static gchar * sign_string (gchar *message, gchar *key) { GHmac *hmac; guint8 buffer[SHA1_DIGEST_LEN]; gsize buffer_len = SHA1_DIGEST_LEN; hmac = g_hmac_new (G_CHECKSUM_SHA1, (guchar *) key, strlen (key)); g_hmac_update (hmac, (guchar *) message, strlen (message)); g_hmac_get_digest (hmac, buffer, &buffer_len); g_hmac_unref (hmac); return g_base64_encode (buffer, buffer_len); }
/** * g_compute_hmac_for_data: * @digest_type: a #GChecksumType to use for the HMAC * @key: (array length=key_len): the key to use in the HMAC * @key_len: the length of the key * @data: (array length=length): binary blob to compute the HMAC of * @length: length of @data * * Computes the HMAC for a binary @data of @length. This is a * convenience wrapper for g_hmac_new(), g_hmac_get_string() * and g_hmac_unref(). * * The hexadecimal string returned will be in lower case. * * Returns: the HMAC of the binary data as a string in hexadecimal. * The returned string should be freed with g_free() when done using it. * * Since: 2.30 */ gchar * g_compute_hmac_for_data (GChecksumType digest_type, const guchar *key, gsize key_len, const guchar *data, gsize length) { GHmac *hmac; gchar *retval; g_return_val_if_fail (length == 0 || data != NULL, NULL); hmac = g_hmac_new (digest_type, key, key_len); if (!hmac) return NULL; g_hmac_update (hmac, data, length); retval = g_strdup (g_hmac_get_string (hmac)); g_hmac_unref (hmac); return retval; }
static gchar* _make_hmacsha1_base64_signature(const gchar* base_string, const gchar* key) { gsize digest_len = 100; //sha1 is actually 160 bits guint8 hmac_digest[digest_len]; GHmac* hmac = g_hmac_new(G_CHECKSUM_SHA1, (const guchar*)key, strlen(key)); g_hmac_update(hmac, (const guchar*)base_string, strlen(base_string)); g_hmac_get_digest(hmac, hmac_digest, &digest_len); g_hmac_unref(hmac); gchar* out = g_malloc0((digest_len / 3 + 1) * 4 + 4); gint state = 0; gint save = 0; gchar* p = out; p += g_base64_encode_step(hmac_digest, digest_len, FALSE, p, &state, &save); g_base64_encode_close(FALSE, p, &state, &save); return out; }
static char* _net_compute_signature(const ds3_log* log, const ds3_creds* creds, http_verb verb, char* resource_name, char* date, char* content_type, char* checksum_value, char* amz_headers) { GHmac* hmac; gchar* signature; gsize bufSize = 256; guint8 buffer[256]; unsigned char* signature_str = _generate_signature_str(verb, resource_name, date, content_type, checksum_value, amz_headers); char* escaped_str = g_strescape((char*) signature_str, NULL); ds3_log_message(log, DS3_DEBUG, "signature string: %s", escaped_str); g_free(escaped_str); hmac = g_hmac_new(G_CHECKSUM_SHA1, (unsigned char*) creds->secret_key->value, creds->secret_key->size); g_hmac_update(hmac, signature_str, strlen((const char*)signature_str)); g_hmac_get_digest(hmac, buffer, &bufSize); signature = g_base64_encode(buffer, bufSize); g_free(signature_str); g_hmac_unref(hmac); return signature; }
static int qcrypto_glib_hmac_bytesv(QCryptoHmac *hmac, const struct iovec *iov, size_t niov, uint8_t **result, size_t *resultlen, Error **errp) { QCryptoHmacGlib *ctx; int i, ret; ctx = hmac->opaque; for (i = 0; i < niov; i++) { g_hmac_update(ctx->ghmac, iov[i].iov_base, iov[i].iov_len); } ret = g_checksum_type_get_length(qcrypto_hmac_alg_map[hmac->alg]); if (ret < 0) { error_setg(errp, "Unable to get hmac length"); return -1; } if (*resultlen == 0) { *resultlen = ret; *result = g_new0(uint8_t, *resultlen); } else if (*resultlen != ret) { error_setg(errp, "Result buffer size %zu is smaller than hmac %d", *resultlen, ret); return -1; } g_hmac_get_digest(ctx->ghmac, *result, resultlen); return 0; }