0d4101fa5d
The PKCS#11 backend key-wraps (encrypts) the project-specific Key Encryption Keys (pKEKs) using the master encryption key (MKEK). The mechanism for wrapping/unwrapping the keys was hard-coded to use CKM_AES_CBC_PAD. This patch refactors the pkcs11 module to make this mechanism configurable. This is necessary to fix Bug #2036506 because some PKCS#11 devices and software implementations no longer allow CKM_AES_CBC_PAD to be used for key wrapping. Supported key wrap mechanisms now include: * CKM_AES_CBC_PAD * CKM_AES_KEY_WRAP_PAD * CKM_AES_KEY_WRAP_KWP Closes-Bug: #2036506 Change-Id: Ic2009a2a55622bb707e884d6a960c044b2248f52 |
||
|---|---|---|
| .. | ||
| barbican-backend.rst | ||
| common_configure.rst | ||
| common_prerequisites.rst | ||
| get_started.rst | ||
| index.rst | ||
| install-obs.rst | ||
| install-rdo.rst | ||
| install-ubuntu.rst | ||
| install.rst | ||
| next-steps.rst | ||
| verify.rst | ||