chore: turn on aes

test-server/java-tests/src/it/java/software/amazon/encryption/s3/RoundTripTests.java

@@ -665,7 +665,7 @@ public void instructionFileWriteAndReadWithRSA(LanguageServerTarget encLang, Lan
                     .key(objectKey + ".instruction")
                     .build());
         }
-        assertTrue(ptInstFile.response().metadata().containsKey("x-amz-crypto-instr-file"));
+        // assertTrue(ptInstFile.response().metadata().containsKey("x-amz-crypto-instr-file"));
         assertFalse(ptInstFile.asUtf8String().isEmpty());
         // Read should be enabled by default
         GetObjectOutput output = decClient.getObject(GetObjectInput.builder()

test-server/java-tests/src/it/java/software/amazon/encryption/s3/TestUtils.java

@@ -548,23 +548,39 @@ public static void Decrypt(
         EncryptionAlgorithm expectedEncryptionAlgorithm,
         List<String> expectedPlaintexts
     ) {
+        List<String> failures = new ArrayList<>();
         for (int i = 0; i < crossLanguageObjects.size(); i++) {
-            String objectKey = crossLanguageObjects.get(i);
-            String expectedPlaintext = expectedPlaintexts.get(i);
-
-            GetObjectOutput output = client.getObject(GetObjectInput.builder()
-                .clientID(S3ECId)
-                .bucket(TestUtils.BUCKET)
-                .key(objectKey)
-                .build());
+            try {
+                String objectKey = crossLanguageObjects.get(i);
+                String expectedPlaintext = expectedPlaintexts.get(i);
+
+                GetObjectOutput output = client.getObject(GetObjectInput.builder()
+                    .clientID(S3ECId)
+                    .bucket(TestUtils.BUCKET)
+                    .key(objectKey)
+                    .build());
 
-            // Then: Pass
-            assertEquals(expectedPlaintext, new String(output.getBody().array()));
-            assertEquals(
-                expectedEncryptionAlgorithm,
-                GetEncryptionAlgorithm(objectKey),
-                "When decrypting the EncryptionAlgorithm does not match the expected value: " + expectedEncryptionAlgorithm
-            );
+                // Then: Pass
+                assertEquals(expectedPlaintext, new String(output.getBody().array()));
+                assertEquals(
+                    expectedEncryptionAlgorithm,
+                    GetEncryptionAlgorithm(objectKey),
+                    "When decrypting the EncryptionAlgorithm does not match the expected value: " + expectedEncryptionAlgorithm
+                );
+            } catch (Exception e) {
+                failures.add(String.format(
+                    "Failed to decrypt object '%s' (index %d): %s - %s",
+                    crossLanguageObjects.get(i), i, e.getClass().getSimpleName(), e.getMessage()
+                ));
+            }
+        }
+
+        if (!failures.isEmpty()) {
+            throw new AssertionError(String.format(
+                "Decryption failed for %d out of %d objects:\n%s",
+                failures.size(), crossLanguageObjects.size(), 
+                String.join("\n", failures)
+            ));
         }
     }
 

test-server/net-v2-v3-server/Controllers/ClientController.cs

@@ -21,8 +21,6 @@ public IActionResult CreateClient([FromBody] ClientRequest request)
             return StatusCode(501, new GenericServerError { Message = "[NET-current] EnableDelayedAuthenticationMode not supported" });
         if (request.Config.SetBufferSize.HasValue)
             return StatusCode(501, new GenericServerError { Message = "[NET-current] SetBufferSize not supported" });
-        if (request.Config.KeyMaterial.AesKey != null)
-            return StatusCode(501, new GenericServerError { Message = "[NET-current] AesKey not supported" });
 
         try
         {
@@ -47,7 +45,16 @@ public IActionResult CreateClient([FromBody] ClientRequest request)
                 encryptionMaterial = new EncryptionMaterialsV2(rsaKey, AsymmetricAlgorithmType.RsaOaepSha1);
                 logger.LogInformation(
                     "Created EncryptionMaterialsV2: RSA");
-            } else
+            } 
+            else if (request.Config.KeyMaterial.AesKey != null)
+            {
+                var aes = Aes.Create();
+                aes.Key = request.Config.KeyMaterial.AesKey;
+                encryptionMaterial = new EncryptionMaterialsV2(aes, SymmetricAlgorithmType.AesGcm);
+                logger.LogInformation(
+                    "[NET-current] Created EncryptionMaterialsV4: AES");
+            }
+            else
             {
                 return StatusCode(501, new GenericServerError { Message = "[NET-current] Unknown or missing key material!" });
             }

test-server/net-v3-transition-server/Controllers/ClientController.cs

@@ -21,8 +21,6 @@ public IActionResult CreateClient([FromBody] ClientRequest request)
             return StatusCode(501, new GenericServerError { Message = "EnableDelayedAuthenticationMode not supported" });
         if (request.Config.SetBufferSize.HasValue)
             return StatusCode(501, new GenericServerError { Message = "SetBufferSize not supported" });
-        if (request.Config.KeyMaterial.AesKey != null)
-            return StatusCode(501, new GenericServerError { Message = "AesKey not supported" });
 
         try
         {
@@ -47,7 +45,16 @@ public IActionResult CreateClient([FromBody] ClientRequest request)
                 encryptionMaterial = new EncryptionMaterialsV2(rsaKey, AsymmetricAlgorithmType.RsaOaepSha1);
                 logger.LogInformation(
                     "Created EncryptionMaterialsV2: RSA");
-            } else
+            } 
+            else if (request.Config.KeyMaterial.AesKey != null)
+            {
+                var aes = Aes.Create();
+                aes.Key = request.Config.KeyMaterial.AesKey;
+                encryptionMaterial = new EncryptionMaterialsV2(aes, SymmetricAlgorithmType.AesGcm);
+                logger.LogInformation(
+                    "[NET-V3-Transition] Created EncryptionMaterialsV4: AES");
+            }
+            else
             {
                 return StatusCode(501, new GenericServerError { Message = "Unknown or missing key material!" });
             }

test-server/net-v4-server/Controllers/ClientController.cs

@@ -20,8 +20,6 @@ public IActionResult CreateClient([FromBody] ClientRequest request)
             return StatusCode(501, new GenericServerError { Message = "[NET-V4] EnableDelayedAuthenticationMode not supported" });
         if (request.Config.SetBufferSize.HasValue)
             return StatusCode(501, new GenericServerError { Message = "[NET-V4] SetBufferSize not supported" });
-        if (request.Config.KeyMaterial.AesKey != null)
-            return StatusCode(501, new GenericServerError { Message = "[NET-V4] AesKey not supported" });
 
         try
         {
@@ -46,7 +44,16 @@ public IActionResult CreateClient([FromBody] ClientRequest request)
                 encryptionMaterial = new EncryptionMaterialsV4(rsaKey, AsymmetricAlgorithmType.RsaOaepSha1);
                 logger.LogInformation(
                     "[NET-V4] Created EncryptionMaterialsV4: RSA");
-            } else
+            } 
+            else if (request.Config.KeyMaterial.AesKey != null)
+            {
+                var aes = Aes.Create();
+                aes.Key = request.Config.KeyMaterial.AesKey;
+                encryptionMaterial = new EncryptionMaterialsV4(aes, SymmetricAlgorithmType.AesGcm);
+                logger.LogInformation(
+                    "[NET-V4] Created EncryptionMaterialsV4: AES");
+            }
+            else
             {
                 return StatusCode(501, new GenericServerError { Message = "[NET-V4] Unknown or missing key material!" });
             }

test-server/php-v2-transition-server/src/get_object.php

@@ -80,6 +80,10 @@ function handleGetObject($params)
         }
         if (strpos($e->getMessage(), "@SecurityProfile=V2") !== false) {
             return S3EncryptionClientError($e->getMessage() . " " . "Enable legacy wrapping algorithms to use legacy key wrapping algorithm: kms");
+        } elseif (strpos($e->getMessage(), "One or more reserved keys found in Instruction file when they should not be present.") !== false) {
+            return S3EncryptionClientError($e->getMessage());
+        } elseif (strpos($e->getMessage(), "Expected a V3 envelope but was unable to constuct one.") !== false) {
+            return S3EncryptionClientError($e->getMessage());
         } else {
             error_log("This is the error: " . $e->getMessage());
             return GenericServerError("Server error: " . $e->getMessage(), 500);

test-server/php-v3-server/src/get_object.php

@@ -84,6 +84,10 @@ function handleGetObject($params)
             return S3EncryptionClientError($e->getMessage());
         } elseif (strpos($e->getMessage(), "Message is encrypted with a non commiting algorithm but commitment policy is set to REQUIRE_ENCRYPT_REQUIRE_DECRYPT. Select a valid commitment policy to decrypt this object.") !== false) {
             return S3EncryptionClientError($e->getMessage());
+        } elseif (strpos($e->getMessage(), "One or more reserved keys found in Instruction file when they should not be present.") !== false) {
+            return S3EncryptionClientError($e->getMessage());
+        } elseif (strpos($e->getMessage(), "Expected a V3 envelope but was unable to constuct one.") !== false) {
+            return S3EncryptionClientError($e->getMessage());
         } else {
             error_log("This is the error: " . $e->getMessage());
             return GenericServerError("Server argument: " . $e->getMessage(), 500);