From ca7175650e25f6ec0bcff47251e43e761d6c0be3 Mon Sep 17 00:00:00 2001
From: Jay Geng <jay@stellar.org>
Date: Mon, 15 Apr 2024 19:32:36 -0400
Subject: [PATCH] Make `Hash` not construct-able

---
 soroban-sdk/src/crypto.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/soroban-sdk/src/crypto.rs b/soroban-sdk/src/crypto.rs
index 6a56bfce..12d0dfe8 100644
--- a/soroban-sdk/src/crypto.rs
+++ b/soroban-sdk/src/crypto.rs
@@ -8,11 +8,17 @@ use crate::{
 /// A wrapper type for a cryptographic hash.
 ///
 /// This struct is designed to be used in contexts where a hash value generated
-/// by a secure cryptographic function is required.
+/// by a secure cryptographic function is required.  It can only be constructed
+/// via secure manners, i.e. output from a secure hash function, or received
+/// from the host (e.g. via `CustomAccountInterface`)
 pub struct Hash<const N: usize>(BytesN<N>);
 
 impl<const N: usize> Hash<N> {
     /// Constructs a new `Hash` from a fixed-length bytes array.
+    ///
+    /// This is intended for test-only, since `Hash` type is only meant to be
+    /// constructed via secure manners.
+    #[cfg(test)]
     pub fn from_bytes(bytes: BytesN<N>) -> Self {
         Self(bytes)
     }