static gchar *
sign_string (gchar *message, gchar *key)
{
GHmac *hmac;
guint8 buffer[SHA1_DIGEST_LEN];
gsize buffer_len = SHA1_DIGEST_LEN;
hmac = g_hmac_new (G_CHECKSUM_SHA1, (guchar *) key, strlen (key));
g_hmac_update (hmac, (guchar *) message, strlen (message));
g_hmac_get_digest (hmac, buffer, &buffer_len);
g_hmac_unref (hmac);
return g_base64_encode (buffer, buffer_len);
}
/**
* g_hmac_get_string:
* @hmac: a #GHmac
*
* Gets the HMAC as an hexadecimal string.
*
* Once this function has been called the #GHmac can no longer be
* updated with g_hmac_update().
*
* The hexadecimal characters will be lower case.
*
* Returns: the hexadecimal representation of the HMAC. The
* returned string is owned by the HMAC and should not be modified
* or freed.
*
* Since: 2.30
*/
const gchar *
g_hmac_get_string (GHmac *hmac)
{
guint8 *buffer;
gsize digest_len;
g_return_val_if_fail (hmac != NULL, NULL);
digest_len = g_checksum_type_get_length (hmac->digest_type);
buffer = g_alloca (digest_len);
/* This is only called for its side-effect of updating hmac->digesto... */
g_hmac_get_digest (hmac, buffer, &digest_len);
/* ... because we get the string from the checksum rather than
* stringifying buffer ourselves
*/
return g_checksum_get_string (hmac->digesto);
}
static gchar* _make_hmacsha1_base64_signature(const gchar* base_string,
const gchar* key)
{
gsize digest_len = 100; //sha1 is actually 160 bits
guint8 hmac_digest[digest_len];
GHmac* hmac = g_hmac_new(G_CHECKSUM_SHA1, (const guchar*)key, strlen(key));
g_hmac_update(hmac, (const guchar*)base_string, strlen(base_string));
g_hmac_get_digest(hmac, hmac_digest, &digest_len);
g_hmac_unref(hmac);
gchar* out = g_malloc0((digest_len / 3 + 1) * 4 + 4);
gint state = 0;
gint save = 0;
gchar* p = out;
p += g_base64_encode_step(hmac_digest, digest_len,
FALSE, p, &state, &save);
g_base64_encode_close(FALSE, p, &state, &save);
return out;
}
static char* _net_compute_signature(const ds3_log* log, const ds3_creds* creds, http_verb verb, char* resource_name,
char* date, char* content_type, char* checksum_value, char* amz_headers) {
GHmac* hmac;
gchar* signature;
gsize bufSize = 256;
guint8 buffer[256];
unsigned char* signature_str = _generate_signature_str(verb, resource_name, date, content_type, checksum_value, amz_headers);
char* escaped_str = g_strescape((char*) signature_str, NULL);
ds3_log_message(log, DS3_DEBUG, "signature string: %s", escaped_str);
g_free(escaped_str);
hmac = g_hmac_new(G_CHECKSUM_SHA1, (unsigned char*) creds->secret_key->value, creds->secret_key->size);
g_hmac_update(hmac, signature_str, strlen((const char*)signature_str));
g_hmac_get_digest(hmac, buffer, &bufSize);
signature = g_base64_encode(buffer, bufSize);
g_free(signature_str);
g_hmac_unref(hmac);
return signature;
}
static int
qcrypto_glib_hmac_bytesv(QCryptoHmac *hmac,
const struct iovec *iov,
size_t niov,
uint8_t **result,
size_t *resultlen,
Error **errp)
{
QCryptoHmacGlib *ctx;
int i, ret;
ctx = hmac->opaque;
for (i = 0; i < niov; i++) {
g_hmac_update(ctx->ghmac, iov[i].iov_base, iov[i].iov_len);
}
ret = g_checksum_type_get_length(qcrypto_hmac_alg_map[hmac->alg]);
if (ret < 0) {
error_setg(errp, "Unable to get hmac length");
return -1;
}
if (*resultlen == 0) {
*resultlen = ret;
*result = g_new0(uint8_t, *resultlen);
} else if (*resultlen != ret) {
error_setg(errp, "Result buffer size %zu is smaller than hmac %d",
*resultlen, ret);
return -1;
}
g_hmac_get_digest(ctx->ghmac, *result, resultlen);
return 0;
}
