Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

decode ivBase64

pull/7481/head
chrislu 3 weeks ago
parent
4e28bbc482
commit
10e96df867
1 changed files with 19 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      weed/s3api/s3api_object_handlers.go

21
weed/s3api/s3api_object_handlers.go
View File

@ -797,6 +797,9 @@ func (s3a *S3ApiServer) streamFromVolumeServersWithSSE(w http.ResponseWriter, r
totalSize := int64(filer.FileSize(entry))
s3a.setResponseHeaders(w, entry, totalSize)
s3a.addSSEResponseHeadersFromEntry(w, r, entry, sseType)
// Write status header before streaming data
w.WriteHeader(http.StatusOK)
headerSetTime = time.Since(tHeaderSet)
// Get encrypted data stream (without headers)
@ -806,6 +809,7 @@ func (s3a *S3ApiServer) streamFromVolumeServersWithSSE(w http.ResponseWriter, r
if err != nil {
return err
}
defer encryptedReader.Close()
// Wrap with decryption
tDecryptSetup := time.Now()
@ -815,20 +819,33 @@ func (s3a *S3ApiServer) streamFromVolumeServersWithSSE(w http.ResponseWriter, r
customerKey := decryptionKey.(*SSECustomerKey)
// Use storage key (lowercase) not header key for reading from entry.Extended
ivBase64 := string(entry.Extended[s3_constants.SeaweedFSSSEIV])
iv, _ := base64.StdEncoding.DecodeString(ivBase64)
if ivBase64 == "" {
return fmt.Errorf("SSE-C IV not found in entry metadata")
}
iv, ivErr := base64.StdEncoding.DecodeString(ivBase64)
if ivErr != nil {
return fmt.Errorf("failed to decode SSE-C IV: %w", ivErr)
}
glog.V(2).Infof("SSE-C decryption: IV length=%d, KeyMD5=%s", len(iv), customerKey.KeyMD5)
decryptedReader, err = CreateSSECDecryptedReader(encryptedReader, customerKey, iv)
case s3_constants.SSETypeKMS:
sseKMSKey := decryptionKey.(*SSEKMSKey)
glog.V(2).Infof("SSE-KMS decryption: KeyID=%s, IV length=%d", sseKMSKey.KeyID, len(sseKMSKey.IV))
decryptedReader, err = CreateSSEKMSDecryptedReader(encryptedReader, sseKMSKey)
case s3_constants.SSETypeS3:
sseS3Key := decryptionKey.(*SSES3Key)
keyManager := GetSSES3KeyManager()
iv, _ := GetSSES3IV(entry, sseS3Key, keyManager)
iv, ivErr := GetSSES3IV(entry, sseS3Key, keyManager)
if ivErr != nil {
return fmt.Errorf("failed to get SSE-S3 IV: %w", ivErr)
}
glog.V(2).Infof("SSE-S3 decryption: KeyID=%s, IV length=%d", sseS3Key.KeyID, len(iv))
decryptedReader, err = CreateSSES3DecryptedReader(encryptedReader, sseS3Key, iv)
}
decryptSetupTime = time.Since(tDecryptSetup)
if err != nil {
glog.Errorf("SSE decryption error (%s): %v", sseType, err)
return fmt.Errorf("failed to create decrypted reader: %w", err)
}

Write Preview
Loading…
Cancel
Save