From 2b3e1acbb0b8a9b8e8e09f9809749e3a193a7620 Mon Sep 17 00:00:00 2001
From: AlexeyBarabash <alexey@brave.com>
Date: Thu, 2 Jun 2022 13:32:08 +0300
Subject: [PATCH] Check sync words count to be 24; fixes
 brave/brave-browser#23206

---
 components/brave_sync/crypto/crypto.cc          | 12 ++++++++++++
 components/brave_sync/crypto/crypto_unittest.cc |  2 ++
 2 files changed, 14 insertions(+)

diff --git a/components/brave_sync/crypto/crypto.cc b/components/brave_sync/crypto/crypto.cc
index b60dd0582a3a..4c6268a87225 100644
--- a/components/brave_sync/crypto/crypto.cc
+++ b/components/brave_sync/crypto/crypto.cc
@@ -8,6 +8,7 @@
 #include <cmath>
 
 #include "base/logging.h"
+#include "base/strings/string_split.h"
 #include "brave/vendor/bat-native-tweetnacl/tweetnacl.h"
 #include "brave/vendor/bip39wally-core-native/include/wally_bip39.h"
 #include "crypto/random.h"
@@ -158,6 +159,17 @@ bool PassphraseToBytes32(const std::string& passphrase,
 }
 
 bool IsPassphraseValid(const std::string& passphrase) {
+  // This check is dedicated for old client to reject sync code from new client
+  // which has time limited code (25 words)
+  std::vector<std::string> words = base::SplitString(
+      passphrase, " ", base::WhitespaceHandling::TRIM_WHITESPACE,
+      base::SplitResult::SPLIT_WANT_NONEMPTY);
+  size_t num_words = words.size();
+  static constexpr size_t kPureWordsCount = 24u;
+  if (num_words != kPureWordsCount) {
+    return false;
+  }
+
   std::vector<uint8_t> bytes;
   return PassphraseToBytes32(passphrase, &bytes);
 }
diff --git a/components/brave_sync/crypto/crypto_unittest.cc b/components/brave_sync/crypto/crypto_unittest.cc
index 99a56b3340d7..c20b340a5e35 100644
--- a/components/brave_sync/crypto/crypto_unittest.cc
+++ b/components/brave_sync/crypto/crypto_unittest.cc
@@ -249,6 +249,8 @@ TEST(CryptoTest, Passphrase) {
   EXPECT_FALSE(IsPassphraseValid(""));
   EXPECT_FALSE(IsPassphraseValid(bip_passphrase + " something wrong"));
   EXPECT_FALSE(IsPassphraseValid(bip_invalid_passphrase));
+  // It makes more sense to check against additional word from bip39 list
+  EXPECT_FALSE(IsPassphraseValid(bip_passphrase + " annual"));
 }
 
 }  // namespace crypto