Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: accidental double-hash in sign/verify

Browse Source
This commit is contained in:
Julian Lam
2023-12-22 12:58:46 -05:00
parent 71e3d26bb4
commit 0eadad84cd
1 changed files with 4 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/activitypub/index.js
View File

@@ -113,14 +113,10 @@ ActivityPub.sign = async (uid, url, payload) => {
} }
// Sign string using private key // Sign string using private key
const signatureHash = createHash('sha256');
signatureHash.update(signed_string);
const signatureDigest = signatureHash.digest('hex');
let signature = createSign('sha256'); let signature = createSign('sha256');
signature.update(signatureDigest); signature.update(signed_string);
signature.end(); signature.end();
signature = signature.sign(key, 'hex'); signature = signature.sign(key, 'base64');
signature = btoa(signature);
// Construct signature header // Construct signature header
return { return {
@@ -156,13 +152,10 @@ ActivityPub.verify = async (req) => {
// Verify the signature string via public key // Verify the signature string via public key
try { try {
const signatureHash = createHash('sha256');
signatureHash.update(signed_string);
const signatureDigest = signatureHash.digest('hex');
const verify = createVerify('sha256'); const verify = createVerify('sha256');
verify.update(signatureDigest); verify.update(signed_string);
verify.end(); verify.end();
const verified = verify.verify(publicKeyPem, atob(signature), 'hex'); const verified = verify.verify(publicKeyPem, signature, 'base64');
return verified; return verified;
} catch (e) { } catch (e) {
return false; return false;