oops, wrong algorithm.

2024-11-07 11:27:05 +02:00 · 2024-11-07 11:27:05 +02:00 · 657647073e
commit 657647073e
parent a094f7a403
2 changed files with 10 additions and 10 deletions
--- a/src/Fedi/Crypto.hs
+++ b/src/Fedi/Crypto.hs
@ -4,12 +4,11 @@ module Fedi.Crypto where

 import Crypto.Hash qualified as Crypto
 import Data.ByteArray qualified as BA
-import Crypto.PubKey.RSA.PSS qualified as Crypto
+import Crypto.PubKey.RSA.PKCS15 qualified as Crypto
 import Crypto.Store.X509 qualified as Crypto
 import Crypto.Store.PKCS8 qualified as Crypto
 import Data.X509 qualified as Crypto
 import Fedi.Helpers
-import Fedi.UserDetails
 import Data.ByteString.Base64 qualified as Base64
 import Data.Base64.Types qualified as Base64
 import Data.Text qualified as T
@ -20,19 +19,20 @@ verifyPub pubkeypem sig message = do
    case Crypto.readPubKeyFileFromMemory pubkeypem of
      [Crypto.PubKeyRSA pubkey'] -> pure pubkey'
      _ -> throw "failed to read pubkey pem"
-  pure $ Crypto.verify (Crypto.defaultPSSParams Crypto.SHA256) pubkey message sig
+  pure $ Crypto.verify (Just Crypto.SHA256) pubkey message sig

-sign :: UserDetails -> ByteString -> IO Signed
-sign details message = do
+sign :: FilePath -> ByteString -> IO Signed
+sign privatePemFile message = do
  -- get private key
-  privkeypem <- Crypto.readKeyFile details.privatePem
+  privkeypem <- Crypto.readKeyFile privatePemFile
  privateKey <- case privkeypem of
    [Crypto.Unprotected (Crypto.PrivKeyRSA privkey)] -> pure privkey
-    _ -> throw $ "error reading local private key from '" <> details.privatePem <> "'."
+    _ -> throw $ "error reading local private key from '" <> privatePemFile <> "'."

  -- sign message
-  signedMessage <- either (throw . show) pure =<<
-    Crypto.sign Nothing (Crypto.defaultPSSParams Crypto.SHA256) privateKey message
+  signedMessage <-
+    Crypto.sign Nothing (Just Crypto.SHA256) privateKey message
+      & either (throw . show) pure

  -- return
  pure Signed{..}
--- a/src/Fedi/Signature/Sign.hs
+++ b/src/Fedi/Signature/Sign.hs
@ -29,7 +29,7 @@ signSignature details host requestTarget body = do
    components = []
    signatureString = makeSignatureString host requestTarget date digest

-  signed <- sign details signatureString
+  signed <- sign details.privatePem signatureString

  let
    signature = encodeBase64 signed.signedMessage