Merge branch 'keystore-rust-is-unlocked'

Author: benma

src/rust/bitbox02-rust/src/hww.rs

@@ -329,7 +329,7 @@ mod tests {
             }]
         );
 
-        assert!(!bitbox02::keystore::is_locked());
+        assert!(!crate::keystore::is_locked());
         assert!(bitbox02::memory::is_seeded());
         assert!(!bitbox02::memory::is_initialized());
 
@@ -343,7 +343,7 @@ mod tests {
 
         // Can reboot when seeded and locked. This happens when the user sets a password and then
         // reconnects the device.
-        bitbox02::keystore::lock();
+        crate::keystore::lock();
         let mut mock_hal = TestingHal::new();
         let reboot_called = std::panic::catch_unwind(std::panic::AssertUnwindSafe(|| {
             make_request(&mut mock_hal, reboot_request.encode_to_vec().as_ref()).unwrap();
@@ -372,7 +372,7 @@ mod tests {
 
         let mut make_request = init_noise();
 
-        bitbox02::keystore::lock();
+        crate::keystore::lock();
         let mut mock_hal = TestingHal::new();
         mock_hal.sd.inserted = Some(true);
         mock_hal
@@ -391,7 +391,7 @@ mod tests {
             .as_ref(),
         )
         .unwrap();
-        assert!(!bitbox02::keystore::is_locked());
+        assert!(!crate::keystore::is_locked());
         assert!(!bitbox02::memory::is_initialized());
         let mut mock_hal = TestingHal::new();
         mock_hal.sd.inserted = Some(true);
@@ -434,7 +434,7 @@ mod tests {
         };
 
         // Can't reboot when initialized but locked.
-        bitbox02::keystore::lock();
+        crate::keystore::lock();
         let mut mock_hal = TestingHal::new();
         let response_encoded =
             make_request(&mut mock_hal, &reboot_request.encode_to_vec()).unwrap();
@@ -456,7 +456,7 @@ mod tests {
             block_on(_process_packet(&mut mock_hal, vec![OP_UNLOCK])),
             [OP_STATUS_SUCCESS].to_vec()
         );
-        assert!(!bitbox02::keystore::is_locked());
+        assert!(!crate::keystore::is_locked());
 
         // Since in the previous request the msg was encrypted but not decrypted (query was
         // rejected), the noise states are out of sync and we need to make a new channel.
@@ -490,7 +490,7 @@ mod tests {
             &b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"[..],
             &b"aaaaaaaaaaaaaaaa"[..],
         ] {
-            bitbox02::keystore::lock();
+            crate::keystore::lock();
             mock_memory();
 
             bitbox02::memory::set_device_name("test device name").unwrap();
@@ -552,7 +552,7 @@ mod tests {
                 ]
             );
 
-            let seed = bitbox02::keystore::copy_seed().unwrap();
+            let seed = crate::keystore::copy_seed().unwrap();
             assert_eq!(seed.len(), host_entropy.len());
             mock_hal.ui = crate::workflow::testing::TestingWorkflows::new();
             assert!(matches!(
@@ -718,7 +718,7 @@ mod tests {
             );
 
             // Restored seed is the same as the seed that was backed up.
-            assert_eq!(seed, bitbox02::keystore::copy_seed().unwrap());
+            assert_eq!(seed, crate::keystore::copy_seed().unwrap());
         }
     }
 }

src/rust/bitbox02-rust/src/hww/api.rs

@@ -110,7 +110,7 @@ fn can_call(request: &Request) -> bool {
         InitializedAndUnlocked,
     }
     let state: State = if bitbox02::memory::is_initialized() {
-        if bitbox02::keystore::is_locked() {
+        if crate::keystore::is_locked() {
             State::InitializedAndLocked
         } else {
             State::InitializedAndUnlocked

src/rust/bitbox02-rust/src/hww/api/backup.rs

@@ -30,7 +30,7 @@ pub async fn check(
         return Err(Error::InvalidInput);
     }
 
-    let seed = bitbox02::keystore::copy_seed()?;
+    let seed = crate::keystore::copy_seed()?;
     let id = backup::id(&seed);
     let (backup_data, metadata) = backup::load(hal, &id).await?;
     if seed.as_slice() != backup_data.get_seed() {
@@ -102,7 +102,7 @@ pub async fn create(
     let seed = if is_initialized {
         unlock::unlock_keystore(hal, "Unlock device", unlock::CanCancel::Yes).await?
     } else {
-        let seed = bitbox02::keystore::copy_seed()?;
+        let seed = crate::keystore::copy_seed()?;
         // Yield now to give executor a chance to process USB/BLE communication, as copy_seed() causes
         // some delay.
         futures_lite::future::yield_now().await;
@@ -234,7 +234,7 @@ mod tests {
 
         let seed = hex::decode("cb33c20cea62a5c277527e2002da82e6e2b37450a755143a540a54cea8da9044")
             .unwrap();
-        bitbox02::keystore::encrypt_and_store_seed(&seed, "password").unwrap();
+        crate::keystore::encrypt_and_store_seed(&seed, "password").unwrap();
         bitbox02::memory::set_initialized().unwrap();
 
         let mut password_entered: bool = false;

src/rust/bitbox02-rust/src/hww/api/bitcoin/multisig.rs

@@ -589,7 +589,7 @@ mod tests {
         };
 
         // Keystore locked.
-        bitbox02::keystore::lock();
+        crate::keystore::lock();
         assert!(validate(&multisig, keypath).is_err());
 
         // Ok.

src/rust/bitbox02-rust/src/hww/api/bitcoin/signmsg.rs

@@ -24,10 +24,9 @@ use pb::btc_script_config::{Config, SimpleType};
 
 use pb::btc_response::Response;
 
-use bitbox02::keystore;
+use crate::keystore;
 
 use crate::hal::Ui;
-use crate::secp256k1::SECP256K1;
 use crate::workflow::{confirm, verify_message};
 
 const MAX_MESSAGE_SIZE: usize = 1024;
@@ -99,8 +98,7 @@ pub async fn process(
         // Engage in the anti-klepto protocol if the host sends a host nonce commitment.
         Some(pb::AntiKleptoHostNonceCommitment { ref commitment }) => {
             let signer_commitment = keystore::secp256k1_nonce_commit(
-                SECP256K1,
-                crate::keystore::secp256k1_get_private_key(keypath)?
+                keystore::secp256k1_get_private_key(keypath)?
                     .as_slice()
                     .try_into()
                     .unwrap(),
@@ -119,9 +117,8 @@ pub async fn process(
         None => [0; 32],
     };
 
-    let sign_result = bitbox02::keystore::secp256k1_sign(
-        SECP256K1,
-        crate::keystore::secp256k1_get_private_key(keypath)?
+    let sign_result = keystore::secp256k1_sign(
+        keystore::secp256k1_get_private_key(keypath)?
             .as_slice()
             .try_into()
             .unwrap(),

src/rust/bitbox02-rust/src/hww/api/bitcoin/signtx.rs

@@ -661,7 +661,7 @@ async fn _process(
     hal: &mut impl crate::hal::Hal,
     request: &pb::BtcSignInitRequest,
 ) -> Result<Response, Error> {
-    if bitbox02::keystore::is_locked() {
+    if crate::keystore::is_locked() {
         return Err(Error::InvalidState);
     }
     // Validate the coin.
@@ -1230,8 +1230,7 @@ async fn _process(
             // Engage in the Anti-Klepto protocol if the host sends a host nonce commitment.
             let host_nonce: [u8; 32] = match tx_input.host_nonce_commitment {
                 Some(pb::AntiKleptoHostNonceCommitment { ref commitment }) => {
-                    let signer_commitment = bitbox02::keystore::secp256k1_nonce_commit(
-                        SECP256K1,
+                    let signer_commitment = crate::keystore::secp256k1_nonce_commit(
                         private_key.as_slice().try_into().unwrap(),
                         &sighash,
                         commitment
@@ -1255,8 +1254,7 @@ async fn _process(
                 None => [0; 32],
             };
 
-            let sign_result = bitbox02::keystore::secp256k1_sign(
-                SECP256K1,
+            let sign_result = crate::keystore::secp256k1_sign(
                 private_key.as_slice().try_into().unwrap(),
                 &sighash,
                 &host_nonce,
@@ -1705,7 +1703,7 @@ mod tests {
 
         {
             // test keystore locked
-            bitbox02::keystore::lock();
+            crate::keystore::lock();
             assert_eq!(
                 block_on(process(&mut TestingHal::new(), &init_req_valid,)),
                 Err(Error::InvalidState)

src/rust/bitbox02-rust/src/hww/api/cardano/address.rs

@@ -488,7 +488,7 @@ mod tests {
 
     #[test]
     fn test_pubkey_hash_at_keypath() {
-        bitbox02::keystore::lock();
+        crate::keystore::lock();
         assert!(
             pubkey_hash_at_keypath(&[1852 + HARDENED, 1815 + HARDENED, HARDENED, 0, 0]).is_err()
         );
@@ -515,7 +515,7 @@ mod tests {
         );
 
         // Keystore locked
-        bitbox02::keystore::lock();
+        crate::keystore::lock();
         assert_eq!(
             do_pkh_skh(
                 &[1852 + HARDENED, 1815 + HARDENED, HARDENED, 0, 0],

src/rust/bitbox02-rust/src/hww/api/cardano/xpubs.rs

@@ -47,7 +47,7 @@ mod tests {
 
     #[test]
     fn test_process() {
-        bitbox02::keystore::lock();
+        crate::keystore::lock();
         assert_eq!(
             process(&pb::CardanoXpubsRequest { keypaths: vec![] }),
             Ok(Response::Xpubs(pb::CardanoXpubsResponse { xpubs: vec![] })),

src/rust/bitbox02-rust/src/hww/api/ethereum/pubrequest.rs

@@ -138,7 +138,7 @@ mod tests {
         );
 
         // xpub fetching/encoding failed.
-        bitbox02::keystore::lock();
+        keystore::lock();
         assert_eq!(
             block_on(process(&mut TestingHal::new(), &request)),
             Err(Error::InvalidInput)
@@ -231,7 +231,7 @@ mod tests {
         );
 
         // Keystore locked.
-        bitbox02::keystore::lock();
+        keystore::lock();
         assert_eq!(
             block_on(process(
                 &mut TestingHal::new(),

src/rust/bitbox02-rust/src/hww/api/ethereum/sign.rs

@@ -17,10 +17,9 @@ use super::amount::{Amount, calculate_percentage};
 use super::params::Params;
 use super::pb;
 
-use bitbox02::keystore;
+use crate::keystore;
 
 use crate::hal::Ui;
-use crate::secp256k1::SECP256K1;
 use crate::workflow::{confirm, transaction};
 
 use alloc::vec::Vec;
@@ -390,8 +389,7 @@ pub async fn _process(
         // Engage in the anti-klepto protocol if the host sends a host nonce commitment.
         Some(pb::AntiKleptoHostNonceCommitment { commitment }) => {
             let signer_commitment = keystore::secp256k1_nonce_commit(
-                SECP256K1,
-                &crate::keystore::secp256k1_get_private_key(request.keypath())?
+                &keystore::secp256k1_get_private_key(request.keypath())?
                     .as_slice()
                     .try_into()
                     .unwrap(),
@@ -410,8 +408,7 @@ pub async fn _process(
         None => [0; 32],
     };
     let sign_result = keystore::secp256k1_sign(
-        SECP256K1,
-        &crate::keystore::secp256k1_get_private_key(request.keypath())?
+        &keystore::secp256k1_get_private_key(request.keypath())?
             .as_slice()
             .try_into()
             .unwrap(),