b7da1f771c
Introduced the parameter 'hmac_keywrap_mechanism' in group '[p11_crypto_plugin]' in Barbican config. The default value, which were hard coded before, is 'CKM_SHA256_HMAC'. This defines the machanism used to compute the HMAC from an wrapped PKEK. However with Utimaco HSMs this leads to an CKR_MECHANISM_INVALID error. Therefore for Utimaco HSMs 'hmac_keywrap_mechanism' has to be changed to 'CKM_AES_MAC'. Change-Id: I53537a96bc4b2acb30be5fa85e10bac89917851f Story: 2004833 Task: 29027
10 lines
422 B
YAML
10 lines
422 B
YAML
---
|
|
fixes:
|
|
- |
|
|
Fixed Story #2004734: Added a new option 'hmac_keywrap_mechanism' to make
|
|
the mechanism used to calculate a HMAC from an wrapped PKEK configurable.
|
|
This was introduced because of an problem with Utimaco HSMs which throw an
|
|
'CKR_MECHANISM_INVALID' error, e.g. when a new PKEK is generated. For
|
|
Utimaco HSMs, 'hmac_keywrap_mechanism' should be set to 'CKM_AES_MAC' in
|
|
barbican.conf.
|