std::string_view key_id =
get_crypt_attribute(s->info.env, parts, X_AMZ_SERVER_SIDE_ENCRYPTION_AWS_KMS_KEY_ID);
if (key_id.empty()) {
- ldout(s->cct, 5) << "ERROR: not provide a valid key id" << dendl;
+ ldpp_dout(s, 5) << "ERROR: not provide a valid key id" << dendl;
s->err.message = "Server Side Encryption with KMS managed key requires "
"HTTP header x-amz-server-side-encryption-aws-kms-key-id";
- return -ERR_INVALID_ACCESS_KEY;
+ return -EINVAL;
}
/* try to retrieve actual key */
std::string key_selector = create_random_key_selector(s->cct);
return res;
}
if (actual_key.size() != AES_256_KEYSIZE) {
- ldout(s->cct, 5) << "ERROR: key obtained from key_id:" <<
+ ldpp_dout(s, 5) << "ERROR: key obtained from key_id:" <<
key_id << " is not 256 bit size" << dendl;
s->err.message = "KMS provided an invalid key for the given kms-keyid.";
- return -ERR_INVALID_ACCESS_KEY;
+ return -EINVAL;
}
- set_attr(attrs, RGW_ATTR_CRYPT_MODE, "SSE-KMS");
- set_attr(attrs, RGW_ATTR_CRYPT_KEYID, key_id);
- set_attr(attrs, RGW_ATTR_CRYPT_KEYSEL, key_selector);
if (block_crypt) {
- auto aes = std::unique_ptr<AES_256_CBC>(new AES_256_CBC(s->cct));
+ auto aes = std::unique_ptr<AES_256_CBC>(new AES_256_CBC(s, s->cct));
aes->set_key(reinterpret_cast<const uint8_t*>(actual_key.c_str()), AES_256_KEYSIZE);
*block_crypt = std::move(aes);
}
projects / ceph.git / commitdiff