@atproto/crypto 0.4.2 → 0.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/dist/multibase.js +1 -1
- package/dist/multibase.js.map +1 -1
- package/dist/p256/operations.d.ts.map +1 -1
- package/dist/p256/operations.js +1 -5
- package/dist/p256/operations.js.map +1 -1
- package/dist/secp256k1/operations.d.ts.map +1 -1
- package/dist/secp256k1/operations.js +1 -5
- package/dist/secp256k1/operations.js.map +1 -1
- package/package.json +4 -4
- package/src/multibase.ts +1 -1
- package/src/p256/operations.ts +1 -5
- package/src/secp256k1/operations.ts +1 -5
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
# @atproto/crypto
|
|
2
2
|
|
|
3
|
+
## 0.4.3
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- [#3335](https://github.com/bluesky-social/atproto/pull/3335) [`1abfd74ec`](https://github.com/bluesky-social/atproto/commit/1abfd74ec7114e5d8e2411f7a4fa10bdce97e277) Thanks [@dholms](https://github.com/dholms)! - Update noble crypto libraries
|
|
8
|
+
|
|
3
9
|
## 0.4.2
|
|
4
10
|
|
|
5
11
|
### Patch Changes
|
package/dist/multibase.js
CHANGED
|
@@ -69,7 +69,7 @@ const bytesToMultibase = (mb, encoding) => {
|
|
|
69
69
|
case 'base64urlpad':
|
|
70
70
|
return 'U' + uint8arrays.toString(mb, encoding);
|
|
71
71
|
default:
|
|
72
|
-
throw new Error(`Unsupported multibase: :${
|
|
72
|
+
throw new Error(`Unsupported multibase: :${encoding}`);
|
|
73
73
|
}
|
|
74
74
|
};
|
|
75
75
|
exports.bytesToMultibase = bytesToMultibase;
|
package/dist/multibase.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"multibase.js","sourceRoot":"","sources":["../src/multibase.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yDAA0C;AAGnC,MAAM,gBAAgB,GAAG,CAAC,EAAU,EAAc,EAAE;IACzD,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,CAAA;IAClB,MAAM,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IACvB,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QAC9C,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;QACnD,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QAC9C,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;QACnD,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,CAAA;QACjD,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QAC9C,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,CAAA;QACjD,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,cAAc,CAAC,CAAA;QACpD;YACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,EAAE,EAAE,CAAC,CAAA;IACpD,CAAC;AACH,CAAC,CAAA;AAvBY,QAAA,gBAAgB,oBAuB5B;AAEM,MAAM,gBAAgB,GAAG,CAC9B,EAAc,EACd,QAA4B,EACpB,EAAE;IACV,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,QAAQ;YACX,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD,KAAK,aAAa;YAChB,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD,KAAK,QAAQ;YACX,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD,KAAK,aAAa;YAChB,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD,KAAK,WAAW;YACd,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD,KAAK,QAAQ;YACX,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD,KAAK,WAAW;YACd,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD,KAAK,cAAc;YACjB,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD;YACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,
|
|
1
|
+
{"version":3,"file":"multibase.js","sourceRoot":"","sources":["../src/multibase.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yDAA0C;AAGnC,MAAM,gBAAgB,GAAG,CAAC,EAAU,EAAc,EAAE;IACzD,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,CAAA;IAClB,MAAM,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IACvB,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QAC9C,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;QACnD,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QAC9C,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;QACnD,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,CAAA;QACjD,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QAC9C,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,CAAA;QACjD,KAAK,GAAG;YACN,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,cAAc,CAAC,CAAA;QACpD;YACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,EAAE,EAAE,CAAC,CAAA;IACpD,CAAC;AACH,CAAC,CAAA;AAvBY,QAAA,gBAAgB,oBAuB5B;AAEM,MAAM,gBAAgB,GAAG,CAC9B,EAAc,EACd,QAA4B,EACpB,EAAE;IACV,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,QAAQ;YACX,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD,KAAK,aAAa;YAChB,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD,KAAK,QAAQ;YACX,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD,KAAK,aAAa;YAChB,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD,KAAK,WAAW;YACd,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD,KAAK,QAAQ;YACX,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD,KAAK,WAAW;YACd,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD,KAAK,cAAc;YACjB,OAAO,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QACjD;YACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,QAAQ,EAAE,CAAC,CAAA;IAC1D,CAAC;AACH,CAAC,CAAA;AAxBY,QAAA,gBAAgB,oBAwB5B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"operations.d.ts","sourceRoot":"","sources":["../../src/p256/operations.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAGxC,eAAO,MAAM,YAAY,QAClB,MAAM,QACL,UAAU,OACX,UAAU,SACR,aAAa,KACnB,OAAO,CAAC,OAAO,CAOjB,CAAA;AAED,eAAO,MAAM,SAAS,cACT,UAAU,QACf,UAAU,OACX,UAAU,SACR,aAAa,KACnB,OAAO,CAAC,OAAO,
|
|
1
|
+
{"version":3,"file":"operations.d.ts","sourceRoot":"","sources":["../../src/p256/operations.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAGxC,eAAO,MAAM,YAAY,QAClB,MAAM,QACL,UAAU,OACX,UAAU,SACR,aAAa,KACnB,OAAO,CAAC,OAAO,CAOjB,CAAA;AAED,eAAO,MAAM,SAAS,cACT,UAAU,QACf,UAAU,OACX,UAAU,SACR,aAAa,KACnB,OAAO,CAAC,OAAO,CAOjB,CAAA;AAED,eAAO,MAAM,eAAe,QAAS,UAAU,YAO9C,CAAA"}
|
package/dist/p256/operations.js
CHANGED
|
@@ -18,12 +18,8 @@ exports.verifyDidSig = verifyDidSig;
|
|
|
18
18
|
const verifySig = async (publicKey, data, sig, opts) => {
|
|
19
19
|
const allowMalleable = opts?.allowMalleableSig ?? false;
|
|
20
20
|
const msgHash = await (0, sha256_1.sha256)(data);
|
|
21
|
-
// parse as compact sig to prevent signature malleability
|
|
22
|
-
// library supports sigs in 2 different formats: https://github.com/paulmillr/noble-curves/issues/99
|
|
23
|
-
if (!allowMalleable && !(0, exports.isCompactFormat)(sig)) {
|
|
24
|
-
return false;
|
|
25
|
-
}
|
|
26
21
|
return p256_1.p256.verify(sig, msgHash, publicKey, {
|
|
22
|
+
format: allowMalleable ? undefined : 'compact', // prevent DER-encoded signatures
|
|
27
23
|
lowS: !allowMalleable,
|
|
28
24
|
});
|
|
29
25
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"operations.js","sourceRoot":"","sources":["../../src/p256/operations.ts"],"names":[],"mappings":";;;AAAA,6CAAyC;AACzC,iDAA6C;AAC7C,6CAAiD;AAEjD,oCAA0C;AAE1C,oCAA2E;AAEpE,MAAM,YAAY,GAAG,KAAK,EAC/B,GAAW,EACX,IAAgB,EAChB,GAAe,EACf,IAAoB,EACF,EAAE;IACpB,MAAM,aAAa,GAAG,IAAA,4BAAoB,EAAC,IAAA,uBAAe,EAAC,GAAG,CAAC,CAAC,CAAA;IAChE,IAAI,CAAC,IAAA,iBAAS,EAAC,aAAa,EAAE,uBAAe,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,EAAE,CAAC,CAAA;IAChD,CAAC;IACD,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,uBAAe,CAAC,MAAM,CAAC,CAAA;IAC5D,OAAO,IAAA,iBAAS,EAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;AAC7C,CAAC,CAAA;AAZY,QAAA,YAAY,gBAYxB;AAEM,MAAM,SAAS,GAAG,KAAK,EAC5B,SAAqB,EACrB,IAAgB,EAChB,GAAe,EACf,IAAoB,EACF,EAAE;IACpB,MAAM,cAAc,GAAG,IAAI,EAAE,iBAAiB,IAAI,KAAK,CAAA;IACvD,MAAM,OAAO,GAAG,MAAM,IAAA,eAAM,EAAC,IAAI,CAAC,CAAA;IAClC,
|
|
1
|
+
{"version":3,"file":"operations.js","sourceRoot":"","sources":["../../src/p256/operations.ts"],"names":[],"mappings":";;;AAAA,6CAAyC;AACzC,iDAA6C;AAC7C,6CAAiD;AAEjD,oCAA0C;AAE1C,oCAA2E;AAEpE,MAAM,YAAY,GAAG,KAAK,EAC/B,GAAW,EACX,IAAgB,EAChB,GAAe,EACf,IAAoB,EACF,EAAE;IACpB,MAAM,aAAa,GAAG,IAAA,4BAAoB,EAAC,IAAA,uBAAe,EAAC,GAAG,CAAC,CAAC,CAAA;IAChE,IAAI,CAAC,IAAA,iBAAS,EAAC,aAAa,EAAE,uBAAe,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,EAAE,CAAC,CAAA;IAChD,CAAC;IACD,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,uBAAe,CAAC,MAAM,CAAC,CAAA;IAC5D,OAAO,IAAA,iBAAS,EAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;AAC7C,CAAC,CAAA;AAZY,QAAA,YAAY,gBAYxB;AAEM,MAAM,SAAS,GAAG,KAAK,EAC5B,SAAqB,EACrB,IAAgB,EAChB,GAAe,EACf,IAAoB,EACF,EAAE;IACpB,MAAM,cAAc,GAAG,IAAI,EAAE,iBAAiB,IAAI,KAAK,CAAA;IACvD,MAAM,OAAO,GAAG,MAAM,IAAA,eAAM,EAAC,IAAI,CAAC,CAAA;IAClC,OAAO,WAAI,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE;QAC1C,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,EAAE,iCAAiC;QACjF,IAAI,EAAE,CAAC,cAAc;KACtB,CAAC,CAAA;AACJ,CAAC,CAAA;AAZY,QAAA,SAAS,aAYrB;AAEM,MAAM,eAAe,GAAG,CAAC,GAAe,EAAE,EAAE;IACjD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,WAAI,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QAC9C,OAAO,IAAA,oBAAS,EAAC,MAAM,CAAC,iBAAiB,EAAE,EAAE,GAAG,CAAC,CAAA;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC,CAAA;AAPY,QAAA,eAAe,mBAO3B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"operations.d.ts","sourceRoot":"","sources":["../../src/secp256k1/operations.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAGxC,eAAO,MAAM,YAAY,QAClB,MAAM,QACL,UAAU,OACX,UAAU,SACR,aAAa,KACnB,OAAO,CAAC,OAAO,CAOjB,CAAA;AAED,eAAO,MAAM,SAAS,cACT,UAAU,QACf,UAAU,OACX,UAAU,SACR,aAAa,KACnB,OAAO,CAAC,OAAO,
|
|
1
|
+
{"version":3,"file":"operations.d.ts","sourceRoot":"","sources":["../../src/secp256k1/operations.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAGxC,eAAO,MAAM,YAAY,QAClB,MAAM,QACL,UAAU,OACX,UAAU,SACR,aAAa,KACnB,OAAO,CAAC,OAAO,CAOjB,CAAA;AAED,eAAO,MAAM,SAAS,cACT,UAAU,QACf,UAAU,OACX,UAAU,SACR,aAAa,KACnB,OAAO,CAAC,OAAO,CAOjB,CAAA;AAED,eAAO,MAAM,eAAe,QAAS,UAAU,YAO9C,CAAA"}
|
|
@@ -41,12 +41,8 @@ exports.verifyDidSig = verifyDidSig;
|
|
|
41
41
|
const verifySig = async (publicKey, data, sig, opts) => {
|
|
42
42
|
const allowMalleable = opts?.allowMalleableSig ?? false;
|
|
43
43
|
const msgHash = await (0, sha256_1.sha256)(data);
|
|
44
|
-
// parse as compact sig to prevent signature malleability
|
|
45
|
-
// library supports sigs in 2 different formats: https://github.com/paulmillr/noble-curves/issues/99
|
|
46
|
-
if (!allowMalleable && !(0, exports.isCompactFormat)(sig)) {
|
|
47
|
-
return false;
|
|
48
|
-
}
|
|
49
44
|
return secp256k1_1.secp256k1.verify(sig, msgHash, publicKey, {
|
|
45
|
+
format: allowMalleable ? undefined : 'compact', // prevent DER-encoded signatures
|
|
50
46
|
lowS: !allowMalleable,
|
|
51
47
|
});
|
|
52
48
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"operations.js","sourceRoot":"","sources":["../../src/secp256k1/operations.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uDAA2D;AAC3D,iDAA6C;AAC7C,iDAAkC;AAElC,oCAA+C;AAE/C,oCAA2E;AAEpE,MAAM,YAAY,GAAG,KAAK,EAC/B,GAAW,EACX,IAAgB,EAChB,GAAe,EACf,IAAoB,EACF,EAAE;IACpB,MAAM,aAAa,GAAG,IAAA,4BAAoB,EAAC,IAAA,uBAAe,EAAC,GAAG,CAAC,CAAC,CAAA;IAChE,IAAI,CAAC,IAAA,iBAAS,EAAC,aAAa,EAAE,4BAAoB,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,EAAE,CAAC,CAAA;IACpD,CAAC;IACD,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,4BAAoB,CAAC,MAAM,CAAC,CAAA;IACjE,OAAO,IAAA,iBAAS,EAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;AAC7C,CAAC,CAAA;AAZY,QAAA,YAAY,gBAYxB;AAEM,MAAM,SAAS,GAAG,KAAK,EAC5B,SAAqB,EACrB,IAAgB,EAChB,GAAe,EACf,IAAoB,EACF,EAAE;IACpB,MAAM,cAAc,GAAG,IAAI,EAAE,iBAAiB,IAAI,KAAK,CAAA;IACvD,MAAM,OAAO,GAAG,MAAM,IAAA,eAAM,EAAC,IAAI,CAAC,CAAA;IAClC,
|
|
1
|
+
{"version":3,"file":"operations.js","sourceRoot":"","sources":["../../src/secp256k1/operations.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uDAA2D;AAC3D,iDAA6C;AAC7C,iDAAkC;AAElC,oCAA+C;AAE/C,oCAA2E;AAEpE,MAAM,YAAY,GAAG,KAAK,EAC/B,GAAW,EACX,IAAgB,EAChB,GAAe,EACf,IAAoB,EACF,EAAE;IACpB,MAAM,aAAa,GAAG,IAAA,4BAAoB,EAAC,IAAA,uBAAe,EAAC,GAAG,CAAC,CAAC,CAAA;IAChE,IAAI,CAAC,IAAA,iBAAS,EAAC,aAAa,EAAE,4BAAoB,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,EAAE,CAAC,CAAA;IACpD,CAAC;IACD,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,4BAAoB,CAAC,MAAM,CAAC,CAAA;IACjE,OAAO,IAAA,iBAAS,EAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;AAC7C,CAAC,CAAA;AAZY,QAAA,YAAY,gBAYxB;AAEM,MAAM,SAAS,GAAG,KAAK,EAC5B,SAAqB,EACrB,IAAgB,EAChB,GAAe,EACf,IAAoB,EACF,EAAE;IACpB,MAAM,cAAc,GAAG,IAAI,EAAE,iBAAiB,IAAI,KAAK,CAAA;IACvD,MAAM,OAAO,GAAG,MAAM,IAAA,eAAM,EAAC,IAAI,CAAC,CAAA;IAClC,OAAO,qBAAI,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE;QAC1C,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,EAAE,iCAAiC;QACjF,IAAI,EAAE,CAAC,cAAc;KACtB,CAAC,CAAA;AACJ,CAAC,CAAA;AAZY,QAAA,SAAS,aAYrB;AAEM,MAAM,eAAe,GAAG,CAAC,GAAe,EAAE,EAAE;IACjD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,qBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QAC9C,OAAO,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,EAAE,GAAG,CAAC,CAAA;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC,CAAA;AAPY,QAAA,eAAe,mBAO3B"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atproto/crypto",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.3",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"description": "Library for cryptographic keys and signing in atproto",
|
|
6
6
|
"keywords": [
|
|
@@ -16,14 +16,14 @@
|
|
|
16
16
|
"main": "dist/index.js",
|
|
17
17
|
"types": "dist/index.d.ts",
|
|
18
18
|
"dependencies": {
|
|
19
|
-
"@noble/curves": "^1.
|
|
20
|
-
"@noble/hashes": "^1.
|
|
19
|
+
"@noble/curves": "^1.7.0",
|
|
20
|
+
"@noble/hashes": "^1.6.1",
|
|
21
21
|
"uint8arrays": "3.0.0"
|
|
22
22
|
},
|
|
23
23
|
"devDependencies": {
|
|
24
24
|
"jest": "^28.1.2",
|
|
25
25
|
"typescript": "^5.6.3",
|
|
26
|
-
"@atproto/common": "^0.4.
|
|
26
|
+
"@atproto/common": "^0.4.6"
|
|
27
27
|
},
|
|
28
28
|
"scripts": {
|
|
29
29
|
"test": "jest ",
|
package/src/multibase.ts
CHANGED
package/src/p256/operations.ts
CHANGED
|
@@ -28,12 +28,8 @@ export const verifySig = async (
|
|
|
28
28
|
): Promise<boolean> => {
|
|
29
29
|
const allowMalleable = opts?.allowMalleableSig ?? false
|
|
30
30
|
const msgHash = await sha256(data)
|
|
31
|
-
// parse as compact sig to prevent signature malleability
|
|
32
|
-
// library supports sigs in 2 different formats: https://github.com/paulmillr/noble-curves/issues/99
|
|
33
|
-
if (!allowMalleable && !isCompactFormat(sig)) {
|
|
34
|
-
return false
|
|
35
|
-
}
|
|
36
31
|
return p256.verify(sig, msgHash, publicKey, {
|
|
32
|
+
format: allowMalleable ? undefined : 'compact', // prevent DER-encoded signatures
|
|
37
33
|
lowS: !allowMalleable,
|
|
38
34
|
})
|
|
39
35
|
}
|
|
@@ -28,12 +28,8 @@ export const verifySig = async (
|
|
|
28
28
|
): Promise<boolean> => {
|
|
29
29
|
const allowMalleable = opts?.allowMalleableSig ?? false
|
|
30
30
|
const msgHash = await sha256(data)
|
|
31
|
-
// parse as compact sig to prevent signature malleability
|
|
32
|
-
// library supports sigs in 2 different formats: https://github.com/paulmillr/noble-curves/issues/99
|
|
33
|
-
if (!allowMalleable && !isCompactFormat(sig)) {
|
|
34
|
-
return false
|
|
35
|
-
}
|
|
36
31
|
return k256.verify(sig, msgHash, publicKey, {
|
|
32
|
+
format: allowMalleable ? undefined : 'compact', // prevent DER-encoded signatures
|
|
37
33
|
lowS: !allowMalleable,
|
|
38
34
|
})
|
|
39
35
|
}
|