How to use the fido2.ctap.CtapError.ERR function in fido2

To help you get started, we’ve selected a few fido2 examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github Yubico / python-fido2 / test / test_client.py View on Github external
def test_make_credential_existing_key(self, PatchedCTAP2):
        dev = mock.Mock()
        dev.capabilities = CAPABILITY.CBOR
        ctap2 = mock.MagicMock()
        ctap2.get_info.return_value = Info(_INFO_NO_PIN)
        ctap2.make_credential.side_effect = CtapError(CtapError.ERR.CREDENTIAL_EXCLUDED)
        PatchedCTAP2.return_value = ctap2
        client = Fido2Client(dev, APP_ID)

        try:
            client.make_credential(
                PublicKeyCredentialCreationOptions(
                    rp,
                    user,
                    challenge,
                    [{"type": "public-key", "alg": -7}],
                    authenticator_selection={"userVerification": "discouraged"},
                )
            )
            self.fail("make_credential did not raise error")
        except ClientError as e:
            self.assertEqual(e.code, ClientError.ERR.DEVICE_INELIGIBLE)
github Yubico / python-fido2 / fido2 / nfc.py View on Github external
try:
                        ka_status = STATUS(ka_status)
                    except ValueError:
                        pass  # Unknown status value
                    last_ka = ka_status
                    on_keepalive(ka_status)

                # NFCCTAP_GETRESPONSE
                resp, sw1, sw2 = self._chain_apdus(0x80, 0x11, 0x00, 0x00, b"")

            if (sw1, sw2) != SW_SUCCESS:
                raise CtapError(CtapError.ERR.OTHER)  # TODO: Map from SW error

            return resp

        raise CtapError(CtapError.ERR.KEEPALIVE_CANCEL)
github Yubico / python-fido2 / fido2 / hid.py View on Github external
if status == cmd:
                return bytes(resp)
            elif status == CTAPHID.ERROR:
                raise CtapError(resp[0])
            elif status == CTAPHID.KEEPALIVE:
                ka_status = resp[0]
                if on_keepalive and last_ka != ka_status:
                    try:
                        ka_status = STATUS(ka_status)
                    except ValueError:
                        pass  # Unknown status value
                    last_ka = ka_status
                    on_keepalive(ka_status)
                continue
            else:
                raise CtapError(CtapError.ERR.INVALID_COMMAND)

        # Cancel the request.
        self._dev.InternalSend(TYPE_INIT | CTAPHID.CANCEL, bytearray())
        self._dev.InternalRecv()
        raise CtapError(CtapError.ERR.KEEPALIVE_CANCEL)
github Yubico / python-fido2 / fido2 / ctap2.py View on Github external
def enumerate_creds(self, *args, **kwargs):
        """Convenience method to enumerate all resident credentials for an RP.

        See enumerate_creds_begin and enumerate_creds_next for details.
        """
        try:
            first = self.enumerate_creds_begin(*args, **kwargs)
        except CtapError as e:
            if e.code == CtapError.ERR.NO_CREDENTIALS:
                return []
            raise  # Other error
        rest = [
            self.enumerate_creds_next()
            for _ in range(
                1, first.get(CredentialManagement.RESULT.TOTAL_CREDENTIALS, 1)
            )
        ]
        return [first] + rest
github Yubico / yubikey-manager / ykman / cli / fido.py View on Github external
"""
    Display status of FIDO2 application.
    """
    controller = ctx.obj['controller']

    if controller.is_fips:
        click.echo('FIPS Approved Mode: {}'.format(
                'Yes' if controller.is_in_fips_mode else 'No'))
    else:
        if controller.has_pin:
            try:
                click.echo(
                    'PIN is set, with {} tries left.'.format(
                        controller.get_pin_retries()))
            except CtapError as e:
                if e.code == CtapError.ERR.PIN_BLOCKED:
                    click.echo('PIN is blocked.')
        else:
            click.echo('PIN is not set.')
github Yubico / python-fido2 / fido2 / pcsc.py View on Github external
try:
                        ka_status = STATUS(ka_status)
                    except ValueError:
                        pass  # Unknown status value
                    last_ka = ka_status
                    on_keepalive(ka_status)

                # NFCCTAP_GETRESPONSE
                resp, sw1, sw2 = self._chain_apdus(0x80, 0x11, 0x00, 0x00)

            if (sw1, sw2) != SW_SUCCESS:
                raise CtapError(CtapError.ERR.OTHER)  # TODO: Map from SW error

            return resp

        raise CtapError(CtapError.ERR.KEEPALIVE_CANCEL)
github Yubico / yubikey-manager / ykman / driver_fido.py View on Github external
def is_in_fips_mode(self):
        try:
            sw = self._dev.call(
                CTAPHID.MSG, [*[0, FIPS_U2F_CMD.VERIFY_FIPS_MODE], 0, 0])
            return sw == b'\x90\x00'
        except CtapError as e:
            if e.code == CtapError.ERR.INVALID_COMMAND:
                return False
            else:
                raise e
github Yubico / python-fido2 / fido2 / client.py View on Github external
def _ctap1_get_assertion(
        self, client_data, rp_id, allow_list, extensions, uv, pin, event, on_keepalive
    ):
        if uv or not allow_list:
            raise CtapError(CtapError.ERR.UNSUPPORTED_OPTION)

        app_param = sha256(rp_id.encode())
        client_param = client_data.hash
        for cred in allow_list:
            try:
                auth_resp = _call_polling(
                    self.ctap1_poll_delay,
                    event,
                    on_keepalive,
                    self.ctap1.authenticate,
                    client_param,
                    app_param,
                    cred["id"],
                )
                return [AssertionResponse.from_ctap1(app_param, cred, auth_resp)]
            except ClientError as e:
github Yubico / python-fido2 / fido2 / nfc.py View on Github external
def call(self, cmd, data=b"", event=None, on_keepalive=None):
        if cmd == CTAPHID.MSG:
            return self._call_apdu(data)
        elif cmd == CTAPHID.CBOR:
            return self._call_cbor(data, event, on_keepalive)
        else:
            raise CtapError(CtapError.ERR.INVALID_COMMAND)