crypto: add support for parsing/creating SSE-C/SSE-S3 metadata (#6169)

* crypto: add support for parsing SSE-C/SSE-S3 metadata This commit adds support for detecting and parsing SSE-C/SSE-S3 object metadata. With the `IsEncrypted` functions it is possible to determine whether an object seems to be encrypted. With the `ParseMetadata` functions it is possible to validate such metadata and extract the SSE-C/SSE-S3 related values. It also fixes some naming issues. * crypto: add functions for creating SSE object metadata This commit adds functions for creating SSE-S3 and SSE-C metadata. It also adds a `CreateMultipartMetadata` for creating multipart metadata. For all functions unit tests are included.
2025-11-09 13:39:46 -05:00 · 2018-07-25 22:35:54 +02:00
parent 2debe77586
commit 644c2ce326
8 changed files with 607 additions and 21 deletions
--- a/cmd/crypto/sse.go
+++ b/cmd/crypto/sse.go
@@ -25,6 +25,11 @@ import (
 )

 const (
+	// SSEMultipart is the metadata key indicating that the object
+	// was uploaded using the S3 multipart API and stored using
+	// some from of server-side-encryption.
+	SSEMultipart = "X-Minio-Internal-Encrypted-Multipart"
+
 	// SSEIV is the metadata key referencing the random initialization
 	// vector (IV) used for SSE-S3 and SSE-C key derivation.
 	SSEIV = "X-Minio-Internal-Server-Side-Encryption-Iv"
@@ -33,8 +38,8 @@ const (
 	// used by SSE-C and SSE-S3 to encrypt the object.
 	SSESealAlgorithm = "X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm"

-	// SSECSealKey is the metadata key referencing the sealed object-key for SSE-C.
-	SSECSealKey = "X-Minio-Internal-Server-Side-Encryption-Sealed-Key"
+	// SSECSealedKey is the metadata key referencing the sealed object-key for SSE-C.
+	SSECSealedKey = "X-Minio-Internal-Server-Side-Encryption-Sealed-Key"

 	// S3SealedKey is the metadata key referencing the sealed object-key for SSE-S3.
 	S3SealedKey = "X-Minio-Internal-Server-Side-Encryption-S3-Sealed-Key"