minio/internal/config/crypto.go

// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package config

import (
	"bytes"
	"context"
	"crypto/rand"
	"encoding/binary"
	"errors"
	"fmt"
	"io"

	jsoniter "github.com/json-iterator/go"
	"github.com/minio/minio/internal/fips"
	"github.com/minio/minio/internal/kms"
	"github.com/secure-io/sio-go"
	"github.com/secure-io/sio-go/sioutil"
)

// EncryptBytes encrypts the plaintext with a key managed by KMS.
// The context is bound to the returned ciphertext.
//
// The same context must be provided when decrypting the
// ciphertext.
func EncryptBytes(k kms.KMS, plaintext []byte, context kms.Context) ([]byte, error) {
	ciphertext, err := Encrypt(k, bytes.NewReader(plaintext), context)
	if err != nil {
		return nil, err
	}
	return io.ReadAll(ciphertext)
}

// DecryptBytes decrypts the ciphertext using a key managed by the KMS.
// The same context that have been used during encryption must be
// provided.
func DecryptBytes(k kms.KMS, ciphertext []byte, context kms.Context) ([]byte, error) {
	plaintext, err := Decrypt(k, bytes.NewReader(ciphertext), context)
	if err != nil {
		return nil, err
	}
	return io.ReadAll(plaintext)
}

// Encrypt encrypts the plaintext with a key managed by KMS.
// The context is bound to the returned ciphertext.
//
// The same context must be provided when decrypting the
// ciphertext.
func Encrypt(k kms.KMS, plaintext io.Reader, ctx kms.Context) (io.Reader, error) {
	algorithm := sio.AES_256_GCM
	if !fips.Enabled && !sioutil.NativeAES() {
		algorithm = sio.ChaCha20Poly1305
	}

	key, err := k.GenerateKey(context.Background(), "", ctx)
	if err != nil {
		return nil, err
	}
	stream, err := algorithm.Stream(key.Plaintext)
	if err != nil {
		return nil, err
	}
	nonce := make([]byte, stream.NonceSize())
	if _, err := rand.Read(nonce); err != nil {
		return nil, err
	}

	const (
		MaxMetadataSize = 1 << 20 // max. size of the metadata
		Version         = 1
	)
	var (
		header [5]byte
		buffer bytes.Buffer
	)
	json := jsoniter.ConfigCompatibleWithStandardLibrary
	metadata, err := json.Marshal(encryptedObject{
		KeyID:     key.KeyID,
		KMSKey:    key.Ciphertext,
		Algorithm: algorithm,
		Nonce:     nonce,
	})
	if err != nil {
		return nil, err
	}
	if len(metadata) > MaxMetadataSize {
		return nil, errors.New("config: encryption metadata is too large")
	}
	header[0] = Version
	binary.LittleEndian.PutUint32(header[1:], uint32(len(metadata)))
	buffer.Write(header[:])
	buffer.Write(metadata)

	return io.MultiReader(
		&buffer,
		stream.EncryptReader(plaintext, nonce, nil),
	), nil
}

// Decrypt decrypts the ciphertext using a key managed by the KMS.
// The same context that have been used during encryption must be
// provided.
func Decrypt(k kms.KMS, ciphertext io.Reader, context kms.Context) (io.Reader, error) {
	const (
		MaxMetadataSize = 1 << 20 // max. size of the metadata
		Version         = 1
	)

	var header [5]byte
	if _, err := io.ReadFull(ciphertext, header[:]); err != nil {
		return nil, err
	}
	if header[0] != Version {
		return nil, fmt.Errorf("config: unknown ciphertext version %d", header[0])
	}
	size := binary.LittleEndian.Uint32(header[1:])
	if size > MaxMetadataSize {
		return nil, errors.New("config: encryption metadata is too large")
	}

	var (
		metadataBuffer = make([]byte, size)
		metadata       encryptedObject
	)
	if _, err := io.ReadFull(ciphertext, metadataBuffer); err != nil {
		return nil, err
	}
	json := jsoniter.ConfigCompatibleWithStandardLibrary
	if err := json.Unmarshal(metadataBuffer, &metadata); err != nil {
		return nil, err
	}
	if fips.Enabled && metadata.Algorithm != sio.AES_256_GCM {
		return nil, fmt.Errorf("config: unsupported encryption algorithm: %q is not supported in FIPS mode", metadata.Algorithm)
	}

	key, err := k.DecryptKey(metadata.KeyID, metadata.KMSKey, context)
	if err != nil {
		return nil, err
	}
	stream, err := metadata.Algorithm.Stream(key)
	if err != nil {
		return nil, err
	}
	if stream.NonceSize() != len(metadata.Nonce) {
		return nil, sio.NotAuthentic
	}
	return stream.DecryptReader(ciphertext, metadata.Nonce, nil), nil
}

type encryptedObject struct {
	KeyID  string `json:"keyid"`
	KMSKey []byte `json:"kmskey"`

	Algorithm sio.Algorithm `json:"algorithm"`
	Nonce     []byte        `json:"nonce"`
}
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-19 03:41:13 +08:00			`// Copyright (c) 2015-2021 MinIO, Inc.`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00			`//`
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-19 03:41:13 +08:00			`// This file is part of MinIO Object Storage stack`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00			`//`
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-19 03:41:13 +08:00			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00			`//`
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-19 03:41:13 +08:00			`// This program is distributed in the hope that it will be useful`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with this program. If not, see <http://www.gnu.org/licenses/>.`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00
			`package config`

			`import (`
			`"bytes"`
kms: add `context.Context` to KMS API calls (#15327) This commit adds a `context.Context` to the the KMS `{Stat, CreateKey, GenerateKey}` API calls. The context will be used to terminate external calls as soon as the client requests gets canceled. A follow-up PR will add a `context.Context` to the remaining `DecryptKey` API call. Signed-off-by: Andreas Auernhammer <hi@aead.dev> 2022-07-19 09:54:27 +08:00			`"context"`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00			`"crypto/rand"`
			`"encoding/binary"`
			`"errors"`
			`"fmt"`
			`"io"`

use json unmarshal/marshal from jsoniter in hotpaths (#12269) 2021-05-11 17:02:32 +08:00			`jsoniter "github.com/json-iterator/go"`
rename all remaining packages to internal/ (#12418) This is to ensure that there are no projects that try to import `minio/minio/pkg` into their own repo. Any such common packages should go to `https://github.com/minio/pkg` 2021-06-02 05:59:40 +08:00			`"github.com/minio/minio/internal/fips"`
			`"github.com/minio/minio/internal/kms"`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00			`"github.com/secure-io/sio-go"`
			`"github.com/secure-io/sio-go/sioutil"`
			`)`

kms: encrypt IAM/config data with the KMS (#12041) This commit changes the config/IAM encryption process. Instead of encrypting config data (users, policies etc.) with the root credentials MinIO now encrypts this data with a KMS - if configured. Therefore, this PR moves the MinIO-KMS configuration (via env. variables) to a "top-level" configuration. The KMS configuration cannot be stored in the config file since it is used to decrypt the config file in the first place. As a consequence, this commit also removes support for Hashicorp Vault - which has been deprecated anyway. Signed-off-by: Andreas Auernhammer <aead@mail.de> 2021-04-22 23:45:30 +08:00			`// EncryptBytes encrypts the plaintext with a key managed by KMS.`
			`// The context is bound to the returned ciphertext.`
			`//`
			`// The same context must be provided when decrypting the`
			`// ciphertext.`
cleanup ignored static analysis (#16767) 2023-03-07 00:56:10 +08:00			`func EncryptBytes(k kms.KMS, plaintext []byte, context kms.Context) ([]byte, error) {`
			`ciphertext, err := Encrypt(k, bytes.NewReader(plaintext), context)`
kms: encrypt IAM/config data with the KMS (#12041) This commit changes the config/IAM encryption process. Instead of encrypting config data (users, policies etc.) with the root credentials MinIO now encrypts this data with a KMS - if configured. Therefore, this PR moves the MinIO-KMS configuration (via env. variables) to a "top-level" configuration. The KMS configuration cannot be stored in the config file since it is used to decrypt the config file in the first place. As a consequence, this commit also removes support for Hashicorp Vault - which has been deprecated anyway. Signed-off-by: Andreas Auernhammer <aead@mail.de> 2021-04-22 23:45:30 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`return io.ReadAll(ciphertext)`
			`}`

			`// DecryptBytes decrypts the ciphertext using a key managed by the KMS.`
			`// The same context that have been used during encryption must be`
			`// provided.`
cleanup ignored static analysis (#16767) 2023-03-07 00:56:10 +08:00			`func DecryptBytes(k kms.KMS, ciphertext []byte, context kms.Context) ([]byte, error) {`
			`plaintext, err := Decrypt(k, bytes.NewReader(ciphertext), context)`
kms: encrypt IAM/config data with the KMS (#12041) This commit changes the config/IAM encryption process. Instead of encrypting config data (users, policies etc.) with the root credentials MinIO now encrypts this data with a KMS - if configured. Therefore, this PR moves the MinIO-KMS configuration (via env. variables) to a "top-level" configuration. The KMS configuration cannot be stored in the config file since it is used to decrypt the config file in the first place. As a consequence, this commit also removes support for Hashicorp Vault - which has been deprecated anyway. Signed-off-by: Andreas Auernhammer <aead@mail.de> 2021-04-22 23:45:30 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`return io.ReadAll(plaintext)`
			`}`

introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00			`// Encrypt encrypts the plaintext with a key managed by KMS.`
			`// The context is bound to the returned ciphertext.`
			`//`
			`// The same context must be provided when decrypting the`
			`// ciphertext.`
cleanup ignored static analysis (#16767) 2023-03-07 00:56:10 +08:00			`func Encrypt(k kms.KMS, plaintext io.Reader, ctx kms.Context) (io.Reader, error) {`
run gofumpt cleanup across code-base (#14015) 2022-01-03 01:15:06 +08:00			`algorithm := sio.AES_256_GCM`
config: enforce AES-GCM in FIPS mode (#12265) This commit enforces the usage of AES-256 for config and IAM data en/decryption in FIPS mode. Further, it improves the implementation of `fips.Enabled` by making it a compile time constant. Now, the compiler is able to evaluate the any `if fips.Enabled { ... }` at compile time and eliminate unused code. Signed-off-by: Andreas Auernhammer <aead@mail.de> 2021-05-10 23:24:11 +08:00			`if !fips.Enabled && !sioutil.NativeAES() {`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00			`algorithm = sio.ChaCha20Poly1305`
			`}`

cleanup ignored static analysis (#16767) 2023-03-07 00:56:10 +08:00			`key, err := k.GenerateKey(context.Background(), "", ctx)`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`stream, err := algorithm.Stream(key.Plaintext)`
			`if err != nil {`
			`return nil, err`
			`}`
			`nonce := make([]byte, stream.NonceSize())`
			`if _, err := rand.Read(nonce); err != nil {`
			`return nil, err`
			`}`

			`const (`
			`MaxMetadataSize = 1 << 20 // max. size of the metadata`
			`Version = 1`
			`)`
			`var (`
			`header [5]byte`
			`buffer bytes.Buffer`
			`)`
run gofumpt cleanup across code-base (#14015) 2022-01-03 01:15:06 +08:00			`json := jsoniter.ConfigCompatibleWithStandardLibrary`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00			`metadata, err := json.Marshal(encryptedObject{`
			`KeyID: key.KeyID,`
			`KMSKey: key.Ciphertext,`
			`Algorithm: algorithm,`
			`Nonce: nonce,`
			`})`
			`if err != nil {`
			`return nil, err`
			`}`
			`if len(metadata) > MaxMetadataSize {`
			`return nil, errors.New("config: encryption metadata is too large")`
			`}`
			`header[0] = Version`
			`binary.LittleEndian.PutUint32(header[1:], uint32(len(metadata)))`
			`buffer.Write(header[:])`
			`buffer.Write(metadata)`

			`return io.MultiReader(`
			`&buffer,`
			`stream.EncryptReader(plaintext, nonce, nil),`
			`), nil`
			`}`

			`// Decrypt decrypts the ciphertext using a key managed by the KMS.`
			`// The same context that have been used during encryption must be`
			`// provided.`
cleanup ignored static analysis (#16767) 2023-03-07 00:56:10 +08:00			`func Decrypt(k kms.KMS, ciphertext io.Reader, context kms.Context) (io.Reader, error) {`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00			`const (`
			`MaxMetadataSize = 1 << 20 // max. size of the metadata`
			`Version = 1`
			`)`

			`var header [5]byte`
			`if _, err := io.ReadFull(ciphertext, header[:]); err != nil {`
			`return nil, err`
			`}`
			`if header[0] != Version {`
			`return nil, fmt.Errorf("config: unknown ciphertext version %d", header[0])`
			`}`
			`size := binary.LittleEndian.Uint32(header[1:])`
			`if size > MaxMetadataSize {`
			`return nil, errors.New("config: encryption metadata is too large")`
			`}`

			`var (`
			`metadataBuffer = make([]byte, size)`
			`metadata encryptedObject`
			`)`
			`if _, err := io.ReadFull(ciphertext, metadataBuffer); err != nil {`
			`return nil, err`
			`}`
run gofumpt cleanup across code-base (#14015) 2022-01-03 01:15:06 +08:00			`json := jsoniter.ConfigCompatibleWithStandardLibrary`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00			`if err := json.Unmarshal(metadataBuffer, &metadata); err != nil {`
			`return nil, err`
			`}`
config: enforce AES-GCM in FIPS mode (#12265) This commit enforces the usage of AES-256 for config and IAM data en/decryption in FIPS mode. Further, it improves the implementation of `fips.Enabled` by making it a compile time constant. Now, the compiler is able to evaluate the any `if fips.Enabled { ... }` at compile time and eliminate unused code. Signed-off-by: Andreas Auernhammer <aead@mail.de> 2021-05-10 23:24:11 +08:00			`if fips.Enabled && metadata.Algorithm != sio.AES_256_GCM {`
			`return nil, fmt.Errorf("config: unsupported encryption algorithm: %q is not supported in FIPS mode", metadata.Algorithm)`
			`}`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00
cleanup ignored static analysis (#16767) 2023-03-07 00:56:10 +08:00			`key, err := k.DecryptKey(metadata.KeyID, metadata.KMSKey, context)`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`stream, err := metadata.Algorithm.Stream(key)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if stream.NonceSize() != len(metadata.Nonce) {`
			`return nil, sio.NotAuthentic`
			`}`
			`return stream.DecryptReader(ciphertext, metadata.Nonce, nil), nil`
			`}`

			`type encryptedObject struct {`
			KeyID string `json:"keyid"`
			KMSKey []byte `json:"kmskey"`

			Algorithm sio.Algorithm `json:"algorithm"`
			Nonce []byte `json:"nonce"`
			`}`