PinUvAuthProtocolBase Class

Namespace: Yubico.YubiKey.Fido2.PinProtocols Assembly: Yubico.YubiKey.dll

Base class for FIDO2 PIN/UV auth protocol implementations.

C#
public abstract class PinUvAuthProtocolBase
Inheritance object PinUvAuthProtocolBase
PinUvAuthProtocolOne
PinUvAuthProtocolTwo

Remarks

A PIN/UV auth protocol is a set of methods defined by the FIDO2 CTAP specification. The abstract interface is defined in section 6.5.4. As of FIDO 2.1, there are only two PIN protocols defined: protocol one and protocol two. These two implementations share some common code. The abstract interface as well as any shared code is defined by this class.

Properties

Name Description
AuthenticationKey

Gets the authentication key derived from the shared value computed during the call to Encapsulate(CoseKey). This can be the same as the EncryptionKey.
AuthenticatorPublicKey

The public key returned by the YubiKey.
EncryptionKey

Gets the encryption key derived from the shared value computed during the call to Encapsulate(CoseKey). This can be the same as the AuthenticationKey.
PlatformPublicKey

Gets the public key generated during the call to Encapsulate(CoseKey).
Protocol

Gets the identifier of the PIN / UV authentication protocol that this instance implements.

Methods

Name Description
Authenticate(byte[])

Returns the result of computing HMAC-SHA-256 on the given message using the AuthenticationKey. With protocol 1, the result is the first 16 bytes of the HMAC, and with protocol 2 it is the entire 32-byte result.
Authenticate(byte[], byte[])

Returns the result of computing HMAC-SHA-256 on the given message using the provided keyData. With protocol 1, the result is the first 16 bytes of the HMAC, and with protocol 2 it is the entire 32-byte result.
AuthenticateUsingPinToken(byte[], byte[])

Returns the result of computing HMAC-SHA-256 on the given message using the pinToken as the key. With protocol 1, the result is the first 16 bytes of the HMAC, and with protocol 2 it is the entire 32-byte result.
AuthenticateUsingPinToken(byte[], int, int, byte[])

Returns the result of computing HMAC-SHA-256 on the given message using the pinToken as the key. With protocol 1, the result is the first 16 bytes of the HMAC, and with protocol 2 it is the entire 32-byte result.
Decrypt(byte[], int, int)

Returns the AES-256-CBC decryption of ciphertext using an IV specified by the protocol and the EncryptionKey. With protocol 1 the IV is all 00 bytes. With protocol 2, it is the first block size bytes of ciphertext.
DeriveKeys(byte[])

The key derivation function to run while performing ECDH. This will derive both the EncryptionKey and the AuthenticationKey.
Dispose()

Release resources, overwrite sensitive data.
Dispose(bool)

Release resources, overwrite sensitive data.
Encapsulate(CoseKey)

Generates a new platform key pair and uses the private key along with the peerPublicKey to compute the shared value. It then derives the shared keys (encryption and authentication) from the shared value.
Encrypt(byte[], int, int)

Returns the AES-256-CBC encryption of plaintext using an IV specified by the protocol and the EncryptionKey. With protocol 1 the IV is all 00 bytes. With protocol 2, it is a new, random value.
Initialize()

This is run by the platform when starting a series of transactions with a specific authenticator.