From f8b0817ddcfea9c537cb4b8e3a4d62bf394db3a0 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <lx@deuxfleurs.fr>
Date: Tue, 18 Feb 2025 12:00:41 +0100
Subject: [PATCH] api: streaming signature: fix trailer parsing

---
 script/dev-cluster.sh                 |  2 +-
 src/api/common/signature/streaming.rs | 23 +++++++++++++----------
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/script/dev-cluster.sh b/script/dev-cluster.sh
index 6b39255a..998ffdb9 100755
--- a/script/dev-cluster.sh
+++ b/script/dev-cluster.sh
@@ -11,7 +11,7 @@ PATH="${GARAGE_DEBUG}:${GARAGE_RELEASE}:${NIX_RELEASE}:$PATH"
 FANCYCOLORS=("41m" "42m" "44m" "45m" "100m" "104m")
 
 export RUST_BACKTRACE=1 
-export RUST_LOG=garage=info,garage_api=debug
+export RUST_LOG=garage=info,garage_api_common=debug,garage_api_s3=debug
 MAIN_LABEL="\e[${FANCYCOLORS[0]}[main]\e[49m"
 
 if [ -z "$GARAGE_BIN" ]; then
diff --git a/src/api/common/signature/streaming.rs b/src/api/common/signature/streaming.rs
index 3ffc5b2f..6afc2621 100644
--- a/src/api/common/signature/streaming.rs
+++ b/src/api/common/signature/streaming.rs
@@ -24,6 +24,11 @@ pub fn parse_streaming_body(
 	region: &str,
 	service: &str,
 ) -> Result<Request<ReqBody>, Error> {
+	debug!(
+		"Content signature mode: {:?}",
+		checked_signature.content_sha256_header
+	);
+
 	let expected_checksums = ExpectedChecksums {
 		sha256: match &checked_signature.content_sha256_header {
 			ContentSha256Header::Sha256Checksum(sha256) => Some(*sha256),
@@ -243,7 +248,7 @@ mod payload {
 			let (input, header_value) = try_parse!(take_while(
 				|c: u8| c.is_ascii_alphanumeric() || b"+/=".contains(&c)
 			)(input));
-			let (input, _) = try_parse!(tag(b"\n")(input));
+			let (input, _) = try_parse!(tag(b"\r\n")(input));
 
 			Ok((
 				input,
@@ -257,15 +262,7 @@ mod payload {
 		pub fn parse_signed(input: &[u8]) -> nom::IResult<&[u8], Self, Error<&[u8]>> {
 			let (input, trailer) = Self::parse_content(input)?;
 
-			let (input, _) = try_parse!(tag(b"\r\n\r\n")(input));
-
-			Ok((input, trailer))
-		}
-		pub fn parse_unsigned(input: &[u8]) -> nom::IResult<&[u8], Self, Error<&[u8]>> {
-			let (input, trailer) = Self::parse_content(input)?;
-
-			let (input, _) = try_parse!(tag(b"\r\n")(input));
-
+			let (input, _) = try_parse!(tag(b"x-amz-trailer-signature:")(input));
 			let (input, data) = try_parse!(map_res(hex_digit1, hex::decode)(input));
 			let signature = Hash::try_from(&data).ok_or(nom::Err::Failure(Error::BadSignature))?;
 			let (input, _) = try_parse!(tag(b"\r\n")(input));
@@ -278,6 +275,12 @@ mod payload {
 				},
 			))
 		}
+		pub fn parse_unsigned(input: &[u8]) -> nom::IResult<&[u8], Self, Error<&[u8]>> {
+			let (input, trailer) = Self::parse_content(input)?;
+			let (input, _) = try_parse!(tag(b"\r\n")(input));
+
+			Ok((input, trailer))
+		}
 	}
 }