keystore: add keystore_bip39_mnemonic_from_seed()

Helper funtion that takes the seed as an input arg, de-duping some
code. This version is also easier to export to Rust than the wally's
bip39_mnemonic_from_bytes, which mallocs.

Author: benma

src/keystore.c

@@ -488,29 +488,36 @@ bool keystore_is_locked(void)
     return !unlocked;
 }
 
-bool keystore_get_bip39_mnemonic(char* mnemonic_out, size_t mnemonic_out_size)
+bool keystore_bip39_mnemonic_from_seed(
+    const uint8_t* seed,
+    size_t seed_size,
+    char* mnemonic_out,
+    size_t mnemonic_out_size)
 {
-    if (keystore_is_locked()) {
-        return false;
-    }
     char* mnemonic = NULL;
-    { // block so that `seed` is zeroed as soon as possible
-        uint8_t seed[KEYSTORE_MAX_SEED_LENGTH] = {0};
-        UTIL_CLEANUP_32(seed);
-        size_t seed_length = 0;
-        if (!keystore_copy_seed(seed, &seed_length)) {
-            return false;
-        }
-        if (bip39_mnemonic_from_bytes(NULL, seed, seed_length, &mnemonic) != WALLY_OK) {
-            return false;
-        }
+    if (bip39_mnemonic_from_bytes(NULL, seed, seed_size, &mnemonic) != WALLY_OK) {
+        return false;
     }
     int snprintf_result = snprintf(mnemonic_out, mnemonic_out_size, "%s", mnemonic);
     util_cleanup_str(&mnemonic);
     free(mnemonic);
     return snprintf_result >= 0 && snprintf_result < (int)mnemonic_out_size;
 }
 
+bool keystore_get_bip39_mnemonic(char* mnemonic_out, size_t mnemonic_out_size)
+{
+    if (keystore_is_locked()) {
+        return false;
+    }
+    uint8_t seed[KEYSTORE_MAX_SEED_LENGTH] = {0};
+    UTIL_CLEANUP_32(seed);
+    size_t seed_length = 0;
+    if (!keystore_copy_seed(seed, &seed_length)) {
+        return false;
+    }
+    return keystore_bip39_mnemonic_from_seed(seed, seed_length, mnemonic_out, mnemonic_out_size);
+}
+
 bool keystore_bip39_mnemonic_to_seed(const char* mnemonic, uint8_t* seed_out, size_t* seed_len_out)
 {
     return bip39_mnemonic_to_bytes(NULL, mnemonic, seed_out, 32, seed_len_out) == WALLY_OK;
@@ -782,15 +789,7 @@ bool keystore_bip85_bip39(
     if (!_bip85_entropy(keypath, sizeof(keypath) / sizeof(uint32_t), entropy)) {
         return false;
     }
-
-    char* mnemonic = NULL;
-    if (bip39_mnemonic_from_bytes(NULL, entropy, seed_size, &mnemonic) != WALLY_OK) {
-        return false;
-    }
-    int snprintf_result = snprintf(mnemonic_out, mnemonic_out_size, "%s", mnemonic);
-    util_cleanup_str(&mnemonic);
-    free(mnemonic);
-    return snprintf_result >= 0 && snprintf_result < (int)mnemonic_out_size;
+    return keystore_bip39_mnemonic_from_seed(entropy, seed_size, mnemonic_out, mnemonic_out_size);
 }
 
 USE_RESULT bool keystore_encode_xpub_at_keypath(

src/keystore.h

@@ -115,6 +115,16 @@ void keystore_lock(void);
  */
 USE_RESULT bool keystore_is_locked(void);
 
+/**
+ * Converts a 16/24/32 byte seed into a BIP-39 mnemonic string.
+ * Returns false if the seed size is invalid or the output string buffer is not large enough.
+ */
+USE_RESULT bool keystore_bip39_mnemonic_from_seed(
+    const uint8_t* seed,
+    size_t seed_size,
+    char* mnemonic_out,
+    size_t mnemonic_out_size);
+
 /**
  * @param[out] mnemonic_out resulting mnemonic
  * @param[in] mnemonic_out_size size of mnemonic_out. Should be at least 216 bytes (longest possible

src/rust/bitbox02-sys/build.rs

@@ -84,6 +84,7 @@ const ALLOWLIST_FNS: &[&str] = &[
     "keystore_secp256k1_sign",
     "keystore_unlock",
     "keystore_unlock_bip39",
+    "keystore_bip39_mnemonic_from_seed",
     "label_create",
     "localtime",
     "lock_animation_start",

src/rust/bitbox02/src/keystore.rs

@@ -136,6 +136,25 @@ pub fn get_bip39_mnemonic() -> Result<zeroize::Zeroizing<String>, ()> {
     }
 }
 
+pub fn bip39_mnemonic_from_seed(seed: &[u8]) -> Result<zeroize::Zeroizing<String>, ()> {
+    let mut mnemonic = zeroize::Zeroizing::new([0u8; 256]);
+    match unsafe {
+        bitbox02_sys::keystore_bip39_mnemonic_from_seed(
+            seed.as_ptr(),
+            seed.len() as _,
+            mnemonic.as_mut_ptr(),
+            mnemonic.len() as _,
+        )
+    } {
+        false => Err(()),
+        true => Ok(zeroize::Zeroizing::new(
+            crate::util::str_from_null_terminated(&mnemonic[..])
+                .unwrap()
+                .into(),
+        )),
+    }
+}
+
 /// `idx` must be smaller than BIP39_WORDLIST_LEN.
 pub fn get_bip39_word(idx: u16) -> Result<zeroize::Zeroizing<String>, ()> {
     let mut word_ptr: *mut u8 = core::ptr::null_mut();
@@ -520,4 +539,31 @@ mod tests {
             "4604b4b710fe91f584fff084e1a9159fe4f8408fff380596a604948474ce4fa3"
         );
     }
+
+    #[test]
+    fn test_bip39_mnemonic_from_seed() {
+        // 12 words
+        let seed = b"\xae\x6a\x40\x26\x1f\x0a\xcc\x16\x57\x04\x9c\xb2\x1a\xf5\xfb\xf7";
+        assert_eq!(
+            bip39_mnemonic_from_seed(seed).unwrap().as_str(),
+            "purpose faith another dignity proud arctic foster near rare stumble leave urge",
+        );
+
+        // 18 words
+        let seed = b"\x2a\x3e\x07\xa9\xe7\x5e\xd7\x3a\xa6\xb2\xe1\xaf\x90\x3d\x50\x17\xde\x80\x4f\xdf\x2b\x45\xc2\x4b";
+        assert_eq!(
+            bip39_mnemonic_from_seed(seed).unwrap().as_str(),
+            "clay usual tuna solid uniform outer onion found question limit favorite cook trend child lake hamster seat foot",
+        );
+
+        // 24 words
+        let seed = b"\x24\x1d\x5b\x78\x35\x90\xc2\x1f\x79\x69\x8e\x7c\xe8\x92\xdd\x03\xfb\x2c\x8f\xad\xc2\x44\x0e\xc2\x3a\xa5\xde\x9e\x2d\x23\x81\xb0";
+        assert_eq!(
+            bip39_mnemonic_from_seed(seed).unwrap().as_str(),
+            "catch turn task hen around autumn toss crack language duty resemble among ready elephant require embrace attract balcony practice rule tissue mushroom almost athlete",
+        );
+
+        // Invalid seed side
+        assert!(bip39_mnemonic_from_seed(b"foo").is_err());
+    }
 }