yubikit.core package

Subpackages

• yubikit.core.smartcard package
  • Submodules
  • yubikit.core.smartcard.scp module
    • SessionKeys
      • SessionKeys.key_senc
      • SessionKeys.key_smac
      • SessionKeys.key_srmac
      • SessionKeys.key_dek
    • StaticKeys
      • StaticKeys.key_enc
      • StaticKeys.key_mac
      • StaticKeys.key_dek
      • StaticKeys.default()
      • StaticKeys.derive()
    • ScpKid
      • ScpKid.SCP03
      • ScpKid.SCP11a
      • ScpKid.SCP11b
      • ScpKid.SCP11c
    • KeyRef
      • KeyRef.kid
      • KeyRef.kvn
    • ScpKeyParams
      • ScpKeyParams.ref
    • Scp03KeyParams
      • Scp03KeyParams.ref
      • Scp03KeyParams.keys
    • Scp11KeyParams
      • Scp11KeyParams.pk_sd_ecka
      • Scp11KeyParams.oce_ref
      • Scp11KeyParams.sk_oce_ecka
      • Scp11KeyParams.certificates
    • ScpState
      • ScpState.encrypt()
      • ScpState.mac()
      • ScpState.unmac()
      • ScpState.decrypt()
      • ScpState.scp03_init()
      • ScpState.scp11_init()
  • Module contents
    • ApduError
    • ApduFormat
      • ApduFormat.SHORT
      • ApduFormat.EXTENDED
    • SW
      • SW.NO_INPUT_DATA
      • SW.VERIFY_FAIL_NO_RETRY
      • SW.MEMORY_FAILURE
      • SW.WRONG_LENGTH
      • SW.SECURITY_CONDITION_NOT_SATISFIED
      • SW.AUTH_METHOD_BLOCKED
      • SW.DATA_INVALID
      • SW.CONDITIONS_NOT_SATISFIED
      • SW.COMMAND_NOT_ALLOWED
      • SW.INCORRECT_PARAMETERS
      • SW.FUNCTION_NOT_SUPPORTED
      • SW.FILE_NOT_FOUND
      • SW.NO_SPACE
      • SW.REFERENCE_DATA_NOT_FOUND
      • SW.APPLET_SELECT_FAILED
      • SW.WRONG_PARAMETERS_P1P2
      • SW.INVALID_INSTRUCTION
      • SW.CLASS_NOT_SUPPORTED
      • SW.COMMAND_ABORTED
      • SW.OK
    • AID
      • AID.OTP
      • AID.MANAGEMENT
      • AID.OPENPGP
      • AID.OATH
      • AID.PIV
      • AID.FIDO
      • AID.HSMAUTH
      • AID.SECURE_DOMAIN

Submodules

yubikit.core.fido module

yubikit.core.otp module

exception yubikit.core.otp.CommandRejectedError

Bases: CommandError

The issues command was rejected by the YubiKey

class yubikit.core.otp.OtpConnection

Bases: Connection

usb_interface: ClassVar[USB_INTERFACE] = 1

abstract receive()

Reads an 8 byte feature report

Return type:

bytes

abstract send(data)

Writes an 8 byte feature report

Return type:

None

yubikit.core.otp.calculate_crc(data)

Return type:

int

yubikit.core.otp.check_crc(data)

Return type:

bool

yubikit.core.otp.modhex_encode(data)

Encode a bytes-like object using Modhex (modified hexadecimal) encoding.

Return type:

str

yubikit.core.otp.modhex_decode(string)

Decode the Modhex (modified hexadecimal) string.

Return type:

bytes

class yubikit.core.otp.OtpProtocol(otp_connection)

Bases: object

An implementation of the OTP protocol.

close()

Return type:

None

send_and_receive(slot, data=None, event=None, on_keepalive=None)

Sends a command to the YubiKey, and reads the response.

If the command results in a configuration update, the programming sequence number is verified and the updated status bytes are returned.

Parameters:

• slot (int) – The slot to send to.

• data (Optional[bytes]) – The data payload to send.

• state – Optional CommandState for listening for user presence requirement and for cancelling a command.

Return type:

bytes

Returns:

Response data (including CRC) in the case of data, or an updated status struct.

read_status()

Receive status bytes from YubiKey.

Return type:

bytes

Returns:

Status bytes (first 3 bytes are the firmware version).

Raises:

IOException – in case of communication error.

Module contents

class yubikit.core.Version(major: int, minor: int, patch: int)

Bases: NamedTuple

3-digit version tuple.

major: int

Alias for field number 0

minor: int

Alias for field number 1

patch: int

Alias for field number 2

classmethod from_bytes(data)

Return type:

Version

classmethod from_string(data)

Return type:

Version

class yubikit.core.TRANSPORT(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: str, Enum

YubiKey physical connection transports.

USB = 'usb'

NFC = 'nfc'

class yubikit.core.USB_INTERFACE(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: IntFlag

YubiKey USB interface identifiers.

OTP = 1

FIDO = 2

CCID = 4

class yubikit.core.YUBIKEY(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: Enum

YubiKey hardware platforms.

YKS = 'YubiKey Standard'

NEO = 'YubiKey NEO'

SKY = 'Security Key by Yubico'

YKP = 'YubiKey Plus'

YK4 = 'YubiKey'

class yubikit.core.Connection

Bases: ABC

A connection to a YubiKey

usb_interface: ClassVar[USB_INTERFACE] = 0

close()

Close the device, releasing any held resources.

Return type:

None

class yubikit.core.PID(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: IntEnum

USB Product ID values for YubiKey devices.

YKS_OTP = 16

NEO_OTP = 272

NEO_OTP_CCID = 273

NEO_CCID = 274

NEO_FIDO = 275

NEO_OTP_FIDO = 276

NEO_FIDO_CCID = 277

NEO_OTP_FIDO_CCID = 278

SKY_FIDO = 288

YK4_OTP = 1025

YK4_FIDO = 1026

YK4_OTP_FIDO = 1027

YK4_CCID = 1028

YK4_OTP_CCID = 1029

YK4_FIDO_CCID = 1030

YK4_OTP_FIDO_CCID = 1031

YKP_OTP_FIDO = 1040

property yubikey_type: YUBIKEY

property usb_interfaces: USB_INTERFACE

classmethod of(key_type, interfaces)

Return type:

PID

supports_connection(connection_type)

Return type:

bool

class yubikit.core.YubiKeyDevice(transport, fingerprint)

Bases: ABC

YubiKey device reference

property transport: TRANSPORT

Get the transport used to communicate with this YubiKey

supports_connection(connection_type)

Check if a YubiKeyDevice supports a specific Connection type

Return type:

bool

open_connection(connection_type)

Opens a connection to the YubiKey

Return type:

TypeVar(T_Connection, bound= Connection)

property fingerprint: Hashable

Used to identify that device references from different enumerations represent the same physical YubiKey. This fingerprint is not stable between sessions, or after un-plugging, and re-plugging a device.

exception yubikit.core.CommandError

Bases: Exception

An error response from a YubiKey

exception yubikit.core.BadResponseError

Bases: CommandError

Invalid response data from the YubiKey

exception yubikit.core.TimeoutError

Bases: CommandError

An operation timed out waiting for something

exception yubikit.core.ApplicationNotAvailableError

Bases: CommandError

The application is either disabled or not supported on this YubiKey

exception yubikit.core.NotSupportedError

Bases: ValueError

Attempting an action that is not supported on this YubiKey

exception yubikit.core.InvalidPinError(attempts_remaining, message=None)

Bases: CommandError, ValueError

An incorrect PIN/PUK was used, with the number of attempts now remaining.

WARNING: This exception currently inherits from ValueError for backwards-compatibility reasons. This will no longer be the case with the next major version of the library.

yubikit.core.require_version(my_version, min_version, message=None)

Ensure a version is at least min_version.

yubikit.core.int2bytes(value, min_len=0)

Return type:

bytes

yubikit.core.bytes2int(data)

Return type:

int

class yubikit.core.Tlv(tag_or_data, value=None)

Bases: bytes

property tag: int

property length: int

property value: bytes

classmethod parse_from(data)

Return type:

Tuple[TypeVar(T_Tlv, bound= Tlv), bytes]

classmethod parse_list(data)

Return type:

List[TypeVar(T_Tlv, bound= Tlv)]

classmethod parse_dict(data)

Return type:

Dict[int, bytes]

classmethod unpack(tag, data)

Return type:

bytes