mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
a6f4cf61f2
This commit adds a new method `UpdateKey` to the KMS interface. The purpose of `UpdateKey` is to re-wrap an encrypted data key (the key generated & encrypted with a master key by e.g. Vault). For example, consider Vault with a master key ID: `master-key-1` and an encrypted data key `E(dk)` for a particular object. The data key `dk` has been generated randomly when the object was created. Now, the KMS operator may "rotate" the master key `master-key-1`. However, the KMS cannot forget the "old" value of that master key since there is still an object that requires `dk`, and therefore, the `D(E(dk))`. With the `UpdateKey` method call MinIO can ask the KMS to decrypt `E(dk)` with the old key (internally) and re-encrypted `dk` with the new master key value: `E'(dk)`. However, this operation only works for the same master key ID. When rotating the data key (replacing it with a new one) then we perform a `UnsealKey` operation with the 1st master key ID and then a `GenerateKey` operation with the 2nd master key ID. This commit also updates the KMS documentation and removes the `encrypt` policy entry (we don't use `encrypt`) and add a policy entry for `rewarp`.
74 lines
3.5 KiB
Go
74 lines
3.5 KiB
Go
// MinIO Cloud Storage, (C) 2015, 2016, 2017, 2018 MinIO, Inc.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package crypto
|
|
|
|
import "errors"
|
|
|
|
// Error is the generic type for any error happening during decrypting
|
|
// an object. It indicates that the object itself or its metadata was
|
|
// modified accidentally or maliciously.
|
|
type Error struct{ msg string }
|
|
|
|
func (e Error) Error() string { return e.msg }
|
|
|
|
var (
|
|
// ErrInvalidEncryptionMethod indicates that the specified SSE encryption method
|
|
// is not supported.
|
|
ErrInvalidEncryptionMethod = errors.New("The encryption method is not supported")
|
|
|
|
// ErrInvalidCustomerAlgorithm indicates that the specified SSE-C algorithm
|
|
// is not supported.
|
|
ErrInvalidCustomerAlgorithm = errors.New("The SSE-C algorithm is not supported")
|
|
|
|
// ErrMissingCustomerKey indicates that the HTTP headers contains no SSE-C client key.
|
|
ErrMissingCustomerKey = errors.New("The SSE-C request is missing the customer key")
|
|
|
|
// ErrMissingCustomerKeyMD5 indicates that the HTTP headers contains no SSE-C client key
|
|
// MD5 checksum.
|
|
ErrMissingCustomerKeyMD5 = errors.New("The SSE-C request is missing the customer key MD5")
|
|
|
|
// ErrInvalidCustomerKey indicates that the SSE-C client key is not valid - e.g. not a
|
|
// base64-encoded string or not 256 bits long.
|
|
ErrInvalidCustomerKey = errors.New("The SSE-C client key is invalid")
|
|
|
|
// ErrSecretKeyMismatch indicates that the provided secret key (SSE-C client key / SSE-S3 KMS key)
|
|
// does not match the secret key used during encrypting the object.
|
|
ErrSecretKeyMismatch = errors.New("The secret key does not match the secret key used during upload")
|
|
|
|
// ErrCustomerKeyMD5Mismatch indicates that the SSE-C key MD5 does not match the
|
|
// computed MD5 sum. This means that the client provided either the wrong key for
|
|
// a certain MD5 checksum or the wrong MD5 for a certain key.
|
|
ErrCustomerKeyMD5Mismatch = errors.New("The provided SSE-C key MD5 does not match the computed MD5 of the SSE-C key")
|
|
// ErrIncompatibleEncryptionMethod indicates that both SSE-C headers and SSE-S3 headers were specified, and are incompatible
|
|
// The client needs to remove the SSE-S3 header or the SSE-C headers
|
|
ErrIncompatibleEncryptionMethod = errors.New("Server side encryption specified with both SSE-C and SSE-S3 headers")
|
|
)
|
|
|
|
var (
|
|
errMissingInternalIV = Error{"The object metadata is missing the internal encryption IV"}
|
|
errMissingInternalSealAlgorithm = Error{"The object metadata is missing the internal seal algorithm"}
|
|
|
|
errInvalidInternalIV = Error{"The internal encryption IV is malformed"}
|
|
errInvalidInternalSealAlgorithm = Error{"The internal seal algorithm is invalid and not supported"}
|
|
|
|
errMissingUpdatedKey = Error{"The key update returned no error but also no sealed key"}
|
|
)
|
|
|
|
var (
|
|
// errOutOfEntropy indicates that the a source of randomness (PRNG) wasn't able
|
|
// to produce enough random data. This is fatal error and should cause a panic.
|
|
errOutOfEntropy = errors.New("Unable to read enough randomness from the system")
|
|
)
|