Beispiel #1
0
        /// <summary>
        /// CTAP-Command ClientPIN - changePIN
        /// </summary>
        public async Task <ResponseClientPIN> ClientPINchangePINAsync(string newpin, string currentpin)
        {
            var ret = await ClientPINgetKeyAgreementAsync();

            if (ret.DeviceStatus != DeviceStatus.Ok || ret.CTAPResponse == null || ret.CTAPResponse.Status != 0)
            {
                return(new ResponseClientPIN(ret.DeviceStatus, ret.CTAPResponse));
            }

            COSE_Key myKeyAgreement;
            var      sharedSecret = CTAPCommandClientPIN.CreateSharedSecret(ret.CTAPResponse.KeyAgreement, out myKeyAgreement);

            // pinAuth:
            //  LEFT(HMAC-SHA-256(sharedSecret, newPinEnc || pinHashEnc), 16).
            var pinAuth = CTAPCommandClientPIN.CreatePinAuthforChangePin(sharedSecret, newpin, currentpin);

            // newPinEnc: AES256-CBC(sharedSecret, IV = 0, newPin)
            byte[] newPinEnc = CTAPCommandClientPIN.CreateNewPinEnc(sharedSecret, newpin);

            // pinHashEnc:
            //  Encrypted first 16 bytes of SHA - 256 hash of curPin using sharedSecret:
            //  AES256-CBC(sharedSecret, IV = 0, LEFT(SHA-256(curPin), 16)).
            var pinHashEnc = CTAPCommandClientPIN.CreatePinHashEnc(currentpin, sharedSecret);

            var ret2 = await sendCommandandResponseAsync(new CTAPCommandClientPIN_changePIN(myKeyAgreement, pinAuth, newPinEnc, pinHashEnc), new CTAPResponseClientPIN());

            return(new ResponseClientPIN(ret2.devSt, ret2.ctapRes));
        }
Beispiel #2
0
        /// <summary>
        /// CTAP-Command ClientPIN - getPINToken use PIN string
        /// </summary>
        public async Task <ResponseClientPIN_getPINToken> ClientPINgetPINTokenAsync(string pin)
        {
            var ret = await ClientPINgetKeyAgreementAsync();

            if (ret.DeviceStatus != DeviceStatus.Ok || ret.CTAPResponse == null || ret.CTAPResponse.Status != 0)
            {
                return(new ResponseClientPIN_getPINToken(ret.DeviceStatus, ret.CTAPResponse));
            }

            COSE_Key myKeyAgreement;
            var      sharedSecret = CTAPCommandClientPIN.CreateSharedSecret(ret.CTAPResponse.KeyAgreement, out myKeyAgreement);

            var pinHashEnc = CTAPCommandClientPIN.CreatePinHashEnc(pin, sharedSecret);

            return(await ClientPINgetPINTokenAsync(myKeyAgreement, pinHashEnc, sharedSecret));
        }