oops, wrong algorithm.
This commit is contained in:
parent
154f4d2239
commit
d4a5f2422a
2 changed files with 10 additions and 10 deletions
|
|
@ -4,12 +4,11 @@ module Fedi.Crypto where
|
||||||
|
|
||||||
import Crypto.Hash qualified as Crypto
|
import Crypto.Hash qualified as Crypto
|
||||||
import Data.ByteArray qualified as BA
|
import Data.ByteArray qualified as BA
|
||||||
import Crypto.PubKey.RSA.PSS qualified as Crypto
|
import Crypto.PubKey.RSA.PKCS15 qualified as Crypto
|
||||||
import Crypto.Store.X509 qualified as Crypto
|
import Crypto.Store.X509 qualified as Crypto
|
||||||
import Crypto.Store.PKCS8 qualified as Crypto
|
import Crypto.Store.PKCS8 qualified as Crypto
|
||||||
import Data.X509 qualified as Crypto
|
import Data.X509 qualified as Crypto
|
||||||
import Fedi.Helpers
|
import Fedi.Helpers
|
||||||
import Fedi.UserDetails
|
|
||||||
import Data.ByteString.Base64 qualified as Base64
|
import Data.ByteString.Base64 qualified as Base64
|
||||||
import Data.Base64.Types qualified as Base64
|
import Data.Base64.Types qualified as Base64
|
||||||
import Data.Text qualified as T
|
import Data.Text qualified as T
|
||||||
|
|
@ -20,19 +19,20 @@ verifyPub pubkeypem sig message = do
|
||||||
case Crypto.readPubKeyFileFromMemory pubkeypem of
|
case Crypto.readPubKeyFileFromMemory pubkeypem of
|
||||||
[Crypto.PubKeyRSA pubkey'] -> pure pubkey'
|
[Crypto.PubKeyRSA pubkey'] -> pure pubkey'
|
||||||
_ -> throw "failed to read pubkey pem"
|
_ -> throw "failed to read pubkey pem"
|
||||||
pure $ Crypto.verify (Crypto.defaultPSSParams Crypto.SHA256) pubkey message sig
|
pure $ Crypto.verify (Just Crypto.SHA256) pubkey message sig
|
||||||
|
|
||||||
sign :: UserDetails -> ByteString -> IO Signed
|
sign :: FilePath -> ByteString -> IO Signed
|
||||||
sign details message = do
|
sign privatePemFile message = do
|
||||||
-- get private key
|
-- get private key
|
||||||
privkeypem <- Crypto.readKeyFile details.privatePem
|
privkeypem <- Crypto.readKeyFile privatePemFile
|
||||||
privateKey <- case privkeypem of
|
privateKey <- case privkeypem of
|
||||||
[Crypto.Unprotected (Crypto.PrivKeyRSA privkey)] -> pure privkey
|
[Crypto.Unprotected (Crypto.PrivKeyRSA privkey)] -> pure privkey
|
||||||
_ -> throw $ "error reading local private key from '" <> details.privatePem <> "'."
|
_ -> throw $ "error reading local private key from '" <> privatePemFile <> "'."
|
||||||
|
|
||||||
-- sign message
|
-- sign message
|
||||||
signedMessage <- either (throw . show) pure =<<
|
signedMessage <-
|
||||||
Crypto.sign Nothing (Crypto.defaultPSSParams Crypto.SHA256) privateKey message
|
Crypto.sign Nothing (Just Crypto.SHA256) privateKey message
|
||||||
|
& either (throw . show) pure
|
||||||
|
|
||||||
-- return
|
-- return
|
||||||
pure Signed{..}
|
pure Signed{..}
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@ signSignature details host requestTarget body = do
|
||||||
components = []
|
components = []
|
||||||
signatureString = makeSignatureString host requestTarget date digest
|
signatureString = makeSignatureString host requestTarget date digest
|
||||||
|
|
||||||
signed <- sign details signatureString
|
signed <- sign details.privatePem signatureString
|
||||||
|
|
||||||
let
|
let
|
||||||
signature = encodeBase64 signed.signedMessage
|
signature = encodeBase64 signed.signedMessage
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue