@@ -24,6 +24,13 @@ namespace Yubico.YubiKey.Piv
2424 // operations.
2525 public sealed partial class PivSession : IDisposable
2626 {
27+ private static readonly Memory < byte > DefaultManagementKey = new byte [ ]
28+ {
29+ 0x01 , 0x02 , 0x03 , 0x04 , 0x05 , 0x06 , 0x07 , 0x08 ,
30+ 0x01 , 0x02 , 0x03 , 0x04 , 0x05 , 0x06 , 0x07 , 0x08 ,
31+ 0x01 , 0x02 , 0x03 , 0x04 , 0x05 , 0x06 , 0x07 , 0x08
32+ } ;
33+
2734 /// <summary>
2835 /// This specifies the algorithm of the management key.
2936 /// </summary>
@@ -71,12 +78,6 @@ public sealed partial class PivSession : IDisposable
7178 /// </remarks>
7279 public AuthenticateManagementKeyResult ManagementKeyAuthenticationResult { get ; private set ; }
7380
74- private PivAlgorithm DefaultManagementKeyAlgorithm =>
75- YubiKey . HasFeature ( YubiKeyFeature . PivAesManagementKey ) &&
76- YubiKey . FirmwareVersion >= FirmwareVersion . V5_7_0
77- ? PivAlgorithm . Aes192
78- : PivAlgorithm . TripleDes ;
79-
8081 /// <summary>
8182 /// Try to authenticate the management key.
8283 /// </summary>
@@ -278,7 +279,7 @@ private bool TryAuthenticateWithKeyCollector(bool mutualAuthentication)
278279 {
279280 keyEntryData . Clear ( ) ;
280281
281- if ( ! ( KeyCollector is null ) )
282+ if ( KeyCollector is not null )
282283 {
283284 keyEntryData . Request = KeyEntryRequest . Release ;
284285 _ = KeyCollector ( keyEntryData ) ;
@@ -656,7 +657,8 @@ public bool TryChangeManagementKey(PivTouchPolicy touchPolicy = PivTouchPolicy.D
656657 /// </exception>
657658 public bool TryChangeManagementKey ( PivTouchPolicy touchPolicy , PivAlgorithm newKeyAlgorithm )
658659 {
659- Logger . LogInformation ( "Try to change the management key, touch policy = {TouchPolicy}, algorithm = {PivALgorithm}." ,
660+ Logger . LogInformation (
661+ "Try to change the management key, touch policy = {TouchPolicy}, algorithm = {PivALgorithm}." ,
660662 touchPolicy . ToString ( ) , newKeyAlgorithm . ToString ( ) ) ;
661663
662664 CheckManagementKeyAlgorithm ( newKeyAlgorithm , true ) ;
@@ -668,7 +670,7 @@ public bool TryChangeManagementKey(PivTouchPolicy touchPolicy, PivAlgorithm newK
668670
669671 try
670672 {
671- if ( TryAuthenticateWithKeyCollector ( true , keyEntryData ) == false )
673+ if ( ! TryAuthenticateWithKeyCollector ( true , keyEntryData ) )
672674 {
673675 return false ;
674676 }
@@ -691,10 +693,9 @@ public bool TryChangeManagementKey(PivTouchPolicy touchPolicy, PivAlgorithm newK
691693 finally
692694 {
693695 keyEntryData . Clear ( ) ;
694-
695696 keyEntryData . Request = KeyEntryRequest . Release ;
696697
697- if ( ! ( KeyCollector is null ) )
698+ if ( KeyCollector is not null )
698699 {
699700 _ = KeyCollector ( keyEntryData ) ;
700701 }
@@ -766,10 +767,11 @@ public void ChangeManagementKey(PivTouchPolicy touchPolicy = PivTouchPolicy.Defa
766767 /// </exception>
767768 public void ChangeManagementKey ( PivTouchPolicy touchPolicy , PivAlgorithm newKeyAlgorithm )
768769 {
769- Logger . LogInformation ( "Change the management key, touch policy = {TouchPolicy}, algorithm = {PivAlgorithm}." ,
770+ Logger . LogInformation (
771+ "Change the management key, touch policy = {TouchPolicy}, algorithm = {PivAlgorithm}." ,
770772 touchPolicy . ToString ( ) , newKeyAlgorithm . ToString ( ) ) ;
771773
772- if ( TryChangeManagementKey ( touchPolicy , newKeyAlgorithm ) == false )
774+ if ( ! TryChangeManagementKey ( touchPolicy , newKeyAlgorithm ) )
773775 {
774776 throw new OperationCanceledException (
775777 string . Format (
@@ -828,9 +830,10 @@ public void ChangeManagementKey(PivTouchPolicy touchPolicy, PivAlgorithm newKeyA
828830 /// Mutual authentication was performed and the YubiKey was not
829831 /// authenticated.
830832 /// </exception>
831- public bool TryChangeManagementKey ( ReadOnlyMemory < byte > currentKey ,
832- ReadOnlyMemory < byte > newKey ,
833- PivTouchPolicy touchPolicy = PivTouchPolicy . Default ) =>
833+ public bool TryChangeManagementKey (
834+ ReadOnlyMemory < byte > currentKey ,
835+ ReadOnlyMemory < byte > newKey ,
836+ PivTouchPolicy touchPolicy = PivTouchPolicy . Default ) =>
834837 TryChangeManagementKey ( currentKey , newKey , touchPolicy , DefaultManagementKeyAlgorithm ) ;
835838
836839 /// <summary>
@@ -890,10 +893,11 @@ public bool TryChangeManagementKey(ReadOnlyMemory<byte> currentKey,
890893 /// Mutual authentication was performed and the YubiKey was not
891894 /// authenticated.
892895 /// </exception>
893- public bool TryChangeManagementKey ( ReadOnlyMemory < byte > currentKey ,
894- ReadOnlyMemory < byte > newKey ,
895- PivTouchPolicy touchPolicy ,
896- PivAlgorithm newKeyAlgorithm )
896+ public bool TryChangeManagementKey (
897+ ReadOnlyMemory < byte > currentKey ,
898+ ReadOnlyMemory < byte > newKey ,
899+ PivTouchPolicy touchPolicy ,
900+ PivAlgorithm newKeyAlgorithm )
897901 {
898902 CheckManagementKeyAlgorithm ( newKeyAlgorithm , true ) ;
899903
@@ -902,10 +906,11 @@ public bool TryChangeManagementKey(ReadOnlyMemory<byte> currentKey,
902906
903907 // Try to change the management key, even if the YubiKey is set to
904908 // PIN-derived.
905- private bool TryForcedChangeManagementKey ( ReadOnlyMemory < byte > currentKey ,
906- ReadOnlyMemory < byte > newKey ,
907- PivTouchPolicy touchPolicy ,
908- PivAlgorithm newKeyAlgorithm )
909+ private bool TryForcedChangeManagementKey (
910+ ReadOnlyMemory < byte > currentKey ,
911+ ReadOnlyMemory < byte > newKey ,
912+ PivTouchPolicy touchPolicy ,
913+ PivAlgorithm newKeyAlgorithm )
909914 {
910915 if ( TryAuthenticateManagementKey ( currentKey , true ) )
911916 {
@@ -974,9 +979,10 @@ private bool TryAuthenticateWithKeyCollector(bool mutualAuthentication, KeyEntry
974979 // if the auth succeeds.
975980 // If auth works, return true, otherwise, return false.
976981 // Throw an exception if the YubiKey fails to auth.
977- private bool TryAuthenticateManagementKey ( bool mutualAuthentication ,
978- ReadOnlySpan < byte > mgmtKey ,
979- PivAlgorithm algorithm )
982+ private bool TryAuthenticateManagementKey (
983+ bool mutualAuthentication ,
984+ ReadOnlySpan < byte > mgmtKey ,
985+ PivAlgorithm algorithm )
980986 {
981987 var initCommand = new InitializeAuthenticateManagementKeyCommand ( mutualAuthentication , algorithm ) ;
982988 var initResponse = Connection . SendCommand ( initCommand ) ;
@@ -1058,26 +1064,27 @@ private void CheckManagementKeyAlgorithm(PivAlgorithm algorithm, bool checkMode)
10581064 }
10591065 }
10601066
1061- bool isValid = IsValid ( algorithm ) ;
1062- if ( ! isValid )
1067+ if ( ! IsValidManagementKeyAlgorithm ( algorithm ) )
10631068 {
10641069 throw new ArgumentException (
10651070 string . Format (
10661071 CultureInfo . CurrentCulture ,
10671072 ExceptionMessages . UnsupportedAlgorithm ) ) ;
10681073 }
1069-
1070- return ;
1071-
1072- bool IsValid ( PivAlgorithm pa ) =>
1073- pa switch
1074- {
1075- PivAlgorithm . TripleDes => true , // Default for keys below fw version 5.7
1076- PivAlgorithm . Aes128 => YubiKey . HasFeature ( YubiKeyFeature . PivAesManagementKey ) ,
1077- PivAlgorithm . Aes192 => YubiKey . HasFeature ( YubiKeyFeature . PivAesManagementKey ) ,
1078- PivAlgorithm . Aes256 => YubiKey . HasFeature ( YubiKeyFeature . PivAesManagementKey ) ,
1079- _ => false
1080- } ;
10811074 }
1075+
1076+ private bool IsValidManagementKeyAlgorithm ( PivAlgorithm pivAlgorithm ) =>
1077+ pivAlgorithm switch
1078+ {
1079+ PivAlgorithm . TripleDes => true , // Default for keys below fw version 5.7
1080+ PivAlgorithm . Aes128 or PivAlgorithm . Aes192 or PivAlgorithm . Aes256 => YubiKey . HasFeature ( YubiKeyFeature . PivAesManagementKey ) ,
1081+ _ => false
1082+ } ;
1083+
1084+ private PivAlgorithm DefaultManagementKeyAlgorithm =>
1085+ YubiKey . HasFeature ( YubiKeyFeature . PivAesManagementKey ) &&
1086+ YubiKey . FirmwareVersion >= FirmwareVersion . V5_7_0
1087+ ? PivAlgorithm . Aes192
1088+ : PivAlgorithm . TripleDes ;
10821089 }
10831090}
0 commit comments