storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/cmd/crypto/sse_test.go

storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/cmd/crypto/sse_test.go (about)

     1  // MinIO Cloud Storage, (C) 2015, 2016, 2017, 2018 MinIO, Inc.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //    http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package crypto
    16  
    17  import (
    18  	"net/http"
    19  	"testing"
    20  )
    21  
    22  func TestS3String(t *testing.T) {
    23  	const Domain = "SSE-S3"
    24  	if domain := S3.String(); domain != Domain {
    25  		t.Errorf("S3's string method returns wrong domain: got '%s' - want '%s'", domain, Domain)
    26  	}
    27  }
    28  
    29  func TestSSECString(t *testing.T) {
    30  	const Domain = "SSE-C"
    31  	if domain := SSEC.String(); domain != Domain {
    32  		t.Errorf("SSEC's string method returns wrong domain: got '%s' - want '%s'", domain, Domain)
    33  	}
    34  }
    35  
    36  var ssecUnsealObjectKeyTests = []struct {
    37  	Headers        http.Header
    38  	Bucket, Object string
    39  	Metadata       map[string]string
    40  
    41  	ExpectedErr error
    42  }{
    43  	{ // 0 - Valid HTTP headers and valid metadata entries for bucket/object
    44  		Headers: http.Header{
    45  			"X-Amz-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"},
    46  			"X-Amz-Server-Side-Encryption-Customer-Key":       []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="},
    47  			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":   []string{"7PpPLAK26ONlVUGOWlusfg=="},
    48  		},
    49  		Bucket: "bucket",
    50  		Object: "object",
    51  		Metadata: map[string]string{
    52  			"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==",
    53  			"X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256",
    54  			"X-Minio-Internal-Server-Side-Encryption-Iv":             "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=",
    55  		},
    56  		ExpectedErr: nil,
    57  	},
    58  	{ // 1 - Valid HTTP headers but invalid metadata entries for bucket/object2
    59  		Headers: http.Header{
    60  			"X-Amz-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"},
    61  			"X-Amz-Server-Side-Encryption-Customer-Key":       []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="},
    62  			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":   []string{"7PpPLAK26ONlVUGOWlusfg=="},
    63  		},
    64  		Bucket: "bucket",
    65  		Object: "object2",
    66  		Metadata: map[string]string{
    67  			"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==",
    68  			"X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256",
    69  			"X-Minio-Internal-Server-Side-Encryption-Iv":             "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=",
    70  		},
    71  		ExpectedErr: ErrSecretKeyMismatch,
    72  	},
    73  	{ // 2 - Valid HTTP headers but invalid metadata entries for bucket/object
    74  		Headers: http.Header{
    75  			"X-Amz-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"},
    76  			"X-Amz-Server-Side-Encryption-Customer-Key":       []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="},
    77  			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":   []string{"7PpPLAK26ONlVUGOWlusfg=="},
    78  		},
    79  		Bucket: "bucket",
    80  		Object: "object",
    81  		Metadata: map[string]string{
    82  			"X-Minio-Internal-Server-Side-Encryption-Sealed-Key": "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==",
    83  			"X-Minio-Internal-Server-Side-Encryption-Iv":         "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=",
    84  		},
    85  		ExpectedErr: errMissingInternalSealAlgorithm,
    86  	},
    87  	{ // 3 - Invalid HTTP headers for valid metadata entries for bucket/object
    88  		Headers: http.Header{
    89  			"X-Amz-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"},
    90  			"X-Amz-Server-Side-Encryption-Customer-Key":       []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="},
    91  		},
    92  		Bucket: "bucket",
    93  		Object: "object",
    94  		Metadata: map[string]string{
    95  			"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==",
    96  			"X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256",
    97  			"X-Minio-Internal-Server-Side-Encryption-Iv":             "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=",
    98  		},
    99  		ExpectedErr: ErrMissingCustomerKeyMD5,
   100  	},
   101  }
   102  
   103  func TestSSECUnsealObjectKey(t *testing.T) {
   104  	for i, test := range ssecUnsealObjectKeyTests {
   105  		if _, err := SSEC.UnsealObjectKey(test.Headers, test.Metadata, test.Bucket, test.Object); err != test.ExpectedErr {
   106  			t.Errorf("Test %d: got: %v - want: %v", i, err, test.ExpectedErr)
   107  		}
   108  	}
   109  }
   110  
   111  var sseCopyUnsealObjectKeyTests = []struct {
   112  	Headers        http.Header
   113  	Bucket, Object string
   114  	Metadata       map[string]string
   115  
   116  	ExpectedErr error
   117  }{
   118  	{ // 0 - Valid HTTP headers and valid metadata entries for bucket/object
   119  		Headers: http.Header{
   120  			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"},
   121  			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="},
   122  			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5":   []string{"7PpPLAK26ONlVUGOWlusfg=="},
   123  		},
   124  		Bucket: "bucket",
   125  		Object: "object",
   126  		Metadata: map[string]string{
   127  			"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==",
   128  			"X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256",
   129  			"X-Minio-Internal-Server-Side-Encryption-Iv":             "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=",
   130  		},
   131  		ExpectedErr: nil,
   132  	},
   133  	{ // 1 - Valid HTTP headers but invalid metadata entries for bucket/object2
   134  		Headers: http.Header{
   135  			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"},
   136  			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="},
   137  			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5":   []string{"7PpPLAK26ONlVUGOWlusfg=="},
   138  		},
   139  		Bucket: "bucket",
   140  		Object: "object2",
   141  		Metadata: map[string]string{
   142  			"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==",
   143  			"X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256",
   144  			"X-Minio-Internal-Server-Side-Encryption-Iv":             "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=",
   145  		},
   146  		ExpectedErr: ErrSecretKeyMismatch,
   147  	},
   148  	{ // 2 - Valid HTTP headers but invalid metadata entries for bucket/object
   149  		Headers: http.Header{
   150  			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"},
   151  			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="},
   152  			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5":   []string{"7PpPLAK26ONlVUGOWlusfg=="},
   153  		},
   154  		Bucket: "bucket",
   155  		Object: "object",
   156  		Metadata: map[string]string{
   157  			"X-Minio-Internal-Server-Side-Encryption-Sealed-Key": "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==",
   158  			"X-Minio-Internal-Server-Side-Encryption-Iv":         "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=",
   159  		},
   160  		ExpectedErr: errMissingInternalSealAlgorithm,
   161  	},
   162  	{ // 3 - Invalid HTTP headers for valid metadata entries for bucket/object
   163  		Headers: http.Header{
   164  			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": []string{"AES256"},
   165  			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       []string{"MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ="},
   166  		},
   167  		Bucket: "bucket",
   168  		Object: "object",
   169  		Metadata: map[string]string{
   170  			"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==",
   171  			"X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256",
   172  			"X-Minio-Internal-Server-Side-Encryption-Iv":             "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=",
   173  		},
   174  		ExpectedErr: ErrMissingCustomerKeyMD5,
   175  	},
   176  }
   177  
   178  func TestSSECopyUnsealObjectKey(t *testing.T) {
   179  	for i, test := range sseCopyUnsealObjectKeyTests {
   180  		if _, err := SSECopy.UnsealObjectKey(test.Headers, test.Metadata, test.Bucket, test.Object); err != test.ExpectedErr {
   181  			t.Errorf("Test %d: got: %v - want: %v", i, err, test.ExpectedErr)
   182  		}
   183  	}
   184  }