def __init__(self, stick, password=''):
payload = pyhsm.util.input_validate_str(password, 'password', max_len = pyhsm.defines.YSM_BLOCK_SIZE)
# typedef struct {
# uint8_t password[YSM_BLOCK_SIZE]; // Unlock password
# } YSM_KEY_STORAGE_UNLOCK_REQ;
packed = payload.ljust(pyhsm.defines.YSM_BLOCK_SIZE, chr(0x0))
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_KEY_STORAGE_UNLOCK, packed)
def __init__(self, stick, public_id, key_handle, aead, nonce=None):
self.key_handle = pyhsm.util.input_validate_key_handle(key_handle)
self.public_id = pyhsm.util.input_validate_nonce(public_id, pad=True)
aead = pyhsm.util.input_validate_aead(
aead, expected_len=pyhsm.defines.YSM_YUBIKEY_AEAD_SIZE)
if nonce is None:
# typedef struct {
# uint8_t publicId[YSM_PUBLIC_ID_SIZE]; // Public id (nonce)
# uint32_t keyHandle; // Key handle
# uint8_t aead[YSM_YUBIKEY_AEAD_SIZE]; // AEAD block
# } YSM_DB_YUBIKEY_AEAD_STORE_REQ;
fmt = "< %is I %is" % (pyhsm.defines.YSM_PUBLIC_ID_SIZE, \
pyhsm.defines.YSM_YUBIKEY_AEAD_SIZE)
packed = struct.pack(fmt, self.public_id, self.key_handle, aead)
YHSM_Cmd.__init__(self, stick,
pyhsm.defines.YSM_DB_YUBIKEY_AEAD_STORE, packed)
else:
nonce = pyhsm.util.input_validate_nonce(nonce)
# typedef struct {
# uint8_t publicId[YSM_PUBLIC_ID_SIZE]; // Public id
# uint32_t keyHandle; // Key handle
# uint8_t aead[YSM_YUBIKEY_AEAD_SIZE]; // AEAD block
# uint8_t nonce[YSM_AEAD_NONCE_SIZE]; // Nonce
# } YSM_DB_YUBIKEY_AEAD_STORE2_REQ;
fmt = "< %is I %is %is" % (pyhsm.defines.YSM_PUBLIC_ID_SIZE, \
pyhsm.defines.YSM_YUBIKEY_AEAD_SIZE, \
pyhsm.defines.YSM_AEAD_NONCE_SIZE)
packed = struct.pack(fmt, self.public_id, self.key_handle, aead,
nonce)
YHSM_Cmd.__init__(self, stick,
pyhsm.defines.YSM_DB_YUBIKEY_AEAD_STORE2, packed)
def __init__(self, stick, post_increment):
pyhsm.util.input_validate_int(post_increment, 'post_increment')
# typedef struct {
# uint16_t postIncrement; // Size of increment to next nonce
# } YSM_NONCE_GET_REQ;
packed = struct.pack("<H", post_increment)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_NONCE_GET, packed)
def __init__(self,
stick,
key_handle,
data,
flags=None,
final=True,
to_buffer=False):
data = pyhsm.util.input_validate_str(
data, 'data', max_len=pyhsm.defines.YSM_MAX_PKT_SIZE - 6)
self.key_handle = pyhsm.util.input_validate_key_handle(key_handle)
if flags != None:
flags = pyhsm.util.input_validate_int(flags,
'flags',
max_value=0xff)
else:
flags = pyhsm.defines.YSM_HMAC_SHA1_RESET
if final:
flags |= pyhsm.defines.YSM_HMAC_SHA1_FINAL
if to_buffer:
flags |= pyhsm.defines.YSM_HMAC_SHA1_TO_BUFFER
self.final = final
self.flags = flags
packed = _raw_pack(self.key_handle, self.flags, data)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_HMAC_SHA1_GENERATE,
packed)
def __init__(self, stick, num_bytes):
self.num_bytes = pyhsm.util.input_validate_int(num_bytes, 'num_bytes', pyhsm.defines.YSM_MAX_PKT_SIZE - 1)
# typedef struct {
# uint8_t numBytes; // Number of bytes to generate
# } YSM_RANDOM_GENERATE_REQ;
packed = chr(self.num_bytes)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_RANDOM_GENERATE, packed)
def __init__(self, stick, post_increment):
pyhsm.util.input_validate_int(post_increment, 'post_increment')
# typedef struct {
# uint16_t postIncrement; // Size of increment to next nonce
# } YSM_NONCE_GET_REQ;
packed = struct.pack("<H", post_increment)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_NONCE_GET, packed)
def __init__(self, stick, num_bytes):
self.num_bytes = pyhsm.util.input_validate_int(num_bytes, 'num_bytes', pyhsm.defines.YSM_MAX_PKT_SIZE - 1)
# typedef struct {
# uint8_t numBytes; // Number of bytes to generate
# } YSM_RANDOM_GENERATE_REQ;
packed = chr(self.num_bytes)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_RANDOM_GENERATE, packed)
def __init__(self, stick, password=''):
payload = pyhsm.util.input_validate_str(password, 'password', max_len = pyhsm.defines.YSM_BLOCK_SIZE)
# typedef struct {
# uint8_t password[YSM_BLOCK_SIZE]; // Unlock password
# } YSM_KEY_STORAGE_UNLOCK_REQ;
packed = password.ljust(pyhsm.defines.YSM_BLOCK_SIZE, chr(0x0))
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_KEY_STORAGE_UNLOCK, packed)
def __init__(self, stick):
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_SYSTEM_INFO_QUERY)
self.version_major = 0
self.version_minor = 0
self.version_build = 0
self.protocol_ver = 0
self.system_uid = None
def __init__(self, stick, public_id, key_handle, aead, nonce = None):
self.key_handle = pyhsm.util.input_validate_key_handle(key_handle)
self.public_id = pyhsm.util.input_validate_nonce(public_id, pad = True)
aead = pyhsm.util.input_validate_aead(aead, expected_len = pyhsm.defines.YSM_YUBIKEY_AEAD_SIZE)
if nonce is None:
# typedef struct {
# uint8_t publicId[YSM_PUBLIC_ID_SIZE]; // Public id (nonce)
# uint32_t keyHandle; // Key handle
# uint8_t aead[YSM_YUBIKEY_AEAD_SIZE]; // AEAD block
# } YSM_DB_YUBIKEY_AEAD_STORE_REQ;
fmt = "< %is I %is" % (pyhsm.defines.YSM_PUBLIC_ID_SIZE, \
pyhsm.defines.YSM_YUBIKEY_AEAD_SIZE)
packed = struct.pack(fmt, self.public_id, self.key_handle, aead)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_DB_YUBIKEY_AEAD_STORE, packed)
else:
nonce = pyhsm.util.input_validate_nonce(nonce)
# typedef struct {
# uint8_t publicId[YSM_PUBLIC_ID_SIZE]; // Public id
# uint32_t keyHandle; // Key handle
# uint8_t aead[YSM_YUBIKEY_AEAD_SIZE]; // AEAD block
# uint8_t nonce[YSM_AEAD_NONCE_SIZE]; // Nonce
# } YSM_DB_YUBIKEY_AEAD_STORE2_REQ;
fmt = "< %is I %is %is" % (pyhsm.defines.YSM_PUBLIC_ID_SIZE, \
pyhsm.defines.YSM_YUBIKEY_AEAD_SIZE, \
pyhsm.defines.YSM_AEAD_NONCE_SIZE)
packed = struct.pack(fmt, self.public_id, self.key_handle, aead, nonce)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_DB_YUBIKEY_AEAD_STORE2, packed)
def __init__(self, stick, key=''):
payload = pyhsm.util.input_validate_str(key, 'key', max_len = pyhsm.defines.YSM_MAX_KEY_SIZE)
# typedef struct {
# uint8_t key[YSM_MAX_KEY_SIZE]; // Key store decryption key
# } YSM_KEY_STORE_DECRYPT_REQ;
packed = payload.ljust(pyhsm.defines.YSM_MAX_KEY_SIZE, chr(0x0))
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_KEY_STORE_DECRYPT, packed)
def __init__(self, stick, payload=''):
payload = pyhsm.util.input_validate_str(payload, 'payload', max_len = pyhsm.defines.YSM_MAX_PKT_SIZE - 1)
# typedef struct {
# uint8_t numBytes; // Number of bytes in data field
# uint8_t data[YSM_MAX_PKT_SIZE - 1]; // Data
# } YSM_ECHO_REQ;
packed = chr(len(payload)) + payload
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_ECHO, packed)
def __init__(self, stick, payload=''):
payload = pyhsm.util.input_validate_str(payload, 'payload', max_len = pyhsm.defines.YSM_MAX_PKT_SIZE - 1)
# typedef struct {
# uint8_t numBytes; // Number of bytes in data field
# uint8_t data[YSM_MAX_PKT_SIZE - 1]; // Data
# } YSM_ECHO_REQ;
packed = chr(len(payload)) + payload
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_ECHO, packed)
def __init__(self, stick, seed):
seed = pyhsm.util.input_validate_str(seed, 'seed', exact_len = pyhsm.defines.YSM_CTR_DRBG_SEED_SIZE)
# #define YSM_CTR_DRBG_SEED_SIZE 32
# typedef struct {
# uint8_t seed[YSM_CTR_DRBG_SEED_SIZE]; // New seed
# } YSM_RANDOM_RESEED_REQ;
fmt = "%is" % (pyhsm.defines.YSM_CTR_DRBG_SEED_SIZE)
packed = struct.pack(fmt, seed)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_RANDOM_RESEED, packed)
def __init__(self, stick, key=''):
payload = pyhsm.util.input_validate_str(
key, 'key', max_len=pyhsm.defines.YSM_MAX_KEY_SIZE)
# typedef struct {
# uint8_t key[YSM_MAX_KEY_SIZE]; // Key store decryption key
# } YSM_KEY_STORE_DECRYPT_REQ;
packed = payload.ljust(pyhsm.defines.YSM_MAX_KEY_SIZE, chr(0x0))
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_KEY_STORE_DECRYPT,
packed)
def __init__(self, stick, seed):
seed = pyhsm.util.input_validate_str(seed, 'seed', exact_len = pyhsm.defines.YSM_CTR_DRBG_SEED_SIZE)
# #define YSM_CTR_DRBG_SEED_SIZE 32
# typedef struct {
# uint8_t seed[YSM_CTR_DRBG_SEED_SIZE]; // New seed
# } YSM_RANDOM_RESEED_REQ;
fmt = "%is" % (pyhsm.defines.YSM_CTR_DRBG_SEED_SIZE)
packed = struct.pack(fmt, seed)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_RANDOM_RESEED, packed)
def __init__(self, stick, payload=''):
#define YHSM_MONITOR_EXIT 0x7f // Exit to monitor (no response sent)
#define YHSM_MONITOR_EXIT_MAGIC 0xbaadbeef
# typedef struct {
# uint32_t magic; // Magic number for trigger
# uint32_t magicInv; // 1st complement of magic
# } YHSM_MONITOR_EXIT_REQ;
packed = struct.pack('<II', 0xbaadbeef, 0xffffffff - 0xbaadbeef)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_MONITOR_EXIT, packed)
def __init__(self, stick, payload=''):
#define YHSM_MONITOR_EXIT 0x7f // Exit to monitor (no response sent)
#define YHSM_MONITOR_EXIT_MAGIC 0xbaadbeef
#typedef struct {
# uint32_t magic; // Magic number for trigger
# uint32_t magicInv; // 1st complement of magic
#} YHSM_MONITOR_EXIT_REQ;
packed = struct.pack('<II', 0xbaadbeef, 0xffffffff - 0xbaadbeef)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_MONITOR_EXIT, packed)
def __init__(self, stick, public_id, otp):
self.public_id = pyhsm.util.input_validate_nonce(public_id, pad = True)
self.otp = pyhsm.util.input_validate_str(otp, 'otp', exact_len = pyhsm.defines.YSM_OTP_SIZE)
# typedef struct {
# uint8_t publicId[YSM_PUBLIC_ID_SIZE]; // Public id
# uint8_t otp[YSM_OTP_SIZE]; // OTP
# } YSM_DB_OTP_VALIDATE_REQ;
fmt = "%is %is" % (pyhsm.defines.YSM_AEAD_NONCE_SIZE, pyhsm.defines.YSM_OTP_SIZE)
packed = struct.pack(fmt, self.public_id, self.otp)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_DB_OTP_VALIDATE, packed)
def __init__(self, stick, num_bytes, offset = 0):
self.offset = offset
self.num_bytes = num_bytes
# typedef struct {
# uint8_t offs; // Offset in buffer. Zero flushes/resets buffer first
# uint8_t numBytes; // Number of bytes to randomize
# } YSM_BUFFER_RANDOM_LOAD_REQ;
fmt = "B B"
packed = struct.pack(fmt, self.offset, self.num_bytes)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_BUFFER_RANDOM_LOAD, packed)
def __init__(self, stick, num_bytes, offset=0):
self.offset = offset
self.num_bytes = num_bytes
# typedef struct {
# uint8_t offs; // Offset in buffer. Zero flushes/resets buffer first
# uint8_t numBytes; // Number of bytes to randomize
# } YSM_BUFFER_RANDOM_LOAD_REQ;
fmt = "B B"
packed = struct.pack(fmt, self.offset, self.num_bytes)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_BUFFER_RANDOM_LOAD,
packed)
def __init__(self, stick, data, offset = 0):
data = pyhsm.util.input_validate_str(data, 'data', max_len = pyhsm.defines.YSM_DATA_BUF_SIZE)
self.data_len = len(data)
self.offset = pyhsm.util.input_validate_int(offset, 'offset', pyhsm.defines.YSM_DATA_BUF_SIZE - 1)
# typedef struct {
# uint8_t offs; // Offset in buffer. Zero flushes/resets buffer first
# uint8_t numBytes; // Number of bytes to load
# uint8_t data[YSM_DATA_BUF_SIZE]; // Data to load
# } YSM_BUFFER_LOAD_REQ;
fmt = "B B %is" % self.data_len
packed = struct.pack(fmt, self.offset, self.data_len, data)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_BUFFER_LOAD, packed)
def __init__(self, stick, public_id, otp):
self.public_id = pyhsm.util.input_validate_nonce(public_id, pad=True)
self.otp = pyhsm.util.input_validate_str(
otp, 'otp', exact_len=pyhsm.defines.YSM_OTP_SIZE)
# typedef struct {
# uint8_t publicId[YSM_PUBLIC_ID_SIZE]; // Public id
# uint8_t otp[YSM_OTP_SIZE]; // OTP
# } YSM_DB_OTP_VALIDATE_REQ;
fmt = "%is %is" % (pyhsm.defines.YSM_AEAD_NONCE_SIZE,
pyhsm.defines.YSM_OTP_SIZE)
packed = struct.pack(fmt, self.public_id, self.otp)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_DB_OTP_VALIDATE,
packed)
def __init__(self, stick, data, offset=0):
data = pyhsm.util.input_validate_str(
data, 'data', max_len=pyhsm.defines.YSM_DATA_BUF_SIZE)
self.data_len = len(data)
self.offset = pyhsm.util.input_validate_int(
offset, 'offset', pyhsm.defines.YSM_DATA_BUF_SIZE - 1)
# typedef struct {
# uint8_t offs; // Offset in buffer. Zero flushes/resets buffer first
# uint8_t numBytes; // Number of bytes to load
# uint8_t data[YSM_DATA_BUF_SIZE]; // Data to load
# } YSM_BUFFER_LOAD_REQ;
fmt = "B B %is" % self.data_len
packed = struct.pack(fmt, self.offset, self.data_len, data)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_BUFFER_LOAD, packed)
def __init__(self, stick, nonce, key_handle, aead):
self.nonce = pyhsm.util.input_validate_nonce(nonce, pad = True)
self.key_handle = pyhsm.util.input_validate_key_handle(key_handle)
flags_size = struct.calcsize("<I")
max_aead_len = pyhsm.defines.YSM_MAX_KEY_SIZE + flags_size + pyhsm.defines.YSM_AEAD_MAC_SIZE
aead = pyhsm.util.input_validate_aead(aead, max_aead_len = max_aead_len)
# typedef struct {
# uint8_t nonce[YSM_AEAD_NONCE_SIZE]; // Nonce
# uint32_t keyHandle; // Key handle to unlock AEAD
# uint8_t numBytes; // Number of bytes (explicit key size 16, 20, 24 or 32 bytes + flags + hash)
# uint8_t aead[YSM_MAX_KEY_SIZE + sizeof(uint32_t) + YSM_AEAD_MAC_SIZE]; // AEAD block
# } YSM_TEMP_KEY_LOAD_REQ;
fmt = "< %is I B %is" % (pyhsm.defines.YSM_AEAD_NONCE_SIZE, len(aead))
packed = struct.pack(fmt, self.nonce, self.key_handle, len(aead), aead)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_TEMP_KEY_LOAD, packed)
def __init__(self, stick, key_handle, data, flags = None, final = True, to_buffer = False):
data = pyhsm.util.input_validate_str(data, 'data', max_len = pyhsm.defines.YSM_MAX_PKT_SIZE - 6)
self.key_handle = pyhsm.util.input_validate_key_handle(key_handle)
if flags != None:
flags = pyhsm.util.input_validate_int(flags, 'flags', max_value=0xff)
else:
flags = pyhsm.defines.YSM_HMAC_SHA1_RESET
if final:
flags |= pyhsm.defines.YSM_HMAC_SHA1_FINAL
if to_buffer:
flags |= pyhsm.defines.YSM_HMAC_SHA1_TO_BUFFER
self.final = final
self.flags = flags
packed = _raw_pack(self.key_handle, self.flags, data)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_HMAC_SHA1_GENERATE, packed)
def __init__(self, stick, nonce, key_handle, aead, cleartext):
aead = pyhsm.util.input_validate_aead(aead)
expected_ct_len = len(aead) - pyhsm.defines.YSM_AEAD_MAC_SIZE
cleartext = pyhsm.util.input_validate_str(cleartext, 'cleartext', exact_len = expected_ct_len)
self.nonce = pyhsm.util.input_validate_nonce(nonce, pad = True)
self.key_handle = pyhsm.util.input_validate_key_handle(key_handle)
data = cleartext + aead
if len(data) > pyhsm.defines.YSM_MAX_PKT_SIZE - 10:
raise pyhsm.exception.YHSM_InputTooLong(
'cleartext+aead', pyhsm.defines.YSM_MAX_PKT_SIZE - 10, len(data))
# typedef struct {
# uint8_t nonce[YSM_AEAD_NONCE_SIZE]; // Nonce (publicId for Yubikey AEADs)
# uint32_t keyHandle; // Key handle
# uint8_t numBytes; // Number of data bytes (cleartext + aead)
# uint8_t data[YSM_MAX_PKT_SIZE - 0x10]; // Data (cleartext + aead). Empty cleartext validates aead only
# } YSM_AEAD_DECRYPT_CMP_REQ;
fmt = "< %is I B %is" % (pyhsm.defines.YSM_AEAD_NONCE_SIZE, len(data))
packed = struct.pack(fmt, self.nonce, key_handle, len(data), data)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_AEAD_DECRYPT_CMP, packed)
def __init__(self, stick, nonce, key_handle, aead, cleartext):
aead = pyhsm.util.input_validate_aead(aead)
expected_ct_len = len(aead) - pyhsm.defines.YSM_AEAD_MAC_SIZE
cleartext = pyhsm.util.input_validate_str(cleartext,
'cleartext',
exact_len=expected_ct_len)
self.nonce = pyhsm.util.input_validate_nonce(nonce, pad=True)
self.key_handle = pyhsm.util.input_validate_key_handle(key_handle)
data = cleartext + aead
if len(data) > pyhsm.defines.YSM_MAX_PKT_SIZE - 10:
raise pyhsm.exception.YHSM_InputTooLong(
'cleartext+aead', pyhsm.defines.YSM_MAX_PKT_SIZE - 10,
len(data))
# typedef struct {
# uint8_t nonce[YSM_AEAD_NONCE_SIZE]; // Nonce (publicId for Yubikey AEADs)
# uint32_t keyHandle; // Key handle
# uint8_t numBytes; // Number of data bytes (cleartext + aead)
# uint8_t data[YSM_MAX_PKT_SIZE - 0x10]; // Data (cleartext + aead). Empty cleartext validates aead only
# } YSM_AEAD_DECRYPT_CMP_REQ;
fmt = "< %is I B %is" % (pyhsm.defines.YSM_AEAD_NONCE_SIZE, len(data))
packed = struct.pack(fmt, self.nonce, key_handle, len(data), data)
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_AEAD_DECRYPT_CMP,
packed)
def __init__(self, stick):
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_SYSTEM_INFO_QUERY)
def __init__(self, stick, command, payload):
YHSM_Cmd.__init__(self, stick, command, payload)
def __init__(self, stick):
YHSM_Cmd.__init__(self, stick, pyhsm.defines.YSM_SYSTEM_INFO_QUERY)
