mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
sigv4: allow arbitrary hash payloads
This commit is contained in:
Jed Lu
Andy Green
parent
2fea1e49bd
commit
e588f308ac
3 changed files with 71 additions and 45 deletions
|
|
@ -147,27 +147,6 @@ bin2hex(uint8_t *in, size_t len, char *out)
|
|||
*out = '\0';
|
||||
}
|
||||
|
||||
static int
|
||||
sha256hash(uint8_t *data, size_t len, char *out)
|
||||
{
|
||||
struct lws_genhash_ctx hash_ctx;
|
||||
uint8_t hash_bin[32];
|
||||
|
||||
if (lws_genhash_init(&hash_ctx, LWS_GENHASH_TYPE_SHA256) ||
|
||||
lws_genhash_update(&hash_ctx, (void *)data, len) ||
|
||||
lws_genhash_destroy(&hash_ctx, hash_bin))
|
||||
{
|
||||
|
||||
lws_genhash_destroy(&hash_ctx, NULL);
|
||||
lwsl_err("%s lws_genhash error \n", __func__);
|
||||
return -1;
|
||||
}
|
||||
|
||||
bin2hex(hash_bin, sizeof(hash_bin), out);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
hmacsha256(const uint8_t *key, size_t keylen, const uint8_t *txt,
|
||||
size_t txtlen, uint8_t *digest)
|
||||
|
|
@ -192,43 +171,85 @@ hmacsha256(const uint8_t *key, size_t keylen, const uint8_t *txt,
|
|||
return 0;
|
||||
}
|
||||
|
||||
/* cut the last byte of the str */
|
||||
static inline int hash_update_bite_str(struct lws_genhash_ctx *ctx, const char * str)
|
||||
{
|
||||
int ret = 0;
|
||||
if ((ret = lws_genhash_update(ctx, (void *)str, strlen(str)-1))) {
|
||||
lws_genhash_destroy(ctx, NULL);
|
||||
lwsl_err("%s err %d line \n", __func__, ret);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
static inline int hash_update_str(struct lws_genhash_ctx *ctx, const char * str)
|
||||
{
|
||||
int ret = 0;
|
||||
if ((ret = lws_genhash_update(ctx, (void *)str, strlen(str)))) {
|
||||
lws_genhash_destroy(ctx, NULL);
|
||||
lwsl_err("%s err %d \n", __func__, ret);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int
|
||||
build_sign_string(struct lws *wsi, char *buf, size_t bufsz,
|
||||
struct lws_ss_handle *h, struct sigv4 *s)
|
||||
{
|
||||
char hash[65], *end = &buf[bufsz - 1], *start;
|
||||
int i;
|
||||
struct lws_genhash_ctx hash_ctx;
|
||||
uint8_t hash_bin[32];
|
||||
int i, ret = 0;
|
||||
|
||||
start = buf;
|
||||
|
||||
if ((ret = lws_genhash_init(&hash_ctx, LWS_GENHASH_TYPE_SHA256))) {
|
||||
lws_genhash_destroy(&hash_ctx, NULL);
|
||||
lwsl_err("%s genhash init err %d \n", __func__, ret);
|
||||
return -1;
|
||||
}
|
||||
/*
|
||||
* build canonical_request and hash it
|
||||
* hash canonical_request
|
||||
*/
|
||||
buf += lws_snprintf(buf, lws_ptr_diff_size_t(end, buf), "%s\n%s\n",
|
||||
h->policy->u.http.method,
|
||||
lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_URI));
|
||||
|
||||
if (hash_update_str(&hash_ctx, h->policy->u.http.method) ||
|
||||
hash_update_str(&hash_ctx, "\n"))
|
||||
return -1;
|
||||
if (hash_update_str(&hash_ctx, lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_URI)) ||
|
||||
hash_update_str(&hash_ctx, "\n"))
|
||||
return -1;
|
||||
|
||||
/* TODO, append query string */
|
||||
buf += lws_snprintf(buf, lws_ptr_diff_size_t(end, buf), "\n");
|
||||
if (hash_update_str(&hash_ctx, "\n"))
|
||||
return -1;
|
||||
|
||||
for (i = 0; i < s->hnum; i++) {
|
||||
buf += lws_snprintf(buf, lws_ptr_diff_size_t(end, buf), "%s%s\n",
|
||||
s->headers[i].name, s->headers[i].value);
|
||||
if (hash_update_str(&hash_ctx, s->headers[i].name) ||
|
||||
hash_update_str(&hash_ctx, s->headers[i].value) ||
|
||||
hash_update_str(&hash_ctx, "\n"))
|
||||
return -1;
|
||||
|
||||
}
|
||||
buf += lws_snprintf(buf, lws_ptr_diff_size_t(end, buf), "\n");
|
||||
for (i = 0; i < s->hnum; i++) {
|
||||
buf += lws_snprintf(buf, lws_ptr_diff_size_t(end, buf), "%s",
|
||||
s->headers[i].name);
|
||||
buf--; /* remove ':' */
|
||||
*buf++ = ';';
|
||||
if (hash_update_str(&hash_ctx, "\n"))
|
||||
return -1;
|
||||
|
||||
for (i = 0; i < s->hnum-1; i++) {
|
||||
if (hash_update_bite_str(&hash_ctx, s->headers[i].name) ||
|
||||
hash_update_str(&hash_ctx, ";"))
|
||||
return -1;
|
||||
}
|
||||
buf--; /* remove the trailing ';' */
|
||||
buf += lws_snprintf(buf, lws_ptr_diff_size_t(end, buf), "\n%s",
|
||||
s->payload_hash);
|
||||
*buf++ = '\0';
|
||||
if (hash_update_bite_str(&hash_ctx, s->headers[i].name) ||
|
||||
hash_update_str(&hash_ctx, "\n") ||
|
||||
hash_update_str(&hash_ctx, s->payload_hash))
|
||||
return -1;
|
||||
|
||||
assert(buf <= start + bufsz);
|
||||
|
||||
sha256hash((uint8_t *)start, strlen(start), hash);
|
||||
if ((ret = lws_genhash_destroy(&hash_ctx, hash_bin))) {
|
||||
lws_genhash_destroy(&hash_ctx, NULL);
|
||||
lwsl_err("%s lws_genhash error \n", __func__);
|
||||
return -1;
|
||||
}
|
||||
|
||||
bin2hex(hash_bin, sizeof(hash_bin), hash);
|
||||
/*
|
||||
* build sign string like the following
|
||||
*
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ static const char * const default_ss_policy =
|
|||
"],"
|
||||
"\"auth\": [" /* named cert chains */
|
||||
"{"
|
||||
"\"name\": \"sigv4_brahms\","
|
||||
"\"name\": \"sigv4_br\","
|
||||
"\"type\": \"sigv4\","
|
||||
"\"blob\": 0"
|
||||
"}"
|
||||
|
|
@ -93,7 +93,7 @@ static const char * const default_ss_policy =
|
|||
"\"tls_trust_store\":" "\"s3-root-cert\","
|
||||
"\"opportunistic\":" "true,"
|
||||
"\"retry\":" "\"default\","
|
||||
"\"use_auth\":" "\"sigv4_brahms\","
|
||||
"\"use_auth\":" "\"sigv4_br\","
|
||||
"\"aws_region\":" "\"region\","
|
||||
"\"aws_service\":" "\"service\","
|
||||
"\"metadata\": ["
|
||||
|
|
|
|||
|
|
@ -65,7 +65,12 @@ ss_s3_tx(void *userobj, lws_ss_tx_ordinal_t ord, uint8_t *buf, size_t *len,
|
|||
static const char *awsService = "s3",
|
||||
*awsRegion = "us-west-2",
|
||||
*s3bucketName = "sstest2020",
|
||||
*s3ObjName = "SSs3upload2.txt";
|
||||
#if 1
|
||||
*s3ObjName = "SSs3upload2.txt";
|
||||
#else
|
||||
/* test huge string sigv4 hashing works */
|
||||
*s3ObjName = "SSs3uploadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa2.txt";
|
||||
#endif
|
||||
static char timestamp[32], payload_hash[65];
|
||||
static uint8_t jpl[1 * 1024];
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue