Update vendored library github.com/minio/minio-go

vendor/github.com/minio/minio-go/examples/s3/fputencrypted-object.go

@@ -22,8 +22,9 @@ package main
 import (
 	"log"
 
-	"github.com/minio/minio-go"
 	"github.com/minio/minio-go/pkg/encrypt"
+
+	"github.com/minio/minio-go"
 )
 
 func main() {
@@ -40,38 +41,16 @@ func main() {
 		log.Fatalln(err)
 	}
 
-	// Specify a local file that we will upload
-	filePath := "my-testfile"
+	filePath := "my-testfile"                  // Specify a local file that we will upload
+	bucketname := "my-bucketname"              // Specify a bucket name - the bucket must already exist
+	objectName := "my-objectname"              // Specify a object name
+	password := "correct horse battery staple" // Specify your password. DO NOT USE THIS ONE - USE YOUR OWN.
 
-	//// Build an asymmetric key from private and public files
-	//
-	// privateKey, err := ioutil.ReadFile("private.key")
-	// if err != nil {
-	//	t.Fatal(err)
-	// }
-	//
-	// publicKey, err := ioutil.ReadFile("public.key")
-	// if err != nil {
-	//	t.Fatal(err)
-	// }
-	//
-	// asymmetricKey, err := NewAsymmetricKey(privateKey, publicKey)
-	// if err != nil {
-	//	t.Fatal(err)
-	// }
-	////
-
-	// Build a symmetric key
-	symmetricKey := encrypt.NewSymmetricKey([]byte("my-secret-key-00"))
-
-	// Build encryption materials which will encrypt uploaded data
-	cbcMaterials, err := encrypt.NewCBCSecureMaterials(symmetricKey)
-	if err != nil {
-		log.Fatalln(err)
-	}
+	// New SSE-C where the cryptographic key is derived from a password and the objectname + bucketname as salt
+	encryption := encrypt.DefaultPBKDF([]byte(password), []byte(bucketname+objectName))
 
 	// Encrypt file content and upload to the server
-	n, err := s3Client.FPutEncryptedObject("my-bucketname", "my-objectname", filePath, cbcMaterials)
+	n, err := s3Client.FPutObject(bucketname, objectName, filePath, minio.PutObjectOptions{ServerSideEncryption: encryption})
 	if err != nil {
 		log.Fatalln(err)
 	}

vendor/github.com/minio/minio-go/examples/s3/get-encrypted-object.go

@@ -42,35 +42,15 @@ func main() {
 		log.Fatalln(err)
 	}
 
-	//// Build an asymmetric key from private and public files
-	//
-	// privateKey, err := ioutil.ReadFile("private.key")
-	// if err != nil {
-	//	t.Fatal(err)
-	// }
-	//
-	// publicKey, err := ioutil.ReadFile("public.key")
-	// if err != nil {
-	//	t.Fatal(err)
-	// }
-	//
-	// asymmetricKey, err := NewAsymmetricKey(privateKey, publicKey)
-	// if err != nil {
-	//	t.Fatal(err)
-	// }
-	////
+	bucketname := "my-bucketname"              // Specify a bucket name - the bucket must already exist
+	objectName := "my-objectname"              // Specify a object name - the object must already exist
+	password := "correct horse battery staple" // Specify your password. DO NOT USE THIS ONE - USE YOUR OWN.
 
-	// Build a symmetric key
-	symmetricKey := encrypt.NewSymmetricKey([]byte("my-secret-key-00"))
+	// New SSE-C where the cryptographic key is derived from a password and the objectname + bucketname as salt
+	encryption := encrypt.DefaultPBKDF([]byte(password), []byte(bucketname+objectName))
 
-	// Build encryption materials which will encrypt uploaded data
-	cbcMaterials, err := encrypt.NewCBCSecureMaterials(symmetricKey)
-	if err != nil {
-		log.Fatalln(err)
-	}
-
-	// Get a deciphered data from the server, deciphering is assured by cbcMaterials
-	reader, err := s3Client.GetEncryptedObject("my-bucketname", "my-objectname", cbcMaterials)
+	// Get the encrypted object
+	reader, err := s3Client.GetObject(bucketname, objectName, minio.GetObjectOptions{ServerSideEncryption: encryption})
 	if err != nil {
 		log.Fatalln(err)
 	}

vendor/github.com/minio/minio-go/examples/s3/put-encrypted-object.go

@@ -41,42 +41,30 @@ func main() {
 		log.Fatalln(err)
 	}
 
+	filePath := "my-testfile" // Specify a local file that we will upload
+
 	// Open a local file that we will upload
-	file, err := os.Open("my-testfile")
+	file, err := os.Open(filePath)
 	if err != nil {
 		log.Fatalln(err)
 	}
 	defer file.Close()
 
-	//// Build an asymmetric key from private and public files
-	//
-	// privateKey, err := ioutil.ReadFile("private.key")
-	// if err != nil {
-	//	t.Fatal(err)
-	// }
-	//
-	// publicKey, err := ioutil.ReadFile("public.key")
-	// if err != nil {
-	//	t.Fatal(err)
-	// }
-	//
-	// asymmetricKey, err := NewAsymmetricKey(privateKey, publicKey)
-	// if err != nil {
-	//	t.Fatal(err)
-	// }
-	////
-
-	// Build a symmetric key
-	symmetricKey := encrypt.NewSymmetricKey([]byte("my-secret-key-00"))
-
-	// Build encryption materials which will encrypt uploaded data
-	cbcMaterials, err := encrypt.NewCBCSecureMaterials(symmetricKey)
+	// Get file stats.
+	fstat, err := file.Stat()
 	if err != nil {
 		log.Fatalln(err)
 	}
 
+	bucketname := "my-bucketname"              // Specify a bucket name - the bucket must already exist
+	objectName := "my-objectname"              // Specify a object name
+	password := "correct horse battery staple" // Specify your password. DO NOT USE THIS ONE - USE YOUR OWN.
+
+	// New SSE-C where the cryptographic key is derived from a password and the objectname + bucketname as salt
+	encryption := encrypt.DefaultPBKDF([]byte(password), []byte(bucketname+objectName))
+
 	// Encrypt file content and upload to the server
-	n, err := s3Client.PutEncryptedObject("my-bucketname", "my-objectname", file, cbcMaterials)
+	n, err := s3Client.PutObject(bucketname, objectName, file, fstat.Size(), minio.PutObjectOptions{ServerSideEncryption: encryption})
 	if err != nil {
 		log.Fatalln(err)
 	}

vendor/github.com/minio/minio-go/examples/s3/putobject-getobject-sse.go

@@ -21,11 +21,11 @@ package main
 
 import (
 	"bytes"
-	"crypto/md5"
-	"encoding/base64"
 	"io/ioutil"
 	"log"
 
+	"github.com/minio/minio-go/pkg/encrypt"
+
 	minio "github.com/minio/minio-go"
 )
 
@@ -40,38 +40,19 @@ func main() {
 		log.Fatalln(err)
 	}
 
-	content := bytes.NewReader([]byte("Hello again"))
-	key := []byte("32byteslongsecretkeymustprovided")
-	h := md5.New()
-	h.Write(key)
-	encryptionKey := base64.StdEncoding.EncodeToString(key)
-	encryptionKeyMD5 := base64.StdEncoding.EncodeToString(h.Sum(nil))
+	bucketName := "my-bucket"
+	objectName := "my-encrypted-object"
+	object := []byte("Hello again")
 
-	// Amazon S3 does not store the encryption key you provide.
-	// Instead S3 stores a randomly salted HMAC value of the
-	// encryption key in order to validate future requests.
-	// The salted HMAC value cannot be used to derive the value
-	// of the encryption key or to decrypt the contents of the
-	// encrypted object. That means, if you lose the encryption
-	// key, you lose the object.
-	var metadata = map[string]string{
-		"x-amz-server-side-encryption-customer-algorithm": "AES256",
-		"x-amz-server-side-encryption-customer-key":       encryptionKey,
-		"x-amz-server-side-encryption-customer-key-MD5":   encryptionKeyMD5,
-	}
-
-	// minioClient.TraceOn(os.Stderr) // Enable to debug.
-	_, err = minioClient.PutObject("mybucket", "my-encrypted-object.txt", content, 11, minio.PutObjectOptions{UserMetadata: metadata})
+	encryption := encrypt.DefaultPBKDF([]byte("my secret password"), []byte(bucketName+objectName))
+	_, err = minioClient.PutObject(bucketName, objectName, bytes.NewReader(object), int64(len(object)), minio.PutObjectOptions{
+		ServerSideEncryption: encryption,
+	})
 	if err != nil {
 		log.Fatalln(err)
 	}
 
-	opts := minio.GetObjectOptions{}
-	for k, v := range metadata {
-		opts.Set(k, v)
-	}
-	coreClient := minio.Core{minioClient}
-	reader, _, err := coreClient.GetObject("mybucket", "my-encrypted-object.txt", opts)
+	reader, err := minioClient.GetObject(bucketName, objectName, minio.GetObjectOptions{ServerSideEncryption: encryption})
 	if err != nil {
 		log.Fatalln(err)
 	}
@@ -81,7 +62,7 @@ func main() {
 	if err != nil {
 		log.Fatalln(err)
 	}
-	if !bytes.Equal(decBytes, []byte("Hello again")) {
-		log.Fatalln("Expected \"Hello, world\", got %s", string(decBytes))
+	if !bytes.Equal(decBytes, object) {
+		log.Fatalln("Expected %s, got %s", string(object), string(decBytes))
 	}
 }