Initial commit

Author: stoader

.github/workflows/build.yml

@@ -0,0 +1,29 @@
+name: Build
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Install prerequisites
+        run: sudo apt-get install -y check
+
+      - name: Build tests
+        run: make test
+
+      - name: Run tests
+        run: make run-tests
+
+      - name: Build example
+        run: make example
+
+      - name: Run example
+        run: make run-example

.gitignore

@@ -0,0 +1,66 @@
+# Prerequisites
+*.d
+
+# Object files
+*.o
+*.ko
+*.obj
+*.elf
+
+# Linker output
+*.ilk
+*.map
+*.exp
+
+# Precompiled Headers
+*.gch
+*.pch
+
+# Libraries
+*.lib
+*.a
+*.la
+*.lo
+
+# Shared objects (inc. Windows DLLs)
+*.dll
+*.so
+*.so.*
+*.dylib
+
+# Executables
+*.exe
+*.out
+*.app
+*.i*86
+*.x86_64
+*.hex
+
+# Debug files
+*.dSYM/
+*.su
+*.idb
+*.pdb
+
+# Kernel Module Compile Results
+*.mod*
+*.cmd
+.tmp_versions/
+modules.order
+Module.symvers
+Mkfile.old
+dkms.conf
+
+# Build directories
+build/
+
+# Dependencies
+oci-req-signer-c/deps
+
+test
+example
+
+# IDEs and editors
+.vscode/
+*.code-workspace
+.idea/

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 OCI Request Signer Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,33 @@
+# Makefile for OCI Request Signer C implementation
+
+CC = gcc
+CFLAGS = -Wall -g -Wextra -std=c99 -fPIC $(shell pkg-config --cflags libssl)
+LIB_NAME = liboci_signer.so
+LIB_SRC = oci_signer.c
+LIB_HDR = oci_signer.h
+EXAMPLE_SRC = example.c
+EXAMPLE_BIN = example
+TEST_SRC = test.c
+TEST_BIN = test
+OPENSSL_LIBS = $(shell pkg-config --libs libssl,libcrypto)
+CHECK_LIBS = $(shell pkg-config --libs check)
+
+all: $(LIB_NAME) $(EXAMPLE_BIN)
+
+$(LIB_NAME): $(LIB_SRC) $(LIB_HDR)
+	$(CC) $(CFLAGS) -shared -o $@ $(LIB_SRC) $(OPENSSL_LIBS)
+
+$(EXAMPLE_BIN): $(EXAMPLE_SRC) $(LIB_NAME)
+	$(CC) -Wall -Wextra -std=c99 $(shell pkg-config --cflags libssl) -o $@ $(EXAMPLE_SRC) -L. -loci_signer $(OPENSSL_LIBS)
+
+$(TEST_BIN): $(TEST_SRC) $(LIB_NAME)
+	$(CC) -Wall -g -Wextra -std=c99 $(shell pkg-config --cflags libssl,check) -o $@ $(TEST_SRC) -L. -loci_signer $(OPENSSL_LIBS) $(CHECK_LIBS)
+
+run-tests: $(TEST_BIN)
+	LD_LIBRARY_PATH=. ./$(TEST_BIN)
+
+run-example: $(EXAMPLE_BIN)
+	LD_LIBRARY_PATH=. ./$(EXAMPLE_BIN)
+
+clean:
+	rm -f $(LIB_NAME) $(EXAMPLE_BIN) $(TEST_BIN) *.o

README.md

@@ -0,0 +1,135 @@
+# OCI Request Signer for C
+
+This project provides a C implementation of [Oracle Cloud Infrastructure (OCI) request signature](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm), suitable for use in embedded, kernel, or user-space applications. It includes a shared library and an example application demonstrating usage.
+
+## Features
+
+- Produces the HTTP `Authorization` header (key and value) for OCI requests, including the computed signature and all required metadata
+- OCI request signing for HTTP requests
+- No dynamic memory allocations
+- Support for DER format private keys
+- Default headers and automatic body hashing based on request method
+- Simple API for integration into C projects
+- Example usage and tests included
+- System header configurability via `OCI_SYSTEM_HEADER`
+
+## Building
+
+### Prerequisites
+
+- GCC or compatible C compiler
+- `pkg-config` utility
+- [OpenSSL](https://github.com/openssl/openssl) for testing and examples
+- [libcheck](https://github.com/libcheck/check) for testing
+
+### Build Instructions
+
+```sh
+sudo apt install libssl-dev check
+```
+
+To build the shared library and example application, run:
+
+```sh
+make
+```
+
+This will produce:
+- `libocisigner.so`: Shared library implementing OCI request signing
+- `example`: Example application using the library
+
+### Run Tests
+
+```sh
+make run-tests
+```
+
+### Clean Build Artifacts
+
+```sh
+make clean
+```
+
+## Usage
+
+### Private Key Format
+
+This library **only** accepts RSA private keys in DER format. The private key is stored in a dedicated binary data type (`oci_signer_binary_t`) to clearly indicate that it contains binary data rather than a string.
+
+If you have a PEM format key, you need to convert it to DER format before using it with this library:
+
+```sh
+# Convert PEM to DER format
+openssl rsa -in private_key.pem -outform DER -out private_key.der
+```
+
+### Key ID Format
+
+The library supports two formats for the `key_id` parameter:
+
+1. **Standard format**: `tenancy/user/fingerprint`
+   ```
+   ocid1.tenancy.oc1..aaaaaaaaba3pv6wkcr4jqae5f15p2b2m2yt2j6rx32uzr4h25vqstifsfdsq/ocid1.user.oc1..aaaaaaaat5nvwcna5j6aqzjcaty5eqbb6qt2jvpkanghtgdaqedqw3rynjq/20:3b:97:13:55:1c:5b:0d:d3:37:d8:50:4e:c5:3a:34
+   ```
+
+2. **Session token format**: `ST$<user principal session token>`
+   ```
+   ST$aaaaaaaa7tz3aaaaaaaaaymq2maaaaaaabfwiljtdnfgqaaaa
+   ```
+
+### System Header Configurability
+
+You can configure the system header used by the library by defining the macro `OCI_SYSTEM_HEADER` during compilation. This allows integration with custom or platform-specific headers as needed.
+
+Example:
+```sh
+gcc -DOCI_SYSTEM_HEADER='<your_header.h>' ...
+```
+
+### Linking
+
+Include the header in your application:
+
+```c
+#include "oci_signer.h"
+```
+
+Link against the shared library and OpenSSL:
+
+```
+-L. -locisigner -lssl -lcrypto
+```
+
+
+### Example Usage
+
+The main output of this library is the HTTP `Authorization` header, which you add to your request:
+
+```c
+oci_signer_header_t auth_header;
+// ... set up signer parameters ...
+oci_signer_sign(&signer_params, &auth_header, buffer_size);
+// Now add:
+//   Header key:   (char*)auth_header.key.data   // will be "Authorization"
+//   Header value: (char*)auth_header.value.data // contains the computed signature and metadata
+```
+
+See `example.c` for a complete usage demonstration, including examples of how to use custom crypto functions.
+
+## Custom Crypto Implementation
+
+For integration with custom environments (like Linux kernel modules), you can provide your own implementations of the required crypto functions:
+
+1. Define `OCI_SYSTEM_HEADER` to include environment-specific headers instead of standard C library headers
+2. Provide custom implementations of the required crypto functions:
+   - SHA256 hash function
+   - RSA signing function
+   - Base64 encoding function
+
+## License
+
+This project is licensed under the MIT License - see the LICENSE file for details.
+
+## Acknowledgments
+
+This implementation of computing the request authorization header is based on the [OCI Go SDK's HTTP signer](https://github.com/oracle/oci-go-sdk/blob/907df66346f4bd3b0e898b5c884422253e86cee3/common/http_signer.go#L244)