/// <summary> /// CTAP-Command ClientPIN - changePIN /// </summary> public async Task <ResponseClientPIN> ClientPINchangePINAsync(string newpin, string currentpin) { var ret = await ClientPINgetKeyAgreementAsync(); if (ret.DeviceStatus != DeviceStatus.Ok || ret.CTAPResponse == null || ret.CTAPResponse.Status != 0) { return(new ResponseClientPIN(ret.DeviceStatus, ret.CTAPResponse)); } COSE_Key myKeyAgreement; var sharedSecret = CTAPCommandClientPIN.CreateSharedSecret(ret.CTAPResponse.KeyAgreement, out myKeyAgreement); // pinAuth: // LEFT(HMAC-SHA-256(sharedSecret, newPinEnc || pinHashEnc), 16). var pinAuth = CTAPCommandClientPIN.CreatePinAuthforChangePin(sharedSecret, newpin, currentpin); // newPinEnc: AES256-CBC(sharedSecret, IV = 0, newPin) byte[] newPinEnc = CTAPCommandClientPIN.CreateNewPinEnc(sharedSecret, newpin); // pinHashEnc: // Encrypted first 16 bytes of SHA - 256 hash of curPin using sharedSecret: // AES256-CBC(sharedSecret, IV = 0, LEFT(SHA-256(curPin), 16)). var pinHashEnc = CTAPCommandClientPIN.CreatePinHashEnc(currentpin, sharedSecret); var ret2 = await sendCommandandResponseAsync(new CTAPCommandClientPIN_changePIN(myKeyAgreement, pinAuth, newPinEnc, pinHashEnc), new CTAPResponseClientPIN()); return(new ResponseClientPIN(ret2.devSt, ret2.ctapRes)); }
/// <summary> /// CTAP-Command ClientPIN - getPINToken use PIN string /// </summary> public async Task <ResponseClientPIN_getPINToken> ClientPINgetPINTokenAsync(string pin) { var ret = await ClientPINgetKeyAgreementAsync(); if (ret.DeviceStatus != DeviceStatus.Ok || ret.CTAPResponse == null || ret.CTAPResponse.Status != 0) { return(new ResponseClientPIN_getPINToken(ret.DeviceStatus, ret.CTAPResponse)); } COSE_Key myKeyAgreement; var sharedSecret = CTAPCommandClientPIN.CreateSharedSecret(ret.CTAPResponse.KeyAgreement, out myKeyAgreement); var pinHashEnc = CTAPCommandClientPIN.CreatePinHashEnc(pin, sharedSecret); return(await ClientPINgetPINTokenAsync(myKeyAgreement, pinHashEnc, sharedSecret)); }