Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Payloads MUST be hashed using a cryptographic hash function #168

Open
nplasterer opened this issue Sep 27, 2023 · 0 comments
Open

Payloads MUST be hashed using a cryptographic hash function #168

nplasterer opened this issue Sep 27, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@nplasterer
Copy link
Contributor

You should not be able to sign non hashed payloads

  • payloads MUST be hashed using a cryptographic hash function as part of the ECDSA spec.
    • Some Crypto library API's, expected hashed strings so that implementors can choose which hash function to use in their cryptosystem
  • Allowing developers to misuse hash functions in our library is dangerous, and not inline with defensible code practices.
    • XMTP sdks should only expose functions which expect raw strings
    • XMTPv2 uses two different hashing functions, so explicit functions should be created to ensure that developers never invoke sign on unhashed data

In particular this function https://github.com/xmtp/xmtp-ios/blob/main/Sources/XMTP/Messages/PrivateKey.swift#L33-L41 needs to explicitly disallow being called without a hashed payload.

@nplasterer nplasterer added the bug Something isn't working label Sep 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant