P11CryptoPlugin is now functional
Still needed: tests (next up) Change-Id: Ib4ed643178a8e1d4b72c5a588ed8b8b90b0805f4 Implements: blueprint crypto-implement-hsm-plugin
This commit is contained in:
Paul Kehrer
@@ -1,6 +1,8 @@
|
|||||||
# TODO: Restore this: import PyKCS11
|
try:
|
||||||
# This code is disabled just enough to pass tox tests, but once full
|
import PyKCS11
|
||||||
# integration into Barbican is achieved, this code should re-enabled.
|
except ImportError:
|
||||||
|
PyKCS11 = {} # TODO: remove testing workaround
|
||||||
|
|
||||||
|
|
||||||
import base64
|
import base64
|
||||||
|
|
||||||
@@ -13,9 +15,6 @@ from barbican.openstack.common import jsonutils as json
|
|||||||
from barbican.openstack.common.gettextutils import _
|
from barbican.openstack.common.gettextutils import _
|
||||||
|
|
||||||
|
|
||||||
# TODO: Remove this:
|
|
||||||
PyKCS11 = {}
|
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
|
|
||||||
p11_crypto_plugin_group = cfg.OptGroup(name='p11_crypto_plugin',
|
p11_crypto_plugin_group = cfg.OptGroup(name='p11_crypto_plugin',
|
||||||
@@ -114,7 +113,7 @@ class P11CryptoPlugin(CryptoPluginBase):
|
|||||||
# TODO: GCM should not require padding.
|
# TODO: GCM should not require padding.
|
||||||
padded_data = self._pad(unencrypted)
|
padded_data = self._pad(unencrypted)
|
||||||
key = self._get_key_by_label(kek_meta_tenant.kek_label)
|
key = self._get_key_by_label(kek_meta_tenant.kek_label)
|
||||||
iv = self.generate_iv()
|
iv = self._generate_iv()
|
||||||
gcm = self._build_gcm_params(iv)
|
gcm = self._build_gcm_params(iv)
|
||||||
mech = PyKCS11.Mechanism(self.algorithm, gcm)
|
mech = PyKCS11.Mechanism(self.algorithm, gcm)
|
||||||
encrypted = self.session.encrypt(key, padded_data, mech)
|
encrypted = self.session.encrypt(key, padded_data, mech)
|
||||||
@@ -165,8 +164,10 @@ class P11CryptoPlugin(CryptoPluginBase):
|
|||||||
(PyKCS11.CKA_EXTRACTABLE, False))
|
(PyKCS11.CKA_EXTRACTABLE, False))
|
||||||
ckattr = self.session._template2ckattrlist(template)
|
ckattr = self.session._template2ckattrlist(template)
|
||||||
|
|
||||||
m = PyKCS11.Mechanism(PyKCS11.CKM_AES_KEY_GEN, None)
|
m = PyKCS11.LowLevel.CK_MECHANISM()
|
||||||
key = PyKCS11.CK_OBJECT_HANDLE()
|
m.mechanism = PyKCS11.LowLevel.CKM_AES_KEY_GEN
|
||||||
|
|
||||||
|
key = PyKCS11.LowLevel.CK_OBJECT_HANDLE()
|
||||||
self._check_error(
|
self._check_error(
|
||||||
self.pkcs11.lib.C_GenerateKey(
|
self.pkcs11.lib.C_GenerateKey(
|
||||||
self.rw_session.session,
|
self.rw_session.session,
|
||||||
2
setup.py
2
setup.py
@@ -75,7 +75,7 @@ setup(
|
|||||||
py_modules=[],
|
py_modules=[],
|
||||||
entry_points="""
|
entry_points="""
|
||||||
[barbican.crypto.plugin]
|
[barbican.crypto.plugin]
|
||||||
p11_crypto = barbican.crypto.p11plugin:P11CryptoPlugin
|
p11_crypto = barbican.crypto.p11_crypto:P11CryptoPlugin
|
||||||
simple_crypto = barbican.crypto.plugin:SimpleCryptoPlugin
|
simple_crypto = barbican.crypto.plugin:SimpleCryptoPlugin
|
||||||
|
|
||||||
[barbican.test.crypto.plugin]
|
[barbican.test.crypto.plugin]
|
||||||
|
|||||||
Reference in New Issue
Block a user