Class SetLargeBlobCommand
Stores arbitrary data on the YubiKey. This command does not format the
data (the FIDO2 standard specifies a format for
serializedLargeBlobArray
), it simply stores whatever byte array it
is given.
Warning
While storing arbitrary data that does not follow the standard's formatting specification is possible, it is not recommended. See the User's Manual entry on FIDO2 Blobs and the documentation for the method SetSerializedLargeBlobArray(SerializedLargeBlobArray).
public sealed class SetLargeBlobCommand : IYubiKeyCommand<SetLargeBlobResponse>
- Inheritance
-
objectSetLargeBlobCommand
- Implements
Remarks
The partner Response class is SetLargeBlobResponse. Specified in CTAP as "authenticatorLargeBlobs".
The standard specifies one command called
"authenticatorLargeBlobs
". It takes input that specifies whether
to get or set. The SDK breaks this into two commands.
The standard specifies the format of large blob data, however, this command does not format the input data, nor does it verify that the data is formatted correctly. It stores whatever data it is given.
Note that this command will replace any data currently stored as a large blob on the YubiKey. To update the current data, get the current data (using GetLargeBlobCommand), "edit" it and then call this command.
Constructors
SetLargeBlobCommand(ReadOnlyMemory<byte>, int, int, ReadOnlyMemory<byte>, int)
Constructs an instance of the SetLargeBlobCommand class.
public SetLargeBlobCommand(ReadOnlyMemory<byte> blobData, int offset, int length, ReadOnlyMemory<byte> pinUvAuthParam, int protocol)
Parameters
blobData
ReadOnlyMemory<byte>The data to store.
offset
intThe offset into the currently stored blob where the command should begin storing.
length
intIf the
offset
is zero, this is the total number of bytes to store. Otherwise this argument is ignored.pinUvAuthParam
ReadOnlyMemory<byte>The authentication (using the pinUvAuthToken) of the data to store (with some other bytes).
protocol
intThe PIN UV Auth protocol used to compute the
pinUvAuthParam
.
Remarks
This will store all the data given by the input arg blobData
.
The offset
and length
arguments do not refer to the
offset and length of the input data, but rather the offset inside the
full blob on the YubiKey and the length is the total length of data
that will be stored.
The length
argument is used only when the offset is 0. If the
input offset
arg is not 0, this method will ignore
length
.
Each call to the set command must contain "maxFragmentLength" or
fewer bytes. The value of "maxFragmentLength" (from the standard) is
the message size minus 64. See the
MaximumMessageSize property in the
return from the GetInfoCommand. If the total length to
set is more than "maxFragmentLength", make multiple calls to the
SetLargeBlobCommand
. The first call will use an offset
of zero and the length will be the total length. Each successive call
will set the offset
to pick up where the last set left off,
and the length
arg will be ignored.
This command will not determine "maxFragmentLength". If the input
data is too long, this command will send it to the YubiKey, which
will likely not store the data and return an error. If this is the
first call to Set
(offset
is zero), and the input
blobData
is longer than the length, this command will send the
data into the YubiKey which will likely not store the data and return
an error.
Each call to Set
must provide the "pinUvAuthParam", which the
standard defines as
authenticate (pinUvAuthToken,
32 x 0xff || 0x0c 00 || uint32LittleEndian(offset) ||
SHA-256(contents of set byte string)
See AuthenticateUsingPinToken(byte[], byte[]).
Note that this is not the "normal" process. All other commands
require only the PinUvAuthToken and they compute the PinUvAuthParam.
However, because computing the AuthParam requires digesting data,
this command requires the caller make the computations.
It is the responsibility of the caller to keep track of the offset.
Properties
Application
Gets the YubiKeyApplication to which this command belongs.
public YubiKeyApplication Application { get; }
Property Value
- YubiKeyApplication
YubiKeyApplication.Fido2
Methods
CreateCommandApdu()
Creates a well-formed CommandApdu to send to the YubiKey.
public CommandApdu CreateCommandApdu()
Returns
- CommandApdu
A valid CommandApdu that is ready to be sent to the YubiKey, or passed along to additional encoders for further processing.
Remarks
This method will first perform validation on all of the parameters and data provided to it. The CommandAPDU it creates should contain all of the data payload for the command, even if it exceeds 65,535 bytes as specified by the ISO 7816-4 specification. The APDU will be properly chained by the device connection prior to being sent to the YubiKey, and the responses will collapsed into a single result.
CreateResponseForApdu(ResponseApdu)
Creates the corresponding IYubiKeyResponse implementation for the current command.
public SetLargeBlobResponse CreateResponseForApdu(ResponseApdu responseApdu)
Parameters
responseApdu
ResponseApduThe ResponseApdu returned by the YubiKey.
Returns
- SetLargeBlobResponse
The implementation of IYubiKeyResponse that parses and presents ths response APDU.