Thanks for the reply. I tend to stay away from using direct open source as it it always has some issue of IT USE TO WORK for some version of the environment.
SO here are my Questions as I am close to it working nicely. Just the last part.
This is sample APDU for authenticatorClientPIN (0x06) sub Command setPIN (0x03)
which is has CBORs shown in Diagnostic format:
Actually I am simply using the JCShell to drive th setPIN (also Python).
Select Applet
/send 00A4040008A0000006472F000100
Get Info
/send 80108000010400
Reset PIN
/send 80108000010700
Get keyAgreement
/send 801080000606a20102020200
/Send for Set PIN APDU excerpted 0x06 0x03
80 10 80 00 AA 06
A50102020303A5010203381820012158203D54DFBD6F303ECCCBE4CEA9BF84BFE29CF644C7BAE4CAA67C175A5DE58F37572258207CA5217BDF8BCB7FC930B522717E1F5036DD3C5DFDE75BF742E2F5E85C8198960458407B1B8402F6939A0BF1EE944432ABF7EA47E9EE2DDCECBCFCA962CD829279F03B68A0658F49706E40156AAB140587C7E74F2453CB11F53320BFAEFD5FABB37B1E0550F89DB093D711AB3C27D5DFBB53A091CE
CBORs A5
{
1: 2, # pinProtocol
2: 3, # sub command setPIN
3: { # COSkey
1: 2,
3: -25_0,
-1: 1,
-2: h'131bf204a8f2534ee14d0f97199456aac4b0fa043622edffe364ed3bb69a179e',
-3: h'fe373a34b4383b498b5787d71b83c5064a1b939e3723e8682c08a213cf816366',
},
4: h'e5b631e68a779f815781872864a33090 # 64 bytes newPINEnc
ceb92bb906d4a4e5333df2539f0d2e98',
5: h'18d9810ac098f66a5ba2928fbad01a74 #80 bytes pinAuth apparently
d646a5ad81d4dcd40a73c7e1b09bb7f
db1d40bb33b538a9169450e0b17951
1c2aa60abdbf22771be4879bc154281
fdda50a6ed110d8a703f807c384217e80830',
}
The quesiton is the newPINEnc and pinAuth.
#1
newPINEnc:
If my pin is "123456" well it says to pad to 64 bytes with 0x00 then
aes256_cbc_enc. Which returns a length of 64 bytes? Is that correct. Take the 123456 and add 0x00 to 64 bytes then process with the aes256 the (iv = b'\x00' * 16 # 16-byte IV of all zeroes)
As to the spec "Client to Authenticator Protocol (CTAP) Review Draft, March 21, 2023"
#2
pinAuth:
pinAuth= authenticate(sharedSecret, newPinEnc).
Computes a MAC of the given message 2023 Documentation
But the Fido Client Authenticator Protocol 2018 Documentation says
pinAuth = LEFT(HMAC-SHA-256(sharedSecret, newPinEnc), 16).
which means only 16 Bytes? But its 80 bytes?
SO what is it then?
#3
Also the shareSecret is based on the platform pirvatekey and the
public key of the Authentcator. Does it really matter how this is
created for test? In Python I can simply create a share key.
shared_secret = secrets.token_hex(16)
newPINenc = util.aes256_cbc_PadPIN64_encrypt(shared_secret.encode('utf-8'), pindata.encode('utf-8') )
auth = util.hmac_sha256_left_16(shared_secret.encode('utf-8'), newPINenc )
Certainly the Authenticator cannot tell that the platform derived shared secret is from platform pivateKey as it has no knowledge and no way to check that?
As I said I just want to drive this setPIN multiple time for testing rigor.
The Python code is simple, certainly will POST it with nice flags to print pretty CBOR
util.APDUhex("00a4040008a0000006472f0001","Select applet")
util.APDUhex("80108000010400","Get Info", cborflag=True)
util.APDUhex("80108000010700","Reset Card PIN")
util.APDUhex("801000000606A201020201","Get retries", cborflag=True)
util.APDUhex("801080000606a20102020200","Client PIN subcmd get keyAgreement",True)
pinSetAPDU = createCBORsetPIN(newPINenc, auth)
util.APDUhex(pinSetAPDU,"Client PIN subcmd SetPIN", checkflag=True);
Thanks in Advance.