Difference between revisions of "Security/Juno/Barbican"
(→Encryption Algorithms) |
(→Encryption Algorithms) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 7: | Line 7: | ||
==== Libraries ==== | ==== Libraries ==== | ||
* PyCrypto | * PyCrypto | ||
+ | * PyKCS11 (what does this use for underlying crypto?) | ||
==== Encryption Algorithms ==== | ==== Encryption Algorithms ==== | ||
Line 14: | Line 15: | ||
|- | |- | ||
| AES || Example crypto plug-in || No || PyCrypto || | | AES || Example crypto plug-in || No || PyCrypto || | ||
+ | * Uses a 128 bit hardcoded default key. The key can be over-ridden by config. | ||
* TODO - fill in details on what this is used for (if anything other than an example) | * TODO - fill in details on what this is used for (if anything other than an example) | ||
|| | || | ||
* barbican/crypto/plugin.py:SimpleCryptoPlugin | * barbican/crypto/plugin.py:SimpleCryptoPlugin | ||
+ | |- | ||
+ | | AES || PKCS11 plug-in || No || PyKCS11 || | ||
+ | * TODO - fill in details (key size, usage, etc.) | ||
+ | || | ||
+ | * barbican/crypto/p11_crypto.py:P11CryptoPlugin | ||
|- | |- | ||
| AES || utility class || Yes || PyCrypto || | | AES || utility class || Yes || PyCrypto || | ||
Line 25: | Line 32: | ||
|| | || | ||
* barbican/openstack/common/crypto/utils.py:SymmetricCrypto | * barbican/openstack/common/crypto/utils.py:SymmetricCrypto | ||
+ | |- | ||
+ | | DES || Example crypto plug-in || ? || ? || | ||
+ | * TODO - Mentioned in SYMMETRIC_ALGORITHMS, but I don't see that this is actually used/implemented anywhere. What is this for? Do we even need to mention DES in the code here? | ||
+ | || | ||
+ | * barbican/crypto/plugin.py:PluginSupportTypes | ||
|} | |} | ||
Latest revision as of 19:56, 25 April 2014
This page documents security related details for the Barbican project in the OpenStack Juno release.
Contents
Implemented Crypto
Used Crypto
Libraries
- PyCrypto
- PyKCS11 (what does this use for underlying crypto?)
Encryption Algorithms
Algorithm | Purpose | Configurable | Implementation | Details | Source |
---|---|---|---|---|---|
AES | Example crypto plug-in | No | PyCrypto |
|
|
AES | PKCS11 plug-in | No | PyKCS11 |
|
|
AES | utility class | Yes | PyCrypto |
|
|
DES | Example crypto plug-in | ? | ? |
|
|
Hashing Algorithms
Algorithm | Purpose | Configurable | Implementation | Details | Source |
---|---|---|---|---|---|
sha256 | HKDF | Yes | PyCrypto |
|
|
sha256 | symmetric crypto signing | Yes | PyCrypto |
|
|