├── .gitignore ├── DESCRIPTION.rst ├── LICENSE.txt ├── MANIFEST.in ├── README.md ├── examples ├── README.md ├── destroy.py ├── ecgen-test.py ├── ecsign-test.py ├── keygen.py ├── keywrap.py ├── listkeys.py ├── listmechs.py ├── listslots.py ├── random.py ├── rsagen-test.py ├── rsasign-test.py ├── sign.py └── verify.py ├── pyhsm ├── __init__.py ├── convert.py ├── eccurveoids.py ├── eccurves.py ├── hsmclient.py ├── hsmenums.py ├── hsmerror.py ├── hsmmechinfo.py ├── hsmobject.py └── hsmslot.py ├── requirements.txt ├── setup.cfg ├── setup.py └── tests ├── __init__.py └── unit_tests ├── __init__.py └── unit_tests.py /.gitignore: -------------------------------------------------------------------------------- 1 | # other files 2 | pihsm.egg-info 3 | .idea 4 | pihsm/*.pyc 5 | src 6 | pihsm/__pycache__/ 7 | 8 | # Byte-compiled / optimized / DLL files 9 | __pycache__/ 10 | *.py[cod] 11 | *$py.class 12 | 13 | # C extensions 14 | *.so 15 | 16 | # Distribution / packaging 17 | .Python 18 | env/ 19 | build/ 20 | develop-eggs/ 21 | dist/ 22 | downloads/ 23 | eggs/ 24 | .eggs/ 25 | lib/ 26 | lib64/ 27 | parts/ 28 | sdist/ 29 | var/ 30 | *.egg-info/ 31 | .installed.cfg 32 | *.egg 33 | 34 | # PyInstaller 35 | # Usually these files are written by a python script from a template 36 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 37 | *.manifest 38 | *.spec 39 | 40 | # Installer logs 41 | pip-log.txt 42 | pip-delete-this-directory.txt 43 | 44 | # Unit test / coverage reports 45 | htmlcov/ 46 | .tox/ 47 | .coverage 48 | .coverage.* 49 | .cache 50 | nosetests.xml 51 | coverage.xml 52 | *,cover 53 | .hypothesis/ 54 | 55 | # Translations 56 | *.mo 57 | *.pot 58 | 59 | # Django stuff: 60 | *.log 61 | local_settings.py 62 | 63 | # Flask stuff: 64 | instance/ 65 | .webassets-cache 66 | 67 | # Scrapy stuff: 68 | .scrapy 69 | 70 | # Sphinx documentation 71 | docs/_build/ 72 | 73 | # PyBuilder 74 | target/ 75 | 76 | # IPython Notebook 77 | .ipynb_checkpoints 78 | 79 | # pyenv 80 | .python-version 81 | 82 | # celery beat schedule file 83 | celerybeat-schedule 84 | 85 | # dotenv 86 | .env 87 | 88 | # virtualenv 89 | venv/ 90 | ENV/ 91 | 92 | # Spyder project settings 93 | .spyderproject 94 | 95 | # Rope project settings 96 | .ropeproject 97 | -------------------------------------------------------------------------------- /DESCRIPTION.rst: -------------------------------------------------------------------------------- 1 | === py-hsm 2 | 3 | This project provides a simple but powerful interface to access Hardware 4 | Security Modules via the PKCS#11 API. The py-hsm module can be used with 5 | a variety of devices to access, create, manipulate, and wield objects 6 | on a PKCS#11 compliant HSM. 7 | 8 | This project requires the companion libhsm.so shared library for Linux/UNIX 9 | or libhsm.dll dynamic library for Windows. This library is available in 10 | github and can be easily compiled to Linux/UNIX systems using the provided 11 | build script. Once built and installed on the target system, the piHSM 12 | Client can the access the specific HSM hardware by directly access 13 | the vendor's provided PKCS#11 API implemenation. 14 | 15 | The caller can specify the target HSM vendor's PKCS#11 library directly 16 | when the HsmClient() is created via the pkcs11_lib argument.. 17 | 18 | === Example 1: 19 | 20 | from pyhsm.hsmclient import HsmClient 21 | from pyhsm.hsmclient HsmSymKeyGen 22 | from pyhsm.hsmclient HsmMech 23 | 24 | # create connection to HSM 25 | c = HsmClient(pkcs11_lib='/usr/lib64/pkcs11/libsofthsm2.so') 26 | c.open_session(slot=1) 27 | c.login(pin='12345678') 28 | 29 | # generate some random bytes 30 | r = c.generate_random(16) 31 | print(r) 32 | 33 | # create a key on the HSM 34 | hkey = c.create_secret_key("KEY_LABEL", keySize, HsmSymKeyGen.AES) 35 | print(hkey) 36 | 37 | # clean up 38 | c.close_session() 39 | c.logout() 40 | 41 | 42 | === Example 2: 43 | 44 | from pyhsm.hsmclient import HsmClient 45 | from pyhsm.hsmclient HsmSymKeyGen 46 | from pyhsm.hsmclient HsmMech 47 | 48 | # create connection to HSM using the auto open and close feature 49 | with c = HsmClient(slot=1, pin='12345678', pkcs11_lib='/usr/lib64/pkcs11/libsofthsm2.so'): 50 | # generate some random bytes 51 | r = c.generate_random(16) 52 | print(r) 53 | # create a key on the HSM 54 | hkey = c.create_secret_key("KEY_LABEL", keySize, HsmSymKeyGen.AES) 55 | print(hkey) 56 | 57 | 58 | 59 | 60 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | 2 | py-hsm is a Python module that provides simplified access to 3 | PKCS-11 compliant Hardware Security Modules (HSMs) 4 | 5 | Copyright (C) 2016, 2017 Cisco Systems 6 | 7 | This program is free software; you can redistribute it and/or 8 | modify it under the terms of the GNU General Public License 9 | as published by the Free Software Foundation; either version 2 10 | of the License, or (at your option) any later version. 11 | 12 | This program is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with this program; if not, write to the Free Software 19 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | 21 | 22 | 23 | GNU GENERAL PUBLIC LICENSE 24 | Version 2, June 1991 25 | 26 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 27 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 28 | Everyone is permitted to copy and distribute verbatim copies 29 | of this license document, but changing it is not allowed. 30 | 31 | Preamble 32 | 33 | The licenses for most software are designed to take away your 34 | freedom to share and change it. By contrast, the GNU General Public 35 | License is intended to guarantee your freedom to share and change free 36 | software--to make sure the software is free for all its users. This 37 | General Public License applies to most of the Free Software 38 | Foundation's software and to any other program whose authors commit to 39 | using it. (Some other Free Software Foundation software is covered by 40 | the GNU Lesser General Public License instead.) You can apply it to 41 | your programs, too. 42 | 43 | When we speak of free software, we are referring to freedom, not 44 | price. Our General Public Licenses are designed to make sure that you 45 | have the freedom to distribute copies of free software (and charge for 46 | this service if you wish), that you receive source code or can get it 47 | if you want it, that you can change the software or use pieces of it 48 | in new free programs; and that you know you can do these things. 49 | 50 | To protect your rights, we need to make restrictions that forbid 51 | anyone to deny you these rights or to ask you to surrender the rights. 52 | These restrictions translate to certain responsibilities for you if you 53 | distribute copies of the software, or if you modify it. 54 | 55 | For example, if you distribute copies of such a program, whether 56 | gratis or for a fee, you must give the recipients all the rights that 57 | you have. You must make sure that they, too, receive or can get the 58 | source code. And you must show them these terms so they know their 59 | rights. 60 | 61 | We protect your rights with two steps: (1) copyright the software, and 62 | (2) offer you this license which gives you legal permission to copy, 63 | distribute and/or modify the software. 64 | 65 | Also, for each author's protection and ours, we want to make certain 66 | that everyone understands that there is no warranty for this free 67 | software. If the software is modified by someone else and passed on, we 68 | want its recipients to know that what they have is not the original, so 69 | that any problems introduced by others will not reflect on the original 70 | authors' reputations. 71 | 72 | Finally, any free program is threatened constantly by software 73 | patents. We wish to avoid the danger that redistributors of a free 74 | program will individually obtain patent licenses, in effect making the 75 | program proprietary. To prevent this, we have made it clear that any 76 | patent must be licensed for everyone's free use or not licensed at all. 77 | 78 | The precise terms and conditions for copying, distribution and 79 | modification follow. 80 | 81 | GNU GENERAL PUBLIC LICENSE 82 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 83 | 84 | 0. This License applies to any program or other work which contains 85 | a notice placed by the copyright holder saying it may be distributed 86 | under the terms of this General Public License. The "Program", below, 87 | refers to any such program or work, and a "work based on the Program" 88 | means either the Program or any derivative work under copyright law: 89 | that is to say, a work containing the Program or a portion of it, 90 | either verbatim or with modifications and/or translated into another 91 | language. (Hereinafter, translation is included without limitation in 92 | the term "modification".) Each licensee is addressed as "you". 93 | 94 | Activities other than copying, distribution and modification are not 95 | covered by this License; they are outside its scope. The act of 96 | running the Program is not restricted, and the output from the Program 97 | is covered only if its contents constitute a work based on the 98 | Program (independent of having been made by running the Program). 99 | Whether that is true depends on what the Program does. 100 | 101 | 1. You may copy and distribute verbatim copies of the Program's 102 | source code as you receive it, in any medium, provided that you 103 | conspicuously and appropriately publish on each copy an appropriate 104 | copyright notice and disclaimer of warranty; keep intact all the 105 | notices that refer to this License and to the absence of any warranty; 106 | and give any other recipients of the Program a copy of this License 107 | along with the Program. 108 | 109 | You may charge a fee for the physical act of transferring a copy, and 110 | you may at your option offer warranty protection in exchange for a fee. 111 | 112 | 2. You may modify your copy or copies of the Program or any portion 113 | of it, thus forming a work based on the Program, and copy and 114 | distribute such modifications or work under the terms of Section 1 115 | above, provided that you also meet all of these conditions: 116 | 117 | a) You must cause the modified files to carry prominent notices 118 | stating that you changed the files and the date of any change. 119 | 120 | b) You must cause any work that you distribute or publish, that in 121 | whole or in part contains or is derived from the Program or any 122 | part thereof, to be licensed as a whole at no charge to all third 123 | parties under the terms of this License. 124 | 125 | c) If the modified program normally reads commands interactively 126 | when run, you must cause it, when started running for such 127 | interactive use in the most ordinary way, to print or display an 128 | announcement including an appropriate copyright notice and a 129 | notice that there is no warranty (or else, saying that you provide 130 | a warranty) and that users may redistribute the program under 131 | these conditions, and telling the user how to view a copy of this 132 | License. (Exception: if the Program itself is interactive but 133 | does not normally print such an announcement, your work based on 134 | the Program is not required to print an announcement.) 135 | 136 | These requirements apply to the modified work as a whole. If 137 | identifiable sections of that work are not derived from the Program, 138 | and can be reasonably considered independent and separate works in 139 | themselves, then this License, and its terms, do not apply to those 140 | sections when you distribute them as separate works. But when you 141 | distribute the same sections as part of a whole which is a work based 142 | on the Program, the distribution of the whole must be on the terms of 143 | this License, whose permissions for other licensees extend to the 144 | entire whole, and thus to each and every part regardless of who wrote it. 145 | 146 | Thus, it is not the intent of this section to claim rights or contest 147 | your rights to work written entirely by you; rather, the intent is to 148 | exercise the right to control the distribution of derivative or 149 | collective works based on the Program. 150 | 151 | In addition, mere aggregation of another work not based on the Program 152 | with the Program (or with a work based on the Program) on a volume of 153 | a storage or distribution medium does not bring the other work under 154 | the scope of this License. 155 | 156 | 3. You may copy and distribute the Program (or a work based on it, 157 | under Section 2) in object code or executable form under the terms of 158 | Sections 1 and 2 above provided that you also do one of the following: 159 | 160 | a) Accompany it with the complete corresponding machine-readable 161 | source code, which must be distributed under the terms of Sections 162 | 1 and 2 above on a medium customarily used for software interchange; or, 163 | 164 | b) Accompany it with a written offer, valid for at least three 165 | years, to give any third party, for a charge no more than your 166 | cost of physically performing source distribution, a complete 167 | machine-readable copy of the corresponding source code, to be 168 | distributed under the terms of Sections 1 and 2 above on a medium 169 | customarily used for software interchange; or, 170 | 171 | c) Accompany it with the information you received as to the offer 172 | to distribute corresponding source code. (This alternative is 173 | allowed only for noncommercial distribution and only if you 174 | received the program in object code or executable form with such 175 | an offer, in accord with Subsection b above.) 176 | 177 | The source code for a work means the preferred form of the work for 178 | making modifications to it. For an executable work, complete source 179 | code means all the source code for all modules it contains, plus any 180 | associated interface definition files, plus the scripts used to 181 | control compilation and installation of the executable. However, as a 182 | special exception, the source code distributed need not include 183 | anything that is normally distributed (in either source or binary 184 | form) with the major components (compiler, kernel, and so on) of the 185 | operating system on which the executable runs, unless that component 186 | itself accompanies the executable. 187 | 188 | If distribution of executable or object code is made by offering 189 | access to copy from a designated place, then offering equivalent 190 | access to copy the source code from the same place counts as 191 | distribution of the source code, even though third parties are not 192 | compelled to copy the source along with the object code. 193 | 194 | 4. You may not copy, modify, sublicense, or distribute the Program 195 | except as expressly provided under this License. Any attempt 196 | otherwise to copy, modify, sublicense or distribute the Program is 197 | void, and will automatically terminate your rights under this License. 198 | However, parties who have received copies, or rights, from you under 199 | this License will not have their licenses terminated so long as such 200 | parties remain in full compliance. 201 | 202 | 5. You are not required to accept this License, since you have not 203 | signed it. However, nothing else grants you permission to modify or 204 | distribute the Program or its derivative works. These actions are 205 | prohibited by law if you do not accept this License. Therefore, by 206 | modifying or distributing the Program (or any work based on the 207 | Program), you indicate your acceptance of this License to do so, and 208 | all its terms and conditions for copying, distributing or modifying 209 | the Program or works based on it. 210 | 211 | 6. Each time you redistribute the Program (or any work based on the 212 | Program), the recipient automatically receives a license from the 213 | original licensor to copy, distribute or modify the Program subject to 214 | these terms and conditions. You may not impose any further 215 | restrictions on the recipients' exercise of the rights granted herein. 216 | You are not responsible for enforcing compliance by third parties to 217 | this License. 218 | 219 | 7. If, as a consequence of a court judgment or allegation of patent 220 | infringement or for any other reason (not limited to patent issues), 221 | conditions are imposed on you (whether by court order, agreement or 222 | otherwise) that contradict the conditions of this License, they do not 223 | excuse you from the conditions of this License. If you cannot 224 | distribute so as to satisfy simultaneously your obligations under this 225 | License and any other pertinent obligations, then as a consequence you 226 | may not distribute the Program at all. For example, if a patent 227 | license would not permit royalty-free redistribution of the Program by 228 | all those who receive copies directly or indirectly through you, then 229 | the only way you could satisfy both it and this License would be to 230 | refrain entirely from distribution of the Program. 231 | 232 | If any portion of this section is held invalid or unenforceable under 233 | any particular circumstance, the balance of the section is intended to 234 | apply and the section as a whole is intended to apply in other 235 | circumstances. 236 | 237 | It is not the purpose of this section to induce you to infringe any 238 | patents or other property right claims or to contest validity of any 239 | such claims; this section has the sole purpose of protecting the 240 | integrity of the free software distribution system, which is 241 | implemented by public license practices. Many people have made 242 | generous contributions to the wide range of software distributed 243 | through that system in reliance on consistent application of that 244 | system; it is up to the author/donor to decide if he or she is willing 245 | to distribute software through any other system and a licensee cannot 246 | impose that choice. 247 | 248 | This section is intended to make thoroughly clear what is believed to 249 | be a consequence of the rest of this License. 250 | 251 | 8. If the distribution and/or use of the Program is restricted in 252 | certain countries either by patents or by copyrighted interfaces, the 253 | original copyright holder who places the Program under this License 254 | may add an explicit geographical distribution limitation excluding 255 | those countries, so that distribution is permitted only in or among 256 | countries not thus excluded. In such case, this License incorporates 257 | the limitation as if written in the body of this License. 258 | 259 | 9. The Free Software Foundation may publish revised and/or new versions 260 | of the General Public License from time to time. Such new versions will 261 | be similar in spirit to the present version, but may differ in detail to 262 | address new problems or concerns. 263 | 264 | Each version is given a distinguishing version number. If the Program 265 | specifies a version number of this License which applies to it and "any 266 | later version", you have the option of following the terms and conditions 267 | either of that version or of any later version published by the Free 268 | Software Foundation. If the Program does not specify a version number of 269 | this License, you may choose any version ever published by the Free Software 270 | Foundation. 271 | 272 | 10. If you wish to incorporate parts of the Program into other free 273 | programs whose distribution conditions are different, write to the author 274 | to ask for permission. For software which is copyrighted by the Free 275 | Software Foundation, write to the Free Software Foundation; we sometimes 276 | make exceptions for this. Our decision will be guided by the two goals 277 | of preserving the free status of all derivatives of our free software and 278 | of promoting the sharing and reuse of software generally. 279 | 280 | NO WARRANTY 281 | 282 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 283 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 284 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 285 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 286 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 287 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 288 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 289 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 290 | REPAIR OR CORRECTION. 291 | 292 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 293 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 294 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 295 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 296 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 297 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 298 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 299 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 300 | POSSIBILITY OF SUCH DAMAGES. 301 | 302 | END OF TERMS AND CONDITIONS 303 | 304 | How to Apply These Terms to Your New Programs 305 | 306 | If you develop a new program, and you want it to be of the greatest 307 | possible use to the public, the best way to achieve this is to make it 308 | free software which everyone can redistribute and change under these terms. 309 | 310 | To do so, attach the following notices to the program. It is safest 311 | to attach them to the start of each source file to most effectively 312 | convey the exclusion of warranty; and each file should have at least 313 | the "copyright" line and a pointer to where the full notice is found. 314 | 315 | {description} 316 | Copyright (C) {year} {fullname} 317 | 318 | This program is free software; you can redistribute it and/or modify 319 | it under the terms of the GNU General Public License as published by 320 | the Free Software Foundation; either version 2 of the License, or 321 | (at your option) any later version. 322 | 323 | This program is distributed in the hope that it will be useful, 324 | but WITHOUT ANY WARRANTY; without even the implied warranty of 325 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 326 | GNU General Public License for more details. 327 | 328 | You should have received a copy of the GNU General Public License along 329 | with this program; if not, write to the Free Software Foundation, Inc., 330 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 331 | 332 | Also add information on how to contact you by electronic and paper mail. 333 | 334 | If the program is interactive, make it output a short notice like this 335 | when it starts in an interactive mode: 336 | 337 | Gnomovision version 69, Copyright (C) year name of author 338 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 339 | This is free software, and you are welcome to redistribute it 340 | under certain conditions; type `show c' for details. 341 | 342 | The hypothetical commands `show w' and `show c' should show the appropriate 343 | parts of the General Public License. Of course, the commands you use may 344 | be called something other than `show w' and `show c'; they could even be 345 | mouse-clicks or menu items--whatever suits your program. 346 | 347 | You should also get your employer (if you work as a programmer) or your 348 | school, if any, to sign a "copyright disclaimer" for the program, if 349 | necessary. Here is a sample; alter the names: 350 | 351 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 352 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 353 | 354 | {signature of Ty Coon}, 1 April 1989 355 | Ty Coon, President of Vice 356 | 357 | This General Public License does not permit incorporating your program into 358 | proprietary programs. If your program is a subroutine library, you may 359 | consider it more useful to permit linking proprietary applications with the 360 | library. If this is what you want to do, use the GNU Lesser General 361 | Public License instead of this License. 362 | 363 | Contact GitHub API Training Shop Blog About 364 | 365 | © 2017 GitHub, Inc. Terms Privacy Security Status Help 366 | 367 | 368 | -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | include DESCRIPTION.rst 2 | # Include the test suite (FIXME: does not work yet) 3 | recursive-include data * -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # py-hsm 2 | 3 | ## Overview 4 | The py-hsm module enables Python users simplified access to any PKCS#11 standards compliant Hardware Security Module (HSM) or software API. The PKCS#11 API is a vendor-neutral, open standards API governed by the OASIS standards body. It provides a standard programmatic interface to Hardware Security Modules (HSMs) and HSM PaaS solutions such as Amazon's CloudHSM. 5 | 6 | ## What is an HSM? 7 | Hardware Security Modules (HSMs) are physical, electronic black box devices designed to provide hardware protected secure creation, management and storage of cryptographic keys and secrets. Most HSMs are actual physical devices that go through US and foreign government certification programs such as the US government's FIPS program. These programs rate the security and compliance level for specific HSM products. 8 | 9 | ## What is PKCS#11? 10 | Physical HSMs are built by a variety of 3rd party vendors and come in a variety of form factors. Yet, all mainstream HSM devices implement the industry OASIS C-based API called PKCS#11. The PKCS#11 API was first an industry defacto standard API originally developed by RSA Security for HSM security tokens. Later EMC acquired RSA Security. Shortly after the acquisition, the OASIS standards body took control of the PKCS #11 Cryptographic Token Interface Base Specification standard and made it a true industry standard API. Many existing software applications use the PKCS#11 API to interface with a variety of Hardware Security Modules in a vendor neutral manner. Although it is possible for developers to directly interact with a vendor's PKCS#11 API implemenation, the API is very complex and full of trip-ups and pitfalls. The goal of the pyhsm and libhsm modules is to provide Python users a simplified HSM interface, without sacrificing performance by abstracting away many of the painful complexities of the PKCS#11 API. 11 | 12 | ## Supported HSMs 13 | The py-hsm module has been tested to work with the following HSM devices and software based testbed HSMs. 14 | - Gemalto SafeNet Luna SA-4 15 | - Gemalto SafeNet Luna SA-5 16 | - Gemalto SafeNet Luna PCIe K5/K6 17 | - Gemalto SafeNet Luna CA-4 18 | - SafeNet ProtectServer PCIe 19 | - FutureX Vectera Series 20 | - Cavium LiquidSecurity FIPS PCIe Card 21 | - Utimaco Security Server Simulator (SMOS Ver. 3.1.2.3) 22 | - OpenDNSSEC SoftHSM 2.2.0 (softhsm2) 23 | 24 | ## Installation Prerequisites 25 | - Python 3.x 26 | - if Python 3.3 or less then enum34 is required ($ pip install enum34) 27 | - libhsm.so https://github.com/bentonstark/libhsm 28 | 29 | **pyenv** and optionally **virtualenv** can be used to create an 30 | isolated Python 3.x environment if 3.x is not available on your system. 31 | If there is enough demand requests, future versions may be back support Python 2.7.x 32 | 33 | ## Tested Platforms 34 | - Fedora 19, 23, 24, 25 35 | - Debian 36 | - CentOS 6 37 | - CentOS 7 38 | 39 | ## Pypi Installation Steps 40 | https://pypi.python.org/pypi/py-hsm 41 | ``` 42 | $ pip install py-hsm 43 | ``` 44 | 45 | ## Manual Installation Steps 46 | ``` 47 | $ git clone https://github.com/bentonstark/py-hsm.git 48 | $ cd py-hsm 49 | $ python setup.py install 50 | ``` 51 | ## Usage Examples 52 | ### Login / Logout 53 | ```python 54 | from pyhsm.hsmclient import HsmClient 55 | 56 | # note: the with keyword can be used to reduce login / logout steps 57 | # what is shown below is the verbose method 58 | c = HsmClient(pkcs11_lib="/usr/lib/vendorp11.so") 59 | c.open_session(slot=1) 60 | c.login(pin="partition_password") 61 | c.logout() 62 | c.close_session() 63 | ``` 64 | ### List Slots 65 | ```python 66 | from pyhsm.hsmclient import HsmClient 67 | 68 | # note: listing slot information does not require a login 69 | with HsmClient(pkcs11_lib="/usr/lib/vendorp11.so") as c: 70 | for s in c.get_slot_info(): 71 | print("----------------------------------------") 72 | print(s.to_string()) 73 | ``` 74 | ### List Objects 75 | ```python 76 | from pyhsm.hsmclient import HsmClient 77 | 78 | with HsmClient(slot=1, pin="partition_password", pkcs11_lib="/usr/lib/vendorp11.so") as c: 79 | for s in c.get_slot_info(): 80 | obj_list = c.get_objects() 81 | for obj in obj_list: 82 | print(obj.to_string()) 83 | ``` 84 | ### Sign 85 | ```python 86 | from pyhsm.hsmclient import HsmClient 87 | from pyhsm.hsmenums import HsmMech 88 | from pyhsm.convert import bytes_to_hex 89 | 90 | with HsmClient(slot=1, pin="partition_password", pkcs11_lib="/usr/lib/vendorp11.so") as c: 91 | sig = c.sign(handle=1, data=data_to_sign, mechanism=HsmMech.SHA256_RSA_PKCS) 92 | print(bytes_to_hex(sig)) 93 | ``` 94 | ### Verify 95 | ```python 96 | from pyhsm.hsmclient import HsmClient 97 | from pyhsm.hsmenums import HsmMech 98 | 99 | with HsmClient(slot=1, pin="partition_password", pkcs11_lib="/usr/lib/vendorp11.so") as c: 100 | result = c.verify(handle=1, 101 | data=data_to_verify, 102 | signature=sig, 103 | mechanism=HsmMech.SHA256_RSA_PKCS) 104 | print(str(result)) 105 | ``` 106 | ### Encrypt 107 | ```python 108 | from pyhsm.hsmclient import HsmClient 109 | from pyhsm.hsmenums import HsmMech 110 | from pyhsm.convert import bytes_to_hex 111 | 112 | with HsmClient(slot=1, pin="partition_password", pkcs11_lib="/usr/lib/vendorp11.so") as c: 113 | ciphertext = c.encrypt(handle=aes_key_handle, 114 | data=cleartext, 115 | mechanism=HsmMech.AES_CBC_PAD, 116 | iv=init_vector) 117 | print(bytes_to_hex(ciphertext)) 118 | ``` 119 | ### Decrypt 120 | ```python 121 | from pyhsm.hsmclient import HsmClient 122 | from pyhsm.hsmenums import HsmMech 123 | from pyhsm.convert import bytes_to_hex 124 | 125 | with HsmClient(slot=1, pin="partition_password", pkcs11_lib="/usr/lib/vendorp11.so") as c: 126 | cleartext = c.decrypt(handle=aes_key_handle, data=ciphertext, mechanism=HsmMech.AES_CBC_PAD, iv=init_vector) 127 | print(bytes_to_hex(cleartext)) 128 | ``` 129 | ### Create AES Key 130 | ```python 131 | from pyhsm.hsmclient import HsmClient 132 | from pyhsm.hsmenums import HsmSymKeyGen 133 | 134 | with HsmClient(slot=1, pin="partition_password", pkcs11_lib="/usr/lib/vendorp11.so") as c: 135 | key_handle = c.create_secret_key(key_label="my_aes_key", 136 | key_type=HsmSymKeyGen.AES, 137 | key_size_in_bits=256, 138 | token=True, 139 | private=True, 140 | modifiable=False, 141 | extractable=False, 142 | sign=True, 143 | verify=True, 144 | decrypt=True, 145 | wrap=True, 146 | unwrap=True, 147 | derive=False) 148 | print(key_handle) 149 | ``` 150 | ### Create RSA Key Pair 151 | ```python 152 | from pyhsm.hsmclient import HsmClient 153 | 154 | with HsmClient(slot=1, pin="partition_password", pkcs11_lib="/usr/lib/vendorp11.so") as c: 155 | key_handles = c.create_rsa_key_pair(public_key_label="my_rsa_pub", 156 | private_key_label="my_rsa_pvt", 157 | key_length=2048, 158 | public_exponent=b"\x01\x00\x01", 159 | token=True, 160 | private=True, 161 | modifiable=False, 162 | extractable=False, 163 | sign_verify=True, 164 | encrypt_decrypt=True, 165 | wrap_unwrap=True, 166 | derive=False) 167 | print("public_handle: " + key_handles[0]) 168 | print("private_handle: " + key_handles[1]) 169 | ``` 170 | ### Create EC Key Pair 171 | ```python 172 | from pyhsm.hsmclient import HsmClient 173 | from pyhsm.convert import hex_to_bytes 174 | from pyhsm.eccurveoids import EcCurveOids 175 | 176 | with HsmClient(slot=1, pin="partition_password", pkcs11_lib="/usr/lib/vendorp11.so") as c: 177 | # NIST P-256 178 | key_handles = c.create_ecc_key_pair(public_key_label="my_ec_pub", 179 | private_key_label="my_ec_pvt", 180 | curve_parameters=EcCurveOids.P256, 181 | token=True, 182 | private=True, 183 | modifiable=False, 184 | extractable=False, 185 | sign_verify=True, 186 | encrypt_decrypt=True, 187 | wrap_unwrap=True, 188 | derive=False) 189 | print("public_handle: " + key_handles[0]) 190 | print("private_handle: " + key_handles[1]) 191 | ``` 192 | ### Wrap Key (AES wrapped with AES) 193 | ```python 194 | from pyhsm.hsmclient import HsmClient 195 | from pyhsm.hsmenums import HsmMech 196 | from pyhsm.convert import bytes_to_hex 197 | 198 | with HsmClient(slot=1, pin="partition_password", pkcs11_lib="/usr/lib/vendorp11.so") as c: 199 | my_key_handle_to_wrap = 1 200 | my_aes_wrapping_key_handle = 2 201 | iv = c.generate_random(size=16) 202 | 203 | wrapped_key_bytes = c.wrap_key(key_handle=my_key_handle_to_wrap, 204 | wrap_key_handle=my_aes_wrapping_key_handle, 205 | wrap_key_mech=HsmMech.AES_CBC_PAD, 206 | wrap_key_iv=iv) 207 | print(bytes_to_hex(wrapped_key_bytes)) 208 | ``` 209 | ### Unwrap Key (AES wrapped with AES) 210 | ```python 211 | from pyhsm.hsmclient import HsmClient 212 | from pyhsm.hsmenums import HsmMech 213 | from pyhsm.convert import bytes_to_hex 214 | 215 | with HsmClient(slot=1, pin="partition_password", pkcs11_lib="/usr/lib/vendorp11.so") as c: 216 | hkey = c.unwrap_secret_key(wrap_key_handle=wraping_key_handle, 217 | wrap_key_mech=HsmMech.AES_CBC_PAD, 218 | wrap_key_iv=iv, 219 | key_label="my_key", 220 | key_data=wrapped_key_bytes, 221 | key_type=HsmSymKeyType.AES, 222 | key_size_in_bits=key_size, 223 | token=True, 224 | private=True, 225 | modifiable=False, 226 | extractable=False, 227 | sign=True, 228 | verify=True, 229 | encrypt=True, 230 | decrypt=True, 231 | wrap=True, 232 | unwrap=True, 233 | derive=False) 234 | ``` 235 | ### Generate Random 236 | ```python 237 | from pyhsm.hsmclient import HsmClient 238 | from pyhsm.convert import bytes_to_hex 239 | 240 | with HsmClient(slot=1, pin="partition_password", pkcs11_lib="/usr/lib/vendorp11.so") as c: 241 | rnd_bytes = c.generate_random(size=16) 242 | print(bytes_to_hex(rnd_bytes)) 243 | ``` 244 | ### Get Object Handle by Label 245 | ```python 246 | from pyhsm.hsmclient import HsmClient 247 | 248 | with HsmClient(slot=1, pin="partition_password", pkcs11_lib="/usr/lib/vendorp11.so") as c: 249 | handle = c.get_object_handle(label="my_key_label") 250 | print(str(handle)) 251 | ``` 252 | ### Change Object Label 253 | ```python 254 | from pyhsm.hsmclient import HsmClient 255 | from pyhsm.hsmenums import HsmAttribute 256 | from pyhsm.convert import str_to_bytes 257 | 258 | with HsmClient(slot=1, pin="partition_password", pkcs11_lib="/usr/lib/vendorp11.so") as c: 259 | my_key_label = 1 260 | c.set_attribute_value(handle=my_key_label, 261 | attribute_type=HsmAttribute.LABEL, 262 | attribute_value=str_to_bytes("my_new_label")) 263 | ``` 264 | 265 | 266 | 267 | 268 | 269 | 270 | 271 | 272 | -------------------------------------------------------------------------------- /examples/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Examples with Cavium HSM 3 | Not: The partition pin must be in the format username:password. 4 | 5 | ### Generate Random Data (hex format) 6 | $ python random.py -p11 /home/liquidsec_bin/lib/libliquidsec_pkcs11.so -slot 1 -pin crypto_user:12345678 -encoding hex -size 16 7 | 8 | ### Timed tests for RSA signing 9 | $ python rsasign-test.py -p11 /home/liquidsec_bin/lib/libliquidsec_pkcs11.so -slot 1 -pin crypto_user:12345678 --gen-mech RSA_X9_31_KEY_PAIR_GEN --sign-mech SHA256_RSA_PKCS -size 2048 -ops 100 10 | 11 | ### Timed tests for EC signing 12 | $ python ecsign-test.py -p11 /home/liquidsec_bin/lib/libliquidsec_pkcs11.so -slot 1 -pin crypto_user:12345678 -curve P256 --sign-mech ECDSA_SHA1 -ops 100 13 | 14 | ### AES Key Generation 15 | $ python keygen.py -p11 /home/liquidsec_bin/lib/libliquidsec_pkcs11.so -slot 1 -pin crypto_user:12345678 -keyType AES -size 256 -l my_aes_key -s -ve -e -d -w -uw -X 16 | 17 | ### Timed tests for RSA generation (1 operation) 18 | $ python rsagen-test.py -p11 /home/liquidsec_bin/lib/libliquidsec_pkcs11.so -slot 1 -pin crypto_user:12345678 -mech RSA_X9_31_KEY_PAIR_GEN -size 2048 -size 2048 -ops 1 19 | 20 | ### Timed tests for EC generation (1 operation) 21 | $ python ecgen-test.py -p11 /home/liquidsec_bin/lib/libliquidsec_pkcs11.so -slot 1 -pin crypto_user:12345678 -curve P256 -ops 1 22 | 23 | ### List Keys (tabular) 24 | $ python listkeys.py -p11 /home/liquidsec_bin/lib/libliquidsec_pkcs11.so -slot 1 -pin crypto_user:12345678 25 | 26 | ### List Keys (detailed) 27 | $ python listkeys.py -p11 /home/liquidsec_bin/lib/libliquidsec_pkcs11.so -slot 1 -pin crypto_user:12345678 --show-all 28 | 29 | ### List Supported Mechanisms (detailed) 30 | $ python listmechs.py -p11 /home/liquidsec_bin/lib/libliquidsec_pkcs11.so -slot 1 -pin crypto_user:12345678 --show-all 31 | 32 | ### Sign / Verify 33 | $ python sign.py -p11 /home/liquidsec_bin/lib/libliquidsec_pkcs11.so -slot 1 -pin crypto_user:12345678 -data 0A0B0C0102030405 -mech SHA256_RSA_PKCS -handle 24 34 | abc83fcc070c6f103a60742543c144c9dc4f3c340647d7bbbe5862105aaf280677e58b5c5cb179b6ec683791c423f71c37d3db67014b226472aa5312f76646d5f720bd6110dff5a5234e540821034afad48c32fce39d56e4feef4b120a63d74b5c13a4e8fe0e851821c1534d27fcb19b752a47adbd1bf4563443b0d744622f6e75f63cd8b3ff17edf2dd284344f886586769d68b04e29b0fd7f8a836c8dd8a3b28577134d3a15a331c35f68db616873d10be029c95685ca3691cfdaab066e428a0568e1ce24ceb4d42679f596eff45ee1feffc632e08b7eb401f743a0c0a0689abe6bee4e81ddb6b26348a5e9d492e191784a3cad34fb0eba6671fc84aab1569 35 | 36 | $ python verify.py -p11 /home/liquidsec_bin/lib/libliquidsec_pkcs11.so -slot 1 -pin crypto_user:12345678 -data 0A0B0C0102030405 -mech SHA256_RSA_PKCS -handle 25 -sig abc83fcc070c6f103a60742543c144c9dc4f3c340647d7bbbe5862105aaf280677e58b5c5cb179b6ec683791c423f71c37d3db67014b226472aa5312f76646d5f720bd6110dff5a5234e540821034afad48c32fce39d56e4feef4b120a63d74b5c13a4e8fe0e851821c1534d27fcb19b752a47adbd1bf4563443b0d744622f6e75f63cd8b3ff17edf2dd284344f886586769d68b04e29b0fd7f8a836c8dd8a3b28577134d3a15a331c35f68db616873d10be029c95685ca3691cfdaab066e428a0568e1ce24ceb4d42679f596eff45ee1feffc632e08b7eb401f743a0c0a0689abe6bee4e81ddb6b26348a5e9d492e191784a3cad34fb0eba6671fc84aab1569 37 | Sig Verify Result: True 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /examples/destroy.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | 8 | import argparse 9 | from pathlib import Path 10 | from pyhsm.hsmclient import HsmClient 11 | 12 | 13 | def __main(): 14 | 15 | parser = argparse.ArgumentParser("destroy", description="Destroy object on the HSM partition.") 16 | parser.add_argument("-handle", dest="handle", required=True, type=int, 17 | help="Handle of key to destroy.") 18 | parser.add_argument("-p11", dest="module", required=True, 19 | help="Full path to HSM's PKCS#11 shared library.") 20 | parser.add_argument("-slot", dest="slot", type=int, required=True, help="HSM slot number.") 21 | parser.add_argument("-pin", dest="pin", type=str, required=True, help="HSM slot partition or pin.") 22 | parser.set_defaults(func=__menu_handler) 23 | args = parser.parse_args() 24 | args.func(args) 25 | 26 | 27 | def __menu_handler(args): 28 | 29 | if not Path(args.module).is_file(): 30 | print("(-p11) path does not exist") 31 | exit() 32 | 33 | with HsmClient(slot=args.slot, pin=args.pin, pkcs11_lib=args.module) as c: 34 | c.destroy_object(handle=args.handle) 35 | 36 | 37 | if __name__ == '__main__': 38 | __main() 39 | -------------------------------------------------------------------------------- /examples/ecgen-test.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | 8 | import os 9 | import argparse 10 | from time import time 11 | from pathlib import Path 12 | from pyhsm.hsmclient import HsmClient 13 | from pyhsm.convert import bytes_to_hex 14 | from pyhsm.eccurveoids import EcCurveOids 15 | 16 | 17 | def __main(): 18 | 19 | parser = argparse.ArgumentParser("ecgen-test", description="EC key generation timed test.") 20 | 21 | parser.add_argument("-curve", dest="curveName", type=str, default='P256', choices=['P192', 'P224', 'P256', 22 | 'P384', 'P512'], help="Named EC curve (default: P256)") 23 | parser.add_argument("-ops", dest="ops", type=int, default=10, 24 | help="Number of key generation operations (default: 10)") 25 | parser.add_argument("-persist", dest="persist", action="store_true", help="Persist keys on the partition" 26 | "and do not remove them after the session closes.") 27 | parser.add_argument("-p11", dest="module", required=True, 28 | help="Full path to HSM's PKCS#11 shared library.") 29 | parser.add_argument("-slot", dest="slot", type=int, required=True, help="HSM slot number.") 30 | parser.add_argument("-pin", dest="pin", type=str, required=True, help="HSM slot partition or pin.") 31 | parser.set_defaults(func=__menu_handler) 32 | args = parser.parse_args() 33 | args.func(args) 34 | 35 | 36 | def __menu_handler(args): 37 | 38 | if not Path(args.module).is_file(): 39 | print("(-p11) path does not exist") 40 | exit() 41 | 42 | print("starting test...") 43 | 44 | with HsmClient(slot=args.slot, pin=args.pin, pkcs11_lib=args.module) as c: 45 | # get start time 46 | t0 = time() 47 | try: 48 | for i in range(1, args.ops + 1): 49 | unique_tag = bytes_to_hex(os.urandom(4)) 50 | c.create_ecc_key_pair(public_key_label="EC_PUB_TEST_KEY_{}".format(unique_tag), 51 | private_key_label="EC_PVT_TEST_KEY_{}".format(unique_tag), 52 | ec_params=EcCurveOids[args.curveName], 53 | token=args.persist, 54 | sign_verify=True, 55 | encrypt_decrypt=False, 56 | wrap_unwrap=False, 57 | public_private=False) 58 | 59 | except KeyboardInterrupt: 60 | print("interrupted") 61 | # get stop time 62 | t1 = time() 63 | 64 | print("end test") 65 | 66 | elapsed = t1 - t0 67 | total_ops = args.ops 68 | print("\n-------------------------------------") 69 | print("RESULTS") 70 | print("-------------------------------------") 71 | print("test: ecgen-test") 72 | print("curve: {}".format(args.curveName)) 73 | print("total_ops: {}".format(total_ops)) 74 | print("elapsed_time_ms: " + str(round(elapsed * 1000, 4))) 75 | print("ops/sec: " + str(round(total_ops / elapsed, 2))) 76 | print("-------------------------------------\n") 77 | 78 | 79 | if __name__ == '__main__': 80 | __main() 81 | -------------------------------------------------------------------------------- /examples/ecsign-test.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | 8 | import os 9 | import argparse 10 | from time import time 11 | from pathlib import Path 12 | from pyhsm.hsmclient import HsmClient 13 | from pyhsm.convert import bytes_to_hex 14 | from pyhsm.hsmenums import HsmMech 15 | from pyhsm.eccurveoids import EcCurveOids 16 | 17 | 18 | def __main(): 19 | 20 | parser = argparse.ArgumentParser("ecsign-test", description="EC signing timed test.") 21 | parser.add_argument("-mech", "--sign-mech", dest="signMech", type=str, default="ECDSA_SHA1", 22 | choices=[ 23 | "ECDSA_SHA1", 24 | "ECDSA_SHA224", 25 | "ECDSA_SHA256", 26 | "ECDSA_SHA384", 27 | "ECDSA_SHA512", 28 | "CA_LUNA_ECDSA_SHA224", 29 | "CA_LUNA_ECDSA_SHA256", 30 | "CA_LUNA_ECDSA_SHA384", 31 | "CA_LUNA_ECDSA_SHA512" 32 | ], 33 | help="EC signing mechanism (algorithm) to use. (default: ECDSA_SHA1)") 34 | parser.add_argument("-curve", dest="curveName", type=str, default='P256', choices=['P192', 'P224', 'P256', 35 | 'P384', 'P512'], help="Named EC curve (default: P256)") 36 | parser.add_argument("-ops", dest="ops", type=int, default=100, 37 | help="Number of signing operations (default: 100)") 38 | parser.add_argument("-dz", "--data-size", dest="dataSize", type=int, default=100, 39 | help="Size (in bytes) of random test data to sign. (default: 100)") 40 | parser.add_argument("-p11", dest="module", required=True, 41 | help="Full path to HSM's PKCS#11 shared library.") 42 | parser.add_argument("-slot", dest="slot", type=int, required=True, help="HSM slot number.") 43 | parser.add_argument("-pin", dest="pin", type=str, required=True, help="HSM slot partition or pin.") 44 | parser.set_defaults(func=__menu_handler) 45 | args = parser.parse_args() 46 | args.func(args) 47 | 48 | 49 | def __menu_handler(args): 50 | 51 | if not Path(args.module).is_file(): 52 | print("(-p11) path does not exist") 53 | exit() 54 | 55 | print("starting test...") 56 | 57 | with HsmClient(slot=args.slot, pin=args.pin, pkcs11_lib=args.module) as c: 58 | 59 | unique_tag = bytes_to_hex(os.urandom(4)) 60 | key_handles = c.create_ecc_key_pair(public_key_label="EC_PUB_TEST_KEY_{}".format(unique_tag), 61 | private_key_label="EC_PVT_TEST_KEY_{}".format(unique_tag), 62 | ec_params=EcCurveOids[args.curveName], 63 | sign_verify=True, 64 | encrypt_decrypt=False, 65 | wrap_unwrap=False, 66 | public_private=False) 67 | 68 | pvt_h = key_handles[1] 69 | data = os.urandom(args.dataSize) 70 | 71 | # get start time 72 | t0 = time() 73 | try: 74 | for i in range(1, args.ops + 1): 75 | 76 | c.sign(handle=pvt_h, 77 | data=data, 78 | mechanism=HsmMech[args.signMech]) 79 | 80 | except KeyboardInterrupt: 81 | print("interrupted") 82 | 83 | # get stop time 84 | t1 = time() 85 | 86 | print("end test") 87 | 88 | elapsed = t1 - t0 89 | total_ops = args.ops 90 | print("\n-------------------------------------") 91 | print("RESULTS") 92 | print("-------------------------------------") 93 | print("test: ecsign-test") 94 | print("curve: {}".format(args.curveName)) 95 | print("mechanism: {}".format(args.signMech)) 96 | print("total_ops: {}".format(total_ops)) 97 | print("elapsed_time_ms: " + str(round(elapsed * 1000, 4))) 98 | print("ops/sec: " + str(round(total_ops / elapsed, 2))) 99 | print("-------------------------------------\n") 100 | 101 | 102 | if __name__ == '__main__': 103 | __main() 104 | -------------------------------------------------------------------------------- /examples/keygen.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | 8 | import argparse 9 | from pathlib import Path 10 | from pyhsm.hsmclient import HsmClient 11 | from pyhsm.hsmenums import HsmSymKeyGen 12 | 13 | 14 | def __main(): 15 | 16 | parser = argparse.ArgumentParser("keygen", description="Generates a symmetric key.") 17 | parser.add_argument("-keyType", dest="keyType", type=str, required=True, help="Key type.", 18 | choices=[ 19 | "AES", 20 | "DES", 21 | "DES2", 22 | "DES3", 23 | "RC2", 24 | "RC4", 25 | "RC5", 26 | "CAST", 27 | "CAST3", 28 | "IDEA", 29 | "Baton", 30 | "Juniper" 31 | ]) 32 | parser.add_argument("-size", dest="keySize", type=int, required=True, help="Size of key in bits.") 33 | parser.add_argument("-l", dest="keyLabel", type=str, required=True, help="Key label. Can contain spaces.") 34 | parser.add_argument("-w", dest="wrap", action="store_true", help="Allow wrap operations.") 35 | parser.add_argument("-uw", dest="unwrap", action="store_true", help="Allow unwrap operations.") 36 | parser.add_argument("-e", dest="encrypt", action="store_true", help="Allow encrypt operations.") 37 | parser.add_argument("-d", dest="decrypt", action="store_true", help="Allow decrypt operations.") 38 | parser.add_argument("-s", dest="sign", action="store_true", help="Allow sign operations.") 39 | parser.add_argument("-ve", dest="verify", action="store_true", help="Allow verify operations.") 40 | parser.add_argument("-de", dest="derive", action="store_true", help="Allow derivation operations.") 41 | parser.add_argument("-X", dest="extractable", action="store_true", help="Allow key to be extracted.") 42 | parser.add_argument("-M", dest="modifiable", action="store_true", help="Allow key to be modified.") 43 | parser.add_argument("-O", dest="overwrite", action="store_true", help="Overwrite any existing key with same label.") 44 | parser.add_argument("-p11", dest="module", required=True, 45 | help="Full path to HSM's PKCS#11 shared library.") 46 | parser.add_argument("-slot", dest="slot", type=int, required=True, help="HSM slot number.") 47 | parser.add_argument("-pin", dest="pin", type=str, required=True, help="HSM slot partition or pin.") 48 | parser.set_defaults(func=__menu_handler) 49 | args = parser.parse_args() 50 | args.func(args) 51 | 52 | 53 | def __menu_handler(args): 54 | 55 | if not Path(args.module).is_file(): 56 | print("(-p11) path does not exist") 57 | exit() 58 | 59 | with HsmClient(slot=args.slot, pin=args.pin, pkcs11_lib=args.module) as c: 60 | # create a new symmetric key on HSM 61 | hkey = c.create_secret_key(key_label=args.keyLabel, 62 | key_type=HsmSymKeyGen[args.keyType], 63 | key_size_in_bits=args.keySize, 64 | wrap=args.wrap, 65 | unwrap=args.unwrap, 66 | encrypt=args.encrypt, 67 | decrypt=args.decrypt, 68 | sign=args.sign, 69 | verify=args.verify, 70 | derive=args.derive, 71 | extractable=args.extractable, 72 | modifiable=args.modifiable, 73 | overwrite=args.overwrite, 74 | private=True, 75 | token=True) 76 | print("key with handle {} created on partition.".format(str(hkey))) 77 | 78 | 79 | if __name__ == '__main__': 80 | __main() 81 | -------------------------------------------------------------------------------- /examples/keywrap.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | 8 | import argparse 9 | from pathlib import Path 10 | from pyhsm.hsmclient import HsmClient 11 | from pyhsm.hsmenums import HsmMech 12 | from pyhsm.convert import bytes_to_hex 13 | 14 | def __main(): 15 | 16 | parser = argparse.ArgumentParser("aeskeywrap", description="Wraps a key using the CKM_AES_KEY_WRAP mechanism.") 17 | parser.add_argument("-whandle", "--wrap-handle", dest="wrapHandle", required=True, type=int, 18 | help="Handle of of AES wrapping key.") 19 | parser.add_argument("-handle", dest="handle", required=True, type=int, help="Handle of key to wrap.") 20 | parser.add_argument("-p11", dest="module", required=True, 21 | help="Full path to HSM's PKCS#11 shared library.") 22 | parser.add_argument("-slot", dest="slot", type=int, required=True, help="HSM slot number.") 23 | parser.add_argument("-pin", dest="pin", type=str, required=True, help="HSM slot partition or pin.") 24 | parser.set_defaults(func=__menu_handler) 25 | args = parser.parse_args() 26 | args.func(args) 27 | 28 | 29 | def __menu_handler(args): 30 | 31 | if not Path(args.module).is_file(): 32 | print("(-p11) path does not exist") 33 | exit() 34 | 35 | with HsmClient(slot=args.slot, pin=args.pin, pkcs11_lib=args.module) as c: 36 | 37 | iv = c.generate_random(size=16) 38 | wrapped_key_bytes = c.wrap_key(key_handle=args.handle, wrap_key_handle=args.wrapHandle, wrap_key_iv=iv, 39 | wrap_key_mech=HsmMech.AES_KEY_WRAP) 40 | print("iv: {}".format(bytes_to_hex(iv))) 41 | print("wrapped_key_bytes: {}".format(bytes_to_hex(wrapped_key_bytes))) 42 | 43 | 44 | if __name__ == '__main__': 45 | __main() 46 | -------------------------------------------------------------------------------- /examples/listkeys.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | 8 | import argparse 9 | from pathlib import Path 10 | from pyhsm.hsmclient import HsmClient 11 | 12 | 13 | def __main(): 14 | 15 | parser = argparse.ArgumentParser("listkeys", description="List keys on partition.") 16 | parser.add_argument("-p11", dest="module", required=True, 17 | help="Full path to HSM's PKCS#11 shared library.") 18 | parser.add_argument("-slot", dest="slot", type=int, required=True, help="HSM slot number.") 19 | parser.add_argument("-pin", dest="pin", type=str, required=True, help="HSM slot partition or pin.") 20 | parser.add_argument("-al", "--show-all", dest="showAll", action="store_true", 21 | help="Display attributes long version.") 22 | parser.set_defaults(func=__menu_handler) 23 | args = parser.parse_args() 24 | args.func(args) 25 | 26 | 27 | def __menu_handler(args): 28 | 29 | if not Path(args.module).is_file(): 30 | print("(-p11) path does not exist") 31 | exit() 32 | 33 | with HsmClient(slot=args.slot, pin=args.pin, pkcs11_lib=args.module) as c: 34 | serial_number = c.get_slot_info()[0].serialNumber 35 | print("") 36 | print("slot number: " + str(args.slot)) 37 | print("serial number: " + serial_number) 38 | 39 | # print header and print to console 40 | if not args.showAll: 41 | print("Handle".ljust(8) + "Label".ljust(30) + "Key Type".ljust(10) + "Class".ljust(15) 42 | + "Attributes".ljust(10)) 43 | print("------- ----------------------------- --------- -------------- -------------") 44 | obj_list = c.get_objects(fast_load=True) 45 | else: 46 | obj_list = c.get_objects(fast_load=False) 47 | 48 | # loop the objects and print to console 49 | for o in obj_list: 50 | __print_object(o, args.showAll) 51 | 52 | 53 | def __print_object(obj, detail_level): 54 | if detail_level: 55 | print("----------------------------------------") 56 | print(obj.to_string()) 57 | else: 58 | attribs = "e" if obj.encrypt else "-" 59 | attribs += "d" if obj.decrypt else "-" 60 | attribs += "w" if obj.wrap else "-" 61 | attribs += "u" if obj.unwrap else "-" 62 | attribs += "s" if obj.sign else "-" 63 | attribs += "v" if obj.verify else "-" 64 | attribs += "X" if obj.extractable else "-" 65 | attribs += "M" if obj.modifiable else "-" 66 | attribs += "T" if obj.token else "-" 67 | attribs += "S" if obj.sensitive else "-" 68 | attribs += "R" if obj.derive else "-" 69 | attribs += "P" if obj.private else "-" 70 | print(str(obj.handle).ljust(8) + obj.label.ljust(30)[:40] + str(obj.keyType)[11:].ljust(10) 71 | + str(obj.class_)[14:].ljust(15) + attribs) 72 | 73 | 74 | if __name__ == '__main__': 75 | __main() 76 | -------------------------------------------------------------------------------- /examples/listmechs.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | 8 | import argparse 9 | from pathlib import Path 10 | from pyhsm.hsmclient import HsmClient 11 | 12 | 13 | def __main(): 14 | 15 | parser = argparse.ArgumentParser("listmechs", description="Gets supported mechanisms from HSM.") 16 | parser.add_argument("-p11", dest="module", required=True, 17 | help="Full path to HSM's PKCS#11 shared library.") 18 | parser.add_argument("-slot", dest="slot", type=int, required=True, help="HSM slot number.") 19 | parser.add_argument("-pin", dest="pin", type=str, required=True, help="HSM slot partition or pin.") 20 | parser.add_argument("-al", "--show-all", dest="showAll", action="store_true", 21 | help="Display long version.") 22 | parser.set_defaults(func=__menu_handler) 23 | args = parser.parse_args() 24 | args.func(args) 25 | 26 | 27 | def __menu_handler(args): 28 | 29 | if not Path(args.module).is_file(): 30 | print("(-p11) path does not exist") 31 | exit() 32 | 33 | with HsmClient(slot=args.slot, pin=args.pin, pkcs11_lib=args.module) as c: 34 | for mech in c.get_mechanism_info(args.slot): 35 | if args.showAll: 36 | print("----------------------------------------") 37 | print(mech.to_string()) 38 | else: 39 | print("{} ({})".format(mech.mechanismName, mech.mechanismValue)) 40 | 41 | 42 | if __name__ == '__main__': 43 | __main() 44 | -------------------------------------------------------------------------------- /examples/listslots.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | 8 | import argparse 9 | from pyhsm.hsmclient import HsmClient 10 | 11 | 12 | parser = argparse.ArgumentParser("listslots", description="List HSM slots.") 13 | parser.add_argument("-p11", dest="module", required=True, 14 | help="Full path to HSM's PKCS#11 shared library.") 15 | args = parser.parse_args() 16 | 17 | # note: listing slot information does not require a login 18 | # example connects to the open source softHSM v2 19 | with HsmClient(pkcs11_lib=args.module) as c: 20 | for s in c.get_slot_info(): 21 | print("----------------------------------------") 22 | print(s.to_string()) 23 | -------------------------------------------------------------------------------- /examples/random.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | 8 | import argparse 9 | from pathlib import Path 10 | from base64 import b64encode 11 | from pyhsm.hsmclient import HsmClient 12 | from pyhsm.convert import bytes_to_hex 13 | 14 | 15 | def __main(): 16 | 17 | parser = argparse.ArgumentParser("random", description="Gets random data from the HSM's RNG.") 18 | parser.add_argument("-size", dest="size", default=16, type=int, 19 | help="Number of random bytes.") 20 | parser.add_argument("-encoding", dest="encoding", type=str, default='hex', 21 | choices=['hex', 'base64'], 22 | help="Binary data encoding (default: hex)") 23 | parser.add_argument("-p11", dest="module", required=True, 24 | help="Full path to HSM's PKCS#11 shared library.") 25 | parser.add_argument("-slot", dest="slot", type=int, required=True, help="HSM slot number.") 26 | parser.add_argument("-pin", dest="pin", type=str, required=True, help="HSM slot partition or pin.") 27 | parser.set_defaults(func=__menu_handler) 28 | args = parser.parse_args() 29 | args.func(args) 30 | 31 | 32 | def __menu_handler(args): 33 | 34 | if not Path(args.module).is_file(): 35 | print("(-p11) path does not exist") 36 | exit() 37 | 38 | with HsmClient(slot=args.slot, pin=args.pin, pkcs11_lib=args.module) as c: 39 | result = c.generate_random(size=args.size) 40 | 41 | if args.encoding == "hex": 42 | print(bytes_to_hex(result)) 43 | elif args.encoding == "base64": 44 | print(str(b64encode(result))[2:-1]) 45 | 46 | 47 | if __name__ == '__main__': 48 | __main() 49 | -------------------------------------------------------------------------------- /examples/rsagen-test.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | 8 | import os 9 | import argparse 10 | from time import time 11 | from pathlib import Path 12 | from pyhsm.hsmclient import HsmClient 13 | from pyhsm.convert import bytes_to_hex 14 | from pyhsm.hsmenums import HsmMech 15 | 16 | 17 | def __main(): 18 | 19 | parser = argparse.ArgumentParser("rsagen-test", description="RSA key generation timed test.") 20 | parser.add_argument("-size", dest="keySize", type=int, default=2048, choices=[1024, 2048, 3072, 4096, 8192], 21 | help="Size of RSA key in bits (default: 2048)") 22 | parser.add_argument("-mech", dest="mech", type=str, default="RSA_PKCS_KEY_PAIR_GEN", 23 | choices=["RSA_PKCS_KEY_PAIR_GEN", "RSA_X9_31_KEY_PAIR_GEN"], 24 | help="RSA Key generation mechanism (algorithm) to use. " 25 | "(default: RSA_X9_31_KEY_PAIR_GEN") 26 | parser.add_argument("-ops", dest="ops", type=int, default=10, 27 | help="Number of key generation operations (default: 10)") 28 | parser.add_argument("-persist", dest="persist", action="store_true", help="Persist keys on the partition" 29 | "and do not remove them after the session closes.") 30 | parser.add_argument("-p11", dest="module", required=True, 31 | help="Full path to HSM's PKCS#11 shared library.") 32 | parser.add_argument("-slot", dest="slot", type=int, required=True, help="HSM slot number.") 33 | parser.add_argument("-pin", dest="pin", type=str, required=True, help="HSM slot partition or pin.") 34 | parser.set_defaults(func=__menu_handler) 35 | args = parser.parse_args() 36 | args.func(args) 37 | 38 | 39 | def __menu_handler(args): 40 | 41 | if not Path(args.module).is_file(): 42 | print("(-p11) path does not exist") 43 | exit() 44 | 45 | print("starting test...") 46 | 47 | with HsmClient(slot=args.slot, pin=args.pin, pkcs11_lib=args.module) as c: 48 | # get start time 49 | t0 = time() 50 | try: 51 | for i in range(1, args.ops + 1): 52 | unique_tag = bytes_to_hex(os.urandom(4)) 53 | c.create_rsa_key_pair(public_key_label="RSA_PUB_TEST_KEY_{}".format(unique_tag), 54 | private_key_label="RSA_PVT_TEST_KEY_{}".format(unique_tag), 55 | mechanism=HsmMech[args.mech], 56 | key_length=args.keySize, 57 | token=args.persist, 58 | sign_verify=True, 59 | encrypt_decrypt=False, 60 | wrap_unwrap=False, 61 | public_private=False) 62 | 63 | except KeyboardInterrupt: 64 | print("interrupted") 65 | # get stop time 66 | t1 = time() 67 | 68 | print("end test") 69 | 70 | elapsed = t1 - t0 71 | total_ops = args.ops 72 | print("\n-------------------------------------") 73 | print("RESULTS") 74 | print("-------------------------------------") 75 | print("test: rsagen-test") 76 | print("key_size: {}".format(args.keySize)) 77 | print("total_ops: {}".format(total_ops)) 78 | print("elapsed_time_ms: " + str(round(elapsed * 1000, 4))) 79 | print("ops/sec: " + str(round(total_ops / elapsed, 2))) 80 | print("-------------------------------------\n") 81 | 82 | 83 | if __name__ == '__main__': 84 | __main() 85 | -------------------------------------------------------------------------------- /examples/rsasign-test.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | 8 | import os 9 | import argparse 10 | from time import time 11 | from pathlib import Path 12 | from pyhsm.hsmclient import HsmClient 13 | from pyhsm.convert import bytes_to_hex 14 | from pyhsm.hsmenums import HsmMech 15 | 16 | 17 | def __main(): 18 | 19 | parser = argparse.ArgumentParser("rsasign-test", description="RSA signing timed test.") 20 | parser.add_argument("-smech", "--sign-mech", dest="signMech", type=str, default="SHA1_RSA_PKCS", 21 | choices=[ 22 | "RSA_X_509", 23 | "RSA_PKCS", 24 | "SHA1_RSA_PKCS", 25 | "SHA256_RSA_PKCS", 26 | "SHA384_RSA_PKCS", 27 | "SHA512_RSA_PKCS", 28 | "SHA1_RSA_PKCS_PSS", 29 | ], 30 | help="RSA signing mechanism (algorithm) to use. (default: SHA1_RSA_PKCS)") 31 | parser.add_argument("-size", dest="keySize", type=int, default=2048, choices=[1024, 2048, 3072, 4096, 8192], 32 | help="Size of RSA key in bits (default: 2048)") 33 | parser.add_argument("-gmech", "--gen-mech", dest="genMech", type=str, default="RSA_PKCS_KEY_PAIR_GEN", 34 | choices=["RSA_PKCS_KEY_PAIR_GEN", "RSA_X9_31_KEY_PAIR_GEN"], 35 | help="RSA Key generation mechanism (algorithm) to use. " 36 | "(default: RSA_X9_31_KEY_PAIR_GEN") 37 | parser.add_argument("-pss-length", dest="pssSaltLength", type=int, default=10, required=False, 38 | help="PSS salt value length. Only used when mech is an PSS algorithm. (default: 10)") 39 | parser.add_argument("-ops", dest="ops", type=int, default=100, 40 | help="Number of signing operations (default: 100)") 41 | parser.add_argument("-dz", "--data-size", dest="dataSize", type=int, default=100, 42 | help="Size (in bytes) of random test data to sign. (default: 100)") 43 | parser.add_argument("-p11", dest="module", required=True, 44 | help="Full path to HSM's PKCS#11 shared library.") 45 | parser.add_argument("-slot", dest="slot", type=int, required=True, help="HSM slot number.") 46 | parser.add_argument("-pin", dest="pin", type=str, required=True, help="HSM slot partition or pin.") 47 | parser.set_defaults(func=__menu_handler) 48 | args = parser.parse_args() 49 | args.func(args) 50 | 51 | 52 | def __menu_handler(args): 53 | 54 | if not Path(args.module).is_file(): 55 | print("(-p11) path does not exist") 56 | exit() 57 | 58 | print("starting test...") 59 | 60 | with HsmClient(slot=args.slot, pin=args.pin, pkcs11_lib=args.module) as c: 61 | 62 | unique_tag = bytes_to_hex(os.urandom(4)) 63 | key_handles = c.create_rsa_key_pair(public_key_label="RSA_PUB_TEST_KEY_{}".format(unique_tag), 64 | private_key_label="RSA_PVT_TEST_KEY_{}".format(unique_tag), 65 | mechanism=HsmMech[args.genMech], 66 | key_length=args.keySize, 67 | token=False, 68 | sign_verify=True, 69 | encrypt_decrypt=False, 70 | wrap_unwrap=False, 71 | public_private=False) 72 | 73 | pvt_h = key_handles[1] 74 | data = os.urandom(args.dataSize) 75 | 76 | # get start time 77 | t0 = time() 78 | try: 79 | for i in range(1, args.ops + 1): 80 | 81 | c.sign(handle=pvt_h, 82 | data=data, 83 | mechanism=HsmMech[args.signMech], 84 | pss_salt_length=args.pssSaltLength) 85 | 86 | except KeyboardInterrupt: 87 | print("interrupted") 88 | 89 | # get stop time 90 | t1 = time() 91 | 92 | print("end test") 93 | 94 | elapsed = t1 - t0 95 | total_ops = args.ops 96 | print("\n-------------------------------------") 97 | print("RESULTS") 98 | print("-------------------------------------") 99 | print("test: rsasign-test") 100 | print("key_size: {}".format(args.keySize)) 101 | print("sign_mech: {}".format(args.signMech)) 102 | print("gen_mech: {}".format(args.genMech)) 103 | print("total_ops: {}".format(total_ops)) 104 | print("elapsed_time_ms: " + str(round(elapsed * 1000, 4))) 105 | print("ops/sec: " + str(round(total_ops / elapsed, 2))) 106 | print("-------------------------------------\n") 107 | 108 | 109 | if __name__ == '__main__': 110 | __main() 111 | -------------------------------------------------------------------------------- /examples/sign.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | 8 | import argparse 9 | from pathlib import Path 10 | from pyhsm.hsmclient import HsmClient 11 | from pyhsm.convert import hex_to_bytes 12 | from pyhsm.convert import bytes_to_hex 13 | from pyhsm.hsmenums import HsmMech 14 | 15 | 16 | def __main(): 17 | 18 | parser = argparse.ArgumentParser("sign", description="Sign with cryptographic key.") 19 | parser.add_argument("-handle", dest="keyHandle", default=0, type=int, required=True, 20 | help="Handle of key.") 21 | parser.add_argument("-mech", dest="mech", type=str, required=True, 22 | choices=[ 23 | "RSA_X_509", 24 | "RSA_PKCS", 25 | "SHA1_RSA_PKCS", 26 | "SHA256_RSA_PKCS", 27 | "SHA384_RSA_PKCS", 28 | "SHA512_RSA_PKCS", 29 | "SHA1_RSA_PKCS_PSS", 30 | "ECDSA_SHA1", 31 | "ECDSA_SHA224", 32 | "ECDSA_SHA256", 33 | "ECDSA_SHA384", 34 | "ECDSA_SHA512", 35 | "CA_LUNA_ECDSA_SHA224", 36 | "CA_LUNA_ECDSA_SHA256", 37 | "CA_LUNA_ECDSA_SHA384", 38 | "CA_LUNA_ECDSA_SHA512", 39 | "AES_MAC", 40 | "AES_MAC_GENERAL" 41 | ], 42 | help="Signing mechanism (algorithm) to use.") 43 | parser.add_argument("-data", dest="data", type=str, required=True, 44 | help="Binary data to sign as a hex encoded string. Example: 000A0B0C0D010203") 45 | parser.add_argument("-pss-length", dest="pssSaltLength", type=int, default=None, required=False, 46 | help="PSS salt value length. Only used when mech is an PSS algorithm.") 47 | parser.add_argument("-p11", dest="module", required=True, 48 | help="Full path to HSM's PKCS#11 shared library.") 49 | parser.add_argument("-slot", dest="slot", type=int, required=True, help="HSM slot number.") 50 | parser.add_argument("-pin", dest="pin", type=str, required=True, help="HSM slot partition or pin.") 51 | parser.set_defaults(func=__menu_handler) 52 | args = parser.parse_args() 53 | args.func(args) 54 | 55 | 56 | def __menu_handler(args): 57 | 58 | if not Path(args.module).is_file(): 59 | print("(-p11) path does not exist") 60 | exit() 61 | 62 | # test to see if the user provided a pss salt length for a PSS algorithm 63 | if "PSS" in args.mech and args.pssSaltLength is None: 64 | print("-pss-length must be provided when a PSS mechanism is specified") 65 | return 66 | else: 67 | if args.pssSaltLength is None: 68 | args.pssSaltLength = 0 69 | 70 | with HsmClient(slot=args.slot, pin=args.pin, pkcs11_lib=args.module) as c: 71 | 72 | sig = c.sign(handle=args.keyHandle, 73 | data=hex_to_bytes(args.data), 74 | mechanism=HsmMech[args.mech], 75 | pss_salt_length=args.pssSaltLength) 76 | 77 | print(bytes_to_hex(sig)) 78 | 79 | 80 | if __name__ == '__main__': 81 | __main() 82 | -------------------------------------------------------------------------------- /examples/verify.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | 8 | import argparse 9 | from pathlib import Path 10 | from pyhsm.hsmclient import HsmClient 11 | from pyhsm.convert import hex_to_bytes 12 | from pyhsm.hsmenums import HsmMech 13 | 14 | 15 | def __main(): 16 | 17 | parser = argparse.ArgumentParser("verify", description="Verify with cryptographic key.") 18 | parser.add_argument("-handle", dest="keyHandle", default=0, type=int, required=True, 19 | help="Handle of key.") 20 | parser.add_argument("-mech", dest="mech", type=str, required=True, 21 | choices=[ 22 | "RSA_X_509", 23 | "RSA_PKCS", 24 | "SHA1_RSA_PKCS", 25 | "SHA256_RSA_PKCS", 26 | "SHA384_RSA_PKCS", 27 | "SHA512_RSA_PKCS", 28 | "SHA1_RSA_PKCS_PSS", 29 | "ECDSA_SHA1", 30 | "ECDSA_SHA224", 31 | "ECDSA_SHA256", 32 | "ECDSA_SHA384", 33 | "ECDSA_SHA512", 34 | "CA_LUNA_ECDSA_SHA224", 35 | "CA_LUNA_ECDSA_SHA256", 36 | "CA_LUNA_ECDSA_SHA384", 37 | "CA_LUNA_ECDSA_SHA512", 38 | "AES_MAC", 39 | "AES_MAC_GENERAL" 40 | ], 41 | help="Signing mechanism (algorithm) to use.") 42 | parser.add_argument("-data", dest="data", type=str, required=True, 43 | help="Binary data to sign as a hex encoded string. Example: 000A0B0C0D010203") 44 | parser.add_argument("-pss-length", dest="pssSaltLength", type=int, default=None, required=False, 45 | help="PSS salt value length. Only used when mech is an PSS algorithm.") 46 | parser.add_argument("-sig", dest="sig", type=str, required=True, 47 | help="Binary signature as a hex encoded string.") 48 | parser.add_argument("-p11", dest="module", required=True, 49 | help="Full path to HSM's PKCS#11 shared library.") 50 | parser.add_argument("-slot", dest="slot", type=int, required=True, help="HSM slot number.") 51 | parser.add_argument("-pin", dest="pin", type=str, required=True, help="HSM slot partition or pin.") 52 | parser.set_defaults(func=__menu_handler) 53 | args = parser.parse_args() 54 | args.func(args) 55 | 56 | 57 | def __menu_handler(args): 58 | 59 | if not Path(args.module).is_file(): 60 | print("(-p11) path does not exist") 61 | exit() 62 | 63 | # test to see if the user provided a pss salt length for a PSS algorithm 64 | if "PSS" in args.mech and args.pssSaltLength is None: 65 | print("-pss-length must be provided when a PSS mechanism is specified") 66 | return 67 | else: 68 | if args.pssSaltLength is None: 69 | args.pssSaltLength = 0 70 | 71 | with HsmClient(slot=args.slot, pin=args.pin, pkcs11_lib=args.module) as c: 72 | 73 | result = c.verify(handle=args.keyHandle, 74 | data=hex_to_bytes(args.data), 75 | signature=hex_to_bytes(args.sig), 76 | mechanism=HsmMech[args.mech], 77 | pss_salt_length=args.pssSaltLength) 78 | 79 | print("Sig Verify Result: {}".format(str(result))) 80 | 81 | if __name__ == '__main__': 82 | __main() 83 | -------------------------------------------------------------------------------- /pyhsm/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bentonstark/py-hsm/4cd1a9bfa20898ffbc0c0ae8b44916c969f77370/pyhsm/__init__.py -------------------------------------------------------------------------------- /pyhsm/convert.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | # convert.py 8 | # author: Benton Stark (bestark@cisco.com) 9 | # date: 11-22-2014 10 | 11 | import binascii 12 | 13 | 14 | def bytes_to_hex(b): 15 | """ 16 | Convert bytes or bytearray to hexadecimal str. 17 | 18 | Args: 19 | b: python bytes string or bytearray to convert 20 | 21 | Returns: 22 | hex-encoded representation of a binary string 23 | 24 | """ 25 | if not isinstance(b, bytes) and not isinstance(b, bytearray): 26 | raise Exception("bytes_to_hex: b must be of type bytes or bytearray") 27 | if len(b) <= 0: 28 | raise Exception("bytes_to_hex: b must contain a value") 29 | return str(binascii.hexlify(b))[2:-1] 30 | 31 | 32 | def hex_to_bytes(hex_str): 33 | """ 34 | Convert hexadecimal string to a bytes binary string 35 | 36 | Args: 37 | hex_str: hexadecimal representation of a binary string 38 | 39 | Returns: 40 | immutable python byte string 41 | 42 | """ 43 | if not isinstance(hex_str, str): 44 | raise Exception("hex_to_bytes: hex must be of type str") 45 | elif len(hex_str) == 0: 46 | return "" 47 | elif len(hex_str) <= 0: 48 | raise Exception("hex_to_bytes: hex must contain a value") 49 | return binascii.a2b_hex(hex_str) 50 | 51 | 52 | def str_to_bytes(s): 53 | """ 54 | Convert str to bytes string if needed. 55 | 56 | Args: 57 | s: string to convert 58 | 59 | Returns: python byte string if input a str otherwise s 60 | 61 | """ 62 | if isinstance(s, str): 63 | s = s.encode('ascii') 64 | return s 65 | 66 | 67 | def bytes_to_str(b): 68 | """ 69 | Convert bytes or bytearray to an ascii str. 70 | 71 | Args: 72 | b: byte string or byte array to convert 73 | 74 | Returns: python string if input is bytes or bytearray 75 | 76 | """ 77 | if not isinstance(b, bytes) and not isinstance(b, bytearray): 78 | raise Exception("bytes_to_str: b must be of type bytes or bytearray") 79 | if len(b) == 0: 80 | return "" 81 | b = b.decode('ascii') 82 | return b 83 | -------------------------------------------------------------------------------- /pyhsm/eccurveoids.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | # eccurveoids.py 8 | # author: Benton Stark (bestark@cisco.com) 9 | # date: 01-26-2015 10 | 11 | from enum import Enum 12 | 13 | 14 | class EcCurveOids(Enum): 15 | """ 16 | EC Curve Definitions by OID. It is highly recommended to use the OID definitions when specifying an EC curve. 17 | """ 18 | # SECG 19 | secp160k1 = b"\x06\x05\x2B\x81\x04\x00\x09" 20 | secp160r1 = b"\x06\x05\x2B\x81\x04\x00\x08" 21 | secp160r2 = b"\x06\x05\x2B\x81\x04\x00\x1E" 22 | sect163k1 = b"\x06\x05\x2B\x81\x04\x00\x01" 23 | sect163r1 = b"\x06\x05\x2B\x81\x04\x00\x02" 24 | sect163r2 = b"\x06\x05\x2B\x81\x04\x00\x0F" 25 | secp192k1 = b"\x06\x05\x2B\x81\x04\x00\x1F" 26 | secp192r1 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x01\x01" 27 | sect193r1 = b"\x06\x05\x2B\x81\x04\x00\x18" 28 | sect193r2 = b"\x06\x05\x2B\x81\x04\x00\x19" 29 | secp224k1 = b"\x06\x05\x2B\x81\x04\x00\x20" 30 | secp224r1 = b"\x06\x05\x2B\x81\x04\x00\x21" 31 | sect233k1 = b"\x06\x05\x2B\x81\x04\x00\x19" 32 | sect233r1 = b"\x06\x05\x2B\x81\x04\x00\x1B" 33 | sect239k1 = b"\x06\x05\x2B\x81\x04\x00\x03" 34 | secp256k1 = b"\x06\x05\x2B\x81\x04\x00\x0A" 35 | secp256r1 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x01\x07" 36 | sect283k1 = b"\x06\x05\x2B\x81\x04\x00\x10" 37 | sect283r1 = b"\x06\x05\x2B\x81\x04\x00\x11" 38 | secp384r1 = b"\x06\x05\x2B\x81\x04\x00\x22" 39 | sect409k1 = b"\x06\x05\x2B\x81\x04\x00\x24" 40 | sect409r1 = b"\x06\x05\x2B\x81\x04\x00\x25" 41 | secp521r1 = b"\x06\x05\x2B\x81\x04\x00\x23" 42 | sect571k1 = b"\x06\x05\x2B\x81\x04\x00\x26" 43 | sect571r1 = b"\x06\x05\x2B\x81\x04\x00\x27" 44 | 45 | # ANSI X9.62 46 | c2pnb163v1 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x01" 47 | c2pnb163v2 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x02" 48 | c2pnb163v3 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x03" 49 | c2tnb191v1 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x05" 50 | c2tnb191v2 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x06" 51 | c2tnb191v3 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x07" 52 | prime192v1 = secp192r1 53 | prime192v2 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x01\x02" 54 | prime192v3 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x01\x03" 55 | c2pnb208w1 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x0A" 56 | prime239v2 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x01\x05" 57 | prime239v3 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x01\x06" 58 | c2tnb239v1 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x0B" 59 | c2tnb239v2 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x0C" 60 | c2tnb239v3 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x0D" 61 | prime256v1 = secp256r1 62 | c2pnb272w1 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x10" 63 | c2pnb304w1 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x11" 64 | c2tnb359v1 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x12" 65 | c2pnb368w1 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x13" 66 | c2tnb431r1 = b"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x00\x14" 67 | 68 | # NIST (aliases for SEC curves) 69 | K163 = sect163k1 70 | B163 = sect163r2 71 | P192 = secp192r1 72 | P224 = secp224r1 73 | K233 = sect233k1 74 | B233 = sect233r1 75 | P256 = secp256r1 76 | K283 = sect283k1 77 | B283 = sect283r1 78 | P384 = secp384r1 79 | K409 = sect409k1 80 | B409 = sect409r1 81 | P512 = secp521r1 82 | K571 = sect571k1 83 | B571 = sect571r1 84 | 85 | # Brainpool 86 | brainpoolP160r1 = b"\x06\x09\x2B\x24\x03\x03\x02\x08\x01\x01\x01" 87 | brainpoolP160t1 = b"\x06\x09\x2B\x24\x03\x03\x02\x08\x01\x01\x02" 88 | brainpoolP192r1 = b"\x06\x09\x2B\x24\x03\x03\x02\x08\x01\x01\x03" 89 | brainpoolP192t1 = b"\x06\x09\x2B\x24\x03\x03\x02\x08\x01\x01\x04" 90 | brainpoolP224r1 = b"\x06\x09\x2B\x24\x03\x03\x02\x08\x01\x01\x05" 91 | brainpoolP224t1 = b"\x06\x09\x2B\x24\x03\x03\x02\x08\x01\x01\x06" 92 | brainpoolP256r1 = b"\x06\x09\x2B\x24\x03\x03\x02\x08\x01\x01\x07" 93 | brainpoolP256t1 = b"\x06\x09\x2B\x24\x03\x03\x02\x08\x01\x01\x08" 94 | brainpoolP320r1 = b"\x06\x09\x2B\x24\x03\x03\x02\x08\x01\x01\x09" 95 | brainpoolP320t1 = b"\x06\x09\x2B\x24\x03\x03\x02\x08\x01\x01\x0A" 96 | brainpoolP384r1 = b"\x06\x09\x2B\x24\x03\x03\x02\x08\x01\x01\x0B" 97 | brainpoolP384t1 = b"\x06\x09\x2B\x24\x03\x03\x02\x08\x01\x01\x0C" 98 | brainpoolP512r1 = b"\x06\x09\x2B\x24\x03\x03\x02\x08\x01\x01\x0D" 99 | brainpoolP512t1 = b"\x06\x09\x2B\x24\x03\x03\x02\x08\x01\x01\x0E" 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | -------------------------------------------------------------------------------- /pyhsm/eccurves.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | # eccurves.py 8 | # author: Benton Stark (bestark@cisco.com) 9 | # date: 01-26-2015 10 | 11 | from enum import Enum 12 | 13 | 14 | class EcCurves(Enum): 15 | """ 16 | EC Curve definitions. Some HSMs will accept the full curve definitions so they are defined in this enum. 17 | It is highly recommended to use the EC Curve OID rather than the full cure definition as provided in this enum. 18 | Whenever possible use EcCurveOids instead. 19 | """ 20 | # SECG 21 | secp112r1 = b'\x30\x81\x88\x02\x01\x01\x30\x1a\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x0f\x00\xdb\x7c\x2a\xbf\x62\xe3\x5e\x66\x80\x76\xbe\xad\x20\x8b\x30\x37\x04\x0e\xdb\x7c\x2a\xbf\x62\xe3\x5e\x66\x80\x76\xbe\xad\x20\x88\x04\x0e\x65\x9e\xf8\xba\x04\x39\x16\xee\xde\x89\x11\x70\x2b\x22\x03\x15\x00\x00\xf5\x0b\x02\x8e\x4d\x69\x6e\x67\x68\x75\x61\x51\x75\x29\x04\x72\x78\x3f\xb1\x04\x1d\x04\x09\x48\x72\x39\x99\x5a\x5e\xe7\x6b\x55\xf9\xc2\xf0\x98\xa8\x9c\xe5\xaf\x87\x24\xc0\xa2\x3e\x0e\x0f\xf7\x75\x00\x02\x0f\x00\xdb\x7c\x2a\xbf\x62\xe3\x5e\x76\x28\xdf\xac\x65\x61\xc5' 22 | secp112r2 = b'\x30\x81\x8a\x02\x01\x01\x30\x1a\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x0f\x00\xdb\x7c\x2a\xbf\x62\xe3\x5e\x66\x80\x76\xbe\xad\x20\x8b\x30\x37\x04\x0e\x61\x27\xc2\x4c\x05\xf3\x8a\x0a\xaa\xf6\x5c\x0e\xf0\x2c\x04\x0e\x51\xde\xf1\x81\x5d\xb5\xed\x74\xfc\xc3\x4c\x85\xd7\x09\x03\x15\x00\x00\x27\x57\xa1\x11\x4d\x69\x6e\x67\x68\x75\x61\x51\x75\x53\x16\xc0\x5e\x0b\xd4\x04\x1d\x04\x4b\xa3\x0a\xb5\xe8\x92\xb4\xe1\x64\x9d\xd0\x92\x86\x43\xad\xcd\x46\xf5\x88\x2e\x37\x47\xde\xf3\x6e\x95\x6e\x97\x02\x0e\x36\xdf\x0a\xaf\xd8\xb8\xd7\x59\x7c\xa1\x05\x20\xd0\x4b\x02\x01\x04' 23 | secp128r1 = b'\x30\x81\x94\x02\x01\x01\x30\x1c\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x11\x00\xff\xff\xff\xfd\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x3b\x04\x10\xff\xff\xff\xfd\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x04\x10\xe8\x75\x79\xc1\x10\x79\xf4\x3d\xd8\x24\x99\x3c\x2c\xee\x5e\xd3\x03\x15\x00\x00\x0e\x0d\x4d\x69\x6e\x67\x68\x75\x61\x51\x75\x0c\xc0\x3a\x44\x73\xd0\x36\x79\x04\x21\x04\x16\x1f\xf7\x52\x8b\x89\x9b\x2d\x0c\x28\x60\x7c\xa5\x2c\x5b\x86\xcf\x5a\xc8\x39\x5b\xaf\xeb\x13\xc0\x2d\xa2\x92\xdd\xed\x7a\x83\x02\x11\x00\xff\xff\xff\xfe\x00\x00\x00\x00\x75\xa3\x0d\x1b\x90\x38\xa1\x15' 24 | secp128r2 = b'\x30\x81\x96\x02\x01\x01\x30\x1c\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x11\x00\xff\xff\xff\xfd\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x3b\x04\x10\xd6\x03\x19\x98\xd1\xb3\xbb\xfe\xbf\x59\xcc\x9b\xbf\xf9\xae\xe1\x04\x10\x5e\xee\xfc\xa3\x80\xd0\x29\x19\xdc\x2c\x65\x58\xbb\x6d\x8a\x5d\x03\x15\x00\x00\x4d\x69\x6e\x67\x68\x75\x61\x51\x75\x12\xd8\xf0\x34\x31\xfc\xe6\x3b\x88\xf4\x04\x21\x04\x7b\x6a\xa5\xd8\x5e\x57\x29\x83\xe6\xfb\x32\xa7\xcd\xeb\xc1\x40\x27\xb6\x91\x6a\x89\x4d\x3a\xee\x71\x06\xfe\x80\x5f\xc3\x4b\x44\x02\x10\x3f\xff\xff\xff\x7f\xff\xff\xff\xbe\x00\x24\x72\x06\x13\xb5\xa3\x02\x01\x04' 25 | secp160k1 = b'\x30\x81\x95\x02\x01\x01\x30\x20\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x15\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xac\x73\x30\x2c\x04\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x04\x29\x04\x3b\x4c\x38\x2c\xe3\x7a\xa1\x92\xa4\x01\x9e\x76\x30\x36\xf4\xf5\xdd\x4d\x7e\xbb\x93\x8c\xf9\x35\x31\x8f\xdc\xed\x6b\xc2\x82\x86\x53\x17\x33\xc3\xf0\x3c\x4f\xee\x02\x15\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xb8\xfa\x16\xdf\xab\x9a\xca\x16\xb6\xb3' 26 | secp160r1 = b'\x30\x81\xac\x02\x01\x01\x30\x20\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x15\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xff\x30\x43\x04\x14\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xfc\x04\x14\x1c\x97\xbe\xfc\x54\xbd\x7a\x8b\x65\xac\xf8\x9f\x81\xd4\xd4\xad\xc5\x65\xfa\x45\x03\x15\x00\x10\x53\xcd\xe4\x2c\x14\xd6\x96\xe6\x76\x87\x56\x15\x17\x53\x3b\xf3\xf8\x33\x45\x04\x29\x04\x4a\x96\xb5\x68\x8e\xf5\x73\x28\x46\x64\x69\x89\x68\xc3\x8b\xb9\x13\xcb\xfc\x82\x23\xa6\x28\x55\x31\x68\x94\x7d\x59\xdc\xc9\x12\x04\x23\x51\x37\x7a\xc5\xfb\x32\x02\x15\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xf4\xc8\xf9\x27\xae\xd3\xca\x75\x22\x57' 27 | secp160r2 = b'\x30\x81\xac\x02\x01\x01\x30\x20\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x15\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xac\x73\x30\x43\x04\x14\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xac\x70\x04\x14\xb4\xe1\x34\xd3\xfb\x59\xeb\x8b\xab\x57\x27\x49\x04\x66\x4d\x5a\xf5\x03\x88\xba\x03\x15\x00\xb9\x9b\x99\xb0\x99\xb3\x23\xe0\x27\x09\xa4\xd6\x96\xe6\x76\x87\x56\x15\x17\x51\x04\x29\x04\x52\xdc\xb0\x34\x29\x3a\x11\x7e\x1f\x4f\xf1\x1b\x30\xf7\x19\x9d\x31\x44\xce\x6d\xfe\xaf\xfe\xf2\xe3\x31\xf2\x96\xe0\x71\xfa\x0d\xf9\x98\x2c\xfe\xa7\xd4\x3f\x2e\x02\x15\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x1e\xe7\x86\xa8\x18\xf3\xa1\xa1\x6b' 28 | secp192k1 = b'\x30\x81\xad\x02\x01\x01\x30\x24\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x19\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xee\x37\x30\x34\x04\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x04\x31\x04\xdb\x4f\xf1\x0e\xc0\x57\xe9\xae\x26\xb0\x7d\x02\x80\xb7\xf4\x34\x1d\xa5\xd1\xb1\xea\xe0\x6c\x7d\x9b\x2f\x2f\x6d\x9c\x56\x28\xa7\x84\x41\x63\xd0\x15\xbe\x86\x34\x40\x82\xaa\x88\xd9\x5e\x2f\x9d\x02\x19\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x26\xf2\xfc\x17\x0f\x69\x46\x6a\x74\xde\xfd\x8d' 29 | secp192r1 = b'\x30\x81\xc4\x02\x01\x01\x30\x24\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x19\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff\xff\xff\xff\xff\xff\x30\x4b\x04\x18\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff\xff\xff\xff\xff\xfc\x04\x18\x64\x21\x05\x19\xe5\x9c\x80\xe7\x0f\xa7\xe9\xab\x72\x24\x30\x49\xfe\xb8\xde\xec\xc1\x46\xb9\xb1\x03\x15\x00\x30\x45\xae\x6f\xc8\x42\x2f\x64\xed\x57\x95\x28\xd3\x81\x20\xea\xe1\x21\x96\xd5\x04\x31\x04\x18\x8d\xa8\x0e\xb0\x30\x90\xf6\x7c\xbf\x20\xeb\x43\xa1\x88\x00\xf4\xff\x0a\xfd\x82\xff\x10\x12\x07\x19\x2b\x95\xff\xc8\xda\x78\x63\x10\x11\xed\x6b\x24\xcd\xd5\x73\xf9\x77\xa1\x1e\x79\x48\x11\x02\x19\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x99\xde\xf8\x36\x14\x6b\xc9\xb1\xb4\xd2\x28\x31' 30 | secp224k1 = b'\x30\x81\xc5\x02\x01\x01\x30\x28\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x1d\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xe5\x6d\x30\x3c\x04\x1c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x1c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x04\x39\x04\xa1\x45\x5b\x33\x4d\xf0\x99\xdf\x30\xfc\x28\xa1\x69\xa4\x67\xe9\xe4\x70\x75\xa9\x0f\x7e\x65\x0e\xb6\xb7\xa4\x5c\x7e\x08\x9f\xed\x7f\xba\x34\x42\x82\xca\xfb\xd6\xf7\xe3\x19\xf7\xc0\xb0\xbd\x59\xe2\xca\x4b\xdb\x55\x6d\x61\xa5\x02\x1d\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xdc\xe8\xd2\xec\x61\x84\xca\xf0\xa9\x71\x76\x9f\xb1\xf7' 31 | secp224r1 = b'\x30\x81\xdc\x02\x01\x01\x30\x28\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x1d\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x30\x53\x04\x1c\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x04\x1c\xb4\x05\x0a\x85\x0c\x04\xb3\xab\xf5\x41\x32\x56\x50\x44\xb0\xb7\xd7\xbf\xd8\xba\x27\x0b\x39\x43\x23\x55\xff\xb4\x03\x15\x00\xbd\x71\x34\x47\x99\xd5\xc7\xfc\xdc\x45\xb5\x9f\xa3\xb9\xab\x8f\x6a\x94\x8b\xc5\x04\x39\x04\xb7\x0e\x0c\xbd\x6b\xb4\xbf\x7f\x32\x13\x90\xb9\x4a\x03\xc1\xd3\x56\xc2\x11\x22\x34\x32\x80\xd6\x11\x5c\x1d\x21\xbd\x37\x63\x88\xb5\xf7\x23\xfb\x4c\x22\xdf\xe6\xcd\x43\x75\xa0\x5a\x07\x47\x64\x44\xd5\x81\x99\x85\x00\x7e\x34\x02\x1d\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x16\xa2\xe0\xb8\xf0\x3e\x13\xdd\x29\x45\x5c\x5c\x2a\x3d' 32 | secp256k1 = b'\x30\x81\xdd\x02\x01\x01\x30\x2c\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x21\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xfc\x2f\x30\x44\x04\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x04\x41\x04\x79\xbe\x66\x7e\xf9\xdc\xbb\xac\x55\xa0\x62\x95\xce\x87\x0b\x07\x02\x9b\xfc\xdb\x2d\xce\x28\xd9\x59\xf2\x81\x5b\x16\xf8\x17\x98\x48\x3a\xda\x77\x26\xa3\xc4\x65\x5d\xa4\xfb\xfc\x0e\x11\x08\xa8\xfd\x17\xb4\x48\xa6\x85\x54\x19\x9c\x47\xd0\x8f\xfb\x10\xd4\xb8\x02\x21\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xba\xae\xdc\xe6\xaf\x48\xa0\x3b\xbf\xd2\x5e\x8c\xd0\x36\x41\x41' 33 | secp256r1 = b'\x30\x81\xf4\x02\x01\x01\x30\x2c\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x21\x00\xff\xff\xff\xff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x5b\x04\x20\xff\xff\xff\xff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x04\x20\x5a\xc6\x35\xd8\xaa\x3a\x93\xe7\xb3\xeb\xbd\x55\x76\x98\x86\xbc\x65\x1d\x06\xb0\xcc\x53\xb0\xf6\x3b\xce\x3c\x3e\x27\xd2\x60\x4b\x03\x15\x00\xc4\x9d\x36\x08\x86\xe7\x04\x93\x6a\x66\x78\xe1\x13\x9d\x26\xb7\x81\x9f\x7e\x90\x04\x41\x04\x6b\x17\xd1\xf2\xe1\x2c\x42\x47\xf8\xbc\xe6\xe5\x63\xa4\x40\xf2\x77\x03\x7d\x81\x2d\xeb\x33\xa0\xf4\xa1\x39\x45\xd8\x98\xc2\x96\x4f\xe3\x42\xe2\xfe\x1a\x7f\x9b\x8e\xe7\xeb\x4a\x7c\x0f\x9e\x16\x2b\xce\x33\x57\x6b\x31\x5e\xce\xcb\xb6\x40\x68\x37\xbf\x51\xf5\x02\x21\x00\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xbc\xe6\xfa\xad\xa7\x17\x9e\x84\xf3\xb9\xca\xc2\xfc\x63\x25\x51' 34 | secp384r1 = b'\x30\x82\x01\x54\x02\x01\x01\x30\x3c\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x31\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x7b\x04\x30\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfc\x04\x30\xb3\x31\x2f\xa7\xe2\x3e\xe7\xe4\x98\x8e\x05\x6b\xe3\xf8\x2d\x19\x18\x1d\x9c\x6e\xfe\x81\x41\x12\x03\x14\x08\x8f\x50\x13\x87\x5a\xc6\x56\x39\x8d\x8a\x2e\xd1\x9d\x2a\x85\xc8\xed\xd3\xec\x2a\xef\x03\x15\x00\xa3\x35\x92\x6a\xa3\x19\xa2\x7a\x1d\x00\x89\x6a\x67\x73\xa4\x82\x7a\xcd\xac\x73\x04\x61\x04\xaa\x87\xca\x22\xbe\x8b\x05\x37\x8e\xb1\xc7\x1e\xf3\x20\xad\x74\x6e\x1d\x3b\x62\x8b\xa7\x9b\x98\x59\xf7\x41\xe0\x82\x54\x2a\x38\x55\x02\xf2\x5d\xbf\x55\x29\x6c\x3a\x54\x5e\x38\x72\x76\x0a\xb7\x36\x17\xde\x4a\x96\x26\x2c\x6f\x5d\x9e\x98\xbf\x92\x92\xdc\x29\xf8\xf4\x1d\xbd\x28\x9a\x14\x7c\xe9\xda\x31\x13\xb5\xf0\xb8\xc0\x0a\x60\xb1\xce\x1d\x7e\x81\x9d\x7a\x43\x1d\x7c\x90\xea\x0e\x5f\x02\x31\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc7\x63\x4d\x81\xf4\x37\x2d\xdf\x58\x1a\x0d\xb2\x48\xb0\xa7\x7a\xec\xec\x19\x6a\xcc\xc5\x29\x73' 35 | secp521r1 = b'\x30\x82\x01\xc0\x02\x01\x01\x30\x4d\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x42\x01\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x81\x9f\x04\x42\x01\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x04\x42\x00\x51\x95\x3e\xb9\x61\x8e\x1c\x9a\x1f\x92\x9a\x21\xa0\xb6\x85\x40\xee\xa2\xda\x72\x5b\x99\xb3\x15\xf3\xb8\xb4\x89\x91\x8e\xf1\x09\xe1\x56\x19\x39\x51\xec\x7e\x93\x7b\x16\x52\xc0\xbd\x3b\xb1\xbf\x07\x35\x73\xdf\x88\x3d\x2c\x34\xf1\xef\x45\x1f\xd4\x6b\x50\x3f\x00\x03\x15\x00\xd0\x9e\x88\x00\x29\x1c\xb8\x53\x96\xcc\x67\x17\x39\x32\x84\xaa\xa0\xda\x64\xba\x04\x81\x85\x04\x00\xc6\x85\x8e\x06\xb7\x04\x04\xe9\xcd\x9e\x3e\xcb\x66\x23\x95\xb4\x42\x9c\x64\x81\x39\x05\x3f\xb5\x21\xf8\x28\xaf\x60\x6b\x4d\x3d\xba\xa1\x4b\x5e\x77\xef\xe7\x59\x28\xfe\x1d\xc1\x27\xa2\xff\xa8\xde\x33\x48\xb3\xc1\x85\x6a\x42\x9b\xf9\x7e\x7e\x31\xc2\xe5\xbd\x66\x01\x18\x39\x29\x6a\x78\x9a\x3b\xc0\x04\x5c\x8a\x5f\xb4\x2c\x7d\x1b\xd9\x98\xf5\x44\x49\x57\x9b\x44\x68\x17\xaf\xbd\x17\x27\x3e\x66\x2c\x97\xee\x72\x99\x5e\xf4\x26\x40\xc5\x50\xb9\x01\x3f\xad\x07\x61\x35\x3c\x70\x86\xa2\x72\xc2\x40\x88\xbe\x94\x76\x9f\xd1\x66\x50\x02\x42\x01\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfa\x51\x86\x87\x83\xbf\x2f\x96\x6b\x7f\xcc\x01\x48\xf7\x09\xa5\xd0\x3b\xb5\xc9\xb8\x89\x9c\x47\xae\xbb\x6f\xb7\x1e\x91\x38\x64\x09' 36 | sect113r1 = b'\x30\x81\x91\x02\x01\x01\x30\x1c\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x11\x02\x01\x71\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x09\x30\x39\x04\x0f\x00\x30\x88\x25\x0c\xa6\xe7\xc7\xfe\x64\x9c\xe8\x58\x20\xf7\x04\x0f\x00\xe8\xbe\xe4\xd3\xe2\x26\x07\x44\x18\x8b\xe0\xe9\xc7\x23\x03\x15\x00\x10\xe7\x23\xab\x14\xd6\x96\xe6\x76\x87\x56\x15\x17\x56\xfe\xbf\x8f\xcb\x49\xa9\x04\x1f\x04\x00\x9d\x73\x61\x6f\x35\xf4\xab\x14\x07\xd7\x35\x62\xc1\x0f\x00\xa5\x28\x30\x27\x79\x58\xee\x84\xd1\x31\x5e\xd3\x18\x86\x02\x0f\x01\x00\x00\x00\x00\x00\x00\x00\xd9\xcc\xec\x8a\x39\xe5\x6f\x02\x01\x02' 37 | sect113r2 = b'\x30\x81\x91\x02\x01\x01\x30\x1c\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x11\x02\x01\x71\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x09\x30\x39\x04\x0f\x00\x68\x99\x18\xdb\xec\x7e\x5a\x0d\xd6\xdf\xc0\xaa\x55\xc7\x04\x0f\x00\x95\xe9\xa9\xec\x9b\x29\x7b\xd4\xbf\x36\xe0\x59\x18\x4f\x03\x15\x00\x10\xc0\xfb\x15\x76\x08\x60\xde\xf1\xee\xf4\xd6\x96\xe6\x76\x87\x56\x15\x17\x5d\x04\x1f\x04\x01\xa5\x7a\x6a\x7b\x26\xca\x5e\xf5\x2f\xcd\xb8\x16\x47\x97\x00\xb3\xad\xc9\x4e\xd1\xfe\x67\x4c\x06\xe6\x95\xba\xba\x1d\x02\x0f\x01\x00\x00\x00\x00\x00\x00\x01\x08\x78\x9b\x24\x96\xaf\x93\x02\x01\x02' 38 | sect131r1 = b'\x30\x81\xa4\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x00\x83\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x02\x02\x01\x03\x02\x01\x08\x30\x3d\x04\x11\x07\xa1\x1b\x09\xa7\x6b\x56\x21\x44\x41\x8f\xf3\xff\x8c\x25\x70\xb8\x04\x11\x02\x17\xc0\x56\x10\x88\x4b\x63\xb9\xc6\xc7\x29\x16\x78\xf9\xd3\x41\x03\x15\x00\x4d\x69\x6e\x67\x68\x75\x61\x51\x75\x98\x5b\xd3\xad\xba\xda\x21\xb4\x3a\x97\xe2\x04\x23\x04\x00\x81\xba\xf9\x1f\xdf\x98\x33\xc4\x0f\x9c\x18\x13\x43\x63\x83\x99\x07\x8c\x6e\x7e\xa3\x8c\x00\x1f\x73\xc8\x13\x4b\x1b\x4e\xf9\xe1\x50\x02\x11\x04\x00\x00\x00\x00\x00\x00\x00\x02\x31\x23\x95\x3a\x94\x64\xb5\x4d\x02\x01\x02' 39 | sect131r2 = b'\x30\x81\xa4\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x00\x83\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x02\x02\x01\x03\x02\x01\x08\x30\x3d\x04\x11\x03\xe5\xa8\x89\x19\xd7\xca\xfc\xbf\x41\x5f\x07\xc2\x17\x65\x73\xb2\x04\x11\x04\xb8\x26\x6a\x46\xc5\x56\x57\xac\x73\x4c\xe3\x8f\x01\x8f\x21\x92\x03\x15\x00\x98\x5b\xd3\xad\xba\xd4\xd6\x96\xe6\x76\x87\x56\x15\x17\x5a\x21\xb4\x3a\x97\xe3\x04\x23\x04\x03\x56\xdc\xd8\xf2\xf9\x50\x31\xad\x65\x2d\x23\x95\x1b\xb3\x66\xa8\x06\x48\xf0\x6d\x86\x79\x40\xa5\x36\x6d\x9e\x26\x5d\xe9\xeb\x24\x0f\x02\x11\x04\x00\x00\x00\x00\x00\x00\x00\x01\x69\x54\xa2\x33\x04\x9b\xa9\x8f\x02\x01\x02' 40 | sect163k1 = b'\x30\x81\xa1\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x00\xa3\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x03\x02\x01\x06\x02\x01\x07\x30\x2e\x04\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x2b\x04\x02\xfe\x13\xc0\x53\x7b\xbc\x11\xac\xaa\x07\xd7\x93\xde\x4e\x6d\x5e\x5c\x94\xee\xe8\x02\x89\x07\x0f\xb0\x5d\x38\xff\x58\x32\x1f\x2e\x80\x05\x36\xd5\x38\xcc\xda\xa3\xd9\x02\x15\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x01\x08\xa2\xe0\xcc\x0d\x99\xf8\xa5\xef\x02\x01\x02' 41 | sect163r1 = b'\x30\x81\xb8\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x00\xa3\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x03\x02\x01\x06\x02\x01\x07\x30\x45\x04\x15\x07\xb6\x88\x2c\xaa\xef\xa8\x4f\x95\x54\xff\x84\x28\xbd\x88\xe2\x46\xd2\x78\x2a\xe2\x04\x15\x07\x13\x61\x2d\xcd\xdc\xb4\x0a\xab\x94\x6b\xda\x29\xca\x91\xf7\x3a\xf9\x58\xaf\xd9\x03\x15\x00\x24\xb7\xb1\x37\xc8\xa1\x4d\x69\x6e\x67\x68\x75\x61\x51\x75\x6f\xd0\xda\x2e\x5c\x04\x2b\x04\x03\x69\x97\x96\x97\xab\x43\x89\x77\x89\x56\x67\x89\x56\x7f\x78\x7a\x78\x76\xa6\x54\x00\x43\x5e\xdb\x42\xef\xaf\xb2\x98\x9d\x51\xfe\xfc\xe3\xc8\x09\x88\xf4\x1f\xf8\x83\x02\x15\x03\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x48\xaa\xb6\x89\xc2\x9c\xa7\x10\x27\x9b\x02\x01\x02' 42 | sect163r2 = b'\x30\x81\xb8\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x00\xa3\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x03\x02\x01\x06\x02\x01\x07\x30\x45\x04\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x15\x02\x0a\x60\x19\x07\xb8\xc9\x53\xca\x14\x81\xeb\x10\x51\x2f\x78\x74\x4a\x32\x05\xfd\x03\x15\x00\x85\xe2\x5b\xfe\x5c\x86\x22\x6c\xdb\x12\x01\x6f\x75\x53\xf9\xd0\xe6\x93\xa2\x68\x04\x2b\x04\x03\xf0\xeb\xa1\x62\x86\xa2\xd5\x7e\xa0\x99\x11\x68\xd4\x99\x46\x37\xe8\x34\x3e\x36\x00\xd5\x1f\xbc\x6c\x71\xa0\x09\x4f\xa2\xcd\xd5\x45\xb1\x1c\x5c\x0c\x79\x73\x24\xf1\x02\x15\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x92\xfe\x77\xe7\x0c\x12\xa4\x23\x4c\x33\x02\x01\x02' 43 | sect193r1 = b'\x30\x81\xc4\x02\x01\x01\x30\x1d\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x12\x02\x02\x00\xc1\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x0f\x30\x4d\x04\x19\x00\x17\x85\x8f\xeb\x7a\x98\x97\x51\x69\xe1\x71\xf7\x7b\x40\x87\xde\x09\x8a\xc8\xa9\x11\xdf\x7b\x01\x04\x19\x00\xfd\xfb\x49\xbf\xe6\xc3\xa8\x9f\xac\xad\xaa\x7a\x1e\x5b\xbc\x7c\xc1\xc2\xe5\xd8\x31\x47\x88\x14\x03\x15\x00\x10\x3f\xae\xc7\x4d\x69\x6e\x67\x68\x75\x61\x51\x75\x77\x7f\xc5\xb1\x91\xef\x30\x04\x33\x04\x01\xf4\x81\xbc\x5f\x0f\xf8\x4a\x74\xad\x6c\xdf\x6f\xde\xf4\xbf\x61\x79\x62\x53\x72\xd8\xc0\xc5\xe1\x00\x25\xe3\x99\xf2\x90\x37\x12\xcc\xf3\xea\x9e\x3a\x1a\xd1\x7f\xb0\xb3\x20\x1b\x6a\xf7\xce\x1b\x05\x02\x19\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc7\xf3\x4a\x77\x8f\x44\x3a\xcc\x92\x0e\xba\x49\x02\x01\x02' 44 | sect193r2 = b'\x30\x81\xc4\x02\x01\x01\x30\x1d\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x12\x02\x02\x00\xc1\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x0f\x30\x4d\x04\x19\x01\x63\xf3\x5a\x51\x37\xc2\xce\x3e\xa6\xed\x86\x67\x19\x0b\x0b\xc4\x3e\xcd\x69\x97\x77\x02\x70\x9b\x04\x19\x00\xc9\xbb\x9e\x89\x27\xd4\xd6\x4c\x37\x7e\x2a\xb2\x85\x6a\x5b\x16\xe3\xef\xb7\xf6\x1d\x43\x16\xae\x03\x15\x00\x10\xb7\xb4\xd6\x96\xe6\x76\x87\x56\x15\x17\x51\x37\xc8\xa1\x6f\xd0\xda\x22\x11\x04\x33\x04\x00\xd9\xb6\x7d\x19\x2e\x03\x67\xc8\x03\xf3\x9e\x1a\x7e\x82\xca\x14\xa6\x51\x35\x0a\xae\x61\x7e\x8f\x01\xce\x94\x33\x56\x07\xc3\x04\xac\x29\xe7\xde\xfb\xd9\xca\x01\xf5\x96\xf9\x27\x22\x4c\xde\xcf\x6c\x02\x19\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x5a\xab\x56\x1b\x00\x54\x13\xcc\xd4\xee\x99\xd5\x02\x01\x02' 45 | sect233k1 = b'\x30\x81\xc6\x02\x01\x01\x30\x1d\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x12\x02\x02\x00\xe9\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x4a\x30\x40\x04\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x3d\x04\x01\x72\x32\xba\x85\x3a\x7e\x73\x1a\xf1\x29\xf2\x2f\xf4\x14\x95\x63\xa4\x19\xc2\x6b\xf5\x0a\x4c\x9d\x6e\xef\xad\x61\x26\x01\xdb\x53\x7d\xec\xe8\x19\xb7\xf7\x0f\x55\x5a\x67\xc4\x27\xa8\xcd\x9b\xf1\x8a\xeb\x9b\x56\xe0\xc1\x10\x56\xfa\xe6\xa3\x02\x1e\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x9d\x5b\xb9\x15\xbc\xd4\x6e\xfb\x1a\xd5\xf1\x73\xab\xdf\x02\x01\x04' 46 | sect233r1 = b'\x30\x81\xdd\x02\x01\x01\x30\x1d\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x12\x02\x02\x00\xe9\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x4a\x30\x57\x04\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x1e\x00\x66\x64\x7e\xde\x6c\x33\x2c\x7f\x8c\x09\x23\xbb\x58\x21\x3b\x33\x3b\x20\xe9\xce\x42\x81\xfe\x11\x5f\x7d\x8f\x90\xad\x03\x15\x00\x74\xd5\x9f\xf0\x7f\x6b\x41\x3d\x0e\xa1\x4b\x34\x4b\x20\xa2\xdb\x04\x9b\x50\xc3\x04\x3d\x04\x00\xfa\xc9\xdf\xcb\xac\x83\x13\xbb\x21\x39\xf1\xbb\x75\x5f\xef\x65\xbc\x39\x1f\x8b\x36\xf8\xf8\xeb\x73\x71\xfd\x55\x8b\x01\x00\x6a\x08\xa4\x19\x03\x35\x06\x78\xe5\x85\x28\xbe\xbf\x8a\x0b\xef\xf8\x67\xa7\xca\x36\x71\x6f\x7e\x01\xf8\x10\x52\x02\x1e\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xe9\x74\xe7\x2f\x8a\x69\x22\x03\x1d\x26\x03\xcf\xe0\xd7\x02\x01\x02' 47 | sect239k1 = b'\x30\x81\xc7\x02\x01\x01\x30\x1e\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x13\x02\x02\x00\xef\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x02\x00\x9e\x30\x40\x04\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x3d\x04\x29\xa0\xb6\xa8\x87\xa9\x83\xe9\x73\x09\x88\xa6\x87\x27\xa8\xb2\xd1\x26\xc4\x4c\xc2\xcc\x7b\x2a\x65\x55\x19\x30\x35\xdc\x76\x31\x08\x04\xf1\x2e\x54\x9b\xdb\x01\x1c\x10\x30\x89\xe7\x35\x10\xac\xb2\x75\xfc\x31\x2a\x5d\xc6\xb7\x65\x53\xf0\xca\x02\x1e\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5a\x79\xfe\xc6\x7c\xb6\xe9\x1f\x1c\x1d\xa8\x00\xe4\x78\xa5\x02\x01\x04' 48 | sect283k1 = b'\x30\x81\xec\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x01\x1b\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x05\x02\x01\x07\x02\x01\x0c\x30\x4c\x04\x24\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x24\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x49\x04\x05\x03\x21\x3f\x78\xca\x44\x88\x3f\x1a\x3b\x81\x62\xf1\x88\xe5\x53\xcd\x26\x5f\x23\xc1\x56\x7a\x16\x87\x69\x13\xb0\xc2\xac\x24\x58\x49\x28\x36\x01\xcc\xda\x38\x0f\x1c\x9e\x31\x8d\x90\xf9\x5d\x07\xe5\x42\x6f\xe8\x7e\x45\xc0\xe8\x18\x46\x98\xe4\x59\x62\x36\x4e\x34\x11\x61\x77\xdd\x22\x59\x02\x24\x01\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe9\xae\x2e\xd0\x75\x77\x26\x5d\xff\x7f\x94\x45\x1e\x06\x1e\x16\x3c\x61\x02\x01\x04' 49 | sect283r1 = b'\x30\x82\x01\x03\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x01\x1b\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x05\x02\x01\x07\x02\x01\x0c\x30\x63\x04\x24\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x24\x02\x7b\x68\x0a\xc8\xb8\x59\x6d\xa5\xa4\xaf\x8a\x19\xa0\x30\x3f\xca\x97\xfd\x76\x45\x30\x9f\xa2\xa5\x81\x48\x5a\xf6\x26\x3e\x31\x3b\x79\xa2\xf5\x03\x15\x00\x77\xe2\xb0\x73\x70\xeb\x0f\x83\x2a\x6d\xd5\xb6\x2d\xfc\x88\xcd\x06\xbb\x84\xbe\x04\x49\x04\x05\xf9\x39\x25\x8d\xb7\xdd\x90\xe1\x93\x4f\x8c\x70\xb0\xdf\xec\x2e\xed\x25\xb8\x55\x7e\xac\x9c\x80\xe2\xe1\x98\xf8\xcd\xbe\xcd\x86\xb1\x20\x53\x03\x67\x68\x54\xfe\x24\x14\x1c\xb9\x8f\xe6\xd4\xb2\x0d\x02\xb4\x51\x6f\xf7\x02\x35\x0e\xdd\xb0\x82\x67\x79\xc8\x13\xf0\xdf\x45\xbe\x81\x12\xf4\x02\x24\x03\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xef\x90\x39\x96\x60\xfc\x93\x8a\x90\x16\x5b\x04\x2a\x7c\xef\xad\xb3\x07\x02\x01\x02' 50 | sect409k1 = b'\x30\x82\x01\x33\x02\x01\x01\x30\x1d\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x12\x02\x02\x01\x99\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x57\x30\x6c\x04\x34\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x34\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x69\x04\x00\x60\xf0\x5f\x65\x8f\x49\xc1\xad\x3a\xb1\x89\x0f\x71\x84\x21\x0e\xfd\x09\x87\xe3\x07\xc8\x4c\x27\xac\xcf\xb8\xf9\xf6\x7c\xc2\xc4\x60\x18\x9e\xb5\xaa\xaa\x62\xee\x22\x2e\xb1\xb3\x55\x40\xcf\xe9\x02\x37\x46\x01\xe3\x69\x05\x0b\x7c\x4e\x42\xac\xba\x1d\xac\xbf\x04\x29\x9c\x34\x60\x78\x2f\x91\x8e\xa4\x27\xe6\x32\x51\x65\xe9\xea\x10\xe3\xda\x5f\x6c\x42\xe9\xc5\x52\x15\xaa\x9c\xa2\x7a\x58\x63\xec\x48\xd8\xe0\x28\x6b\x02\x33\x7f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x5f\x83\xb2\xd4\xea\x20\x40\x0e\xc4\x55\x7d\x5e\xd3\xe3\xe7\xca\x5b\x4b\x5c\x83\xb8\xe0\x1e\x5f\xcf\x02\x01\x04' 51 | sect409r1 = b'\x30\x82\x01\x4c\x02\x01\x01\x30\x1d\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x12\x02\x02\x01\x99\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x57\x30\x81\x83\x04\x34\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x34\x00\x21\xa5\xc2\xc8\xee\x9f\xeb\x5c\x4b\x9a\x75\x3b\x7b\x47\x6b\x7f\xd6\x42\x2e\xf1\xf3\xdd\x67\x47\x61\xfa\x99\xd6\xac\x27\xc8\xa9\xa1\x97\xb2\x72\x82\x2f\x6c\xd5\x7a\x55\xaa\x4f\x50\xae\x31\x7b\x13\x54\x5f\x03\x15\x00\x40\x99\xb5\xa4\x57\xf9\xd6\x9f\x79\x21\x3d\x09\x4c\x4b\xcd\x4d\x42\x62\x21\x0b\x04\x69\x04\x01\x5d\x48\x60\xd0\x88\xdd\xb3\x49\x6b\x0c\x60\x64\x75\x62\x60\x44\x1c\xde\x4a\xf1\x77\x1d\x4d\xb0\x1f\xfe\x5b\x34\xe5\x97\x03\xdc\x25\x5a\x86\x8a\x11\x80\x51\x56\x03\xae\xab\x60\x79\x4e\x54\xbb\x79\x96\xa7\x00\x61\xb1\xcf\xab\x6b\xe5\xf3\x2b\xbf\xa7\x83\x24\xed\x10\x6a\x76\x36\xb9\xc5\xa7\xbd\x19\x8d\x01\x58\xaa\x4f\x54\x88\xd0\x8f\x38\x51\x4f\x1f\xdf\x4b\x4f\x40\xd2\x18\x1b\x36\x81\xc3\x64\xba\x02\x73\xc7\x06\x02\x34\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe2\xaa\xd6\xa6\x12\xf3\x33\x07\xbe\x5f\xa4\x7c\x3c\x9e\x05\x2f\x83\x81\x64\xcd\x37\xd9\xa2\x11\x73\x02\x01\x02' 52 | sect571k1 = b'\x30\x82\x01\xa2\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x02\x3b\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x02\x02\x01\x05\x02\x01\x0a\x30\x81\x94\x04\x48\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x48\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x81\x91\x04\x02\x6e\xb7\xa8\x59\x92\x3f\xbc\x82\x18\x96\x31\xf8\x10\x3f\xe4\xac\x9c\xa2\x97\x00\x12\xd5\xd4\x60\x24\x80\x48\x01\x84\x1c\xa4\x43\x70\x95\x84\x93\xb2\x05\xe6\x47\xda\x30\x4d\xb4\xce\xb0\x8c\xbb\xd1\xba\x39\x49\x47\x76\xfb\x98\x8b\x47\x17\x4d\xca\x88\xc7\xe2\x94\x52\x83\xa0\x1c\x89\x72\x03\x49\xdc\x80\x7f\x4f\xbf\x37\x4f\x4a\xea\xde\x3b\xca\x95\x31\x4d\xd5\x8c\xec\x9f\x30\x7a\x54\xff\xc6\x1e\xfc\x00\x6d\x8a\x2c\x9d\x49\x79\xc0\xac\x44\xae\xa7\x4f\xbe\xbb\xb9\xf7\x72\xae\xdc\xb6\x20\xb0\x1a\x7b\xa7\xaf\x1b\x32\x04\x30\xc8\x59\x19\x84\xf6\x01\xcd\x4c\x14\x3e\xf1\xc7\xa3\x02\x48\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x18\x50\xe1\xf1\x9a\x63\xe4\xb3\x91\xa8\xdb\x91\x7f\x41\x38\xb6\x30\xd8\x4b\xe5\xd6\x39\x38\x1e\x91\xde\xb4\x5c\xfe\x77\x8f\x63\x7c\x10\x01\x02\x01\x04' 53 | sect571r1 = b'\x30\x82\x01\xb9\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x02\x3b\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x02\x02\x01\x05\x02\x01\x0a\x30\x81\xab\x04\x48\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x48\x02\xf4\x0e\x7e\x22\x21\xf2\x95\xde\x29\x71\x17\xb7\xf3\xd6\x2f\x5c\x6a\x97\xff\xcb\x8c\xef\xf1\xcd\x6b\xa8\xce\x4a\x9a\x18\xad\x84\xff\xab\xbd\x8e\xfa\x59\x33\x2b\xe7\xad\x67\x56\xa6\x6e\x29\x4a\xfd\x18\x5a\x78\xff\x12\xaa\x52\x0e\x4d\xe7\x39\xba\xca\x0c\x7f\xfe\xff\x7f\x29\x55\x72\x7a\x03\x15\x00\x2a\xa0\x58\xf7\x3a\x0e\x33\xab\x48\x6b\x0f\x61\x04\x10\xc5\x3a\x7f\x13\x23\x10\x04\x81\x91\x04\x03\x03\x00\x1d\x34\xb8\x56\x29\x6c\x16\xc0\xd4\x0d\x3c\xd7\x75\x0a\x93\xd1\xd2\x95\x5f\xa8\x0a\xa5\xf4\x0f\xc8\xdb\x7b\x2a\xbd\xbd\xe5\x39\x50\xf4\xc0\xd2\x93\xcd\xd7\x11\xa3\x5b\x67\xfb\x14\x99\xae\x60\x03\x86\x14\xf1\x39\x4a\xbf\xa3\xb4\xc8\x50\xd9\x27\xe1\xe7\x76\x9c\x8e\xec\x2d\x19\x03\x7b\xf2\x73\x42\xda\x63\x9b\x6d\xcc\xff\xfe\xb7\x3d\x69\xd7\x8c\x6c\x27\xa6\x00\x9c\xbb\xca\x19\x80\xf8\x53\x39\x21\xe8\xa6\x84\x42\x3e\x43\xba\xb0\x8a\x57\x62\x91\xaf\x8f\x46\x1b\xb2\xa8\xb3\x53\x1d\x2f\x04\x85\xc1\x9b\x16\xe2\xf1\x51\x6e\x23\xdd\x3c\x1a\x48\x27\xaf\x1b\x8a\xc1\x5b\x02\x48\x03\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe6\x61\xce\x18\xff\x55\x98\x73\x08\x05\x9b\x18\x68\x23\x85\x1e\xc7\xdd\x9c\xa1\x16\x1d\xe9\x3d\x51\x74\xd6\x6e\x83\x82\xe9\xbb\x2f\xe8\x4e\x47\x02\x01\x02' 54 | 55 | # ANSI X9.62 56 | prime192v1 = secp192r1 57 | prime192v2 = b'\x30\x81\xac\x02\x01\x01\x30\x24\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x19\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff\xff\xff\xff\xff\xff\x30\x4b\x04\x18\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff\xff\xff\xff\xff\xfc\x04\x18\xcc\x22\xd6\xdf\xb9\x5c\x6b\x25\xe4\x9c\x0d\x63\x64\xa4\xe5\x98\x0c\x39\x3a\xa2\x16\x68\xd9\x53\x03\x15\x00\x31\xa9\x2e\xe2\x02\x9f\xd1\x0d\x90\x1b\x11\x3e\x99\x07\x10\xf0\xd2\x1a\xc6\xb6\x04\x19\x03\xee\xa2\xba\xe7\xe1\x49\x78\x42\xf2\xde\x77\x69\xcf\xe9\xc9\x89\xc0\x72\xad\x69\x6f\x48\x03\x4a\x02\x19\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x5f\xb1\xa7\x24\xdc\x80\x41\x86\x48\xd8\xdd\x31' 58 | prime192v3 = b'\x30\x81\xac\x02\x01\x01\x30\x24\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x19\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff\xff\xff\xff\xff\xff\x30\x4b\x04\x18\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff\xff\xff\xff\xff\xfc\x04\x18\x22\x12\x3d\xc2\x39\x5a\x05\xca\xa7\x42\x3d\xae\xcc\xc9\x47\x60\xa7\xd4\x62\x25\x6b\xd5\x69\x16\x03\x15\x00\xc4\x69\x68\x44\x35\xde\xb3\x78\xc4\xb6\x5c\xa9\x59\x1e\x2a\x57\x63\x05\x9a\x2e\x04\x19\x02\x7d\x29\x77\x81\x00\xc6\x5a\x1d\xa1\x78\x37\x16\x58\x8d\xce\x2b\x8b\x4a\xee\x8e\x22\x8f\x18\x96\x02\x19\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7a\x62\xd0\x31\xc8\x3f\x42\x94\xf6\x40\xec\x13' 59 | prime239v1 = b'\x30\x81\xc8\x02\x01\x01\x30\x29\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x1e\x7f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x7f\xff\xff\xff\xff\xff\x30\x57\x04\x1e\x7f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x7f\xff\xff\xff\xff\xfc\x04\x1e\x6b\x01\x6c\x3b\xdc\xf1\x89\x41\xd0\xd6\x54\x92\x14\x75\xca\x71\xa9\xdb\x2f\xb2\x7d\x1d\x37\x79\x61\x85\xc2\x94\x2c\x0a\x03\x15\x00\xe4\x3b\xb4\x60\xf0\xb8\x0c\xc0\xc0\xb0\x75\x79\x8e\x94\x80\x60\xf8\x32\x1b\x7d\x04\x1f\x02\x0f\xfa\x96\x3c\xdc\xa8\x81\x6c\xcc\x33\xb8\x64\x2b\xed\xf9\x05\xc3\xd3\x58\x57\x3d\x3f\x27\xfb\xbd\x3b\x3c\xb9\xaa\xaf\x02\x1e\x7f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\x9e\x5e\x9a\x9f\x5d\x90\x71\xfb\xd1\x52\x26\x88\x90\x9d\x0b' 60 | prime239v2 = b'\x30\x81\xc8\x02\x01\x01\x30\x29\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x1e\x7f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x7f\xff\xff\xff\xff\xff\x30\x57\x04\x1e\x7f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x7f\xff\xff\xff\xff\xfc\x04\x1e\x61\x7f\xab\x68\x32\x57\x6c\xbb\xfe\xd5\x0d\x99\xf0\x24\x9c\x3f\xee\x58\xb9\x4b\xa0\x03\x8c\x7a\xe8\x4c\x8c\x83\x2f\x2c\x03\x15\x00\xe8\xb4\x01\x16\x04\x09\x53\x03\xca\x3b\x80\x99\x98\x2b\xe0\x9f\xcb\x9a\xe6\x16\x04\x1f\x02\x38\xaf\x09\xd9\x87\x27\x70\x51\x20\xc9\x21\xbb\x5e\x9e\x26\x29\x6a\x3c\xdc\xf2\xf3\x57\x57\xa0\xea\xfd\x87\xb8\x30\xe7\x02\x1e\x7f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\xcf\xa7\xe8\x59\x43\x77\xd4\x14\xc0\x38\x21\xbc\x58\x20\x63' 61 | prime239v3 = b'\x30\x81\xc8\x02\x01\x01\x30\x29\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x1e\x7f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x7f\xff\xff\xff\xff\xff\x30\x57\x04\x1e\x7f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x7f\xff\xff\xff\xff\xfc\x04\x1e\x25\x57\x05\xfa\x2a\x30\x66\x54\xb1\xf4\xcb\x03\xd6\xa7\x50\xa3\x0c\x25\x01\x02\xd4\x98\x87\x17\xd9\xba\x15\xab\x6d\x3e\x03\x15\x00\x7d\x73\x74\x16\x8f\xfe\x34\x71\xb6\x0a\x85\x76\x86\xa1\x94\x75\xd3\xbf\xa2\xff\x04\x1f\x03\x67\x68\xae\x8e\x18\xbb\x92\xcf\xcf\x00\x5c\x94\x9a\xa2\xc6\xd9\x48\x53\xd0\xe6\x60\xbb\xf8\x54\xb1\xc9\x50\x5f\xe9\x5a\x02\x1e\x7f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\x97\x5d\xeb\x41\xb3\xa6\x05\x7c\x3c\x43\x21\x46\x52\x65\x51' 62 | prime256v1 = secp256r1 63 | c2pnb163v1 = b'\x30\x81\xa3\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x00\xa3\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x01\x02\x01\x02\x02\x01\x08\x30\x45\x04\x15\x07\x25\x46\xb5\x43\x52\x34\xa4\x22\xe0\x78\x96\x75\xf4\x32\xc8\x94\x35\xde\x52\x42\x04\x15\x00\xc9\x51\x7d\x06\xd5\x24\x0d\x3c\xff\x38\xc7\x4b\x20\xb6\xcd\x4d\x6f\x9d\xd4\xd9\x03\x15\x00\xd2\xc0\xfb\x15\x76\x08\x60\xde\xf1\xee\xf4\xd6\x96\xe6\x76\x87\x56\x15\x17\x54\x04\x16\x03\x07\xaf\x69\x98\x95\x46\x10\x3d\x79\x32\x9f\xcc\x3d\x74\x88\x0f\x33\xbb\xe8\x03\xcb\x02\x15\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe6\x0f\xc8\x82\x1c\xc7\x4d\xae\xaf\xc1\x02\x01\x02' 64 | c2pnb163v2 = b'\x30\x81\x8c\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x00\xa3\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x01\x02\x01\x02\x02\x01\x08\x30\x2e\x04\x15\x01\x08\xb3\x9e\x77\xc4\xb1\x08\xbe\xd9\x81\xed\x0e\x89\x0e\x11\x7c\x51\x1c\xf0\x72\x04\x15\x06\x67\xac\xeb\x38\xaf\x4e\x48\x8c\x40\x74\x33\xff\xae\x4f\x1c\x81\x16\x38\xdf\x20\x04\x16\x03\x00\x24\x26\x6e\x4e\xb5\x10\x6d\x0a\x96\x4d\x92\xc4\x86\x0e\x26\x71\xdb\x9b\x6c\xc5\x02\x15\x03\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfd\xf6\x4d\xe1\x15\x1a\xdb\xb7\x8f\x10\xa7\x02\x01\x02' 65 | c2pnb163v3 = b'\x30\x81\x8c\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x00\xa3\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x01\x02\x01\x02\x02\x01\x08\x30\x2e\x04\x15\x07\xa5\x26\xc6\x3d\x3e\x25\xa2\x56\xa0\x07\x69\x9f\x54\x47\xe3\x2a\xe4\x56\xb5\x0e\x04\x15\x03\xf7\x06\x17\x98\xeb\x99\xe2\x38\xfd\x6f\x1b\xf9\x5b\x48\xfe\xeb\x48\x54\x25\x2b\x04\x16\x02\x02\xf9\xf8\x7b\x7c\x57\x4d\x0b\xde\xcf\x8a\x22\xe6\x52\x47\x75\xf9\x8c\xde\xbd\xcb\x02\x15\x03\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x1a\xee\x14\x0f\x11\x0a\xff\x96\x13\x09\x02\x01\x02' 66 | c2pnb176w1 = b'\x30\x81\x91\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x00\xb0\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x01\x02\x01\x02\x02\x01\x2b\x30\x30\x04\x16\xe4\xe6\xdb\x29\x95\x06\x5c\x40\x7d\x9d\x39\xb8\xd0\x96\x7b\x96\x70\x4b\xa8\xe9\xc9\x0b\x04\x16\x5d\xda\x47\x0a\xbe\x64\x14\xde\x8e\xc1\x33\xae\x28\xe9\xbb\xd7\xfc\xec\x0a\xe0\xff\xf2\x04\x17\x03\x8d\x16\xc2\x86\x67\x98\xb6\x00\xf9\xf0\x8b\xb4\xa8\xe8\x60\xf3\x29\x8c\xe0\x4a\x57\x98\x02\x15\x01\x00\x92\x53\x73\x97\xec\xa4\xf6\x14\x57\x99\xd6\x2b\x0a\x19\xce\x06\xfe\x26\xad\x02\x03\x00\xff\x6e' 67 | c2tnb191v1 = b'\x30\x81\xa7\x02\x01\x01\x30\x1d\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x12\x02\x02\x00\xbf\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x09\x30\x4b\x04\x18\x28\x66\x53\x7b\x67\x67\x52\x63\x6a\x68\xf5\x65\x54\xe1\x26\x40\x27\x6b\x64\x9e\xf7\x52\x62\x67\x04\x18\x2e\x45\xef\x57\x1f\x00\x78\x6f\x67\xb0\x08\x1b\x94\x95\xa3\xd9\x54\x62\xf5\xde\x0a\xa1\x85\xec\x03\x15\x00\x4e\x13\xca\x54\x27\x44\xd6\x96\xe6\x76\x87\x56\x15\x17\x55\x2f\x27\x9a\x8c\x84\x04\x19\x02\x36\xb3\xda\xf8\xa2\x32\x06\xf9\xc4\xf2\x99\xd7\xb2\x1a\x9c\x36\x91\x37\xf2\xc8\x4a\xe1\xaa\x0d\x02\x18\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\xa2\x0e\x90\xc3\x90\x67\xc8\x93\xbb\xb9\xa5\x02\x01\x02' 68 | c2tnb191v2 = b'\x30\x81\x90\x02\x01\x01\x30\x1d\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x12\x02\x02\x00\xbf\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x09\x30\x34\x04\x18\x40\x10\x28\x77\x4d\x77\x77\xc7\xb7\x66\x6d\x13\x66\xea\x43\x20\x71\x27\x4f\x89\xff\x01\xe7\x18\x04\x18\x06\x20\x04\x8d\x28\xbc\xbd\x03\xb6\x24\x9c\x99\x18\x2b\x7c\x8c\xd1\x97\x00\xc3\x62\xc4\x6a\x01\x04\x19\x02\x38\x09\xb2\xb7\xcc\x1b\x28\xcc\x5a\x87\x92\x6a\xad\x83\xfd\x28\x78\x9e\x81\xe2\xc9\xe3\xbf\x10\x02\x18\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x50\x50\x8c\xb8\x9f\x65\x28\x24\xe0\x6b\x81\x73\x02\x01\x04' 69 | c2tnb191v3 = b'\x30\x81\x90\x02\x01\x01\x30\x1d\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x12\x02\x02\x00\xbf\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x09\x30\x34\x04\x18\x6c\x01\x07\x47\x56\x09\x91\x22\x22\x10\x56\x91\x1c\x77\xd7\x7e\x77\xa7\x77\xe7\xe7\xe7\x7f\xcb\x04\x18\x71\xfe\x1a\xf9\x26\xcf\x84\x79\x89\xef\xef\x8d\xb4\x59\xf6\x63\x94\xd9\x0f\x32\xad\x3f\x15\xe8\x04\x19\x03\x37\x5d\x4c\xe2\x4f\xde\x43\x44\x89\xde\x87\x46\xe7\x17\x86\x01\x50\x09\xe6\x6e\x38\xa9\x26\xdd\x02\x18\x15\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x61\x0c\x0b\x19\x68\x12\xbf\xb6\x28\x8a\x3e\xa3\x02\x01\x06' 70 | c2pnb208w1 = b'\x30\x81\xa1\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x00\xd0\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x01\x02\x01\x02\x02\x01\x53\x30\x38\x04\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x1a\xc8\x61\x9e\xd4\x5a\x62\xe6\x21\x2e\x11\x60\x34\x9e\x2b\xfa\x84\x44\x39\xfa\xfc\x2a\x3f\xd1\x63\x8f\x9e\x04\x1b\x02\x89\xfd\xfb\xe4\xab\xe1\x93\xdf\x95\x59\xec\xf0\x7a\xc0\xce\x78\x55\x4e\x27\x84\xeb\x8c\x1e\xd1\xa5\x7a\x02\x19\x01\x01\xba\xf9\x5c\x97\x23\xc5\x7b\x6c\x21\xda\x2e\xff\x2d\x5e\xd5\x88\xbd\xd5\x71\x7e\x21\x2f\x9d\x02\x03\x00\xfe\x48' 71 | c2tnb239v1 = b'\x30\x81\xa8\x02\x01\x01\x30\x1d\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x12\x02\x02\x00\xef\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x24\x30\x40\x04\x1e\x32\x01\x08\x57\x07\x7c\x54\x31\x12\x3a\x46\xb8\x08\x90\x67\x56\xf5\x43\x42\x3e\x8d\x27\x87\x75\x78\x12\x57\x78\xac\x76\x04\x1e\x79\x04\x08\xf2\xee\xda\xf3\x92\xb0\x12\xed\xef\xb3\x39\x2f\x30\xf4\x32\x7c\x0c\xa3\xf3\x1f\xc3\x83\xc4\x22\xaa\x8c\x16\x04\x1f\x02\x57\x92\x70\x98\xfa\x93\x2e\x7c\x0a\x96\xd3\xfd\x5b\x70\x6e\xf7\xe5\xf5\xc1\x56\xe1\x6b\x7e\x7c\x86\x03\x85\x52\xe9\x1d\x02\x1e\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x4d\x42\xff\xe1\x49\x2a\x49\x93\xf1\xca\xd6\x66\xe4\x47\x02\x01\x04' 72 | c2tnb239v2 = b'\x30\x81\xa8\x02\x01\x01\x30\x1d\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x12\x02\x02\x00\xef\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x24\x30\x40\x04\x1e\x42\x30\x01\x77\x57\xa7\x67\xfa\xe4\x23\x98\x56\x9b\x74\x63\x25\xd4\x53\x13\xaf\x07\x66\x26\x64\x79\xb7\x56\x54\xe6\x5f\x04\x1e\x50\x37\xea\x65\x41\x96\xcf\xf0\xcd\x82\xb2\xc1\x4a\x2f\xcf\x2e\x3f\xf8\x77\x52\x85\xb5\x45\x72\x2f\x03\xea\xcd\xb7\x4b\x04\x1f\x02\x28\xf9\xd0\x4e\x90\x00\x69\xc8\xdc\x47\xa0\x85\x34\xfe\x76\xd2\xb9\x00\xb7\xd7\xef\x31\xf5\x70\x9f\x20\x0c\x4c\xa2\x05\x02\x1e\x15\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x3c\x6f\x28\x85\x25\x9c\x31\xe3\xfc\xdf\x15\x46\x24\x52\x2d\x02\x01\x06' 73 | c2tnb239v3 = b'\x30\x81\xa8\x02\x01\x01\x30\x1d\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x12\x02\x02\x00\xef\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x24\x30\x40\x04\x1e\x01\x23\x87\x74\x66\x6a\x67\x76\x6d\x66\x76\xf7\x78\xe6\x76\xb6\x69\x99\x17\x66\x66\xe6\x87\x66\x6d\x87\x66\xc6\x6a\x9f\x04\x1e\x6a\x94\x19\x77\xba\x9f\x6a\x43\x51\x99\xac\xfc\x51\x06\x7e\xd5\x87\xf5\x19\xc5\xec\xb5\x41\xb8\xe4\x41\x11\xde\x1d\x40\x04\x1f\x03\x70\xf6\xe9\xd0\x4d\x28\x9c\x4e\x89\x91\x3c\xe3\x53\x0b\xfd\xe9\x03\x97\x7d\x42\xb1\x46\xd5\x39\xbf\x1b\xde\x4e\x9c\x92\x02\x1e\x0c\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xac\x49\x12\xd2\xd9\xdf\x90\x3e\xf9\x88\x8b\x8a\x0e\x4c\xff\x02\x01\x0a' 74 | c2pnb272w1 = b'\x30\x81\xc1\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x01\x10\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x01\x02\x01\x03\x02\x01\x38\x30\x48\x04\x22\x91\xa0\x91\xf0\x3b\x5f\xba\x4a\xb2\xcc\xf4\x9c\x4e\xdd\x22\x0f\xb0\x28\x71\x2d\x42\xbe\x75\x2b\x2c\x40\x09\x4d\xba\xcd\xb5\x86\xfb\x20\x04\x22\x71\x67\xef\xc9\x2b\xb2\xe3\xce\x7c\x8a\xaa\xff\x34\xe1\x2a\x9c\x55\x70\x03\xd7\xc7\x3a\x6f\xaf\x00\x3f\x99\xf6\xcc\x84\x82\xe5\x40\xf7\x04\x23\x02\x61\x08\xba\xbb\x2c\xee\xbc\xf7\x87\x05\x8a\x05\x6c\xbe\x0c\xfe\x62\x2d\x77\x23\xa2\x89\xe0\x8a\x07\xae\x13\xef\x0d\x10\xd1\x71\xdd\x8d\x02\x21\x01\x00\xfa\xf5\x13\x54\xe0\xe3\x9e\x48\x92\xdf\x6e\x31\x9c\x72\xc8\x16\x16\x03\xfa\x45\xaa\x7b\x99\x8a\x16\x7b\x8f\x1e\x62\x95\x21\x02\x03\x00\xff\x06' 75 | c2tnb359v1 = b'\x30\x81\xe4\x02\x01\x01\x30\x1d\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x12\x02\x02\x01\x67\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x44\x30\x5e\x04\x2d\x56\x67\x67\x6a\x65\x4b\x20\x75\x4f\x35\x6e\xa9\x20\x17\xd9\x46\x56\x7c\x46\x67\x55\x56\xf1\x95\x56\xa0\x46\x16\xb5\x67\xd2\x23\xa5\xe0\x56\x56\xfb\x54\x90\x16\xa9\x66\x56\xa5\x57\x04\x2d\x24\x72\xe2\xd0\x19\x7c\x49\x36\x3f\x1f\xe7\xf5\xb6\xdb\x07\x5d\x52\xb6\x94\x7d\x13\x5d\x8c\xa4\x45\x80\x5d\x39\xbc\x34\x56\x26\x08\x96\x87\x74\x2b\x63\x29\xe7\x06\x80\x23\x19\x88\x04\x2e\x03\x3c\x25\x8e\xf3\x04\x77\x67\xe7\xed\xe0\xf1\xfd\xaa\x79\xda\xee\x38\x41\x36\x6a\x13\x2e\x16\x3a\xce\xd4\xed\x24\x01\xdf\x9c\x6b\xdc\xde\x98\xe8\xe7\x07\xc0\x7a\x22\x39\xb1\xb0\x97\x02\x2d\x01\xaf\x28\x6b\xca\x1a\xf2\x86\xbc\xa1\xaf\x28\x6b\xca\x1a\xf2\x86\xbc\xa1\xaf\x28\x6b\xc9\xfb\x8f\x6b\x85\xc5\x56\x89\x2c\x20\xa7\xeb\x96\x4f\xe7\x71\x9e\x74\xf4\x90\x75\x8d\x3b\x02\x01\x4c' 76 | c2pnb368w1 = b'\x30\x81\xf1\x02\x01\x01\x30\x25\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x1a\x02\x02\x01\x70\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x03\x30\x09\x02\x01\x01\x02\x01\x02\x02\x01\x55\x30\x60\x04\x2e\xe0\xd2\xee\x25\x09\x52\x06\xf5\xe2\xa4\xf9\xed\x22\x9f\x1f\x25\x6e\x79\xa0\xe2\xb4\x55\x97\x0d\x8d\x0d\x86\x5b\xd9\x47\x78\xc5\x76\xd6\x2f\x0a\xb7\x51\x9c\xcd\x2a\x1a\x90\x6a\xe3\x0d\x04\x2e\xfc\x12\x17\xd4\x32\x0a\x90\x45\x2c\x76\x0a\x58\xed\xcd\x30\xc8\xdd\x06\x9b\x3c\x34\x45\x38\x37\xa3\x4e\xd5\x0c\xb5\x49\x17\xe1\xc2\x11\x2d\x84\xd1\x64\xf4\x44\xf8\xf7\x47\x86\x04\x6a\x04\x2f\x02\x10\x85\xe2\x75\x53\x81\xdc\xcc\xe3\xc1\x55\x7a\xfa\x10\xc2\xf0\xc0\xc2\x82\x56\x46\xc5\xb3\x4a\x39\x4c\xbc\xfa\x8b\xc1\x6b\x22\xe7\xe7\x89\xe9\x27\xbe\x21\x6f\x02\xe1\xfb\x13\x6a\x5f\x02\x2d\x01\x00\x90\x51\x2d\xa9\xaf\x72\xb0\x83\x49\xd9\x8a\x5d\xd4\xc7\xb0\x53\x2e\xca\x51\xce\x03\xe2\xd1\x0f\x3b\x7a\xc5\x79\xbd\x87\xe9\x09\xae\x40\xa6\xf1\x31\xe9\xcf\xce\x5b\xd9\x67\x02\x03\x00\xff\x70' 77 | c2tnb431r1 = b'\x30\x82\x01\x08\x02\x01\x01\x30\x1d\x06\x07\x2a\x86\x48\xce\x3d\x01\x02\x30\x12\x02\x02\x01\xaf\x06\x09\x2a\x86\x48\xce\x3d\x01\x02\x03\x02\x02\x01\x78\x30\x70\x04\x36\x1a\x82\x7e\xf0\x0d\xd6\xfc\x0e\x23\x4c\xaf\x04\x6c\x6a\x5d\x8a\x85\x39\x5b\x23\x6c\xc4\xad\x2c\xf3\x2a\x0c\xad\xbd\xc9\xdd\xf6\x20\xb0\xeb\x99\x06\xd0\x95\x7f\x6c\x6f\xea\xcd\x61\x54\x68\xdf\x10\x4d\xe2\x96\xcd\x8f\x04\x36\x10\xd9\xb4\xa3\xd9\x04\x7d\x8b\x15\x43\x59\xab\xfb\x1b\x7f\x54\x85\xb0\x4c\xeb\x86\x82\x37\xdd\xc9\xde\xda\x98\x2a\x67\x9a\x5a\x91\x9b\x62\x6d\x4e\x50\xa8\xdd\x73\x1b\x10\x7a\x99\x62\x38\x1f\xb5\xd8\x07\xbf\x26\x18\x04\x37\x02\x12\x0f\xc0\x5d\x3c\x67\xa9\x9d\xe1\x61\xd2\xf4\x09\x26\x22\xfe\xca\x70\x1b\xe4\xf5\x0f\x47\x58\x71\x4e\x8a\x87\xbb\xf2\xa6\x58\xef\x8c\x21\xe7\xc5\xef\xe9\x65\x36\x1f\x6c\x29\x99\xc0\xc2\x47\xb0\xdb\xd7\x0c\xe6\xb7\x02\x35\x03\x40\x34\x03\x40\x34\x03\x40\x34\x03\x40\x34\x03\x40\x34\x03\x40\x34\x03\x40\x34\x03\x40\x34\x03\x40\x34\x03\x23\xc3\x13\xfa\xb5\x05\x89\x70\x3b\x5e\xc6\x8d\x35\x87\xfe\xc6\x0d\x16\x1c\xc1\x49\xc1\xad\x4a\x91\x02\x02\x27\x60' 78 | 79 | # NIST (aliases for SEC curves) 80 | K163 = sect163k1 81 | B163 = sect163r2 82 | P192 = secp192r1 83 | P224 = secp224r1 84 | K233 = sect233k1 85 | B233 = sect233r1 86 | P256 = secp256r1 87 | K283 = sect283k1 88 | B283 = sect283r1 89 | P384 = secp384r1 90 | K409 = sect409k1 91 | B409 = sect409r1 92 | P512 = secp521r1 93 | K571 = sect571k1 94 | B571 = sect571r1 95 | 96 | # Brainpool 97 | brainpoolp160r1 = b'\x30\x81\x95\x02\x01\x01\x30\x20\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x15\x00\xe9\x5e\x4a\x5f\x73\x70\x59\xdc\x60\xdf\xc7\xad\x95\xb3\xd8\x13\x95\x15\x62\x0f\x30\x2c\x04\x14\x34\x0e\x7b\xe2\xa2\x80\xeb\x74\xe2\xbe\x61\xba\xda\x74\x5d\x97\xe8\xf7\xc3\x00\x04\x14\x1e\x58\x9a\x85\x95\x42\x34\x12\x13\x4f\xaa\x2d\xbd\xec\x95\xc8\xd8\x67\x5e\x58\x04\x29\x04\xbe\xd5\xaf\x16\xea\x3f\x6a\x4f\x62\x93\x8c\x46\x31\xeb\x5a\xf7\xbd\xbc\xdb\xc3\x16\x67\xcb\x47\x7a\x1a\x8e\xc3\x38\xf9\x47\x41\x66\x9c\x97\x63\x16\xda\x63\x21\x02\x15\x00\xe9\x5e\x4a\x5f\x73\x70\x59\xdc\x60\xdf\x59\x91\xd4\x50\x29\x40\x9e\x60\xfc\x09' 98 | brainpoolp160t1 = b'\x30\x81\x95\x02\x01\x01\x30\x20\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x15\x00\xe9\x5e\x4a\x5f\x73\x70\x59\xdc\x60\xdf\xc7\xad\x95\xb3\xd8\x13\x95\x15\x62\x0f\x30\x2c\x04\x14\xe9\x5e\x4a\x5f\x73\x70\x59\xdc\x60\xdf\xc7\xad\x95\xb3\xd8\x13\x95\x15\x62\x0c\x04\x14\x7a\x55\x6b\x6d\xae\x53\x5b\x7b\x51\xed\x2c\x4d\x7d\xaa\x7a\x0b\x5c\x55\xf3\x80\x04\x29\x04\xb1\x99\xb1\x3b\x9b\x34\xef\xc1\x39\x7e\x64\xba\xeb\x05\xac\xc2\x65\xff\x23\x78\xad\xd6\x71\x8b\x7c\x7c\x19\x61\xf0\x99\x1b\x84\x24\x43\x77\x21\x52\xc9\xe0\xad\x02\x15\x00\xe9\x5e\x4a\x5f\x73\x70\x59\xdc\x60\xdf\x59\x91\xd4\x50\x29\x40\x9e\x60\xfc\x09' 99 | brainpoolp192r1 = b'\x30\x81\xad\x02\x01\x01\x30\x24\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x19\x00\xc3\x02\xf4\x1d\x93\x2a\x36\xcd\xa7\xa3\x46\x30\x93\xd1\x8d\xb7\x8f\xce\x47\x6d\xe1\xa8\x62\x97\x30\x34\x04\x18\x6a\x91\x17\x40\x76\xb1\xe0\xe1\x9c\x39\xc0\x31\xfe\x86\x85\xc1\xca\xe0\x40\xe5\xc6\x9a\x28\xef\x04\x18\x46\x9a\x28\xef\x7c\x28\xcc\xa3\xdc\x72\x1d\x04\x4f\x44\x96\xbc\xca\x7e\xf4\x14\x6f\xbf\x25\xc9\x04\x31\x04\xc0\xa0\x64\x7e\xaa\xb6\xa4\x87\x53\xb0\x33\xc5\x6c\xb0\xf0\x90\x0a\x2f\x5c\x48\x53\x37\x5f\xd6\x14\xb6\x90\x86\x6a\xbd\x5b\xb8\x8b\x5f\x48\x28\xc1\x49\x00\x02\xe6\x77\x3f\xa2\xfa\x29\x9b\x8f\x02\x19\x00\xc3\x02\xf4\x1d\x93\x2a\x36\xcd\xa7\xa3\x46\x2f\x9e\x9e\x91\x6b\x5b\xe8\xf1\x02\x9a\xc4\xac\xc1' 100 | brainpoolp192t1 = b'\x30\x81\xad\x02\x01\x01\x30\x24\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x19\x00\xc3\x02\xf4\x1d\x93\x2a\x36\xcd\xa7\xa3\x46\x30\x93\xd1\x8d\xb7\x8f\xce\x47\x6d\xe1\xa8\x62\x97\x30\x34\x04\x18\xc3\x02\xf4\x1d\x93\x2a\x36\xcd\xa7\xa3\x46\x30\x93\xd1\x8d\xb7\x8f\xce\x47\x6d\xe1\xa8\x62\x94\x04\x18\x13\xd5\x6f\xfa\xec\x78\x68\x1e\x68\xf9\xde\xb4\x3b\x35\xbe\xc2\xfb\x68\x54\x2e\x27\x89\x7b\x79\x04\x31\x04\x3a\xe9\xe5\x8c\x82\xf6\x3c\x30\x28\x2e\x1f\xe7\xbb\xf4\x3f\xa7\x2c\x44\x6a\xf6\xf4\x61\x81\x29\x09\x7e\x2c\x56\x67\xc2\x22\x3a\x90\x2a\xb5\xca\x44\x9d\x00\x84\xb7\xe5\xb3\xde\x7c\xcc\x01\xc9\x02\x19\x00\xc3\x02\xf4\x1d\x93\x2a\x36\xcd\xa7\xa3\x46\x2f\x9e\x9e\x91\x6b\x5b\xe8\xf1\x02\x9a\xc4\xac\xc1' 101 | brainpoolp224r1 = b'\x30\x81\xc5\x02\x01\x01\x30\x28\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x1d\x00\xd7\xc1\x34\xaa\x26\x43\x66\x86\x2a\x18\x30\x25\x75\xd1\xd7\x87\xb0\x9f\x07\x57\x97\xda\x89\xf5\x7e\xc8\xc0\xff\x30\x3c\x04\x1c\x68\xa5\xe6\x2c\xa9\xce\x6c\x1c\x29\x98\x03\xa6\xc1\x53\x0b\x51\x4e\x18\x2a\xd8\xb0\x04\x2a\x59\xca\xd2\x9f\x43\x04\x1c\x25\x80\xf6\x3c\xcf\xe4\x41\x38\x87\x07\x13\xb1\xa9\x23\x69\xe3\x3e\x21\x35\xd2\x66\xdb\xb3\x72\x38\x6c\x40\x0b\x04\x39\x04\x0d\x90\x29\xad\x2c\x7e\x5c\xf4\x34\x08\x23\xb2\xa8\x7d\xc6\x8c\x9e\x4c\xe3\x17\x4c\x1e\x6e\xfd\xee\x12\xc0\x7d\x58\xaa\x56\xf7\x72\xc0\x72\x6f\x24\xc6\xb8\x9e\x4e\xcd\xac\x24\x35\x4b\x9e\x99\xca\xa3\xf6\xd3\x76\x14\x02\xcd\x02\x1d\x00\xd7\xc1\x34\xaa\x26\x43\x66\x86\x2a\x18\x30\x25\x75\xd0\xfb\x98\xd1\x16\xbc\x4b\x6d\xde\xbc\xa3\xa5\xa7\x93\x9f' 102 | brainpoolp224t1 = b'\x30\x81\xc5\x02\x01\x01\x30\x28\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x1d\x00\xd7\xc1\x34\xaa\x26\x43\x66\x86\x2a\x18\x30\x25\x75\xd1\xd7\x87\xb0\x9f\x07\x57\x97\xda\x89\xf5\x7e\xc8\xc0\xff\x30\x3c\x04\x1c\xd7\xc1\x34\xaa\x26\x43\x66\x86\x2a\x18\x30\x25\x75\xd1\xd7\x87\xb0\x9f\x07\x57\x97\xda\x89\xf5\x7e\xc8\xc0\xfc\x04\x1c\x4b\x33\x7d\x93\x41\x04\xcd\x7b\xef\x27\x1b\xf6\x0c\xed\x1e\xd2\x0d\xa1\x4c\x08\xb3\xbb\x64\xf1\x8a\x60\x88\x8d\x04\x39\x04\x6a\xb1\xe3\x44\xce\x25\xff\x38\x96\x42\x4e\x7f\xfe\x14\x76\x2e\xcb\x49\xf8\x92\x8a\xc0\xc7\x60\x29\xb4\xd5\x80\x03\x74\xe9\xf5\x14\x3e\x56\x8c\xd2\x3f\x3f\x4d\x7c\x0d\x4b\x1e\x41\xc8\xcc\x0d\x1c\x6a\xbd\x5f\x1a\x46\xdb\x4c\x02\x1d\x00\xd7\xc1\x34\xaa\x26\x43\x66\x86\x2a\x18\x30\x25\x75\xd0\xfb\x98\xd1\x16\xbc\x4b\x6d\xde\xbc\xa3\xa5\xa7\x93\x9f' 103 | brainpoolp256r1 = b'\x30\x81\xdd\x02\x01\x01\x30\x2c\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x21\x00\xa9\xfb\x57\xdb\xa1\xee\xa9\xbc\x3e\x66\x0a\x90\x9d\x83\x8d\x72\x6e\x3b\xf6\x23\xd5\x26\x20\x28\x20\x13\x48\x1d\x1f\x6e\x53\x77\x30\x44\x04\x20\x7d\x5a\x09\x75\xfc\x2c\x30\x57\xee\xf6\x75\x30\x41\x7a\xff\xe7\xfb\x80\x55\xc1\x26\xdc\x5c\x6c\xe9\x4a\x4b\x44\xf3\x30\xb5\xd9\x04\x20\x26\xdc\x5c\x6c\xe9\x4a\x4b\x44\xf3\x30\xb5\xd9\xbb\xd7\x7c\xbf\x95\x84\x16\x29\x5c\xf7\xe1\xce\x6b\xcc\xdc\x18\xff\x8c\x07\xb6\x04\x41\x04\x8b\xd2\xae\xb9\xcb\x7e\x57\xcb\x2c\x4b\x48\x2f\xfc\x81\xb7\xaf\xb9\xde\x27\xe1\xe3\xbd\x23\xc2\x3a\x44\x53\xbd\x9a\xce\x32\x62\x54\x7e\xf8\x35\xc3\xda\xc4\xfd\x97\xf8\x46\x1a\x14\x61\x1d\xc9\xc2\x77\x45\x13\x2d\xed\x8e\x54\x5c\x1d\x54\xc7\x2f\x04\x69\x97\x02\x21\x00\xa9\xfb\x57\xdb\xa1\xee\xa9\xbc\x3e\x66\x0a\x90\x9d\x83\x8d\x71\x8c\x39\x7a\xa3\xb5\x61\xa6\xf7\x90\x1e\x0e\x82\x97\x48\x56\xa7' 104 | brainpoolp256t1 = b'\x30\x81\xdd\x02\x01\x01\x30\x2c\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x21\x00\xa9\xfb\x57\xdb\xa1\xee\xa9\xbc\x3e\x66\x0a\x90\x9d\x83\x8d\x72\x6e\x3b\xf6\x23\xd5\x26\x20\x28\x20\x13\x48\x1d\x1f\x6e\x53\x77\x30\x44\x04\x20\xa9\xfb\x57\xdb\xa1\xee\xa9\xbc\x3e\x66\x0a\x90\x9d\x83\x8d\x72\x6e\x3b\xf6\x23\xd5\x26\x20\x28\x20\x13\x48\x1d\x1f\x6e\x53\x74\x04\x20\x66\x2c\x61\xc4\x30\xd8\x4e\xa4\xfe\x66\xa7\x73\x3d\x0b\x76\xb7\xbf\x93\xeb\xc4\xaf\x2f\x49\x25\x6a\xe5\x81\x01\xfe\xe9\x2b\x04\x04\x41\x04\xa3\xe8\xeb\x3c\xc1\xcf\xe7\xb7\x73\x22\x13\xb2\x3a\x65\x61\x49\xaf\xa1\x42\xc4\x7a\xaf\xbc\x2b\x79\xa1\x91\x56\x2e\x13\x05\xf4\x2d\x99\x6c\x82\x34\x39\xc5\x6d\x7f\x7b\x22\xe1\x46\x44\x41\x7e\x69\xbc\xb6\xde\x39\xd0\x27\x00\x1d\xab\xe8\xf3\x5b\x25\xc9\xbe\x02\x21\x00\xa9\xfb\x57\xdb\xa1\xee\xa9\xbc\x3e\x66\x0a\x90\x9d\x83\x8d\x71\x8c\x39\x7a\xa3\xb5\x61\xa6\xf7\x90\x1e\x0e\x82\x97\x48\x56\xa7' 105 | brainpoolp320r1 = b'\x30\x82\x01\x0d\x02\x01\x01\x30\x34\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x29\x00\xd3\x5e\x47\x20\x36\xbc\x4f\xb7\xe1\x3c\x78\x5e\xd2\x01\xe0\x65\xf9\x8f\xcf\xa6\xf6\xf4\x0d\xef\x4f\x92\xb9\xec\x78\x93\xec\x28\xfc\xd4\x12\xb1\xf1\xb3\x2e\x27\x30\x54\x04\x28\x3e\xe3\x0b\x56\x8f\xba\xb0\xf8\x83\xcc\xeb\xd4\x6d\x3f\x3b\xb8\xa2\xa7\x35\x13\xf5\xeb\x79\xda\x66\x19\x0e\xb0\x85\xff\xa9\xf4\x92\xf3\x75\xa9\x7d\x86\x0e\xb4\x04\x28\x52\x08\x83\x94\x9d\xfd\xbc\x42\xd3\xad\x19\x86\x40\x68\x8a\x6f\xe1\x3f\x41\x34\x95\x54\xb4\x9a\xcc\x31\xdc\xcd\x88\x45\x39\x81\x6f\x5e\xb4\xac\x8f\xb1\xf1\xa6\x04\x51\x04\x43\xbd\x7e\x9a\xfb\x53\xd8\xb8\x52\x89\xbc\xc4\x8e\xe5\xbf\xe6\xf2\x01\x37\xd1\x0a\x08\x7e\xb6\xe7\x87\x1e\x2a\x10\xa5\x99\xc7\x10\xaf\x8d\x0d\x39\xe2\x06\x11\x14\xfd\xd0\x55\x45\xec\x1c\xc8\xab\x40\x93\x24\x7f\x77\x27\x5e\x07\x43\xff\xed\x11\x71\x82\xea\xa9\xc7\x78\x77\xaa\xac\x6a\xc7\xd3\x52\x45\xd1\x69\x2e\x8e\xe1\x02\x29\x00\xd3\x5e\x47\x20\x36\xbc\x4f\xb7\xe1\x3c\x78\x5e\xd2\x01\xe0\x65\xf9\x8f\xcf\xa5\xb6\x8f\x12\xa3\x2d\x48\x2e\xc7\xee\x86\x58\xe9\x86\x91\x55\x5b\x44\xc5\x93\x11' 106 | brainpoolp320t1 = b'\x30\x82\x01\x0d\x02\x01\x01\x30\x34\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x29\x00\xd3\x5e\x47\x20\x36\xbc\x4f\xb7\xe1\x3c\x78\x5e\xd2\x01\xe0\x65\xf9\x8f\xcf\xa6\xf6\xf4\x0d\xef\x4f\x92\xb9\xec\x78\x93\xec\x28\xfc\xd4\x12\xb1\xf1\xb3\x2e\x27\x30\x54\x04\x28\xd3\x5e\x47\x20\x36\xbc\x4f\xb7\xe1\x3c\x78\x5e\xd2\x01\xe0\x65\xf9\x8f\xcf\xa6\xf6\xf4\x0d\xef\x4f\x92\xb9\xec\x78\x93\xec\x28\xfc\xd4\x12\xb1\xf1\xb3\x2e\x24\x04\x28\xa7\xf5\x61\xe0\x38\xeb\x1e\xd5\x60\xb3\xd1\x47\xdb\x78\x20\x13\x06\x4c\x19\xf2\x7e\xd2\x7c\x67\x80\xaa\xf7\x7f\xb8\xa5\x47\xce\xb5\xb4\xfe\xf4\x22\x34\x03\x53\x04\x51\x04\x92\x5b\xe9\xfb\x01\xaf\xc6\xfb\x4d\x3e\x7d\x49\x90\x01\x0f\x81\x34\x08\xab\x10\x6c\x4f\x09\xcb\x7e\xe0\x78\x68\xcc\x13\x6f\xff\x33\x57\xf6\x24\xa2\x1b\xed\x52\x63\xba\x3a\x7a\x27\x48\x3e\xbf\x66\x71\xdb\xef\x7a\xbb\x30\xeb\xee\x08\x4e\x58\xa0\xb0\x77\xad\x42\xa5\xa0\x98\x9d\x1e\xe7\x1b\x1b\x9b\xc0\x45\x5f\xb0\xd2\xc3\x02\x29\x00\xd3\x5e\x47\x20\x36\xbc\x4f\xb7\xe1\x3c\x78\x5e\xd2\x01\xe0\x65\xf9\x8f\xcf\xa5\xb6\x8f\x12\xa3\x2d\x48\x2e\xc7\xee\x86\x58\xe9\x86\x91\x55\x5b\x44\xc5\x93\x11' 107 | brainpoolp384r1 = b'\x30\x82\x01\x3d\x02\x01\x01\x30\x3c\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x31\x00\x8c\xb9\x1e\x82\xa3\x38\x6d\x28\x0f\x5d\x6f\x7e\x50\xe6\x41\xdf\x15\x2f\x71\x09\xed\x54\x56\xb4\x12\xb1\xda\x19\x7f\xb7\x11\x23\xac\xd3\xa7\x29\x90\x1d\x1a\x71\x87\x47\x00\x13\x31\x07\xec\x53\x30\x64\x04\x30\x7b\xc3\x82\xc6\x3d\x8c\x15\x0c\x3c\x72\x08\x0a\xce\x05\xaf\xa0\xc2\xbe\xa2\x8e\x4f\xb2\x27\x87\x13\x91\x65\xef\xba\x91\xf9\x0f\x8a\xa5\x81\x4a\x50\x3a\xd4\xeb\x04\xa8\xc7\xdd\x22\xce\x28\x26\x04\x30\x04\xa8\xc7\xdd\x22\xce\x28\x26\x8b\x39\xb5\x54\x16\xf0\x44\x7c\x2f\xb7\x7d\xe1\x07\xdc\xd2\xa6\x2e\x88\x0e\xa5\x3e\xeb\x62\xd5\x7c\xb4\x39\x02\x95\xdb\xc9\x94\x3a\xb7\x86\x96\xfa\x50\x4c\x11\x04\x61\x04\x1d\x1c\x64\xf0\x68\xcf\x45\xff\xa2\xa6\x3a\x81\xb7\xc1\x3f\x6b\x88\x47\xa3\xe7\x7e\xf1\x4f\xe3\xdb\x7f\xca\xfe\x0c\xbd\x10\xe8\xe8\x26\xe0\x34\x36\xd6\x46\xaa\xef\x87\xb2\xe2\x47\xd4\xaf\x1e\x8a\xbe\x1d\x75\x20\xf9\xc2\xa4\x5c\xb1\xeb\x8e\x95\xcf\xd5\x52\x62\xb7\x0b\x29\xfe\xec\x58\x64\xe1\x9c\x05\x4f\xf9\x91\x29\x28\x0e\x46\x46\x21\x77\x91\x81\x11\x42\x82\x03\x41\x26\x3c\x53\x15\x02\x31\x00\x8c\xb9\x1e\x82\xa3\x38\x6d\x28\x0f\x5d\x6f\x7e\x50\xe6\x41\xdf\x15\x2f\x71\x09\xed\x54\x56\xb3\x1f\x16\x6e\x6c\xac\x04\x25\xa7\xcf\x3a\xb6\xaf\x6b\x7f\xc3\x10\x3b\x88\x32\x02\xe9\x04\x65\x65' 108 | brainpoolp384t1 = b'\x30\x82\x01\x3d\x02\x01\x01\x30\x3c\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x31\x00\x8c\xb9\x1e\x82\xa3\x38\x6d\x28\x0f\x5d\x6f\x7e\x50\xe6\x41\xdf\x15\x2f\x71\x09\xed\x54\x56\xb4\x12\xb1\xda\x19\x7f\xb7\x11\x23\xac\xd3\xa7\x29\x90\x1d\x1a\x71\x87\x47\x00\x13\x31\x07\xec\x53\x30\x64\x04\x30\x8c\xb9\x1e\x82\xa3\x38\x6d\x28\x0f\x5d\x6f\x7e\x50\xe6\x41\xdf\x15\x2f\x71\x09\xed\x54\x56\xb4\x12\xb1\xda\x19\x7f\xb7\x11\x23\xac\xd3\xa7\x29\x90\x1d\x1a\x71\x87\x47\x00\x13\x31\x07\xec\x50\x04\x30\x7f\x51\x9e\xad\xa7\xbd\xa8\x1b\xd8\x26\xdb\xa6\x47\x91\x0f\x8c\x4b\x93\x46\xed\x8c\xcd\xc6\x4e\x4b\x1a\xbd\x11\x75\x6d\xce\x1d\x20\x74\xaa\x26\x3b\x88\x80\x5c\xed\x70\x35\x5a\x33\xb4\x71\xee\x04\x61\x04\x18\xde\x98\xb0\x2d\xb9\xa3\x06\xf2\xaf\xcd\x72\x35\xf7\x2a\x81\x9b\x80\xab\x12\xeb\xd6\x53\x17\x24\x76\xfe\xcd\x46\x2a\xab\xff\xc4\xff\x19\x1b\x94\x6a\x5f\x54\xd8\xd0\xaa\x2f\x41\x88\x08\xcc\x25\xab\x05\x69\x62\xd3\x06\x51\xa1\x14\xaf\xd2\x75\x5a\xd3\x36\x74\x7f\x93\x47\x5b\x7a\x1f\xca\x3b\x88\xf2\xb6\xa2\x08\xcc\xfe\x46\x94\x08\x58\x4d\xc2\xb2\x91\x26\x75\xbf\x5b\x9e\x58\x29\x28\x02\x31\x00\x8c\xb9\x1e\x82\xa3\x38\x6d\x28\x0f\x5d\x6f\x7e\x50\xe6\x41\xdf\x15\x2f\x71\x09\xed\x54\x56\xb3\x1f\x16\x6e\x6c\xac\x04\x25\xa7\xcf\x3a\xb6\xaf\x6b\x7f\xc3\x10\x3b\x88\x32\x02\xe9\x04\x65\x65' 109 | brainpoolp512r1 = b'\x30\x82\x01\x9f\x02\x01\x01\x30\x4c\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x41\x00\xaa\xdd\x9d\xb8\xdb\xe9\xc4\x8b\x3f\xd4\xe6\xae\x33\xc9\xfc\x07\xcb\x30\x8d\xb3\xb3\xc9\xd2\x0e\xd6\x63\x9c\xca\x70\x33\x08\x71\x7d\x4d\x9b\x00\x9b\xc6\x68\x42\xae\xcd\xa1\x2a\xe6\xa3\x80\xe6\x28\x81\xff\x2f\x2d\x82\xc6\x85\x28\xaa\x60\x56\x58\x3a\x48\xf3\x30\x81\x84\x04\x40\x78\x30\xa3\x31\x8b\x60\x3b\x89\xe2\x32\x71\x45\xac\x23\x4c\xc5\x94\xcb\xdd\x8d\x3d\xf9\x16\x10\xa8\x34\x41\xca\xea\x98\x63\xbc\x2d\xed\x5d\x5a\xa8\x25\x3a\xa1\x0a\x2e\xf1\xc9\x8b\x9a\xc8\xb5\x7f\x11\x17\xa7\x2b\xf2\xc7\xb9\xe7\xc1\xac\x4d\x77\xfc\x94\xca\x04\x40\x3d\xf9\x16\x10\xa8\x34\x41\xca\xea\x98\x63\xbc\x2d\xed\x5d\x5a\xa8\x25\x3a\xa1\x0a\x2e\xf1\xc9\x8b\x9a\xc8\xb5\x7f\x11\x17\xa7\x2b\xf2\xc7\xb9\xe7\xc1\xac\x4d\x77\xfc\x94\xca\xdc\x08\x3e\x67\x98\x40\x50\xb7\x5e\xba\xe5\xdd\x28\x09\xbd\x63\x80\x16\xf7\x23\x04\x81\x81\x04\x81\xae\xe4\xbd\xd8\x2e\xd9\x64\x5a\x21\x32\x2e\x9c\x4c\x6a\x93\x85\xed\x9f\x70\xb5\xd9\x16\xc1\xb4\x3b\x62\xee\xf4\xd0\x09\x8e\xff\x3b\x1f\x78\xe2\xd0\xd4\x8d\x50\xd1\x68\x7b\x93\xb9\x7d\x5f\x7c\x6d\x50\x47\x40\x6a\x5e\x68\x8b\x35\x22\x09\xbc\xb9\xf8\x22\x7d\xde\x38\x5d\x56\x63\x32\xec\xc0\xea\xbf\xa9\xcf\x78\x22\xfd\xf2\x09\xf7\x00\x24\xa5\x7b\x1a\xa0\x00\xc5\x5b\x88\x1f\x81\x11\xb2\xdc\xde\x49\x4a\x5f\x48\x5e\x5b\xca\x4b\xd8\x8a\x27\x63\xae\xd1\xca\x2b\x2f\xa8\xf0\x54\x06\x78\xcd\x1e\x0f\x3a\xd8\x08\x92\x02\x41\x00\xaa\xdd\x9d\xb8\xdb\xe9\xc4\x8b\x3f\xd4\xe6\xae\x33\xc9\xfc\x07\xcb\x30\x8d\xb3\xb3\xc9\xd2\x0e\xd6\x63\x9c\xca\x70\x33\x08\x70\x55\x3e\x5c\x41\x4c\xa9\x26\x19\x41\x86\x61\x19\x7f\xac\x10\x47\x1d\xb1\xd3\x81\x08\x5d\xda\xdd\xb5\x87\x96\x82\x9c\xa9\x00\x69' 110 | brainpoolp512t1 = b'\x30\x82\x01\x9f\x02\x01\x01\x30\x4c\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x41\x00\xaa\xdd\x9d\xb8\xdb\xe9\xc4\x8b\x3f\xd4\xe6\xae\x33\xc9\xfc\x07\xcb\x30\x8d\xb3\xb3\xc9\xd2\x0e\xd6\x63\x9c\xca\x70\x33\x08\x71\x7d\x4d\x9b\x00\x9b\xc6\x68\x42\xae\xcd\xa1\x2a\xe6\xa3\x80\xe6\x28\x81\xff\x2f\x2d\x82\xc6\x85\x28\xaa\x60\x56\x58\x3a\x48\xf3\x30\x81\x84\x04\x40\xaa\xdd\x9d\xb8\xdb\xe9\xc4\x8b\x3f\xd4\xe6\xae\x33\xc9\xfc\x07\xcb\x30\x8d\xb3\xb3\xc9\xd2\x0e\xd6\x63\x9c\xca\x70\x33\x08\x71\x7d\x4d\x9b\x00\x9b\xc6\x68\x42\xae\xcd\xa1\x2a\xe6\xa3\x80\xe6\x28\x81\xff\x2f\x2d\x82\xc6\x85\x28\xaa\x60\x56\x58\x3a\x48\xf0\x04\x40\x7c\xbb\xbc\xf9\x44\x1c\xfa\xb7\x6e\x18\x90\xe4\x68\x84\xea\xe3\x21\xf7\x0c\x0b\xcb\x49\x81\x52\x78\x97\x50\x4b\xec\x3e\x36\xa6\x2b\xcd\xfa\x23\x04\x97\x65\x40\xf6\x45\x00\x85\xf2\xda\xe1\x45\xc2\x25\x53\xb4\x65\x76\x36\x89\x18\x0e\xa2\x57\x18\x67\x42\x3e\x04\x81\x81\x04\x64\x0e\xce\x5c\x12\x78\x87\x17\xb9\xc1\xba\x06\xcb\xc2\xa6\xfe\xba\x85\x84\x24\x58\xc5\x6d\xde\x9d\xb1\x75\x8d\x39\xc0\x31\x3d\x82\xba\x51\x73\x5c\xdb\x3e\xa4\x99\xaa\x77\xa7\xd6\x94\x3a\x64\xf7\xa3\xf2\x5f\xe2\x6f\x06\xb5\x1b\xaa\x26\x96\xfa\x90\x35\xda\x5b\x53\x4b\xd5\x95\xf5\xaf\x0f\xa2\xc8\x92\x37\x6c\x84\xac\xe1\xbb\x4e\x30\x19\xb7\x16\x34\xc0\x11\x31\x15\x9c\xae\x03\xce\xe9\xd9\x93\x21\x84\xbe\xef\x21\x6b\xd7\x1d\xf2\xda\xdf\x86\xa6\x27\x30\x6e\xcf\xf9\x6d\xbb\x8b\xac\xe1\x98\xb6\x1e\x00\xf8\xb3\x32\x02\x41\x00\xaa\xdd\x9d\xb8\xdb\xe9\xc4\x8b\x3f\xd4\xe6\xae\x33\xc9\xfc\x07\xcb\x30\x8d\xb3\xb3\xc9\xd2\x0e\xd6\x63\x9c\xca\x70\x33\x08\x70\x55\x3e\x5c\x41\x4c\xa9\x26\x19\x41\x86\x61\x19\x7f\xac\x10\x47\x1d\xb1\xd3\x81\x08\x5d\xda\xdd\xb5\x87\x96\x82\x9c\xa9\x00\x69' 111 | 112 | # Microsoft Playready P-160 113 | playreadyp160 = b'\x30\x81\x95\x02\x01\x01\x30\x20\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x15\x00\x89\xab\xcd\xef\x01\x23\x45\x67\x27\x18\x28\x18\x31\x41\x59\x26\x14\x14\x24\xf7\x30\x2c\x04\x14\x37\xa5\xab\xcc\xd2\x77\xbc\xe8\x76\x32\xff\x3d\x47\x80\xc0\x09\xeb\xe4\x14\x97\x04\x14\x0d\xd8\xda\xbf\x72\x5e\x2f\x32\x28\xe8\x5f\x1a\xd7\x8f\xde\xdf\x93\x28\x23\x9e\x04\x29\x04\x87\x23\x94\x7f\xd6\xa3\xa1\xe5\x35\x10\xc0\x7d\xba\x38\xda\xf0\x10\x9f\xa1\x20\x44\x57\x44\x91\x10\x75\x52\x2d\x8c\x3c\x58\x56\xd4\xed\x7a\xcd\xa3\x79\x93\x6f\x02\x15\x00\x89\xab\xcd\xef\x01\x23\x45\x67\x27\x16\xb2\x6e\xec\x14\x90\x44\x28\xc2\xa6\x75' 114 | -------------------------------------------------------------------------------- /pyhsm/hsmenums.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | # hsmenums.py 8 | # author: Benton Stark (bestark@cisco.com) 9 | # date: 11-14-2014 10 | 11 | from enum import Enum 12 | 13 | 14 | # entries map to CKK_ 15 | class HsmAsymKeyType(Enum): 16 | RSA = 0x00000000 17 | # RSA 18 | DSA = 0x00000001 19 | # Digital Signature Algorithm 20 | DH = 0x00000002 21 | # Diffie-Hellman. 22 | EC = 0x00000003 23 | # Elliptic Curve 24 | KEA = 0x00000005 25 | # Key Exchange Algorithm. A variation on Diffie-Hellman; proposed as the key exchange method for Capstone 26 | GENERIC_SECRET = 0x00000010 27 | # Generic Secret - Algorithm undefined 28 | 29 | 30 | # entries map to CKK_ 31 | class HsmSymKeyType(Enum): 32 | GENERIC_SECRET = 0x00000010 33 | # Generic Secret - Algorithm undefined 34 | RC2 = 0x00000011 35 | # RC2. A 64-bit block cipher using variable-sized keys designed to replace DES. It's code has not been made public 36 | # although many companies have licensed RC2 for use in their products 37 | RC4 = 0x00000012 38 | # RC4. A stream cipher using variable-sized keys; it is widely used in commercial cryptography products, although 39 | # it can only be exported using keys that are 40 bits or less in length. 40 | DES = 0x00000013 41 | # Data Encryption Standard 2 (DES2). 42 | DES2 = 0x00000014 43 | # Triple-DES variant that employs two 56-bit keys in AB form and ABA in function with three encryption/decryption 44 | # passes over the block; 3DES is also described in FIPS 46-3 and is the recommended replacement to DES. 45 | DES3 = 0x00000015 46 | # Triple-DES variant that employs three 56-bit keys in ABC form and ABC in function with three encryption/decryption 47 | # passes over the block; 3DES is also described in FIPS 46-3 and is the recommended replacement to DES. 48 | RC5 = 0x00000019 49 | # RC5. A block-cipher supporting a variety of block sizes, key sizes, and number of encryption passes over the data. 50 | # Described in RFC 2040. 51 | IDEA = 0x0000001A 52 | # International Data Encryption Algorithm (IDEA) is a block cipher designed by Xuejia Lai and James Massey of 53 | # ETH Zurich and was first described in 1991. The algorithm was intended as a replacement for the Data Encryption 54 | # Standard. 55 | SKIPJACK = 0x0000001B 56 | # SKC scheme proposed for Capstone. Although the details of the algorithm were never made public, Skipjack was a 57 | # block cipher using an 80-bit key and 32 iteration cycles per 64-bit block. 58 | BATON = 0x0000001C 59 | # BATON is a Type 1 block cipher, used by the United States government to secure all types of classified 60 | # information. BATON has a 128-bit block size and a 320-bit key. 160 bits of the key are checksum material; 61 | # they do not affect the security of the algorithm itself but rather prevent unauthorized keys from being loaded 62 | # if a BATON device ends up in the hands of an adversary. 63 | JUNIPER = 0x0000001D 64 | # Juniper block cipher. 65 | CDMF = 0x0000001E 66 | # CDMF (Commercial Data Masking Facility) is an algorithm developed at IBM in 1992 to reduce the security strength 67 | # of the DES cipher to that of 40-bit encryption, at the time a requirement of U.S. restrictions on export of 68 | # cryptography. Rather than a separate cipher from DES, CDMF constitutes a key generation algorithm, called key 69 | # shortening. It is one of the cryptographic algorithms supported by S-HTTP. 70 | AES = 0x0000001F 71 | # Advanced Encryption Standard (AES). In 1997, NIST initiated a very public, 4-1/2 year process to develop a new 72 | # secure cryptosystem for U.S. government applications. The result, the Advanced Encryption Standard, became the 73 | # official successor to DES in December 2001. 74 | CAST = 0x00000016 75 | # CAST 76 | CAST3 = 0x00000017 77 | # CAST3 78 | CAST5 = 0x00000018 79 | # CAST-128 (alternatively CAST5) is a block cipher used in a number of products, notably as the default cipher 80 | # in some versions of GPG and PGP. It has also been approved for Canadian government use by the Communications 81 | # Security Establishment. 82 | 83 | 84 | # entries map to CKK_ 85 | class HsmSymKeyGen(Enum): 86 | AES = 0x00001080 87 | # Advanced Encryption Standard. 88 | DES = 0x00000120 89 | # Data Encryption Standard (DES). The most common SKC scheme used today, DES was designed by IBM in the 1970s and 90 | # adopted by the National Bureau of Standards (NBS) [now the National Institute for Standards and Technology 91 | # (NIST)] in 1977 for commercial and unclassified government applications. DES is a block-cipher employing a 92 | # 56-bit key that operates on 64-bit blocks. DES has a complex set of rules and transformations that were designed 93 | # specifically to yield fast hardware implementations and slow software implementations, although this latter point 94 | # is becoming less significant today since the speed of computer processors is several orders of magnitude faster 95 | # today than twenty years ago. IBM also proposed a 112-bit key for DES, which was rejected at the time by the 96 | # government; the use of 112-bit keys was considered in the 1990s, however, conversion was never seriously 97 | # considered. 98 | DES2 = 0x00000130 99 | # Data Encryption Standard 2 (DES2). 100 | DES3 = 0x00000131 101 | # DES3. A variant of DES that employs up to three 56-bit keys and makes three encryption/decryption passes over 102 | # the block; 3DES is also described in FIPS 46-3 and is the recommended replacement to DES. 103 | RC2 = 0x00000100 104 | # RC2. A 64-bit block cipher using variable-sized keys designed to replace DES. It's code has not been made public 105 | # although many companies have licensed RC2 for use in their products 106 | RC4 = 0x00000110 107 | # RC4. A stream cipher using variable-sized keys; it is widely used in commercial cryptography products, although 108 | # it can only be exported using keys that are 40 bits or less in length. 109 | RC5 = 0x00000330 110 | # RC5. A block-cipher supporting a variety of block sizes, key sizes, and number of encryption passes over the data. 111 | # Described in RFC 2040. 112 | CAST = 0x00000300 113 | # CAST. 114 | CAST3 = 0x00000310 115 | # CAST 3. 116 | IDEA = 0x00000340 117 | # International Data Encryption Algorithm (IDEA) is a block cipher designed by Xuejia Lai and James Massey of ETH 118 | # Zurich and was first described in 1991. The algorithm was intended as a replacement for the Data Encryption 119 | # Standard. 120 | Baton = 0x00001030 121 | # BATON is a Type 1 block cipher, used by the United States government to secure all types of classified 122 | # information. BATON has a 128-bit block size and a 320-bit key. 160 bits of the key are checksum material; they 123 | # do not affect the security of the algorithm itself but rather prevent unauthorized keys from being loaded if a 124 | # BATON device ends up in the hands of an adversary. 125 | Juniper = 0x00001060 126 | # Juniper block cipher. 127 | 128 | 129 | class HsmUser(Enum): 130 | SecurityOfficer = 0 131 | CryptoOfficer = 1 132 | 133 | 134 | class HsmSession(Enum): 135 | Undefined = 0x0000 136 | # No flag options. 137 | Exclusive = 0x0001 138 | # Exclusive session. Only one open session is allowed. 139 | ReadWrite = 0x0002 140 | # Read write session which allows changes to be performed. 141 | SecurityOfficer = 0x8000 142 | # Security Officer specific session. Vendor proprietary option. 143 | SecurityOfficerExclusive = 0x8001 144 | # Security officer exclusive. Vendor proprietary option. 145 | SecurityOfficerReadWrite = 0x8002 146 | # Security officer read write option. Vendor proprietary option. 147 | 148 | 149 | # entries map to CKK_ 150 | class HsmKeyType(Enum): 151 | RSA = 0x00000000 152 | # RSA. 153 | DSA = 0x00000001 154 | # Digital Signature Algorithm 155 | DH = 0x00000002 156 | # Diffie-Hellman. 157 | EC = 0x00000003 158 | # Elliptic Curve 159 | KEA = 0x00000005 160 | # Key Exchange Algorithm. A variation on Diffie-Hellman; proposed as the key exchange method for Capstone 161 | GENERIC_SECRET = 0x00000010 162 | # Generic Secret - Algorithm undefined 163 | RC2 = 0x00000011 164 | # RC2. A 64-bit block cipher using variable-sized keys designed to replace DES. It's code has not been made public 165 | # although many companies have licensed RC2 for use in their products 166 | RC4 = 0x00000012 167 | # RC4. A stream cipher using variable-sized keys; it is widely used in commercial cryptography products, although 168 | # it can only be exported using keys that are 40 bits or less in length. 169 | DES = 0x00000013 170 | # Data Encryption Standard (DES). The most common SKC scheme used today, DES was designed by IBM in the 1970s and 171 | # adopted by the National Bureau of Standards (NBS) [now the National Institute for Standards and Technology 172 | # (NIST)] in 1977 for commercial and unclassified government applications. DES is a block-cipher employing a 56-bit 173 | # key that operates on 64-bit blocks. DES has a complex set of rules and transformations that were designed 174 | # specifically to yield fast hardware implementations and slow software implementations, although this latter point 175 | # is becoming less significant today since the speed of computer processors is several orders of magnitude faster 176 | # today than twenty years ago. IBM also proposed a 112-bit key for DES, which was rejected at the time by the 177 | # government; the use of 112-bit keys was considered in the 1990s, however, conversion was never seriously 178 | # considered. 179 | DES2 = 0x00000014 180 | # Data Encryption Standard 2 (DES2). 181 | DES3 = 0x00000015 182 | # DES3. A variant of DES that employs up to three 56-bit keys and makes three encryption/decryption passes over 183 | # the block; 3DES is also described in FIPS 46-3 and is the recommended replacement to DES. 184 | RC5 = 0x00000019 185 | # RC5. A block-cipher supporting a variety of block sizes, key sizes, and number of encryption passes over the 186 | # data. Described in RFC 2040. 187 | IDEA = 0x0000001A 188 | # International Data Encryption Algorithm (IDEA) is a block cipher designed by Xuejia Lai and James Massey of ETH 189 | # Zurich and was first described in 1991. The algorithm was intended as a replacement for the Data Encryption 190 | # Standard. 191 | SKIPJACK = 0x0000001B 192 | # SKC scheme proposed for Capstone. Although the details of the algorithm were never made public, Skipjack was a 193 | # block cipher using an 80-bit key and 32 iteration cycles per 64-bit block. 194 | BATON = 0x0000001C 195 | # BATON is a Type 1 block cipher, used by the United States government to secure all types of classified 196 | # information. BATON has a 128-bit block size and a 320-bit key. 160 bits of the key are checksum material; 197 | # they do not affect the security of the algorithm itself but rather prevent unauthorized keys from being loaded 198 | # if a BATON device ends up in the hands of an adversary. 199 | JUNIPER = 0x0000001D 200 | # Juniper block cipher. 201 | CDMF = 0x0000001E 202 | # CDMF (Commercial Data Masking Facility) is an algorithm developed at IBM in 1992 to reduce the security strength 203 | # of the DES cipher to that of 40-bit encryption, at the time a requirement of U.S. restrictions on export of 204 | # cryptography. Rather than a separate cipher from DES, CDMF constitutes a key generation algorithm, called key 205 | # shortening. It is one of the cryptographic algorithms supported by S-HTTP. 206 | AES = 0x0000001F 207 | # Advanced Encryption Standard (AES). In 1997, NIST initiated a very public, 4-1/2 year process to develop a new 208 | # secure cryptosystem for U.S. government applications. The result, the Advanced Encryption Standard, became the 209 | # official successor to DES in December 2001. 210 | CAST = 0x00000016 211 | # CAST. 212 | CAST3 = 0x00000017 213 | # CAST3. 214 | CAST5 = 0x00000018 215 | # CAST-128 (alternatively CAST5) is a block cipher used in a number of products, notably as the default cipher in 216 | # some versions of GPG and PGP. It has also been approved for Canadian government use by the Communications 217 | # Security Establishment. 218 | 219 | 220 | # entries map to CKM_ 221 | class HsmMech(Enum): 222 | RSA_PKCS_KEY_PAIR_GEN = 0x00000000 223 | # RSA PKCS Key Pair Generation. 224 | RSA_X9_31_KEY_PAIR_GEN = 0x0000000A 225 | # RSA X9_31 Key Pair Generation. 226 | RSA_PKCS = 0x00000001 227 | # RSA PKCS. 228 | RSA_9796 = 0x00000002 229 | # RSA 9796. 230 | RSA_X_509 = 0x00000003 231 | # RSA X.509. 232 | MD2_RSA_PKCS = 0x00000004 233 | # MD2 Hash with RSA PKCS. 234 | MD5_RSA_PKCS = 0x00000005 235 | # MD5 Hash with RSA PKCS. 236 | SHA1_RSA_PKCS = 0x00000006 237 | # SHA1 Hash with RSA PKCS. 238 | RSA_PKCS_OAEP = 0x00000009 239 | # RSA PKCS OAEP. Used to encrypt/decrypt or wrap/unwrap a symmetric key using a RSA key. 240 | SHA1_RSA_X9_31 = 0x0000000C 241 | # SHA1 Hash with RSA X9.31 242 | SHA1_RSA_PKCS_PSS = 0x0000000E 243 | # SHA1 RSA PKCS PSS. 244 | DSA_KEY_PAIR_GEN = 0x00000010 245 | # DSA Key Pair Generation. 246 | DSA = 0x00000011 247 | # DSA. 248 | DSA_SHA1 = 0x00000012 249 | # DSA with SHA1 Hash. 250 | DH_PKCS_KEY_PAIR_GEN = 0x00000020 251 | # DH PCKS Key Pair Generation. 252 | DH_PKCS_DERIVE = 0x00000021 253 | # DH PKCS Derive. 254 | SHA256_RSA_PKCS = 0x00000040 255 | # SHA256 Hash with RSA PKCS. 256 | SHA384_RSA_PKCS = 0x00000041 257 | # SHA384 Hash with RSA PKCS. 258 | SHA512_RSA_PKCS = 0x00000042 259 | # SHA512 Hash with RSA PKCS. 260 | RC2_KEY_GEN = 0x00000100 261 | # RC2 Key Generation. 262 | RC2_ECB = 0x00000101 263 | # RC2 ECB Mode. 264 | RC2_CBC = 0x00000102 265 | # RC2 CBC Mode. 266 | RC2_MAC = 0x00000103 267 | # RC2 MAC. 268 | RC2_MAC_GENERAL = 0x00000104 269 | # RC2 MAC General. 270 | RC2_CBC_PAD = 0x00000105 271 | # RC2 CBC with Padding. 272 | RC4_KEY_GEN = 0x00000110 273 | # RC4 Key Generation. 274 | RC4 = 0x00000111 275 | # RC4. 276 | DES_KEY_GEN = 0x00000120 277 | # DES Key Generation. 278 | DES_ECB = 0x00000121 279 | # DES ECB Mode. 280 | DES_CBC = 0x00000122 281 | # DES CBC Mode. 282 | DES_MAC = 0x00000123 283 | # DES MAC. 284 | DES_MAC_GENERAL = 0x00000124 285 | # DES MAC General. 286 | DES_CBC_PAD = 0x00000125 287 | # DES CBC with Padding. 288 | DES2_KEY_GEN = 0x00000130 289 | # DES2 Key Generation. 290 | DES3_KEY_GEN = 0x00000131 291 | # DES3 Key Generation. 292 | DES3_ECB = 0x00000132 293 | # DES3 ECB Mode. 294 | DES3_CBC = 0x00000133 295 | # DES3 CBC Mode. 296 | DES3_MAC = 0x00000134 297 | # DES3 MAC. 298 | DES3_MAC_GENERAL = 0x00000135 299 | # DES3 MAC General. 300 | DES3_CBC_PAD = 0x00000136 301 | # DES3 CBC Mode with Padding. 302 | CDMF_KEY_GEN = 0x00000140 303 | # CDMF Key Generation. 304 | CDMF_ECB = 0x00000141 305 | # CDMF ECB Mode. 306 | CDMF_CBC = 0x00000142 307 | # CDMF CBC Mode. 308 | CDMF_MAC = 0x00000143 309 | # CDMF MAC. 310 | CDMF_MAC_GENERAL = 0x00000144 311 | # CDMF MAC General. 312 | CDMF_CBC_PAD = 0x00000145 313 | # CDMF CDC Mode with Padding. 314 | MD2 = 0x00000200 315 | # MD2. 316 | MD2_HMAC = 0x00000201 317 | # MD2 HMAC. 318 | MD2_HMAC_GENERAL = 0x00000202 319 | # MD2 HMAC General. 320 | MD5 = 0x00000210 321 | # MD5. 322 | MD5_HMAC = 0x00000211 323 | # MD5 HMAC. 324 | MD5_HMAC_GENERAL = 0x00000212 325 | # MD5 HMAC General. 326 | SHA_1 = 0x00000220 327 | # SHA1. 328 | SHA_1_HMAC = 0x00000221 329 | # SHA1 HMAC. 330 | SHA_1_HMAC_GENERAL = 0x00000222 331 | # SHA1 HMAC General. 332 | SHA256 = 0x00000250 333 | # SHA256. 334 | SHA256_HMAC = 0x00000251 335 | # SHA256 HMAC. 336 | SHA256_HMAC_GENERAL = 0x00000252 337 | # SHA256 HMAC General. 338 | SHA384 = 0x00000260 339 | # SHA 384. 340 | SHA384_HMAC = 0x00000261 341 | # SHA 384 HMAC. 342 | SHA384_HMAC_GENERAL = 0x00000262 343 | # SHA 284 HMAC General. 344 | SHA512 = 0x00000270 345 | # SHA 512. 346 | SHA512_HMAC = 0x00000271 347 | # SHA 512 HMAC. 348 | SHA512_HMAC_GENERAL = 0x00000272 349 | # SHA 512 HMAC General. 350 | CAST_KEY_GEN = 0x00000300 351 | # Cast Key Generation. 352 | CAST_ECB = 0x00000301 353 | # Cast ECB Mode. 354 | CAST_CBC = 0x00000302 355 | # Cast CBC Mode. 356 | CAST_MAC = 0x00000303 357 | # Cast MAC. 358 | CAST_MAC_GENERAL = 0x00000304 359 | # Cast MAC General. 360 | CAST_CBC_PAD = 0x00000305 361 | # Cast CBC with Padding. 362 | CAST3_KEY_GEN = 0x00000310 363 | # Cast3 Key Generation. 364 | CAST3_ECB = 0x00000311 365 | # Cast3 ECB Mode. 366 | CAST3_CBC = 0x00000312 367 | # Cast3 CBC Mode. 368 | CAST3_MAC = 0x00000313 369 | # Cast3 MAC. 370 | CAST3_MAC_GENERAL = 0x00000314 371 | # Cast3 MAC General. 372 | CAST3_CBC_PAD = 0x00000315 373 | # Cast3 CBC with Padding. 374 | CAST5_KEY_GEN = 0x00000320 375 | # Cast5 Key Generation. 376 | CAST128_KEY_GEN = 0x00000320 377 | # Cast128 Key Generation. 378 | CAST5_ECB = 0x00000321 379 | # Cast5 ECB Mode. 380 | CAST128_ECB = 0x00000321 381 | # Cast128 ECB Mode. 382 | CAST5_CBC = 0x00000322 383 | # Cast5 CBC Mode. 384 | CAST128_CBC = 0x00000322 385 | # Cast128 CBC Mode. 386 | CAST5_MAC = 0x00000323 387 | # Cast5 MAC. 388 | CAST128_MAC = 0x00000323 389 | # Cast128 MAC. 390 | CAST5_MAC_GENERAL = 0x00000324 391 | # Cast5 Mac General. 392 | CAST128_MAC_GENERAL = 0x00000324 393 | # Cast128 MAC General. 394 | CAST5_CBC_PAD = 0x00000325 395 | # Cast5 CBC with Padding. 396 | CAST128_CBC_PAD = 0x00000325 397 | # Cast128 CBC with Padding. 398 | RC5_KEY_GEN = 0x00000330 399 | # RC5 Key Generation. 400 | RC5_ECB = 0x00000331 401 | # RC5 ECB Mode. 402 | RC5_CBC = 0x00000332 403 | # RC5 CBC Mode. 404 | RC5_MAC = 0x00000333 405 | # RC5 MAC. 406 | RC5_MAC_GENERAL = 0x00000334 407 | # RC5 MAC General. 408 | RC5_CBC_PAD = 0x00000335 409 | # RC5 CBC with Padding. 410 | IDEA_KEY_GEN = 0x00000340 411 | # IDEA Key Generation. 412 | IDEA_ECB = 0x00000341 413 | # IDEA ECB Mode. 414 | IDEA_CBC = 0x00000342 415 | # IDEA CBC Mode. 416 | IDEA_MAC = 0x00000343 417 | # IDEA MAC. 418 | IDEA_MAC_GENERAL = 0x00000344 419 | # IDEA MAC General. 420 | IDEA_CBC_PAD = 0x00000345 421 | # IDEA CBC with Padding. 422 | GENERIC_SECRET_KEY_GEN = 0x00000350 423 | # Generic Secret Key Generation. 424 | CONCATENATE_BASE_AND_KEY = 0x00000360 425 | # Concatengate Base and Key. 426 | CONCATENATE_BASE_AND_DATA = 0x00000362 427 | # Concatengate Base and Data. 428 | CONCATENATE_DATA_AND_BASE = 0x00000363 429 | # Concatengate Data and Base. 430 | XOR_BASE_AND_DATA = 0x00000364 431 | # XOR Base and Data. 432 | EXTRACT_KEY_FROM_KEY = 0x00000365 433 | # Extract Key from Key. 434 | SSL3_PRE_MASTER_KEY_GEN = 0x00000370 435 | # SSL version 3 Pre Master Key Generation. 436 | SSL3_MASTER_KEY_DERIVE = 0x00000371 437 | # SSL version 3 Master Key Derive. 438 | SSL3_KEY_AND_MAC_DERIVE = 0x00000372 439 | # SSL version 3 Key and MAC Derive. 440 | SSL3_MD5_MAC = 0x00000380 441 | # SSL version 3 MD5 MAC. 442 | SSL3_SHA1_MAC = 0x00000381 443 | # SSL version 3 SHA1 MAC. 444 | MD5_KEY_DERIVATION = 0x00000390 445 | # MD5 Key Derivation. 446 | MD2_KEY_DERIVATION = 0x00000391 447 | # MD2 Key Derivation. 448 | SHA1_KEY_DERIVATION = 0x00000392 449 | # SHA1 Key Derivation. 450 | SHA256_KEY_DERIVATION = 0x00000393 451 | # SHA256 Key Derivation. 452 | SHA384_KEY_DERIVATION = 0x00000394 453 | # SHA384 Key Derivation. 454 | SHA512_KEY_DERIVATION = 0x00000395 455 | # SHA512 Key Derivation. 456 | PBE_MD2_DES_CBC = 0x000003A0 457 | # PBE MD2 DES with CBC. 458 | PBE_MD5_DES_CBC = 0x000003A1 459 | # PBE MD5 DES with CBC. 460 | PBE_MD5_CAST_CBC = 0x000003A2 461 | # PBE MD5 CAST with CBC. 462 | PBE_MD5_CAST3_CBC = 0x000003A3 463 | # PBE MD5 CAST3 with CBC. 464 | PBE_MD5_CAST5_CBC = 0x000003A4 465 | # PBE MD5 CAST5 with CBC. 466 | PBE_MD5_CAST128_CBC = 0x000003A4 467 | # PBE MD5 CAST128 with CBC. 468 | PBE_SHA1_CAST5_CBC = 0x000003A5 469 | # PBE SHA1 CAST5 with CBC. 470 | PBE_SHA1_CAST128_CBC = 0x000003A5 471 | # PBE SHA1 CAST128 with CBC. 472 | PBE_SHA1_RC4_128 = 0x000003A6 473 | # PBE SHA1 RC4 128 bit. 474 | PBE_SHA1_RC4_40 = 0x000003A7 475 | # PBE SHA1 RC4 40 bit. 476 | PBE_SHA1_DES3_EDE_CBC = 0x000003A8 477 | # PBE SHA1 DES3 EDE CBC. 478 | PBE_SHA1_DES2_EDE_CBC = 0x000003A9 479 | # PBE SHA1 DES2 EDE CBC. 480 | PBE_SHA1_RC2_128_CBC = 0x000003AA 481 | # PBE SHA1 RC2 128 bit with CBC. 482 | PBE_SHA1_RC2_40_CBC = 0x000003AB 483 | # PBE SHA1 RC2 40 bit with CBC. 484 | KEY_WRAP_LYNKS = 0x00000400 485 | # Key Wrap Lynks. 486 | KEY_WRAP_SET_OAEP = 0x00000401 487 | # Key Wrap Set OAEP. 488 | SKIPJACK_KEY_GEN = 0x00001000 489 | # Skipjack Key Generation. 490 | SKIPJACK_ECB64 = 0x00001001 491 | # Skipjack ECB64. 492 | SKIPJACK_CBC64 = 0x00001002 493 | # Skipjack CBC64. 494 | SKIPJACK_OFB64 = 0x00001003 495 | # Skipjack OFB64. 496 | SKIPJACK_CFB64 = 0x00001004 497 | # Skipjack CFB64. 498 | SKIPJACK_CFB32 = 0x00001005 499 | # Skipjack CFB32. 500 | SKIPJACK_CFB16 = 0x00001006 501 | # Skipjack CFB16. 502 | SKIPJACK_CFB8 = 0x00001007 503 | # Skipjack CFB8. 504 | SKIPJACK_WRAP = 0x00001008 505 | # Skipjack Wrap. 506 | SKIPJACK_PRIVATE_WRAP = 0x00001009 507 | # Skipjack Private Wrap. 508 | SKIPJACK_RELAYX = 0x0000100a 509 | # Skipjack Relayx. 510 | KEA_KEY_PAIR_GEN = 0x00001010 511 | # Kea Key Pair Generation. 512 | KEA_KEY_DERIVE = 0x00001011 513 | # Kea Key Derive. 514 | FORTEZZA_TIMESTAMP = 0x00001020 515 | # Fortezza Time Stamp. 516 | BATON_KEY_GEN = 0x00001030 517 | # Baton Key Generation. 518 | BATON_ECB128 = 0x00001031 519 | # Baton ECB 128 bit. 520 | BATON_ECB96 = 0x00001032 521 | # Baton ECB 96 bit. 522 | BATON_CBC128 = 0x00001033 523 | # Baton CBC 128 bit. 524 | BATON_COUNTER = 0x00001034 525 | # Baton Counter. 526 | BATON_SHUFFLE = 0x00001035 527 | # Baton Shuffle. 528 | BATON_WRAP = 0x00001036 529 | # Baton Wrap. 530 | ECDSA_KEY_PAIR_GEN = 0x00001040 531 | # ECDSA Key Pair Generation. 532 | EC_KEY_PAIR_GEN = 0x00001040 533 | # Eliptical Curve Key Pair Generation. 534 | ECDSA = 0x00001041 535 | # ECDSA. 536 | ECDSA_SHA1 = 0x00001042 537 | # ECDSA SHA1. 538 | ECDSA_SHA224 = 0x00001043 539 | # ECDSA SHA224. 540 | ECDSA_SHA256 = 0x00001044 541 | # ECDSA SHA256. 542 | ECDSA_SHA384 = 0x00001045 543 | # ECDSA SHA384. 544 | ECDSA_SHA512 = 0x00001046 545 | # ECDSA SHA512 546 | ECDH1_DERIVE = 0x00001050 547 | # ECDH1 Derive. 548 | ECDH1_COFACTOR_DERIVE = 0x00001051 549 | # ECDH1 Cofactor Derive. 550 | ECMQV_DERIVE = 0x00001052 551 | # ECMQV Derive. 552 | JUNIPER_KEY_GEN = 0x00001060 553 | # Juniper Key Generation. 554 | JUNIPER_ECB128 = 0x00001061 555 | # Juniper ECB 128 bit. 556 | JUNIPER_CBC128 = 0x00001062 557 | # Juniper CBC 128 bit. 558 | JUNIPER_COUNTER = 0x00001063 559 | # Juniper Counter. 560 | JUNIPER_SHUFFLE = 0x00001064 561 | # Juniper Shuffle. 562 | JUNIPER_WRAP = 0x00001065 563 | # Juniper Wrap. 564 | FASTHASH = 0x00001070 565 | # Fast Hash. 566 | AES_KEY_GEN = 0x00001080 567 | # AES Key Generation. 568 | AES_ECB = 0x00001081 569 | # AES ECB Mode. 570 | AES_CBC = 0x00001082 571 | # AES CBC Mode. 572 | AES_MAC = 0x00001083 573 | # AES MAC. 574 | AES_MAC_GENERAL = 0x00001084 575 | # AES MAC General. 576 | AES_CBC_PAD = 0x00001085 577 | # AES CBC with Padding. 578 | AES_CMAC = 0x0000108A 579 | # AES CMAC signing algorithm. 580 | AES_OFB = 0x00002104 581 | # AES OFB mode. 582 | AES_CFB64 = 0x00002105 583 | # AES CFB-64 mode. 584 | AES_CFB8 = 0x00002106 585 | # AES CFB-8 mode. 586 | AES_CFB128 = 0x00002107 587 | # AES CFB-128 mode. 588 | AES_KEY_WRAP = 0x00002109 589 | # AES KEY WRAP. Used to encrypt/decrypt or wrap/unwrap a symmetric key using an AES key. 590 | CA_LUNA_ECDSA_SHA224 = 0x80000122 591 | # ECDSA SHA-224. SafeNet / Gemalto Luna HSM vendor specific. 592 | CA_LUNA_ECDSA_SHA256 = 0x80000123 593 | # ECDSA SHA-256. SafeNet / Gemalto Luna HSM vendor specific. 594 | CA_LUNA_ECDSA_SHA384 = 0x80000124 595 | # ECDSA SHA-384. SafeNet / Gemalto Luna HSM vendor specific. 596 | CA_LUNA_ECDSA_SHA512 = 0x80000125 597 | # ECDSA SHA-512. SafeNet / Gemalto Luna HSM vendor specific. 598 | CA_LUNA_AES_CBC_PAD_IPSEC = 0x8000012f 599 | # AES CBC mode with IPSEC padding. SafeNet / Gemalto Luna HSM vendor specific. 600 | CA_LUNA_AES_CFB8 = 0x80000118 601 | # AES CFB-8 mode. SafeNet / Gemalto Luna HSM vendor specific. 602 | CA_LUNA_AES_CFB128 = 0x80000119 603 | # AES CFB-128 mode. SafeNet / Gemalto Luna HSM vendor specific. 604 | CA_LUNA_AES_OFB = 0x8000011a 605 | # AES OFB mode. SafeNet / Gemalto Luna HSM vendor specific. 606 | CA_LUNA_AES_GCM = 0x8000011c 607 | # AES GCM mode. SafeNet / Gemalto Luna HSM vendor specific. 608 | 609 | 610 | # entries map to CKA_ 611 | class HsmAttribute(Enum): 612 | CLASS = 0x0000 613 | TOKEN = 0x0001 614 | PRIVATE = 0x0002 615 | LABEL = 0x0003 616 | APPLICATION = 0x0010 617 | VALUE = 0x0011 618 | CERTIFICATE_TYPE = 0x0080 619 | ISSUER = 0x0081 620 | SERIAL_NUMBER = 0x0082 621 | KEY_TYPE = 0x0100 622 | SUBJECT = 0x0101 623 | ID = 0x0102 624 | SENSITIVE = 0x0103 625 | ENCRYPT = 0x0104 626 | DECRYPT = 0x0105 627 | WRAP = 0x0106 628 | UNWRAP = 0x0107 629 | SIGN = 0x0108 630 | SIGN_RECOVER = 0x0109 631 | VERIFY = 0x010A 632 | VERIFY_RECOVER = 0x010B 633 | DERIVE = 0x010C 634 | START_DATE = 0x0110 635 | END_DATE = 0x0111 636 | MODULUS = 0x0120 637 | MODULUS_BITS = 0x0121 638 | PUBLIC_EXPONENT = 0x0122 639 | PRIVATE_EXPONENT = 0x0123 640 | PRIME_1 = 0x0124 641 | PRIME_2 = 0x0125 642 | EXPONENT_1 = 0x0126 643 | EXPONENT_2 = 0x0127 644 | COEFFICIENT = 0x0128 645 | PRIME = 0x0130 646 | SUBPRIME = 0x0131 647 | BASE = 0x0132 648 | VALUE_BITS = 0x0160 649 | VALUE_LEN = 0x0161 650 | EXTRACTABLE = 0x0162 651 | LOCAL = 0x0163 652 | NEVER_EXTRACTABLE = 0x0164 653 | ALWAYS_SENSITIVE = 0x0165 654 | MODIFIABLE = 0x0170 655 | ECDSA_PARAMS = 0x0180 656 | EC_PARAMS = 0x0180 657 | EC_POINT = 0x0181 658 | 659 | 660 | # entries map to CKO_ 661 | class HsmObjectType(Enum): 662 | DATA = 0x0000 663 | CERTIFICATE = 0x0001 664 | PUBLIC_KEY = 0x0002 665 | PRIVATE_KEY = 0x0003 666 | SECRET_KEY = 0x0004 667 | 668 | -------------------------------------------------------------------------------- /pyhsm/hsmerror.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | # hsmerror.py 8 | # author: Benton Stark (bestark@cisco.com) 9 | # date: 11-22-2014 10 | 11 | 12 | class HsmError(Exception): 13 | def __init__(self, message): 14 | self.message = message.strip() 15 | 16 | def __str__(self): 17 | return repr(self.message) 18 | 19 | def __repr__(self): 20 | return self.message 21 | -------------------------------------------------------------------------------- /pyhsm/hsmmechinfo.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | # hsmslot.py 8 | # author: Benton Stark (bestark@cisco.com) 9 | # date: 09-26-2017 10 | 11 | from os import linesep 12 | from pyhsm.hsmerror import HsmError 13 | 14 | 15 | class HsmMechInfo: 16 | """ 17 | HSM mech info object class for holding 18 | information about the HSM slots PKCS#11 19 | mechanisms. 20 | """ 21 | 22 | FIELD_DELIMITER = "|" 23 | NUMBER_OF_FIELDS = 5 24 | 25 | def __init__(self, line): 26 | # split the delimited line data into a list 27 | fields = line.split(self.FIELD_DELIMITER) 28 | # verify the number of fields we got back is as expected 29 | if len(fields) != self.NUMBER_OF_FIELDS: 30 | raise HsmError("unexpected number of fields to parse") 31 | # set the object values 32 | # mechanism name 33 | # mechanism value in base16(hex) 34 | # min key size 35 | # max key size 36 | # flags 37 | self.mechanismName = fields[0] 38 | self.mechanismValue = fields[1] 39 | self.mechanismValueInt = int(fields[1], 0) 40 | self.minKeySize = fields[2] 41 | self.maxKeySize = fields[3] 42 | self.flags = fields[4] 43 | 44 | def __repr__(self): 45 | return ":{0} ({1})".format(self.mechanismName, self.mechanismValue) 46 | 47 | def details(self): 48 | s = ":{0} ({1})".format(self.mechanismName, self.mechanismValue) 70 | 71 | -------------------------------------------------------------------------------- /pyhsm/hsmobject.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | # hsmobject.py 8 | # author: Benton Stark (bestark@cisco.com) 9 | # date: 11-22-2014 10 | 11 | import binascii 12 | from os import linesep 13 | from pyhsm.hsmenums import HsmAttribute 14 | from pyhsm.hsmenums import HsmKeyType 15 | from pyhsm.hsmenums import HsmObjectType 16 | from pyhsm.hsmerror import HsmError 17 | 18 | 19 | class HsmObject: 20 | def __init__(self, hsm, handle, fast_load): 21 | self.hsm = hsm 22 | self.handle = handle 23 | self.class_ = self.__cclass(HsmAttribute.CLASS) 24 | self.token = self.__cbool(HsmAttribute.TOKEN) 25 | self.private = self.__cbool(HsmAttribute.PRIVATE) 26 | self.label = self.__cval(HsmAttribute.LABEL).decode('ascii') 27 | self.keyType = self.__ckeyType(HsmAttribute.KEY_TYPE) 28 | self.sensitive = self.__cbool(HsmAttribute.SENSITIVE) 29 | self.encrypt = self.__cbool(HsmAttribute.ENCRYPT) 30 | self.decrypt = self.__cbool(HsmAttribute.DECRYPT) 31 | self.wrap = self.__cbool(HsmAttribute.WRAP) 32 | self.unwrap = self.__cbool(HsmAttribute.UNWRAP) 33 | self.sign = self.__cbool(HsmAttribute.SIGN) 34 | self.verify = self.__cbool(HsmAttribute.VERIFY) 35 | self.extractable = self.__cbool(HsmAttribute.EXTRACTABLE) 36 | self.local = self.__cbool(HsmAttribute.LOCAL) 37 | self.neverExtractable = self.__cbool(HsmAttribute.NEVER_EXTRACTABLE) 38 | self.alwaysSensitive = self.__cbool(HsmAttribute.ALWAYS_SENSITIVE) 39 | self.modifiable = self.__cbool(HsmAttribute.MODIFIABLE) 40 | self.derive = self.__cbool(HsmAttribute.DERIVE) 41 | 42 | if not fast_load: 43 | self.application = self.__cval(HsmAttribute.APPLICATION) 44 | self.value = self.__cval(HsmAttribute.VALUE) 45 | self.certificateType = self.__cval(HsmAttribute.CERTIFICATE_TYPE) 46 | self.issuer = self.__cval(HsmAttribute.ISSUER) 47 | self.serialNumber = self.__cval(HsmAttribute.SERIAL_NUMBER) 48 | self.subject = self.__cval(HsmAttribute.SUBJECT) 49 | self.id = self.__cval(HsmAttribute.ID) 50 | self.signRecover = self.__cbool(HsmAttribute.SIGN_RECOVER) 51 | self.verifyRecover = self.__cbool(HsmAttribute.VERIFY_RECOVER) 52 | self.startDate = self.__cval(HsmAttribute.START_DATE) 53 | self.endDate = self.__cval(HsmAttribute.END_DATE) 54 | self.modulus = self.__cval(HsmAttribute.MODULUS) 55 | self.modulusBits = self.__cval(HsmAttribute.MODULUS_BITS) 56 | self.publicExponent = self.__cval(HsmAttribute.PUBLIC_EXPONENT) 57 | self.privateExponent = self.__cval(HsmAttribute.PRIVATE_EXPONENT) 58 | self.prime1 = self.__cval(HsmAttribute.PRIME_1) 59 | self.prime2 = self.__cval(HsmAttribute.PRIME_2) 60 | self.exponent1 = self.__cval(HsmAttribute.EXPONENT_1) 61 | self.exponent2 = self.__cval(HsmAttribute.EXPONENT_2) 62 | self.coefficient = self.__cval(HsmAttribute.COEFFICIENT) 63 | self.prime = self.__cval(HsmAttribute.PRIME) 64 | self.subprime = self.__cval(HsmAttribute.SUBPRIME) 65 | self.base = self.__cval(HsmAttribute.BASE) 66 | self.valueBits = self.__cval(HsmAttribute.VALUE_BITS) 67 | self.valueLen = self.__cval(HsmAttribute.VALUE_LEN) 68 | self.ecdsaParams = self.__cval(HsmAttribute.ECDSA_PARAMS) 69 | self.ecParams = self.__cval(HsmAttribute.EC_PARAMS) 70 | self.ecPoint = self.__cval(HsmAttribute.EC_POINT) 71 | 72 | def __cbool(self, attrib): 73 | v = self.__get_attrib(attrib)[:1] 74 | if v == b'\x01': 75 | return True 76 | return False 77 | 78 | def __cval(self, attrib): 79 | v = self.__get_attrib(attrib) 80 | return v 81 | 82 | def __cclass(self, attrib): 83 | v = self.__get_attrib(attrib)[:1] 84 | if v == b'\x00': 85 | return HsmObjectType.DATA 86 | elif v == b'\x01': 87 | return HsmObjectType.CERTIFICATE 88 | elif v == b'\x02': 89 | return HsmObjectType.PUBLIC_KEY 90 | elif v == b'\x03': 91 | return HsmObjectType.PRIVATE_KEY 92 | elif v == b'\x04': 93 | return HsmObjectType.SECRET_KEY 94 | return v 95 | 96 | def __ckeyType(self, attrib): 97 | v = self.__get_attrib(attrib)[:1] 98 | if v == b'\x00': 99 | return HsmKeyType.RSA 100 | elif v == b'\x01': 101 | return HsmKeyType.DSA 102 | elif v == b'\x02': 103 | return HsmKeyType.DH 104 | elif v == b'\x03': 105 | return HsmKeyType.EC 106 | elif v == b'\x05': 107 | return HsmKeyType.KEA 108 | elif v == b'\x10': 109 | return HsmKeyType.GENERIC_SECRET 110 | elif v == b'\x11': 111 | return HsmKeyType.RC2 112 | elif v == b'\x12': 113 | return HsmKeyType.RC4 114 | elif v == b'\x13': 115 | return HsmKeyType.DES 116 | elif v == b'\x14': 117 | return HsmKeyType.DES2 118 | elif v == b'\x15': 119 | return HsmKeyType.DES3 120 | elif v == b'\x19': 121 | return HsmKeyType.RC5 122 | elif v == b'\x1A': 123 | return HsmKeyType.IDEA 124 | elif v == b'\x1B': 125 | return HsmKeyType.SKIPJACK 126 | elif v == b'\x1C': 127 | return HsmKeyType.BATON 128 | elif v == b'\x1D': 129 | return HsmKeyType.JUNIPER 130 | elif v == b'\x1E': 131 | return HsmKeyType.CDMF 132 | elif v == b'\x1F': 133 | return HsmKeyType.AES 134 | elif v == b'\x16': 135 | return HsmKeyType.CAST 136 | elif v == b'\x17': 137 | return HsmKeyType.CAST3 138 | elif v == b'\x18': 139 | return HsmKeyType.CAST5 140 | return v 141 | 142 | def __get_attrib(self, attrib): 143 | val = "" 144 | try: 145 | val = self.hsm.get_attribute_value(self.handle, attrib) 146 | except HsmError: 147 | return "" 148 | return val 149 | 150 | def __repr__(self): 151 | return "".format(self.handle, self.label) 152 | 153 | def details(self): 154 | s = "".format(self.handle, self.label) 242 | -------------------------------------------------------------------------------- /pyhsm/hsmslot.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | # hsmslot.py 8 | # author: Benton Stark (bestark@cisco.com) 9 | # date: 11-25-2014 10 | 11 | from os import linesep 12 | from pyhsm.hsmerror import HsmError 13 | 14 | 15 | class HsmSlot: 16 | """ 17 | HSM slot object class for holding 18 | information about the HSM slots on 19 | the host. 20 | """ 21 | 22 | FIELD_DELIMITER = "|" 23 | NUMBER_OF_FIELDS = 8 24 | 25 | def __init__(self, line): 26 | # split the delimited line data into a list 27 | fields = line.split(self.FIELD_DELIMITER) 28 | # verify the number of fields we got back is as expected 29 | if len(fields) != self.NUMBER_OF_FIELDS: 30 | raise HsmError("unexpected number of fields to parse") 31 | # set the object values 32 | self.slotNumber = fields[0] 33 | self.label = fields[1] 34 | self.manufacturer = fields[2] 35 | self.model = fields[3] 36 | self.serialNumber = fields[4].rstrip() 37 | self.sessionCount = fields[5] 38 | self.hardwareVersion = fields[6] 39 | self.firmwareVersion = fields[7] 40 | 41 | def __repr__(self): 42 | return ":{0}".format(self.slotNumber) 43 | 44 | def details(self): 45 | s = ":{0}".format(self.slotNumber) 73 | 74 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bentonstark/py-hsm/4cd1a9bfa20898ffbc0c0ae8b44916c969f77370/requirements.txt -------------------------------------------------------------------------------- /setup.cfg: -------------------------------------------------------------------------------- 1 | [bdist_wheel] 2 | # This flag says that the code is written to work on both Python 2 and Python 3 | # 3. If at all possible, it is good practice to do this. If you cannot, you 4 | # will need to generate wheels for each Python version that you support. 5 | universal=0 6 | 7 | [metadata] 8 | description-file = README.md -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016-present, Cisco Systems, Inc. All rights reserved. 3 | # 4 | # This source code is licensed under the GPL v2 license found in the 5 | # LICENSE.txt file in the root directory of this source tree. 6 | # 7 | from setuptools import setup, find_packages 8 | 9 | description = '''A simplified, easy to use PKCS#11 HSM client for Python. 10 | You can use any PKCS#11 (aka Cryptoki) module supplied by vendors of Hardware 11 | Security Modules (HSMs) such as SafeNet/Gemalto Luna, Utimaco, FutureX, Thales, Cavium, 12 | and DNSSec's SoftHSM. This client supports the PKCS 11 OASIS standard v2.20 and requires 13 | the companion, cross-platform, open source shared library libhsm.so / libhsm.dll. 14 | 15 | The source code to compile and install libhsm.so can be found via the following link. 16 | https://github.com/bentonstark/libhsm/archive/2.5.0.zip 17 | ''' 18 | 19 | classifiers = [ 20 | "Development Status :: 5 - Production/Stable", 21 | "Intended Audience :: Developers", 22 | "License :: OSI Approved :: GNU General Public License v2 (GPLv2)", 23 | "Natural Language :: English", 24 | "Operating System :: POSIX :: Linux", 25 | "Operating System :: Microsoft :: Windows", 26 | "Operating System :: OS Independent", 27 | "Operating System :: Unix", 28 | "Programming Language :: Python", 29 | "Programming Language :: Python :: 3", 30 | "Programming Language :: Python :: 3.3", 31 | "Programming Language :: Python :: 3.4", 32 | "Programming Language :: Python :: 3.5", 33 | "Topic :: Security", 34 | "Topic :: Security :: Cryptography", 35 | "Topic :: Software Development :: Libraries :: Python Modules" 36 | ] 37 | 38 | setup( 39 | name="py-hsm", 40 | version="2.5.0", 41 | description="Simplified API for interfacing PKCS#11 compliant HSMs and devices.", 42 | classifiers=classifiers, 43 | platforms="Win32 Unix", 44 | long_description=description, 45 | author="Benton Stark", 46 | author_email="benton.stark@gmail.com", 47 | maintainer="Benton Stark", 48 | maintainer_email="benton.stark@gmail.com", 49 | url="https://github.com/bentonstark/py-hsm", 50 | download_url="https://github.com/bentonstark/py-hsm/archive/2.5.0.zip", 51 | license="GPL", 52 | packages=find_packages(), 53 | scripts=[ 54 | './pyhsm/eccurveoids.py', 55 | './pyhsm/eccurves.py', 56 | './pyhsm/hsmclient.py', 57 | './pyhsm/hsmenums.py', 58 | './pyhsm/hsmerror.py', 59 | './pyhsm/hsmobject.py', 60 | './pyhsm/hsmslot.py', 61 | './pyhsm/hsmmechinfo.py', 62 | './pyhsm/convert.py' 63 | ], 64 | keywords="pkcs#11,pkcs11,hsm,cryptopgraphy,hardware security module,security,RSA,Elliptic Curve,AES" 65 | ) 66 | -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bentonstark/py-hsm/4cd1a9bfa20898ffbc0c0ae8b44916c969f77370/tests/__init__.py -------------------------------------------------------------------------------- /tests/unit_tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bentonstark/py-hsm/4cd1a9bfa20898ffbc0c0ae8b44916c969f77370/tests/unit_tests/__init__.py -------------------------------------------------------------------------------- /tests/unit_tests/unit_tests.py: -------------------------------------------------------------------------------- 1 | import unittest 2 | 3 | 4 | class TestPyHsm(unittest.TestCase): 5 | """ Unit tests for the pyhsm module. """ 6 | 7 | 8 | if __name__ == '__main__': 9 | unittest.main() 10 | --------------------------------------------------------------------------------