Class PinUvAuthProtocolOne
- Namespace
- Yubico.YubiKey.Fido2.PinProtocols
- Assembly
- Yubico.YubiKey.dll
This class contains methods that perform the platform operations of FIDO2's PIN/UV auth protocol one.
public class PinUvAuthProtocolOne : PinUvAuthProtocolBase
- Inheritance
-
objectPinUvAuthProtocolOne
- Inherited Members
Constructors
PinUvAuthProtocolOne()
Constructs a new instance of PinUvAuthProtocolOne.
public PinUvAuthProtocolOne()
Methods
Authenticate(byte[])
Returns the result of computing HMAC-SHA-256 on the given message using the AuthenticationKey. With protocol 1, the result is the first 16 bytes of the HMAC, and with protocol 2 it is the entire 32-byte result.
public override byte[] Authenticate(byte[] message)
Parameters
message
byte[]The data to be authenticated.
Returns
- byte[]
A new byte array containing the authentication result.
Exceptions
- ArgumentNullException
The
message
argument is null.- InvalidOperationException
The object has been created or initialized, but the Encapsulate(CoseKey) method has not been called.
Authenticate(byte[], byte[])
Returns the result of computing HMAC-SHA-256 on the given message
using the provided keyData
. With protocol 1, the result is the
first 16 bytes of the HMAC, and with protocol 2 it is the entire
32-byte result.
protected override byte[] Authenticate(byte[] keyData, byte[] message)
Parameters
keyData
byte[]The key to use to authenticate.
message
byte[]The data to be authenticated.
Returns
- byte[]
A new byte array containing the authentication result.
Exceptions
- ArgumentNullException
The
keyData
ormessage
argument is null.
Decrypt(byte[], int, int)
Returns the AES-256-CBC decryption of ciphertext using an IV specified
by the protocol and the EncryptionKey. With protocol 1
the IV is all 00 bytes. With protocol 2, it is the first block size
bytes of ciphertext
.
public override byte[] Decrypt(byte[] ciphertext, int offset, int length)
Parameters
ciphertext
byte[]The data to decrypt.
offset
intThe offset in
ciphertext
where the method will begin decrypting.length
intThe number of bytes to decrypt.
Returns
- byte[]
A new byte array containing the decrypted data.
Remarks
Note that this method will verify that the input buffer, offset, and length are valid.
Exceptions
- ArgumentNullException
The
ciphertext
argument is null.- InvalidOperationException
The object has been created or initialized, but the Encapsulate(CoseKey) method has not been called.
- ArgumentException
The length of the
ciphertext
is not a multiple of the AES block size (16 bytes).
DeriveKeys(byte[])
The key derivation function to run while performing ECDH. This will derive both the EncryptionKey and the AuthenticationKey.
protected override void DeriveKeys(byte[] buffer)
Parameters
buffer
byte[]The shared value computed by ECDH.
Exceptions
- ArgumentNullException
The
buffer
argument is null.- InvalidOperationException
The HMAC with SHA-256 provider failed.
Dispose(bool)
Release resources, overwrite sensitive data.
protected override void Dispose(bool disposing)
Parameters
disposing
bool
Encrypt(byte[], int, int)
Returns the AES-256-CBC encryption of plaintext using an IV specified by the protocol and the EncryptionKey. With protocol 1 the IV is all 00 bytes. With protocol 2, it is a new, random value.
public override byte[] Encrypt(byte[] plaintext, int offset, int length)
Parameters
plaintext
byte[]The data to encrypt.
offset
intThe offset in
plaintext
where the method will begin encrypting.length
intThe number of bytes to encrypt.
Returns
- byte[]
A new byte array containing the encrypted data. With protocol 2, the ciphertext is actually the concatenation of the IV and the encrypted data.
Exceptions
- ArgumentNullException
The
plaintext
argument is null.- InvalidOperationException
The object has been created or initialized, but the Encapsulate(CoseKey) method has not been called.
- ArgumentException
The length of the
plaintext
is not a multiple of the AES block size (16 bytes).