2022-02-23 21:20:18 +00:00
|
|
|
#!/usr/bin/env perl
|
|
|
|
|
|
|
|
##
|
|
|
|
## Author......: See docs/credits.txt
|
|
|
|
## License.....: MIT
|
|
|
|
##
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use warnings;
|
|
|
|
|
|
|
|
use Digest::SHA qw (sha256);
|
|
|
|
use Digest::HMAC qw (hmac hmac_hex);
|
|
|
|
|
|
|
|
sub module_constraints { [[0, 252], [8, 8], [0, 51], [8, 8], [-1, -1]] }
|
|
|
|
|
|
|
|
sub module_generate_hash
|
|
|
|
{
|
|
|
|
my $word = shift;
|
|
|
|
my $salt = shift; # date
|
|
|
|
my $region = shift // "us-east-1";
|
|
|
|
my $service = shift // "s3";
|
|
|
|
my $canonical = shift // random_hex_string (64);
|
|
|
|
|
|
|
|
my $date = 0;
|
|
|
|
my $longdate = 0;
|
|
|
|
|
|
|
|
if (length ($salt) == 8)
|
|
|
|
{
|
|
|
|
$date = $salt;
|
2022-06-20 13:19:01 +00:00
|
|
|
$longdate = sprintf ("%sT000000Z", $date);
|
2022-02-23 21:20:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (length ($salt) == 16)
|
|
|
|
{
|
|
|
|
$longdate = $salt;
|
|
|
|
$date = substr ($salt, 0, 8);
|
|
|
|
}
|
|
|
|
|
|
|
|
my $kPassKey = sprintf ("AWS4%s", $word);
|
|
|
|
|
|
|
|
my $kDate = hmac ($date, $kPassKey, \&sha256, 64);
|
|
|
|
my $kRegion = hmac ($region, $kDate, \&sha256, 64);
|
|
|
|
my $kService = hmac ($service, $kRegion, \&sha256, 64);
|
|
|
|
my $kSigning = hmac ("aws4_request", $kService, \&sha256, 64);
|
|
|
|
|
|
|
|
my $stringtosign = sprintf ("AWS4-HMAC-SHA256\n%s\n%s/%s/%s/aws4_request\n%s", $longdate, $date, $region, $service, $canonical);
|
|
|
|
|
|
|
|
my $digest = hmac_hex ($stringtosign, $kSigning, \&sha256, 64);
|
|
|
|
|
|
|
|
my $hash = sprintf ("\$AWS-Sig-v4\$0\$%s\$%s\$%s\$%s\$%s", $longdate, $region, $service, $canonical, $digest);
|
|
|
|
|
|
|
|
return $hash;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub module_verify_hash
|
|
|
|
{
|
|
|
|
my $line = shift;
|
|
|
|
|
|
|
|
my $idx = index ($line, ':');
|
|
|
|
|
|
|
|
return unless $idx >= 0;
|
|
|
|
|
|
|
|
my $hash = substr ($line, 0, $idx);
|
|
|
|
my $word = substr ($line, $idx + 1);
|
|
|
|
|
|
|
|
return unless length ($word) gt 0;
|
|
|
|
return unless substr ($hash, 0, 14) eq '$AWS-Sig-v4$0$';
|
|
|
|
|
|
|
|
my (undef, $signature, $version, $salt, $region, $service, $canonical, $digest) = split '\$', $hash;
|
|
|
|
|
|
|
|
return unless defined $signature;
|
|
|
|
return unless defined $version;
|
|
|
|
return unless defined $salt; # date
|
|
|
|
return unless defined $region;
|
|
|
|
return unless defined $service;
|
|
|
|
return unless defined $canonical;
|
|
|
|
return unless defined $digest;
|
|
|
|
|
|
|
|
return unless length ($salt) == 16;
|
|
|
|
|
|
|
|
my $word_packed = pack_if_HEX_notation ($word);
|
|
|
|
|
|
|
|
my $new_hash = module_generate_hash ($word_packed, $salt, $region, $service, $canonical);
|
|
|
|
|
|
|
|
return ($new_hash, $word);
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|