|
|
@ -78,135 +78,6 @@ func TestEncryptRequest(t *testing.T) { |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
var decryptRequestTests = []struct { |
|
|
|
|
|
|
|
bucket, object string |
|
|
|
|
|
|
|
header map[string]string |
|
|
|
|
|
|
|
metadata map[string]string |
|
|
|
|
|
|
|
shouldFail bool |
|
|
|
|
|
|
|
}{ |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
bucket: "bucket", |
|
|
|
|
|
|
|
object: "object", |
|
|
|
|
|
|
|
header: map[string]string{ |
|
|
|
|
|
|
|
crypto.SSECAlgorithm: "AES256", |
|
|
|
|
|
|
|
crypto.SSECKey: "MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ=", |
|
|
|
|
|
|
|
crypto.SSECKeyMD5: "7PpPLAK26ONlVUGOWlusfg==", |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
metadata: map[string]string{ |
|
|
|
|
|
|
|
crypto.SSESealAlgorithm: crypto.InsecureSealAlgorithm, |
|
|
|
|
|
|
|
crypto.SSEIV: "7nQqotA8xgrPx6QK7Ap3GCfjKitqJSrGP7xzgErSJlw=", |
|
|
|
|
|
|
|
crypto.SSECSealedKey: "EAAfAAAAAAD7v1hQq3PFRUHsItalxmrJqrOq6FwnbXNarxOOpb8jTWONPPKyM3Gfjkjyj6NCf+aB/VpHCLCTBA==", |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
shouldFail: false, |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
bucket: "bucket", |
|
|
|
|
|
|
|
object: "object", |
|
|
|
|
|
|
|
header: map[string]string{ |
|
|
|
|
|
|
|
crypto.SSECAlgorithm: "AES256", |
|
|
|
|
|
|
|
crypto.SSECKey: "MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ=", |
|
|
|
|
|
|
|
crypto.SSECKeyMD5: "7PpPLAK26ONlVUGOWlusfg==", |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
metadata: map[string]string{ |
|
|
|
|
|
|
|
crypto.SSESealAlgorithm: crypto.SealAlgorithm, |
|
|
|
|
|
|
|
crypto.SSEIV: "qEqmsONcorqlcZXJxaw32H04eyXyXwUgjHzlhkaIYrU=", |
|
|
|
|
|
|
|
crypto.SSECSealedKey: "IAAfAIM14ugTGcM/dIrn4iQMrkl1sjKyeBQ8FBEvRebYj8vWvxG+0cJRpC6NXRU1wJN50JaUOATjO7kz0wZ2mA==", |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
shouldFail: false, |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
bucket: "bucket", |
|
|
|
|
|
|
|
object: "object", |
|
|
|
|
|
|
|
header: map[string]string{ |
|
|
|
|
|
|
|
crypto.SSECAlgorithm: "AES256", |
|
|
|
|
|
|
|
crypto.SSECKey: "XAm0dRrJsEsyPb1UuFNezv1bl9hxuYsgUVC/MUctE2k=", |
|
|
|
|
|
|
|
crypto.SSECKeyMD5: "bY4wkxQejw9mUJfo72k53A==", |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
metadata: map[string]string{ |
|
|
|
|
|
|
|
crypto.SSESealAlgorithm: "HMAC-SHA3", |
|
|
|
|
|
|
|
crypto.SSEIV: "XAm0dRrJsEsyPb1UuFNezv1bl9hxuYsgUVC/MUctE2k=", |
|
|
|
|
|
|
|
crypto.SSECSealedKey: "SY5E9AvI2tI7/nUrUAssIGE32Hcs4rR9z/CUuPqu5N4=", |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
shouldFail: true, |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
bucket: "bucket", |
|
|
|
|
|
|
|
object: "object", |
|
|
|
|
|
|
|
header: map[string]string{ |
|
|
|
|
|
|
|
crypto.SSECAlgorithm: "AES256", |
|
|
|
|
|
|
|
crypto.SSECKey: "XAm0dRrJsEsyPb1UuFNezv1bl9hxuYsgUVC/MUctE2k=", |
|
|
|
|
|
|
|
crypto.SSECKeyMD5: "bY4wkxQejw9mUJfo72k53A==", |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
metadata: map[string]string{ |
|
|
|
|
|
|
|
crypto.SSESealAlgorithm: crypto.InsecureSealAlgorithm, |
|
|
|
|
|
|
|
crypto.SSEIV: "RrJsEsyPb1UuFNezv1bl9hxuYsgUVC/MUctE2k=", |
|
|
|
|
|
|
|
crypto.SSECSealedKey: "SY5E9AvI2tI7/nUrUAssIGE32Hcs4rR9z/CUuPqu5N4=", |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
shouldFail: true, |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
bucket: "bucket", |
|
|
|
|
|
|
|
object: "object", |
|
|
|
|
|
|
|
header: map[string]string{ |
|
|
|
|
|
|
|
crypto.SSECAlgorithm: "AES256", |
|
|
|
|
|
|
|
crypto.SSECKey: "XAm0dRrJsEsyPb1UuFNezv1bl9hxuYsgUVC/MUctE2k=", |
|
|
|
|
|
|
|
crypto.SSECKeyMD5: "bY4wkxQejw9mUJfo72k53A==", |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
metadata: map[string]string{ |
|
|
|
|
|
|
|
crypto.SSESealAlgorithm: crypto.InsecureSealAlgorithm, |
|
|
|
|
|
|
|
crypto.SSEIV: "XAm0dRrJsEsyPb1UuFNezv1bl9ehxuYsgUVC/MUctE2k=", |
|
|
|
|
|
|
|
crypto.SSECSealedKey: "SY5E9AvI2tI7/nUrUAssIGE32Hds4rR9z/CUuPqu5N4=", |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
shouldFail: true, |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
bucket: "bucket", |
|
|
|
|
|
|
|
object: "object-2", |
|
|
|
|
|
|
|
header: map[string]string{ |
|
|
|
|
|
|
|
crypto.SSECAlgorithm: "AES256", |
|
|
|
|
|
|
|
crypto.SSECKey: "MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ=", |
|
|
|
|
|
|
|
crypto.SSECKeyMD5: "7PpPLAK26ONlVUGOWlusfg==", |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
metadata: map[string]string{ |
|
|
|
|
|
|
|
crypto.SSESealAlgorithm: crypto.SealAlgorithm, |
|
|
|
|
|
|
|
crypto.SSEIV: "qEqmsONcorqlcZXJxaw32H04eyXyXwUgjHzlhkaIYrU=", |
|
|
|
|
|
|
|
crypto.SSECSealedKey: "IAAfAIM14ugTGcM/dIrn4iQMrkl1sjKyeBQ8FBEvRebYj8vWvxG+0cJRpC6NXRU1wJN50JaUOATjO7kz0wZ2mA==", |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
shouldFail: true, |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func TestDecryptRequest(t *testing.T) { |
|
|
|
|
|
|
|
defer func(flag bool) { globalIsSSL = flag }(globalIsSSL) |
|
|
|
|
|
|
|
globalIsSSL = true |
|
|
|
|
|
|
|
for i, test := range decryptRequestTests[1:] { |
|
|
|
|
|
|
|
client := bytes.NewBuffer(nil) |
|
|
|
|
|
|
|
req := &http.Request{Header: http.Header{}} |
|
|
|
|
|
|
|
for k, v := range test.header { |
|
|
|
|
|
|
|
req.Header.Set(k, v) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
_, err := DecryptRequest(client, req, test.bucket, test.object, test.metadata) |
|
|
|
|
|
|
|
if err != nil && !test.shouldFail { |
|
|
|
|
|
|
|
t.Fatalf("Test %d: Failed to encrypt request: %v", i, err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if err == nil && test.shouldFail { |
|
|
|
|
|
|
|
t.Fatalf("Test %d: should fail but passed", i) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if key, ok := test.metadata[crypto.SSECKey]; ok { |
|
|
|
|
|
|
|
t.Errorf("Test %d: Client provided key survived in metadata - key: %s", i, key) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if kdf, ok := test.metadata[crypto.SSESealAlgorithm]; ok && !test.shouldFail { |
|
|
|
|
|
|
|
t.Errorf("Test %d: ServerSideEncryptionKDF should not be part of metadata: %v", i, kdf) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if iv, ok := test.metadata[crypto.SSEIV]; ok && !test.shouldFail { |
|
|
|
|
|
|
|
t.Errorf("Test %d: crypto.SSEIV should not be part of metadata: %v", i, iv) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if mac, ok := test.metadata[crypto.SSECSealedKey]; ok && !test.shouldFail { |
|
|
|
|
|
|
|
t.Errorf("Test %d: ServerSideEncryptionKeyMAC should not be part of metadata: %v", i, mac) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
var decryptObjectInfoTests = []struct { |
|
|
|
var decryptObjectInfoTests = []struct { |
|
|
|
info ObjectInfo |
|
|
|
info ObjectInfo |
|
|
|
headers http.Header |
|
|
|
headers http.Header |
|
|
|