Reviewed: https://review.opendev.org/689871 Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=85a1dddf126691921924edcecaee5c054c7df6c2 Submitter: Zuul Branch: master
commit 85a1dddf126691921924edcecaee5c054c7df6c2 Author: Keith Berger <[email protected]> Date: Mon Oct 21 16:20:51 2019 -0400 Fix aes-xts key length in Horizon Admin Guide / Manage Volumes When using aes-xts-plain64, a 512 bit key produces an error as this is not a supported barbican key length for aes-xts-plain64. This patch updates the horzion admin doc to remove the reference of a 512 bit key. Change-Id: Ie36e05a1e59eb88b779c9f3249a714c20b5f5fe0 Closes-Bug: #1708505 Closes-Bug: #1849196 ** Changed in: horizon Status: New => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1849196 Title: Remove the 512 bit key option for aes-xts-plain64 encrypted volumes Status in Cinder: New Status in OpenStack Dashboard (Horizon): Fix Released Bug description: The Key size listed for Encrpyted volumes using aes-xts-plain64 is not correct. If you use 512, you will get an error about an unsupported key size. This has to do with how barbican receives the key information from cinder. https://github.com/openstack/cinder/blob/master/cinder/volume/volume_utils.py#L919 does not pass a "mode" so this block https://github.com/openstack/barbican/blob/stable/rocky/barbican/plugin/crypto/simple_crypto.py#L222 evaluates to 512 and this is not present in this list https://github.com/openstack/barbican/blob/stable/rocky/barbican/plugin/crypto/base.py#L64 The following docs needs updated to only reflect a 256 bit key. https://docs.openstack.org/horizon/train/admin/manage-volumes.html https://docs.openstack.org/horizon/stein/admin/manage-volumes.html https://docs.openstack.org/horizon/rocky/admin/manage-volumes.html https://docs.openstack.org/horizon/queens/admin/manage-volumes.html Also the text needs to be updated. Key Size (bits) 512 (Recommended for aes-xts-plain64. 256 should be used for aes-cbc-essiv) Using this selection for aes-xts, the underlying key size would only be 256-bits* 256 Using this selection for aes-xts, the underlying key size would only be 128-bits* To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1849196/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
