You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
257 lines
8.5 KiB
257 lines
8.5 KiB
package s3api
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/rand"
|
|
"encoding/base64"
|
|
"io"
|
|
"testing"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
|
|
)
|
|
|
|
// TestSSES3MultipartUploadStoresDerivedIV verifies the critical fix where
|
|
// handleSSES3MultipartEncryption must store the DERIVED IV (not base IV)
|
|
// in the returned key so it gets serialized into chunk metadata.
|
|
//
|
|
// This test prevents the bug where the derived IV was discarded, causing
|
|
// decryption to use the wrong IV and produce corrupted plaintext.
|
|
func TestSSES3MultipartUploadStoresDerivedIV(t *testing.T) {
|
|
// Setup: Create a test key and base IV
|
|
keyManager := GetSSES3KeyManager()
|
|
sseS3Key, err := keyManager.GetOrCreateKey("")
|
|
if err != nil {
|
|
t.Fatalf("Failed to create SSE-S3 key: %v", err)
|
|
}
|
|
|
|
// Generate a random base IV
|
|
baseIV := make([]byte, aes.BlockSize)
|
|
if _, err := rand.Read(baseIV); err != nil {
|
|
t.Fatalf("Failed to generate base IV: %v", err)
|
|
}
|
|
|
|
// Test data for multipart upload parts
|
|
testCases := []struct {
|
|
name string
|
|
partOffset int64
|
|
data []byte
|
|
}{
|
|
{"Part 1 at offset 0", 0, []byte("First part of multipart upload")},
|
|
{"Part 2 at offset 1MB", 1024 * 1024, []byte("Second part of multipart upload")},
|
|
{"Part 3 at offset 5MB", 5 * 1024 * 1024, []byte("Third part at 5MB offset")},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
// Calculate the expected derived IV (what encryption will use)
|
|
expectedDerivedIV, ivSkip := calculateIVWithOffset(baseIV, tc.partOffset)
|
|
|
|
// Call CreateSSES3EncryptedReaderWithBaseIV to encrypt the data
|
|
dataReader := bytes.NewReader(tc.data)
|
|
encryptedReader, returnedDerivedIV, encErr := CreateSSES3EncryptedReaderWithBaseIV(
|
|
dataReader,
|
|
sseS3Key,
|
|
baseIV,
|
|
tc.partOffset,
|
|
)
|
|
if encErr != nil {
|
|
t.Fatalf("Failed to create encrypted reader: %v", encErr)
|
|
}
|
|
|
|
// Read the encrypted data
|
|
encryptedData, err := io.ReadAll(encryptedReader)
|
|
if err != nil {
|
|
t.Fatalf("Failed to read encrypted data: %v", err)
|
|
}
|
|
|
|
// CRITICAL VERIFICATION: The returned IV should be the DERIVED IV
|
|
if !bytes.Equal(returnedDerivedIV, expectedDerivedIV) {
|
|
t.Errorf("CreateSSES3EncryptedReaderWithBaseIV returned wrong IV:\nExpected: %x\nGot: %x",
|
|
expectedDerivedIV[:8], returnedDerivedIV[:8])
|
|
}
|
|
|
|
// CRITICAL TEST: Verify the key.IV field would be updated (simulating handleSSES3MultipartEncryption)
|
|
// This is what the fix does: key.IV = derivedIV
|
|
keyWithDerivedIV := &SSES3Key{
|
|
Key: sseS3Key.Key,
|
|
KeyID: sseS3Key.KeyID,
|
|
Algorithm: sseS3Key.Algorithm,
|
|
IV: returnedDerivedIV, // This simulates: key.IV = derivedIV
|
|
}
|
|
|
|
// TEST 1: Verify decryption with DERIVED IV produces correct plaintext (correct behavior)
|
|
decryptedWithDerivedIV := make([]byte, len(encryptedData))
|
|
block, err := aes.NewCipher(keyWithDerivedIV.Key)
|
|
if err != nil {
|
|
t.Fatalf("Failed to create cipher: %v", err)
|
|
}
|
|
stream := cipher.NewCTR(block, keyWithDerivedIV.IV)
|
|
|
|
// Handle ivSkip for non-block-aligned offsets
|
|
if ivSkip > 0 {
|
|
skipDummy := make([]byte, ivSkip)
|
|
stream.XORKeyStream(skipDummy, skipDummy)
|
|
}
|
|
stream.XORKeyStream(decryptedWithDerivedIV, encryptedData)
|
|
|
|
if !bytes.Equal(decryptedWithDerivedIV, tc.data) {
|
|
t.Errorf("Decryption with derived IV failed:\nExpected: %q\nGot: %q",
|
|
tc.data, decryptedWithDerivedIV)
|
|
} else {
|
|
t.Logf("✓ Derived IV decryption successful for offset %d", tc.partOffset)
|
|
}
|
|
|
|
// TEST 2: Verify decryption with BASE IV produces WRONG plaintext (bug behavior)
|
|
// This is what would happen if the bug wasn't fixed
|
|
if tc.partOffset > 0 { // Only test for non-zero offsets (where IVs differ)
|
|
keyWithBaseIV := &SSES3Key{
|
|
Key: sseS3Key.Key,
|
|
KeyID: sseS3Key.KeyID,
|
|
Algorithm: sseS3Key.Algorithm,
|
|
IV: baseIV, // BUG: Using base IV instead of derived IV
|
|
}
|
|
|
|
decryptedWithBaseIV := make([]byte, len(encryptedData))
|
|
blockWrong, err := aes.NewCipher(keyWithBaseIV.Key)
|
|
if err != nil {
|
|
t.Fatalf("Failed to create cipher for wrong decryption: %v", err)
|
|
}
|
|
streamWrong := cipher.NewCTR(blockWrong, keyWithBaseIV.IV)
|
|
streamWrong.XORKeyStream(decryptedWithBaseIV, encryptedData)
|
|
|
|
if bytes.Equal(decryptedWithBaseIV, tc.data) {
|
|
t.Errorf("CRITICAL BUG: Base IV produced correct plaintext at offset %d! Should produce corrupted data.", tc.partOffset)
|
|
} else {
|
|
t.Logf("✓ Verified: Base IV produces corrupted data at offset %d (bug would cause this)", tc.partOffset)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
// TestHandleSSES3MultipartEncryptionFlow is an integration test that verifies
|
|
// the complete flow of handleSSES3MultipartEncryption, including that the
|
|
// returned key contains the derived IV (not base IV).
|
|
func TestHandleSSES3MultipartEncryptionFlow(t *testing.T) {
|
|
// This test simulates what happens in a real multipart upload request
|
|
|
|
// Generate test key manually (simulating a complete SSE-S3 key)
|
|
keyBytes := make([]byte, 32) // 256-bit key
|
|
if _, err := rand.Read(keyBytes); err != nil {
|
|
t.Fatalf("Failed to generate key: %v", err)
|
|
}
|
|
|
|
originalKey := &SSES3Key{
|
|
Key: keyBytes,
|
|
KeyID: "test-key-id",
|
|
Algorithm: SSES3Algorithm,
|
|
IV: nil, // Will be set later
|
|
}
|
|
|
|
baseIV := make([]byte, aes.BlockSize)
|
|
if _, err := rand.Read(baseIV); err != nil {
|
|
t.Fatalf("Failed to generate base IV: %v", err)
|
|
}
|
|
|
|
// For this test, we'll work directly with the key structure
|
|
// since SerializeSSES3Metadata requires KMS setup
|
|
|
|
// Test with a non-zero offset (where base IV != derived IV)
|
|
partOffset := int64(2 * 1024 * 1024) // 2MB offset
|
|
plaintext := []byte("Test data for part 2 of multipart upload")
|
|
|
|
// Calculate what the derived IV should be
|
|
expectedDerivedIV, ivSkip := calculateIVWithOffset(baseIV, partOffset)
|
|
|
|
// Simulate the upload by calling CreateSSES3EncryptedReaderWithBaseIV directly
|
|
// (This is what handleSSES3MultipartEncryption does internally)
|
|
dataReader := bytes.NewReader(plaintext)
|
|
|
|
// Encrypt with base IV and offset
|
|
encryptedReader, derivedIV, encErr := CreateSSES3EncryptedReaderWithBaseIV(
|
|
dataReader,
|
|
originalKey,
|
|
baseIV,
|
|
partOffset,
|
|
)
|
|
if encErr != nil {
|
|
t.Fatalf("Failed to create encrypted reader: %v", encErr)
|
|
}
|
|
|
|
// THE FIX: Update key.IV with derivedIV (this is what the bug fix does)
|
|
originalKey.IV = derivedIV
|
|
|
|
// Read encrypted data
|
|
encryptedData, err := io.ReadAll(encryptedReader)
|
|
if err != nil {
|
|
t.Fatalf("Failed to read encrypted data: %v", err)
|
|
}
|
|
|
|
// VERIFICATION 1: Derived IV should match expected
|
|
if !bytes.Equal(derivedIV, expectedDerivedIV) {
|
|
t.Errorf("Derived IV mismatch:\nExpected: %x\nGot: %x",
|
|
expectedDerivedIV[:8], derivedIV[:8])
|
|
}
|
|
|
|
// VERIFICATION 2: Key should now contain derived IV (the fix)
|
|
if !bytes.Equal(originalKey.IV, derivedIV) {
|
|
t.Errorf("Key.IV was not updated with derived IV!\nKey.IV: %x\nDerived IV: %x",
|
|
originalKey.IV[:8], derivedIV[:8])
|
|
} else {
|
|
t.Logf("✓ Key.IV correctly updated with derived IV")
|
|
}
|
|
|
|
// VERIFICATION 3: The IV stored in the key can be used for decryption
|
|
decryptedData := make([]byte, len(encryptedData))
|
|
block, err := aes.NewCipher(originalKey.Key)
|
|
if err != nil {
|
|
t.Fatalf("Failed to create cipher: %v", err)
|
|
}
|
|
|
|
stream := cipher.NewCTR(block, originalKey.IV)
|
|
|
|
// Handle ivSkip for non-block-aligned offsets
|
|
if ivSkip > 0 {
|
|
skipDummy := make([]byte, ivSkip)
|
|
stream.XORKeyStream(skipDummy, skipDummy)
|
|
}
|
|
stream.XORKeyStream(decryptedData, encryptedData)
|
|
|
|
if !bytes.Equal(decryptedData, plaintext) {
|
|
t.Errorf("Final decryption failed:\nExpected: %q\nGot: %q", plaintext, decryptedData)
|
|
} else {
|
|
t.Logf("✓ Full encrypt-update_key-decrypt cycle successful")
|
|
}
|
|
}
|
|
|
|
// TestSSES3HeaderEncoding tests that the header encoding/decoding works correctly
|
|
func TestSSES3HeaderEncoding(t *testing.T) {
|
|
// Generate test base IV
|
|
baseIV := make([]byte, aes.BlockSize)
|
|
if _, err := rand.Read(baseIV); err != nil {
|
|
t.Fatalf("Failed to generate base IV: %v", err)
|
|
}
|
|
|
|
// Encode as it would be in HTTP header
|
|
baseIVHeader := base64.StdEncoding.EncodeToString(baseIV)
|
|
|
|
// Decode (as handleSSES3MultipartEncryption does)
|
|
decodedBaseIV, err := base64.StdEncoding.DecodeString(baseIVHeader)
|
|
if err != nil {
|
|
t.Fatalf("Failed to decode base IV: %v", err)
|
|
}
|
|
|
|
// Verify round-trip
|
|
if !bytes.Equal(decodedBaseIV, baseIV) {
|
|
t.Errorf("Base IV encoding round-trip failed:\nOriginal: %x\nDecoded: %x",
|
|
baseIV, decodedBaseIV)
|
|
}
|
|
|
|
// Verify length
|
|
if len(decodedBaseIV) != s3_constants.AESBlockSize {
|
|
t.Errorf("Decoded base IV has wrong length: expected %d, got %d",
|
|
s3_constants.AESBlockSize, len(decodedBaseIV))
|
|
}
|
|
}
|