crypto: remove dead code (#9516)

This commit removes some crypto-related code
that is not used anywhere anymore.

cmd/encryption-v1.go

@@ -247,22 +247,6 @@ func EncryptRequest(content io.Reader, r *http.Request, bucket, object string, m
 	return newEncryptReader(content, key, bucket, object, metadata, crypto.S3.IsRequested(r.Header))
 }
 
-// DecryptCopyRequest decrypts the object with the client provided key. It also removes
-// the client-side-encryption metadata from the object and sets the correct headers.
-func DecryptCopyRequest(client io.Writer, r *http.Request, bucket, object string, metadata map[string]string) (io.WriteCloser, error) {
-	var (
-		key []byte
-		err error
-	)
-	if crypto.SSECopy.IsRequested(r.Header) {
-		key, err = ParseSSECopyCustomerRequest(r.Header, metadata)
-		if err != nil {
-			return nil, err
-		}
-	}
-	return newDecryptWriter(client, key, bucket, object, 0, metadata)
-}
-
 func decryptObjectInfo(key []byte, bucket, object string, metadata map[string]string) ([]byte, error) {
 	switch {
 	default:
@@ -317,14 +301,6 @@ func decryptObjectInfo(key []byte, bucket, object string, metadata map[string]st
 	}
 }
 
-func newDecryptWriter(client io.Writer, key []byte, bucket, object string, seqNumber uint32, metadata map[string]string) (io.WriteCloser, error) {
-	objectEncryptionKey, err := decryptObjectInfo(key, bucket, object, metadata)
-	if err != nil {
-		return nil, err
-	}
-	return newDecryptWriterWithObjectKey(client, objectEncryptionKey, seqNumber, metadata)
-}
-
 func newDecryptWriterWithObjectKey(client io.Writer, objectEncryptionKey []byte, seqNumber uint32, metadata map[string]string) (io.WriteCloser, error) {
 	writer, err := sio.DecryptWriter(client, sio.Config{
 		Key:            objectEncryptionKey,
@@ -450,26 +426,6 @@ func DecryptBlocksRequestR(inputReader io.Reader, h http.Header, offset,
 	return w, nil
 }
 
-// DecryptRequestWithSequenceNumber decrypts the object with the client provided key. It also removes
-// the client-side-encryption metadata from the object and sets the correct headers.
-func DecryptRequestWithSequenceNumber(client io.Writer, r *http.Request, bucket, object string, seqNumber uint32, metadata map[string]string) (io.WriteCloser, error) {
-	if crypto.S3.IsEncrypted(metadata) {
-		return newDecryptWriter(client, nil, bucket, object, seqNumber, metadata)
-	}
-
-	key, err := ParseSSECustomerRequest(r)
-	if err != nil {
-		return nil, err
-	}
-	return newDecryptWriter(client, key, bucket, object, seqNumber, metadata)
-}
-
-// DecryptRequest decrypts the object with client provided key for SSE-C and SSE-S3. It also removes
-// the encryption metadata from the object and sets the correct headers.
-func DecryptRequest(client io.Writer, r *http.Request, bucket, object string, metadata map[string]string) (io.WriteCloser, error) {
-	return DecryptRequestWithSequenceNumber(client, r, bucket, object, 0, metadata)
-}
-
 // DecryptBlocksReader - decrypts multipart parts, while implementing
 // a io.Reader compatible interface.
 type DecryptBlocksReader struct {

cmd/encryption-v1_test.go

@@ -78,135 +78,6 @@ func TestEncryptRequest(t *testing.T) {
 	}
 }
 
-var decryptRequestTests = []struct {
-	bucket, object string
-	header         map[string]string
-	metadata       map[string]string
-	shouldFail     bool
-}{
-	{
-		bucket: "bucket",
-		object: "object",
-		header: map[string]string{
-			crypto.SSECAlgorithm: "AES256",
-			crypto.SSECKey:       "MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ=",
-			crypto.SSECKeyMD5:    "7PpPLAK26ONlVUGOWlusfg==",
-		},
-		metadata: map[string]string{
-			crypto.SSESealAlgorithm: crypto.InsecureSealAlgorithm,
-			crypto.SSEIV:            "7nQqotA8xgrPx6QK7Ap3GCfjKitqJSrGP7xzgErSJlw=",
-			crypto.SSECSealedKey:    "EAAfAAAAAAD7v1hQq3PFRUHsItalxmrJqrOq6FwnbXNarxOOpb8jTWONPPKyM3Gfjkjyj6NCf+aB/VpHCLCTBA==",
-		},
-		shouldFail: false,
-	},
-	{
-		bucket: "bucket",
-		object: "object",
-		header: map[string]string{
-			crypto.SSECAlgorithm: "AES256",
-			crypto.SSECKey:       "MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ=",
-			crypto.SSECKeyMD5:    "7PpPLAK26ONlVUGOWlusfg==",
-		},
-		metadata: map[string]string{
-			crypto.SSESealAlgorithm: crypto.SealAlgorithm,
-			crypto.SSEIV:            "qEqmsONcorqlcZXJxaw32H04eyXyXwUgjHzlhkaIYrU=",
-			crypto.SSECSealedKey:    "IAAfAIM14ugTGcM/dIrn4iQMrkl1sjKyeBQ8FBEvRebYj8vWvxG+0cJRpC6NXRU1wJN50JaUOATjO7kz0wZ2mA==",
-		},
-		shouldFail: false,
-	},
-	{
-		bucket: "bucket",
-		object: "object",
-		header: map[string]string{
-			crypto.SSECAlgorithm: "AES256",
-			crypto.SSECKey:       "XAm0dRrJsEsyPb1UuFNezv1bl9hxuYsgUVC/MUctE2k=",
-			crypto.SSECKeyMD5:    "bY4wkxQejw9mUJfo72k53A==",
-		},
-		metadata: map[string]string{
-			crypto.SSESealAlgorithm: "HMAC-SHA3",
-			crypto.SSEIV:            "XAm0dRrJsEsyPb1UuFNezv1bl9hxuYsgUVC/MUctE2k=",
-			crypto.SSECSealedKey:    "SY5E9AvI2tI7/nUrUAssIGE32Hcs4rR9z/CUuPqu5N4=",
-		},
-		shouldFail: true,
-	},
-	{
-		bucket: "bucket",
-		object: "object",
-		header: map[string]string{
-			crypto.SSECAlgorithm: "AES256",
-			crypto.SSECKey:       "XAm0dRrJsEsyPb1UuFNezv1bl9hxuYsgUVC/MUctE2k=",
-			crypto.SSECKeyMD5:    "bY4wkxQejw9mUJfo72k53A==",
-		},
-		metadata: map[string]string{
-			crypto.SSESealAlgorithm: crypto.InsecureSealAlgorithm,
-			crypto.SSEIV:            "RrJsEsyPb1UuFNezv1bl9hxuYsgUVC/MUctE2k=",
-			crypto.SSECSealedKey:    "SY5E9AvI2tI7/nUrUAssIGE32Hcs4rR9z/CUuPqu5N4=",
-		},
-		shouldFail: true,
-	},
-	{
-		bucket: "bucket",
-		object: "object",
-		header: map[string]string{
-			crypto.SSECAlgorithm: "AES256",
-			crypto.SSECKey:       "XAm0dRrJsEsyPb1UuFNezv1bl9hxuYsgUVC/MUctE2k=",
-			crypto.SSECKeyMD5:    "bY4wkxQejw9mUJfo72k53A==",
-		},
-		metadata: map[string]string{
-			crypto.SSESealAlgorithm: crypto.InsecureSealAlgorithm,
-			crypto.SSEIV:            "XAm0dRrJsEsyPb1UuFNezv1bl9ehxuYsgUVC/MUctE2k=",
-			crypto.SSECSealedKey:    "SY5E9AvI2tI7/nUrUAssIGE32Hds4rR9z/CUuPqu5N4=",
-		},
-		shouldFail: true,
-	},
-	{
-		bucket: "bucket",
-		object: "object-2",
-		header: map[string]string{
-			crypto.SSECAlgorithm: "AES256",
-			crypto.SSECKey:       "MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ=",
-			crypto.SSECKeyMD5:    "7PpPLAK26ONlVUGOWlusfg==",
-		},
-		metadata: map[string]string{
-			crypto.SSESealAlgorithm: crypto.SealAlgorithm,
-			crypto.SSEIV:            "qEqmsONcorqlcZXJxaw32H04eyXyXwUgjHzlhkaIYrU=",
-			crypto.SSECSealedKey:    "IAAfAIM14ugTGcM/dIrn4iQMrkl1sjKyeBQ8FBEvRebYj8vWvxG+0cJRpC6NXRU1wJN50JaUOATjO7kz0wZ2mA==",
-		},
-		shouldFail: true,
-	},
-}
-
-func TestDecryptRequest(t *testing.T) {
-	defer func(flag bool) { globalIsSSL = flag }(globalIsSSL)
-	globalIsSSL = true
-	for i, test := range decryptRequestTests[1:] {
-		client := bytes.NewBuffer(nil)
-		req := &http.Request{Header: http.Header{}}
-		for k, v := range test.header {
-			req.Header.Set(k, v)
-		}
-		_, err := DecryptRequest(client, req, test.bucket, test.object, test.metadata)
-		if err != nil && !test.shouldFail {
-			t.Fatalf("Test %d: Failed to encrypt request: %v", i, err)
-		}
-		if err == nil && test.shouldFail {
-			t.Fatalf("Test %d: should fail but passed", i)
-		}
-		if key, ok := test.metadata[crypto.SSECKey]; ok {
-			t.Errorf("Test %d: Client provided key survived in metadata - key: %s", i, key)
-		}
-		if kdf, ok := test.metadata[crypto.SSESealAlgorithm]; ok && !test.shouldFail {
-			t.Errorf("Test %d: ServerSideEncryptionKDF should not be part of metadata: %v", i, kdf)
-		}
-		if iv, ok := test.metadata[crypto.SSEIV]; ok && !test.shouldFail {
-			t.Errorf("Test %d: crypto.SSEIV should not be part of metadata: %v", i, iv)
-		}
-		if mac, ok := test.metadata[crypto.SSECSealedKey]; ok && !test.shouldFail {
-			t.Errorf("Test %d: ServerSideEncryptionKeyMAC should not be part of metadata: %v", i, mac)
-		}
-	}
-}
-
 var decryptObjectInfoTests = []struct {
 	info    ObjectInfo
 	headers http.Header