master/html/yubikeycommands_8hpp_source.html

#ifndef LOGICALACCESS_YUBIKEYCOMMANDS_HPP

#define LOGICALACCESS_YUBIKEYCOMMANDS_HPP


#include <logicalaccess/plugins/cards/iso7816/iso7816commands.hpp>

#include <logicalaccess/plugins/cards/yubikey/lla_cards_yubikey_api.hpp>

#include <logicalaccess/tlv.hpp>

#include <vector>


namespace logicalaccess

{

#define CMD_YUBIKEY "Yubikey"


typedef enum

{

    HMAC_UNKNOWN = 0x00,

    HMAC_SHA1    = 0x01,

    HMAC_SHA256  = 0x02,

    HMAC_SHA512  = 0x03,

    HMAC_TYPE_HOTP    = 0x10,

    HMAC_TYPE_TOTP    = 0x20

} YubikeyHMAC;


typedef enum

{

    PROP_NONE             = 0x00,

    PROP_ONLY_INCREASE    = 0x01, /* Enforces that a challenge is always higher than the previous */

    PROP_REQUIRE_TOUCH    = 0x02 /* Require button press to generate OATH codes */

} YubikeyProperty;


typedef enum

{

    SLOT_DUMMY                   = 0x00,

    SLOT_CONFIG_1                = 0x01,

    SLOT_NAV                     = 0x02,

    SLOT_CONFIG_2                = 0x03,

    SLOT_UPDATE_1                = 0x04,

    SLOT_UPDATE_2                = 0x05,

    SLOT_SWAP                    = 0x06,

    SLOT_NDEF_1                  = 0x08,

    SLOT_NDEF_2                  = 0x09,

    SLOT_DEVICE_SERIAL           = 0x10,

    SLOT_DEVICE_CONFIGURATION    = 0x11,

    SLOT_SCAN_MAP                = 0x12,

    SLOT_YUBIKEY_4_CAPABILITIES  = 0x13,

    SLOT_CHALLENGE_OTP_1         = 0x20,

    SLOT_CHALLENGE_OTP_2         = 0x28,

    SLOT_CHALLENGE_HMAC_1        = 0x30,

    SLOT_CHALLENGE_HMAC_2        = 0x38

} YubikeySlot;


typedef struct s_YubikeySelectResponse

{

    ByteVector version;

    ByteVector name;

    YubikeyHMAC algorithm = HMAC_UNKNOWN;

    ByteVector challenge;

} YubikeySelectResponse;


typedef struct s_YubikeyCalculateResponse

{

    ByteVector name;

    uint8_t digits = 0;

    ByteVector response;

} YubikeyCalculateResponse;


typedef struct s_YubikeyListItem

{

    YubikeyHMAC algorithm = HMAC_UNKNOWN;

    ByteVector name;

} YubikeyListItem;


#define YUBIKEY_TLV_DEVINFO_AVAILABLE_CAPABILITIES_USB  0x01 /* USB Applications and capabilities that are available for use on this YubiKey. */

#define YUBIKEY_TLV_DEVINFO_SERIAL_NUMBER               0x02 /* Returns the serial number of the YubiKey (if present and visible). */

#define YUBIKEY_TLV_DEVINFO_ENABLED_CAPABILITIES_USB    0x03 /* Applications that are currently enabled over USB on this YubiKey. */

#define YUBIKEY_TLV_DEVINFO_FORM_FACTOR                 0x04 /* Specifies the form factor of the YubiKey (USB-A, USB-C, Nano, etc.) */

#define YUBIKEY_TLV_DEVINFO_FIRMWARE_VERSION            0x05 /* The Major.Minor.Patch version number of the firmware running on the YubiKey. */

#define YUBIKEY_TLV_DEVINFO_AUTOEJECT_TIMEOUT           0x06 /* Timeout in (ms?) before the YubiKey automatically "ejects" itself. */

#define YUBIKEY_TLV_DEVINFO_CHALLENGE_RESPONSE_TIMEOUT  0x07 /* The period of time (in seconds) after which the OTP challenge-response command should timeout. */

#define YUBIKEY_TLV_DEVINFO_DEVICE_FLAGS                0x08 /* Device flags that can control device-global behavior. */

#define YUBIKEY_TLV_DEVINFO_CONFIGURATION_LOCK          0x0A /* Indicates whether or not the YubiKey's configuration has been locked by the user. */

#define YUBIKEY_TLV_DEVINFO_AVAILABLE_CAPABILITIES_NFC  0x0D /* NFC Applications and capabilities that are available for use on this YubiKey. */

#define YUBIKEY_TLV_DEVINFO_ENABLED_CAPABILITIES_NFC    0x0E /* Applications that are currently enabled over USB on this YubiKey. */


#define YUBIKEY_TLV_NAME 0x71

#define YUBIKEY_TLV_NAME_LIST 0x72

#define YUBIKEY_TLV_KEY 0x73

#define YUBIKEY_TLV_CHALLENGE 0x74

#define YUBIKEY_TLV_FULL_RESPONSE 0x75

#define YUBIKEY_TLV_TRUNCATED_RESPONSE 0x76

#define YUBIKEY_TLV_HOTP_RESPONSE 0x77

#define YUBIKEY_TLV_PROPERTY 0x78

#define YUBIKEY_TLV_VERSION 0x79

#define YUBIKEY_TLV_IMF 0x7a

#define YUBIKEY_TLV_ALGORITHM 0x7b

#define YUBIKEY_TLV_TOUCH_RESPONSE 0x7c


class LLA_CARDS_YUBIKEY_API YubikeyCommands : public Commands

{

  public:


    YubikeyCommands()

        : Commands(CMD_YUBIKEY)

    {

    }


    explicit YubikeyCommands(std::string cmdtype)

        : Commands(cmdtype)

    {

    }


    virtual YubikeySelectResponse selectYubikeyOATH() = 0;


    virtual ByteVector selectYubikeyOTP() = 0;


    /******************************************************

     *                                                    *

     *                   === OTP ===                      *

     *                                                    *

     * All OTP management commands are skipped for now as *

     * Yubikey Manager app can be used for initial setup. *

     *                                                    *

     ******************************************************/


    virtual ByteVector otp_getResponse(YubikeySlot slot, const ByteVector& challenge) = 0;


    virtual ByteVector otp_getSerialNumber() = 0;


    virtual std::vector<TLVPtr> otp_getDeviceInfo() = 0;


    virtual bool otp_queryFIPSMode() = 0;


    /******************************************************

     *                                                    *

     *                   === OAUTH ==                     *

     *                                                    *

     ******************************************************/


    virtual void oath_put(const ByteVector& name, YubikeyHMAC algorithm, uint8_t digits, const ByteVector& key, YubikeyProperty property = PROP_NONE, const ByteVector& imf = ByteVector()) = 0;


    virtual void oath_delete(const ByteVector& name) = 0;


    virtual void oath_setCode(YubikeyHMAC algorithm, const ByteVector& key, const ByteVector& challenge) = 0;


    virtual std::vector<YubikeyListItem> oath_list() = 0;


    virtual void oath_reset() = 0;


    virtual YubikeyCalculateResponse oath_calculate(const ByteVector& name, const ByteVector& challenge, bool truncate = false) = 0;


    virtual ByteVector oath_validate(const ByteVector& challenge, const ByteVector& response) = 0;


    virtual std::vector<YubikeyCalculateResponse> oath_calculateAll(const ByteVector& challenge, bool truncate = false) = 0;


    virtual ByteVector oath_sendRemainingInstruction() = 0;


    virtual std::shared_ptr<ISO7816Commands> getISO7816Commands() const = 0;

};

}


#endif

logicalaccess::Commands
The base commands class for all card commands.
Definition: commands.hpp:21

logicalaccess::YubikeyCommands
The Yubikey commands class.
Definition: yubikeycommands.hpp:116

logicalaccess::YubikeyCommands::otp_queryFIPSMode
virtual bool otp_queryFIPSMode()=0
Determines whether or not the device is loaded with FIPS capable firmware, as well as if the key is c...

logicalaccess::YubikeyCommands::getISO7816Commands
virtual std::shared_ptr< ISO7816Commands > getISO7816Commands() const =0

logicalaccess::YubikeyCommands::otp_getResponse
virtual ByteVector otp_getResponse(YubikeySlot slot, const ByteVector &challenge)=0
Challenge/Response operation.

logicalaccess::YubikeyCommands::selectYubikeyOATH
virtual YubikeySelectResponse selectYubikeyOATH()=0
Select the Yubikey OATH application.

logicalaccess::YubikeyCommands::oath_reset
virtual void oath_reset()=0
Resets the application to just-installed state.

logicalaccess::YubikeyCommands::YubikeyCommands
YubikeyCommands()
Constructor.
Definition: yubikeycommands.hpp:122

logicalaccess::YubikeyCommands::oath_setCode
virtual void oath_setCode(YubikeyHMAC algorithm, const ByteVector &key, const ByteVector &challenge)=0
Configures Authentication. If length 0 is sent, authentication is removed. The key to be set is expec...

logicalaccess::YubikeyCommands::otp_getDeviceInfo
virtual std::vector< TLVPtr > otp_getDeviceInfo()=0
Reads configuration and metadata information about the YubiKey. Similar commands exist in other appli...

logicalaccess::YubikeyCommands::otp_getSerialNumber
virtual ByteVector otp_getSerialNumber()=0
Reads the serial number of the YubiKey if it is allowed by the configuration. Note that certain keys,...

logicalaccess::YubikeyCommands::YubikeyCommands
YubikeyCommands(std::string cmdtype)
Constructor.
Definition: yubikeycommands.hpp:131

logicalaccess::YubikeyCommands::selectYubikeyOTP
virtual ByteVector selectYubikeyOTP()=0
Select the old Yubikey OTP application.

logicalaccess::YubikeyCommands::oath_put
virtual void oath_put(const ByteVector &name, YubikeyHMAC algorithm, uint8_t digits, const ByteVector &key, YubikeyProperty property=PROP_NONE, const ByteVector &imf=ByteVector())=0
Adds a new (or overwrites) OATH credential.

logicalaccess::YubikeyCommands::oath_calculateAll
virtual std::vector< YubikeyCalculateResponse > oath_calculateAll(const ByteVector &challenge, bool truncate=false)=0
Performs CALCULATE for all available credentials, returns name + response for TOTP and just name for ...

logicalaccess::YubikeyCommands::oath_validate
virtual ByteVector oath_validate(const ByteVector &challenge, const ByteVector &response)=0
Validates authentication (mutually). The challenge for this comes from the SELECT command....

logicalaccess::YubikeyCommands::oath_delete
virtual void oath_delete(const ByteVector &name)=0
Deletes an existing credential.

logicalaccess::YubikeyCommands::oath_list
virtual std::vector< YubikeyListItem > oath_list()=0
Lists configured credentials.

logicalaccess::YubikeyCommands::oath_sendRemainingInstruction
virtual ByteVector oath_sendRemainingInstruction()=0
Gets remaining data if everything didn’t fit in previous response (response code was 61xx).

logicalaccess::YubikeyCommands::oath_calculate
virtual YubikeyCalculateResponse oath_calculate(const ByteVector &name, const ByteVector &challenge, bool truncate=false)=0
Performs CALCULATE for one named credential.

iso7816commands.hpp
ISO7816 commands. See http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4....

ByteVector
std::vector< uint8_t > ByteVector
Definition: lla_fwd.hpp:80

logicalaccess
Definition: asn1.hpp:9

logicalaccess::YubikeyProperty
YubikeyProperty
Yubikey properties.
Definition: yubikeycommands.hpp:36

logicalaccess::PROP_ONLY_INCREASE
@ PROP_ONLY_INCREASE
Definition: yubikeycommands.hpp:38

logicalaccess::PROP_NONE
@ PROP_NONE
Definition: yubikeycommands.hpp:37

logicalaccess::PROP_REQUIRE_TOUCH
@ PROP_REQUIRE_TOUCH
Definition: yubikeycommands.hpp:39

logicalaccess::YubikeySlot
YubikeySlot
Yubikey slot. Only used for the old slot-based Yubikey API.
Definition: yubikeycommands.hpp:46

logicalaccess::SLOT_NDEF_1
@ SLOT_NDEF_1
Definition: yubikeycommands.hpp:54

logicalaccess::SLOT_NAV
@ SLOT_NAV
Definition: yubikeycommands.hpp:49

logicalaccess::SLOT_UPDATE_2
@ SLOT_UPDATE_2
Definition: yubikeycommands.hpp:52

logicalaccess::SLOT_DEVICE_CONFIGURATION
@ SLOT_DEVICE_CONFIGURATION
Definition: yubikeycommands.hpp:57

logicalaccess::SLOT_SWAP
@ SLOT_SWAP
Definition: yubikeycommands.hpp:53

logicalaccess::SLOT_SCAN_MAP
@ SLOT_SCAN_MAP
Definition: yubikeycommands.hpp:58

logicalaccess::SLOT_DEVICE_SERIAL
@ SLOT_DEVICE_SERIAL
Definition: yubikeycommands.hpp:56

logicalaccess::SLOT_CONFIG_1
@ SLOT_CONFIG_1
Definition: yubikeycommands.hpp:48

logicalaccess::SLOT_YUBIKEY_4_CAPABILITIES
@ SLOT_YUBIKEY_4_CAPABILITIES
Definition: yubikeycommands.hpp:59

logicalaccess::SLOT_DUMMY
@ SLOT_DUMMY
Definition: yubikeycommands.hpp:47

logicalaccess::SLOT_CHALLENGE_OTP_2
@ SLOT_CHALLENGE_OTP_2
Definition: yubikeycommands.hpp:61

logicalaccess::SLOT_CHALLENGE_HMAC_2
@ SLOT_CHALLENGE_HMAC_2
Definition: yubikeycommands.hpp:63

logicalaccess::SLOT_CHALLENGE_HMAC_1
@ SLOT_CHALLENGE_HMAC_1
Definition: yubikeycommands.hpp:62

logicalaccess::SLOT_CHALLENGE_OTP_1
@ SLOT_CHALLENGE_OTP_1
Definition: yubikeycommands.hpp:60

logicalaccess::SLOT_UPDATE_1
@ SLOT_UPDATE_1
Definition: yubikeycommands.hpp:51

logicalaccess::SLOT_NDEF_2
@ SLOT_NDEF_2
Definition: yubikeycommands.hpp:55

logicalaccess::SLOT_CONFIG_2
@ SLOT_CONFIG_2
Definition: yubikeycommands.hpp:50

logicalaccess::YubikeyCalculateResponse
struct logicalaccess::s_YubikeyCalculateResponse YubikeyCalculateResponse

logicalaccess::YubikeyHMAC
YubikeyHMAC
The HMAC algorithm.
Definition: yubikeycommands.hpp:23

logicalaccess::HMAC_TYPE_HOTP
@ HMAC_TYPE_HOTP
Definition: yubikeycommands.hpp:28

logicalaccess::HMAC_SHA1
@ HMAC_SHA1
Definition: yubikeycommands.hpp:25

logicalaccess::HMAC_UNKNOWN
@ HMAC_UNKNOWN
Definition: yubikeycommands.hpp:24

logicalaccess::HMAC_SHA256
@ HMAC_SHA256
Definition: yubikeycommands.hpp:26

logicalaccess::HMAC_SHA512
@ HMAC_SHA512
Definition: yubikeycommands.hpp:27

logicalaccess::HMAC_TYPE_TOTP
@ HMAC_TYPE_TOTP
Definition: yubikeycommands.hpp:29

logicalaccess::YubikeySelectResponse
struct logicalaccess::s_YubikeySelectResponse YubikeySelectResponse

logicalaccess::YubikeyListItem
struct logicalaccess::s_YubikeyListItem YubikeyListItem

logicalaccess::s_YubikeyCalculateResponse
Definition: yubikeycommands.hpp:75

logicalaccess::s_YubikeyCalculateResponse::digits
uint8_t digits
Definition: yubikeycommands.hpp:77

logicalaccess::s_YubikeyCalculateResponse::name
ByteVector name
Definition: yubikeycommands.hpp:76

logicalaccess::s_YubikeyCalculateResponse::response
ByteVector response
Definition: yubikeycommands.hpp:78

logicalaccess::s_YubikeyListItem
Definition: yubikeycommands.hpp:82

logicalaccess::s_YubikeyListItem::algorithm
YubikeyHMAC algorithm
Definition: yubikeycommands.hpp:83

logicalaccess::s_YubikeyListItem::name
ByteVector name
Definition: yubikeycommands.hpp:84

logicalaccess::s_YubikeySelectResponse
Definition: yubikeycommands.hpp:67

logicalaccess::s_YubikeySelectResponse::algorithm
YubikeyHMAC algorithm
Definition: yubikeycommands.hpp:70

logicalaccess::s_YubikeySelectResponse::name
ByteVector name
Definition: yubikeycommands.hpp:69

logicalaccess::s_YubikeySelectResponse::challenge
ByteVector challenge
Definition: yubikeycommands.hpp:71

logicalaccess::s_YubikeySelectResponse::version
ByteVector version
Definition: yubikeycommands.hpp:68

tlv.hpp

CMD_YUBIKEY
#define CMD_YUBIKEY
Definition: yubikeycommands.hpp:17