aws · yourslab · Aug 15, 2021 · Aug 3, 2021 · Aug 4, 2021 · Aug 4, 2021
@@ -8,6 +8,18 @@ on:
   workflow_dispatch:
 
 jobs:
+  build-check-library:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clone This Repo
+        uses: actions/checkout@v2
+      - name: Build in Release Mode
+        run: |
+          cmake -S test -B build/ \
+          -G "Unix Makefiles" \
+          -DCMAKE_BUILD_TYPE=Debug \
+          -DCMAKE_C_FLAGS='-Wall -Wextra -Werror'
+          make -C build/ all
   unittest:
     runs-on: ubuntu-latest
     steps:
@@ -19,8 +31,8 @@ jobs:
           cmake -S test -B build/ \
           -G "Unix Makefiles" \
           -DCMAKE_BUILD_TYPE=Debug \
-          -DBUILD_CLONE_SUBMODULES=ON \
-          -DCMAKE_C_FLAGS='--coverage -Wall -Wextra -DNDEBUG'
+          -DBUILD_UNIT_TESTS=ON \
+          -DCMAKE_C_FLAGS='--coverage -Wall -Wextra -DNDEBUG -DLOGGING_LEVEL_DEBUG=1'
           make -C build/ all
       - name: Test
         run: |

@@ -59,7 +59,7 @@ To use CMake, please refer to the [sigV4FilePaths.cmake](https://github.com/aws/
 
 1. Go to the root directory of this repository.
 
-1. Run the *cmake* command: `cmake -S test -B build -DBUILD_CLONE_SUBMODULES=ON`.
+1. Run the *cmake* command: `cmake -S test -B build -DBUILD_UNIT_TESTS=ON`.
 
 1. Run this command to build the library and unit tests: `make -C build all`.
 

@@ -9,12 +9,12 @@
     </tr>
     <tr>
         <td>sigv4.c</td>
-        <td><center>4.8K</center></td>
+        <td><center>4.9K</center></td>
         <td><center>4.2K</center></td>
     </tr>
     <tr>
         <td><b>Total estimates</b></td>
-        <td><b><center>4.8K</center></b></td>
+        <td><b><center>4.9K</center></b></td>
         <td><b><center>4.2K</center></b></td>
     </tr>
 </table>
@@ -15,6 +15,7 @@ aws
 br
 bufferlen
 bufremaining
+bytesconsumed
 canonicalrequest
 canonicalurilen
 cbmc
@@ -26,6 +27,7 @@ configpagestyle
 const
 constness
 copydoc
+crypto
 css
 ctype
 currentparameter
@@ -35,62 +37,73 @@ datelen
 dd
 deconstructed
 defgroup
+doesn
 doubleencodeequals
 doxygen
 encodeslash
 encodetwice
 endif
 enums
 expirationlen
+failable
 feb
 formatchar
 formatlen
 gcc
+generatecanonicaluri
 github
 gmt
 gr
 hashblocklen
 hashdigestlen
 hashfinal
 hashinit
+hashtofail
 hashupdate
 headercount
 headerindex
 headerlen
 headersdatalen
 headerslen
 hexencoded
+hexstring
 hh
 hhmmss
 hmac
+hmacaddkey
 hmacdata
 hmacfinal
+hmacintermediate
 hmackey
 html
 http
 httpmethodlen
 https
 ietf
+ifdef
 ifndef
 inc
 ingroup
 inputlen
 iot
 ipad
+iskeyprefix
 iso
-itemsize
 isspace
+itemsize
 jan
 january
 keylen
 ksecret
 leninput
 lentoread
+lf
 linelen
 logdebug
 logerror
 loginfo
 logwarn
+longregionlen
 lv
 maclen
 mainpage
@@ -103,7 +116,9 @@ monthsperday
 noninfringement
 nullterminate
 numitems
+oom
 opad
+openssl
 ored
 org
 outputlen
@@ -155,7 +170,11 @@ ppayload
 pquery
 pqueryloc
 pre
+precanonical
+precanonicalized
+pregion
 pregion
+printf
 pseconditem
 psecondval
 psecretaccesskey
@@ -168,8 +187,8 @@ psigningkey
 ptestformatfailure
 puri
 pvalue
-quicksort
 querylen
+quicksort
 rande
 readloc
 regionlen
@@ -178,6 +197,7 @@ sdk
 sec
 secretaccesskey
 secretaccesskeylen
+secretkey
 securitytoken
 securitytokenlen
 sep
@@ -187,6 +207,7 @@ signaturelen
 signedheaders
 signedheaderslen
 signingkey
+sizeneededforcredentialscope
 sizeof
 snprintf
 ss
@@ -202,6 +223,7 @@ subfolder
 sublicense
 thu
 tm
+todo
 trimmable
 trimmedlen
 trimmedlength
@@ -215,7 +237,10 @@ url
 utc
 vallen
 valuelen
+writecanonicalqueryparameters
+writelinetocanonicalrequest
 xor
+xoring
 xy
 yyyy
-yyyymmdd
+yyyymmdd
@@ -185,7 +185,15 @@ typedef enum SigV4Status
      * Functions that may return this value:
      * - #SigV4_GenerateHTTPAuthorization
      */
-    SigV4HashError
+    SigV4HashError,
+
+    /**
+     * @brief HTTP headers parsed to the library are invalid.
+     *
+     * Functions that may return this value:
+     * - #SigV4_GenerateHTTPAuthorization
+     */
+    SigV4InvalidHttpHeaders
 } SigV4Status_t;
 
 /**
@@ -281,15 +289,21 @@ typedef struct SigV4HttpParameters
      * question mark character ("?") that begins any query string parameters
      * (e.g. "/path/to/item.txt"). If SIGV4_HTTP_PATH_IS_CANONICAL_FLAG is set,
      * then this input must already be in canonical form.
+     *
+     * @note If there exists no path for the HTTP request, then this can be
+     * NULL.
      */
     const char * pPath;
     size_t pathLen; /**< @brief Length of pPath. */
 
     /**
-     * @brief The HTTP request query from the URL. This contains all characters
-     * following the question mark character ("?") that denotes the start of the
-     * query. If SIGV4_HTTP_QUERY_IS_CANONICAL_FLAG is set, then this input
+     * @brief The HTTP request query from the URL, if it exists. This contains all
+     * characters following the question mark character ("?") that denotes the start
+     * of the query. If SIGV4_HTTP_QUERY_IS_CANONICAL_FLAG is set, then this input
      * must already be in canonical form.
+     *
+     * @note If the HTTP request does not contain query string, this can
+     * be NULL.
      */
     const char * pQuery;
     size_t queryLen; /**< @brief Length of pQuery. */
@@ -299,6 +313,9 @@ typedef struct SigV4HttpParameters
      * should be the raw headers in HTTP request format. If
      * SIGV4_HTTP_HEADERS_IS_CANONICAL_FLAG is set, then this input must
      * already be in canonical form.
+     *
+     * @note The headers data MUST NOT be empty. For HTTP/1.1 requests, it is
+     * required that the "host" header MUST be part of the SigV4 signature.
      */
     const char * pHeaders;
     size_t headersLen; /**< @brief Length of pHeaders. */
@@ -330,22 +347,6 @@ typedef struct SigV4Credentials
      */
     const char * pSecretAccessKey;
     size_t secretAccessKeyLen; /**< @brief Length of pSecretAccessKey. */
-
-    /**
-     * @brief The security token from AWS Security Token Service (AWS STS) is of
-     * varying length. This can be NULL if the access key id and secret access
-     * key were not retrieved from a temporary token service.
-     */
-    const char * pSecurityToken;
-    size_t securityTokenLen; /**< @brief Length of pSecurityToken. */
-
-    /**
-     * @brief The expiration time for the pAccessKeyId, pSecretAccessKey, and
-     * pSecurityToken if the credentials were retrieved from a temporary token
-     * service. This is in ISO8601 date and time format.
-     */
-    const char * pExpiration;
-    size_t expirationLen; /**< @brief Length of pExpiration. */
 } SigV4Credentials_t;
 
 /**

@@ -91,6 +91,9 @@
 #define LINEFEED_CHAR                          '\n'                                             /**< A linefeed character used to build the canonical request. */
 #define LINEFEED_CHAR_LEN                      1U                                               /**< The length of #LINEFEED_CHAR. */
 
+#define HTTP_REQUEST_LINE_ENDING               "\r\n"                                           /**< The string used in non-canonicalized HTTP headers to separate header entries in HTTP request. */
+#define HTTP_REQUEST_LINE_ENDING_LEN           ( sizeof( HTTP_REQUEST_LINE_ENDING ) - 1U )      /**< The length of #HTTP_REQUEST_LINE_ENDING. */
+
 #define SPACE_CHAR                             ' '                                              /**< A linefeed character used to build the Authorization header value. */
 #define SPACE_CHAR_LEN                         1U                                               /**< The length of #SPACE_CHAR. */
 
@@ -109,13 +112,16 @@
 #define AUTH_SIGNATURE_PREFIX                  "Signature="                                     /**< The prefix that goes before the signature in the Authorization header value. */
 #define AUTH_SIGNATURE_PREFIX_LEN              ( sizeof( AUTH_SIGNATURE_PREFIX ) - 1U )         /**< The length of #AUTH_SIGNATURE_PREFIX. */
 
+#define HMAC_INNER_PAD_BYTE                    ( 0x36U )                                        /**< The "ipad" byte used for generating the inner key in the HMAC calculation process. */
+#define HMAC_OUTER_PAD_BYTE                    ( 0x5CU )                                        /**< The "opad" byte used for generating the outer key in the HMAC calculation process. */
+
 /**
  * @brief A helper macro to print insufficient memory errors.
  */
-#define LOG_INSUFFICIENT_MEMORY_ERROR( purposeOfWrite, bytesExceeded )                       \
-    {                                                                                        \
-        LogError( ( "Insufficient memory provided to " purposeOfWrite ", bytesExceeded=%lu", \
-                    ( unsigned long ) ( bytesExceeded ) ) );                                 \
+#define LOG_INSUFFICIENT_MEMORY_ERROR( purposeOfWrite, bytesExceeded )                                                                             \
+    {                                                                                                                                              \
+        LogError( ( "Unable to " purposeOfWrite ": Insufficient memory configured in \"SIGV4_PROCESSING_BUFFER_LENGTH\" macro. BytesExceeded=%lu", \
+                    ( unsigned long ) ( bytesExceeded ) ) );                                                                                       \
     }
 
 /**