diff options
| author | Matthias Gatto <matthias.gatto@outscale.com> | 2020-07-09 13:58:37 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-12-21 16:27:50 +0100 |
| commit | 08e8455dddc5e48e58a12ade3815c01ae3da3b64 (patch) | |
| tree | fa7077ce3aaef1d3da70f0e3abe1a3e552a3c0be /include | |
| parent | d52564bacb82712a8a1221ec982d7966d7a90a3e (diff) | |
| download | curl-08e8455dddc5e48e58a12ade3815c01ae3da3b64.tar.gz | |
http: introduce AWS HTTP v4 Signature
It is a security process for HTTP.
It doesn't seems to be standard, but it is used by some cloud providers.
Aws:
https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
Outscale:
https://wiki.outscale.net/display/EN/Creating+a+Canonical+Request
GCP (I didn't test that this code work with GCP though):
https://cloud.google.com/storage/docs/access-control/signing-urls-manually
most of the code is in lib/http_v4_signature.c
Information require by the algorithm:
- The URL
- Current time
- some prefix that are append to some of the signature parameters.
The data extracted from the URL are: the URI, the region,
the host and the API type
example:
https://api.eu-west-2.outscale.com/api/latest/ReadNets
~~~ ~~~~~~~~ ~~~~~~~~~~~~~~~~~~~
^ ^ ^
/ \ URI
API type region
Small description of the algorithm:
- make canonical header using content type, the host, and the date
- hash the post data
- make canonical_request using custom request, the URI,
the get data, the canonical header, the signed header
and post data hash
- hash canonical_request
- make str_to_sign using one of the prefix pass in parameter,
the date, the credential scope and the canonical_request hash
- compute hmac from date, using secret key as key.
- compute hmac from region, using above hmac as key
- compute hmac from api_type, using above hmac as key
- compute hmac from request_type, using above hmac as key
- compute hmac from str_to_sign using above hmac as key
- create Authorization header using above hmac, prefix pass in parameter,
the date, and above hash
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
Closes #5703
Diffstat (limited to 'include')
| -rw-r--r-- | include/curl/curl.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/curl/curl.h b/include/curl/curl.h index 76ebd8993..d43864b87 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -787,6 +787,7 @@ typedef enum { #define CURLAUTH_DIGEST_IE (((unsigned long)1)<<4) #define CURLAUTH_NTLM_WB (((unsigned long)1)<<5) #define CURLAUTH_BEARER (((unsigned long)1)<<6) +#define CURLAUTH_AWS_SIGV4 (((unsigned long)1)<<7) #define CURLAUTH_ONLY (((unsigned long)1)<<31) #define CURLAUTH_ANY (~CURLAUTH_DIGEST_IE) #define CURLAUTH_ANYSAFE (~(CURLAUTH_BASIC|CURLAUTH_DIGEST_IE)) @@ -2073,6 +2074,9 @@ typedef enum { CURLOPT(CURLOPT_HSTSWRITEFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 303), CURLOPT(CURLOPT_HSTSWRITEDATA, CURLOPTTYPE_CBPOINT, 304), + /* Provider for V4 signature */ + CURLOPT(CURLOPT_AWS_SIGV4, CURLOPTTYPE_STRINGPOINT, 305), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; |