@atproto/aws 0.1.3 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,22 @@
1
1
  # @atproto/aws
2
2
 
3
+ ## 0.1.5
4
+
5
+ ### Patch Changes
6
+
7
+ - Updated dependencies [[`e1b5f253`](https://github.com/bluesky-social/atproto/commit/e1b5f2537a5ba4d8b951a741269b604856028ae5)]:
8
+ - @atproto/crypto@0.3.0
9
+ - @atproto/repo@0.3.5
10
+
11
+ ## 0.1.4
12
+
13
+ ### Patch Changes
14
+
15
+ - Updated dependencies [[`84e2d4d2`](https://github.com/bluesky-social/atproto/commit/84e2d4d2b6694f344d80c18672c78b650189d423)]:
16
+ - @atproto/common@0.3.3
17
+ - @atproto/crypto@0.2.3
18
+ - @atproto/repo@0.3.4
19
+
3
20
  ## 0.1.3
4
21
 
5
22
  ### Patch Changes
package/LICENSE.txt ADDED
@@ -0,0 +1,7 @@
1
+ Dual MIT/Apache-2.0 License
2
+
3
+ Copyright (c) 2022-2023 Bluesky PBC, and Contributors
4
+
5
+ Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).
6
+
7
+ Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
package/dist/index.js CHANGED
@@ -138552,16 +138552,30 @@ var decompressPubkey2 = (compressed) => {
138552
138552
  };
138553
138553
 
138554
138554
  // ../crypto/src/p256/operations.ts
138555
- var verifyDidSig = async (did2, data, sig) => {
138555
+ var verifyDidSig = async (did2, data, sig, opts) => {
138556
138556
  const { jwtAlg, keyBytes } = parseDidKey(did2);
138557
138557
  if (jwtAlg !== P256_JWT_ALG) {
138558
138558
  throw new Error(`Not a P-256 did:key: ${did2}`);
138559
138559
  }
138560
- return verifySig(keyBytes, data, sig);
138560
+ return verifySig(keyBytes, data, sig, opts);
138561
138561
  };
138562
- var verifySig = async (publicKey, data, sig) => {
138562
+ var verifySig = async (publicKey, data, sig, opts) => {
138563
+ const allowMalleable = opts?.allowMalleableSig ?? false;
138563
138564
  const msgHash = await sha256(data);
138564
- return p256.verify(sig, msgHash, publicKey, { lowS: true });
138565
+ if (!allowMalleable && !isCompactFormat(sig)) {
138566
+ return false;
138567
+ }
138568
+ return p256.verify(sig, msgHash, publicKey, {
138569
+ lowS: !allowMalleable
138570
+ });
138571
+ };
138572
+ var isCompactFormat = (sig) => {
138573
+ try {
138574
+ const parsed = p256.Signature.fromCompact(sig);
138575
+ return equals(parsed.toCompactRawBytes(), sig);
138576
+ } catch {
138577
+ return false;
138578
+ }
138565
138579
  };
138566
138580
 
138567
138581
  // ../crypto/src/p256/plugin.ts
@@ -138573,16 +138587,30 @@ var p256Plugin = {
138573
138587
  var plugin_default = p256Plugin;
138574
138588
 
138575
138589
  // ../crypto/src/secp256k1/operations.ts
138576
- var verifyDidSig2 = async (did2, data, sig) => {
138590
+ var verifyDidSig2 = async (did2, data, sig, opts) => {
138577
138591
  const { jwtAlg, keyBytes } = parseDidKey(did2);
138578
138592
  if (jwtAlg !== SECP256K1_JWT_ALG) {
138579
138593
  throw new Error(`Not a secp256k1 did:key: ${did2}`);
138580
138594
  }
138581
- return verifySig2(keyBytes, data, sig);
138595
+ return verifySig2(keyBytes, data, sig, opts);
138582
138596
  };
138583
- var verifySig2 = async (publicKey, data, sig) => {
138597
+ var verifySig2 = async (publicKey, data, sig, opts) => {
138598
+ const allowMalleable = opts?.allowMalleableSig ?? false;
138584
138599
  const msgHash = await sha256(data);
138585
- return secp256k1.verify(sig, msgHash, publicKey, { lowS: true });
138600
+ if (!allowMalleable && !isCompactFormat2(sig)) {
138601
+ return false;
138602
+ }
138603
+ return secp256k1.verify(sig, msgHash, publicKey, {
138604
+ lowS: !allowMalleable
138605
+ });
138606
+ };
138607
+ var isCompactFormat2 = (sig) => {
138608
+ try {
138609
+ const parsed = secp256k1.Signature.fromCompact(sig);
138610
+ return equals(parsed.toCompactRawBytes(), sig);
138611
+ } catch {
138612
+ return false;
138613
+ }
138586
138614
  };
138587
138615
 
138588
138616
  // ../crypto/src/secp256k1/plugin.ts