Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce transaction domain tag #184

Merged
merged 6 commits into from
May 11, 2021
Merged

Introduce transaction domain tag #184

merged 6 commits into from
May 11, 2021

Conversation

janezpodhostnik
Copy link
Contributor

@janezpodhostnik janezpodhostnik commented Apr 13, 2021
edited by psiemens
Loading

Closes: #61

Description

Added the transaction domain tag before signing the transaction. The transaction domain tag can be changed, but it has to be changed by all signing parties (if the tx is encoded/decoded when passed from one signer to another signer).

For contributor use:

  • Targeted PR against master branch
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
  • Code follows the standards mentioned here.
  • Updated relevant documentation
  • Re-reviewed Files changed in the Github PR explorer
  • Added appropriate labels

@janezpodhostnik janezpodhostnik self-assigned this Apr 13, 2021
turbolent
turbolent reviewed Apr 13, 2021
View reviewed changes
transaction.go Outdated Show resolved Hide resolved
@turbolent turbolent requested a review from tarakby April 13, 2021 20:41
@turbolent
Copy link
Member

@tarakby can you please have a look here?

tarakby
tarakby reviewed Apr 13, 2021
View reviewed changes
transaction.go Outdated Show resolved Hide resolved
transaction.go Outdated Show resolved Hide resolved
transaction.go
sig, err := signer.Sign(t.EnvelopeMessage())
message := t.EnvelopeMessage()
message = append(t.TransactionDomainTag, message...)
sig, err := signer.Sign(message)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment doesn't belong to the code above:
Does the SDK also implement verifications for the payload and envelope signatures? If yes, then the tag needs to be prepended to the message in those functions as well.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, the Go SDK doesn't have any transaction signature verification functionality.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @peter!
Do you know if there is a flow-go issue to mirror this SDK change in the verifications on the FVM side ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tarakby this is the change in flow-go onflow/flow-go#606

tarakby
tarakby approved these changes Apr 15, 2021
View reviewed changes
Copy link
Contributor

@tarakby tarakby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🏄‍♂️

psiemens
psiemens reviewed Apr 15, 2021
View reviewed changes
Copy link
Contributor

@psiemens psiemens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

client/convert/protobuf.go Outdated Show resolved Hide resolved
transaction.go
sig, err := signer.Sign(t.EnvelopeMessage())
message := t.EnvelopeMessage()
message = append(t.TransactionDomainTag, message...)
sig, err := signer.Sign(message)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, the Go SDK doesn't have any transaction signature verification functionality.

@janezpodhostnik janezpodhostnik force-pushed the janez/transaction-domain-tag branch from c5e431e to 05031d5 Compare April 15, 2021 16:24
@janezpodhostnik janezpodhostnik mentioned this pull request May 10, 2021
Merged
turbolent
turbolent approved these changes May 11, 2021
View reviewed changes
Copy link
Member

@turbolent turbolent left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@janezpodhostnik janezpodhostnik merged commit 3f3f5fe into master May 11, 2021
@janezpodhostnik janezpodhostnik deleted the janez/transaction-domain-tag branch May 11, 2021 18:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@psiemens psiemens psiemens left review comments

@tarakby tarakby tarakby approved these changes

@turbolent turbolent turbolent approved these changes

@devbugging devbugging Awaiting requested review from devbugging

Assignees

@janezpodhostnik janezpodhostnik

Labels
Feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Include domain tag when signing transactions
4 participants
@janezpodhostnik @turbolent @psiemens @tarakby