in source/sigv4.c [2807:2896]
static SigV4Status_t generateAuthorizationValuePrefix( const SigV4Parameters_t * pParams,
const char * pAlgorithm,
size_t algorithmLen,
const char * pSignedHeaders,
size_t signedHeadersLen,
char * pAuthBuf,
size_t * pAuthPrefixLen )
{
SigV4Status_t returnStatus = SigV4Success;
SigV4String_t credentialScope;
size_t authPrefixLen = 0U;
size_t numOfBytesWritten = 0U;
assert( pParams != NULL );
assert( pAlgorithm != NULL );
assert( algorithmLen > 0 );
assert( pSignedHeaders != NULL );
assert( signedHeadersLen > 0 );
assert( pAuthBuf != NULL );
assert( pAuthPrefixLen != NULL );
/* Since the signed headers are required to be a part of final Authorization header value,
* we copy the signed headers onto the auth buffer before continuing to generate the signature
* in order to prevent an additional copy and/or usage of extra space. */
size_t encodedSignatureLen = ( pParams->pCryptoInterface->hashDigestLen * 2U );
/* Check if the authorization buffer has enough space to hold the final SigV4 Authorization header value. */
authPrefixLen = algorithmLen + SPACE_CHAR_LEN + \
AUTH_CREDENTIAL_PREFIX_LEN + pParams->pCredentials->accessKeyIdLen + \
CREDENTIAL_SCOPE_SEPARATOR_LEN + sizeNeededForCredentialScope( pParams ) + \
AUTH_SEPARATOR_LEN + AUTH_SIGNED_HEADERS_PREFIX_LEN + signedHeadersLen + \
AUTH_SEPARATOR_LEN + AUTH_SIGNATURE_PREFIX_LEN;
if( *pAuthPrefixLen < ( authPrefixLen + encodedSignatureLen ) )
{
LogError( ( "Insufficient memory provided to write the Authorization header value, bytesExceeded=%lu",
( unsigned long ) ( authPrefixLen + encodedSignatureLen - *pAuthPrefixLen ) ) );
returnStatus = SigV4InsufficientMemory;
}
else
{
/* START: Writing of authorization value prefix. */
/******************* Write <algorithm> *******************************************/
( void ) memcpy( pAuthBuf, pAlgorithm, algorithmLen );
numOfBytesWritten += algorithmLen;
/* Add space separator. */
pAuthBuf[ numOfBytesWritten ] = SPACE_CHAR;
numOfBytesWritten += SPACE_CHAR_LEN;
/**************** Write "Credential=<access key ID>/<credential scope>, " ****************/
numOfBytesWritten += copyString( &( pAuthBuf[ numOfBytesWritten ] ), AUTH_CREDENTIAL_PREFIX, AUTH_CREDENTIAL_PREFIX_LEN );
( void ) memcpy( &( pAuthBuf[ numOfBytesWritten ] ),
pParams->pCredentials->pAccessKeyId,
pParams->pCredentials->accessKeyIdLen );
numOfBytesWritten += pParams->pCredentials->accessKeyIdLen;
pAuthBuf[ numOfBytesWritten ] = CREDENTIAL_SCOPE_SEPARATOR;
numOfBytesWritten += CREDENTIAL_SCOPE_SEPARATOR_LEN;
credentialScope.pData = &( pAuthBuf[ numOfBytesWritten ] );
/* #authBufLen is an overestimate but the validation was already done earlier. */
credentialScope.dataLen = *pAuthPrefixLen;
( void ) generateCredentialScope( pParams, &credentialScope );
numOfBytesWritten += credentialScope.dataLen;
/* Add separator before the Signed Headers information. */
numOfBytesWritten += copyString( &( pAuthBuf[ numOfBytesWritten ] ), AUTH_SEPARATOR, AUTH_SEPARATOR_LEN );
/************************ Write "SignedHeaders=<signedHeaders>, " *******************************/
numOfBytesWritten += copyString( &( pAuthBuf[ numOfBytesWritten ] ), AUTH_SIGNED_HEADERS_PREFIX, AUTH_SIGNED_HEADERS_PREFIX_LEN );
( void ) memcpy( &( pAuthBuf[ numOfBytesWritten ] ), pSignedHeaders, signedHeadersLen );
numOfBytesWritten += signedHeadersLen;
/* Add separator before the Signature field name. */
numOfBytesWritten += copyString( &( pAuthBuf[ numOfBytesWritten ] ), AUTH_SEPARATOR, AUTH_SEPARATOR_LEN );
/****************************** Write "Signature=<signature>" *******************************/
numOfBytesWritten += copyString( &( pAuthBuf[ numOfBytesWritten ] ), AUTH_SIGNATURE_PREFIX, AUTH_SIGNATURE_PREFIX_LEN );
/* END: Writing of authorization value prefix. */
/* Avoid warnings from last write if asserts are disabled. */
( void ) numOfBytesWritten;
assert( authPrefixLen == numOfBytesWritten );
*pAuthPrefixLen = authPrefixLen;
}
return returnStatus;
}