Deuxfleurs/garage
32
61
Fork 80
Code Issues 91 Pull requests 14 Releases 31 Wiki Activity

signature: refactor: move constant defs to mod.rs

Browse source
This commit is contained in:
Alex 2025-02-16 16:34:18 +01:00
parent 859b38b0d2
commit 2f0c5ca220
3 changed files with 50 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
src/api/common/signature/mod.rs
View file

@ -2,6 +2,7 @@ use chrono::{DateTime, Utc};
use hmac::{Hmac, Mac}; use hmac::{Hmac, Mac};
use sha2::Sha256; use sha2::Sha256;
use hyper::header::HeaderName;
use hyper::{body::Incoming as IncomingBody, Request}; use hyper::{body::Incoming as IncomingBody, Request};
use garage_model::garage::Garage; use garage_model::garage::Garage;
@ -17,8 +18,55 @@ pub mod streaming;
pub const SHORT_DATE: &str = "%Y%m%d"; pub const SHORT_DATE: &str = "%Y%m%d";
pub const LONG_DATETIME: &str = "%Y%m%dT%H%M%SZ"; pub const LONG_DATETIME: &str = "%Y%m%dT%H%M%SZ";
// ---- Constants used in AWSv4 signatures ----
pub const X_AMZ_ALGORITHM: HeaderName = HeaderName::from_static("x-amz-algorithm");
pub const X_AMZ_CREDENTIAL: HeaderName = HeaderName::from_static("x-amz-credential");
pub const X_AMZ_DATE: HeaderName = HeaderName::from_static("x-amz-date");
pub const X_AMZ_EXPIRES: HeaderName = HeaderName::from_static("x-amz-expires");
pub const X_AMZ_SIGNEDHEADERS: HeaderName = HeaderName::from_static("x-amz-signedheaders");
pub const X_AMZ_SIGNATURE: HeaderName = HeaderName::from_static("x-amz-signature");
pub const X_AMZ_CONTENT_SH256: HeaderName = HeaderName::from_static("x-amz-content-sha256");
pub const X_AMZ_TRAILER: HeaderName = HeaderName::from_static("x-amz-trailer");
/// Result of `sha256("")`
pub(crate) const EMPTY_STRING_HEX_DIGEST: &str =
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
// Signature calculation algorithm
pub const AWS4_HMAC_SHA256: &str = "AWS4-HMAC-SHA256";
type HmacSha256 = Hmac<Sha256>; type HmacSha256 = Hmac<Sha256>;
// Possible values for x-amz-content-sha256, in addition to the actual sha256
pub const UNSIGNED_PAYLOAD: &str = "UNSIGNED-PAYLOAD";
pub const STREAMING_AWS4_HMAC_SHA256_PAYLOAD: &str = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD";
// Used in the computation of StringToSign
pub const AWS4_HMAC_SHA256_PAYLOAD: &str = "AWS4-HMAC-SHA256-PAYLOAD";
// ---- enums to describe stuff going on in signature calculation ----
pub enum ContentSha256Header {
UnsignedPayload,
Sha256Hash(String),
StreamingPayload {
trailer: Option<TrailerHeader>,
algorithm: Option<SigningAlgorithm>,
},
}
pub enum SigningAlgorithm {
AwsHmacSha256,
}
pub enum TrailerHeader {
XAmzChecksumCrc32,
XAmzChecksumCrc32c,
XAmzChecksumCrc64Nvme,
}
// ---- top-level functions ----
pub async fn verify_request( pub async fn verify_request(
garage: &Garage, garage: &Garage,
mut req: Request<IncomingBody>, mut req: Request<IncomingBody>,

16
src/api/common/signature/payload.rs
View file

@ -13,23 +13,9 @@ use garage_util::data::Hash;
use garage_model::garage::Garage; use garage_model::garage::Garage;
use garage_model::key_table::*; use garage_model::key_table::*;
use super::LONG_DATETIME; use super::*;
use super::{compute_scope, signing_hmac};
use crate::encoding::uri_encode; use crate::encoding::uri_encode;
use crate::signature::error::*;
pub const X_AMZ_ALGORITHM: HeaderName = HeaderName::from_static("x-amz-algorithm");
pub const X_AMZ_CREDENTIAL: HeaderName = HeaderName::from_static("x-amz-credential");
pub const X_AMZ_DATE: HeaderName = HeaderName::from_static("x-amz-date");
pub const X_AMZ_EXPIRES: HeaderName = HeaderName::from_static("x-amz-expires");
pub const X_AMZ_SIGNEDHEADERS: HeaderName = HeaderName::from_static("x-amz-signedheaders");
pub const X_AMZ_SIGNATURE: HeaderName = HeaderName::from_static("x-amz-signature");
pub const X_AMZ_CONTENT_SH256: HeaderName = HeaderName::from_static("x-amz-content-sha256");
pub const AWS4_HMAC_SHA256: &str = "AWS4-HMAC-SHA256";
pub const UNSIGNED_PAYLOAD: &str = "UNSIGNED-PAYLOAD";
pub const STREAMING_AWS4_HMAC_SHA256_PAYLOAD: &str = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD";
pub type QueryMap = HeaderMap<QueryValue>; pub type QueryMap = HeaderMap<QueryValue>;
pub struct QueryValue { pub struct QueryValue {

12
src/api/common/signature/streaming.rs
View file

@ -11,15 +11,9 @@ use hyper::Request;
use garage_util::data::Hash; use garage_util::data::Hash;
use super::{compute_scope, sha256sum, HmacSha256, LONG_DATETIME}; use super::*;
use crate::helpers::*; use crate::helpers::*;
use crate::signature::error::*;
use crate::signature::payload::{
STREAMING_AWS4_HMAC_SHA256_PAYLOAD, X_AMZ_CONTENT_SH256, X_AMZ_DATE,
};
pub const AWS4_HMAC_SHA256_PAYLOAD: &str = "AWS4-HMAC-SHA256-PAYLOAD";
pub type ReqBody = BoxBody<Error>; pub type ReqBody = BoxBody<Error>;
@ -68,10 +62,6 @@ pub fn parse_streaming_body(
} }
} }
/// Result of `sha256("")`
const EMPTY_STRING_HEX_DIGEST: &str =
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
fn compute_streaming_payload_signature( fn compute_streaming_payload_signature(
signing_hmac: &HmacSha256, signing_hmac: &HmacSha256,
date: DateTime<Utc>, date: DateTime<Utc>,