Refine the configuration settings for the HSM plugin to allow for multiple HSM vendors
The HSM plugin is based on the generic PKCS #11 interface, with an eye toward supporting any PKCS compliant HSM. However, there are vendor-specific attributes that map onto this PKCS interface, such as the algorithm/mode identifier to use within the HSM. These options are hardcoded now, but need to be pulled into a config file. These specific fields should probably be configured:
1) Vendor name (e.g. 'safenet', 'thales', ...)
2) Version of the plugin
3) Vendor mechanism (this would specify the algorithm/mode identifier to use for this vendor)
4) Key length
6) Block size
The vendor name and version should be added as attributes to the 'kek_data' table, so that if multiple HSMs are run using the same PKCS plugin class, they can be distinguished from each other in the kek_data table.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- High
- Drafter:
- John Wood
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- Accepted for juno
- Implementation:
-
Not started
- Milestone target:
- None
- Started by
- Completed by
- Douglas Mendizábal
Related branches
Related bugs
Sprints
Whiteboard
(redrobot) Closing this BP since it does not have a spec CR associated with it.
