Change SHA-implementation and make sure signature is correctly generated

2019-08-02 10:27:54 +02:00
parent cd38b8b25e
commit fc9269f362
10 changed files with 436 additions and 807 deletions
@@ -1,32 +1,23 @@
 local sign = {}

-local sha256 = require("sha256")
+local hmac = require("hmac")
+local sha2 = require("sha2")

-function sign.sign(key, secret, time, host, path, headers, contentSha256, region)
+function sign.sign(key, secret, time, path, headers, region)
        local day = os.date("%Y%m%d", time)
-        local date = os.date("%a, %d %b %Y %H:%M:%S GMT", time)
        local timestamp = os.date("%Y%m%dT%H%M%SZ", time)
-        local dateKey = sha256.hmac_sha256("AWS4" .. secret, day)
-        local dateRegionKey = sha256.hmac_sha256(dateKey, region)
-        local dateRegionSvcKey = sha256.hmac_sha256(dateRegionKey, 's3')
-        local signingKey = sha256.hmac_sha256(dateRegionSvcKey, 'aws4_request')
-        print("DateKey:          " .. dateKey)
-        print("DateRegionKey:    " .. dateRegionKey)
-        print("DateRegionSvcKey: " .. dateRegionSvcKey)
-        print("SigningKey:       " .. signingKey)
-
-        headers["x-amz-content-sha256"] = contentSha256
-        headers["date"] = date
-        headers["host"] = host
+        local dateKey = hmac.hmac("AWS4" .. secret, day, 'buffer')
+        local dateRegionKey = hmac.hmac(dateKey, region, 'buffer')
+        local dateRegionSvcKey = hmac.hmac(dateRegionKey, 's3', 'buffer')
+        local signingKey = hmac.hmac(dateRegionSvcKey, 'aws4_request', 'buffer')

        local keys = {}
-        for k in pairs(headers) do
+        for k, v in pairs(headers) do
                table.insert(keys, k)
        end
        table.sort(keys)

        local signedHeaders = ""
-
        local request = "PUT\n" .. path .. "\n"
        for _, k in ipairs(keys) do
                request = request .. "\n" .. k .. ":" .. headers[k]
@@ -34,15 +25,9 @@ function sign.sign(key, secret, time, host, path, headers, contentSha256, region
        end
        signedHeaders = string.sub(signedHeaders, 2)

-        request = request .. "\n\n" .. signedHeaders .. "\n" .. contentSha256
-        print("Request:\n" .. request)
-        print("-------")
-        local stringToSign = "AWS4-HMAC-SHA256\n" .. timestamp  .. "\n" .. day .. "/" .. region .. "/s3/aws4_request\n" .. sha256.sha256(request)
-        print("String to sign:\n" .. stringToSign)
-        print("-------")
-        local signature = sha256.hmac_sha256(signingKey, stringToSign)
-        print("Signature:\n" .. signature)
-        print("-------")
+        request = request .. "\n\n" .. signedHeaders .. "\n" .. (headers["x-amz-content-sha256"])
+        local stringToSign = "AWS4-HMAC-SHA256\n" .. timestamp  .. "\n" .. day .. "/" .. region .. "/s3/aws4_request\n" .. sha2.hash256(request)
+        local signature = hmac.hmac(signingKey, stringToSign, 'hex')

        local result = "AWS4-HMAC-SHA256 Credential=" .. key .. "/" .. day .. "/" .. region .. "/s3/aws4_request,SignedHeaders=" .. signedHeaders
        result = result .. ",Signature=" .. signature