HD Key cleanup

[supermassive]

Resolves brave/brave-browser#43110

• Remove support of string HD path. Use utility DerivationIndex instead.
• Move parsing of ImportAccountFromJson payload to separate file.
• Cleanup HDKey interface and implementation(spans, SpanReader/SpanWriter, etc)

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

[darkdh]

shouldn't we also need checked_cast for these?

[supermassive]

We should't CHECK here as this json is coming from user. There is also DeriveKeyScryptNoCheck which intentionally just fails on invalid args.

[darkdh]

but we checked above for iteration which is also from user input

[github-actions]

[puLL-Merge] - brave/brave-core@27118

Description

This PR makes significant changes to the Brave Wallet's key derivation and management system, focusing on improving the HDKey (Hierarchical Deterministic Key) implementation, adding support for JSON keystore parsing, and refactoring various keyring classes for better organization and efficiency.

Changes

Changes

1. components/brave_wallet/browser/internal/hd_key.h and hd_key.cc:

   • Refactored the HDKey class to use fixed-size arrays for key data
   • Introduced a new DerivationIndex class for clearer key derivation paths
   • Removed the GenerateFromV3UTC method and moved its functionality to a separate parser
   • Added methods for getting key identifiers and fingerprints

2. components/brave_wallet/browser/internal/hd_key_common.h and hd_key_common.cc:

   • New files introducing common constants and the DerivationIndex class

3. components/brave_wallet/browser/json_keystore_parser.h and json_keystore_parser.cc:

   • New files for parsing and decrypting JSON keystores

4. Various keyring files (ethereum_keyring.cc, filecoin_keyring.cc, zcash_keyring.cc, etc.):

   • Updated to use the new HDKey and DerivationIndex implementations
   • Refactored to use a common pattern for constructing account root keys

5. Test files:

   • Updated and added new tests to cover the changes in HDKey and JSON keystore parsing

6. components/brave_wallet/browser/keyring_service.cc:

   • Updated to use the new JSON keystore parser

sequenceDiagram
    participant User
    participant KeyringService
    participant JSONKeystoreParser
    participant HDKey
    participant Keyring

    User->>KeyringService: Import account from JSON
    KeyringService->>JSONKeystoreParser: Parse and decrypt keystore
    JSONKeystoreParser-->>KeyringService: Return private key
    KeyringService->>HDKey: Generate from private key
    HDKey-->>KeyringService: Return HDKey
    KeyringService->>Keyring: Import account
    Keyring-->>KeyringService: Return imported account info
    KeyringService-->>User: Return result

Loading

Possible Issues

• The changes to the HDKey class and various keyring implementations might affect existing wallet functionality if not thoroughly tested across all supported cryptocurrencies.
• The removal of GenerateFromV3UTC from HDKey and its replacement with a separate parser could potentially break existing code that relies on this method.

Security Hotspots

1. json_keystore_parser.cc: The implementation of DecryptPrivateKeyFromJsonKeystore handles sensitive data (private keys and passwords). Ensure that all cryptographic operations are performed securely and that no sensitive data is leaked.

2. hd_key.cc: The SetPrivateKey method now uses a fixed-size array. Ensure that this change doesn't introduce any potential buffer overflow vulnerabilities.

3. keyring_service.cc: The ImportAccountFromJson method now uses the new JSON keystore parser. Verify that this change doesn't introduce any new attack vectors for importing malicious keystores.

[github-actions]

_{reported by reviewdog 🐶}
[semgrep] Using reinterpret_cast against some data types may lead to undefined behaviour. In general, when needing to do these conversions, check how Chromium upstream does them. Most of the times a reinterpret_cast is wrong and there's no guarantee the compiler will generate the code that you thought it would.

Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/reinterpret_cast.yaml


Cc @stoletheminerals @thypon @cdesouza-chromium

[cdesouza-chromium]

This doesn't seem correct. What is the type of result->version?

[supermassive]

enum class ExtendedKeyVersion

[darkdh]

can we use base::to_underlying?