yubikit.core.smartcard package

class yubikit.core.smartcard.scp.ScpKid(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntEnum

SCP03 = 1

SCP11a = 17

SCP11b = 19

SCP11c = 21

class yubikit.core.smartcard.scp.KeyRef(kid_or_data, kvn=None)[source]

Bases: bytes

property kid: int

property kvn: int

class yubikit.core.smartcard.scp.ScpKeyParams(ref)[source]

Bases: ABC

ref: KeyRef

class yubikit.core.smartcard.scp.Scp03KeyParams(ref=KeyRef(kid=0x01, kvn=0x00), keys=(b'@ABCDEFGHIJKLMNO', b'@ABCDEFGHIJKLMNO', b'@ABCDEFGHIJKLMNO'))[source]

Bases: ScpKeyParams

ref: KeyRef = KeyRef(kid=0x01, kvn=0x00)

keys: StaticKeys = (b'@ABCDEFGHIJKLMNO', b'@ABCDEFGHIJKLMNO', b'@ABCDEFGHIJKLMNO')

class yubikit.core.smartcard.scp.Scp11KeyParams(ref, pk_sd_ecka, oce_ref=None, sk_oce_ecka=None, certificates=<factory>)[source]

Bases: ScpKeyParams

pk_sd_ecka: EllipticCurvePublicKey

oce_ref: Optional[KeyRef] = None

sk_oce_ecka: Optional[EllipticCurvePrivateKey] = None

certificates: Sequence[Certificate]

class yubikit.core.smartcard.scp.ScpState(session_keys, mac_chain=b'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00', enc_counter=1)[source]

Bases: object

encrypt(data)[source]

Return type:: bytes

mac(data)[source]

Return type:: bytes

unmac(data, sw)[source]

Return type:: bytes

decrypt(encrypted)[source]

Return type:: bytes

classmethod scp03_init(send_apdu, key_params, *, host_challenge=None)[source]

Return type:: Tuple[ScpState, bytes]

classmethod scp11_init(send_apdu, key_params)[source]

Return type:: ScpState

Module contents

class yubikit.core.smartcard.SmartCardConnection[source]

Bases: Connection

usb_interface: ClassVar[USB_INTERFACE] = 4

abstract property transport: TRANSPORT: Get the transport type of the connection (USB or NFC)

abstract send_and_receive(apdu)[source]

Sends a command APDU and returns the response

Return type:: Tuple[bytes, int]

exception yubikit.core.smartcard.ApduError(data, sw)[source]

Bases: CommandError

Thrown when an APDU response has the wrong SW code

class yubikit.core.smartcard.ApduFormat(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: str, Enum

APDU encoding format

SHORT = 'short'

EXTENDED = 'extended'

class yubikit.core.smartcard.AID(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: bytes, Enum

YubiKey Application smart card AID values.

OTP = b"\xa0\x00\x00\x05' \x01"

MANAGEMENT = b"\xa0\x00\x00\x05'G\x11\x17"

OPENPGP = b'\xd2v\x00\x01$\x01'

OATH = b"\xa0\x00\x00\x05'!\x01"

PIV = b'\xa0\x00\x00\x03\x08'

FIDO = b'\xa0\x00\x00\x06G/\x00\x01'

HSMAUTH = b"\xa0\x00\x00\x05'!\x07\x01"

SECURE_DOMAIN = b'\xa0\x00\x00\x01Q\x00\x00\x00'

class yubikit.core.smartcard.SW(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntEnum

NO_INPUT_DATA = 25221

VERIFY_FAIL_NO_RETRY = 25536

MEMORY_FAILURE = 25985

WRONG_LENGTH = 26368

SECURITY_CONDITION_NOT_SATISFIED = 27010

AUTH_METHOD_BLOCKED = 27011

DATA_INVALID = 27012

CONDITIONS_NOT_SATISFIED = 27013

COMMAND_NOT_ALLOWED = 27014

INCORRECT_PARAMETERS = 27264

FUNCTION_NOT_SUPPORTED = 27265

FILE_NOT_FOUND = 27266

RECORD_NOT_FOUND = 27267

NO_SPACE = 27268

REFERENCE_DATA_NOT_FOUND = 27272

APPLET_SELECT_FAILED = 27033

WRONG_PARAMETERS_P1P2 = 27392

INVALID_INSTRUCTION = 27904

CLASS_NOT_SUPPORTED = 28160

COMMAND_ABORTED = 28416

OK = 36864

class yubikit.core.smartcard.ApduProcessor[source]

Bases: ABC

abstract send_apdu(cla, ins, p1, p2, data, le)[source]

Return type:: Tuple[bytes, int]

class yubikit.core.smartcard.ApduFormatProcessor(connection)[source]

Bases: ApduProcessor

send_apdu(cla, ins, p1, p2, data, le)[source]

abstract format_apdu(cla, ins, p1, p2, data, le)[source]

Return type:: bytes

class yubikit.core.smartcard.ShortApduProcessor(connection)[source]

Bases: ApduFormatProcessor

format_apdu(cla, ins, p1, p2, data, le)[source]

send_apdu(cla, ins, p1, p2, data, le)[source]

class yubikit.core.smartcard.ExtendedApduProcessor(connection, max_apdu_size)[source]

Bases: ApduFormatProcessor

format_apdu(cla, ins, p1, p2, data, le)[source]

class yubikit.core.smartcard.ChainedResponseProcessor(connection, extended_apdus, max_apdu_size, ins_send_remaining=192)[source]

Bases: ApduProcessor

send_apdu(cla, ins, p1, p2, data, le)[source]

class yubikit.core.smartcard.TouchWorkaroundProcessor(connection, ins_send_remaining=192)[source]

Bases: ChainedResponseProcessor

send_apdu(cla, ins, p1, p2, data, le)[source]

class yubikit.core.smartcard.ScpProcessor(connection, scp_state, max_apdu_size, ins_send_remaining=192)[source]

Bases: ChainedResponseProcessor

send_apdu(cla, ins, p1, p2, data, le, encrypt=True)[source]

class yubikit.core.smartcard.SmartCardProtocol(smartcard_connection, ins_send_remaining=192)[source]

Bases: object

An implementation of the Smart Card protocol.

property apdu_format: ApduFormat

close()[source]

Return type:: None

enable_touch_workaround(version)[source]

Return type:: None

configure(version)[source]

Configure the connection optimally for the given YubiKey version.

Return type:: None

send_apdu(cla, ins, p1, p2, data=b'', le=0)[source]

Send APDU message.

Parameters:

cla (int) – The instruction class.
ins (int) – The instruction code.
p1 (int) – The instruction parameter.
p2 (int) – The instruction parameter.
data (bytes) – The command data in bytes.
le (int) – The maximum number of bytes in the data field of the response.

Return type:

bytes

select(aid)[source]

Perform a SELECT instruction.

Parameters:: aid (bytes) – The YubiKey application AID value.
Return type:: bytes

init_scp(key_params)[source]

Return type:: None