feat(hmac-auth): add support for RSA signatures

[locao]

Summary

The hmac-auth plugin allow authentication with HMAC signatures based on the draft-cavage-http-signatures draft.
This commit aims to add support for RSA signatures as described in the draft, providing a stronger layer
of security via asymmetric encryption.

Co-authored-by: Jérémy Quilleré [email protected]

Note: the feature was coded by @mideuger in #8530, this PR adds cluster compatibility support.

Checklist

• The Pull Request has tests
• There's an entry in the CHANGELOG
• There is a user-facing docs PR against https://github.com/Kong/docs.konghq.com - PUT DOCS PR HERE

Full changelog

• Add possible values to algorithms (rsa-sha256 and rsa-sha512)
• Add a new field to this plugin's credential (public_key)
• Add tests showing failed and succeeded authentications using rsa algorithms

How to test

First, create a RSA key pair :

openssl genrsa -out private_key.pem
openssl rsa -in private_key.pem -pubout -out public_key.pem

Then, enable the plugin, create a consumer and a corresponding credential with the public key :

curl -X POST http://localhost:8001/plugins \
    --form "name=hmac-auth"  \
    --form "config.algorithms=rsa-sha256" \
    --form "config.algorithms=rsa-sha512"

curl -X POST http://localhost:8001/consumers \
    --form "username=alice"

curl -X POST http://localhost:8001/consumers/alice/hmac-auth \
    --form "username=alice" \
    --form "public_key=@public_key.pem"

Finally, make a signed request :

export DATE="date: $(echo -n $(TZ=GMT date '+%a, %d %b %Y %T %Z'))"
export SIGNATURE=$(printf %s "${DATE}" | openssl dgst -binary -sha512 -sign private_key.pem | openssl base64 -A)
export AUTHORIZATION='authorization: username="alice", algorithm="rsa-sha512", headers="date", signature="'${SIGNATURE}'"'

curl -X GET http://localhost:8000 \
    --header "${DATE}" \
    --header "${AUTHORIZATION}"

Possible improvements

Here are some improvements that we might want to implement after this one :

• Check public key validity during credential creation/update
• Rebrand the plugin to HTTP Signature
• Use Signature header to provide the signature (or let it be configurable)
• Implement keyId from the draft

Issue reference

KAG-1934
Closes: #8530

[kikito]

@bungle please give this a review

[catbro666]

Do we need to specify rsa here when using rsa signature for consistency?

[catbro666]

error message needs to be changed accordingly

[chobits]

The specific string format for the "Authorization" header that includes the method (e.g., "Hmac" or "Rsa") and the various components (e.g., "username," "algorithm," "headers," and "signature") may not be standardized in the HTTP Signatures draft (draft-cavage-http-signatures). The draft defines the concept of HTTP signatures and how they can be generated and verified, but it doesn't prescribe a specific format for the "Authorization" header.

The format you are using, which includes "Hmac" or "Rsa" as the method prefix, is a common convention used in some implementations for clarity and to distinguish between different authentication methods (HMAC and RSA, in this case). However, this specific format might not be explicitly detailed in the draft itself.

[chobits]

agree. need to output the right error message

[catbro666]

Strictly speaking, rsa doesn't belong to hmac. The scope of the plugin name feels a little small now. Maybe something like "sign-auth" would have been better

[chobits]

hi @locao I'm helping to resolve this conflict, recently I have also reviewed original community PRs. Hans and me will be helping to move the progress of this communit PR into our master.

[fffonion]

how about typedefs.key { required = false, referenceable = true, encrypted = true }, }, ?

Suggested change

	{ public_key = { type = "string" }, },
	{ public_key = typedefs.key {
	description = "The RSA public key used to validate signature.",
	type = "string",
	encrypted = true, -- Kong Enterprise-exclusive feature, does nothing in Kong CE
	referenceable = true,
	}, },

An additional validator to validate it's a RSA key (not EC or ECX keys) would be good.

[GGabriele]

Should we add these new options in the description of the algorithms field? (line 30)

[nowNick]

Just one concern regarding the if statement. Other than that it looks good 👍

[nowNick]

Shouldn't we increment the check in the if as well?

Suggested change

	if m and #m >= 4 then
	if m and #m >= 5 then

[nowNick]

Depending on which PR goes it first - we need to either change it here or there (#11791) but in the end we need to make sure we return proper WWW-Authenticate header on 401 response

[bungle]

Looks like this is the latest draft:
https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures

So in theory at least I would rather move this plugin in direction of this:
https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures#iana-hsa-contents

That lists there:

• rsa-pss-sha512
• rsa-v1_5-sha256
• hmac-sha256
• ecdsa-p256-sha256
• ecdsa-p384-sha384
• ed25519

And perhaps later:
https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures#name-json-web-signature-jws-algo

[AndyZhang0707]

3.8 FF is done, so I don't think we will ship this feature in 3.8. Removing it from the 3.8.0 milestone. cc: @locao