Commit Graph

874 Commits

Author SHA1 Message Date
Peter Hamilton 815cf9bc2f Merge pull request from OpenKMIP/feat/add-decrypt-to-server
Add Decrypt support to the server
2017-07-27 12:19:48 -04:00
Peter Hamilton a4b7b433b4 Add Decrypt support to the server
This change adds the Decrypt operation to the server. Support is
currently limited to symmetric decryption only. The decryption key
used with the operation must be in the Active state and it must
have the Decrypt bit set in its cryptographic usage mask.
2017-07-27 12:03:27 -04:00
Peter Hamilton 15de77c0a8 Merge pull request from OpenKMIP/bug/fix-test-detached-instance
Fix bug generating detached instance errors in server tests
2017-07-27 11:58:29 -04:00
Peter Hamilton 7c6e45f549 Fix bug generating detached instance errors in server tests
This patch fixes a bug that generates intermittent sqlalchemy
DetachedInstanceErrors during the KMIP server engine unit test
execution. Specifically, this fix disables instance expiration on
commit for the sqlalchemy sessions used throughout the unit tests,
allowing access to instance attributes even if the instance is
detached from a session.

Fixes 
2017-07-27 11:38:07 -04:00
Peter Hamilton f86134878b Merge pull request from OpenKMIP/feat/add-derive-key-to-server
Add DeriveKey support to the server
2017-07-25 13:42:30 -04:00
Peter Hamilton 90fafe8713 Add DeriveKey support to the server
This change adds the DeriveKey operation to the server. Unit tests
covering the new additions are included. The Query operation has
also been updated to reflect this addition.
2017-07-25 13:20:16 -04:00
Peter Hamilton 590313dcf9 Merge pull request from OpenKMIP/feat/add-get-wrapped-keys
Add server support for Getting wrapped keys
2017-07-25 10:42:41 -04:00
Peter Hamilton 50b0ae9fee Add server support for Getting wrapped keys
This change adds support for retrieving wrapped keys from the KMIP
server. The only supported key wrapping algorithm currently is
the AES-based NIST Key Wrap algorithm (RFC 3394). MAC/signing is
not supported for key wrapping. Attribute-bundling with the wrapped
key value is not supported. Wrapping of the entire key block TTLV
encoding is not supported. Various additional error cases are
included and checked for.

Unit tests covering the additions to Get are included.
2017-07-25 09:50:11 -04:00
Peter Hamilton a3bd7f4b6f Merge pull request from OpenKMIP/bug/update-key-wrap
Fix key wrapping support in the cryptography engine
2017-07-24 12:53:50 -04:00
Peter Hamilton 448cf229f6 Fix key wrapping support in the cryptography engine
This change fixes key wrapping support in the cryptography engine.
The original implementation used a CryptographicAlgorithm enum to
determine what key wrapping algorithm to use for key wrapping.
Closer inspection of the KMIP spec indicates that a BlockCipherMode
enum should be used instead. The engine has been updated to reflect
this change, as have the corresponding key wrapping unit tests.
2017-07-24 12:40:46 -04:00
Peter Hamilton 615889f7eb Merge pull request from OpenKMIP/feat/update-key-wrapping-data
Update the KeyWrappingData struct
2017-07-24 12:13:58 -04:00
Peter Hamilton be4e1c2006 Merge pull request from OpenKMIP/feat/add-key-wrap
Add key wrapping support to the cryptography engine
2017-07-24 10:44:13 -04:00
Peter Hamilton f71500446f Add key wrapping support to the cryptography engine
This change adds key wrapping support to the CryptographyEngine,
supporting RFC 3394, AES Key Wrap, only. Numerous unit tests from
using test vectors from RFC 3394 are included.
2017-07-24 10:24:25 -04:00
Peter Hamilton ba09e5dd70 Merge pull request from OpenKMIP/feat/update-get-payloads
Update the Get request and response payloads
2017-07-20 17:43:08 -04:00
Peter Hamilton ba47813553 Update the Get request and response payloads
This change updates the Get payloads to reflect current coding
styles. It streamlines payload usage and makes it easier to create
and access payload fields. A new unit test suite dedicated to the
Get payloads is added. Surrounding code in the client/server and
associated utilities and unit tests are updated to reflect these
changes.
2017-07-20 12:36:42 -04:00
Peter Hamilton 1e6b043ab8 Update the KeyWrappingData struct
This change updates the KeyWrappingData struct to conform with
current library styles. This struct is used with key data to
represent a wrapped key and will be used by future patches to
support key wrapping functionality. Updated unit tests matching
the new additions are included.
2017-07-18 10:31:05 -04:00
Peter Hamilton 758bc348f7 Merge pull request from OpenKMIP/feat/update-key-wrapping-spec
Update the KeyWrappingSpecification struct
2017-07-16 15:03:59 -04:00
Peter Hamilton 0e0e1465e9 Update the KeyWrappingSpecification struct
This change updates the KeyWrappingSpecification struct to conform
with current library styles. This struct is used for key wrapping
functionality and will be used in future patches. Updated unit
tests matching the new additions are included.
2017-07-16 14:41:44 -04:00
Peter Hamilton 4591fe5abb Merge pull request from OpenKMIP/feat/update-mac-signature-key-info
Update the MACSignatureKeyInformation struct
2017-07-16 14:25:59 -04:00
Peter Hamilton 2e15a1ca3b Update the MACSignatureKeyInformation struct
This change updates the MACSignatureKeyInformation struct to
conform with current library styles. This struct is used for key
wrapping functionality and will be leveraged by future patches.
Updated unit tests matching the new additions are included.
2017-07-15 13:08:06 -04:00
Peter Hamilton 9e9af140a6 Merge pull request from OpenKMIP/feat/update-encryption-key-info
Update the EncryptionKeyInformation struct
2017-07-14 11:40:53 -04:00
Peter Hamilton e5d29f031f Update the EncryptionKeyInformation struct
This change updates the EncryptionKeyInformation struct to conform
with current library styles. This struct is used for key wrapping
functionality and will be leveraged by future patches. Updated
unit tests matching the new additions are included.
2017-07-13 15:12:26 -04:00
Peter Hamilton db81d9b16e Merge pull request from OpenKMIP/feat/add-derive
Add key derivation support to the server cryptography engine
2017-07-10 15:58:02 -04:00
Peter Hamilton 86e49b4c35 Add key derivation support to the server cryptography engine
This change adds key derivation functionality to the cryptographic
engine, adding support for multiple key derivation methods,
including encrypting, hashing, HMACing, and specific algorithms
like PBKDF2 and NIST 800-108. Numerous unit tests are included
from established cryptographic testing sources to verify the
added functionality.
2017-07-10 14:19:25 -04:00
Peter Hamilton 4108fba957 Merge pull request from OpenKMIP/maint/update-requirements
Update requirements to match required features
2017-07-07 09:15:13 -04:00
Peter Hamilton 528aa95954 Update requirements to match required features
This change bumps the required version for cryptography to match
what's currently needed by the software server.

Closes 
2017-07-07 08:26:02 -04:00
Peter Hamilton 62d30be7fa Merge pull request from vbnmmnbv/locate_attributes_server
Add Name attribute filtering of locate for server
2017-07-05 20:23:24 -04:00
Peter Hamilton ac8f160fa0 Merge pull request from OpenKMIP/feat/update-engine-tests
Update server engine unit tests to improve coverage
2017-07-05 14:45:52 -04:00
Peter Hamilton 4462a4cf42 Update server engine unit tests to improve coverage
This change adds several miscellaneous tests to improve unit test
coverage, minor additions all.
2017-07-05 14:24:38 -04:00
dane-fichter a910dccf07 Adding request and response payloads for the Sign operation 2017-07-05 10:03:58 -04:00
Hao Shen b55a051b26 Add Name attribute filtering of locate for server 2017-06-30 12:27:00 -07:00
Peter Hamilton 0618018c8b Add Decrypt support to the clients
This change adds Decrypt operation support to the KMIPProxy and
ProxyKmipClient clients, including unit tests to cover the new
functionality.
2017-06-28 11:35:38 -04:00
Peter Hamilton 4c244a1f6f Merge pull request from OpenKMIP/feat/add-encrypt-to-clients
Add Encrypt support to the clients
2017-06-28 10:59:30 -04:00
Peter Hamilton a3dd6503cd Merge pull request from OpenKMIP/feat/add-decrypt
Add decryption support to the server cryptography engine
2017-06-28 10:11:10 -04:00
Peter Hamilton 60bd56066e Add decryption support to the server cryptography engine
This change adds decryption functionality to the cryptographic
engine used by the server. It supports a variety of symmetric
decryption algorithms and block cipher modes. Asymmetric
decryption support will be added in a future patch.

Unit tests and minor updates to surrounding code are included.
2017-06-27 14:21:59 -04:00
Peter Hamilton e18dd54599 Merge pull request from OpenKMIP/feat/add-derive-key-payloads
Add request and response payloads for the DeriveKey operation
2017-06-26 12:19:18 -04:00
Peter Hamilton 344cce83da Add request and response payloads for the DeriveKey operation
This change adds request/response payloads for the DeriveKey
operation, updating the payload factories to support DeriveKey.
Unit tests for the payloads and payload factories are included.
The inequality operator was also added to the TemplateAttribute
struct to support the DeriveKey payload unit tests; differences
in Python2.7 and 3+ led to comparison failures.
2017-06-23 18:28:02 -04:00
Peter Hamilton 38ee408b21 Merge pull request from OpenKMIP/feat/add-derivation-parameters
Add the DerivationParameters struct
2017-06-23 18:22:11 -04:00
Peter Hamilton 4cc2870530 Merge pull request from OpenKMIP/feat/add-decrypt-payloads
Add request and response payloads for the Decrypt operation
2017-06-23 18:20:57 -04:00
Peter Hamilton ed22fb15f9 Add the DerivationParameters struct
This change adds support for the DerivationParameters struct,
which is needed for DeriveKey support. Unit tests are included to
cover all newly added code.
2017-06-21 11:14:07 -04:00
Peter Hamilton 3db0bfe88f Add request and response payloads for the Decrypt operation
This change adds request and response payloads for Decrypt
operation, updating the payload factories to support Decrypt
payloads. Unit tests for all new code are included.
2017-06-20 17:12:29 -04:00
Peter Hamilton a5e960153c Add Encrypt support to the clients
This change adds Encrypt operation support to the KMIPProxy and
ProxyKmipClient clients, including unit tests to cover the new
functionality.

Extensive documentation has been added to the header comments for
the new client methods detailing the expected input parameters and
return values. This approach should be followed for all new client
additions going forward.
2017-06-20 11:11:50 -04:00
Peter Hamilton 7b8bd4769c Merge pull request from OpenKMIP/feat/add-encrypt-to-server
Add Encrypt operation support to the server
2017-06-19 12:36:47 -04:00
Peter Hamilton de575303ce Add Encrypt operation support to the server
This change adds the Encrypt operation to the server. Support is
currently limited to symmetric encryption only. The encryption key
used with the operation must be in the Active state and it must
have the Encrypt bit set in its cryptographic usage mask.
2017-06-19 10:59:40 -04:00
Peter Hamilton 920dce73f4 Merge pull request from OpenKMIP/feat/add-encrypt
Add encryption support to the server cryptography engine
2017-06-19 10:38:58 -04:00
Peter Hamilton e19c9076de Merge pull request from OpenKMIP/feat/add-encrypt-payloads
Adding request and response payloads for the Encrypt operation
2017-06-16 16:10:28 -04:00
Peter Hamilton 7bc613417b Add encryption support to the server cryptography engine
This change adds encryption functionality to the cryptographic
engine used by the server. It supports a variety of symmetric
encryption algorithms and block cipher modes. Asymmetric encryption
support will be added in a future patch.

Unit tests and minor updates to surrounding core code are included.
2017-06-16 16:03:30 -04:00
Peter Hamilton 0f13e0e494 Adding request and response payloads for the Encrypt operation
This change adds request and response payloads for the Encrypt
operation, updating the payload factories to support Encrypt
payloads. Unit tests for all new code are included.
2017-05-31 16:47:19 -04:00
Peter Hamilton 66f80922f3 Merge pull request from OpenKMIP/feat/update-crypto-param
Updating the CryptographicParameters struct
2017-05-30 08:11:43 -04:00
Peter Hamilton 471d0a1ad8 Updating the CryptographicParameters struct
This change updates the CryptographicParameters struct, removing the
primitive class wrappers that it used to use for attribute values
and replacing them with struct properties that internally manage the
primitive objects directly. This gutting and regutting necessitates
cascading changes to every part of the library that used these
internal primitive class wrappers, including unit tests, client and
client tests, and attribute factory handlers. All of these have been
updated to reflect the correct usage of the CryptographicParameters
struct.

This change also adds in additional attribute members for the
CryptographicParameters struct to bring it up to spec with KMIP 1.2.
2017-05-24 15:39:09 -04:00