def test_slot_configured(self, session, read_config):
state = read_config()
assert not state.is_configured(SLOT.ONE)
assert not state.is_configured(SLOT.TWO)
session.put_configuration(SLOT.ONE, HmacSha1SlotConfiguration(b"a" * 16))
state = read_config()
assert state.is_configured(SLOT.ONE)
assert not state.is_configured(SLOT.TWO)
session.put_configuration(SLOT.TWO, HmacSha1SlotConfiguration(b"a" * 16))
state = read_config()
assert state.is_configured(SLOT.ONE)
assert state.is_configured(SLOT.TWO)
session.delete_slot(SLOT.ONE)
state = read_config()
assert not state.is_configured(SLOT.ONE)
assert state.is_configured(SLOT.TWO)
session.swap_slots()
state = read_config()
assert state.is_configured(SLOT.ONE)
assert not state.is_configured(SLOT.TWO)
session.delete_slot(SLOT.ONE)
state = read_config()
assert not state.is_configured(SLOT.ONE)
assert not state.is_configured(SLOT.TWO)
def otp_add_credential(self, slot, key, touch):
key = parse_b32_key(key)
with self._open_otp() as otp_controller:
otp_controller.put_configuration(
int(slot), HmacSha1SlotConfiguration(key).require_touch(touch)
)
return success()
def test_calculate_hmac_sha1(self, session):
session.put_configuration(
SLOT.TWO,
HmacSha1SlotConfiguration(
bytes.fromhex("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b")
),
)
output = session.calculate_hmac_sha1(SLOT.TWO, b"Hi There")
assert output == bytes.fromhex("b617318655057264e28bc0b6fb378c8ef146be00")
def chalresp(ctx, slot, key, totp, touch, force, generate):
"""
Program a challenge-response credential.
If KEY is not given, an interactive prompt will ask for it.
"""
session = ctx.obj["session"]
if key:
if generate:
ctx.fail(
"Invalid options: --generate conflicts with KEY argument.")
elif totp:
key = parse_b32_key(key)
else:
key = parse_oath_key(key)
else:
if force and not generate:
ctx.fail("No secret key given. Please remove the --force flag, "
"set the KEY argument or set the --generate flag.")
elif generate:
key = os.urandom(20)
if totp:
b32key = b32encode(key).decode()
click.echo(
f"Using a randomly generated key (Base32): {b32key}")
else:
click.echo(f"Using a randomly generated key: {key.hex()}")
elif totp:
while True:
key = click_prompt("Enter a secret key (base32)")
try:
key = parse_b32_key(key)
break
except Exception as e:
click.echo(e)
else:
key = click_prompt("Enter a secret key")
key = parse_oath_key(key)
cred_type = "TOTP" if totp else "challenge-response"
force or click.confirm(
f"Program a {cred_type} credential in slot {slot}?",
abort=True,
err=True,
)
try:
session.put_configuration(
slot,
HmacSha1SlotConfiguration(key).require_touch(touch),
ctx.obj["access_code"],
ctx.obj["access_code"],
)
except CommandError as e:
_failed_to_write_msg(ctx, e)
def program_challenge_response(self, slot, key, touch):
key = a2b_hex(key)
with self._open_device([OtpConnection]) as conn:
session = YubiOtpSession(conn)
try:
session.put_configuration(
slot,
HmacSha1SlotConfiguration(key).require_touch(touch),
)
except CommandError as e:
logger.debug("Failed to program Challenge-response", exc_info=e)
return failure("write error")
return success()
def test_slot_touch_triggered(self, session, read_config, slot):
session.put_configuration(slot, HmacSha1SlotConfiguration(b"a" * 16))
state = read_config()
assert state.is_configured(slot)
assert not state.is_touch_triggered(slot)
session.put_configuration(slot, StaticPasswordSlotConfiguration(b"a"))
state = read_config()
assert state.is_configured(slot)
assert state.is_touch_triggered(slot)
session.delete_slot(slot)
state = read_config()
assert not state.is_configured(slot)
assert not state.is_touch_triggered(slot)