diff --git a/service/s3/s3crypto/strategy.go b/service/s3/s3crypto/strategy.go index 8967f357a49..9c180eabd6b 100644 --- a/service/s3/s3crypto/strategy.go +++ b/service/s3/s3crypto/strategy.go @@ -63,9 +63,12 @@ func (strat HeaderV2SaveStrategy) Save(env Envelope, req *request.Request) error input.Metadata[http.CanonicalHeaderKey(matDescHeader)] = &env.MatDesc input.Metadata[http.CanonicalHeaderKey(wrapAlgorithmHeader)] = &env.WrapAlg input.Metadata[http.CanonicalHeaderKey(cekAlgorithmHeader)] = &env.CEKAlg - input.Metadata[http.CanonicalHeaderKey(tagLengthHeader)] = &env.TagLen input.Metadata[http.CanonicalHeaderKey(unencryptedMD5Header)] = &env.UnencryptedMD5 input.Metadata[http.CanonicalHeaderKey(unencryptedContentLengthHeader)] = &env.UnencryptedContentLen + + if len(env.TagLen) > 0 { + input.Metadata[http.CanonicalHeaderKey(tagLengthHeader)] = &env.TagLen + } return nil } diff --git a/service/s3/s3crypto/strategy_test.go b/service/s3/s3crypto/strategy_test.go index 54d6634feac..10e3d864b19 100644 --- a/service/s3/s3crypto/strategy_test.go +++ b/service/s3/s3crypto/strategy_test.go @@ -11,38 +11,67 @@ import ( ) func TestHeaderV2SaveStrategy(t *testing.T) { - env := s3crypto.Envelope{ - CipherKey: "Foo", - IV: "Bar", - MatDesc: "{}", - WrapAlg: s3crypto.KMSWrap, - CEKAlg: s3crypto.AESGCMNoPadding, - TagLen: "128", - UnencryptedMD5: "hello", - UnencryptedContentLen: "0", - } - params := &s3.PutObjectInput{} - req := &request.Request{ - Params: params, - } - strat := s3crypto.HeaderV2SaveStrategy{} - err := strat.Save(env, req) - if err != nil { - t.Errorf("expected no error, but received %v", err) + cases := []struct { + env s3crypto.Envelope + expected map[string]*string + }{ + { + s3crypto.Envelope{ + CipherKey: "Foo", + IV: "Bar", + MatDesc: "{}", + WrapAlg: s3crypto.KMSWrap, + CEKAlg: s3crypto.AESGCMNoPadding, + TagLen: "128", + UnencryptedMD5: "hello", + UnencryptedContentLen: "0", + }, + map[string]*string{ + "X-Amz-Key-V2": aws.String("Foo"), + "X-Amz-Iv": aws.String("Bar"), + "X-Amz-Matdesc": aws.String("{}"), + "X-Amz-Wrap-Alg": aws.String(s3crypto.KMSWrap), + "X-Amz-Cek-Alg": aws.String(s3crypto.AESGCMNoPadding), + "X-Amz-Tag-Len": aws.String("128"), + "X-Amz-Unencrypted-Content-Md5": aws.String("hello"), + "X-Amz-Unencrypted-Content-Length": aws.String("0"), + }, + }, + { + s3crypto.Envelope{ + CipherKey: "Foo", + IV: "Bar", + MatDesc: "{}", + WrapAlg: s3crypto.KMSWrap, + CEKAlg: s3crypto.AESGCMNoPadding, + UnencryptedMD5: "hello", + UnencryptedContentLen: "0", + }, + map[string]*string{ + "X-Amz-Key-V2": aws.String("Foo"), + "X-Amz-Iv": aws.String("Bar"), + "X-Amz-Matdesc": aws.String("{}"), + "X-Amz-Wrap-Alg": aws.String(s3crypto.KMSWrap), + "X-Amz-Cek-Alg": aws.String(s3crypto.AESGCMNoPadding), + "X-Amz-Unencrypted-Content-Md5": aws.String("hello"), + "X-Amz-Unencrypted-Content-Length": aws.String("0"), + }, + }, } - expected := map[string]*string{ - "X-Amz-Key-V2": aws.String("Foo"), - "X-Amz-Iv": aws.String("Bar"), - "X-Amz-Matdesc": aws.String("{}"), - "X-Amz-Wrap-Alg": aws.String(s3crypto.KMSWrap), - "X-Amz-Cek-Alg": aws.String(s3crypto.AESGCMNoPadding), - "X-Amz-Tag-Len": aws.String("128"), - "X-Amz-Unencrypted-Content-Md5": aws.String("hello"), - "X-Amz-Unencrypted-Content-Length": aws.String("0"), - } + for _, c := range cases { + params := &s3.PutObjectInput{} + req := &request.Request{ + Params: params, + } + strat := s3crypto.HeaderV2SaveStrategy{} + err := strat.Save(c.env, req) + if err != nil { + t.Errorf("expected no error, but received %v", err) + } - if !reflect.DeepEqual(expected, params.Metadata) { - t.Errorf("expected %v, but received %v", expected, params.Metadata) + if !reflect.DeepEqual(c.expected, params.Metadata) { + t.Errorf("expected %v, but received %v", c.expected, params.Metadata) + } } }