def add_credential(self, name, key, oath_type, digits, algo, touch,
password_key):
dev = self._descriptor.open_device(TRANSPORT.CCID)
controller = OathController(dev.driver)
if controller.locked and password_key is not None:
controller.validate(a2b_hex(password_key))
try:
key = parse_b32_key(key)
except Exception as e:
return str(e)
try:
controller.put(key,
name,
oath_type,
digits,
algo=algo,
require_touch=touch)
except APDUError as e:
# NEO doesn't return a no space error if full,
# but a command aborted error. Assume it's because of
# no space in this context.
if e.sw == SW.NO_SPACE or e.sw == SW.COMMAND_ABORTED:
return 'No space'
else:
raise
def _calculate(self, credential, timestamp, password_key):
dev = self._descriptor.open_device(TRANSPORT.CCID)
controller = OathController(dev.driver)
if controller.locked and password_key is not None:
controller.validate(a2b_hex(password_key))
cred = controller.calculate(credential, timestamp)
return cred
def _calculate_all(self, timestamp, password_key):
dev = self._descriptor.open_device(TRANSPORT.CCID)
controller = OathController(dev.driver)
if controller.locked and password_key is not None:
controller.validate(a2b_hex(password_key))
creds = controller.calculate_all(timestamp)
creds = [c for c in creds if not c.hidden]
return creds
def validate(self, key):
dev = self._descriptor.open_device(TRANSPORT.CCID)
controller = OathController(dev.driver)
if key is not None:
try:
controller.validate(a2b_hex(key))
return True
except:
return False
def set_password(self, new_password, password_key):
dev = self._descriptor.open_device(TRANSPORT.CCID)
controller = OathController(dev.driver)
if controller.locked and password_key is not None:
controller.validate(a2b_hex(password_key))
if new_password is not None:
key = derive_key(controller.id, new_password)
controller.set_password(key)
else:
controller.clear_password()
def calculate(self, credential, timestamp, password_key):
try:
dev = self._descriptor.open_device(TRANSPORT.CCID)
controller = OathController(dev.driver)
if controller.locked and password_key is not None:
controller.validate(a2b_hex(password_key))
except:
return None
return controller.calculate(Credential.from_dict(credential),
timestamp).to_dict()
def refresh_credentials(self, timestamp, password_key=None):
try:
dev = self._descriptor.open_device(TRANSPORT.CCID)
controller = OathController(dev.driver)
if controller.locked and password_key is not None:
controller.validate(a2b_hex(password_key))
creds = controller.calculate_all(timestamp)
return [c.to_dict() for c in creds if not c.is_hidden()]
except:
return []
def provide_password(self, password, remember=False):
dev = self._descriptor.open_device(TRANSPORT.CCID)
controller = OathController(dev.driver)
self._key = controller.derive_key(password)
try:
controller.validate(self._key)
except Exception:
return False
if remember:
keys = self.settings.setdefault('keys', {})
keys[controller.id] = b2a_hex(self._key).decode()
self.settings.write()
return True
def provide_password(self, password, remember=False):
dev = self._descriptor.open_device(TRANSPORT.CCID)
controller = OathController(dev.driver)
self._key = controller.derive_key(password)
try:
controller.validate(self._key)
except Exception:
return False
if remember:
keys = self.settings.setdefault('keys', {})
keys[controller.id] = b2a_hex(self._key).decode()
self.settings.write()
return True
def add_credential(self, name, key, oath_type, digits, algo, touch,
password_key):
dev = self._descriptor.open_device(TRANSPORT.CCID)
controller = OathController(dev.driver)
if controller.locked and password_key is not None:
controller.validate(a2b_hex(password_key))
try:
key = parse_b32_key(key)
except Exception as e:
return str(e)
controller.put(key,
name,
oath_type,
digits,
algo=algo,
require_touch=touch)
def delete_credential(self, credential, password_key):
dev = self._descriptor.open_device(TRANSPORT.CCID)
controller = OathController(dev.driver)
if controller.locked and password_key is not None:
controller.validate(a2b_hex(password_key))
controller.delete(Credential.from_dict(credential))