openstack/barbican
Code Issues Proposed changes

P11CryptoPlugin is now functional

Browse Source 
Still needed: tests (next up)

Change-Id: Ib4ed643178a8e1d4b72c5a588ed8b8b90b0805f4
Implements: blueprint crypto-implement-hsm-plugin
This commit is contained in:
Paul Kehrer
2013-08-12 12:20:00 -05:00
parent 7d7e918953
commit b03530abe0
2 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
barbican/crypto/p11plugin.py → barbican/crypto/p11_crypto.py
View File

@@ -1,6 +1,8 @@
# TODO: Restore this: import PyKCS11
# This code is disabled just enough to pass tox tests, but once full
# integration into Barbican is achieved, this code should re-enabled.
try:
import PyKCS11
except ImportError:
PyKCS11 = {} # TODO: remove testing workaround
import base64
@@ -13,9 +15,6 @@ from barbican.openstack.common import jsonutils as json
from barbican.openstack.common.gettextutils import _
# TODO: Remove this:
PyKCS11 = {}
CONF = cfg.CONF
p11_crypto_plugin_group = cfg.OptGroup(name='p11_crypto_plugin',
@@ -114,7 +113,7 @@ class P11CryptoPlugin(CryptoPluginBase):
# TODO: GCM should not require padding.
padded_data = self._pad(unencrypted)
key = self._get_key_by_label(kek_meta_tenant.kek_label)
iv = self.generate_iv()
iv = self._generate_iv()
gcm = self._build_gcm_params(iv)
mech = PyKCS11.Mechanism(self.algorithm, gcm)
encrypted = self.session.encrypt(key, padded_data, mech)
@@ -165,8 +164,10 @@ class P11CryptoPlugin(CryptoPluginBase):
(PyKCS11.CKA_EXTRACTABLE, False))
ckattr = self.session._template2ckattrlist(template)
m = PyKCS11.Mechanism(PyKCS11.CKM_AES_KEY_GEN, None)
key = PyKCS11.CK_OBJECT_HANDLE()
m = PyKCS11.LowLevel.CK_MECHANISM()
m.mechanism = PyKCS11.LowLevel.CKM_AES_KEY_GEN
key = PyKCS11.LowLevel.CK_OBJECT_HANDLE()
self._check_error(
self.pkcs11.lib.C_GenerateKey(
self.rw_session.session,

2
setup.py
View File

@@ -75,7 +75,7 @@ setup(
py_modules=[],
entry_points="""
[barbican.crypto.plugin]
p11_crypto = barbican.crypto.p11plugin:P11CryptoPlugin
p11_crypto = barbican.crypto.p11_crypto:P11CryptoPlugin
simple_crypto = barbican.crypto.plugin:SimpleCryptoPlugin
[barbican.test.crypto.plugin]