public static async Task <bool> Polling(int timeoutms = 10000)
{
var result = await Task <bool> .Run(async() => {
for (int counter = 0; counter < timeoutms;)
{
int waitms = 500;
DevParam devParam = DevParam.GetDefaultParams();
var st = await gebo.CTAP2.WebAuthnModokiDesktop.Credentials.Info(devParam);
if (st.isSuccess)
{
string log = "";
if (st.Dev == InfoCommandStatus.DevType.HID)
{
log = st.HidInfo;
}
else
{
log = st.NfcInfo;
}
Console.WriteLine(log);
log = string.Format($"PIN Retry Count = {st.PinRetryCount}");
Console.WriteLine(log);
return(true);
}
await Task.Delay(waitms);
counter = counter + waitms;
}
return(false);
});
return(result);
}
public static async Task <CreateCommandStatus> Create(DevParam devParam, string publickeyJson, string pin = "")
{
try {
var publickey = JsonConvert.DeserializeObject <PublicKeyforCreate>(publickeyJson);
publickey.pin = pin;
return(await Create(devParam, publickey));
} catch (Exception ex) {
var status = new CreateCommandStatus();
status.msg = ex.Message.ToString();
return(status);
}
}
internal static async Task <string> WriteRec(string rpid, string pin, DataRecord rec)
{
string result = "";
try {
result = await Task <string> .Run(async() => {
byte[] challenge = System.Text.Encoding.ASCII.GetBytes("this is challenge");
byte[] userid = new byte[] { rec.recno, rec.filler };
userid = userid.ToList().Concat(rec.data1).ToArray();
string username = (rec.data2 == null) ? "" : gebo.CTAP2.Common.BytesToHexString(rec.data2);
string userdisplayname = (rec.data3 == null) ? "" : gebo.CTAP2.Common.BytesToHexString(rec.data3);
DevParam devParam = DevParam.GetDefaultParams();
var publickey = new PublicKeyforCreate();
{
publickey.pin = pin;
publickey.rp = new PublicKeyforCreate.Rp();
publickey.rp.id = rpid;
publickey.rp.name = rpid;
publickey.user = new PublicKeyforCreate.User();
publickey.user.id_bytearray = (byte[])userid.Clone();
publickey.user.name = username;
publickey.user.displayName = userdisplayname;
// rk
publickey.authenticatorSelection.requireResidentKey = true;
// uv
publickey.authenticatorSelection.userVerification = UserVerificationRequirement.discouraged;
// challenge
publickey.challenge = (byte[])challenge.Clone();
}
var ret = await gebo.CTAP2.WebAuthnModokiDesktop.Credentials.Create(devParam, publickey);
if (ret.isSuccess == false)
{
return(ret.msg);
}
return("Success");
});
} catch (Exception ex) {
result = ex.Message;
} finally {
}
return(result);
}
public static async Task <CommandStatus> ChangePin(DevParam devParam, string newpin, string currentpin)
{
var status = new CommandStatus();
try {
var ctap = new CTAPauthenticatorClientPIN();
var st = await ctap.GetKeyAgreement(devParam);
status.commands.Add(new CommandStatus.CommandInfo(ctap, st));
if (st.Status != 0)
{
throw (new Exception("GetKeyAgreement"));
}
var sharedSecret = ctap.createSharedSecret(ctap.Authenticator_KeyAgreement);
// pinAuth:
// LEFT(HMAC-SHA-256(sharedSecret, newPinEnc || pinHashEnc), 16).
var pinAuth = ctap.createPinAuthforChangePin(sharedSecret, newpin, currentpin);
// newPinEnc: AES256-CBC(sharedSecret, IV = 0, newPin)
byte[] newPinEnc = ctap.createNewPinEnc(sharedSecret, newpin);
// pinHashEnc:
// Encrypted first 16 bytes of SHA - 256 hash of curPin using sharedSecret:
// AES256-CBC(sharedSecret, IV = 0, LEFT(SHA-256(curPin), 16)).
var pinHashEnc = ctap.createPinHashEnc(currentpin, sharedSecret);
var st2 = await ctap.ChangePIN(devParam, pinAuth, newPinEnc, pinHashEnc);
status.commands.Add(new CommandStatus.CommandInfo(ctap, st2));
if (st2.Status != 0)
{
throw (new Exception("ChangePIN"));
}
status.isSuccess = true;
} catch (Exception ex) {
status.setErrorMsg(ex);
}
return(status);
}
public static async Task <CommandStatus> SetPin(DevParam devParam, string newpin)
{
var status = new CommandStatus();
try {
var ctap = new CTAPauthenticatorClientPIN();
var st = await ctap.GetKeyAgreement(devParam);
status.commands.Add(new CommandStatus.CommandInfo(ctap, st));
if (st.Status != 0)
{
throw (new Exception("GetKeyAgreement"));
}
var sharedSecret = ctap.createSharedSecret(ctap.Authenticator_KeyAgreement);
// pinAuth = LEFT(HMAC-SHA-256(sharedSecret, newPinEnc), 16)
var pinAuth = ctap.createPinAuthforSetPin(sharedSecret, newpin);
// newPinEnc: AES256-CBC(sharedSecret, IV = 0, newPin)
byte[] newPinEnc = ctap.createNewPinEnc(sharedSecret, newpin);
var st2 = await ctap.SetPIN(devParam, pinAuth, newPinEnc);
status.commands.Add(new CommandStatus.CommandInfo(ctap, st2));
if (st2.Status != 0)
{
throw (new Exception("SetPIN"));
}
status.isSuccess = true;
} catch (Exception ex) {
status.setErrorMsg(ex);
}
return(status);
}
public static async Task <InfoCommandStatus> Info(DevParam devParam)
{
var status = new InfoCommandStatus();
try {
// hid
if (devParam.hidparams != null)
{
var ret = Credentials.HidCheck(devParam.hidparams);
status.HidInfo = ret.msg;
}
// nfc
if (devParam.nfcparams != null)
{
var ret = Credentials.NfcCheck(devParam.nfcparams);
status.NfcInfo = ret.msg;
}
// getinfo
{
var ctap = new CTAPauthenticatorGetInfo();
var ret = await ctap.SendAndResponse(devParam);
status.commands.Add(new CommandStatus.CommandInfo(ctap, ret));
if (ret.Status != 0)
{
throw (new Exception("GetInfo"));
}
status.AuthenticatorInfo = ret;
if (ret.DevType == 1)
{
status.Dev = InfoCommandStatus.DevType.HID;
}
else if (ret.DevType == 2)
{
status.Dev = InfoCommandStatus.DevType.NFC;
}
else
{
status.Dev = InfoCommandStatus.DevType.Unknown;
}
}
// retry
if (status.AuthenticatorInfo.Option_clientPin == CTAPResponseInfo.OptionFlag.present_and_set_to_true)
{
var ctap = new CTAPauthenticatorClientPIN();
var ret = await ctap.GetRetries(devParam);
status.commands.Add(new CommandStatus.CommandInfo(ctap, ret));
if (ret.Status != 0)
{
throw (new Exception("GetRetries"));
}
status.PinRetryCount = ctap.RetryCount;
}
status.isSuccess = true;
} catch (Exception ex) {
status.setErrorMsg(ex);
}
return(status);
}
internal static async Task <ReadData> ReadRecs(string rpid, string pin)
{
ReadData result;
try {
result = await Task <ReadData> .Run(async() => {
var readData = new ReadData();
byte[] challenge = System.Text.Encoding.ASCII.GetBytes("this is challenge");
DevParam devParam = DevParam.GetDefaultParams();
var publickey = new PublicKeyforGet();
{
publickey.pin = pin;
publickey.rpId = rpid;
publickey.challenge = (byte[])challenge.Clone();
publickey.requireUserPresence = false;
if (string.IsNullOrEmpty(pin))
{
publickey.userVerification = UserVerificationRequirement.required;
}
else
{
publickey.userVerification = UserVerificationRequirement.discouraged;
}
}
var ret = await gebo.CTAP2.WebAuthnModokiDesktop.Credentials.Get(devParam, publickey);
if (ret.isSuccess == false)
{
readData.isSuccess = false;
readData.msg = ret.msg;
return(readData);
}
// dataList
var dataList = new List <CmdExecuter.DataRecord>();
foreach (var assertion in ret.assertions)
{
dataList.Add(new CmdExecuter.DataRecord(assertion.User_Id, assertion.User_Name, assertion.User_DisplayName));
}
dataList = dataList.OrderBy(x => x.recno).ToList();
// data
readData.data = new byte[0];
foreach (var data in dataList)
{
var tmp = data.data2.ToList().Concat(data.data3).ToList();
readData.data = readData.data.ToList().Concat(tmp).ToArray();
}
// to string
try {
var tmp = System.Text.Encoding.ASCII.GetString(readData.data).ToString();
readData.strdata = tmp.TrimEnd('\0');
} catch {
}
readData.isSuccess = true;
readData.msg = "Success";
return(readData);
});
} finally {
}
return(result);
}
public static async Task <CreateCommandStatus> Create(DevParam devParam, PublicKeyforCreate publickey)
{
var status = new CreateCommandStatus();
try {
if (publickey.rp == null || publickey.user == null || publickey.challenge == null)
{
throw (new Exception("Param Error"));
}
var ctap = new CTAPauthenticatorMakeCredential();
ctap.RpId = publickey.rp.id;
ctap.RpName = publickey.rp.name;
ctap.UserId = publickey.user.id;
ctap.UserId_bytearray = publickey.user.id_bytearray;
ctap.UserName = publickey.user.name;
ctap.UserDisplayName = publickey.user.displayName;
ctap.ClientDataHash = CTAPauthenticator.CreateClientDataHash(publickey.challenge);
ctap.TimeoutMs = publickey.timeout;
ctap.Option_rk = publickey.authenticatorSelection.requireResidentKey;
if (publickey.authenticatorSelection.userVerification == UserVerificationRequirement.discouraged)
{
ctap.Option_uv = false;
}
else
{
ctap.Option_uv = true;
}
if (publickey.pin.Length > 0)
{
string pin = publickey.pin;
var ctap2 = new CTAPauthenticatorClientPIN();
var st1 = await ctap2.GetKeyAgreement(devParam);
status.commands.Add(new CommandStatus.CommandInfo(ctap2, st1));
if (st1.Status != 0)
{
throw (new Exception("GetKeyAgreement"));
}
var sharedSecret = ctap2.createSharedSecret(ctap2.Authenticator_KeyAgreement);
var pinHashEnc = ctap2.createPinHashEnc(pin, sharedSecret);
var token = await ctap2.GetPINToken(devParam, pinHashEnc);
status.commands.Add(new CommandStatus.CommandInfo(ctap2, token));
if (token.Status != 0)
{
throw (new Exception("GetPINToken"));
}
ctap.PinAuth = ctap2.createPinAuth(sharedSecret, ctap.ClientDataHash, token.PinTokenEnc);
}
var att = await ctap.SendAndResponse(devParam);
status.commands.Add(new CommandStatus.CommandInfo(ctap, att));
if (att.Status != 0)
{
throw (new Exception("MakeCredential"));
}
status.attestation = att;
status.isSuccess = true;
} catch (Exception ex) {
status.setErrorMsg(ex);
}
return(status);
}
public MainWindow()
{
InitializeComponent();
devParam = DevParam.GetDefaultParams();
}
public static async Task <GetCommandStatus> Get(DevParam devParam, PublicKeyforGet publickey)
{
var status = new GetCommandStatus();
try {
string rpid = publickey.rpId;
var ctap = new CTAPauthenticatorGetAssertion();
ctap.RpId = rpid;
ctap.ClientDataHash = CTAPauthenticator.CreateClientDataHash(publickey.challenge);
ctap.Timeout = publickey.timeout;
// credential-id
if (publickey.allowCredentials != null &&
publickey.allowCredentials.Count > 0 &&
publickey.allowCredentials[0] != null &&
publickey.allowCredentials[0].id != null &&
publickey.allowCredentials[0].id.Length > 0)
{
ctap.AllowList_CredentialId = publickey.allowCredentials[0].id;
}
ctap.Option_up = publickey.requireUserPresence;
if (publickey.userVerification == UserVerificationRequirement.discouraged)
{
ctap.Option_uv = false;
}
else
{
ctap.Option_uv = true;
}
// pin
if (publickey.pin.Length > 0)
{
string pin = publickey.pin;
var ctap2 = new CTAPauthenticatorClientPIN();
var st1 = await ctap2.GetKeyAgreement(devParam);
status.commands.Add(new CommandStatus.CommandInfo(ctap2, st1));
if (st1.Status != 0)
{
throw (new Exception("GetKeyAgreement"));
}
var sharedSecret = ctap2.createSharedSecret(ctap2.Authenticator_KeyAgreement);
var pinHashEnc = ctap2.createPinHashEnc(pin, sharedSecret);
var token = await ctap2.GetPINToken(devParam, pinHashEnc);
status.commands.Add(new CommandStatus.CommandInfo(ctap2, token));
if (token.Status != 0)
{
throw (new Exception("GetPINToken"));
}
ctap.PinAuth = ctap2.createPinAuth(sharedSecret, ctap.ClientDataHash, token.PinTokenEnc);
}
var ret = await ctap.SendAndResponse(devParam);
status.commands.Add(new CommandStatus.CommandInfo(ctap, ret));
if (ret.Status != 0)
{
throw (new Exception("GetAssertion"));
}
status.assertions.Add(ret);
if (ret.NumberOfCredentials > 0)
{
for (int intIc = 0; intIc < ret.NumberOfCredentials - 1; intIc++)
{
var next = new CTAPauthenticatorGetNextAssertion();
var nextret = await next.SendAndResponse(devParam);
status.commands.Add(new CommandStatus.CommandInfo(next, nextret));
if (ret.Status != 0)
{
throw (new Exception("GetNextAssertion"));
}
status.assertions.Add(nextret);
}
}
// uv=trueでリクエストしてuvされていなければエラー
if (ctap.Option_uv)
{
if (ret.Flags_UserVerifiedResult == false)
{
throw (new Exception("UserVerifiedResult False"));
}
}
status.isSuccess = true;
} catch (Exception ex) {
status.setErrorMsg(ex);
}
return(status);
}
