def setSoPin(self, soPin): """ set the soPin of the token the soPin is encrypted and the encrypte value is stored in the Token model :param soPin: the special so pin """ iv, enc_soPin = SecretObj.encrypt(soPin, hsm=context.get('hsm')) self.token.setSoPin(enc_soPin, iv)
def setSoPin(self, soPin): """ set the soPin of the token the soPin is encrypted and the encrypte value is stored in the Token model :param soPin: the special so pin """ iv, enc_soPin = SecretObj.encrypt(soPin, hsm=context.get("hsm")) self.token.setSoPin(enc_soPin, iv)
def set_token_data(self, token_data): serial = token_data["Serial"] tokens = Session.query(model_token).\ filter(model_token.LinOtpTokenSerialnumber == serial).all() token = tokens[0] if 'TokenPin' in token_data: enc_pin = token_data['TokenPin'] token_pin = self.crypter.decrypt(enc_pin, just_mac=serial + token.LinOtpPinHash) # prove, we can write enc_pin = SecretObj.encrypt_pin(token_pin) iv = enc_pin.split(':')[0] token.set_encrypted_pin(enc_pin, binascii.unhexlify(iv)) if 'TokenUserPin' in token_data: token_enc_user_pin = token_data['TokenUserPin'] user_pin = self.crypter.decrypt(token_enc_user_pin, just_mac=serial + token.LinOtpTokenPinUser) # prove, we can write iv, enc_user_pin = SecretObj.encrypt(user_pin, hsm=self.hsm) token.setUserPin(enc_user_pin, iv) # we put the current crypted seed in the mac to check if # something changed in meantime encKey = token.LinOtpKeyEnc enc_seed = token_data['TokenSeed'] token_seed = self.crypter.decrypt(enc_seed, just_mac=serial + encKey) # the encryption of the token seed is not part of the model anymore iv, enc_token_seed = SecretObj.encrypt(token_seed) token.set_encrypted_seed(enc_token_seed, iv, reset_failcount=False, reset_counter=False)
def set_token_data(self, token_data): serial = token_data["Serial"] tokens = Session.query(model_token).\ filter(model_token.LinOtpTokenSerialnumber == serial).all() token = tokens[0] if 'TokenPin' in token_data: enc_pin = token_data['TokenPin'] token_pin = self.crypter.decrypt( enc_pin, just_mac=serial + token.LinOtpPinHash) # prove, we can write enc_pin = SecretObj.encrypt_pin(token_pin) iv = enc_pin.split(':')[0] token.set_encrypted_pin(enc_pin, binascii.unhexlify(iv)) if 'TokenUserPin' in token_data: token_enc_user_pin = token_data['TokenUserPin'] user_pin = self.crypter.decrypt( token_enc_user_pin, just_mac=serial + token.LinOtpTokenPinUser) # prove, we can write iv, enc_user_pin = SecretObj.encrypt(user_pin, hsm=self.hsm) token.setUserPin(enc_user_pin, iv) # we put the current crypted seed in the mac to check if # something changed in meantime encKey = token.LinOtpKeyEnc enc_seed = token_data['TokenSeed'] token_seed = self.crypter.decrypt(enc_seed, just_mac=serial + encKey) # the encryption of the token seed is not part of the model anymore iv, enc_token_seed = SecretObj.encrypt(token_seed) token.set_encrypted_seed(enc_token_seed, iv, reset_failcount=False, reset_counter=False)
def setUserPin(self, userPin): """ set the userPin of the token the userPin is encrypted and the encrypte value is stored in the Token model :param userPin: the user pin """ iv, enc_user_pin = SecretObj.encrypt(userPin, hsm=context["hsm"]) self.token.setUserPin(enc_user_pin, iv)
def setUserPin(self, userPin): """ set the userPin of the token the userPin is encrypted and the encrypte value is stored in the Token model :param userPin: the user pin """ iv, enc_user_pin = SecretObj.encrypt(userPin, hsm=context['hsm']) self.token.setUserPin(enc_user_pin, iv)
def setOtpKey(self, otpKey, reset_failcount=True): """ set the token seed / secret the seed / secret is encrypted and the encrypte value is stored in the Token model :param otpKey: the token seed / secret :param reset_failcount: boolean, if the failcounter should be reseted """ iv, enc_otp_key = SecretObj.encrypt(otpKey, hsm=context['hsm']) self.token.set_encrypted_seed(enc_otp_key, iv, reset_failcount=reset_failcount)