MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

update minio/kms-go/kms SDK (#21233)

Browse Source 
Signed-off-by: Andreas Auernhammer <github@aead.dev>
This commit is contained in:
Andreas Auernhammer
2025-04-24 17:33:57 +02:00
committed by GitHub
parent 2780778c10
commit 427826abc5
4 changed files with 17 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/kms/config.go
View File

@@ -33,6 +33,7 @@ import (
"syscall"
"time"
"aead.dev/mtls"
"github.com/minio/kms-go/kes"
"github.com/minio/kms-go/kms"
"github.com/minio/pkg/v3/certs"
@@ -131,7 +132,7 @@ func Connect(ctx context.Context, opts *ConnectionOptions) (*KMS, error) {
return nil, err
}
key, err := kms.ParseAPIKey(env.Get(EnvKMSAPIKey, ""))
key, err := mtls.ParsePrivateKey(env.Get(EnvKMSAPIKey, ""))
if err != nil {
return nil, err
}

21
internal/kms/kms.go
View File

@@ -335,15 +335,14 @@ func (c *kmsConn) ListKeys(ctx context.Context, req *ListRequest) ([]madmin.KMSK
for i, v := range resp.Items {
keyInfos[i].Name = v.Name
keyInfos[i].CreatedAt = v.CreatedAt
keyInfos[i].CreatedBy = string(v.CreatedBy)
keyInfos[i].CreatedBy = v.CreatedBy.String()
}
return keyInfos, resp.ContinueAt, nil
}
func (c *kmsConn) CreateKey(ctx context.Context, req *CreateKeyRequest) error {
if err := c.client.CreateKey(ctx, &kms.CreateKeyRequest{
Enclave: c.enclave,
Name: req.Name,
if err := c.client.CreateKey(ctx, c.enclave, &kms.CreateKeyRequest{
Name: req.Name,
}); err != nil {
if errors.Is(err, kms.ErrKeyExists) {
return ErrKeyExists
@@ -367,8 +366,7 @@ func (c *kmsConn) GenerateKey(ctx context.Context, req *GenerateKeyRequest) (DEK
name = c.defaultKey
}
resp, err := c.client.GenerateKey(ctx, &kms.GenerateKeyRequest{
Enclave: c.enclave,
resp, err := c.client.GenerateKey(ctx, c.enclave, &kms.GenerateKeyRequest{
Name: name,
AssociatedData: aad,
Length: 32,
@@ -385,9 +383,9 @@ func (c *kmsConn) GenerateKey(ctx context.Context, req *GenerateKeyRequest) (DEK
return DEK{
KeyID: name,
Version: resp.Version,
Plaintext: resp.Plaintext,
Ciphertext: resp.Ciphertext,
Version: resp[0].Version,
Plaintext: resp[0].Plaintext,
Ciphertext: resp[0].Ciphertext,
}, nil
}
@@ -398,8 +396,7 @@ func (c *kmsConn) Decrypt(ctx context.Context, req *DecryptRequest) ([]byte, err
}
ciphertext, _ := parseCiphertext(req.Ciphertext)
resp, err := c.client.Decrypt(ctx, &kms.DecryptRequest{
Enclave: c.enclave,
resp, err := c.client.Decrypt(ctx, c.enclave, &kms.DecryptRequest{
Name: req.Name,
Ciphertext: ciphertext,
AssociatedData: aad,
@@ -413,7 +410,7 @@ func (c *kmsConn) Decrypt(ctx context.Context, req *DecryptRequest) ([]byte, err
}
return nil, errDecryptionFailed(err)
}
return resp.Plaintext, nil
return resp[0].Plaintext, nil
}
// MAC generates the checksum of the given req.Message using the key