File: defaults.py

package info (click to toggle)
python-pkcs11 0.9.3-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 932 kB
  • sloc: python: 4,067; ansic: 2,764; makefile: 24
file content (106 lines) | stat: -rw-r--r-- 2,954 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
"""
Default mappings for various key types and mechanisms.

None of this is provided for in PKCS#11 and its correctness should not be
assumed.
"""

from pkcs11.constants import (
    MechanismFlag,
)
from pkcs11.mechanisms import MGF, KeyType, Mechanism

DEFAULT_GENERATE_MECHANISMS = {
    KeyType.AES: Mechanism.AES_KEY_GEN,
    KeyType.DES2: Mechanism.DES2_KEY_GEN,
    KeyType.DES3: Mechanism.DES3_KEY_GEN,
    KeyType.DH: Mechanism.DH_PKCS_KEY_PAIR_GEN,
    KeyType.DSA: Mechanism.DSA_KEY_PAIR_GEN,
    KeyType.EC: Mechanism.EC_KEY_PAIR_GEN,
    KeyType.RSA: Mechanism.RSA_PKCS_KEY_PAIR_GEN,
    KeyType.X9_42_DH: Mechanism.X9_42_DH_KEY_PAIR_GEN,
    KeyType.EC_EDWARDS: Mechanism.EC_EDWARDS_KEY_PAIR_GEN,
    KeyType.GENERIC_SECRET: Mechanism.GENERIC_SECRET_KEY_GEN,
}
"""
Default mechanisms for generating keys.
"""

_ENCRYPTION = MechanismFlag.ENCRYPT | MechanismFlag.DECRYPT
_SIGNING = MechanismFlag.SIGN | MechanismFlag.VERIFY
_WRAPPING = MechanismFlag.WRAP | MechanismFlag.UNWRAP

DEFAULT_KEY_CAPABILITIES = {
    KeyType.AES: _ENCRYPTION | _SIGNING | _WRAPPING,
    KeyType.DES2: _ENCRYPTION | _SIGNING | _WRAPPING,
    KeyType.DES3: _ENCRYPTION | _SIGNING | _WRAPPING,
    KeyType.DH: MechanismFlag.DERIVE,
    KeyType.DSA: _SIGNING,
    KeyType.EC: _SIGNING | MechanismFlag.DERIVE,
    KeyType.RSA: _ENCRYPTION | _SIGNING | _WRAPPING,
    KeyType.GENERIC_SECRET: 0,
    KeyType.EC_EDWARDS: _SIGNING,
}
"""
Default capabilities for generating keys.
"""

DEFAULT_ENCRYPT_MECHANISMS = {
    KeyType.AES: Mechanism.AES_CBC_PAD,
    KeyType.DES2: Mechanism.DES3_CBC_PAD,
    KeyType.DES3: Mechanism.DES3_CBC_PAD,
    KeyType.RSA: Mechanism.RSA_PKCS_OAEP,
}
"""
Default mechanisms for encrypt/decrypt.
"""

DEFAULT_SIGN_MECHANISMS = {
    KeyType.AES: Mechanism.AES_MAC,
    KeyType.DES2: Mechanism.DES3_MAC,
    KeyType.DES3: Mechanism.DES3_MAC,
    KeyType.DSA: Mechanism.DSA_SHA512,
    KeyType.EC: Mechanism.ECDSA_SHA512,
    KeyType.RSA: Mechanism.SHA512_RSA_PKCS,
    KeyType.EC_EDWARDS: Mechanism.EDDSA,
}
"""
Default mechanisms for sign/verify.
"""

DEFAULT_WRAP_MECHANISMS = {
    KeyType.AES: Mechanism.AES_KEY_WRAP,
    KeyType.DES2: Mechanism.DES3_ECB,
    KeyType.DES3: Mechanism.DES3_ECB,
    KeyType.RSA: Mechanism.RSA_PKCS_OAEP,
}
"""
Default mechanism for wrap/unwrap.
"""

DEFAULT_DERIVE_MECHANISMS = {
    KeyType.DH: Mechanism.DH_PKCS_DERIVE,
    KeyType.EC: Mechanism.ECDH1_DERIVE,
    KeyType.X9_42_DH: Mechanism.X9_42_DH_DERIVE,
}
"""
Default mechanisms for key derivation
"""

DEFAULT_PARAM_GENERATE_MECHANISMS = {
    KeyType.DH: Mechanism.DH_PKCS_PARAMETER_GEN,
    KeyType.DSA: Mechanism.DSA_PARAMETER_GEN,
    KeyType.X9_42_DH: Mechanism.X9_42_DH_PARAMETER_GEN,
}
"""
Default mechanisms for domain parameter generation
"""


DEFAULT_MECHANISM_PARAMS = {
    Mechanism.RSA_PKCS_OAEP: (Mechanism.SHA_1, MGF.SHA1, None),
    Mechanism.RSA_PKCS_PSS: (Mechanism.SHA_1, MGF.SHA1, 20),
}
"""
Default mechanism parameters
"""