Tags: obj3kt/kms-go
Tags
kms: extend the `Client.Restart` API to support cluster-wide restarts (… …minio#40) This commit changes the behavior of `Client.Restart` such that it uses the cluster-wide restart mechanism to restart all nodes within a cluster. The adv. of the new cluster-wide restart is that a client doesn't have to know all cluster nodes to restart all nodes within a cluster. Instead, it can delegate this task to one of the cluster nodes. However, a client can still restart all cluster nodes itself by providing a list of hosts. Signed-off-by: Andreas Auernhammer <github@aead.dev>
kes: use global `math/rand` instead of `math/rand.New` (minio#26) This commit reverts to the global `math/rand` RNG. The global RNG is safe for current use - due to its source. The default `rand.NewSource` is not safe for concurrent usage. This can cause crashes like the following: ``` panic: runtime error: index out of range [-1] goroutine 3902089 [running]: math/rand.(*rngSource).Uint64(...) math/rand/rng.go:249 math/rand.(*rngSource).Int63(0x0?) math/rand/rng.go:234 +0x85 math/rand.(*Rand).Int63(...) math/rand/rand.go:96 math/rand.(*Rand).Int31(...) math/rand/rand.go:110 math/rand.(*Rand).Int31n(0x454c860?, 0x1?) math/rand/rand.go:142 +0x6a math/rand.(*Rand).Intn(0xc00f099020?, 0x1d?) math/rand/rand.go:183 +0x25 github.com/minio/kms-go/kes.(*loadBalancer).Send(0xc000afeba0, {0x68bcb58, 0x91fb380}, 0xc0192ce720, {0x4805358, 0x4}, ``` Signed-off-by: Andreas Auernhammer <github@aead.dev>
kms: add support for stack trace levels (minio#20) This commit adds support for requesting stack traces only for specific log records. Now a client can request stack traces only for records with a certain log level. This allows a client to filter out non-interesting stack traces (e.g. for debug log records). While clients can always filter themselves, not sending them at the server-side saves bandwidth and CPU time used when marshaling. Signed-off-by: Andreas Auernhammer <github@aead.dev>
kes: add `Client.HMAC` This commit adds the `Client.HMAC` method that computes the HMAC of a message using a key at the KES server.
kes: add `Client.HMAC` This commit adds the `Client.HMAC` method that computes the HMAC of a message using a key at the KES server.
kms: add more APIs and request/response types. This commit adds support for more KMS APIs, like creating and deleting enclaves and secret keys. It also adds the generic `ListRequest` and `ListResponse` types. Signed-off-by: Andreas Auernhammer <github@aead.dev>
add encrypt, decrypt and generate key APIs This commit adds the encrypt, decrypt and generate data encryption key APIs. Signed-off-by: Andreas Auernhammer <github@aead.dev>
fix argument order in `policy.Verify` This commit fixes a bug in the `policy.Verify` function. The order of the arguments was incorrect causing `Verify` to behave incorrectly. This commit also adds some test cases to test this behavior. Signed-off-by: Andreas Auernhammer <github@aead.dev>
prepare SDK for the distributed KES implementation This commit changes the SDK w.r.t. to the upcoming distributed KES server implementation. In particular, the listing code has been changed to a paginated implementation. However, backwards compatibility with existing KES servers is maintained. Signed-off-by: Andreas Auernhammer <hi@aead.dev>
PreviousNext