Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure all signatures returned by beforeSign hooks are valid #25

Draft
wants to merge 1 commit into
base: v0.3.x
Choose a base branch
from

Conversation

aaroncox
Copy link
Member

This can be disabled with the validatePluginSignatures option, it is enabled by default to ensure that multiple mutations in the beforeSign hooks don't invalidate any signatures they may create.

Copy link
Member Author

@aaroncox aaroncox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To spark a discussion on these changes before I implement them - this change is intended to catch situations where multiple plugins implement beforeSign hooks that mutate and sign the transaction.

Given a Session with 2x plugins, both which mutate and sign:

  • Plugin 1 mutates and prepends an action, then signs. The transaction has X+1 actions.
  • Plugin 2 mutates and prepends an action, then signs. The transaction has X+2 actions now.

The signature from Plugin 1 is now invalid, since Plugin 2 mutated the transaction.

@@ -62,6 +63,7 @@ export interface SessionOptions {
permissionLevel: PermissionLevelType | string
transactPlugins?: AbstractTransactPlugin[]
transactPluginsOptions?: TransactPluginsOptions
validatePluginSignatures?: boolean
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add an option to turn on and off this functionality.

@@ -198,6 +204,7 @@ export class Session {
// Create response template to this transact call
const result: TransactResult = {
chain: this.chain,
keys: [],
Copy link
Member Author

@aaroncox aaroncox Jan 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Store an array of all the public keys used to sign the request to provide in the response and for use during signature validation after the beforeSign hooks complete.

})

// Merge newly discovered keys into the TransactResult.
result.keys = [...result.keys, ...recoveredKeys]
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When signatures are returned by beforeSign hooks, recover the public key from the signature using the current digest of the transaction.

}
}

// Validate all the signatures returned by the plugins against the current request
if (willValidatePluginSignatures) {
this.validateBeforeSignSignatures(context, request, result)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once the transaction is finalized (after all beforeSign hooks), and before the wallet signs the transaction, validate all of the signatures provided against the transaction the user is about to sign.

This will throw an error if any of the signatures provided by the plugins are invalid (since the transaction would fail upon broadcast anyways).

)
}
})
}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This method takes the current request and all public keys recovered from the signatures provided by the beforeSign hooks. It recovers the digest from the transaction, and then for each signature, ensures that the signature is valid for the digest and the key recovered from the current digest/signature combo matches what was originally used.

This can be disabled with the `validatePluginSignatures` option, it is enabled by default to ensure that multiple mutations in the `beforeSign` hooks don't invalidate any signatures they may create.
@aaroncox aaroncox changed the base branch from v0.2.x to v0.3.x February 17, 2023 07:50
@aaroncox aaroncox marked this pull request as draft July 31, 2023 17:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Icebox
Development

Successfully merging this pull request may close these issues.

1 participant