github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/internal/crypto/sse_test.go (about) 1 // Copyright (c) 2015-2021 MinIO, Inc. 2 // 3 // This file is part of MinIO Object Storage stack 4 // 5 // This program is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU Affero General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // This program is distributed in the hope that it will be useful 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU Affero General Public License for more details. 14 // 15 // You should have received a copy of the GNU Affero General Public License 16 // along with this program. If not, see <http://www.gnu.org/licenses/>. 17 18 package crypto 19 20 import ( 21 "net/http" 22 "testing" 23 ) 24 25 func TestS3String(t *testing.T) { 26 const Domain = "SSE-S3" 27 if domain := S3.String(); domain != Domain { 28 t.Errorf("S3's string method returns wrong domain: got '%s' - want '%s'", domain, Domain) 29 } 30 } 31 32 func TestSSECString(t *testing.T) { 33 const Domain = "SSE-C" 34 if domain := SSEC.String(); domain != Domain { 35 t.Errorf("SSEC's string method returns wrong domain: got '%s' - want '%s'", domain, Domain) 36 } 37 } 38 39 var ssecUnsealObjectKeyTests = []struct { 40 Headers http.Header 41 Bucket, Object string 42 Metadata map[string]string 43 44 ExpectedErr error 45 }{ 46 { // 0 - Valid HTTP headers and valid metadata entries for bucket/object 47 Headers: http.Header{ 48 "X-Amz-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"}, 49 "X-Amz-Server-Side-Encryption-Customer-Key": []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="}, 50 "X-Amz-Server-Side-Encryption-Customer-Key-Md5": []string{"7PpPLAK26ONlVUGOWlusfg=="}, 51 }, 52 Bucket: "bucket", 53 Object: "object", 54 Metadata: map[string]string{ 55 "X-Minio-Internal-Server-Side-Encryption-Sealed-Key": "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==", 56 "X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256", 57 "X-Minio-Internal-Server-Side-Encryption-Iv": "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=", 58 }, 59 ExpectedErr: nil, 60 }, 61 { // 1 - Valid HTTP headers but invalid metadata entries for bucket/object2 62 Headers: http.Header{ 63 "X-Amz-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"}, 64 "X-Amz-Server-Side-Encryption-Customer-Key": []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="}, 65 "X-Amz-Server-Side-Encryption-Customer-Key-Md5": []string{"7PpPLAK26ONlVUGOWlusfg=="}, 66 }, 67 Bucket: "bucket", 68 Object: "object2", 69 Metadata: map[string]string{ 70 "X-Minio-Internal-Server-Side-Encryption-Sealed-Key": "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==", 71 "X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256", 72 "X-Minio-Internal-Server-Side-Encryption-Iv": "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=", 73 }, 74 ExpectedErr: ErrSecretKeyMismatch, 75 }, 76 { // 2 - Valid HTTP headers but invalid metadata entries for bucket/object 77 Headers: http.Header{ 78 "X-Amz-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"}, 79 "X-Amz-Server-Side-Encryption-Customer-Key": []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="}, 80 "X-Amz-Server-Side-Encryption-Customer-Key-Md5": []string{"7PpPLAK26ONlVUGOWlusfg=="}, 81 }, 82 Bucket: "bucket", 83 Object: "object", 84 Metadata: map[string]string{ 85 "X-Minio-Internal-Server-Side-Encryption-Sealed-Key": "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==", 86 "X-Minio-Internal-Server-Side-Encryption-Iv": "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=", 87 }, 88 ExpectedErr: errMissingInternalSealAlgorithm, 89 }, 90 { // 3 - Invalid HTTP headers for valid metadata entries for bucket/object 91 Headers: http.Header{ 92 "X-Amz-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"}, 93 "X-Amz-Server-Side-Encryption-Customer-Key": []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="}, 94 }, 95 Bucket: "bucket", 96 Object: "object", 97 Metadata: map[string]string{ 98 "X-Minio-Internal-Server-Side-Encryption-Sealed-Key": "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==", 99 "X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256", 100 "X-Minio-Internal-Server-Side-Encryption-Iv": "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=", 101 }, 102 ExpectedErr: ErrMissingCustomerKeyMD5, 103 }, 104 } 105 106 func TestSSECUnsealObjectKey(t *testing.T) { 107 for i, test := range ssecUnsealObjectKeyTests { 108 if _, err := SSEC.UnsealObjectKey(test.Headers, test.Metadata, test.Bucket, test.Object); err != test.ExpectedErr { 109 t.Errorf("Test %d: got: %v - want: %v", i, err, test.ExpectedErr) 110 } 111 } 112 } 113 114 var sseCopyUnsealObjectKeyTests = []struct { 115 Headers http.Header 116 Bucket, Object string 117 Metadata map[string]string 118 119 ExpectedErr error 120 }{ 121 { // 0 - Valid HTTP headers and valid metadata entries for bucket/object 122 Headers: http.Header{ 123 "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"}, 124 "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="}, 125 "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": []string{"7PpPLAK26ONlVUGOWlusfg=="}, 126 }, 127 Bucket: "bucket", 128 Object: "object", 129 Metadata: map[string]string{ 130 "X-Minio-Internal-Server-Side-Encryption-Sealed-Key": "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==", 131 "X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256", 132 "X-Minio-Internal-Server-Side-Encryption-Iv": "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=", 133 }, 134 ExpectedErr: nil, 135 }, 136 { // 1 - Valid HTTP headers but invalid metadata entries for bucket/object2 137 Headers: http.Header{ 138 "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"}, 139 "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="}, 140 "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": []string{"7PpPLAK26ONlVUGOWlusfg=="}, 141 }, 142 Bucket: "bucket", 143 Object: "object2", 144 Metadata: map[string]string{ 145 "X-Minio-Internal-Server-Side-Encryption-Sealed-Key": "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==", 146 "X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256", 147 "X-Minio-Internal-Server-Side-Encryption-Iv": "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=", 148 }, 149 ExpectedErr: ErrSecretKeyMismatch, 150 }, 151 { // 2 - Valid HTTP headers but invalid metadata entries for bucket/object 152 Headers: http.Header{ 153 "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"}, 154 "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="}, 155 "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": []string{"7PpPLAK26ONlVUGOWlusfg=="}, 156 }, 157 Bucket: "bucket", 158 Object: "object", 159 Metadata: map[string]string{ 160 "X-Minio-Internal-Server-Side-Encryption-Sealed-Key": "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==", 161 "X-Minio-Internal-Server-Side-Encryption-Iv": "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=", 162 }, 163 ExpectedErr: errMissingInternalSealAlgorithm, 164 }, 165 { // 3 - Invalid HTTP headers for valid metadata entries for bucket/object 166 Headers: http.Header{ 167 "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"}, 168 "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="}, 169 }, 170 Bucket: "bucket", 171 Object: "object", 172 Metadata: map[string]string{ 173 "X-Minio-Internal-Server-Side-Encryption-Sealed-Key": "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==", 174 "X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256", 175 "X-Minio-Internal-Server-Side-Encryption-Iv": "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=", 176 }, 177 ExpectedErr: ErrMissingCustomerKeyMD5, 178 }, 179 } 180 181 func TestSSECopyUnsealObjectKey(t *testing.T) { 182 for i, test := range sseCopyUnsealObjectKeyTests { 183 if _, err := SSECopy.UnsealObjectKey(test.Headers, test.Metadata, test.Bucket, test.Object); err != test.ExpectedErr { 184 t.Errorf("Test %d: got: %v - want: %v", i, err, test.ExpectedErr) 185 } 186 } 187 }