Merge branch 'rm-wally'

Author: benma

.gitmodules

@@ -1,9 +1,6 @@
 [submodule "external/cryptoauthlib"]
 	path = external/cryptoauthlib
 	url = https://github.com/BitBoxSwiss/cryptoauthlib.git
-[submodule "external/libwally-core"]
-	path = external/libwally-core
-	url = https://github.com/BitBoxSwiss/libwally-core.git
 [submodule "tools/ttf2ugui"]
 	path = tools/ttf2ugui
 	url = https://github.com/BitBoxSwiss/ttf2ugui
@@ -13,3 +10,6 @@
 [submodule "external/embedded-swd"]
 	path = external/embedded-swd
 	url = https://github.com/BitBoxSwiss/embedded-swd
+[submodule "external/secp256k1-zkp"]
+	path = external/secp256k1-zkp
+	url = https://github.com/BitBoxSwiss/secp256k1-zkp.git

external/CMakeLists.txt

@@ -1,5 +1,9 @@
 include(ExternalProject)
 
+# Tell `add_library()` to default to STATIC.
+# Needed because secp256k1-zkp/CMakeLists.txt sets it to ON.
+set(BUILD_SHARED_LIBS OFF)
+
 if(CMAKE_CROSSCOMPILING)
   set(CONFIGURE_FLAGS
     --host=${CMAKE_SYSTEM_PROCESSOR}-none-eabi
@@ -14,71 +18,19 @@ string(REPLACE "-mfloat-abi=softfp" "" MODIFIED_C_FLAGS_TMP ${CMAKE_C_FLAGS})
 string(REPLACE "-mfpu=fpv4-sp-d16" "" MODIFIED_C_FLAGS ${MODIFIED_C_FLAGS_TMP})
 
 #----------------------
-# wally-core
-
-# configure flags for secp256k1 bundled in libwally core, to reduce memory consumption
-set(LIBWALLY_SECP256k1_FLAGS --with-ecmult-window=2 --with-ecmult-gen-precision=2 --enable-ecmult-static-precomputation --enable-module-schnorrsig --enable-module-ecdsa-adaptor)
-set(LIBWALLY_CONFIGURE_FLAGS --enable-static --disable-shared --disable-tests ${LIBWALLY_SECP256k1_FLAGS})
-if(SANITIZE_ADDRESS)
-  set(LIBWALLY_CFLAGS "-fsanitize=address")
-endif()
-if(SANITIZE_UNDEFINED)
-  set(LIBWALLY_CFLAGS "${LIBWALLY_CFLAGS} -fsanitize=undefined")
-endif()
-# _DEFAULT_SOURCE enables the BSD explicit_bzero function referenced by libwally.
-set(LIBWALLY_CFLAGS  "\
-  ${LIBWALLY_CFLAGS} \
-  ${MODIFIED_C_FLAGS} ${CMAKE_C_FLAGS_${CMAKE_BUILD_TYPE}} \
-  -D_DEFAULT_SOURCE \
-  -fno-strict-aliasing \
-")
-if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
-  string(APPEND LIBWALLY_CFLAGS " -mmacosx-version-min=${CMAKE_OSX_DEPLOYMENT_TARGET}")
-endif()
 
-# Hide some warnings
-set(LIBWALLY_CFLAGS "${LIBWALLY_CFLAGS} -Wno-cast-qual -Wno-cast-align \
-  -Wno-missing-prototypes -Wno-redundant-decls \
-  -Wno-switch-default -Wno-missing-declarations \
-  -Wno-array-bounds -Wno-unused-label -Wno-sign-compare -Wno-type-limits \
-")
-if(CMAKE_CROSSCOMPILING)
-  set(LIBWALLY_LDFLAGS --specs=nosys.specs)
-endif()
-set(LIBWALLY_LDFLAGS "${LIBWALLY_LDFLAGS} ${CMAKE_C_LINK_FLAGS}")
+## secp256k1-zkp
 
-ExternalProject_Add(libwally-core
-  PREFIX          ${CMAKE_CURRENT_BINARY_DIR}/libwally-core
-  STEP_TARGETS    build-libwally
-  SOURCE_DIR      ${CMAKE_CURRENT_SOURCE_DIR}/libwally-core
-  CONFIGURE_COMMAND ${CMAKE_COMMAND} -E chdir ${CMAKE_CURRENT_SOURCE_DIR}/libwally-core tools/autogen.sh
-  COMMAND         ${CMAKE_COMMAND} -E env
-                  "CFLAGS=${LIBWALLY_CFLAGS}"
-                  "LDFLAGS=${LIBWALLY_LDFLAGS}"
-                  ${CMAKE_CURRENT_SOURCE_DIR}/libwally-core/configure
-                  ${CONFIGURE_FLAGS}
-                  ${LIBWALLY_CONFIGURE_FLAGS}
-  INSTALL_COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_ARCHIVE_OUTPUT_DIRECTORY}
-  COMMAND         ${CMAKE_COMMAND} -E copy
-                  ${CMAKE_CURRENT_BINARY_DIR}/libwally-core/src/libwally-core-build/src/.libs/libwallycore.a
-                  ${CMAKE_ARCHIVE_OUTPUT_DIRECTORY}/libwallycore.a
-  COMMAND         ${CMAKE_COMMAND} -E copy
-                  ${CMAKE_CURRENT_BINARY_DIR}/libwally-core/src/libwally-core-build/src/secp256k1/.libs/libsecp256k1.a
-                  ${CMAKE_ARCHIVE_OUTPUT_DIRECTORY}/libsecp256k1.a
+# Override
+set(SECP256K1_ENABLE_MODULE_RECOVERY ON) # needed only in Rust unit tests.
+set(SECP256K1_ECMULT_WINDOW_SIZE 2 CACHE STRING "Window size for ecmult precomputation for verification, specified as integer in range [2..24]. \"AUTO\" is a reasonable setting for desktop machines (currently 15). [default=AUTO]" FORCE)
+set(SECP256K1_ECMULT_GEN_PREC_BITS 2 CACHE STRING "Precision bits to tune the precomputed table size for signing, specified as integer 2, 4 or 8. \"AUTO\" is a reasonable setting for desktop machines (currently 4). [default=AUTO]" FORCE)
+# Suppress all warnings in this directory, we don't have control over them.
+set_directory_properties(PROPERTIES
+  COMPILE_OPTIONS "-w"
+  DIRECTORY secp256k1-zkp
 )
-
-add_library(wallycore STATIC IMPORTED GLOBAL)
-set_property(TARGET wallycore
-  PROPERTY IMPORTED_LOCATION ${CMAKE_ARCHIVE_OUTPUT_DIRECTORY}/libwallycore.a)
-set_target_properties(wallycore PROPERTIES INTERFACE_INCLUDE_DIRECTORIES ${CMAKE_CURRENT_SOURCE_DIR}/libwally-core/include)
-set_target_properties(wallycore PROPERTIES INTERFACE_SYSTEM_INCLUDE_DIRECTORIES ${CMAKE_CURRENT_SOURCE_DIR}/libwally-core/include)
-
-add_library(secp256k1 STATIC IMPORTED GLOBAL)
-set_property(TARGET secp256k1
-  PROPERTY IMPORTED_LOCATION ${CMAKE_ARCHIVE_OUTPUT_DIRECTORY}/libsecp256k1.a)
-set_target_properties(secp256k1 PROPERTIES INTERFACE_INCLUDE_DIRECTORIES ${CMAKE_CURRENT_SOURCE_DIR}/libwally-core/src/secp256k1/include)
-set_target_properties(secp256k1 PROPERTIES INTERFACE_SYSTEM_INCLUDE_DIRECTORIES ${CMAKE_CURRENT_SOURCE_DIR}/libwally-core/src/secp256k1/include)
-
+add_subdirectory(secp256k1-zkp)
 
 if(CMAKE_CROSSCOMPILING)
   # Cortex Microcontroller Software Interface Standard

external/libwally-core

@@ -235,7 +235,7 @@ else()
   set(RUSTFLAGS "--remap-path-prefix=${CMAKE_CURRENT_SOURCE_DIR}/rust=src --remap-path-prefix=$ENV{HOME}=")
 endif()
 
-# Use libsecp256k1 that we link ourselves (included via external/libwally-core).
+# Use libsecp256k1 that we link ourselves.
 # See https://github.com/rust-bitcoin/rust-secp256k1/tree/7c8270a8506e31731e540fab7ee1abde1f48314e/secp256k1-sys#linking-to-external-symbols
 set(RUSTFLAGS "${RUSTFLAGS} --cfg=rust_secp_no_symbol_renaming")
 
@@ -277,7 +277,7 @@ add_custom_target(rust-cbindgen
 
 # Test rust crates that contain business logic. Avoid testing crates that depend on hardware.
 if(NOT CMAKE_CROSSCOMPILING)
-  set(RUSTFLAGS_TESTS ${RUSTFLAGS} -L${CMAKE_ARCHIVE_OUTPUT_DIRECTORY} -lbitbox_merged -lwallycore -lsecp256k1 -lfatfs -lhardware-fakes)
+  set(RUSTFLAGS_TESTS ${RUSTFLAGS} -L${CMAKE_ARCHIVE_OUTPUT_DIRECTORY} -lbitbox_merged -lsecp256k1 -lfatfs -lhardware-fakes)
 
   # Since we build with all features we need to use a separate build directory.
   # Otherwise we invalidate the result from the normal compilation that uses a
@@ -293,7 +293,7 @@ if(NOT CMAKE_CROSSCOMPILING)
         ${CARGO} test $<$<BOOL:${CMAKE_VERBOSE_MAKEFILE}>:-v> --all-features --target-dir ${RUST_BINARY_DIR}/all-features ${RUST_CARGO_FLAGS} -- --nocapture --test-threads 1
     WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/rust/
     )
-  add_dependencies(rust-test generate-protobufs bitbox_merged libwally-core fatfs)
+  add_dependencies(rust-test generate-protobufs bitbox_merged fatfs)
 
   add_custom_target(rust-clippy
     COMMAND
@@ -520,8 +520,7 @@ if(CMAKE_CROSSCOMPILING)
     target_link_libraries(${elf} PRIVATE "-Wl,-Map=\"${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/${firmware}.map\" -T\"${CMAKE_SOURCE_DIR}/firmware.ld\"")
     target_link_libraries(${elf} PRIVATE -Wl,--defsym=STACK_SIZE=${STACK_SIZE} -Wl,-defsym=HEAP_SIZE=${HEAP_SIZE})
 
-    add_dependencies(${elf} libwally-core)
-    target_link_libraries(${elf} PRIVATE wallycore secp256k1)
+    target_link_libraries(${elf} PRIVATE secp256k1)
     target_link_libraries(${elf} PRIVATE ${QTOUCHLIB_A} ${QTOUCHLIB_B} ${QTOUCHLIB_T})
 
     # Select the smaller version of libc called nano.

external/secp256k1-zkp

@@ -24,7 +24,6 @@
 #include "screen.h"
 #include "securechip/securechip.h"
 #include "util.h"
-#include <wally_core.h>
 
 extern void __attribute__((noreturn)) __stack_chk_fail(void);
 void __attribute__((noreturn)) __stack_chk_fail(void)
@@ -52,22 +51,6 @@ static const securechip_interface_functions_t _securechip_interface_functions =
     .random_32_bytes = random_32_bytes,
 };
 
-static void _wally_patched_bzero(void* ptr, size_t len)
-{
-    util_zero(ptr, len);
-}
-
-static bool _setup_wally(void)
-{
-    static struct wally_operations _ops = {0};
-    _ops.struct_size = sizeof(struct wally_operations);
-    if (wally_get_operations(&_ops) != WALLY_OK) {
-        return false;
-    }
-    _ops.bzero_fn = _wally_patched_bzero;
-    return wally_set_operations(&_ops) == WALLY_OK;
-}
-
 void common_main(void)
 {
     mpu_bitbox02_init();
@@ -76,10 +59,6 @@ void common_main(void)
         AbortAutoenter("memory_setup failed");
     }
 
-    if (!_setup_wally()) {
-        AbortAutoenter("_setup_wally failed");
-    }
-
     /* Enable/configure SmartEEPROM. */
     smarteeprom_bb02_config();
 

src/CMakeLists.txt

@@ -35,8 +35,6 @@
 #include <secp256k1.h>
 #include <ui/oled/oled.h>
 
-#include <wally_crypto.h>
-
 #define BUFFER_SIZE_DOWN 1024
 #define BUFFER_SIZE_UP 1024
 
@@ -387,7 +385,7 @@ static void _api_msg(const uint8_t* input, size_t in_len, uint8_t* output, size_
             result = ERR_INVALID_INPUT;
             break;
         }
-        uint8_t msg32[SHA256_LEN] = {0};
+        uint8_t msg32[32] = {0};
         _attestation_sighash(attestation_device_pubkey, msg32);
         bool matches_a_root_pubkey = false;
         for (size_t pubkey_idx = 0; pubkey_idx < sizeof(_root_pubkey_bytes) / ROOT_PUBKEY_SIZE;

src/common_main.c

@@ -464,7 +464,7 @@ bool keystore_unlock_bip39(const char* mnemonic_passphrase)
         return false;
     }
 
-    uint8_t bip39_seed[BIP39_SEED_LEN_512] = {0};
+    uint8_t bip39_seed[64] = {0};
     UTIL_CLEANUP_64(bip39_seed);
     rust_derive_bip39_seed(
         rust_util_bytes(seed, seed_length),

src/factorysetup.c

@@ -22,9 +22,6 @@
 #include <stdint.h>
 
 #include <secp256k1.h>
-#include <wally_bip32.h>
-#include <wally_bip39.h> // for BIP39_WORDLIST_LEN
-#include <wally_crypto.h> // for EC_PUBLIC_KEY_LEN
 
 #define KEYSTORE_MAX_SEED_LENGTH (32)
 #define KEYSTORE_U2F_SEED_LENGTH SHA256_LEN

src/keystore.c

@@ -29,6 +29,9 @@ use sha2::{Digest, Sha256};
 
 const NUM_RANDOM_WORDS: u8 = 5;
 
+/// Number of words in the BIP-39 wordlist.
+const BIP39_WORDLIST_LEN: u16 = 2048;
+
 fn as_str_vec(v: &[zeroize::Zeroizing<String>]) -> Vec<&str> {
     v.iter().map(|s| s.as_str()).collect()
 }
@@ -56,7 +59,7 @@ fn create_random_unique_words(word: &str, length: u8) -> (u8, Vec<zeroize::Zeroi
             // A random word everywhere else.
             // Loop until we get a unique word, we don't want repeated words in the list.
             loop {
-                let idx = rand16() % bitbox02::keystore::BIP39_WORDLIST_LEN;
+                let idx = rand16() % BIP39_WORDLIST_LEN;
                 if picked_indices.contains(&idx) {
                     continue;
                 };
@@ -319,7 +322,7 @@ pub async fn get(
         .await;
 
     // Provide all bip39 words to restrict the keyboard entry.
-    let bip39_wordlist: Vec<u16> = (0..bitbox02::keystore::BIP39_WORDLIST_LEN).collect();
+    let bip39_wordlist: Vec<u16> = (0..BIP39_WORDLIST_LEN).collect();
 
     let mut word_idx: usize = 0;
     let mut entered_words = vec![zeroize::Zeroizing::new(String::new()); num_words];
@@ -430,7 +433,7 @@ mod tests {
 
     fn bruteforce_lastword(mnemonic: &[&str]) -> Vec<zeroize::Zeroizing<String>> {
         let mut result = Vec::new();
-        for i in 0..bitbox02::keystore::BIP39_WORDLIST_LEN {
+        for i in 0..BIP39_WORDLIST_LEN {
             let word = bitbox02::keystore::get_bip39_word(i).unwrap();
             let mut m = mnemonic.to_vec();
             m.push(&word);