refactor(add 61284 sig check): verify msg vs pub key

ensure payload integrity
input-output-hk · Apr 30, 2024 · c6aa019 · c6aa019
1 parent 6bb69d3
commit c6aa019
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/catalyst-gateway/bin/src/cardano/cip36_registration/mod.rs b/catalyst-gateway/bin/src/cardano/cip36_registration/mod.rs
@@ -154,9 +154,10 @@ impl Cip36Metadata {
         };
 
         if let Some(raw_61284) = raw_61284 {
-            let _ = validate_signature(raw_61284, registration.clone(), signature).map_err(|err| {
-                errors_report.push(format!("{err}"));
-            });
+            let _ =
+                validate_signature(&raw_61284, registration.clone(), signature).map_err(|err| {
+                    errors_report.push(format!("{err}"));
+                });
         }
 
         Some(Self {
@@ -173,7 +174,7 @@ impl Cip36Metadata {
 ///  - blake2b-256 hashing those bytes
 ///  - signing the hash with the private key used to generate the stake key
 pub fn validate_signature(
-    raw_61284: Vec<u8>, registration: Option<Registration>, signature: Option<Signature>,
+    raw_61284: &[u8], registration: Option<Registration>, signature: Option<Signature>,
 ) -> anyhow::Result<()> {
     let hash_bytes = hash(&raw_61284);
 

diff --git a/catalyst-gateway/bin/src/cardano/util.rs b/catalyst-gateway/bin/src/cardano/util.rs
@@ -19,6 +19,7 @@ pub type StakeCredentialHash = String;
 /// Correct stake credential key in hex
 pub type StakeCredentialKey = String;
 
+/// Hash size
 pub(crate) const BLAKE_2B_256_HASH_SIZE: usize = 256 / 8;
 
 /// Helper function to generate the `blake2b_256` hash of a byte slice