A quick, ring-based SigV4 signer draft

Question

A quick, ring-based SigV4 signer draft

Opened this issue 6 years ago · 4 comments

Hey Doug! I've got a quick draft of a SigV4 signer I drew up a while back using ring. I haven't really tested it end-to-end, but it might be useful to you!

use bytes::Bytes;
use ring::{
    digest,
    hmac::{self, Signature, SigningKey},
    rand::{self, SecureRandom},
};
use std::error::Error;

fn sign_inner(mut data: Vec<u8>, key: Bytes) -> Result<Signature, Box<Error>> {
    rand::SystemRandom::new().fill(&mut data)?;
    let signature = SigningKey::new(&digest::SHA256, &data);
    let signature = hmac::sign(&signature, &key.as_ref());

    Ok(signature)
}

pub fn sign(
    key: String,
    date: Vec<u8>,
    region: Vec<u8>,
    service: Vec<u8>,
) -> Result<Signature, Box<Error>> {
    let sig = format!("AWS4{}", key);
    let sig = sign_inner(date, Bytes::from(sig.as_bytes()))?;
    let sig = sign_inner(region, Bytes::from(sig.as_ref()))?;
    let sig = sign_inner(service, Bytes::from(sig.as_ref()))?;
    let sig = sign_inner(
        String::from("aws4_request").as_bytes().to_vec(),
        Bytes::from(sig.as_ref()),
    )?;

    Ok(sig)
}

#[test]
fn test_sign() {
    let key = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
    let date = "20120215";
    let region_name = "us-east-1";
    let service = "iam";
    let result = sign(
        key.to_string(),
        date.as_bytes().to_vec(),
        region_name.as_bytes().to_vec(),
        service.as_bytes().to_vec(),
    )
    .unwrap();
    dbg!(result);
}

Answer 1 · 2019-04-10T23:11:17.000Z

Very cool. I like how you and I are always so closely curious about the same things ;)

I was testing this with a cli to post to an apigw websocket endpoint connection. Rusoto gets me all of this for how but I'll take a look at the ring thing because I really don't need all of rusoto core for this.

Answer 2 · 2019-11-07T16:41:11.000Z

Update: I got it working, alongside with portions of it hooked up into the test suite. https://github.com/davidbarsky/sigv4

Answer 3 · 2019-11-07T22:52:35.000Z

Oh neat! I'll check it out. You should contribute some of this back to rusoto

Answer 4 · 2019-11-08T02:10:25.000Z

I’d like to, but it only supports a subset of the functionality that Rusoto’s SigV4 signer does. I’d like to reach feature parity first.

…

________________________________ From: Doug Tangren <notifications@github.com> Sent: Thursday, November 7, 2019 5:52 PM To: softprops/sigv4 Cc: David Barsky; Author Subject: Re: [softprops/sigv4] A quick, *ring*-based SigV4 signer draft (#1) Oh neat! I'll check it out. You should contribute some of this back to rusoto — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#1?email_source=notifications&email_token=AAPY2PT2TEFHXDXYM7QWU63QSSL3HA5CNFSM4HE4YAX2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEDODRSY#issuecomment-551303371>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAPY2PXRSYNX2VKTNS3ONADQSSL3HANCNFSM4HE4YAXQ>.