keystore: split retaining/deleting seeds into functions

Intermediate commit for clarity. These two functions can then be
changed to not keep the seed in RAM in plantext, but to encrypt them.

Author: benma

src/keystore.c

@@ -47,21 +47,6 @@ static bool _is_unlocked_bip39 = false;
 // Must be defined if _is_unlocked is true. ONLY ACCESS THIS WITH _copy_bip39_seed().
 static uint8_t _retained_bip39_seed[64] = {0};
 
-#ifdef TESTING
-void keystore_mock_unlocked(const uint8_t* seed, size_t seed_len, const uint8_t* bip39_seed)
-{
-    _is_unlocked_device = seed != NULL;
-    if (seed != NULL) {
-        _seed_length = seed_len;
-        memcpy(_retained_seed, seed, seed_len);
-    }
-    _is_unlocked_bip39 = bip39_seed != NULL;
-    if (bip39_seed != NULL) {
-        memcpy(_retained_bip39_seed, bip39_seed, sizeof(_retained_bip39_seed));
-    }
-}
-#endif
-
 /**
  * We allow seeds of 16, 24 or 32 bytes.
  */
@@ -319,6 +304,25 @@ static void _free_string(char** str)
     wally_free_string(*str);
 }
 
+static void _retain_seed(const uint8_t* seed, size_t seed_len)
+{
+    memcpy(_retained_seed, seed, seed_len);
+    _seed_length = seed_len;
+}
+
+USE_RESULT static bool _retain_bip39_seed(const uint8_t* bip39_seed)
+{
+    memcpy(_retained_bip39_seed, bip39_seed, sizeof(_retained_bip39_seed));
+    return true;
+}
+
+static void _delete_retained_seeds(void)
+{
+    _seed_length = 0;
+    util_zero(_retained_seed, sizeof(_retained_seed));
+    util_zero(_retained_bip39_seed, sizeof(_retained_bip39_seed));
+}
+
 keystore_error_t keystore_unlock(
     const char* password,
     uint8_t* remaining_attempts_out,
@@ -354,8 +358,7 @@ keystore_error_t keystore_unlock(
                 Abort("Seed has suddenly changed. This should never happen.");
             }
         } else {
-            memcpy(_retained_seed, seed, seed_len);
-            _seed_length = seed_len;
+            _retain_seed(seed, seed_len);
             _is_unlocked_device = true;
         }
         bitbox02_smarteeprom_reset_unlock_attempts();
@@ -396,7 +399,9 @@ bool keystore_unlock_bip39(const char* mnemonic_passphrase)
             mnemonic, mnemonic_passphrase, bip39_seed, sizeof(bip39_seed), NULL) != WALLY_OK) {
         return false;
     }
-    memcpy(_retained_bip39_seed, bip39_seed, sizeof(bip39_seed));
+    if (!_retain_bip39_seed(bip39_seed)) {
+        return false;
+    }
     _is_unlocked_bip39 = true;
     return true;
 }
@@ -405,9 +410,7 @@ void keystore_lock(void)
 {
     _is_unlocked_device = false;
     _is_unlocked_bip39 = false;
-    _seed_length = 0;
-    util_zero(_retained_seed, sizeof(_retained_seed));
-    util_zero(_retained_bip39_seed, sizeof(_retained_bip39_seed));
+    _delete_retained_seeds();
 }
 
 bool keystore_is_locked(void)
@@ -789,3 +792,17 @@ bool keystore_secp256k1_schnorr_bip86_sign(
     }
     return secp256k1_schnorrsig_verify(ctx, sig64_out, msg32, 32, &pubkey) == 1;
 }
+
+#ifdef TESTING
+void keystore_mock_unlocked(const uint8_t* seed, size_t seed_len, const uint8_t* bip39_seed)
+{
+    _is_unlocked_device = seed != NULL;
+    if (seed != NULL) {
+        _retain_seed(seed, seed_len);
+    }
+    _is_unlocked_bip39 = bip39_seed != NULL;
+    if (bip39_seed != NULL) {
+        memcpy(_retained_bip39_seed, bip39_seed, sizeof(_retained_bip39_seed));
+    }
+}
+#endif

src/keystore.h

@@ -45,13 +45,6 @@ typedef enum {
     KEYSTORE_ERR_ENCRYPT,
 } keystore_error_t;
 
-#ifdef TESTING
-/**
- * convenience to mock the keystore state (locked, seed) in tests.
- */
-void keystore_mock_unlocked(const uint8_t* seed, size_t seed_len, const uint8_t* bip39_seed);
-#endif
-
 /**
  * Copies the retained seed into the given buffer. The caller must
  * zero the seed with util_zero once it is no longer needed.
@@ -284,4 +277,11 @@ USE_RESULT bool keystore_secp256k1_schnorr_bip86_sign(
     const uint8_t* msg32,
     uint8_t* sig64_out);
 
+#ifdef TESTING
+/**
+ * convenience to mock the keystore state (locked, seed) in tests.
+ */
+void keystore_mock_unlocked(const uint8_t* seed, size_t seed_len, const uint8_t* bip39_seed);
+#endif
+
 #endif