SigV4_GenerateHTTPAuthorization Implementation

Update auto-generated .md files Add test and tool directories (aws#1) Adding test and tools directories, with CMock submodule. CI Actions (aws#2) Add header files + default configurations (aws#3) - Add files sigv4.h and sigv4_config_defaults.h - Add public-facing API elements detailed in design doc Format Date Header for ISO8601 Compliance (aws#4) Add optional utility function to format date header returned from AWS IoT (ex. in temp tokens) for compliance with the ISO8601 format required for authentication Add unit tests for SigV4_AwsIotDateToIso8601() (aws#8) Setup proof infrastructure for CBMC (aws#7) * Add Litani and templates for CBMC * Add sample proof * Implement CBMC proof for SigV4_AwsIotDateToIso8601 * Unwind all loops such that no unwinding errors occur Change submodule to use https rather than ssh for aws-templates-for-cbmc-proofs (aws#12) * CBMC fix test (do not merge) * Change AWS templates to https instead of ssh * Revert README Update README.md and LICENSE files (aws#14) Update README.md and LICENSE files before changing repo's visibility status (to public). Add remaining doxygen + link verification checks (aws#15) Add doxygen + link verifier checks (the library-specific doxygen content will be added in a separate PR for further review). [SigV4] CBMC proof for Sigv4_awsIotdatetoISO8601 API (aws#19) * Sigv4_AWSIOtDateToISO8601 CBMC PROOF * Unit test coverage changes Add release workflow (+ revert to previous license) (aws#18) change permissions of run_cbmc_proofs.py (aws#21) [Sigv4] Doxygen content updates (aws#22) * doxygen doc update * lexicon update Update proof tools (+disable submodule cloning by default) (aws#20) This commit advances Litani to release 1.10.0, and the starter kit to the tip-of-tree. This brings the following improvements: - Profiling - Litani measures the memory usage of the CBMC safety checking and coverage checking jobs - The dashboard includes box-and-whisker diagrams for memory use per proof - The dashboard includes a graph of how many parallel jobs are running over the whole run, making it easy to choose a CI machine with enough parallelism - It is now possible to designate particular proofs as "EXPENSIVE"; Litani runs expensive proofs serially, ensuring that they do not over-consume resources like RAM. - UI improvements - Each pipeline page includes a table of contents - Each pipeline page includes a dependency graph of the pipeline - Each job on the pipeline page has a hyperlink to that job - The terminal output is now less noisy SigV4_GenerateHTTPAuthorization() API Functionality (aws#16) * Squash of outdated aws#13 commits * Hold for checks * Add definitions for sorting structures * Include parsing functions * Fix old commit error * Missing asserts * (temporarily allow warnings) * Spell check + include partial context * More updates to lexicon+doxygen * Add asserts for private func. * Move access after asserts * Clarify pointer increment * Update postfix syntax for correct operator precedence * Feedback changes only * + remove accidental duplicate Implement credential scope Implement generate credential query Validation of parameter count Solution a bit overcomplicated Squash bugs and canonical query parameters should also be sorted by value Finish canonicalize query Fix canonical URI encoding Add hash helper function Add hmac implementation Add newline chars for canonical request Finish writing of canonical request Hex-encoded hash of canonical request matches Write string to sign Fix bug Refactor writeStringToSign for complexity Allow HMAC keys to be passed through separate function calls Add code for generating signing key Fix hmac bug Generate the final signature correctly Fix bug Fix newline not being written Merge Shivangi's code Stylistic changes Link OpenSSL to the test Add unit tests attaining branch coverage of 71% Integrate Shivangi's latest changes Output authBufLen when complete Update logic when headers are precanonicalized. Add additional parameter checks for block/digest len Add documentation Fix test case Get complexity <= 8 for private functions Reduce complexity Remove use of %zu Revert changes to test as it was added to another PR Uncrustify and add doxygen strings. Add docs Resolve doxygen errors and lexicon.txt Document all private functions Fix remaining doxygen errors Update lexicon.txt Remove duplicate declaration Remove assertions on pQuery being NULL Add log messages for insufficient memory errors Uncrustify
yourslab · Aug 6, 2021 · d393cea · d393cea
1 parent 243c323
commit d393cea
Show file tree

Hide file tree

Showing 6 changed files with 2,093 additions and 488 deletions.
diff --git a/docs/doxygen/pages.dox b/docs/doxygen/pages.dox
@@ -3,13 +3,16 @@
 @anchor sigv4
 @brief AWS Iot SigV4 Utility
 
+<<<<<<< HEAD
 <p>
 The AWS IoT SigV4 Library is a standalone utility for generating a signature and
 authorization header according to the specifications of the AWS Signature Version 4
 signing process. This utility is an optional addition to applications sending direct
 HTTP requests to AWS services requiring SigV4 authentication. The library is written in C and designed to be compliant with ISO C90 and MISRA C. It has proven safe memory use.
 </p>
 
+=======
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 @section sigv4_memory_requirements Memory Requirements
 @brief Memory requirements of the SigV4 Utility library.
 
@@ -23,6 +26,7 @@ HTTP requests to AWS services requiring SigV4 authentication. The library is wri
 All functions in the SigV4 library operate only on the buffers provided and use only
 local variables on the stack.
 </p>
+<<<<<<< HEAD
 
 <h3>Compliance & Coverage</h3>
 
@@ -32,6 +36,8 @@ All functions are written to have minimal complexity. Unit tests and CBMC proofs
 are written to cover every path of execution and achieve 100% branch coverage.
 </p>
 
+=======
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 */
 
 /**

diff --git a/lexicon.txt b/lexicon.txt
@@ -1,3 +1,4 @@
+<<<<<<< HEAD
 
 accesskeyid
 accesskeylen
@@ -9,24 +10,52 @@ api
 apr
 ascii
 authbuflen
+=======
+accesskeyid
+accesskeyidlen
+addtodate
+addtogroup
+aggregator
+algorithmlen
+amz
+apr
+ascii
+auth
+authbuflen
+authorizaton
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 aws
 br
 bufferlen
 bufremaining
 canonicalrequest
 canonicalurilen
+<<<<<<< HEAD
 cbmc
 chunked
 com
 config
 const
+=======
+chunked
+com
+config
+completehashandhexencode
+const
+constness
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 copydoc
 datalen
 datelen
 dd
 deconstructed
 defgroup
+<<<<<<< HEAD
 encodeonce
+=======
+doubleencodeequals
+encodetwice
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 encodeslash
 endif
 enums
@@ -37,17 +66,31 @@ formatlen
 github
 gmt
 gr
+<<<<<<< HEAD
+=======
+hashblocklen
+hashdigestlen
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 hashfinal
 hashinit
 hashupdate
 headercount
 headerindex
 headerlen
+<<<<<<< HEAD
 headersdatalen
+=======
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 headerslen
 hh
 hhmmss
 hmac
+<<<<<<< HEAD
+=======
+hmacdata
+hmacfinal
+hmackey
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 html
 http
 httpmethodlen
@@ -57,13 +100,27 @@ ifndef
 inc
 ingroup
 inputlen
+<<<<<<< HEAD
+=======
+ipad
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 iot
 iso
 jan
 january
+<<<<<<< HEAD
+leninput
+lentoread
+lv
+=======
+keylen
+ksecret
 leninput
 lentoread
+linelen
 lv
+maclen
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 mainpage
 min
 misra
@@ -72,20 +129,41 @@ mon
 monthsperday
 noninfringement
 nullterminate
+<<<<<<< HEAD
+=======
+opad
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 ored
 org
 outputlen
 paccesskeyid
+<<<<<<< HEAD
 param
 pathlen
 pauthbuf
+=======
+palgorithm
+param
+pathlen
+pauthbuf
+pauthprefixlen
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 payloadlen
 pbufcur
 pbuffer
 pbufloc
 pbufprocessing
+<<<<<<< HEAD
+pcanonicaluri
+pcredscope
+=======
+pbufstart
+pbytesremaining
+pcanonicalcontext
 pcanonicaluri
 pcredscope
+pcryptointerface
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 pdata
 pdate
 pdateelements
@@ -96,13 +174,27 @@ phashcontext
 pheaders
 pheadersloc
 phexoutput
+<<<<<<< HEAD
 phttpmethod
 pinput
 pinputstr
+=======
+phmaccontext
+phttpmethod
+pinput
+pinputstr
+pkey
+pline
+pmac
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 posix
 poutput
 poutputexpected
 poutputleapexpected
+<<<<<<< HEAD
+=======
+poutputlen
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 pparams
 ppath
 ppayload
@@ -114,6 +206,12 @@ psecretaccesskey
 psecuritytoken
 pservice
 psignature
+<<<<<<< HEAD
+=======
+psignedheaders
+psignedheaderslen
+psigningkey
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 ptestformatfailure
 puri
 qsort
@@ -122,6 +220,11 @@ rande
 readloc
 regionlen
 rfc
+<<<<<<< HEAD
+=======
+trimmedlen
+trimmedlength
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 sdk
 sec
 secretaccesskey
@@ -132,21 +235,37 @@ sep
 servicelen
 sha
 signaturelen
+<<<<<<< HEAD
+=======
+signedheaders
+signedheaderslen
+signingkey
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 sizeof
 snprintf
 ss
 sscanf
+<<<<<<< HEAD
 standalone
 strftime
+=======
+strftime
+stringtosign
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 struct
 structs
 sts
 subfolder
 sublicense
 thu
+<<<<<<< HEAD
 trimmable
 trimmedlength
 tm
+=======
+tm
+trimmedlen
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 tue
 txt
 un
@@ -155,5 +274,10 @@ urilen
 url
 utc
 vallen
+<<<<<<< HEAD
+=======
+xor
+xy
+>>>>>>> bf7559c (SigV4_GenerateHTTPAuthorization Implementation)
 yyyy
 yyyymmdd