o €ÏCã@s8dZddlZddlmZddlmZGdd„deƒZdS)z”This module implements the low level device API. This module exposes a low level SecurityKey class, representing the physical security key device. éN)Úapdu)Úerrorsc@sTeZdZdZdd„Zdd„Z ddd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dS)Ú SecurityKeyz‘Low level api for talking to a security key. This class implements the low level api specified in FIDO U2F for talking to a security key. cCs||_d|_t d¡|_dS)NFzpyu2f.hardware)Ú transportÚuse_legacy_formatÚloggingÚ getLoggerÚlogger)Úselfr©r ú7/tmp/google-cloud-sdk/lib/third_party/pyu2f/hardware.pyÚ__init__!szSecurityKey.__init__c Cs`|j d¡t|ƒdkst|ƒdkrt ¡‚t||ƒ}| t dtj dd|¡¡}|  ¡|j S)a2Register security key. Ask the security key to register with a particular origin & client. Args: challenge_param: Arbitrary 32 byte challenge string. app_param: Arbitrary 32 byte applciation parameter. Returns: A binary structure containing the key handle, attestation, and a signature over that by the attestation key. The precise format is dictated by the FIDO U2F specs. Raises: TUPRequiredError: A Test of User Precense is required to proceed. ApduError: Something went wrong on the device. Ú CmdRegisteré ré) r ÚdebugÚlenrÚInvalidRequestErrorÚ bytearrayÚInternalSendApdurÚ CommandApduÚ CMD_REGISTERÚCheckSuccessOrRaiseÚbody)r Úchallenge_paramÚ app_paramrÚresponser r r r&s  ûzSecurityKey.CmdRegisterFc Cs~|j d¡t|ƒdkst|ƒdkrt ¡‚|rdnd}t||tt|ƒgƒ|ƒ}| t dtj |d|¡¡}|  ¡|j S)aäAttempt to obtain an authentication signature. Ask the security key to sign a challenge for a particular key handle in order to authenticate the user. Args: challenge_param: SHA-256 hash of client_data object as a bytes object. app_param: SHA-256 hash of the app id as a bytes object. key_handle: The key handle to use to issue the signature as a bytes object. check_only: If true, only check if key_handle is valid. Returns: A binary structure containing the key handle, attestation, and a signature over that by the attestation key. The precise format is dictated by the FIDO U2F specs. Raises: TUPRequiredError: If check_only is False, a Test of User Precense is required to proceed. If check_only is True, this means the key_handle is valid. InvalidKeyHandleError: The key_handle is not valid for this device. ApduError: Something else went wrong on the device. ÚCmdAuthenticaterérr) r rrrrrrrrÚCMD_AUTHrr)r rrÚ key_handleÚ check_onlyÚcontrolrrr r r rGs   ÿÿ ÿzSecurityKey.CmdAuthenticatecCsB|j d¡| t dtjdd¡¡}| ¡st |j |j ¡‚|j S)a†Obtain the version of the device and test transport format. Obtains the version of the device and determines whether to use ISO 7816-4 or the U2f variant. This function should be called at least once before CmdAuthenticate or CmdRegister to make sure the object is using the proper transport for the device. Returns: The version of the U2F protocol in use. Ú CmdVersionr) r rrrrÚ CMD_VERSIONÚ IsSuccessrÚ ApduErrorÚsw1Úsw2r)r rr r r r#rs  ÿzSecurityKey.CmdVersioncCs|j d¡|j |¡dS)NÚCmdBlink)r rrÚ SendBlink)r Útimer r r r)†s zSecurityKey.CmdBlinkcCs|j d¡|j ¡dS)NÚCmdWink)r rrÚSendWink)r r r r r,Šs zSecurityKey.CmdWinkcCs|j d¡|j |¡S)NÚCmdPing)r rrÚSendPing)r Údatar r r r.Žs  zSecurityKey.CmdPingcCsbd}|js$t |j | ¡¡¡}|jdkr"|jdkr"d|_| |¡S|St |j |  ¡¡¡}|S)a,Send an APDU to the device. Sends an APDU to the device, possibly falling back to the legacy encoding format that is not ISO7816-4 compatible. Args: apdu_to_send: The CommandApdu object to send Returns: The ResponseApdu object constructed out of the devices reply. NégrT) rrÚ ResponseApdurÚ SendMsgBytesÚ ToByteArrayr'r(rÚToLegacyU2FByteArray)r Ú apdu_to_sendrr r r r’s  ÿ  þÿzSecurityKey.InternalSendApduN)F) Ú__name__Ú __module__Ú __qualname__Ú__doc__r rrr#r)r,r.rr r r r rs% ü+ r)r:rÚpyu2frrÚobjectrr r r r Ús