provide an option to hash data by openssl (#1467)

Azure · Nov 27, 2023 · 4e66f73 · 4e66f73
1 parent 0d09ed3
commit 4e66f73
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 2 deletions.
diff --git a/sdk/storage/Cargo.toml b/sdk/storage/Cargo.toml
@@ -27,6 +27,7 @@ bytes = "1.0"
 RustyXML = "0.3"
 hmac = "0.12"
 sha2 = "0.10"
+openssl = { version = "0.10", optional=true }
 
 [dev-dependencies]
 tokio = { version = "1.0", features = ["macros", "rt-multi-thread"] }
@@ -40,5 +41,6 @@ azure_identity = { path = "../identity", default-features = false }
 default = ["enable_reqwest"]
 test_e2e = []
 test_integration = []
+enable_openssl_sign = ["dep:openssl"]
 enable_reqwest = ["azure_core/enable_reqwest"]
 enable_reqwest_rustls = ["azure_core/enable_reqwest_rustls"]
diff --git a/sdk/storage/src/hmac.rs b/sdk/storage/src/hmac.rs
@@ -2,10 +2,11 @@ use azure_core::{
     base64,
     error::{ErrorKind, ResultExt},
 };
-use hmac::{Hmac, Mac};
-use sha2::Sha256;
 
+#[cfg(not(feature = "enable_openssl_sign"))]
 pub fn sign(data: &str, key: &str) -> azure_core::Result<String> {
+    use hmac::{Hmac, Mac};
+    use sha2::Sha256;
     let mut hmac = Hmac::<Sha256>::new_from_slice(&base64::decode(key)?)
         .with_context(ErrorKind::DataConversion, || {
             format!("failed to create hmac from key: {key}")
@@ -14,3 +15,34 @@ pub fn sign(data: &str, key: &str) -> azure_core::Result<String> {
     let signature = hmac.finalize().into_bytes();
     Ok(base64::encode(signature))
 }
+
+#[cfg(feature = "enable_openssl_sign")]
+pub fn sign(data: &str, key: &str) -> azure_core::Result<String> {
+    use openssl::{error::ErrorStack, hash::MessageDigest, pkey::PKey, sign::Signer};
+    let dkey = base64::decode(key)?;
+    let signature = || -> Result<Vec<u8>, ErrorStack> {
+        let pkey = PKey::hmac(&dkey)?;
+        let mut signer = Signer::new(MessageDigest::sha256(), &pkey)?;
+        signer.update(data.as_bytes())?;
+        Ok(signer.sign_to_vec()?)
+    }()
+    .with_context(ErrorKind::DataConversion, || {
+        format!("failed to create hmac from key: {key}")
+    })?;
+    Ok(base64::encode(signature))
+}
+
+#[cfg(test)]
+mod tests {
+
+    #[test]
+    fn test_hmac_sign() {
+        let data = "create hmac signature for data";
+        let key = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF";
+
+        let sig = super::sign(data, key).unwrap();
+
+        let expected_sig = "D/y9XyIEdUzEbdV570h8dou/mfkbMA1lKCOPqPDPAd0=";
+        assert_eq!(sig, expected_sig);
+    }
+}
diff --git a/sdk/storage_blobs/Cargo.toml b/sdk/storage_blobs/Cargo.toml
@@ -43,6 +43,7 @@ default = ["enable_reqwest"]
 test_e2e = []
 test_integration = []
 azurite_workaround = ["azure_core/azurite_workaround"]
+enable_openssl_sign = ["azure_storage/enable_openssl_sign"]
 enable_reqwest = ["azure_core/enable_reqwest", "azure_storage/enable_reqwest"]
 enable_reqwest_rustls = [
   "azure_core/enable_reqwest_rustls",