Support presigned URL signature "UNSIGNED-PAYLOAD" and expose EncodeURI #89
Conversation
|
Hello @giuspen, Thank you for raising the PR! We will be looking further into this issue as soon as we can, thank you for your patience! |
|
/bot run formatting |
|
I see that there are unit tests errors but that doesn't seem to be related to my change. |
|
@giuspen, Thanks for the PR. We will look into the unit test failures and update. |
source/sigv4.c
Outdated
| pBufCur + 1U, | ||
| &valueBytesWritten, | ||
| true, | ||
| false ); |
There was a problem hiding this comment.
The unit test test_SigV4_GenerateHTTPAuthorization_Happy_Paths is failing because of this change [line 2066]. Can you please update the tests to match the changes in your PR?
There was a problem hiding this comment.
Thanks for reviewing and apologies for missing that.
I completely forgot about this change so I excluded that my changes could ever cause a unit test failure.
I will review this now, maybe I'll propose a way to pass false here only with the flag SIGV4_HTTP_PAYLOAD_IS_UNSIGNED as to not upset other use cases.
|
I wanted to run the unit tests myself and possibly add one unit test myself to not waste your time and patience but the instructions in https://github.com/aws/SigV4-for-AWS-IoT-embedded-sdk/blob/main/README.md#building-unit-tests don't work for me, I get instead |
|
Can you try the following script to build and run the unit tests: |
|
Thanks @tony-josi-aws I could run the unit tests with your command, I did check that my implementation didn't fail existing unit tests and I also added a unit test to protect the presigned URL |
|
@giuspen, it seems that your changes have increased the memory consumption of the library a bit. It is causing the memory-statistics check to fail. Would you mind updating the size_table.md like so: --- docs/doxygen/include/size_table.md 2023-11-22 20:54:32.891598188 +0000
+++ size_table.html 2023-11-22 20:54:59.319864025 +0000
@@ -10,5 +10,5 @@
<tr>
<td>sigv4.c</td>
- <td><center>5.2K</center></td>
+ <td><center>5.3K</center></td>
<td><center>4.4K</center></td>
</tr>
@@ -20,5 +20,5 @@
<tr>
<td><b>Total estimates</b></td>
- <td><b><center>5.6K</center></b></td>
+ <td><b><center>5.7K</center></b></td>
<td><b><center>4.7K</center></b></td>
</tr>I shall look at the failing memory safety proofs in the meanwhile. thanks, |
|
sure thanks for reviewing @AniruddhaKanhere |
|
@giuspen, thanks for updating the code. I found the issue with memory safety proofs. We are using mocks to simplify and test implementation of functions. To that end, we have to define the stub of the function we intend to mock out. The mock of I think that should fix the failing check :) Thanks again, |
|
Thanks @AniruddhaKanhere , I noticed that in the same file that you pointed out there is also the stub for encodeURI() but that was renamed in my PR as it is now no longer private but exposed to the API. I wonder if I should remove that stub as no longer needed or rename it |
Ah! Yes, I overlooked that. Thank you for catching it. |
|
I suspect the stubs are just for private stuff while for the public API there's no need. I have removed completely the encodeURI() for now, would it be possible to try and run the CI and see how it behaves? |
|
If you are sure though I will restore and rename... let me know |
|
Those stubs work in a different way. I think we should rename them. Those stubs are there so that CBMC does not need to compute everything all at once. Because, if CBMC were to try and prove all the functions in the call graph to be memory safe, it would take exponentially long time and quite a bit more RAM. These stubs reduce the computation that the CBMC SAT solver has to do. Will keep an eye on the result though :) Thank you for making that change. |
|
Thanks @AniruddhaKanhere I'm going to restore and rename the encodeURI() stub |
|
Is there any chance that my work will be merged in? |
|
Hi @giuspen, could you help in fixing the failing CBMC proofs? |
|
Hi Tony, 100%, only thing it is not clear that CI error but maybe I can restore the private function name that I suspect the check is looking for and have the public function just call the private one. I'll give that a try this evening Europe time and push so we'll see if that makes the CI happy |
|
/bot run formatting |
|
I'm puzzled but I will try to run the test locally and possibly extract more info, the log of the error is not helping :( |
|
Hi @giuspen, Thanks for updating the PR. Could you please apply this attached patch and update the PR again? 0001-Fix-CBMC-proof-for-SigV4_GenerateHTTPAuthorization.patch |
|
Hi @tony-josi-aws thanks for the help, I applied your patch |
As discussed in aws/aws-iot-device-sdk-embedded-C#1887 I have made changes to an existing demo http_demo_s3_download to generate a presigned URL instead of directly downloading the file.
I'm planning, if the changes to the submodules are accepted, to then generate a new demo called http_demo_s3_presigned_url or something like that.
You can see/test my work at https://github.com/giuspen/aws-iot-device-sdk-embedded-C/tree/GP_http_demo_s3_download_test_signature (only generate presigned URL) or https://github.com/giuspen/aws-iot-device-sdk-embedded-C/tree/GP_http_demo_s3_download_test_signature2 (download and also generate presigned URL)
Exact same requirements of original demo http_demo_s3_download
By submitting this pull request, I confirm that my contribution is made under the terms of the MIT license.