Skip to content

Commit 3bae27b

Browse files
authored
Merge pull request #13 from junkurihara/develop
0.0.22
2 parents 64d1077 + 4eaa723 commit 3bae27b

File tree

15 files changed

+441
-124
lines changed

15 files changed

+441
-124
lines changed

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ resolver = "2"
44

55
[workspace.package]
66
edition = "2021"
7-
version = "0.0.21"
7+
version = "0.0.22"
88
authors = ["Jun Kurihara"]
99
homepage = "https://github.com/junkurihara/httpsig-rs"
1010
repository = "https://github.com/junkurihara/httpsig-rs"

README.md

Lines changed: 22 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -16,13 +16,11 @@ This crates provides a basic library [httpsig](./httpsig) and [its extension](./
1616
- [x] HMAC using SHA-256
1717
- [x] Ed25519
1818
- [x] ECDSA-P256 using SHA-256
19-
- [ ] ECDSA-P384 using SHA-384
19+
- [x] ECDSA-P384 using SHA-384
20+
- [x] RSASSA-PSS using SHA-512
21+
- [x] RSASSA-PKCS1-v1_5 using SHA-256
2022

21-
~~- [ ] RSASSA-PSS using SHA-512~~
22-
23-
~~- [ ] RSASSA-PKCS1-v1_5 using SHA-256~~
24-
25-
At this point, we have no plan to support RSA signature due to [the problem related to the non-constant time operation](https://github.com/RustCrypto/RSA/issues/19), i.e., [Mervin Attack](https://people.redhat.com/~hkario/marvin/).
23+
At this point, **RSA signature is non-default** due to [the problem related to the non-constant time operation](https://github.com/RustCrypto/RSA/issues/19), i.e., [Marvin Attack](https://people.redhat.com/~hkario/marvin/). If you want to use RSA signature, please enable the `rsa-signature` feature flag in your `Cargo.toml`.
2624

2725
## Usage of Extension for `hyper` (`httpsig-hyper`)
2826

@@ -48,8 +46,11 @@ async fn signer<B>(&mut req: Request<B>) -> HttpSigResult<()> {
4846
.unwrap();
4947
let mut signature_params = HttpSignatureParams::try_new(&covered_components).unwrap();
5048

49+
// specify algorithm name since we cannot always infer it from key info
50+
let alg = AlgorithmName::Ed25519;
51+
5152
// set signing/verifying key information, alg and keyid
52-
let secret_key = SecretKey::from_pem(SECRET_KEY_STRING).unwrap();
53+
let secret_key = SecretKey::from_pem(&alg, SECRET_KEY_STRING).unwrap();
5354
signature_params.set_key_info(&secret_key);
5455

5556
req
@@ -59,7 +60,11 @@ async fn signer<B>(&mut req: Request<B>) -> HttpSigResult<()> {
5960

6061
/// Validation function that verifies a request with a signature
6162
async fn verifier<B>(req: &Request<B>) -> HttpSigResult<SignatureName> {
62-
let public_key = PublicKey::from_pem(PUBLIC_KEY_STRING).unwrap();
63+
// specify algorithm name since we cannot always infer it from key info
64+
let alg = AlgorithmName::Ed25519; // directly use Ed25519 algorithm
65+
// or else infer it from the request. Find your public key from IndexMap with alg and key_id pairs
66+
// let alg_key_id_map = req.get_alg_key_ids().unwrap();
67+
let public_key = PublicKey::from_pem(&alg, PUBLIC_KEY_STRING).unwrap();
6368
let key_id = public_key.key_id();
6469

6570
// verify signature with checking key_id
@@ -105,8 +110,11 @@ async fn signer<B>(&mut res: Response<B>, corresponding_req: &Request<B>) -> Htt
105110
.unwrap();
106111
let mut signature_params = HttpSignatureParams::try_new(&covered_components).unwrap();
107112

113+
// specify algorithm name since we cannot always infer it from key info
114+
let alg = AlgorithmName::Ed25519;
115+
108116
// set signing/verifying key information, alg and keyid
109-
let secret_key = SecretKey::from_pem(SECRET_KEY_STRING).unwrap();
117+
let secret_key = SecretKey::from_pem(&alg, SECRET_KEY_STRING).unwrap();
110118
signature_params.set_key_info(&secret_key);
111119

112120
req
@@ -116,7 +124,11 @@ async fn signer<B>(&mut res: Response<B>, corresponding_req: &Request<B>) -> Htt
116124

117125
/// Validation function that verifies a response with a signature from response itself and sent request
118126
async fn verifier<B>(res: &Response<B>, sent_req: &Request<B>) -> HttpSigResult<SignatureName> {
119-
let public_key = PublicKey::from_pem(PUBLIC_KEY_STRING).unwrap();
127+
// specify algorithm name since we cannot always infer it from key info
128+
let alg = AlgorithmName::Ed25519; // directly use Ed25519 algorithm
129+
// or else infer it from the response. Find your public key from IndexMap with alg and key_id pairs
130+
// let alg_key_id_map = res.get_alg_key_ids().unwrap();
131+
let public_key = PublicKey::from_pem(&alg, PUBLIC_KEY_STRING).unwrap();
120132
let key_id = public_key.key_id();
121133

122134
// verify signature with checking key_id

httpsig-hyper/Cargo.toml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,10 +15,11 @@ rust-version.workspace = true
1515
[features]
1616
default = ["blocking"]
1717
blocking = ["futures/executor"]
18+
rsa-signature = ["httpsig/rsa-signature"]
1819

1920

2021
[dependencies]
21-
httpsig = { path = "../httpsig", version = "0.0.21" }
22+
httpsig = { path = "../httpsig", version = "0.0.22" }
2223

2324
thiserror = { version = "2.0.18" }
2425
tracing = { version = "0.1.44" }

httpsig-hyper/README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,8 @@ If you need to verify the body of a given message when `content-digest` is cover
2727

2828
```rust
2929
// first verifies the signature according to `signature-input` header
30-
let public_key = PublicKey::from_pem(EDDSA_PUBLIC_KEY).unwrap();
30+
let alg = AlgorithmName::Ed25519;
31+
let public_key = PublicKey::from_pem(&alg, EDDSA_PUBLIC_KEY).unwrap();
3132
let signature_verification = req.verify_message_signature(&public_key, None).await;
3233
assert!(verification_res.is_ok());
3334

httpsig-hyper/examples/hyper-request.rs

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ async fn sender_ed25519(req: &mut Request<BoxBody>) {
4343
let mut signature_params = HttpSignatureParams::try_new(&covered_components).unwrap();
4444

4545
// set signing/verifying key information, alg and keyid with ed25519
46-
let secret_key = SecretKey::from_pem(EDDSA_SECRET_KEY).unwrap();
46+
let secret_key = SecretKey::from_pem(&AlgorithmName::Ed25519, EDDSA_SECRET_KEY).unwrap();
4747
signature_params.set_key_info(&secret_key);
4848

4949
// set signature with custom signature name
@@ -65,7 +65,7 @@ async fn sender_hs256(req: &mut Request<BoxBody>) {
6565
let mut signature_params = HttpSignatureParams::try_new(&covered_components).unwrap();
6666

6767
// set signing/verifying key information, alg and keyid and random noce with hmac-sha256
68-
let shared_key = SharedKey::from_base64(HMACSHA256_SECRET_KEY).unwrap();
68+
let shared_key = SharedKey::from_base64(&AlgorithmName::HmacSha256, HMACSHA256_SECRET_KEY).unwrap();
6969
signature_params.set_key_info(&shared_key);
7070
signature_params.set_random_nonce();
7171

@@ -81,7 +81,7 @@ where
8181
B: http_body::Body + Send + Sync,
8282
{
8383
println!("Verifying ED25519 signature");
84-
let public_key = PublicKey::from_pem(EDDSA_PUBLIC_KEY).unwrap();
84+
let public_key = PublicKey::from_pem(&AlgorithmName::Ed25519, EDDSA_PUBLIC_KEY).unwrap();
8585
let key_id = public_key.key_id();
8686

8787
// verify signature with checking key_id
@@ -94,7 +94,7 @@ where
9494
B: http_body::Body + Send + Sync,
9595
{
9696
println!("Verifying HMAC-SHA256 signature");
97-
let shared_key = SharedKey::from_base64(HMACSHA256_SECRET_KEY).unwrap();
97+
let shared_key = SharedKey::from_base64(&AlgorithmName::HmacSha256, HMACSHA256_SECRET_KEY).unwrap();
9898
let key_id = VerifyingKey::key_id(&shared_key);
9999

100100
// verify signature with checking key_id

httpsig-hyper/examples/hyper-response.rs

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ async fn sender_ed25519(res: &mut Response<BoxBody>, received_req: &Request<BoxB
5555
let mut signature_params = HttpSignatureParams::try_new(&covered_components).unwrap();
5656

5757
// set signing/verifying key information, alg and keyid with ed25519
58-
let secret_key = SecretKey::from_pem(EDDSA_SECRET_KEY).unwrap();
58+
let secret_key = SecretKey::from_pem(&AlgorithmName::Ed25519, EDDSA_SECRET_KEY).unwrap();
5959
signature_params.set_key_info(&secret_key);
6060

6161
// set signature with custom signature name
@@ -77,7 +77,7 @@ async fn sender_hs256(res: &mut Response<BoxBody>, received_req: &Request<BoxBod
7777
let mut signature_params = HttpSignatureParams::try_new(&covered_components).unwrap();
7878

7979
// set signing/verifying key information, alg and keyid and random noce with hmac-sha256
80-
let shared_key = SharedKey::from_base64(HMACSHA256_SECRET_KEY).unwrap();
80+
let shared_key = SharedKey::from_base64(&AlgorithmName::HmacSha256, HMACSHA256_SECRET_KEY).unwrap();
8181
signature_params.set_key_info(&shared_key);
8282
signature_params.set_random_nonce();
8383

@@ -93,7 +93,7 @@ where
9393
B: http_body::Body + Send + Sync,
9494
{
9595
println!("Verifying ED25519 signature");
96-
let public_key = PublicKey::from_pem(EDDSA_PUBLIC_KEY).unwrap();
96+
let public_key = PublicKey::from_pem(&AlgorithmName::Ed25519, EDDSA_PUBLIC_KEY).unwrap();
9797
let key_id = public_key.key_id();
9898

9999
// verify signature with checking key_id
@@ -106,7 +106,7 @@ where
106106
B: http_body::Body + Send + Sync,
107107
{
108108
println!("Verifying HMAC-SHA256 signature");
109-
let shared_key = SharedKey::from_base64(HMACSHA256_SECRET_KEY).unwrap();
109+
let shared_key = SharedKey::from_base64(&AlgorithmName::HmacSha256, HMACSHA256_SECRET_KEY).unwrap();
110110
let key_id = VerifyingKey::key_id(&shared_key);
111111

112112
// verify signature with checking key_id

0 commit comments

Comments
 (0)