rust/keystore: wrap create_and_store_seed() in bitbox02-rust

Original is renamed so the compiler can error if we missed one.

By moving all keystore calls to bitbox02_rust::keystore, we can more
easily replace the function bodies with native Rust
implementations (without wrapping C).

Author: benma

src/rust/bitbox02-rust/src/hww/api/set_password.rs

@@ -18,7 +18,7 @@ use crate::pb;
 use crate::hal::Ui;
 use crate::workflow::{password, unlock};
 
-use bitbox02::keystore;
+use crate::keystore;
 use pb::response::Response;
 
 /// Handles the SetPassword api call. This has the user enter a password twice and creates the
@@ -40,7 +40,7 @@ pub async fn process(
         hal.ui().status(&format!("Error\n{:?}", err), false).await;
         return Err(Error::Generic);
     }
-    unlock::unlock_bip39(hal, &crate::keystore::copy_seed()?).await;
+    unlock::unlock_bip39(hal, &keystore::copy_seed()?).await;
     Ok(Response::Success(pb::Success {}))
 }
 
@@ -57,7 +57,7 @@ mod tests {
     #[test]
     fn test_process() {
         mock_memory();
-        crate::keystore::lock();
+        keystore::lock();
         let mut counter = 0u32;
         let mut mock_hal = TestingHal::new();
         mock_hal.ui.set_enter_string(Box::new(|params| {
@@ -83,15 +83,15 @@ mod tests {
         assert_eq!(bitbox02::securechip::fake_event_counter(), 9);
         drop(mock_hal); // to remove mutable borrow of counter
         assert_eq!(counter, 2);
-        assert!(!crate::keystore::is_locked());
-        assert!(crate::keystore::copy_seed().unwrap().len() == 32);
+        assert!(!keystore::is_locked());
+        assert!(keystore::copy_seed().unwrap().len() == 32);
     }
 
     /// Shorter host entropy results in shorter seed.
     #[test]
     fn test_process_16_bytes() {
         mock_memory();
-        crate::keystore::lock();
+        keystore::lock();
         let mut mock_hal = TestingHal::new();
         mock_hal
             .ui
@@ -105,20 +105,20 @@ mod tests {
             )),
             Ok(Response::Success(pb::Success {}))
         );
-        assert!(!crate::keystore::is_locked());
-        assert!(crate::keystore::copy_seed().unwrap().len() == 16);
+        assert!(!keystore::is_locked());
+        assert!(keystore::copy_seed().unwrap().len() == 16);
     }
 
     /// Invalid host entropy size.
     #[test]
     fn test_process_invalid_host_entropy() {
         mock_memory();
-        crate::keystore::lock();
+        keystore::lock();
         let mut mock_hal = TestingHal::new();
         mock_hal
             .ui
             .set_enter_string(Box::new(|_params| Ok("password".into())));
-        assert!(crate::keystore::is_locked());
+        assert!(keystore::is_locked());
         assert_eq!(
             block_on(process(
                 &mut mock_hal,
@@ -128,13 +128,13 @@ mod tests {
             )),
             Err(Error::InvalidInput),
         );
-        assert!(crate::keystore::is_locked());
+        assert!(keystore::is_locked());
     }
 
     #[test]
     fn test_process_2nd_password_doesnt_match() {
         mock_memory();
-        crate::keystore::lock();
+        keystore::lock();
         let mut counter = 0u32;
         let mut mock_hal = TestingHal::new();
         mock_hal.ui.set_enter_string(Box::new(|_params| {
@@ -154,6 +154,6 @@ mod tests {
             )),
             Err(Error::Generic),
         );
-        assert!(crate::keystore::is_locked());
+        assert!(keystore::is_locked());
     }
 }

src/rust/bitbox02-rust/src/keystore.rs

@@ -74,6 +74,14 @@ pub fn encrypt_and_store_seed(seed: &[u8], password: &str) -> Result<(), Error>
     keystore::_encrypt_and_store_seed(seed, password)
 }
 
+/// Generates the seed, mixes it with host_entropy, and stores it encrypted with the
+/// password. The size of the host entropy determines the size of the seed. Can be either 16 or 32
+/// bytes, resulting in 12 or 24 BIP39 recovery words.
+/// This also unlocks the keystore with the new seed.
+pub fn create_and_store_seed(password: &str, host_entropy: &[u8]) -> Result<(), Error> {
+    keystore::_create_and_store_seed(password, host_entropy)
+}
+
 /// Returns the keystore's seed encoded as a BIP-39 mnemonic.
 pub fn get_bip39_mnemonic() -> Result<zeroize::Zeroizing<String>, ()> {
     keystore::bip39_mnemonic_from_seed(&copy_seed()?)
@@ -462,6 +470,67 @@ mod tests {
         );
     }
 
+    #[test]
+    fn test_create_and_store_seed() {
+        let mock_salt_root =
+            hex::decode("3333333333333333444444444444444411111111111111112222222222222222")
+                .unwrap();
+
+        let host_entropy =
+            hex::decode("25569b9a11f9db6560459e8e48b4727a4c935300143d978989ed55db1d1b9cbe25569b9a11f9db6560459e8e48b4727a4c935300143d978989ed55db1d1b9cbe")
+                .unwrap();
+
+        // Invalid seed lengths
+        for size in [8, 24, 40] {
+            assert!(matches!(
+                create_and_store_seed("password", &host_entropy[..size]),
+                Err(Error::SeedSize)
+            ));
+        }
+
+        // Hack to get the random bytes that will be used.
+        let seed_random = {
+            bitbox02::random::fake_reset();
+            bitbox02::random::random_32_bytes()
+        };
+
+        // Derived from mock_salt_root and "password".
+        let password_salted_hashed =
+            hex::decode("e8c70a20d9108fbb9454b1b8e2d7373e78cbaf9de025ab2d4f4d3c7a6711694c")
+                .unwrap();
+
+        // expected_seed = seed_random ^ host_entropy ^ password_salted_hashed
+        let expected_seed: Vec<u8> = seed_random
+            .into_iter()
+            .zip(host_entropy.iter())
+            .zip(password_salted_hashed)
+            .map(|((a, &b), c)| a ^ b ^ c)
+            .collect();
+
+        for size in [16, 32] {
+            mock_memory();
+            bitbox02::random::fake_reset();
+            bitbox02::memory::set_salt_root(mock_salt_root.as_slice().try_into().unwrap()).unwrap();
+            lock();
+
+            assert!(create_and_store_seed("password", &host_entropy[..size]).is_ok());
+            assert_eq!(copy_seed().unwrap().as_slice(), &expected_seed[..size]);
+            // Check the seed has been stored encrypted with the expected encryption key.
+            // Decrypt and check seed.
+            let cipher = bitbox02::memory::get_encrypted_seed_and_hmac().unwrap();
+
+            // Same as Python:
+            // import hmac, hashlib; hmac.digest(b"unit-test", b"password", hashlib.sha256).hex()
+            // See also: mock_securechip.c
+            let expected_encryption_key =
+                hex::decode("e56de448f5f1d29cdcc0e0099007309afe4d5a3ef2349e99dcc41840ad98409e")
+                    .unwrap();
+            let decrypted =
+                bitbox_aes::decrypt_with_hmac(&expected_encryption_key, &cipher).unwrap();
+            assert_eq!(decrypted.as_slice(), &expected_seed[..size]);
+        }
+    }
+
     // This tests that you can create a keystore, unlock it, and then do this again. This is an
     // expected workflow for when the wallet setup process is restarted after seeding and unlocking,
     // but before creating a backup, in which case a new seed is created.

src/rust/bitbox02/src/keystore.rs

@@ -195,7 +195,7 @@ pub fn root_fingerprint() -> Result<Vec<u8>, ()> {
     unsafe { ROOT_FINGERPRINT.read().ok_or(()).map(|fp| fp.to_vec()) }
 }
 
-pub fn create_and_store_seed(password: &str, host_entropy: &[u8]) -> Result<(), Error> {
+pub fn _create_and_store_seed(password: &str, host_entropy: &[u8]) -> Result<(), Error> {
     match unsafe {
         bitbox02_sys::keystore_create_and_store_seed(
             crate::util::str_to_cstr_vec(password)
@@ -316,7 +316,6 @@ mod tests {
     use super::*;
     use bitcoin::secp256k1;
 
-    use crate::testing::mock_memory;
     use util::bb02_async::block_on;
 
     #[test]
@@ -446,65 +445,4 @@ mod tests {
             );
         }
     }
-
-    #[test]
-    fn test_create_and_store_seed() {
-        let mock_salt_root =
-            hex::decode("3333333333333333444444444444444411111111111111112222222222222222")
-                .unwrap();
-
-        let host_entropy =
-            hex::decode("25569b9a11f9db6560459e8e48b4727a4c935300143d978989ed55db1d1b9cbe25569b9a11f9db6560459e8e48b4727a4c935300143d978989ed55db1d1b9cbe")
-                .unwrap();
-
-        // Invalid seed lengths
-        for size in [8, 24, 40] {
-            assert!(matches!(
-                create_and_store_seed("password", &host_entropy[..size]),
-                Err(Error::SeedSize)
-            ));
-        }
-
-        // Hack to get the random bytes that will be used.
-        let seed_random = {
-            crate::random::fake_reset();
-            crate::random::random_32_bytes()
-        };
-
-        // Derived from mock_salt_root and "password".
-        let password_salted_hashed =
-            hex::decode("e8c70a20d9108fbb9454b1b8e2d7373e78cbaf9de025ab2d4f4d3c7a6711694c")
-                .unwrap();
-
-        // expected_seed = seed_random ^ host_entropy ^ password_salted_hashed
-        let expected_seed: Vec<u8> = seed_random
-            .into_iter()
-            .zip(host_entropy.iter())
-            .zip(password_salted_hashed)
-            .map(|((a, &b), c)| a ^ b ^ c)
-            .collect();
-
-        for size in [16, 32] {
-            mock_memory();
-            crate::random::fake_reset();
-            crate::memory::set_salt_root(mock_salt_root.as_slice().try_into().unwrap()).unwrap();
-            _lock();
-
-            assert!(create_and_store_seed("password", &host_entropy[..size]).is_ok());
-            assert_eq!(_copy_seed().unwrap().as_slice(), &expected_seed[..size]);
-            // Check the seed has been stored encrypted with the expected encryption key.
-            // Decrypt and check seed.
-            let cipher = crate::memory::get_encrypted_seed_and_hmac().unwrap();
-
-            // Same as Python:
-            // import hmac, hashlib; hmac.digest(b"unit-test", b"password", hashlib.sha256).hex()
-            // See also: mock_securechip.c
-            let expected_encryption_key =
-                hex::decode("e56de448f5f1d29cdcc0e0099007309afe4d5a3ef2349e99dcc41840ad98409e")
-                    .unwrap();
-            let decrypted =
-                bitbox_aes::decrypt_with_hmac(&expected_encryption_key, &cipher).unwrap();
-            assert_eq!(decrypted.as_slice(), &expected_seed[..size]);
-        }
-    }
 }