static gchar *
sign_string (gchar *message, gchar *key)
{
GHmac *hmac;
guint8 buffer[SHA1_DIGEST_LEN];
gsize buffer_len = SHA1_DIGEST_LEN;
hmac = g_hmac_new (G_CHECKSUM_SHA1, (guchar *) key, strlen (key));
g_hmac_update (hmac, (guchar *) message, strlen (message));
g_hmac_get_digest (hmac, buffer, &buffer_len);
g_hmac_unref (hmac);
return g_base64_encode (buffer, buffer_len);
}
/**
* g_compute_hmac_for_data:
* @digest_type: a #GChecksumType to use for the HMAC
* @key: (array length=key_len): the key to use in the HMAC
* @key_len: the length of the key
* @data: (array length=length): binary blob to compute the HMAC of
* @length: length of @data
*
* Computes the HMAC for a binary @data of @length. This is a
* convenience wrapper for g_hmac_new(), g_hmac_get_string()
* and g_hmac_unref().
*
* The hexadecimal string returned will be in lower case.
*
* Returns: the HMAC of the binary data as a string in hexadecimal.
* The returned string should be freed with g_free() when done using it.
*
* Since: 2.30
*/
gchar *
g_compute_hmac_for_data (GChecksumType digest_type,
const guchar *key,
gsize key_len,
const guchar *data,
gsize length)
{
GHmac *hmac;
gchar *retval;
g_return_val_if_fail (length == 0 || data != NULL, NULL);
hmac = g_hmac_new (digest_type, key, key_len);
if (!hmac)
return NULL;
g_hmac_update (hmac, data, length);
retval = g_strdup (g_hmac_get_string (hmac));
g_hmac_unref (hmac);
return retval;
}
static gchar* _make_hmacsha1_base64_signature(const gchar* base_string,
const gchar* key)
{
gsize digest_len = 100; //sha1 is actually 160 bits
guint8 hmac_digest[digest_len];
GHmac* hmac = g_hmac_new(G_CHECKSUM_SHA1, (const guchar*)key, strlen(key));
g_hmac_update(hmac, (const guchar*)base_string, strlen(base_string));
g_hmac_get_digest(hmac, hmac_digest, &digest_len);
g_hmac_unref(hmac);
gchar* out = g_malloc0((digest_len / 3 + 1) * 4 + 4);
gint state = 0;
gint save = 0;
gchar* p = out;
p += g_base64_encode_step(hmac_digest, digest_len,
FALSE, p, &state, &save);
g_base64_encode_close(FALSE, p, &state, &save);
return out;
}
static char* _net_compute_signature(const ds3_log* log, const ds3_creds* creds, http_verb verb, char* resource_name,
char* date, char* content_type, char* checksum_value, char* amz_headers) {
GHmac* hmac;
gchar* signature;
gsize bufSize = 256;
guint8 buffer[256];
unsigned char* signature_str = _generate_signature_str(verb, resource_name, date, content_type, checksum_value, amz_headers);
char* escaped_str = g_strescape((char*) signature_str, NULL);
ds3_log_message(log, DS3_DEBUG, "signature string: %s", escaped_str);
g_free(escaped_str);
hmac = g_hmac_new(G_CHECKSUM_SHA1, (unsigned char*) creds->secret_key->value, creds->secret_key->size);
g_hmac_update(hmac, signature_str, strlen((const char*)signature_str));
g_hmac_get_digest(hmac, buffer, &bufSize);
signature = g_base64_encode(buffer, bufSize);
g_free(signature_str);
g_hmac_unref(hmac);
return signature;
}
static int
qcrypto_glib_hmac_bytesv(QCryptoHmac *hmac,
const struct iovec *iov,
size_t niov,
uint8_t **result,
size_t *resultlen,
Error **errp)
{
QCryptoHmacGlib *ctx;
int i, ret;
ctx = hmac->opaque;
for (i = 0; i < niov; i++) {
g_hmac_update(ctx->ghmac, iov[i].iov_base, iov[i].iov_len);
}
ret = g_checksum_type_get_length(qcrypto_hmac_alg_map[hmac->alg]);
if (ret < 0) {
error_setg(errp, "Unable to get hmac length");
return -1;
}
if (*resultlen == 0) {
*resultlen = ret;
*result = g_new0(uint8_t, *resultlen);
} else if (*resultlen != ret) {
error_setg(errp, "Result buffer size %zu is smaller than hmac %d",
*resultlen, ret);
return -1;
}
g_hmac_get_digest(ctx->ghmac, *result, resultlen);
return 0;
}
