bip85: compute and return a deterministic bip85 rsa pubkey

Author: Jamie C. Driver

docs/index.rst

@@ -1074,6 +1074,49 @@ get_receive_address reply
         "result": "3A9HgJqKS5FZtGykWKuVBKyosFppojPPj5"
     }
 
+.. _get_bip85_pubkey_request:
+
+get_bip85_pubkey request
+------------------------
+
+Request to fetch a bip85-based deterministic key for a given type, key size and index.
+
+NOTE: currently this call only supports 'RSA', with sizes 1024, 2048, 3072 and 4096.
+
+NOTE: Uses current wallet seed and bip85 specification to produce deterministic entropy to initialise shake256 PRNG, used to create a deterministic key.
+However, since there is no well-specified deterministic recipe for creating keys, this implementation output may differ from other deterministic key-generation algorithms.
+
+.. code-block:: cbor
+
+    {
+        "id": "8",
+        "method": "get_bip85_pubkey",
+        "params": {
+            "key_type": "RSA",
+            "key_bits": 2048,
+            "index": 1
+        }
+    }
+
+* 'key_type' must be 'RSA'
+* 'key_bits' must be one of 1024, 2048, 3072 or 4096.
+
+
+.. _get_bip85_pubkey_reply:
+
+get_bip85_pubkey reply
+----------------------
+
+.. code-block:: cbor
+
+    {
+        "id": "8",
+        "result": <pem string>
+    }
+
+* 'result' is a public key pem string
+
+
 .. _get_identity_pubkey_request:
 
 get_identity_pubkey request

jadepy/jade.py

@@ -1249,6 +1249,33 @@ def sign_message_file(self, message_file):
         params = {'message_file': message_file}
         return self._jadeRpc('sign_message', params)
 
+    def get_bip85_pubkey(self, key_type, key_bits, index):
+        """
+        RPC call to fetch a bip85-derived pubkey.
+
+        Parameters
+        ----------
+        key_type : string
+            The type of key to be derived.
+            At this time only 'RSA' is supported.
+
+        key_bits : int
+            The number of bits in the desired key.  Must be valid for the key type.
+            At this time must be 1024, 2048, 3096 or 4092
+
+        index : int
+            The index to use in the bip32 path to calculate the entropy to generate the key.
+
+        Returns
+        -------
+        string
+            PEM file of the public key derived.
+        """
+        params = {'key_type': key_type,
+                  'key_bits': key_bits,
+                  'index': index}
+        return self._jadeRpc('get_bip85_pubkey', params)
+
     def get_identity_pubkey(self, identity, curve, key_type, index=0):
         """
         RPC call to fetch a pubkey for the given identity (slip13/slip17).

main/process/dashboard.c

@@ -148,6 +148,7 @@ void get_shared_nonce_process(void* process_ptr);
 void get_commitments_process(void* process_ptr);
 void get_blinding_factor_process(void* process_ptr);
 void sign_liquid_tx_process(void* process_ptr);
+void get_bip85_pubkey_process(void* process_ptr);
 #ifdef CONFIG_DEBUG_MODE
 void get_bip85_bip39_entropy_process(void* process_ptr);
 void get_bip85_rsa_entropy_process(void* process_ptr);
@@ -595,6 +596,8 @@ static void dispatch_message(jade_process_t* process)
             task_function = get_blinding_key_process;
         } else if (IS_METHOD("get_shared_nonce")) {
             task_function = get_shared_nonce_process;
+        } else if (IS_METHOD("get_bip85_pubkey")) {
+            task_function = get_bip85_pubkey_process;
         } else if (IS_METHOD("ota_data") || IS_METHOD("ota_complete") || IS_METHOD("tx_input")
             || IS_METHOD("get_extended_data") || IS_METHOD("get_signature") || IS_METHOD("pin")) {
             // Method we only expect as part of a multi-message protocol

main/process/get_bip85_entropy.c

@@ -4,9 +4,9 @@
 #include "../jade_wally_verify.h"
 #include "../process.h"
 #include "../random.h"
+#include "../rsa.h"
 #include "../sensitive.h"
 #include "../ui.h"
-#include "../utils/cbor_rpc.h"
 #include "../wallet.h"
 
 #include "process_utils.h"
@@ -16,8 +16,6 @@ static const unsigned char HMAC_BIP39_MESSAGE[]
 static const unsigned char HMAC_RSA_MESSAGE[]
     = { 'b', 'i', 'p', '8', '5', '_', 'r', 's', 'a', '_', 'e', 'n', 't', 'r', 'o', 'p', 'y' };
 
-#define RSA_KEY_SIZE_VALID(bits) (bits == 1024 || bits == 2048 || bits == 3072 || bits == 4096 || bits == 8192)
-
 typedef struct {
     uint8_t encrypted[AES_ENCRYPTED_LEN(HMAC_SHA512_LEN) + HMAC_SHA256_LEN];
     uint8_t pubkey[EC_PUBLIC_KEY_LEN];

main/process/get_bip85_pubkey.c

@@ -0,0 +1,43 @@
+
+#include "../jade_assert.h"
+#include "../process.h"
+#include "../rsa.h"
+#include "../ui.h"
+#include "../utils/cbor_rpc.h"
+
+#include "process_utils.h"
+
+void get_bip85_pubkey_process(void* process_ptr)
+{
+    JADE_LOGI("Starting: %d", xPortGetFreeHeapSize());
+    jade_process_t* process = process_ptr;
+
+    // We expect a current message to be present
+    ASSERT_CURRENT_MESSAGE(process, "get_bip85_pubkey");
+    ASSERT_KEYCHAIN_UNLOCKED_BY_MESSAGE_SOURCE(process);
+    GET_MSG_PARAMS(process);
+
+    const char* errmsg = NULL;
+    size_t key_bits = 0;
+    size_t index = 0;
+
+    if (!params_get_bip85_rsa_key(&params, &key_bits, &index, &errmsg)) {
+        jade_process_reject_message(process, CBOR_RPC_BAD_PARAMETERS, errmsg, NULL);
+        goto cleanup;
+    }
+
+    display_processing_message_activity();
+
+    char pubkey_pem[1024];
+    if (!rsa_get_bip85_pubkey_pem(key_bits, index, pubkey_pem, sizeof(pubkey_pem))) {
+        jade_process_reject_message(process, CBOR_RPC_INTERNAL_ERROR, "Failed to generate RSA key", NULL);
+        goto cleanup;
+    }
+
+    // Reply with the pubkey pem
+    jade_process_reply_to_message_result(process->ctx, pubkey_pem, cbor_result_string_cb);
+    JADE_LOGI("Success");
+
+cleanup:
+    return;
+}

main/process/process_utils.c

@@ -4,6 +4,7 @@
 #include "../jade_wally_verify.h"
 #include "../keychain.h"
 #include "../multisig.h"
+#include "../rsa.h"
 #include "../ui.h"
 #include "../utils/cbor_rpc.h"
 
@@ -13,6 +14,8 @@
 
 #include "process_utils.h"
 
+static const char KEY_TYPE_RSA[] = { 'R', 'S', 'A' };
+
 // Sanity check extended-data payload fields
 bool check_extended_data_fields(CborValue* params, const char* expected_origid, const char* expected_orig,
     const size_t expected_seqnum, const size_t expected_seqlen)
@@ -345,6 +348,38 @@ bool params_tx_input_signing_data(const bool use_ae_signatures, CborValue* param
     return true;
 }
 
+// Bip85 RSA key parameters (key size and index)
+bool params_get_bip85_rsa_key(CborValue* params, size_t* key_bits, size_t* index, const char** errmsg)
+{
+    JADE_ASSERT(params);
+    JADE_ASSERT(key_bits);
+    JADE_ASSERT(index);
+    JADE_INIT_OUT_PPTR(errmsg);
+
+    // Only handle 'RSA' atm
+    char key_type[8];
+    size_t written = 0;
+    rpc_get_string("key_type", sizeof(key_type), params, key_type, &written);
+    if (written != sizeof(KEY_TYPE_RSA) || memcmp(key_type, KEY_TYPE_RSA, sizeof(KEY_TYPE_RSA))) {
+        *errmsg = "Cannot extract valid key_type from parameters";
+        return false;
+    }
+
+    // Get number of key_bits and final index
+    if (!rpc_get_sizet("key_bits", params, key_bits) || *key_bits > MAX_RSA_GEN_KEY_LEN
+        || !RSA_KEY_SIZE_VALID(*key_bits)) {
+        *errmsg = "Failed to fetch valid key length from message";
+        return false;
+    }
+
+    if (!rpc_get_sizet("index", params, index)) {
+        *errmsg = "Failed to fetch valid index from message";
+        return false;
+    }
+
+    return true;
+}
+
 // For now just return 'single-sig' or 'other'.
 // In future may extend to inlcude eg. 'green', 'other-multisig', etc.
 script_flavour_t get_script_flavour(const uint8_t* script, const size_t script_len)

main/process/process_utils.h

@@ -125,6 +125,8 @@ bool params_tx_input_signing_data(const bool use_ae_signatures, CborValue* param
     signing_data_t* sig_data, const uint8_t** ae_host_commitment, size_t* ae_host_commitment_len,
     const uint8_t** script, size_t* script_len, script_flavour_t* aggregate_script_flavour, const char** errmsg);
 
+bool params_get_bip85_rsa_key(CborValue* params, size_t* key_bits, size_t* index, const char** errmsg);
+
 // Track the types of the input prevout scripts
 script_flavour_t get_script_flavour(const uint8_t* script, const size_t script_len);
 void update_aggregate_scripts_flavour(script_flavour_t new_script_flavour, script_flavour_t* aggregate_scripts_flavour);

main/rsa.c

@@ -0,0 +1,89 @@
+
+#include "rsa.h"
+#include "jade_assert.h"
+#include "keychain.h"
+#include "sensitive.h"
+#include "utils/shake256.h"
+#include "wallet.h"
+
+#include <mbedtls/pk.h>
+#include <mbedtls/rsa.h>
+
+// Function to get bip85-generated rsa context
+// See: https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki
+static bool get_bip85_rsa_ctx(const size_t key_bits, const size_t index, mbedtls_rsa_context* output)
+{
+    JADE_ASSERT(key_bits <= MAX_RSA_GEN_KEY_LEN);
+    JADE_ASSERT(RSA_KEY_SIZE_VALID(key_bits));
+    // index can be 0
+    JADE_ASSERT(output);
+
+    JADE_ASSERT(keychain_get());
+    JADE_LOGI("Deriving BIP85 RSA context for index %u, key length: %u", index, key_bits);
+
+    uint8_t entropy[HMAC_SHA512_LEN];
+    size_t entropy_len = 0;
+    wallet_get_bip85_rsa_entropy(key_bits, index, entropy, sizeof(entropy), &entropy_len);
+    JADE_ASSERT(entropy_len == 64);
+
+    struct shake256_ctx sctx = {};
+    shake256_init(&sctx, entropy, entropy_len);
+    if (mbedtls_rsa_gen_key(output, shake256_mbedtls_rnd_cb, &sctx, key_bits, 65537) != 0) {
+        JADE_LOGE("Failed to create/setup key from rsa context");
+        return false;
+    }
+
+    return true;
+}
+
+// Function to get bip85-generated rsa key pem
+bool rsa_get_bip85_pubkey_pem(const size_t key_bits, const size_t index, char* output, const size_t output_len)
+{
+    JADE_ASSERT(key_bits <= MAX_RSA_GEN_KEY_LEN);
+    JADE_ASSERT(RSA_KEY_SIZE_VALID(key_bits));
+    // index can be 0
+    JADE_ASSERT(output);
+    JADE_ASSERT(output_len);
+
+    JADE_ASSERT(keychain_get());
+    bool retval = false;
+
+    mbedtls_rsa_context rsa = {};
+    mbedtls_rsa_init(&rsa);
+    SENSITIVE_PUSH(&rsa, sizeof(rsa));
+
+    mbedtls_pk_context pk;
+    mbedtls_pk_init(&pk);
+    SENSITIVE_PUSH(&pk, sizeof(pk));
+
+    if (mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) != 0) {
+        JADE_LOGE("Failed to create/setup key from rsa context");
+        goto cleanup;
+    }
+
+    if (!get_bip85_rsa_ctx(key_bits, index, &rsa)) {
+        JADE_LOGE("Failed to generate bip85 rsa ctx");
+        goto cleanup;
+    }
+
+    if (mbedtls_rsa_copy(mbedtls_pk_rsa(pk), &rsa) != 0) {
+        JADE_LOGE("Failed to copy key from rsa context");
+        goto cleanup;
+    }
+
+    if (mbedtls_pk_write_pubkey_pem(&pk, (uint8_t*)output, output_len) != 0) {
+        JADE_LOGE("Failed to write pubkey to buffer of length %u", output_len);
+        goto cleanup;
+    }
+
+    retval = true;
+
+cleanup:
+    mbedtls_pk_free(&pk);
+    SENSITIVE_POP(&pk);
+
+    mbedtls_rsa_free(&rsa);
+    SENSITIVE_POP(&rsa);
+
+    return retval;
+}

main/rsa.h

@@ -0,0 +1,13 @@
+#ifndef JADE_RSA_H_
+#define JADE_RSA_H_
+
+#include <stdbool.h>
+#include <stddef.h>
+
+#define RSA_KEY_SIZE_VALID(bits) (bits == 1024 || bits == 2048 || bits == 3072 || bits == 4096 || bits == 8192)
+#define MAX_RSA_GEN_KEY_LEN 4096
+
+// Function to get bip85-generated rsa key pem
+bool rsa_get_bip85_pubkey_pem(size_t key_bits, size_t index, char* output, size_t output_len);
+
+#endif /* JADE_RSA_H_ */