diff options
| author | Matthias Gatto <matthias.gatto@outscale.com> | 2020-07-09 13:58:37 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-12-21 16:27:50 +0100 |
| commit | 08e8455dddc5e48e58a12ade3815c01ae3da3b64 (patch) | |
| tree | fa7077ce3aaef1d3da70f0e3abe1a3e552a3c0be /lib/Makefile.inc | |
| parent | d52564bacb82712a8a1221ec982d7966d7a90a3e (diff) | |
| download | curl-08e8455dddc5e48e58a12ade3815c01ae3da3b64.tar.gz | |
http: introduce AWS HTTP v4 Signature
It is a security process for HTTP.
It doesn't seems to be standard, but it is used by some cloud providers.
Aws:
https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
Outscale:
https://wiki.outscale.net/display/EN/Creating+a+Canonical+Request
GCP (I didn't test that this code work with GCP though):
https://cloud.google.com/storage/docs/access-control/signing-urls-manually
most of the code is in lib/http_v4_signature.c
Information require by the algorithm:
- The URL
- Current time
- some prefix that are append to some of the signature parameters.
The data extracted from the URL are: the URI, the region,
the host and the API type
example:
https://api.eu-west-2.outscale.com/api/latest/ReadNets
~~~ ~~~~~~~~ ~~~~~~~~~~~~~~~~~~~
^ ^ ^
/ \ URI
API type region
Small description of the algorithm:
- make canonical header using content type, the host, and the date
- hash the post data
- make canonical_request using custom request, the URI,
the get data, the canonical header, the signed header
and post data hash
- hash canonical_request
- make str_to_sign using one of the prefix pass in parameter,
the date, the credential scope and the canonical_request hash
- compute hmac from date, using secret key as key.
- compute hmac from region, using above hmac as key
- compute hmac from api_type, using above hmac as key
- compute hmac from request_type, using above hmac as key
- compute hmac from str_to_sign using above hmac as key
- create Authorization header using above hmac, prefix pass in parameter,
the date, and above hash
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
Closes #5703
Diffstat (limited to 'lib/Makefile.inc')
| -rw-r--r-- | lib/Makefile.inc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/Makefile.inc b/lib/Makefile.inc index 943333272..b41b4b6b0 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -105,6 +105,7 @@ LIB_CFILES = \ http_negotiate.c \ http_ntlm.c \ http_proxy.c \ + http_aws_sigv4.c \ idn_win32.c \ if2ip.c \ imap.c \ @@ -229,6 +230,7 @@ LIB_HFILES = \ http_negotiate.h \ http_ntlm.h \ http_proxy.h \ + http_aws_sigv4.h \ if2ip.h \ imap.h \ inet_ntop.h \ |