2019-04-09 14:39:42 -04:00
|
|
|
// MinIO Cloud Storage, (C) 2015, 2016, 2017, 2018 MinIO, Inc.
|
2018-06-28 15:47:42 -04:00
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
package crypto
|
|
|
|
|
2020-01-06 19:15:22 -05:00
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
)
|
2018-06-28 15:47:42 -04:00
|
|
|
|
2018-07-16 10:49:50 -04:00
|
|
|
// Error is the generic type for any error happening during decrypting
|
|
|
|
// an object. It indicates that the object itself or its metadata was
|
|
|
|
// modified accidentally or maliciously.
|
2020-01-06 19:15:22 -05:00
|
|
|
type Error struct {
|
|
|
|
err error
|
|
|
|
}
|
|
|
|
|
|
|
|
// Errorf - formats according to a format specifier and returns
|
|
|
|
// the string as a value that satisfies error of type crypto.Error
|
|
|
|
func Errorf(format string, a ...interface{}) error {
|
|
|
|
return Error{err: fmt.Errorf(format, a...)}
|
|
|
|
}
|
2018-07-16 10:49:50 -04:00
|
|
|
|
2020-01-06 19:15:22 -05:00
|
|
|
// Unwrap the internal error.
|
|
|
|
func (e Error) Unwrap() error { return e.err }
|
|
|
|
|
|
|
|
// Error 'error' compatible method.
|
|
|
|
func (e Error) Error() string {
|
|
|
|
if e.err == nil {
|
|
|
|
return "crypto: cause <nil>"
|
|
|
|
}
|
|
|
|
return e.err.Error()
|
|
|
|
}
|
2018-07-16 10:49:50 -04:00
|
|
|
|
2018-06-28 15:47:42 -04:00
|
|
|
var (
|
|
|
|
// ErrInvalidEncryptionMethod indicates that the specified SSE encryption method
|
|
|
|
// is not supported.
|
2020-01-06 19:15:22 -05:00
|
|
|
ErrInvalidEncryptionMethod = Errorf("The encryption method is not supported")
|
2018-07-18 13:49:26 -04:00
|
|
|
|
|
|
|
// ErrInvalidCustomerAlgorithm indicates that the specified SSE-C algorithm
|
|
|
|
// is not supported.
|
2020-01-06 19:15:22 -05:00
|
|
|
ErrInvalidCustomerAlgorithm = Errorf("The SSE-C algorithm is not supported")
|
2018-07-18 13:49:26 -04:00
|
|
|
|
|
|
|
// ErrMissingCustomerKey indicates that the HTTP headers contains no SSE-C client key.
|
2020-01-06 19:15:22 -05:00
|
|
|
ErrMissingCustomerKey = Errorf("The SSE-C request is missing the customer key")
|
2018-07-18 13:49:26 -04:00
|
|
|
|
|
|
|
// ErrMissingCustomerKeyMD5 indicates that the HTTP headers contains no SSE-C client key
|
|
|
|
// MD5 checksum.
|
2020-01-06 19:15:22 -05:00
|
|
|
ErrMissingCustomerKeyMD5 = Errorf("The SSE-C request is missing the customer key MD5")
|
2018-07-18 13:49:26 -04:00
|
|
|
|
|
|
|
// ErrInvalidCustomerKey indicates that the SSE-C client key is not valid - e.g. not a
|
|
|
|
// base64-encoded string or not 256 bits long.
|
2020-01-06 19:15:22 -05:00
|
|
|
ErrInvalidCustomerKey = Errorf("The SSE-C client key is invalid")
|
2018-07-18 13:49:26 -04:00
|
|
|
|
2018-09-06 15:31:12 -04:00
|
|
|
// ErrSecretKeyMismatch indicates that the provided secret key (SSE-C client key / SSE-S3 KMS key)
|
|
|
|
// does not match the secret key used during encrypting the object.
|
2020-01-06 19:15:22 -05:00
|
|
|
ErrSecretKeyMismatch = Errorf("The secret key does not match the secret key used during upload")
|
2018-09-06 15:31:12 -04:00
|
|
|
|
2018-07-18 13:49:26 -04:00
|
|
|
// ErrCustomerKeyMD5Mismatch indicates that the SSE-C key MD5 does not match the
|
|
|
|
// computed MD5 sum. This means that the client provided either the wrong key for
|
|
|
|
// a certain MD5 checksum or the wrong MD5 for a certain key.
|
2020-01-06 19:15:22 -05:00
|
|
|
ErrCustomerKeyMD5Mismatch = Errorf("The provided SSE-C key MD5 does not match the computed MD5 of the SSE-C key")
|
2018-08-17 15:52:14 -04:00
|
|
|
// ErrIncompatibleEncryptionMethod indicates that both SSE-C headers and SSE-S3 headers were specified, and are incompatible
|
|
|
|
// The client needs to remove the SSE-S3 header or the SSE-C headers
|
2020-01-06 19:15:22 -05:00
|
|
|
ErrIncompatibleEncryptionMethod = Errorf("Server side encryption specified with both SSE-C and SSE-S3 headers")
|
2018-06-28 15:47:42 -04:00
|
|
|
)
|
2018-07-18 01:40:34 -04:00
|
|
|
|
2020-01-06 19:15:22 -05:00
|
|
|
var (
|
|
|
|
errMissingInternalIV = Errorf("The object metadata is missing the internal encryption IV")
|
|
|
|
errMissingInternalSealAlgorithm = Errorf("The object metadata is missing the internal seal algorithm")
|
2018-07-25 16:35:54 -04:00
|
|
|
|
2020-01-06 19:15:22 -05:00
|
|
|
errInvalidInternalIV = Errorf("The internal encryption IV is malformed")
|
|
|
|
errInvalidInternalSealAlgorithm = Errorf("The internal seal algorithm is invalid and not supported")
|
2019-08-01 18:47:47 -04:00
|
|
|
|
2020-01-06 19:15:22 -05:00
|
|
|
errMissingUpdatedKey = Errorf("The key update returned no error but also no sealed key")
|
2018-07-25 16:35:54 -04:00
|
|
|
)
|
|
|
|
|
2018-07-18 01:40:34 -04:00
|
|
|
var (
|
|
|
|
// errOutOfEntropy indicates that the a source of randomness (PRNG) wasn't able
|
|
|
|
// to produce enough random data. This is fatal error and should cause a panic.
|
2020-01-06 19:15:22 -05:00
|
|
|
errOutOfEntropy = Errorf("Unable to read enough randomness from the system")
|
2018-07-18 01:40:34 -04:00
|
|
|
)
|