diff options
Diffstat (limited to 'lib/reqsign.c')
-rw-r--r-- | lib/reqsign.c | 46 |
1 files changed, 41 insertions, 5 deletions
diff --git a/lib/reqsign.c b/lib/reqsign.c index a8a4e5e..893e4d7 100644 --- a/lib/reqsign.c +++ b/lib/reqsign.c @@ -18,6 +18,7 @@ #include <string.h> #include <time.h> #include "libeclat.h" +#include "sha256.h" #include "grecs.h" struct pname { @@ -42,15 +43,15 @@ compnames(const void *a, const void *b) return strcmp(*ac, *bc); } -void -eclat_query_signature(struct ec2_query *req, char *secret) +static void +querysign2(struct ec2_query *req, char *secret) { char **pnames; size_t i, n; struct grecs_txtacc *acc; struct pname pn; char *str; - char digest[20]; + char digest[SHA256_DIGEST_SIZE]; size_t siglen; const char *verb; char tsbuf[22]; @@ -59,7 +60,7 @@ eclat_query_signature(struct ec2_query *req, char *secret) acc = grecs_txtacc_create(); /* Add default parameters */ - eclat_query_add_param(req, "SignatureMethod", "HmacSHA1"); + eclat_query_add_param(req, "SignatureMethod", "HmacSHA256"); eclat_query_add_param(req, "SignatureVersion", "2"); time(&t); @@ -103,7 +104,7 @@ eclat_query_signature(struct ec2_query *req, char *secret) grecs_txtacc_grow_char(acc, 0); str = grecs_txtacc_finish(acc, 0); - hmac_sha1(str, strlen(str), secret, strlen(secret), digest); + hmac_sha256(str, strlen(str), secret, strlen(secret), digest); eclat_base64_encode((unsigned char *)digest, sizeof(digest), (unsigned char**) &req->signature, &siglen); @@ -117,3 +118,38 @@ eclat_query_signature(struct ec2_query *req, char *secret) eclat_query_add_param(req, "Expires", tsbuf); */ } + +static void +querysign4(struct ec2_query *req, char *secret) +{ + abort(); +} + + +struct qsimpl { + char *qs_version; + void (*qs_fun)(struct ec2_query *, char *); +}; + +static struct qsimpl qstab[] = { + { "2", querysign2 }, + { "4", querysign4 }, + { NULL } +}; + +void +eclat_query_sign(struct ec2_query *req, char *secret, char *version) +{ + struct qsimpl *qs; + + for (qs = qstab; qs->qs_version && strcmp(qs->qs_version, version); + qs++) + ; + + if (qs->qs_version) + qs->qs_fun(req, secret); + else { + err("INTERNAL ERROR: unsupported version %s", version); + abort(); + } +} |