oppi.li / indigo-ci
porting all github actions from bluesky-social/indigo to tangled CI
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: add lenient versions for JWT parsing

bnewbold.net 0209e5d7 3d844cde

+44
+20
atproto/crypto/k256.go
··· 36 36 RejectMalleable: true, 37 37 } 38 38 39 + var k256LenientOptions = &secp256k1secec.ECDSAOptions{ 40 + // Used to *verify* digest, not to re-hash 41 + Hash: crypto.SHA256, 42 + // Use `[R | S]` encoding. 43 + Encoding: secp256k1secec.EncodingCompact, 44 + // Allows (eg, for JWT validation) 45 + RejectMalleable: false, 46 + } 47 + 39 48 // Creates a secure new cryptographic key from scratch, with the indicated curve type. 40 49 func GeneratePrivateKeyK256() (*PrivateKeyK256, error) { 41 50 key, err := secp256k1secec.GenerateKey() ··· 182 191 func (k *PublicKeyK256) HashAndVerify(content, sig []byte) error { 183 192 hash := sha256.Sum256(content) 184 193 if !k.pubK256.Verify(hash[:], sig, k256Options) { 194 + return ErrInvalidSignature 195 + } 196 + return nil 197 + } 198 + 199 + // Same as HashAndVerify(), only does not require "low-S" signature. 200 + // 201 + // Used for, eg, JWT validation. 202 + func (k *PublicKeyK256) HashAndVerifyLenient(content, sig []byte) error { 203 + hash := sha256.Sum256(content) 204 + if !k.pubK256.Verify(hash[:], sig, k256LenientOptions) { 185 205 return ErrInvalidSignature 186 206 } 187 207 return nil
+3
atproto/crypto/keys.go
··· 43 43 // Hashes the raw bytes using SHA-256, then verifies the signature of the digest bytes. 44 44 HashAndVerify(content, sig []byte) error 45 45 46 + // Same as HashAndVerify(), only does not require "low-S" signature. Used for, eg, JWT validation. 47 + HashAndVerifyLenient(content, sig []byte) error 48 + 46 49 // String serialization of the key bytes using common parameters: 47 50 // compressed byte serialization; multicode varint code prefix; base58btc 48 51 // string encoding ("z" prefix)
+21
atproto/crypto/p256.go
··· 226 226 return nil 227 227 } 228 228 229 + // Same as HashAndVerify(), only does not require "low-S" signature. 230 + // 231 + // Used for, eg, JWT validation. 232 + func (k *PublicKeyP256) HashAndVerifyLenient(content, sig []byte) error { 233 + hash := sha256.Sum256(content) 234 + // parseP256Sig 235 + if len(sig) != 64 { 236 + return fmt.Errorf("crypto: P-256 signatures must be 64 bytes, got len=%d", len(sig)) 237 + } 238 + r := big.NewInt(0) 239 + s := big.NewInt(0) 240 + r.SetBytes(sig[:32]) 241 + s.SetBytes(sig[32:]) 242 + 243 + if !ecdsa.Verify(&k.pubP256, hash[:], r, s) { 244 + return ErrInvalidSignature 245 + } 246 + 247 + return nil 248 + } 249 + 229 250 // Multibase string encoding of the public key, including a multicodec indicator and compressed curve bytes serialization 230 251 func (k *PublicKeyP256) Multibase() string { 231 252 kbytes := k.Bytes()