Interface for the SigV4 Library. More...
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
#include "sigv4_config.h"
#include "sigv4_config_defaults.h"
Go to the source code of this file.
Data Structures | |
struct | SigV4CryptoInterface_t |
The cryptography interface used to supply the user-defined hash implementation. More... | |
struct | SigV4HttpParameters_t |
Configurations of the HTTP request used to create the Canonical Request. More... | |
struct | SigV4Credentials_t |
Configurations for the AWS credentials used to generate the Signing Key. More... | |
struct | SigV4Parameters_t |
Complete configurations required for generating "String to Sign" and "Signing Key" values. More... | |
Macros | |
#define | SIGV4_AWS4_HMAC_SHA256 "AWS4-HMAC-SHA256" |
#define | SIGV4_AWS4_HMAC_SHA256_LENGTH ( sizeof( SIGV4_AWS4_HMAC_SHA256 ) - 1U ) |
#define | SIGV4_HTTP_X_AMZ_DATE_HEADER "x-amz-date" |
#define | SIGV4_HTTP_X_AMZ_SECURITY_TOKEN_HEADER "x-amz-security-token" |
#define | SIGV4_STREAMING_AWS4_HMAC_SHA256_PAYLOAD "STREAMING-AWS4-HMAC-SHA256-PAYLOAD" |
#define | SIGV4_HTTP_X_AMZ_CONTENT_SHA256_HEADER "x-amz-content-sha256" |
#define | SIGV4_HTTP_X_AMZ_CONTENT_SHA256_HEADER_LENGTH ( sizeof( SIGV4_HTTP_X_AMZ_CONTENT_SHA256_HEADER ) - 1U ) |
#define | SIGV4_HTTP_X_AMZ_STORAGE_CLASS_HEADER "x-amz-storage-class" |
#define | SIGV4_ACCESS_KEY_ID_LENGTH 20U |
#define | SIGV4_SECRET_ACCESS_KEY_LENGTH 40U |
#define | SIGV4_ISO_STRING_LEN 16U |
#define | SIGV4_EXPECTED_LEN_RFC_3339 20U |
#define | SIGV4_EXPECTED_LEN_RFC_5322 29U |
#define | SIGV4_HTTP_PATH_IS_CANONICAL_FLAG 0x1U |
Set this flag to indicate that the HTTP request path input is already canonicalized. | |
#define | SIGV4_HTTP_QUERY_IS_CANONICAL_FLAG 0x2U |
Set this flag to indicate that the HTTP request query input is already canonicalized. | |
#define | SIGV4_HTTP_HEADERS_ARE_CANONICAL_FLAG 0x4U |
Set this flag to indicate that the HTTP request headers input is already canonicalized. | |
#define | SIGV4_HTTP_PAYLOAD_IS_HASH 0x8U |
Set this flag to indicate that the HTTP request payload is already hashed. | |
#define | SIGV4_HTTP_IS_PRESIGNED_URL 0x10U |
Set this flag to indicate that the HTTP request is a presigned URL. | |
#define | SIGV4_HTTP_ALL_ARE_CANONICAL_FLAG 0x7U |
Set this flag to indicate that the HTTP request path, query, and headers are all already canonicalized. | |
Enumerations | |
enum | SigV4Status_t { SigV4Success , SigV4InvalidParameter , SigV4InsufficientMemory , SigV4ISOFormattingError , SigV4MaxHeaderPairCountExceeded , SigV4MaxQueryPairCountExceeded , SigV4HashError , SigV4InvalidHttpHeaders } |
Return status of the SigV4 Library. More... | |
Functions | |
SigV4Status_t | SigV4_GenerateHTTPAuthorization (const SigV4Parameters_t *pParams, char *pAuthBuf, size_t *authBufLen, char **pSignature, size_t *signatureLen) |
Generates the HTTP Authorization header value. | |
SigV4Status_t | SigV4_AwsIotDateToIso8601 (const char *pDate, size_t dateLen, char *pDateISO8601, size_t dateISO8601Len) |
Parse the date header value from the AWS IoT response, and generate the formatted ISO 8601 date required for authentication. | |
SigV4Status_t | SigV4_EncodeURI (const char *pUri, size_t uriLen, char *pCanonicalURI, size_t *canonicalURILen, bool encodeSlash, bool doubleEncodeEquals) |
Normalize a URI string according to RFC 3986 and fill destination buffer with the formatted string. | |
Interface for the SigV4 Library.
SigV4Status_t SigV4_GenerateHTTPAuthorization | ( | const SigV4Parameters_t * | pParams, |
char * | pAuthBuf, | ||
size_t * | authBufLen, | ||
char ** | pSignature, | ||
size_t * | signatureLen | ||
) |
Generates the HTTP Authorization header value.
[in] | pParams | Parameters for generating the SigV4 signature. |
[out] | pAuthBuf | Buffer to hold the generated Authorization header value. |
[in,out] | authBufLen | Input: the length of pAuthBuf , output: the length of the authorization value written to the buffer. |
[out] | pSignature | Location of the signature in the authorization string. |
[out] | signatureLen | The length of pSignature . |
Example
SigV4Status_t SigV4_AwsIotDateToIso8601 | ( | const char * | pDate, |
size_t | dateLen, | ||
char * | pDateISO8601, | ||
size_t | dateISO8601Len | ||
) |
Parse the date header value from the AWS IoT response, and generate the formatted ISO 8601 date required for authentication.
This is an optional utility function available to the application, to assist with formatting of the date header obtained from AWS IoT (when requesting a temporary token or sending a POST request).
AWS SigV4 authentication requires an ISO 8601 date to be present in the "x-amz-date" request header, as well as in the credential scope (must be identical). For additional information on date handling, please see https://docs.aws.amazon.com/general/latest/gr/sigv4-date-handling.html.
Acceptable Input Formats:
Formatted Output:
[in] | pDate | The date header (in RFC 3339 or RFC 5322 formats). An acceptable date header can be found in the HTTP response returned by AWS IoT. This value should use UTC (with no time-zone offset), and be exactly 20 or 29 characters in length (excluding the null character), to comply with RFC 3339 and RFC 5322 formats, respectively. |
[in] | dateLen | The length of the pDate header value. Must be either SIGV4_EXPECTED_LEN_RFC_3339 or SIGV4_EXPECTED_LEN_RFC_5322, for valid input parameters. |
[out] | pDateISO8601 | The formatted ISO8601-compliant date. The date value written to this buffer will be exactly 16 characters in length, to comply with the ISO8601 standard required for SigV4 authentication. |
[in] | dateISO8601Len | The length of buffer pDateISO8601. Must be at least SIGV4_ISO_STRING_LEN bytes, for valid input parameters. |
Example
SigV4Status_t SigV4_EncodeURI | ( | const char * | pUri, |
size_t | uriLen, | ||
char * | pCanonicalURI, | ||
size_t * | canonicalURILen, | ||
bool | encodeSlash, | ||
bool | doubleEncodeEquals | ||
) |
Normalize a URI string according to RFC 3986 and fill destination buffer with the formatted string.
[in] | pUri | The URI string to encode. |
[in] | uriLen | Length of pUri. |
[out] | pCanonicalURI | The resulting canonicalized URI. |
[in,out] | canonicalURILen | input: the length of pCanonicalURI, output: the length of the generated canonical URI. |
[in] | encodeSlash | Option to indicate if slashes should be encoded. |
[in] | doubleEncodeEquals | Option to indicate if equals should be double-encoded. |