PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB`  Uc @sdZdddgZddlmZddlZddlZddlZddlZddlZddl Z ddl m Z ddl Z ddl Z ddl Z ddlZdd >ZdZd Zd ZdZd Zd ZdZdZdZdZdZdZdZdZdZdZdZ dZ!dZ"eeeeeeee e!e"g Z#dZ$dZ%dZ&dZ'dZ(iie'd6e(d6d 6ie%d6e&d6d!6Z)dej*fd"YZ+d#e j,fd$YZ-de fd%YZ.dfd&YZ/d'ej0fd(YZ1dS()s( module for accessing a USB HID YubiKey t YubiKeyUSBHIDtYubiKeyUSBHIDErrortYubiKeyUSBHIDStatusi(t __version__N(tYubiKeyiiiii iiiiPiiiiiiiiiii i(i0i8itHMACtOTPcBseZdZRS(s= Exception raised for errors with the USB HID communication. (t__name__t __module__t__doc__(((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyRUstYubiKeyUSBHIDCapabilitiescBsqeZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z RS( s Capture the capabilities of the various versions of YubiKeys. Overrides just the functions from YubiKeyCapabilities() that are available in one or more versions, leaving the other ones at False through default_answer. cCs&tjj|d|d|d|dS(Ntmodeltversiontdefault_answer(tyubikeytYubiKeyCapabilitiest__init__(tselfR R R ((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR_scCstS(sG Yubico OTP support has always been available in the standard YubiKey. (tTrue(R((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pythave_yubico_OTPdscCs|dkrtS|jdkS(s* OATH HOTP was introduced in YubiKey 2.2. tHOTPiii(R(iii(tFalseR (Rtmode((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyt have_OATHhs cCs|dkrtS|jdkS(s3 Challenge-response was introduced in YubiKey 2.2. RRii(RR(iii(RR (RR((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pythave_challenge_responsens cCs |jdkS(sW Reading serial number was introduced in YubiKey 2.2, but depends on extflags set too. ii(iii(R (R((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pythave_serial_numbertscCs|jd|jd|jS(NR R (t is_compatibleR R (Rtflag((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pythave_ticket_flagxscCs|jd|jd|jS(NR R (RR R (RR((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pythave_config_flag{scCs|jd|jd|jS(NR R (RR R (RR((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pythave_extended_flag~scCs |jdkS(Nii(iii(R (R((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pythave_extended_scan_code_modescCs |jdkS(Nii(iii(R (R((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pythave_shifted_1_modescCs |dkS(Nii(ii((Rtslot((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pythave_configuration_slots(RRR RRRRRRRRRR R"(((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR Xs          cBs+eZdZdZdZeddZdZdZdZ dZ d Z e d Z d d e e d ZdZd dZdZdZdZedZdZdZdZd dZedZedZddZddZdZddZe dZ RS(!s Class for accessing a YubiKey over USB HID. This class is for communicating specifically with standard YubiKeys (USB vendor id = 0x1050, product id = 0x10) using USB HID. There is another class for the YubiKey NEO BETA, even though that product also goes by product id 0x10 for the BETA versions. The expectation is that the final YubiKey NEO will have it's own product id. Tested with YubiKey versions 1.3 and 2.2. RsYubiKey (or YubiKey NANO)icCsltj||d|_|j|s7tdn|jtd|jd|j dt |_ dS(s Find and connect to a YubiKey (USB HID). Attributes : skip -- number of YubiKeys to skip debug -- True or False s%YubiKey USB HID initialization failedR R R N( RRtNonet _usb_handlet_openRtstatusR R t version_numRt capabilities(Rtdebugtskip((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyRs   cCs2y|jr|jnWntk r-nXdS(N(R$t_closetIOError(R((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyt__del__s   cCs)d|jjtt||jfS(Ns'<%s instance at %s: YubiKey version %s>(t __class__RthextidR (R((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyt__repr__s cCs"|j}t||_|jS(s* Poll YubiKey for status. (t_readRt_status(Rtdata((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR&s cCs |jjS(s; Get the YubiKey version as a tuple (major, minor, build). (R3tykver(R((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR'scCs |jjS(s Get the YubiKey version. (R3R (R((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR scCs8|jjs+tjd|jn|j|S(s7 Get the YubiKey serial number (requires YubiKey 2.2). s'Serial number unsupported in YubiKey %s(R(RRtYubiKeyVersionErrorR t _read_serial(Rt may_block((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pytserialsRicCsM|jj|s4tjd||jfn|j|||||S(sR Issue a challenge to the YubiKey and return the response (requires YubiKey 2.2). s/%s challenge-response unsupported in YubiKey %s(R(RRR6R t_challenge_response(Rt challengeRR!tvariableR8((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pytchallenge_responses"cKstd|jd|j|S(s6 Get a configuration object for this type of YubiKey. R5R((tYubiKeyConfigUSBHIDR'R((Rtkw((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyt init_configscCs|j}||jkrKtjd|d|d|jfn|jj|sptd|n|j||S(s' Write a configuration to the YubiKey. s9Configuration requires YubiKey version %i.%i (this is %s)iis$Can't write configuration to slot %i( tversion_requiredR'RR6R R(R"Rt _write_config(RtcfgR!t cfg_req_ver((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyt write_configs  $cCsmtjdt}|j||jd|}tj|d sStdntj d|}|dS(s. Read the serial number from a YubiKey > 2.2. tcommandR8is!Read from device failed CRC checks>lxxxi( t yubikey_framet YubiKeyFramet_SLOT_DEVICE_SERIALt_writet_read_responset yubico_utiltvalidate_crc16Rtstructtunpack(RR8tframetresponseR9((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR7s c Cs|dkrt|tjkrFtjdtjt|fnt|tjkrtd}|r|d|krtd}n|jtj|}ntj}n}|dkrt|tjkrtjdtjt|fn|jtjtd}d}ntjd |yt ||}Wntjd |nXt j d |d |} |j | |j d |} tj| |d stdn| | S(s- Do challenge-response with a YubiKey > 2.0. Rs#Mode HMAC challenge too big (%i/%i)iiiRs,Mode OTP challenge must be %i bytes (got %i)is9Invalid mode supplied (%s, valid values are HMAC and OTP)sInvalid slot specified (%s)RFtpayloadR8is!Read from device failed CRC check(tlent yubikey_defstSHA1_MAX_BLOCK_SIZEtyubico_exceptiont InputErrortchrtljusttSHA1_DIGEST_SIZEtUID_SIZEt_CMD_CHALLENGERGRHRJRKRLRMR( RR;RR!R<R8tpad_witht response_lenRFRPRQ((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR:s8          cCs|jj}|jd|}|jdtj|j|f|j||jt j |j |jd|||jjf|jj|dkrt d||jjfndS(s! Write configuration to YubiKey. R!sWriting %s frame : %s s&Programmed slot %i, sequence %i -> %i is6YubiKey programming failed (seq %i not increased (%i))N( R3tpgm_seqtto_framet_debugtyubikey_configt command2strRFRJt_waitfor_clearRTtSLOT_WRITE_FLAGR&R(RRCR!t old_pgm_seqRP((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyRBs     cCs|jtj|d }xetr|j}t|d}|tj@r||d@}|rk|dkrkPn||d 7}qPqW|j|S(s7 Wait for a response to become available, and read it. iii(t _waitfor_setRTtRESP_PENDING_FLAGRR2tordt _write_reset(RR8trestthistflagstseq((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyRK%s     cCsttBtB}td>}|jj|ttd|dt}t |tkrt|j dt|ft dndj d|D}|j dt j|d t|S( s1 Read a USB HID feature report from the YubiKey. itvaluettimeouts7Failed reading %i bytes (got %i) from USB HID YubiKey. s#Failed reading from USB HID YubiKeytcss|]}t|VqdS(N(RX(t.0tc((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pys Dss READ : %stcolorize(t_USB_TYPE_CLASSt_USB_RECIP_INTERFACEt_USB_ENDPOINT_INt_REPORT_TYPE_FEATURER$t controlMsgt_HID_GET_REPORTt_FEATURE_RPT_SIZEt_USB_TIMEOUT_MSRSRaRtjoinRLthexdumpR(Rt request_typeRotrecvR4((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR27s     cCsbx[|jd|jD]D}d}|jr:|\}}n|jtj|j||qWtS(sy Write a YubiKeyFrame to the USB HID. Includes polling for YubiKey readiness before each write. R)N(tto_feature_reportsR)R#RdRTRet _raw_writeR(RRPR4t debug_str((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyRJHs cCs'd}|j||jtjtS(s; Reset read mode by issuing a dummy write. t(RRdRTReR(RR4((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyRjWs cCs|jrK|sd}ntj|dtd }|jd||fnttBtB}td>}|j j |t |d|dt }|t kr|jdt |ftd n|S( s( Write data to YubiKey. RqRtisWRITE : %s %s iRoRps7Failed writing %i bytes (wrote %i) to USB HID YubiKey. s!Failed talking to USB HID YubiKey(R)RLR~RRaRuRvt_USB_ENDPOINT_OUTRxR$Ryt_HID_SET_REPORTR|R{R(RR4RR~RRotsent((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR`s"       cCs|jd||S(s Wait for the YubiKey to turn OFF the bits in 'mask' in status responses. Returns the 8 bytes last read. tnand(t_waitfor(RtmaskR8((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyRdvscCs|jd||S(s Wait for the YubiKey to turn ON the bits in 'mask' in status responses. Returns the 8 bytes last read. tand(R(RRR8((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyRg~sic Cst}d}|ddd}t}x|s|j} t| d} | tj@r|st}| tj@} |jd| |rtd| } | ddd}qqn|dkr| |@|kst}q^|jd t | | t ||fn]|d krR| |@|kr&t}q^|jd t | | t ||fn ds^t |s|d8}|d kr|dkrd |} n d|} t j | nt j|t||d}q'| Sq'WdS(s Wait for the YubiKey to either turn ON or OFF certain bits in the status byte. mode is either 'and' or 'nand' timeout is a number of seconds (precision about ~0.5 seconds) g{Gz?iiiis0Device indicates RESP_TIMEOUT (%i seconds left) iRs0Status %s (0x%x) has not cleared bits %s (0x%x) Rs,Status %s (0x%x) has not set bits %s (0x%x) is2Timed out waiting for YubiKey to clear status 0x%xs0Timed out waiting for YubiKey to set status 0x%xg?N((RR2RiRTtRESP_TIMEOUT_WAIT_FLAGRtRESP_TIMEOUT_WAIT_MASKRatmintbintAssertionErrorRtYubiKeyTimeoutttimetsleep( RRRR8RptfinishedRtwait_numt resp_timeoutRlRmt seconds_lefttreason((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyRsJ        #   #       cCs|j|}|r9|jd}|jdd|_n tdy#|j|_|jjdWnBtk r}dt |kr|j dq|j dnXy|jj dWn!t j k r|j dnX|jj|jtS(s Perform HID initialization isNo USB YubiKey founds-could not detach kernel driver from interfaces3The in-kernel-HID driver has already been detached s"detachKernelDriver not supported! is)Unable to set configuration, ignoring... (t_get_usb_devicetconfigurationst interfacest_usb_intRtopenR$tdetachKernelDrivert ExceptiontstrRatsetConfigurationtusbtUSBErrortclaimInterfaceR(RR*t usb_devicetusb_confterror((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR%s$  cCsD|jjy|jjjdWnnXd|_d|_tS(s2 Release the USB interface again. iN(R$treleaseInterfacetdevtattach_kernel_driverR#RR(R((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR+s   cCsyVddl}ddl}g|jjdtdtD]}|jj|^q7}WnLtk rddl }g|j D]}|j D] }|^qq}nXxL|D]D}|j tkr|j tkr|dkr|S|d8}qqqWdS(s Get YubiKey USB device. Optionally allows you to skip n devices, to support multiple attached YubiKeys. iNtfind_alltidVendorii(tusb.coret usb.legacytcoretfindRt _YUBICO_VIDtlegacytDevicet ImportErrorRtbussestdevicesRt idProductt_YK_PIDSR#(RR*RtdRtbustdevice((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyRs  /  3  cCsp|jrl|rY|jj}t|dr<t|d}ntjjd|jjntjj|ndS(s/ Print out to stderr, if debugging is enabled. t debug_prefixs%s: N(R)R.Rthasattrtgetattrtsyststderrtwrite(Rtoutt print_prefixtpre((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyRas  N(!RRR R t descriptionRRR-R1R&R'R RR9R=R@RER7R:RBRKR2RJRjR#RRdRgRR%R+RRa(((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyRs8         #        7   cBsGeZdZdZdZdZdZdZdZdZ RS(sD Class to represent the status information we get from the YubiKey. iicCs@d}tj||\|_|_|_|_|_|_dS(Ns (iii( R5t valid_configsRmR.RR/R0R R_R(Rt valid_strt flags_str((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR1 s   cCs|j|j|jfS(sQ Returns a tuple with the (major, minor, build) version of the YubiKey firmware. (RRR(R((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR52scCsd|j}|S(s2 Return the YubiKey firmware version as a string. s%d.%d.%d(R5(RR ((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR 6scCs|jdkr+td|jng}|j|j@|jkrZ|jdn|j|j@|jkr|jdn|S(sL Return a list of slots having a valid configurtion. Requires firmware 2.1. iiis(Valid configs unsupported in firmware %s(iii(R5RR Rt CONFIG1_VALIDtappendt CONFIG2_VALID(RRk((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR;s( RRR RRRR1R5R R(((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyRs    R>cBseZdZddZRS(s3 Configuration class for USB HID YubiKeys. cKs#tjj|d|d||dS(NR5R((Rbt YubiKeyConfigRR#(RR5R(R?((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyRJsN(RRR R#R(((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pyR>Fs(2R t__all__tyubicoRRLRVRGRbRTRRRNRRRRuRvRwRRzRR|R{RxRt _YUBIKEY_PIDt _NEO_OTP_PIDt_NEO_OTP_CCID_PIDt_NEO_OTP_U2F_PIDt_NEO_OTP_U2F_CCID_PIDt _YK4_OTP_PIDt_YK4_OTP_U2F_PIDt_YK4_OTP_CCID_PIDt_YK4_OTP_U2F_CCID_PIDt_PLUS_U2F_OTP_PIDRRIt_SLOT_CHAL_OTP1t_SLOT_CHAL_OTP2t_SLOT_CHAL_HMAC1t_SLOT_CHAL_HMAC2R\t YubicoErrorRRR RRRR>(((s:/usr/lib/python2.7/site-packages/yubico/yubikey_usb_hid.pytst              2>