@atproto/identity 0.3.0 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,22 @@
1
1
  # @atproto/identity
2
2
 
3
+ ## 0.3.2
4
+
5
+ ### Patch Changes
6
+
7
+ - Updated dependencies [[`e1b5f253`](https://github.com/bluesky-social/atproto/commit/e1b5f2537a5ba4d8b951a741269b604856028ae5)]:
8
+ - @atproto/crypto@0.3.0
9
+
10
+ ## 0.3.1
11
+
12
+ ### Patch Changes
13
+
14
+ - [#1788](https://github.com/bluesky-social/atproto/pull/1788) [`84e2d4d2`](https://github.com/bluesky-social/atproto/commit/84e2d4d2b6694f344d80c18672c78b650189d423) Thanks [@bnewbold](https://github.com/bnewbold)! - update license to "MIT or Apache2"
15
+
16
+ - Updated dependencies [[`84e2d4d2`](https://github.com/bluesky-social/atproto/commit/84e2d4d2b6694f344d80c18672c78b650189d423)]:
17
+ - @atproto/common-web@0.2.3
18
+ - @atproto/crypto@0.2.3
19
+
3
20
  ## 0.3.0
4
21
 
5
22
  ### Minor Changes
package/LICENSE.txt ADDED
@@ -0,0 +1,7 @@
1
+ Dual MIT/Apache-2.0 License
2
+
3
+ Copyright (c) 2022-2023 Bluesky PBC, and Contributors
4
+
5
+ Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).
6
+
7
+ Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
package/README.md CHANGED
@@ -37,4 +37,9 @@ if (data.handle != handle) {
37
37
 
38
38
  ## License
39
39
 
40
- MIT License
40
+ This project is dual-licensed under MIT and Apache 2.0 terms:
41
+
42
+ - MIT license ([LICENSE-MIT.txt](https://github.com/bluesky-social/atproto/blob/main/LICENSE-MIT.txt) or http://opensource.org/licenses/MIT)
43
+ - Apache License, Version 2.0, ([LICENSE-APACHE.txt](https://github.com/bluesky-social/atproto/blob/main/LICENSE-APACHE.txt) or http://www.apache.org/licenses/LICENSE-2.0)
44
+
45
+ Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
@@ -4,3 +4,4 @@ export { getDid, getHandle, getPdsEndpoint as getPds, getFeedGenEndpoint as getF
4
4
  export declare const getKey: (doc: DidDocument) => string | undefined;
5
5
  export declare const parseToAtprotoDocument: (doc: DidDocument) => Partial<AtprotoData>;
6
6
  export declare const ensureAtpDocument: (doc: DidDocument) => AtprotoData;
7
+ export declare const ensureAtprotoKey: (doc: DidDocument) => string;
package/dist/index.js CHANGED
@@ -21170,6 +21170,7 @@ __export(src_exports3, {
21170
21170
  UnsupportedDidWebPathError: () => UnsupportedDidWebPathError,
21171
21171
  didDocument: () => didDocument,
21172
21172
  ensureAtpDocument: () => ensureAtpDocument,
21173
+ ensureAtprotoKey: () => ensureAtprotoKey,
21173
21174
  getDid: () => getDid,
21174
21175
  getFeedGen: () => getFeedGenEndpoint,
21175
21176
  getHandle: () => getHandle,
@@ -24175,16 +24176,30 @@ var decompressPubkey2 = (compressed) => {
24175
24176
  };
24176
24177
 
24177
24178
  // ../crypto/src/p256/operations.ts
24178
- var verifyDidSig = async (did, data, sig) => {
24179
+ var verifyDidSig = async (did, data, sig, opts) => {
24179
24180
  const { jwtAlg, keyBytes } = parseDidKey(did);
24180
24181
  if (jwtAlg !== P256_JWT_ALG) {
24181
24182
  throw new Error(`Not a P-256 did:key: ${did}`);
24182
24183
  }
24183
- return verifySig(keyBytes, data, sig);
24184
+ return verifySig(keyBytes, data, sig, opts);
24184
24185
  };
24185
- var verifySig = async (publicKey, data, sig) => {
24186
+ var verifySig = async (publicKey, data, sig, opts) => {
24187
+ const allowMalleable = opts?.allowMalleableSig ?? false;
24186
24188
  const msgHash = await sha2562(data);
24187
- return p256.verify(sig, msgHash, publicKey, { lowS: true });
24189
+ if (!allowMalleable && !isCompactFormat(sig)) {
24190
+ return false;
24191
+ }
24192
+ return p256.verify(sig, msgHash, publicKey, {
24193
+ lowS: !allowMalleable
24194
+ });
24195
+ };
24196
+ var isCompactFormat = (sig) => {
24197
+ try {
24198
+ const parsed = p256.Signature.fromCompact(sig);
24199
+ return equals(parsed.toCompactRawBytes(), sig);
24200
+ } catch {
24201
+ return false;
24202
+ }
24188
24203
  };
24189
24204
 
24190
24205
  // ../crypto/src/p256/plugin.ts
@@ -24196,16 +24211,30 @@ var p256Plugin = {
24196
24211
  var plugin_default = p256Plugin;
24197
24212
 
24198
24213
  // ../crypto/src/secp256k1/operations.ts
24199
- var verifyDidSig2 = async (did, data, sig) => {
24214
+ var verifyDidSig2 = async (did, data, sig, opts) => {
24200
24215
  const { jwtAlg, keyBytes } = parseDidKey(did);
24201
24216
  if (jwtAlg !== SECP256K1_JWT_ALG) {
24202
24217
  throw new Error(`Not a secp256k1 did:key: ${did}`);
24203
24218
  }
24204
- return verifySig2(keyBytes, data, sig);
24219
+ return verifySig2(keyBytes, data, sig, opts);
24205
24220
  };
24206
- var verifySig2 = async (publicKey, data, sig) => {
24221
+ var verifySig2 = async (publicKey, data, sig, opts) => {
24222
+ const allowMalleable = opts?.allowMalleableSig ?? false;
24207
24223
  const msgHash = await sha2562(data);
24208
- return secp256k1.verify(sig, msgHash, publicKey, { lowS: true });
24224
+ if (!allowMalleable && !isCompactFormat2(sig)) {
24225
+ return false;
24226
+ }
24227
+ return secp256k1.verify(sig, msgHash, publicKey, {
24228
+ lowS: !allowMalleable
24229
+ });
24230
+ };
24231
+ var isCompactFormat2 = (sig) => {
24232
+ try {
24233
+ const parsed = secp256k1.Signature.fromCompact(sig);
24234
+ return equals(parsed.toCompactRawBytes(), sig);
24235
+ } catch {
24236
+ return false;
24237
+ }
24209
24238
  };
24210
24239
 
24211
24240
  // ../crypto/src/secp256k1/plugin.ts
@@ -24294,13 +24323,13 @@ var multibaseToBytes = (mb) => {
24294
24323
  };
24295
24324
 
24296
24325
  // ../crypto/src/verify.ts
24297
- var verifySignature = (didKey, data, sig) => {
24326
+ var verifySignature = (didKey, data, sig, opts) => {
24298
24327
  const parsed = parseDidKey(didKey);
24299
24328
  const plugin = plugins_default.find((p) => p.jwtAlg === parsed.jwtAlg);
24300
24329
  if (!plugin) {
24301
- throw new Error(`Unsupported signature alg: :${parsed.jwtAlg}`);
24330
+ throw new Error(`Unsupported signature alg: ${parsed.jwtAlg}`);
24302
24331
  }
24303
- return plugin.verifySignature(didKey, data, sig);
24332
+ return plugin.verifySignature(didKey, data, sig, opts);
24304
24333
  };
24305
24334
 
24306
24335
  // ../common-web/src/check.ts
@@ -28097,6 +28126,13 @@ var ensureAtpDocument = (doc) => {
28097
28126
  }
28098
28127
  return { did, signingKey, handle, pds };
28099
28128
  };
28129
+ var ensureAtprotoKey = (doc) => {
28130
+ const { signingKey } = parseToAtprotoDocument(doc);
28131
+ if (!signingKey) {
28132
+ throw new Error(`Could not parse signingKey from doc: ${doc}`);
28133
+ }
28134
+ return signingKey;
28135
+ };
28100
28136
 
28101
28137
  // src/errors.ts
28102
28138
  var DidNotFoundError = class extends Error {
@@ -28188,8 +28224,8 @@ var BaseResolver = class {
28188
28224
  if (did.startsWith("did:key:")) {
28189
28225
  return did;
28190
28226
  } else {
28191
- const data = await this.resolveAtprotoData(did, forceRefresh);
28192
- return data.signingKey;
28227
+ const didDocument2 = await this.ensureResolve(did, forceRefresh);
28228
+ return ensureAtprotoKey(didDocument2);
28193
28229
  }
28194
28230
  }
28195
28231
  async verifySignature(did, data, sig, forceRefresh = false) {
@@ -28434,6 +28470,7 @@ var IdResolver = class {
28434
28470
  UnsupportedDidWebPathError,
28435
28471
  didDocument,
28436
28472
  ensureAtpDocument,
28473
+ ensureAtprotoKey,
28437
28474
  getDid,
28438
28475
  getFeedGen,
28439
28476
  getHandle,