def _get_devices(self, otp_mode=False):
res = []
for dev, info in list_all_devices():
usb_enabled = info.config.enabled_capabilities[TRANSPORT.USB]
interfaces_enabled = []
if CAPABILITY.OTP & usb_enabled:
interfaces_enabled.append("OTP")
if (CAPABILITY.U2F | CAPABILITY.FIDO2) & usb_enabled:
interfaces_enabled.append("FIDO")
if (
CAPABILITY.OATH | CAPABILITY.PIV | CAPABILITY.OPENPGP
) & usb_enabled:
interfaces_enabled.append("CCID")
if otp_mode:
selectable = "OTP" in interfaces_enabled
has_password = False
else:
selectable = "CCID" in interfaces_enabled
if selectable:
with connect_to_device(info.serial, [SmartCardConnection])[
0
] as conn:
oath = OathSession(conn)
has_password = oath.locked
else:
has_password = False
res.append(
{
"name": get_name(info, dev.pid.get_type()),
"version": ".".join(str(d) for d in info.version),
"serial": info.serial or "",
"usbInterfacesEnabled": interfaces_enabled,
"hasPassword": has_password,
"selectable": selectable,
"validated": not has_password,
}
)
return res
def test_yk5_fips_formfactors():
kt = YUBIKEY.YK4
assert get_name(fips(info(FORM_FACTOR.USB_A_KEYCHAIN)),
kt) == "YubiKey 5A FIPS"
assert (get_name(fips(info_nfc(FORM_FACTOR.USB_A_KEYCHAIN)),
kt) == "YubiKey 5 NFC FIPS")
assert get_name(fips(info(FORM_FACTOR.USB_A_NANO)),
kt) == "YubiKey 5 Nano FIPS"
assert get_name(fips(info(FORM_FACTOR.USB_C_KEYCHAIN)),
kt) == "YubiKey 5C FIPS"
assert (get_name(fips(info_nfc(FORM_FACTOR.USB_C_KEYCHAIN)),
kt) == "YubiKey 5C NFC FIPS")
assert get_name(fips(info(FORM_FACTOR.USB_C_NANO)),
kt) == "YubiKey 5C Nano FIPS"
assert get_name(fips(info(FORM_FACTOR.USB_C_LIGHTNING)),
kt) == "YubiKey 5Ci FIPS"
assert get_name(fips(info(FORM_FACTOR.USB_A_BIO)),
kt) == "YubiKey Bio FIPS"
assert get_name(fips(info(FORM_FACTOR.USB_C_BIO)),
kt) == "YubiKey C Bio FIPS"
assert get_name(fips(info(FORM_FACTOR.UNKNOWN)), kt) == "YubiKey 5 FIPS"
assert get_name(fips(info_nfc(FORM_FACTOR.UNKNOWN)),
kt) == "YubiKey 5 NFC FIPS"
def test_yk5_fido():
kt = YUBIKEY.YK4
assert (get_name(fido(info(FORM_FACTOR.USB_A_BIO)),
kt) == "YubiKey Bio - FIDO Edition")
assert (get_name(fido(info(FORM_FACTOR.USB_C_BIO)),
kt) == "YubiKey C Bio - FIDO Edition")
def test_yk5_formfactors():
kt = YUBIKEY.YK4
assert get_name(info(FORM_FACTOR.USB_A_KEYCHAIN), kt) == "YubiKey 5A"
assert get_name(info_nfc(FORM_FACTOR.USB_A_KEYCHAIN),
kt) == "YubiKey 5 NFC"
assert get_name(info(FORM_FACTOR.USB_A_NANO), kt) == "YubiKey 5 Nano"
assert get_name(info(FORM_FACTOR.USB_C_KEYCHAIN), kt) == "YubiKey 5C"
assert get_name(info_nfc(FORM_FACTOR.USB_C_KEYCHAIN),
kt) == "YubiKey 5C NFC"
assert get_name(info(FORM_FACTOR.USB_C_NANO), kt) == "YubiKey 5C Nano"
assert get_name(info(FORM_FACTOR.USB_C_LIGHTNING), kt) == "YubiKey 5Ci"
assert get_name(info(FORM_FACTOR.USB_A_BIO), kt) == "YubiKey Bio"
assert get_name(info(FORM_FACTOR.USB_C_BIO), kt) == "YubiKey C Bio"
assert get_name(info(FORM_FACTOR.UNKNOWN), kt) == "YubiKey 5"
assert get_name(info_nfc(FORM_FACTOR.UNKNOWN), kt) == "YubiKey 5 NFC"
def refresh_devices(self, otp_mode=False, reader_filter=None):
self._devices = []
if not otp_mode and reader_filter:
self._reader_filter = reader_filter
dev = self._get_dev_from_reader()
if dev:
with dev.open_connection(SmartCardConnection) as conn:
info = read_info(dev.pid, conn)
try:
oath = OathSession(conn)
has_password = oath.locked
selectable = True
except ApplicationNotAvailableError:
selectable = False
has_password = False
usb_enabled = info.config.enabled_capabilities[TRANSPORT.USB]
interfaces_enabled = []
if CAPABILITY.OTP & usb_enabled:
interfaces_enabled.append("OTP")
if (CAPABILITY.U2F | CAPABILITY.FIDO2) & usb_enabled:
interfaces_enabled.append("FIDO")
if (
CAPABILITY.OATH | CAPABILITY.PIV | CAPABILITY.OPENPGP
) & usb_enabled:
interfaces_enabled.append("CCID")
self._devices.append(
{
"name": get_name(
info, dev.pid.get_type() if dev.pid else None
),
"version": ".".join(str(d) for d in info.version),
"serial": info.serial or "",
"usbInterfacesEnabled": interfaces_enabled,
"hasPassword": has_password,
"selectable": selectable,
"validated": True, # not has_password
}
)
return success({"devices": self._devices})
else:
return success({"devices": []})
else:
self._reader_filter = None
# Forget current serial and derived key if no descriptors
# Return empty list of devices
if not self._devs:
self._current_serial = None
self._current_derived_key = None
return success({"devices": []})
self._devices = self._get_devices(otp_mode)
# If no current serial, or current serial seems removed,
# select the first serial found.
if not self._current_serial or (
self._current_serial not in [dev["serial"] for dev in self._devices]
):
for dev in self._devices:
if dev["serial"]:
self._current_serial = dev["serial"]
break
return success({"devices": self._devices})