Payloads MUST be hashed using a cryptographic hash function
nplasterer opened this issue · comments
You should not be able to sign non hashed payloads
payloads MUST be hashed using a cryptographic hash function as part of the ECDSA spec.
Some Crypto library API's, expected hashed strings so that implementors can choose which hash function to use in their cryptosystem
Allowing developers to misuse hash functions in our library is dangerous, and not inline with defensible code practices.
XMTP sdks should only expose functions which expect raw strings
XMTPv2 uses two different hashing functions, so explicit functions should be created to ensure that developers never invoke sign on unhashed data
In particular this function https://github.com/xmtp/xmtp-js/blob/main/src/crypto/PrivateKey.ts#L73-L85 needs to explicitly disallow being called without a hashed payload.