+2 -2

atproto/auth/http_test.go

reviewed

··· 6 6 "testing" 7 7 "time" 8 8 9 9 - "github.com/bluesky-social/indigo/atproto/crypto" 9 9 + "github.com/bluesky-social/indigo/atproto/atcrypto" 10 10 "github.com/bluesky-social/indigo/atproto/identity" 11 11 "github.com/bluesky-social/indigo/atproto/syntax" 12 12 ··· 78 78 aud := "did:example:aud#svc" 79 79 lxm := syntax.NSID("com.example.api") 80 80 81 81 - priv, err := crypto.GeneratePrivateKeyP256() 81 81 + priv, err := atcrypto.GeneratePrivateKeyP256() 82 82 require.NoError(err) 83 83 pub, err := priv.PublicKey() 84 84 require.NoError(err)

+5 -5

atproto/auth/jwt.go

reviewed

··· 9 9 "log/slog" 10 10 "time" 11 11 12 12 - "github.com/bluesky-social/indigo/atproto/crypto" 12 12 + "github.com/bluesky-social/indigo/atproto/atcrypto" 13 13 "github.com/bluesky-social/indigo/atproto/identity" 14 14 "github.com/bluesky-social/indigo/atproto/syntax" 15 15 ··· 122 122 return base64.RawURLEncoding.EncodeToString(buf) 123 123 } 124 124 125 125 - func SignServiceAuth(iss syntax.DID, aud string, ttl time.Duration, lexMethod *syntax.NSID, priv crypto.PrivateKey) (string, error) { 125 125 + func SignServiceAuth(iss syntax.DID, aud string, ttl time.Duration, lexMethod *syntax.NSID, priv atcrypto.PrivateKey) (string, error) { 126 126 claims := serviceAuthClaims{ 127 127 RegisteredClaims: jwt.RegisteredClaims{ 128 128 ExpiresAt: jwt.NewNumericDate(time.Now().Add(ttl)), ··· 138 138 139 139 var sm *signingMethodAtproto 140 140 141 141 - // NOTE: could also have a crypto.PrivateKey.Alg() method which returns a string 141 141 + // NOTE: could also have a atcrypto.PrivateKey.Alg() method which returns a string 142 142 switch priv.(type) { 143 143 - case *crypto.PrivateKeyP256: 143 143 + case *atcrypto.PrivateKeyP256: 144 144 sm = signingMethodES256 145 145 - case *crypto.PrivateKeyK256: 145 145 + case *atcrypto.PrivateKeyK256: 146 146 sm = signingMethodES256K 147 147 default: 148 148 return "", fmt.Errorf("unknown signing key type: %T", priv)

+2 -2

atproto/auth/jwt_signing.go

reviewed

··· 3 3 import ( 4 4 "crypto" 5 5 6 6 - atcrypto "github.com/bluesky-social/indigo/atproto/crypto" 6 6 + "github.com/bluesky-social/indigo/atproto/atcrypto" 7 7 "github.com/golang-jwt/jwt/v5" 8 8 ) 9 9 ··· 13 13 supportedAlgs []string 14 14 ) 15 15 16 16 - // Implementation of jwt.SigningMethod for the `atproto/crypto` types. 16 16 + // Implementation of jwt.SigningMethod for the `atproto/atcrypto` types. 17 17 type signingMethodAtproto struct { 18 18 alg string 19 19 hash crypto.Hash

+7 -7

atproto/auth/jwt_test.go

reviewed

··· 6 6 "testing" 7 7 "time" 8 8 9 9 - "github.com/bluesky-social/indigo/atproto/crypto" 9 9 + "github.com/bluesky-social/indigo/atproto/atcrypto" 10 10 "github.com/bluesky-social/indigo/atproto/identity" 11 11 "github.com/bluesky-social/indigo/atproto/syntax" 12 12 ··· 19 19 return time.Date(2024, 1, 1, 0, 0, 0, 0, time.UTC) 20 20 } 21 21 22 22 - func validateMinimal(token string, iss, aud string, pub crypto.PublicKey) error { 22 22 + func validateMinimal(token string, iss, aud string, pub atcrypto.PublicKey) error { 23 23 24 24 p := jwt.NewParser( 25 25 jwt.WithValidMethods(supportedAlgs), ··· 71 71 72 72 for _, fix := range jwtTestFixtures { 73 73 74 74 - pubk, err := crypto.ParsePublicDIDKey(fix.pubkey) 74 74 + pubk, err := atcrypto.ParsePublicDIDKey(fix.pubkey) 75 75 if err != nil { 76 76 t.Fatal(err) 77 77 } ··· 80 80 } 81 81 } 82 82 83 83 - func testSigningValidation(t *testing.T, priv crypto.PrivateKey) { 83 83 + func testSigningValidation(t *testing.T, priv atcrypto.PrivateKey) { 84 84 assert := assert.New(t) 85 85 ctx := context.Background() 86 86 ··· 88 88 aud := "did:example:aud#svc" 89 89 lxm := syntax.NSID("com.example.api") 90 90 91 91 - priv, err := crypto.GeneratePrivateKeyP256() 91 91 + priv, err := atcrypto.GeneratePrivateKeyP256() 92 92 if err != nil { 93 93 t.Fatal(err) 94 94 } ··· 140 140 } 141 141 142 142 func TestP256SigningValidation(t *testing.T) { 143 143 - priv, err := crypto.GeneratePrivateKeyP256() 143 143 + priv, err := atcrypto.GeneratePrivateKeyP256() 144 144 if err != nil { 145 145 t.Fatal(err) 146 146 } ··· 148 148 } 149 149 150 150 func TestK256SigningValidation(t *testing.T) { 151 151 - priv, err := crypto.GeneratePrivateKeyK256() 151 151 + priv, err := atcrypto.GeneratePrivateKeyK256() 152 152 if err != nil { 153 153 t.Fatal(err) 154 154 }

+2 -2

atproto/auth/oauth/cmd/oauth-web-demo/main.go

reviewed

··· 12 12 13 13 _ "github.com/joho/godotenv/autoload" 14 14 15 15 + "github.com/bluesky-social/indigo/atproto/atcrypto" 15 16 "github.com/bluesky-social/indigo/atproto/auth/oauth" 16 16 - "github.com/bluesky-social/indigo/atproto/crypto" 17 17 "github.com/bluesky-social/indigo/atproto/identity" 18 18 "github.com/bluesky-social/indigo/atproto/syntax" 19 19 ··· 101 101 102 102 // If a client secret key is provided (as a multibase string), turn this in to a confidential client 103 103 if cctx.String("client-secret-key") != "" && hostname != "" { 104 104 - priv, err := crypto.ParsePrivateMultibase(cctx.String("client-secret-key")) 104 104 + priv, err := atcrypto.ParsePrivateMultibase(cctx.String("client-secret-key")) 105 105 if err != nil { 106 106 return err 107 107 }

+2 -2

atproto/auth/oauth/jwt_signing.go

reviewed

··· 4 4 "crypto" 5 5 "fmt" 6 6 7 7 - atcrypto "github.com/bluesky-social/indigo/atproto/crypto" 7 7 + "github.com/bluesky-social/indigo/atproto/atcrypto" 8 8 "github.com/golang-jwt/jwt/v5" 9 9 ) 10 10 ··· 15 15 supportedAlgs []string 16 16 ) 17 17 18 18 - // Implementation of jwt.SigningMethod for the `atproto/crypto` types. 18 18 + // Implementation of jwt.SigningMethod for the `atproto/atcrypto` types. 19 19 type signingMethodAtproto struct { 20 20 alg string 21 21 hash crypto.Hash

+11 -11

atproto/auth/oauth/oauth.go

reviewed

··· 11 11 "strings" 12 12 "time" 13 13 14 14 - "github.com/bluesky-social/indigo/atproto/crypto" 14 14 + "github.com/bluesky-social/indigo/atproto/atcrypto" 15 15 "github.com/bluesky-social/indigo/atproto/identity" 16 16 "github.com/bluesky-social/indigo/atproto/syntax" 17 17 ··· 43 43 UserAgent string 44 44 45 45 // For confidential clients, the private client assertion key. Note that while an interface is used here, only P-256 is allowed by the current specification. 46 46 - PrivateKey crypto.PrivateKey 46 46 + PrivateKey atcrypto.PrivateKey 47 47 48 48 // ID for current client assertion key (should be provided if PrivateKey is) 49 49 KeyID *string ··· 112 112 return config.PrivateKey != nil && config.KeyID != nil 113 113 } 114 114 115 115 - func (config *ClientConfig) SetClientSecret(priv crypto.PrivateKey, keyID string) error { 115 115 + func (config *ClientConfig) SetClientSecret(priv atcrypto.PrivateKey, keyID string) error { 116 116 switch priv.(type) { 117 117 - case *crypto.PrivateKeyP256: 117 117 + case *atcrypto.PrivateKeyP256: 118 118 // pass 119 119 - case *crypto.PrivateKeyK256: 119 119 + case *atcrypto.PrivateKeyK256: 120 120 return fmt.Errorf("only P-256 (ES256) private keys supported for atproto OAuth") 121 121 default: 122 122 return fmt.Errorf("unknown private key type: %T", priv) ··· 131 131 // If the client does not have any keys (eg, public client), returns an empty set. 132 132 func (config *ClientConfig) PublicJWKS() JWKS { 133 133 134 134 - jwks := JWKS{Keys: []crypto.JWK{}} 134 134 + jwks := JWKS{Keys: []atcrypto.JWK{}} 135 135 136 136 // public client with no keys 137 137 if config.PrivateKey == nil || config.KeyID == nil { ··· 148 148 } 149 149 jwk.KeyID = config.KeyID 150 150 151 151 - jwks.Keys = []crypto.JWK{*jwk} 151 151 + jwks.Keys = []atcrypto.JWK{*jwk} 152 152 return jwks 153 153 } 154 154 ··· 209 209 } 210 210 211 211 // TODO: refactor this in to ClientAuthStore layer? 212 212 - priv, err := crypto.ParsePrivateMultibase(sd.DPoPPrivateKeyMultibase) 212 212 + priv, err := atcrypto.ParsePrivateMultibase(sd.DPoPPrivateKeyMultibase) 213 213 if err != nil { 214 214 return nil, err 215 215 } ··· 264 264 // Creates a DPoP token (JWT) for use with an OAuth Auth Server (not to be used with Resource Server). The returned JWT is not bound to an Access Token (no 'ath'), and does not indicate an issuer ('iss'). 265 265 // 266 266 // This is used during initial auth request (PAR), initial token request, and subsequent refresh token requests. Note that a full [ClientSession] is not available in several of these circumstances, so this is a stand-alone function. 267 267 - func NewAuthDPoP(httpMethod, url, dpopNonce string, privKey crypto.PrivateKey) (string, error) { 267 267 + func NewAuthDPoP(httpMethod, url, dpopNonce string, privKey atcrypto.PrivateKey) (string, error) { 268 268 269 269 claims := dpopClaims{ 270 270 HTTPMethod: httpMethod, ··· 356 356 dpopServerNonce := "" 357 357 358 358 // create new key for the session 359 359 - dpopPrivKey, err := crypto.GeneratePrivateKeyP256() 359 359 + dpopPrivKey, err := atcrypto.GeneratePrivateKeyP256() 360 360 if err != nil { 361 361 return nil, err 362 362 } ··· 447 447 body.ClientAssertion = &clientAssertion 448 448 } 449 449 450 450 - dpopPrivKey, err := crypto.ParsePrivateMultibase(info.DPoPPrivateKeyMultibase) 450 450 + dpopPrivKey, err := atcrypto.ParsePrivateMultibase(info.DPoPPrivateKeyMultibase) 451 451 if err != nil { 452 452 return nil, err 453 453 }

+2 -2

atproto/auth/oauth/session.go

reviewed

··· 13 13 "sync" 14 14 "time" 15 15 16 16 + "github.com/bluesky-social/indigo/atproto/atcrypto" 16 17 "github.com/bluesky-social/indigo/atproto/client" 17 17 - "github.com/bluesky-social/indigo/atproto/crypto" 18 18 "github.com/bluesky-social/indigo/atproto/syntax" 19 19 20 20 "github.com/golang-jwt/jwt/v5" ··· 73 73 74 74 Config *ClientConfig 75 75 Data *ClientSessionData 76 76 - DPoPPrivateKey crypto.PrivateKey 76 76 + DPoPPrivateKey atcrypto.PrivateKey 77 77 78 78 PersistSessionCallback PersistSessionCallback 79 79

+2 -2

atproto/auth/oauth/types.go

reviewed

··· 7 7 "slices" 8 8 "strings" 9 9 10 10 - "github.com/bluesky-social/indigo/atproto/crypto" 10 10 + "github.com/bluesky-social/indigo/atproto/atcrypto" 11 11 "github.com/bluesky-social/indigo/atproto/syntax" 12 12 ) 13 13 ··· 19 19 ) 20 20 21 21 type JWKS struct { 22 22 - Keys []crypto.JWK `json:"keys"` 22 22 + Keys []atcrypto.JWK `json:"keys"` 23 23 } 24 24 25 25 // Expected response type from looking up OAuth Protected Resource information on a server (eg, a PDS instance)

+8 -8

atproto/identity/identity.go

reviewed

··· 5 5 "net/url" 6 6 "strings" 7 7 8 8 - "github.com/bluesky-social/indigo/atproto/crypto" 8 8 + "github.com/bluesky-social/indigo/atproto/atcrypto" 9 9 "github.com/bluesky-social/indigo/atproto/syntax" 10 10 11 11 "github.com/mr-tron/base58" ··· 119 119 // 120 120 // Returns [ErrKeyNotFound] if there is no such key. 121 121 // 122 122 - // Note that [crypto.PublicKey] is an interface, not a concrete type. 123 123 - func (i *Identity) PublicKey() (crypto.PublicKey, error) { 122 122 + // Note that [atcrypto.PublicKey] is an interface, not a concrete type. 123 123 + func (i *Identity) PublicKey() (atcrypto.PublicKey, error) { 124 124 return i.GetPublicKey("atproto") 125 125 } 126 126 ··· 128 128 // 129 129 // Returns [ErrKeyNotFound] if there is no such key. 130 130 // 131 131 - // Note that [crypto.PublicKey] is an interface, not a concrete type. 132 132 - func (i *Identity) GetPublicKey(id string) (crypto.PublicKey, error) { 131 131 + // Note that [atcrypto.PublicKey] is an interface, not a concrete type. 132 132 + func (i *Identity) GetPublicKey(id string) (atcrypto.PublicKey, error) { 133 133 if i.Keys == nil { 134 134 return nil, ErrKeyNotDeclared 135 135 } ··· 139 139 } 140 140 switch k.Type { 141 141 case "Multikey": 142 142 - return crypto.ParsePublicMultibase(k.PublicKeyMultibase) 142 142 + return atcrypto.ParsePublicMultibase(k.PublicKeyMultibase) 143 143 case "EcdsaSecp256r1VerificationKey2019": 144 144 if len(k.PublicKeyMultibase) < 2 || k.PublicKeyMultibase[0] != 'z' { 145 145 return nil, fmt.Errorf("identity key not a multibase base58btc string") ··· 148 148 if err != nil { 149 149 return nil, fmt.Errorf("identity key multibase parsing: %w", err) 150 150 } 151 151 - return crypto.ParsePublicUncompressedBytesP256(keyBytes) 151 151 + return atcrypto.ParsePublicUncompressedBytesP256(keyBytes) 152 152 case "EcdsaSecp256k1VerificationKey2019": 153 153 if len(k.PublicKeyMultibase) < 2 || k.PublicKeyMultibase[0] != 'z' { 154 154 return nil, fmt.Errorf("identity key not a multibase base58btc string") ··· 157 157 if err != nil { 158 158 return nil, fmt.Errorf("identity key multibase parsing: %w", err) 159 159 } 160 160 - return crypto.ParsePublicUncompressedBytesK256(keyBytes) 160 160 + return atcrypto.ParsePublicUncompressedBytesK256(keyBytes) 161 161 default: 162 162 return nil, fmt.Errorf("unsupported atproto public key type: %s", k.Type) 163 163 }

+3 -3

atproto/label/label.go

reviewed

··· 5 5 "fmt" 6 6 7 7 comatproto "github.com/bluesky-social/indigo/api/atproto" 8 8 - "github.com/bluesky-social/indigo/atproto/crypto" 8 8 + "github.com/bluesky-social/indigo/atproto/atcrypto" 9 9 "github.com/bluesky-social/indigo/atproto/data" 10 10 "github.com/bluesky-social/indigo/atproto/syntax" 11 11 ) ··· 110 110 } 111 111 112 112 // Signs the commit, storing the signature in the `Sig` field 113 113 - func (l *Label) Sign(privkey crypto.PrivateKey) error { 113 113 + func (l *Label) Sign(privkey atcrypto.PrivateKey) error { 114 114 b, err := l.UnsignedBytes() 115 115 if err != nil { 116 116 return err ··· 124 124 } 125 125 126 126 // Verifies `Sig` field using the provided key. Returns `nil` if signature is valid. 127 127 - func (l *Label) VerifySignature(pubkey crypto.PublicKey) error { 127 127 + func (l *Label) VerifySignature(pubkey atcrypto.PublicKey) error { 128 128 if l.Sig == nil { 129 129 return fmt.Errorf("can not verify unsigned commit") 130 130 }

+3 -3

atproto/label/label_test.go

reviewed

··· 5 5 "testing" 6 6 7 7 comatproto "github.com/bluesky-social/indigo/api/atproto" 8 8 - "github.com/bluesky-social/indigo/atproto/crypto" 8 8 + "github.com/bluesky-social/indigo/atproto/atcrypto" 9 9 10 10 "github.com/stretchr/testify/assert" 11 11 ) ··· 14 14 assert := assert.New(t) 15 15 16 16 pubkeyStr := "zQ3shcnfWLQN1bY4d2patsEAYFzy4xp1zdckEvHsV7S4ocTnC" 17 17 - pubkey, err := crypto.ParsePublicMultibase(pubkeyStr) 17 17 + pubkey, err := atcrypto.ParsePublicMultibase(pubkeyStr) 18 18 if err != nil { 19 19 t.Fatal(err) 20 20 } ··· 77 77 SourceDID: "did:plc:ewvi7nxzyoun6zhxrhs64oiz", 78 78 } 79 79 80 80 - priv, err := crypto.GeneratePrivateKeyK256() 80 80 + priv, err := atcrypto.GeneratePrivateKeyK256() 81 81 if err != nil { 82 82 t.Fatal(err) 83 83 }

+3 -3

atproto/repo/commit.go

reviewed

··· 4 4 "bytes" 5 5 "fmt" 6 6 7 7 - "github.com/bluesky-social/indigo/atproto/crypto" 7 7 + "github.com/bluesky-social/indigo/atproto/atcrypto" 8 8 "github.com/bluesky-social/indigo/atproto/data" 9 9 "github.com/bluesky-social/indigo/atproto/syntax" 10 10 ··· 80 80 } 81 81 82 82 // Signs the commit, storing the signature in the `Sig` field 83 83 - func (c *Commit) Sign(privkey crypto.PrivateKey) error { 83 83 + func (c *Commit) Sign(privkey atcrypto.PrivateKey) error { 84 84 b, err := c.UnsignedBytes() 85 85 if err != nil { 86 86 return err ··· 94 94 } 95 95 96 96 // Verifies `Sig` field using the provided key. Returns `nil` if signature is valid. 97 97 - func (c *Commit) VerifySignature(pubkey crypto.PublicKey) error { 97 97 + func (c *Commit) VerifySignature(pubkey atcrypto.PublicKey) error { 98 98 if c.Sig == nil { 99 99 return fmt.Errorf("can not verify unsigned commit") 100 100 }