def testSerializeCommandApduNoData(self): cmd = apdu.CommandApdu(0, 0x01, 0x03, 0x04) self.assertEqual(cmd.ToByteArray(), bytearray([0x00, 0x01, 0x03, 0x04, 0x00, 0x00, 0x00])) self.assertEqual(cmd.ToLegacyU2FByteArray(), bytearray([0x00, 0x01, 0x03, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00]))
def CmdRegister(self, challenge_param, app_param): """Register security key. Ask the security key to register with a particular origin & client. Args: challenge_param: Arbitrary 32 byte challenge string. app_param: Arbitrary 32 byte applciation parameter. Returns: A binary structure containing the key handle, attestation, and a signature over that by the attestation key. The precise format is dictated by the FIDO U2F specs. Raises: TUPRequiredError: A Test of User Precense is required to proceed. ApduError: Something went wrong on the device. """ self.logger.debug('CmdRegister') if len(challenge_param) != 32 or len(app_param) != 32: raise errors.InvalidRequestError() body = bytearray(challenge_param + app_param) response = self.InternalSendApdu( apdu.CommandApdu( 0, apdu.CMD_REGISTER, 0x03, # Per the U2F reference code tests 0x00, body)) response.CheckSuccessOrRaise() return response.body
def CmdVersion(self): """Obtain the version of the device and test transport format. Obtains the version of the device and determines whether to use ISO 7816-4 or the U2f variant. This function should be called at least once before CmdAuthenticate or CmdRegister to make sure the object is using the proper transport for the device. Returns: The version of the U2F protocol in use. """ self.logger.debug('CmdVersion') response = self.InternalSendApdu( apdu.CommandApdu(0, apdu.CMD_VERSION, 0x00, 0x00)) if not response.IsSuccess(): raise errors.ApduError(response.sw1, response.sw2) return response.body
def CmdAuthenticate(self, challenge_param, app_param, key_handle, check_only=False): """Attempt to obtain an authentication signature. Ask the security key to sign a challenge for a particular key handle in order to authenticate the user. Args: challenge_param: SHA-256 hash of client_data object as a bytes object. app_param: SHA-256 hash of the app id as a bytes object. key_handle: The key handle to use to issue the signature as a bytes object. check_only: If true, only check if key_handle is valid. Returns: A binary structure containing the key handle, attestation, and a signature over that by the attestation key. The precise format is dictated by the FIDO U2F specs. Raises: TUPRequiredError: If check_only is False, a Test of User Precense is required to proceed. If check_only is True, this means the key_handle is valid. InvalidKeyHandleError: The key_handle is not valid for this device. ApduError: Something else went wrong on the device. """ self.logger.debug('CmdAuthenticate') if len(challenge_param) != 32 or len(app_param) != 32: raise errors.InvalidRequestError() control = 0x07 if check_only else 0x03 body = bytearray(challenge_param + app_param + bytearray([len(key_handle)]) + key_handle) response = self.InternalSendApdu( apdu.CommandApdu(0, apdu.CMD_AUTH, control, 0x00, body)) response.CheckSuccessOrRaise() return response.body