Difference between revisions of "Security/Juno/Barbican"
(Created page with "This page documents security related details for the Barbican project in the OpenStack Juno release. === Implemented Crypto === === Used Crypto === ==== Libraries ==== ===...") |
(→Encryption Algorithms) |
||
| (11 intermediate revisions by the same user not shown) | |||
| Line 6: | Line 6: | ||
==== Libraries ==== | ==== Libraries ==== | ||
| + | * PyCrypto | ||
| + | * PyKCS11 (what does this use for underlying crypto?) | ||
==== Encryption Algorithms ==== | ==== Encryption Algorithms ==== | ||
| Line 12: | Line 14: | ||
! Algorithm !! Purpose !! Configurable !! Implementation !! Details !! Source | ! Algorithm !! Purpose !! Configurable !! Implementation !! Details !! Source | ||
|- | |- | ||
| − | || || || || || | + | | AES || Example crypto plug-in || No || PyCrypto || |
| + | * Uses a 128 bit hardcoded default key. The key can be over-ridden by config. | ||
| + | * TODO - fill in details on what this is used for (if anything other than an example) | ||
| + | || | ||
| + | * barbican/crypto/plugin.py:SimpleCryptoPlugin | ||
| + | |- | ||
| + | | AES || PKCS11 plug-in || No || PyKCS11 || | ||
| + | * TODO - fill in details (key size, usage, etc.) | ||
| + | || | ||
| + | * barbican/crypto/p11_crypto.py:P11CryptoPlugin | ||
| + | |- | ||
| + | | AES || utility class || Yes || PyCrypto || | ||
| + | * Used as the default encryption/decryption algorithm for symmetric crypto utility class. | ||
| + | * Caller can specify a different algorithm. | ||
| + | * Caller specifies the key size. | ||
| + | * This class isn't currently used anywhere within Barbican. | ||
| + | || | ||
| + | * barbican/openstack/common/crypto/utils.py:SymmetricCrypto | ||
| + | |- | ||
| + | | DES || Example crypto plug-in || ? || ? || | ||
| + | * TODO - Mentioned in SYMMETRIC_ALGORITHMS, but I don't see that this is actually used/implemented anywhere. What is this for? Do we even need to mention DES in the code here? | ||
| + | || | ||
| + | * barbican/crypto/plugin.py:PluginSupportTypes | ||
|} | |} | ||
| Line 20: | Line 44: | ||
! Algorithm !! Purpose !! Configurable !! Implementation !! Details !! Source | ! Algorithm !! Purpose !! Configurable !! Implementation !! Details !! Source | ||
|- | |- | ||
| − | || || || || || | + | | sha256 || HKDF || Yes || PyCrypto || |
| + | * Used as the default algorithm for HMAC-based Key Derivation Function (HKDF) utility class. | ||
| + | * Caller can specify a different hashing algorithm. | ||
| + | * This class isn't currently used anywhere within Barbican. | ||
| + | || | ||
| + | * barbican/openstack/common/crypto/utils.py:HKDF | ||
| + | |- | ||
| + | | sha256 || symmetric crypto signing || Yes || PyCrypto || | ||
| + | * Used as the default signing (HMAC) algorithm for symmetric crypto utility class. | ||
| + | * Caller can specify a different hashing algorithm. | ||
| + | * This class isn't currently used anywhere within Barbican. | ||
| + | || | ||
| + | * barbican/openstack/common/crypto/utils.py:SymmetricCrypto | ||
|} | |} | ||
Latest revision as of 19:56, 25 April 2014
This page documents security related details for the Barbican project in the OpenStack Juno release.
Contents
Implemented Crypto
Used Crypto
Libraries
- PyCrypto
- PyKCS11 (what does this use for underlying crypto?)
Encryption Algorithms
| Algorithm | Purpose | Configurable | Implementation | Details | Source |
|---|---|---|---|---|---|
| AES | Example crypto plug-in | No | PyCrypto |
|
|
| AES | PKCS11 plug-in | No | PyKCS11 |
|
|
| AES | utility class | Yes | PyCrypto |
|
|
| DES | Example crypto plug-in | ? | ? |
|
|
Hashing Algorithms
| Algorithm | Purpose | Configurable | Implementation | Details | Source |
|---|---|---|---|---|---|
| sha256 | HKDF | Yes | PyCrypto |
|
|
| sha256 | symmetric crypto signing | Yes | PyCrypto |
|
|
