644c2ce326
* crypto: add support for parsing SSE-C/SSE-S3 metadata This commit adds support for detecting and parsing SSE-C/SSE-S3 object metadata. With the `IsEncrypted` functions it is possible to determine whether an object seems to be encrypted. With the `ParseMetadata` functions it is possible to validate such metadata and extract the SSE-C/SSE-S3 related values. It also fixes some naming issues. * crypto: add functions for creating SSE object metadata This commit adds functions for creating SSE-S3 and SSE-C metadata. It also adds a `CreateMultipartMetadata` for creating multipart metadata. For all functions unit tests are included.
65 lines
2.8 KiB
Go
65 lines
2.8 KiB
Go
// Minio Cloud Storage, (C) 2015, 2016, 2017, 2018 Minio, Inc.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package crypto
|
|
|
|
import "errors"
|
|
|
|
// Error is the generic type for any error happening during decrypting
|
|
// an object. It indicates that the object itself or its metadata was
|
|
// modified accidentally or maliciously.
|
|
type Error struct{ msg string }
|
|
|
|
func (e Error) Error() string { return e.msg }
|
|
|
|
var (
|
|
// ErrInvalidEncryptionMethod indicates that the specified SSE encryption method
|
|
// is not supported.
|
|
ErrInvalidEncryptionMethod = errors.New("The encryption method is not supported")
|
|
|
|
// ErrInvalidCustomerAlgorithm indicates that the specified SSE-C algorithm
|
|
// is not supported.
|
|
ErrInvalidCustomerAlgorithm = errors.New("The SSE-C algorithm is not supported")
|
|
|
|
// ErrMissingCustomerKey indicates that the HTTP headers contains no SSE-C client key.
|
|
ErrMissingCustomerKey = errors.New("The SSE-C request is missing the customer key")
|
|
|
|
// ErrMissingCustomerKeyMD5 indicates that the HTTP headers contains no SSE-C client key
|
|
// MD5 checksum.
|
|
ErrMissingCustomerKeyMD5 = errors.New("The SSE-C request is missing the customer key MD5")
|
|
|
|
// ErrInvalidCustomerKey indicates that the SSE-C client key is not valid - e.g. not a
|
|
// base64-encoded string or not 256 bits long.
|
|
ErrInvalidCustomerKey = errors.New("The SSE-C client key is invalid")
|
|
|
|
// ErrCustomerKeyMD5Mismatch indicates that the SSE-C key MD5 does not match the
|
|
// computed MD5 sum. This means that the client provided either the wrong key for
|
|
// a certain MD5 checksum or the wrong MD5 for a certain key.
|
|
ErrCustomerKeyMD5Mismatch = errors.New("The provided SSE-C key MD5 does not match the computed MD5 of the SSE-C key")
|
|
)
|
|
|
|
var (
|
|
errMissingInternalIV = Error{"The object metadata is missing the internal encryption IV"}
|
|
errMissingInternalSealAlgorithm = Error{"The object metadata is missing the internal seal algorithm"}
|
|
|
|
errInvalidInternalIV = Error{"The internal encryption IV is malformed"}
|
|
errInvalidInternalSealAlgorithm = Error{"The internal seal algorithm is invalid and not supported"}
|
|
)
|
|
|
|
var (
|
|
// errOutOfEntropy indicates that the a source of randomness (PRNG) wasn't able
|
|
// to produce enough random data. This is fatal error and should cause a panic.
|
|
errOutOfEntropy = errors.New("Unable to read enough randomness from the system")
|
|
)
|