Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP signatures rewrite #488

Merged
merged 61 commits into from
Feb 23, 2024
Merged

HTTP signatures rewrite #488

merged 61 commits into from
Feb 23, 2024

Conversation

aumetra
Copy link
Member

@aumetra aumetra commented Feb 11, 2024

Rewrite of the HTTP signatures implementation using a more sophisticated parsing method and implementing hardened rules to hopefully get rid of any security issues that could arise from improperly implemented HTTP signatures.

Closes #195

@aumetra
Copy link
Member Author

aumetra commented Feb 11, 2024

Design

This crate will expose two different API levels. A mid-level API and a high-level API.

Mid-level API

This API provides header parsing, signing string construction and verification/signing, etc. but all in separate steps.

Mostly geared towards either:

  1. People who only need a part of the entire validation/signing pipeline
  2. People who can't use use high-level API since they have lifetime issues, aren't using async, etc.

High-level API

The high-level API will expose a conservative set of configuration options and will have an API akin to this:

async fn (req, opts) -> bool

where the boolean implies whether the verification succeeded or failed (for whatever reason).
It exposes no metadata, no failure reasons, etc. in order to keep any crypto failures due to leakage of metadata from happening.

It's an async method and will execute the actual validation on a rayon background task. Key fetching is only done when required using a closure which returns a fallible future.
That way it will integrate neatly with all kinds of asynchronous operations you'd do on a webserver to fetch a key (be it a database operation via sqlx or diesel-async or an HTTP request).

If this doesn't fit your use-case, you have to drop down to the mid-level API, as explained above.

@aumetra aumetra force-pushed the aumetra/http-signatures-final-boss branch from 4bcc511 to abcd006 Compare February 11, 2024 19:46
@aumetra aumetra force-pushed the aumetra/http-signatures-final-boss branch 2 times, most recently from e411c36 to a87a862 Compare February 11, 2024 21:05
@aumetra aumetra force-pushed the aumetra/http-signatures-final-boss branch from a87a862 to 57ee494 Compare February 11, 2024 21:05
aumetra
aumetra commented Feb 13, 2024
View reviewed changes
lib/blowocking/Cargo.toml Outdated Show resolved Hide resolved
aumetra added 10 commits February 13, 2024 21:35
@aumetra
add feature
f8603be
@aumetra
up
754982f
@aumetra
up yarn
09fd4df
@aumetra
flake.lock: Update
18e21a6 
Flake lock file updates:

• Updated input 'devenv':
    'github:cachix/devenv/0e68853bb27981a4ffd7a7225b59ed84f7180fc7' (2024-02-03)
  → 'github:cachix/devenv/5a30b9e5ac7c6167e61b1f4193d5130bb9f8defa' (2024-02-13)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/e92b6015881907e698782c77641aa49298330223' (2024-02-02)
  → 'github:nixos/nixpkgs/a4d4fe8c5002202493e87ec8dbc91335ff55552c' (2024-02-15)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/61dfa5a8129f7edbe9150253c68f673f87b16fb1' (2024-02-05)
  → 'github:oxalica/rust-overlay/4ee92bf124fbc4e157cbce1bc2a35499866989fc' (2024-02-16)
@aumetra
change iteration method
df7c63f
@aumetra
use derive-builder for http-signatures
7091daa
@aumetra
use indexing to get rid of quotation marks
4f7fba5
@aumetra
fix for numeral values
9807f2d
@aumetra
very important
fbfe7a3
@aumetra
add subset fn over slices, add proptest to verify
45ba735
@aumetra aumetra force-pushed the aumetra/http-signatures-final-boss branch from 7b70038 to 45ba735 Compare February 17, 2024 10:32
@aumetra aumetra force-pushed the aumetra/http-signatures-final-boss branch from 0fae4e9 to f5882e1 Compare February 17, 2024 10:59
@aumetra
Copy link
Member Author

aumetra commented Feb 19, 2024

Okay, fixed the broken clock skew adjustment. Now it should be fine. Adding one minute to every timestamp so we operate a little bit in the future.

@aumetra
Copy link
Member Author

aumetra commented Feb 19, 2024

Does that look good @perillamint ?

@aumetra aumetra requested a review from perillamint February 20, 2024 15:32
@aumetra aumetra force-pushed the aumetra/http-signatures-final-boss branch from 6b9d7f8 to 4f2ebd7 Compare February 20, 2024 18:53
@perillamint
Copy link
Contributor

LGTM!

@aumetra aumetra marked this pull request as ready for review February 23, 2024 18:06
@aumetra aumetra enabled auto-merge February 23, 2024 18:14
@aumetra aumetra added this pull request to the merge queue Feb 23, 2024
Merged via the queue into main with commit f368c29 Feb 23, 2024
12 checks passed
@aumetra aumetra deleted the aumetra/http-signatures-final-boss branch February 23, 2024 18:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@perillamint perillamint Awaiting requested review from perillamint

Assignees

@perillamint perillamint

@aumetra aumetra

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

HTTP signature hardening
2 participants
@aumetra @perillamint