1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
|
== 1.0.4 -> 2.0.0
=== Definitions
==== Return Codes
[options="header"]
|=======================
|1.0.4 | 2.0.0 | Numeric value
|`YHR_MEMORY` | `YHR_MEMORY_ERROR` | `-1`
|`YHR_NET_ERROR` | `YHR_CONNECTION_ERROR` | `-3`
|`YHR_INVALID_PARAMS` | `YHR_INVALID_PARAMETERS` | `-5`
|`YHR_AUTH_SESSION_ERROR` | `YHR_SESSION_AUTHENTICATION_FAILED` | `-9`
|`YHR_DEVICE_INV_COMMAND` | `YHR_DEVICE_INVALID_COMMAND` | `-12`
|`YHR_DEVICE_INV_DATA` | `YHR_DEVICE_INVALID_DATA` | `-13`
|`YHR_DEVICE_INV_SESSION` | `YHR_DEVICE_INVALID_SESSION` | `-14`
|`YHR_DEVICE_AUTH_FAIL` | `YHR_DEVICE_AUTHENTICATION_FAILED` | `-15`
|`YHR_DEVICE_INV_PERMISSION` | `YHR_DEVICE_INSUFFICIENT_PERMISSIONS` | `-20`
|`YHR_DEVICE_OBJ_NOT_FOUND` | `YHR_DEVICE_OBJECT_NOT_FOUND` | `-22`
|`YHR_DEVICE_ID_ILLEGAL` | `YHR_DEVICE_INVALID_ID` | `-23`
|`YHR_DEVICE_CMD_UNEXECUTED` | `YHR_DEVICE_COMMAND_UNEXECUTED` | `-26`
| - | `YHR_DEVICE_SSH_CA_CONSTRAINT_VIOLATION` | `-30`
|=======================
==== Object Types
[options="header"]
|=======================
|1.0.4 | 2.0.0 | Hex value
|`YH_AUTHKEY` | `YH_AUTHENTICATION_KEY` | `0x02`
|`YH_ASYMMETRIC` | `YH_ASYMMETRIC_KEY` | `0x03`
|`YH_WRAPKEY` | `YH_WRAP_KEY` | `0x04`
|`YH_HMACKEY` | `YH_HMAC_KEY` | `0x05`
|`YH_PUBLIC` | `YH_PUBLIC_KEY` | `0x83`
|=======================
==== Algorithms
[options="header"]
|=======================
|1.0.4 | 2.0.0 | Numeric value
|`YH_ALGO_OPAQUE_X509_CERT` | `YH_ALGO_OPAQUE_X509_CERTIFICATE` | `31`
|`YH_ALGO_TEMPL_SSH` | `YH_ALGO_TEMPLATE_SSH` | `36`
|`YH_ALGO_YUBICO_OTP_AES128` | `YH_ALGO_AES128_YUBICO_OTP` | `37`
|`YH_ALGO_YUBICO_AES_AUTH` | `YH_ALGO_AES128_YUBICO_AUTHENTICATION` | `38`
|`YH_ALGO_YUBICO_OTP_AES192` | `YH_ALGO_AES192_YUBICO_OTP` | `39`
|`YH_ALGO_YUBICO_OTP_AES256` | `YH_ALGO_AES256_YUBICO_OTP` | `40`
|=======================
==== Commands
[options="header"]
|=======================
|1.0.4 | 2.0.0 | Hex value
|`YHC_CREATE_SES` | `YHC_CREATE_SESSION` | `0x03`
|`YHC_AUTH_SES` | `YHC_AUTHENTICATE_SESSION` | `0x04`
|`YHC_SES_MSG` | `YHC_SESSION_MESSAGE` | `0x05`
|`YHC_RESET` | `YHC_RESET_DEVICE` | `0x08`
|`YHC_CLOSE_SES` | `YHC_CLOSE_SESSION` | `0x40`
|`YHC_STATS` | `YHC_GET_STORAGE_INFO` | `0x41`
|`YHC_PUT_AUTHKEY` | `YHC_PUT_AUTHENTICATION_KEY` | `0x44`
|`YHC_GEN_ASYMMETRIC_KEY` | `YHC_GENERATE_ASYMMETRIC_KEY` | `0x46`
|`YHC_SIGN_DATA_PKCS1` | `YHC_SIGN_PKCS1` | `0x47`
|`YHC_LIST` | `YHC_LIST_OBJECTS` | `0x48`
|`YHC_GET_LOGS` | `YHC_GET_LOG_ENTRIES` | `0x4d`
|`YHC_PUT_OPTION` | `YHC_SET_OPTION` | `0x4f`
|`YHC_HMAC_DATA` | `YHC_SIGN_HMAC` | `0x53`
|`YHC_GET_PUBKEY` | `YHC_GET_PUBLIC_KEY` | `0x54`
|`YHC_SIGN_DATA_PSS` | `YHC_SIGN_PSS` | `0x55`
|`YHC_SIGN_DATA_ECDSA` | `YHC_SIGN_ECDSA` | `0x56`
|`YHC_DECRYPT_ECDH` | `YHC_DERIVE_ECDH` | `0x57`
|`YHC_SSH_CERTIFY` | `YHC_SIGN_SSH_CERTIFICATE` | `0x5d`
|`YHC_OTP_DECRYPT` | `YHC_DECRYPT_OTP` | `0x60`
|`YHC_OTP_AEAD_CREATE` | `YHC_CREATE_OTP_AEAD` | `0x61`
|`YHC_OTP_AEAD_RANDOM` | `YHC_RANDOMIZE_OTP_AEAD` | `0x62`
|`YHC_OTP_AEAD_REWRAP` | `YHC_REWRAP_OTP_AEAD` | `0x63`
|`YHC_ATTEST_ASYMMETRIC` | `YHC_SIGN_ATTESTATION_CERTIFICATE` | `0x64`
|`YHC_SIGN_DATA_EDDSA` | `YHC_SIGN_EDDSA` | `0x6a`
|`YHC_BLINK` | `YHC_BLINK_DEVICE` | `0x6b`
| - | `YHC_CHANGE_AUTHENTICATION_KEY` | `0x6c`
|=======================
=== Object Types
[options="header"]
|=======================
|1.0.4 | 2.0.0 | Hex value
|`authkey` | `authentication-key` | `0x02
|`asymmetric` | `asymmetric-key` | `0x03
|`hmackey` | `hmac-key` | `0x05
|`otpaeadkey` | `otp-aead-key` | `0x07
|`wrapkey` | `wrap-key` | `0x04`
|=======================
=== Capabilities
[options="header"]
|=======================
|1.0.4 | 2.0.0 | Hex value
|`asymmetric_decrypt_ecdh` | `derive-ecdh` | `0x0b`
|`asymmetric_decrypt_oaep` | `decrypt-oaep` | `0x0a`
|`asymmetric_decrypt_pkcs` | `decrypt-pkcs` | `0x09`
|`asymmetric_gen` | `generate-asymmetric-key` | `0x04`
|`asymmetric_sign_ecdsa` | `sign-ecdsa` | `0x07`
|`asymmetric_sign_eddsa` | `sign-eddsa` | `0x08`
|`asymmetric_sign_pkcs` | `sign-pkcs` | `0x05`
|`asymmetric_sign_pss` | `sign-pss` | `0x06`
|`attest` | `sign-attestation-certificate` | `0x22`
|`audit` | `get-log-entries` | `0x18`
|`export_ under_wrap` | `exportable-under-wrap` | `0x10`
|`export_wrapped` | `export-wrapped` | `0x0c`
|`delete_asymmetric` | `delete-asymmetric-key` | `0x29`
|`delete_authkey` | `delete-authentication-key` | `0x28`
|`delete_hmackey` | `delete-hmac-key` | `0x2b`
|`delete_opaque` | `delete-opaque` | `0x27`
|`delete_otp_aead_key` | `delete-otp-aead-key` | `0x2d`
|`delete_template` | `delete-template` | `0x2c`
|`delete_wrapkey` | `delete-wrap-key` | `0x2a`
|`generate_otp_aead_key` | `generate-otp-aead-key` | `0x24`
|`generate_wrapkey` | `generate-wrap-key` | `0x0f`
|`get_opaque` | `get-opaque` | `0x00`
|`get_option` | `get-option` | `0x12`
|`get_randomness` | `get-pseudo-random` | `0x13`
|`get_template` | `get-template` | `0x1a`
|`hmackey_generate` | `generate-hmac-key` | `0x15`
|`hmac_data` | `sign-hmac` | `0x16`
|`hmac_verify` | `verify-hmac` | `0x17`
|`import_wrapped` | `import-wrapped` | `0x0d`
|`otp_aead_create` | `create-otp-aead` | `0x1e`
|`otp_aead_random` | `randomize-otp-aead` | `0x1f`
|`otp_aead_rewrap_from` | `rewrap-from-otp-aead-key` | `0x20`
|`otp_aead_rewrap_to` | `rewrap-to-otp-aead-key` | `0x21`
|`otp_decrypt` | `decrypt-otp` | `0x1d`
|`put_asymmetric` | `put-asymmetric-key` | `0x03`
|`put_authkey` | `put-authentication-key` | `0x02`
|`put_hmackey` | `put-mac-key` | `0x14`
|`put_opaque` | `put-opaque` | `0x01`
|`put_option` | `set-option` | `0x11`
|`put_otp_aead_key` | `put-otp-aead-key` | `0x23`
|`put_template` | `put-template` | `0x1b`
|`put_wrapkey` | `put-wrap-key` | `0x0e`
|`reset` | `reset-device` | `0x1c`
|`ssh_certify` | `sign-ssh-certificate` | `0x19`
|`unwrap_data` | `unwrap-data` | `0x26`
|`wrap_data` | `wrap-data` | `0x25`
| - | `change-authentication-key` | `0x2e`
|=======================
=== Algorithms
[options="header"]
|=======================
|1.0.4 | 2.0.0 | Numeric value
|`yubico-aes-auth` | `aes128-yubico-authentication` | `38`
|`yubico-otp-aes128` | `aes128-yubico-otp` | `37`
|`yubico-otp-aes192` | `aes192-yubico-otp` | `39`
|`yubico-otp-aes256` | `aes256-yubico-otp` | `40`
|`opaque` | `opaque-data` | `30`
|`x509-cert` | `opaque-x509-certificate` | `31`
|=======================
=== Device Options
[options="header"]
|=======================
|1.0.4 | 2.0.0 | Numeric value
|`command_audit` | `command-audit` | `3`
|`force_audit` | `force-audit` | `1`
|=======================
=== Function Calls
[options="header"]
|=======================
|1.0.4 | 2.0.0
|`yh_rc yh_set_verbosity(uint8_t verbosity)` | `yh_rc yh_set_verbosity(yh_connector *connector, uint8_t verbosity)`
|`void yh_set_debug_output(FILE *output)` | `void yh_set_debug_output(yh_connector *connector, FILE *output)`
|`yh_rc yh_connect_all(yh_connector **connectors, size_t *n_connectors, int timeout), yh_rc yh_connect_best(yh_connector **connectors, size_t n_connectors, int *idx` | `yh_rc yh_connect(yh_connector *connector, int timeout)`
|`yh_rc yh_create_session_derived(yh_connector *connector, uint16_t auth_keyset_id, const uint8_t *password, size_t password_len, bool recreate_session, uint8_t *context, size_t context_len, yh_session **session)` | `yh_rc yh_create_session_derived(yh_connector *connector, uint16_t authkey_id, const uint8_t *password, size_t password_len, bool recreate_session, yh_session **session)`
|`yh_rc yh_create_session(yh_connector *connector, uint16_t auth_keyset_id, const uint8_t *key_enc, size_t key_enc_len, const uint8_t *key_mac, size_t key_mac_len, bool recreate_session, uint8_t *context, size_t context_len, yh_session **session)` | `yh_rc yh_create_session(yh_connector *connector, uint16_t authkey_id, const uint8_t *key_enc, size_t key_enc_len, const uint8_t *key_mac, size_t key_mac_len, bool recreate_session, yh_session **session)`
|`yh_rc yh_begin_create_session_ext(yh_connector *connector, uint16_t auth_keyset_id, uint8_t *context, size_t context_len, uint8_t *card_cryptogram, size_t card_cryptogram_len, yh_session **session)` | `yh_rc yh_begin_create_session_ext(yh_connector *connector, uint16_t authkey_id, uint8_t **context, uint8_t *card_cryptogram, size_t card_cryptogram_len, yh_session **session)`
|`yh_rc yh_finish_create_session_ext(yh_connector *connector, yh_session *session, const uint8_t *key_senc, size_t key_senc_len, const uint8_t *key_smac, size_t key_smac_len, const uint8_t *key_srmac, size_t key_srmac_len, uint8_t *context, size_t context_len, uint8_t *card_cryptogram, size_t card_cryptogram_len)` | `yh_rc yh_finish_create_session_ext(yh_connector *connector, yh_session *session, const uint8_t *key_senc, size_t key_senc_len, const uint8_t *key_smac, size_t key_smac_len, const uint8_t *key_srmac, size_t key_srmac_len, uint8_t *card_cryptogram, size_t card_cryptogram_len)`
|`yh_rc yh_authenticate_session(yh_session *session, uint8_t *context, size_t context_len)` | `yh_rc yh_authenticate_session(yh_session *session)`
|`yh_rc yh_util_get_pubkey()` | `yh_rc yh_util_get_public_key()`
|`yh_rc yh_util_hmac()` | `yh_rc yh_util_sign_hmac()`
|`yh_rc yh_util_get_random()` | `yh_rc yh_util_get_pseudo_random()`
|`yh_rc yh_util_import_key_rsa()` | `yh_rc yh_util_import_rsa_key()`
|`yh_rc yh_util_import_key_ec()` | `yh_rc yh_util_import_ec_key()`
|`yh_rc yh_util_import_key_ed()` | `yh_rc yh_util_import_ed_key()`
|`yh_rc yh_util_import_key_hmac()` | `yh_rc yh_util_import_hmac_key()`
|`yh_rc yh_util_generate_key_rsa()` | `yh_rc yh_util_generate_rsa_key()`
|`yh_rc yh_util_generate_key_ec()` | `yh_rc yh_util_generate_ec_key()`
|`yh_rc yh_util_generate_key_ed()` | `yh_rc yh_util_generate_ed_key()`
|`yh_rc yh_util_hmac_verify()` | `yh_rc yh_util_verify_hmac()`
|`yh_rc yh_util_generate_key_hmac()` | `yh_rc yh_util_generate_hmac_key()`
|`yh_rc yh_util_decrypt_ecdh()` | `yh_rc yh_util_derive_ecdh()`
|`yh_rc yh_util_import_key_wrap()` | `yh_rc yh_util_import_wrap_key()`
|`yh_rc yh_util_generate_key_wrap()` | `yh_rc yh_util_generate_wrap_key()`
|`yh_rc yh_util_get_logs()` | `yh_rc yh_util_get_log_entries()`
|`yh_rc yh_util_ssh_certify()` | `yh_rc yh_util_sign_ssh_certificate()`
|`yh_rc yh_util_import_authkey()` | `yh_rc yh_util_import_authentication_key_derived()`
| - | `yh_rc yh_util_import_authentication_key(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, const yh_capabilities *delegated_capabilities, const uint8_t *key_enc, size_t key_enc_len, const uint8_t *key_mac, size_t key_mac_len)`
| - | `yh_rc yh_util_change_authentication_key(yh_session *session, uint16_t *key_id, const uint8_t *key_enc, size_t key_enc_len, const uint8_t *key_mac, size_t key_mac_len)`
| - | `yh_rc yh_util_change_authentication_key_derived(yh_session *session, uint16_t *key_id, const uint8_t *password, size_t password_len)`
|`yh_rc yh_util_otp_aead_create()` | `yh_rc yh_util_create_otp_aead()`
|`yh_rc yh_util_otp_aead_random()` | `yh_rc yh_util_randomize_otp_aead()`
|`yh_rc yh_util_otp_decrypt()` | `yh_rc yh_util_decrypt_otp()`
|`yh_rc yh_util_put_otp_aead_key()` | `yh_rc yh_util_import_otp_aead_key()`
|`yh_rc yh_util_attest_asymmetric()` | `yh_rc yh_util_sign_attestation_certificate()`
|`yh_rc yh_util_put_option()` | `yh_rc yh_util_set_option()`
|`yh_rc yh_util_get_storage_stats()` | `yh_rc yh_util_get_storage_info()`
|`yh_rc yh_util_blink()` | `yh_rc yh_util_blink_device()`
|`yh_rc yh_util_reset()` | `yh_rc yh_util_reset_device()`
|`yh_rc yh_capabilities_to_num()` | `yh_rc yh_string_to_capabilities()`
|`yh_rc yh_num_to_capabilities()` | `yh_rc yh_capabilities_to_strings()`
|`yh_rc yh_parse_domains()` | `yh_rc yh_string_to_domains()`
|=======================
|
