def test_slot_configured(self, session, read_config): state = read_config() assert not state.is_configured(SLOT.ONE) assert not state.is_configured(SLOT.TWO) session.put_configuration(SLOT.ONE, HmacSha1SlotConfiguration(b"a" * 16)) state = read_config() assert state.is_configured(SLOT.ONE) assert not state.is_configured(SLOT.TWO) session.put_configuration(SLOT.TWO, HmacSha1SlotConfiguration(b"a" * 16)) state = read_config() assert state.is_configured(SLOT.ONE) assert state.is_configured(SLOT.TWO) session.delete_slot(SLOT.ONE) state = read_config() assert not state.is_configured(SLOT.ONE) assert state.is_configured(SLOT.TWO) session.swap_slots() state = read_config() assert state.is_configured(SLOT.ONE) assert not state.is_configured(SLOT.TWO) session.delete_slot(SLOT.ONE) state = read_config() assert not state.is_configured(SLOT.ONE) assert not state.is_configured(SLOT.TWO)
def otp_add_credential(self, slot, key, touch): key = parse_b32_key(key) with self._open_otp() as otp_controller: otp_controller.put_configuration( int(slot), HmacSha1SlotConfiguration(key).require_touch(touch) ) return success()
def test_calculate_hmac_sha1(self, session): session.put_configuration( SLOT.TWO, HmacSha1SlotConfiguration( bytes.fromhex("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b") ), ) output = session.calculate_hmac_sha1(SLOT.TWO, b"Hi There") assert output == bytes.fromhex("b617318655057264e28bc0b6fb378c8ef146be00")
def chalresp(ctx, slot, key, totp, touch, force, generate): """ Program a challenge-response credential. If KEY is not given, an interactive prompt will ask for it. """ session = ctx.obj["session"] if key: if generate: ctx.fail( "Invalid options: --generate conflicts with KEY argument.") elif totp: key = parse_b32_key(key) else: key = parse_oath_key(key) else: if force and not generate: ctx.fail("No secret key given. Please remove the --force flag, " "set the KEY argument or set the --generate flag.") elif generate: key = os.urandom(20) if totp: b32key = b32encode(key).decode() click.echo( f"Using a randomly generated key (Base32): {b32key}") else: click.echo(f"Using a randomly generated key: {key.hex()}") elif totp: while True: key = click_prompt("Enter a secret key (base32)") try: key = parse_b32_key(key) break except Exception as e: click.echo(e) else: key = click_prompt("Enter a secret key") key = parse_oath_key(key) cred_type = "TOTP" if totp else "challenge-response" force or click.confirm( f"Program a {cred_type} credential in slot {slot}?", abort=True, err=True, ) try: session.put_configuration( slot, HmacSha1SlotConfiguration(key).require_touch(touch), ctx.obj["access_code"], ctx.obj["access_code"], ) except CommandError as e: _failed_to_write_msg(ctx, e)
def program_challenge_response(self, slot, key, touch): key = a2b_hex(key) with self._open_device([OtpConnection]) as conn: session = YubiOtpSession(conn) try: session.put_configuration( slot, HmacSha1SlotConfiguration(key).require_touch(touch), ) except CommandError as e: logger.debug("Failed to program Challenge-response", exc_info=e) return failure("write error") return success()
def test_slot_touch_triggered(self, session, read_config, slot): session.put_configuration(slot, HmacSha1SlotConfiguration(b"a" * 16)) state = read_config() assert state.is_configured(slot) assert not state.is_touch_triggered(slot) session.put_configuration(slot, StaticPasswordSlotConfiguration(b"a")) state = read_config() assert state.is_configured(slot) assert state.is_touch_triggered(slot) session.delete_slot(slot) state = read_config() assert not state.is_configured(slot) assert not state.is_touch_triggered(slot)