crashlabs/huskies
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 26 Wiki Activity
Files
845b85e7a73bc6d80f15b3f134bb811ba83f9d34
huskies/server/src/chat/transport/slack/verify.rs
T

306 lines
10 KiB
Rust
Raw Normal View History

storkit: merge 413_refactor_split_slack_rs_into_focused_modules
2026-03-27 15:26:38 +00:00
//! Slack request signature verification.
use std::fmt::Write as FmtWrite;
/// Verify the Slack request signature using HMAC-SHA256.
///
/// Slack sends `X-Slack-Signature` and `X-Slack-Request-Timestamp` headers.
/// We compute `HMAC-SHA256(signing_secret, "v0:{timestamp}:{body}")` and
/// compare it to the provided signature.
///
/// This uses a constant-time comparison to prevent timing attacks.
pub(super) fn verify_slack_signature(
signing_secret: &str,
timestamp: &str,
body: &[u8],
signature: &str,
) -> bool {
// Compute HMAC-SHA256 manually using the signing secret.
// Slack signature format: v0={hex(HMAC-SHA256(secret, "v0:{ts}:{body}"))}
let base_string = format!("v0:{timestamp}:");
// Simple HMAC-SHA256 implementation using ring-style approach.
// We use the hmac crate pattern with SHA-256.
// Since we don't want to add a dependency, we'll use a manual approach:
// HMAC(K, m) = H((K' ^ opad) || H((K' ^ ipad) || m))
// where K' is the key padded/hashed to block size.
let key = signing_secret.as_bytes();
let block_size = 64; // SHA-256 block size
// If key is longer than block size, hash it first.
let key_block = if key.len() > block_size {
let digest = sha256(key);
let mut k = vec![0u8; block_size];
k[..32].copy_from_slice(&digest);
k
} else {
let mut k = vec![0u8; block_size];
k[..key.len()].copy_from_slice(key);
k
};
// Inner and outer padded keys.
let mut ipad = vec![0x36u8; block_size];
let mut opad = vec![0x5cu8; block_size];
for i in 0..block_size {
ipad[i] ^= key_block[i];
opad[i] ^= key_block[i];
}
// Inner hash: H(ipad || message)
let mut inner_data = ipad;
inner_data.extend_from_slice(base_string.as_bytes());
inner_data.extend_from_slice(body);
let inner_hash = sha256(&inner_data);
// Outer hash: H(opad || inner_hash)
let mut outer_data = opad;
outer_data.extend_from_slice(&inner_hash);
let hmac_result = sha256(&outer_data);
// Format as "v0={hex}"
let mut expected = String::from("v0=");
for byte in &hmac_result {
write!(expected, "{byte:02x}").unwrap();
}
// Constant-time comparison.
constant_time_eq(expected.as_bytes(), signature.as_bytes())
}
/// Minimal SHA-256 implementation (no external dependency).
///
/// This follows FIPS 180-4. Only used for HMAC signature verification,
/// not for any security-critical path beyond webhook authentication.
fn sha256(data: &[u8]) -> [u8; 32] {
let mut h: [u32; 8] = [
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab,
0x5be0cd19,
];
let k: [u32; 64] = [
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4,
0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe,
0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f,
0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc,
0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b,
0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116,
0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7,
0xc67178f2,
];
// Pre-processing: padding
let bit_len = (data.len() as u64) * 8;
let mut padded = data.to_vec();
padded.push(0x80);
while (padded.len() % 64) != 56 {
padded.push(0);
}
padded.extend_from_slice(&bit_len.to_be_bytes());
// Process each 512-bit block
for chunk in padded.chunks_exact(64) {
let mut w = [0u32; 64];
for i in 0..16 {
w[i] = u32::from_be_bytes([
chunk[4 * i],
chunk[4 * i + 1],
chunk[4 * i + 2],
chunk[4 * i + 3],
]);
}
for i in 16..64 {
let s0 = w[i - 15].rotate_right(7) ^ w[i - 15].rotate_right(18) ^ (w[i - 15] >> 3);
let s1 = w[i - 2].rotate_right(17) ^ w[i - 2].rotate_right(19) ^ (w[i - 2] >> 10);
w[i] = w[i - 16]
.wrapping_add(s0)
.wrapping_add(w[i - 7])
.wrapping_add(s1);
}
let [mut a, mut b, mut c, mut d, mut e, mut f, mut g, mut hh] = h;
for i in 0..64 {
let s1 = e.rotate_right(6) ^ e.rotate_right(11) ^ e.rotate_right(25);
let ch = (e & f) ^ ((!e) & g);
let temp1 = hh
.wrapping_add(s1)
.wrapping_add(ch)
.wrapping_add(k[i])
.wrapping_add(w[i]);
let s0 = a.rotate_right(2) ^ a.rotate_right(13) ^ a.rotate_right(22);
let maj = (a & b) ^ (a & c) ^ (b & c);
let temp2 = s0.wrapping_add(maj);
hh = g;
g = f;
f = e;
e = d.wrapping_add(temp1);
d = c;
c = b;
b = a;
a = temp1.wrapping_add(temp2);
}
h[0] = h[0].wrapping_add(a);
h[1] = h[1].wrapping_add(b);
h[2] = h[2].wrapping_add(c);
h[3] = h[3].wrapping_add(d);
h[4] = h[4].wrapping_add(e);
h[5] = h[5].wrapping_add(f);
h[6] = h[6].wrapping_add(g);
h[7] = h[7].wrapping_add(hh);
}
let mut result = [0u8; 32];
for (i, val) in h.iter().enumerate() {
result[4 * i..4 * i + 4].copy_from_slice(&val.to_be_bytes());
}
result
}
/// Constant-time byte comparison.
fn constant_time_eq(a: &[u8], b: &[u8]) -> bool {
if a.len() != b.len() {
return false;
}
let mut diff = 0u8;
for (x, y) in a.iter().zip(b.iter()) {
diff |= x ^ y;
}
diff == 0
}
// ── Tests ───────────────────────────────────────────────────────────────
#[cfg(test)]
mod tests {
use super::*;
// ── Signature verification ──────────────────────────────────────────
#[test]
fn verify_signature_with_known_values() {
// Test with a known good signature.
let secret = "8f742231b10e8888abcd99yez67291";
let timestamp = "1531420618";
let body = b"token=xyzz0WbapA4vBCDEFasx0q6G&team_id=T1DC2JH3J&team_domain=testteamnow&channel_id=G8PSS9T3V&channel_name=foobar&user_id=U2CERLKJA&user_name=roadrunner&command=%2Fwebhook-collect&text=&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%2FT1DC2JH3J%2F397700885554%2F96rGlfmibIGlgcZRskXaIFfN&trigger_id=398738663015.47445629121.803a0bc887a14d10d2c659f";
// Compute expected signature for this test case.
let sig = compute_test_signature(secret, timestamp, body);
assert!(verify_slack_signature(secret, timestamp, body, &sig));
}
#[test]
fn verify_signature_rejects_bad_signature() {
let secret = "test-secret";
let timestamp = "1234567890";
let body = b"test body";
assert!(!verify_slack_signature(
secret,
timestamp,
body,
"v0=bad_signature_here"
));
}
#[test]
fn verify_signature_rejects_wrong_secret() {
let timestamp = "1234567890";
let body = b"test body";
let sig = compute_test_signature("correct-secret", timestamp, body);
fix: add --all to cargo fmt in script/test and autoformat codebase
2026-04-13 14:07:08 +00:00
assert!(!verify_slack_signature(
"wrong-secret",
timestamp,
body,
&sig
));
storkit: merge 413_refactor_split_slack_rs_into_focused_modules
2026-03-27 15:26:38 +00:00
}
/// Helper to compute a test signature using our sha256 + HMAC implementation.
fn compute_test_signature(secret: &str, timestamp: &str, body: &[u8]) -> String {
use std::fmt::Write;
let key = secret.as_bytes();
let block_size = 64;
let key_block = if key.len() > block_size {
let digest = sha256(key);
let mut k = vec![0u8; block_size];
k[..32].copy_from_slice(&digest);
k
} else {
let mut k = vec![0u8; block_size];
k[..key.len()].copy_from_slice(key);
k
};
let mut ipad = vec![0x36u8; block_size];
let mut opad = vec![0x5cu8; block_size];
for i in 0..block_size {
ipad[i] ^= key_block[i];
opad[i] ^= key_block[i];
}
let base_string = format!("v0:{timestamp}:");
let mut inner_data = ipad;
inner_data.extend_from_slice(base_string.as_bytes());
inner_data.extend_from_slice(body);
let inner_hash = sha256(&inner_data);
let mut outer_data = opad;
outer_data.extend_from_slice(&inner_hash);
let hmac_result = sha256(&outer_data);
let mut expected = String::from("v0=");
for byte in &hmac_result {
write!(expected, "{byte:02x}").unwrap();
}
expected
}
// ── SHA-256 implementation ──────────────────────────────────────────
#[test]
fn sha256_empty_string() {
let result = sha256(b"");
let hex: String = result.iter().map(|b| format!("{b:02x}")).collect();
assert_eq!(
hex,
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
);
}
#[test]
fn sha256_hello_world() {
let result = sha256(b"hello world");
let hex: String = result.iter().map(|b| format!("{b:02x}")).collect();
assert_eq!(
hex,
"b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9"
);
}
// ── Constant-time comparison ────────────────────────────────────────
#[test]
fn constant_time_eq_same_values() {
assert!(constant_time_eq(b"hello", b"hello"));
}
#[test]
fn constant_time_eq_different_values() {
assert!(!constant_time_eq(b"hello", b"world"));
}
#[test]
fn constant_time_eq_different_lengths() {
assert!(!constant_time_eq(b"hello", b"hi"));
}
}
Reference in New Issue Copy Permalink