diff --git a/api/handler/put.go b/api/handler/put.go index ed9def2e..c154e31f 100644 --- a/api/handler/put.go +++ b/api/handler/put.go @@ -334,7 +334,12 @@ func (h handler) formEncryptionParams(header http.Header) (enc encryption.Params return enc, errors.GetAPIError(errors.ErrSSECustomerKeyMD5Mismatch) } - return encryption.NewParams(key) + params, err := encryption.NewParams(key) + if err == nil { + enc = *params + } + + return enc, err } func (h *handler) PostObject(w http.ResponseWriter, r *http.Request) { diff --git a/api/layer/encryption/encryption.go b/api/layer/encryption/encryption.go index 6c7379f7..f035ae07 100644 --- a/api/layer/encryption/encryption.go +++ b/api/layer/encryption/encryption.go @@ -15,7 +15,6 @@ import ( // Params contains encryption key info. type Params struct { - enabled bool customerKey []byte } @@ -66,25 +65,24 @@ const ( ) // NewParams creates new params to encrypt with provided key. -func NewParams(key []byte) (Params, error) { - var p Params +func NewParams(key []byte) (*Params, error) { if len(key) != aes256KeySize { - return p, fmt.Errorf("invalid key size: %d", len(key)) + return nil, fmt.Errorf("invalid key size: %d", len(key)) } - p.enabled = true + var p Params p.customerKey = make([]byte, aes256KeySize) copy(p.customerKey, key) - return p, nil + return &p, nil } -// Key returns encryption key as slice. +// Key returns encryption key. func (p Params) Key() []byte { - return p.customerKey[:] + return p.customerKey } // Enabled returns true if key isn't empty. func (p Params) Enabled() bool { - return p.enabled + return len(p.customerKey) > 0 } // HMAC computes salted HMAC. diff --git a/api/layer/encryption/encryption_test.go b/api/layer/encryption/encryption_test.go index 41ca5305..7371870c 100644 --- a/api/layer/encryption/encryption_test.go +++ b/api/layer/encryption/encryption_test.go @@ -58,7 +58,7 @@ func getDecrypter(t *testing.T) *Decrypter { return &Decrypter{ parts: parts, - encryption: params, + encryption: *params, } }