minio/cmd/crypto/sse.go

// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package crypto

import (
	"context"
	"errors"
	"fmt"
	"io"
	"net/http"

	"github.com/minio/minio/cmd/logger"
	"github.com/minio/minio/pkg/fips"
	"github.com/minio/minio/pkg/ioutil"
	"github.com/minio/sio"
)

const (
	// SealAlgorithm is the encryption/sealing algorithm used to derive & seal
	// the key-encryption-key and to en/decrypt the object data.
	SealAlgorithm = "DAREv2-HMAC-SHA256"

	// InsecureSealAlgorithm is the legacy encryption/sealing algorithm used
	// to derive & seal the key-encryption-key and to en/decrypt the object data.
	// This algorithm should not be used for new objects because its key derivation
	// is not optimal. See: https://github.com/minio/minio/pull/6121
	InsecureSealAlgorithm = "DARE-SHA256"
)

// Type represents an AWS SSE type:
//  • SSE-C
//  • SSE-S3
//  • SSE-KMS
type Type interface {
	fmt.Stringer

	IsRequested(http.Header) bool

	IsEncrypted(map[string]string) bool
}

// IsRequested returns true and the SSE Type if the HTTP headers
// indicate that some form server-side encryption is requested.
//
// If no SSE headers are present then IsRequested returns false
// and no Type.
func IsRequested(h http.Header) (Type, bool) {
	switch {
	case S3.IsRequested(h):
		return S3, true
	case S3KMS.IsRequested(h):
		return S3KMS, true
	case SSEC.IsRequested(h):
		return SSEC, true
	default:
		return nil, false
	}
}

// UnsealObjectKey extracts and decrypts the sealed object key
// from the metadata using the SSE-Copy client key of the HTTP headers
// and returns the decrypted object key.
func (sse ssecCopy) UnsealObjectKey(h http.Header, metadata map[string]string, bucket, object string) (key ObjectKey, err error) {
	clientKey, err := sse.ParseHTTP(h)
	if err != nil {
		return
	}
	return unsealObjectKey(clientKey[:], metadata, bucket, object)
}

// unsealObjectKey decrypts and returns the sealed object key
// from the metadata using the SSE-C client key.
func unsealObjectKey(clientKey []byte, metadata map[string]string, bucket, object string) (key ObjectKey, err error) {
	sealedKey, err := SSEC.ParseMetadata(metadata)
	if err != nil {
		return
	}
	err = key.Unseal(clientKey, sealedKey, SSEC.String(), bucket, object)
	return
}

// EncryptSinglePart encrypts an io.Reader which must be the
// the body of a single-part PUT request.
func EncryptSinglePart(r io.Reader, key ObjectKey) io.Reader {
	r, err := sio.EncryptReader(r, sio.Config{MinVersion: sio.Version20, Key: key[:], CipherSuites: fips.CipherSuitesDARE()})
	if err != nil {
		logger.CriticalIf(context.Background(), errors.New("Unable to encrypt io.Reader using object key"))
	}
	return r
}

// EncryptMultiPart encrypts an io.Reader which must be the body of
// multi-part PUT request. It derives an unique encryption key from
// the partID and the object key.
func EncryptMultiPart(r io.Reader, partID int, key ObjectKey) io.Reader {
	partKey := key.DerivePartKey(uint32(partID))
	return EncryptSinglePart(r, ObjectKey(partKey))
}

// DecryptSinglePart decrypts an io.Writer which must an object
// uploaded with the single-part PUT API. The offset and length
// specify the requested range.
func DecryptSinglePart(w io.Writer, offset, length int64, key ObjectKey) io.WriteCloser {
	const PayloadSize = 1 << 16 // DARE 2.0
	w = ioutil.LimitedWriter(w, offset%PayloadSize, length)

	decWriter, err := sio.DecryptWriter(w, sio.Config{Key: key[:], CipherSuites: fips.CipherSuitesDARE()})
	if err != nil {
		logger.CriticalIf(context.Background(), errors.New("Unable to decrypt io.Writer using object key"))
	}
	return decWriter
}
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-19 03:41:13 +08:00			`// Copyright (c) 2015-2021 MinIO, Inc.`
new package: cmd/crypto (#6062) This commit introduces a new crypto package providing AWS S3 related cryptographic building blocks to implement SSE-S3 (master key or KMS) and SSE-C. This change only adds some basic functionallity esp. related to SSE-S3 and documents the general approach for SSE-S3 and SSE-C. 2018-06-29 03:47:42 +08:00			`//`
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-19 03:41:13 +08:00			`// This file is part of MinIO Object Storage stack`
new package: cmd/crypto (#6062) This commit introduces a new crypto package providing AWS S3 related cryptographic building blocks to implement SSE-S3 (master key or KMS) and SSE-C. This change only adds some basic functionallity esp. related to SSE-S3 and documents the general approach for SSE-S3 and SSE-C. 2018-06-29 03:47:42 +08:00			`//`
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-19 03:41:13 +08:00			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
new package: cmd/crypto (#6062) This commit introduces a new crypto package providing AWS S3 related cryptographic building blocks to implement SSE-S3 (master key or KMS) and SSE-C. This change only adds some basic functionallity esp. related to SSE-S3 and documents the general approach for SSE-S3 and SSE-C. 2018-06-29 03:47:42 +08:00			`//`
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-19 03:41:13 +08:00			`// This program is distributed in the hope that it will be useful`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with this program. If not, see <http://www.gnu.org/licenses/>.`
new package: cmd/crypto (#6062) This commit introduces a new crypto package providing AWS S3 related cryptographic building blocks to implement SSE-S3 (master key or KMS) and SSE-C. This change only adds some basic functionallity esp. related to SSE-S3 and documents the general approach for SSE-S3 and SSE-C. 2018-06-29 03:47:42 +08:00
			`package crypto`

			`import (`
			`"context"`
			`"errors"`
refactor cmd/crypto code for SSE handling and parsing (#11045) This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid. 2020-12-23 01:19:32 +08:00			`"fmt"`
new package: cmd/crypto (#6062) This commit introduces a new crypto package providing AWS S3 related cryptographic building blocks to implement SSE-S3 (master key or KMS) and SSE-C. This change only adds some basic functionallity esp. related to SSE-S3 and documents the general approach for SSE-S3 and SSE-C. 2018-06-29 03:47:42 +08:00			`"io"`
crypto: add helper functions for unsealing object keys (#6609) This commit adds 3 helper functions for SSE-C and SSE-S3 to simplify object key unsealing in server code. See #6600 2018-10-13 09:06:38 +08:00			`"net/http"`
new package: cmd/crypto (#6062) This commit introduces a new crypto package providing AWS S3 related cryptographic building blocks to implement SSE-S3 (master key or KMS) and SSE-C. This change only adds some basic functionallity esp. related to SSE-S3 and documents the general approach for SSE-S3 and SSE-C. 2018-06-29 03:47:42 +08:00
			`"github.com/minio/minio/cmd/logger"`
add new pkg/fips for FIPS 140-2 (#12051) This commit introduces a new package `pkg/fips` that bundles functionality to handle and configure cryptographic protocols in case of FIPS 140. If it is compiled with `--tags=fips` it assumes that a FIPS 140-2 cryptographic module is used to implement all FIPS compliant cryptographic primitives - like AES, SHA-256, ... In "FIPS mode" it excludes all non-FIPS compliant cryptographic primitives from the protocol parameters. 2021-04-14 23:29:56 +08:00			`"github.com/minio/minio/pkg/fips"`
new package: cmd/crypto (#6062) This commit introduces a new crypto package providing AWS S3 related cryptographic building blocks to implement SSE-S3 (master key or KMS) and SSE-C. This change only adds some basic functionallity esp. related to SSE-S3 and documents the general approach for SSE-S3 and SSE-C. 2018-06-29 03:47:42 +08:00			`"github.com/minio/minio/pkg/ioutil"`
			`"github.com/minio/sio"`
			`)`

crypto: update SSE-S3 and SSE-C key derivation (#6152) This commit updates the key derivation to reflect the latest change of crypto/doc.go. This includes handling the insecure legacy KDF. Since #6064 is fixed, the 3. test case for object key generation is enabled again. 2018-07-16 22:49:50 +08:00			`const (`
			`// SealAlgorithm is the encryption/sealing algorithm used to derive & seal`
			`// the key-encryption-key and to en/decrypt the object data.`
			`SealAlgorithm = "DAREv2-HMAC-SHA256"`

			`// InsecureSealAlgorithm is the legacy encryption/sealing algorithm used`
			`// to derive & seal the key-encryption-key and to en/decrypt the object data.`
			`// This algorithm should not be used for new objects because its key derivation`
			`// is not optimal. See: https://github.com/minio/minio/pull/6121`
			`InsecureSealAlgorithm = "DARE-SHA256"`
			`)`

refactor cmd/crypto code for SSE handling and parsing (#11045) This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid. 2020-12-23 01:19:32 +08:00			`// Type represents an AWS SSE type:`
			`// • SSE-C`
			`// • SSE-S3`
			`// • SSE-KMS`
			`type Type interface {`
			`fmt.Stringer`
crypto: implement Stringer for S3 and SSEC (#6216) This commit adds a `fmt.Stringer` implementation for SSE-S3 and SSE-C. The string representation is the domain used for object key sealing. See: `ObjectKey.Seal(...)` and `ObjectKey.Unseal(...)` 2018-08-01 02:15:12 +08:00
refactor cmd/crypto code for SSE handling and parsing (#11045) This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid. 2020-12-23 01:19:32 +08:00			`IsRequested(http.Header) bool`
crypto: add helper functions for unsealing object keys (#6609) This commit adds 3 helper functions for SSE-C and SSE-S3 to simplify object key unsealing in server code. See #6600 2018-10-13 09:06:38 +08:00
refactor cmd/crypto code for SSE handling and parsing (#11045) This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid. 2020-12-23 01:19:32 +08:00			`IsEncrypted(map[string]string) bool`
			`}`
crypto: implement Stringer for S3 and SSEC (#6216) This commit adds a `fmt.Stringer` implementation for SSE-S3 and SSE-C. The string representation is the domain used for object key sealing. See: `ObjectKey.Seal(...)` and `ObjectKey.Unseal(...)` 2018-08-01 02:15:12 +08:00
refactor cmd/crypto code for SSE handling and parsing (#11045) This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid. 2020-12-23 01:19:32 +08:00			`// IsRequested returns true and the SSE Type if the HTTP headers`
			`// indicate that some form server-side encryption is requested.`
			`//`
			`// If no SSE headers are present then IsRequested returns false`
			`// and no Type.`
			`func IsRequested(h http.Header) (Type, bool) {`
			`switch {`
			`case S3.IsRequested(h):`
			`return S3, true`
			`case S3KMS.IsRequested(h):`
			`return S3KMS, true`
			`case SSEC.IsRequested(h):`
			`return SSEC, true`
			`default:`
			`return nil, false`
crypto: add helper functions for unsealing object keys (#6609) This commit adds 3 helper functions for SSE-C and SSE-S3 to simplify object key unsealing in server code. See #6600 2018-10-13 09:06:38 +08:00			`}`
			`}`

			`// UnsealObjectKey extracts and decrypts the sealed object key`
			`// from the metadata using the SSE-Copy client key of the HTTP headers`
			`// and returns the decrypted object key.`
			`func (sse ssecCopy) UnsealObjectKey(h http.Header, metadata map[string]string, bucket, object string) (key ObjectKey, err error) {`
			`clientKey, err := sse.ParseHTTP(h)`
			`if err != nil {`
			`return`
			`}`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00			`return unsealObjectKey(clientKey[:], metadata, bucket, object)`
crypto: add helper functions for unsealing object keys (#6609) This commit adds 3 helper functions for SSE-C and SSE-S3 to simplify object key unsealing in server code. See #6600 2018-10-13 09:06:38 +08:00			`}`

			`// unsealObjectKey decrypts and returns the sealed object key`
			`// from the metadata using the SSE-C client key.`
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package. 2021-04-15 23:47:33 +08:00			`func unsealObjectKey(clientKey []byte, metadata map[string]string, bucket, object string) (key ObjectKey, err error) {`
crypto: add helper functions for unsealing object keys (#6609) This commit adds 3 helper functions for SSE-C and SSE-S3 to simplify object key unsealing in server code. See #6600 2018-10-13 09:06:38 +08:00			`sealedKey, err := SSEC.ParseMetadata(metadata)`
			`if err != nil {`
			`return`
			`}`
			`err = key.Unseal(clientKey, sealedKey, SSEC.String(), bucket, object)`
			`return`
			`}`

new package: cmd/crypto (#6062) This commit introduces a new crypto package providing AWS S3 related cryptographic building blocks to implement SSE-S3 (master key or KMS) and SSE-C. This change only adds some basic functionallity esp. related to SSE-S3 and documents the general approach for SSE-S3 and SSE-C. 2018-06-29 03:47:42 +08:00			`// EncryptSinglePart encrypts an io.Reader which must be the`
			`// the body of a single-part PUT request.`
			`func EncryptSinglePart(r io.Reader, key ObjectKey) io.Reader {`
add new pkg/fips for FIPS 140-2 (#12051) This commit introduces a new package `pkg/fips` that bundles functionality to handle and configure cryptographic protocols in case of FIPS 140. If it is compiled with `--tags=fips` it assumes that a FIPS 140-2 cryptographic module is used to implement all FIPS compliant cryptographic primitives - like AES, SHA-256, ... In "FIPS mode" it excludes all non-FIPS compliant cryptographic primitives from the protocol parameters. 2021-04-14 23:29:56 +08:00			`r, err := sio.EncryptReader(r, sio.Config{MinVersion: sio.Version20, Key: key[:], CipherSuites: fips.CipherSuitesDARE()})`
new package: cmd/crypto (#6062) This commit introduces a new crypto package providing AWS S3 related cryptographic building blocks to implement SSE-S3 (master key or KMS) and SSE-C. This change only adds some basic functionallity esp. related to SSE-S3 and documents the general approach for SSE-S3 and SSE-C. 2018-06-29 03:47:42 +08:00			`if err != nil {`
			`logger.CriticalIf(context.Background(), errors.New("Unable to encrypt io.Reader using object key"))`
			`}`
			`return r`
			`}`

crypto: add basic functionality for parsing SSE-C headers (#6148) This commit adds basic support for SSE-C / SSE-C copy. This includes functions for determining whether SSE-C is requested by the S3 client and functions for parsing such HTTP headers. All S3 SSE-C parsing errors are exported such that callers can pattern-match to forward the correct error to S3 clients. Further the SSE-C related internal metadata entry-keys are added by this commit. 2018-07-19 01:49:26 +08:00			`// EncryptMultiPart encrypts an io.Reader which must be the body of`
			`// multi-part PUT request. It derives an unique encryption key from`
			`// the partID and the object key.`
			`func EncryptMultiPart(r io.Reader, partID int, key ObjectKey) io.Reader {`
			`partKey := key.DerivePartKey(uint32(partID))`
			`return EncryptSinglePart(r, ObjectKey(partKey))`
			`}`

new package: cmd/crypto (#6062) This commit introduces a new crypto package providing AWS S3 related cryptographic building blocks to implement SSE-S3 (master key or KMS) and SSE-C. This change only adds some basic functionallity esp. related to SSE-S3 and documents the general approach for SSE-S3 and SSE-C. 2018-06-29 03:47:42 +08:00			`// DecryptSinglePart decrypts an io.Writer which must an object`
			`// uploaded with the single-part PUT API. The offset and length`
			`// specify the requested range.`
			`func DecryptSinglePart(w io.Writer, offset, length int64, key ObjectKey) io.WriteCloser {`
			`const PayloadSize = 1 << 16 // DARE 2.0`
			`w = ioutil.LimitedWriter(w, offset%PayloadSize, length)`

add new pkg/fips for FIPS 140-2 (#12051) This commit introduces a new package `pkg/fips` that bundles functionality to handle and configure cryptographic protocols in case of FIPS 140. If it is compiled with `--tags=fips` it assumes that a FIPS 140-2 cryptographic module is used to implement all FIPS compliant cryptographic primitives - like AES, SHA-256, ... In "FIPS mode" it excludes all non-FIPS compliant cryptographic primitives from the protocol parameters. 2021-04-14 23:29:56 +08:00			`decWriter, err := sio.DecryptWriter(w, sio.Config{Key: key[:], CipherSuites: fips.CipherSuitesDARE()})`
new package: cmd/crypto (#6062) This commit introduces a new crypto package providing AWS S3 related cryptographic building blocks to implement SSE-S3 (master key or KMS) and SSE-C. This change only adds some basic functionallity esp. related to SSE-S3 and documents the general approach for SSE-S3 and SSE-C. 2018-06-29 03:47:42 +08:00			`if err != nil {`
			`logger.CriticalIf(context.Background(), errors.New("Unable to decrypt io.Writer using object key"))`
			`}`
			`return decWriter`
			`}`