Remove the 512 bit key option for aes-xts-plain64 encrypted volumes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
New
|
Undecided
|
Keith Berger | ||
OpenStack Dashboard (Horizon) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The Key size listed for Encrpyted volumes using aes-xts-plain64 is not correct. If you use 512, you will get an error about an unsupported key size. This has to do with how barbican receives the key information from cinder.
https:/
does not pass a "mode" so this block
https:/
evaluates to 512 and this is not present in this list
https:/
The following docs needs updated to only reflect a 256 bit key.
https:/
https:/
https:/
https:/
Also the text needs to be updated.
Key Size (bits)
512 (Recommended for aes-xts-plain64. 256 should be used for aes-cbc-essiv)
256 Using this selection for aes-xts, the underlying key size would only be 128-bits*
Changed in cinder: | |
assignee: | nobody → Keith Berger (keith-berger) |
Reviewed: https:/ /review. opendev. org/689871 /git.openstack. org/cgit/ openstack/ horizon/ commit/ ?id=85a1dddf126 691921924edceca ee5c054c7df6c2
Committed: https:/
Submitter: Zuul
Branch: master
commit 85a1dddf1266919 21924edcecaee5c 054c7df6c2
Author: Keith Berger <email address hidden>
Date: Mon Oct 21 16:20:51 2019 -0400
Fix aes-xts key length in Horizon Admin Guide / Manage Volumes
When using aes-xts-plain64, a 512 bit key produces an error as this
is not a supported barbican key length for aes-xts-plain64. This patch
updates the horzion admin doc to remove the reference of a 512 bit key.
Change-Id: Ie36e05a1e59eb8 8b779c9f3249a71 4c20b5f5fe0
Closes-Bug: #1708505
Closes-Bug: #1849196