Merge branch 'generate-auth-header' into sigv4-unit-tests

docs/doxygen/include/size_table.html

@@ -9,12 +9,12 @@
     </tr>
     <tr>
         <td>sigv4.c</td>
-        <td><center>1.1K</center></td>
-        <td><center>0.8K</center></td>
+        <td><center>4.8K</center></td>
+        <td><center>4.1K</center></td>
     </tr>
     <tr>
         <td><b>Total estimates</b></td>
-        <td><b><center>1.1K</center></b></td>
-        <td><b><center>0.8K</center></b></td>
+        <td><b><center>4.8K</center></b></td>
+        <td><b><center>4.1K</center></b></td>
     </tr>
 </table>

lexicon.txt

@@ -1,13 +1,16 @@
-
 accesskeyid
-accesskeylen
+accesskeyidlen
 addtodate
 addtogroup
 aggregator
+algorithmlen
 amz
+api
 apr
 ascii
+auth
 authbuflen
+authorizaton
 aws
 br
 bufferlen
@@ -17,16 +20,20 @@ canonicalurilen
 cbmc
 chunked
 com
+completehashandhexencode
 config
 const
+constness
 copydoc
+currentparameter
 datalen
 datelen
 dd
 deconstructed
 defgroup
-encodeonce
+doubleencodeequals
 encodeslash
+encodetwice
 endif
 enums
 expirationlen
@@ -36,14 +43,23 @@ formatlen
 github
 gmt
 gr
+hashblocklen
+hashdigestlen
 hashfinal
 hashinit
 hashupdate
+headercount
+headerindex
 headerlen
+headersdatalen
 headerslen
+hexencoded
 hh
 hhmmss
 hmac
+hmacdata
+hmacfinal
+hmackey
 html
 http
 httpmethodlen
@@ -54,12 +70,17 @@ inc
 ingroup
 inputlen
 iot
+ipad
 iso
 jan
 january
+keylen
+ksecret
 leninput
 lentoread
+linelen
 lv
+maclen
 mainpage
 min
 misra
@@ -68,20 +89,28 @@ mon
 monthsperday
 noninfringement
 nullterminate
+opad
 ored
 org
 outputlen
 paccesskeyid
+palgorithm
 param
 pathlen
 pauthbuf
+pauthprefixlen
 payloadlen
 pbufcur
 pbuffer
 pbufloc
 pbufprocessing
+pbufstart
+pbytesremaining
+pcanonicalcontext
+pcanonicalrequest
 pcanonicaluri
 pcredscope
+pcryptointerface
 pdata
 pdate
 pdateelements
@@ -92,13 +121,18 @@ phashcontext
 pheaders
 pheadersloc
 phexoutput
+phmaccontext
 phttpmethod
 pinput
 pinputstr
+pkey
+pline
+pmac
 posix
 poutput
 poutputexpected
 poutputleapexpected
+poutputlen
 pparams
 ppath
 ppayload
@@ -110,8 +144,12 @@ psecretaccesskey
 psecuritytoken
 pservice
 psignature
+psignedheaders
+psignedheaderslen
+psigningkey
 ptestformatfailure
 puri
+pvalue
 qsort
 querylen
 rande
@@ -128,25 +166,37 @@ sep
 servicelen
 sha
 signaturelen
+signedheaders
+signedheaderslen
+signingkey
 sizeof
 snprintf
 ss
 sscanf
 standalone
 strftime
+stringtosign
 struct
 structs
 sts
 subfolder
 sublicense
 thu
 tm
+trimmable
+trimmedlen
+trimmedlength
+trimmedlength
 tue
 txt
 un
 uri
 urilen
 url
 utc
+vallen
+valuelen
+xor
+xy
 yyyy
-yyyymmdd
+yyyymmdd

source/include/sigv4.h

@@ -49,20 +49,23 @@
 /** @addtogroup sigv4_constants
  *  @{
  */
-#define SIGV4_AWS4_HMAC_SHA256                      "AWS4-HMAC-SHA256"                   /**< AWS identifier for SHA256 signing algorithm. */
-#define SIGV4_HTTP_X_AMZ_DATE_HEADER                "x-amz-date"                         /**< AWS identifier for HTTP date header. */
-#define SIGV4_HTTP_X_AMZ_SECURITY_TOKEN_HEADER      "x-amz-security-token"               /**< AWS identifier for security token. */
+#define SIGV4_AWS4_HMAC_SHA256                      "AWS4-HMAC-SHA256"                        /**< AWS identifier for SHA256 signing algorithm. */
+#define SIGV4_AWS4_HMAC_SHA256_LENGTH               ( sizeof( SIGV4_AWS4_HMAC_SHA256 ) - 1U ) /**< AWS identifier for SHA256 signing algorithm. */
+#define SIGV4_HTTP_X_AMZ_DATE_HEADER                "x-amz-date"                              /**< AWS identifier for HTTP date header. */
+#define SIGV4_HTTP_X_AMZ_SECURITY_TOKEN_HEADER      "x-amz-security-token"                    /**< AWS identifier for security token. */
 
-#define SIGV4_STREAMING_AWS4_HMAC_SHA256_PAYLOAD    "STREAMING-AWS4-HMAC-SHA256-PAYLOAD" /**< S3 identifier for chunked payloads. */
-#define SIGV4_HTTP_X_AMZ_CONTENT_SHA256_HEADER      "x-amz-content-sha256"               /**< S3 identifier for streaming requests. */
-#define SIGV4_HTTP_X_AMZ_STORAGE_CLASS_HEADER       "x-amz-storage-class"                /**< S3 identifier for reduced streaming redundancy. */
+#define SIGV4_STREAMING_AWS4_HMAC_SHA256_PAYLOAD    "STREAMING-AWS4-HMAC-SHA256-PAYLOAD"      /**< S3 identifier for chunked payloads. */
+#define SIGV4_HTTP_X_AMZ_CONTENT_SHA256_HEADER      "x-amz-content-sha256"                    /**< S3 identifier for streaming requests. */
+#define SIGV4_HTTP_X_AMZ_STORAGE_CLASS_HEADER       "x-amz-storage-class"                     /**< S3 identifier for reduced streaming redundancy. */
 
-#define SIGV4_ACCESS_KEY_ID_LENGTH                  20U                                  /**< Length of access key ID. */
-#define SIGV4_SECRET_ACCESS_KEY_LENGTH              40U                                  /**< Length of secret access key. */
+#define SIGV4_ACCESS_KEY_ID_LENGTH                  20U                                       /**< Length of access key ID. */
+#define SIGV4_SECRET_ACCESS_KEY_LENGTH              40U                                       /**< Length of secret access key. */
+
+#define SIGV4_ISO_STRING_LEN                        16U                                       /**< Length of ISO 8601 date string. */
+#define SIGV4_EXPECTED_LEN_RFC_3339                 20U                                       /**< Length of RFC 3339 date input. */
+#define SIGV4_EXPECTED_LEN_RFC_5322                 29U
+/**< Length of RFC 5322 date input. */
 
-#define SIGV4_ISO_STRING_LEN                        16U                                  /**< Length of ISO 8601 date string. */
-#define SIGV4_EXPECTED_LEN_RFC_3339                 20U                                  /**< Length of RFC 3339 date input. */
-#define SIGV4_EXPECTED_LEN_RFC_5322                 29U                                  /**< Length of RFC 5322 date input. */
 /** @}*/
 
 /**
@@ -108,7 +111,7 @@
  *
  * This flag is valid only for #SigV4HttpParameters_t.flags.
  */
-#define SIGV4_HTTP_ALL_ARE_CANONICAL_FLAG        0x8U
+#define SIGV4_HTTP_ALL_ARE_CANONICAL_FLAG        0x7U
 
 /**
  * @ingroup sigv4_enum_types
@@ -150,7 +153,39 @@ typedef enum SigV4Status
      * Functions that may return this value:
      * - #SigV4_AwsIotDateToIso8601
      */
-    SigV4ISOFormattingError
+    SigV4ISOFormattingError,
+
+    /**
+     * @brief The maximum number of header parameters was exceeded while parsing
+     * the http header string passed to the library.
+     * The maximum number of supported HTTP headers can be configured
+     * with the SIGV4_MAX_HTTP_HEADER_COUNT macro in the library config file
+     * passed by the application.
+     *
+     * Functions that may return this value:
+     * - #SigV4_GenerateHTTPAuthorization
+     */
+    SigV4MaxHeaderPairCountExceeded,
+
+    /**
+     * @brief The maximum number of query parameters was exceeded while parsing
+     * the query string passed to the library.
+     * The maximum number of supported query parameters can be configured
+     * with the SIGV4_MAX_QUERY_PAIR_COUNT macro in the library config file
+     * passed by the application.
+     *
+     * Functions that may return this value:
+     * - #SigV4_GenerateHTTPAuthorization
+     */
+    SigV4MaxQueryPairCountExceeded,
+
+    /**
+     * @brief An error occurred while performing a hash operation.
+     *
+     * Functions that may return this value:
+     * - #SigV4_GenerateHTTPAuthorization
+     */
+    SigV4HashError,
 } SigV4Status_t;
 
 /**
@@ -181,7 +216,7 @@ typedef struct SigV4CryptoInterface
      * @return Zero on success, all other return values are failures.
      */
     int32_t ( * hashUpdate )( void * pHashContext,
-                              const uint8_t * pInput,
+                              const char * pInput,
                               size_t inputLen );
 
     /**
@@ -193,18 +228,28 @@ typedef struct SigV4CryptoInterface
      * output.
      * @param[in] outputLen The length of the pOutput buffer, which must be
      * larger than the hash digest length specified in
-     * #SIGV4_HASH_DIGEST_LENGTH.
+     * #SIGV4_HASH_MAX_DIGEST_LENGTH.
      *
      * @return Zero on success, all other return values are failures.
      */
     int32_t ( * hashFinal )( void * pHashContext,
-                             uint8_t * pOutput,
+                             char * pOutput,
                              size_t outputLen );
 
     /**
      * @brief Context for the hashInit, hashUpdate, and hashFinal interfaces.
      */
     void * pHashContext;
+
+    /**
+     * @brief The block length of the hash function.
+     */
+    size_t hashBlockLen;
+
+    /**
+     * @brief The digest length of the hash function.
+     */
+    size_t hashDigestLen;
 } SigV4CryptoInterface_t;
 
 /**
@@ -226,7 +271,7 @@ typedef struct SigV4HttpParameters
      * - #SIGV4_HTTP_PATH_IS_CANONICAL_FLAG     0x1
      * - #SIGV4_HTTP_QUERY_IS_CANONICAL_FLAG    0x2
      * - #SIGV4_HTTP_HEADERS_ARE_CANONICAL_FLAG 0x4
-     * - #SIGV4_HTTP_ALL_ARE_CANONICAL_FLAG     0x8
+     * - #SIGV4_HTTP_ALL_ARE_CANONICAL_FLAG     0x7
      */
     uint32_t flags;
 
@@ -275,13 +320,13 @@ typedef struct SigV4HttpParameters
 typedef struct SigV4Credentials
 {
     /**
-     * @brief The pAccessKeyId MUST be 20 characters long.
+     * @brief The pAccessKeyId MUST be at least 16 characters long.
      */
     const char * pAccessKeyId;
-    size_t accessKeyLen; /**< @brief Length of pAccessKeyId. */
+    size_t accessKeyIdLen; /**< @brief Length of pAccessKeyId. */
 
     /**
-     * @brief The pSecretAccessKey MUST be 40 characters long.
+     * @brief The pSecretAccessKey MUST be at least 40 characters long.
      */
     const char * pSecretAccessKey;
     size_t secretAccessKeyLen; /**< @brief Length of pSecretAccessKey. */
@@ -326,6 +371,14 @@ typedef struct SigV4Parameters
      */
     const char * pDateIso8601;
 
+    /**
+     * @brief The algorithm used for SigV4 authentication. If set to NULL,
+     * this will automatically be set to "AWS4-HMAC-SHA256" by default.
+     */
+    const char * pAlgorithm;
+
+    size_t algorithmLen; /**< @brief Length of pAlgorithm. */
+
     /**
      * @brief The target AWS region for the request. Please see
      * https://docs.aws.amazon.com/general/latest/gr/rande.html for a list of
@@ -357,13 +410,14 @@ typedef struct SigV4Parameters
 
 /**
  * @brief Generates the HTTP Authorization header value.
+ * @note The API does not support HTTP headers containing empty HTTP header keys or values.
  *
  * @param[in] pParams Parameters for generating the SigV4 signature.
  * @param[out] pAuthBuf Buffer to hold the generated Authorization header value.
- * @param[in, out] authBufLen Input: the length of pAuthBuf, output: the length
+ * @param[in, out] authBufLen Input: the length of @p pAuthBuf, output: the length
  * of the authorization value written to the buffer.
  * @param[out] pSignature Location of the signature in the authorization string.
- * @param[out] signatureLen The length of pSignature.
+ * @param[out] signatureLen The length of @p pSignature.
  *
  * @return #SigV4Success if successful, error code otherwise.
  */
@@ -424,4 +478,5 @@ SigV4Status_t SigV4_AwsIotDateToIso8601( const char * pDate,
                                          char * pDateISO8601,
                                          size_t dateISO8601Len );
 /* @[declare_sigV4_awsIotDateToIso8601_function] */
+
 #endif /* SIGV4_H_ */