Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Identity] Remove double encoding username signature payload #4646

Merged

Conversation

georgepisaltu
Copy link
Contributor

In order to receive a username in pallet-identity, users have to, among other things, provide a signature of the desired username. Right now, there is an extra encoding step when generating the payload to sign.

Encoding a Vec adds extra bytes related to the length, which changes the payload. This is unnecessary and confusing as users expect the payload to sign to be just the username bytes. This PR fixes this issue by validating the signature directly against the username bytes.

@georgepisaltu georgepisaltu added the T2-pallets This PR/Issue is related to a particular pallet. label May 30, 2024
@georgepisaltu georgepisaltu self-assigned this May 30, 2024
@georgepisaltu georgepisaltu requested a review from a team as a code owner May 30, 2024 08:46
Signed-off-by: georgepisaltu <[email protected]>
Signed-off-by: georgepisaltu <[email protected]>
Signed-off-by: georgepisaltu <[email protected]>
Signed-off-by: georgepisaltu <[email protected]>
@paritytech-cicd-pr
Copy link

The CI pipeline was cancelled due to failure one of the required jobs.
Job name: cargo-clippy
Logs: https://gitlab.parity.io/parity/mirrors/polkadot-sdk/-/jobs/6348621

Signed-off-by: georgepisaltu <[email protected]>

crates:
- name: pallet-identity
bump: minor
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this breaking the Identity::set_username_for() call? The API is not changed per-se, but IIUC the caller has to provide a "different" signature now.

Suggested change
bump: minor
bump: major

Copy link
Contributor Author

@georgepisaltu georgepisaltu May 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The API is the same and the caller has to construct the payload to be signed differently, but at the same time:

  • this is a bug and the payload to be signed should have never had the leading length bytes
  • this username feature is relatively new and unused (hence why nobody complained about the bug)

Given that the actual code is backwards compatible, I didn't mark it as a major change, but because of the behavior change it's not a patch either, so I went with minor. Do you still think it should be marked as a major change? I still have to update the toml version anyway.

Copy link
Contributor

@acatangiu acatangiu May 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a bug and the payload to be signed should have never had the leading length bytes

Was it working before? If yes, then I see it as a breaking/major change.
Like you correctly say, at the API definition code contract level, it is "backward compatible", but in reality it isn't (any existing tool/lib/UI will continue to "work" but provide incorrect signatures).

If it was not working before because of this bug, and now it does, it can even be a patch fix.

this username feature is relatively new and unused (hence why nobody complained about the bug)

I'm glad we caught this early, that means nobody will complain about the potential major change.

@georgepisaltu georgepisaltu added this pull request to the merge queue Jun 4, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jun 4, 2024
@georgepisaltu georgepisaltu enabled auto-merge June 5, 2024 07:10
@georgepisaltu georgepisaltu added this pull request to the merge queue Jun 5, 2024
Merged via the queue into paritytech:master with commit 3977f38 Jun 5, 2024
156 of 157 checks passed
@georgepisaltu georgepisaltu deleted the fix-identity-double-encoding branch June 5, 2024 08:04
georgepisaltu added a commit that referenced this pull request Jun 5, 2024
In order to receive a username in `pallet-identity`, users have to,
among other things, provide a signature of the desired username. Right
now, there is an [extra encoding
step](https://github.com/paritytech/polkadot-sdk/blob/4ab078d6754147ce731523292dd1882f8a7b5775/substrate/frame/identity/src/lib.rs#L1119)
when generating the payload to sign.

Encoding a `Vec` adds extra bytes related to the length, which changes
the payload. This is unnecessary and confusing as users expect the
payload to sign to be just the username bytes. This PR fixes this issue
by validating the signature directly against the username bytes.

---------

Signed-off-by: georgepisaltu <[email protected]>
hitchhooker pushed a commit to ibp-network/polkadot-sdk that referenced this pull request Jun 5, 2024
…ech#4646)

In order to receive a username in `pallet-identity`, users have to,
among other things, provide a signature of the desired username. Right
now, there is an [extra encoding
step](https://github.com/paritytech/polkadot-sdk/blob/4ab078d6754147ce731523292dd1882f8a7b5775/substrate/frame/identity/src/lib.rs#L1119)
when generating the payload to sign.

Encoding a `Vec` adds extra bytes related to the length, which changes
the payload. This is unnecessary and confusing as users expect the
payload to sign to be just the username bytes. This PR fixes this issue
by validating the signature directly against the username bytes.

---------

Signed-off-by: georgepisaltu <[email protected]>
TarekkMA pushed a commit to moonbeam-foundation/polkadot-sdk that referenced this pull request Aug 2, 2024
…ech#4646)

In order to receive a username in `pallet-identity`, users have to,
among other things, provide a signature of the desired username. Right
now, there is an [extra encoding
step](https://github.com/paritytech/polkadot-sdk/blob/4ab078d6754147ce731523292dd1882f8a7b5775/substrate/frame/identity/src/lib.rs#L1119)
when generating the payload to sign.

Encoding a `Vec` adds extra bytes related to the length, which changes
the payload. This is unnecessary and confusing as users expect the
payload to sign to be just the username bytes. This PR fixes this issue
by validating the signature directly against the username bytes.

---------

Signed-off-by: georgepisaltu <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
T2-pallets This PR/Issue is related to a particular pallet.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants