linotp.lib.security.default module

default SecurityModules which takes the enc keys from a file

class linotp.lib.security.default.DefaultSecurityModule(config=None)[source]

Bases: linotp.lib.security.SecurityModule

decrypt(input, iv, id=0)[source]

security module methods: decrypt

Parameters:data – the to be decrypted data

:type data:byte string

Parameters:
  • iv (random bytes) – initialisation vector (salt)
  • id (int) – slot of the key array
Returns:

decrypted data

Return type:

byte string

decryptPassword(cryptPass)[source]

dedicated security module methods: decryptPassword which used one slot id to decryt a string

Parameters:cryptPassword (byte string) – the crypted password - leading iv, seperated by the ‘:’
Returns:decrypted data
Return type:byte string
decryptPin(cryptPin)[source]

dedicated security module methods: decryptPin which used one slot id to decryt a string

Parameters:cryptPin (byte string) – the crypted pin - - leading iv, seperated by the ‘:’
Returns:decrypted data
Return type:byte string
encrypt(data, iv, id=0)[source]

security module methods: encrypt

Parameters:data – the to be encrypted data

:type data:byte string

Parameters:
  • iv (random bytes) – initialisation vector (salt)
  • id (int - slotid) – slot of the key array
Returns:

encrypted data

Return type:

byte string

encryptPassword(password)[source]

dedicated security module methods: encryptPassword which used one slot id to encrypt a string

Parameters:password (byte string) – the to be encrypted password
Returns:encrypted data - leading iv, seperated by the ‘:’
Return type:byte string
encryptPin(pin, iv=None)[source]

dedicated security module methods: encryptPin which used one slot id to encrypt a string

Parameters:
  • pin (byte string) – the to be encrypted pin
  • iv (buffer (20 bytes random)) – initialisation vector (optional)
Returns:

encrypted data - leading iv, seperated by the ‘:’

Return type:

byte string

getSecret(id=0)[source]

internal function, which acceses the key in the defined slot

Parameters:id (int - slotId) – slot id of the key array
Returns:key or secret
Return type:binary string
isReady()[source]

provides the status, if the security module is fully initializes this is required especially for the runtime confi like set password ++

Returns:status, if the module is fully operational
Return type:boolean
random(len=32)[source]

security module methods: random

Parameters:len (int) – length of the random byte array
Returns:random bytes
Return type:byte string
setup_module(param)[source]

callback, which is called during the runtime to initialze the security module

Parameters:params (dict) – all parameters, which are provided by the http request
Returns:
signMessage(message, method=None, slot_id=2)[source]

create the hex mac for the message -

Parameters:
  • message – the original message
  • method – the hash method - we use by default sha256
  • slot_id – which key should be used
Returns:

hex mac

verfiyMessageSignature(message, hex_mac, method=None, slot_id=2)[source]
verify the hex mac is same for the message -
the comparison is done in a constant time comparison
Parameters:
  • message – the original message
  • hex_mac – the to compared mac in hex
  • method – the hash method - we use by default sha256
  • slot_id – which key should be used
Returns:

boolean

class linotp.lib.security.default.ErrSecurityModule(config=None)[source]

Bases: linotp.lib.security.default.DefaultSecurityModule

setup_module(params)[source]