Support PowerPC architecture for sigv4 signature

.github/workflows/ci.yml

@@ -161,7 +161,7 @@ jobs:
         # We also exclude all first-party crates that have a non-optional dependency on `ring`.
         - target: powerpc-unknown-linux-gnu
           non_aws_features: --features native-tls
-          aws_excludes: --exclude aws-inlineable --exclude aws-sigv4 --exclude aws-sig-auth
+          aws_excludes: --exclude aws-inlineable
     env:
       CROSS_CONFIG: Cross.toml
       OPENSSL_LIB_DIR: /usr/lib/i386-linux-gnu
@@ -205,6 +205,12 @@ jobs:
         use-cross: true
         command: build
         args: --target ${{ matrix.target }} --manifest-path "aws/rust-runtime/Cargo.toml" ${{ matrix.aws_excludes }} --workspace
+    - name: Test AWS rust-runtime crates
+      uses: actions-rs/cargo@v1
+      with:
+        use-cross: true
+        command: test
+        args: --target ${{ matrix.target }} --manifest-path "aws/rust-runtime/Cargo.toml" ${{ matrix.aws_excludes }} --workspace
 
   # This job is split out from the rest since it is not required to pass for merge
   check-sdk-examples:

CHANGELOG.next.toml

@@ -154,4 +154,10 @@ author = "hlbarber"
 message = "Update aws-types zeroize to flexible version to prevent downstream version conflicts."
 references = ["smithy-rs#1817"]
 meta = { "breaking" = false, "tada" = false, "bug" = true }
-author = "ethyi"
+author = "ethyi"
+
+[[aws-sdk-rust]]
+message = "Support Sigv4 signature generation on PowerPC."
+references = ["smithy-rs#1847"]
+meta = { "breaking" = false, "tada" = false, "bug" = true }
+author = "crisidev"

aws/rust-runtime/aws-sigv4/Cargo.toml

@@ -23,10 +23,17 @@ http = { version = "0.2", optional = true }
 once_cell = "1.8"
 percent-encoding = { version = "2.1", optional = true }
 regex = "1.5"
-ring = "0.16"
 time = "0.3.5"
 tracing = "0.1"
 
+[target.'cfg(not(any(target_arch = "powerpc", target_arch = "powerpc64")))'.dependencies]
+ring = "0.16"
+
+# ring does not compile on powerpc (https://github.com/briansmith/ring/issues/389) so we use hmac and sha2.
+[target.'cfg(any(target_arch = "powerpc", target_arch = "powerpc64"))'.dependencies]
+hmac = "0.12"
+sha2 = "0.10"
+
 [dev-dependencies]
 bytes = "1"
 httparse = "1.5"

aws/rust-runtime/aws-sigv4/src/sign.rs

@@ -6,33 +6,99 @@
 //! Functions to create signing keys and calculate signatures.
 
 use crate::date_time::format_date;
+#[cfg(any(target_arch = "powerpc", target_arch = "powerpc64"))]
+use hmac::{Hmac, Mac};
+#[cfg(any(target_arch = "powerpc", target_arch = "powerpc64"))]
+use sha2::{Digest, Sha256};
+
+#[cfg(not(any(target_arch = "powerpc", target_arch = "powerpc64")))]
 use ring::{
-    digest::{self},
-    hmac::{self, Key, Tag},
+    digest,
+    hmac::{self, Key},
 };
 use std::time::SystemTime;
 
+#[cfg(any(target_arch = "powerpc", target_arch = "powerpc64"))]
+/// HashedPayload = Lowercase(HexEncode(Hash(requestPayload)))
+#[allow(dead_code)] // Unused when compiling without certain features
+pub(crate) fn sha256_hex_string(bytes: impl AsRef<[u8]>) -> String {
+    let mut hasher = Sha256::new();
+    hasher.update(bytes);
+    hex::encode(hasher.finalize())
+}
+
+#[cfg(not(any(target_arch = "powerpc", target_arch = "powerpc64")))]
 /// HashedPayload = Lowercase(HexEncode(Hash(requestPayload)))
 #[allow(dead_code)] // Unused when compiling without certain features
 pub(crate) fn sha256_hex_string(bytes: impl AsRef<[u8]>) -> String {
     // hex::encode returns a lowercase string
     hex::encode(digest::digest(&digest::SHA256, bytes.as_ref()))
 }
 
+#[cfg(any(target_arch = "powerpc", target_arch = "powerpc64"))]
 /// Calculates a Sigv4 signature
-pub fn calculate_signature(signing_key: Tag, string_to_sign: &[u8]) -> String {
+pub fn calculate_signature(signing_key: impl AsRef<[u8]>, string_to_sign: &[u8]) -> String {
+    let mut mac = Hmac::<Sha256>::new_from_slice(signing_key.as_ref())
+        .expect("HMAC can take key of any size");
+    mac.update(string_to_sign);
+    hex::encode(mac.finalize().into_bytes())
+}
+
+#[cfg(not(any(target_arch = "powerpc", target_arch = "powerpc64")))]
+/// Calculates a Sigv4 signature
+pub fn calculate_signature(signing_key: impl AsRef<[u8]>, string_to_sign: &[u8]) -> String {
     let s_key = Key::new(hmac::HMAC_SHA256, signing_key.as_ref());
     let tag = hmac::sign(&s_key, string_to_sign);
     hex::encode(tag)
 }
 
+#[cfg(any(target_arch = "powerpc", target_arch = "powerpc64"))]
+/// Generates a signing key for Sigv4
+pub fn generate_signing_key(
+    secret: &str,
+    time: SystemTime,
+    region: &str,
+    service: &str,
+) -> impl AsRef<[u8]> {
+    // kSecret = your secret access key
+    // kDate = HMAC("AWS4" + kSecret, Date)
+    // kRegion = HMAC(kDate, Region)
+    // kService = HMAC(kRegion, Service)
+    // kSigning = HMAC(kService, "aws4_request")
+
+    let secret = format!("AWS4{}", secret);
+    let mut mac =
+        Hmac::<Sha256>::new_from_slice(secret.as_ref()).expect("HMAC can take key of any size");
+    mac.update(format_date(time).as_bytes());
+    let tag = mac.finalize();
+
+    // sign region
+    let mut mac =
+        Hmac::<Sha256>::new_from_slice(&tag.into_bytes()).expect("HMAC can take key of any size");
+    mac.update(region.as_bytes());
+    let tag = mac.finalize();
+
+    // sign service
+    let mut mac =
+        Hmac::<Sha256>::new_from_slice(&tag.into_bytes()).expect("HMAC can take key of any size");
+    mac.update(service.as_bytes());
+    let tag = mac.finalize();
+
+    // sign request
+    let mut mac =
+        Hmac::<Sha256>::new_from_slice(&tag.into_bytes()).expect("HMAC can take key of any size");
+    mac.update("aws4_request".as_bytes());
+    mac.finalize().into_bytes()
+}
+
+#[cfg(not(any(target_arch = "powerpc", target_arch = "powerpc64")))]
 /// Generates a signing key for Sigv4
 pub fn generate_signing_key(
     secret: &str,
     time: SystemTime,
     region: &str,
     service: &str,
-) -> hmac::Tag {
+) -> impl AsRef<[u8]> {
     // kSecret = your secret access key
     // kDate = HMAC("AWS4" + kSecret, Date)
     // kRegion = HMAC(kDate, Region)