o sh#@sddlmZddlmZddlmZddlmZmZm Z m Z ddl m Z ddl mZddlmZmZdd lmZdd lZeGd d d eZGd ddeZeddGdddeZeddGdddeZGdddZd S)) annotations)CTAPHID) CtapDevice)websafe_encodewebsafe_decode bytes2int ByteBuffer)ES256)FidoU2FAttestation)IntEnumunique) dataclassNc@seZdZdZdZdZdZdS)APDUzAPDU response codes.iiiijN)__name__ __module__ __qualname____doc__OKUSE_NOT_SATISFIED WRONG_DATArrF/var/www/html/env_mimamsha/lib/python3.10/site-packages/fido2/ctap1.pyr(s rc@s$eZdZdZd d ddZd d Zd S) ApduErrorzAn Exception thrown when a response APDU doesn't have an OK (0x9000) status. :param code: APDU response code. :param data: APDU response body. codeintdatabytescCs||_||_dSN)rr)selfrrrrr__init__:s zApduError.__init__cCsd|jddt|jddS)NzAPDU error: 0x04X dz bytes of data)rlenrr rrr__repr__>szApduError.__repr__N)r)rrrr)rrrrr!r'rrrrr1s  rF)initcsjeZdZUdZded<ded<ded<ded<dfdd Zedd d ZdddZe dddZ Z S)RegistrationDataawBinary response data for a CTAP1 registration. :param _: The binary contents of the response data. :ivar public_key: Binary representation of the credential public key. :ivar key_handle: Binary key handle of the credential. :ivar certificate: Attestation certificate of the authenticator, DER encoded. :ivar signature: Attestation signature. r public_key key_handle certificate signature_cstt|}|ddkrtd|d|_||d|_|d}|d}|dkrA|d}||}||7}t|}||||_ ||_ dS)NBzReserved byte != 0x05Ar) superr!r unpack ValueErrorreadr*r+rr,r-)r r.readercert_bufcert_lenn_bytes len_bytes __class__rrr!Ss    zRegistrationData.__init__returnstrcCt|S)z6Websafe base64 encoded string of the RegistrationData.rr&rrrb64gzRegistrationData.b64 app_param client_paramNonecCs t|||j|j|j|jdS)zVerify the included signature with regard to the given app and client params. :param app_param: SHA256 hash of the app ID used for the request. :param client_param: SHA256 hash of the ClientData used for the request. N)r verify_signaturer+r*r,r-)r rErFrrrverifylszRegistrationData.verifyrcC |t|S)zParse a RegistrationData from a websafe base64 encoded string. :param data: Websafe base64 encoded string. :return: The decoded and parsed RegistrationData. rclsrrrrfrom_b64| zRegistrationData.from_b64r.rr?r@)rErrFrr?rG)rr@r?r) rrrr__annotations__r!propertyrCrI classmethodrN __classcell__rrr=rr)Bs    r)csbeZdZUdZded<ded<ded<dfdd Zedd d ZdddZe dddZ Z S) SignatureDatazBinary response data for a CTAP1 authentication. :param _: The binary contents of the response data. :ivar user_presence: User presence byte. :ivar counter: Signature counter. :ivar signature: Cryptographic signature. r user_presencecounterrr-r.cs8tt|}|d|_|d|_||_dS)Nr/z>I)r4r!r r5rXrYr7r-)r r.r8r=rrr!s   zSignatureData.__init__r?r@cCrA)z8str: Websafe base64 encoded string of the SignatureData.rBr&rrrrCrDzSignatureData.b64rErFr*rGcCs,||dd|}t|||jdS)aeVerify the included signature with regard to the given app and client params, using the given public key. :param app_param: SHA256 hash of the app ID used for the request. :param client_param: SHA256 hash of the ClientData used for the request. :param public_key: Binary representation of the credential public key. Nr0)r from_ctap1rIr-)r rErFr*mrrrrIszSignatureData.verifyrcCrJ)zParse a SignatureData from a websafe base64 encoded string. :param data: Websafe base64 encoded string. :return: The decoded and parsed SignatureData. rKrLrrrrNrOzSignatureData.from_b64rPrQ)rErrFrr*rr?rG)rr@r?rWrRrrr=rrWs    rWc@s^eZdZdZeGdddeZd$ddZ d%d&ddZd'ddZ d(ddZ d)d*d!d"Z d#S)+Ctap1zlImplementation of the CTAP1 specification. :param device: A CtapHidDevice handle supporting CTAP1. c@seZdZdZdZdZdS)z Ctap1.INSrr2N)rrrREGISTER AUTHENTICATEVERSIONrrrrINSsradevicercCs ||_dSr)rb)r rbrrrr!s zCtap1.__init__rrclarinsp1p2rrr?c Csntd||||dt||d}|jtj|}td|ddd}|dd}|tj kr5t |||S)a\Packs and sends an APDU for use in CTAP1 commands. This is a low-level method mainly used internally. Avoid calling it directly if possible, and use the get_version, register, and authenticate methods if possible instead. :param cla: The CLA parameter of the request. :param ins: The INS parameter of the request. :param p1: The P1 parameter of the request. :param p2: The P2 parameter of the request. :param data: The body of the request. :return: The response APDU data of a successful request. :raise: ApduError z>BBBBBHrsz>HN) structpackr%rbcallrMSGr5rrr) r rcrdrerfrapduresponsestatusrrr send_apdus"   zCtap1.send_apdur@cCs|jtjjdS)zGet the U2F version implemented by the authenticator. The only version specified is "U2F_V2". :return: A U2F version string. )rd)ror\rar`decoder&rrr get_versionszCtap1.get_versionrFrEr)cCs"||}|jtjj|d}t|S)aRegister a new U2F credential. :param client_param: SHA256 hash of the ClientData used for the request. :param app_param: SHA256 hash of the app ID used for the request. :return: The registration response from the authenticator. )rdr)ror\rar^r))r rFrErrmrrrregisterszCtap1.registerFr+ check_onlyboolrWcCsD||tdt||}|rdnd}|jtjj||d}t|S)aAuthenticate a previously registered credential. :param client_param: SHA256 hash of the ClientData used for the request. :param app_param: SHA256 hash of the app ID used for the request. :param key_handle: The binary key handle of the credential. :param check_only: True to send a "check-only" request, which is used to determine if a key handle is known. :return: The authentication response from the authenticator. z>Br])rdrer)rhrir%ror\rar_rW)r rFrEr+rsrrermrrr authenticates  zCtap1.authenticateN)rbr)rrrrr) rcrrdrrerrfrrrr?rrQ)rFrrErr?r))F) rFrrErr+rrsrtr?rW) rrrrr r rar!rorqrrrvrrrrr\s   r\) __future__rhidrctaprutilsrrrr coser attestationr enumr r dataclassesrrhr Exceptionrrr)rWr\rrrrs"      C/