1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
#!/usr/bin/env python
"""Constants related to the Transit secrets engine."""
import re
ALLOWED_KEY_TYPES = [
"aes256-gcm96",
"chacha20-poly1305",
"ed25519",
"ecdsa-p256",
"ecdsa-p384",
"ecdsa-p521",
"rsa-2048",
"rsa-3072",
"rsa-4096",
]
ALLOWED_EXPORT_KEY_TYPES = [
"encryption-key",
"signing-key",
"hmac-key",
]
ALLOWED_DATA_KEY_TYPES = [
"plaintext",
"wrapped",
]
ALLOWED_DATA_KEY_BITS = [128, 256, 512]
ALLOWED_HASH_DATA_ALGORITHMS = [
"sha2-224",
"sha2-256",
"sha2-384",
"sha2-512",
]
ALLOWED_HASH_DATA_FORMATS = ["hex", "base64"]
ALLOWED_SIGNATURE_ALGORITHMS = [
"pss",
"pkcs1v15",
]
ALLOWED_MARSHALING_ALGORITHMS = [
"asn1",
"jws",
]
# https://github.com/hashicorp/vault/pull/16549
# Either 'auto', 'hash', '-1', or any nonnegative integer.
ALLOWED_SALT_LENGTHS = re.compile(r"auto|hash|-1|\d+")
|
