etag: add Format
and Decrypt
functions
#14659
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This commit adds two new functions to the
internal
etag
package:ETag.Format
Decrypt
The
Decrypt
function decrypts an encryptedETag using a decryption key. It returns not
encrypted / multipart ETags unmodified.
The
Decrypt
function is mainly used whenhandling SSE-S3 encrypted single-part objects.
In particular, the ETag of an SSE-S3 encrypted
single-part object needs to be decrypted since
S3 clients expect that this ETag is equal to the
content MD5.
The
ETag.Format
method also covers SSE ETag handling.MinIO encrypts all ETags of SSE single part objects.
However, only the ETag of SSE-S3 encrypted single part
objects needs to be decrypted.
The ETag of an SSE-C or SSE-KMS single part object
does not correspond to its content MD5 and can be
a random value.
The
ETag.Format
function formats an ETag such thatit is an AWS S3 compliant ETag. In particular, it
returns non-encrypted ETags (single / multipart)
unmodified. However, for encrypted ETags it returns
the trailing 16 bytes as ETag. For encrypted ETags
the last 16 bytes will be a random value.
The main purpose of
Format
is to format ETagssuch that clients accept them as well-formed AWS S3
ETags.
It differs from the
String
method sinceString
will return string representations for encrypted
ETags that are not AWS S3 compliant.
Motivation and Context
ETag, SSE
How to test this PR?
Types of changes
Checklist:
commit-id
orPR #
here)