(),
                     output_type: BtcOutputType::P2sh,
                 })
             }
diff --git a/src/rust/bitbox02-rust/src/hww/api/bitcoin/signtx.rs b/src/rust/bitbox02-rust/src/hww/api/bitcoin/signtx.rs
@@ -275,7 +275,7 @@ fn sighash_script(
                 | pb::btc_script_config::SimpleType::P2wpkh => {
                     // See https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki#specification, item 5:
                     // > For P2WPKH witness program, the scriptCode is 0x1976a914{20-byte-pubkey-hash}88ac.
-                    let pubkey_hash160 = bitbox02::keystore::secp256k1_pubkey_hash160(keypath)?;
+                    let pubkey_hash160 = crate::keystore::secp256k1_pubkey_hash160(keypath)?;
                     let mut result = Vec::<u8>::new();
                     result.extend_from_slice(b"\x76\xa9\x14");
                     result.extend_from_slice(&pubkey_hash160);
diff --git a/src/rust/bitbox02-rust/src/keystore.rs b/src/rust/bitbox02-rust/src/keystore.rs
@@ -14,3 +14,105 @@
 
 #[cfg(feature = "ed25519")]
 pub mod ed25519;
+
+use super::pb;
+
+use alloc::vec::Vec;
+
+use crate::bip32;
+use bitbox02::keystore;
+
+/// Derives an xpub from the keystore seed at the given keypath.
+pub fn get_xpub(keypath: &[u32]) -> Result<pb::XPub, ()> {
+    // Convert from C keystore to Rust by encoding the xpub in C and decoding it in Rust. Would be a
+    // bit better to encode/decoding using the raw 78 bytes, not the base58Check encoding.
+    bip32::parse_xpub(&keystore::encode_xpub_at_keypath(
+        keypath,
+        keystore::xpub_type_t::XPUB,
+    )?)
+}
+
+/// Return the hash160 of the secp256k1 public key at the keypath.
+pub fn secp256k1_pubkey_hash160(keypath: &[u32]) -> Result<Vec<u8>, ()> {
+    let xpub = get_xpub(keypath)?;
+    Ok(bitbox02::hash160(&xpub.public_key).to_vec())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    use bitbox02::testing::{mock_unlocked, mock_unlocked_using_mnemonic};
+    use util::bip32::HARDENED;
+
+    #[test]
+    fn test_get_xpub() {
+        let keypath = &[44 + HARDENED, 0 + HARDENED, 0 + HARDENED];
+
+        keystore::lock();
+        assert!(get_xpub(keypath).is_err());
+
+        // 24 words
+        mock_unlocked_using_mnemonic("sleep own lobster state clean thrive tail exist cactus bitter pass soccer clinic riot dream turkey before sport action praise tunnel hood donate man");
+        assert_eq!(
+            bip32::serialize_xpub_str(
+                &get_xpub(&[]).unwrap(),
+                bip32::XPubType::Xpub
+            )
+            .unwrap(),
+            "xpub661MyMwAqRbcEhX8d9WJh78SZrxusAzWFoykz4n5CF75uYRzixw5FZPUSoWyhaaJ1bpiPFdzdHSQqJN38PcTkyrLmxT4J2JDYfoGJQ4ioE2",
+        );
+        assert_eq!(
+            bip32::serialize_xpub_str(
+                &get_xpub(keypath).unwrap(),
+                bip32::XPubType::Xpub
+            )
+            .unwrap(),
+            "xpub6Cj6NNCGj2CRPHvkuEG1rbW3nrNCAnLjaoTg1P67FCGoahSsbg9WQ7YaMEEP83QDxt2kZ3hTPAPpGdyEZcfAC1C75HfR66UbjpAb39f4PnG",
+        );
+
+        // 18 words
+        mock_unlocked_using_mnemonic("sleep own lobster state clean thrive tail exist cactus bitter pass soccer clinic riot dream turkey before subject");
+        assert_eq!(
+            bip32::serialize_xpub_str(
+                &get_xpub(keypath).unwrap(),
+                bip32::XPubType::Xpub
+            )
+            .unwrap(),
+            "xpub6C7fKxGtTzEVxCC22U2VHx4GpaVy77DzU6KdZ1CLuHgoUGviBMWDc62uoQVxqcRa5RQbMPnffjpwxve18BG81VJhJDXnSpRe5NGKwVpXiAb",
+        );
+
+        // 12 words
+        mock_unlocked_using_mnemonic(
+            "sleep own lobster state clean thrive tail exist cactus bitter pass sniff",
+        );
+        assert_eq!(
+            bip32::serialize_xpub_str(
+                &get_xpub(keypath).unwrap(),
+                bip32::XPubType::Xpub
+            )
+            .unwrap(),
+            "xpub6DLvpzjKpJ8k4xYrWYPmZQkUe9dkG1eRig2v6Jz4iYgo8hcpHWx87gGoCGDaB2cHFZ3ExUfe1jDiMu7Ch6gA4ULCBhvwZj29mHCPYSux3YV",
+        )
+    }
+
+    #[test]
+    fn test_secp256k1_pubkey_hash160() {
+        let keypath = &[84 + HARDENED, HARDENED, HARDENED, 0, 0];
+
+        keystore::lock();
+        assert!(secp256k1_pubkey_hash160(keypath).is_err());
+
+        mock_unlocked();
+        assert_eq!(
+            secp256k1_pubkey_hash160(keypath).unwrap(),
+            *b"\xb5\x12\x5c\xec\xa0\xc1\xc8\x90\xda\x07\x9a\x12\x88\xdc\xf7\x7a\xa6\xac\xc4\x99"
+        );
+
+        mock_unlocked_using_mnemonic("sleep own lobster state clean thrive tail exist cactus bitter pass soccer clinic riot dream turkey before sport action praise tunnel hood donate man");
+        assert_eq!(
+            secp256k1_pubkey_hash160(&[44 + HARDENED, 0 + HARDENED, 0 + HARDENED, 1, 2]).unwrap(),
+            *b"\xe5\xf8\x9a\xb6\x54\x37\x44\xf7\x8f\x15\x86\x7c\x43\x06\xee\x86\x6b\xb1\x1d\xf9"
+        );
+    }
+}
diff --git a/src/rust/bitbox02-rust/src/lib.rs b/src/rust/bitbox02-rust/src/lib.rs
@@ -30,7 +30,6 @@ pub mod async_usb;
 pub mod attestation;
 pub mod backup;
 pub mod bb02_async;
-#[cfg(any(feature = "app-bitcoin", feature = "app-litecoin"))]
 mod bip32;
 pub mod hww;
 pub mod keystore;
diff --git a/src/rust/bitbox02/src/app_btc.rs b/src/rust/bitbox02/src/app_btc.rs
@@ -37,16 +37,3 @@ pub fn pkscript_from_multisig(
         false => Err(()),
     }
 }
-
-pub fn hash160(data: &[u8]) -> [u8; 20] {
-    let mut out = [0u8; 20];
-    unsafe {
-        bitbox02_sys::wally_hash160(
-            data.as_ptr(),
-            data.len() as _,
-            out.as_mut_ptr(),
-            out.len() as _,
-        );
-    }
-    out
-}
diff --git a/src/rust/bitbox02/src/keystore.rs b/src/rust/bitbox02/src/keystore.rs
@@ -328,20 +328,6 @@ pub fn secp256k1_schnorr_bip86_sign(keypath: &[u32], msg: &[u8; 32]) -> Result<[
     }
 }
 
-pub fn secp256k1_pubkey_hash160(keypath: &[u32]) -> Result<[u8; 20], ()> {
-    let mut pubkey_hash = [0u8; 20];
-    match unsafe {
-        bitbox02_sys::keystore_secp256k1_pubkey_hash160(
-            keypath.as_ptr(),
-            keypath.len() as _,
-            pubkey_hash.as_mut_ptr(),
-        )
-    } {
-        true => Ok(pubkey_hash),
-        false => Err(()),
-    }
-}
-
 pub fn secp256k1_schnorr_bip86_pubkey(keypath: &[u32]) -> Result<[u8; 32], ()> {
     let mut pubkey = [0u8; 32];
     match unsafe {
@@ -360,7 +346,6 @@ pub fn secp256k1_schnorr_bip86_pubkey(keypath: &[u32]) -> Result<[u8; 32], ()> {
 mod tests {
     use super::*;
     use crate::testing::{mock_unlocked, TEST_MNEMONIC};
-    use util::bip32::HARDENED;
 
     #[test]
     fn test_bip39_mnemonic_to_seed() {
@@ -429,13 +414,4 @@ mod tests {
             b"\xf8\xcb\x28\x85\x37\x60\x2b\x90\xd1\x29\x75\x4b\xdd\x0e\x4b\xed\xf9\xe2\x92\x3a\x04\xb6\x86\x7e\xdb\xeb\xc7\x93\xa7\x17\x6f\x5d\xca\xc5\xc9\x5d\x5f\xd2\x3a\x8e\x01\x6c\x95\x57\x69\x0e\xad\x1f\x00\x2b\x0f\x35\xd7\x06\xff\x8e\x59\x84\x1c\x09\xe0\xb6\xbb\x23\xf0\xa5\x91\x06\x42\xd0\x77\x98\x17\x40\x2e\x5e\x7a\x75\x54\x95\xe7\x44\xf5\x5c\xf1\x1e\x49\xee\xfd\x22\xa4\x60\xe9\xb2\xf7\x53",
         );
     }
-
-    #[test]
-    fn test_secp256k1_pubkey_hash160() {
-        mock_unlocked();
-        assert_eq!(
-            secp256k1_pubkey_hash160(&[84 + HARDENED, HARDENED, HARDENED, 0, 0]).unwrap(),
-            *b"\xb5\x12\x5c\xec\xa0\xc1\xc8\x90\xda\x07\x9a\x12\x88\xdc\xf7\x7a\xa6\xac\xc4\x99"
-        );
-    }
 }
diff --git a/src/rust/bitbox02/src/lib.rs b/src/rust/bitbox02/src/lib.rs
@@ -162,6 +162,19 @@ pub fn reboot() -> ! {
     loop {}
 }
 
+pub fn hash160(data: &[u8]) -> [u8; 20] {
+    let mut out = [0u8; 20];
+    unsafe {
+        bitbox02_sys::wally_hash160(
+            data.as_ptr(),
+            data.len() as _,
+            out.as_mut_ptr(),
+            out.len() as _,
+        );
+    }
+    out
+}
+
 #[cfg(feature = "testing")]
 pub fn reboot() -> ! {
     panic!("reboot called")
diff --git a/test/unit-test/test_keystore_functional.c b/test/unit-test/test_keystore_functional.c
