fido2.ctap2.pin
Classes
Helper class that provides a standard way to create an ABC using |
|
Implementation of the CTAP2 PIN/UV protocol v1. |
|
Implementation of the CTAP2 PIN/UV protocol v2. |
|
Implementation of the CTAP2 Client PIN API. |
Module Contents
- class fido2.ctap2.pin.PinProtocol[source]
Bases:
abc.ABCHelper class that provides a standard way to create an ABC using inheritance.
- abstractmethod encapsulate(peer_cose_key)[source]
Generates an encapsulation of the public key. Returns the message to transmit and the shared secret.
- Parameters:
peer_cose_key (fido2.cose.CoseKey)
- Return type:
- class fido2.ctap2.pin.PinProtocolV1[source]
Bases:
PinProtocolImplementation of the CTAP2 PIN/UV protocol v1.
- Parameters:
ctap – An instance of a CTAP2 object.
- Variables:
VERSION – The version number of the PIV/UV protocol.
IV – An all-zero IV used for some cryptographic operations.
- VERSION = 1
- IV = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
- class fido2.ctap2.pin.PinProtocolV2[source]
Bases:
PinProtocolV1Implementation of the CTAP2 PIN/UV protocol v2.
- Parameters:
ctap – An instance of a CTAP2 object.
- Variables:
VERSION – The version number of the PIV/UV protocol.
IV – An all-zero IV used for some cryptographic operations.
- VERSION = 2
- HKDF_SALT = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0...
- HKDF_INFO_HMAC = b'CTAP2 HMAC key'
- HKDF_INFO_AES = b'CTAP2 AES key'
- class fido2.ctap2.pin.ClientPin(ctap, protocol=None)[source]
Implementation of the CTAP2 Client PIN API.
- Parameters:
ctap (fido2.ctap2.base.Ctap2) – An instance of a CTAP2 object.
protocol (PinProtocol | None) – An optional instance of a PinUvAuthProtocol object. If None is provided then the latest protocol supported by both library and Authenticator will be used.
- PROTOCOLS
- class CMD[source]
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- GET_PIN_RETRIES = 1
- GET_KEY_AGREEMENT = 2
- SET_PIN = 3
- CHANGE_PIN = 4
- GET_TOKEN_USING_PIN_LEGACY = 5
- GET_TOKEN_USING_UV = 6
- GET_UV_RETRIES = 7
- GET_TOKEN_USING_PIN = 9
- class RESULT[source]
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- KEY_AGREEMENT = 1
- PIN_UV_TOKEN = 2
- PIN_RETRIES = 3
- POWER_CYCLE_STATE = 4
- UV_RETRIES = 5
- class PERMISSION[source]
Bases:
enum.IntFlagSupport for integer-based Flags
- MAKE_CREDENTIAL = 1
- GET_ASSERTION = 2
- CREDENTIAL_MGMT = 4
- BIO_ENROLL = 8
- LARGE_BLOB_WRITE = 16
- AUTHENTICATOR_CFG = 32
- PERSISTENT_CREDENTIAL_MGMT = 64
- static is_supported(info)[source]
Checks if ClientPin functionality is supported.
Note that the ClientPin function is still usable without support for client PIN functionality, as UV token may still be supported.
- ctap
- get_pin_token(pin, permissions=None, permissions_rpid=None)[source]
Get a PIN/UV token from the authenticator using PIN.
- get_uv_token(permissions=None, permissions_rpid=None, event=None, on_keepalive=None)[source]
Get a PIN/UV token from the authenticator using built-in UV.
- Parameters:
permissions (ClientPin | None) – The permissions to associate with the token.
permissions_rpid (str | None) – The permissions RPID to associate with the token.
event (threading.Event | None) – An optional threading.Event which can be used to cancel the invocation.
on_keepalive (Callable[[int], None] | None) – An optional callback to handle keep-alive messages from the authenticator. The function is only called once for consecutive keep-alive messages with the same status.
- Returns:
A PIN/UV token.
- Return type:
- get_pin_retries()[source]
Get the number of PIN retries remaining.
- Returns:
A tuple of the number of PIN attempts remaining until the
- Return type:
authenticator is locked, and the power cycle state, if available.
- get_uv_retries()[source]
Get the number of UV retries remaining.
- Returns:
A tuple of the number of UV attempts remaining until the
- Return type:
authenticator is locked, and the power cycle state, if available.