public CTAPCommandClientPIN_changePIN(COSE_Key keyAgreement, byte[] pinAuth, byte[] newPinEnc, byte[] pinHashEnc) : base(ClientPINSubCommand.changePIN)
{
this.keyAgreement = keyAgreement;
this.pinAuth = pinAuth?.ToArray();
this.newPinEnc = newPinEnc?.ToArray();
this.pinHashEnc = pinHashEnc?.ToArray();
}
public static byte[] CreateSharedSecret(COSE_Key keyAgreement, out COSE_Key myKeyAgreement)
{
// sharedSecretを生成する(32byte)
byte[] bG_x, bG_y;
var sharedSecret = ECDH.CreateSharedSecret(keyAgreement.X, keyAgreement.Y, out bG_x, out bG_y);
myKeyAgreement = new COSE_Key(2, -7, 1, bG_x, bG_y);
return(sharedSecret);
}
public override void Parse(byte[] byteresponse)
{
var cbor = this.decodeFromBytes(byteresponse);
if (cbor == null)
{
return;
}
var obj = getObj(cbor, 0x01);
this.KeyAgreement = new COSE_Key(obj);
}
/// <summary>
/// CTAP-Command GetAssertion use PIN string
/// </summary>
public async Task <ResponseGetAssertion> GetAssertionAsync(CTAPCommandGetAssertionParam param, string pin)
{
byte[] pinAuth = null;
byte[] sharedSecret = null;
COSE_Key myKeyAgreement = null;
if (!string.IsNullOrEmpty(pin))
{
var token = await ClientPINgetPINTokenAsync(pin);
if (token.DeviceStatus != DeviceStatus.Ok || token.CTAPResponse == null || token.CTAPResponse.Status != 0)
{
return(new ResponseGetAssertion(token.DeviceStatus, token.CTAPResponse));
}
//The platform gets sharedSecret from the authenticator.
sharedSecret = CTAPCommandClientPIN.CreateSharedSecret(token.KeyAgreementPublicKey, out myKeyAgreement);
pinAuth = CTAPCommandClientPIN.CreatePinAuth(param.ClientDataHash, token.CTAPResponse.PinToken);
if (pinAuth == null)
{
return(new ResponseGetAssertion(token.DeviceStatus, token.CTAPResponse));
}
}
var ctapResponseGetAssertion = new CTAPResponseGetAssertion();
var ret = await sendCommandandResponseAsync(new CTAPCommandGetAssertion(param, pinAuth, myKeyAgreement, sharedSecret), ctapResponseGetAssertion);
//Resolve the hmac-secret extension
if (param.UseHmacExtension && ctapResponseGetAssertion.Assertion.ExtensionData?.Length > 0)
{
var data = ctapResponseGetAssertion.Assertion.ExtensionData;
var decoded = AES256CBC.Decrypt(sharedSecret, data.ToArray());
Logger.Log($"GOT SYMMETRIC KEY: {decoded.ToHexString()}");
}
return(new ResponseGetAssertion(ret.devSt, ret.ctapRes));
}
public CTAPCommandGetAssertion(CTAPCommandGetAssertionParam param, byte[] pinAuth, COSE_Key keyAgreement, byte[] sharedSecret)
{
this.param = param;
this.pinAuth = pinAuth?.ToArray();
this.keyAgreement = keyAgreement;
this.sharedSecret = sharedSecret;
}
/// <summary>
/// CTAP-Command ClientPIN - getPINToken
/// </summary>
public async Task <ResponseClientPIN_getPINToken> ClientPINgetPINTokenAsync(COSE_Key keyAgreement, byte[] pinHashEnc, byte[] sharedSecret)
{
var ret = await sendCommandandResponseAsync(new CTAPCommandClientPIN_getPINToken(keyAgreement, pinHashEnc), new CTAPResponseClientPIN_getPINToken(sharedSecret));
return(new ResponseClientPIN_getPINToken(ret.devSt, ret.ctapRes));
}
public CTAPCommandClientPIN_getPINToken(COSE_Key keyAgreement, byte[] pinHashEnc) : base(ClientPINSubCommand.getPINToken)
{
this.keyAgreement = keyAgreement;
this.pinHashEnc = pinHashEnc.ToArray();
}
public ResponseClientPIN_getPINToken(DeviceStatus devst, CTAPResponse ctapres, COSE_Key key) : base(devst, ctapres)
{
this.KeyAgreementPublicKey = key;
this.CTAPResponse = ctapres as CTAPResponseClientPIN_getPINToken;
}
