Skip to content

Commit 7e3fc42

Browse files
sbisciglsbiscigl
committed
fix stream signer
1 parent 0749b56 commit 7e3fc42

File tree

2 files changed

+20
-27
lines changed

2 files changed

+20
-27
lines changed

src/aws-cpp-sdk-core/include/aws/core/auth/signer/AWSAuthEventStreamV4Signer.h

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -100,8 +100,6 @@ namespace Aws
100100
const Aws::String& simpleDate, const Aws::String& region, const Aws::String& serviceName) const;
101101
const Aws::String m_serviceName;
102102
const Aws::String m_region;
103-
mutable Aws::Utils::Crypto::Sha256 m_hash;
104-
mutable Aws::Utils::Crypto::Sha256HMAC m_HMAC;
105103
mutable Utils::Threading::ReaderWriterLock m_derivedKeyLock;
106104
mutable Aws::Utils::ByteBuffer m_derivedKey;
107105
mutable Aws::String m_currentDateStr;

src/aws-cpp-sdk-core/source/auth/signer/AWSAuthEventStreamV4Signer.cpp

Lines changed: 20 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -118,15 +118,14 @@ bool AWSAuthEventStreamV4Signer::SignRequest(Aws::Http::HttpRequest& request, co
118118
AWS_LOGSTREAM_DEBUG(v4StreamingLogTag, "Canonical Request String: " << canonicalRequestString);
119119

120120
//now compute sha256 on that request string
121-
auto hashResult = m_hash.Calculate(canonicalRequestString);
122-
if (!hashResult.IsSuccess())
121+
auto sha256Digest = HashingUtils::CalculateSHA256(canonicalRequestString);
122+
if (sha256Digest.GetLength() == 0)
123123
{
124124
AWS_LOGSTREAM_ERROR(v4StreamingLogTag, "Failed to hash (sha256) request string");
125125
AWS_LOGSTREAM_DEBUG(v4StreamingLogTag, "The request string is: \"" << canonicalRequestString << "\"");
126126
return false;
127127
}
128128

129-
auto sha256Digest = hashResult.GetResult();
130129
Aws::String canonicalRequestHash = HashingUtils::HexEncode(sha256Digest);
131130
Aws::String simpleDate = now.ToGmtString(Aws::Auth::AWSAuthHelper::SIMPLE_DATE_FORMAT_STR);
132131

@@ -178,39 +177,38 @@ bool AWSAuthEventStreamV4Signer::SignEventMessage(Event::Message& message, Aws::
178177
nonSignatureHeaders.push_back(static_cast<char>(EventHeaderValue::EventHeaderType::TIMESTAMP)); // type of the value
179178
WriteBigEndian(nonSignatureHeaders, static_cast<uint64_t>(now.Millis())); // the value of the timestamp in big-endian
180179

181-
auto hashOutcome = m_hash.Calculate(nonSignatureHeaders);
182-
if (!hashOutcome.IsSuccess())
180+
auto nonSignatureHeadersHash = HashingUtils::CalculateSHA256(nonSignatureHeaders);
181+
if (nonSignatureHeadersHash.GetLength() == 0)
183182
{
184183
AWS_LOGSTREAM_ERROR(v4StreamingLogTag, "Failed to hash (sha256) non-signature headers.");
185184
return false;
186185
}
187186

188-
const auto nonSignatureHeadersHash = hashOutcome.GetResult();
189187
stringToSign << HashingUtils::HexEncode(nonSignatureHeadersHash) << Aws::Auth::AWSAuthHelper::NEWLINE;
190188

189+
ByteBuffer payloadHash;
191190
if (!message.GetEventPayload().empty())
192191
{
193192
// use a preallocatedStreamBuf to avoid making a copy.
194193
// The Hashing API requires either Aws::String or IStream as input.
195194
// TODO: the hashing API should be accept 'unsigned char*' as input.
196195
Utils::Stream::PreallocatedStreamBuf streamBuf(message.GetEventPayload().data(), message.GetEventPayload().size());
197196
Aws::IOStream payload(&streamBuf);
198-
hashOutcome = m_hash.Calculate(payload);
197+
payloadHash = HashingUtils::CalculateSHA256(payload);
199198
}
200199
else
201200
{
202201
// only a signature and a date will be in a frame
203202
AWS_LOGSTREAM_INFO(v4StreamingLogTag, "Signing an event with an empty payload");
204203

205-
hashOutcome = m_hash.Calculate(""); // SHA256 of an empty buffer
204+
payloadHash = HashingUtils::CalculateSHA256(""); // SHA256 of an empty buffer
206205
}
207206

208-
if (!hashOutcome.IsSuccess())
207+
if (payloadHash.GetLength() == 0)
209208
{
210209
AWS_LOGSTREAM_ERROR(v4StreamingLogTag, "Failed to hash (sha256) non-signature headers.");
211210
return false;
212211
}
213-
const auto payloadHash = hashOutcome.GetResult();
214212
stringToSign << HashingUtils::HexEncode(payloadHash);
215213
AWS_LOGSTREAM_DEBUG(v4StreamingLogTag, "Payload hash - " << HashingUtils::HexEncode(payloadHash));
216214

@@ -259,15 +257,15 @@ Aws::Utils::ByteBuffer AWSAuthEventStreamV4Signer::GenerateSignature(const Aws::
259257

260258
Aws::StringStream ss;
261259

262-
auto hashResult = m_HMAC.Calculate(ByteBuffer((unsigned char*)stringToSign.c_str(), stringToSign.length()), key);
263-
if (!hashResult.IsSuccess())
260+
auto hashResult = HashingUtils::CalculateSHA256HMAC(ByteBuffer((unsigned char*)stringToSign.c_str(), stringToSign.length()), key);
261+
if (hashResult.GetLength() == 0)
264262
{
265263
AWS_LOGSTREAM_ERROR(v4StreamingLogTag, "Unable to hmac (sha256) final string");
266264
AWS_LOGSTREAM_DEBUG(v4StreamingLogTag, "The final string is: \"" << stringToSign << "\"");
267265
return {};
268266
}
269267

270-
return hashResult.GetResult();
268+
return hashResult;
271269
}
272270

273271
Aws::String AWSAuthEventStreamV4Signer::GenerateStringToSign(const Aws::String& dateValue, const Aws::String& simpleDate,
@@ -287,38 +285,35 @@ Aws::Utils::ByteBuffer AWSAuthEventStreamV4Signer::ComputeHash(const Aws::String
287285
{
288286
Aws::String signingKey(Aws::Auth::AWSAuthHelper::SIGNING_KEY);
289287
signingKey.append(secretKey);
290-
auto hashResult = m_HMAC.Calculate(ByteBuffer((unsigned char*)simpleDate.c_str(), simpleDate.length()),
288+
auto hashResult = HashingUtils::CalculateSHA256HMAC(ByteBuffer((unsigned char*)simpleDate.c_str(), simpleDate.length()),
291289
ByteBuffer((unsigned char*)signingKey.c_str(), signingKey.length()));
292290

293-
if (!hashResult.IsSuccess())
291+
if (hashResult.GetLength() == 0)
294292
{
295293
AWS_LOGSTREAM_ERROR(v4StreamingLogTag, "Failed to HMAC (SHA256) date string \"" << simpleDate << "\"");
296294
return {};
297295
}
298296

299-
auto kDate = hashResult.GetResult();
300-
hashResult = m_HMAC.Calculate(ByteBuffer((unsigned char*)region.c_str(), region.length()), kDate);
301-
if (!hashResult.IsSuccess())
297+
hashResult = HashingUtils::CalculateSHA256HMAC(ByteBuffer((unsigned char*)region.c_str(), region.length()), hashResult);
298+
if (hashResult.GetLength() == 0)
302299
{
303300
AWS_LOGSTREAM_ERROR(v4StreamingLogTag, "Failed to HMAC (SHA256) region string \"" << region << "\"");
304301
return {};
305302
}
306303

307-
auto kRegion = hashResult.GetResult();
308-
hashResult = m_HMAC.Calculate(ByteBuffer((unsigned char*)serviceName.c_str(), serviceName.length()), kRegion);
309-
if (!hashResult.IsSuccess())
304+
hashResult = HashingUtils::CalculateSHA256HMAC(ByteBuffer((unsigned char*)serviceName.c_str(), serviceName.length()), hashResult);
305+
if (hashResult.GetLength() == 0)
310306
{
311307
AWS_LOGSTREAM_ERROR(v4StreamingLogTag, "Failed to HMAC (SHA256) service string \"" << m_serviceName << "\"");
312308
return {};
313309
}
314310

315-
auto kService = hashResult.GetResult();
316-
hashResult = m_HMAC.Calculate(ByteBuffer((unsigned char*)Aws::Auth::AWSAuthHelper::AWS4_REQUEST, strlen(Aws::Auth::AWSAuthHelper::AWS4_REQUEST)), kService);
317-
if (!hashResult.IsSuccess())
311+
hashResult = HashingUtils::CalculateSHA256HMAC(ByteBuffer((unsigned char*)Aws::Auth::AWSAuthHelper::AWS4_REQUEST, strlen(Aws::Auth::AWSAuthHelper::AWS4_REQUEST)), hashResult);
312+
if (hashResult.GetLength() == 0)
318313
{
319314
AWS_LOGSTREAM_ERROR(v4StreamingLogTag, "Unable to HMAC (SHA256) request string");
320315
AWS_LOGSTREAM_DEBUG(v4StreamingLogTag, "The request string is: \"" << Aws::Auth::AWSAuthHelper::AWS4_REQUEST << "\"");
321316
return {};
322317
}
323-
return hashResult.GetResult();
318+
return hashResult;
324319
}

0 commit comments

Comments
 (0)