diff --git a/Yubico.YubiKey/docs/users-manual/application-u2f/apdu/verify-pin.md b/Yubico.YubiKey/docs/users-manual/application-u2f/apdu/verify-pin.md index e98001df..4c2b722b 100644 --- a/Yubico.YubiKey/docs/users-manual/application-u2f/apdu/verify-pin.md +++ b/Yubico.YubiKey/docs/users-manual/application-u2f/apdu/verify-pin.md @@ -24,7 +24,7 @@ The data is the PIN itself, there is no further encoding. ### Response APDU info -#### Response APDU for successful verifying PIN +#### Response APDU for successfully verifying PIN Total Length: 2\ Data Length: 0 diff --git a/Yubico.YubiKey/docs/users-manual/application-u2f/fips-mode.md b/Yubico.YubiKey/docs/users-manual/application-u2f/fips-mode.md index fb105920..2f1db68a 100644 --- a/Yubico.YubiKey/docs/users-manual/application-u2f/fips-mode.md +++ b/Yubico.YubiKey/docs/users-manual/application-u2f/fips-mode.md @@ -117,6 +117,28 @@ end user at the keyboard, which would make it a normal password. Once you set the password, the YubiKey will be in FIPS mode and the `VerifyFipsModeCommand` will return true. +## Retries + +If a caller wants to verify or change a PIN, the current PIN must be entered. If a wrong +value is provided, the PIN won't be verified or changed and the caller can try again. +However, there are limits to how many times a wrong value can be entered. + +If an incorrect PIN is entered three times in a row, the U2F application is temporarily +blocked. To unblock it, remove the YubiKey and reinsert it. + +If an incorrect PIN is entered eight times in a row (three times, reinserted, three times, +reinserted, two times), the U2F application is permanently blocked. At this point, to be +able to use the U2F application on that YubiKey again, it must be reset. Of course, after +resetting, the YubiKey can no longer be put into FIPS mode. + +If the correct PIN is verified before the U2F application is blocked, the retries +remaining count returns to eight. + +Unfortunately in the version 4 FIPS series YubiKey, it is not possible to know how many +U2F PIN retries are remaining. That is, if the wrong PIN has been entered, the SDK will +return to the caller indicating that the wrong PIN was entered, but will not be able to +report the number of retries remaining. + ## Removing the PIN Once a PIN is set on the U2F application, it is not possible to remove it with the diff --git a/Yubico.YubiKey/src/Resources/ExceptionMessages.Designer.cs b/Yubico.YubiKey/src/Resources/ExceptionMessages.Designer.cs index 6ee00f70..c845350e 100644 --- a/Yubico.YubiKey/src/Resources/ExceptionMessages.Designer.cs +++ b/Yubico.YubiKey/src/Resources/ExceptionMessages.Designer.cs @@ -1,6 +1,7 @@ //------------------------------------------------------------------------------ // // This code was generated by a tool. +// Runtime Version:4.0.30319.42000 // // Changes to this file may cause incorrect behavior and will be lost if // the code is regenerated. @@ -11,32 +12,46 @@ namespace Yubico.YubiKey { using System; - [System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "17.0.0.0")] - [System.Diagnostics.DebuggerNonUserCodeAttribute()] - [System.Runtime.CompilerServices.CompilerGeneratedAttribute()] + /// + /// A strongly-typed resource class, for looking up localized strings, etc. + /// + // This class was auto-generated by the StronglyTypedResourceBuilder + // class via a tool like ResGen or Visual Studio. + // To add or remove a member, edit your .ResX file then rerun ResGen + // with the /str option, or rebuild your VS project. + [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "16.0.0.0")] + [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] + [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] internal class ExceptionMessages { - private static System.Resources.ResourceManager resourceMan; + private static global::System.Resources.ResourceManager resourceMan; - private static System.Globalization.CultureInfo resourceCulture; + private static global::System.Globalization.CultureInfo resourceCulture; - [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")] + [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")] internal ExceptionMessages() { } - [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Advanced)] - internal static System.Resources.ResourceManager ResourceManager { + /// + /// Returns the cached ResourceManager instance used by this class. + /// + [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] + internal static global::System.Resources.ResourceManager ResourceManager { get { - if (object.Equals(null, resourceMan)) { - System.Resources.ResourceManager temp = new System.Resources.ResourceManager("Resources.ExceptionMessages", typeof(ExceptionMessages).Assembly); + if (object.ReferenceEquals(resourceMan, null)) { + global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Resources.ExceptionMessages", typeof(ExceptionMessages).Assembly); resourceMan = temp; } return resourceMan; } } - [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Advanced)] - internal static System.Globalization.CultureInfo Culture { + /// + /// Overrides the current thread's CurrentUICulture property for all + /// resource lookups using this strongly typed resource class. + /// + [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] + internal static global::System.Globalization.CultureInfo Culture { get { return resourceCulture; } @@ -45,1227 +60,1857 @@ internal static System.Globalization.CultureInfo Culture { } } - internal static string ApplicationIdNotFound { + /// + /// Looks up a localized string similar to Access code must be {0} or fewer bytes.. + /// + internal static string AccessCodeTooLong { get { - return ResourceManager.GetString("ApplicationIdNotFound", resourceCulture); + return ResourceManager.GetString("AccessCodeTooLong", resourceCulture); } } - internal static string BuildExternalAuthenticatePriorToLoadInitializeUpdateResponse { + /// + /// Looks up a localized string similar to The algorithm (Yubico OTP or HMAC-SHA1) must be chosen before you can retrieve the key.. + /// + internal static string AlgorithmNotChosen { get { - return ResourceManager.GetString("BuildExternalAuthenticatePriorToLoadInitializeUpdateResponse", resourceCulture); + return ResourceManager.GetString("AlgorithmNotChosen", resourceCulture); } } - internal static string CantSelectInterIndustry { + /// + /// Looks up a localized string similar to The YubiKey is already set with the attribute specified.. + /// + internal static string AlreadySet { get { - return ResourceManager.GetString("CantSelectInterIndustry", resourceCulture); + return ResourceManager.GetString("AlreadySet", resourceCulture); } } - internal static string CcidNotSupported { + /// + /// Looks up a localized string similar to There isn't an application ID associated with this YubiKeyApplication. Either the application is not supported, or is a meta application (like InterIndustry) which does not have an ID.. + /// + internal static string ApplicationIdNotFound { get { - return ResourceManager.GetString("CcidNotSupported", resourceCulture); + return ResourceManager.GetString("ApplicationIdNotFound", resourceCulture); } } - internal static string ChecksumError { + /// + /// Looks up a localized string similar to The application could not be reset.. + /// + internal static string ApplicationResetFailure { get { - return ResourceManager.GetString("ChecksumError", resourceCulture); + return ResourceManager.GetString("ApplicationResetFailure", resourceCulture); } } - internal static string DecodedResponseStatusWordNotSuccess { + /// + /// Looks up a localized string similar to The parameter must be a FirmwareVersion.. + /// + internal static string ArgumentMustBeFirmwareVersion { get { - return ResourceManager.GetString("DecodedResponseStatusWordNotSuccess", resourceCulture); + return ResourceManager.GetString("ArgumentMustBeFirmwareVersion", resourceCulture); } } - internal static string HidFidoNotSupported { + /// + /// Looks up a localized string similar to Auto eject timeout cannot be set when touch eject is disabled.. + /// + internal static string AutoEjectTimeoutRequiresTouchEjectEnabled { get { - return ResourceManager.GetString("HidFidoNotSupported", resourceCulture); + return ResourceManager.GetString("AutoEjectTimeoutRequiresTouchEjectEnabled", resourceCulture); } } - internal static string HidKeyboardNotSupported { + /// + /// Looks up a localized string similar to The authenticator returned a FIDO2 status indicating an error ({0}: {1}). + /// + internal static string BadFido2Status { get { - return ResourceManager.GetString("HidKeyboardNotSupported", resourceCulture); + return ResourceManager.GetString("BadFido2Status", resourceCulture); } } - internal static string IncorrectAesKeyLength { + /// + /// Looks up a localized string similar to An unsupported or unknown NDEF record type was encountered. Contact Yubico Support if this error persists.. + /// + internal static string BadNdefRecordType { get { - return ResourceManager.GetString("IncorrectAesKeyLength", resourceCulture); + return ResourceManager.GetString("BadNdefRecordType", resourceCulture); } } - internal static string IncorrectTripleDesKeyLength { + /// + /// Looks up a localized string similar to You cannot both generate and specify a static password.. + /// + internal static string BothGenerateAndSpecify { get { - return ResourceManager.GetString("IncorrectTripleDesKeyLength", resourceCulture); + return ResourceManager.GetString("BothGenerateAndSpecify", resourceCulture); } } - internal static string TripleDesFailed { + /// + /// Looks up a localized string similar to You can't specify both TOTP and a challenge.. + /// + internal static string BothTotpAndChallenge { get { - return ResourceManager.GetString("TripleDesFailed", resourceCulture); + return ResourceManager.GetString("BothTotpAndChallenge", resourceCulture); } } - internal static string IncorrectRsaKeyLength { + /// + /// Looks up a localized string similar to SCP03 handshake called out-of-order: building an external authenticate response before processing the preceding initialize update response is not possible.. + /// + internal static string BuildExternalAuthenticatePriorToLoadInitializeUpdateResponse { get { - return ResourceManager.GetString("IncorrectRsaKeyLength", resourceCulture); + return ResourceManager.GetString("BuildExternalAuthenticatePriorToLoadInitializeUpdateResponse", resourceCulture); } } - internal static string IncorrectEccKeyLength { + /// + /// Looks up a localized string similar to The device specified has a different parent from the one it is being merged with.. + /// + internal static string CannotMergeDifferentParents { get { - return ResourceManager.GetString("IncorrectEccKeyLength", resourceCulture); + return ResourceManager.GetString("CannotMergeDifferentParents", resourceCulture); } } - internal static string IncorrectDigestLength { + /// + /// Looks up a localized string similar to The data tag {0} is not available as an alternate.. + /// + internal static string CannotUseDataTagAsAlternate { get { - return ResourceManager.GetString("IncorrectDigestLength", resourceCulture); + return ResourceManager.GetString("CannotUseDataTagAsAlternate", resourceCulture); } } - internal static string UnsupportedAlgorithm { + /// + /// Looks up a localized string similar to You cannot delete a slot that does not contain a configuration.. + /// + internal static string CantDeleteEmptySlot { get { - return ResourceManager.GetString("UnsupportedAlgorithm", resourceCulture); + return ResourceManager.GetString("CantDeleteEmptySlot", resourceCulture); } } - internal static string InvalidPublicKeyData { + /// + /// Looks up a localized string similar to InterIndustry is a meta application which cannot be selected directly. Its commands can be issued on other previously selected applications.. + /// + internal static string CantSelectInterIndustry { get { - return ResourceManager.GetString("InvalidPublicKeyData", resourceCulture); + return ResourceManager.GetString("CantSelectInterIndustry", resourceCulture); } } - internal static string InvalidPrivateKeyData { + /// + /// Looks up a localized string similar to You must specify a 16-byte key or choose to generate one, but not both.. + /// + internal static string CantSpecifyKeyAndGenerate { get { - return ResourceManager.GetString("InvalidPrivateKeyData", resourceCulture); + return ResourceManager.GetString("CantSpecifyKeyAndGenerate", resourceCulture); } } - internal static string UnsupportedAttestationCert { + /// + /// Looks up a localized string similar to You must specify a six-byte private ID or choose to generate one, but not both.. + /// + internal static string CantSpecifyPrivateIdAndGenerate { get { - return ResourceManager.GetString("UnsupportedAttestationCert", resourceCulture); + return ResourceManager.GetString("CantSpecifyPrivateIdAndGenerate", resourceCulture); } } - internal static string IncorrectCardCryptogram { + /// + /// Looks up a localized string similar to You must specify a public ID or choose to use the YubiKey serial number, but not both.. + /// + internal static string CantSpecifyPublicIdAndUseSerial { get { - return ResourceManager.GetString("IncorrectCardCryptogram", resourceCulture); + return ResourceManager.GetString("CantSpecifyPublicIdAndUseSerial", resourceCulture); } } - internal static string IncorrectCiphertextLength { + /// + /// Looks up a localized string similar to The CCID interface is not supported on this YubiKey.. + /// + internal static string CcidNotSupported { get { - return ResourceManager.GetString("IncorrectCiphertextLength", resourceCulture); + return ResourceManager.GetString("CcidNotSupported", resourceCulture); } } - internal static string InvalidChannelId { + /// + /// Looks up a localized string similar to Checksum error.. + /// + internal static string ChecksumError { get { - return ResourceManager.GetString("InvalidChannelId", resourceCulture); + return ResourceManager.GetString("ChecksumError", resourceCulture); } } - internal static string InvalidCiphertextLength { + /// + /// Looks up a localized string similar to A Command/Response operation returned the unexpected value of {0}.. + /// + internal static string CommandResponseApduUnexpectedResult { get { - return ResourceManager.GetString("InvalidCiphertextLength", resourceCulture); + return ResourceManager.GetString("CommandResponseApduUnexpectedResult", resourceCulture); } } - internal static string InvalidOutputBuffer { + /// + /// Looks up a localized string similar to The CBOR response failed to deserialize correctly.. + /// + internal static string Ctap2CborDeserializationError { get { - return ResourceManager.GetString("InvalidOutputBuffer", resourceCulture); + return ResourceManager.GetString("Ctap2CborDeserializationError", resourceCulture); } } - internal static string IncorrectDerivationLength { + /// + /// Looks up a localized string similar to The CBOR response contained an indefinite-length array or map, which is unsupported.. + /// + internal static string Ctap2CborIndefiniteLength { get { - return ResourceManager.GetString("IncorrectDerivationLength", resourceCulture); + return ResourceManager.GetString("Ctap2CborIndefiniteLength", resourceCulture); } } - internal static string IncorrectExternalAuthenticateData { + /// + /// Looks up a localized string similar to An unexpected key was encountered in a CBOR map; expected to find {0} (name '{1}'). + /// + internal static string Ctap2CborUnexpectedKey { get { - return ResourceManager.GetString("IncorrectExternalAuthenticateData", resourceCulture); + return ResourceManager.GetString("Ctap2CborUnexpectedKey", resourceCulture); } } - internal static string IncorrectInitializeUpdateResponseData { + /// + /// Looks up a localized string similar to An unexpected value was encountered in a CBOR map.. + /// + internal static string Ctap2CborUnexpectedValue { get { - return ResourceManager.GetString("IncorrectInitializeUpdateResponseData", resourceCulture); + return ResourceManager.GetString("Ctap2CborUnexpectedValue", resourceCulture); } } - internal static string IncorrectIVLength { + /// + /// Looks up a localized string similar to The CTAP2 command was too large to transmit.. + /// + internal static string Ctap2CommandTooLarge { get { - return ResourceManager.GetString("IncorrectIVLength", resourceCulture); + return ResourceManager.GetString("Ctap2CommandTooLarge", resourceCulture); } } - internal static string IncorrectPlaintextLength { + /// + /// Looks up a localized string similar to The authenticator produced a malformed CTAP2 response.. + /// + internal static string Ctap2MalformedResponse { get { - return ResourceManager.GetString("IncorrectPlaintextLength", resourceCulture); + return ResourceManager.GetString("Ctap2MalformedResponse", resourceCulture); } } - internal static string IncorrectResponseLengthToDecrypt { + /// + /// Looks up a localized string similar to The attestation was provided in an unknown format and cannot be parsed.. + /// + internal static string Ctap2UnknownAttestationFormat { get { - return ResourceManager.GetString("IncorrectResponseLengthToDecrypt", resourceCulture); + return ResourceManager.GetString("Ctap2UnknownAttestationFormat", resourceCulture); } } - internal static string IncorrectRmac { + /// + /// Looks up a localized string similar to Attempted to decode a response with a failed status word. SCP03 can only verify the successful execution of a command APDU - no verification is possible of status words.. + /// + internal static string DecodedResponseStatusWordNotSuccess { get { - return ResourceManager.GetString("IncorrectRmac", resourceCulture); + return ResourceManager.GetString("DecodedResponseStatusWordNotSuccess", resourceCulture); } } - internal static string IncorrectStaticKeyLength { + /// + /// Looks up a localized string similar to The specified device does not support this application.. + /// + internal static string DeviceDoesNotSupportApplication { get { - return ResourceManager.GetString("IncorrectStaticKeyLength", resourceCulture); + return ResourceManager.GetString("DeviceDoesNotSupportApplication", resourceCulture); } } - internal static string InsufficientResponseLengthToVerifyRmac { + /// + /// Looks up a localized string similar to Device type not recognized.. + /// + internal static string DeviceTypeNotRecognized { get { - return ResourceManager.GetString("InsufficientResponseLengthToVerifyRmac", resourceCulture); + return ResourceManager.GetString("DeviceTypeNotRecognized", resourceCulture); } } - internal static string InvalidHostChallengeLength { + /// + /// Looks up a localized string similar to A certificate was not able to parsed.. + /// + internal static string FailedParsingCertificate { get { - return ResourceManager.GetString("InvalidHostChallengeLength", resourceCulture); + return ResourceManager.GetString("FailedParsingCertificate", resourceCulture); } } - internal static string InvalidInitializeUpdateResponse { + /// + /// Looks up a localized string similar to No FIDO2 status was available in the response to a FIDO2 command.. + /// + internal static string Fido2ResponseMissing { get { - return ResourceManager.GetString("InvalidInitializeUpdateResponse", resourceCulture); + return ResourceManager.GetString("Fido2ResponseMissing", resourceCulture); } } - internal static string InvalidOtpSlot { + /// + /// Looks up a localized string similar to The FIDO interface is not supported on this YubiKey.. + /// + internal static string HidFidoNotSupported { get { - return ResourceManager.GetString("InvalidOtpSlot", resourceCulture); + return ResourceManager.GetString("HidFidoNotSupported", resourceCulture); } } - internal static string InvalidPadding { + /// + /// Looks up a localized string similar to HidFido is not available on Windows if the process is not elevated.. + /// + internal static string HidFidoWindowsNotElevated { get { - return ResourceManager.GetString("InvalidPadding", resourceCulture); + return ResourceManager.GetString("HidFidoWindowsNotElevated", resourceCulture); } } - internal static string LoadExternalAuthenticateResponsePriorToLoadInitializUpdateResponse { + /// + /// Looks up a localized string similar to The keyboard interface is not supported on this YubiKey.. + /// + internal static string HidKeyboardNotSupported { get { - return ResourceManager.GetString("LoadExternalAuthenticateResponsePriorToLoadInitializUpdateResponse", resourceCulture); + return ResourceManager.GetString("HidKeyboardNotSupported", resourceCulture); } } - internal static string LoadInitializeUpdatePriorToBuild { + /// + /// Looks up a localized string similar to The HMAC-SHA1 algorithm requires a 0-64 byte challenge.. + /// + internal static string HmacChallengeTooLong { get { - return ResourceManager.GetString("LoadInitializeUpdatePriorToBuild", resourceCulture); + return ResourceManager.GetString("HmacChallengeTooLong", resourceCulture); } } - internal static string ManagementApplicationUnavailable { + /// + /// Looks up a localized string similar to The key must be exactly 20 bytes.. + /// + internal static string HmacKeyWrongSize { get { - return ResourceManager.GetString("ManagementApplicationUnavailable", resourceCulture); + return ResourceManager.GetString("HmacKeyWrongSize", resourceCulture); } } - internal static string NoResponseDataApduFailed { + /// + /// Looks up a localized string similar to The response APDU indicates further information or action, such as PIN, management key, or touch, is needed to complete the command.. + /// + internal static string IncompleteCommandInput { get { - return ResourceManager.GetString("NoResponseDataApduFailed", resourceCulture); + return ResourceManager.GetString("IncompleteCommandInput", resourceCulture); } } - internal static string InvalidApduResponseData { + /// + /// Looks up a localized string similar to The supplied AES key was an incorrect length.. + /// + internal static string IncorrectAesKeyLength { get { - return ResourceManager.GetString("InvalidApduResponseData", resourceCulture); + return ResourceManager.GetString("IncorrectAesKeyLength", resourceCulture); } } - internal static string CommandResponseApduUnexpectedResult { + /// + /// Looks up a localized string similar to The response from the device contained an incorrect card cryptogram. This could be due to incorrect static keys, a skipped or missing response, or man-in-the-middle attack.. + /// + internal static string IncorrectCardCryptogram { get { - return ResourceManager.GetString("CommandResponseApduUnexpectedResult", resourceCulture); + return ResourceManager.GetString("IncorrectCardCryptogram", resourceCulture); } } - internal static string IncompleteCommandInput { + /// + /// Looks up a localized string similar to The supplied ciphertext was not a multiple of the block size in length.. + /// + internal static string IncorrectCiphertextLength { get { - return ResourceManager.GetString("IncompleteCommandInput", resourceCulture); + return ResourceManager.GetString("IncorrectCiphertextLength", resourceCulture); } } - internal static string NoMoreRetriesRemaining { + /// + /// Looks up a localized string similar to Tried to derive an incorrectly-sized output.. + /// + internal static string IncorrectDerivationLength { get { - return ResourceManager.GetString("NoMoreRetriesRemaining", resourceCulture); + return ResourceManager.GetString("IncorrectDerivationLength", resourceCulture); } } - internal static string YubiKeyNotAuthenticatedInPiv { + /// + /// Looks up a localized string similar to The supplied message digest was an incorrect length.. + /// + internal static string IncorrectDigestLength { get { - return ResourceManager.GetString("YubiKeyNotAuthenticatedInPiv", resourceCulture); + return ResourceManager.GetString("IncorrectDigestLength", resourceCulture); } } - internal static string MissingKeyCollector { + /// + /// Looks up a localized string similar to The supplied ECC key was an incorrect length.. + /// + internal static string IncorrectEccKeyLength { get { - return ResourceManager.GetString("MissingKeyCollector", resourceCulture); + return ResourceManager.GetString("IncorrectEccKeyLength", resourceCulture); } } - internal static string StreamNotReadable { + /// + /// Looks up a localized string similar to The ExternalAuthenticate command was supplied invalid data.. + /// + internal static string IncorrectExternalAuthenticateData { get { - return ResourceManager.GetString("StreamNotReadable", resourceCulture); + return ResourceManager.GetString("IncorrectExternalAuthenticateData", resourceCulture); } } - internal static string InvalidSlot { + /// + /// Looks up a localized string similar to Parsing of an InitializeUpdateResponse failed due to an incorrect response length.. + /// + internal static string IncorrectInitializeUpdateResponseData { get { - return ResourceManager.GetString("InvalidSlot", resourceCulture); + return ResourceManager.GetString("IncorrectInitializeUpdateResponseData", resourceCulture); } } - internal static string InvalidAlgorithm { + /// + /// Looks up a localized string similar to The supplied IV was an incorrect length.. + /// + internal static string IncorrectIVLength { get { - return ResourceManager.GetString("InvalidAlgorithm", resourceCulture); + return ResourceManager.GetString("IncorrectIVLength", resourceCulture); } } - internal static string ApplicationResetFailure { + /// + /// Looks up a localized string similar to The current password that protects the OATH application and the new password to set are the same.. + /// + internal static string IncorrectOathNewPassword { get { - return ResourceManager.GetString("ApplicationResetFailure", resourceCulture); + return ResourceManager.GetString("IncorrectOathNewPassword", resourceCulture); } } - internal static string InvalidPinPukLength { + /// + /// Looks up a localized string similar to The supplied plaintext was not a multiple of the block size in length.. + /// + internal static string IncorrectPlaintextLength { get { - return ResourceManager.GetString("InvalidPinPukLength", resourceCulture); + return ResourceManager.GetString("IncorrectPlaintextLength", resourceCulture); } } - internal static string InvalidPivPutDataLength { + /// + /// Looks up a localized string similar to The device response was not the correct length (a multiple of the block size) to decrypt.. + /// + internal static string IncorrectResponseLengthToDecrypt { get { - return ResourceManager.GetString("InvalidPivPutDataLength", resourceCulture); + return ResourceManager.GetString("IncorrectResponseLengthToDecrypt", resourceCulture); } } - internal static string InvalidPivPinOnlyMode { + /// + /// Looks up a localized string similar to The response from the device contained an incorrect RMAC. This could be due to incorrect static keys, a skipped or missing response, or man-in-the-middle attack.. + /// + internal static string IncorrectRmac { get { - return ResourceManager.GetString("InvalidPivPinOnlyMode", resourceCulture); + return ResourceManager.GetString("IncorrectRmac", resourceCulture); } } - internal static string PinOnlyNotPossible { + /// + /// Looks up a localized string similar to The supplied RSA key was an incorrect length.. + /// + internal static string IncorrectRsaKeyLength { get { - return ResourceManager.GetString("PinOnlyNotPossible", resourceCulture); + return ResourceManager.GetString("IncorrectRsaKeyLength", resourceCulture); } } - internal static string MgmtKeyCannotBeChanged { + /// + /// Looks up a localized string similar to The supplied static key was an incorrect length.. + /// + internal static string IncorrectStaticKeyLength { get { - return ResourceManager.GetString("MgmtKeyCannotBeChanged", resourceCulture); + return ResourceManager.GetString("IncorrectStaticKeyLength", resourceCulture); } } - internal static string InvalidPinPukRetryCount { + /// + /// Looks up a localized string similar to The supplied Triple-DES key was an incorrect length.. + /// + internal static string IncorrectTripleDesKeyLength { get { - return ResourceManager.GetString("InvalidPinPukRetryCount", resourceCulture); + return ResourceManager.GetString("IncorrectTripleDesKeyLength", resourceCulture); } } - internal static string NotSupportedByYubiKeyVersion { + /// + /// Looks up a localized string similar to The device response was not long enough to contain an RMAC.. + /// + internal static string InsufficientResponseLengthToVerifyRmac { get { - return ResourceManager.GetString("NotSupportedByYubiKeyVersion", resourceCulture); + return ResourceManager.GetString("InsufficientResponseLengthToVerifyRmac", resourceCulture); } } - internal static string InvalidDataTag { + /// + /// Looks up a localized string similar to Getting the response as an int or numeric code is only supported with HMAC-SHA1 mode.. + /// + internal static string IntOrCodeOnlyWithHmac { get { - return ResourceManager.GetString("InvalidDataTag", resourceCulture); + return ResourceManager.GetString("IntOrCodeOnlyWithHmac", resourceCulture); } } - internal static string InvalidDataEncoding { + /// + /// Looks up a localized string similar to The given algorithm is not valid for the given command.. + /// + internal static string InvalidAlgorithm { get { - return ResourceManager.GetString("InvalidDataEncoding", resourceCulture); + return ResourceManager.GetString("InvalidAlgorithm", resourceCulture); } } - internal static string CannotUseDataTagAsAlternate { + /// + /// Looks up a localized string similar to Response data contains invalid data.. + /// + internal static string InvalidApduResponseData { get { - return ResourceManager.GetString("CannotUseDataTagAsAlternate", resourceCulture); + return ResourceManager.GetString("InvalidApduResponseData", resourceCulture); } } - internal static string NoDataToEncode { + /// + /// Looks up a localized string similar to A challenge must be 8 bytes.. + /// + internal static string InvalidChallengeLength { get { - return ResourceManager.GetString("NoDataToEncode", resourceCulture); + return ResourceManager.GetString("InvalidChallengeLength", resourceCulture); } } - internal static string InvalidPivDataObjectLength { + /// + /// Looks up a localized string similar to The CTAPHID channel ID cannot be null or empty. A valid CTAPHID channel needs to be acquired.. + /// + internal static string InvalidChannelId { get { - return ResourceManager.GetString("InvalidPivDataObjectLength", resourceCulture); + return ResourceManager.GetString("InvalidChannelId", resourceCulture); } } - internal static string InvalidPivDataObjectValue { + /// + /// Looks up a localized string similar to The length of the supplied ciphertext was not valid for the usage.. + /// + internal static string InvalidCiphertextLength { get { - return ResourceManager.GetString("InvalidPivDataObjectValue", resourceCulture); + return ResourceManager.GetString("InvalidCiphertextLength", resourceCulture); } } - internal static string OperationPriorToLoadInitializeUpdate { + /// + /// Looks up a localized string similar to ConnectionType None is not an accepted value.. + /// + internal static string InvalidConnectionTypeNone { get { - return ResourceManager.GetString("OperationPriorToLoadInitializeUpdate", resourceCulture); + return ResourceManager.GetString("InvalidConnectionTypeNone", resourceCulture); } } - internal static string OtpConfigFlagsInvalid { + /// + /// Looks up a localized string similar to A credential cannot be null.. + /// + internal static string InvalidCredential { get { - return ResourceManager.GetString("OtpConfigFlagsInvalid", resourceCulture); + return ResourceManager.GetString("InvalidCredential", resourceCulture); } } - internal static string OtpExtendedFlagsInvalid { + /// + /// Looks up a localized string similar to A credential's account cannot be null.. + /// + internal static string InvalidCredentialAccount { get { - return ResourceManager.GetString("OtpExtendedFlagsInvalid", resourceCulture); + return ResourceManager.GetString("InvalidCredentialAccount", resourceCulture); } } - internal static string OtpTicketFlagsInvalid { + /// + /// Looks up a localized string similar to The number of digits for a one-time passcode can only be 6, 7 or 8.. + /// + internal static string InvalidCredentialDigits { get { - return ResourceManager.GetString("OtpTicketFlagsInvalid", resourceCulture); + return ResourceManager.GetString("InvalidCredentialDigits", resourceCulture); } } - internal static string TouchRequired { + /// + /// Looks up a localized string similar to A credential's name cannot be more than 64 bytes in length.. + /// + internal static string InvalidCredentialNameLength { get { - return ResourceManager.GetString("TouchRequired", resourceCulture); + return ResourceManager.GetString("InvalidCredentialNameLength", resourceCulture); } } - internal static string UnknownError { + /// + /// Looks up a localized string similar to The validity period for a TOTP passcode can only be 15, 30 or 60 seconds. HOTP should be set to zero.. + /// + internal static string InvalidCredentialPeriod { get { - return ResourceManager.GetString("UnknownError", resourceCulture); + return ResourceManager.GetString("InvalidCredentialPeriod", resourceCulture); } } - internal static string UnknownScp03Error { + /// + /// Looks up a localized string similar to A credential secret can only contain the characters 'a-z', 'A-Z', '2-7', or '='.. + /// + internal static string InvalidCredentialSecret { get { - return ResourceManager.GetString("UnknownScp03Error", resourceCulture); + return ResourceManager.GetString("InvalidCredentialSecret", resourceCulture); } } - internal static string ValueConversionFailed { + /// + /// Looks up a localized string similar to A credential type cannot be null.. + /// + internal static string InvalidCredentialType { get { - return ResourceManager.GetString("ValueConversionFailed", resourceCulture); + return ResourceManager.GetString("InvalidCredentialType", resourceCulture); } } - internal static string UnknownFidoError { + /// + /// Looks up a localized string similar to A supplied property contained invalid data for CTAP2.. + /// + internal static string InvalidCtap2Data { get { - return ResourceManager.GetString("UnknownFidoError", resourceCulture); + return ResourceManager.GetString("InvalidCtap2Data", resourceCulture); } } - internal static string Ctap2CborDeserializationError { + /// + /// Looks up a localized string similar to The data provided does not match the expected encoding.. + /// + internal static string InvalidDataEncoding { get { - return ResourceManager.GetString("Ctap2CborDeserializationError", resourceCulture); + return ResourceManager.GetString("InvalidDataEncoding", resourceCulture); } } - internal static string InvalidCredential { + /// + /// Looks up a localized string similar to The value {0} is not a data tag supported by the YubiKey application.. + /// + internal static string InvalidDataTag { + get { + return ResourceManager.GetString("InvalidDataTag", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to Device must be a FIDO device.. + /// + internal static string InvalidDeviceNotFido { + get { + return ResourceManager.GetString("InvalidDeviceNotFido", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to Device must be a Keyboard device.. + /// + internal static string InvalidDeviceNotKeyboard { get { - return ResourceManager.GetString("InvalidCredential", resourceCulture); + return ResourceManager.GetString("InvalidDeviceNotKeyboard", resourceCulture); } } - internal static string InvalidCredentialAccount { + /// + /// Looks up a localized string similar to Device must be a Yubico device.. + /// + internal static string InvalidDeviceNotYubico { get { - return ResourceManager.GetString("InvalidCredentialAccount", resourceCulture); + return ResourceManager.GetString("InvalidDeviceNotYubico", resourceCulture); } } - internal static string InvalidCredentialNameLength { + /// + /// Looks up a localized string similar to Incorrect host challenge length.. + /// + internal static string InvalidHostChallengeLength { get { - return ResourceManager.GetString("InvalidCredentialNameLength", resourceCulture); + return ResourceManager.GetString("InvalidHostChallengeLength", resourceCulture); } } - internal static string InvalidCredentialSecret { + /// + /// Looks up a localized string similar to Initial moving factor must be between 0 and 0xffff0 (1,048,560) and be divisable by 0x10 (16).. + /// + internal static string InvalidImfValue { get { - return ResourceManager.GetString("InvalidCredentialSecret", resourceCulture); + return ResourceManager.GetString("InvalidImfValue", resourceCulture); } } - internal static string InvalidCredentialDigits { + /// + /// Looks up a localized string similar to Bad response to InitializeUpdate.. + /// + internal static string InvalidInitializeUpdateResponse { get { - return ResourceManager.GetString("InvalidCredentialDigits", resourceCulture); + return ResourceManager.GetString("InvalidInitializeUpdateResponse", resourceCulture); } } - internal static string InvalidCredentialPeriod { + /// + /// Looks up a localized string similar to A YubiOTP APDU was received with instruction number {0}. This instruction is not supported.. + /// + internal static string InvalidKeyboardInstruction { get { - return ResourceManager.GetString("InvalidCredentialPeriod", resourceCulture); + return ResourceManager.GetString("InvalidKeyboardInstruction", resourceCulture); } } - internal static string ValueIsNotEnum { + /// + /// Looks up a localized string similar to The NDEF configuration data is not formed correctly.. + /// + internal static string InvalidNdefConfig { get { - return ResourceManager.GetString("ValueIsNotEnum", resourceCulture); + return ResourceManager.GetString("InvalidNdefConfig", resourceCulture); } } - internal static string InvalidUriScheme { + /// + /// Looks up a localized string similar to A password cannot be null or empty.. + /// + internal static string InvalidOathPassword { get { - return ResourceManager.GetString("InvalidUriScheme", resourceCulture); + return ResourceManager.GetString("InvalidOathPassword", resourceCulture); } } - internal static string InvalidUriPath { + /// + /// Looks up a localized string similar to The challenge / response algorithm specified is invalid.. + /// + internal static string InvalidOtpChallengeResponseAlgorithm { get { - return ResourceManager.GetString("InvalidUriPath", resourceCulture); + return ResourceManager.GetString("InvalidOtpChallengeResponseAlgorithm", resourceCulture); } } - internal static string InvalidOathPassword { + /// + /// Looks up a localized string similar to Invalid OTP slot.. + /// + internal static string InvalidOtpSlot { get { - return ResourceManager.GetString("InvalidOathPassword", resourceCulture); + return ResourceManager.GetString("InvalidOtpSlot", resourceCulture); } } - internal static string InvalidChallengeLength { + /// + /// Looks up a localized string similar to Given the offset, the length of the output buffer was not valid.. + /// + internal static string InvalidOutputBuffer { get { - return ResourceManager.GetString("InvalidChallengeLength", resourceCulture); + return ResourceManager.GetString("InvalidOutputBuffer", resourceCulture); } } - internal static string Ctap2CborIndefiniteLength { + /// + /// Looks up a localized string similar to Invalid padding.. + /// + internal static string InvalidPadding { get { - return ResourceManager.GetString("Ctap2CborIndefiniteLength", resourceCulture); + return ResourceManager.GetString("InvalidPadding", resourceCulture); } } - internal static string Ctap2CborUnexpectedKey { + /// + /// Looks up a localized string similar to A PIN cannot be null or empty.. + /// + internal static string InvalidPin { get { - return ResourceManager.GetString("Ctap2CborUnexpectedKey", resourceCulture); + return ResourceManager.GetString("InvalidPin", resourceCulture); } } - internal static string Ctap2CborUnexpectedValue { + /// + /// Looks up a localized string similar to A PIN must be 6 to 32 bytes long.. + /// + internal static string InvalidPinLength { get { - return ResourceManager.GetString("Ctap2CborUnexpectedValue", resourceCulture); + return ResourceManager.GetString("InvalidPinLength", resourceCulture); } } - internal static string InvalidCtap2Data { + /// + /// Looks up a localized string similar to A PIN or PUK must be 6, 7, or 8 characters long.. + /// + internal static string InvalidPinPukLength { get { - return ResourceManager.GetString("InvalidCtap2Data", resourceCulture); + return ResourceManager.GetString("InvalidPinPukLength", resourceCulture); } } - internal static string MissingCtap2Data { + /// + /// Looks up a localized string similar to A PIN or PUK retry count must be greater than 0 and less than 256.. + /// + internal static string InvalidPinPukRetryCount { get { - return ResourceManager.GetString("MissingCtap2Data", resourceCulture); + return ResourceManager.GetString("InvalidPinPukRetryCount", resourceCulture); } } - internal static string Fido2ResponseMissing { + /// + /// Looks up a localized string similar to The supplied data for a PIV Data Object was an invalid length.. + /// + internal static string InvalidPivDataObjectLength { get { - return ResourceManager.GetString("Fido2ResponseMissing", resourceCulture); + return ResourceManager.GetString("InvalidPivDataObjectLength", resourceCulture); } } - internal static string BadFido2Status { + /// + /// Looks up a localized string similar to The supplied data for a PIV Data Object was invalid.. + /// + internal static string InvalidPivDataObjectValue { get { - return ResourceManager.GetString("BadFido2Status", resourceCulture); + return ResourceManager.GetString("InvalidPivDataObjectValue", resourceCulture); } } - internal static string NoInterfaceAvailable { + /// + /// Looks up a localized string similar to Invalid PIN-only mode to set a YubiKey. Only None, PinProtected, or PinDerived are allowed.. + /// + internal static string InvalidPivPinOnlyMode { get { - return ResourceManager.GetString("NoInterfaceAvailable", resourceCulture); + return ResourceManager.GetString("InvalidPivPinOnlyMode", resourceCulture); } } - internal static string OtpFlagConflict { + /// + /// Looks up a localized string similar to The length of input to a Put Data operation, {0}, was invalid, the maximum is {1}.. + /// + internal static string InvalidPivPutDataLength { get { - return ResourceManager.GetString("OtpFlagConflict", resourceCulture); + return ResourceManager.GetString("InvalidPivPutDataLength", resourceCulture); } } - internal static string OtpFlagRequiredOr { + /// + /// Looks up a localized string similar to The data does not match a supported private key format.. + /// + internal static string InvalidPrivateKeyData { get { - return ResourceManager.GetString("OtpFlagRequiredOr", resourceCulture); + return ResourceManager.GetString("InvalidPrivateKeyData", resourceCulture); } } + /// + /// Looks up a localized string similar to The {0} property must be exactly {1} bytes long. Only {2} bytes were given.. + /// internal static string InvalidPropertyLength { get { return ResourceManager.GetString("InvalidPropertyLength", resourceCulture); } } - internal static string PropertyValueTooLarge { + /// + /// Looks up a localized string similar to The data does not match a supported public key format.. + /// + internal static string InvalidPublicKeyData { get { - return ResourceManager.GetString("PropertyValueTooLarge", resourceCulture); + return ResourceManager.GetString("InvalidPublicKeyData", resourceCulture); } } - internal static string UnexpectedState { + /// + /// Looks up a localized string similar to Keyboard layout [{0}] doesn't have a scancode for [{1}].. + /// + internal static string InvalidScancode { get { - return ResourceManager.GetString("UnexpectedState", resourceCulture); + return ResourceManager.GetString("InvalidScancode", resourceCulture); } } - internal static string OtpConfigFlagsNotUpdatable { + /// + /// Looks up a localized string similar to Slot number {0:X2} is not valid for the given operation on the given YubiKey.. + /// + internal static string InvalidSlot { get { - return ResourceManager.GetString("OtpConfigFlagsNotUpdatable", resourceCulture); + return ResourceManager.GetString("InvalidSlot", resourceCulture); } } - internal static string BadNdefRecordType { + /// + /// Looks up a localized string similar to The status report must be the first and only report returned by the YubiKey.. + /// + internal static string InvalidStatusReport { get { - return ResourceManager.GetString("BadNdefRecordType", resourceCulture); + return ResourceManager.GetString("InvalidStatusReport", resourceCulture); } } - internal static string MalformedNdefRecord { + /// + /// Looks up a localized string similar to Invalid status word "{0}". For this method, the status word must be NoPreciseDiagnosis (0x6F 00).. + /// + internal static string InvalidStatusWordMustBeNoPreciseDiagnosis { get { - return ResourceManager.GetString("MalformedNdefRecord", resourceCulture); + return ResourceManager.GetString("InvalidStatusWordMustBeNoPreciseDiagnosis", resourceCulture); } } - internal static string OutOfRangeUriPrefixCode { + /// + /// Looks up a localized string similar to The U2F HID error code should be 1 byte long. The supplied error code contains {0} bytes.. + /// + internal static string InvalidU2fHidErrorCodeLength { get { - return ResourceManager.GetString("OutOfRangeUriPrefixCode", resourceCulture); + return ResourceManager.GetString("InvalidU2fHidErrorCodeLength", resourceCulture); } } - internal static string WrongNdefType { + /// + /// Looks up a localized string similar to A URI path cannot be null or empty.. + /// + internal static string InvalidUriPath { get { - return ResourceManager.GetString("WrongNdefType", resourceCulture); + return ResourceManager.GetString("InvalidUriPath", resourceCulture); } } - internal static string UnknownFido2Status { + /// + /// Looks up a localized string similar to The URI scheme must be 'otpauth://'.. + /// + internal static string InvalidUriScheme { get { - return ResourceManager.GetString("UnknownFido2Status", resourceCulture); + return ResourceManager.GetString("InvalidUriScheme", resourceCulture); } } - internal static string Ctap2CommandTooLarge { + /// + /// Looks up a localized string similar to The keyboard connection does not support writing more than 64 bytes to the device.. + /// + internal static string KeyboardDataTooBig { get { - return ResourceManager.GetString("Ctap2CommandTooLarge", resourceCulture); + return ResourceManager.GetString("KeyboardDataTooBig", resourceCulture); } } - internal static string Ctap2MalformedResponse { + /// + /// Looks up a localized string similar to The flag {0} is not a valid keyboard report flag.. + /// + internal static string KeyboardInvalidFlag { get { - return ResourceManager.GetString("Ctap2MalformedResponse", resourceCulture); + return ResourceManager.GetString("KeyboardInvalidFlag", resourceCulture); } } - internal static string Ctap2UnknownAttestationFormat { + /// + /// Looks up a localized string similar to Tried writing a keyboard report and unexpectedly recieved no reply.. + /// + internal static string KeyboardNoReply { get { - return ResourceManager.GetString("Ctap2UnknownAttestationFormat", resourceCulture); + return ResourceManager.GetString("KeyboardNoReply", resourceCulture); } } - internal static string FailedParsingCertificate { + /// + /// Looks up a localized string similar to Attempted to read a status keyboard report and failed.. + /// + internal static string KeyboardReadReportFailed { get { - return ResourceManager.GetString("FailedParsingCertificate", resourceCulture); + return ResourceManager.GetString("KeyboardReadReportFailed", resourceCulture); } } - internal static string InvalidOtpChallengeResponseAlgorithm { + /// + /// Looks up a localized string similar to The sequence number {0} is outside the range of allowed values.. + /// + internal static string KeyboardSequenceOutOfRange { get { - return ResourceManager.GetString("InvalidOtpChallengeResponseAlgorithm", resourceCulture); + return ResourceManager.GetString("KeyboardSequenceOutOfRange", resourceCulture); } } - internal static string HmacChallengeTooLong { + /// + /// Looks up a localized string similar to The YubiKey did not acknowledge a write to the keyboard interface within the alloted time.. + /// + internal static string KeyboardTimeout { get { - return ResourceManager.GetString("HmacChallengeTooLong", resourceCulture); + return ResourceManager.GetString("KeyboardTimeout", resourceCulture); } } - internal static string YubicoOtpChallengeLengthInvalid { + /// + /// Looks up a localized string similar to Expected to read another keyboard report, but that failed. UnexpectedEOR = {0}, WaitingForTouch = {1}. + /// + internal static string KeyboardUnexpectedEndOfBuffer { get { - return ResourceManager.GetString("YubicoOtpChallengeLengthInvalid", resourceCulture); + return ResourceManager.GetString("KeyboardUnexpectedEndOfBuffer", resourceCulture); } } - internal static string WrongHidCodeMapLength { + /// + /// Looks up a localized string similar to The YubiKey has no visible serial number. Either API visibility is disabled or the YubiKey does not have a serial number.. + /// + internal static string KeyHasNoVisibleSerial { get { - return ResourceManager.GetString("WrongHidCodeMapLength", resourceCulture); + return ResourceManager.GetString("KeyHasNoVisibleSerial", resourceCulture); } } - internal static string LockCodeWrongLength { + /// + /// Looks up a localized string similar to The key must be set either explicitly or by specifying that it should be generated before it can be read.. + /// + internal static string KeyNotSet { get { - return ResourceManager.GetString("LockCodeWrongLength", resourceCulture); + return ResourceManager.GetString("KeyNotSet", resourceCulture); } } - internal static string NdefTextTooLong { + /// + /// Looks up a localized string similar to SCP03 handshake called out-of-order: loading an external authenticate response before processing the preceding initialize update response is not possible.. + /// + internal static string LoadExternalAuthenticateResponsePriorToLoadInitializUpdateResponse { get { - return ResourceManager.GetString("NdefTextTooLong", resourceCulture); + return ResourceManager.GetString("LoadExternalAuthenticateResponsePriorToLoadInitializUpdateResponse", resourceCulture); } } - internal static string NdefUriTooLong { + /// + /// Looks up a localized string similar to SCP03 handshake called out-of-order: loading the response to an initialize update command before building it is not possible.. + /// + internal static string LoadInitializeUpdatePriorToBuild { get { - return ResourceManager.GetString("NdefUriTooLong", resourceCulture); + return ResourceManager.GetString("LoadInitializeUpdatePriorToBuild", resourceCulture); } } - internal static string InvalidNdefConfig { + /// + /// Looks up a localized string similar to The configuration lock code cannot be set to all zeros.. + /// + internal static string LockCodeAllZeroNotAllowed { get { - return ResourceManager.GetString("InvalidNdefConfig", resourceCulture); + return ResourceManager.GetString("LockCodeAllZeroNotAllowed", resourceCulture); } } - internal static string NdefLanguageCodeTooLong { + /// + /// Looks up a localized string similar to The lock code must be {0}-bytes. {1} bytes were specified.. + /// + internal static string LockCodeWrongLength { get { - return ResourceManager.GetString("NdefLanguageCodeTooLong", resourceCulture); + return ResourceManager.GetString("LockCodeWrongLength", resourceCulture); } } - internal static string InvalidPin { + /// + /// Looks up a localized string similar to The NDEF record is malformed. Contact Yubico Support if this error persists.. + /// + internal static string MalformedNdefRecord { get { - return ResourceManager.GetString("InvalidPin", resourceCulture); + return ResourceManager.GetString("MalformedNdefRecord", resourceCulture); } } - internal static string InvalidPinLength { + /// + /// Looks up a localized string similar to Cannot open the management application.. + /// + internal static string ManagementApplicationUnavailable { get { - return ResourceManager.GetString("InvalidPinLength", resourceCulture); + return ResourceManager.GetString("ManagementApplicationUnavailable", resourceCulture); } } - internal static string SmartCardPipelineSetupFailed { + /// + /// Looks up a localized string similar to The YubiKey is configured for PIN-only, so the management key cannot be changed.. + /// + internal static string MgmtKeyCannotBeChanged { get { - return ResourceManager.GetString("SmartCardPipelineSetupFailed", resourceCulture); + return ResourceManager.GetString("MgmtKeyCannotBeChanged", resourceCulture); } } - internal static string InvalidCredentialType { + /// + /// Looks up a localized string similar to A required property was missing for CTAP2.. + /// + internal static string MissingCtap2Data { get { - return ResourceManager.GetString("InvalidCredentialType", resourceCulture); + return ResourceManager.GetString("MissingCtap2Data", resourceCulture); } } - internal static string InvalidKeyboardInstruction { + /// + /// Looks up a localized string similar to A KeyCollector delegate is needed but not supplied.. + /// + internal static string MissingKeyCollector { get { - return ResourceManager.GetString("InvalidKeyboardInstruction", resourceCulture); + return ResourceManager.GetString("MissingKeyCollector", resourceCulture); } } - internal static string KeyboardDataTooBig { + /// + /// Looks up a localized string similar to Multiple exceptions encountered. See inner exceptions for details.. + /// + internal static string MultipleExceptions { get { - return ResourceManager.GetString("KeyboardDataTooBig", resourceCulture); + return ResourceManager.GetString("MultipleExceptions", resourceCulture); } } - internal static string KeyboardInvalidFlag { + /// + /// Looks up a localized string similar to To use the YubiKey serial number as the public ID, the Memory<byte> collection must be exactly six bytes.. + /// + internal static string MustBeSixBytesForSerial { get { - return ResourceManager.GetString("KeyboardInvalidFlag", resourceCulture); + return ResourceManager.GetString("MustBeSixBytesForSerial", resourceCulture); } } - internal static string KeyboardNoReply { + /// + /// Looks up a localized string similar to You must choose either the HMAC-SHA1 or Yubico OTP algorithm for the challenge response.. + /// + internal static string MustChooseAlgorithm { get { - return ResourceManager.GetString("KeyboardNoReply", resourceCulture); + return ResourceManager.GetString("MustChooseAlgorithm", resourceCulture); } } - internal static string KeyboardReadReportFailed { + /// + /// Looks up a localized string similar to You must either specify or choose to generate a key.. + /// + internal static string MustChooseOrGenerateKey { get { - return ResourceManager.GetString("KeyboardReadReportFailed", resourceCulture); + return ResourceManager.GetString("MustChooseOrGenerateKey", resourceCulture); } } - internal static string KeyboardSequenceOutOfRange { + /// + /// Looks up a localized string similar to You must either specify or choose to generate a private ID.. + /// + internal static string MustChooseOrGeneratePrivateId { get { - return ResourceManager.GetString("KeyboardSequenceOutOfRange", resourceCulture); + return ResourceManager.GetString("MustChooseOrGeneratePrivateId", resourceCulture); } } - internal static string KeyboardTimeout { + /// + /// Looks up a localized string similar to You must either specify a value or choose to use the YubiKey serial number as a public ID.. + /// + internal static string MustChooseOrUseSerialAsPublicId { get { - return ResourceManager.GetString("KeyboardTimeout", resourceCulture); + return ResourceManager.GetString("MustChooseOrUseSerialAsPublicId", resourceCulture); } } - internal static string KeyboardUnexpectedEndOfBuffer { + /// + /// Looks up a localized string similar to You must specify either TOTP or a challenge.. + /// + internal static string MustChooseTotpOrChallenge { get { - return ResourceManager.GetString("KeyboardUnexpectedEndOfBuffer", resourceCulture); + return ResourceManager.GetString("MustChooseTotpOrChallenge", resourceCulture); } } - internal static string UserInteractionTimeout { + /// + /// Looks up a localized string similar to At least one available USB capability must be enabled.. + /// + internal static string MustEnableOneAvailableUsbCapability { get { - return ResourceManager.GetString("UserInteractionTimeout", resourceCulture); + return ResourceManager.GetString("MustEnableOneAvailableUsbCapability", resourceCulture); } } - internal static string InvalidDeviceNotYubico { + /// + /// Looks up a localized string similar to At least one USB interface must be enabled.. + /// + internal static string MustEnableOneAvailableUsbInterface { get { - return ResourceManager.GetString("InvalidDeviceNotYubico", resourceCulture); + return ResourceManager.GetString("MustEnableOneAvailableUsbInterface", resourceCulture); } } - internal static string InvalidConnectionTypeNone { + /// + /// Looks up a localized string similar to You must specify a keyboard layout to configure a static password.. + /// + internal static string MustSpecifyKeyboardLayout { get { - return ResourceManager.GetString("InvalidConnectionTypeNone", resourceCulture); + return ResourceManager.GetString("MustSpecifyKeyboardLayout", resourceCulture); } } - internal static string NotImplementedHidFidoEnumeration { + /// + /// Looks up a localized string similar to You must either supply a static password or specify that one should be generated.. + /// + internal static string MustSpecifyOrGeneratePassword { get { - return ResourceManager.GetString("NotImplementedHidFidoEnumeration", resourceCulture); + return ResourceManager.GetString("MustSpecifyOrGeneratePassword", resourceCulture); } } - internal static string HidFidoWindowsNotElevated { + /// + /// Looks up a localized string similar to The NDEF language code is too long.. + /// + internal static string NdefLanguageCodeTooLong { get { - return ResourceManager.GetString("HidFidoWindowsNotElevated", resourceCulture); + return ResourceManager.GetString("NdefLanguageCodeTooLong", resourceCulture); } } - internal static string InvalidDeviceNotFido { + /// + /// Looks up a localized string similar to The value and languageCode specified must fit within a buffer of less than {0} bytes. It requires {1} bytes in total, with value requiring {2} bytes, and languageCode requiring {3} bytes.. + /// + internal static string NdefTextTooLong { get { - return ResourceManager.GetString("InvalidDeviceNotFido", resourceCulture); + return ResourceManager.GetString("NdefTextTooLong", resourceCulture); } } - internal static string InvalidDeviceNotKeyboard { + /// + /// Looks up a localized string similar to The uri specified must fit within a buffer of less than {0} bytes. The length is {1} after matching with a prefix code of {2}.. + /// + internal static string NdefUriTooLong { get { - return ResourceManager.GetString("InvalidDeviceNotKeyboard", resourceCulture); + return ResourceManager.GetString("NdefUriTooLong", resourceCulture); } } - internal static string InvalidStatusReport { + /// + /// Looks up a localized string similar to No active connections for that YubiKey were found.. + /// + internal static string NoActiveConnections { get { - return ResourceManager.GetString("InvalidStatusReport", resourceCulture); + return ResourceManager.GetString("NoActiveConnections", resourceCulture); } } - internal static string StatusReportNotFirstReportRead { + /// + /// Looks up a localized string similar to There is no data to encode.. + /// + internal static string NoDataToEncode { get { - return ResourceManager.GetString("StatusReportNotFirstReportRead", resourceCulture); + return ResourceManager.GetString("NoDataToEncode", resourceCulture); } } - internal static string ArgumentMustBeFirmwareVersion { + /// + /// Looks up a localized string similar to There is no YubiKey interface available to communicate with the requested application.. + /// + internal static string NoInterfaceAvailable { get { - return ResourceManager.GetString("ArgumentMustBeFirmwareVersion", resourceCulture); + return ResourceManager.GetString("NoInterfaceAvailable", resourceCulture); } } - internal static string OtpFlagsNotValid { + /// + /// Looks up a localized string similar to There are no retries remaining for a PIN, PUK, or other authentication element.. + /// + internal static string NoMoreRetriesRemaining { get { - return ResourceManager.GetString("OtpFlagsNotValid", resourceCulture); + return ResourceManager.GetString("NoMoreRetriesRemaining", resourceCulture); } } - internal static string StaticTicketNotSettable { + /// + /// Looks up a localized string similar to Response data is not available as the ResponseApdu has indicated a failure. Check the SW property or call ThrowIfFailed for more information.. + /// + internal static string NoResponseDataApduFailed { get { - return ResourceManager.GetString("StaticTicketNotSettable", resourceCulture); + return ResourceManager.GetString("NoResponseDataApduFailed", resourceCulture); } } - internal static string InvalidScancode { + /// + /// Looks up a localized string similar to Enumeration of ConnectionType.HidFido devices is not implemented.. + /// + internal static string NotImplementedHidFidoEnumeration { get { - return ResourceManager.GetString("InvalidScancode", resourceCulture); + return ResourceManager.GetString("NotImplementedHidFidoEnumeration", resourceCulture); } } - internal static string UnableToVerifyOathPassword { + /// + /// Looks up a localized string similar to This operation is not supported by this version of YubiKey.. + /// + internal static string NotSupportedByYubiKeyVersion { get { - return ResourceManager.GetString("UnableToVerifyOathPassword", resourceCulture); + return ResourceManager.GetString("NotSupportedByYubiKeyVersion", resourceCulture); } } - internal static string IncorrectOathNewPassword { + /// + /// Looks up a localized string similar to You must choose either Yubico OTP or HMAC-SHA1, but not both.. + /// + internal static string OnlyOneAlgorithm { get { - return ResourceManager.GetString("IncorrectOathNewPassword", resourceCulture); + return ResourceManager.GetString("OnlyOneAlgorithm", resourceCulture); } } - internal static string OtpFlagRequired { + /// + /// Looks up a localized string similar to Attempted to perform command encoding or response decoding prior to loading the response to initialize update.. + /// + internal static string OperationPriorToLoadInitializeUpdate { get { - return ResourceManager.GetString("OtpFlagRequired", resourceCulture); + return ResourceManager.GetString("OperationPriorToLoadInitializeUpdate", resourceCulture); } } - internal static string OtpFlagRequiredAnd { + /// + /// Looks up a localized string similar to An OTP code must be between 6 and 10 digits.. + /// + internal static string OtpCodeDigitRange { get { - return ResourceManager.GetString("OtpFlagRequiredAnd", resourceCulture); + return ResourceManager.GetString("OtpCodeDigitRange", resourceCulture); } } - internal static string SHA512NotSupported { + /// + /// Looks up a localized string similar to There are values set as ConfigurationFlags that are not valid.. + /// + internal static string OtpConfigFlagsInvalid { get { - return ResourceManager.GetString("SHA512NotSupported", resourceCulture); + return ResourceManager.GetString("OtpConfigFlagsInvalid", resourceCulture); } } - internal static string TouchNotSupported { + /// + /// Looks up a localized string similar to One or more flags specified are not allowed to be updated.. + /// + internal static string OtpConfigFlagsNotUpdatable { get { - return ResourceManager.GetString("TouchNotSupported", resourceCulture); + return ResourceManager.GetString("OtpConfigFlagsNotUpdatable", resourceCulture); } } - internal static string RenameCommandNotSupported { + /// + /// Looks up a localized string similar to There are values set as ExtendedFlags that are not valid.. + /// + internal static string OtpExtendedFlagsInvalid { get { - return ResourceManager.GetString("RenameCommandNotSupported", resourceCulture); + return ResourceManager.GetString("OtpExtendedFlagsInvalid", resourceCulture); } } - internal static string MustEnableOneAvailableUsbCapability { + /// + /// Looks up a localized string similar to Conflicting OTP configuration flags: {0} cannot be set with {1}.. + /// + internal static string OtpFlagConflict { get { - return ResourceManager.GetString("MustEnableOneAvailableUsbCapability", resourceCulture); + return ResourceManager.GetString("OtpFlagConflict", resourceCulture); } } - internal static string AccessCodeTooLong { + /// + /// Looks up a localized string similar to The {0} flag requires the {1} flag to also be set.. + /// + internal static string OtpFlagRequired { get { - return ResourceManager.GetString("AccessCodeTooLong", resourceCulture); + return ResourceManager.GetString("OtpFlagRequired", resourceCulture); } } - internal static string BothGenerateAndSpecify { + /// + /// Looks up a localized string similar to The {0} flag requires all of the {1} flag to also be set.. + /// + internal static string OtpFlagRequiredAnd { get { - return ResourceManager.GetString("BothGenerateAndSpecify", resourceCulture); + return ResourceManager.GetString("OtpFlagRequiredAnd", resourceCulture); } } - internal static string SlotNotSet { + /// + /// Looks up a localized string similar to The {0} flag requires at least one of the flags {1} to also be set.. + /// + internal static string OtpFlagRequiredOr { get { - return ResourceManager.GetString("SlotNotSet", resourceCulture); + return ResourceManager.GetString("OtpFlagRequiredOr", resourceCulture); } } - internal static string StaticPasswordInvalidLength { + /// + /// Looks up a localized string similar to The value given to GetYubiKeyFlags is not a valid OtpFlags value.. + /// + internal static string OtpFlagsNotValid { get { - return ResourceManager.GetString("StaticPasswordInvalidLength", resourceCulture); + return ResourceManager.GetString("OtpFlagsNotValid", resourceCulture); } } - internal static string LockCodeAllZeroNotAllowed { + /// + /// Looks up a localized string similar to The language code is invalid.. + /// + internal static string OtpNdefInvalidLanguageCode { get { - return ResourceManager.GetString("LockCodeAllZeroNotAllowed", resourceCulture); + return ResourceManager.GetString("OtpNdefInvalidLanguageCode", resourceCulture); } } - internal static string AutoEjectTimeoutRequiresTouchEjectEnabled { + /// + /// Looks up a localized string similar to An NDEF slot must be programmed as text or as a URI. Neither of these were specified.. + /// + internal static string OtpNdefNoTypeChosen { get { - return ResourceManager.GetString("AutoEjectTimeoutRequiresTouchEjectEnabled", resourceCulture); + return ResourceManager.GetString("OtpNdefNoTypeChosen", resourceCulture); } } - internal static string SupportsOnlyUsbInterfaces { + /// + /// Looks up a localized string similar to Specifying UTF-16 encoding or a language code does not have any effect when programming a URI into the NDEF slot.. + /// + internal static string OtpNdefPropertiesHaveNoEffect { get { - return ResourceManager.GetString("SupportsOnlyUsbInterfaces", resourceCulture); + return ResourceManager.GetString("OtpNdefPropertiesHaveNoEffect", resourceCulture); } } - internal static string TouchEjectTimeoutRequiresCcidOnly { + /// + /// Looks up a localized string similar to Unable to select the NDEF file record. {0}. + /// + internal static string OtpNdefSelectFileFailed { get { - return ResourceManager.GetString("TouchEjectTimeoutRequiresCcidOnly", resourceCulture); + return ResourceManager.GetString("OtpNdefSelectFileFailed", resourceCulture); } } - internal static string MustEnableOneAvailableUsbInterface { + /// + /// Looks up a localized string similar to An NDEF configuration cannot contain both both text and a URI.. + /// + internal static string OtpNdefTypeConflict { get { - return ResourceManager.GetString("MustEnableOneAvailableUsbInterface", resourceCulture); + return ResourceManager.GetString("OtpNdefTypeConflict", resourceCulture); } } - internal static string YubiKeyOperationFailed { + /// + /// Looks up a localized string similar to The command cannot be performed because none of the slots are configured.. + /// + internal static string OtpSlotsNotConfigured { get { - return ResourceManager.GetString("YubiKeyOperationFailed", resourceCulture); + return ResourceManager.GetString("OtpSlotsNotConfigured", resourceCulture); } } + /// + /// Looks up a localized string similar to Swapping OTP slot configurations is not supported on YubiKeys with firmware version less than 2.3.2.. + /// internal static string OtpSwapCommandNotSupported { get { return ResourceManager.GetString("OtpSwapCommandNotSupported", resourceCulture); } } - internal static string OtpSlotsNotConfigured { + /// + /// Looks up a localized string similar to There are values set as TicketFlags that are not valid.. + /// + internal static string OtpTicketFlagsInvalid { get { - return ResourceManager.GetString("OtpSlotsNotConfigured", resourceCulture); + return ResourceManager.GetString("OtpTicketFlagsInvalid", resourceCulture); } } - internal static string BothTotpAndChallenge { + /// + /// Looks up a localized string similar to The prefix code specified in the NDEF record is not valid. Prefix codes are between 0 and 35.. + /// + internal static string OutOfRangeUriPrefixCode { get { - return ResourceManager.GetString("BothTotpAndChallenge", resourceCulture); + return ResourceManager.GetString("OutOfRangeUriPrefixCode", resourceCulture); } } - internal static string MustChooseTotpOrChallenge { + /// + /// Looks up a localized string similar to The password is not set yet. You should execute the operation before attempting to retrieve the password.. + /// + internal static string PasswordNotSetYet { get { - return ResourceManager.GetString("MustChooseTotpOrChallenge", resourceCulture); + return ResourceManager.GetString("PasswordNotSetYet", resourceCulture); } } - internal static string OnlyOneAlgorithm { + /// + /// Looks up a localized string similar to The YubiKey is configured for something incompatible with PIN-only.. + /// + internal static string PinOnlyNotPossible { get { - return ResourceManager.GetString("OnlyOneAlgorithm", resourceCulture); + return ResourceManager.GetString("PinOnlyNotPossible", resourceCulture); } } - internal static string CantSpecifyPrivateIdAndGenerate { + /// + /// Looks up a localized string similar to The private ID must be set either explicitly or by specifying that it should be generated before it can be read.. + /// + internal static string PrivateIdNotSet { get { - return ResourceManager.GetString("CantSpecifyPrivateIdAndGenerate", resourceCulture); + return ResourceManager.GetString("PrivateIdNotSet", resourceCulture); } } - internal static string CantSpecifyPublicIdAndUseSerial { + /// + /// Looks up a localized string similar to The private identifier must be exactly 6 bytes.. + /// + internal static string PrivateIdWrongSize { get { - return ResourceManager.GetString("CantSpecifyPublicIdAndUseSerial", resourceCulture); + return ResourceManager.GetString("PrivateIdWrongSize", resourceCulture); } } - internal static string KeyHasNoVisibleSerial { + /// + /// Looks up a localized string similar to The {0} property can only be set to a maximum value of {1}. The value is {2}.. + /// + internal static string PropertyValueTooLarge { get { - return ResourceManager.GetString("KeyHasNoVisibleSerial", resourceCulture); + return ResourceManager.GetString("PropertyValueTooLarge", resourceCulture); } } - internal static string MultipleExceptions { + /// + /// Looks up a localized string similar to The public ID must be set either explicitly or by specifying to use serial number before it can be read.. + /// + internal static string PublicIdNotSet { get { - return ResourceManager.GetString("MultipleExceptions", resourceCulture); + return ResourceManager.GetString("PublicIdNotSet", resourceCulture); } } - internal static string MustChooseOrGeneratePrivateId { + /// + /// Looks up a localized string similar to The public identifier must be between 1 and 16 bytes.. + /// + internal static string PublicIdWrongSize { get { - return ResourceManager.GetString("MustChooseOrGeneratePrivateId", resourceCulture); + return ResourceManager.GetString("PublicIdWrongSize", resourceCulture); } } - internal static string MustChooseOrUseSerialAsPublicId { + /// + /// Looks up a localized string similar to Renaming a credential is not supported on YubiKeys with firmware version less than 5.3.0.. + /// + internal static string RenameCommandNotSupported { get { - return ResourceManager.GetString("MustChooseOrUseSerialAsPublicId", resourceCulture); + return ResourceManager.GetString("RenameCommandNotSupported", resourceCulture); } } - internal static string MustChooseOrGenerateKey { + /// + /// Looks up a localized string similar to This method can only be called on a YubiKey that is connected via NFC.. + /// + internal static string RequiresNfc { get { - return ResourceManager.GetString("MustChooseOrGenerateKey", resourceCulture); + return ResourceManager.GetString("RequiresNfc", resourceCulture); } } - internal static string PrivateIdWrongSize { + /// + /// Looks up a localized string similar to The HMAC-SHA512 algorithm is not supported on YubiKeys with firmware version less than 4.3.1.. + /// + internal static string SHA512NotSupported { get { - return ResourceManager.GetString("PrivateIdWrongSize", resourceCulture); + return ResourceManager.GetString("SHA512NotSupported", resourceCulture); } } - internal static string PublicIdWrongSize { + /// + /// Looks up a localized string similar to No YubiKey slot was set. You must select a slot to configure.. + /// + internal static string SlotNotSet { get { - return ResourceManager.GetString("PublicIdWrongSize", resourceCulture); + return ResourceManager.GetString("SlotNotSet", resourceCulture); } } - internal static string YubicoKeyWrongSize { + /// + /// Looks up a localized string similar to Failed to select the smart card application. 0x{0:X4}. + /// + internal static string SmartCardPipelineSetupFailed { get { - return ResourceManager.GetString("YubicoKeyWrongSize", resourceCulture); + return ResourceManager.GetString("SmartCardPipelineSetupFailed", resourceCulture); } } - internal static string MustChooseAlgorithm { + /// + /// Looks up a localized string similar to The static password length must be between 1 and {0} characters.. + /// + internal static string StaticPasswordInvalidLength { get { - return ResourceManager.GetString("MustChooseAlgorithm", resourceCulture); + return ResourceManager.GetString("StaticPasswordInvalidLength", resourceCulture); } } - internal static string CantSpecifyKeyAndGenerate { + /// + /// Looks up a localized string similar to The StaticTicket flag cannot be changed in a StaticTicketFlags object.. + /// + internal static string StaticTicketNotSettable { get { - return ResourceManager.GetString("CantSpecifyKeyAndGenerate", resourceCulture); + return ResourceManager.GetString("StaticTicketNotSettable", resourceCulture); } } - internal static string PrivateIdNotSet { + /// + /// Looks up a localized string similar to The status report must be the first report read by the KeyboardFrameReader.. + /// + internal static string StatusReportNotFirstReportRead { get { - return ResourceManager.GetString("PrivateIdNotSet", resourceCulture); + return ResourceManager.GetString("StatusReportNotFirstReportRead", resourceCulture); } } - internal static string PublicIdNotSet { + /// + /// Looks up a localized string similar to An input Stream was not readable.. + /// + internal static string StreamNotReadable { get { - return ResourceManager.GetString("PublicIdNotSet", resourceCulture); + return ResourceManager.GetString("StreamNotReadable", resourceCulture); } } - internal static string KeyNotSet { + /// + /// Looks up a localized string similar to Only USB interfaces are supported by this operation.. + /// + internal static string SupportsOnlyUsbInterfaces { get { - return ResourceManager.GetString("KeyNotSet", resourceCulture); + return ResourceManager.GetString("SupportsOnlyUsbInterfaces", resourceCulture); } } - internal static string AlgorithmNotChosen { + /// + /// Looks up a localized string similar to Touch eject timeout requires the YubiKey to only have the CCID interface enabled.. + /// + internal static string TouchEjectTimeoutRequiresCcidOnly { get { - return ResourceManager.GetString("AlgorithmNotChosen", resourceCulture); + return ResourceManager.GetString("TouchEjectTimeoutRequiresCcidOnly", resourceCulture); } } - internal static string HmacKeyWrongSize { + /// + /// Looks up a localized string similar to The require touch property is not supported on YubiKeys with firmware version less than 4.2.4.. + /// + internal static string TouchNotSupported { get { - return ResourceManager.GetString("HmacKeyWrongSize", resourceCulture); + return ResourceManager.GetString("TouchNotSupported", resourceCulture); } } - internal static string IntOrCodeOnlyWithHmac { + /// + /// Looks up a localized string similar to This command will block as it is requesting user presence (touch).. + /// + internal static string TouchRequired { get { - return ResourceManager.GetString("IntOrCodeOnlyWithHmac", resourceCulture); + return ResourceManager.GetString("TouchRequired", resourceCulture); } } - internal static string OtpCodeDigitRange { + /// + /// Looks up a localized string similar to The Triple-DES operation failed.. + /// + internal static string TripleDesFailed { get { - return ResourceManager.GetString("OtpCodeDigitRange", resourceCulture); + return ResourceManager.GetString("TripleDesFailed", resourceCulture); } } - internal static string YubicoOtpNotCompatible { + /// + /// Looks up a localized string similar to The verification of the current password failed.. + /// + internal static string UnableToVerifyOathPassword { get { - return ResourceManager.GetString("YubicoOtpNotCompatible", resourceCulture); + return ResourceManager.GetString("UnableToVerifyOathPassword", resourceCulture); } } - internal static string InvalidImfValue { + /// + /// Looks up a localized string similar to Unexpected state encountered. This most likely indicates a bug in the SDK. Please report this exception to Yubico Support.. + /// + internal static string UnexpectedState { get { - return ResourceManager.GetString("InvalidImfValue", resourceCulture); + return ResourceManager.GetString("UnexpectedState", resourceCulture); } } - internal static string RequiresNfc { + /// + /// Looks up a localized string similar to An unknown error has occurred.. + /// + internal static string UnknownError { get { - return ResourceManager.GetString("RequiresNfc", resourceCulture); + return ResourceManager.GetString("UnknownError", resourceCulture); } } - internal static string OtpNdefSelectFileFailed { + /// + /// Looks up a localized string similar to The authenticator returned an unknown FIDO2 status indicating an error.. + /// + internal static string UnknownFido2Status { get { - return ResourceManager.GetString("OtpNdefSelectFileFailed", resourceCulture); + return ResourceManager.GetString("UnknownFido2Status", resourceCulture); } } - internal static string CantDeleteEmptySlot { + /// + /// Looks up a localized string similar to An unknown FIDO error has occurred.. + /// + internal static string UnknownFidoError { get { - return ResourceManager.GetString("CantDeleteEmptySlot", resourceCulture); + return ResourceManager.GetString("UnknownFidoError", resourceCulture); } } - internal static string OtpNdefPropertiesHaveNoEffect { + /// + /// Looks up a localized string similar to An unknown SCP03 error has occurred.. + /// + internal static string UnknownScp03Error { get { - return ResourceManager.GetString("OtpNdefPropertiesHaveNoEffect", resourceCulture); + return ResourceManager.GetString("UnknownScp03Error", resourceCulture); } } - internal static string OtpNdefNoTypeChosen { + /// + /// Looks up a localized string similar to Unknown YubiKey feature.. + /// + internal static string UnknownYubiKeyFeature { get { - return ResourceManager.GetString("OtpNdefNoTypeChosen", resourceCulture); + return ResourceManager.GetString("UnknownYubiKeyFeature", resourceCulture); } } - internal static string OtpNdefTypeConflict { + /// + /// Looks up a localized string similar to The requested algorithm is not supported.. + /// + internal static string UnsupportedAlgorithm { get { - return ResourceManager.GetString("OtpNdefTypeConflict", resourceCulture); + return ResourceManager.GetString("UnsupportedAlgorithm", resourceCulture); } } - internal static string OtpNdefInvalidLanguageCode { + /// + /// Looks up a localized string similar to The certificate provided is not supported as an Attestation Certificate.. + /// + internal static string UnsupportedAttestationCert { get { - return ResourceManager.GetString("OtpNdefInvalidLanguageCode", resourceCulture); + return ResourceManager.GetString("UnsupportedAttestationCert", resourceCulture); } } - internal static string PasswordNotSetYet { + /// + /// Looks up a localized string similar to Timed out waiting for user interaction.. + /// + internal static string UserInteractionTimeout { get { - return ResourceManager.GetString("PasswordNotSetYet", resourceCulture); + return ResourceManager.GetString("UserInteractionTimeout", resourceCulture); } } - internal static string MustSpecifyOrGeneratePassword { + /// + /// Looks up a localized string similar to Cannot convert the data to the requested type. Expected only {0} byte(s) of data, but {1} byte(s) were present.. + /// + internal static string ValueConversionFailed { get { - return ResourceManager.GetString("MustSpecifyOrGeneratePassword", resourceCulture); + return ResourceManager.GetString("ValueConversionFailed", resourceCulture); } } - internal static string MustSpecifyKeyboardLayout { + /// + /// Looks up a localized string similar to The value {0} is not valid for the enum type {1}.. + /// + internal static string ValueIsNotEnum { get { - return ResourceManager.GetString("MustSpecifyKeyboardLayout", resourceCulture); + return ResourceManager.GetString("ValueIsNotEnum", resourceCulture); } } - internal static string MustBeSixBytesForSerial { + /// + /// Looks up a localized string similar to The value must be between {0} and {1}, and the first value must be less than the second.. + /// + internal static string ValueMustBeBetweenXandY { get { - return ResourceManager.GetString("MustBeSixBytesForSerial", resourceCulture); + return ResourceManager.GetString("ValueMustBeBetweenXandY", resourceCulture); } } - internal static string ValueMustBeBetweenXandY { + /// + /// Looks up a localized string similar to The HID code map must contain {0} HID codes. The supplied map contains {1}.. + /// + internal static string WrongHidCodeMapLength { get { - return ResourceManager.GetString("ValueMustBeBetweenXandY", resourceCulture); + return ResourceManager.GetString("WrongHidCodeMapLength", resourceCulture); } } - internal static string DeviceDoesNotSupportApplication { + /// + /// Looks up a localized string similar to The NDEF record has a type of {0}. Unable to translate it to {1} as requested.. + /// + internal static string WrongNdefType { get { - return ResourceManager.GetString("DeviceDoesNotSupportApplication", resourceCulture); + return ResourceManager.GetString("WrongNdefType", resourceCulture); } } - internal static string DeviceTypeNotRecognized { + /// + /// Looks up a localized string similar to The AES key must be exactly 16 bytes.. + /// + internal static string YubicoKeyWrongSize { get { - return ResourceManager.GetString("DeviceTypeNotRecognized", resourceCulture); + return ResourceManager.GetString("YubicoKeyWrongSize", resourceCulture); } } - internal static string NoActiveConnections { + /// + /// Looks up a localized string similar to The Yubico OTP algorithm requires a 6-byte challenge.. + /// + internal static string YubicoOtpChallengeLengthInvalid { get { - return ResourceManager.GetString("NoActiveConnections", resourceCulture); + return ResourceManager.GetString("YubicoOtpChallengeLengthInvalid", resourceCulture); } } - internal static string UnknownYubiKeyFeature { + /// + /// Looks up a localized string similar to Yubico OTP is not compatible with TOTP.. + /// + internal static string YubicoOtpNotCompatible { get { - return ResourceManager.GetString("UnknownYubiKeyFeature", resourceCulture); + return ResourceManager.GetString("YubicoOtpNotCompatible", resourceCulture); } } - internal static string InvalidU2fHidErrorCodeLength { + /// + /// Looks up a localized string similar to PIV management key mutual authentication failed because the YubiKey did not authenticate.. + /// + internal static string YubiKeyNotAuthenticatedInPiv { get { - return ResourceManager.GetString("InvalidU2fHidErrorCodeLength", resourceCulture); + return ResourceManager.GetString("YubiKeyNotAuthenticatedInPiv", resourceCulture); } } - internal static string InvalidStatusWordMustBeNoPreciseDiagnosis { + /// + /// Looks up a localized string similar to The requested operation is not available on non-FIPS YubiKeys.. + /// + internal static string YubiKeyNotFips { get { - return ResourceManager.GetString("InvalidStatusWordMustBeNoPreciseDiagnosis", resourceCulture); + return ResourceManager.GetString("YubiKeyNotFips", resourceCulture); } } - internal static string CannotMergeDifferentParents { + /// + /// Looks up a localized string similar to YubiKey Operation Failed [{0}]. + /// + internal static string YubiKeyOperationFailed { get { - return ResourceManager.GetString("CannotMergeDifferentParents", resourceCulture); + return ResourceManager.GetString("YubiKeyOperationFailed", resourceCulture); } } } diff --git a/Yubico.YubiKey/src/Resources/ExceptionMessages.resx b/Yubico.YubiKey/src/Resources/ExceptionMessages.resx index c9079f2d..8a072d16 100644 --- a/Yubico.YubiKey/src/Resources/ExceptionMessages.resx +++ b/Yubico.YubiKey/src/Resources/ExceptionMessages.resx @@ -724,6 +724,12 @@ Unknown YubiKey feature. + + The requested operation is not available on non-FIPS YubiKeys. + + + The YubiKey is already set with the attribute specified. + The U2F HID error code should be 1 byte long. The supplied error code contains {0} bytes. diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/U2f/Commands/SetPinCommand.cs b/Yubico.YubiKey/src/Yubico/YubiKey/U2f/Commands/SetPinCommand.cs index 9509ffea..a7399399 100644 --- a/Yubico.YubiKey/src/Yubico/YubiKey/U2f/Commands/SetPinCommand.cs +++ b/Yubico.YubiKey/src/Yubico/YubiKey/U2f/Commands/SetPinCommand.cs @@ -28,11 +28,6 @@ public sealed class SetPinCommand : IYubiKeyCommand { private const byte Ctap1MessageInstruction = 0x03; private const byte SetPinInstruction = 0x44; - private const int MinimumPinLength = 6; - private const int MaximumPinLength = 32; - - private ReadOnlyMemory _currentPin = ReadOnlyMemory.Empty; - private ReadOnlyMemory _newPin = ReadOnlyMemory.Empty; /// /// The PIN needed to perform U2F operations on a FIPS YubiKey. If this is @@ -40,7 +35,9 @@ public sealed class SetPinCommand : IYubiKeyCommand /// /// /// If there is a PIN, it must be from 6 to 32 bytes long (inclusive). It - /// is binary data. + /// is binary data. This command class will use whatever PIN you supply, + /// so if it is an incorrect length, you will get the error when trying + /// to execute the command. /// /// This class will copy a reference to the PIN provided. Do not /// overwrite the data until after the command has executed. After it has @@ -51,56 +48,29 @@ public sealed class SetPinCommand : IYubiKeyCommand /// PIN for the first time), there is no need to set this property. /// /// - public ReadOnlyMemory CurrentPin - { - get => _currentPin; - - set - { - if ((value.Length != 0) && ((value.Length < MinimumPinLength) || (value.Length > MaximumPinLength))) - { - throw new ArgumentException( - string.Format( - CultureInfo.CurrentCulture, - ExceptionMessages.InvalidPinLength)); - } - - _currentPin = value; - } - } + public ReadOnlyMemory CurrentPin { get; set; } /// /// The PIN that will replace the current PIN. /// /// - /// The PIN must be from 6 to 32 bytes long (inclusive). It is binary - /// data. It is not possible to pass in an Empty PIN (changing a YubiKey - /// from PIN required to no PIN). Once a PIN is set, the U2F application - /// on that YubiKey must always have a PIN. The only way to remove a PIN - /// is to reset the application. + /// The PIN must be from 6 to 32 bytes long (inclusive). This command + /// class will use whatever PIN you supply, so if it is an incorrect + /// length, you will get the error when trying to execute the command. + /// + /// It is binary data. It is not possible to pass in an Empty PIN + /// (changing a YubiKey from PIN required to no PIN). Once a PIN is set, + /// the U2F application on that YubiKey must always have a PIN. The only + /// way to remove a PIN is to reset the application. + /// /// /// This class will copy a reference to the PIN provided. Do not /// overwrite the data until after the command has executed. After it has /// executed, overwrite the buffer for security reasons. /// /// - public ReadOnlyMemory NewPin - { - get => _newPin; + public ReadOnlyMemory NewPin { get; set; } - set - { - //if ((value.Length < MinimumPinLength) || (value.Length > MaximumPinLength)) - //{ - // throw new ArgumentException( - // string.Format( - // CultureInfo.CurrentCulture, - // ExceptionMessages.InvalidPinLength)); - //} - - _newPin = value; - } - } /// /// Gets the YubiKeyApplication to which this command belongs. /// @@ -125,6 +95,8 @@ public ReadOnlyMemory NewPin /// private SetPinCommand() { + CurrentPin = ReadOnlyMemory.Empty; + NewPin = ReadOnlyMemory.Empty; } /// diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/U2f/Commands/VerifyPinCommand.cs b/Yubico.YubiKey/src/Yubico/YubiKey/U2f/Commands/VerifyPinCommand.cs index bbc45ab1..ea7758c5 100644 --- a/Yubico.YubiKey/src/Yubico/YubiKey/U2f/Commands/VerifyPinCommand.cs +++ b/Yubico.YubiKey/src/Yubico/YubiKey/U2f/Commands/VerifyPinCommand.cs @@ -29,40 +29,22 @@ public sealed class VerifyPinCommand : IYubiKeyCommand { private const byte Ctap1MessageInstruction = 0x03; private const byte VerifyPinInstruction = 0x43; - private const int MinimumPinLength = 6; - private const int MaximumPinLength = 32; - - private ReadOnlyMemory _pin = ReadOnlyMemory.Empty; /// /// The PIN needed to perform U2F operations on a FIPS YubiKey. /// /// /// The PIN must be from 6 to 32 bytes long (inclusive). It is binary - /// data. + /// data. This command class will use whatever PIN you supply, so if it + /// is an incorrect length, you will get the error when trying to + /// execute tht command. /// /// This class will copy a reference to the PIN provided. Do not /// overwrite the data until after the command has executed. After it has /// executed, overwrite the buffer for security reasons. /// /// - public ReadOnlyMemory Pin - { - get => _pin; - - set - { - if ((value.Length < MinimumPinLength) || (value.Length > MaximumPinLength)) - { - throw new ArgumentException( - string.Format( - CultureInfo.CurrentCulture, - ExceptionMessages.InvalidPinLength)); - } - - _pin = value; - } - } + public ReadOnlyMemory Pin { get; set; } /// /// Gets the YubiKeyApplication to which this command belongs. diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/U2f/U2fSession.Pin.cs b/Yubico.YubiKey/src/Yubico/YubiKey/U2f/U2fSession.Pin.cs index 547cca18..b9f0ceb5 100644 --- a/Yubico.YubiKey/src/Yubico/YubiKey/U2f/U2fSession.Pin.cs +++ b/Yubico.YubiKey/src/Yubico/YubiKey/U2f/U2fSession.Pin.cs @@ -29,92 +29,400 @@ namespace Yubico.YubiKey.U2f public sealed partial class U2fSession : IDisposable { /// - /// For a version 4 FIPS series YubiKey that is not yet in FIPS mode (no - /// PIN is yet set), this will call on the to - /// obtain a PIN and use it to set the U2F application with that PIN and - /// put it into FIPS mode. + /// For a version 4 FIPS series YubiKey that does not have a PIN set, + /// this will call on the to obtain a PIN and + /// use it to set the U2F application with that PIN. /// + /// + /// A version 4 FIPS series YubiKey is manufactured with no PIN set on + /// the U2F application. At this point, the YubiKey is not in FIPS mode. + /// Once the PIN is set, it is in FIPS mode. + /// + /// Once a PIN is set, it is possible to change it (see + /// ), however, the only way to remove a PIN is to + /// reset the entire U2F application. After reset, the YubiKey's U2F + /// application is no longer in FIPS mode, and furthermore, it can never + /// be put into FIPS mode again. It can be set with a PIN again, but that + /// will not put a reset YubiKey into FIPS mode. + /// + /// + /// The PIN is binary data and must be at least 6 and no more than 32 + /// bytes long. If the user enters a value too short or too long, this + /// method will not set the PIN, but it will call the KeyCollector + /// again requesting the user enter a new PIN. + /// + /// + /// While the PIN can be any binary value, most PINs will be letters, + /// numbers, and other characters entered from a keyboard. It is the + /// responsibility of the app to determine how a character typed at a + /// keyboard is represented as a byte. Almost certainly the best encoding + /// will be UTF-8. In UTF-8, each ASCII character ie encoded with the + /// single byte that is the ASCII character. For example, the character + /// "5" in ASCII is 0x35. In UTF-8, it is 0x35. The character "C" is 0x43 + /// in both ASCII and UTF-8. + /// + /// + /// Note that a PIN is needed to perform U2F registration, but not + /// authentication. + /// + /// + /// + /// The YubiKey is not version 4 FIPS series, or the U2F application is + /// already set with a PIN, or the PIN is blocked. + /// + /// + /// The user cancelled. This happens when this method calls the + /// KeyCollector and it returns false. + /// public void SetPin() { - throw new NotImplementedException(); + if (TrySetPin()) + { + return; + } + + throw new OperationCanceledException( + string.Format( + CultureInfo.CurrentCulture, + ExceptionMessages.IncompleteCommandInput)); } /// - /// For a version 4 FIPS series YubiKey that is not yet in FIPS mode (no - /// PIN is yet set), this will call on the to - /// obtain a PIN and use it to set the U2F application with that PIN and - /// put it into FIPS mode. If the caller cancels (the return from the - /// KeyCollector is false), this will return false. + /// For a version 4 FIPS series YubiKey that does not have a PIN set, + /// this will call on the to obtain a PIN and + /// use it to set the U2F application with that PIN. If the caller + /// cancels (the return from the KeyCollector is false), + /// this will return false. /// + /// + /// See the documentation for for more information + /// on setting a PIN. + /// + /// + /// A boolean, true if the PIN is set, false if the user + /// cancels PIN collection. + /// + /// + /// The YubiKey is not version 4 FIPS series, or the U2F application is + /// already set with a PIN, or the PIN is blocked. + /// public bool TrySetPin() { - throw new NotImplementedException(); + Func keyCollector = EnsureKeyCollector(); + + var keyEntryData = new KeyEntryData() + { + Request = KeyEntryRequest.SetU2fPin, + }; + + try + { + while (keyCollector(keyEntryData) == true) + { + if (TrySetPin(keyEntryData.GetCurrentValue())) + { + return true; + } + + keyEntryData.IsRetry = true; + } + } + finally + { + keyEntryData.Clear(); + + keyEntryData.Request = KeyEntryRequest.Release; + _ = keyCollector(keyEntryData); + } + + return false; } /// - /// For a version 4 FIPS series YubiKey that is not yet in FIPS mode (no - /// PIN is yet set), this will set the U2F application with the given - /// PIN. If the PIN given is invalid (e.g. not long enough or too long), - /// this will throw an exception. + /// For a version 4 FIPS series YubiKey that does not have a PIN set, + /// this will try to set the PIN using the given pin. /// - public bool SetPin(ReadOnlyMemory pin) + /// + /// See the documentation for for more information + /// on setting a PIN. + /// + /// If the input pin is less than 6 or more than 32 bytes long, + /// this method will return false. However, this method will throw + /// an exception if the U2F application is already set, the PIN is + /// blocked, or the YubiKey is not version 4 FIPS series. + /// + /// + /// + /// A boolean, true if the PIN is set, false if the user + /// cancels PIN collection. + /// + /// + /// The U2F application is already set with a PIN, or the PIN is blocked. + /// + /// + /// The YubiKey is not version 4 FIPS series. + /// + public bool TrySetPin(ReadOnlyMemory pin) { - throw new NotImplementedException (); + var setCommand = new SetPinCommand(ReadOnlyMemory.Empty, pin); + SetPinResponse setResponse = Connection.SendCommand(setCommand); + + return setResponse.StatusWord switch + { + SWConstants.Success => true, + SWConstants.VerifyFail => throw new SecurityException( + string.Format( + CultureInfo.CurrentCulture, + ExceptionMessages.AlreadySet)), + SWConstants.AuthenticationMethodBlocked => throw new SecurityException( + string.Format( + CultureInfo.CurrentCulture, + ExceptionMessages.NoMoreRetriesRemaining)), + SWConstants.InsNotSupported => throw new NotSupportedException( + string.Format( + CultureInfo.CurrentCulture, + ExceptionMessages.YubiKeyNotFips)), + _ => false, + }; } /// - /// For a version 4 FIPS series YubiKey that is in FIPS mode, this will - /// call on the to obtain the current and a - /// new PIN and use them to change the U2F PIN. + /// For a version 4 FIPS series YubiKey that has a PIN set on the U2F + /// application, this will call on the to + /// obtain the current and a new PIN and use them to change the U2F PIN. /// + /// + /// A version 4 FIPS series YubiKey is manufactured with no PIN set on + /// the U2F application. At this point, the YubiKey is not in FIPS mode. + /// Once the PIN is set, it is in FIPS mode See . + /// After it has been set, it is possible to change the PIN to a new + /// value. + /// + /// Once a PIN is set, however, the only way to remove a PIN is to reset + /// the entire U2F application. After reset, the YubiKey's U2F + /// application is no longer in FIPS mode, and furthermore, it can never + /// be put into FIPS mode again. It can be set with a PIN again, but that + /// will not put a reset YubiKey into FIPS mode. + /// + /// + /// The current PIN must be entered, even if the PIN has been verified in + /// the current session. If the wrong current PIN is entered, the YubiKey + /// will decrement the retries remaining count, and this method will call + /// on the KeyCollector for the current and new PIN again (the + /// KeyEntryData.IsRetry property will be true). See the + /// user's manual entry on + /// FIDO U2F FIPS mode + /// retries for more information. + /// + /// + /// The PIN is binary data and must be at least 6 and no more than 32 + /// bytes long. If the user enters a value too short or too long, this + /// method will not change the PIN, but it will call the + /// KeyCollector again requesting the user enter a new PIN. + /// + /// + /// While the PIN can be any binary value, most PINs will be letters, + /// numbers, and other characters entered from a keyboard. It is the + /// responsibility of the app to determine how a character typed at a + /// keyboard is represented as a byte. Almost certainly the best encoding + /// will be UTF-8. In UTF-8, each ASCII character ie encoded with the + /// single byte that is the ASCII character. For example, the character + /// "5" in ASCII is 0x35. In UTF-8, it is 0x35. The character "C" is 0x43 + /// in both ASCII and UTF-8. + /// + /// + /// Note that if the SDK calls the KeyCollector to try again, it + /// will not specify what the problem is, wrong current PIN or invalid + /// new PIN. Hence, it would be a good idea if your KeyCollector + /// checked the length of the new PIN and reject it before passing it on + /// to the SDK. If so, then you know a retry means incorrect current PIN. + /// + /// + /// Note that a PIN is needed to perform U2F registration, but not + /// authentication. + /// + /// + /// + /// The YubiKey is not version 4 FIPS series, or the PIN is blocked. + /// + /// + /// The user cancelled. This happens when this method calls the + /// KeyCollector and it returns false. + /// public void ChangePin() { - throw new NotImplementedException (); + if (TryChangePin()) + { + return; + } + + throw new OperationCanceledException( + string.Format( + CultureInfo.CurrentCulture, + ExceptionMessages.IncompleteCommandInput)); } /// - /// For a version 4 FIPS series YubiKey that is in FIPS mode, this will - /// call on the to obtain the current and a - /// new PIN and use them to change the U2F PIN. If the caller cancels - /// (the return from the KeyCollector is false), this will - /// return false. + /// For a version 4 FIPS series YubiKey that has a PIN set on the U2F + /// application, this will call on the to + /// obtain the current and a new PIN and use them to change the U2F PIN. + /// If the caller cancels (the return from the KeyCollector is + /// false), this will return false. /// - public bool TryChangePin() + /// + /// See the documentation for for more information + /// on changing a PIN. + /// + /// + /// A boolean, true if the PIN is changed, false if the user + /// cancels PIN collection. + /// + /// + /// The YubiKey is not version 4 FIPS series, or the PIN is blocked. + /// + public bool TryChangePin() { - throw new NotImplementedException (); + Func keyCollector = EnsureKeyCollector(); + + var keyEntryData = new KeyEntryData() + { + Request = KeyEntryRequest.ChangeU2fPin, + }; + + try + { + while (keyCollector(keyEntryData) == true) + { + if (TryChangePin(keyEntryData.GetCurrentValue(), keyEntryData.GetNewValue())) + { + return true; + } + + keyEntryData.IsRetry = true; + } + } + finally + { + keyEntryData.Clear(); + + keyEntryData.Request = KeyEntryRequest.Release; + _ = keyCollector(keyEntryData); + } + + return false; } /// - /// For a version 4 FIPS series YubiKey that is in FIPS mode, this will - /// use the given current and new PINs to change the U2F PIN. If the - /// wrong current PIN is provided, this method will return false. - /// If the new PIN is invalid, this method will throw an exception. + /// For a version 4 FIPS series YubiKey that has a PIN set on the U2F + /// application, this will use the provided current and new PINs to + /// change the U2F PIN. If the current PIN given is not correct, or the + /// new PIN is not a correct length, this method will return false. /// - public bool TryChangePin(ReadOnlyMemory currentPin, ReadOnlyMemory newPin, out int? retriesRemaining) + /// + /// See the documentation for for more information + /// on changing a PIN. + /// + /// + /// A boolean, true if the PIN is changed, false otherwise. + /// + /// + /// The PIN is blocked. + /// + /// + /// The YubiKey is not version 4 FIPS series. + /// + public bool TryChangePin(ReadOnlyMemory currentPin, ReadOnlyMemory newPin) { - throw new NotImplementedException (); + var setCommand = new SetPinCommand(currentPin, newPin); + SetPinResponse setResponse = Connection.SendCommand(setCommand); + + return setResponse.StatusWord switch + { + SWConstants.Success => true, + SWConstants.AuthenticationMethodBlocked => throw new SecurityException( + string.Format( + CultureInfo.CurrentCulture, + ExceptionMessages.NoMoreRetriesRemaining)), + SWConstants.InsNotSupported => throw new NotSupportedException( + string.Format( + CultureInfo.CurrentCulture, + ExceptionMessages.YubiKeyNotFips)), + _ => false, + }; } /// - /// For a version 4 FIPS series YubiKey that is in FIPS mode, this will - /// call on the to obtain the current PIN and - /// verify it. + /// For a version 4 FIPS series YubiKey that has a PIN set on the U2F + /// application, this will call on the to + /// obtain the current PIN and verify it. /// - public void VerifyPin() - { - _ = CommonVerifyPin(true); - } + /// + /// A version 4 FIPS series YubiKey is manufactured with no PIN set on + /// the U2F application. At this point, the YubiKey is not in FIPS mode. + /// Once the PIN is set, it is in FIPS mode See . + /// After it has been set, it is necessary to verify the PIN in order to + /// perform registration. Note that the PIN is not needed for + /// authentication. + /// + /// Note that if the PIN is not verified and the + /// method is called, the SDK will call this Verify method. Hence, + /// it is likely an app will never need to call this method directly. + /// + /// + /// If the wrong current PIN is entered, the YubiKey will decrement the + /// retries remaining count, and this method will call on the + /// KeyCollector for the current PIN again (the + /// KeyEntryData.IsRetry property will be true). See the + /// user's manual entry on + /// FIDO U2F FIPS mode + /// retries for more information. + /// + /// + /// The PIN is binary data and must be at least 6 and no more than 32 + /// bytes long. If the user enters a value too short or too long, this + /// method will try to verify that value, the YubiKey will reject it, and + /// this method will call the KeyCollector again requesting the + /// user enter the PIN. + /// + /// + /// While the PIN can be any binary value, most PINs will be letters, + /// numbers, and other characters entered from a keyboard. It is the + /// responsibility of the app to determine how a character typed at a + /// keyboard is represented as a byte. Almost certainly the best encoding + /// will be UTF-8. In UTF-8, each ASCII character ie encoded with the + /// single byte that is the ASCII character. For example, the character + /// "5" in ASCII is 0x35. In UTF-8, it is 0x35. The character "C" is 0x43 + /// in both ASCII and UTF-8. + /// + /// + /// + /// The YubiKey is not version 4 FIPS series, or the PIN is blocked. + /// + /// + /// The user cancelled. This happens when this method calls the + /// KeyCollector and it returns false. + /// + public void VerifyPin() => _ = CommonVerifyPin(true); /// - /// For a version 4 FIPS series YubiKey that is in FIPS mode, this will - /// call on the to obtain the current PIN and - /// verify it. If the caller cancels (the return from the - /// KeyCollector is false), this will return false. + /// For a version 4 FIPS series YubiKey that has a PIN set on the U2F + /// application, this will call on the to + /// obtain the current PIN and verify it. If the caller cancels (the + /// return from the KeyCollector is false), this will + /// return false. /// - public bool TryVerifyPin() - { - return CommonVerifyPin(false); - } + /// + /// See the documentation for for more information + /// on verifying a PIN. + /// + /// + /// A boolean, true if the PIN is verified, false if the user + /// cancels PIN collection. + /// + /// + /// The YubiKey is not version 4 FIPS series, or the PIN is blocked. + /// + public bool TryVerifyPin() => CommonVerifyPin(false); // This is similar to TryVerifyPin(), except if the throwOnCancel arg is // true, then this will throw an exception if the user cancels. Otherwise @@ -160,28 +468,42 @@ private bool CommonVerifyPin(bool throwOnCancel) } /// - /// For a version 4 FIPS series YubiKey that is in FIPS mode, this will - /// verify the given PIN. If the provided value does not verify (wrong - /// PIN), the method will return false. + /// For a version 4 FIPS series YubiKey that has a PIN set on the U2F + /// application, this try to verify the given pin. If the PIN is + /// not verified, this method will return false. /// + /// + /// See the documentation for for more information + /// on verifying a PIN. + /// + /// + /// A boolean, true if the PIN is verified, false + /// otherwise. + /// + /// + /// The PIN is blocked. + /// + /// + /// The YubiKey is not version 4 FIPS series. + /// public bool TryVerifyPin(ReadOnlyMemory pin) { var verifyCommand = new VerifyPinCommand(pin); VerifyPinResponse verifyResponse = Connection.SendCommand(verifyCommand); - if (verifyResponse.Status == ResponseStatus.Success) + return verifyResponse.StatusWord switch { - return true; - } - if (verifyResponse.StatusWord == SWConstants.AuthenticationMethodBlocked) - { - throw new SecurityException( + SWConstants.Success => true, + SWConstants.AuthenticationMethodBlocked => throw new SecurityException( string.Format( CultureInfo.CurrentCulture, - ExceptionMessages.NoMoreRetriesRemaining)); - } - - return false; + ExceptionMessages.NoMoreRetriesRemaining)), + SWConstants.InsNotSupported => throw new NotSupportedException( + string.Format( + CultureInfo.CurrentCulture, + ExceptionMessages.YubiKeyNotFips)), + _ => false, + }; } } } diff --git a/Yubico.YubiKey/tests/integration/Yubico/YubiKey/U2f/SessionPinTests.cs b/Yubico.YubiKey/tests/integration/Yubico/YubiKey/U2f/SessionPinTests.cs new file mode 100644 index 00000000..abb65af7 --- /dev/null +++ b/Yubico.YubiKey/tests/integration/Yubico/YubiKey/U2f/SessionPinTests.cs @@ -0,0 +1,137 @@ +// Copyright 2021 Yubico AB +// +// Licensed under the Apache License, Version 2.0 (the "License"). +// You may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Collections.Generic; +using System.Linq; +using Yubico.Core.Devices.Hid; +using Yubico.PlatformInterop; +using Yubico.YubiKey.U2f.Commands; +using Xunit; + +namespace Yubico.YubiKey.U2f +{ + public class SessionPinTests + { + private readonly IYubiKeyDevice _yubiKeyDevice; + + public SessionPinTests() + { + if (SdkPlatformInfo.OperatingSystem == SdkPlatform.Windows) + { + if (!SdkPlatformInfo.IsElevated) + { + throw new ArgumentException("Windows not elevated."); + } + } + + IEnumerable yubiKeys = YubiKeyDevice.FindByTransport(Transport.HidFido); + var yubiKeyList = yubiKeys.ToList(); + Assert.NotEmpty(yubiKeyList); + + _yubiKeyDevice = yubiKeyList[0]; + } + + [Fact] + public void ChangePin_Succeeds() + { + var keyCollector = new SimpleU2fKeyCollector(true); + + using (var u2fSession = new U2fSession(_yubiKeyDevice)) + { + u2fSession.KeyCollector = keyCollector.SimpleU2fKeyCollectorDelegate; + + // Change the PIN. + u2fSession.ChangePin(); + + // Change it back. + u2fSession.ChangePin(); + } + } + + [Fact] + public void TryChangePin_NoCollector_Succeeds() + { + byte[] currentPin = new byte[] { + 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 + }; + byte[] newPin = new byte[] { + 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 + }; + byte[] shortPin = new byte[] { + 0x61, 0x62, 0x63, 0x64, 0x65 + }; + + using (var u2fSession = new U2fSession(_yubiKeyDevice)) + { + // use wrong PIN. + bool isChanged = u2fSession.TryChangePin(newPin, currentPin); + Assert.False(isChanged); + + // Change the PIN. + isChanged = u2fSession.TryChangePin(currentPin, newPin); + Assert.True(isChanged); + + // Use bad new PIN + isChanged = u2fSession.TryChangePin(newPin, shortPin); + Assert.False(isChanged); + + // Change it back. + isChanged = u2fSession.TryChangePin(newPin, currentPin); + Assert.True(isChanged); + } + } + + [Fact] + public void VerifyPin_Succeeds() + { + var keyCollector = new SimpleU2fKeyCollector(true); + + using (var u2fSession = new U2fSession(_yubiKeyDevice)) + { + u2fSession.KeyCollector = keyCollector.SimpleU2fKeyCollectorDelegate; + + u2fSession.VerifyPin(); + } + } + + [Fact] + public void TryVerifyPin_NoCollector_Succeeds() + { + byte[] currentPin = new byte[] { + 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 + }; + byte[] wrongPin = new byte[] { + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18 + }; + byte[] shortPin = new byte[] { + 0x61, 0x62, 0x63, 0x64, 0x65 + }; + + using (var u2fSession = new U2fSession(_yubiKeyDevice)) + { + // Wrong PIN + bool isVerified = u2fSession.TryVerifyPin(wrongPin); + Assert.False(isVerified); + + // Short PIN + isVerified = u2fSession.TryVerifyPin(shortPin); + Assert.False(isVerified); + + isVerified = u2fSession.TryVerifyPin(currentPin); + Assert.True(isVerified); + } + } + } +} diff --git a/Yubico.YubiKey/tests/unit/Yubico/YubiKey/U2f/Commands/VerifyPinCommandTests.cs b/Yubico.YubiKey/tests/unit/Yubico/YubiKey/U2f/Commands/VerifyPinCommandTests.cs index a8ae115f..d032ccaf 100644 --- a/Yubico.YubiKey/tests/unit/Yubico/YubiKey/U2f/Commands/VerifyPinCommandTests.cs +++ b/Yubico.YubiKey/tests/unit/Yubico/YubiKey/U2f/Commands/VerifyPinCommandTests.cs @@ -150,34 +150,6 @@ public void CreateCommandApdu_InnerCommandGetData_ReturnsCorrectData() Assert.True(actualInnerCommandData.SequenceEqual(Pin)); } - [Fact] - public void CreateCommandApdu_PinIsEmpty_ThrowsArgumentException() - { - _ = Assert.Throws(() => new VerifyPinCommand(Array.Empty())); - } - - [Fact] - public void CreateCommandApdu_PinIsNull_ThrowsArgumentException() - { - _ = Assert.Throws(() => new VerifyPinCommand(null)); - } - - [Fact] - public void CreateCommandApdu_PinLengthLessThan6_ThrowsArgumentException() - { - byte[] pin = new byte[] { 1, 2, 3, 4 }; - - _ = Assert.Throws(() => new VerifyPinCommand(pin)); - } - - [Fact] - public void CreateCommandApdu_PinLengthMoreThan32_ThrowsArgumentException() - { - byte[] pin = new byte[33]; - - _ = Assert.Throws(() => new VerifyPinCommand(pin)); - } - [Fact] public void CreateResponseApdu_ReturnsCorrectType() {