chore(crypto,legacy,core): add comments about prefixes

[no changelog]

core/src/apps/bitcoin/get_public_key.py

@@ -70,6 +70,7 @@ async def get_public_key(
         raise wire.DataError("Invalid combination of coin and script_type")
 
     pubkey = node.public_key()
+    # For curve25519 and ed25519, the public key has the prefix 0x00, as specified by SLIP-10. However, since this prefix is non-standard, it may be removed in the future.
     node_type = HDNodeType(
         depth=node.depth(),
         child_num=node.child_num(),

core/src/apps/misc/get_ecdh_session_key.py

@@ -55,6 +55,7 @@ async def get_ecdh_session_key(msg: GetECDHSessionKey) -> ECDHSessionKey:
 
         if peer_public_key[0] != 0x40:
             raise DataError("Curve25519 public key should start with 0x40")
+        # The prefix 0x04 doesn't make sense here, and may be changed or removed in the future
         session_key = b"\x04" + curve25519.multiply(
             node.private_key(), peer_public_key[1:]
         )
@@ -62,4 +63,5 @@ async def get_ecdh_session_key(msg: GetECDHSessionKey) -> ECDHSessionKey:
         raise DataError("Unsupported curve for ECDH: " + curve_name)
     # END ecdh
 
+    # For curve25519, the public key has the prefix 0x00, as specified by SLIP-10. However, since this prefix is non-standard, it may be removed in the future.
     return ECDHSessionKey(session_key=session_key, public_key=node.public_key())

core/src/apps/misc/sign_identity.py

@@ -61,6 +61,7 @@ async def sign_identity(msg: SignIdentity) -> SignedIdentity:
         curve_name,
     )
 
+    # For ed25519, the public key has the prefix 0x00, as specified by SLIP-10. However, since this prefix is non-standard, it may be removed in the future.
     return SignedIdentity(address=address, public_key=pubkey, signature=signature)
 
 

crypto/bip32.c

@@ -701,6 +701,8 @@ int hdnode_get_shared_key(const HDNode *node, const uint8_t *peer_public_key,
     *result_size = 65;
     return 0;
   } else if (node->curve == &curve25519_info) {
+    // The prefix 0x04 doesn't make sense here, and may be changed or removed in
+    // the future
     session_key[0] = 0x04;
     if (peer_public_key[0] != 0x40) {
       return 1;  // Curve25519 public key should start with 0x40 byte.

legacy/firmware/fsm_msg_coin.h

@@ -75,6 +75,9 @@ void fsm_msgGetPublicKey(const GetPublicKey *msg) {
   memcpy(resp->node.chain_code.bytes, node->chain_code, 32);
   resp->node.has_private_key = false;
   resp->node.public_key.size = 33;
+  // For curve25519 and ed25519, the public key has the prefix 0x00, as
+  // specified by SLIP-10. However, since this prefix is non-standard, it may be
+  // removed in the future.
   memcpy(resp->node.public_key.bytes, node->public_key, 33);
 
   if (coin->xpub_magic && (script_type == InputScriptType_SPENDADDRESS ||

legacy/firmware/fsm_msg_crypto.h

@@ -160,6 +160,9 @@ void fsm_msgSignIdentity(const SignIdentity *msg) {
       }
     }
     resp->public_key.size = 33;
+    // For ed25519, the public key has the prefix 0x00, as specified by SLIP-10.
+    // However, since this prefix is non-standard, it may be removed in the
+    // future.
     memcpy(resp->public_key.bytes, node->public_key, 33);
     resp->signature.size = 65;
     msg_write(MessageType_MessageType_SignedIdentity, resp);
@@ -220,6 +223,9 @@ void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg) {
       layoutHome();
       return;
     }
+    // For curve25519, the public key has the prefix 0x00, as specified by
+    // SLIP-10. However, since this prefix is non-standard, it may be removed in
+    // the future.
     memcpy(resp->public_key.bytes, node->public_key, 33);
     resp->public_key.size = 33;
     resp->has_public_key = true;