hash the program of the template and perform a integrity check at run…

… time for LSIG_TEMPLATE Signed-off-by: ehanoc <[email protected]>
deanstef · May 20, 2024 · ce69e2c · ce69e2c
1 parent 9da409b
commit ce69e2c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 10 deletions.
diff --git a/assets/arc-0060/arc60wallet.api.spec.ts b/assets/arc-0060/arc60wallet.api.spec.ts
@@ -1,7 +1,6 @@
 import { randomBytes } from "crypto"
 import { Arc60WalletApi, ERROR_DOESNT_MATCH_SCHEMA, ERROR_INVALID_SCOPE, ERROR_UNKNOWN_LSIG, ScopeType, StdSigData } from "./arc60wallet.api"
 import { crypto_sign_verify_detached, ready } from "libsodium-wrappers-sumo"
-import { sha512_256 } from "js-sha512"
 
 describe('Test Suite Name', () => {
 
@@ -186,10 +185,6 @@ describe('Test Suite Name', () => {
                 hash: "866b786c4c36c22a9f2aab6bc51bdbfc81d2a645a5a1839f62b76f626f5fc9fe"
             }
 
-            // sha512_256 lSigRequest hash
-            const lSigRequestHash: string = sha512_256(Buffer.from(JSON.stringify(lSigRequest), 'utf-8'))
-            console.log("lSigRequestHash: ", lSigRequestHash)
-
             const publicKey: Uint8Array = await Arc60WalletApi.getPublicKey(seed)
 
             const signData: StdSigData = {

diff --git a/assets/arc-0060/arc60wallet.api.ts b/assets/arc-0060/arc60wallet.api.ts
@@ -11,7 +11,7 @@ import * as crypto from 'crypto'
 import { readFileSync } from 'fs';
 import path from 'path';
 import Ajv, { JSONSchemaType } from 'ajv';
-import sha512, { sha512_256 } from 'js-sha512'
+import sha512 from 'js-sha512'
 import axios, { AxiosResponse } from 'axios'
 import * as util from 'util'
 
@@ -93,7 +93,7 @@ export class Arc60WalletApi {
      * Known LSIG template hashes. 
      */
     static known_lsigs_template_hashes: string[] = [
-        "e6d0d81db76b663daa0b09281dada1db564898c9f3105efe8bfc7f63ffeaf360"
+        "866b786c4c36c22a9f2aab6bc51bdbfc81d2a645a5a1839f62b76f626f5fc9fe"
     ]
 
     /**
@@ -194,10 +194,8 @@ export class Arc60WalletApi {
                     throw ERROR_UNKNOWN_LSIG;
                 }
 
-                const lsigRequestTemplateHash: string = sha512_256(decodedData)
-
                 // check if hash is one of the known hashes
-                if(!Arc60WalletApi.known_lsigs_template_hashes.includes(lsigRequestTemplateHash)) {
+                if(!Arc60WalletApi.known_lsigs_template_hashes.includes(hexProgramHash)) {
                     throw ERROR_UNKNOWN_LSIG;
                 }