add len-prefix to msg hash

Author: augustbleeds

contracts/programs/keystone-forwarder/src/lib.rs

@@ -196,13 +196,24 @@ pub mod keystone_forwarder {
         let signatures: &[u8] = &data[..total_signature_len];
         // raw_report | report context
         let data = &data[total_signature_len..];
-        let hashed_report = hash::hash(data).to_bytes();
+
+        // Build the preimage the same way the OCR keyring does:
+        // SHA256( [u8(len(raw_report))] || raw_report || ctx)
+        let mut preimage = vec![0u8; 1 + data.len()];
+
+        let raw_report_len = data.len() - REPORT_CONTEXT_LEN;
+        // OCR keyring also does not error on overflow
+        let raw_report_len_u8: u8 = raw_report_len as u8;
+
+        preimage[0] = raw_report_len_u8;
+        preimage[1..].copy_from_slice(data);
+
+        let hashed_report = hash::hash(&preimage).to_bytes();
 
         verify_signatures(&hashed_report, signatures, &oracles_config, num_signatures)?;
 
         // slice raw_report from the report context
-        let raw_report_end = data.len() - REPORT_CONTEXT_LEN;
-        let raw_report = &data[..raw_report_end];
+        let raw_report = &data[..raw_report_len];
 
         let transmission_id =
             extract_transmission_id(raw_report, ctx.accounts.receiver_program.key);

contracts/tests/keystone_forwarder.spec.ts

@@ -527,16 +527,6 @@ describe("keystone_storage", function () {
       program.programId
     );
 
-    // const actualState = await program.account.forwarderState.fetch(
-    //   forwarderState.publicKey
-    // );
-
-    // DELETE ME assert.equal(
-    //   actualState.authorityNonce,
-    //   forwarderAuthorityBump,
-    //   "forwarder authority PDA bumps should be equal"
-    // );
-
     // begin initializing the receiver program
 
     await receiverProgram.methods
@@ -582,7 +572,7 @@ describe("keystone_storage", function () {
       Buffer.from([255])
     );
 
-    // metadata length + actual report payload length (todo change)
+    // metadata length + actual report payload length
     const rawReportBytes = Buffer.alloc(109 + forwarderReportBuffer.length);
 
     // version                offset   0, size  1
@@ -613,15 +603,22 @@ describe("keystone_storage", function () {
     rawReportBytes.writeUint8(workflowOwner, 106);
     rawReportBytes.writeUint8(reportId, 108);
 
-    // payload todo (change to the wrapped forwarder report)
-    // rawReportBytes.writeUint8(255, 109);
+    // copies forwarderReportBytes into rawReportBytes
     forwarderReportBuffer.copy(rawReportBytes, 109);
 
     // just keep this zero-ed since we don't use it outside of the hash
     const reportContextBytes = Buffer.alloc(96);
 
+    // the msg to sign includes the prefix of u8(len(rawReportBytes))
+    const rawReportLenU8 = Buffer.alloc(1);
+    rawReportLenU8.writeUint8(rawReportBytes.length & 0xff);
+
+    console.log("raw report length", rawReportBytes.length);
+
     const msgHashToSign = createHash("sha256")
-      .update(Buffer.concat([rawReportBytes, reportContextBytes]))
+      .update(
+        Buffer.concat([rawReportLenU8, rawReportBytes, reportContextBytes])
+      )
       .digest();
 
     const signaturesInfo = signers.map((s) =>

contracts/tests/utils.ts

@@ -424,8 +424,14 @@ export class Forwarder {
     // just keep this zero-ed since we don't use it outside of the hash
     const reportContextBytes = Buffer.alloc(96);
 
+    // the msg to sign includes the prefix of u8(len(rawReportBytes))
+    const rawReportLenU8 = Buffer.alloc(1);
+    rawReportLenU8.writeUint8(rawReportBytes.length & 0xff);
+
     const msgHashToSign = createHash("sha256")
-      .update(Buffer.concat([rawReportBytes, reportContextBytes]))
+      .update(
+        Buffer.concat([rawReportLenU8, rawReportBytes, reportContextBytes])
+      )
       .digest();
 
     const signaturesInfo = reportSigners.map((s) =>