public static byte[] CreatePinAuthforChangePin(byte[] sharedSecret, string newpin, string currentpin) { // new pin byte[] newPinEnc = null; { var newpin64 = PaddingPin64(newpin); newPinEnc = AES256CBC.Encrypt(sharedSecret, newpin64); } // current pin var currentPinHashEnc = CreatePinHashEnc(currentpin, sharedSecret); // source data var data = new List <byte>(); data.AddRange(newPinEnc.ToArray()); data.AddRange(currentPinHashEnc.ToArray()); // HMAC-SHA-256(sharedSecret, newPinEnc) byte[] pinAuth; using (var hmacsha256 = new HMACSHA256(sharedSecret)) { var dgst = hmacsha256.ComputeHash(data.ToArray()); pinAuth = dgst.ToList().Take(16).ToArray(); } return(pinAuth); }
public static byte[] CreatePinAuthforSetPin(byte[] sharedSecret, string newpin) { var newpin64 = PaddingPin64(newpin); var newPinEnc = AES256CBC.Encrypt(sharedSecret, newpin64); // HMAC-SHA-256(sharedSecret, newPinEnc) byte[] pinAuth; using (var hmacsha256 = new HMACSHA256(sharedSecret)) { var dgst = hmacsha256.ComputeHash(newPinEnc); pinAuth = dgst.ToList().Take(16).ToArray(); } return(pinAuth); }
public static byte[] CreatePinHashEnc(string pin, byte[] sharedSecret) { // AES256-CBC(sharedSecret, IV=0, LEFT(SHA-256(PIN), 16)) // pinsha = SHA-256(PIN) ->32byte byte[] pinbyte = Encoding.ASCII.GetBytes(pin); byte[] pinsha = null; using (var sha = new SHA256CryptoServiceProvider()) { pinsha = sha.ComputeHash(pinbyte); } // pinsha16 = LEFT 16(pinsha) byte[] pinsha16 = pinsha.ToList().Skip(0).Take(16).ToArray(); // pinHashEnc = AES256-CBC(sharedSecret, IV=0, pinsha16) //string key = Common.BytesToHexString(sharedSecret); //string data = Common.BytesToHexString(pinsha16); var pinHashEnc = AES256CBC.Encrypt(sharedSecret, pinsha16); return(pinHashEnc); }
public override byte[] CreatePayload() { var cbor = CBORObject.NewMap(); // 0x01 : rpid cbor.Add(0x01, param.RpId); // 0x02 : clientDataHash cbor.Add(0x02, param.ClientDataHash); // 0x03 : allowList if (param.AllowList_CredentialId != null) { var pubKeyCredParams = CBORObject.NewMap(); pubKeyCredParams.Add("id", param.AllowList_CredentialId); pubKeyCredParams.Add("type", "public-key"); cbor.Add(0x03, CBORObject.NewArray().Add(pubKeyCredParams)); } // 0x04 : extensions if (param.UseHmacExtension && this.keyAgreement != null) { var extensions = CBORObject.NewMap(); var hmac = CBORObject.NewMap(); //keyAgreement(0x01): public key of platformKeyAgreementKey, "bG". hmac.Add(0x01, keyAgreement.ToCbor()); //saltEnc(0x02): Encrypt one or two salts(Called salt1(32 bytes) and salt2(32 bytes)) var saltEnc = AES256CBC.Encrypt(sharedSecret, salt); hmac.Add(0x02, saltEnc); //saltAuth(0x03): LEFT(HMAC-SHA-256(sharedSecret, saltEnc), 16). using (var hmacsha256 = new HMACSHA256(sharedSecret)) { var dgst = hmacsha256.ComputeHash(saltEnc); hmac.Add(0x03, dgst.ToList().Take(16).ToArray()); } extensions.Add("hmac-secret", hmac); cbor.Add(0x04, extensions); } // 0x05 : options if (param.Option_up || param.Option_uv) { var opt = CBORObject.NewMap(); if (param.Option_up) { opt.Add("up", param.Option_up); } if (param.Option_uv) { opt.Add("uv", param.Option_uv); } cbor.Add(0x05, opt); } if (pinAuth != null) { // pinAuth(0x06) cbor.Add(0x06, pinAuth); // 0x07:pinProtocol cbor.Add(0x07, 1); } return(create(CTAPCommandType.authenticatorGetAssertion, cbor)); }
private static byte[] createNewPinEnc(byte[] sharedSecret, byte[] newpin64) { byte[] newPinEnc = AES256CBC.Encrypt(sharedSecret, newpin64); return(newPinEnc); }