yubikit.core.smartcard package

Submodules

yubikit.core.smartcard.scp module

class yubikit.core.smartcard.scp.SessionKeys(key_senc: bytes, key_smac: bytes, key_srmac: bytes, key_dek: bytes | None = None)[source]

Bases: NamedTuple

SCP Session Keys.

key_senc: bytes

Alias for field number 0

key_smac: bytes

Alias for field number 1

key_srmac: bytes

Alias for field number 2

key_dek: Optional[bytes]

Alias for field number 3

class yubikit.core.smartcard.scp.StaticKeys(key_enc: bytes, key_mac: bytes, key_dek: bytes | None = None)[source]

Bases: NamedTuple

SCP03 Static Keys.

key_enc: bytes

Alias for field number 0

key_mac: bytes

Alias for field number 1

key_dek: Optional[bytes]

Alias for field number 2

classmethod default()[source]
Return type:

StaticKeys

derive(context)[source]
Return type:

SessionKeys

class yubikit.core.smartcard.scp.ScpKid(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntEnum

SCP03 = 1
SCP11a = 17
SCP11b = 19
SCP11c = 21
class yubikit.core.smartcard.scp.KeyRef(kid_or_data, kvn=None)[source]

Bases: bytes

property kid: int
property kvn: int
class yubikit.core.smartcard.scp.ScpKeyParams(ref)[source]

Bases: ABC

ref: KeyRef
class yubikit.core.smartcard.scp.Scp03KeyParams(ref=KeyRef(kid=0x01, kvn=0x00), keys=(b'@ABCDEFGHIJKLMNO', b'@ABCDEFGHIJKLMNO', b'@ABCDEFGHIJKLMNO'))[source]

Bases: ScpKeyParams

ref: KeyRef = KeyRef(kid=0x01, kvn=0x00)
keys: StaticKeys = (b'@ABCDEFGHIJKLMNO', b'@ABCDEFGHIJKLMNO', b'@ABCDEFGHIJKLMNO')
class yubikit.core.smartcard.scp.Scp11KeyParams(ref, pk_sd_ecka, oce_ref=None, sk_oce_ecka=None, certificates=<factory>)[source]

Bases: ScpKeyParams

pk_sd_ecka: EllipticCurvePublicKey
oce_ref: Optional[KeyRef] = None
sk_oce_ecka: Optional[EllipticCurvePrivateKey] = None
certificates: Sequence[Certificate]
class yubikit.core.smartcard.scp.ScpState(session_keys, mac_chain=b'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', enc_counter=1)[source]

Bases: object

encrypt(data)[source]
Return type:

bytes

mac(data)[source]
Return type:

bytes

unmac(data, sw)[source]
Return type:

bytes

decrypt(encrypted)[source]
Return type:

bytes

classmethod scp03_init(send_apdu, key_params, *, host_challenge=None)[source]
Return type:

Tuple[ScpState, bytes]

classmethod scp11_init(send_apdu, key_params)[source]
Return type:

ScpState

Module contents

class yubikit.core.smartcard.SmartCardConnection[source]

Bases: Connection

usb_interface: ClassVar[USB_INTERFACE] = 4
abstract property transport: TRANSPORT

Get the transport type of the connection (USB or NFC)

abstract send_and_receive(apdu)[source]

Sends a command APDU and returns the response

Return type:

Tuple[bytes, int]

exception yubikit.core.smartcard.ApduError(data, sw)[source]

Bases: CommandError

Thrown when an APDU response has the wrong SW code

class yubikit.core.smartcard.ApduFormat(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: str, Enum

APDU encoding format

SHORT = 'short'
EXTENDED = 'extended'
class yubikit.core.smartcard.AID(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: bytes, Enum

YubiKey Application smart card AID values.

OTP = b"\xa0\x00\x00\x05' \x01"
MANAGEMENT = b"\xa0\x00\x00\x05'G\x11\x17"
OPENPGP = b'\xd2v\x00\x01$\x01'
OATH = b"\xa0\x00\x00\x05'!\x01"
PIV = b'\xa0\x00\x00\x03\x08'
FIDO = b'\xa0\x00\x00\x06G/\x00\x01'
HSMAUTH = b"\xa0\x00\x00\x05'!\x07\x01"
SECURE_DOMAIN = b'\xa0\x00\x00\x01Q\x00\x00\x00'
class yubikit.core.smartcard.SW(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntEnum

NO_INPUT_DATA = 25221
VERIFY_FAIL_NO_RETRY = 25536
MEMORY_FAILURE = 25985
WRONG_LENGTH = 26368
SECURITY_CONDITION_NOT_SATISFIED = 27010
AUTH_METHOD_BLOCKED = 27011
DATA_INVALID = 27012
CONDITIONS_NOT_SATISFIED = 27013
COMMAND_NOT_ALLOWED = 27014
INCORRECT_PARAMETERS = 27264
FUNCTION_NOT_SUPPORTED = 27265
FILE_NOT_FOUND = 27266
RECORD_NOT_FOUND = 27267
NO_SPACE = 27268
REFERENCE_DATA_NOT_FOUND = 27272
APPLET_SELECT_FAILED = 27033
WRONG_PARAMETERS_P1P2 = 27392
INVALID_INSTRUCTION = 27904
CLASS_NOT_SUPPORTED = 28160
COMMAND_ABORTED = 28416
OK = 36864
class yubikit.core.smartcard.ApduProcessor[source]

Bases: ABC

abstract send_apdu(cla, ins, p1, p2, data, le)[source]
Return type:

Tuple[bytes, int]

class yubikit.core.smartcard.ApduFormatProcessor(connection)[source]

Bases: ApduProcessor

send_apdu(cla, ins, p1, p2, data, le)[source]
abstract format_apdu(cla, ins, p1, p2, data, le)[source]
Return type:

bytes

class yubikit.core.smartcard.ShortApduProcessor(connection)[source]

Bases: ApduFormatProcessor

format_apdu(cla, ins, p1, p2, data, le)[source]
send_apdu(cla, ins, p1, p2, data, le)[source]
class yubikit.core.smartcard.ExtendedApduProcessor(connection, max_apdu_size)[source]

Bases: ApduFormatProcessor

format_apdu(cla, ins, p1, p2, data, le)[source]
class yubikit.core.smartcard.ChainedResponseProcessor(connection, extended_apdus, max_apdu_size, ins_send_remaining=192)[source]

Bases: ApduProcessor

send_apdu(cla, ins, p1, p2, data, le)[source]
class yubikit.core.smartcard.TouchWorkaroundProcessor(connection, ins_send_remaining=192)[source]

Bases: ChainedResponseProcessor

send_apdu(cla, ins, p1, p2, data, le)[source]
class yubikit.core.smartcard.ScpProcessor(connection, scp_state, max_apdu_size, ins_send_remaining=192)[source]

Bases: ChainedResponseProcessor

send_apdu(cla, ins, p1, p2, data, le, encrypt=True)[source]
class yubikit.core.smartcard.SmartCardProtocol(smartcard_connection, ins_send_remaining=192)[source]

Bases: object

An implementation of the Smart Card protocol.

property apdu_format: ApduFormat
close()[source]
Return type:

None

enable_touch_workaround(version)[source]
Return type:

None

configure(version)[source]

Configure the connection optimally for the given YubiKey version.

Return type:

None

send_apdu(cla, ins, p1, p2, data=b'', le=0)[source]

Send APDU message.

Parameters:
  • cla (int) – The instruction class.

  • ins (int) – The instruction code.

  • p1 (int) – The instruction parameter.

  • p2 (int) – The instruction parameter.

  • data (bytes) – The command data in bytes.

  • le (int) – The maximum number of bytes in the data field of the response.

Return type:

bytes

select(aid)[source]

Perform a SELECT instruction.

Parameters:

aid (bytes) – The YubiKey application AID value.

Return type:

bytes

init_scp(key_params)[source]
Return type:

None