Fix CKM_AES_GCM encryption
This patch fixes a parameter mismatch bug when using the CKM_AES_GCM mechanism. This bug also renames the 'generate_iv' option to 'aes_gcm_generate_iv' to reflect the fact that it only applies to the CKM_AES_GCM mechanism since IVs will always be generated when using CKM_AES_CBC. Change-Id: Iaa94b5cf2b2f77aaed72ec6b8b11e5ccf1fc3cca
This commit is contained in:
parent
dffba064eb
commit
e4d09f5848
@ -78,9 +78,9 @@ p11_crypto_plugin_opts = [
|
|||||||
cfg.StrOpt('plugin_name',
|
cfg.StrOpt('plugin_name',
|
||||||
help=u._('User friendly plugin name'),
|
help=u._('User friendly plugin name'),
|
||||||
default='PKCS11 HSM'),
|
default='PKCS11 HSM'),
|
||||||
cfg.BoolOpt('generate_iv',
|
cfg.BoolOpt('aes_gcm_generate_iv',
|
||||||
help=u._('Flag for plugin generated iv case'),
|
help=u._('Generate IVs for CKM_AES_GCM mechanism.'),
|
||||||
default=False),
|
default=True, deprecated_name='generate_iv'),
|
||||||
]
|
]
|
||||||
CONF.register_group(p11_crypto_plugin_group)
|
CONF.register_group(p11_crypto_plugin_group)
|
||||||
CONF.register_opts(p11_crypto_plugin_opts, group=p11_crypto_plugin_group)
|
CONF.register_opts(p11_crypto_plugin_opts, group=p11_crypto_plugin_group)
|
||||||
@ -301,7 +301,7 @@ class P11CryptoPlugin(plugin.CryptoPluginBase):
|
|||||||
encryption_mechanism=plugin_conf.encryption_mechanism,
|
encryption_mechanism=plugin_conf.encryption_mechanism,
|
||||||
ffi=ffi,
|
ffi=ffi,
|
||||||
seed_random_buffer=seed_random_buffer,
|
seed_random_buffer=seed_random_buffer,
|
||||||
generate_iv=plugin_conf.generate_iv,
|
generate_iv=plugin_conf.aes_gcm_generate_iv,
|
||||||
)
|
)
|
||||||
|
|
||||||
def _reinitialize_pkcs11(self):
|
def _reinitialize_pkcs11(self):
|
||||||
|
@ -561,7 +561,9 @@ class PKCS11(object):
|
|||||||
return self._VENDOR_SAFENET_CKM_AES_GCM_encrypt(key, pt_data, session)
|
return self._VENDOR_SAFENET_CKM_AES_GCM_encrypt(key, pt_data, session)
|
||||||
|
|
||||||
def _CKM_AES_GCM_decrypt(self, key, iv, ct_data, session):
|
def _CKM_AES_GCM_decrypt(self, key, iv, ct_data, session):
|
||||||
return self._VENDOR_SAFENET_CKM_AES_GCM_decrypt(key, ct_data, session)
|
return self._VENDOR_SAFENET_CKM_AES_GCM_decrypt(
|
||||||
|
key, iv, ct_data, session
|
||||||
|
)
|
||||||
|
|
||||||
def decrypt(self, mechanism, key, iv, ct_data, session):
|
def decrypt(self, mechanism, key, iv, ct_data, session):
|
||||||
if mechanism not in _ENCRYPTION_MECHANISMS:
|
if mechanism not in _ENCRYPTION_MECHANISMS:
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
Deprecated the `generate_iv` option name. It has been renamed to
|
||||||
|
`aes_gcm_generate_iv` to reflect the fact that it only applies to the
|
||||||
|
CKM_AES_GCM mechanism.
|
Loading…
Reference in New Issue
Block a user