keystore: expose copy_bip39_seed to Rust

Will be needed to implement bip32 functionality, whose derivations
begins with the bip39 seed.

Author: benma

src/keystore.c

@@ -45,7 +45,7 @@ static bool _is_unlocked_bip39 = false;
 // Stores a random keyy after bip39-unlock which, after stretching, is used to encrypt the retained
 // bip39 seed.
 static uint8_t _unstretched_retained_bip39_seed_encryption_key[32] = {0};
-// Must be defined if _is_unlocked is true. ONLY ACCESS THIS WITH _copy_bip39_seed().
+// Must be defined if _is_unlocked is true. ONLY ACCESS THIS WITH keystore_copy_bip39_seed().
 // Stores the encrypted BIP-39 seed after bip39-unlock.
 static uint8_t _retained_bip39_seed_encrypted[64 + 64] = {0};
 static size_t _retained_bip39_seed_encrypted_len = 0;
@@ -115,14 +115,7 @@ bool keystore_copy_seed(uint8_t* seed_out, size_t* length_out)
     return true;
 }
 
-/**
- * Copies the retained bip39 seed into the given buffer. The caller must
- * zero the seed with util_zero once it is no longer needed.
- * @param[out] bip39_seed_out The seed bytes copied from the retained bip39 seed.
- * The buffer must be 64 bytes long.
- * @return true if the bip39 seed is available.
- */
-static bool _copy_bip39_seed(uint8_t* bip39_seed_out)
+bool keystore_copy_bip39_seed(uint8_t* bip39_seed_out)
 {
     if (!_is_unlocked_bip39) {
         return false;
@@ -537,7 +530,7 @@ static bool _get_xprv(const uint32_t* keypath, const size_t keypath_len, struct
 
     uint8_t bip39_seed[64] = {0};
     UTIL_CLEANUP_64(bip39_seed);
-    if (!_copy_bip39_seed(bip39_seed)) {
+    if (!keystore_copy_bip39_seed(bip39_seed)) {
         return false;
     }
     struct ext_key xprv_master __attribute__((__cleanup__(keystore_zero_xkey))) = {0};
@@ -698,7 +691,7 @@ bool keystore_get_u2f_seed(uint8_t* seed_out)
     }
     uint8_t bip39_seed[64] = {0};
     UTIL_CLEANUP_64(bip39_seed);
-    if (!_copy_bip39_seed(bip39_seed)) {
+    if (!keystore_copy_bip39_seed(bip39_seed)) {
         return false;
     }
     const uint8_t message[] = "u2f";
@@ -713,7 +706,7 @@ bool keystore_get_ed25519_seed(uint8_t* seed_out)
 {
     uint8_t bip39_seed[64] = {0};
     UTIL_CLEANUP_64(bip39_seed);
-    if (!_copy_bip39_seed(bip39_seed)) {
+    if (!keystore_copy_bip39_seed(bip39_seed)) {
         return false;
     }
 

src/keystore.h

@@ -56,6 +56,15 @@ typedef enum {
  */
 USE_RESULT bool keystore_copy_seed(uint8_t* seed_out, size_t* length_out);
 
+/**
+ * Copies the retained bip39 seed into the given buffer. The caller must
+ * zero the seed once it is no longer needed.
+ * @param[out] bip39_seed_out The seed bytes copied from the retained bip39 seed.
+ * The buffer must be 64 bytes long.
+ * @return true if the bip39 seed is available.
+ */
+USE_RESULT bool keystore_copy_bip39_seed(uint8_t* bip32_seed_out);
+
 /**
  * Restores a seed.
  * @param[in] seed The seed that is to be restored.

src/rust/bitbox02-sys/build.rs

@@ -69,6 +69,7 @@ const ALLOWLIST_FNS: &[&str] = &[
     "empty_create",
     "keystore_bip39_mnemonic_to_seed",
     "keystore_copy_seed",
+    "keystore_copy_bip39_seed",
     "keystore_create_and_store_seed",
     "keystore_encode_xpub_at_keypath",
     "keystore_encrypt_and_store_seed",

src/rust/bitbox02/src/keystore.rs

@@ -122,6 +122,14 @@ pub fn copy_seed() -> Result<zeroize::Zeroizing<Vec<u8>>, ()> {
     }
 }
 
+pub fn copy_bip39_seed() -> Result<zeroize::Zeroizing<Vec<u8>>, ()> {
+    let mut bip39_seed = zeroize::Zeroizing::new(vec![0u8; 64]);
+    match unsafe { bitbox02_sys::keystore_copy_bip39_seed(bip39_seed.as_mut_ptr()) } {
+        true => Ok(bip39_seed),
+        false => Err(()),
+    }
+}
+
 pub fn bip39_mnemonic_from_seed(seed: &[u8]) -> Result<zeroize::Zeroizing<String>, ()> {
     let mut mnemonic = zeroize::Zeroizing::new([0u8; 256]);
     match unsafe {
@@ -703,6 +711,13 @@ mod tests {
         assert!(unlock("password").is_ok());
         assert!(unlock_bip39("foo").is_ok());
 
+        let expected_bip39_seed = hex::decode("2b3c63de86f0f2b13cc6a36c1ba2314fbc1b40c77ab9cb64e96ba4d5c62fc204748ca6626a9f035e7d431bce8c9210ec0bdffc2e7db873dee56c8ac2153eee9a").unwrap();
+
+        assert_eq!(
+            copy_bip39_seed().unwrap().as_slice(),
+            expected_bip39_seed.as_slice()
+        );
+
         // Check that the retained bip39 seed was encrypted with the expected encryption key.
         let decrypted = {
             let retained_bip39_seed_encrypted: &[u8] = unsafe {
@@ -719,7 +734,6 @@ mod tests {
             )
             .unwrap()
         };
-        let expected_bip39_seed = hex::decode("2b3c63de86f0f2b13cc6a36c1ba2314fbc1b40c77ab9cb64e96ba4d5c62fc204748ca6626a9f035e7d431bce8c9210ec0bdffc2e7db873dee56c8ac2153eee9a").unwrap();
         assert_eq!(decrypted.as_slice(), expected_bip39_seed.as_slice());
     }