KeyManager.create_key length parameter is ambiguous
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
castellan |
Fix Released
|
High
|
Moisés Guimarães de Medeiros |
Bug Description
The length parameter in KeyManager.
Because of this, there is a mismatch in the way that BarbicanKeyManager and VaultKeyManager handle them.
BarbicanKeyManager assumes the value is bits, but VaultKeyManager assumes the value is in bytes. This, in turn, could result in unexpected behavior in applications using Castellan, since they would not have any knowledge at runtime about which backend is running and whether Castellan will return bits or bytes when asked to generate keys.
For example, consider the following:
keymgr = key_manager.
keymgr.
Which currently generates a 256 bit AES key when Barbican is configured, but generates a 2048 bit AES key when Vault is configured.
description: | updated |
description: | updated |
description: | updated |
Changed in castellan: | |
assignee: | nobody → Moisés Guimarães de Medeiros (moguimar) |
importance: | Undecided → High |
status: | New → In Progress |
Reviewed: https:/ /review. openstack. org/638658 /git.openstack. org/cgit/ openstack/ castellan/ commit/ ?id=9ecd30081aa fbd45d4d40fc927 aad1a6e18aaa6c
Committed: https:/
Submitter: Zuul
Branch: master
commit 9ecd30081aafbd4 5d4d40fc927aad1 a6e18aaa6c
Author: Moisés Guimarães de Medeiros <email address hidden>
Date: Fri Feb 22 13:49:50 2019 +0100
Fix length usage in VaultKeyManager .create_ key.
Previous code was considering length as bytes, but the API contract
considers the length param to be bits so that the considering `km`
as a VaultKeyManager, the call `km.create_key(ctx, 'AES', 256)` should
generate a 256 bit AES key and not a 2048 bit AES key instead.
Closes-Bug: #1817248 b6058f4c5cf69b6 56d7cc2c43b
Change-Id: I5815cb74394e18
Signed-off-by: Moisés Guimarães de Medeiros <email address hidden>