From fc9269f362d2c19ff1e9f28205ab076b2175a5b2 Mon Sep 17 00:00:00 2001 From: Joakim Olsson Date: Fri, 2 Aug 2019 10:27:54 +0200 Subject: [PATCH] Change SHA-implementation and make sure signature is correctly generated --- .gitlab-ci.yml | 2 +- Dockerfile | 4 +- deployment_files/deploy.yaml | 4 + hmac.lua | 133 +++++++ nginx.conf | 34 +- sha2.lua | 242 ++++++++++++ sha256.lua | 745 ----------------------------------- sign.lua | 37 +- start.sh | 2 + test.lua | 40 +- 10 files changed, 436 insertions(+), 807 deletions(-) create mode 100644 hmac.lua create mode 100644 sha2.lua delete mode 100644 sha256.lua diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4547a70..22c1ef7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -10,7 +10,7 @@ image: registry.gitlab.com/sparetimecoders/build-tools:master build: stage: build services: - - docker:dind + - docker:18.06-dind script: - build - push diff --git a/Dockerfile b/Dockerfile index f526e45..946c16c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM ubuntu # Install prerequisites for Nginx compile RUN apt-get update && \ - apt-get install -y wget tar gcc libpcre3-dev zlib1g-dev make libssl-dev liblua5.1-0 libluajit-5.1-dev curl jq + apt-get install -y wget tar gcc libpcre3-dev zlib1g-dev make libssl-dev liblua5.1-0 lua-bit32 libluajit-5.1-dev curl jq # Download Nginx WORKDIR /tmp @@ -56,7 +56,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ # Apply Nginx config ADD nginx.conf /etc/nginx/nginx.conf -ADD sign.lua sha256.lua /tmp/lua/ +ADD sign.lua hmac.lua sha2.lua /tmp/lua/ ADD start.sh /start.sh # Set default command diff --git a/deployment_files/deploy.yaml b/deployment_files/deploy.yaml index 7c47b9b..e0d0137 100644 --- a/deployment_files/deploy.yaml +++ b/deployment_files/deploy.yaml @@ -52,6 +52,10 @@ spec: env: - name: S3_BUCKET_NAME value: upload.unbound.se + - name: AWS_REGION + value: eu-west-1 + - name: RETURN_URL + value: uploads.unbound.se ports: - containerPort: 80 diff --git a/hmac.lua b/hmac.lua new file mode 100644 index 0000000..77e1ece --- /dev/null +++ b/hmac.lua @@ -0,0 +1,133 @@ +local _M = {} + +_M.to_bin = function (str) + local data = '' + str:lower():gsub('([a-z0-9])([a-z0-9])', function (d1, d2) + d1 = _M.hexdigit2int(d1) + d2 = _M.hexdigit2int(d2) + data = (data .. string.char(d1 * 16 + d2)) + end) + return data +end +_M.to_hex = function (str) + local data = '' + for i=1,#str,1 do + data = (data .. ("%02x"):format(str:byte(i))) + end + return data +end + +_M.hexdigit2int = function (ch) + local b = ch:byte() + if b >= ('a'):byte() then + return 10 + (b - ('a'):byte()) + elseif b >= ('0'):byte() then + return b - ('0'):byte() + else + _M.assert(false) + end +end + +_M.b64 = (function () + -- character table string + local b='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' + -- encoding + local function enc(data) + return ((data:gsub('.', function(x) + local r,b='',x:byte() + for i=8,1,-1 do r=r..(b%2^i-b%2^(i-1)>0 and '1' or '0') end + return r; + end)..'0000'):gsub('%d%d%d?%d?%d?%d?', function(x) + if (#x < 6) then return '' end + local c=0 + for i=1,6 do c=c+(x:sub(i,i)=='1' and 2^(6-i) or 0) end + return b:sub(c+1,c+1) + end)..({ '', '==', '=' })[#data%3+1]) + end + + -- decoding + local function dec(data) + data = string.gsub(data, '[^'..b..'=]', '') + return (data:gsub('.', function(x) + if (x == '=') then return '' end + local r,f='',(b:find(x)-1) + for i=6,1,-1 do r=r..(f%2^i-f%2^(i-1)>0 and '1' or '0') end + return r; + end):gsub('%d%d%d?%d?%d?%d?%d?%d?', function(x) + if (#x ~= 8) then return '' end + local c=0 + for i=1,8 do c=c+(x:sub(i,i)=='1' and 2^(8-i) or 0) end + return string.char(c) + end)) + end + return { + encode = enc, + decode = dec, + } +end)() + +_M.sha2 = require("sha2") + +_M.hmac = (function () + --local hmac = require 'hmac' + local sha2 = _M.sha2 + + -- these hmac-ize routine is from https://github.com/bjc/prosody/blob/master/util/hmac.lua. + -- thanks! + local s_char = string.char; + local s_gsub = string.gsub; + local s_rep = string.rep; + local xor_map = {0;1;2;3;4;5;6;7;8;9;10;11;12;13;14;15;1;0;3;2;5;4;7;6;9;8;11;10;13;12;15;14;2;3;0;1;6;7;4;5;10;11;8;9;14;15;12;13;3;2;1;0;7;6;5;4;11;10;9;8;15;14;13;12;4;5;6;7;0;1;2;3;12;13;14;15;8;9;10;11;5;4;7;6;1;0;3;2;13;12;15;14;9;8;11;10;6;7;4;5;2;3;0;1;14;15;12;13;10;11;8;9;7;6;5;4;3;2;1;0;15;14;13;12;11;10;9;8;8;9;10;11;12;13;14;15;0;1;2;3;4;5;6;7;9;8;11;10;13;12;15;14;1;0;3;2;5;4;7;6;10;11;8;9;14;15;12;13;2;3;0;1;6;7;4;5;11;10;9;8;15;14;13;12;3;2;1;0;7;6;5;4;12;13;14;15;8;9;10;11;4;5;6;7;0;1;2;3;13;12;15;14;9;8;11;10;5;4;7;6;1;0;3;2;14;15;12;13;10;11;8;9;6;7;4;5;2;3;0;1;15;14;13;12;11;10;9;8;7;6;5;4;3;2;1;0;}; + local function xor(x, y) + local lowx, lowy = x % 16, y % 16; + local hix, hiy = (x - lowx) / 16, (y - lowy) / 16; + local lowr, hir = xor_map[lowx * 16 + lowy + 1], xor_map[hix * 16 + hiy + 1]; + local r = hir * 16 + lowr; + return r; + end + local opadc, ipadc = s_char(0x5c), s_char(0x36); + local ipad_map = {}; + local opad_map = {}; + for i=0,255 do + ipad_map[s_char(i)] = s_char(xor(0x36, i)); + opad_map[s_char(i)] = s_char(xor(0x5c, i)); + end + local function hmac(key, message, hash, blocksize) + if #key > blocksize then + key = hash(key) + end + + local padding = blocksize - #key; + local ipad = s_gsub(key, ".", ipad_map)..s_rep(ipadc, padding); + local opad = s_gsub(key, ".", opad_map)..s_rep(opadc, padding); + + return hash(opad..hash(ipad..message)) + end + local sha256 = function (data) + local text = sha2.hash256(data) + return _M.to_bin(text) + end + local digest_routines = { + hex = _M.to_hex, + base64 = _M.b64.encode + } + local hmac_sha256 = function (key, data, digest) + local bin = hmac(key, data, sha256, 64) + -- print(_M.to_hex(bin)) + --local bin = _M.to_bin("8BDD6729CE0F580B7424921D5F0CFD1F1642243762CBA71FFCC8FABCFC72608B") + return digest_routines[digest] and digest_routines[digest](bin) or bin + end + + local hmac_sha1 = function (key, data, digest) + local bin = sha1.sha1_bin(key, data) + return digest_routines[digest] and digest_routines[digest](bin) or bin + end + + _M.hmac_by = { + sha256 = hmac_sha256, + sha1 = hmac_sha1, + } + return hmac_sha256 +end)() + +return _M diff --git a/nginx.conf b/nginx.conf index 04fe458..0dd731a 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,6 +1,8 @@ env AWS_ACCESS_KEY_ID; env AWS_SECRET_ACCESS_KEY; env S3_BUCKET_NAME; +env AWS_REGION; +env RETURN_URL; worker_processes 1; @@ -11,10 +13,15 @@ events { http { lua_load_resty_core off; lua_package_path "/tmp/lua-resty-core/lib/?.lua;/tmp/lua/?.lua;;"; - client_max_body_size 100m; + lua_package_cpath '/usr/lib/x86_64-linux-gnu/lua/5.1/?.so;;'; + + proxy_max_temp_file_size 0; + proxy_buffering off; + server_names_hash_bucket_size 256; client_body_buffer_size 128k; proxy_buffer_size 32k; proxy_buffers 4 32k; + lua_need_request_body on; lua_socket_buffer_size 128k; @@ -47,34 +54,37 @@ http { set_secure_random_alphanum $prefix 64; set_sha1 $prefixsha $prefix; set_by_lua $time "os.time()"; + set_by_lua $timestamp "return os.date('%Y%m%dT%H%M%SZ', tonumber(ngx.var.time))"; set_by_lua $date "return os.date('%a, %d %b %Y %H:%M:%S GMT', tonumber(ngx.var.time))"; set_by_lua $day "return os.date('%Y%m%d', tonumber(ngx.var.time))"; set_sha1 $datesha $date; set $key $prefixsha$datesha; set_by_lua $bucket "return os.getenv('S3_BUCKET_NAME')"; - set $url https://$bucket.s3-eu-west-1.amazonaws.com/$day/$key; - set $returnurl https://uploads.paidit.se/$day/$key; + set_by_lua $baseurl "return os.getenv('RETURN_URL')"; + set_by_lua $region "return os.getenv('AWS_REGION')"; + set $phost $bucket.s3-$region.amazonaws.com; + set $ppath /$day/$key; + set $url https://$phost$ppath; + set $returnurl https://$baseurl$ppath; set $acl public-read; set $contentSha256 ""; + set $authorization ""; access_by_lua_block { - local sha256 = require("sha256") + local sha2 = require("sha2") ngx.req.read_body() local body = ngx.req.get_body_data() - local contentSha256 = sha256.sha256(body) + local contentSha256 = sha2.hash256(body) ngx.var.contentSha256 = contentSha256 - } - - set_by_lua_block $authorization { local sign = require("sign") - local headers = {["x-amz-acl"] = ngx.var.acl, ["x-amz-date"] = ngx.var.date, ["host"] = "upload.unbound.se.s3-eu-west-1.amazonaws.com"} - local region = "eu-west-1" - return sign.sign(os.getenv("AWS_ACCESS_KEY_ID"), os.getenv("AWS_SECRET_ACCESS_KEY"), os.time(), "upload.unbound.se", ngx.var.request_uri, headers, ngx.var.contentSha256, region) + local headers = {["x-amz-acl"] = ngx.var.acl, ["x-amz-date"] = ngx.var.timestamp, ["x-amz-content-sha256"] = ngx.var.contentSha256, ["date"] = ngx.var.date, ["host"] = ngx.var.phost } + ngx.var.authorization = sign.sign(os.getenv("AWS_ACCESS_KEY_ID"), os.getenv("AWS_SECRET_ACCESS_KEY"), os.time(), ngx.var.ppath, headers, ngx.var.region) } proxy_set_header date $date; + proxy_set_header host $phost; proxy_set_header x-amz-acl $acl; - proxy_set_header x-amz-date $date; + proxy_set_header x-amz-date $timestamp; proxy_set_header x-amz-content-sha256 $contentSha256; proxy_set_header Authorization $authorization; proxy_hide_header x-amz-id-2; diff --git a/sha2.lua b/sha2.lua new file mode 100644 index 0000000..1c374c9 --- /dev/null +++ b/sha2.lua @@ -0,0 +1,242 @@ +-- SHA-256 code in Lua 5.2; based on the pseudo-code from +-- Wikipedia (http://en.wikipedia.org/wiki/SHA-2) + +local bit32 = require("bit32") + +local band, rrotate, bxor, rshift, bnot = +bit32.band, bit32.rrotate, bit32.bxor, bit32.rshift, bit32.bnot + +local string, setmetatable, assert = string, setmetatable, assert + +_ENV = nil + +-- Initialize table of round constants +-- (first 32 bits of the fractional parts of the cube roots of the first +-- 64 primes 2..311): +local k = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2, +} + + +-- transform a string of bytes in a string of hexadecimal digits +local function str2hexa (s) + local h = string.gsub(s, ".", function(c) + return string.format("%02x", string.byte(c)) + end) + return h +end + + +-- transform number 'l' in a big-endian sequence of 'n' bytes +-- (coded as a string) +local function num2s (l, n) + local s = "" + for i = 1, n do + local rem = l % 256 + s = string.char(rem) .. s + l = (l - rem) / 256 + end + return s +end + +-- transform the big-endian sequence of four bytes starting at +-- index 'i' in 's' into a number +local function s232num (s, i) + local n = 0 + for i = i, i + 3 do + n = n*256 + string.byte(s, i) + end + return n +end + + +-- append the bit '1' to the message +-- append k bits '0', where k is the minimum number >= 0 such that the +-- resulting message length (in bits) is congruent to 448 (mod 512) +-- append length of message (before pre-processing), in bits, as 64-bit +-- big-endian integer +local function preproc (msg, len) + local extra = -(len + 1 + 8) % 64 + len = num2s(8 * len, 8) -- original len in bits, coded + msg = msg .. "\128" .. string.rep("\0", extra) .. len + assert(#msg % 64 == 0) + return msg +end + + +local function initH224 (H) + -- (second 32 bits of the fractional parts of the square roots of the + -- 9th through 16th primes 23..53) + H[1] = 0xc1059ed8 + H[2] = 0x367cd507 + H[3] = 0x3070dd17 + H[4] = 0xf70e5939 + H[5] = 0xffc00b31 + H[6] = 0x68581511 + H[7] = 0x64f98fa7 + H[8] = 0xbefa4fa4 + return H +end + + +local function initH256 (H) + -- (first 32 bits of the fractional parts of the square roots of the + -- first 8 primes 2..19): + H[1] = 0x6a09e667 + H[2] = 0xbb67ae85 + H[3] = 0x3c6ef372 + H[4] = 0xa54ff53a + H[5] = 0x510e527f + H[6] = 0x9b05688c + H[7] = 0x1f83d9ab + H[8] = 0x5be0cd19 + return H +end + + +local function digestblock (msg, i, H) + + -- break chunk into sixteen 32-bit big-endian words w[1..16] + local w = {} + for j = 1, 16 do + w[j] = s232num(msg, i + (j - 1)*4) + end + + -- Extend the sixteen 32-bit words into sixty-four 32-bit words: + for j = 17, 64 do + local v = w[j - 15] + local s0 = bxor(rrotate(v, 7), rrotate(v, 18), rshift(v, 3)) + v = w[j - 2] + local s1 = bxor(rrotate(v, 17), rrotate(v, 19), rshift(v, 10)) + w[j] = w[j - 16] + s0 + w[j - 7] + s1 + end + + -- Initialize hash value for this chunk: + local a, b, c, d, e, f, g, h = + H[1], H[2], H[3], H[4], H[5], H[6], H[7], H[8] + + -- Main loop: + for i = 1, 64 do + local s0 = bxor(rrotate(a, 2), rrotate(a, 13), rrotate(a, 22)) + local maj = bxor(band(a, b), band(a, c), band(b, c)) + local t2 = s0 + maj + local s1 = bxor(rrotate(e, 6), rrotate(e, 11), rrotate(e, 25)) + local ch = bxor (band(e, f), band(bnot(e), g)) + local t1 = h + s1 + ch + k[i] + w[i] + + h = g + g = f + f = e + e = d + t1 + d = c + c = b + b = a + a = t1 + t2 + end + + -- Add (mod 2^32) this chunk's hash to result so far: + H[1] = band(H[1] + a) + H[2] = band(H[2] + b) + H[3] = band(H[3] + c) + H[4] = band(H[4] + d) + H[5] = band(H[5] + e) + H[6] = band(H[6] + f) + H[7] = band(H[7] + g) + H[8] = band(H[8] + h) + +end + + +local function finalresult224 (H) + -- Produce the final hash value (big-endian): + return + str2hexa(num2s(H[1], 4)..num2s(H[2], 4)..num2s(H[3], 4)..num2s(H[4], 4).. + num2s(H[5], 4)..num2s(H[6], 4)..num2s(H[7], 4)) +end + + +local function finalresult256 (H) + -- Produce the final hash value (big-endian): + return + str2hexa(num2s(H[1], 4)..num2s(H[2], 4)..num2s(H[3], 4)..num2s(H[4], 4).. + num2s(H[5], 4)..num2s(H[6], 4)..num2s(H[7], 4)..num2s(H[8], 4)) +end + + +---------------------------------------------------------------------- +local HH = {} -- to reuse + +local function hash224 (msg) + msg = preproc(msg, #msg) + local H = initH224(HH) + + -- Process the message in successive 512-bit (64 bytes) chunks: + for i = 1, #msg, 64 do + digestblock(msg, i, H) + end + + return finalresult224(H) +end + + +local function hash256 (msg) + msg = preproc(msg, #msg) + local H = initH256(HH) + + -- Process the message in successive 512-bit (64 bytes) chunks: + for i = 1, #msg, 64 do + digestblock(msg, i, H) + end + + return finalresult256(H) +end +---------------------------------------------------------------------- +local mt = {} + +local function new256 () + local o = {H = initH256({}), msg = "", len = 0} + setmetatable(o, mt) + return o +end + +mt.__index = mt + +function mt:add (m) + self.msg = self.msg .. m + self.len = self.len + #m + local t = 0 + while #self.msg - t >= 64 do + digestblock(self.msg, t + 1, self.H) + t = t + 64 + end + self.msg = self.msg:sub(t + 1, -1) +end + + +function mt:close () + self.msg = preproc(self.msg, self.len) + self:add("") + return finalresult256(self.H) +end +---------------------------------------------------------------------- + +return { + hash224 = hash224, + hash256 = hash256, + new256 = new256, +} diff --git a/sha256.lua b/sha256.lua deleted file mode 100644 index 50fbc3a..0000000 --- a/sha256.lua +++ /dev/null @@ -1,745 +0,0 @@ --- --- SHA-256 secure hash computation, and HMAC-SHA256 signature computation --- --- Copyright 2017 Jqqqi --- -local sha256 = { } - -local MOD = 2 ^ 32 -local MODM = MOD - 1 - -local function memoize(f) - local mt = { } - local t = setmetatable( { }, mt) - function mt:__index(k) - local v = f(k) - t[k] = v - return v - end - return t -end - -local function make_bitop_uncached(t, m) - local function bitop(a, b) - local res, p = 0, 1 - while a ~= 0 and b ~= 0 do - local am, bm = a % m, b % m - res = res + t[am][bm] * p - a =(a - am) / m - b =(b - bm) / m - p = p * m - end - res = res +(a + b) * p - return res - end - return bitop -end - -local function make_bitop(t) - local op1 = make_bitop_uncached(t, 2 ^ 1) - local op2 = memoize( function(a) return memoize( function(b) return op1(a, b) end) end) - return make_bitop_uncached(op2, 2 ^(t.n or 1)) -end - -local bxor1 = make_bitop( { [0] = { [0] = 0, [1] = 1 }, [1] = { [0] = 1, [1] = 0 }, n = 4 }) - -local function bxor(a, b, c, ...) - local z = nil - if b then - a = a % MOD - b = b % MOD - z = bxor1(a, b) - if c then z = bxor(z, c, ...) end - return z - elseif a then - return a % MOD - else - return 0 - end -end - -local function band(a, b, c, ...) - local z - if b then - a = a % MOD - b = b % MOD - z =((a + b) - bxor1(a, b)) / 2 - if c then z = bit32_band(z, c, ...) end - return z - elseif a then - return a % MOD - else - return MODM - end -end - -local function bnot(x) return(-1 - x) % MOD end - -local function rshift1(a, disp) - if disp < 0 then return lshift(a, - disp) end - return math.floor(a % 2 ^ 32 / 2 ^ disp) -end - -local function rshift(x, disp) - if disp > 31 or disp < -31 then return 0 end - return rshift1(x % MOD, disp) -end - -local function lshift(a, disp) - if disp < 0 then return rshift(a, - disp) end - return(a * 2 ^ disp) % 2 ^ 32 -end - -local function rrotate(x, disp) - x = x % MOD - disp = disp % 32 - local low = band(x, 2 ^ disp - 1) - return rshift(x, disp) + lshift(low, 32 - disp) -end - -local k = { - 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5, - 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5, - 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3, - 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174, - 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc, - 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da, - 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7, - 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967, - 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13, - 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85, - 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3, - 0xd192e819,0xd6990624,0xf40e3585,0x106aa070, - 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5, - 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3, - 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208, - 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2, -} - -local function str2hexa(s) - return(string.gsub(s, ".", function(c) return string.format("%02x", string.byte(c)) end)) -end - -local function num2s(l, n) - local s = "" - for i = 1, n do - local rem = l % 256 - s = string.char(rem) .. s - l =(l - rem) / 256 - end - return s -end - -local function s232num(s, i) - local n = 0 - for i = i, i + 3 do n = n * 256 + string.byte(s, i) end - return n -end - -local function preproc(msg, len) - local extra = 64 -((len + 9) % 64) - len = num2s(8 * len, 8) - msg = msg .. "\128" .. string.rep("\0", extra) .. len - assert(#msg % 64 == 0) - return msg -end - -local function initH256(H) - H[1] = 0x6a09e667 - H[2] = 0xbb67ae85 - H[3] = 0x3c6ef372 - H[4] = 0xa54ff53a - H[5] = 0x510e527f - H[6] = 0x9b05688c - H[7] = 0x1f83d9ab - H[8] = 0x5be0cd19 - return H -end - -local function digestblock(msg, i, H) - local w = { } - for j = 1, 16 do w[j] = s232num(msg, i +(j - 1) * 4) end - for j = 17, 64 do - local v = w[j - 15] - local s0 = bxor(rrotate(v, 7), rrotate(v, 18), rshift(v, 3)) - v = w[j - 2] - w[j] = w[j - 16] + s0 + w[j - 7] + bxor(rrotate(v, 17), rrotate(v, 19), rshift(v, 10)) - end - - local a, b, c, d, e, f, g, h = H[1], H[2], H[3], H[4], H[5], H[6], H[7], H[8] - for i = 1, 64 do - local s0 = bxor(rrotate(a, 2), rrotate(a, 13), rrotate(a, 22)) - local maj = bxor(band(a, b), band(a, c), band(b, c)) - local t2 = s0 + maj - local s1 = bxor(rrotate(e, 6), rrotate(e, 11), rrotate(e, 25)) - local ch = bxor(band(e, f), band(bnot(e), g)) - local t1 = h + s1 + ch + k[i] + w[i] - h, g, f, e, d, c, b, a = g, f, e, d + t1, c, b, a, t1 + t2 - end - - H[1] = band(H[1] + a) - H[2] = band(H[2] + b) - H[3] = band(H[3] + c) - H[4] = band(H[4] + d) - H[5] = band(H[5] + e) - H[6] = band(H[6] + f) - H[7] = band(H[7] + g) - H[8] = band(H[8] + h) -end - -local function hex_to_binary(hex) - return hex:gsub('..', function(hexval) - return string.char(tonumber(hexval, 16)) - end ) -end - -local blocksize = 64 -- 512 bits - -local xor_with_0x5c = { - [string.char(0)] = string.char(92), - [string.char(1)] = string.char(93), - [string.char(2)] = string.char(94), - [string.char(3)] = string.char(95), - [string.char(4)] = string.char(88), - [string.char(5)] = string.char(89), - [string.char(6)] = string.char(90), - [string.char(7)] = string.char(91), - [string.char(8)] = string.char(84), - [string.char(9)] = string.char(85), - [string.char(10)] = string.char(86), - [string.char(11)] = string.char(87), - [string.char(12)] = string.char(80), - [string.char(13)] = string.char(81), - [string.char(14)] = string.char(82), - [string.char(15)] = string.char(83), - [string.char(16)] = string.char(76), - [string.char(17)] = string.char(77), - [string.char(18)] = string.char(78), - [string.char(19)] = string.char(79), - [string.char(20)] = string.char(72), - [string.char(21)] = string.char(73), - [string.char(22)] = string.char(74), - [string.char(23)] = string.char(75), - [string.char(24)] = string.char(68), - [string.char(25)] = string.char(69), - [string.char(26)] = string.char(70), - [string.char(27)] = string.char(71), - [string.char(28)] = string.char(64), - [string.char(29)] = string.char(65), - [string.char(30)] = string.char(66), - [string.char(31)] = string.char(67), - [string.char(32)] = string.char(124), - [string.char(33)] = string.char(125), - [string.char(34)] = string.char(126), - [string.char(35)] = string.char(127), - [string.char(36)] = string.char(120), - [string.char(37)] = string.char(121), - [string.char(38)] = string.char(122), - [string.char(39)] = string.char(123), - [string.char(40)] = string.char(116), - [string.char(41)] = string.char(117), - [string.char(42)] = string.char(118), - [string.char(43)] = string.char(119), - [string.char(44)] = string.char(112), - [string.char(45)] = string.char(113), - [string.char(46)] = string.char(114), - [string.char(47)] = string.char(115), - [string.char(48)] = string.char(108), - [string.char(49)] = string.char(109), - [string.char(50)] = string.char(110), - [string.char(51)] = string.char(111), - [string.char(52)] = string.char(104), - [string.char(53)] = string.char(105), - [string.char(54)] = string.char(106), - [string.char(55)] = string.char(107), - [string.char(56)] = string.char(100), - [string.char(57)] = string.char(101), - [string.char(58)] = string.char(102), - [string.char(59)] = string.char(103), - [string.char(60)] = string.char(96), - [string.char(61)] = string.char(97), - [string.char(62)] = string.char(98), - [string.char(63)] = string.char(99), - [string.char(64)] = string.char(28), - [string.char(65)] = string.char(29), - [string.char(66)] = string.char(30), - [string.char(67)] = string.char(31), - [string.char(68)] = string.char(24), - [string.char(69)] = string.char(25), - [string.char(70)] = string.char(26), - [string.char(71)] = string.char(27), - [string.char(72)] = string.char(20), - [string.char(73)] = string.char(21), - [string.char(74)] = string.char(22), - [string.char(75)] = string.char(23), - [string.char(76)] = string.char(16), - [string.char(77)] = string.char(17), - [string.char(78)] = string.char(18), - [string.char(79)] = string.char(19), - [string.char(80)] = string.char(12), - [string.char(81)] = string.char(13), - [string.char(82)] = string.char(14), - [string.char(83)] = string.char(15), - [string.char(84)] = string.char(8), - [string.char(85)] = string.char(9), - [string.char(86)] = string.char(10), - [string.char(87)] = string.char(11), - [string.char(88)] = string.char(4), - [string.char(89)] = string.char(5), - [string.char(90)] = string.char(6), - [string.char(91)] = string.char(7), - [string.char(92)] = string.char(0), - [string.char(93)] = string.char(1), - [string.char(94)] = string.char(2), - [string.char(95)] = string.char(3), - [string.char(96)] = string.char(60), - [string.char(97)] = string.char(61), - [string.char(98)] = string.char(62), - [string.char(99)] = string.char(63), - [string.char(100)] = string.char(56), - [string.char(101)] = string.char(57), - [string.char(102)] = string.char(58), - [string.char(103)] = string.char(59), - [string.char(104)] = string.char(52), - [string.char(105)] = string.char(53), - [string.char(106)] = string.char(54), - [string.char(107)] = string.char(55), - [string.char(108)] = string.char(48), - [string.char(109)] = string.char(49), - [string.char(110)] = string.char(50), - [string.char(111)] = string.char(51), - [string.char(112)] = string.char(44), - [string.char(113)] = string.char(45), - [string.char(114)] = string.char(46), - [string.char(115)] = string.char(47), - [string.char(116)] = string.char(40), - [string.char(117)] = string.char(41), - [string.char(118)] = string.char(42), - [string.char(119)] = string.char(43), - [string.char(120)] = string.char(36), - [string.char(121)] = string.char(37), - [string.char(122)] = string.char(38), - [string.char(123)] = string.char(39), - [string.char(124)] = string.char(32), - [string.char(125)] = string.char(33), - [string.char(126)] = string.char(34), - [string.char(127)] = string.char(35), - [string.char(128)] = string.char(220), - [string.char(129)] = string.char(221), - [string.char(130)] = string.char(222), - [string.char(131)] = string.char(223), - [string.char(132)] = string.char(216), - [string.char(133)] = string.char(217), - [string.char(134)] = string.char(218), - [string.char(135)] = string.char(219), - [string.char(136)] = string.char(212), - [string.char(137)] = string.char(213), - [string.char(138)] = string.char(214), - [string.char(139)] = string.char(215), - [string.char(140)] = string.char(208), - [string.char(141)] = string.char(209), - [string.char(142)] = string.char(210), - [string.char(143)] = string.char(211), - [string.char(144)] = string.char(204), - [string.char(145)] = string.char(205), - [string.char(146)] = string.char(206), - [string.char(147)] = string.char(207), - [string.char(148)] = string.char(200), - [string.char(149)] = string.char(201), - [string.char(150)] = string.char(202), - [string.char(151)] = string.char(203), - [string.char(152)] = string.char(196), - [string.char(153)] = string.char(197), - [string.char(154)] = string.char(198), - [string.char(155)] = string.char(199), - [string.char(156)] = string.char(192), - [string.char(157)] = string.char(193), - [string.char(158)] = string.char(194), - [string.char(159)] = string.char(195), - [string.char(160)] = string.char(252), - [string.char(161)] = string.char(253), - [string.char(162)] = string.char(254), - [string.char(163)] = string.char(255), - [string.char(164)] = string.char(248), - [string.char(165)] = string.char(249), - [string.char(166)] = string.char(250), - [string.char(167)] = string.char(251), - [string.char(168)] = string.char(244), - [string.char(169)] = string.char(245), - [string.char(170)] = string.char(246), - [string.char(171)] = string.char(247), - [string.char(172)] = string.char(240), - [string.char(173)] = string.char(241), - [string.char(174)] = string.char(242), - [string.char(175)] = string.char(243), - [string.char(176)] = string.char(236), - [string.char(177)] = string.char(237), - [string.char(178)] = string.char(238), - [string.char(179)] = string.char(239), - [string.char(180)] = string.char(232), - [string.char(181)] = string.char(233), - [string.char(182)] = string.char(234), - [string.char(183)] = string.char(235), - [string.char(184)] = string.char(228), - [string.char(185)] = string.char(229), - [string.char(186)] = string.char(230), - [string.char(187)] = string.char(231), - [string.char(188)] = string.char(224), - [string.char(189)] = string.char(225), - [string.char(190)] = string.char(226), - [string.char(191)] = string.char(227), - [string.char(192)] = string.char(156), - [string.char(193)] = string.char(157), - [string.char(194)] = string.char(158), - [string.char(195)] = string.char(159), - [string.char(196)] = string.char(152), - [string.char(197)] = string.char(153), - [string.char(198)] = string.char(154), - [string.char(199)] = string.char(155), - [string.char(200)] = string.char(148), - [string.char(201)] = string.char(149), - [string.char(202)] = string.char(150), - [string.char(203)] = string.char(151), - [string.char(204)] = string.char(144), - [string.char(205)] = string.char(145), - [string.char(206)] = string.char(146), - [string.char(207)] = string.char(147), - [string.char(208)] = string.char(140), - [string.char(209)] = string.char(141), - [string.char(210)] = string.char(142), - [string.char(211)] = string.char(143), - [string.char(212)] = string.char(136), - [string.char(213)] = string.char(137), - [string.char(214)] = string.char(138), - [string.char(215)] = string.char(139), - [string.char(216)] = string.char(132), - [string.char(217)] = string.char(133), - [string.char(218)] = string.char(134), - [string.char(219)] = string.char(135), - [string.char(220)] = string.char(128), - [string.char(221)] = string.char(129), - [string.char(222)] = string.char(130), - [string.char(223)] = string.char(131), - [string.char(224)] = string.char(188), - [string.char(225)] = string.char(189), - [string.char(226)] = string.char(190), - [string.char(227)] = string.char(191), - [string.char(228)] = string.char(184), - [string.char(229)] = string.char(185), - [string.char(230)] = string.char(186), - [string.char(231)] = string.char(187), - [string.char(232)] = string.char(180), - [string.char(233)] = string.char(181), - [string.char(234)] = string.char(182), - [string.char(235)] = string.char(183), - [string.char(236)] = string.char(176), - [string.char(237)] = string.char(177), - [string.char(238)] = string.char(178), - [string.char(239)] = string.char(179), - [string.char(240)] = string.char(172), - [string.char(241)] = string.char(173), - [string.char(242)] = string.char(174), - [string.char(243)] = string.char(175), - [string.char(244)] = string.char(168), - [string.char(245)] = string.char(169), - [string.char(246)] = string.char(170), - [string.char(247)] = string.char(171), - [string.char(248)] = string.char(164), - [string.char(249)] = string.char(165), - [string.char(250)] = string.char(166), - [string.char(251)] = string.char(167), - [string.char(252)] = string.char(160), - [string.char(253)] = string.char(161), - [string.char(254)] = string.char(162), - [string.char(255)] = string.char(163), -} - -local xor_with_0x36 = { - [string.char(0)] = string.char(54), - [string.char(1)] = string.char(55), - [string.char(2)] = string.char(52), - [string.char(3)] = string.char(53), - [string.char(4)] = string.char(50), - [string.char(5)] = string.char(51), - [string.char(6)] = string.char(48), - [string.char(7)] = string.char(49), - [string.char(8)] = string.char(62), - [string.char(9)] = string.char(63), - [string.char(10)] = string.char(60), - [string.char(11)] = string.char(61), - [string.char(12)] = string.char(58), - [string.char(13)] = string.char(59), - [string.char(14)] = string.char(56), - [string.char(15)] = string.char(57), - [string.char(16)] = string.char(38), - [string.char(17)] = string.char(39), - [string.char(18)] = string.char(36), - [string.char(19)] = string.char(37), - [string.char(20)] = string.char(34), - [string.char(21)] = string.char(35), - [string.char(22)] = string.char(32), - [string.char(23)] = string.char(33), - [string.char(24)] = string.char(46), - [string.char(25)] = string.char(47), - [string.char(26)] = string.char(44), - [string.char(27)] = string.char(45), - [string.char(28)] = string.char(42), - [string.char(29)] = string.char(43), - [string.char(30)] = string.char(40), - [string.char(31)] = string.char(41), - [string.char(32)] = string.char(22), - [string.char(33)] = string.char(23), - [string.char(34)] = string.char(20), - [string.char(35)] = string.char(21), - [string.char(36)] = string.char(18), - [string.char(37)] = string.char(19), - [string.char(38)] = string.char(16), - [string.char(39)] = string.char(17), - [string.char(40)] = string.char(30), - [string.char(41)] = string.char(31), - [string.char(42)] = string.char(28), - [string.char(43)] = string.char(29), - [string.char(44)] = string.char(26), - [string.char(45)] = string.char(27), - [string.char(46)] = string.char(24), - [string.char(47)] = string.char(25), - [string.char(48)] = string.char(6), - [string.char(49)] = string.char(7), - [string.char(50)] = string.char(4), - [string.char(51)] = string.char(5), - [string.char(52)] = string.char(2), - [string.char(53)] = string.char(3), - [string.char(54)] = string.char(0), - [string.char(55)] = string.char(1), - [string.char(56)] = string.char(14), - [string.char(57)] = string.char(15), - [string.char(58)] = string.char(12), - [string.char(59)] = string.char(13), - [string.char(60)] = string.char(10), - [string.char(61)] = string.char(11), - [string.char(62)] = string.char(8), - [string.char(63)] = string.char(9), - [string.char(64)] = string.char(118), - [string.char(65)] = string.char(119), - [string.char(66)] = string.char(116), - [string.char(67)] = string.char(117), - [string.char(68)] = string.char(114), - [string.char(69)] = string.char(115), - [string.char(70)] = string.char(112), - [string.char(71)] = string.char(113), - [string.char(72)] = string.char(126), - [string.char(73)] = string.char(127), - [string.char(74)] = string.char(124), - [string.char(75)] = string.char(125), - [string.char(76)] = string.char(122), - [string.char(77)] = string.char(123), - [string.char(78)] = string.char(120), - [string.char(79)] = string.char(121), - [string.char(80)] = string.char(102), - [string.char(81)] = string.char(103), - [string.char(82)] = string.char(100), - [string.char(83)] = string.char(101), - [string.char(84)] = string.char(98), - [string.char(85)] = string.char(99), - [string.char(86)] = string.char(96), - [string.char(87)] = string.char(97), - [string.char(88)] = string.char(110), - [string.char(89)] = string.char(111), - [string.char(90)] = string.char(108), - [string.char(91)] = string.char(109), - [string.char(92)] = string.char(106), - [string.char(93)] = string.char(107), - [string.char(94)] = string.char(104), - [string.char(95)] = string.char(105), - [string.char(96)] = string.char(86), - [string.char(97)] = string.char(87), - [string.char(98)] = string.char(84), - [string.char(99)] = string.char(85), - [string.char(100)] = string.char(82), - [string.char(101)] = string.char(83), - [string.char(102)] = string.char(80), - [string.char(103)] = string.char(81), - [string.char(104)] = string.char(94), - [string.char(105)] = string.char(95), - [string.char(106)] = string.char(92), - [string.char(107)] = string.char(93), - [string.char(108)] = string.char(90), - [string.char(109)] = string.char(91), - [string.char(110)] = string.char(88), - [string.char(111)] = string.char(89), - [string.char(112)] = string.char(70), - [string.char(113)] = string.char(71), - [string.char(114)] = string.char(68), - [string.char(115)] = string.char(69), - [string.char(116)] = string.char(66), - [string.char(117)] = string.char(67), - [string.char(118)] = string.char(64), - [string.char(119)] = string.char(65), - [string.char(120)] = string.char(78), - [string.char(121)] = string.char(79), - [string.char(122)] = string.char(76), - [string.char(123)] = string.char(77), - [string.char(124)] = string.char(74), - [string.char(125)] = string.char(75), - [string.char(126)] = string.char(72), - [string.char(127)] = string.char(73), - [string.char(128)] = string.char(182), - [string.char(129)] = string.char(183), - [string.char(130)] = string.char(180), - [string.char(131)] = string.char(181), - [string.char(132)] = string.char(178), - [string.char(133)] = string.char(179), - [string.char(134)] = string.char(176), - [string.char(135)] = string.char(177), - [string.char(136)] = string.char(190), - [string.char(137)] = string.char(191), - [string.char(138)] = string.char(188), - [string.char(139)] = string.char(189), - [string.char(140)] = string.char(186), - [string.char(141)] = string.char(187), - [string.char(142)] = string.char(184), - [string.char(143)] = string.char(185), - [string.char(144)] = string.char(166), - [string.char(145)] = string.char(167), - [string.char(146)] = string.char(164), - [string.char(147)] = string.char(165), - [string.char(148)] = string.char(162), - [string.char(149)] = string.char(163), - [string.char(150)] = string.char(160), - [string.char(151)] = string.char(161), - [string.char(152)] = string.char(174), - [string.char(153)] = string.char(175), - [string.char(154)] = string.char(172), - [string.char(155)] = string.char(173), - [string.char(156)] = string.char(170), - [string.char(157)] = string.char(171), - [string.char(158)] = string.char(168), - [string.char(159)] = string.char(169), - [string.char(160)] = string.char(150), - [string.char(161)] = string.char(151), - [string.char(162)] = string.char(148), - [string.char(163)] = string.char(149), - [string.char(164)] = string.char(146), - [string.char(165)] = string.char(147), - [string.char(166)] = string.char(144), - [string.char(167)] = string.char(145), - [string.char(168)] = string.char(158), - [string.char(169)] = string.char(159), - [string.char(170)] = string.char(156), - [string.char(171)] = string.char(157), - [string.char(172)] = string.char(154), - [string.char(173)] = string.char(155), - [string.char(174)] = string.char(152), - [string.char(175)] = string.char(153), - [string.char(176)] = string.char(134), - [string.char(177)] = string.char(135), - [string.char(178)] = string.char(132), - [string.char(179)] = string.char(133), - [string.char(180)] = string.char(130), - [string.char(181)] = string.char(131), - [string.char(182)] = string.char(128), - [string.char(183)] = string.char(129), - [string.char(184)] = string.char(142), - [string.char(185)] = string.char(143), - [string.char(186)] = string.char(140), - [string.char(187)] = string.char(141), - [string.char(188)] = string.char(138), - [string.char(189)] = string.char(139), - [string.char(190)] = string.char(136), - [string.char(191)] = string.char(137), - [string.char(192)] = string.char(246), - [string.char(193)] = string.char(247), - [string.char(194)] = string.char(244), - [string.char(195)] = string.char(245), - [string.char(196)] = string.char(242), - [string.char(197)] = string.char(243), - [string.char(198)] = string.char(240), - [string.char(199)] = string.char(241), - [string.char(200)] = string.char(254), - [string.char(201)] = string.char(255), - [string.char(202)] = string.char(252), - [string.char(203)] = string.char(253), - [string.char(204)] = string.char(250), - [string.char(205)] = string.char(251), - [string.char(206)] = string.char(248), - [string.char(207)] = string.char(249), - [string.char(208)] = string.char(230), - [string.char(209)] = string.char(231), - [string.char(210)] = string.char(228), - [string.char(211)] = string.char(229), - [string.char(212)] = string.char(226), - [string.char(213)] = string.char(227), - [string.char(214)] = string.char(224), - [string.char(215)] = string.char(225), - [string.char(216)] = string.char(238), - [string.char(217)] = string.char(239), - [string.char(218)] = string.char(236), - [string.char(219)] = string.char(237), - [string.char(220)] = string.char(234), - [string.char(221)] = string.char(235), - [string.char(222)] = string.char(232), - [string.char(223)] = string.char(233), - [string.char(224)] = string.char(214), - [string.char(225)] = string.char(215), - [string.char(226)] = string.char(212), - [string.char(227)] = string.char(213), - [string.char(228)] = string.char(210), - [string.char(229)] = string.char(211), - [string.char(230)] = string.char(208), - [string.char(231)] = string.char(209), - [string.char(232)] = string.char(222), - [string.char(233)] = string.char(223), - [string.char(234)] = string.char(220), - [string.char(235)] = string.char(221), - [string.char(236)] = string.char(218), - [string.char(237)] = string.char(219), - [string.char(238)] = string.char(216), - [string.char(239)] = string.char(217), - [string.char(240)] = string.char(198), - [string.char(241)] = string.char(199), - [string.char(242)] = string.char(196), - [string.char(243)] = string.char(197), - [string.char(244)] = string.char(194), - [string.char(245)] = string.char(195), - [string.char(246)] = string.char(192), - [string.char(247)] = string.char(193), - [string.char(248)] = string.char(206), - [string.char(249)] = string.char(207), - [string.char(250)] = string.char(204), - [string.char(251)] = string.char(205), - [string.char(252)] = string.char(202), - [string.char(253)] = string.char(203), - [string.char(254)] = string.char(200), - [string.char(255)] = string.char(201), -} - -------------------------------------------------------------------------- - -function sha256.sha256(msg) - msg = preproc(msg, #msg) - local H = initH256( { }) - for i = 1, #msg, 64 do digestblock(msg, i, H) end - return str2hexa(num2s(H[1], 4) .. num2s(H[2], 4) .. num2s(H[3], 4) .. num2s(H[4], 4) .. - num2s(H[5], 4) .. num2s(H[6], 4) .. num2s(H[7], 4) .. num2s(H[8], 4)) -end - -function sha256.sha256_binary(msg) - return hex_to_binary(sha256.sha256(msg)) -end - -function sha256.hmac_sha256(key, text) - assert(type(key) == 'string', "key passed to hmac_sha256 should be a string") - assert(type(text) == 'string', "text passed to hmac_sha256 should be a string") - - if #key > blocksize then - key = sha256.sha256_binary(key) - end - - local key_xord_with_0x36 = key:gsub('.', xor_with_0x36) .. string.rep(string.char(0x36), blocksize - #key) - local key_xord_with_0x5c = key:gsub('.', xor_with_0x5c) .. string.rep(string.char(0x5c), blocksize - #key) - - return sha256.sha256(key_xord_with_0x5c .. sha256.sha256_binary(key_xord_with_0x36 .. text)) -end - - -return sha256 diff --git a/sign.lua b/sign.lua index bcb6878..55fde49 100644 --- a/sign.lua +++ b/sign.lua @@ -1,32 +1,23 @@ local sign = {} -local sha256 = require("sha256") +local hmac = require("hmac") +local sha2 = require("sha2") -function sign.sign(key, secret, time, host, path, headers, contentSha256, region) +function sign.sign(key, secret, time, path, headers, region) local day = os.date("%Y%m%d", time) - local date = os.date("%a, %d %b %Y %H:%M:%S GMT", time) local timestamp = os.date("%Y%m%dT%H%M%SZ", time) - local dateKey = sha256.hmac_sha256("AWS4" .. secret, day) - local dateRegionKey = sha256.hmac_sha256(dateKey, region) - local dateRegionSvcKey = sha256.hmac_sha256(dateRegionKey, 's3') - local signingKey = sha256.hmac_sha256(dateRegionSvcKey, 'aws4_request') - print("DateKey: " .. dateKey) - print("DateRegionKey: " .. dateRegionKey) - print("DateRegionSvcKey: " .. dateRegionSvcKey) - print("SigningKey: " .. signingKey) - - headers["x-amz-content-sha256"] = contentSha256 - headers["date"] = date - headers["host"] = host + local dateKey = hmac.hmac("AWS4" .. secret, day, 'buffer') + local dateRegionKey = hmac.hmac(dateKey, region, 'buffer') + local dateRegionSvcKey = hmac.hmac(dateRegionKey, 's3', 'buffer') + local signingKey = hmac.hmac(dateRegionSvcKey, 'aws4_request', 'buffer') local keys = {} - for k in pairs(headers) do + for k, v in pairs(headers) do table.insert(keys, k) end table.sort(keys) local signedHeaders = "" - local request = "PUT\n" .. path .. "\n" for _, k in ipairs(keys) do request = request .. "\n" .. k .. ":" .. headers[k] @@ -34,15 +25,9 @@ function sign.sign(key, secret, time, host, path, headers, contentSha256, region end signedHeaders = string.sub(signedHeaders, 2) - request = request .. "\n\n" .. signedHeaders .. "\n" .. contentSha256 - print("Request:\n" .. request) - print("-------") - local stringToSign = "AWS4-HMAC-SHA256\n" .. timestamp .. "\n" .. day .. "/" .. region .. "/s3/aws4_request\n" .. sha256.sha256(request) - print("String to sign:\n" .. stringToSign) - print("-------") - local signature = sha256.hmac_sha256(signingKey, stringToSign) - print("Signature:\n" .. signature) - print("-------") + request = request .. "\n\n" .. signedHeaders .. "\n" .. (headers["x-amz-content-sha256"]) + local stringToSign = "AWS4-HMAC-SHA256\n" .. timestamp .. "\n" .. day .. "/" .. region .. "/s3/aws4_request\n" .. sha2.hash256(request) + local signature = hmac.hmac(signingKey, stringToSign, 'hex') local result = "AWS4-HMAC-SHA256 Credential=" .. key .. "/" .. day .. "/" .. region .. "/s3/aws4_request,SignedHeaders=" .. signedHeaders result = result .. ",Signature=" .. signature diff --git a/start.sh b/start.sh index 6c6011c..8b81340 100755 --- a/start.sh +++ b/start.sh @@ -12,6 +12,8 @@ fi set -euo pipefail : ${S3_BUCKET_NAME:?"S3_BUCKET_NAME must be set"} +: ${AWS_REGION:?"AWS_REGION must be set"} +: ${RETURN_URL:?"RETURN_URL must be set"} : ${AWS_ACCESS_KEY_ID:?"AWS_ACCESS_KEY_ID must be set or be possible to fetch from meta-data service on AWS"} : ${AWS_SECRET_ACCESS_KEY:?"AWS_ACCESS_KEY_ID must be set or be possible to fetch from meta-data service on AWS"} diff --git a/test.lua b/test.lua index 89e96cb..384da28 100644 --- a/test.lua +++ b/test.lua @@ -1,35 +1,33 @@ lu = require('luaunit') local sign = require("sign") -local sha256 = require("sha256") +local sha2 = require("sha2") ---local key = os.getenv("AWS_ACCESS_KEY_ID") ---local secret = os.getenv("AWS_SECRET_ACCESS_KEY") - --- local headers = {["x-amz-acl"] = acl, ["x-amz-date"] = date, ["x-amz-content-sha256"] = "UNSIGNED-PAYLOAD"} - - -function TestPut() +function TestPutAWSExample() local key = "AKIAIOSFODNN7EXAMPLE" local secret = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" local time = os.time({year = 2013, month = 5, day = 24, hour = 0}) - local headers = {["x-amz-storage-class"] = "REDUCED_REDUNDANCY", ["x-amz-date"] = "20130524T000000Z" } - local contentSha256 = sha256.sha256("Welcome to Amazon S3.") - local signature = sign.sign(key, secret, time, "examplebucket.s3.amazonaws.com", "/test%24file.text", headers, contentSha256, "us-east-1") - print(signature) + local date = os.date('%a, %d %b %Y %H:%M:%S GMT', time) + local path = "/test%24file.text" + local region = "us-east-1" + local contentSha256 = sha2.hash256("Welcome to Amazon S3.") + local headers = {["x-amz-storage-class"] = "REDUCED_REDUNDANCY", ["x-amz-date"] = "20130524T000000Z", ["x-amz-content-sha256"] = contentSha256, ["host"] = "examplebucket.s3.amazonaws.com", ["date"] = date } + local signature = sign.sign(key, secret, time,path, headers, region) lu.assertEquals( type(signature), 'string' ) lu.assertEquals( signature, "AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,SignedHeaders=date;host;x-amz-content-sha256;x-amz-date;x-amz-storage-class,Signature=98ad721746da40c64f1a55b78f14c238d841ea1380cd77a1b5971af0ece108bd" ) end -function TestPut2() - local key = "AKIAI2BOGUMMDPX2WKSQ" - local secret = "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" - local time = os.time({year = 2019, month = 6, day = 28, hour = 15, min = 56, sec = 16}) - local headers = {["x-amz-acl"] = "public-read", ["x-amz-date"] = "20190628T135616Z" } - local contentSha256 = sha256.sha256("fluff2") - local signature = sign.sign(key, secret, time, "upload.unbound.se.s3-eu-west-1.amazonaws.com", "/20190628/d25f1855e0cab108cb898ca2bebbb35ed228c1134f9d89492f2c705d5b3c6c355767d37a823ccb31", headers, contentSha256, "eu-west-1") - print(signature) +function TestPut() + local key = "AKIAIOSFODNN7EXAMPLE" + local secret = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" + local time = os.time({year = 2019, month = 6, day = 28, hour = 23, min = 50, sec = 58}) + local date = os.date('%a, %d %b %Y %H:%M:%S GMT', time) + local path = "/20190628/d98e63986091dc0eb0fa24cff9fffaf17b90c464c2b1f05685bc91e7585267cb0d09c645e69ef2b7" + local region = "eu-west-1" + local contentSha256 = sha2.hash256("fluff2") + local headers = {["x-amz-acl"] = "public-read", ["x-amz-date"] = "20190628T235058Z", ["x-amz-content-sha256"] = contentSha256, ["host"] = "upload.unbound.se.s3-eu-west-1.amazonaws.com", ["date"] = date } + local signature = sign.sign(key, secret, time,path, headers, region) lu.assertEquals( type(signature), 'string' ) - lu.assertEquals( signature, "AWS4-HMAC-SHA256 Credential=AKIAI2BOGUMMDPX2WKSQ/20190628/eu-west-1/s3/aws4_request,SignedHeaders=date;host;x-amz-acl;x-amz-content-sha256;x-amz-date,Signature=38683969ed1a023aedbd0e14bf4beae48a6430c6e13c93f59257c5596578721d" ) + lu.assertEquals( signature, "AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20190628/eu-west-1/s3/aws4_request,SignedHeaders=date;host;x-amz-acl;x-amz-content-sha256;x-amz-date,Signature=6dd94b1ff7fd29251dbec629b813ea974323aa6509b6a3db94744aef386914af" ) end -- class TestSign