keystore: port create_and_store_seed to Rust

Author: benma

src/keystore.c

@@ -381,43 +381,6 @@ keystore_error_t keystore_encrypt_and_store_seed(
     return KEYSTORE_OK;
 }
 
-keystore_error_t keystore_create_and_store_seed(
-    const char* password,
-    const uint8_t* host_entropy,
-    size_t host_entropy_size)
-{
-    if (host_entropy_size != 16 && host_entropy_size != 32) {
-        return KEYSTORE_ERR_SEED_SIZE;
-    }
-    if (KEYSTORE_MAX_SEED_LENGTH != RANDOM_NUM_SIZE) {
-        Abort("keystore create: size mismatch");
-    }
-    uint8_t seed[KEYSTORE_MAX_SEED_LENGTH];
-    UTIL_CLEANUP_32(seed);
-    random_32_bytes(seed);
-
-    // Mix in Host entropy.
-    for (size_t i = 0; i < host_entropy_size; i++) {
-        seed[i] ^= host_entropy[i];
-    }
-
-    // Mix in entropy derived from the user password.
-    uint8_t password_salted_hashed[KEYSTORE_MAX_SEED_LENGTH] = {0};
-    UTIL_CLEANUP_32(password_salted_hashed);
-    if (!salt_hash_data(
-            (const uint8_t*)password,
-            strlen(password),
-            "keystore_seed_generation",
-            password_salted_hashed)) {
-        return KEYSTORE_ERR_SALT;
-    }
-
-    for (size_t i = 0; i < host_entropy_size; i++) {
-        seed[i] ^= password_salted_hashed[i];
-    }
-    return keystore_encrypt_and_store_seed(seed, host_entropy_size, password);
-}
-
 // Checks if the retained seed matches the passed seed.
 static bool _check_retained_seed(const uint8_t* seed, size_t seed_length)
 {

src/keystore.h

@@ -72,19 +72,6 @@ USE_RESULT bool keystore_copy_bip39_seed(uint8_t* bip32_seed_out);
 USE_RESULT keystore_error_t
 keystore_encrypt_and_store_seed(const uint8_t* seed, size_t seed_length, const char* password);
 
-/**
-   Generates the seed, mixes it with host_entropy, and stores it encrypted with the
-   password. The size of the host entropy determines the size of the seed. Can be either 16 or 32
-   bytes, resulting in 12 or 24 BIP39 recovery words.
-   This also unlocks the keystore with the new seed.
-   @param[in] host_entropy bytes of entropy to be mixed in.
-   @param[in] host_entropy_size must be 16 or 32.
-*/
-USE_RESULT keystore_error_t keystore_create_and_store_seed(
-    const char* password,
-    const uint8_t* host_entropy,
-    size_t host_entropy_size);
-
 /** Unlocks the keystore seed or checks the password:
  * If the keystore is locked, it decrypts and loads the seed, unlocking the keystore:
  * 1) loads the stored seed and tries to decrypt using password.

src/rust/bitbox02-rust/src/keystore.rs

@@ -99,7 +99,29 @@ pub fn encrypt_and_store_seed(seed: &[u8], password: &str) -> Result<(), Error>
 /// bytes, resulting in 12 or 24 BIP39 recovery words.
 /// This also unlocks the keystore with the new seed.
 pub fn create_and_store_seed(password: &str, host_entropy: &[u8]) -> Result<(), Error> {
-    keystore::_create_and_store_seed(password, host_entropy)
+    let seed_len = host_entropy.len();
+    if !matches!(seed_len, 16 | 32) {
+        return Err(Error::SeedSize);
+    }
+
+    let mut seed_vec = bitbox02::random::random_32_bytes();
+    let seed = &mut seed_vec[..seed_len];
+
+    // Mix in host entropy.
+    for (i, &entropy_byte) in host_entropy.iter().enumerate() {
+        seed[i] ^= entropy_byte;
+    }
+
+    // Mix in entropy derived from the user password.
+    let password_salted_hashed =
+        crate::salt::hash_data(password.as_bytes(), "keystore_seed_generation")
+            .map_err(|_| Error::Salt)?;
+
+    for (i, &hash_byte) in password_salted_hashed.iter().take(seed_len).enumerate() {
+        seed[i] ^= hash_byte;
+    }
+
+    encrypt_and_store_seed(seed, password)
 }
 
 /// Returns the keystore's seed encoded as a BIP-39 mnemonic.

src/rust/bitbox02-sys/build.rs

@@ -72,7 +72,6 @@ const ALLOWLIST_FNS: &[&str] = &[
     "keystore_bip39_mnemonic_to_seed",
     "keystore_copy_seed",
     "keystore_copy_bip39_seed",
-    "keystore_create_and_store_seed",
     "keystore_encrypt_and_store_seed",
     "keystore_get_bip39_word",
     "keystore_is_locked",

src/rust/bitbox02/src/keystore.rs

@@ -129,22 +129,6 @@ pub fn test_get_retained_bip39_seed_encrypted() -> &'static [u8] {
     }
 }
 
-pub fn _create_and_store_seed(password: &str, host_entropy: &[u8]) -> Result<(), Error> {
-    match unsafe {
-        bitbox02_sys::keystore_create_and_store_seed(
-            crate::util::str_to_cstr_vec(password)
-                .unwrap()
-                .as_ptr()
-                .cast(),
-            host_entropy.as_ptr(),
-            host_entropy.len() as _,
-        )
-    } {
-        keystore_error_t::KEYSTORE_OK => Ok(()),
-        err => Err(err.into()),
-    }
-}
-
 pub fn _copy_seed() -> Result<zeroize::Zeroizing<Vec<u8>>, ()> {
     let mut seed = zeroize::Zeroizing::new([0u8; MAX_SEED_LENGTH].to_vec());
     let mut seed_len: usize = 0;