/// <summary>
/// CTAP-Command ClientPIN - changePIN
/// </summary>
public async Task <ResponseClientPIN> ClientPINchangePINAsync(string newpin, string currentpin)
{
var ret = await ClientPINgetKeyAgreementAsync();
if (ret.DeviceStatus != DeviceStatus.Ok || ret.CTAPResponse == null || ret.CTAPResponse.Status != 0)
{
return(new ResponseClientPIN(ret.DeviceStatus, ret.CTAPResponse));
}
COSE_Key myKeyAgreement;
var sharedSecret = CTAPCommandClientPIN.CreateSharedSecret(ret.CTAPResponse.KeyAgreement, out myKeyAgreement);
// pinAuth:
// LEFT(HMAC-SHA-256(sharedSecret, newPinEnc || pinHashEnc), 16).
var pinAuth = CTAPCommandClientPIN.CreatePinAuthforChangePin(sharedSecret, newpin, currentpin);
// newPinEnc: AES256-CBC(sharedSecret, IV = 0, newPin)
byte[] newPinEnc = CTAPCommandClientPIN.CreateNewPinEnc(sharedSecret, newpin);
// pinHashEnc:
// Encrypted first 16 bytes of SHA - 256 hash of curPin using sharedSecret:
// AES256-CBC(sharedSecret, IV = 0, LEFT(SHA-256(curPin), 16)).
var pinHashEnc = CTAPCommandClientPIN.CreatePinHashEnc(currentpin, sharedSecret);
var ret2 = await sendCommandandResponseAsync(new CTAPCommandClientPIN_changePIN(myKeyAgreement, pinAuth, newPinEnc, pinHashEnc), new CTAPResponseClientPIN());
return(new ResponseClientPIN(ret2.devSt, ret2.ctapRes));
}
/// <summary>
/// CTAP-Command ClientPIN - getPINToken use PIN string
/// </summary>
public async Task <ResponseClientPIN_getPINToken> ClientPINgetPINTokenAsync(string pin)
{
var ret = await ClientPINgetKeyAgreementAsync();
if (ret.DeviceStatus != DeviceStatus.Ok || ret.CTAPResponse == null || ret.CTAPResponse.Status != 0)
{
return(new ResponseClientPIN_getPINToken(ret.DeviceStatus, ret.CTAPResponse));
}
COSE_Key myKeyAgreement;
var sharedSecret = CTAPCommandClientPIN.CreateSharedSecret(ret.CTAPResponse.KeyAgreement, out myKeyAgreement);
var pinHashEnc = CTAPCommandClientPIN.CreatePinHashEnc(pin, sharedSecret);
return(await ClientPINgetPINTokenAsync(myKeyAgreement, pinHashEnc, sharedSecret));
}
