fix review

brave · Jan 20, 2025 · 48c5a33 · 48c5a33
1 parent 15eef13
commit 48c5a33
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 9 deletions.
diff --git a/chromium_src/third_party/boringssl/src/crypto/curve25519/curve25519.c b/chromium_src/third_party/boringssl/src/crypto/curve25519/curve25519.c
@@ -11,7 +11,11 @@
 #pragma allow_unsafe_buffers
 #endif
 
-static int IsScalarPruned(const uint8_t scalar[32]) {
+// https://datatracker.ietf.org/doc/html/rfc8032#section-5.1.5
+// requires scalar to follow this requirements 'The lowest 3 bits of the first
+// octet are cleared, the highest bit of the last octet is cleared, and the
+// second highest bit of the last octet is set'.
+int ED25519_is_scalar_pruned(const uint8_t scalar[32]) {
   return (scalar[0] & 0b00000111) == 0b00000000 &&
          (scalar[31] & 0b11000000) == 0b01000000;
 }
@@ -21,7 +25,7 @@ static int IsScalarPruned(const uint8_t scalar[32]) {
 // See `ED25519_keypair_from_seed` as origin.
 int ED25519_pubkey_from_scalar(uint8_t out_public_key[32],
                                const uint8_t scalar[32]) {
-  if (!IsScalarPruned(scalar)) {
+  if (!ED25519_is_scalar_pruned(scalar)) {
     return 0;
   }
 
@@ -44,7 +48,7 @@ int ED25519_sign_with_scalar_and_prefix(uint8_t out_sig[64],
                                         const uint8_t scalar[32],
                                         const uint8_t prefix[32],
                                         const uint8_t public_key[32]) {
-  if (!IsScalarPruned(scalar)) {
+  if (!ED25519_is_scalar_pruned(scalar)) {
     return 0;
   }
 

diff --git a/chromium_src/third_party/boringssl/src/include/openssl/curve25519.h b/chromium_src/third_party/boringssl/src/include/openssl/curve25519.h
@@ -9,6 +9,9 @@
 extern "C" {
 #endif
 
+// These functions support custom ED25519 keys generation and signing for
+// Cardano.
+OPENSSL_EXPORT int ED25519_is_scalar_pruned(const uint8_t scalar[32]);
 OPENSSL_EXPORT int ED25519_pubkey_from_scalar(uint8_t out_public_key[32],
                                               const uint8_t scalar[32]);
 OPENSSL_EXPORT int ED25519_sign_with_scalar_and_prefix(

diff --git a/components/brave_wallet/browser/internal/hd_key_ed25519_slip23.cc b/components/brave_wallet/browser/internal/hd_key_ed25519_slip23.cc
@@ -42,13 +42,8 @@ base::span<uint8_t, kSlip23ScalarSize> ClampScalarEd25519Bip32(
   return scalar;
 }
 
-// https://datatracker.ietf.org/doc/html/rfc8032#section-5.1.5
-// requires scalar to follow this requirements 'The lowest 3 bits of the first
-// octet are cleared, the highest bit of the last octet is cleared, and the
-// second highest bit of the last octet is set'.
 bool IsValidEd25519Scalar(base::span<const uint8_t, kSlip23ScalarSize> scalar) {
-  return (scalar[0] & 0b0000'0111) == 0b0000'0000 &&
-         (scalar[31] & 0b1100'0000) == 0b0100'0000;
+  return ED25519_is_scalar_pruned(scalar.data());
 }
 
 std::optional<std::array<uint8_t, 32>> PubkeyFromScalar(
@@ -137,6 +132,7 @@ std::unique_ptr<HDKeyEd25519Slip23> HDKeyEd25519Slip23::DeriveChild(
     span_writer.Write(scalar_);
     span_writer.Write(prefix_);
     span_writer.WriteU32LittleEndian(*raw_index_value);
+    DCHECK_EQ(span_writer.remaining(), 0u);
 
     data[0] = 0x00;
     z_hmac = crypto::hmac::SignSha512(chain_code_, data);
@@ -148,6 +144,7 @@ std::unique_ptr<HDKeyEd25519Slip23> HDKeyEd25519Slip23::DeriveChild(
     span_writer.Skip(1u);
     span_writer.Write(public_key_);
     span_writer.WriteU32LittleEndian(*raw_index_value);
+    DCHECK_EQ(span_writer.remaining(), 0u);
 
     data[0] = 0x02;
     z_hmac = crypto::hmac::SignSha512(chain_code_, data);