barbican

History

Douglas Mendizábal 0d4101fa5d Configure mechanism for wrapping pKEKs The PKCS#11 backend key-wraps (encrypts) the project-specific Key Encryption Keys (pKEKs) using the master encryption key (MKEK). The mechanism for wrapping/unwrapping the keys was hard-coded to use CKM_AES_CBC_PAD. This patch refactors the pkcs11 module to make this mechanism configurable. This is necessary to fix Bug #2036506 because some PKCS#11 devices and software implementations no longer allow CKM_AES_CBC_PAD to be used for key wrapping. Supported key wrap mechanisms now include: * CKM_AES_CBC_PAD * CKM_AES_KEY_WRAP_PAD * CKM_AES_KEY_WRAP_KWP Closes-Bug: #2036506 Change-Id: Ic2009a2a55622bb707e884d6a960c044b2248f52	2024-11-13 15:42:30 -05:00
..
notes	Configure mechanism for wrapping pKEKs	2024-11-13 15:42:30 -05:00
source	Imported Translations from Zanata	2024-10-08 03:38:47 +00:00

Douglas Mendizábal 0d4101fa5d Configure mechanism for wrapping pKEKs

The PKCS#11 backend key-wraps (encrypts) the project-specific Key
Encryption Keys (pKEKs) using the master encryption key (MKEK).

The mechanism for wrapping/unwrapping the keys was hard-coded to use
CKM_AES_CBC_PAD.  This patch refactors the pkcs11 module to make this
mechanism configurable.

This is necessary to fix Bug #2036506 because some PKCS#11 devices and
software implementations no longer allow CKM_AES_CBC_PAD to be used for
key wrapping.

Supported key wrap mechanisms now include:

* CKM_AES_CBC_PAD
* CKM_AES_KEY_WRAP_PAD
* CKM_AES_KEY_WRAP_KWP

Closes-Bug: #2036506
Change-Id: Ic2009a2a55622bb707e884d6a960c044b2248f52

2024-11-13 15:42:30 -05:00

notes

Configure mechanism for wrapping pKEKs

2024-11-13 15:42:30 -05:00

source

Imported Translations from Zanata

2024-10-08 03:38:47 +00:00