mirror of
https://github.com/minio/minio.git
synced 2024-12-27 07:35:55 -05:00
7b3719c17b
This commit adds a `MarshalText` implementation to the `crypto.Context` type. The `MarshalText` implementation replaces the `WriteTo` and `AppendTo` implementation. It is slightly slower than the `AppendTo` implementation ``` goos: darwin goarch: arm64 pkg: github.com/minio/minio/cmd/crypto BenchmarkContext_AppendTo/0-elems-8 381475698 2.892 ns/op 0 B/op 0 allocs/op BenchmarkContext_AppendTo/1-elems-8 17945088 67.54 ns/op 0 B/op 0 allocs/op BenchmarkContext_AppendTo/3-elems-8 5431770 221.2 ns/op 72 B/op 2 allocs/op BenchmarkContext_AppendTo/4-elems-8 3430684 346.7 ns/op 88 B/op 2 allocs/op ``` vs. ``` BenchmarkContext/0-elems-8 135819834 8.658 ns/op 2 B/op 1 allocs/op BenchmarkContext/1-elems-8 13326243 89.20 ns/op 128 B/op 1 allocs/op BenchmarkContext/3-elems-8 4935301 243.1 ns/op 200 B/op 3 allocs/op BenchmarkContext/4-elems-8 2792142 428.2 ns/op 504 B/op 4 allocs/op goos: darwin ``` However, the `AppendTo` benchmark used a pre-allocated buffer. While this improves its performance it does not match the actual usage of `crypto.Context` which is passed to a `KMS` and always encoded into a newly allocated buffer. Therefore, this change seems acceptable since it should not impact the actual performance but reduces the overall code for Context marshaling.
91 lines
3.8 KiB
Go
91 lines
3.8 KiB
Go
// MinIO Cloud Storage, (C) 2015, 2016, 2017, 2018 MinIO, Inc.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package crypto
|
|
|
|
import (
|
|
"fmt"
|
|
)
|
|
|
|
// Error is the generic type for any error happening during decrypting
|
|
// an object. It indicates that the object itself or its metadata was
|
|
// modified accidentally or maliciously.
|
|
type Error struct {
|
|
err error
|
|
}
|
|
|
|
// Errorf - formats according to a format specifier and returns
|
|
// the string as a value that satisfies error of type crypto.Error
|
|
func Errorf(format string, a ...interface{}) error {
|
|
return Error{err: fmt.Errorf(format, a...)}
|
|
}
|
|
|
|
// Unwrap the internal error.
|
|
func (e Error) Unwrap() error { return e.err }
|
|
|
|
// Error 'error' compatible method.
|
|
func (e Error) Error() string {
|
|
if e.err == nil {
|
|
return "crypto: cause <nil>"
|
|
}
|
|
return e.err.Error()
|
|
}
|
|
|
|
var (
|
|
// ErrInvalidEncryptionMethod indicates that the specified SSE encryption method
|
|
// is not supported.
|
|
ErrInvalidEncryptionMethod = Errorf("The encryption method is not supported")
|
|
|
|
// ErrInvalidCustomerAlgorithm indicates that the specified SSE-C algorithm
|
|
// is not supported.
|
|
ErrInvalidCustomerAlgorithm = Errorf("The SSE-C algorithm is not supported")
|
|
|
|
// ErrMissingCustomerKey indicates that the HTTP headers contains no SSE-C client key.
|
|
ErrMissingCustomerKey = Errorf("The SSE-C request is missing the customer key")
|
|
|
|
// ErrMissingCustomerKeyMD5 indicates that the HTTP headers contains no SSE-C client key
|
|
// MD5 checksum.
|
|
ErrMissingCustomerKeyMD5 = Errorf("The SSE-C request is missing the customer key MD5")
|
|
|
|
// ErrInvalidCustomerKey indicates that the SSE-C client key is not valid - e.g. not a
|
|
// base64-encoded string or not 256 bits long.
|
|
ErrInvalidCustomerKey = Errorf("The SSE-C client key is invalid")
|
|
|
|
// ErrSecretKeyMismatch indicates that the provided secret key (SSE-C client key / SSE-S3 KMS key)
|
|
// does not match the secret key used during encrypting the object.
|
|
ErrSecretKeyMismatch = Errorf("The secret key does not match the secret key used during upload")
|
|
|
|
// ErrCustomerKeyMD5Mismatch indicates that the SSE-C key MD5 does not match the
|
|
// computed MD5 sum. This means that the client provided either the wrong key for
|
|
// a certain MD5 checksum or the wrong MD5 for a certain key.
|
|
ErrCustomerKeyMD5Mismatch = Errorf("The provided SSE-C key MD5 does not match the computed MD5 of the SSE-C key")
|
|
// ErrIncompatibleEncryptionMethod indicates that both SSE-C headers and SSE-S3 headers were specified, and are incompatible
|
|
// The client needs to remove the SSE-S3 header or the SSE-C headers
|
|
ErrIncompatibleEncryptionMethod = Errorf("Server side encryption specified with both SSE-C and SSE-S3 headers")
|
|
)
|
|
|
|
var (
|
|
errMissingInternalIV = Errorf("The object metadata is missing the internal encryption IV")
|
|
errMissingInternalSealAlgorithm = Errorf("The object metadata is missing the internal seal algorithm")
|
|
|
|
errInvalidInternalIV = Errorf("The internal encryption IV is malformed")
|
|
errInvalidInternalSealAlgorithm = Errorf("The internal seal algorithm is invalid and not supported")
|
|
)
|
|
|
|
var (
|
|
// errOutOfEntropy indicates that the a source of randomness (PRNG) wasn't able
|
|
// to produce enough random data. This is fatal error and should cause a panic.
|
|
errOutOfEntropy = Errorf("Unable to read enough randomness from the system")
|
|
)
|