Fixes

Yubico · May 24, 2024 · 8ba5270 · 8ba5270
1 parent 338b092
commit 8ba5270
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 11 deletions.
diff --git a/tests/test_device.py b/tests/test_device.py
@@ -16,15 +16,15 @@ def info(form_factor):
  serial=None,
  version=Version(5, 3, 0),
  form_factor=form_factor,
- supported_capabilities={TRANSPORT.USB: 0xFF}, # type: ignore
+ supported_capabilities={TRANSPORT.USB: CAPABILITY(0xFF)}, # type: ignore
  is_locked=False,
  is_fips=False,
  )
 
 
 def info_nfc(form_factor):
  with_nfc = info(form_factor)
- with_nfc.supported_capabilities[TRANSPORT.NFC] = 0xFF
+ with_nfc.supported_capabilities[TRANSPORT.NFC] = CAPABILITY(0xFF)
  return with_nfc
 
 
@@ -37,8 +37,14 @@ def test_yk5_formfactors():
  assert get_name(info_nfc(FORM_FACTOR.USB_C_KEYCHAIN), kt) == "YubiKey 5C NFC"
  assert get_name(info(FORM_FACTOR.USB_C_NANO), kt) == "YubiKey 5C Nano"
  assert get_name(info(FORM_FACTOR.USB_C_LIGHTNING), kt) == "YubiKey 5Ci"
- assert get_name(info(FORM_FACTOR.USB_A_BIO), kt) == "YubiKey Bio"
- assert get_name(info(FORM_FACTOR.USB_C_BIO), kt) == "YubiKey C Bio"
+ assert (
+ get_name(info(FORM_FACTOR.USB_A_BIO), kt)
+ == "YubiKey Bio - Multi-protocol Edition"
+ )
+ assert (
+ get_name(info(FORM_FACTOR.USB_C_BIO), kt)
+ == "YubiKey C Bio - Multi-protocol Edition"
+ )
  assert get_name(info(FORM_FACTOR.UNKNOWN), kt) == "YubiKey 5"
  assert get_name(info_nfc(FORM_FACTOR.UNKNOWN), kt) == "YubiKey 5 NFC"
 
@@ -84,8 +90,14 @@ def test_yk5_fips_formfactors():
  )
  assert get_name(fips(info(FORM_FACTOR.USB_C_NANO)), kt) == "YubiKey 5C Nano FIPS"
  assert get_name(fips(info(FORM_FACTOR.USB_C_LIGHTNING)), kt) == "YubiKey 5Ci FIPS"
- assert get_name(fips(info(FORM_FACTOR.USB_A_BIO)), kt) == "YubiKey Bio FIPS"
- assert get_name(fips(info(FORM_FACTOR.USB_C_BIO)), kt) == "YubiKey C Bio FIPS"
+ assert (
+ get_name(fips(info(FORM_FACTOR.USB_A_BIO)), kt)
+ == "YubiKey Bio - Multi-protocol Edition FIPS"
+ )
+ assert (
+ get_name(fips(info(FORM_FACTOR.USB_C_BIO)), kt)
+ == "YubiKey C Bio - Multi-protocol Edition FIPS"
+ )
  assert get_name(fips(info(FORM_FACTOR.UNKNOWN)), kt) == "YubiKey 5 FIPS"
  assert get_name(fips(info_nfc(FORM_FACTOR.UNKNOWN)), kt) == "YubiKey 5 NFC FIPS"
 

diff --git a/ykman/_cli/__main__.py b/ykman/_cli/__main__.py
@@ -277,7 +277,7 @@ def require_device(connection_types, serial=None):
  help="specify private key and certificate chain for secure messaging, "
  "can be used multiple times to provide key and certificates in multiple "
  "files (private key, certificates in leaf-last order), OR SCP03 keys in hex "
- "(K-ENC K-MAC [K-DEK])",
+ " separated by colon (:) K-ENC:K-MAC[:K-DEK]",
 )
 @click.option(
  "-p",
@@ -360,7 +360,7 @@ def cli(
  if reader and device:
  ctx.fail("--reader and --device options can't be combined.")
 
- use_scp = bool(scp_sd or scp_cred or scp_ca)
+ use_scp = bool(any(scp_sd) or scp_cred or scp_ca)
 
  subcmd = next(c for c in COMMANDS if c.name == ctx.invoked_subcommand)
  # Commands that don't directly act on a key
@@ -413,9 +413,12 @@ def resolve():
  else:
  ca = None
 
- re_hex_keys = re.compile(r"^[0-9a-fA-F]{32}$")
- if all(re_hex_keys.match(k) for k in scp_cred) and 2 <= len(scp_cred) <= 3:
- scp03_keys = StaticKeys(*(bytes.fromhex(k) for k in scp_cred))
+ key_fmt = r"[0-9a-fA-F]{32}"
+ re_hex_keys = re.compile(rf"^{key_fmt}:{key_fmt}(:{key_fmt})?$")
+ if len(scp_cred) == 1 and re_hex_keys.match(scp_cred[0]):
+ scp03_keys = StaticKeys(
+ *(bytes.fromhex(k) for k in scp_cred[0].split(":"))
+ )
  scp11_creds = None
  else:
  f = click.File("rb")