Class SetLargeBlobCommand

Namespace

Yubico.YubiKey.Fido2.Commands

Assembly

Yubico.YubiKey.dll

Stores arbitrary data on the YubiKey. This command does not format the data (the FIDO2 standard specifies a format for serializedLargeBlobArray), it simply stores whatever byte array it is given.

Warning

While storing arbitrary data that does not follow the standard's formatting specification is possible, it is not recommended. See the User's Manual entry on FIDO2 Blobs and the documentation for the method SetSerializedLargeBlobArray(SerializedLargeBlobArray).

public sealed class SetLargeBlobCommand : IYubiKeyCommand<SetLargeBlobResponse>

Inheritance

object

SetLargeBlobCommand

Implements

IYubiKeyCommand<SetLargeBlobResponse>

Remarks

The partner Response class is SetLargeBlobResponse. Specified in CTAP as "authenticatorLargeBlobs".

The standard specifies one command called "authenticatorLargeBlobs". It takes input that specifies whether to get or set. The SDK breaks this into two commands.

The standard specifies the format of large blob data, however, this command does not format the input data, nor does it verify that the data is formatted correctly. It stores whatever data it is given.

Note that this command will replace any data currently stored as a large blob on the YubiKey. To update the current data, get the current data (using GetLargeBlobCommand), "edit" it and then call this command.

Constructors

SetLargeBlobCommand(ReadOnlyMemory<byte>, int, int, ReadOnlyMemory<byte>, int)

Constructs an instance of the SetLargeBlobCommand class.

public SetLargeBlobCommand(ReadOnlyMemory<byte> blobData, int offset, int length, ReadOnlyMemory<byte> pinUvAuthParam, int protocol)

Parameters

blobData ReadOnlyMemory<byte>

The data to store.

offset int

The offset into the currently stored blob where the command should begin storing.

length int

If the offset is zero, this is the total number of bytes to store. Otherwise this argument is ignored.

pinUvAuthParam ReadOnlyMemory<byte>

The authentication (using the pinUvAuthToken) of the data to store (with some other bytes).

protocol int

The PIN UV Auth protocol used to compute the pinUvAuthParam.

Remarks

This will store all the data given by the input arg blobData. The offset and length arguments do not refer to the offset and length of the input data, but rather the offset inside the full blob on the YubiKey and the length is the total length of data that will be stored.

The length argument is used only when the offset is 0. If the input offset arg is not 0, this method will ignore length.

Each call to the set command must contain "maxFragmentLength" or fewer bytes. The value of "maxFragmentLength" (from the standard) is the message size minus 64. See the MaximumMessageSize property in the return from the GetInfoCommand. If the total length to set is more than "maxFragmentLength", make multiple calls to the SetLargeBlobCommand. The first call will use an offset of zero and the length will be the total length. Each successive call will set the offset to pick up where the last set left off, and the length arg will be ignored.

This command will not determine "maxFragmentLength". If the input data is too long, this command will send it to the YubiKey, which will likely not store the data and return an error. If this is the first call to Set (offset is zero), and the input blobData is longer than the length, this command will send the data into the YubiKey which will likely not store the data and return an error.

Each call to Set must provide the "pinUvAuthParam", which the standard defines as

authenticate (pinUvAuthToken,
    32 x 0xff || 0x0c 00 || uint32LittleEndian(offset) ||
    SHA-256(contents of set byte string)

See AuthenticateUsingPinToken(byte[], byte[]). Note that this is not the "normal" process. All other commands require only the PinUvAuthToken and they compute the PinUvAuthParam. However, because computing the AuthParam requires digesting data, this command requires the caller make the computations.

It is the responsibility of the caller to keep track of the offset.

Properties

Application

Gets the YubiKeyApplication to which this command belongs.

public YubiKeyApplication Application { get; }

Property Value

YubiKeyApplication

YubiKeyApplication.Fido2

Methods

CreateCommandApdu()

Creates a well-formed CommandApdu to send to the YubiKey.

public CommandApdu CreateCommandApdu()

Returns

CommandApdu

A valid CommandApdu that is ready to be sent to the YubiKey, or passed along to additional encoders for further processing.

Remarks

This method will first perform validation on all of the parameters and data provided to it. The CommandAPDU it creates should contain all of the data payload for the command, even if it exceeds 65,535 bytes as specified by the ISO 7816-4 specification. The APDU will be properly chained by the device connection prior to being sent to the YubiKey, and the responses will collapsed into a single result.

CreateResponseForApdu(ResponseApdu)

Creates the corresponding IYubiKeyResponse implementation for the current command.

public SetLargeBlobResponse CreateResponseForApdu(ResponseApdu responseApdu)

Parameters

responseApdu ResponseApdu

The ResponseApdu returned by the YubiKey.

Returns

SetLargeBlobResponse

The implementation of IYubiKeyResponse that parses and presents ths response APDU.