digitalbazaar / http-signature-header

BSD 3-Clause "New" or "Revised" License
8 stars 2 forks source link

Check that CLI utility actually produces signatures properly #26

Open dlongley opened 4 years ago

dlongley commented 4 years ago

It looks like the CLI tool is doing an additional SHA-512 hash of the content before feeding it to Ed25519 (which is Pure EdDSA). I can't tell if that's correct or not based on the spec. I also can't tell what the spec intends ... as doing an additional hash on the content is unnecessary with Pure Ed25519 and removes some of its benefits. Perhaps this additional hashing was intentional, however, to enable better privacy with external HSM systems? It's all a bit unclear.

https://github.com/digitalbazaar/http-signature-header/blob/master/bin/util.js#L108-L111

Either way, the tool converts a digets to 'utf8' and then back again ... when it could just do digest() and get the Buffer directly.

aljones15 commented 4 years ago

the utf8 thing has been mentioned before and I'm looking into it. The SHA-512 comes from the definition for hs2019:

For example, assume that the algorithm value is "hs2019" and the keyId refers to an EdDSA public key. This would signal to the application that the signature string construction mechanism is the one defined in Section 2.3: Signature String Construction [9], the signature string hashing function is SHA-512, and the signing algorithm is Ed25519 as defined in RFC 8032 [RFC8032], Section 5.1: Ed25519ph, Ed25519ctx, and Ed25519. The result of the signature creation algorithm should result in a binary string, which is then base 64 encoded and placed into the signature value.

and the exact mention from the registry:

Algorithm Name: hs2019 Status: active Canonicalization Algorithm: [RFC_THIS_DOCUMENT], Section 2.3: Signature String Construction [22] Hash Algorithm: RFC 6234 [RFC6234], SHA-512 (SHA-2 with 512-bits of digest output) Digital Signature Algorithm: Derived from metadata associated with keyId. Recommend support for RFC 8017 [RFC8017], Section 8.1: RSASSA-PSS, RFC 6234 [RFC6234], Section 7.1: SHA-Based HMACs, ANSI X9.62-2005 ECDSA, P-256, and RFC 8032 [RFC8032], Section 5.1: Ed25519ph, Ed25519ctx, and Ed25519.