linotp.lib.security package

module for SecurityModules / devices like hsms

exception linotp.lib.security.FatalHSMException

Bases: Exception

class linotp.lib.security.SecurityModule(config=None, add_conf=None)

Bases: object

decrypt(value: bytes, iv: bytes, id: int = 0) → bytes

decryptPassword(cryptPass: str) → bytes

decryptPin(cryptPin: str) → bytes

encrypt(data: bytes, iv: bytes, id: int = 0) → bytes

encryptPassword(cryptPass: bytes) → str

encryptPin(cryptPin, iv=None) → str

classmethod getAdditionalClassConfig()

isReady()

random(len: int) → bytes

setup_module(params)

signMessage(message, method=None, slot_id=3)

verfiyMessageSignature(message, hex_mac, method=None, slot_id=3)

Submodules

• linotp.lib.security.default module
  • DefaultSecurityModule
    • DefaultSecurityModule.decrypt()
    • DefaultSecurityModule.decryptPassword()
    • DefaultSecurityModule.decryptPin()
    • DefaultSecurityModule.encrypt()
    • DefaultSecurityModule.encryptPassword()
    • DefaultSecurityModule.encryptPin()
    • DefaultSecurityModule.getSecret()
    • DefaultSecurityModule.hash_digest()
    • DefaultSecurityModule.hmac_digest()
    • DefaultSecurityModule.isReady()
    • DefaultSecurityModule.padd_data()
    • DefaultSecurityModule.random()
    • DefaultSecurityModule.schema
    • DefaultSecurityModule.setup_module()
    • DefaultSecurityModule.signMessage()
    • DefaultSecurityModule.unpadd_data()
    • DefaultSecurityModule.verfiyMessageSignature()
• linotp.lib.security.fips module
  • FipsSecurityModule
    • FipsSecurityModule.getAdditionalClassConfig()
    • FipsSecurityModule.hmac_digest()
• linotp.lib.security.pkcs11 module
  • CK_ATTRIBUTE
    • CK_ATTRIBUTE.pValue
    • CK_ATTRIBUTE.type
    • CK_ATTRIBUTE.ulValueLen
  • CK_MECHANISM
    • CK_MECHANISM.mechanism
    • CK_MECHANISM.pParameter
    • CK_MECHANISM.usParameterLen
  • CK_TOKEN_INFO
    • CK_TOKEN_INFO.firmwareVersion
    • CK_TOKEN_INFO.flags
    • CK_TOKEN_INFO.hardwareVersion
    • CK_TOKEN_INFO.label
    • CK_TOKEN_INFO.manufacturerID
    • CK_TOKEN_INFO.model
    • CK_TOKEN_INFO.serialNumber
    • CK_TOKEN_INFO.ulFreePrivateMemory
    • CK_TOKEN_INFO.ulFreePublicMemory
    • CK_TOKEN_INFO.ulMaxPinLen
    • CK_TOKEN_INFO.ulMaxRwSessionCount
    • CK_TOKEN_INFO.ulMaxSessionCount
    • CK_TOKEN_INFO.ulMinPinLen
    • CK_TOKEN_INFO.ulRwSessionCount
    • CK_TOKEN_INFO.ulSessionCount
    • CK_TOKEN_INFO.ulTotalPrivateMemory
    • CK_TOKEN_INFO.ulTotalPublicMemory
    • CK_TOKEN_INFO.utcTime
  • CK_VERSION
    • CK_VERSION.major
    • CK_VERSION.minor
  • Pkcs11SecurityModule
    • Pkcs11SecurityModule.createAES()
    • Pkcs11SecurityModule.decrypt()
    • Pkcs11SecurityModule.decryptPassword()
    • Pkcs11SecurityModule.decryptPin()
    • Pkcs11SecurityModule.encrypt()
    • Pkcs11SecurityModule.encryptPassword()
    • Pkcs11SecurityModule.encryptPin()
    • Pkcs11SecurityModule.find_aes_keys()
    • Pkcs11SecurityModule.gettokeninfo()
    • Pkcs11SecurityModule.initpkcs11()
    • Pkcs11SecurityModule.isReady()
    • Pkcs11SecurityModule.login()
    • Pkcs11SecurityModule.logout()
    • Pkcs11SecurityModule.number_or_null
    • Pkcs11SecurityModule.pad()
    • Pkcs11SecurityModule.populate_handles()
    • Pkcs11SecurityModule.random()
    • Pkcs11SecurityModule.schema
    • Pkcs11SecurityModule.setup_module()
    • Pkcs11SecurityModule.unpad()
  • main()
  • output()
  • pkcs11error()
• linotp.lib.security.provider module
  • SecurityProvider
    • SecurityProvider.createHSMPool()
    • SecurityProvider.dropSecurityModule()
    • SecurityProvider.getSecurityModule()
    • SecurityProvider.get_config_entries()
    • SecurityProvider.loadSecurityModule()
    • SecurityProvider.load_config()
    • SecurityProvider.setupModule()