MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add padding to compressed+encrypted files (#15282)

Browse Source 
Add up to 256 bytes of padding for compressed+encrypted files.

This will obscure the obvious cases of extremely compressible content 
and leave a similar output size for a very wide variety of inputs.

This does *not* mean the compression ratio doesn't leak information 
about the content, but the outcome space is much smaller, 
so often *less* information is leaked.
This commit is contained in:
Klaus Post
2022-07-13 07:52:15 -07:00
committed by GitHub
parent 697c9973a7
commit 0149382cdc
9 changed files with 64 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
internal/crypto/header_test.go
View File

@@ -29,6 +29,10 @@ import (
func TestIsRequested(t *testing.T) {
for i, test := range kmsIsRequestedTests {
_, got := IsRequested(test.Header)
if Requested(test.Header) != got {
// Test if result matches.
t.Errorf("Requested mismatch, want %v, got %v", Requested(test.Header), got)
}
got = got && S3KMS.IsRequested(test.Header)
if got != test.Expected {
t.Errorf("SSE-KMS: Test %d: Wanted %v but got %v", i, test.Expected, got)
@@ -36,6 +40,10 @@ func TestIsRequested(t *testing.T) {
}
for i, test := range s3IsRequestedTests {
_, got := IsRequested(test.Header)
if Requested(test.Header) != got {
// Test if result matches.
t.Errorf("Requested mismatch, want %v, got %v", Requested(test.Header), got)
}
got = got && S3.IsRequested(test.Header)
if got != test.Expected {
t.Errorf("SSE-S3: Test %d: Wanted %v but got %v", i, test.Expected, got)
@@ -43,6 +51,10 @@ func TestIsRequested(t *testing.T) {
}
for i, test := range ssecIsRequestedTests {
_, got := IsRequested(test.Header)
if Requested(test.Header) != got {
// Test if result matches.
t.Errorf("Requested mismatch, want %v, got %v", Requested(test.Header), got)
}
got = got && SSEC.IsRequested(test.Header)
if got != test.Expected {
t.Errorf("SSE-C: Test %d: Wanted %v but got %v", i, test.Expected, got)

5
internal/crypto/sse.go
View File

@@ -71,6 +71,11 @@ func IsRequested(h http.Header) (Type, bool) {
}
}
// Requested returns whether any type of encryption is requested.
func Requested(h http.Header) bool {
return S3.IsRequested(h) || S3KMS.IsRequested(h) || SSEC.IsRequested(h)
}
// UnsealObjectKey extracts and decrypts the sealed object key
// from the metadata using the SSE-Copy client key of the HTTP headers
// and returns the decrypted object key.