/// <summary>
/// CTAP-Command GetAssertion use PIN string
/// </summary>
public async Task <ResponseGetAssertion> GetAssertionAsync(CTAPCommandGetAssertionParam param, string pin)
{
byte[] pinAuth = null;
byte[] sharedSecret = null;
COSE_Key myKeyAgreement = null;
if (!string.IsNullOrEmpty(pin))
{
var token = await ClientPINgetPINTokenAsync(pin);
if (token.DeviceStatus != DeviceStatus.Ok || token.CTAPResponse == null || token.CTAPResponse.Status != 0)
{
return(new ResponseGetAssertion(token.DeviceStatus, token.CTAPResponse));
}
//The platform gets sharedSecret from the authenticator.
sharedSecret = CTAPCommandClientPIN.CreateSharedSecret(token.KeyAgreementPublicKey, out myKeyAgreement);
pinAuth = CTAPCommandClientPIN.CreatePinAuth(param.ClientDataHash, token.CTAPResponse.PinToken);
if (pinAuth == null)
{
return(new ResponseGetAssertion(token.DeviceStatus, token.CTAPResponse));
}
}
var ctapResponseGetAssertion = new CTAPResponseGetAssertion();
var ret = await sendCommandandResponseAsync(new CTAPCommandGetAssertion(param, pinAuth, myKeyAgreement, sharedSecret), ctapResponseGetAssertion);
//Resolve the hmac-secret extension
if (param.UseHmacExtension && ctapResponseGetAssertion.Assertion.ExtensionData?.Length > 0)
{
var data = ctapResponseGetAssertion.Assertion.ExtensionData;
var decoded = AES256CBC.Decrypt(sharedSecret, data.ToArray());
Logger.Log($"GOT SYMMETRIC KEY: {decoded.ToHexString()}");
}
return(new ResponseGetAssertion(ret.devSt, ret.ctapRes));
}
private void computePinToken()
{
PinToken = AES256CBC.Decrypt(sharedSecret, pinTokenEnc);
}