Llm Data Leakage in Echo Go with Hmac Signatures

When LLM endpoints are exposed behind an Echo Go service that uses HMAC signatures only for selected routes, data leakage can occur if the signature validation is applied inconsistently across handlers. An LLM endpoint that returns model prompts, system instructions, or generated completions may inadvertently include sensitive context such as API keys, user identifiers, or internal routing information. If an attacker can reach an unauthenticated or weakly validated Echo route that proxies or forwards requests to an LLM service, they may extract this data through crafted inputs or by observing error messages and response payloads.

Echo Go does not inherently enforce middleware ordering or scope; developers decide where to place HMAC verification. A common misconfiguration is applying HMAC checks only to administrative or webhook routes while leaving LLM-serving routes unprotected. In such setups, an unauthenticated LLM endpoint becomes reachable, enabling techniques like prompt injection or output scanning that align with the LLM/AI Security checks described in middleBrick. For example, an attacker might submit a prompt designed to trigger a verbose error that includes a system prompt or a portion of the signing key, or they might probe for routes that bypass HMAC by observing differences in response codes or timing.

The interaction becomes risky when HMAC verification is implemented at the Echo middleware level but is bypassed due to route prefix mismatches or conditional skips. If an LLM handler is registered under a path that is not covered by the HMAC middleware stack, the service may still process requests that carry sensitive metadata in headers or context values. An attacker can then leverage injection techniques to coax the LLM into returning training details, internal function schemas, or data that should remain confidential. middleBrick’s LLM/AI Security module detects these scenarios by checking for unauthenticated LLM endpoints and by testing for prompt injection, jailbreaks, and output leakage of API keys or PII.

In practice, this means an Echo Go service that uses Hmac Signatures must ensure that all routes interacting with LLM endpoints are included in the signature validation scope, and that the LLM handler does not expose raw prompts or system instructions in responses. Without this consistency, the security provided by HMAC on other routes does not protect the LLM surface, and data leakage can occur through error messages, overly detailed logs, or crafted adversarial prompts that exploit missing authorization checks.

To summarize, the vulnerability arises when HMAC-based access control in Echo Go is not uniformly applied to LLM-serving routes, allowing unauthenticated or insufficiently authenticated access to endpoints that can reveal sensitive information through normal or error outputs. This aligns with the types of findings middleBrick reports, including unsafe consumption paths and unauthenticated LLM endpoint detection.

Remediation centers on consistent middleware application, strict route definitions, and safe handling of request context so that HMAC signatures are validated for all LLM-related paths. Below are concrete, working examples for Echo Go that demonstrate how to enforce HMAC validation uniformly and avoid data leakage.

Consistent HMAC Middleware on All Routes

Apply HMAC verification as a global middleware or on route groups that include LLM handlers. This ensures every request to sensitive endpoints is authenticated.

package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/hex"
	"net/http"
	"strings"

	"github.com/labstack/echov3"
	"github.com/labstack/echov3/middleware"
)

func isValidHMAC(payload, receivedMAC, secret string) bool {
	h := hmac.New(sha256.New, []byte(secret))
	h.Write([]byte(payload))
	expected := hex.EncodeToString(h.Sum(nil))
	return hmac.Equal([]byte(expected), []byte(receivedMAC))
}

func HMACMiddleware(secret string) echo.MiddlewareFunc {
	return func(next echo.HandlerFunc) echo.HandlerFunc {
		return func(c echo.Context) error {
			// For JSON payloads, use a canonical serialization of relevant fields
			body := c.Request().Header.Get("X-Payload-Signature")
			if body == "" {
				// try reading a specific header or a deterministic representation
				return c.String(http.StatusUnauthorized, "missing signature")
			}
			mac := c.Request().Header.Get("X-HMAC-SHA256")
			if mac == "" {
				return c.String(http.StatusUnauthorized, "missing HMAC")
			}
			if !isValidHMAC(body, mac, secret) {
				return c.String(http.StatusForbidden, "invalid signature")
			}
			return next(c)
		}
	}
}

func llmHandler(c echo.Context) error {
	// Safe handling: avoid exposing prompts or keys in responses
	prompt := c.FormValue("prompt")
	if prompt == "" {
		return c.String(http.StatusBadRequest, "prompt required")
	}
	// Call LLM service securely; do not include internal context in output
	result := "generated response based on prompt"
	return c.JSON(http.StatusOK, map[string]string{"result": result})
}

func main() {
	e := echov3.New()
	secret := "your-256-bit-secret"

	// Apply HMAC middleware globally or to specific groups
	e.Use(middleware.Logger())
	e.Use(HMACMiddleware(secret))

	// Ensure LLM routes are covered
	e.POST("/v1/chat/completions", llmHandler)
	e.POST("/llm/invoke", llmHandler)

	// Avoid duplicating unprotected routes for LLM functionality
	e.Logger().Fatal(e.Start(":8080"))
}

Scoped HMAC for Selective Coverage with Explicit Inclusion of LLM Routes

If you must apply HMAC only to certain groups, explicitly register LLM routes under the protected group.

package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/hex"
	"net/http"

	"github.com/labstack/echov3"
)

func isValidHMAC(payload, receivedMAC, secret string) bool {
	h := hmac.New(sha256.New, []byte(secret))
	h.Write([]byte(payload))
	expected := hex.EncodeToString(h.Sum(nil))
	return hmac.Equal([]byte(expected), []byte(receivedMAC))
}

func HMACMiddleware(secret string) echo.MiddlewareFunc {
	return func(next echo.HandlerFunc) echo.HandlerFunc {
		return func(c echo.Context) error {
			body := c.Request().Header.Get("X-Payload-Signature")
			mac := c.Request().Header.Get("X-HMAC-SHA256")
			if body == "" || mac == "" {
				return c.String(http.StatusUnauthorized, "missing signature or HMAC")
			}
			if !isValidHMAC(body, mac, secret) {
				return c.String(http.StatusForbidden, "invalid signature")
			}
			return next(c)
		}
	}
}

func llmHandler(c echo.Context) error {
	prompt := c.FormValue("prompt")
	if prompt == "" {
		return c.JSON(http.StatusBadRequest, map[string]string{"error": "prompt required"})
	}
	result := "secure response"
	return c.JSON(http.StatusOK, map[string]string{"result": result})
}

func main() {
	e := echov3.New()
	secret := "your-256-bit-secret"

	// Protected API group with HMAC
	protected := e.Group("/api")
	protected.Use(HMACMiddleware(secret))
	protected.POST("/llm/chat", llmHandler)
	protected.POST("/llm/generate", llmHandler)

	// Avoid unprotected LLM routes
	// e.POST("/llm/open", llmHandler) // Do not do this

	e.Logger().Fatal(e.Start(":8080"))
}

Additional Practices to Prevent Data Leakage

• Ensure LLM handlers do not include raw prompts, system instructions, or internal identifiers in response bodies or logs.
• Standardize error responses to avoid leaking stack traces or environment details that could aid an attacker probing HMAC behavior.
• Rotate HMAC secrets regularly and store them outside the application configuration using secure secret management.
• Combine route-level HMAC checks with transport-layer security (TLS) to protect signatures and payloads in transit.

By applying HMAC validation consistently and designing LLM endpoints to avoid exposing sensitive context, an Echo Go service can mitigate data leakage risks while still enabling secure interaction with LLM providers. These measures align with the findings and remediation patterns reported by security scanners like middleBrick.