Skip to content

Commit

Permalink
provide an option to hash data by openssl (#1467)
Browse files Browse the repository at this point in the history
  • Loading branch information
Leavrth authored Nov 27, 2023
1 parent 0d09ed3 commit 4e66f73
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 2 deletions.
2 changes: 2 additions & 0 deletions sdk/storage/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ bytes = "1.0"
RustyXML = "0.3"
hmac = "0.12"
sha2 = "0.10"
openssl = { version = "0.10", optional=true }

[dev-dependencies]
tokio = { version = "1.0", features = ["macros", "rt-multi-thread"] }
Expand All @@ -40,5 +41,6 @@ azure_identity = { path = "../identity", default-features = false }
default = ["enable_reqwest"]
test_e2e = []
test_integration = []
enable_openssl_sign = ["dep:openssl"]
enable_reqwest = ["azure_core/enable_reqwest"]
enable_reqwest_rustls = ["azure_core/enable_reqwest_rustls"]
36 changes: 34 additions & 2 deletions sdk/storage/src/hmac.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,11 @@ use azure_core::{
base64,
error::{ErrorKind, ResultExt},
};
use hmac::{Hmac, Mac};
use sha2::Sha256;

#[cfg(not(feature = "enable_openssl_sign"))]
pub fn sign(data: &str, key: &str) -> azure_core::Result<String> {
use hmac::{Hmac, Mac};
use sha2::Sha256;
let mut hmac = Hmac::<Sha256>::new_from_slice(&base64::decode(key)?)
.with_context(ErrorKind::DataConversion, || {
format!("failed to create hmac from key: {key}")
Expand All @@ -14,3 +15,34 @@ pub fn sign(data: &str, key: &str) -> azure_core::Result<String> {
let signature = hmac.finalize().into_bytes();
Ok(base64::encode(signature))
}

#[cfg(feature = "enable_openssl_sign")]
pub fn sign(data: &str, key: &str) -> azure_core::Result<String> {
use openssl::{error::ErrorStack, hash::MessageDigest, pkey::PKey, sign::Signer};
let dkey = base64::decode(key)?;
let signature = || -> Result<Vec<u8>, ErrorStack> {
let pkey = PKey::hmac(&dkey)?;
let mut signer = Signer::new(MessageDigest::sha256(), &pkey)?;
signer.update(data.as_bytes())?;
Ok(signer.sign_to_vec()?)
}()
.with_context(ErrorKind::DataConversion, || {
format!("failed to create hmac from key: {key}")
})?;
Ok(base64::encode(signature))
}

#[cfg(test)]
mod tests {

#[test]
fn test_hmac_sign() {
let data = "create hmac signature for data";
let key = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF";

let sig = super::sign(data, key).unwrap();

let expected_sig = "D/y9XyIEdUzEbdV570h8dou/mfkbMA1lKCOPqPDPAd0=";
assert_eq!(sig, expected_sig);
}
}
1 change: 1 addition & 0 deletions sdk/storage_blobs/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ default = ["enable_reqwest"]
test_e2e = []
test_integration = []
azurite_workaround = ["azure_core/azurite_workaround"]
enable_openssl_sign = ["azure_storage/enable_openssl_sign"]
enable_reqwest = ["azure_core/enable_reqwest", "azure_storage/enable_reqwest"]
enable_reqwest_rustls = [
"azure_core/enable_reqwest_rustls",
Expand Down

0 comments on commit 4e66f73

Please sign in to comment.