def test_vector(self, session, params):
key, challenge, hash_algorithm, expected = params
if hash_algorithm == HASH_ALGORITHM.SHA512:
if session.version < (4, 3, 1) or is_fips_version(session.version):
pytest.skip("SHA512 requires (non-FIPS) YubiKey 4.3.1 or later")
cred = session.put_credential(
CredentialData("test", OATH_TYPE.TOTP, hash_algorithm, key)
)
value = session.calculate(cred.id, challenge)
assert value == expected
def test_vector(self, session, params, digits):
timestamp, hash_algorithm, value, key = params
if hash_algorithm == HASH_ALGORITHM.SHA512:
if session.version < (4, 3, 1) or is_fips_version(session.version):
pytest.skip("SHA512 requires (non-FIPS) YubiKey 4.3.1 or later")
cred = session.put_credential(
CredentialData("test", OATH_TYPE.TOTP, hash_algorithm, key, digits)
)
code = session.calculate_code(cred, timestamp)
assert len(code.value) == digits
assert value.endswith(code.value)
def test_generate_self_signed_certificate(self, session, key_type,
hash_algorithm):
if key_type == KEY_TYPE.ECCP384 and session.version < (4, 0, 0):
pytest.skip("ECCP384 requires YubiKey 4 or later")
if key_type == KEY_TYPE.RSA1024 and is_fips_version(session.version):
pytest.skip("RSA1024 not available on YubiKey FIPS")
slot = SLOT.SIGNATURE
public_key = import_key(session, slot, key_type)
session.authenticate(MANAGEMENT_KEY_TYPE.TDES, DEFAULT_MANAGEMENT_KEY)
session.verify_pin(DEFAULT_PIN)
cert = generate_self_signed_certificate(session, slot, public_key,
"CN=alice", NOW, NOW,
hash_algorithm)
assert cert.public_key().public_numbers() == public_key.public_numbers(
)
verify_cert_signature(cert, public_key)
def fips(status=True):
return condition(
lambda version: status == is_fips_version(version),
f"Requires FIPS = {status}",
)
def is_not_fips(info):
return not is_fips_version(info.version)
def is_fips(info):
return is_fips_version(info.version)