Skip to content

Commit

Permalink
fix(ref-imp): #873 - Allowed only canonically encoded DID suffix to p…
Browse files Browse the repository at this point in the history
…ass hash check
  • Loading branch information
thehenrytsai authored Oct 6, 2020
1 parent b71a6c8 commit a1fbdbf
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 2 deletions.
2 changes: 1 addition & 1 deletion lib/bitcoin/BitcoinClient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -595,7 +595,7 @@ export default class BitcoinClient {
previousFreezeDurationInBlocks: number): Promise<Transaction> {

// tslint:disable-next-line: max-line-length
console.info(`Creating a transaction to return (to the wallet) the preivously frozen amount from transaction with id: ${previousFreezeTransaction.id} which was frozen for block duration: ${previousFreezeDurationInBlocks}`);
console.info(`Creating a transaction to return (to the wallet) the previously frozen amount from transaction with id: ${previousFreezeTransaction.id} which was frozen for block duration: ${previousFreezeDurationInBlocks}`);

return this.createSpendTransactionFromFrozenTransaction(
previousFreezeTransaction,
Expand Down
6 changes: 5 additions & 1 deletion lib/core/versions/latest/Multihash.ts
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,11 @@ export default class Multihash {

const actualMultihashBuffer = Multihash.hash(content, hashAlgorithmCode);

return Buffer.compare(actualMultihashBuffer, expectedMultihashBuffer) === 0;
// Compare the strings instead of buffers, because encoding schemes such as base64URL can allow two distinct strings to decode into the same buffer.
// e.g. 'EiAJID5-y7rbEs7I3PPiMtwVf28LTkPFD4BWIZPCtb6AMg' and
// 'EiAJID5-y7rbEs7I3PPiMtwVf28LTkPFD4BWIZPCtb6AMv' would decode into the same buffer.
const actualMultihashString = Encoder.encode(actualMultihashBuffer);
return actualMultihashString === encodedMultihash;
} catch (error) {
console.log(error);
return false;
Expand Down
17 changes: 17 additions & 0 deletions tests/core/Multihash.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,23 @@ describe('Multihash', async () => {

expect(validHash).toBeFalsy();
});

it('should return false if given encoded multihash is not using the canonical encoding.', async () => {
const anyContent = Buffer.from('any content');

// Canonical encoded multihash of 'any content' is 'EiDDidVHVekuMIYV3HI5nfp8KP6s3_W44Pd-MO5b-XK5iQ'
const defaultContentEncodedMultihash = 'EiDDidVHVekuMIYV3HI5nfp8KP6s3_W44Pd-MO5b-XK5iQ';
const modifiedContentEncodedMultihash = 'EiDDidVHVekuMIYV3HI5nfp8KP6s3_W44Pd-MO5b-XK5iR';

// Two multihash strings decodes into the same buffer.
expect(Encoder.decodeAsBuffer(defaultContentEncodedMultihash)).toEqual(Encoder.decodeAsBuffer(modifiedContentEncodedMultihash));

const validHashCheckResult = (Multihash as any).verify(anyContent, defaultContentEncodedMultihash);
const invalidHashCheckResult = (Multihash as any).verify(anyContent, modifiedContentEncodedMultihash);

expect(validHashCheckResult).toBeTruthy();
expect(invalidHashCheckResult).toBeFalsy();
});
});

describe('verifyDoubleHash()', async () => {
Expand Down

0 comments on commit a1fbdbf

Please sign in to comment.