xmtp / xmtp-js

XMTP client SDKs for JavaScript applications.

Home Page:https://xmtp.org/docs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Payloads MUST be hashed using a cryptographic hash function

nplasterer opened this issue · comments

You should not be able to sign non hashed payloads

payloads MUST be hashed using a cryptographic hash function as part of the ECDSA spec.
Some Crypto library API's, expected hashed strings so that implementors can choose which hash function to use in their cryptosystem
Allowing developers to misuse hash functions in our library is dangerous, and not inline with defensible code practices.
XMTP sdks should only expose functions which expect raw strings
XMTPv2 uses two different hashing functions, so explicit functions should be created to ensure that developers never invoke sign on unhashed data
In particular this function https://github.com/xmtp/xmtp-js/blob/main/src/crypto/PrivateKey.ts#L73-L85 needs to explicitly disallow being called without a hashed payload.