Table of Contents

Class SlotConfigureBase

Namespace
Yubico.YubiKey.Otp.Commands
Assembly
Yubico.YubiKey.dll

Base class for commands that configure, update, or delete an OTP slot.

public abstract class SlotConfigureBase : IYubiKeyCommand<ReadStatusResponse>
Inheritance
object
SlotConfigureBase
Implements
Derived

Fields

AccessCodeOffset

protected const int AccessCodeOffset = 38

Field Value

int

AesKeyOffset

protected const int AesKeyOffset = 22

Field Value

int

ConfigurationFlagsOffset

protected const int ConfigurationFlagsOffset = 47

Field Value

int

ConfigurationStructSize

protected const int ConfigurationStructSize = 58

Field Value

int

CrcOffset

protected const int CrcOffset = 50

Field Value

int

CurrentAccessCodeOffset

protected const int CurrentAccessCodeOffset = 52

Field Value

int

ExtendedFlagsOffset

protected const int ExtendedFlagsOffset = 45

Field Value

int

FixedDataOffset

protected const int FixedDataOffset = 0

Field Value

int

FixedSizeOffset

protected const int FixedSizeOffset = 44

Field Value

int

ReservedOffset

protected const int ReservedOffset = 48

Field Value

int

TicketFlagsOffset

protected const int TicketFlagsOffset = 46

Field Value

int

UidOffset

protected const int UidOffset = 16

Field Value

int

Properties

Application

Gets the YubiKeyApplication (e.g. PIV, OATH, etc.) to which this command applies.

public YubiKeyApplication Application { get; }

Property Value

YubiKeyApplication

YubiKeyApplication.Otp, YubiKeyApplication.Piv, etc.

CalculateCrc

Allows the command to indicate whether to calculate the CRC for the buffer.

protected virtual bool CalculateCrc { get; }

Property Value

bool

ConfigurationBuffer

Gets reference to the raw buffer that contains the configuration.

protected Span<byte> ConfigurationBuffer { get; }

Property Value

Span<byte>

ConfigurationFlags

Flags that define the mode and other configurable options for this slot.

public virtual ConfigurationFlags ConfigurationFlags { get; set; }

Property Value

ConfigurationFlags

Exceptions

InvalidOperationException

Thrown if an invalid flag set is specified.

ExtendedFlags

Extended flags that control behaviors on either a slot or global basis.

public virtual ExtendedFlags ExtendedFlags { get; set; }

Property Value

ExtendedFlags

Exceptions

InvalidOperationException

Thrown if an invalid flag set is specified.

LongPressCode

The code to use for indicating the long-press OTP slot.

protected abstract byte LongPressCode { get; }

Property Value

byte

OtpSlot

Determines which of the two configurable slots this configuration is for.

public Slot OtpSlot { get; set; }

Property Value

Slot

Exceptions

ArgumentException

Thrown if setting an invalid value is attempted.

ShortPressCode

The code to use for indicating the short-press OTP slot.

protected abstract byte ShortPressCode { get; }

Property Value

byte

TicketFlags

Flags that control the output format of the text returned by the YubiKey button press.

public virtual TicketFlags TicketFlags { get; set; }

Property Value

TicketFlags

Exceptions

InvalidOperationException

Thrown if an invalid flag set is specified.

YubiKeyFlags

YubiKey flags that control YubiKey behavior.

public virtual YubiKeyFlags YubiKeyFlags { get; set; }

Property Value

YubiKeyFlags

Exceptions

InvalidOperationException

Thrown if an invalid flag set is specified.

Methods

ApplyCurrentAccessCode(ReadOnlySpan<byte>)

Adds the access code currently protecting the configuration to the command. This is needed to apply a new configuration to a write-protected slot.

public void ApplyCurrentAccessCode(ReadOnlySpan<byte> accessCode)

Parameters

accessCode ReadOnlySpan<byte>

The current access code to the configurable slot.

Remarks

If the configurable slot is protected by an access code, that code must be supplied by the caller through this method. If the intention is to retain the access code and leave its value unchanged, the SetAccessCode(ReadOnlySpan<byte>) function must also be called. Failure to do so will result in the access code being removed from the slot, effectively making it unprotected.

Clear()

Clears the configuration buffer to remove lingering sensitive data.

public void Clear()

CreateCommandApdu()

Creates a well-formed CommandApdu to send to the YubiKey.

public CommandApdu CreateCommandApdu()

Returns

CommandApdu

A valid CommandApdu that is ready to be sent to the YubiKey, or passed along to additional encoders for further processing.

Remarks

This method will first perform validation on all of the parameters and data provided to it. The CommandAPDU it creates should contain all of the data payload for the command, even if it exceeds 65,535 bytes as specified by the ISO 7816-4 specification. The APDU will be properly chained by the device connection prior to being sent to the YubiKey, and the responses will collapsed into a single result.

CreateResponseForApdu(ResponseApdu)

Creates the corresponding IYubiKeyResponse implementation for the current command.

public ReadStatusResponse CreateResponseForApdu(ResponseApdu responseApdu)

Parameters

responseApdu ResponseApdu

The ResponseApdu returned by the YubiKey.

Returns

ReadStatusResponse

The implementation of IYubiKeyResponse that parses and presents ths response APDU.

SetAccessCode(ReadOnlySpan<byte>)

An access code that can be used to protect the slot configuration.

public void SetAccessCode(ReadOnlySpan<byte> accessCode)

Parameters

accessCode ReadOnlySpan<byte>

The value to use as the access code for the new configuration.

Remarks

It should be noted that setting an access code will lock the ability to modify the configuration of the slot. There is no way to recover usage of the slot if the access code is lost or forgotten. It is important to stress this potential pitfall when designing any application or process that relies on this feature.

If a configurable slot already has an access code and you need to apply it to a new configuration, call the ApplyCurrentAccessCode(ReadOnlySpan<byte>) method. The value specified by SetAccessCode will be the code used to protect the slot after the configuration has been applied.

Note that if the slot is already protected by an access code, and you wish to have the same access code remain, both ApplyCurrentAccessCode and SetAccessCode must be called with the same value. Failure to call SetAccessCode will effectively cause the newly applied configuration to be unprotected.

Setting the access code to all zeros is equivalent to not setting an access code. The slot will not be protected.

Exceptions

ArgumentException

Thrown if the access code length doesn't equal Yubico.YubiKey.Otp.Commands.SlotConfigureBase.AccessCodeLength.