Check certificate before passing to wasm #374
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#360) * use testThis in testThese to unify criteria and fix the pipeline that was missing some tests due to testThese finishing the process with code 0 * fmt * remove problematic process.exit
* Add `K256` as alias of `ECDSA_CAIT_SITH` sig type (#356) * add comment pointing to repo --------- Co-authored-by: Massimo Cairo <[email protected]>
* implement new interface to unify session authentication in client * fix eth pkp wallet creation unit test * update test to use global config * add test group to CI * change encryption test to also validate getting session sigs from cache * remove process termination order included on testThese that was avoiding other tests to run * Add `K256` as alias of `ECDSA_CAIT_SITH` sig type (#356) * fix rpc constant used in testing * add empty resourceAbilityRequests to test * fix and clean test using new session cache interface to sign using PKPEthersWallet * fix encryption test * remove old test * staging * chore: update readme * v? * use throwError function * remove unnnecessary sessionKeys as they are obtained from cache afterwards * move authContext validation to function that validates the PKP auth context * backwards compatibility to avoid a breaking change * fmt * fmt * fix siwe import --------- Co-authored-by: Massimo Cairo <[email protected]> Co-authored-by: Ansonhkg <[email protected]>
* remove 3rd party libs * fix: revert back to fix react * it works * cherry picks 735438f 3b0422f * readme * resolve conflicts --------- Signed-off-by: Anson <[email protected]>
|
|
Ansonhkg
deleted the
fix/check-cert-outside-wasm-before-passing-it-in
branch
Ansonhkg
added a commit
that referenced
this pull request
Feb 22, 2024
* init patch * Feature/lit 2545 js sdk fix cosmjscrypto (#381) * fix: should add dependencies to related packages * fix: include cosmos dependencies * fix: correct version * fix: correct version * Check certificate before passing to wasm (#374) * init release * feat: fix contracts-sdk (#359) * use testThis in testThese to unify criteria and fix the pipeline that… (#360) * use testThis in testThese to unify criteria and fix the pipeline that was missing some tests due to testThese finishing the process with code 0 * fmt * remove problematic process.exit * Add `K256` as alias of `ECDSA_CAIT_SITH` sig type * add CI run on PRs targeting staging branches (#361) * add comment pointing to repo (#362) * Add `K256` as alias of `ECDSA_CAIT_SITH` sig type (#356) * add comment pointing to repo --------- Co-authored-by: Massimo Cairo <[email protected]> * prettied * feature/lit-2511-js-sdk-review-remove-lit-siwe (#373) * implement new interface to unify session authentication in client (#358) * implement new interface to unify session authentication in client * fix eth pkp wallet creation unit test * update test to use global config * add test group to CI * change encryption test to also validate getting session sigs from cache * remove process termination order included on testThese that was avoiding other tests to run * Add `K256` as alias of `ECDSA_CAIT_SITH` sig type (#356) * fix rpc constant used in testing * add empty resourceAbilityRequests to test * fix and clean test using new session cache interface to sign using PKPEthersWallet * fix encryption test * remove old test * staging * chore: update readme * v? * use throwError function * remove unnnecessary sessionKeys as they are obtained from cache afterwards * move authContext validation to function that validates the PKP auth context * backwards compatibility to avoid a breaking change * fmt * fmt * fix siwe import --------- Co-authored-by: Massimo Cairo <[email protected]> Co-authored-by: Ansonhkg <[email protected]> * remove vanilla js builds (#372) * Feature/lit 2494 js sdk get rid of lit third party libs (#371) * remove 3rd party libs * fix: revert back to fix react * it works * cherry picks 735438f 3b0422f * readme * resolve conflicts --------- Signed-off-by: Anson <[email protected]> * fix: build issues * Check certificate before passing to wasm --------- Signed-off-by: Anson <[email protected]> Co-authored-by: Ansonhkg <[email protected]> Co-authored-by: Federico Amura <[email protected]> Co-authored-by: Massimo Cairo <[email protected]> * fix: add blockhash to react demo app (#379) --------- Signed-off-by: Anson <[email protected]> Co-authored-by: Chris Cassano <[email protected]> Co-authored-by: Federico Amura <[email protected]> Co-authored-by: Massimo Cairo <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When the VCEK certificate retrieval fails, the wasm breaks. This is breaking out of a surrounding try / catch on AWS lambda.
This PR checks the VCEK certificate before passing it to wasm. The hope is that, if the cert retrieval fails, we just return a JS error, and the error doesn't come from the WASM.
I picked 256 as the minimum certificate size because it seems reasonable. They are typically 1300 bytes so if it's less than 256 it's probably just an error message or something.
I have no idea if this works because I can't reproduce the bug - the certificates always retrieve properly for me. But this is an attempt at a fix.