rename all remaining packages to internal/ (#12418)

This is to ensure that there are no projects that try to import `minio/minio/pkg` into their own repo. Any such common packages should go to `https://github.com/minio/pkg`
2025-11-08 21:24:55 -05:00 · 2021-06-01 14:59:40 -07:00
parent bf87c4b1e4
commit 1f262daf6f
540 changed files with 757 additions and 778 deletions
--- a/internal/fips/api.go
+++ b/internal/fips/api.go
@@ -0,0 +1,61 @@
+// Copyright (c) 2015-2021 MinIO, Inc.
+//
+// This file is part of MinIO Object Storage stack
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+// Package fips provides functionality to configure cryptographic
+// implementations compliant with FIPS 140.
+//
+// FIPS 140 [1] is a US standard for data processing that specifies
+// requirements for cryptographic modules. Software that is "FIPS 140
+// compliant" must use approved cryptographic primitives only and that
+// are implemented by a FIPS 140 certified cryptographic module.
+//
+// So, FIPS 140 requires that a certified implementation of e.g. AES
+// is used to implement more high-level cryptographic protocols.
+// It does not require any specific security criteria for those
+// high-level protocols. FIPS 140 focuses only on the implementation
+// and usage of the most low-level cryptographic building blocks.
+//
+// [1]: https://en.wikipedia.org/wiki/FIPS_140
+package fips
+
+import "crypto/tls"
+
+// Enabled indicates whether cryptographic primitives,
+// like AES or SHA-256, are implemented using a FIPS 140
+// certified module.
+//
+// If FIPS-140 is enabled no non-NIST/FIPS approved
+// primitives must be used.
+const Enabled = enabled
+
+// CipherSuitesDARE returns the supported cipher suites
+// for the DARE object encryption.
+func CipherSuitesDARE() []byte {
+	return cipherSuitesDARE()
+}
+
+// CipherSuitesTLS returns the supported cipher suites
+// used by the TLS stack.
+func CipherSuitesTLS() []uint16 {
+	return cipherSuitesTLS()
+}
+
+// EllipticCurvesTLS returns the supported elliptic
+// curves used by the TLS stack.
+func EllipticCurvesTLS() []tls.CurveID {
+	return ellipticCurvesTLS()
+}
--- a/internal/fips/fips.go
+++ b/internal/fips/fips.go
@@ -0,0 +1,45 @@
+// Copyright (c) 2015-2021 MinIO, Inc.
+//
+// This file is part of MinIO Object Storage stack
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+// +build fips,linux,amd64
+
+package fips
+
+import (
+	"crypto/tls"
+
+	"github.com/minio/sio"
+)
+
+const enabled = true
+
+func cipherSuitesDARE() []byte {
+	return []byte{sio.AES_256_GCM}
+}
+
+func cipherSuitesTLS() []uint16 {
+	return []uint16{
+		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+	}
+}
+
+func ellipticCurvesTLS() []tls.CurveID {
+	return []tls.CurveID{tls.CurveP256}
+}
--- a/internal/fips/no_fips.go
+++ b/internal/fips/no_fips.go
@@ -0,0 +1,47 @@
+// Copyright (c) 2015-2021 MinIO, Inc.
+//
+// This file is part of MinIO Object Storage stack
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+// +build !fips
+
+package fips
+
+import (
+	"crypto/tls"
+
+	"github.com/minio/sio"
+)
+
+const enabled = false
+
+func cipherSuitesDARE() []byte {
+	return []byte{sio.AES_256_GCM, sio.CHACHA20_POLY1305}
+}
+
+func cipherSuitesTLS() []uint16 {
+	return []uint16{
+		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+	}
+}
+
+func ellipticCurvesTLS() []tls.CurveID {
+	return []tls.CurveID{tls.X25519, tls.CurveP256}
+}