mirror of
https://github.com/minio/minio.git
synced 2025-01-25 21:53:16 -05:00
ca6b4773ed
This change adds server-side-encryption support for HEAD, GET and PUT operations. This PR only addresses single-part PUTs and GETs without HTTP ranges. Further this change adds the concept of reserved object metadata which is required to make encrypted objects tamper-proof and provide API compatibility to AWS S3. This PR adds the following reserved metadata entries: - X-Minio-Internal-Server-Side-Encryption-Iv ('guarantees' tamper-proof property) - X-Minio-Internal-Server-Side-Encryption-Kdf (makes Key-MAC computation negotiable in future) - X-Minio-Internal-Server-Side-Encryption-Key-Mac (provides AWS S3 API compatibility) The prefix `X-Minio_Internal` specifies an internal metadata entry which must not send to clients. All client requests containing a metadata key starting with `X-Minio-Internal` must also rejected. This is implemented by a generic-handler. This PR implements SSE-C separated from client-side-encryption (CSE). This cannot decrypt server-side-encrypted objects on the client-side. However, clients can encrypted the same object with CSE and SSE-C. This PR does not address: - SSE-C Copy and Copy part - SSE-C GET with HTTP ranges - SSE-C multipart PUT - SSE-C Gateway Each point must be addressed in a separate PR. Added to vendor dir: - x/crypto/chacha20poly1305 - x/crypto/poly1305 - github.com/minio/sio
34 lines
1.3 KiB
Go
34 lines
1.3 KiB
Go
// Copyright 2012 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
/*
|
|
Package poly1305 implements Poly1305 one-time message authentication code as
|
|
specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
|
|
|
|
Poly1305 is a fast, one-time authentication function. It is infeasible for an
|
|
attacker to generate an authenticator for a message without the key. However, a
|
|
key must only be used for a single message. Authenticating two different
|
|
messages with the same key allows an attacker to forge authenticators for other
|
|
messages with the same key.
|
|
|
|
Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was
|
|
used with a fixed key in order to generate one-time keys from an nonce.
|
|
However, in this package AES isn't used and the one-time key is specified
|
|
directly.
|
|
*/
|
|
package poly1305 // import "golang.org/x/crypto/poly1305"
|
|
|
|
import "crypto/subtle"
|
|
|
|
// TagSize is the size, in bytes, of a poly1305 authenticator.
|
|
const TagSize = 16
|
|
|
|
// Verify returns true if mac is a valid authenticator for m with the given
|
|
// key.
|
|
func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
|
|
var tmp [16]byte
|
|
Sum(&tmp, m, key)
|
|
return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1
|
|
}
|