Require domain separation for SignerDecrypter signature payloads using the StandardCapabilityAccount by vreff · Pull Request #1578 · smartcontractkit/chainlink-common

vreff · 2025-10-02T14:29:27Z

This ensures that users of the StandardCapabilityAccount account for the SignerDecrypter component domain separate their payloads using the recommended MakePeerIDSignatureDomainSeparatedPayload helper function from libocr.

Also, bumps libocr.

github-actions · 2025-10-02T14:30:32Z

✅ API Diff Results - No breaking changes

📄 View full apidiff report | 📚 Learn about apidiff

Co-authored-by: Jordan Krage <jmank88@gmail.com>

github-actions

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 2.

Benchmark suite	Current: `3d2884e`	Previous: `60798d1`	Ratio
`BenchmarkKeystore_Sign/nop/in-process`	`731.8` ns/op	`352.2` ns/op	`2.08`

This comment was automatically generated by workflow using github-action-benchmark.

vreff · 2025-10-09T18:11:39Z

@jmank88 interesting to see: #1578 (review).

I guess bytes.hasPrefix is a bit less performant than the manual check. I don't foresee this being a problem for our use case, LMK if there's any reason we should care about the change in signing speed.

jmank88 · 2025-10-09T18:24:12Z

@jmank88 interesting to see: #1578 (review).

I guess bytes.hasPrefix is a bit less performant than the manual check. I don't foresee this being a problem for our use case, LMK if there's any reason we should care about the change in signing speed.

Oh, wasn't that there with the last version too? The internals look equivalent.

vreff · 2025-10-09T18:25:29Z

Oh, wasn't that there with the last version too? The internals look equivalent.

The benchmarks test passed on the commit before the hasPrefix change 🤷

Require domain separation for SignerDecrypter signature payloads

214cae4

vreff had a problem deploying to integration October 2, 2025 14:29 — with GitHub Actions Failure

vreff temporarily deployed to integration October 2, 2025 14:29 — with GitHub Actions Inactive

make more specific

60798d1

vreff had a problem deploying to integration October 8, 2025 21:34 — with GitHub Actions Error

vreff had a problem deploying to integration October 8, 2025 21:34 — with GitHub Actions Failure

vreff changed the title ~~Require domain separation for SignerDecrypter signature payloads~~ Require domain separation for SignerDecrypter signature payloads using the StandardCapabilityAccount Oct 8, 2025

remove redundant comment

8614d32

vreff had a problem deploying to integration October 8, 2025 21:36 — with GitHub Actions Failure

Merge branch 'main' into PRIV-198-domain-sep

d3e8555

vreff had a problem deploying to integration October 8, 2025 21:51 — with GitHub Actions Error

more coverage

4df3f15

vreff temporarily deployed to integration October 8, 2025 21:53 — with GitHub Actions Inactive

vreff had a problem deploying to integration October 8, 2025 21:53 — with GitHub Actions Failure

vreff marked this pull request as ready for review October 8, 2025 22:27

vreff requested a review from a team as a code owner October 8, 2025 22:27

product-security-plaid-production Bot requested a review from patrickhuie19 October 8, 2025 22:28

vreff requested review from cedric-cordenier, jmank88 and nadahalli October 9, 2025 17:40

jmank88 reviewed Oct 9, 2025

View reviewed changes

Comment thread pkg/types/core/keystore.go Outdated

Update pkg/types/core/keystore.go

5b09c13

Co-authored-by: Jordan Krage <jmank88@gmail.com>

vreff had a problem deploying to integration October 9, 2025 17:57 — with GitHub Actions Error

github-actions Bot reviewed Oct 9, 2025

View reviewed changes

Merge branch 'main' into PRIV-198-domain-sep

3d2884e

vreff temporarily deployed to integration October 9, 2025 17:59 — with GitHub Actions Inactive

vreff had a problem deploying to integration October 9, 2025 17:59 — with GitHub Actions Failure

vreff temporarily deployed to integration October 9, 2025 17:59 — with GitHub Actions Inactive

jmank88 approved these changes Oct 9, 2025

View reviewed changes

vreff requested review from DylanTinianov, huangzhen1997, ibrajer, nolag and pavel-raykov October 9, 2025 18:26

nadahalli approved these changes Oct 10, 2025

View reviewed changes

Merge branch 'main' into PRIV-198-domain-sep

8a626a5

vreff temporarily deployed to integration October 14, 2025 13:11 — with GitHub Actions Inactive

vreff had a problem deploying to integration October 14, 2025 13:11 — with GitHub Actions Failure

cedric-cordenier approved these changes Oct 14, 2025

View reviewed changes

cedric-cordenier enabled auto-merge (squash) October 14, 2025 13:20

cedric-cordenier merged commit 5662ca1 into main Oct 14, 2025
23 of 25 checks passed

cedric-cordenier deleted the PRIV-198-domain-sep branch October 14, 2025 13:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Require domain separation for SignerDecrypter signature payloads using the StandardCapabilityAccount#1578

Require domain separation for SignerDecrypter signature payloads using the StandardCapabilityAccount#1578
cedric-cordenier merged 8 commits intomainfrom
PRIV-198-domain-sep

vreff commented Oct 2, 2025 •

edited

Loading

Uh oh!

github-actions Bot commented Oct 2, 2025 •

edited

Loading

Uh oh!

Uh oh!

github-actions Bot left a comment •

edited

Loading

Uh oh!

vreff commented Oct 9, 2025

Uh oh!

jmank88 commented Oct 9, 2025

Uh oh!

vreff commented Oct 9, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

vreff commented Oct 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions Bot commented Oct 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ API Diff Results - No breaking changes

Uh oh!

Uh oh!

github-actions Bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

⚠️ Performance Alert ⚠️

Uh oh!

vreff commented Oct 9, 2025

Uh oh!

jmank88 commented Oct 9, 2025

Uh oh!

vreff commented Oct 9, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

vreff commented Oct 2, 2025 •

edited

Loading

github-actions Bot commented Oct 2, 2025 •

edited

Loading

github-actions Bot left a comment •

edited

Loading