fix: make sure to set the right sse-kms key

minio · Jun 24, 2024 · 73d2a58 · 73d2a58
1 parent dda9e96
commit 73d2a58
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 2 deletions.
diff --git a/cmd/encryption-methods.go b/cmd/encryption-methods.go
@@ -211,7 +211,6 @@ func parseSSEKey(sseKey string, keyType sseKeyType) (
 	}
 
 	alias, prefix = splitKey(string(sseKeyBytes[:separatorIndex]))
-
 	if keyType == sseS3 {
 		return
 	}
@@ -220,6 +219,7 @@ func parseSSEKey(sseKey string, keyType sseKeyType) (
 		if !validKMSKeyName(encodedKey) {
 			err = errSSEKMSKeyFormat(fmt.Sprintf("Key (%s) is badly formatted.", encodedKey)).Trace(sseKey)
 		}
+		key = encodedKey
 		return
 	}
 

diff --git a/cmd/encryption-methods_test.go b/cmd/encryption-methods_test.go
@@ -26,6 +26,8 @@ func TestParseEncryptionKeys(t *testing.T) {
 	baseAlias := "mintest"
 	basePrefix := "two/layer/prefix"
 	baseObject := "object_name"
+	sseKeyKMS := "my-default-key"
+	sseKeyKMSInvalid := "my@default@key"
 	sseKey := "MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDA"
 	sseKeyPlain := "01234567890123456789012345678900"
 	sseHexKey := "3031323334353637383930313233343536373839303132333435363738393030"
@@ -52,6 +54,7 @@ func TestParseEncryptionKeys(t *testing.T) {
 			alias:         baseAlias,
 			prefix:        basePrefix,
 			object:        baseObject,
+			sseType:       sseC,
 			success:       true,
 		},
 		{
@@ -60,6 +63,7 @@ func TestParseEncryptionKeys(t *testing.T) {
 			alias:         baseAlias,
 			prefix:        basePrefix,
 			object:        baseObject,
+			sseType:       sseC,
 			success:       true,
 		},
 		{
@@ -68,6 +72,7 @@ func TestParseEncryptionKeys(t *testing.T) {
 			alias:         baseAlias + "=",
 			prefix:        basePrefix + "=",
 			object:        baseObject + "=",
+			sseType:       sseC,
 			success:       true,
 		},
 		{
@@ -76,6 +81,7 @@ func TestParseEncryptionKeys(t *testing.T) {
 			alias:         baseAlias + "/",
 			prefix:        basePrefix + "/",
 			object:        baseObject + "/",
+			sseType:       sseC,
 			success:       true,
 		},
 		{
@@ -84,6 +90,7 @@ func TestParseEncryptionKeys(t *testing.T) {
 			alias:         baseAlias,
 			prefix:        basePrefix,
 			object:        baseObject + "=",
+			sseType:       sseC,
 			success:       true,
 		},
 		{
@@ -92,36 +99,67 @@ func TestParseEncryptionKeys(t *testing.T) {
 			alias:         baseAlias,
 			prefix:        basePrefix,
 			object:        baseObject + "!@_==_$^&*",
+			sseType:       sseC,
 			success:       true,
 		},
 		{
 			encryptionKey: fmt.Sprintf("%s/%s/%s=%sXXXXX", baseAlias, basePrefix, baseObject, sseKey),
+			sseType:       sseC,
 			success:       false,
 		},
 		{
 			encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidShort),
+			sseType:       sseC,
 			success:       false,
 		},
 		{
 			encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidSymbols),
+			sseType:       sseC,
 			success:       false,
 		},
 		{
 			encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidSpaces),
+			sseType:       sseC,
 			success:       false,
 		},
 		{
 			encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidPrefixSpace),
+			sseType:       sseC,
 			success:       false,
 		},
 		{
 			encryptionKey: fmt.Sprintf("%s/%s/%s==%s", baseAlias, basePrefix, baseObject, sseKeyInvalidOneShort),
+			sseType:       sseC,
 			success:       false,
 		},
+		// sse-type KMS
+		{
+			encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyKMS),
+			keyPlain:      sseKeyKMS,
+			alias:         baseAlias,
+			prefix:        basePrefix,
+			object:        baseObject,
+			sseType:       sseKMS,
+			success:       true,
+		},
+		{
+			encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyKMSInvalid),
+			sseType:       sseKMS,
+			success:       false,
+		},
+		// sse-type S3
+		{
+			encryptionKey: fmt.Sprintf("%s/%s/%s", baseAlias, basePrefix, baseObject),
+			alias:         baseAlias,
+			prefix:        basePrefix,
+			object:        baseObject,
+			sseType:       sseS3,
+			success:       true,
+		},
 	}
 
 	for i, tc := range testCases {
-		alias, prefix, key, err := parseSSEKey(tc.encryptionKey, sseC)
+		alias, prefix, key, err := parseSSEKey(tc.encryptionKey, tc.sseType)
 		if tc.success {
 			if err != nil {
 				t.Fatalf("Test %d: Expected success, got %s", i+1, err)