def __init__(self, stick, password=''): payload = pyhsm.util.input_validate_str(password, 'password', max_len = pyhsm.defines.YSM_BLOCK_SIZE) # typedef struct { # uint8_t password[YSM_BLOCK_SIZE]; // Unlock password # } YSM_KEY_STORAGE_UNLOCK_REQ; packed = payload.ljust(pyhsm.defines.YSM_BLOCK_SIZE, chr(0x0)) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_KEY_STORAGE_UNLOCK, packed)
def __init__(self, stick, public_id, key_handle, aead, nonce=None): self.key_handle = pyhsm.util.input_validate_key_handle(key_handle) self.public_id = pyhsm.util.input_validate_nonce(public_id, pad=True) aead = pyhsm.util.input_validate_aead( aead, expected_len=pyhsm.defines.YSM_YUBIKEY_AEAD_SIZE) if nonce is None: # typedef struct { # uint8_t publicId[YSM_PUBLIC_ID_SIZE]; // Public id (nonce) # uint32_t keyHandle; // Key handle # uint8_t aead[YSM_YUBIKEY_AEAD_SIZE]; // AEAD block # } YSM_DB_YUBIKEY_AEAD_STORE_REQ; fmt = "< %is I %is" % (pyhsm.defines.YSM_PUBLIC_ID_SIZE, \ pyhsm.defines.YSM_YUBIKEY_AEAD_SIZE) packed = struct.pack(fmt, self.public_id, self.key_handle, aead) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_DB_YUBIKEY_AEAD_STORE, packed) else: nonce = pyhsm.util.input_validate_nonce(nonce) # typedef struct { # uint8_t publicId[YSM_PUBLIC_ID_SIZE]; // Public id # uint32_t keyHandle; // Key handle # uint8_t aead[YSM_YUBIKEY_AEAD_SIZE]; // AEAD block # uint8_t nonce[YSM_AEAD_NONCE_SIZE]; // Nonce # } YSM_DB_YUBIKEY_AEAD_STORE2_REQ; fmt = "< %is I %is %is" % (pyhsm.defines.YSM_PUBLIC_ID_SIZE, \ pyhsm.defines.YSM_YUBIKEY_AEAD_SIZE, \ pyhsm.defines.YSM_AEAD_NONCE_SIZE) packed = struct.pack(fmt, self.public_id, self.key_handle, aead, nonce) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_DB_YUBIKEY_AEAD_STORE2, packed)
def __init__(self, stick, post_increment): pyhsm.util.input_validate_int(post_increment, 'post_increment') # typedef struct { # uint16_t postIncrement; // Size of increment to next nonce # } YSM_NONCE_GET_REQ; packed = struct.pack("<H", post_increment) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_NONCE_GET, packed)
def __init__(self, stick, key_handle, data, flags=None, final=True, to_buffer=False): data = pyhsm.util.input_validate_str( data, 'data', max_len=pyhsm.defines.YSM_MAX_PKT_SIZE - 6) self.key_handle = pyhsm.util.input_validate_key_handle(key_handle) if flags != None: flags = pyhsm.util.input_validate_int(flags, 'flags', max_value=0xff) else: flags = pyhsm.defines.YSM_HMAC_SHA1_RESET if final: flags |= pyhsm.defines.YSM_HMAC_SHA1_FINAL if to_buffer: flags |= pyhsm.defines.YSM_HMAC_SHA1_TO_BUFFER self.final = final self.flags = flags packed = _raw_pack(self.key_handle, self.flags, data) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_HMAC_SHA1_GENERATE, packed)
def __init__(self, stick, num_bytes): self.num_bytes = pyhsm.util.input_validate_int(num_bytes, 'num_bytes', pyhsm.defines.YSM_MAX_PKT_SIZE - 1) # typedef struct { # uint8_t numBytes; // Number of bytes to generate # } YSM_RANDOM_GENERATE_REQ; packed = chr(self.num_bytes) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_RANDOM_GENERATE, packed)
def __init__(self, stick, password=''): payload = pyhsm.util.input_validate_str(password, 'password', max_len = pyhsm.defines.YSM_BLOCK_SIZE) # typedef struct { # uint8_t password[YSM_BLOCK_SIZE]; // Unlock password # } YSM_KEY_STORAGE_UNLOCK_REQ; packed = password.ljust(pyhsm.defines.YSM_BLOCK_SIZE, chr(0x0)) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_KEY_STORAGE_UNLOCK, packed)
def __init__(self, stick): YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_SYSTEM_INFO_QUERY) self.version_major = 0 self.version_minor = 0 self.version_build = 0 self.protocol_ver = 0 self.system_uid = None
def __init__(self, stick, public_id, key_handle, aead, nonce = None): self.key_handle = pyhsm.util.input_validate_key_handle(key_handle) self.public_id = pyhsm.util.input_validate_nonce(public_id, pad = True) aead = pyhsm.util.input_validate_aead(aead, expected_len = pyhsm.defines.YSM_YUBIKEY_AEAD_SIZE) if nonce is None: # typedef struct { # uint8_t publicId[YSM_PUBLIC_ID_SIZE]; // Public id (nonce) # uint32_t keyHandle; // Key handle # uint8_t aead[YSM_YUBIKEY_AEAD_SIZE]; // AEAD block # } YSM_DB_YUBIKEY_AEAD_STORE_REQ; fmt = "< %is I %is" % (pyhsm.defines.YSM_PUBLIC_ID_SIZE, \ pyhsm.defines.YSM_YUBIKEY_AEAD_SIZE) packed = struct.pack(fmt, self.public_id, self.key_handle, aead) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_DB_YUBIKEY_AEAD_STORE, packed) else: nonce = pyhsm.util.input_validate_nonce(nonce) # typedef struct { # uint8_t publicId[YSM_PUBLIC_ID_SIZE]; // Public id # uint32_t keyHandle; // Key handle # uint8_t aead[YSM_YUBIKEY_AEAD_SIZE]; // AEAD block # uint8_t nonce[YSM_AEAD_NONCE_SIZE]; // Nonce # } YSM_DB_YUBIKEY_AEAD_STORE2_REQ; fmt = "< %is I %is %is" % (pyhsm.defines.YSM_PUBLIC_ID_SIZE, \ pyhsm.defines.YSM_YUBIKEY_AEAD_SIZE, \ pyhsm.defines.YSM_AEAD_NONCE_SIZE) packed = struct.pack(fmt, self.public_id, self.key_handle, aead, nonce) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_DB_YUBIKEY_AEAD_STORE2, packed)
def __init__(self, stick, key=''): payload = pyhsm.util.input_validate_str(key, 'key', max_len = pyhsm.defines.YSM_MAX_KEY_SIZE) # typedef struct { # uint8_t key[YSM_MAX_KEY_SIZE]; // Key store decryption key # } YSM_KEY_STORE_DECRYPT_REQ; packed = payload.ljust(pyhsm.defines.YSM_MAX_KEY_SIZE, chr(0x0)) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_KEY_STORE_DECRYPT, packed)
def __init__(self, stick, payload=''): payload = pyhsm.util.input_validate_str(payload, 'payload', max_len = pyhsm.defines.YSM_MAX_PKT_SIZE - 1) # typedef struct { # uint8_t numBytes; // Number of bytes in data field # uint8_t data[YSM_MAX_PKT_SIZE - 1]; // Data # } YSM_ECHO_REQ; packed = chr(len(payload)) + payload YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_ECHO, packed)
def __init__(self, stick, seed): seed = pyhsm.util.input_validate_str(seed, 'seed', exact_len = pyhsm.defines.YSM_CTR_DRBG_SEED_SIZE) # #define YSM_CTR_DRBG_SEED_SIZE 32 # typedef struct { # uint8_t seed[YSM_CTR_DRBG_SEED_SIZE]; // New seed # } YSM_RANDOM_RESEED_REQ; fmt = "%is" % (pyhsm.defines.YSM_CTR_DRBG_SEED_SIZE) packed = struct.pack(fmt, seed) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_RANDOM_RESEED, packed)
def __init__(self, stick, key=''): payload = pyhsm.util.input_validate_str( key, 'key', max_len=pyhsm.defines.YSM_MAX_KEY_SIZE) # typedef struct { # uint8_t key[YSM_MAX_KEY_SIZE]; // Key store decryption key # } YSM_KEY_STORE_DECRYPT_REQ; packed = payload.ljust(pyhsm.defines.YSM_MAX_KEY_SIZE, chr(0x0)) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_KEY_STORE_DECRYPT, packed)
def __init__(self, stick, payload=''): #define YHSM_MONITOR_EXIT 0x7f // Exit to monitor (no response sent) #define YHSM_MONITOR_EXIT_MAGIC 0xbaadbeef # typedef struct { # uint32_t magic; // Magic number for trigger # uint32_t magicInv; // 1st complement of magic # } YHSM_MONITOR_EXIT_REQ; packed = struct.pack('<II', 0xbaadbeef, 0xffffffff - 0xbaadbeef) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_MONITOR_EXIT, packed)
def __init__(self, stick, payload=''): #define YHSM_MONITOR_EXIT 0x7f // Exit to monitor (no response sent) #define YHSM_MONITOR_EXIT_MAGIC 0xbaadbeef #typedef struct { # uint32_t magic; // Magic number for trigger # uint32_t magicInv; // 1st complement of magic #} YHSM_MONITOR_EXIT_REQ; packed = struct.pack('<II', 0xbaadbeef, 0xffffffff - 0xbaadbeef) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_MONITOR_EXIT, packed)
def __init__(self, stick, public_id, otp): self.public_id = pyhsm.util.input_validate_nonce(public_id, pad = True) self.otp = pyhsm.util.input_validate_str(otp, 'otp', exact_len = pyhsm.defines.YSM_OTP_SIZE) # typedef struct { # uint8_t publicId[YSM_PUBLIC_ID_SIZE]; // Public id # uint8_t otp[YSM_OTP_SIZE]; // OTP # } YSM_DB_OTP_VALIDATE_REQ; fmt = "%is %is" % (pyhsm.defines.YSM_AEAD_NONCE_SIZE, pyhsm.defines.YSM_OTP_SIZE) packed = struct.pack(fmt, self.public_id, self.otp) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_DB_OTP_VALIDATE, packed)
def __init__(self, stick, num_bytes, offset = 0): self.offset = offset self.num_bytes = num_bytes # typedef struct { # uint8_t offs; // Offset in buffer. Zero flushes/resets buffer first # uint8_t numBytes; // Number of bytes to randomize # } YSM_BUFFER_RANDOM_LOAD_REQ; fmt = "B B" packed = struct.pack(fmt, self.offset, self.num_bytes) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_BUFFER_RANDOM_LOAD, packed)
def __init__(self, stick, num_bytes, offset=0): self.offset = offset self.num_bytes = num_bytes # typedef struct { # uint8_t offs; // Offset in buffer. Zero flushes/resets buffer first # uint8_t numBytes; // Number of bytes to randomize # } YSM_BUFFER_RANDOM_LOAD_REQ; fmt = "B B" packed = struct.pack(fmt, self.offset, self.num_bytes) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_BUFFER_RANDOM_LOAD, packed)
def __init__(self, stick, data, offset = 0): data = pyhsm.util.input_validate_str(data, 'data', max_len = pyhsm.defines.YSM_DATA_BUF_SIZE) self.data_len = len(data) self.offset = pyhsm.util.input_validate_int(offset, 'offset', pyhsm.defines.YSM_DATA_BUF_SIZE - 1) # typedef struct { # uint8_t offs; // Offset in buffer. Zero flushes/resets buffer first # uint8_t numBytes; // Number of bytes to load # uint8_t data[YSM_DATA_BUF_SIZE]; // Data to load # } YSM_BUFFER_LOAD_REQ; fmt = "B B %is" % self.data_len packed = struct.pack(fmt, self.offset, self.data_len, data) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_BUFFER_LOAD, packed)
def __init__(self, stick, public_id, otp): self.public_id = pyhsm.util.input_validate_nonce(public_id, pad=True) self.otp = pyhsm.util.input_validate_str( otp, 'otp', exact_len=pyhsm.defines.YSM_OTP_SIZE) # typedef struct { # uint8_t publicId[YSM_PUBLIC_ID_SIZE]; // Public id # uint8_t otp[YSM_OTP_SIZE]; // OTP # } YSM_DB_OTP_VALIDATE_REQ; fmt = "%is %is" % (pyhsm.defines.YSM_AEAD_NONCE_SIZE, pyhsm.defines.YSM_OTP_SIZE) packed = struct.pack(fmt, self.public_id, self.otp) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_DB_OTP_VALIDATE, packed)
def __init__(self, stick, data, offset=0): data = pyhsm.util.input_validate_str( data, 'data', max_len=pyhsm.defines.YSM_DATA_BUF_SIZE) self.data_len = len(data) self.offset = pyhsm.util.input_validate_int( offset, 'offset', pyhsm.defines.YSM_DATA_BUF_SIZE - 1) # typedef struct { # uint8_t offs; // Offset in buffer. Zero flushes/resets buffer first # uint8_t numBytes; // Number of bytes to load # uint8_t data[YSM_DATA_BUF_SIZE]; // Data to load # } YSM_BUFFER_LOAD_REQ; fmt = "B B %is" % self.data_len packed = struct.pack(fmt, self.offset, self.data_len, data) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_BUFFER_LOAD, packed)
def __init__(self, stick, nonce, key_handle, aead): self.nonce = pyhsm.util.input_validate_nonce(nonce, pad = True) self.key_handle = pyhsm.util.input_validate_key_handle(key_handle) flags_size = struct.calcsize("<I") max_aead_len = pyhsm.defines.YSM_MAX_KEY_SIZE + flags_size + pyhsm.defines.YSM_AEAD_MAC_SIZE aead = pyhsm.util.input_validate_aead(aead, max_aead_len = max_aead_len) # typedef struct { # uint8_t nonce[YSM_AEAD_NONCE_SIZE]; // Nonce # uint32_t keyHandle; // Key handle to unlock AEAD # uint8_t numBytes; // Number of bytes (explicit key size 16, 20, 24 or 32 bytes + flags + hash) # uint8_t aead[YSM_MAX_KEY_SIZE + sizeof(uint32_t) + YSM_AEAD_MAC_SIZE]; // AEAD block # } YSM_TEMP_KEY_LOAD_REQ; fmt = "< %is I B %is" % (pyhsm.defines.YSM_AEAD_NONCE_SIZE, len(aead)) packed = struct.pack(fmt, self.nonce, self.key_handle, len(aead), aead) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_TEMP_KEY_LOAD, packed)
def __init__(self, stick, key_handle, data, flags = None, final = True, to_buffer = False): data = pyhsm.util.input_validate_str(data, 'data', max_len = pyhsm.defines.YSM_MAX_PKT_SIZE - 6) self.key_handle = pyhsm.util.input_validate_key_handle(key_handle) if flags != None: flags = pyhsm.util.input_validate_int(flags, 'flags', max_value=0xff) else: flags = pyhsm.defines.YSM_HMAC_SHA1_RESET if final: flags |= pyhsm.defines.YSM_HMAC_SHA1_FINAL if to_buffer: flags |= pyhsm.defines.YSM_HMAC_SHA1_TO_BUFFER self.final = final self.flags = flags packed = _raw_pack(self.key_handle, self.flags, data) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_HMAC_SHA1_GENERATE, packed)
def __init__(self, stick, nonce, key_handle, aead, cleartext): aead = pyhsm.util.input_validate_aead(aead) expected_ct_len = len(aead) - pyhsm.defines.YSM_AEAD_MAC_SIZE cleartext = pyhsm.util.input_validate_str(cleartext, 'cleartext', exact_len = expected_ct_len) self.nonce = pyhsm.util.input_validate_nonce(nonce, pad = True) self.key_handle = pyhsm.util.input_validate_key_handle(key_handle) data = cleartext + aead if len(data) > pyhsm.defines.YSM_MAX_PKT_SIZE - 10: raise pyhsm.exception.YHSM_InputTooLong( 'cleartext+aead', pyhsm.defines.YSM_MAX_PKT_SIZE - 10, len(data)) # typedef struct { # uint8_t nonce[YSM_AEAD_NONCE_SIZE]; // Nonce (publicId for Yubikey AEADs) # uint32_t keyHandle; // Key handle # uint8_t numBytes; // Number of data bytes (cleartext + aead) # uint8_t data[YSM_MAX_PKT_SIZE - 0x10]; // Data (cleartext + aead). Empty cleartext validates aead only # } YSM_AEAD_DECRYPT_CMP_REQ; fmt = "< %is I B %is" % (pyhsm.defines.YSM_AEAD_NONCE_SIZE, len(data)) packed = struct.pack(fmt, self.nonce, key_handle, len(data), data) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_AEAD_DECRYPT_CMP, packed)
def __init__(self, stick, nonce, key_handle, aead, cleartext): aead = pyhsm.util.input_validate_aead(aead) expected_ct_len = len(aead) - pyhsm.defines.YSM_AEAD_MAC_SIZE cleartext = pyhsm.util.input_validate_str(cleartext, 'cleartext', exact_len=expected_ct_len) self.nonce = pyhsm.util.input_validate_nonce(nonce, pad=True) self.key_handle = pyhsm.util.input_validate_key_handle(key_handle) data = cleartext + aead if len(data) > pyhsm.defines.YSM_MAX_PKT_SIZE - 10: raise pyhsm.exception.YHSM_InputTooLong( 'cleartext+aead', pyhsm.defines.YSM_MAX_PKT_SIZE - 10, len(data)) # typedef struct { # uint8_t nonce[YSM_AEAD_NONCE_SIZE]; // Nonce (publicId for Yubikey AEADs) # uint32_t keyHandle; // Key handle # uint8_t numBytes; // Number of data bytes (cleartext + aead) # uint8_t data[YSM_MAX_PKT_SIZE - 0x10]; // Data (cleartext + aead). Empty cleartext validates aead only # } YSM_AEAD_DECRYPT_CMP_REQ; fmt = "< %is I B %is" % (pyhsm.defines.YSM_AEAD_NONCE_SIZE, len(data)) packed = struct.pack(fmt, self.nonce, key_handle, len(data), data) YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_AEAD_DECRYPT_CMP, packed)
def __init__(self, stick): YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_SYSTEM_INFO_QUERY)
def __init__(self, stick, command, payload): YHSM_Cmd.__init__(self, stick, command, payload)