PolicyTypeHash validation requires size check

SiaFoundation / core

Core packages for the Sia project

MIT License

51 stars 7 forks source link

PolicyTypeHash validation requires size check #206

Open Alrighttt opened 3 hours ago

Alrighttt commented 3 hours ago

https://github.com/SiaFoundation/core/blob/0f61e58ab7ea932da7e9f710c592d595406356c6/types/policy.go#L155

An additional check on the size of the preimage must be performed in this case.

I recommend checking that the preimage is 32 bytes. Technically you can support preimages less than 32 bytes, but there is no practical use for this.

See: https://gist.github.com/markblundeberg/7a932c98179de2190049f5823907c016

Alrighttt commented 2 hours ago

Exact size check of length(preimage) == 32 is recommended, but if it will support a variable size, the size must be configurable.

ie,

type PolicyTypeHash struct {
    Len  uint16
    Hash Hash256
}

lukechampine commented 1 hour ago

Is 32 the recommended length because, in practice, these preimages are always 32-byte randomly-generated secrets? (Is there any atomic swap protocol that uses a different length secret?)

I suppose there's little point in making in variable-size, since you can always hash the preimage twice -- that is, you can always hash a preimage to get an exactly-32-byte preimage for use with PolicyTypeHash.