Rewrite cavage/RichAnna spec

dhensby · Sep 29, 2022 · 628da39 · 628da39
1 parent e344d05
commit 628da39
Show file tree

Hide file tree

Showing 4 changed files with 973 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -10,14 +10,19 @@ of HTTP messages before being sent.
 Two specifications are supported by this library:
 
 1. [HTTPbis](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures)
-2. [Cavage](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures)
+2. [Cavage](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures) and subsequent [RichAnna](https://datatracker.ietf.org/doc/html/draft-richanna-http-message-signatures)
 
 ## Approach
 
-As the cavage specification is now expired and superseded by the HTTPbis one, this library takes a
+As the Cavage/RichAnna specification is now expired and superseded by the HTTPbis one, this library takes a
 "HTTPbis-first" approach. This means that most support and maintenance will go into the HTTPbis
-implementation and syntax. The syntax is then back-ported to the Cavage implementation as much as
-possible.
+implementation and syntax. The syntax is then back-ported to the as much as possible.
+
+## Caveats
+
+The Cavage/RichAnna specifications have changed over time, introducing new features. The aim is to support
+the [latest version of the specification](https://datatracker.ietf.org/doc/html/draft-richanna-http-message-signatures)
+and not to try to support each version in isolation.
 
 ## Examples
 

diff --git a/src/algorithm/index.ts b/src/algorithm/index.ts
@@ -12,7 +12,7 @@ import {
 } from 'crypto';
 import { RSA_PKCS1_PADDING, RSA_PKCS1_PSS_PADDING } from 'constants';
 
-export type Algorithm = 'rsa-v1_5-sha256' | 'ecdsa-p256-sha256' | 'hmac-sha256' | 'rsa-pss-sha512';
+export type Algorithm = 'rsa-v1_5-sha256' | 'ecdsa-p256-sha256' | 'hmac-sha256' | 'rsa-pss-sha512' | string;
 
 export interface Signer {
     (data: BinaryLike): Promise<Buffer>,
@@ -42,6 +42,13 @@ export function createSigner(alg: Algorithm, key: BinaryLike | KeyLike | SignKey
                 padding: RSA_PKCS1_PADDING,
             } as SignPrivateKeyInput);
             break;
+        case 'rsa-v1_5-sha1':
+            // this is legacy for cavage
+            signer = async (data: BinaryLike) => createSign('sha1').update(data).sign({
+                key,
+                padding: RSA_PKCS1_PADDING,
+            } as SignPrivateKeyInput);
+            break;
         case 'ecdsa-p256-sha256':
             signer = async (data: BinaryLike) => createSign('sha256').update(data).sign(key as KeyLike);
             break;