minio/internal
Andreas Auernhammer 999bbd3a14
crypto: generate OEK using HMAC-SHA256 instead of SHA256 (#19297)
This commit changes how MinIO generates the object encryption key (OEK)
when encrypting an object using server-side encryption.

This change is fully backwards compatible. Now, MinIO generates
the OEK as following:
```
Nonce = RANDOM(32)        // generate 256 bit random value
OEK = HMAC-SHA256(EK, Context || Nonce)
```

Before, the OEK was computed as following:
```
Nonce = RANDOM(32)        // generate 256 bit random value
OEK = SHA256(EK || Nonce)
```

The new scheme does not technically fix a security issue but
uses a more familiar scheme. The only requirement for the
OEK generation function is that it produces a (pseudo)random value
for every pair (`EK`,`Nonce`) as long as no `EK`-`Nonce` combination
is repeated. This prevents a faulty PRNG from repeating or generating
a "bad" key.

The previous scheme guarantees that the `OEK` is a (pseudo)random
value given that no pair (`EK`,`Nonce`) repeats under the assumption
that SHA256 is indistinguable from a random oracle.

The new scheme guarantees that the `OEK` is a (pseudo)random value
given that no pair (`EK`, `Nonce`) repeats under the assumption that
SHA256's underlying compression function is a PRF/PRP.

While the later is a weaker assumption, and therefore, less likely
to be false, both are considered true. SHA256 is believed to be
indistinguable from a random oracle AND its compression function
is assumed to be a PRF/PRP.

As far as the OEK generating is concerned, the OS random number
generator is not required to be pseudo-random but just non-repeating.

Apart from being more compatible to standard definitions and
descriptions for how to generate crypto. keys, this change does not
have any impact of the actual security of the OEK key generation.

Signed-off-by: Andreas Auernhammer <github@aead.dev>
2024-03-19 13:28:10 -07:00
..
amztime add codespell action (#18818) 2024-01-17 23:03:17 -08:00
arn Allow OpenID ARN resource ID to start with a - (#18255) 2023-10-16 13:50:51 -07:00
auth automatically generate root credentials with KMS (#19025) 2024-03-01 13:09:42 -08:00
bpool Add cgroup v2 support for memory limit (#18905) 2024-01-30 11:13:27 -08:00
bucket ilm: Expire if object past expected expiry date (#19230) 2024-03-08 22:41:22 -08:00
cachevalue debug: introduce support for configuring client connect WRITE deadline (#19170) 2024-03-01 08:00:42 -08:00
color log: Do not interpret verbs in object names in console output (#16233) 2022-12-13 08:27:40 -08:00
config feat: add user specific redis auth (#19285) 2024-03-18 21:37:54 -07:00
crypto crypto: generate OEK using HMAC-SHA256 instead of SHA256 (#19297) 2024-03-19 13:28:10 -07:00
deadlineconn add deadlineConnections on remoteTransport (#16010) 2022-11-05 11:09:21 -07:00
disk Read drive IO stats from sysfs instead of procfs (#19131) 2024-02-26 11:34:50 -08:00
dsync use typos instead of codespell (#19088) 2024-02-21 22:26:06 -08:00
etag fix: some flyby typos in the code (#19212) 2024-03-10 14:09:36 -07:00
event change the notification queue full message (#19293) 2024-03-19 00:30:10 -07:00
fips disable builds for go1.18 (#16332) 2022-12-30 11:37:07 -08:00
grid cosmetic: Move request goroutines to methods (#19241) 2024-03-13 11:43:58 -07:00
handlers send proper IPv6 names avoid bracketing notation (#18699) 2023-12-21 16:56:55 -08:00
hash add codespell action (#18818) 2024-01-17 23:03:17 -08:00
http debug: introduce support for configuring client connect WRITE deadline (#19170) 2024-03-01 08:00:42 -08:00
init force all internal MinIO operations to be under UTC (#16009) 2022-11-04 16:44:38 -07:00
ioutil write anything beyond 4k to be written in 4k pages (#19269) 2024-03-15 12:27:59 -07:00
jwt allow JWT parsing on large session policy based tokens (#17167) 2023-05-09 00:53:08 -07:00
kms automatically generate root credentials with KMS (#19025) 2024-03-01 13:09:42 -08:00
lock fix: linter errors in Windows specific code (#18276) 2023-10-18 11:08:15 -07:00
logger add batchSize support for webhook endpoints (#19214) 2024-03-07 12:17:46 -08:00
lsync cleanup Go linter settings (#16736) 2023-03-04 20:57:35 -08:00
mcontext Add X-Amz-Request-Id to internode calls (#16146) 2022-12-06 09:27:26 -08:00
mountinfo add codespell action (#18818) 2024-01-17 23:03:17 -08:00
net fix: return error when requested interface has no stats available (#17666) 2023-07-17 01:14:01 -07:00
once Support persistent queue store for loggers (#17121) 2023-05-08 21:20:31 -07:00
pubsub Fix tracing send on closed channel (#18982) 2024-02-06 08:57:30 -08:00
rest fix: relax metadata checks for healing (#19165) 2024-02-29 22:49:01 -08:00
s3select use typos instead of codespell (#19088) 2024-02-21 22:26:06 -08:00
store avoid close 'nil' panics if any (#18890) 2024-01-28 10:04:17 -08:00