aws-sdk-s3 1.207.0 → 1.208.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d4ff627467ee5db92a979ebf4dcbfa0072ca5bc4f939e0c3224ae0157524784d
-  data.tar.gz: 2205c3657b3f955970d538410e0ad3bd6e468de3798f07eebdba748f5306ccc3
+  metadata.gz: d8d399e87c3b6a02f60b4fc2efbb7e656af4f8ef66302eec0454129bded2fdb0
+  data.tar.gz: 3d348a0ce7abfbc7bfd9210227df82f33d4576f321f9da5374b29f6834e62a38
 SHA512:
-  metadata.gz: 23fd6bff03cc4b19d477effb9ab3350bf141176974de99450c25be573275c1cd25c981750cab5c8d691ffc41c21fae8db7bfb9723672b446a219066449075bc0
-  data.tar.gz: b5a9324cf75285acd712ce6ffbfdfce32e1531c5fecc70c252de7b7c6fae379066248fcd3919a597dcf1af06d5d05aef54055eaa537f1f379083879eb7adbbc2
+  metadata.gz: 525a8c73faf271316eb39fad4880032687e38fc54f452b733c7f161af4e367bf142c73b7218185f5d335219940bce706a5f9884d0716a388a8289a1ea44150f4
+  data.tar.gz: ff3d94155efdef438f2db5f4e2a6126590924fb5b712e74981dd174f2e05a7bebcfb1c23e69f00d1aa84b0a1f20415670a630a93ef142472159ee6d8de20df3b

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.208.0 (2025-12-16)
+------------------
+
+* Feature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.
+
 1.207.0 (2025-12-15)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.207.0
+1.208.0

data/lib/aws-sdk-s3/client.rb

@@ -22283,7 +22283,7 @@ module Aws::S3
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-s3'
-      context[:gem_version] = '1.207.0'
+      context[:gem_version] = '1.208.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-s3/customizations.rb

@@ -6,6 +6,7 @@ module Aws
     autoload :BucketRegionCache, 'aws-sdk-s3/bucket_region_cache'
     autoload :Encryption, 'aws-sdk-s3/encryption'
     autoload :EncryptionV2, 'aws-sdk-s3/encryption_v2'
+    autoload :EncryptionV3, 'aws-sdk-s3/encryption_v3'
     autoload :FilePart, 'aws-sdk-s3/file_part'
     autoload :DefaultExecutor, 'aws-sdk-s3/default_executor'
     autoload :FileUploader, 'aws-sdk-s3/file_uploader'

data/lib/aws-sdk-s3/encryption/client.rb

@@ -6,9 +6,9 @@ module Aws
   module S3
 
     # [MAINTENANCE MODE] There is a new version of the Encryption Client.
-    # AWS strongly recommends upgrading to the {Aws::S3::EncryptionV2::Client},
+    # AWS strongly recommends upgrading to the {Aws::S3::EncryptionV3::Client},
     # which provides updated data security best practices.
-    # See documentation for {Aws::S3::EncryptionV2::Client}.
+    # See documentation for {Aws::S3::EncryptionV3::Client}.
     # Provides an encryption client that encrypts and decrypts data client-side,
     # storing the encrypted data in Amazon S3.
     #

data/lib/aws-sdk-s3/encryption/default_cipher_provider.rb

@@ -16,6 +16,8 @@ module Aws
         #   envelope and encryption cipher.
         def encryption_cipher
           cipher = Utils.aes_encryption_cipher(:CBC)
+          ##= ../specification/s3-encryption/data-format/content-metadata.md#algorithm-suite-and-message-format-version-compatibility
+          ##% Objects encrypted with ALG_AES_256_CBC_IV16_NO_KDF MAY use either the V1 or V2 message format version.
           envelope = {
             'x-amz-key' => encode64(encrypt(envelope_key(cipher))),
             'x-amz-iv' => encode64(envelope_iv(cipher)),

data/lib/aws-sdk-s3/encryption/encrypt_handler.rb

@@ -38,6 +38,8 @@ module Aws
           io = StringIO.new(io) if String === io
           context.params[:body] = IOEncrypter.new(cipher, io)
           context.params[:metadata] ||= {}
+          ##= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys
+          ##% - The mapkey "x-amz-unencrypted-content-length" SHOULD be present for V1 format objects.
           context.params[:metadata]['x-amz-unencrypted-content-length'] = io.size
           if context.params.delete(:content_md5)
             warn('Setting content_md5 on client side encrypted objects is deprecated')

data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb

@@ -26,6 +26,8 @@ module Aws
           end
           cipher = Utils.aes_encryption_cipher(:CBC)
           cipher.key = key_data.plaintext
+          ##= ../specification/s3-encryption/data-format/content-metadata.md#algorithm-suite-and-message-format-version-compatibility
+          ##% Objects encrypted with ALG_AES_256_CBC_IV16_NO_KDF MAY use either the V1 or V2 message format version.
           envelope = {
             'x-amz-key-v2' => encode64(key_data.ciphertext_blob),
             'x-amz-iv' => encode64(cipher.iv = cipher.random_iv),

data/lib/aws-sdk-s3/encryptionV2/client.rb

@@ -5,9 +5,17 @@ require 'forwardable'
 module Aws
   module S3
 
-    REQUIRED_PARAMS = [:key_wrap_schema, :content_encryption_schema, :security_profile]
-    SUPPORTED_SECURITY_PROFILES = [:v2, :v2_and_legacy]
+    REQUIRED_PARAMS = [:key_wrap_schema, :content_encryption_schema, :security_profile].freeze
+    SUPPORTED_SECURITY_PROFILES = [:v2, :v2_and_legacy].freeze
+    SUPPORTED_COMMITMENT_POLICIES = [:forbid_encrypt_allow_decrypt].freeze
 
+    # [MAINTENANCE MODE] There is a new version of the Encryption Client.
+    # AWS strongly recommends upgrading to the {Aws::S3::EncryptionV3::Client},
+    # which provides updated data security best practices.
+    # For migration guidance, see: https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/s3-encryption-migration-v2-v3.html
+    # Provides an encryption client that encrypts and decrypts data client-side,
+    # storing the encrypted data in Amazon S3.
+    # 
     # Provides an encryption client that encrypts and decrypts data client-side,
     # storing the encrypted data in Amazon S3.  The `EncryptionV2::Client` (V2 Client)
     # provides improved security over the `Encryption::Client` (V1 Client)
@@ -307,15 +315,29 @@ module Aws
         # @option options [KMS::Client] :kms_client A default {KMS::Client}
         #   is constructed when using KMS to manage encryption keys.
         #
+        # @option options [Symbol] :commitment_policy (nil)
+        #   Optional parameter for migration from V2 to V3. When set to
+        #   :forbid_encrypt_allow_decrypt, this explicitly indicates you are
+        #   maintaining V2 encryption behavior while preparing for migration.
+        #   This allows the V2 client to decrypt V3-encrypted objects while
+        #   continuing to encrypt new objects using V2 algorithms.
+        #   Only :forbid_encrypt_allow_decrypt is supported.
+        #   For migration guidance, see: https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/s3-encryption-migration-v2-v3.html
+        #
         def initialize(options = {})
           validate_params(options)
           @client = extract_client(options)
-          @cipher_provider = cipher_provider(options)
+          @cipher_provider = build_cipher_provider(options)
+          @key_provider = @cipher_provider.key_provider if @cipher_provider.is_a?(DefaultCipherProvider)
           @envelope_location = extract_location(options)
           @instruction_file_suffix = extract_suffix(options)
           @kms_allow_decrypt_with_any_cmk =
             options[:kms_key_id] == :kms_allow_decrypt_with_any_cmk
           @security_profile = extract_security_profile(options)
+          @commitment_policy = extract_commitment_policy(options)
+          # The v3 cipher is only used for decrypt.
+          # Therefore any configured v2 `content_encryption_schema` is going to be incorrect.
+          @v3_cipher_provider = build_v3_cipher_provider_for_decrypt(options.reject { |k, _| k == :content_encryption_schema })
         end
 
         # @return [S3::Client]
@@ -341,6 +363,11 @@ module Aws
         #   by this string.
         attr_reader :instruction_file_suffix
 
+        # @return [Symbol, nil] Optional commitment policy for V2 to V3 migration.
+        #   When set to :forbid_encrypt_allow_decrypt, explicitly indicates
+        #   maintaining V2 encryption behavior while preparing for migration.
+        attr_reader :commitment_policy
+
         # Uploads an object to Amazon S3, encrypting data client-side.
         # See {S3::Client#put_object} for documentation on accepted
         # request parameters.
@@ -410,6 +437,7 @@ module Aws
           req.handlers.add(DecryptHandler)
           req.context[:encryption] = {
             cipher_provider: @cipher_provider,
+            v3_cipher_provider: @v3_cipher_provider,
             envelope_location: envelope_location,
             instruction_file_suffix: instruction_file_suffix,
             kms_encryption_context: kms_encryption_context,
@@ -423,6 +451,50 @@ module Aws
 
         private
 
+        def build_cipher_provider(options)
+          if options[:kms_key_id]
+            KmsCipherProvider.new(
+              kms_key_id: options[:kms_key_id],
+              kms_client: kms_client(options),
+              key_wrap_schema: options[:key_wrap_schema],
+              content_encryption_schema: options[:content_encryption_schema]
+            )
+          else
+            key_provider = extract_key_provider(options)
+            DefaultCipherProvider.new(
+              key_provider: key_provider,
+              key_wrap_schema: options[:key_wrap_schema],
+              content_encryption_schema: options[:content_encryption_schema]
+            )
+          end
+        end
+
+        def build_v3_cipher_provider_for_decrypt(options)
+          if options[:kms_key_id]
+            Aws::S3::EncryptionV3::KmsCipherProvider.new(
+              kms_key_id: options[:kms_key_id],
+              kms_client: kms_client(options),
+              key_wrap_schema: options[:key_wrap_schema],
+              content_encryption_schema: options[:content_encryption_schema]
+            )
+          else
+            # Create V3 key provider explicitly for proper namespace consistency
+            key_provider = if options[:key_provider]
+              options[:key_provider]
+            elsif options[:encryption_key]
+              Aws::S3::EncryptionV3::DefaultKeyProvider.new(options)
+            else
+              msg = 'you must pass a :kms_key_id, :key_provider, or :encryption_key'
+              raise ArgumentError, msg
+            end
+            Aws::S3::EncryptionV3::DefaultCipherProvider.new(
+              key_provider: key_provider,
+              key_wrap_schema: options[:key_wrap_schema],
+              content_encryption_schema: options[:content_encryption_schema]
+            )
+          end
+        end
+
         # Validate required parameters exist and don't conflict.
         # The cek_alg and wrap_alg are passed on to the CipherProviders
         # and further validated there
@@ -452,36 +524,19 @@ module Aws
             options.delete(:encryption_key)
             options.delete(:envelope_location)
             options.delete(:instruction_file_suffix)
+            options.delete(:commitment_policy)
             REQUIRED_PARAMS.each { |p| options.delete(p) }
             S3::Client.new(options)
           end
         end
 
         def kms_client(options)
-          options[:kms_client] || begin
+          options[:kms_client] || (@kms_client ||=
             KMS::Client.new(
               region: @client.config.region,
               credentials: @client.config.credentials,
               )
-          end
-        end
-
-        def cipher_provider(options)
-          if options[:kms_key_id]
-            KmsCipherProvider.new(
-              kms_key_id: options[:kms_key_id],
-              kms_client: kms_client(options),
-              key_wrap_schema: options[:key_wrap_schema],
-              content_encryption_schema: options[:content_encryption_schema]
-            )
-          else
-            @key_provider = extract_key_provider(options)
-            DefaultCipherProvider.new(
-              key_provider: @key_provider,
-              key_wrap_schema: options[:key_wrap_schema],
-              content_encryption_schema: options[:content_encryption_schema]
-            )
-          end
+          )
         end
 
         def extract_key_provider(options)
@@ -564,7 +619,27 @@ module Aws
           end
           security_profile
         end
+
+        def extract_commitment_policy(options)
+          validate_commitment_policy(options[:commitment_policy])
+        end
+
+        def validate_commitment_policy(commitment_policy)
+          return nil if commitment_policy.nil?
+
+          unless SUPPORTED_COMMITMENT_POLICIES.include? commitment_policy
+            raise ArgumentError, "Unsupported commitment policy: :#{commitment_policy}. " \
+            "The V2 client only supports :forbid_encrypt_allow_decrypt for migration purposes. " \
+            "For migration guidance, see: https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/s3-encryption-migration-v2-v3.html"
+          end
+          commitment_policy
+        end
       end
     end
   end
 end
+
+##= ../specification/s3-encryption/data-format/content-metadata.md#v1-v2-shared
+##= type=exception
+##= reason=This has never been supported in Ruby
+##% This string MAY be encoded by the esoteric double-encoding scheme used by the S3 web server.

data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb

@@ -9,40 +9,6 @@ module Aws
       class DecryptHandler < Seahorse::Client::Handler
         @@warned_response_target_proc = false
 
-        V1_ENVELOPE_KEYS = %w(
-          x-amz-key
-          x-amz-iv
-          x-amz-matdesc
-        )
-
-        V2_ENVELOPE_KEYS = %w(
-          x-amz-key-v2
-          x-amz-iv
-          x-amz-cek-alg
-          x-amz-wrap-alg
-          x-amz-matdesc
-        )
-
-        V2_OPTIONAL_KEYS = %w(x-amz-tag-len)
-
-        POSSIBLE_ENVELOPE_KEYS = (V1_ENVELOPE_KEYS +
-          V2_ENVELOPE_KEYS + V2_OPTIONAL_KEYS).uniq
-
-        POSSIBLE_WRAPPING_FORMATS = %w(
-          AES/GCM
-          kms
-          kms+context
-          RSA-OAEP-SHA1
-        )
-
-        POSSIBLE_ENCRYPTION_FORMATS = %w(
-          AES/GCM/NoPadding
-          AES/CBC/PKCS5Padding
-          AES/CBC/PKCS7Padding
-        )
-
-        AUTH_REQUIRED_CEK_ALGS = %w(AES/GCM/NoPadding)
-
         def call(context)
           attach_http_event_listeners(context)
           apply_cse_user_agent(context)
@@ -63,12 +29,14 @@ module Aws
         private
 
         def attach_http_event_listeners(context)
-
           context.http_response.on_headers(200) do
-            cipher, envelope = decryption_cipher(context)
-            decrypter = body_contains_auth_tag?(envelope) ?
-              authenticated_decrypter(context, cipher, envelope) :
-              IODecrypter.new(cipher, context.http_response.body)
+            decrypter = if Aws::S3::EncryptionV3::Decryption.v3?(context)
+              cipher, envelope = Aws::S3::EncryptionV3::Decryption.decryption_cipher(context)
+              Aws::S3::EncryptionV3::Decryption.get_decrypter(context, cipher, envelope)
+            else
+              cipher, envelope = Aws::S3::EncryptionV2::Decryption.decryption_cipher(context)
+              Aws::S3::EncryptionV2::Decryption.get_decrypter(context, cipher, envelope)
+            end
             context.http_response.body = decrypter
           end
 
@@ -86,129 +54,6 @@ module Aws
           end
         end
 
-        def decryption_cipher(context)
-          if (envelope = get_encryption_envelope(context))
-            cipher = context[:encryption][:cipher_provider]
-             .decryption_cipher(
-               envelope,
-               context[:encryption]
-             )
-            [cipher, envelope]
-          else
-            raise Errors::DecryptionError, "unable to locate encryption envelope"
-          end
-        end
-
-        def get_encryption_envelope(context)
-          if context[:encryption][:envelope_location] == :metadata
-            envelope_from_metadata(context) || envelope_from_instr_file(context)
-          else
-            envelope_from_instr_file(context) || envelope_from_metadata(context)
-          end
-        end
-
-        def envelope_from_metadata(context)
-          possible_envelope = {}
-          POSSIBLE_ENVELOPE_KEYS.each do |suffix|
-            if value = context.http_response.headers["x-amz-meta-#{suffix}"]
-              possible_envelope[suffix] = value
-            end
-          end
-          extract_envelope(possible_envelope)
-        end
-
-        def envelope_from_instr_file(context)
-          suffix = context[:encryption][:instruction_file_suffix]
-          possible_envelope = Json.load(context.client.get_object(
-            bucket: context.params[:bucket],
-            key: context.params[:key] + suffix
-          ).body.read)
-          extract_envelope(possible_envelope)
-        rescue S3::Errors::ServiceError, Json::ParseError
-          nil
-        end
-
-        def extract_envelope(hash)
-          return nil unless hash
-          return v1_envelope(hash) if hash.key?('x-amz-key')
-          return v2_envelope(hash) if hash.key?('x-amz-key-v2')
-          if hash.keys.any? { |key| key.match(/^x-amz-key-(.+)$/) }
-            msg = "unsupported envelope encryption version #{$1}"
-            raise Errors::DecryptionError, msg
-          end
-        end
-
-        def v1_envelope(envelope)
-          envelope
-        end
-
-        def v2_envelope(envelope)
-          unless POSSIBLE_ENCRYPTION_FORMATS.include? envelope['x-amz-cek-alg']
-            alg = envelope['x-amz-cek-alg'].inspect
-            msg = "unsupported content encrypting key (cek) format: #{alg}"
-            raise Errors::DecryptionError, msg
-          end
-          unless POSSIBLE_WRAPPING_FORMATS.include? envelope['x-amz-wrap-alg']
-            alg = envelope['x-amz-wrap-alg'].inspect
-            msg = "unsupported key wrapping algorithm: #{alg}"
-            raise Errors::DecryptionError, msg
-          end
-          unless (missing_keys = V2_ENVELOPE_KEYS - envelope.keys).empty?
-            msg = "incomplete v2 encryption envelope:\n"
-            msg += "  missing: #{missing_keys.join(',')}\n"
-            raise Errors::DecryptionError, msg
-          end
-          envelope
-        end
-
-        # This method fetches the tag from the end of the object by
-        # making a GET Object w/range request. This auth tag is used
-        # to initialize the cipher, and the decrypter truncates the
-        # auth tag from the body when writing the final bytes.
-        def authenticated_decrypter(context, cipher, envelope)
-          http_resp = context.http_response
-          content_length = http_resp.headers['content-length'].to_i
-          auth_tag_length = auth_tag_length(envelope)
-
-          auth_tag = context.client.get_object(
-            bucket: context.params[:bucket],
-            key: context.params[:key],
-            version_id: context.params[:version_id],
-            range: "bytes=-#{auth_tag_length}"
-          ).body.read
-
-          cipher.auth_tag = auth_tag
-          cipher.auth_data = ''
-
-          # The encrypted object contains both the cipher text
-          # plus a trailing auth tag.
-          IOAuthDecrypter.new(
-            io: http_resp.body,
-            encrypted_content_length: content_length - auth_tag_length,
-            cipher: cipher)
-        end
-
-        def body_contains_auth_tag?(envelope)
-          AUTH_REQUIRED_CEK_ALGS.include?(envelope['x-amz-cek-alg'])
-        end
-
-        # Determine the auth tag length from the algorithm
-        # Validate it against the value provided in the x-amz-tag-len
-        # Return the tag length in bytes
-        def auth_tag_length(envelope)
-          tag_length =
-            case envelope['x-amz-cek-alg']
-            when 'AES/GCM/NoPadding' then AES_GCM_TAG_LEN_BYTES
-            else
-              raise ArgumentError, 'Unsupported cek-alg: ' \
-                "#{envelope['x-amz-cek-alg']}"
-            end
-          if (tag_length * 8) != envelope['x-amz-tag-len'].to_i
-            raise Errors::DecryptionError, 'x-amz-tag-len does not match expected'
-          end
-          tag_length
-        end
-
         def apply_cse_user_agent(context)
           if context.config.user_agent_suffix.nil?
             context.config.user_agent_suffix = EC_USER_AGENT

data/lib/aws-sdk-s3/encryptionV2/decryption.rb

@@ -0,0 +1,205 @@
+# frozen_string_literal: true
+
+require 'base64'
+
+module Aws
+  module S3
+    module EncryptionV2
+      # @api private
+      class Decryption
+        ##= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys
+        ##% - The mapkey "x-amz-key" MUST be present for V1 format objects.
+        ##= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys
+        ##% - The mapkey "x-amz-iv" MUST be present for V1 format objects.
+        ##= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys
+        ##% - The mapkey "x-amz-matdesc" MUST be present for V1 format objects.
+        V1_ENVELOPE_KEYS = %w[
+          x-amz-key
+          x-amz-iv
+          x-amz-matdesc
+        ].freeze
+
+        ##= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys
+        ##% - The mapkey "x-amz-key-v2" MUST be present for V2 format objects.
+        ##= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys
+        ##% - The mapkey "x-amz-iv" MUST be present for V2 format objects.
+        ##= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys
+        ##% - The mapkey "x-amz-cek-alg" MUST be present for V2 format objects.
+        ##= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys
+        ##% - The mapkey "x-amz-wrap-alg" MUST be present for V2 format objects.
+        ##= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys
+        ##% - The mapkey "x-amz-matdesc" MUST be present for V2 format objects.
+        V2_ENVELOPE_KEYS = %w[
+          x-amz-key-v2
+          x-amz-iv
+          x-amz-cek-alg
+          x-amz-wrap-alg
+          x-amz-matdesc
+        ].freeze
+
+        ##= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys
+        ##= type=exception
+        ##= reason=The implementation treats this as optional, but verifies its value.
+        ##% - The mapkey "x-amz-tag-len" MUST be present for V2 format objects.
+        V2_OPTIONAL_KEYS = %w[x-amz-tag-len].freeze
+
+        POSSIBLE_ENVELOPE_KEYS = (V1_ENVELOPE_KEYS + V2_ENVELOPE_KEYS + V2_OPTIONAL_KEYS).uniq
+
+        POSSIBLE_WRAPPING_FORMATS = %w[
+          AES/GCM
+          kms
+          kms+context
+          RSA-OAEP-SHA1
+        ].freeze
+
+        POSSIBLE_ENCRYPTION_FORMATS = %w[
+          AES/GCM/NoPadding
+          AES/CBC/PKCS5Padding
+          AES/CBC/PKCS7Padding
+        ].freeze
+
+        AUTH_REQUIRED_CEK_ALGS = %w[AES/GCM/NoPadding].freeze
+
+        class << self
+          def decryption_cipher(context)
+            if (envelope = get_encryption_envelope(context))
+              cipher = context[:encryption][:cipher_provider]
+                       .decryption_cipher(
+                         envelope,
+                         context[:encryption]
+                       )
+              [cipher, envelope]
+            else
+              raise Errors::DecryptionError, 'unable to locate encryption envelope'
+            end
+          end
+
+          def get_decrypter(context, cipher, envelope)
+            if body_contains_auth_tag?(envelope)
+              authenticated_decrypter(context, cipher, envelope)
+            else
+              IODecrypter.new(cipher, context.http_response.body)
+            end
+          end
+
+          def get_encryption_envelope(context)
+            if context[:encryption][:envelope_location] == :metadata
+              envelope_from_metadata(context) || envelope_from_instr_file(context)
+            else
+              envelope_from_instr_file(context) || envelope_from_metadata(context)
+            end
+          end
+
+          def envelope_from_metadata(context)
+            possible_envelope = {}
+            POSSIBLE_ENVELOPE_KEYS.each do |suffix|
+              if (value = context.http_response.headers["x-amz-meta-#{suffix}"])
+                possible_envelope[suffix] = value
+              end
+            end
+            extract_envelope(possible_envelope)
+          end
+
+          def envelope_from_instr_file(context)
+            suffix = context[:encryption][:instruction_file_suffix]
+            possible_envelope = Json.load(context.client.get_object(
+              bucket: context.params[:bucket],
+              key: context.params[:key] + suffix
+            ).body.read)
+            extract_envelope(possible_envelope)
+          rescue S3::Errors::ServiceError, Json::ParseError
+            nil
+          end
+
+          def extract_envelope(hash)
+            return nil unless hash
+            ##= ../specification/s3-encryption/data-format/content-metadata.md#determining-s3ec-object-status
+            ##% - If the metadata contains "x-amz-iv" and "x-amz-key" then the object MUST be considered as an S3EC-encrypted object using the V1 format.
+            return v1_envelope(hash) if hash.key?('x-amz-key')
+            ##= ../specification/s3-encryption/data-format/content-metadata.md#determining-s3ec-object-status
+            ##% - If the metadata contains "x-amz-iv" and "x-amz-metadata-x-amz-key-v2" then the object MUST be considered as an S3EC-encrypted object using the V2 format.
+            return v2_envelope(hash) if hash.key?('x-amz-key-v2')
+
+            return unless hash.keys.any? { |key| key.match(/^x-amz-key-(.+)$/) }
+
+            msg = "unsupported envelope encryption version #{::Regexp.last_match(1)}"
+            raise Errors::DecryptionError, msg
+          end
+
+          def v1_envelope(envelope)
+            envelope
+          end
+
+          def v2_envelope(envelope)
+            unless POSSIBLE_ENCRYPTION_FORMATS.include? envelope['x-amz-cek-alg']
+              alg = envelope['x-amz-cek-alg'].inspect
+              msg = "unsupported content encrypting key (cek) format: #{alg}"
+              raise Errors::DecryptionError, msg
+            end
+            unless POSSIBLE_WRAPPING_FORMATS.include? envelope['x-amz-wrap-alg']
+              alg = envelope['x-amz-wrap-alg'].inspect
+              msg = "unsupported key wrapping algorithm: #{alg}"
+              raise Errors::DecryptionError, msg
+            end
+            unless (missing_keys = V2_ENVELOPE_KEYS - envelope.keys).empty?
+              msg = "incomplete v2 encryption envelope:\n"
+              msg += "  missing: #{missing_keys.join(',')}\n"
+              raise Errors::DecryptionError, msg
+            end
+            envelope
+          end
+
+          def body_contains_auth_tag?(envelope)
+            AUTH_REQUIRED_CEK_ALGS.include?(envelope['x-amz-cek-alg'])
+          end
+
+          # This method fetches the tag from the end of the object by
+          # making a GET Object w/range request. This auth tag is used
+          # to initialize the cipher, and the decrypter truncates the
+          # auth tag from the body when writing the final bytes.
+          def authenticated_decrypter(context, cipher, envelope)
+            http_resp = context.http_response
+            content_length = http_resp.headers['content-length'].to_i
+            auth_tag_length = auth_tag_length(envelope)
+
+            auth_tag = context.client.get_object(
+              bucket: context.params[:bucket],
+              key: context.params[:key],
+              version_id: context.params[:version_id],
+              range: "bytes=-#{auth_tag_length}"
+            ).body.read
+
+            cipher.auth_tag = auth_tag
+            cipher.auth_data = ''
+
+            # The encrypted object contains both the cipher text
+            # plus a trailing auth tag.
+            IOAuthDecrypter.new(
+              io: http_resp.body,
+              encrypted_content_length: content_length - auth_tag_length,
+              cipher: cipher
+            )
+          end
+
+          # Determine the auth tag length from the algorithm
+          # Validate it against the value provided in the x-amz-tag-len
+          # Return the tag length in bytes
+          def auth_tag_length(envelope)
+            tag_length =
+              case envelope['x-amz-cek-alg']
+              when 'AES/GCM/NoPadding' then AES_GCM_TAG_LEN_BYTES
+              else
+                raise ArgumentError, 'Unsupported cek-alg: ' \
+                "#{envelope['x-amz-cek-alg']}"
+              end
+            if (tag_length * 8) != envelope['x-amz-tag-len'].to_i
+              raise Errors::DecryptionError, 'x-amz-tag-len does not match expected'
+            end
+
+            tag_length
+          end
+        end
+      end
+    end
+  end
+end