Merge branch 'rm-resets'

Author: benma

src/rust/bitbox02-rust/src/hal.rs

@@ -15,6 +15,7 @@
 use crate::workflow::RealWorkflows;
 pub use crate::workflow::Workflows as Ui;
 
+use alloc::boxed::Box;
 use alloc::string::String;
 use alloc::vec::Vec;
 
@@ -33,10 +34,15 @@ pub trait Sd {
     async fn write_bin(&mut self, filename: &str, dir: &str, data: &[u8]) -> Result<(), ()>;
 }
 
+pub trait Random {
+    fn random_32_bytes(&mut self) -> Box<zeroize::Zeroizing<[u8; 32]>>;
+}
+
 /// Hardware abstraction layer for BitBox devices.
 pub trait Hal {
     fn ui(&mut self) -> &mut impl Ui;
     fn sd(&mut self) -> &mut impl Sd;
+    fn random(&mut self) -> &mut impl Random;
 }
 
 pub struct BitBox02Sd;
@@ -82,16 +88,27 @@ impl Sd for BitBox02Sd {
     }
 }
 
+pub struct BitBox02Random;
+
+impl Random for BitBox02Random {
+    #[inline(always)]
+    fn random_32_bytes(&mut self) -> Box<zeroize::Zeroizing<[u8; 32]>> {
+        bitbox02::random::random_32_bytes()
+    }
+}
+
 pub struct BitBox02Hal {
     ui: RealWorkflows,
     sd: BitBox02Sd,
+    random: BitBox02Random,
 }
 
 impl BitBox02Hal {
     pub const fn new() -> Self {
         Self {
             ui: crate::workflow::RealWorkflows,
             sd: BitBox02Sd,
+            random: BitBox02Random,
         }
     }
 }
@@ -103,14 +120,38 @@ impl Hal for BitBox02Hal {
     fn sd(&mut self) -> &mut impl Sd {
         &mut self.sd
     }
+    fn random(&mut self) -> &mut impl Random {
+        &mut self.random
+    }
 }
 
 #[cfg(feature = "testing")]
 pub mod testing {
+    use alloc::boxed::Box;
     use alloc::collections::BTreeMap;
     use alloc::string::String;
     use alloc::vec::Vec;
 
+    use bitcoin::hashes::{Hash, sha256};
+
+    pub struct TestingRandom {
+        counter: u32,
+    }
+
+    impl TestingRandom {
+        pub fn new() -> Self {
+            Self { counter: 0 }
+        }
+    }
+
+    impl super::Random for TestingRandom {
+        fn random_32_bytes(&mut self) -> Box<zeroize::Zeroizing<[u8; 32]>> {
+            self.counter += 1;
+            let hash = sha256::Hash::hash(&self.counter.to_be_bytes());
+            Box::new(zeroize::Zeroizing::new(hash.to_byte_array()))
+        }
+    }
+
     pub struct TestingSd {
         pub inserted: Option<bool>,
         files: BTreeMap<String, BTreeMap<String, Vec<u8>>>,
@@ -172,13 +213,15 @@ pub mod testing {
     pub struct TestingHal<'a> {
         pub ui: crate::workflow::testing::TestingWorkflows<'a>,
         pub sd: TestingSd,
+        pub random: TestingRandom,
     }
 
     impl TestingHal<'_> {
         pub fn new() -> Self {
             Self {
                 ui: crate::workflow::testing::TestingWorkflows::new(),
                 sd: TestingSd::new(),
+                random: TestingRandom::new(),
             }
         }
     }
@@ -190,12 +233,16 @@ pub mod testing {
         fn sd(&mut self) -> &mut impl super::Sd {
             &mut self.sd
         }
+        fn random(&mut self) -> &mut impl super::Random {
+            &mut self.random
+        }
     }
 
     #[cfg(test)]
     mod tests {
         use super::*;
-        use crate::hal::Sd;
+        use crate::hal::{Random, Sd};
+        use hex_lit::hex;
 
         use util::bb02_async::block_on;
 
@@ -230,5 +277,20 @@ pub mod testing {
             assert!(block_on(sd.erase_file_in_subdir("file1.txt", "dir1")).is_ok());
             assert_eq!(block_on(sd.list_subdir(Some("dir1"))), Ok(vec![]));
         }
+
+        #[test]
+        fn test_random() {
+            let mut random = TestingRandom::new();
+            let first = random.random_32_bytes();
+            let second = random.random_32_bytes();
+            assert_eq!(
+                first.as_slice(),
+                &hex!("b40711a88c7039756fb8a73827eabe2c0fe5a0346ca7e0a104adc0fc764f528d"),
+            );
+            assert_eq!(
+                second.as_slice(),
+                &hex!("433ebf5bc03dffa38536673207a21281612cef5faa9bc7a4d5b9be2fdb12cf1a"),
+            );
+        }
     }
 }

src/rust/bitbox02-rust/src/hww/api/bitcoin/signtx.rs

@@ -1195,6 +1195,7 @@ async fn _process(
 
             next_response.next.has_signature = true;
             next_response.next.signature = crate::keystore::secp256k1_schnorr_sign(
+                hal.random(),
                 &tx_input.keypath,
                 &sighash,
                 if let TaprootSpendInfo::KeySpend(tweak_hash) = &spend_info {
@@ -2155,7 +2156,6 @@ mod tests {
             }));
 
         mock_unlocked();
-        bitbox02::random::fake_reset();
         let mut init_request = transaction.borrow().init_request();
         init_request.script_configs[0] = pb::BtcScriptConfigWithKeypath {
             script_config: Some(pb::BtcScriptConfig {
@@ -2172,7 +2172,7 @@ mod tests {
                 assert_eq!(
                     next.signature,
                     hex!(
-                        "472ef2aa293d5697649a5364d40567d6eaf508fca9e51321c5a48de42c32b4bbc2d0cee4ab6fea1f3b137a1cbca2abe72aa945c50e95e02fa8ac354fddf2ca10"
+                        "74fa05435a838a76ab34105f783d8d69136977b85df4644dec6afc85bba669ddb7c127d7a5a6d3cb406843b6e4366a276872228bb9efa4e3c22cfd07be3198b5"
                     )
                 );
             }
@@ -2232,7 +2232,6 @@ mod tests {
 
         mock_host_responder(transaction.clone());
         mock_unlocked();
-        bitbox02::random::fake_reset();
         let result = block_on(process(
             &mut TestingHal::new(),
             &transaction.borrow().init_request(),
@@ -3227,7 +3226,6 @@ mod tests {
             "sudden tenant fault inject concert weather maid people chunk youth stumble grit",
             "",
         );
-        bitbox02::random::fake_reset();
         // For the policy registration below.
         mock_memory();
 
@@ -3352,7 +3350,6 @@ mod tests {
             "sudden tenant fault inject concert weather maid people chunk youth stumble grit",
             "",
         );
-        bitbox02::random::fake_reset();
         // For the policy registration below.
         mock_memory();
 
@@ -3390,7 +3387,7 @@ mod tests {
                 assert_eq!(
                     next.signature,
                     hex!(
-                        "f4b760fa7f1ca8a00149bf439c07dcd3aafe4c98111607cece4b80066f7ef2e4406d18831990def0bf4a5b5647dc426ef1f749524adf0a6896844cd90b796031"
+                        "63bb140c52b30f8625219dac0951cad4a6c1c2c5c6a014be40fd46a80ab77207780626f7d568e885f26484bbc3624714a26234a0da5236775cbfae5ed7a6ad8d"
                     )
                 );
             }
@@ -3412,7 +3409,6 @@ mod tests {
             "sudden tenant fault inject concert weather maid people chunk youth stumble grit",
             "",
         );
-        bitbox02::random::fake_reset();
         // For the policy registration below.
         mock_memory();
 
@@ -3710,7 +3706,6 @@ mod tests {
 
         mock_host_responder(transaction.clone());
         mock_unlocked();
-        bitbox02::random::fake_reset();
         let init_request = transaction.borrow().init_request();
 
         let mut mock_hal = TestingHal::new();
@@ -3789,7 +3784,6 @@ mod tests {
 
         mock_host_responder(transaction.clone());
         mock_unlocked();
-        bitbox02::random::fake_reset();
         let init_request = transaction.borrow().init_request();
 
         let mut mock_hal = TestingHal::new();
@@ -3829,7 +3823,6 @@ mod tests {
 
         mock_host_responder(transaction.clone());
         mock_unlocked();
-        bitbox02::random::fake_reset();
         let init_request = transaction.borrow().init_request();
 
         let mut mock_hal = TestingHal::new();
@@ -3861,7 +3854,6 @@ mod tests {
 
         mock_host_responder(transaction.clone());
         mock_unlocked();
-        bitbox02::random::fake_reset();
         let init_request = transaction.borrow().init_request();
 
         let mut mock_hal = TestingHal::new();

src/rust/bitbox02-rust/src/keystore.rs

@@ -431,6 +431,7 @@ pub fn secp256k1_nonce_commit(
 /// Sign a message using the private key at the keypath, which is optionally tweaked with the given
 /// tweak.
 pub fn secp256k1_schnorr_sign(
+    random: &mut impl crate::hal::Random,
     keypath: &[u32],
     msg: &[u8; 32],
     tweak: Option<&[u8; 32]>,
@@ -448,10 +449,11 @@ pub fn secp256k1_schnorr_sign(
             .map_err(|_| ())?;
     }
 
+    let aux_rand = random.random_32_bytes();
     let sig = SECP256K1.sign_schnorr_with_aux_rand(
         &bitcoin::secp256k1::Message::from_digest(*msg),
         &keypair,
-        &bitbox02::random::random_32_bytes(),
+        &aux_rand,
     );
     Ok(sig.serialize())
 }
@@ -522,6 +524,7 @@ pub mod testing {
 mod tests {
     use super::*;
 
+    use crate::hal::{Random, testing::TestingRandom};
     use hex_lit::hex;
 
     use bitbox02::testing::mock_memory;
@@ -1308,10 +1311,10 @@ mod tests {
         };
 
         // Test without tweak
-        bitbox02::random::fake_reset();
 
         bitbox02::securechip::fake_event_counter_reset();
-        let sig = secp256k1_schnorr_sign(&keypath, &msg, None).unwrap();
+        let mut random = crate::hal::testing::TestingRandom::new();
+        let sig = secp256k1_schnorr_sign(&mut random, &keypath, &msg, None).unwrap();
         assert_eq!(bitbox02::securechip::fake_event_counter(), 1);
 
         assert!(
@@ -1325,13 +1328,14 @@ mod tests {
         );
 
         // Test with tweak
-        bitbox02::random::fake_reset();
         let tweak = secp256k1::Scalar::from_be_bytes(hex!(
             "a39fb163dbd9b5e0840af3cc1ee41d5b31245c5dd8d6bdc3d026d09b8964997c"
         ))
         .unwrap();
         let (tweaked_pubkey, _) = expected_pubkey.add_tweak(SECP256K1, &tweak).unwrap();
-        let sig = secp256k1_schnorr_sign(&keypath, &msg, Some(&tweak.to_be_bytes())).unwrap();
+        let mut random = crate::hal::testing::TestingRandom::new();
+        let sig = secp256k1_schnorr_sign(&mut random, &keypath, &msg, Some(&tweak.to_be_bytes()))
+            .unwrap();
         assert!(
             SECP256K1
                 .verify_schnorr(