keystore: port keystore_bip85_bip39 to Rust

Author: benma

src/keystore.c

@@ -726,58 +726,6 @@ bool keystore_get_ed25519_seed(uint8_t* seed_out)
     return true;
 }
 
-static bool _bip85_entropy(const uint32_t* keypath, size_t keypath_len, uint8_t* out)
-{
-    struct ext_key xprv __attribute__((__cleanup__(keystore_zero_xkey))) = {0};
-    if (!_get_xprv_twice(keypath, keypath_len, &xprv)) {
-        return false;
-    }
-    const uint8_t* priv_key = xprv.priv_key + 1; // first byte is 0
-    const uint8_t key[] = "bip-entropy-from-k";
-    return wally_hmac_sha512(key, sizeof(key), priv_key, 32, out, 64) == WALLY_OK;
-}
-
-bool keystore_bip85_bip39(
-    uint32_t words,
-    uint32_t index,
-    char* mnemonic_out,
-    size_t mnemonic_out_size)
-{
-    size_t seed_size;
-    switch (words) {
-    case 12:
-        seed_size = 16;
-        break;
-    case 18:
-        seed_size = 24;
-        break;
-    case 24:
-        seed_size = 32;
-        break;
-    default:
-        return false;
-    }
-
-    if (index >= BIP32_INITIAL_HARDENED_CHILD) {
-        return false;
-    }
-
-    const uint32_t keypath[] = {
-        83696968 + BIP32_INITIAL_HARDENED_CHILD,
-        39 + BIP32_INITIAL_HARDENED_CHILD,
-        0 + BIP32_INITIAL_HARDENED_CHILD,
-        words + BIP32_INITIAL_HARDENED_CHILD,
-        index + BIP32_INITIAL_HARDENED_CHILD,
-    };
-
-    uint8_t entropy[64] = {0};
-    UTIL_CLEANUP_64(entropy);
-    if (!_bip85_entropy(keypath, sizeof(keypath) / sizeof(uint32_t), entropy)) {
-        return false;
-    }
-    return keystore_bip39_mnemonic_from_seed(entropy, seed_size, mnemonic_out, mnemonic_out_size);
-}
-
 USE_RESULT bool keystore_encode_xpub_at_keypath(
     const uint32_t* keypath,
     size_t keypath_len,

src/keystore.h

@@ -231,21 +231,6 @@ USE_RESULT bool keystore_get_u2f_seed(uint8_t* seed_out);
  */
 USE_RESULT bool keystore_get_ed25519_seed(uint8_t* seed_out);
 
-/**
- * Computes a BIP39 mnemonic according to BIP-85:
- * https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki#bip39
- * @param[in] words must be 12, 18 or 24.
- * @param[in] index must be smaller than `BIP32_INITIAL_HARDENED_CHILD`.
- * @param[out] mnemonic_out resulting mnemonic
- * @param[in] mnemonic_out_size size of mnemonic_out. Should be at least 216 bytes (longest possible
- *            24 word phrase plus null terminator).
- */
-USE_RESULT bool keystore_bip85_bip39(
-    uint32_t words,
-    uint32_t index,
-    char* mnemonic_out,
-    size_t mnemonic_out_size);
-
 /**
  * Encode an xpub at the given `keypath` as 78 bytes according to BIP32. The version bytes are
  * the ones corresponding to `xpub`, i.e. 0x0488B21E.

src/rust/bitbox02-rust/src/hww/api/bip85.rs

@@ -20,7 +20,7 @@ use pb::response::Response;
 use crate::hal::Ui;
 use crate::workflow::confirm;
 
-use bitbox02::keystore;
+use crate::keystore;
 
 use alloc::vec::Vec;
 
@@ -160,7 +160,7 @@ async fn process_ln(
         })
         .await?;
 
-    Ok(crate::keystore::bip85_ln(account_number)
+    Ok(keystore::bip85_ln(account_number)
         .map_err(|_| Error::Generic)?
         .to_vec())
 }

src/rust/bitbox02-rust/src/keystore.rs

@@ -54,6 +54,34 @@ fn bip85_entropy(keypath: &[u32]) -> Result<zeroize::Zeroizing<Vec<u8>>, ()> {
     Ok(out)
 }
 
+/// Computes a BIP39 mnemonic according to BIP-85:
+/// https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki#bip39
+/// `words` must be 12, 18 or 24.
+/// `index` must be smaller than `bip32::HARDENED`.
+pub fn bip85_bip39(words: u32, index: u32) -> Result<zeroize::Zeroizing<String>, ()> {
+    if index >= HARDENED {
+        return Err(());
+    }
+
+    let seed_size: usize = match words {
+        12 => 16,
+        18 => 24,
+        24 => 32,
+        _ => return Err(()),
+    };
+
+    let keypath = [
+        83696968 + HARDENED,
+        39 + HARDENED,
+        0 + HARDENED,
+        words + HARDENED,
+        index + HARDENED,
+    ];
+
+    let entropy = bip85_entropy(&keypath)?;
+    keystore::bip39_mnemonic_from_seed(&entropy[..seed_size])
+}
+
 /// Computes a 16 byte deterministic seed specifically for Lightning hot wallets according to BIP-85.
 /// It is the same as BIP-85 with app number 39', but instead using app number 19534' (= 0x4c4e =
 /// 'LN'). https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki#bip39
@@ -152,6 +180,52 @@ mod tests {
         assert_eq!(root_fingerprint(), Ok(vec![0xf4, 0x0b, 0x46, 0x9a]));
     }
 
+    #[test]
+    fn test_bip85_bip39() {
+        keystore::lock();
+        assert!(bip85_bip39(12, 0).is_err());
+
+        // Test fixtures generated using:
+        // `docker build -t bip85 .`
+        // `podman run --rm bip85 --index 0 --bip39-mnemonic "virtual weapon code laptop defy cricket vicious target wave leopard garden give" bip39 --num-words 12`
+        // `podman run --rm bip85 --index 1 --bip39-mnemonic "virtual weapon code laptop defy cricket vicious target wave leopard garden give" bip39 --num-words 12`
+        // `podman run --rm bip85 --index 2147483647 --bip39-mnemonic "virtual weapon code laptop defy cricket vicious target wave leopard garden give" bip39 --num-words 12`
+        // `podman run --rm bip85 --index 0 --bip39-mnemonic "virtual weapon code laptop defy cricket vicious target wave leopard garden give" bip39 --num-words 18`
+        // `podman run --rm bip85 --index 0 --bip39-mnemonic "virtual weapon code laptop defy cricket vicious target wave leopard garden give" bip39 --num-words 24`
+        // in  https://github.com/ethankosakovsky/bip85/tree/435a0589746c1036735d0a5081167e08abfa7413.
+
+        mock_unlocked_using_mnemonic(
+            "virtual weapon code laptop defy cricket vicious target wave leopard garden give",
+            "",
+        );
+
+        assert_eq!(
+            bip85_bip39(12, 0).unwrap().as_ref() as &str,
+            "slender whip place siren tissue chaos ankle door only assume tent shallow",
+        );
+        assert_eq!(
+            bip85_bip39(12, 1).unwrap().as_ref() as &str,
+            "income soft level reunion height pony crane use unfold win keen satisfy",
+        );
+        assert_eq!(
+            bip85_bip39(12, HARDENED - 1).unwrap().as_ref() as &str,
+            "carry build nerve market domain energy mistake script puzzle replace mixture idea",
+        );
+        assert_eq!(
+            bip85_bip39(18, 0).unwrap().as_ref() as &str,
+            "enact peasant tragic habit expand jar senior melody coin acid logic upper soccer later earn napkin planet stereo",
+        );
+        assert_eq!(
+            bip85_bip39(24, 0).unwrap().as_ref() as &str,
+            "cabbage wink october add anchor mean tray surprise gasp tomorrow garbage habit beyond merge where arrive beef gentle animal office drop panel chest size",
+        );
+
+        // Invalid number of words.
+        assert!(bip85_bip39(10, 0).is_err());
+        // Index too high.
+        assert!(bip85_bip39(12, HARDENED).is_err());
+    }
+
     #[test]
     fn test_bip85_ln() {
         keystore::lock();

src/rust/bitbox02-sys/build.rs

@@ -67,7 +67,6 @@ const ALLOWLIST_FNS: &[&str] = &[
     "delay_us",
     "empty_create",
     "keystore_bip39_mnemonic_to_seed",
-    "keystore_bip85_bip39",
     "keystore_copy_seed",
     "keystore_create_and_store_seed",
     "keystore_encode_xpub_at_keypath",

src/rust/bitbox02/src/keystore.rs

@@ -319,20 +319,6 @@ pub fn get_ed25519_seed() -> Result<zeroize::Zeroizing<Vec<u8>>, ()> {
     }
 }
 
-pub fn bip85_bip39(words: u32, index: u32) -> Result<zeroize::Zeroizing<String>, ()> {
-    let mut mnemonic = zeroize::Zeroizing::new([0u8; 256]);
-    match unsafe {
-        bitbox02_sys::keystore_bip85_bip39(words, index, mnemonic.as_mut_ptr(), mnemonic.len() as _)
-    } {
-        false => Err(()),
-        true => Ok(zeroize::Zeroizing::new(
-            crate::util::str_from_null_terminated(&mnemonic[..])
-                .unwrap()
-                .into(),
-        )),
-    }
-}
-
 pub fn secp256k1_schnorr_sign(
     keypath: &[u32],
     msg: &[u8; 32],
@@ -450,52 +436,6 @@ mod tests {
         );
     }
 
-    #[test]
-    fn test_bip85_bip39() {
-        lock();
-        assert!(bip85_bip39(12, 0).is_err());
-
-        // Test fixtures generated using:
-        // `docker build -t bip85 .`
-        // `podman run --rm bip85 --index 0 --bip39-mnemonic "virtual weapon code laptop defy cricket vicious target wave leopard garden give" bip39 --num-words 12`
-        // `podman run --rm bip85 --index 1 --bip39-mnemonic "virtual weapon code laptop defy cricket vicious target wave leopard garden give" bip39 --num-words 12`
-        // `podman run --rm bip85 --index 2147483647 --bip39-mnemonic "virtual weapon code laptop defy cricket vicious target wave leopard garden give" bip39 --num-words 12`
-        // `podman run --rm bip85 --index 0 --bip39-mnemonic "virtual weapon code laptop defy cricket vicious target wave leopard garden give" bip39 --num-words 18`
-        // `podman run --rm bip85 --index 0 --bip39-mnemonic "virtual weapon code laptop defy cricket vicious target wave leopard garden give" bip39 --num-words 24`
-        // in  https://github.com/ethankosakovsky/bip85/tree/435a0589746c1036735d0a5081167e08abfa7413.
-
-        mock_unlocked_using_mnemonic(
-            "virtual weapon code laptop defy cricket vicious target wave leopard garden give",
-            "",
-        );
-
-        assert_eq!(
-            bip85_bip39(12, 0).unwrap().as_ref() as &str,
-            "slender whip place siren tissue chaos ankle door only assume tent shallow",
-        );
-        assert_eq!(
-            bip85_bip39(12, 1).unwrap().as_ref() as &str,
-            "income soft level reunion height pony crane use unfold win keen satisfy",
-        );
-        assert_eq!(
-            bip85_bip39(12, HARDENED - 1).unwrap().as_ref() as &str,
-            "carry build nerve market domain energy mistake script puzzle replace mixture idea",
-        );
-        assert_eq!(
-            bip85_bip39(18, 0).unwrap().as_ref() as &str,
-            "enact peasant tragic habit expand jar senior melody coin acid logic upper soccer later earn napkin planet stereo",
-        );
-        assert_eq!(
-            bip85_bip39(24, 0).unwrap().as_ref() as &str,
-            "cabbage wink october add anchor mean tray surprise gasp tomorrow garbage habit beyond merge where arrive beef gentle animal office drop panel chest size",
-        );
-
-        // Invalid number of words.
-        assert!(bip85_bip39(10, 0).is_err());
-        // Index too high.
-        assert!(bip85_bip39(12, HARDENED).is_err());
-    }
-
     #[test]
     fn test_secp256k1_get_private_key() {
         lock();