From 6db7f531d95b6bde1a345ba14608d0a1a6105953 Mon Sep 17 00:00:00 2001 From: Kess Plasmeier Date: Tue, 11 Nov 2025 13:06:51 -0800 Subject: [PATCH] add summaries to exceptions --- .../compliance_exceptions/client.txt | 18 ++++++++++++++++++ .../content-metadata-strategy.txt | 13 ++++++++++++- .../compliance_exceptions/content-metadata.txt | 7 +++++++ .../compliance_exceptions/decryption.txt | 6 ++++++ .../compliance_exceptions/encryption.txt | 11 +++++++++++ 5 files changed, 54 insertions(+), 1 deletion(-) diff --git a/test-server/php-v3-server/compliance_exceptions/client.txt b/test-server/php-v3-server/compliance_exceptions/client.txt index 87d2bf56..0efb20bd 100644 --- a/test-server/php-v3-server/compliance_exceptions/client.txt +++ b/test-server/php-v3-server/compliance_exceptions/client.txt @@ -1,3 +1,21 @@ +// +// The PHP V3 implementation is missing the following features: +// +// 1. Client Configuration Options: +// - Legacy algorithm support controls (wrapping algorithms, unauthenticated modes) +// - Uses V3/V3_AND_LEGACY instead +// - Delayed authentication mode configuration +// - Buffer size configuration for memory management +// - Raw keyring material (RSA, AES) +// - SDK client configuration inheritance (credentials, KMS client config) +// - Custom randomness source configuration +// +// 2. Api Operations: +// - DeleteObject and DeleteObjects (with instruction file cleanup) +// - Multipart upload operations (UploadPart, CompleteMultipartUpload, AbortMultipartUpload) +// - ReEncryptInstructionFile for key rotation +// - Non-encryption related S3 operations + //= ../specification/s3-encryption/client.md#aws-sdk-compatibility //= type=exception //# The S3EC SHOULD support invoking operations unrelated to client-side encryption e.g. diff --git a/test-server/php-v3-server/compliance_exceptions/content-metadata-strategy.txt b/test-server/php-v3-server/compliance_exceptions/content-metadata-strategy.txt index 04731949..bb86da72 100644 --- a/test-server/php-v3-server/compliance_exceptions/content-metadata-strategy.txt +++ b/test-server/php-v3-server/compliance_exceptions/content-metadata-strategy.txt @@ -1,3 +1,14 @@ +// +// The PHP V3 implementation is missing the following features: +// +// 1. METADATA ENCODING: +// - S3 Server "double encoding" support for proper metadata decoding +// +// 2. INSTRUCTION FILE OPERATIONS: +// - Re-encryption/key rotation via instruction files +// - Custom instruction file suffix support for GetObject requests +// + //= ../specification/s3-encryption/data-format/metadata-strategy.md#object-metadata //= type=exception //# The S3EC SHOULD support decoding the S3 Server's "double encoding". @@ -20,4 +31,4 @@ //= ../specification/s3-encryption/data-format/metadata-strategy.md#v3-instruction-files //= type=exception -//# - The V3 message format MUST store the mapkey "x-amz-m" and its value (when present in the content metadata) in the Instruction File. \ No newline at end of file +//# - The V3 message format MUST store the mapkey "x-amz-m" and its value (when present in the content metadata) in the Instruction File. diff --git a/test-server/php-v3-server/compliance_exceptions/content-metadata.txt b/test-server/php-v3-server/compliance_exceptions/content-metadata.txt index c5fd4012..6053a0a6 100644 --- a/test-server/php-v3-server/compliance_exceptions/content-metadata.txt +++ b/test-server/php-v3-server/compliance_exceptions/content-metadata.txt @@ -1,3 +1,10 @@ +// +// The PHP V3 implementation is missing the following features: +// +// - Instruction file fallback when object doesn't match V1/V2/V3 formats +// - S3 Server "double encoding" scheme support +// - Writing raw keyring formats (RSA, AES) + //= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys //= type=exception //# - The mapkey "x-amz-key" MUST be present for V1 format objects. diff --git a/test-server/php-v3-server/compliance_exceptions/decryption.txt b/test-server/php-v3-server/compliance_exceptions/decryption.txt index dbac1f19..df86d896 100644 --- a/test-server/php-v3-server/compliance_exceptions/decryption.txt +++ b/test-server/php-v3-server/compliance_exceptions/decryption.txt @@ -1,3 +1,9 @@ +// +// The PHP V3 implementation is missing the following features: +// +// - Support for "range" parameter on GetObject for partial downloads and decryption +// + //= ../specification/s3-encryption/decryption.md#ranged-gets //= type=exception //# The S3EC MAY support the "range" parameter on GetObject which specifies a subset of bytes to download and decrypt. diff --git a/test-server/php-v3-server/compliance_exceptions/encryption.txt b/test-server/php-v3-server/compliance_exceptions/encryption.txt index 0c0364cf..5ae44c91 100644 --- a/test-server/php-v3-server/compliance_exceptions/encryption.txt +++ b/test-server/php-v3-server/compliance_exceptions/encryption.txt @@ -1,3 +1,14 @@ +// +// The PHP V3 implementation is missing the following features: +// +// - Support for "range" parameter on GetObject for partial downloads and decryption +// +// The PHP V3 implementation has an extra "feature". +// NOTE that using this feature will cause the message to be unable to be decrypted by other language implementations. + +// - Support for AAD during content encryption +// + //= ../specification/s3-encryption/encryption.md#alg-aes-256-ctr-iv16-tag16-no-kdf //= type=exception //# Attempts to encrypt using AES-CTR MUST fail.