futur.blue
+6
kleidos/kleidos.ml
+6
kleidos/kleidos.ml
···
29
29
30
30
val normalize_pubkey_to_raw : bytes -> bytes
31
31
32
+
val low_s_normalize_signature : bytes -> bytes
33
+
32
34
val sign : privkey:bytes -> msg:bytes -> bytes
33
35
34
36
val verify : pubkey:bytes -> msg:bytes -> signature:bytes -> bool
···
73
75
failwith "invalid compressed key" )
74
76
| len ->
75
77
failwith ("invalid key length: " ^ string_of_int len)
78
+
79
+
let low_s_normalize_signature = Low_s.normalize_k256
76
80
77
81
let sign ~privkey ~msg : bytes =
78
82
let hashed = SHA2_256.hash msg in
···
141
145
failwith "invalid compressed key" )
142
146
| len ->
143
147
failwith ("invalid key length: " ^ string_of_int len)
148
+
149
+
let low_s_normalize_signature = Low_s.normalize_p256
144
150
145
151
let sign ~privkey ~msg : bytes =
146
152
let hashed = SHA2_256.hash msg in
+11
-10
pegasus/lib/oauth/dpop.ml
+11
-10
pegasus/lib/oauth/dpop.ml
···
122
122
let x = x |> Jwt.b64_decode |> Bytes.of_string in
123
123
let y = y |> Jwt.b64_decode |> Bytes.of_string in
124
124
let pubkey = Bytes.cat (Bytes.of_string "\x04") (Bytes.cat x y) in
125
-
let pubkey =
126
-
( pubkey
127
-
, match crv with
128
-
| "secp256k1" ->
129
-
(module Kleidos.K256 : Kleidos.CURVE)
130
-
| "P-256" ->
131
-
(module Kleidos.P256 : Kleidos.CURVE)
132
-
| _ ->
133
-
failwith "unsupported algorithm" )
134
-
in
135
125
let sig_bytes = Jwt.b64_decode sig_b64 |> Bytes.of_string in
136
126
let r = Bytes.sub sig_bytes 0 32 in
137
127
let s = Bytes.sub sig_bytes 32 32 in
138
128
let signature = Bytes.cat r s in
129
+
let pubkey, signature =
130
+
match crv with
131
+
| "secp256k1" ->
132
+
( (pubkey, (module Kleidos.K256 : Kleidos.CURVE))
133
+
, Kleidos.K256.low_s_normalize_signature signature )
134
+
| "P-256" ->
135
+
( (pubkey, (module Kleidos.P256 : Kleidos.CURVE))
136
+
, Kleidos.P256.low_s_normalize_signature signature )
137
+
| _ ->
138
+
failwith "unsupported algorithm"
139
+
in
139
140
Kleidos.verify ~pubkey ~msg ~signature
140
141
| _ ->
141
142
false