this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: compressed bytes and multicodec+compressed as defaults for PublicKey

This simplifies the API a bit by making "uncompressed" and "legacy
multibase" special cases.

+44 -47
+1 -1
atproto/crypto/examples_test.go
··· 10 10 if err != nil { 11 11 panic("failed to parse did:key") 12 12 } 13 - fmt.Println(pub.DidDocSuite()) 13 + fmt.Println(pub.LegacyDidDocSuite()) 14 14 15 15 // parse existing base64 message and signature to raw bytes 16 16 msg, _ := base64.RawStdEncoding.DecodeString("oWVoZWxsb2V3b3JsZA")
+6 -4
atproto/crypto/interop_fixtures_test.go
··· 7 7 "os" 8 8 "testing" 9 9 10 + "github.com/mr-tron/base58" 10 11 "github.com/stretchr/testify/assert" 11 12 ) 12 13 ··· 62 63 // parse all the fields 63 64 pkDid, err := ParsePublicDidKey(row.PublicKeyDid) 64 65 assert.NoError(err) 65 - pkCompMultibase, err := ParsePublicCompressedMultibase(row.PublicKeyMultibase, kt) 66 + keyBytes, err := base58.Decode(row.PublicKeyMultibase[1:]) 67 + assert.NoError(err) 68 + pkCompMultibase, err := ParsePublicBytes(keyBytes, kt) 66 69 assert.NoError(err) 67 70 msgBytes, err := base64.RawStdEncoding.DecodeString(row.MessageBase64) 68 71 assert.NoError(err) ··· 71 74 72 75 // verify encodings 73 76 assert.Equal(pkDid, pkCompMultibase, "key equality") 74 - assert.Equal(row.DidDocSuite, pkDid.DidDocSuite()) 75 - assert.Equal(row.DidDocSuite, pkCompMultibase.DidDocSuite()) 77 + assert.Equal(row.DidDocSuite, pkDid.LegacyDidDocSuite()) 78 + assert.Equal(row.DidDocSuite, pkCompMultibase.LegacyDidDocSuite()) 76 79 assert.Equal(row.PublicKeyDid, pkDid.DidKey(), "did:key re-encoding") 77 - assert.Equal(row.PublicKeyMultibase, pkCompMultibase.CompressedMultibase(), "multibase re-encoding") 78 80 79 81 // verify signatures 80 82 if row.ValidSignature {
+29 -34
atproto/crypto/keys.go
··· 195 195 } 196 196 } 197 197 198 - // Loads a [PublicKey] of the indicated curve type from raw bytes, as exported by the [PublicKey.CompressedBytes] method. 198 + // Loads a [PublicKey] of the indicated curve type from raw bytes, as exported by the [PublicKey.Bytes] method. This is the "compressed" curve format. 199 199 // 200 200 // Calling code needs to know the key type ahead of time, and must remove any string encoding (hex encoding, base64, etc) before calling this function. 201 - func ParsePublicCompressedBytes(data []byte, kt KeyType) (*PublicKey, error) { 201 + func ParsePublicBytes(data []byte, kt KeyType) (*PublicKey, error) { 202 202 switch kt { 203 203 case P256: 204 204 curve := elliptic.P256() ··· 240 240 } 241 241 } 242 242 243 - // Loads a [PublicKey] of the indicated curve type from raw bytes, as exported by the [PublicKey.CompressedBytes] method. 243 + // Loads a [PublicKey] of the indicated curve type from raw bytes, as exported by the [PublicKey.UncompressedBytes] method. 244 244 // 245 245 // Calling code needs to know the key type ahead of time, and must remove any string encoding (hex encoding, base64, etc) before calling this function. 246 246 func ParsePublicUncompressedBytes(data []byte, kt KeyType) (*PublicKey, error) { ··· 277 277 } 278 278 } 279 279 280 - // Parses a public key in multibase encoding, as would be found in a DID Document `verificationMethod` section. 280 + // Parses a public key in multibase encoding, as would be found in a older DID Document `verificationMethod` section. 281 281 // 282 282 // This implementation does not handle the many possible multibase encodings (eg, base32), only the base58btc encoding that would be found in a DID Document. 283 - func ParsePublicMultibase(encoded string, kt KeyType) (*PublicKey, error) { 283 + func ParsePublicLegacyMultibase(encoded string, kt KeyType) (*PublicKey, error) { 284 284 if len(encoded) < 2 || encoded[0] != 'z' { 285 285 return nil, fmt.Errorf("crypto: not a multibase base58btc string") 286 286 } ··· 291 291 return ParsePublicUncompressedBytes(data, kt) 292 292 } 293 293 294 - // Parses a public key in a variant of multibase encoding, with no key type indicator (unlike did:key), but with key compression (unlike `verificationMethod` in a DID Document). 295 - func ParsePublicCompressedMultibase(encoded string, kt KeyType) (*PublicKey, error) { 294 + // Parses a public key from multibase encoding, with multicodec indicating the key type. 295 + func ParsePublicMultibase(encoded string) (*PublicKey, error) { 296 296 if len(encoded) < 2 || encoded[0] != 'z' { 297 297 return nil, fmt.Errorf("crypto: not a multibase base58btc string") 298 298 } ··· 300 300 if err != nil { 301 301 return nil, fmt.Errorf("crypto: not a multibase base58btc string") 302 302 } 303 - return ParsePublicCompressedBytes(data, kt) 303 + if data[0] == 0x80 && data[1] == 0x24 { 304 + // multicodec p256-pub, code 0x1200, varint-encoded bytes: [0x80, 0x24] 305 + return ParsePublicBytes(data[2:], P256) 306 + } else if data[0] == 0xE7 && data[1] == 0x01 { 307 + // multicodec secp256k1-pub, code 0xE7, varint bytes: [0xE7, 0x01] 308 + return ParsePublicBytes(data[2:], K256) 309 + } else { 310 + return nil, fmt.Errorf("unexpected did:key multicode value") 311 + } 304 312 } 305 313 306 314 // Loads a [PublicKey] from did:key string serialization. ··· 310 318 if !strings.HasPrefix(didKey, "did:key:z") { 311 319 return nil, fmt.Errorf("string is not a DID key: %s", didKey) 312 320 } 313 - mb := strings.TrimPrefix(didKey, "did:key:z") 314 - data, err := base58.Decode(mb) 315 - if err != nil || len(data) < 2 { 316 - return nil, fmt.Errorf("crypto: not a multibase base58btc string") 317 - } 318 - if data[0] == 0x80 && data[1] == 0x24 { 319 - // multicodec p256-pub, code 0x1200, varint-encoded bytes: [0x80, 0x24] 320 - return ParsePublicCompressedBytes(data[2:], P256) 321 - } else if data[0] == 0xE7 && data[1] == 0x01 { 322 - // multicodec secp256k1-pub, code 0xE7, varint bytes: [0xE7, 0x01] 323 - return ParsePublicCompressedBytes(data[2:], K256) 324 - } else { 325 - return nil, fmt.Errorf("unexpected did:key multicode value") 326 - } 321 + mb := strings.TrimPrefix(didKey, "did:key:") 322 + return ParsePublicMultibase(mb) 327 323 } 328 324 329 325 // Serializes the [PublicKey] in to "uncompressed" binary format. ··· 348 344 } 349 345 350 346 // Serializes the [PublicKey] in to "compressed" binary format. 351 - func (k *PublicKey) CompressedBytes() []byte { 347 + func (k *PublicKey) Bytes() []byte { 352 348 switch k.keyType { 353 349 case P256: 354 350 if !k.pubP256.Curve.IsOnCurve(k.pubP256.X, k.pubP256.Y) { ··· 414 410 // - add "z" prefix to indicate encoding 415 411 // - add "did:key:" prefix 416 412 func (k *PublicKey) DidKey() string { 417 - kbytes := k.CompressedBytes() 413 + return "did:key:" + k.Multibase() 414 + } 415 + 416 + // Returns a multibased string encoding of the public key, including a multicodec indicator and compressed curve bytes serialization 417 + func (k *PublicKey) Multibase() string { 418 + kbytes := k.Bytes() 418 419 switch k.keyType { 419 420 case P256: 420 421 // multicodec p256-pub, code 0x1200, varint-encoded bytes: [0x80, 0x24] ··· 425 426 default: 426 427 panic("unexpected crypto KeyType") 427 428 } 428 - return "did:key:z" + base58.Encode(kbytes) 429 + return "z" + base58.Encode(kbytes) 429 430 } 430 431 431 - // Returns multibase string encoding of the public key, as would be included in a DID Document "verificationMethod" section: 432 + // Returns multibase string encoding of the public key, as would be included in an older DID Document "verificationMethod" section: 432 433 // 433 434 // - non-compressed / non-compacted binary representation 434 435 // - encode bytes with base58btc 435 436 // - prefix "z" (lower-case) to indicate encoding 436 - func (k *PublicKey) Multibase() string { 437 + func (k *PublicKey) LegacyMultibase() string { 437 438 kbytes := k.UncompressedBytes() 438 439 return "z" + base58.Encode(kbytes) 439 440 } 440 441 441 - // Variant of Multibase() which outputs compressed key format. 442 - func (k *PublicKey) CompressedMultibase() string { 443 - kbytes := k.CompressedBytes() 444 - return "z" + base58.Encode(kbytes) 445 - } 446 - 447 442 func (k *PublicKey) KeyType() KeyType { 448 443 return k.keyType 449 444 } 450 445 451 446 // Returns the DID cryptographic suite string which would be included in the `type` field of a `verificationMethod`. 452 - func (k *PublicKey) DidDocSuite() string { 447 + func (k *PublicKey) LegacyDidDocSuite() string { 453 448 switch k.keyType { 454 449 case P256: 455 450 return "EcdsaSecp256r1VerificationKey2019"
+8 -8
atproto/crypto/keys_test.go
··· 33 33 // public key encoding 34 34 pub := priv.Public() 35 35 36 - pubCompBytes := pub.CompressedBytes() 37 - pubFromCompBytes, err := ParsePublicCompressedBytes(pubCompBytes, kt) 36 + pubCompBytes := pub.Bytes() 37 + pubFromCompBytes, err := ParsePublicBytes(pubCompBytes, kt) 38 38 assert.NoError(err) 39 39 assert.True(pub.Equal(pubFromCompBytes)) 40 40 ··· 49 49 assert.True(pub.Equal(pubDK)) 50 50 51 51 pubMultibaseString := pub.Multibase() 52 - pubMB, err := ParsePublicMultibase(pubMultibaseString, kt) 52 + pubMB, err := ParsePublicMultibase(pubMultibaseString) 53 53 assert.NoError(err) 54 54 assert.True(pub.Equal(pubMB)) 55 55 56 - pubCompMultibaseString := pub.CompressedMultibase() 57 - pubCMB, err := ParsePublicCompressedMultibase(pubCompMultibaseString, kt) 56 + pubLegacyMultibaseString := pub.LegacyMultibase() 57 + pubLMB, err := ParsePublicLegacyMultibase(pubLegacyMultibaseString, kt) 58 58 assert.NoError(err) 59 - assert.True(pub.Equal(pubCMB)) 59 + assert.True(pub.Equal(pubLMB)) 60 60 61 61 // signature verification 62 62 sig, err := priv.HashAndSign(msg) ··· 113 113 114 114 // P-256 key and signature sizes 115 115 assert.Equal(32, len(privBytes)) 116 - assert.Equal(33, len(pub.CompressedBytes())) 116 + assert.Equal(33, len(pub.Bytes())) 117 117 assert.Equal(65, len(pub.UncompressedBytes())) 118 118 assert.Equal(64, len(sig)) 119 119 } ··· 131 131 132 132 // K-256 key and signature sizes 133 133 assert.Equal(32, len(privBytes)) 134 - assert.Equal(33, len(pub.CompressedBytes())) 134 + assert.Equal(33, len(pub.Bytes())) 135 135 assert.Equal(65, len(pub.UncompressedBytes())) 136 136 assert.Equal(64, len(sig)) 137 137 }