feat: implement transitional signing and verifying

httpsig-wire-proto/Cargo.toml

@@ -13,8 +13,8 @@ edition.workspace = true
 publish.workspace = true
 
 [dependencies]
-anyhow = "1.0.80"
-thiserror = "1.0.57"
+anyhow = "1.0.81"
+thiserror = "1.0.58"
 rand = "0.8.5"
 hpke = "0.11.0"
 bytes = "1.5.0"
@@ -25,4 +25,4 @@ ed25519-compact = { version = "2.1.1" }
 digest = "0.10.7"
 sha2 = "0.10.8"
 hkdf = "0.12.4"
-httpsig = "0.0.11"
+httpsig = "0.0.14"

modoh-bin/Cargo.toml

@@ -47,7 +47,7 @@ modoh-server-lib = { path = "../modoh-lib", default-features = false, features =
   "rustls",
 ] }
 
-anyhow = "1.0.80"
+anyhow = "1.0.81"
 mimalloc = { version = "*", default-features = false }
 serde = { version = "1.0.197", default-features = false, features = ["derive"] }
 derive_builder = "0.20.0"
@@ -62,8 +62,8 @@ async-trait = "0.1.77"
 url = "2.5.0"
 
 # config
-clap = { version = "4.5.1", features = ["std", "cargo", "wrap_help"] }
-toml = { version = "0.8.10", default-features = false, features = ["parse"] }
+clap = { version = "4.5.2", features = ["std", "cargo", "wrap_help"] }
+toml = { version = "0.8.11", default-features = false, features = ["parse"] }
 hot_reload = "0.1.5"
 
 # tracing and metrics

modoh-bin/src/config/target_config.rs

@@ -230,11 +230,11 @@ impl TryInto<ServiceConfig> for &TargetConfig {
         info!("Set HttpSig-enabled targeted domains: {:#?}", httpsig_config.enabled_domains);
 
         if let Some(false) = httpsig.accept_previous_dh_public_keys {
-          httpsig_config.count_previous_dh_public_keys = 0;
+          httpsig_config.previous_dh_public_keys_gen = 0;
         }
         info!(
           "Accept previous DH public keys to fill the gap of the key rotation period: {} generations",
-          httpsig_config.count_previous_dh_public_keys
+          httpsig_config.previous_dh_public_keys_gen
         );
 
         if let Some(force_verification) = httpsig.force_verification {

modoh-lib/Cargo.toml

@@ -38,17 +38,17 @@ tokio = { version = "1.36.0", features = [
   "sync",
   "macros",
 ] }
-anyhow = "1.0.80"
+anyhow = "1.0.81"
 tracing = "0.1.40"
-thiserror = "1.0.57"
+thiserror = "1.0.58"
 async-trait = "0.1.77"
 
 # http handling for both client and server
 url = "2.5.0"
 rustc-hash = "1.1.0"
 hyper = { version = "1.2.0", default-features = false }
 http = "1.1.0"
-http-body-util = "0.1.0"
+http-body-util = "0.1.1"
 hyper-util = { version = "0.1.3", features = ["full"] }
 
 # http handling for client
@@ -91,6 +91,6 @@ tracing-opentelemetry = { version = "0.23.0", optional = true }
 
 # httpsig
 httpsig-proto = { path = "../httpsig-wire-proto", default-features = false, package = "httpsig-proto" }
-indexmap = { version = "2.2.4" }
-httpsig = { version = "0.0.11" }
-httpsig-hyper = { version = "0.0.11" }
+indexmap = { version = "2.2.5" }
+httpsig = { version = "0.0.14" }
+httpsig-hyper = { version = "0.0.14" }

modoh-lib/src/constants.rs

@@ -63,14 +63,23 @@ pub const HTTPSIG_KEY_REFETCH_PERIOD: u64 = 60;
 /// Maximum number of previous keys to store for HTTP message signature
 /// This is just for handling the gap between the new key and the old keys for DHKex
 pub const HTTPSIG_KEYS_STORE_PREVIOUS_COUNT: usize = 1;
+/// Number/generations of past keys generating signatures simultaneously with the current key
+pub const HTTPSIG_KEYS_TRANSITION_MARGIN: usize = 1;
 /// HTTP request timeout for refetching httpsig configs
 pub const HTTPSIG_KEY_REFETCH_TIMEOUT_SEC: u64 = 3;
 /// User agent for refetching HTTP message signature keys
 pub const HTTPSIG_REFETCH_USER_AGENT: &str = "modoh-server";
 /// Default covered components for HTTP message signature
 pub const HTTPSIG_COVERED_COMPONENTS: &[&str] = &["@method", "content-type", "content-digest", "cache-control"];
 /// Custom signature name for HTTP message signature
-pub const HTTPSIG_CUSTOM_SIGNATURE_NAME: &str = "modohsig";
+pub const HTTPSIG_CUSTOM_SIGNATURE_NAME: &str = "modoh-sig";
+/// Custom tag for `signed with my latest key` in HTTP message signature
+pub const HTTPSIG_CUSTOM_SIGNED_WITH_LATEST_KEY: &str = "modoh-sender-latest-key";
+/// Custom tag for `signed with my stale/previous key` in HTTP message signature
+pub const HTTPSIG_CUSTOM_SIGNED_WITH_STALE_KEY: &str = "modoh-sender-stale-key";
+/// Custom exp duration for HTTP message signature in seconds
+/// If the signature is expired, the receiver should not accept the message even if the signature is valid
+pub const HTTPSIG_EXP_DURATION_SEC: u64 = 1;
 
 #[cfg(feature = "evil-trace")]
 pub const EVIL_TRACE_HEADER_NAME: &str = "traceparent";

modoh-lib/src/error.rs

@@ -35,6 +35,8 @@ pub enum MODoHError {
   HttpSigComputeError(String),
   #[error("Failed to verify HTTP message signature: {0}")]
   HttpSigVerificationError(String),
+  #[error("No DH key found")]
+  NoDHKeyFound,
   #[error(transparent)]
   Other(#[from] anyhow::Error),
 }

modoh-lib/src/globals.rs

@@ -124,7 +124,9 @@ pub struct HttpSigConfig {
   pub refetch_period: Duration,
 
   /// Generations of previous dh public keys accepted to fill the gap of the key rotation period.
-  pub count_previous_dh_public_keys: usize,
+  pub previous_dh_public_keys_gen: usize,
+  /// Number of generations of past keys generating signatures simultaneously with the current key.
+  pub generation_transition_margin: usize,
   /// Force httpsig verification for all requests regardless of the source ip validation result.
   pub force_verification: bool,
   /// Ignore httpsig verification result and continue to serve the request. Useful for debugging.
@@ -138,7 +140,8 @@ impl Default for HttpSigConfig {
       key_rotation_period: Duration::from_secs(HTTPSIG_KEY_ROTATION_PERIOD),
       enabled_domains: vec![],
       refetch_period: Duration::from_secs(HTTPSIG_KEY_REFETCH_PERIOD),
-      count_previous_dh_public_keys: HTTPSIG_KEYS_STORE_PREVIOUS_COUNT,
+      previous_dh_public_keys_gen: HTTPSIG_KEYS_STORE_PREVIOUS_COUNT,
+      generation_transition_margin: HTTPSIG_KEYS_TRANSITION_MARGIN.min(HTTPSIG_KEYS_STORE_PREVIOUS_COUNT),
       force_verification: false,
       ignore_verification_result: false,
     }