Skip to content

Dropped 3rd-party dependencies #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Dropped 3rd-party dependencies #26

wants to merge 1 commit into from

Conversation

@chipp
Copy link
Contributor

@chipp chipp commented Oct 17, 2025
edited
Loading

  1. replaced swift-crypto with embedded CryptoKit
  2. removed BigInt since we can drop last byte of hash manually :)
  3. replaced CryptoSwift with original C implementation of SHA3_256 from XKCP

SeanROlszewski
SeanROlszewski reviewed Oct 27, 2025
View reviewed changes
Sources/IDKit/KeccakHasher.swift
Digest(bytes: Self.computeDigest(for: buffer))
}

private static func computeDigest(for message: [UInt8]) -> [UInt8] {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you write this code or get it from elsewhere? I'm concerned that the only bounds checking here leads to an unconditional program termination.

If we get a message that doesn't fit into the buffer (either due to an accident or something malicious), I don't think we should always crash the client process in production. I think it's probably better to abort the computation and signal something anomalous happened, and let the clients determine what to do.

SeanROlszewski
SeanROlszewski requested changes Oct 27, 2025
View reviewed changes
Copy link
Contributor

@SeanROlszewski SeanROlszewski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SeanROlszewski SeanROlszewski SeanROlszewski requested changes

@m1guelpf m1guelpf Awaiting requested review from m1guelpf m1guelpf is a code owner

@decentralgabe decentralgabe Awaiting requested review from decentralgabe decentralgabe is a code owner

@andy-t-wang andy-t-wang Awaiting requested review from andy-t-wang andy-t-wang is a code owner

@sideround sideround Awaiting requested review from sideround sideround is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chipp @SeanROlszewski