This project provides a C implementation of Oracle Cloud Infrastructure (OCI) request signature, suitable for use in embedded, kernel, or user-space applications. It includes a shared library and an example application demonstrating usage.
- Produces the HTTP
Authorizationheader (key and value) for OCI requests, including the computed signature and all required metadata - OCI request signing for HTTP requests
- No dynamic memory allocations
- Support for DER format private keys
- Default headers and automatic body hashing based on request method
- Simple API for integration into C projects
- Example usage and tests included
- System header configurability via
OCI_SYSTEM_HEADER
- GCC or compatible C compiler
pkg-configutility- OpenSSL for testing and examples
- libcheck for testing
sudo apt install libssl-dev checkTo build the shared library and example application, run:
makeThis will produce:
libocisigner.so: Shared library implementing OCI request signingexample: Example application using the library
make run-testsmake cleanThis library only accepts RSA private keys in DER format. The private key is stored in a dedicated binary data type (oci_signer_binary_t) to clearly indicate that it contains binary data rather than a string.
If you have a PEM format key, you need to convert it to DER format before using it with this library:
# Convert PEM to DER format
openssl rsa -in private_key.pem -outform DER -out private_key.derThe library supports two formats for the key_id parameter:
-
Standard format:
tenancy/user/fingerprintocid1.tenancy.oc1..aaaaaaaaba3pv6wkcr4jqae5f15p2b2m2yt2j6rx32uzr4h25vqstifsfdsq/ocid1.user.oc1..aaaaaaaat5nvwcna5j6aqzjcaty5eqbb6qt2jvpkanghtgdaqedqw3rynjq/20:3b:97:13:55:1c:5b:0d:d3:37:d8:50:4e:c5:3a:34 -
Session token format:
ST$<user principal session token>ST$aaaaaaaa7tz3aaaaaaaaaymq2maaaaaaabfwiljtdnfgqaaaa
You can configure the system header used by the library by defining the macro OCI_SYSTEM_HEADER during compilation. This allows integration with custom or platform-specific headers as needed.
Example:
gcc -DOCI_SYSTEM_HEADER='<your_header.h>' ...Include the header in your application:
#include "oci_signer.h"Link against the shared library and OpenSSL:
-L. -locisigner -lssl -lcrypto
The main output of this library is the HTTP Authorization header, which you add to your request:
oci_signer_header_t auth_header;
// ... set up signer parameters ...
oci_signer_sign(&signer_params, &auth_header, buffer_size);
// Now add:
// Header key: (char*)auth_header.key.data // will be "Authorization"
// Header value: (char*)auth_header.value.data // contains the computed signature and metadataSee example.c for a complete usage demonstration, including examples of how to use custom crypto functions.
For integration with custom environments (like Linux kernel modules), you can provide your own implementations of the required crypto functions:
- Define
OCI_SYSTEM_HEADERto include environment-specific headers instead of standard C library headers - Provide custom implementations of the required crypto functions:
- SHA256 hash function
- RSA signing function
- Base64 encoding function
This project is licensed under the MIT License - see the LICENSE file for details.
This implementation of computing the request authorization header is based on the OCI Go SDK's HTTP signer