C>dZddlZddlmZddlmZGddeZy)zThis module implements the low level device API. This module exposes a low level SecurityKey class, representing the physical security key device. N)apdu)errorscDeZdZdZdZdZ d dZdZdZdZ dZ d Z y ) SecurityKeyzLow level api for talking to a security key. This class implements the low level api specified in FIDO U2F for talking to a security key. cT||_d|_tjd|_y)NFzpyu2f.hardware) transportuse_legacy_formatlogging getLoggerlogger)selfrs !lib/third_party/pyu2f/hardware.py__init__zSecurityKey.__init__!s$DN"D##$45DKc X|jjdt|dk7st|dk7rtjt ||z}|j tjdtjdd|}|j|jS)a2Register security key. Ask the security key to register with a particular origin & client. Args: challenge_param: Arbitrary 32 byte challenge string. app_param: Arbitrary 32 byte applciation parameter. Returns: A binary structure containing the key handle, attestation, and a signature over that by the attestation key. The precise format is dictated by the FIDO U2F specs. Raises: TUPRequiredError: A Test of User Precense is required to proceed. ApduError: Something went wrong on the device. CmdRegister r) r debuglenrInvalidRequestError bytearrayInternalSendApdur CommandApdu CMD_REGISTERCheckSuccessOrRaisebody)r challenge_param app_paramrresponses rrzSecurityKey.CmdRegister&s$ KKm$ ?r!S^r%9  & & (( _y0 1D$$T%5%5     &H    " ==rc |jjdt|dk7st|dk7rtj|rdnd}t ||zt t|gz|z}|j tjdtj|d|}|j|jS)aAttempt to obtain an authentication signature. Ask the security key to sign a challenge for a particular key handle in order to authenticate the user. Args: challenge_param: SHA-256 hash of client_data object as a bytes object. app_param: SHA-256 hash of the app id as a bytes object. key_handle: The key handle to use to issue the signature as a bytes object. check_only: If true, only check if key_handle is valid. Returns: A binary structure containing the key handle, attestation, and a signature over that by the attestation key. The precise format is dictated by the FIDO U2F specs. Raises: TUPRequiredError: If check_only is False, a Test of User Precense is required to proceed. If check_only is True, this means the key_handle is valid. InvalidKeyHandleError: The key_handle is not valid for this device. ApduError: Something else went wrong on the device. CmdAuthenticaterrr) r rrrrrrrrCMD_AUTHrr)r rr key_handle check_onlycontrolrr s rr"zSecurityKey.CmdAuthenticateGs< KK'( ?r!S^r%9  & & (( ddG _y0J0124>? @D$$T%5%5 4=='4&/0H   " ==rc.|jjd|jtjdtj dd}|j s*tj|j|j|jS)aObtain the version of the device and test transport format. Obtains the version of the device and determines whether to use ISO 7816-4 or the U2f variant. This function should be called at least once before CmdAuthenticate or CmdRegister to make sure the object is using the proper transport for the device. Returns: The version of the U2F protocol in use. CmdVersionr) r rrrr CMD_VERSION IsSuccessr ApduErrorsw1sw2r)r r s rr)zSecurityKey.CmdVersionrsu KKl#$$T%5%5 4  T4&)*H       X\\8<< 88 ==rcp|jjd|jj|y)NCmdBlink)r rr SendBlink)r times rr0zSecurityKey.CmdBlinks&KKj!NNT"rcn|jjd|jjy)NCmdWink)r rrSendWink)r s rr4zSecurityKey.CmdWinks$KKi NNrcn|jjd|jj|S)NCmdPing)r rrSendPing)r datas rr7zSecurityKey.CmdPings)KKi >> " "4 ((rcd}|jsttj|jj |j }|j dk(r'|jdk(rd|_|j|S|Stj|jj |j}|S)a,Send an APDU to the device. Sends an APDU to the device, possibly falling back to the legacy encoding format that is not ISO7816-4 compatible. Args: apdu_to_send: The CommandApdu object to send Returns: The ResponseApdu object constructed out of the devices reply. NgrT) r r ResponseApdur SendMsgBytes ToByteArrayr-r.rToLegacyU2FByteArray)r apdu_to_sendr s rrzSecurityKey.InternalSendApdusH  ! !""4>>#>#>  " " $$&'h  (,,$"6"&$$\22 O""4>>#>#>  + + -$/0h OrN)F) __name__ __module__ __qualname____doc__rrr"r)r0r4r7rrrrrs6 6 J"' )V(#)rr)rDr pyu2frrobjectrrErrrHs# P&Pr