testSharedPIN() method, pushTempBuffer() method, passport.jar, passport.exp

8906f0a4 · Josh Ji · 3007aeb3 · 8906f0a4 · 8906f0a4 · 8906f0a4
Commit 8906f0a4 authored Aug 18, 2022 by Josh Ji
12 changed files
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -7,4 +7,7 @@
  <component name="ProjectRootManager" version="2" languageLevel="JDK_11" default="true" project-jdk-name="11" project-jdk-type="JavaSDK">
    <output url="file://$PROJECT_DIR$/out" />
  </component>
+  <component name="ProjectType">
+    <option name="id" value="jpab" />
+  </component>
 </project>
\ No newline at end of file
--- a/build.gradle
+++ b/build.gradle
@@ -37,6 +37,12 @@ javacard{
                className 'com.josh.vku2f.CTAP2'
                aid 'A0000006472F0001'
            }
+            dependencies{
+                local {// 這邊的路徑建議用絕對路徑
+                    exps 'C:\\Users\\josh2\\Documents\\GitLab\\EID\\Fido2Applet\\lib\\javacard\\applet.exp'
+                    jar 'C:\\Users\\josh2\\Documents\\GitLab\\EID\\Fido2Applet\\lib\\javacard\\applet.exp\\passport.jar'
+                }
+            }
        }
    }

--- a/lib/javacard/applet.cap
+++ b/lib/javacard/applet.cap
--- a/lib/javacard/applet.exp/josh/passport/javacard/passport.exp
+++ b/lib/javacard/applet.exp/josh/passport/javacard/passport.exp
--- a/lib/javacard/applet.exp/passport.jar
+++ b/lib/javacard/applet.exp/passport.jar
--- a/lib/javacard/applet.jca
+++ b/lib/javacard/applet.jca
--- a/src/main/java/com/josh/vku2f/AuthenticatorGetAssertion.java
+++ b/src/main/java/com/josh/vku2f/AuthenticatorGetAssertion.java
@@ -75,7 +75,7 @@ public class AuthenticatorGetAssertion {
                        // Read the map. It has 2 things in it.
                        vars[3] = decoder.readMajorType(CBORBase.TYPE_MAP);
                        if(vars[3] != 2) {
-                            UserException.throwIt(CTAP2_ERR_INVALID_CBOR);
+                            UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_INVALID_CBOR);
                            break;
                        }
                        for(vars[5] = 0; vars[5] < (short) 2; vars[5]++) {
@@ -90,7 +90,7 @@ public class AuthenticatorGetAssertion {
                                // It doesn't matter what it is, just check it's string and exists.
                            } else {
                                // If it's not these two, throw an error
-                                UserException.throwIt(CTAP2_ERR_INVALID_CBOR);
+                                UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_INVALID_CBOR);
                                break;
                            }
                        }
@@ -121,7 +121,7 @@ public class AuthenticatorGetAssertion {
                    // Pin UV Auth Param // 0x06
                    pinUvAuthParam = new byte[16];
                    if(decoder.readByteString(pinUvAuthParam, (short)0 ) < (short)16)
-                        UserException.throwIt(CTAP2_ERR_PIN_INVALID);
+                        UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_PIN_INVALID);
                    break;
                case 0x07:
                    // Pin protocol
@@ -135,7 +135,7 @@ public class AuthenticatorGetAssertion {
        }
        // We should check we have our "mandatory" options
        if(rpId == null || clientDataHash == null) {
-            UserException.throwIt(CTAP2_ERR_MISSING_PARAMETER);
+            UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_MISSING_PARAMETER);
        }
        // Good to go I guess

--- a/src/main/java/com/josh/vku2f/AuthenticatorMakeCredential.java
+++ b/src/main/java/com/josh/vku2f/AuthenticatorMakeCredential.java
@@ -83,7 +83,7 @@ public class AuthenticatorMakeCredential {
                    len2 = decoder.readMajorType(CBORBase.TYPE_MAP);
                    // If less than 2, error
                    if (len2 < (short) 2) {
-                        UserException.throwIt(CTAP2_ERR_INVALID_CBOR);
+                        UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_INVALID_CBOR);
                    }
                    // Read the map iteratively
                    for (short j = 0; j < len2; j++) {
@@ -165,7 +165,7 @@ public class AuthenticatorMakeCredential {
                        // Read the map length - should be 2
                        short len3 = decoder.readMajorType(CBORBase.TYPE_MAP);
                        if(len3 != 2) {
-                            UserException.throwIt(CTAP2_ERR_INVALID_CBOR);
+                            UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_INVALID_CBOR);
                        }
                        // Iterate over the map
                        for (short k = 0; k < (short) 2; k++) {
@@ -199,10 +199,10 @@ public class AuthenticatorMakeCredential {
                                // Check it
                                decoder.readTextString(scratch1, (short) 0);
                                if(Util.arrayCompare(scratch1, (short) 0, Utf8Strings.UTF8_PUBLIC_KEY, (short) 0, (short) 10) != (byte) 0) {
-                                    UserException.throwIt(CTAP2_ERR_UNSUPPORTED_ALGORITHM);
+                                    UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_UNSUPPORTED_ALGORITHM);
                                }
                            } else {
-                                UserException.throwIt(CTAP2_ERR_INVALID_CBOR);
+                                UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_INVALID_CBOR);
                            }
                        }
                        // Done
@@ -218,7 +218,7 @@ public class AuthenticatorMakeCredential {
                        // Read the map. It has 2 things in it.
                        short len3 = decoder.readMajorType(CBORBase.TYPE_MAP);
                        if (len3 != 2) {
-                            UserException.throwIt(CTAP2_ERR_INVALID_CBOR);
+                            UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_INVALID_CBOR);
                        }
                        // Parse it, properly
                        for(short k = 0; k < (short) 2; k++) {
@@ -233,7 +233,7 @@ public class AuthenticatorMakeCredential {
                                // It doesn't matter what it is, just check it's string and exists.
                            } else {
                                // If it's not these two, throw an error
-                                UserException.throwIt(CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
+                                UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
                                break;
                            }
                        }
@@ -245,7 +245,7 @@ public class AuthenticatorMakeCredential {
                    // Parse the two rk and uv objects
                    // Read the map
                    if(decoder.getMajorType() != CBORBase.TYPE_MAP) {
-                        UserException.throwIt(CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
+                        UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
                        break;
                    }
                    len2 = decoder.readMajorType(CBORBase.TYPE_MAP);
@@ -263,7 +263,7 @@ public class AuthenticatorMakeCredential {
                            decoder.readBoolean();
                        } else if (Util.arrayCompare(scratch1, (short) 0, Utf8Strings.UTF8_UP, (short) 0, (short) 2) == (short) 0) {
                            // Error out
-                            UserException.throwIt(CTAP2_ERR_INVALID_OPTION);
+                            UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_INVALID_OPTION);
                            break;
                        } else {
                            // Skip it
@@ -278,7 +278,7 @@ public class AuthenticatorMakeCredential {
                    // So check it's a map and skip
                    // TODO implement prlab extensions
                    if(decoder.getMajorType() != CBORBase.TYPE_MAP) {
-                        UserException.throwIt(CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
+                        UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
                        break;
                    }
                    decoder.skipEntry();
@@ -286,7 +286,7 @@ public class AuthenticatorMakeCredential {
                case (short)8: // pinUvAuthToken
                    pinUvAuthParam = new byte[16];
                    if(decoder.readByteString(pinUvAuthParam, (short)0 ) < (short)16)
-                        UserException.throwIt(CTAP2_ERR_PIN_INVALID);
+                        UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_PIN_INVALID);
                    break;
                case (short)9: // pinProtocol
                    short pinProtocol = decoder.readInt8();
@@ -301,11 +301,11 @@ public class AuthenticatorMakeCredential {
        }
        if(pinUvAuthParam == null){
-            UserException.throwIt(CTAP2_ERR_PIN_INVALID);
+            UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_PIN_INVALID);
        }
        // Check we've got stuff like the clientDataHash
        if(dataHash == null || rp == null || user == null || params == null) {
-            UserException.throwIt(CTAP2_ERR_MISSING_PARAMETER);
+            UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_MISSING_PARAMETER);
        }

--- a/src/main/java/com/josh/vku2f/CTAP2.java
+++ b/src/main/java/com/josh/vku2f/CTAP2.java
@@ -27,7 +27,6 @@ import javacard.framework.Util;
 import javacard.security.*;
 import javacardx.apdu.ExtendedLength;
-import static com.josh.vku2f.CTAP2ErrorCode.*;
 import static com.josh.vku2f.ClientPINSubCommand.*;
 public class CTAP2 extends Applet implements ExtendedLength {
@@ -176,7 +175,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 		// Check CLA
 		if (!apdu.isCommandChainingCLA() && apdu.isISOInterindustryCLA()) {
-			ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
+//			ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
 		}
 		JCSystem.requestObjectDeletion();
 		switch (buffer[ISO7816.OFFSET_INS]) {
@@ -220,7 +219,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 		tempVars[3] = apdu.getIncomingLength();
 		// Check if the APDU is too big, we only handle 1200 byte
 		if (tempVars[3] > 1200) {
-			returnError(apdu, CTAP2_ERR_REQUEST_TOO_LARGE);
+			returnError(apdu, CTAP2ErrorCode.CTAP2_ERR_REQUEST_TOO_LARGE);
 			return 0;
 		}
 		// Check what we need to do re APDU buffer, is it full (special case for 1 len)
@@ -340,7 +339,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 				getCert(apdu);
 				break;
 			default:
-				returnError(apdu, CTAP1_ERR_INVALID_COMMAND);
+				returnError(apdu, CTAP2ErrorCode.CTAP1_ERR_INVALID_COMMAND);
 		}
 	}
@@ -348,9 +347,9 @@ public class CTAP2 extends Applet implements ExtendedLength {
 	private void personalizationComplete(APDU apdu) {
 		if (attestationKeyPair.isCertSet() && !personalizeComplete) {
 			personalizeComplete = true;
-			returnError(apdu, CTAP1_ERR_SUCCESS);
+			returnError(apdu, CTAP2ErrorCode.CTAP1_ERR_SUCCESS);
 		} else {
-			returnError(apdu, CTAP1_ERR_INVALID_COMMAND);
+			returnError(apdu, CTAP2ErrorCode.CTAP1_ERR_INVALID_COMMAND);
 		}
 	}
@@ -361,7 +360,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 	 */
 	private void getAttestPublic(APDU apdu) {
 		if (personalizeComplete) {
-			returnError(apdu, CTAP1_ERR_INVALID_COMMAND);
+			returnError(apdu, CTAP2ErrorCode.CTAP1_ERR_INVALID_COMMAND);
 			return;
 		}
 		dataBuffer[0] = 0x00;
@@ -448,7 +447,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 	 * dump secrets
 	 */
 	private void dumpIDSecret(APDU apdu) {
-		tempVars[0] = idSecret.dump(dataBuffer, cborEncoder);
+		tempVars[0] = idSecret.dump(apdu.getBuffer(), dataBuffer, cborEncoder);
 //        apdu.setOutgoing();
 //        apdu.setOutgoingLength(tempVars[0]);
 //        apdu.sendBytesLong(dataBuffer, (short)0, tempVars[0]);
@@ -463,7 +462,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 	 */
 	public void attestSignRaw(APDU apdu, short bufLen) {
 		if (personalizeComplete) {
-			returnError(apdu, CTAP1_ERR_INVALID_COMMAND);
+			returnError(apdu, CTAP2ErrorCode.CTAP1_ERR_INVALID_COMMAND);
 			return;
 		}
 		Util.arrayCopy(dataBuffer, (short) 1, scratch, (short) 0, (short) (bufLen - 1));
@@ -476,7 +475,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 	public void attestSetCert(APDU apdu, short bufLen) {
 		if (personalizeComplete) {
-			returnError(apdu, CTAP1_ERR_INVALID_COMMAND);
+			returnError(apdu, CTAP2ErrorCode.CTAP1_ERR_INVALID_COMMAND);
 			return;
 		}
 		// We don't actually use any CBOR here, simplify copying
@@ -492,7 +491,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 	public void authMakeCredential(APDU apdu, short bufLen) {
 		if (pinRetries < (short) 1) {
-			returnError(apdu, CTAP2_ERR_PIN_AUTH_BLOCKED);
+			returnError(apdu, CTAP2ErrorCode.CTAP2_ERR_PIN_AUTH_BLOCKED);
 			return;
 		}
@@ -518,12 +517,12 @@ public class CTAP2 extends Applet implements ExtendedLength {
 				tempCredential = new StoredPS256Credential(authenticatorMakeCredential);
 				break;
 			default:
-				returnError(apdu, CTAP2_ERR_UNSUPPORTED_ALGORITHM);
+				returnError(apdu, CTAP2ErrorCode.CTAP2_ERR_UNSUPPORTED_ALGORITHM);
 				return;
 		}
 		if (authenticatorMakeCredential.isResident()) {
-			idSecret.writeTempBuffer(pinUvAuthProtocolOne.authenticate(pinToken, authenticatorMakeCredential.getDataHash()), (short) 0);
+//			idSecret.writeTempBuffer(pinUvAuthProtocolOne.authenticate(pinToken, authenticatorMakeCredential.getDataHash()), (short) 0);
-			idSecret.writeTempBuffer(authenticatorMakeCredential.getPinUvAuthParam(), (short) 64);
+//			idSecret.writeTempBuffer(authenticatorMakeCredential.getPinUvAuthParam(), (short) 64);
 			// verify the pin UV Auth token
 			if (pinUvAuthProtocolOne.verify(
@@ -535,7 +534,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 				pinRetries = MAX_PIN_RETRIES;
 			} else {
 				pinRetries--;
-				returnError(apdu, CTAP2_ERR_PIN_AUTH_INVALID);
+				returnError(apdu, CTAP2ErrorCode.CTAP2_ERR_PIN_AUTH_INVALID);
 				return;
 			}
@@ -543,7 +542,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 			// Check if a credential exists on the excluded list
 			if (authenticatorMakeCredential.isExclude() && isPresent(authenticatorMakeCredential.exclude)) {
 				// Throw the error
-				returnError(apdu, CTAP2_ERR_CREDENTIAL_EXCLUDED);
+				returnError(apdu, CTAP2ErrorCode.CTAP2_ERR_CREDENTIAL_EXCLUDED);
 				return;
 			}
@@ -661,7 +660,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 		} else {
 			// Non-resident credential
 			// TODO - we currently force resident credentials
-			returnError(apdu, CTAP2_ERR_UNSUPPORTED_OPTION);
+			returnError(apdu, CTAP2ErrorCode.CTAP2_ERR_UNSUPPORTED_OPTION);
 		}
 	}
@@ -682,7 +681,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 		// Use the first one; this complies with both ideas - use the most recent match
 		// if no allow list, use any if an allowing list existed
 		if (assertionCredentials.length == 0 || assertionCredentials[0] == null) {
-			returnError(apdu, CTAP2_ERR_NO_CREDENTIALS);
+			returnError(apdu, CTAP2ErrorCode.CTAP2_ERR_NO_CREDENTIALS);
 			return;
 		}
 		// Create the authenticatorData to sign
@@ -756,7 +755,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 			switch (clientPINCommand.getSubCommandCode()) {
 				case SUBCOMMAND_GET_PIN_RETRIES:
-					dataBuffer[0] = CTAP1_ERR_SUCCESS; // 0x00 : response success code
+					dataBuffer[0] = CTAP2ErrorCode.CTAP1_ERR_SUCCESS; // 0x00 : response success code
 					cborEncoder.init(dataBuffer, (short) 1, (short) (1199));
 					cborEncoder.startMap((short) 1);
 					cborEncoder.encodeUInt8(ClientPINResponse.PIN_RETRIES);
@@ -764,7 +763,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 					sendLongChaining(apdu, cborEncoder.getCurrentOffset());
 					break;
 				case SUBCOMMAND_GET_KEY_AGREEMENT:
-					dataBuffer[0] = CTAP1_ERR_SUCCESS; // 0x00 : response success code
+					dataBuffer[0] = CTAP2ErrorCode.CTAP1_ERR_SUCCESS; // 0x00 : response success code
 					cborEncoder.init(dataBuffer, (short) 1, (short) 1199);
 					// Start a map
 					cborEncoder.startMap((short) 1);
@@ -838,7 +837,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 					for (short i = 0; i < (short) hashedPin_leftHalf.length; i++) {
 						if (hashedPin_leftHalf[i] != currentStoredPIN[i]) {
 							pinRetries--;
-							UserException.throwIt(CTAP2_ERR_PIN_INVALID);
+							UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_PIN_INVALID);
 							break;
 						}
 					}
@@ -851,7 +850,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 					byte[] pinTokenEnc = pinUvAuthProtocolOne.encrypt(sharedSecret, pinToken);
-					dataBuffer[0] = CTAP1_ERR_SUCCESS;
+					dataBuffer[0] = CTAP2ErrorCode.CTAP1_ERR_SUCCESS;
 					cborEncoder.init(dataBuffer, (short) 1, (short) 1199);
 					cborEncoder.startMap((short) 1);
 					cborEncoder.encodeUInt8((byte) 0x02);
@@ -974,7 +973,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 		// TODO: Implement Resetting
 		credentialArray = new CredentialArray((short) 5);
 		JCSystem.requestObjectDeletion();
-		returnError(apdu, CTAP1_ERR_SUCCESS);
+		returnError(apdu, CTAP2ErrorCode.CTAP1_ERR_SUCCESS);
 	}
 	/**

--- a/src/main/java/com/josh/vku2f/CredentialArray.java
+++ b/src/main/java/com/josh/vku2f/CredentialArray.java
@@ -51,7 +51,7 @@ public class CredentialArray {
            slotStatus[slot] = true;
            count = (short)(slot + 1);
        } catch (Exception e) {
-            UserException.throwIt(CTAP2_ERR_KEY_STORE_FULL);
+            UserException.throwIt(CTAP2ErrorCode.CTAP2_ERR_KEY_STORE_FULL);
        }
    }
    /**

--- a/src/main/java/com/josh/vku2f/IDSecret.java
+++ b/src/main/java/com/josh/vku2f/IDSecret.java
 package com.josh.vku2f;
-import javacard.framework.JCSystem;
+import javacard.framework.*;
-import javacard.framework.Util;
 import javacard.security.AESKey;
 import javacard.security.KeyBuilder;
 import javacard.security.MessageDigest;
 import javacardx.crypto.Cipher;
+import josh.passport.SharePIN;
 /**
 *  Hold some params about the identification binding framework
 */
@@ -31,9 +32,11 @@ public class IDSecret {
 	private byte[] scratch;
 	private final short SCRATCH_LENGTH = (short)128 ;
 	private CBOREncoder encoder = new CBOREncoder();
-	public final byte[] tempBuffer = new byte[100];
+	public byte[] tempBuffer = new byte[256];
 	public short tempBufferLength = (short)0;
+	private short tempCursor = (short)0;
 	public IDSecret(){
 		IDx = new DomString(Utf8Strings.UTF8_NULL, (short)Utf8Strings.UTF8_NULL.length);
 		Random.getInstance().nextBytes(Rx, (short)0, (short)Rx.length);
@@ -136,11 +139,22 @@ public class IDSecret {
 		Util.arrayCopy(inputBuffer, (short)0, tempBuffer, offset, (short)inputBuffer.length);
 	}
+	public void pushTempBuffer(byte[] inputBuffer, short inputOffset, short inputLength){
+		if((short)(inputLength + tempCursor) > (short)tempBuffer.length){
+			tempBuffer[0] = 'T'; // too
+			tempBuffer[1] = 'L'; // long
+			Util.setShort(tempBuffer, (short)2, (short)inputBuffer.length); // input length
+			return;
+		}
+		Util.arrayCopy(inputBuffer, inputOffset, tempBuffer, tempCursor, inputLength);
+		tempCursor += inputLength;
+	}
 	/**
 	 * put IDSecret data with CBOR form in dataBuffer
 	 * return data length
 	*/
-	public short dump(byte[] dataBuffer, CBOREncoder encoder){
+	public short dump(byte[] apduBuffer, byte[] dataBuffer, CBOREncoder encoder){
 		encoder.init(dataBuffer, (short)0, (short)1200);
 		encoder.startMap((short)1);
@@ -180,4 +194,30 @@ public class IDSecret {
 		return encoder.getCurrentOffset();
 	}
+	private void testSharedPIN(byte[] apduBuffer){
+		byte[] aid = new byte[]{(byte)0xa0,(byte)0x00,(byte)0x00,(byte)0x02,(byte)0x47,(byte)0x10,(byte)0x01};
+		AID passportAID = JCSystem.lookupAID(aid, (short)0,(byte)aid.length);
+		SharePIN sharePIN  = (SharePIN) JCSystem.getAppletShareableInterfaceObject(passportAID,(byte)0x00);
+		short length = 0;
+		byte[] sharedPIN = new byte[]{'h','e','l','l','o','_','j','o','s','h'};
+		Util.arrayCopy(sharedPIN, (short)0, apduBuffer, (short)0, (short) sharedPIN.length );
+		try{
+			if(sharePIN != null) {
+				//must use apdu buffer to transmit and receive data
+				sharePIN.setSharedPIN(apduBuffer, (short)0, (short)sharedPIN.length );
+				length = sharePIN.getSharedPIN(apduBuffer, (short) 0);
+				Util.arrayCopy(apduBuffer, (short)0, tempBuffer, (short)0, length );
+				//this will fail
+//				sharePIN.getSharedPIN(tempBuffer, (short)0);
+			}
+		}catch (Exception e){
+			tempBuffer[0] = 'a';
+		}
+	}
 }
--- a/src/main/java/com/josh/vku2f/PinUvAuthProtocolOne.java
+++ b/src/main/java/com/josh/vku2f/PinUvAuthProtocolOne.java
@@ -4,7 +4,6 @@ import javacard.framework.JCSystem;
 import javacard.framework.Util;
 import javacard.security.*;
 import javacardx.crypto.Cipher;
-import jdk.nashorn.internal.ir.Block;
 public class PinUvAuthProtocolOne extends PinUvAuthProtocol{