yubihsm.defs
Named constants used in YubiHSM commands.
Attributes
Classes
Error codes returned by the YubiHSM |
|
Commands available to send to the YubiHSM |
|
Various algorithm constants |
|
Keys for use to filter on in list_objects |
|
YubiHSM object types |
|
YubiHSM device options |
|
Values for audit options |
|
Values for FIPS status |
|
YubiHSM object capability flags |
|
Support for integer-based Flags |
Module Contents
- yubihsm.defs.Version
- class yubihsm.defs.ERROR[source]
Bases:
enum.IntEnum
Error codes returned by the YubiHSM
- OK = 0
- INVALID_COMMAND = 1
- INVALID_DATA = 2
- INVALID_SESSION = 3
- AUTHENTICATION_FAILED = 4
- SESSIONS_FULL = 5
- SESSION_FAILED = 6
- STORAGE_FAILED = 7
- WRONG_LENGTH = 8
- INSUFFICIENT_PERMISSIONS = 9
- LOG_FULL = 10
- OBJECT_NOT_FOUND = 11
- INVALID_ID = 12
- SSH_CA_CONSTRAINT_VIOLATION = 14
- INVALID_OTP = 15
- DEMO_MODE = 16
- OBJECT_EXISTS = 17
- ALGORITHM_DISABLED = 18
- COMMAND_UNEXECUTED = 255
- class yubihsm.defs.COMMAND[source]
Bases:
enum.IntEnum
Commands available to send to the YubiHSM
- ECHO = 1
- CREATE_SESSION = 3
- AUTHENTICATE_SESSION = 4
- SESSION_MESSAGE = 5
- DEVICE_INFO = 6
- RESET_DEVICE = 8
- GET_DEVICE_PUBLIC_KEY = 10
- CLOSE_SESSION = 64
- GET_STORAGE_INFO = 65
- PUT_OPAQUE = 66
- GET_OPAQUE = 67
- PUT_AUTHENTICATION_KEY = 68
- PUT_ASYMMETRIC_KEY = 69
- GENERATE_ASYMMETRIC_KEY = 70
- SIGN_PKCS1 = 71
- LIST_OBJECTS = 72
- DECRYPT_PKCS1 = 73
- EXPORT_WRAPPED = 74
- IMPORT_WRAPPED = 75
- PUT_WRAP_KEY = 76
- GET_LOG_ENTRIES = 77
- GET_OBJECT_INFO = 78
- SET_OPTION = 79
- GET_OPTION = 80
- GET_PSEUDO_RANDOM = 81
- PUT_HMAC_KEY = 82
- SIGN_HMAC = 83
- GET_PUBLIC_KEY = 84
- SIGN_PSS = 85
- SIGN_ECDSA = 86
- DERIVE_ECDH = 87
- DELETE_OBJECT = 88
- DECRYPT_OAEP = 89
- GENERATE_HMAC_KEY = 90
- GENERATE_WRAP_KEY = 91
- VERIFY_HMAC = 92
- SIGN_SSH_CERTIFICATE = 93
- PUT_TEMPLATE = 94
- GET_TEMPLATE = 95
- DECRYPT_OTP = 96
- CREATE_OTP_AEAD = 97
- RANDOMIZE_OTP_AEAD = 98
- REWRAP_OTP_AEAD = 99
- SIGN_ATTESTATION_CERTIFICATE = 100
- PUT_OTP_AEAD_KEY = 101
- GENERATE_OTP_AEAD_KEY = 102
- SET_LOG_INDEX = 103
- WRAP_DATA = 104
- UNWRAP_DATA = 105
- SIGN_EDDSA = 106
- BLINK_DEVICE = 107
- CHANGE_AUTHENTICATION_KEY = 108
- PUT_SYMMETRIC_KEY = 109
- GENERATE_SYMMETRIC_KEY = 110
- DECRYPT_ECB = 111
- ENCRYPT_ECB = 112
- DECRYPT_CBC = 113
- ENCRYPT_CBC = 114
- PUT_PUBLIC_WRAP_KEY = 115
- WRAP_KEY_RSA = 116
- UNWRAP_KEY_RSA = 117
- EXPORT_WRAPPED_RSA = 118
- IMPORT_WRAPPED_RSA = 119
- ERROR = 127
- class yubihsm.defs.ALGORITHM[source]
Bases:
enum.IntEnum
Various algorithm constants
- RSA_PKCS1_SHA1 = 1
- RSA_PKCS1_SHA256 = 2
- RSA_PKCS1_SHA384 = 3
- RSA_PKCS1_SHA512 = 4
- RSA_PSS_SHA1 = 5
- RSA_PSS_SHA256 = 6
- RSA_PSS_SHA384 = 7
- RSA_PSS_SHA512 = 8
- RSA_2048 = 9
- RSA_3072 = 10
- RSA_4096 = 11
- RSA_OAEP_SHA1 = 25
- RSA_OAEP_SHA256 = 26
- RSA_OAEP_SHA384 = 27
- RSA_OAEP_SHA512 = 28
- RSA_MGF1_SHA1 = 32
- RSA_MGF1_SHA256 = 33
- RSA_MGF1_SHA384 = 34
- RSA_MGF1_SHA512 = 35
- EC_P256 = 12
- EC_P384 = 13
- EC_P521 = 14
- EC_K256 = 15
- EC_BP256 = 16
- EC_BP384 = 17
- EC_BP512 = 18
- EC_ECDSA_SHA1 = 23
- EC_ECDH = 24
- HMAC_SHA1 = 19
- HMAC_SHA256 = 20
- HMAC_SHA384 = 21
- HMAC_SHA512 = 22
- AES128_CCM_WRAP = 29
- OPAQUE_DATA = 30
- OPAQUE_X509_CERTIFICATE = 31
- TEMPLATE_SSH = 36
- AES128_YUBICO_OTP = 37
- AES128_YUBICO_AUTHENTICATION = 38
- AES192_YUBICO_OTP = 39
- AES256_YUBICO_OTP = 40
- AES192_CCM_WRAP = 41
- AES256_CCM_WRAP = 42
- EC_ECDSA_SHA256 = 43
- EC_ECDSA_SHA384 = 44
- EC_ECDSA_SHA512 = 45
- EC_ED25519 = 46
- EC_P224 = 47
- RSA_PKCS1_DECRYPT = 48
- EC_P256_YUBICO_AUTHENTICATION = 49
- AES128 = 50
- AES192 = 51
- AES256 = 52
- AES_ECB = 53
- AES_CBC = 54
- AES_KWP = 55
- to_curve()[source]
Return a Cryptography EC curve instance for a given member.
- Returns:
The corresponding curve.
- Return type:
cryptography.hazmat.primitives.ec.
- Example:
>>> isinstance(ALGORITHM.EC_P256.to_curve(), ec.SECP256R1) True
- static for_curve(curve)[source]
Returns a member corresponding to a Cryptography curve instance.
- Example:
- Parameters:
curve (cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve)
- Return type:
>>> ALGORITHM.for_curve(ec.SECP256R1()) == ALGORITHM.EC_P256 True
- to_key_size()[source]
Return the expected size (in bytes) of a key corresponding to an algorithm.
- Returns:
The corresponding key size (in bytes) to an algorithm.
- Example:
- Return type:
>>> ALGORITHM.AES128.to_key_size() 16
- class yubihsm.defs.LIST_FILTER[source]
Bases:
enum.IntEnum
Keys for use to filter on in list_objects
- ID = 1
- TYPE = 2
- DOMAINS = 3
- CAPABILITIES = 4
- ALGORITHM = 5
- LABEL = 6
- class yubihsm.defs.OBJECT[source]
Bases:
enum.IntEnum
YubiHSM object types
- OPAQUE = 1
- AUTHENTICATION_KEY = 2
- ASYMMETRIC_KEY = 3
- WRAP_KEY = 4
- HMAC_KEY = 5
- TEMPLATE = 6
- OTP_AEAD_KEY = 7
- SYMMETRIC_KEY = 8
- PUBLIC_WRAP_KEY = 9
- class yubihsm.defs.OPTION[source]
Bases:
enum.IntEnum
YubiHSM device options
- FORCE_AUDIT = 1
- COMMAND_AUDIT = 3
- ALGORITHM_TOGGLE = 4
- FIPS_MODE = 5
- class yubihsm.defs.AUDIT[source]
Bases:
enum.IntEnum
Values for audit options
- OFF = 0
- ON = 1
- FIXED = 2
- class yubihsm.defs.FIPS_STATUS[source]
Bases:
enum.IntEnum
Values for FIPS status
- OFF = 0
- ON = 1
- PENDING = 3
- class yubihsm.defs.CAPABILITY[source]
Bases:
enum.IntFlag
YubiHSM object capability flags
- GET_OPAQUE = 1
- PUT_OPAQUE = 2
- PUT_AUTHENTICATION_KEY = 4
- PUT_ASYMMETRIC = 8
- GENERATE_ASYMMETRIC_KEY = 16
- SIGN_PKCS = 32
- SIGN_PSS = 64
- SIGN_ECDSA = 128
- SIGN_EDDSA = 256
- DECRYPT_PKCS = 512
- DECRYPT_OAEP = 1024
- DERIVE_ECDH = 2048
- EXPORT_WRAPPED = 4096
- IMPORT_WRAPPED = 8192
- PUT_WRAP_KEY = 16384
- GENERATE_WRAP_KEY = 32768
- EXPORTABLE_UNDER_WRAP = 65536
- SET_OPTION = 131072
- GET_OPTION = 262144
- GET_PSEUDO_RANDOM = 524288
- PUT_HMAC_KEY = 1048576
- GENERATE_HMAC_KEY = 2097152
- SIGN_HMAC = 4194304
- VERIFY_HMAC = 8388608
- GET_LOG_ENTRIES = 16777216
- SIGN_SSH_CERTIFICATE = 33554432
- GET_TEMPLATE = 67108864
- PUT_TEMPLATE = 134217728
- RESET_DEVICE = 268435456
- DECRYPT_OTP = 536870912
- CREATE_OTP_AEAD = 1073741824
- RANDOMIZE_OTP_AEAD = 2147483648
- REWRAP_FROM_OTP_AEAD_KEY = 4294967296
- REWRAP_TO_OTP_AEAD_KEY = 8589934592
- SIGN_ATTESTATION_CERTIFICATE = 17179869184
- PUT_OTP_AEAD_KEY = 34359738368
- GENERATE_OTP_AEAD_KEY = 68719476736
- WRAP_DATA = 137438953472
- UNWRAP_DATA = 274877906944
- DELETE_OPAQUE = 549755813888
- DELETE_AUTHENTICATION_KEY = 1099511627776
- DELETE_ASYMMETRIC_KEY = 2199023255552
- DELETE_WRAP_KEY = 4398046511104
- DELETE_HMAC_KEY = 8796093022208
- DELETE_TEMPLATE = 17592186044416
- DELETE_OTP_AEAD_KEY = 35184372088832
- CHANGE_AUTHENTICATION_KEY = 70368744177664
- PUT_SYMMETRIC_KEY = 140737488355328
- GENERATE_SYMMETRIC_KEY = 281474976710656
- DELETE_SYMMETRIC_KEY = 562949953421312
- DECRYPT_ECB = 1125899906842624
- ENCRYPT_ECB = 2251799813685248
- DECRYPT_CBC = 4503599627370496
- ENCRYPT_CBC = 9007199254740992
- PUBLIC_WRAP_KEY_WRITE = 18014398509481984
- PUBLIC_WRAP_KEY_DELETE = 36028797018963968