コード例 #1
0
        public static byte[] CreatePinAuthforChangePin(byte[] sharedSecret, string newpin, string currentpin)
        {
            // new pin
            byte[] newPinEnc = null;
            {
                var newpin64 = PaddingPin64(newpin);
                newPinEnc = AES256CBC.Encrypt(sharedSecret, newpin64);
            }

            // current pin
            var currentPinHashEnc = CreatePinHashEnc(currentpin, sharedSecret);

            // source data
            var data = new List <byte>();

            data.AddRange(newPinEnc.ToArray());
            data.AddRange(currentPinHashEnc.ToArray());

            // HMAC-SHA-256(sharedSecret, newPinEnc)
            byte[] pinAuth;
            using (var hmacsha256 = new HMACSHA256(sharedSecret)) {
                var dgst = hmacsha256.ComputeHash(data.ToArray());
                pinAuth = dgst.ToList().Take(16).ToArray();
            }
            return(pinAuth);
        }
コード例 #2
0
        public static byte[] CreatePinAuthforSetPin(byte[] sharedSecret, string newpin)
        {
            var newpin64 = PaddingPin64(newpin);

            var newPinEnc = AES256CBC.Encrypt(sharedSecret, newpin64);

            // HMAC-SHA-256(sharedSecret, newPinEnc)
            byte[] pinAuth;
            using (var hmacsha256 = new HMACSHA256(sharedSecret)) {
                var dgst = hmacsha256.ComputeHash(newPinEnc);
                pinAuth = dgst.ToList().Take(16).ToArray();
            }
            return(pinAuth);
        }
コード例 #3
0
        public static byte[] CreatePinHashEnc(string pin, byte[] sharedSecret)
        {
            // AES256-CBC(sharedSecret, IV=0, LEFT(SHA-256(PIN), 16))

            // pinsha = SHA-256(PIN) ->32byte
            byte[] pinbyte = Encoding.ASCII.GetBytes(pin);
            byte[] pinsha  = null;

            using (var sha = new SHA256CryptoServiceProvider())
            {
                pinsha = sha.ComputeHash(pinbyte);
            }

            // pinsha16 = LEFT 16(pinsha)
            byte[] pinsha16 = pinsha.ToList().Skip(0).Take(16).ToArray();

            // pinHashEnc = AES256-CBC(sharedSecret, IV=0, pinsha16)
            //string key = Common.BytesToHexString(sharedSecret);
            //string data = Common.BytesToHexString(pinsha16);

            var pinHashEnc = AES256CBC.Encrypt(sharedSecret, pinsha16);

            return(pinHashEnc);
        }
コード例 #4
0
        public override byte[] CreatePayload()
        {
            var cbor = CBORObject.NewMap();

            // 0x01 : rpid
            cbor.Add(0x01, param.RpId);

            // 0x02 : clientDataHash
            cbor.Add(0x02, param.ClientDataHash);

            // 0x03 : allowList
            if (param.AllowList_CredentialId != null)
            {
                var pubKeyCredParams = CBORObject.NewMap();
                pubKeyCredParams.Add("id", param.AllowList_CredentialId);
                pubKeyCredParams.Add("type", "public-key");
                cbor.Add(0x03, CBORObject.NewArray().Add(pubKeyCredParams));
            }

            // 0x04 : extensions
            if (param.UseHmacExtension && this.keyAgreement != null)
            {
                var extensions = CBORObject.NewMap();
                var hmac       = CBORObject.NewMap();

                //keyAgreement(0x01): public key of platformKeyAgreementKey, "bG".
                hmac.Add(0x01, keyAgreement.ToCbor());

                //saltEnc(0x02): Encrypt one or two salts(Called salt1(32 bytes) and salt2(32 bytes))
                var saltEnc = AES256CBC.Encrypt(sharedSecret, salt);
                hmac.Add(0x02, saltEnc);

                //saltAuth(0x03): LEFT(HMAC-SHA-256(sharedSecret, saltEnc), 16).
                using (var hmacsha256 = new HMACSHA256(sharedSecret))
                {
                    var dgst = hmacsha256.ComputeHash(saltEnc);
                    hmac.Add(0x03, dgst.ToList().Take(16).ToArray());
                }

                extensions.Add("hmac-secret", hmac);
                cbor.Add(0x04, extensions);
            }

            // 0x05 : options
            if (param.Option_up || param.Option_uv)
            {
                var opt = CBORObject.NewMap();
                if (param.Option_up)
                {
                    opt.Add("up", param.Option_up);
                }
                if (param.Option_uv)
                {
                    opt.Add("uv", param.Option_uv);
                }
                cbor.Add(0x05, opt);
            }

            if (pinAuth != null)
            {
                // pinAuth(0x06)
                cbor.Add(0x06, pinAuth);
                // 0x07:pinProtocol
                cbor.Add(0x07, 1);
            }

            return(create(CTAPCommandType.authenticatorGetAssertion, cbor));
        }
コード例 #5
0
 private static byte[] createNewPinEnc(byte[] sharedSecret, byte[] newpin64)
 {
     byte[] newPinEnc = AES256CBC.Encrypt(sharedSecret, newpin64);
     return(newPinEnc);
 }