// MinIO Cloud Storage, (C) 2015, 2016, 2017, 2018 MinIO, Inc. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package crypto import ( "context" "errors" "io" "net/http" "path" "github.com/minio/minio/cmd/logger" "github.com/minio/minio/pkg/ioutil" "github.com/minio/sio" ) const ( // SSEMultipart is the metadata key indicating that the object // was uploaded using the S3 multipart API and stored using // some from of server-side-encryption. SSEMultipart = "X-Minio-Internal-Encrypted-Multipart" // SSEIV is the metadata key referencing the random initialization // vector (IV) used for SSE-S3 and SSE-C key derivation. SSEIV = "X-Minio-Internal-Server-Side-Encryption-Iv" // SSESealAlgorithm is the metadata key referencing the algorithm // used by SSE-C and SSE-S3 to encrypt the object. SSESealAlgorithm = "X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm" // SSECSealedKey is the metadata key referencing the sealed object-key for SSE-C. SSECSealedKey = "X-Minio-Internal-Server-Side-Encryption-Sealed-Key" // S3SealedKey is the metadata key referencing the sealed object-key for SSE-S3. S3SealedKey = "X-Minio-Internal-Server-Side-Encryption-S3-Sealed-Key" // S3KMSKeyID is the metadata key referencing the KMS key-id used to // generate/decrypt the S3-KMS-Sealed-Key. It is only used for SSE-S3 + KMS. S3KMSKeyID = "X-Minio-Internal-Server-Side-Encryption-S3-Kms-Key-Id" // S3KMSSealedKey is the metadata key referencing the encrypted key generated // by KMS. It is only used for SSE-S3 + KMS. S3KMSSealedKey = "X-Minio-Internal-Server-Side-Encryption-S3-Kms-Sealed-Key" ) const ( // SealAlgorithm is the encryption/sealing algorithm used to derive & seal // the key-encryption-key and to en/decrypt the object data. SealAlgorithm = "DAREv2-HMAC-SHA256" // InsecureSealAlgorithm is the legacy encryption/sealing algorithm used // to derive & seal the key-encryption-key and to en/decrypt the object data. // This algorithm should not be used for new objects because its key derivation // is not optimal. See: https://github.com/minio/minio/pull/6121 InsecureSealAlgorithm = "DARE-SHA256" ) // String returns the SSE domain as string. For SSE-S3 the // domain is "SSE-S3". func (s3) String() string { return "SSE-S3" } // UnsealObjectKey extracts and decrypts the sealed object key // from the metadata using KMS and returns the decrypted object // key. func (sse s3) UnsealObjectKey(kms KMS, metadata map[string]string, bucket, object string) (key ObjectKey, err error) { keyID, kmsKey, sealedKey, err := sse.ParseMetadata(metadata) if err != nil { return } unsealKey, err := kms.UnsealKey(keyID, kmsKey, Context{bucket: path.Join(bucket, object)}) if err != nil { return } err = key.Unseal(unsealKey, sealedKey, sse.String(), bucket, object) return } // String returns the SSE domain as string. For SSE-C the // domain is "SSE-C". func (ssec) String() string { return "SSE-C" } // UnsealObjectKey extracts and decrypts the sealed object key // from the metadata using the SSE-C client key of the HTTP headers // and returns the decrypted object key. func (sse ssec) UnsealObjectKey(h http.Header, metadata map[string]string, bucket, object string) (key ObjectKey, err error) { clientKey, err := sse.ParseHTTP(h) if err != nil { return } return unsealObjectKey(clientKey, metadata, bucket, object) } // UnsealObjectKey extracts and decrypts the sealed object key // from the metadata using the SSE-Copy client key of the HTTP headers // and returns the decrypted object key. func (sse ssecCopy) UnsealObjectKey(h http.Header, metadata map[string]string, bucket, object string) (key ObjectKey, err error) { clientKey, err := sse.ParseHTTP(h) if err != nil { return } return unsealObjectKey(clientKey, metadata, bucket, object) } // unsealObjectKey decrypts and returns the sealed object key // from the metadata using the SSE-C client key. func unsealObjectKey(clientKey [32]byte, metadata map[string]string, bucket, object string) (key ObjectKey, err error) { sealedKey, err := SSEC.ParseMetadata(metadata) if err != nil { return } err = key.Unseal(clientKey, sealedKey, SSEC.String(), bucket, object) return } // EncryptSinglePart encrypts an io.Reader which must be the // the body of a single-part PUT request. func EncryptSinglePart(r io.Reader, key ObjectKey) io.Reader { r, err := sio.EncryptReader(r, sio.Config{MinVersion: sio.Version20, Key: key[:]}) if err != nil { logger.CriticalIf(context.Background(), errors.New("Unable to encrypt io.Reader using object key")) } return r } // EncryptMultiPart encrypts an io.Reader which must be the body of // multi-part PUT request. It derives an unique encryption key from // the partID and the object key. func EncryptMultiPart(r io.Reader, partID int, key ObjectKey) io.Reader { partKey := key.DerivePartKey(uint32(partID)) return EncryptSinglePart(r, ObjectKey(partKey)) } // DecryptSinglePart decrypts an io.Writer which must an object // uploaded with the single-part PUT API. The offset and length // specify the requested range. func DecryptSinglePart(w io.Writer, offset, length int64, key ObjectKey) io.WriteCloser { const PayloadSize = 1 << 16 // DARE 2.0 w = ioutil.LimitedWriter(w, offset%PayloadSize, length) decWriter, err := sio.DecryptWriter(w, sio.Config{Key: key[:]}) if err != nil { logger.CriticalIf(context.Background(), errors.New("Unable to decrypt io.Writer using object key")) } return decWriter }