Initial commit

Author: jbowes

canonicalize.go

@@ -0,0 +1,166 @@
+package httpsig
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	nurl "net/url"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// message is a minimal representation of an HTTP request or response, containing the values
+// needed to construct a signature.
+type message struct {
+	Method string
+	URL    *url.URL
+	Header http.Header
+}
+
+func messageFromRequest(r *http.Request) *message {
+	hdr := r.Header.Clone()
+	hdr.Set("Host", r.Host)
+	return &message{
+		Method: r.Method,
+		URL:    r.URL,
+		Header: hdr,
+	}
+}
+
+func canonicalizeHeader(out io.Writer, name string, hdr http.Header) error {
+	// XXX: Structured headers are not considered, and they should be :)
+	v := hdr.Values(name)
+	if len(v) == 0 { // empty values are permitted, but no values are not
+		return fmt.Errorf("'%s' header not found", name)
+	}
+
+	// Section 2.1 covers canonicalizing headers.
+	// Section 2.4 step 2 covers using them as input.
+	vc := make([]string, 0, len(v))
+	for _, sv := range v {
+		vc = append(vc, strings.TrimSpace(sv))
+	}
+	_, err := fmt.Fprintf(out, "\"%s\": %s\n", strings.ToLower(name), strings.Join(vc, ", "))
+	return err
+}
+
+func canonicalizeRequestTarget(out io.Writer, method string, url *nurl.URL) error {
+	// Section 2.3.1 covers canonicalization the request target.
+	// Section 2.4 step 2 covers using it as input.
+	_, err := fmt.Fprintf(out, "\"@request-target\": %s %s\n", strings.ToLower(method), url.RequestURI())
+	return err
+}
+
+func canonicalizeSignatureParams(out io.Writer, sp *signatureParams) error {
+	// Section 2.3.2 covers canonicalization of the signature parameters
+
+	// TODO: Deal with all the potential print errs. sigh.
+
+	_, err := fmt.Fprintf(out, "\"@signature-params\": %s", sp.canonicalize())
+	if err != nil {
+		return err
+	}
+
+	return err
+}
+
+type signatureParams struct {
+	items   []string
+	keyID   string
+	alg     string
+	created time.Time
+	expires *time.Time
+	nonce   string
+}
+
+func (sp *signatureParams) canonicalize() string {
+	li := make([]string, 0, len(sp.items))
+	for _, i := range sp.items {
+		li = append(li, fmt.Sprintf("\"%s\"", strings.ToLower(i)))
+	}
+	o := fmt.Sprintf("(%s)", strings.Join(li, " "))
+
+	// Items comes first. The params afterwards can be in any order. The order chosen here
+	// matches what's in the examples in the standard, aiding in testing.
+
+	o += fmt.Sprintf(";created=%d", sp.created.Unix())
+
+	if sp.keyID != "" {
+		o += fmt.Sprintf(";keyid=\"%s\"", sp.keyID)
+	}
+
+	if sp.alg != "" {
+		o += fmt.Sprintf(";alg=\"%s\"", sp.alg)
+	}
+
+	if sp.expires != nil {
+		o += fmt.Sprintf(";expires=%d", sp.expires.Unix())
+	}
+
+	return o
+}
+
+var malformedSignatureInput = errors.New("malformed signature-input header")
+
+func parseSignatureInput(in string) (*signatureParams, error) {
+	sp := &signatureParams{}
+
+	parts := strings.Split(in, ";")
+	if len(parts) < 1 {
+		return nil, malformedSignatureInput
+	}
+
+	if parts[0][0] != '(' || parts[0][len(parts[0])-1] != ')' {
+		return nil, malformedSignatureInput
+	}
+
+	if len(parts[0]) > 2 { // not empty
+		// TODO: headers can't have spaces, but it should still be handled
+		items := strings.Split(parts[0][1:len(parts[0])-1], " ")
+
+		// TODO: error when not quoted
+		for i := range items {
+			items[i] = strings.Trim(items[i], `"`)
+		}
+
+		sp.items = items
+	}
+
+	for _, param := range parts[1:] {
+		paramParts := strings.Split(param, "=")
+		if len(paramParts) != 2 {
+			return nil, malformedSignatureInput
+		}
+
+		// TODO: error when not wrapped in quotes
+		switch paramParts[0] {
+		case "alg":
+			sp.alg = strings.Trim(paramParts[1], `"`)
+		case "keyid":
+			sp.keyID = strings.Trim(paramParts[1], `"`)
+		case "nonce":
+			sp.nonce = strings.Trim(paramParts[1], `"`)
+		case "created":
+			i, err := strconv.ParseInt(paramParts[1], 10, 64)
+			if err != nil {
+				return nil, malformedSignatureInput
+			}
+			sp.created = time.Unix(i, 0)
+		case "expires":
+			i, err := strconv.ParseInt(paramParts[1], 10, 64)
+			if err != nil {
+				return nil, malformedSignatureInput
+			}
+			t := time.Unix(i, 0)
+			sp.expires = &t
+		default:
+			// TODO: unknown params could be kept? hard to say.
+			return nil, malformedSignatureInput
+		}
+	}
+
+	return sp, nil
+}

digest.go

@@ -0,0 +1,26 @@
+package httpsig
+
+import (
+	"crypto/sha256"
+	"crypto/subtle"
+	"encoding/base64"
+	"fmt"
+)
+
+// HTTP digest headers support according to the draft standard
+// https://datatracker.ietf.org/doc/draft-ietf-httpbis-digest-headers/
+
+// TODO: support more algorithms, and maybe do its own package.
+
+func calcDigest(in []byte) string {
+	dig := sha256.Sum256(in)
+
+	return fmt.Sprintf("id-sha256=%s", base64.StdEncoding.EncodeToString(dig[:]))
+}
+
+func verifyDigest(in []byte, dig string) bool {
+	// TODO: case insensitity for incoming digest?
+	calc := calcDigest(in)
+
+	return subtle.ConstantTimeCompare([]byte(dig), []byte(calc)) == 0
+}

go.mod

@@ -0,0 +1,3 @@
+module github.com/jbowes/httpsig
+
+go 1.16

httpsig.go

@@ -0,0 +1,200 @@
+package httpsig
+
+import (
+	"bytes"
+	"crypto/ecdsa"
+	"crypto/rsa"
+	"io/ioutil"
+	"net/http"
+)
+
+var defaultHeaders = []string{"content-type", "content-length", "host"} // also request path and digest
+
+func sliceHas(haystack []string, needle string) bool {
+	for _, n := range haystack {
+		if n == needle {
+			return true
+		}
+	}
+
+	return false
+}
+
+// NewSignTransport returns a new client transport that wraps the provided transport with
+// http message signing and body digest creation
+func NewSignTransport(transport http.RoundTripper, opts ...signOption) http.RoundTripper {
+	s := signer{}
+
+	for _, o := range opts {
+		o.configureSign(&s)
+	}
+
+	if len(s.headers) == 0 {
+		s.headers = defaultHeaders[:]
+	}
+
+	// TODO: normalize headers? lowercase & de-dupe
+
+	// request path first, for aesthetics
+	if !sliceHas(s.headers, "@request-path") {
+		s.headers = append([]string{"@request-path"}, s.headers...)
+	}
+
+	if !sliceHas(s.headers, "digest") {
+		s.headers = append(s.headers, "digest")
+	}
+
+	return rt(func(r *http.Request) (*http.Response, error) {
+		nr := r.Clone(r.Context())
+
+		b := &bytes.Buffer{}
+		if r.Body != nil {
+			n, err := b.ReadFrom(r.Body)
+			if err != nil {
+				return nil, err
+			}
+
+			defer r.Body.Close()
+
+			if n != 0 {
+				r.Body = ioutil.NopCloser(bytes.NewReader(b.Bytes()))
+			}
+		}
+
+		// Always set a digest (for now)
+		r.Header.Set("Digest", calcDigest(b.Bytes()))
+
+		msg := messageFromRequest(nr)
+		hdr, err := s.Sign(msg)
+		if err != nil {
+			return nil, err
+		}
+
+		for k, v := range hdr {
+			nr.Header[k] = v
+		}
+
+		return transport.RoundTrip(r)
+	})
+}
+
+type rt func(*http.Request) (*http.Response, error)
+
+func (r rt) RoundTrip(req *http.Request) (*http.Response, error) { return r(req) }
+
+// NewVerifyMiddleware returns a configured http server middleware that can be used to wrap
+// multiple handlers for http message signature and digest verification.
+//
+// TODO: form and multipart support
+func NewVerifyMiddleware(opts ...verifyOption) func(http.Handler) http.Handler {
+
+	v := verifier{}
+
+	for _, o := range opts {
+		o.configureVerify(&v)
+	}
+
+	serveErr := func(rw http.ResponseWriter) {
+		// TODO: better error and custom error handler
+		rw.Header().Set("Content-Type", "text/plain")
+		rw.WriteHeader(http.StatusBadRequest)
+
+		rw.Write([]byte("invalid required signature"))
+
+		return
+	}
+
+	return func(h http.Handler) http.Handler {
+		return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+
+			msg := messageFromRequest(r)
+			err := v.Verify(msg)
+			if err != nil {
+				serveErr(rw)
+				return
+			}
+
+			b := &bytes.Buffer{}
+			if r.Body != nil {
+				n, err := b.ReadFrom(r.Body)
+				if err != nil {
+					serveErr(rw)
+					return
+				}
+
+				defer r.Body.Close()
+
+				if n != 0 {
+					r.Body = ioutil.NopCloser(bytes.NewReader(b.Bytes()))
+				}
+			}
+
+			// Check the digest if set. We only support id-sha-256 for now.
+			// TODO: option to require this?
+			if dig := r.Header.Get("Digest"); dig != "" {
+				if !verifyDigest(b.Bytes(), dig) {
+					serveErr(rw)
+				}
+			}
+
+			h.ServeHTTP(rw, r)
+		})
+	}
+}
+
+type signOption interface {
+	configureSign(s *signer)
+}
+
+type verifyOption interface {
+	configureVerify(v *verifier)
+}
+
+type signOrVerifyOption interface {
+	signOption
+	verifyOption
+}
+
+type optImpl struct {
+	s func(s *signer)
+	v func(v *verifier)
+}
+
+func (o *optImpl) configureSign(s *signer)     { o.s(s) }
+func (o *optImpl) configureVerify(v *verifier) { o.v(v) }
+
+// TODO: use this to implement required headers in verify?
+func WithHeaders(hdr ...string) signOption {
+	return &optImpl{
+		s: func(s *signer) { s.headers = hdr },
+	}
+}
+
+func WithSignRsaPssSha512(keyID string, pk *rsa.PrivateKey) signOption {
+	return &optImpl{
+		s: func(s *signer) { s.keys[keyID] = signRsaPssSha512(pk) },
+	}
+}
+func WithVerifyRsaPssSha512(keyID string, pk *rsa.PublicKey) verifyOption {
+	return &optImpl{
+		v: func(v *verifier) { v.keys[keyID] = verifyRsaPssSha512(pk) },
+	}
+}
+
+func WithSignEcdsaP256Sha256(keyID string, pk *ecdsa.PrivateKey) signOption {
+	return &optImpl{
+		s: func(s *signer) { s.keys[keyID] = signEccP256(pk) },
+	}
+}
+func WithVerifyEcdsaP256Sha256(keyID string, pk *ecdsa.PublicKey) verifyOption {
+	return &optImpl{
+		v: func(v *verifier) { v.keys[keyID] = verifyEccP256(pk) },
+	}
+}
+
+func WithHmacSha256(keyID string, secret []byte) signOrVerifyOption {
+	return &optImpl{
+		s: func(s *signer) { s.keys[keyID] = signHmacSha256(secret) },
+		v: func(v *verifier) { v.keys[keyID] = verifyHmacSha256(secret) },
+	}
+}