Difference between revisions of "Security/Juno/Barbican"
(→Libraries) |
(→Encryption Algorithms) |
||
(10 intermediate revisions by the same user not shown) | |||
Line 7: | Line 7: | ||
==== Libraries ==== | ==== Libraries ==== | ||
* PyCrypto | * PyCrypto | ||
+ | * PyKCS11 (what does this use for underlying crypto?) | ||
==== Encryption Algorithms ==== | ==== Encryption Algorithms ==== | ||
Line 13: | Line 14: | ||
! Algorithm !! Purpose !! Configurable !! Implementation !! Details !! Source | ! Algorithm !! Purpose !! Configurable !! Implementation !! Details !! Source | ||
|- | |- | ||
− | || || || || || | + | | AES || Example crypto plug-in || No || PyCrypto || |
+ | * Uses a 128 bit hardcoded default key. The key can be over-ridden by config. | ||
+ | * TODO - fill in details on what this is used for (if anything other than an example) | ||
+ | || | ||
+ | * barbican/crypto/plugin.py:SimpleCryptoPlugin | ||
+ | |- | ||
+ | | AES || PKCS11 plug-in || No || PyKCS11 || | ||
+ | * TODO - fill in details (key size, usage, etc.) | ||
+ | || | ||
+ | * barbican/crypto/p11_crypto.py:P11CryptoPlugin | ||
+ | |- | ||
+ | | AES || utility class || Yes || PyCrypto || | ||
+ | * Used as the default encryption/decryption algorithm for symmetric crypto utility class. | ||
+ | * Caller can specify a different algorithm. | ||
+ | * Caller specifies the key size. | ||
+ | * This class isn't currently used anywhere within Barbican. | ||
+ | || | ||
+ | * barbican/openstack/common/crypto/utils.py:SymmetricCrypto | ||
+ | |- | ||
+ | | DES || Example crypto plug-in || ? || ? || | ||
+ | * TODO - Mentioned in SYMMETRIC_ALGORITHMS, but I don't see that this is actually used/implemented anywhere. What is this for? Do we even need to mention DES in the code here? | ||
+ | || | ||
+ | * barbican/crypto/plugin.py:PluginSupportTypes | ||
|} | |} | ||
Line 21: | Line 44: | ||
! Algorithm !! Purpose !! Configurable !! Implementation !! Details !! Source | ! Algorithm !! Purpose !! Configurable !! Implementation !! Details !! Source | ||
|- | |- | ||
− | || || || || || | + | | sha256 || HKDF || Yes || PyCrypto || |
+ | * Used as the default algorithm for HMAC-based Key Derivation Function (HKDF) utility class. | ||
+ | * Caller can specify a different hashing algorithm. | ||
+ | * This class isn't currently used anywhere within Barbican. | ||
+ | || | ||
+ | * barbican/openstack/common/crypto/utils.py:HKDF | ||
+ | |- | ||
+ | | sha256 || symmetric crypto signing || Yes || PyCrypto || | ||
+ | * Used as the default signing (HMAC) algorithm for symmetric crypto utility class. | ||
+ | * Caller can specify a different hashing algorithm. | ||
+ | * This class isn't currently used anywhere within Barbican. | ||
+ | || | ||
+ | * barbican/openstack/common/crypto/utils.py:SymmetricCrypto | ||
|} | |} | ||
Latest revision as of 19:56, 25 April 2014
This page documents security related details for the Barbican project in the OpenStack Juno release.
Contents
Implemented Crypto
Used Crypto
Libraries
- PyCrypto
- PyKCS11 (what does this use for underlying crypto?)
Encryption Algorithms
Algorithm | Purpose | Configurable | Implementation | Details | Source |
---|---|---|---|---|---|
AES | Example crypto plug-in | No | PyCrypto |
|
|
AES | PKCS11 plug-in | No | PyKCS11 |
|
|
AES | utility class | Yes | PyCrypto |
|
|
DES | Example crypto plug-in | ? | ? |
|
|
Hashing Algorithms
Algorithm | Purpose | Configurable | Implementation | Details | Source |
---|---|---|---|---|---|
sha256 | HKDF | Yes | PyCrypto |
|
|
sha256 | symmetric crypto signing | Yes | PyCrypto |
|
|