Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some wallet refactorings #27325

Merged
merged 2 commits into from
Jan 24, 2025
Merged

Some wallet refactorings #27325

merged 2 commits into from
Jan 24, 2025
+780 −864

Conversation

supermassive
Copy link
Collaborator

@supermassive supermassive commented Jan 23, 2025
edited
Loading

Resolves brave/brave-browser#43451

Submitter Checklist:

  • I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally:
    • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
    • npm run presubmit wiki, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

@supermassive supermassive requested a review from a team as a code owner January 23, 2025 11:27
@github-actions GitHub Actions
Copy link
Contributor

[puLL-Merge] - brave/brave-core@27325

Here's my review of the PR:

Description

This PR refactors Bitcoin-related code in Brave Wallet to improve code organization and security. The main changes include:

  1. Moving BIP39 mnemonic functionality into its own module
  2. Improving cryptographic hashing operations
  3. Cleaning up error handling and removing redundant logging
  4. Fixing potential security issues around buffer handling and signature verification
  5. Improving type safety for cryptographic operations

Security Hotspots

  1. SignCompact method in HDKey now enforces type safety for message and signature sizes through fixed-size spans, reducing risk of buffer overflow
  2. F4 jumble implementation validates lengths and uses safe buffer operations
  3. Secure hash operations now use size-specific types to prevent misuse
Changes

Changes

By filename:

components/brave_wallet/browser/bip39.{cc,h}:

  • Added new module for BIP39 mnemonic functionality
  • Implements mnemonic generation, validation and seed derivation

components/brave_wallet/browser/eth_transaction.{cc,h}:

  • Fixed message signing to properly handle chain IDs
  • Improved byte buffer safety

components/brave_wallet/browser/internal/hd_key.{cc,h}:

  • Added type safety for cryptographic operations
  • Fixed potential buffer overflows in signing methods

components/brave_wallet/common/hash_utils.{cc,h}:

  • Centralized cryptographic hashing operations
  • Added Blake2b implementation with proper validation
  • Improved buffer handling for hash operations
sequenceDiagram
    participant Wallet
    participant BIP39
    participant HDKey 
    participant HashUtils

    Wallet->>BIP39: GenerateMnemonic()
    BIP39->>HashUtils: ComputeHash()
    HashUtils-->>BIP39: hash
    BIP39-->>Wallet: mnemonic

    Wallet->>BIP39: MnemonicToSeed()
    BIP39->>HashUtils: PBKDF2()
    HashUtils-->>BIP39: seed
    BIP39-->>Wallet: seed

    Wallet->>HDKey: SignMessage()
    HDKey->>HashUtils: Blake2b/Keccak
    HashUtils-->>HDKey: hash
    HDKey-->>Wallet: signature
Loading

@supermassive supermassive requested a review from a team as a code owner January 23, 2025 11:36
cypt4
cypt4 reviewed Jan 23, 2025
View reviewed changes
components/brave_wallet/common/hash_utils.cc Outdated
.Finalize(result.data());

return result;
}

std::vector<uint8_t> Blake2bHash(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this be reused in the ZCashSerializer too?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will do!

cypt4
cypt4 reviewed Jan 23, 2025
View reviewed changes
components/brave_wallet/browser/fil_transaction.cc
@@ -78,7 +79,11 @@ std::optional<FilTransaction> FilTransaction::FromTxData(

auto address = FilAddress::FromAddress(tx_data->to);
if (address.IsEmpty()) {
address = FilAddress::FromFEVMAddress(is_mainnet, tx_data->to);
auto eth_address = EthAddress::FromHex(tx_data->to);
if (!eth_address.IsValid()) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are there plans to get rid of IsValid methods and use expected\optionl instead?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's something I wanted to do but would be too much for this PR

cypt4
cypt4 approved these changes Jan 23, 2025
View reviewed changes
Copy link
Collaborator

@cypt4 cypt4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

++

@supermassive supermassive merged commit dc0144c into master Jan 24, 2025
20 checks passed
@supermassive supermassive deleted the wallet_refactor branch January 24, 2025 02:19
@github-actions github-actions bot added this to the 1.76.x - Nightly milestone Jan 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cypt4 cypt4 cypt4 approved these changes

@iefremov iefremov iefremov approved these changes

Assignees

@supermassive supermassive

@thypon thypon

@stoletheminerals stoletheminerals

@cdesouza-chromium cdesouza-chromium

Labels
feature/web3/wallet/core feature/web3/wallet puLL-Merge
Projects
None yet
Milestone
1.76.x - Nightly
Development

Successfully merging this pull request may close these issues.

Wallet refactoring
6 participants
@supermassive @iefremov @cypt4 @thypon @stoletheminerals @cdesouza-chromium