yubikit.core.smartcard package

Submodules

yubikit.core.smartcard.scp module

class yubikit.core.smartcard.scp.SessionKeys(key_senc: bytes, key_smac: bytes, key_srmac: bytes, key_dek: bytes | None = None)[source]

Bases: NamedTuple

SCP Session Keys.

key_senc: bytes

Alias for field number 0

key_smac: bytes

Alias for field number 1

key_srmac: bytes

Alias for field number 2

key_dek: Optional[bytes]

Alias for field number 3

class yubikit.core.smartcard.scp.StaticKeys(key_enc: bytes, key_mac: bytes, key_dek: bytes | None = None)[source]

Bases: NamedTuple

SCP03 Static Keys.

key_enc: bytes

Alias for field number 0

key_mac: bytes

Alias for field number 1

key_dek: Optional[bytes]

Alias for field number 2

classmethod default()[source]
Return type:

StaticKeys

derive(context)[source]
Return type:

SessionKeys

class yubikit.core.smartcard.scp.ScpKid(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntEnum

SCP03 = 1
SCP11a = 17
SCP11b = 19
SCP11c = 21
class yubikit.core.smartcard.scp.KeyRef(kid_or_data, kvn=None)[source]

Bases: bytes

property kid: int
property kvn: int
class yubikit.core.smartcard.scp.ScpKeyParams(ref)[source]

Bases: ABC

ref: KeyRef
class yubikit.core.smartcard.scp.Scp03KeyParams(ref=KeyRef(kid=0x01, kvn=0x00), keys=(b'@ABCDEFGHIJKLMNO', b'@ABCDEFGHIJKLMNO', b'@ABCDEFGHIJKLMNO'))[source]

Bases: ScpKeyParams

ref: KeyRef = KeyRef(kid=0x01, kvn=0x00)
keys: StaticKeys = (b'@ABCDEFGHIJKLMNO', b'@ABCDEFGHIJKLMNO', b'@ABCDEFGHIJKLMNO')
class yubikit.core.smartcard.scp.Scp11KeyParams(ref, pk_sd_ecka, oce_ref=None, sk_oce_ecka=None, certificates=<factory>)[source]

Bases: ScpKeyParams

pk_sd_ecka: EllipticCurvePublicKey
oce_ref: Optional[KeyRef] = None
sk_oce_ecka: Optional[EllipticCurvePrivateKey] = None
certificates: Sequence[Certificate]
class yubikit.core.smartcard.scp.ScpState(session_keys, mac_chain=b'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', enc_counter=1)[source]

Bases: object

encrypt(data)[source]
Return type:

bytes

mac(data)[source]
Return type:

bytes

unmac(data, sw)[source]
Return type:

bytes

decrypt(encrypted)[source]
Return type:

bytes

classmethod scp03_init(send_apdu, key_params, *, host_challenge=None)[source]
Return type:

Tuple[ScpState, bytes]

classmethod scp11_init(send_apdu, key_params)[source]
Return type:

ScpState

Module contents

exception yubikit.core.smartcard.ApduError(data, sw)[source]

Bases: CommandError

Thrown when an APDU response has the wrong SW code

class yubikit.core.smartcard.ApduFormat(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: str, Enum

APDU encoding format

SHORT = 'short'
EXTENDED = 'extended'
class yubikit.core.smartcard.SW(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntEnum

NO_INPUT_DATA = 25221
VERIFY_FAIL_NO_RETRY = 25536
MEMORY_FAILURE = 25985
WRONG_LENGTH = 26368
SECURITY_CONDITION_NOT_SATISFIED = 27010
AUTH_METHOD_BLOCKED = 27011
DATA_INVALID = 27012
CONDITIONS_NOT_SATISFIED = 27013
COMMAND_NOT_ALLOWED = 27014
INCORRECT_PARAMETERS = 27264
FUNCTION_NOT_SUPPORTED = 27265
FILE_NOT_FOUND = 27266
NO_SPACE = 27268
REFERENCE_DATA_NOT_FOUND = 27272
APPLET_SELECT_FAILED = 27033
WRONG_PARAMETERS_P1P2 = 27392
INVALID_INSTRUCTION = 27904
CLASS_NOT_SUPPORTED = 28160
COMMAND_ABORTED = 28416
OK = 36864
class yubikit.core.smartcard.AID(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: bytes, Enum

YubiKey Application smart card AID values.

OTP = b"\xa0\x00\x00\x05' \x01"
MANAGEMENT = b"\xa0\x00\x00\x05'G\x11\x17"
OPENPGP = b'\xd2v\x00\x01$\x01'
OATH = b"\xa0\x00\x00\x05'!\x01"
PIV = b'\xa0\x00\x00\x03\x08'
FIDO = b'\xa0\x00\x00\x06G/\x00\x01'
HSMAUTH = b"\xa0\x00\x00\x05'!\x07\x01"
SECURE_DOMAIN = b'\xa0\x00\x00\x01Q\x00\x00\x00'