Refactor streaming signatureV4 w/ state machine (#2862)

* Refactor streaming signatureV4 w/ state machine - Used state machine to make transitions between reading chunk header, chunk data and trailer explicit. * debug: add print/panic statements to gather more info on CI failure * Persist lastChunk status between Read() on ChunkReader ... remove panic() which was added as interim aid for debugging. * Add unit-tests to cover v4 streaming signature
2025-11-10 05:59:43 -05:00 · 2016-10-10 14:12:32 +05:30
parent 3cfb23750a
commit 2d5e988a6d
5 changed files with 253 additions and 80 deletions
--- a/cmd/test-utils_test.go
+++ b/cmd/test-utils_test.go
@@ -17,6 +17,7 @@
 package cmd

 import (
+	"bufio"
 	"bytes"
 	"crypto/hmac"
 	"crypto/sha1"
@@ -324,6 +325,79 @@ func (testServer TestServer) Stop() {
 	testServer.Server.Close()
 }

+// Truncate request to simulate unexpected EOF for a request signed using streaming signature v4.
+func truncateChunkByHalfSigv4(req *http.Request) (*http.Request, error) {
+	bufReader := bufio.NewReader(req.Body)
+	hexChunkSize, chunkSignature, err := readChunkLine(bufReader)
+	if err != nil {
+		return nil, err
+	}
+
+	newChunkHdr := []byte(fmt.Sprintf("%s"+s3ChunkSignatureStr+"%s\r\n",
+		hexChunkSize, chunkSignature))
+	newChunk, err := ioutil.ReadAll(bufReader)
+	if err != nil {
+		return nil, err
+	}
+	newReq := req
+	newReq.Body = ioutil.NopCloser(
+		bytes.NewReader(bytes.Join([][]byte{newChunkHdr, newChunk[:len(newChunk)/2]},
+			[]byte(""))),
+	)
+	return newReq, nil
+}
+
+// Malform data given a request signed using streaming signature V4.
+func malformDataSigV4(req *http.Request, newByte byte) (*http.Request, error) {
+	bufReader := bufio.NewReader(req.Body)
+	hexChunkSize, chunkSignature, err := readChunkLine(bufReader)
+	if err != nil {
+		return nil, err
+	}
+
+	newChunkHdr := []byte(fmt.Sprintf("%s"+s3ChunkSignatureStr+"%s\r\n",
+		hexChunkSize, chunkSignature))
+	newChunk, err := ioutil.ReadAll(bufReader)
+	if err != nil {
+		return nil, err
+	}
+
+	newChunk[0] = newByte
+	newReq := req
+	newReq.Body = ioutil.NopCloser(
+		bytes.NewReader(bytes.Join([][]byte{newChunkHdr, newChunk},
+			[]byte(""))),
+	)
+
+	return newReq, nil
+}
+
+// Malform chunk size given a request signed using streaming signatureV4.
+func malformChunkSizeSigV4(req *http.Request, badSize int64) (*http.Request, error) {
+	bufReader := bufio.NewReader(req.Body)
+	_, chunkSignature, err := readChunkLine(bufReader)
+	if err != nil {
+		return nil, err
+	}
+
+	n := badSize
+	newHexChunkSize := []byte(fmt.Sprintf("%x", n))
+	newChunkHdr := []byte(fmt.Sprintf("%s"+s3ChunkSignatureStr+"%s\r\n",
+		newHexChunkSize, chunkSignature))
+	newChunk, err := ioutil.ReadAll(bufReader)
+	if err != nil {
+		return nil, err
+	}
+
+	newReq := req
+	newReq.Body = ioutil.NopCloser(
+		bytes.NewReader(bytes.Join([][]byte{newChunkHdr, newChunk},
+			[]byte(""))),
+	)
+
+	return newReq, nil
+}
+
 // Sign given request using Signature V4.
 func signStreamingRequest(req *http.Request, accessKey, secretKey string) (string, error) {
 	// Get hashed payload.