10 Commits (37749f462339063597e053851cc782b730bb6398)

Author	SHA1	Message	Date
Harshavardhana	abc1c1070a	Add custom policy claim name (#8764) ... In certain organizations policy claim names can be not just 'policy' but also things like 'roles', the value of this field might also be *string* or *[]string* support this as well In this PR we are still not supporting multiple policies per STS account which will require a more comprehensive change.	5 years ago
Harshavardhana	933c60bc3a	Add crypto context errors (#8740) ... Currently when connections to vault fail, client perpetually retries this leads to assumptions that the server has issues and masks the problem. Re-purpose *crypto.Error* type to send appropriate errors back to the client.	5 years ago
Andreas Auernhammer	ffded5a930	make the crypto error type a native go type (#8267) ... This commit makes the `crypto.Error` type a native go (string) type. That allows us to define error values as constants instead of variables. For reference see: - https://twitter.com/_aead_/status/1118170258215514115?s=20 - https://dave.cheney.net/2016/04/07/constant-errors	5 years ago
Andreas Auernhammer	e34369c860	prepare SSE-S3 metadata parsing for K/V data key store (#8259) ... This commit allows the MinIO server to parse the metadata if: - either the `X-Minio-Internal-Server-Side-Encryption-S3-Key-Id` and the `X-Minio-Internal-Server-Side-Encryption-S3-Kms-Sealed-Key` entries are present. - or *both* headers are not present. This is in service to support a K/V data key store.	5 years ago
kannappanr	5ecac91a55	Replace Minio refs in docs with MinIO and links (#7494)	6 years ago
Harshavardhana	b5280ba243	Migrate to Go version 1.11.4 (#7026)	6 years ago
Andreas Auernhammer	8a6c3aa3cd	crypto: add RemoveInternalEntries function (#6616) ... This commit adds a function for removing crypto-specific internal entries from the object metadata. See #6604	6 years ago
Andreas Auernhammer	baec331e84	crypto: add functions for sealing/unsealing the etag for SSE (#6618) ... This commit adds two functions for sealing/unsealing the etag (a.k.a. content MD5) in case of SSE single-part upload. Sealing the ETag is neccessary in case of SSE-S3 to preserve the security guarantees. In case of SSE-S3 AWS returns the content-MD5 of the plaintext object as ETag. However, we must not store the MD5 of the plaintext for encrypted objects. Otherwise it becomes possible for an attacker to detect equal/non-equal encrypted objects. Therefore we encrypt the ETag before storing on the backend. But we only need to encrypt the ETag (content-MD5) if the client send it - otherwise the client cannot verify it anyway.	6 years ago
Andreas Auernhammer	8cf7b88cc5	add functions to remove confidential information (#6516) ... This commit adds two functions for removing confidential information - like SSE-C keys - from HTTP headers / object metadata. This creates a central point grouping all headers/entries which must be filtered / removed. See also https://github.com/minio/minio/pull/6489#discussion_r219797993 of #6489	6 years ago
Andreas Auernhammer	644c2ce326	crypto: add support for parsing/creating SSE-C/SSE-S3 metadata (#6169) ... * crypto: add support for parsing SSE-C/SSE-S3 metadata This commit adds support for detecting and parsing SSE-C/SSE-S3 object metadata. With the `IsEncrypted` functions it is possible to determine whether an object seems to be encrypted. With the `ParseMetadata` functions it is possible to validate such metadata and extract the SSE-C/SSE-S3 related values. It also fixes some naming issues. * crypto: add functions for creating SSE object metadata This commit adds functions for creating SSE-S3 and SSE-C metadata. It also adds a `CreateMultipartMetadata` for creating multipart metadata. For all functions unit tests are included.	6 years ago