-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsigverifier.go
More file actions
46 lines (36 loc) · 788 Bytes
/
Copy pathsigverifier.go
File metadata and controls
46 lines (36 loc) · 788 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
package main
import (
"crypto/hmac"
"crypto/sha1"
"hash"
"os"
"sync"
"unsafe"
)
var secretKey []byte
func init() {
if k, e := os.LookupEnv("PLEROMA_SECRET_KEY_BASE"); e {
secretKey = []byte(k)
}
}
var hmacPool = sync.Pool{
New: func() any {
return hmac.New(sha1.New, secretKey)
},
}
func verifySig64(base64str string, sigBytes []byte) bool {
if len(secretKey) < 1 {
// user didn't put secret key.
return true
}
h := hmacPool.Get().(hash.Hash)
h.Reset()
defer hmacPool.Put(h)
// wanna see a sin?
// given that string is immutable, HOW ABOUT WE ACCESS THE BYTES, DIRECTLY
b := unsafe.Slice(unsafe.StringData(base64str), len(base64str))
h.Write(b)
var macBuf [sha1.Size]byte
expectedSig := h.Sum(macBuf[:0])
return hmac.Equal(sigBytes, expectedSig)
}