Module sigv4 

AWS Signature Version 4 verification.

This module implements the core SigV4 signature verification flow:

1. Parse the Authorization header to extract the algorithm, credential scope, signed headers, and provided signature.
2. Reconstruct the canonical request from the HTTP request parts.
3. Build the string to sign from the timestamp, credential scope, and canonical request hash.
4. Derive the signing key using HMAC-SHA256 from the secret key and credential scope components.
5. Compute the expected signature and compare it to the provided signature using constant-time comparison.

The main entry point is verify_sigv4.

Structs

AuthResult

The result of a successful SigV4 verification.

ParsedAuth

Parsed components of an AWS SigV4 Authorization header.

Functions

build_string_to_sign

Build the SigV4 string to sign.

compute_signature

Compute the HMAC-SHA256 signature of data using the given signing_key.

derive_signing_key

Derive the SigV4 signing key using HMAC-SHA256 chain.

hash_payload

Compute the SHA-256 hash of the given payload and return it as a hex string.

parse_authorization_header

Parse an AWS SigV4 Authorization header value into its components.

verify_sigv4

Verify an AWS SigV4-signed HTTP request.