Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Switched from HMAC-SHA1 to HMAC-SHA256 signature

While both are supported by AWS, the latter is stronger hash function.
It is not believed to contain some security flaws identified in SHA-1.
So sayeth Wikipedia - http://en.wikipedia.org/wiki/SHA-2

Ubuntu Enterprise Cloud (Eucalyptus) doesn't seem to allow requests
using HMAC-SHA1. This is one of the changes I had to make to get
amazon-ec2 gem working against my Eucalyptus cluster.
  • Loading branch information...
commit c1d3fd1c7597458262cc5122321744da2733a356 1 parent 29b33c6
Mike Bailey authored
Showing with 4 additions and 4 deletions.
  1. +2 −2 lib/AWS.rb
  2. +2 −2 test/test_EC2.rb
View
4 lib/AWS.rb
@@ -87,7 +87,7 @@ def AWS.canonical_string(params, host, method="POST", base="/")
# @param [Boolean] urlencode whether or not to url encode the result., true or false
# @return [String] the signed and encoded string.
def AWS.encode(secret_access_key, str, urlencode=true)
- digest = OpenSSL::Digest::Digest.new('sha1')
+ digest = OpenSSL::Digest::Digest.new('sha256')
b64_hmac =
Base64.encode64(
OpenSSL::HMAC.digest(digest, secret_access_key, str)).gsub("\n","")
@@ -231,7 +231,7 @@ def make_request(action, params, data='')
params.merge!( {"Action" => action,
"SignatureVersion" => "2",
- "SignatureMethod" => 'HmacSHA1',
+ "SignatureMethod" => 'HmacSHA256',
"AWSAccessKeyId" => @access_key_id,
"Version" => api_version,
"Timestamp"=>Time.now.getutc.iso8601} )
View
4 test/test_EC2.rb
@@ -61,8 +61,8 @@
end
specify "AWS.encode should return the expected string" do
- AWS.encode("secretaccesskey", "foobar123", urlencode=true).should.equal "e3jeuDc3DIX2mW8cVqWiByj4j5g%3D"
- AWS.encode("secretaccesskey", "foobar123", urlencode=false).should.equal "e3jeuDc3DIX2mW8cVqWiByj4j5g="
+ AWS.encode("secretaccesskey", "foobar123", urlencode=true).should.equal "CPzGGhtvlG3P3yp88fPZp0HKouUV8mQK1ZcdFGQeAug%3D"
+ AWS.encode("secretaccesskey", "foobar123", urlencode=false).should.equal "CPzGGhtvlG3P3yp88fPZp0HKouUV8mQK1ZcdFGQeAug="
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.