feat(sdk-hmac): add v4 canonical preimage construction #8079
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
MohammedRyaan786
force-pushed
the
CAAS-660-canonicalization-helper
branch
4 times, most recently
from
30e4717 to
69a4784
Compare
There was a problem hiding this comment.
Pull request overview
Adds a new v4 HMAC signing/verification implementation to @bitgo/sdk-hmac, including canonical preimage construction (newline-delimited fields + trailing newline), body hashing, and request/response helper utilities.
Changes:
- Introduces
hmacv4module for v4 preimage construction, request header generation, and response verification. - Adds shared crypto/time helpers in
util.tsand refactors v2/v3calculateHMACto use the shared HMAC helper. - Adds comprehensive unit tests covering v4 signing/verification behavior and helper functions.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| modules/sdk-hmac/src/hmacv4.ts | New v4 signing + verification implementation and proxy header helpers |
| modules/sdk-hmac/src/util.ts | New shared SHA256/HMAC primitives + method normalization + timestamp helper |
| modules/sdk-hmac/src/types.ts | Adds v4-specific option/result types and expands AuthVersion union |
| modules/sdk-hmac/src/index.ts | Exports new v4 module and util helpers from package entrypoint |
| modules/sdk-hmac/src/hmac.ts | Refactors v2/v3 HMAC primitive to call shared hmacSha256() |
| modules/sdk-hmac/test/hmacv4.ts | New unit test suite for v4 logic and util helpers |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
MohammedRyaan786
force-pushed
the
CAAS-660-canonicalization-helper
branch
2 times, most recently
from
f10c69a to
6caa8bc
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
MohammedRyaan786
force-pushed
the
CAAS-660-canonicalization-helper
branch
from
6caa8bc to
edccb76
Compare
MohammedRyaan786
force-pushed
the
CAAS-660-canonicalization-helper
branch
from
edccb76 to
cf9770f
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
1 participant
TICKET: CAAS-660
This pull request introduces a new v4 HMAC authentication module, adds utility functions for hashing and HMAC operations, and refactors the existing code to support the new authentication scheme. The changes are grouped into three main themes: new v4 authentication functionality, utility enhancements, and integration/refactoring of existing code.
New v4 authentication functionality:
hmacv4.tsmodule implementing v4 authentication, including canonical preimage construction, body hashing, HMAC signature calculation, header generation, response verification, and support for proxy headers.types.tswith new interfaces for v4 authentication options, headers, and verification results, enabling type-safe usage of the new v4 methods.Utility enhancements:
util.tswith functions for SHA256 hashing (sha256Hex), HMAC-SHA256 (hmacSha256), HTTP method normalization, path extraction, and timestamp calculation, supporting both Node.js and browser environments.Integration and refactoring:
hmac.tsto use the newhmacSha256utility function instead of directly callingcreateHmac, improving code reuse and consistency. [1] [2] [3]index.tsto export the newhmacv4,util, and extended types, making all new functionality available to consumers of the SDK.