yubihsm.defs

Named constants used in YubiHSM commands.

Attributes

Version

Classes

ERROR

Error codes returned by the YubiHSM

COMMAND

Commands available to send to the YubiHSM

ALGORITHM

Various algorithm constants

LIST_FILTER

Keys for use to filter on in list_objects

OBJECT

YubiHSM object types

OPTION

YubiHSM device options

AUDIT

Values for audit options

FIPS_STATUS

Values for FIPS status

CAPABILITY

YubiHSM object capability flags

ORIGIN

Support for integer-based Flags

Module Contents

yubihsm.defs.Version
class yubihsm.defs.ERROR[source]

Bases: enum.IntEnum

Error codes returned by the YubiHSM

OK = 0
INVALID_COMMAND = 1
INVALID_DATA = 2
INVALID_SESSION = 3
AUTHENTICATION_FAILED = 4
SESSIONS_FULL = 5
SESSION_FAILED = 6
STORAGE_FAILED = 7
WRONG_LENGTH = 8
INSUFFICIENT_PERMISSIONS = 9
LOG_FULL = 10
OBJECT_NOT_FOUND = 11
INVALID_ID = 12
SSH_CA_CONSTRAINT_VIOLATION = 14
INVALID_OTP = 15
DEMO_MODE = 16
OBJECT_EXISTS = 17
ALGORITHM_DISABLED = 18
COMMAND_UNEXECUTED = 255
class yubihsm.defs.COMMAND[source]

Bases: enum.IntEnum

Commands available to send to the YubiHSM

ECHO = 1
CREATE_SESSION = 3
AUTHENTICATE_SESSION = 4
SESSION_MESSAGE = 5
DEVICE_INFO = 6
RESET_DEVICE = 8
GET_DEVICE_PUBLIC_KEY = 10
CLOSE_SESSION = 64
GET_STORAGE_INFO = 65
PUT_OPAQUE = 66
GET_OPAQUE = 67
PUT_AUTHENTICATION_KEY = 68
PUT_ASYMMETRIC_KEY = 69
GENERATE_ASYMMETRIC_KEY = 70
SIGN_PKCS1 = 71
LIST_OBJECTS = 72
DECRYPT_PKCS1 = 73
EXPORT_WRAPPED = 74
IMPORT_WRAPPED = 75
PUT_WRAP_KEY = 76
GET_LOG_ENTRIES = 77
GET_OBJECT_INFO = 78
SET_OPTION = 79
GET_OPTION = 80
GET_PSEUDO_RANDOM = 81
PUT_HMAC_KEY = 82
SIGN_HMAC = 83
GET_PUBLIC_KEY = 84
SIGN_PSS = 85
SIGN_ECDSA = 86
DERIVE_ECDH = 87
DELETE_OBJECT = 88
DECRYPT_OAEP = 89
GENERATE_HMAC_KEY = 90
GENERATE_WRAP_KEY = 91
VERIFY_HMAC = 92
SIGN_SSH_CERTIFICATE = 93
PUT_TEMPLATE = 94
GET_TEMPLATE = 95
DECRYPT_OTP = 96
CREATE_OTP_AEAD = 97
RANDOMIZE_OTP_AEAD = 98
REWRAP_OTP_AEAD = 99
SIGN_ATTESTATION_CERTIFICATE = 100
PUT_OTP_AEAD_KEY = 101
GENERATE_OTP_AEAD_KEY = 102
SET_LOG_INDEX = 103
WRAP_DATA = 104
UNWRAP_DATA = 105
SIGN_EDDSA = 106
CHANGE_AUTHENTICATION_KEY = 108
PUT_SYMMETRIC_KEY = 109
GENERATE_SYMMETRIC_KEY = 110
DECRYPT_ECB = 111
ENCRYPT_ECB = 112
DECRYPT_CBC = 113
ENCRYPT_CBC = 114
PUT_PUBLIC_WRAP_KEY = 115
WRAP_KEY_RSA = 116
UNWRAP_KEY_RSA = 117
EXPORT_WRAPPED_RSA = 118
IMPORT_WRAPPED_RSA = 119
ERROR = 127
class yubihsm.defs.ALGORITHM[source]

Bases: enum.IntEnum

Various algorithm constants

RSA_PKCS1_SHA1 = 1
RSA_PKCS1_SHA256 = 2
RSA_PKCS1_SHA384 = 3
RSA_PKCS1_SHA512 = 4
RSA_PSS_SHA1 = 5
RSA_PSS_SHA256 = 6
RSA_PSS_SHA384 = 7
RSA_PSS_SHA512 = 8
RSA_2048 = 9
RSA_3072 = 10
RSA_4096 = 11
RSA_OAEP_SHA1 = 25
RSA_OAEP_SHA256 = 26
RSA_OAEP_SHA384 = 27
RSA_OAEP_SHA512 = 28
RSA_MGF1_SHA1 = 32
RSA_MGF1_SHA256 = 33
RSA_MGF1_SHA384 = 34
RSA_MGF1_SHA512 = 35
EC_P256 = 12
EC_P384 = 13
EC_P521 = 14
EC_K256 = 15
EC_BP256 = 16
EC_BP384 = 17
EC_BP512 = 18
EC_ECDSA_SHA1 = 23
EC_ECDH = 24
HMAC_SHA1 = 19
HMAC_SHA256 = 20
HMAC_SHA384 = 21
HMAC_SHA512 = 22
AES128_CCM_WRAP = 29
OPAQUE_DATA = 30
OPAQUE_X509_CERTIFICATE = 31
TEMPLATE_SSH = 36
AES128_YUBICO_OTP = 37
AES128_YUBICO_AUTHENTICATION = 38
AES192_YUBICO_OTP = 39
AES256_YUBICO_OTP = 40
AES192_CCM_WRAP = 41
AES256_CCM_WRAP = 42
EC_ECDSA_SHA256 = 43
EC_ECDSA_SHA384 = 44
EC_ECDSA_SHA512 = 45
EC_ED25519 = 46
EC_P224 = 47
RSA_PKCS1_DECRYPT = 48
EC_P256_YUBICO_AUTHENTICATION = 49
AES128 = 50
AES192 = 51
AES256 = 52
AES_ECB = 53
AES_CBC = 54
AES_KWP = 55
to_curve()[source]

Return a Cryptography EC curve instance for a given member.

Returns:

The corresponding curve.

Return type:

cryptography.hazmat.primitives.ec.

Example:

>>> isinstance(ALGORITHM.EC_P256.to_curve(), ec.SECP256R1)
True
static for_curve(curve)[source]

Returns a member corresponding to a Cryptography curve instance.

Example:

Parameters:

curve (cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve)

Return type:

ALGORITHM

>>> ALGORITHM.for_curve(ec.SECP256R1()) == ALGORITHM.EC_P256
True
to_key_size()[source]

Return the expected size (in bytes) of a key corresponding to an algorithm.

Returns:

The corresponding key size (in bytes) to an algorithm.

Example:

Return type:

int

>>> ALGORITHM.AES128.to_key_size()
16
to_hash_algorithm()[source]

Return the cryptography hash algorithm object corresponding to the algorithm.

:return The corresponding cryptography hash algorithm object.

Example:

Return type:

cryptography.hazmat.primitives.hashes.HashAlgorithm

>>> ALGORITHM.HMAC_SHA1.to_hash_algorithm()
hashes.SHA1
class yubihsm.defs.LIST_FILTER[source]

Bases: enum.IntEnum

Keys for use to filter on in list_objects

ID = 1
TYPE = 2
DOMAINS = 3
CAPABILITIES = 4
ALGORITHM = 5
LABEL = 6
class yubihsm.defs.OBJECT[source]

Bases: enum.IntEnum

YubiHSM object types

OPAQUE = 1
AUTHENTICATION_KEY = 2
ASYMMETRIC_KEY = 3
WRAP_KEY = 4
HMAC_KEY = 5
TEMPLATE = 6
OTP_AEAD_KEY = 7
SYMMETRIC_KEY = 8
PUBLIC_WRAP_KEY = 9
class yubihsm.defs.OPTION[source]

Bases: enum.IntEnum

YubiHSM device options

FORCE_AUDIT = 1
COMMAND_AUDIT = 3
ALGORITHM_TOGGLE = 4
FIPS_MODE = 5
class yubihsm.defs.AUDIT[source]

Bases: enum.IntEnum

Values for audit options

OFF = 0
ON = 1
FIXED = 2
class yubihsm.defs.FIPS_STATUS[source]

Bases: enum.IntEnum

Values for FIPS status

OFF = 0
ON = 1
PENDING = 3
class yubihsm.defs.CAPABILITY[source]

Bases: enum.IntFlag

YubiHSM object capability flags

GET_OPAQUE = 1
PUT_OPAQUE = 2
PUT_AUTHENTICATION_KEY = 4
PUT_ASYMMETRIC = 8
GENERATE_ASYMMETRIC_KEY = 16
SIGN_PKCS = 32
SIGN_PSS = 64
SIGN_ECDSA = 128
SIGN_EDDSA = 256
DECRYPT_PKCS = 512
DECRYPT_OAEP = 1024
DERIVE_ECDH = 2048
EXPORT_WRAPPED = 4096
IMPORT_WRAPPED = 8192
PUT_WRAP_KEY = 16384
GENERATE_WRAP_KEY = 32768
EXPORTABLE_UNDER_WRAP = 65536
SET_OPTION = 131072
GET_OPTION = 262144
GET_PSEUDO_RANDOM = 524288
PUT_HMAC_KEY = 1048576
GENERATE_HMAC_KEY = 2097152
SIGN_HMAC = 4194304
VERIFY_HMAC = 8388608
GET_LOG_ENTRIES = 16777216
SIGN_SSH_CERTIFICATE = 33554432
GET_TEMPLATE = 67108864
PUT_TEMPLATE = 134217728
RESET_DEVICE = 268435456
DECRYPT_OTP = 536870912
CREATE_OTP_AEAD = 1073741824
RANDOMIZE_OTP_AEAD = 2147483648
REWRAP_FROM_OTP_AEAD_KEY = 4294967296
REWRAP_TO_OTP_AEAD_KEY = 8589934592
SIGN_ATTESTATION_CERTIFICATE = 17179869184
PUT_OTP_AEAD_KEY = 34359738368
GENERATE_OTP_AEAD_KEY = 68719476736
WRAP_DATA = 137438953472
UNWRAP_DATA = 274877906944
DELETE_OPAQUE = 549755813888
DELETE_AUTHENTICATION_KEY = 1099511627776
DELETE_ASYMMETRIC_KEY = 2199023255552
DELETE_WRAP_KEY = 4398046511104
DELETE_HMAC_KEY = 8796093022208
DELETE_TEMPLATE = 17592186044416
DELETE_OTP_AEAD_KEY = 35184372088832
CHANGE_AUTHENTICATION_KEY = 70368744177664
PUT_SYMMETRIC_KEY = 140737488355328
GENERATE_SYMMETRIC_KEY = 281474976710656
DELETE_SYMMETRIC_KEY = 562949953421312
DECRYPT_ECB = 1125899906842624
ENCRYPT_ECB = 2251799813685248
DECRYPT_CBC = 4503599627370496
ENCRYPT_CBC = 9007199254740992
PUBLIC_WRAP_KEY_WRITE = 18014398509481984
PUBLIC_WRAP_KEY_DELETE = 36028797018963968
NONE()[source]
Return type:

CAPABILITY

ALL()[source]
Return type:

CAPABILITY

class yubihsm.defs.ORIGIN[source]

Bases: enum.IntFlag

Support for integer-based Flags

GENERATED = 1
IMPORTED = 2
IMPORTED_WRAPPED = 16