minio/cmd/crypto
Andreas Auernhammer b181a693fb fix object rebinding SSE-C security guarantee violation (#6121)
This commit fixes a weakness of the key-encryption-key
derivation for SSE-C encrypted objects. Before this
change the key-encryption-key was not bound to / didn't
depend on the object path. This allows an attacker to
repalce objects - encrypted with the same
client-key - with each other.

This change fixes this issue by updating the
key-encryption-key derivation to include:
 - the domain (in this case SSE-C)
 - a canonical object path representation
 - the encryption & key derivation algorithm

Changing the object path now causes the KDF to derive a
different key-encryption-key such that the object-key
unsealing fails.
Including the domain (SSE-C) and encryption & key
derivation algorithm is not directly neccessary for this
fix. However, both will be included for the SSE-S3 KDF.
So they are included here to avoid updating the KDF
again when we add SSE-S3.

The leagcy KDF 'DARE-SHA256' is only used for existing
objects and never for new objects / key rotation.
2018-07-09 17:18:28 -07:00
..
doc.go fix object rebinding SSE-C security guarantee violation (#6121) 2018-07-09 17:18:28 -07:00
error.go new package: cmd/crypto (#6062) 2018-06-28 12:47:42 -07:00
header_test.go new package: cmd/crypto (#6062) 2018-06-28 12:47:42 -07:00
header.go new package: cmd/crypto (#6062) 2018-06-28 12:47:42 -07:00
key_test.go new package: cmd/crypto (#6062) 2018-06-28 12:47:42 -07:00
key.go new package: cmd/crypto (#6062) 2018-06-28 12:47:42 -07:00
sse.go new package: cmd/crypto (#6062) 2018-06-28 12:47:42 -07:00