From d74d29e2c531a7e4a9b4aa46f5bdbeecb2d14684 Mon Sep 17 00:00:00 2001
From: Derrick Hammer <derrick@derrickhammer.com>
Date: Tue, 16 Jan 2024 15:22:48 -0500
Subject: [PATCH] fix: check that key is 33 bytes and is a ed25519

---
 api/s5/http.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/s5/http.go b/api/s5/http.go
index 7c0c6c1..114d00e 100644
--- a/api/s5/http.go
+++ b/api/s5/http.go
@@ -205,7 +205,7 @@ func (h *HttpHandler) AccountRegisterChallenge(jc jape.Context) {
 		return
 	}
 
-	if len(decodedKey) != 32 {
+	if len(decodedKey) != 33 && int(decodedKey[0]) != int(types.HashTypeEd25519) {
 		_ = jc.Error(errAccountGenerateChallengeErr, http.StatusInternalServerError)
 		h.portal.Logger().Error(errAccountGenerateChallenge, zap.Error(err))
 		return
@@ -380,8 +380,8 @@ func (h *HttpHandler) AccountLoginChallenge(jc jape.Context) {
 		return
 	}
 
-	if len(decodedKey) != 32 {
-		errored(err)
+	if len(decodedKey) != 33 && int(decodedKey[0]) != int(types.HashTypeEd25519) {
+		errored(errPubkeyNotSupported)
 		return
 	}