Merge commit 'c7e091ce'

Author: benma

CHANGELOG.md

@@ -9,6 +9,10 @@ customers cannot upgrade their bootloader, its changes are recorded separately.
 ### [Unreleased]
 - Add support for deriving BIP-39 mnemonics according to BIP-85
 
+### 9.17.0
+- Add support for deriving mnemonics for Lightning hot wallets according to BIP-85 (using a custom
+  BIP-85 application number)
+
 ### 9.16.0
 - Disable screensaver when displaying a receive address, confirming a transaction, and other interactive actions
 - Add Sepolia testnet for Ethereum

CMakeLists.txt

@@ -96,8 +96,8 @@ endif()
 #
 # Versions MUST contain three parts and start with lowercase 'v'.
 # Example 'v1.0.0'. They MUST not contain a pre-release label such as '-beta'.
-set(FIRMWARE_VERSION "v9.16.0")
-set(FIRMWARE_BTC_ONLY_VERSION "v9.16.0")
+set(FIRMWARE_VERSION "v9.17.0")
+set(FIRMWARE_BTC_ONLY_VERSION "v9.17.0")
 set(BOOTLOADER_VERSION "v1.0.5")
 
 find_package(PythonInterp 3.6 REQUIRED)

messages/keystore.proto

@@ -4,6 +4,8 @@
 syntax = "proto3";
 package shiftcrypto.bitbox02;
 
+import "google/protobuf/empty.proto";
+
 message ElectrumEncryptionKeyRequest {
   repeated uint32 keypath = 1;
 }
@@ -13,7 +15,19 @@ message ElectrumEncryptionKeyResponse {
 }
 
 message BIP85Request {
+  message AppLn {
+    uint32 account_number = 1;
+  }
+
+  oneof app {
+    google.protobuf.Empty bip39 = 1;
+    AppLn ln = 2;
+  }
 }
 
 message BIP85Response {
+  oneof app {
+    google.protobuf.Empty bip39 = 1;
+    bytes ln = 2;
+  }
 }

py/bitbox02/bitbox02/bitbox02/bitbox02.py

@@ -43,6 +43,7 @@
     from bitbox02.communication.generated import common_pb2 as common
     from bitbox02.communication.generated import keystore_pb2 as keystore
     from bitbox02.communication.generated import antiklepto_pb2 as antiklepto
+    import google.protobuf.empty_pb2
 
     # pylint: disable=unused-import
     # We export it in __init__.py
@@ -678,14 +679,39 @@ def electrum_encryption_key(self, keypath: Sequence[int]) -> str:
         )
         return self._msg_query(request).electrum_encryption_key.key
 
-    def bip85(self) -> None:
-        """Invokes the BIP-85 workflow on the device"""
-        self._require_atleast(semver.VersionInfo(9, 16, 0))
+    def bip85_bip39(self) -> None:
+        """Invokes the BIP85-BIP39 workflow on the device"""
+        self._require_atleast(semver.VersionInfo(9, 17, 0))
 
         # pylint: disable=no-member
         request = hww.Request()
-        request.bip85.CopyFrom(keystore.BIP85Request())
-        self._msg_query(request)
+        request.bip85.CopyFrom(
+            keystore.BIP85Request(
+                bip39=google.protobuf.empty_pb2.Empty(),
+            )
+        )
+        response = self._msg_query(request, expected_response="bip85").bip85
+        assert response.WhichOneof("app") == "bip39"
+
+    def bip85_ln(self) -> bytes:
+        """
+        Generates and returns a mnemonic for a hot Lightning wallet from the device using BIP-85.
+        """
+        self._require_atleast(semver.VersionInfo(9, 17, 0))
+
+        # Only account_number=0 is allowed for now.
+        account_number = 0
+
+        # pylint: disable=no-member
+        request = hww.Request()
+        request.bip85.CopyFrom(
+            keystore.BIP85Request(
+                ln=keystore.BIP85Request.AppLn(account_number=account_number),
+            )
+        )
+        response = self._msg_query(request, expected_response="bip85").bip85
+        assert response.WhichOneof("app") == "ln"
+        return response.ln
 
     def enable_mnemonic_passphrase(self) -> None:
         """

py/bitbox02/bitbox02/communication/generated/keystore_pb2.py

@@ -4,6 +4,7 @@ isort:skip_file
 """
 import builtins
 import google.protobuf.descriptor
+import google.protobuf.empty_pb2
 import google.protobuf.internal.containers
 import google.protobuf.message
 import typing
@@ -36,12 +37,45 @@ global___ElectrumEncryptionKeyResponse = ElectrumEncryptionKeyResponse
 
 class BIP85Request(google.protobuf.message.Message):
     DESCRIPTOR: google.protobuf.descriptor.Descriptor
+    class AppLn(google.protobuf.message.Message):
+        DESCRIPTOR: google.protobuf.descriptor.Descriptor
+        ACCOUNT_NUMBER_FIELD_NUMBER: builtins.int
+        account_number: builtins.int
+        def __init__(self,
+            *,
+            account_number: builtins.int = ...,
+            ) -> None: ...
+        def ClearField(self, field_name: typing_extensions.Literal["account_number",b"account_number"]) -> None: ...
+
+    BIP39_FIELD_NUMBER: builtins.int
+    LN_FIELD_NUMBER: builtins.int
+    @property
+    def bip39(self) -> google.protobuf.empty_pb2.Empty: ...
+    @property
+    def ln(self) -> global___BIP85Request.AppLn: ...
     def __init__(self,
+        *,
+        bip39: typing.Optional[google.protobuf.empty_pb2.Empty] = ...,
+        ln: typing.Optional[global___BIP85Request.AppLn] = ...,
         ) -> None: ...
+    def HasField(self, field_name: typing_extensions.Literal["app",b"app","bip39",b"bip39","ln",b"ln"]) -> builtins.bool: ...
+    def ClearField(self, field_name: typing_extensions.Literal["app",b"app","bip39",b"bip39","ln",b"ln"]) -> None: ...
+    def WhichOneof(self, oneof_group: typing_extensions.Literal["app",b"app"]) -> typing.Optional[typing_extensions.Literal["bip39","ln"]]: ...
 global___BIP85Request = BIP85Request
 
 class BIP85Response(google.protobuf.message.Message):
     DESCRIPTOR: google.protobuf.descriptor.Descriptor
+    BIP39_FIELD_NUMBER: builtins.int
+    LN_FIELD_NUMBER: builtins.int
+    @property
+    def bip39(self) -> google.protobuf.empty_pb2.Empty: ...
+    ln: builtins.bytes
     def __init__(self,
+        *,
+        bip39: typing.Optional[google.protobuf.empty_pb2.Empty] = ...,
+        ln: builtins.bytes = ...,
         ) -> None: ...
+    def HasField(self, field_name: typing_extensions.Literal["app",b"app","bip39",b"bip39","ln",b"ln"]) -> builtins.bool: ...
+    def ClearField(self, field_name: typing_extensions.Literal["app",b"app","bip39",b"bip39","ln",b"ln"]) -> None: ...
+    def WhichOneof(self, oneof_group: typing_extensions.Literal["app",b"app"]) -> typing.Optional[typing_extensions.Literal["bip39","ln"]]: ...
 global___BIP85Response = BIP85Response

py/bitbox02/bitbox02/communication/generated/keystore_pb2.pyi

@@ -340,8 +340,18 @@ def _get_electrum_encryption_key(self) -> None:
             ),
         )
 
-    def _bip85(self) -> None:
-        self._device.bip85()
+    def _bip85_bip39(self) -> None:
+        try:
+            self._device.bip85_bip39()
+        except UserAbortException:
+            print("Aborted by user")
+
+    def _bip85_ln(self) -> None:
+        try:
+            entropy = self._device.bip85_ln()
+            print("Derived entropy for a Breez Lightning wallet:", entropy.hex())
+        except UserAbortException:
+            print("Aborted by user")
 
     def _btc_address(self) -> None:
         def address(display: bool) -> str:
@@ -1391,7 +1401,8 @@ def _menu_init(self) -> None:
             ("Sign Ethereum Typed Message (EIP-712)", self._sign_eth_typed_message),
             ("Cardano", self._cardano),
             ("Show Electrum wallet encryption key", self._get_electrum_encryption_key),
-            ("BIP85", self._bip85),
+            ("BIP85 - BIP39", self._bip85_bip39),
+            ("BIP85 - LN", self._bip85_ln),
             ("Reset Device", self._reset_device),
         )
         choice = ask_user(choices)

py/send_message.py

@@ -330,6 +330,7 @@ add_custom_target(rust-bindgen
     --allowlist-function keystore_get_bip39_word
     --allowlist-function keystore_get_ed25519_seed
     --allowlist-function keystore_bip85_bip39
+    --allowlist-function keystore_bip85_ln
     --allowlist-function keystore_secp256k1_compressed_to_uncompressed
     --allowlist-function keystore_secp256k1_nonce_commit
     --allowlist-function keystore_secp256k1_sign

src/CMakeLists.txt

@@ -864,6 +864,30 @@ bool keystore_bip85_bip39(
     return snprintf_result >= 0 && snprintf_result < (int)mnemonic_out_size;
 }
 
+bool keystore_bip85_ln(uint32_t index, uint8_t* entropy_out)
+{
+    if (index >= BIP32_INITIAL_HARDENED_CHILD) {
+        return false;
+    }
+
+    const uint32_t keypath[] = {
+        83696968 + BIP32_INITIAL_HARDENED_CHILD,
+        19534 + BIP32_INITIAL_HARDENED_CHILD,
+        0 + BIP32_INITIAL_HARDENED_CHILD,
+        12 + BIP32_INITIAL_HARDENED_CHILD,
+        index + BIP32_INITIAL_HARDENED_CHILD,
+    };
+
+    uint8_t entropy[64] = {0};
+    UTIL_CLEANUP_64(entropy);
+    if (!_bip85_entropy(keypath, sizeof(keypath) / sizeof(uint32_t), entropy)) {
+        return false;
+    }
+
+    memcpy(entropy_out, entropy, 16);
+    return true;
+}
+
 USE_RESULT bool keystore_encode_xpub_at_keypath(
     const uint32_t* keypath,
     size_t keypath_len,

src/keystore.c

@@ -253,6 +253,16 @@ USE_RESULT bool keystore_bip85_bip39(
     char* mnemonic_out,
     size_t mnemonic_out_size);
 
+/**
+ * Computes a 16 byte deterministic seed specifically for Lightning hot wallets according to BIP-85.
+ * It is the same as BIP-85 with app number 39', but instead using app number 19534' (= 0x4c4e =
+ * 'LN'). https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki#bip39
+ * Restricted to 16 byte output entropy.
+ * @param[in] index must be smaller than `BIP32_INITIAL_HARDENED_CHILD`.
+ * @param[out] entropy_out resulting entropy, must be at least 16 bytes in size.
+ */
+USE_RESULT bool keystore_bip85_ln(uint32_t index, uint8_t* entropy_out);
+
 /**
  * Encode an xpub at the given `keypath` as 78 bytes according to BIP32. The version bytes are
  * the ones corresponding to `xpub`, i.e. 0x0488B21E.