Adding enumerations

This change adds and finalizes the enumerations defined for KMIP 1.1. It
updates minor references to enumerations used around the library.
This commit is contained in:
Peter Hamilton 2015-10-02 13:18:15 -04:00
parent cd85d91a13
commit 7854ba9e0b
4 changed files with 432 additions and 71 deletions

View File

@ -184,14 +184,14 @@ class HashingAlgorithm(Enumeration):
for more information. for more information.
""" """
def __init__(self, value=HashingAlgorithmEnum.SHA_256): def __init__(self, value=HashingAlgorithmEnum.SHA256):
""" """
Construct a HashingAlgorithm object. Construct a HashingAlgorithm object.
Args: Args:
value (HashingAlgorithm): A HashingAlgorithm enumeration value, value (HashingAlgorithm): A HashingAlgorithm enumeration value,
(e.g., HashingAlgorithm.MD5). Optional, defaults to (e.g., HashingAlgorithm.MD5). Optional, defaults to
HashingAlgorithm.SHA_256. HashingAlgorithm.SHA256.
""" """
super(HashingAlgorithm, self).__init__( super(HashingAlgorithm, self).__init__(
enums.HashingAlgorithm, value, Tags.HASHING_ALGORITHM) enums.HashingAlgorithm, value, Tags.HASHING_ALGORITHM)
@ -473,7 +473,7 @@ class Digest(Struct):
@classmethod @classmethod
def create(cls, def create(cls,
hashing_algorithm=HashingAlgorithmEnum.SHA_256, hashing_algorithm=HashingAlgorithmEnum.SHA256,
digest_value=b'', digest_value=b'',
key_format_type=KeyFormatTypeEnum.RAW): key_format_type=KeyFormatTypeEnum.RAW):
""" """
@ -482,7 +482,7 @@ class Digest(Struct):
Args: Args:
hashing_algorithm (HashingAlgorithm): An enumeration representing hashing_algorithm (HashingAlgorithm): An enumeration representing
the hash algorithm used to compute the digest. Optional, the hash algorithm used to compute the digest. Optional,
defaults to HashingAlgorithm.SHA_256. defaults to HashingAlgorithm.SHA256.
digest_value (byte string): The bytes of the digest hash. Optional, digest_value (byte string): The bytes of the digest hash. Optional,
defaults to the empty byte string. defaults to the empty byte string.
key_format_type (KeyFormatType): An enumeration representing the key_format_type (KeyFormatType): An enumeration representing the

View File

@ -20,6 +20,15 @@ import enum
class AttributeType(enum.Enum): class AttributeType(enum.Enum):
"""
The name identifier of a managed object attribute.
The attribute type is the name of a specific attribute that can be
associated with a managed object. Every attribute contains this name in
addition to the actual attribute value. This enumeration is primarily used
to automatically map between attribute object encodings and the actual
attribute structures that are used to store the attribute data.
"""
UNIQUE_IDENTIFIER = 'Unique Identifier' UNIQUE_IDENTIFIER = 'Unique Identifier'
NAME = 'Name' NAME = 'Name'
OBJECT_TYPE = 'Object Type' OBJECT_TYPE = 'Object Type'
@ -97,8 +106,18 @@ class AuthenticationSuite(enum.Enum):
TLS12 = 2 TLS12 = 2
# 9.1.1.2
class Types(enum.Enum): class Types(enum.Enum):
"""
The unique identifier of an entity primitive type.
The type is a unique identifier for every possible primitive KMIP entity
defined by the KMIP specification. Every KMIP object is a form of KMIP
primitive. The type is the second piece of an object that is encoded and
decoded during serialization.
While not defined by the specification, the DEFAULT tag is used as a
default type identifier for testing purposes.
"""
DEFAULT = 0x00 DEFAULT = 0x00
STRUCTURE = 0x01 STRUCTURE = 0x01
INTEGER = 0x02 INTEGER = 0x02
@ -112,8 +131,17 @@ class Types(enum.Enum):
INTERVAL = 0x0A INTERVAL = 0x0A
# 9.1.3.1
class Tags(enum.Enum): class Tags(enum.Enum):
"""
The unique identifier of an entity type.
The tag is a unique identifier for every possible KMIP entity defined by
the KMIP specification. It is the first piece of an object that is encoded
and decoded during serialization.
While not defined by the specification, the DEFAULT tag is used as the
default tag for all KMIP primitives.
"""
DEFAULT = 0x420000 DEFAULT = 0x420000
ACTIVATION_DATE = 0x420001 ACTIVATION_DATE = 0x420001
APPLICATION_DATA = 0x420002 APPLICATION_DATA = 0x420002
@ -302,22 +330,38 @@ class Tags(enum.Enum):
X_509_CERTIFICATE_SUBJECT = 0x4200B7 X_509_CERTIFICATE_SUBJECT = 0x4200B7
# 9.1.3.2.1
class CredentialType(enum.Enum): class CredentialType(enum.Enum):
"""
The type of a credential object.
The credential type is a required attribute of a credential object. It
identifies the format and structure of the value of the credential.
"""
USERNAME_AND_PASSWORD = 0x00000001 USERNAME_AND_PASSWORD = 0x00000001
DEVICE = 0x00000002 DEVICE = 0x00000002
# 9.1.3.2.2
class KeyCompressionType(enum.Enum): class KeyCompressionType(enum.Enum):
"""
The technique used to compress an elliptic curve public key.
The key compression type is an attribute of a key block structure. If it
is omitted, it is inferred that the related public key is uncompressed.
"""
EC_PUBLIC_KEY_TYPE_UNCOMPRESSED = 0x00000001 EC_PUBLIC_KEY_TYPE_UNCOMPRESSED = 0x00000001
EC_PUBLIC_KEY_TYPE_X9_62_COMPRESSED_PRIME = 0x00000002 EC_PUBLIC_KEY_TYPE_X9_62_COMPRESSED_PRIME = 0x00000002
EC_PUBLIC_KEY_TYPE_X9_62_COMPRESSED_CHAR2 = 0x00000003 EC_PUBLIC_KEY_TYPE_X9_62_COMPRESSED_CHAR2 = 0x00000003
EC_PUBLIC_KEY_TYPE_X9_62_HYBRID = 0x00000004 EC_PUBLIC_KEY_TYPE_X9_62_HYBRID = 0x00000004
# 9.1.3.2.3
class KeyFormatType(enum.Enum): class KeyFormatType(enum.Enum):
"""
The format of the key data structure.
The key format type is a required attribute of a key block structure. It
is the differentiating feature that describes the structure of different
types of keys.
"""
RAW = 0x00000001 RAW = 0x00000001
OPAQUE = 0x00000002 OPAQUE = 0x00000002
PKCS_1 = 0x00000003 PKCS_1 = 0x00000003
@ -339,8 +383,14 @@ class KeyFormatType(enum.Enum):
TRANSPARENT_ECMQV_PUBLIC_KEY = 0x00000013 TRANSPARENT_ECMQV_PUBLIC_KEY = 0x00000013
# 9.1.3.2.4
class WrappingMethod(enum.Enum): class WrappingMethod(enum.Enum):
"""
The technique used to wrap a secret object.
The wrapping method is a required attribute of a key wrapping data
structure. It indicates how an algorithm is used to conduct the data
wrapping.
"""
ENCRYPT = 0x00000001 ENCRYPT = 0x00000001
MAC_SIGN = 0x00000002 MAC_SIGN = 0x00000002
ENCRYPT_THEN_MAC_SIGN = 0x00000003 ENCRYPT_THEN_MAC_SIGN = 0x00000003
@ -348,44 +398,130 @@ class WrappingMethod(enum.Enum):
TR_31 = 0x00000005 TR_31 = 0x00000005
# 9.1.3.2.6 class RecommendedCurve(enum.Enum):
"""
The type of algorithm for elliptic curve cryptography.
The recommended curve defines the algorithm associated with specific
classes of asymmetric keys. It is a required attribute of all transparent
key structures.
"""
P_192 = 0x00000001
K_163 = 0x00000002
B_163 = 0x00000003
P_224 = 0x00000004
K_233 = 0x00000005
B_233 = 0x00000006
P_256 = 0x00000007
K_283 = 0x00000008
B_283 = 0x00000009
P_384 = 0x0000000A
K_409 = 0x0000000B
B_409 = 0x0000000C
P_521 = 0x0000000D
K_571 = 0x0000000E
B_571 = 0x0000000F
class CertificateTypeEnum(enum.Enum): class CertificateTypeEnum(enum.Enum):
""" """
The type of a Certificate Managed Object. The type of a certificate managed object.
For more information, see Section 2.2.1 of the KMIP 1.1 specification. The certificate type identifies the format of a certificate. It can be
specified when creating or registering a certificate managed object.
""" """
X_509 = 0x00000001 X_509 = 0x00000001
PGP = 0x00000002 PGP = 0x00000002
# 9.1.3.2.8 class DigitalSignatureAlgorithm(enum.Enum):
"""
The algorithm used to create a digital signature.
The digital signature algorithm is an attribute associated with a
cryptographically signed object, usually a certificate. It can be
specified when registering a new managed object and is often managed
directly by the storage backend.
"""
MD2_WITH_RSA = 0x00000001
MD5_WITH_RSA = 0x00000002
SHA1_WITH_RSA = 0x00000003
SHA224_WITH_RSA = 0x00000004
SHA256_WITH_RSA = 0x00000005
SHA384_WITH_RSA = 0x00000006
SHA512_WITH_RSA = 0x00000007
RSASSA_PSS = 0x00000008
DSA_WITH_SHA1 = 0x00000009
DSA_WITH_SHA224 = 0x0000000A
DSA_WITH_SHA256 = 0x0000000B
ECDSA_WITH_SHA1 = 0x0000000C
ECDSA_WITH_SHA224 = 0x0000000D
ECDSA_WITH_SHA256 = 0x0000000E
ECDSA_WITH_SHA384 = 0x0000000F
ECDSA_WITH_SHA512 = 0x00000010
class SplitKeyMethod(enum.Enum): class SplitKeyMethod(enum.Enum):
"""
The computation used to create a split key managed object.
The split key method is a required attribute of a split key managed object,
indicating how the parts of the split key were generated from the original
source secret. It is only used when working with split keys.
"""
XOR = 0x00000001 XOR = 0x00000001
POLYNOMIAL_SHARING_GF = 0x00000002 POLYNOMIAL_SHARING_GF = 0x00000002
POLYNOMIAL_SHARING_PRIME_FIELD = 0x00000003 POLYNOMIAL_SHARING_PRIME_FIELD = 0x00000003
# 9.1.3.2.9
class SecretDataType(enum.Enum): class SecretDataType(enum.Enum):
"""
The type of a secret data value.
The secret data type indicates how to decode or interpret the value of a
secret object. It is a required attribute of a secret data managed object.
"""
PASSWORD = 0x00000001 PASSWORD = 0x00000001
SEED = 0x00000002 SEED = 0x00000002
# 9.1.3.2.10
class OpaqueDataType(enum.Enum): class OpaqueDataType(enum.Enum):
NONE = 0x80000000 # Not defined by the standard, but we need something. """
# The standard does say that values starting 0x8xxxxxx The type of an opaque data value.
# are considered extensions
The opaque data type is a custom value indicating how to decode or
interpret the value of an opaque object. Unlike all other enumerations,
the KMIP specification does not define any default opaque data types,
instead leaving the usage and definition up to the extension system
supported by a KMIP provider.
While not defined in the standard, the default type NONE is provided so
that basic opaque objects can still be defined, independent of a specific
vendor implementation. By definition as an extension, all opaque data type
enumeration values start with 0x80.
"""
NONE = 0x80000000
# 9.1.3.2.11
class NameType(enum.Enum): class NameType(enum.Enum):
"""
The type of a managed object name string.
The name type defines the format of a given name attribute value. Names
are common attributes for all managed objects.
"""
UNINTERPRETED_TEXT_STRING = 0x00000001 UNINTERPRETED_TEXT_STRING = 0x00000001
URI = 0x00000002 URI = 0x00000002
# 9.1.3.2.12
class ObjectType(enum.Enum): class ObjectType(enum.Enum):
"""
The type of a managed object.
The object type is a common attribute to all managed objects. It can be
set or specified upon object creation but is immutable once finalized. The
type can be used as a filter to locate sets of managed objects.
"""
CERTIFICATE = 0x00000001 CERTIFICATE = 0x00000001
SYMMETRIC_KEY = 0x00000002 SYMMETRIC_KEY = 0x00000002
PUBLIC_KEY = 0x00000003 PUBLIC_KEY = 0x00000003
@ -396,8 +532,15 @@ class ObjectType(enum.Enum):
OPAQUE_DATA = 0x00000008 OPAQUE_DATA = 0x00000008
# 9.1.3.2.13
class CryptographicAlgorithm(enum.Enum): class CryptographicAlgorithm(enum.Enum):
"""
The type of algorithm used for a cryptographic operation.
The cryptographic algorithm is a common attribute for cryptographic managed
objects and is used in various cryptographic structures and operations. It
is commonly specified during creation or registration of a cryptographic
object.
"""
DES = 0x00000001 DES = 0x00000001
TRIPLE_DES = 0x00000002 # '3DES' is invalid syntax TRIPLE_DES = 0x00000002 # '3DES' is invalid syntax
AES = 0x00000003 AES = 0x00000003
@ -425,8 +568,14 @@ class CryptographicAlgorithm(enum.Enum):
TWOFISH = 0x00000019 TWOFISH = 0x00000019
# 9.1.3.2.14
class BlockCipherMode(enum.Enum): class BlockCipherMode(enum.Enum):
"""
The mode dictating block processing in a cryptographic algorithm.
The block cipher mode is one of several features that make up a set of
cryptographic parameters, which can be used to describe all cryptographic
managed objects.
"""
CBC = 0x00000001 CBC = 0x00000001
ECB = 0x00000002 ECB = 0x00000002
PCBC = 0x00000003 PCBC = 0x00000003
@ -446,37 +595,56 @@ class BlockCipherMode(enum.Enum):
X9_102_AKW2 = 0x00000011 X9_102_AKW2 = 0x00000011
# 9.1.3.2.15
class PaddingMethod(enum.Enum): class PaddingMethod(enum.Enum):
NONE = 0x00000001 """
OAEP = 0x00000002 The type of padding technique used with a cryptographic algorithm.
PKCS5 = 0x00000003
SSL3 = 0x00000004 The padding method is one of several features that make up a set of
ZEROS = 0x00000005 cryptographic parameters, which can be used to describe all cryptographic
ANSI_X9_23 = 0x00000006 managed objects.
ISO_10126 = 0x00000007 """
PKCS1_V_1_5 = 0x00000008 NONE = 0x00000001
X9_31 = 0x00000009 OAEP = 0x00000002
PSS = 0x0000000A PKCS5 = 0x00000003
SSL3 = 0x00000004
ZEROS = 0x00000005
ANSI_X923 = 0x00000006
ISO_10126 = 0x00000007
PKCS1_V15 = 0x00000008
X9_31 = 0x00000009
PSS = 0x0000000A
# 9.1.3.2.16
class HashingAlgorithm(enum.Enum): class HashingAlgorithm(enum.Enum):
"""
The type of algorithm used to generate a cryptographic hash.
The hashing algorithm is one of several features that make up a set of
cryptographic parameters, which can be used to describe all cryptographic
managed objects. It is also a required digest attribute, defining the
algorithm used to create the digest value.
"""
MD2 = 0x00000001 MD2 = 0x00000001
MD4 = 0x00000002 MD4 = 0x00000002
MD5 = 0x00000003 MD5 = 0x00000003
SHA_1 = 0x00000004 SHA1 = 0x00000004
SHA_224 = 0x00000005 SHA224 = 0x00000005
SHA_256 = 0x00000006 SHA256 = 0x00000006
SHA_384 = 0x00000007 SHA384 = 0x00000007
SHA_512 = 0x00000008 SHA512 = 0x00000008
RIPEMD_160 = 0x00000009 RIPEMD_160 = 0x00000009
TIGER = 0x0000000A TIGER = 0x0000000A
WHIRLPOOL = 0x0000000B WHIRLPOOL = 0x0000000B
# 9.1.3.2.17
class KeyRoleType(enum.Enum): class KeyRoleType(enum.Enum):
"""
The position a cryptographic managed object holds in a cryptosystem.
The key role type is one of several features that make up a set of
cryptographic parameters, which can be used to describe all cryptographic
managed objects. The set of key role types is defined by ANSI X9 TR-31.
"""
BDK = 0x00000001 BDK = 0x00000001
CVK = 0x00000002 CVK = 0x00000002
DEK = 0x00000003 DEK = 0x00000003
@ -500,8 +668,116 @@ class KeyRoleType(enum.Enum):
PVKOTH = 0x00000015 PVKOTH = 0x00000015
# 9.1.3.2.24 class State(enum.Enum):
"""
The mode a managed object is currently in.
The state is a common attribute of managed objects. It defines how a
managed object can be used and can change as different operations are
enacted upon the object. It is set dynamically by a server and is only
queryable by a client.
"""
PRE_ACTIVE = 0x00000001
ACTIVE = 0x00000002
DEACTIVATED = 0x00000003
COMPROMISED = 0x00000004
DESTROYED = 0x00000005
DESTROYED_COMPROMISED = 0x00000006
class RevocationReasonCode(enum.Enum):
"""
A code number used to designate why a managed object was revoked.
The revocation reason code is used, in conjunction with a revocation
message, to record why revocation occurred for a managed object. Revocation
involves a state change in the associated managed object and is usually
carried out explicitly using the revoke operation.
"""
UNSPECIFIED = 0x00000001
KEY_COMPROMISE = 0x00000002
CA_COMPROMISE = 0x00000003
AFFILIATION_CHANGED = 0x00000004
SUPERSEDED = 0x00000005
CESSATION_OF_OPERATION = 0x00000006
PRIVILEGE_WITHDRAWN = 0x00000007
class LinkType(enum.Enum):
"""
The type of linkage between two managed objects.
The link type is a common attribute of managed objects. It is used to show
relationships between different objects, like between a public/private key
pair, or between a certificate and its public key. A managed object can
have multiple links associated with it and links themselves can be created
dynamically by the server and by the client upon or after object creation.
The link type can also be used as a filter to locate sets of managed
objects.
"""
CERTIFICATE_LINK = 0x00000101
PUBLIC_KEY_LINK = 0x00000102
PRIVATE_KEY_LINK = 0x00000103
DERIVATION_BASE_OBJECT_LINK = 0x00000104
DERIVED_KEY_LINK = 0x00000105
REPLACEMENT_OBJECT_LINK = 0x00000106
REPLACED_OBJECT_LINK = 0x00000107
class DerivationMethod(enum.Enum):
"""
The type of computation used to derive a new cryptographic object.
The derivation method is used to select a specific algorithm that will be
used, in conjunction with an existing managed object, to generate a new
key or secret data object. It is used exclusively with the derive key
operation.
"""
PBKDF2 = 0x00000001
HASH = 0x00000002
HMAC = 0x00000003
ENCRYPT = 0x00000004
NIST800_108_C = 0x00000005
NIST800_108_F = 0x00000006
NIST800_108_DPI = 0x00000007
class CertificateRequestType(enum.Enum):
"""
The type of a certificate request issued for certification.
The certificate request type is used when certifying or re-certifying a
specific certificate request. It can be omitted from the process if the
type information is included in an associated request template attribute.
"""
CRMF = 0x00000001
PKCS_10 = 0x00000002
PEM = 0x00000003
PGP = 0x00000004
class ValidityIndicator(enum.Enum):
"""
The result of validating a chain of certificates.
The validity indicator is used by a server to indicate if a chain of
certificate objects and references was correctly validated. It can
represent success, failure, or an unknown state if the server did not know
how to validate the certificate chain.
"""
VALID = 0x00000001
INVALID = 0x00000002
UNKNOWN = 0x00000003
class QueryFunction(enum.Enum): class QueryFunction(enum.Enum):
"""
A flag representing a specific set of server-specific information.
The query function is used to uniquely identifying what server-specific
information should be returned by a query request. A list of these flags
are used exclusively by the request payload for the query operation.
"""
QUERY_OPERATIONS = 0x00000001 QUERY_OPERATIONS = 0x00000001
QUERY_OBJECTS = 0x00000002 QUERY_OBJECTS = 0x00000002
QUERY_SERVER_INFORMATION = 0x00000003 QUERY_SERVER_INFORMATION = 0x00000003
@ -509,8 +785,43 @@ class QueryFunction(enum.Enum):
QUERY_EXTENSION_LIST = 0x00000005 QUERY_EXTENSION_LIST = 0x00000005
QUERY_EXTENSION_MAP = 0x00000006 QUERY_EXTENSION_MAP = 0x00000006
# 9.1.3.2.27
class CancellationResult(enum.Enum):
"""
The final result of cancelling an operation.
The cancellation result is used by a server to indicate how a cancelled
operation was handled. It is used exclusively in the response payload for
the cancel operation.
"""
CANCELED = 0x00000001
UNABLE_TO_CANCEL = 0x00000002
COMPLETED = 0x00000003
FAILED = 0x00000004
UNAVAILABLE = 0x00000005
class PutFunction(enum.Enum):
"""
The flag indicating the context of an object push to the client.
The put function defines if an object being pushed to a client is a new
object or if it is a replacement for an object already retrieved by the
client. It is used exclusively in the put operation message payload.
"""
NEW = 0x00000001
REPLACE = 0x00000002
class Operation(enum.Enum): class Operation(enum.Enum):
"""
The identifier of an action supported by the KMIP specification.
The operation defines what actions should be taken with the data provided
in the operation payload. It is required to decode the data provided in
each message payload. It is included in each request or response batch
item.
"""
CREATE = 0x00000001 CREATE = 0x00000001
CREATE_KEY_PAIR = 0x00000002 CREATE_KEY_PAIR = 0x00000002
REGISTER = 0x00000003 REGISTER = 0x00000003
@ -543,16 +854,29 @@ class Operation(enum.Enum):
DISCOVER_VERSIONS = 0x0000001E DISCOVER_VERSIONS = 0x0000001E
# 9.1.3.2.28
class ResultStatus(enum.Enum): class ResultStatus(enum.Enum):
"""
The final status of an operation.
The result status is used to indicate whether an operation completed
successfully or failed during processing. It is included in each response
batch item for a response.
"""
SUCCESS = 0x00000000 SUCCESS = 0x00000000
OPERATION_FAILED = 0x00000001 OPERATION_FAILED = 0x00000001
OPERATION_PENDING = 0x00000002 OPERATION_PENDING = 0x00000002
OPERATION_UNDONE = 0x00000003 OPERATION_UNDONE = 0x00000003
# 9.1.3.2.29
class ResultReason(enum.Enum): class ResultReason(enum.Enum):
"""
A predefined explanation for a failure or partial success of an operation.
The result reason is used to provide additional information on the result
status of an operation. It is most often used upon operation failure but
may be used with other result states. The reason is included in each
response batch item for a response.
"""
ITEM_NOT_FOUND = 0x00000001 ITEM_NOT_FOUND = 0x00000001
RESPONSE_TOO_LARGE = 0x00000002 RESPONSE_TOO_LARGE = 0x00000002
AUTHENTICATION_NOT_SUCCESSFUL = 0x00000003 AUTHENTICATION_NOT_SUCCESSFUL = 0x00000003
@ -574,22 +898,66 @@ class ResultReason(enum.Enum):
GENERAL_FAILURE = 0x00000100 GENERAL_FAILURE = 0x00000100
# 9.1.3.2.30
class BatchErrorContinuationOption(enum.Enum): class BatchErrorContinuationOption(enum.Enum):
"""
An error setting used to control the processing of batch items.
The batch error continuation option defines how the client wants the
server to handle batch item processing in the event of an operation
failure. The option is set in the request header of a request.
"""
CONTINUE = 0x00000001 CONTINUE = 0x00000001
STOP = 0x00000002 STOP = 0x00000002
UNDO = 0x00000003 UNDO = 0x00000003
# 9.1.3.2.32 class UsageLimitsUnit(enum.Enum):
"""
A unit of measure for a usage limit on a cryptographic managed object.
The usage limits unit defines what type of data to which a usage limit
applies. It is used primarily in a usage limit attribute and is typically
set during object creation or registration.
"""
BYTE = 0x00000001
OBJECT = 0x00000002
class EncodingOption(enum.Enum): class EncodingOption(enum.Enum):
"""
The type of encoding used for a wrapped managed object.
The encoding option is used in both key wrapping specifications and key
wrapping data. It defines how the wrapped object was encoded so that it
can be correctly parsed once unwrapped.
"""
NO_ENCODING = 0x00000001 NO_ENCODING = 0x00000001
TTLV_ENCODING = 0x00000002 TTLV_ENCODING = 0x00000002
# 9.1.3.3 class ObjectGroupMember(enum.Enum):
# 9.1.3.3.1 """
The group member state of a managed object.
The object group member reflects the freshness of a managed object. If a
managed object has never left the appliance, it is considered fresh. The
object group member can be used as a filter to locate sets of managed
objects.
"""
GROUP_MEMBER_FRESH = 0x00000001
GROUP_MEMBER_DEFAULT = 0x00000002
class CryptographicUsageMask(enum.Enum): class CryptographicUsageMask(enum.Enum):
"""
A mask identifying a usage case for a cryptographic managed object.
The cryptographic usage mask is an attribute associated with cryptographic
managed objects. It is a bit mask made from one or more of the enumeration
values, combined via logical-or. The mask is often specified during object
creation or registration and can also be used as a filter to locate sets
of managed objects.
"""
SIGN = 0x00000001 SIGN = 0x00000001
VERIFY = 0x00000002 VERIFY = 0x00000002
ENCRYPT = 0x00000004 ENCRYPT = 0x00000004
@ -611,21 +979,14 @@ class CryptographicUsageMask(enum.Enum):
TRANSLATE_WRAP = 0x00040000 TRANSLATE_WRAP = 0x00040000
TRANSLATE_UNWRAP = 0x00080000 TRANSLATE_UNWRAP = 0x00080000
# 9.1.3.2.33
class ObjectGroupMember(enum.Enum):
GROUP_MEMBER_FRESH = 0x00000001
GROUP_MEMBER_DEFAULT = 0x00000002
# 9.1.3.3.2
class StorageStatusMask(enum.Enum): class StorageStatusMask(enum.Enum):
"""
A mask identifying a possible storage state for a managed object.
The storage state mask is a filter option used to locate sets of managed
objects. It is a bit mask made from one or more of the enumeration values,
combined via logical-or.
"""
ONLINE_STORAGE = 0x00000001 ONLINE_STORAGE = 0x00000001
ARCHIVAL_STORAGE = 0x00000002 ARCHIVAL_STORAGE = 0x00000002
class RevocationReasonCode(enum.Enum):
UNSPECIFIED = 0x00000001
KEY_COMPROMISE = 0x00000002
CA_COMPROMISE = 0x00000003
AFFILIATION_CHANGED = 0x00000004
SUPERSEDED = 0x00000005
CESSATION_OF_OPERATION = 0x00000006
PRIVILEGE_WITHDRAWN = 0x00000007

View File

@ -35,11 +35,11 @@ class TestDigest(TestCase):
super(TestDigest, self).setUp() super(TestDigest, self).setUp()
self.hashing_algorithm_a = HashingAlgorithm( self.hashing_algorithm_a = HashingAlgorithm(
HashingAlgorithmEnum.SHA_256) HashingAlgorithmEnum.SHA256)
self.hashing_algorithm_b = HashingAlgorithm( self.hashing_algorithm_b = HashingAlgorithm(
HashingAlgorithmEnum.SHA_256) HashingAlgorithmEnum.SHA256)
self.hashing_algorithm_c = HashingAlgorithm( self.hashing_algorithm_c = HashingAlgorithm(
HashingAlgorithmEnum.SHA_256) HashingAlgorithmEnum.SHA256)
self.digest_value_a = DigestValue(b'') self.digest_value_a = DigestValue(b'')
self.digest_value_b = DigestValue( self.digest_value_b = DigestValue(
@ -413,7 +413,7 @@ class TestDigest(TestCase):
with no arguments. with no arguments.
""" """
digest = Digest.create() digest = Digest.create()
hashing_algorithm = HashingAlgorithmEnum.SHA_256 hashing_algorithm = HashingAlgorithmEnum.SHA256
digest_value = b'' digest_value = b''
key_format_type = KeyFormatTypeEnum.RAW key_format_type = KeyFormatTypeEnum.RAW

View File

@ -67,9 +67,9 @@ class TestAttributeValueFactory(testtools.TestCase):
""" """
value = { value = {
'block_cipher_mode': enums.BlockCipherMode.NIST_KEY_WRAP, 'block_cipher_mode': enums.BlockCipherMode.NIST_KEY_WRAP,
'padding_method': enums.PaddingMethod.ANSI_X9_23, 'padding_method': enums.PaddingMethod.ANSI_X923,
'key_role_type': enums.KeyRoleType.KEK, 'key_role_type': enums.KeyRoleType.KEK,
'hashing_algorithm': enums.HashingAlgorithm.SHA_512} 'hashing_algorithm': enums.HashingAlgorithm.SHA512}
params = self.factory.create_attribute_value( params = self.factory.create_attribute_value(
enums.AttributeType.CRYPTOGRAPHIC_PARAMETERS, value) enums.AttributeType.CRYPTOGRAPHIC_PARAMETERS, value)
@ -81,14 +81,14 @@ class TestAttributeValueFactory(testtools.TestCase):
params.block_cipher_mode) params.block_cipher_mode)
self.assertEqual( self.assertEqual(
attributes.CryptographicParameters.PaddingMethod( attributes.CryptographicParameters.PaddingMethod(
enums.PaddingMethod.ANSI_X9_23), enums.PaddingMethod.ANSI_X923),
params.padding_method) params.padding_method)
self.assertEqual( self.assertEqual(
attributes.CryptographicParameters.KeyRoleType( attributes.CryptographicParameters.KeyRoleType(
enums.KeyRoleType.KEK), enums.KeyRoleType.KEK),
params.key_role_type) params.key_role_type)
self.assertEqual( self.assertEqual(
attributes.HashingAlgorithm(enums.HashingAlgorithm.SHA_512), attributes.HashingAlgorithm(enums.HashingAlgorithm.SHA512),
params.hashing_algorithm) params.hashing_algorithm)
def test_create_cryptographic_domain_parameters(self): def test_create_cryptographic_domain_parameters(self):