mg#dZddlmZddlZddlZddlmZmZmZm Z m Z ddlm Z m Z m Z mZe dZe eeeefZdZdZd Zd Zd Zd ed eeefdefdZdededefdedefdZddd edede eeffdZddd ededede edede eeffdZdddededede eeeff dZ dddededed ede eeeff d!Z!d ededede edede eeff d"Z"dededed#ede eeeff d$Z#dede edede efd%Z$ dd&l%m&Z&dd'l'm(Z(dd(l)m*Z*m+Z+m,Z,dd)l-m.Z.m/Z/m0Z0dd*l-m1Z1d+Z2y#e3e4e5f$rd,Z2ded-ede fd.Z6e6Z"e6Z#e6Z$YywxYw)/zU2F security key handler)sha256N)CallableListMappingNoReturnOptional)SequenceTupleTypeVarcast _PollResultg?s iialg public_keyreturncptt|d}|tk(r|Sd|ztt|dzS)z8Decode algorithm and public value from a CTAP public key)r bytesSSH_SK_ED25519)rrresults +lib/python3.12/site-packages/asyncssh/sk.py_decode_public_keyr.s<%B (F n& 4z"~#>>> poll_intervalfunc.argsc ||S#t$r=}|jtjk7rt j |Yd}~nd}~wwxYwP)z'Poll until a CTAP1 response is receivedN) ApduErrorcodeAPDUUSE_NOT_SATISFIEDtimesleep)rrrexcs r _ctap1_pollr'9sO  &;  &xx4111 JJ} % %  & s A3A  Adev CtapHidDevice applicationct|}|tk7r tdt|j }t t |jt|}|j|jfS)z.Enroll a new security key using CTAP version 1zUnsupported algorithm) Ctap1 SSH_SK_ECDSA ValueErrorrdigestr'_CTAP1_POLL_INTERVALregister _dummy_hashr key_handle)r(rr*ctap1app_hash registrations r _ctap1_enrollr7Gse #JE l011k"))+H3U^^*H6L  " "L$;$; ;;ruserpinresidentc t|}|jd}||d}|jd|d}d|dg} d|i} |rVt} t || j |} t j| ttjdd} nd} d} | r | jnd}|jt||| | | |}|jj}t||j |j"fS) z.Enroll a new security key using CTAP version 2utf-8)idname public-key)typerrkN)options pin_uv_parampin_uv_protocol)Ctap2decodeencode PinProtocolV1 ClientPin get_pin_tokenhmacnewr2rr/VERSIONmake_credential auth_datacredential_datarr credential_id)r(rr*r8r9r:ctap2rp user_cred key_paramsrC pin_protocol pin_tokenpin_auth pin_versioncredcdatas r _ctap2_enrollr]Ws #JE$$W-K[ 1B{{7+T:I'45JXG  $ e\2@@E 88I{F;BBDSbI *6,&&DK  b)Z)0x1< ! >D NN * *E c5#3#3 4e6I6I IIr message_hashr3ct|}t|j}tt|j |||}|d}t j|ddd}|dd} ||| fS)z7Sign a message with a security key using CTAP version 1rrbigN)r,rr/r'r0 authenticateint from_bytes) r(r^r*r3r4r5 auth_responseflagscountersigs r _ctap1_signriysy #JEk"))+H 4e6H6H ,h DM ! Enn]1Q/7G  C '3 rtouch_requiredct|}|jd}d|dg}d|i}|j||||d}|j} | j| j |j fS)z7Sign a message with a security key using CTAP version 2r<r?)r@r=up)rCr)rFrGget_assertionsrPrfrg signature) r(r^r*r3rjrS allow_credsrC assertionrPs r _ctap2_signrqs #JE$$W-K( ;; IIK, 8 99 5xx9==777 S*48 9 9"3 k:NN IIK  988t.$SX.D8/ 9.  9 IIKCIIKseA D!r=Nrsz PIN not set)rr/r)rurFrIrJrKCredentialManagementenumerate_credsr rr|objectRESULTUSER CREDENTIAL_IDrrc PUBLIC_KEYrappendrxr!ryrrwr{r. PIN_NOT_SET)r*r8r9r5rr(rSrWrX cred_mgmtr[ user_infor>cred_idr3rr public_valuer&s rsk_get_residentrsk"))+H#%F))+$ #JE(?L!%6DDSII,UL)LI!11(; f!5!%&:&A&A&F&F!GI C6!23DDLwsF{3#$8$?$?$M$MNP!%7 !'#v+"6"&';'B'B'M'M"NP 3 1 .1#zB  sD, CD%<: IIKK,N M 5xx9==777 IIKY]]666 /T9Y]]666 /T9 S*4 5 IIKs1EF** I03'I+I30A;I++I00I33J)r))rx)r,r"r )rFrJrI)rTFkwargsctd)z/Report that security key support is unavailablez"Security key support not available)r.)rrs r_sk_not_availablers=>>r)7__doc__hashlibrrLr$typingrrrrrr r r r r rcr|r_SKResidentKeyr0r2rr-rrrfloatr'r7rr]rirqr}rr fido2.hidr) fido2.ctaprx fido2.ctap1r,r"r fido2.ctap2rFrJrIr sk_available ImportErrorOSErrorAttributeErrorrrrrs* >>11m$ sC-. ! ?C?WS&[-A?e? &u &HS+5E,F & &"- & <