signature: refactor: move constant defs to mod.rs

author: Alex Auvolat <lx@deuxfleurs.fr> 2025-02-16 16:34:18 +0100
committer: Alex Auvolat <lx@deuxfleurs.fr> 2025-02-16 16:34:18 +0100
commit: 2f0c5ca220d73b6c621f21816b666f939839dd49 (patch)
tree: 47e8c86a3208c1bdb5e4ea608b1cf83895f63a9d /src
parent: 859b38b0d260a0833e5e604c873c7d259acff22e (diff)
download: garage-2f0c5ca220d73b6c621f21816b666f939839dd49.tar.gz
garage-2f0c5ca220d73b6c621f21816b666f939839dd49.zip
3 files changed, 50 insertions, 26 deletions
diff --git a/src/api/common/signature/mod.rs b/src/api/common/signature/mod.rs
index 6514da43..27082168 100644
--- a/src/api/common/signature/mod.rs
+++ b/src/api/common/signature/mod.rs
@@ -2,6 +2,7 @@ use chrono::{DateTime, Utc};
 use hmac::{Hmac, Mac};
 use sha2::Sha256;
 
+use hyper::header::HeaderName;
 use hyper::{body::Incoming as IncomingBody, Request};
 
 use garage_model::garage::Garage;
@@ -17,8 +18,55 @@ pub mod streaming;
 pub const SHORT_DATE: &str = "%Y%m%d";
 pub const LONG_DATETIME: &str = "%Y%m%dT%H%M%SZ";
 
+// ---- Constants used in AWSv4 signatures ----
+
+pub const X_AMZ_ALGORITHM: HeaderName = HeaderName::from_static("x-amz-algorithm");
+pub const X_AMZ_CREDENTIAL: HeaderName = HeaderName::from_static("x-amz-credential");
+pub const X_AMZ_DATE: HeaderName = HeaderName::from_static("x-amz-date");
+pub const X_AMZ_EXPIRES: HeaderName = HeaderName::from_static("x-amz-expires");
+pub const X_AMZ_SIGNEDHEADERS: HeaderName = HeaderName::from_static("x-amz-signedheaders");
+pub const X_AMZ_SIGNATURE: HeaderName = HeaderName::from_static("x-amz-signature");
+pub const X_AMZ_CONTENT_SH256: HeaderName = HeaderName::from_static("x-amz-content-sha256");
+pub const X_AMZ_TRAILER: HeaderName = HeaderName::from_static("x-amz-trailer");
+
+/// Result of `sha256("")`
+pub(crate) const EMPTY_STRING_HEX_DIGEST: &str =
+	"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
+
+// Signature calculation algorithm
+pub const AWS4_HMAC_SHA256: &str = "AWS4-HMAC-SHA256";
 type HmacSha256 = Hmac<Sha256>;
 
+// Possible values for x-amz-content-sha256, in addition to the actual sha256
+pub const UNSIGNED_PAYLOAD: &str = "UNSIGNED-PAYLOAD";
+pub const STREAMING_AWS4_HMAC_SHA256_PAYLOAD: &str = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD";
+
+// Used in the computation of StringToSign
+pub const AWS4_HMAC_SHA256_PAYLOAD: &str = "AWS4-HMAC-SHA256-PAYLOAD";
+
+// ---- enums to describe stuff going on in signature calculation ----
+
+pub enum ContentSha256Header {
+	UnsignedPayload,
+	Sha256Hash(String),
+	StreamingPayload {
+		trailer: Option<TrailerHeader>,
+		algorithm: Option<SigningAlgorithm>,
+	},
+}
+
+pub enum SigningAlgorithm {
+	AwsHmacSha256,
+}
+
+pub enum TrailerHeader {
+	XAmzChecksumCrc32,
+	XAmzChecksumCrc32c,
+	XAmzChecksumCrc64Nvme,
+}
+
+// ---- top-level functions ----
+
 pub async fn verify_request(
 	garage: &Garage,
 	mut req: Request<IncomingBody>,
diff --git a/src/api/common/signature/payload.rs b/src/api/common/signature/payload.rs
index 81541e4a..0b501853 100644
--- a/src/api/common/signature/payload.rs
+++ b/src/api/common/signature/payload.rs
@@ -13,23 +13,9 @@ use garage_util::data::Hash;
 use garage_model::garage::Garage;
 use garage_model::key_table::*;
 
-use super::LONG_DATETIME;
-use super::{compute_scope, signing_hmac};
+use super::*;
 
 use crate::encoding::uri_encode;
-use crate::signature::error::*;
-
-pub const X_AMZ_ALGORITHM: HeaderName = HeaderName::from_static("x-amz-algorithm");
-pub const X_AMZ_CREDENTIAL: HeaderName = HeaderName::from_static("x-amz-credential");
-pub const X_AMZ_DATE: HeaderName = HeaderName::from_static("x-amz-date");
-pub const X_AMZ_EXPIRES: HeaderName = HeaderName::from_static("x-amz-expires");
-pub const X_AMZ_SIGNEDHEADERS: HeaderName = HeaderName::from_static("x-amz-signedheaders");
-pub const X_AMZ_SIGNATURE: HeaderName = HeaderName::from_static("x-amz-signature");
-pub const X_AMZ_CONTENT_SH256: HeaderName = HeaderName::from_static("x-amz-content-sha256");
-
-pub const AWS4_HMAC_SHA256: &str = "AWS4-HMAC-SHA256";
-pub const UNSIGNED_PAYLOAD: &str = "UNSIGNED-PAYLOAD";
-pub const STREAMING_AWS4_HMAC_SHA256_PAYLOAD: &str = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD";
 
 pub type QueryMap = HeaderMap<QueryValue>;
 pub struct QueryValue {
diff --git a/src/api/common/signature/streaming.rs b/src/api/common/signature/streaming.rs
index e223d1b1..e08a4750 100644
--- a/src/api/common/signature/streaming.rs
+++ b/src/api/common/signature/streaming.rs
@@ -11,15 +11,9 @@ use hyper::Request;
 
 use garage_util::data::Hash;
 
-use super::{compute_scope, sha256sum, HmacSha256, LONG_DATETIME};
+use super::*;
 
 use crate::helpers::*;
-use crate::signature::error::*;
-use crate::signature::payload::{
-	STREAMING_AWS4_HMAC_SHA256_PAYLOAD, X_AMZ_CONTENT_SH256, X_AMZ_DATE,
-};
-
-pub const AWS4_HMAC_SHA256_PAYLOAD: &str = "AWS4-HMAC-SHA256-PAYLOAD";
 
 pub type ReqBody = BoxBody<Error>;
 
@@ -68,10 +62,6 @@ pub fn parse_streaming_body(
 	}
 }
 
-/// Result of `sha256("")`
-const EMPTY_STRING_HEX_DIGEST: &str =
-	"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
-
 fn compute_streaming_payload_signature(
 	signing_hmac: &HmacSha256,
 	date: DateTime<Utc>,
author	Alex Auvolat <lx@deuxfleurs.fr>	2025-02-16 16:34:18 +0100
committer	Alex Auvolat <lx@deuxfleurs.fr>	2025-02-16 16:34:18 +0100
commit	2f0c5ca220d73b6c621f21816b666f939839dd49 (patch)
tree	47e8c86a3208c1bdb5e4ea608b1cf83895f63a9d /src
parent	859b38b0d260a0833e5e604c873c7d259acff22e (diff)
download	garage-2f0c5ca220d73b6c621f21816b666f939839dd49.tar.gz garage-2f0c5ca220d73b6c621f21816b666f939839dd49.zip