Difference between revisions of "Security/Juno/Barbican"

Latest revision as of 19:56, 25 April 2014

This page documents security related details for the Barbican project in the OpenStack Juno release.

Algorithm	Purpose	Configurable	Implementation	Details	Source
AES	Example crypto plug-in	No	PyCrypto	Uses a 128 bit hardcoded default key. The key can be over-ridden by config. TODO - fill in details on what this is used for (if anything other than an example)	barbican/crypto/plugin.py:SimpleCryptoPlugin
AES	PKCS11 plug-in	No	PyKCS11	TODO - fill in details (key size, usage, etc.)	barbican/crypto/p11_crypto.py:P11CryptoPlugin
AES	utility class	Yes	PyCrypto	Used as the default encryption/decryption algorithm for symmetric crypto utility class. Caller can specify a different algorithm. Caller specifies the key size. This class isn't currently used anywhere within Barbican.	barbican/openstack/common/crypto/utils.py:SymmetricCrypto
DES	Example crypto plug-in	?	?	TODO - Mentioned in SYMMETRIC_ALGORITHMS, but I don't see that this is actually used/implemented anywhere. What is this for? Do we even need to mention DES in the code here?	barbican/crypto/plugin.py:PluginSupportTypes

Algorithm	Purpose	Configurable	Implementation	Details	Source
sha256	HKDF	Yes	PyCrypto	Used as the default algorithm for HMAC-based Key Derivation Function (HKDF) utility class. Caller can specify a different hashing algorithm. This class isn't currently used anywhere within Barbican.	barbican/openstack/common/crypto/utils.py:HKDF
sha256	symmetric crypto signing	Yes	PyCrypto	Used as the default signing (HMAC) algorithm for symmetric crypto utility class. Caller can specify a different hashing algorithm. This class isn't currently used anywhere within Barbican.	barbican/openstack/common/crypto/utils.py:SymmetricCrypto

@@ Line 20: / Line 20: @@
 * barbican/crypto/plugin.py:SimpleCryptoPlugin
 |-
-| AES || PKCS11 plug-in || No || PyCrypto? ||
+| AES || PKCS11 plug-in || No || PyKCS11 ||
 * TODO - fill in details (key size, usage, etc.)
 ||