From 736847d3de174e59c65b25f4d8aeb82df23eea8b Mon Sep 17 00:00:00 2001 From: Aaron Craelius Date: Fri, 29 Jan 2021 12:08:04 -0500 Subject: [PATCH] Add SignDocTextual for proto JSON signing --- proto/cosmos/tx/v1beta1/tx.proto | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/proto/cosmos/tx/v1beta1/tx.proto b/proto/cosmos/tx/v1beta1/tx.proto index 2b02874cc1..80e7998810 100644 --- a/proto/cosmos/tx/v1beta1/tx.proto +++ b/proto/cosmos/tx/v1beta1/tx.proto @@ -63,6 +63,33 @@ message SignDoc { uint64 account_number = 4; } +// SignDocTextual is the type used for generating sign bytes for SIGN_MODE_TEXTUAL. It is designed to be serialized +// as proto3 JSON following the rules defined Here: https://github.com/regen-network/canonical-proto3/blob/master/README.md#json. +message SignDocTextual { + // body is the processable content of the transaction + TxBody body = 1; + + // auth_info is the authorization related content of the transaction, + // specifically signers, signer modes and fee + AuthInfo auth_info = 2; + + // chain_id is the unique identifier of the chain this transaction targets. + // It prevents signed transactions from being used on another chain by an + // attacker + string chain_id = 3; + + // account_number is the account number of the account in state + uint64 account_number = 4; + + // sign_doc_sha256_hash is the SHA-256 hash of SignDoc. It is included here to reduce the malleability attack + // surface of SIGN_MODE_TEXTUAL vs SIGN_MODE_DIRECT to zero. Basically this means that any discrepancy between + // protobuf bytes over the wire and protobuf bytes that are signed cannot be exploited. This information is obviously + // redundant with information already in SignDocTextual, but is included as a security check for scenarios where this + // information may have inadvertently been excluded. We include the hash of SignDoc rather than the full SignDoc bytes + // to reduce the size of SignDocTextual for scenarios where large payloads could cause problems for hardware wallets. + bytes sign_doc_sha256_hash = 5; +} + // TxBody is the body of a transaction that all signers sign over. message TxBody { // messages is a list of messages to be executed. The required signers of