wip

Author: benma

src/rust/bitbox02-rust/src/keystore.rs

@@ -18,7 +18,7 @@ pub mod ed25519;
 use alloc::vec::Vec;
 
 use crate::bip32;
-use bitbox02::{keystore, memory, securechip};
+use bitbox02::{keystore, memory, random, securechip};
 
 #[derive(Debug)]
 pub enum Error {
@@ -58,10 +58,9 @@ pub fn encrypt_and_store_seed(seed: &[u8], password: &str) -> Result<(), Error>
     securechip::init_new_password(password).map_err(|_| Error::SecureChip)?;
     let secret: zeroize::Zeroizing<Vec<u8>> =
         securechip::stretch_password(password).map_err(|_| Error::SecureChip)?;
-    // TODO: set IV randomly using random_32_bytes().
-    let iv = &[0u8; 16];
+    let iv: &[u8; 16] = &random::combined_32_bytes()[..16].try_into().unwrap();
     let encrypted_seed: Vec<u8> =
-        bitbox_aes::encrypt_with_hmac(iv, secret.as_slice().try_into().unwrap(), seed);
+        bitbox_aes::encrypt_with_hmac(&iv, secret.as_slice().try_into().unwrap(), seed);
     memory::set_encrypted_seed_and_hmac(&encrypted_seed).map_err(|_| Error::Memory)?;
 
     // Verify seed.

src/rust/bitbox02-sys/build.rs

@@ -108,6 +108,7 @@ const ALLOWLIST_FNS: &[&str] = &[
     "progress_create",
     "progress_set",
     "random_32_bytes_mcu",
+    "random_32_bytes",
     "random_mock_reset",
     "reboot",
     "reset_reset",

src/rust/bitbox02/src/random.rs

@@ -29,6 +29,20 @@ pub fn mcu_32_bytes(out: &mut [u8; 32]) {
     }
 }
 
+#[cfg(target_arch = "arm")]
+pub fn combined_32_bytes() -> [u8; 32] {
+    let mut out = [0u8; 32];
+    unsafe { bitbox02_sys::random_32_bytes(out.as_mut_ptr()) }
+    out
+}
+
+#[cfg(not(target_arch = "arm"))]
+pub fn combined_32_bytes() -> [u8; 32] {
+    let mut out = [0u8; 32];
+    mcu_32_bytes(&mut out);
+    out
+}
+
 #[cfg(feature = "testing")]
 pub fn mock_reset() {
     unsafe {