keystore: port compressed_to_uncompressed to Rust

Since the inclusion of the miniscript feature and rust-miniscript dep,
we depend on rust-bitcoin and rust-secp256k1, so we can make use of it
instead of manually wrapping secp256k1. This even saves ~300 bytes of
binary space.

Author: benma

src/keystore.c

@@ -614,23 +614,6 @@ bool keystore_get_bip39_word(uint16_t idx, char** word_out)
     return bip39_get_word(NULL, idx, word_out) == WALLY_OK;
 }
 
-bool keystore_secp256k1_compressed_to_uncompressed(
-    const uint8_t* pubkey_bytes,
-    uint8_t* uncompressed_out)
-{
-    const secp256k1_context* ctx = wally_get_secp_context();
-    secp256k1_pubkey pubkey;
-    if (!secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkey_bytes, 33)) {
-        return false;
-    }
-    size_t len = 65;
-    if (!secp256k1_ec_pubkey_serialize(
-            ctx, uncompressed_out, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED)) {
-        return false;
-    }
-    return true;
-}
-
 bool keystore_secp256k1_nonce_commit(
     const uint32_t* keypath,
     size_t keypath_len,

src/keystore.h

@@ -24,7 +24,7 @@
 #include <secp256k1.h>
 #include <wally_bip32.h>
 #include <wally_bip39.h> // for BIP39_WORDLIST_LEN
-#include <wally_crypto.h> // for EC_PUBLIC_KEY_UNCOMPRESSED_LEN and EC_PUBLIC_KEY_LEN
+#include <wally_crypto.h> // for EC_PUBLIC_KEY_LEN
 
 #define KEYSTORE_MAX_SEED_LENGTH (32)
 #define KEYSTORE_U2F_SEED_LENGTH SHA256_LEN
@@ -160,14 +160,6 @@ void keystore_zero_xkey(struct ext_key* xkey);
  */
 USE_RESULT bool keystore_get_bip39_word(uint16_t idx, char** word_out);
 
-// Reformats pubkey from compressed 33 bytes to uncompressed 65 bytes (<0x04><64 bytes X><64 bytes
-// Y>),
-// pubkey must be 33 bytes
-// uncompressed_out must be 65 bytes.
-USE_RESULT bool keystore_secp256k1_compressed_to_uncompressed(
-    const uint8_t* pubkey_bytes,
-    uint8_t* uncompressed_out);
-
 /**
  * Get a commitment to the original nonce before tweaking it with the host nonce. This is part of
  * the ECDSA Anti-Klepto Protocol. For more details, check the docs of

src/rust/bitbox02-rust/src/bip32.rs

@@ -121,7 +121,8 @@ impl Xpub {
     ///
     /// (<0x04><64 bytes X><64 bytes Y>).
     pub fn pubkey_uncompressed(&self) -> Result<[u8; 65], ()> {
-        bitbox02::keystore::secp256k1_pubkey_compressed_to_uncompressed(self.public_key())
+        let pk = bitcoin::secp256k1::PublicKey::from_slice(self.public_key()).map_err(|_| ())?;
+        Ok(pk.serialize_uncompressed())
     }
 
     /// Return the tweaked taproot pubkey.

src/rust/bitbox02-sys/build.rs

@@ -22,7 +22,6 @@ const ALLOWLIST_VARS: &[&str] = &[
     "BIP32_SERIALIZED_LEN",
     "BIP39_WORDLIST_LEN",
     "EC_PUBLIC_KEY_LEN",
-    "EC_PUBLIC_KEY_UNCOMPRESSED_LEN",
     "INPUT_STRING_MAX_SIZE",
     "KEYSTORE_MAX_SEED_LENGTH",
     "MAX_LABEL_SIZE",
@@ -73,7 +72,6 @@ const ALLOWLIST_FNS: &[&str] = &[
     "keystore_is_locked",
     "keystore_lock",
     "keystore_mock_unlocked",
-    "keystore_secp256k1_compressed_to_uncompressed",
     "keystore_secp256k1_get_private_key",
     "keystore_secp256k1_nonce_commit",
     "keystore_secp256k1_schnorr_bip86_pubkey",

src/rust/bitbox02/src/keystore.rs

@@ -22,7 +22,6 @@ use core::convert::TryInto;
 use bitbox02_sys::keystore_error_t;
 
 pub const BIP39_WORDLIST_LEN: u16 = bitbox02_sys::BIP39_WORDLIST_LEN as u16;
-pub const EC_PUBLIC_KEY_UNCOMPRESSED_LEN: usize = bitbox02_sys::EC_PUBLIC_KEY_UNCOMPRESSED_LEN as _;
 pub const EC_PUBLIC_KEY_LEN: usize = bitbox02_sys::EC_PUBLIC_KEY_LEN as _;
 pub const MAX_SEED_LENGTH: usize = bitbox02_sys::KEYSTORE_MAX_SEED_LENGTH as usize;
 
@@ -200,21 +199,6 @@ pub fn get_bip39_wordlist(indices: Option<&[u16]>) -> Bip39Wordlist {
     )
 }
 
-pub fn secp256k1_pubkey_compressed_to_uncompressed(
-    compressed_pubkey: &[u8],
-) -> Result<[u8; EC_PUBLIC_KEY_UNCOMPRESSED_LEN], ()> {
-    let mut pubkey = [0u8; EC_PUBLIC_KEY_UNCOMPRESSED_LEN];
-    match unsafe {
-        bitbox02_sys::keystore_secp256k1_compressed_to_uncompressed(
-            compressed_pubkey.as_ptr(),
-            pubkey.as_mut_ptr(),
-        )
-    } {
-        true => Ok(pubkey),
-        false => Err(()),
-    }
-}
-
 pub fn encode_xpub_at_keypath(keypath: &[u32]) -> Result<Vec<u8>, ()> {
     let mut xpub = vec![0u8; bitbox02_sys::BIP32_SERIALIZED_LEN as _];
     match unsafe {

test/unit-test/test_keystore_functional.c

@@ -118,7 +118,7 @@ static bool _encode_xpub(const struct ext_key* xpub, char* out, size_t out_len)
         rust_util_bytes(bytes, sizeof(bytes)), rust_util_bytes_mut((uint8_t*)out, out_len));
 }
 
-static void _check_pubs(const char* expected_xpub, const char* expected_pubkey_uncompressed_hex)
+static void _check_pubs(const char* expected_xpub)
 {
     struct ext_key __attribute__((__cleanup__(keystore_zero_xkey))) xpub_3;
     struct ext_key __attribute__((__cleanup__(keystore_zero_xkey))) xpub_5;
@@ -135,19 +135,13 @@ static void _check_pubs(const char* expected_xpub, const char* expected_pubkey_u
     char xpub_serialized[120];
     assert_true(_encode_xpub(&xpub_3, xpub_serialized, sizeof(xpub_serialized)));
     assert_string_equal(xpub_serialized, expected_xpub);
-
-    uint8_t pubkey_uncompressed[EC_PUBLIC_KEY_UNCOMPRESSED_LEN];
-    assert_true(keystore_secp256k1_compressed_to_uncompressed(xpub_5.pub_key, pubkey_uncompressed));
-    _assert_equal_memory_hex(
-        pubkey_uncompressed, sizeof(pubkey_uncompressed), expected_pubkey_uncompressed_hex);
 }
 
 static void _test_combination(
     const char* mnemonic_passphrase,
     uint32_t seed_len,
     const char* expected_mnemonic,
     const char* expected_xpub,
-    const char* expected_pubkey_uncompressed_hex,
     const char* expected_u2f_seed_hex)
 {
     assert_false(keystore_unlock_bip39(mnemonic_passphrase));
@@ -163,7 +157,7 @@ static void _test_combination(
     assert_true(keystore_unlock_bip39(mnemonic_passphrase));
     assert_false(keystore_is_locked());
     _check_mnemonic(expected_mnemonic);
-    _check_pubs(expected_xpub, expected_pubkey_uncompressed_hex);
+    _check_pubs(expected_xpub);
 
     uint8_t u2f_seed[32];
     assert_true(keystore_get_u2f_seed(u2f_seed));
@@ -182,18 +176,10 @@ static void _test_fixtures(void** state)
         const char* expected_xpub =
             "xpub6Cj6NNCGj2CRPHvkuEG1rbW3nrNCAnLjaoTg1P67FCGoahSsbg9WQ7YaMEEP83QDxt2kZ3hTPAPpGdyEZc"
             "fAC1C75HfR66UbjpAb39f4PnG";
-        const char* expected_pubkey_uncompressed_hex =
-            "0477a44aa9e8c8fb5105ef5ee2394e8aed89ad73fc74361425f06347ecfe326131e1339367ee3cbe877192"
-            "85a07f774b17eb933ecf0b9b82acebc195226d634244";
         const char* expected_u2f_seed_hex =
             "4f464a6667ad88eebcd0f02982761e474ee0dd16253160320f49d1d6681745e9";
         _test_combination(
-            mnemonic_passphrase,
-            seed_len,
-            expected_mnemonic,
-            expected_xpub,
-            expected_pubkey_uncompressed_hex,
-            expected_u2f_seed_hex);
+            mnemonic_passphrase, seed_len, expected_mnemonic, expected_xpub, expected_u2f_seed_hex);
     }
     {
         const char* mnemonic_passphrase = "abc";
@@ -204,18 +190,10 @@ static void _test_fixtures(void** state)
         const char* expected_xpub =
             "xpub6DXBP3HhFdhUTafatEULxfTXUUxDVuCxfa9RAiBU5r6aRgKiABbeBDyqwWWjmKPP1BZvpvVNMbVR5LeHzh"
             "QphtLcPZ8jk3MdLBgc2sACJwR";
-        const char* expected_pubkey_uncompressed_hex =
-            "044fb66eeefd352b441c86a6200a1e871928a367f5ab5f46566645d01d0534791ae39ff64a7d14d2427297"
-            "61ebd3829e8536b389dba543cbc48b1d86c01559d27b";
         const char* expected_u2f_seed_hex =
             "d599da991ad83baaf449c789e2dff1539dd66983b47a1dec1c00ff3f352cccbc";
         _test_combination(
-            mnemonic_passphrase,
-            seed_len,
-            expected_mnemonic,
-            expected_xpub,
-            expected_pubkey_uncompressed_hex,
-            expected_u2f_seed_hex);
+            mnemonic_passphrase, seed_len, expected_mnemonic, expected_xpub, expected_u2f_seed_hex);
     }
     {
         const char* mnemonic_passphrase = "";
@@ -226,18 +204,10 @@ static void _test_fixtures(void** state)
         const char* expected_xpub =
             "xpub6C7fKxGtTzEVxCC22U2VHx4GpaVy77DzU6KdZ1CLuHgoUGviBMWDc62uoQVxqcRa5RQbMPnffjpwxve18B"
             "G81VJhJDXnSpRe5NGKwVpXiAb";
-        const char* expected_pubkey_uncompressed_hex =
-            "043113631363e62a07d6a0becafc8063bb311fd1e9e71a6930d995857837642648aba5c743374e19428565"
-            "80f565c6b929737af5439f65f5333baf1d63c1f986bf";
         const char* expected_u2f_seed_hex =
             "fb9dc3fb0a17390776df5c3d8f9261bc5fd5df9f00414cee1393e37e0efda7ef";
         _test_combination(
-            mnemonic_passphrase,
-            seed_len,
-            expected_mnemonic,
-            expected_xpub,
-            expected_pubkey_uncompressed_hex,
-            expected_u2f_seed_hex);
+            mnemonic_passphrase, seed_len, expected_mnemonic, expected_xpub, expected_u2f_seed_hex);
     }
     {
         const char* mnemonic_passphrase = "";
@@ -247,18 +217,10 @@ static void _test_fixtures(void** state)
         const char* expected_xpub =
             "xpub6DLvpzjKpJ8k4xYrWYPmZQkUe9dkG1eRig2v6Jz4iYgo8hcpHWx87gGoCGDaB2cHFZ3ExUfe1jDiMu7Ch6"
             "gA4ULCBhvwZj29mHCPYSux3YV";
-        const char* expected_pubkey_uncompressed_hex =
-            "04588110a40455d74a3fd439fa2f4c0994cd0dc64644f9e5bc03cc99e7fcfe32eea56cb72d31cb997663b1"
-            "f62ad12e9c3a24b717064e8db4cc8ca70ac8a98a46a5";
         const char* expected_u2f_seed_hex =
             "20d68b206aff9667b623a460ce61fc94762de67561d6855ca9a6df7b409b2a54";
         _test_combination(
-            mnemonic_passphrase,
-            seed_len,
-            expected_mnemonic,
-            expected_xpub,
-            expected_pubkey_uncompressed_hex,
-            expected_u2f_seed_hex);
+            mnemonic_passphrase, seed_len, expected_mnemonic, expected_xpub, expected_u2f_seed_hex);
     }
 }