clientPin_getRetries, clientPin_getKeyAgreement, clientPin_setPin

FidoReader/FidoReader.csproj

@@ -6,9 +6,11 @@
     <Nullable>enable</Nullable>
     <UseWindowsForms>true</UseWindowsForms>
     <ImplicitUsings>enable</ImplicitUsings>
+    <ApplicationManifest>app.manifest</ApplicationManifest>
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="BouncyCastle" Version="1.8.9" />
     <PackageReference Include="Dahomey.Cbor" Version="1.17.0" />
     <PackageReference Include="Jsbeautifier" Version="0.0.1" />
     <PackageReference Include="MySql.Data" Version="8.0.29" />

FidoReader/Form1.Designer.cs

@@ -47,6 +47,10 @@
             this.getCredentialCount = new System.Windows.Forms.Button();
             this.getFreeSpace = new System.Windows.Forms.Button();
             this.IDxBox = new System.Windows.Forms.TextBox();
+            this.ClientPIN_getRetries = new System.Windows.Forms.Button();
+            this.ClientPIN_getKeyAgreement = new System.Windows.Forms.Button();
+            this.pinBox = new System.Windows.Forms.TextBox();
+            this.SetPIN = new System.Windows.Forms.Button();
             this.tabControl1.SuspendLayout();
             this.tabPage1.SuspendLayout();
             this.tabPage2.SuspendLayout();
@@ -243,11 +247,53 @@
             this.IDxBox.Size = new System.Drawing.Size(119, 23);
             this.IDxBox.TabIndex = 16;
             // 
+            // ClientPIN_getRetries
+            // 
+            this.ClientPIN_getRetries.Location = new System.Drawing.Point(1004, 58);
+            this.ClientPIN_getRetries.Name = "ClientPIN_getRetries";
+            this.ClientPIN_getRetries.Size = new System.Drawing.Size(181, 23);
+            this.ClientPIN_getRetries.TabIndex = 17;
+            this.ClientPIN_getRetries.Text = "ClientPIN_getRetries";
+            this.ClientPIN_getRetries.UseVisualStyleBackColor = true;
+            this.ClientPIN_getRetries.Click += new System.EventHandler(this.ClientPIN_getRetries_Click);
+            // 
+            // ClientPIN_getKeyAgreement
+            // 
+            this.ClientPIN_getKeyAgreement.Location = new System.Drawing.Point(1004, 87);
+            this.ClientPIN_getKeyAgreement.Name = "ClientPIN_getKeyAgreement";
+            this.ClientPIN_getKeyAgreement.Size = new System.Drawing.Size(181, 23);
+            this.ClientPIN_getKeyAgreement.TabIndex = 18;
+            this.ClientPIN_getKeyAgreement.Text = "ClientPIN_getKeyAgreement";
+            this.ClientPIN_getKeyAgreement.UseVisualStyleBackColor = true;
+            this.ClientPIN_getKeyAgreement.Click += new System.EventHandler(this.ClientPIN_getKeyAgreement_Click);
+            // 
+            // pinBox
+            // 
+            this.pinBox.Location = new System.Drawing.Point(1004, 116);
+            this.pinBox.Name = "pinBox";
+            this.pinBox.PlaceholderText = "PIN";
+            this.pinBox.Size = new System.Drawing.Size(119, 23);
+            this.pinBox.TabIndex = 19;
+            // 
+            // SetPIN
+            // 
+            this.SetPIN.Location = new System.Drawing.Point(1004, 145);
+            this.SetPIN.Name = "SetPIN";
+            this.SetPIN.Size = new System.Drawing.Size(181, 23);
+            this.SetPIN.TabIndex = 20;
+            this.SetPIN.Text = "ClientPIN_SetPIN";
+            this.SetPIN.UseVisualStyleBackColor = true;
+            this.SetPIN.Click += new System.EventHandler(this.SetPIN_Click);
+            // 
             // Form1
             // 
             this.AutoScaleDimensions = new System.Drawing.SizeF(7F, 15F);
             this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
-            this.ClientSize = new System.Drawing.Size(1008, 729);
+            this.ClientSize = new System.Drawing.Size(1211, 729);
+            this.Controls.Add(this.SetPIN);
+            this.Controls.Add(this.pinBox);
+            this.Controls.Add(this.ClientPIN_getKeyAgreement);
+            this.Controls.Add(this.ClientPIN_getRetries);
             this.Controls.Add(this.IDxBox);
             this.Controls.Add(this.getFreeSpace);
             this.Controls.Add(this.getCredentialCount);
@@ -296,5 +342,9 @@
         private Button getCredentialCount;
         private Button getFreeSpace;
         private TextBox IDxBox;
+        private Button ClientPIN_getRetries;
+        private Button ClientPIN_getKeyAgreement;
+        private TextBox pinBox;
+        private Button SetPIN;
     }
 }
\ No newline at end of file

FidoReader/Form1.cs

@@ -10,6 +10,15 @@ using System.Formats.Cbor;
 using MySql.Data.MySqlClient;
 using System.Data;
 using System.Text;
+using Org.BouncyCastle.Math.EC;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Asn1.Sec;
+using Org.BouncyCastle.Asn1.X9;
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Math;
+using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Utilities.Encoders;
+using Org.BouncyCastle.Asn1.Nist;
 
 namespace FidoReader
 {
@@ -24,11 +33,11 @@ namespace FidoReader
 		public Form1()
 		{
 			InitializeComponent();
-			pcscContext = ContextFactory.Instance.Establish(SCardScope.User);
-			readers = pcscContext.GetReaders();
-			pcscReader = new IsoReader(context: pcscContext,readerName: readers[0],mode: SCardShareMode.Shared,protocol: SCardProtocol.Any);
-			dumpReaders(readers);	
-		}
+            pcscContext = ContextFactory.Instance.Establish(SCardScope.User);
+            readers = pcscContext.GetReaders();
+            pcscReader = new IsoReader(context: pcscContext, readerName: readers[0], mode: SCardShareMode.Shared, protocol: SCardProtocol.Any);
+            dumpReaders(readers);
+        }
 
 		private void dumpReaders(string[] readers) {
 			foreach (var item in readers) {
@@ -96,8 +105,8 @@ namespace FidoReader
 				P1P2 = 0x0000,
 				Data = new byte[] { 0x04 }
 			};
-			Response  responseCommand = executecCommand(getInfoCommnad);
-
+			
+			executecCommand(getInfoCommnad);
 		}
 
 		private void getAttestationPublicKey_Click(object sender, EventArgs e) {
@@ -113,7 +122,7 @@ namespace FidoReader
 
         private void dumpIDSecret_Click(object sender, EventArgs e) {
 			selectFIDOApplet_Click(sender, e);
-			var dumpIDSecretCommand = new CommandApdu(IsoCase.Case4Short, pcscReader.ActiveProtocol) {
+			var dumpIDSecretCommand = new CommandApdu(IsoCase.Case4Extended, pcscReader.ActiveProtocol) {
 				CLA = 0x80,
 				INS = 0x10,
 				P1P2 = 0x0000,
@@ -124,19 +133,51 @@ namespace FidoReader
 			if (data == null)
 				return;
 			CborReader cborReader = new CborReader(data);
-			int? length = cborReader.ReadStartArray();
-			string IDx = cborReader.ReadTextString();
-			byte[] Rx = cborReader.ReadByteString();
-			byte[] Rp = cborReader.ReadByteString();
-			byte[] RxRp = cborReader.ReadByteString();
-			byte[] PuKp = cborReader.ReadByteString();
-			byte[] sharedSecrect = cborReader.ReadByteString();
-			byte[] aesRawKey = cborReader.ReadByteString();
-			byte[] Cx = cborReader.ReadByteString();
-			byte[] encryptedCx = cborReader.ReadByteString();
-			this.Cx = Cx;
-			Debug.WriteLine(BitConverter.ToString(PuKp));
-			Debug.WriteLine(BitConverter.ToString(sharedSecrect));
+			int? length = cborReader.ReadStartMap();
+			while (length > 0) {
+				switch (cborReader.ReadTextString()) {
+					case "Cx":
+						this.Cx = cborReader.ReadByteString();
+						break;
+					case "PuKp":
+						byte[] PuKp = cborReader.ReadByteString();
+						Debug.WriteLine(BitConverter.ToString(PuKp));
+						break;
+					case "sharedSecret":
+						byte[] sharedSecret = cborReader.ReadByteString();
+						Debug.WriteLine(BitConverter.ToString(sharedSecret));
+						break;
+					case "TEMP":
+						Debug.WriteLine("TEMP : "+BitConverter.ToString(cborReader.ReadByteString()).Replace("-",""));
+						break;
+					default:
+						break;
+				}
+				length--;
+			}
+
+			//cborReader.ReadTextString(); // key
+			//string IDx = cborReader.ReadTextString();
+			//cborReader.ReadTextString(); // key
+			//byte[] Rx = cborReader.ReadByteString();
+			//cborReader.ReadTextString(); // key
+			//byte[] Rp = cborReader.ReadByteString();
+			//cborReader.ReadTextString(); // key
+			//byte[] RxRp = cborReader.ReadByteString();
+			//cborReader.ReadTextString(); // key
+			//byte[] PuKp = cborReader.ReadByteString();
+			//cborReader.ReadTextString(); // key
+			//byte[] sharedSecrect = cborReader.ReadByteString();
+			//cborReader.ReadTextString(); // key
+			//byte[] aesRawKey = cborReader.ReadByteString();
+			//cborReader.ReadTextString(); // key
+			//byte[] Cx = cborReader.ReadByteString();
+			//cborReader.ReadTextString(); // key
+			//byte[] encryptedCx = cborReader.ReadByteString();
+
+			//this.Cx = Cx;
+			//Debug.WriteLine(BitConverter.ToString(PuKp));
+			//Debug.WriteLine(BitConverter.ToString(sharedSecrect));
 		}
 
         private void getPuKxRx_Click(object sender, EventArgs e) {
@@ -162,7 +203,8 @@ namespace FidoReader
 				MessageBox.Show("IDx not set");
 				return;
 			}
-			string connectString = "server=127.0.0.1;port=3306;user id=IDP;password=idppasswd;database=idp;charset=utf8;";
+            #region mysql connecting
+            string connectString = "server=127.0.0.1;port=3306;user id=IDP;password=idppasswd;database=idp;charset=utf8;";
 			MySqlConnection mySqlConnection = new MySqlConnection(connectString);
 			if (mySqlConnection.State != ConnectionState.Open) {
                 try {
@@ -173,15 +215,16 @@ namespace FidoReader
 					return;
                 }
 			}
+            #endregion
 
-			selectFIDOApplet_Click(sender, e);
+            selectFIDOApplet_Click(sender, e);
 
 			string IDx = IDxBox.Text;
 
 			ECDiffieHellmanCng ECDH = new ECDiffieHellmanCng();
 			ECDH.HashAlgorithm = CngAlgorithm.Sha1;
 			ECDH.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
-			ECDH.GenerateKey(ECCurve.NamedCurves.nistP256);// also named secp256r1
+			ECDH.GenerateKey(System.Security.Cryptography.ECCurve.NamedCurves.nistP256);// also named secp256r1
 			byte[] publicKey = ECDH.PublicKey.ToByteArray();
 			byte[] privateKey = ECDH.ExportECPrivateKey();
 			
@@ -190,7 +233,8 @@ namespace FidoReader
 			Debug.WriteLine(BitConverter.ToString(publicKey));
 			Debug.WriteLine(BitConverter.ToString(privateKey));
 
-			CborWriter cborWriter = new CborWriter();
+            #region construct cbor command
+            CborWriter cborWriter = new CborWriter();
 			cborWriter.WriteStartArray(2);
 			cborWriter.WriteTextString(IDx);
 			cborWriter.WriteByteString(publicKey);
@@ -207,6 +251,7 @@ namespace FidoReader
 				P1P2 = 0x0000,
 				Data = data
 			};
+            #endregion
 
             Response commandResponse = executecCommand(getPuKxCxCommand);
 
@@ -214,7 +259,9 @@ namespace FidoReader
 			if (data == null) {
 				return;
 			}
-			CborReader cborReader = new CborReader(data);
+
+            #region extract public key x and Cx
+            CborReader cborReader = new CborReader(data);
 			cborReader.ReadStartArray();
 			// magic||length(in little endian)
 			byte[] keyHeader = new byte[]{ 0x45,0x43,0x4B,0x31,0x20,0x00,0x00,0x00};
@@ -225,8 +272,9 @@ namespace FidoReader
 			Array.Copy(temp, 1, PuKx, keyHeader.Length, temp.Length-1);
 
 			byte[] encryptedCx = cborReader.ReadByteString();
+            #endregion
 
-			CngKey cngKey = CngKey.Import(PuKx, CngKeyBlobFormat.EccPublicBlob);
+            CngKey cngKey = CngKey.Import(PuKx, CngKeyBlobFormat.EccPublicBlob);
 			byte[] eccFullpublicblob = cngKey.Export(CngKeyBlobFormat.EccPublicBlob);
 
 			paramBox.Text += "PuKx : " + BitConverter.ToString(eccFullpublicblob) + "\r\n";
@@ -265,13 +313,18 @@ namespace FidoReader
 			byte[] hmac = aes.EncryptCbc(hashedIDxAndCx, IV, PaddingMode.None);
 			paramBox.Text += "hmac : " + BitConverter.ToString(hmac) + "\r\n";
 
-			try {
+			String hmacBase64 = Convert.ToBase64String(hmac);
+
+            #region insert identity
+
+            try {
 				MySqlCommand insertNewIdentity = new MySqlCommand();
 				insertNewIdentity.Connection = mySqlConnection;
-				insertNewIdentity.CommandText = "INSERT INTO identities VALUES(default, @idx, @hmac, @cx, @hashedSharedSecrect,  @pukx, @pukp, @prkp )";
+				insertNewIdentity.CommandText = "INSERT INTO identities VALUES(default, @idx, @hmac, @hmacbase64, @cx, @hashedSharedSecrect,  @pukx, @pukp, @prkp )";
 				insertNewIdentity.CommandType = CommandType.Text;
 				insertNewIdentity.Parameters.Add("@idx", MySqlDbType.VarChar).Value = IDxBox.Text;
 				insertNewIdentity.Parameters.Add("@hmac", MySqlDbType.VarBinary).Value = hmac;
+				insertNewIdentity.Parameters.Add("@hmacbase64", MySqlDbType.VarChar).Value = hmacBase64; // for web api transmission
 				insertNewIdentity.Parameters.Add("@cx", MySqlDbType.VarBinary).Value = decryptedCx;
 				insertNewIdentity.Parameters.Add("@hashedSharedSecrect", MySqlDbType.VarBinary).Value = hashedSharedSecrect;
 				insertNewIdentity.Parameters.Add("@pukx", MySqlDbType.VarBinary).Value = PuKx;
@@ -285,13 +338,16 @@ namespace FidoReader
 				if (mySqlConnection.State != ConnectionState.Closed)
 					mySqlConnection.Close();
 			}
-		}
+            #endregion
+        }
 
         protected override void OnFormClosing(FormClosingEventArgs e) {
             base.OnFormClosing(e);
 			Debug.WriteLine("Form Closing");
-			pcscContext.Dispose();
-			pcscReader.Dispose();
+			if(pcscContext != null)
+				pcscContext.Dispose();
+			if(pcscReader != null)
+				pcscReader.Dispose();
         }
 
         private void getFreeSpace_Click(object sender, EventArgs e) {
@@ -324,5 +380,331 @@ namespace FidoReader
 			};
 			executecCommand(command);
 		}
+
+        private void ClientPIN_getRetries_Click(object sender, EventArgs e) {
+			selectFIDOApplet_Click(sender, e);
+
+			CborWriter cborWriter = new CborWriter();
+			cborWriter.WriteStartMap(2);
+			// key : 0x01 : pinUvAuthProtocol
+			cborWriter.WriteUInt32(1);
+			// value : 0x01 : pinUvAuthProtocol 1
+			cborWriter.WriteUInt32(1);
+			// key : 0x02 : subCommand
+			cborWriter.WriteUInt32(2);
+			// value : 0x01 : getPinRetries
+			cborWriter.WriteUInt32(1);
+			cborWriter.WriteEndMap();
+			byte[] commandCbor = cborWriter.Encode();
+			byte[] commandData = new byte[commandCbor.Length + 1];
+			commandData[0] = 0x06;
+			Array.Copy(commandCbor, 0, commandData, 1, commandCbor.Length);
+			Debug.WriteLine(BitConverter.ToString(commandData).Replace("-", " "));
+
+            var command = new CommandApdu(IsoCase.Case4Short, pcscReader.ActiveProtocol) {
+                CLA = 0x80,
+                INS = 0x10,
+                P1P2 = 0x0000,
+                Data = commandData
+            };
+
+			executecCommand(command);
+        }
+
+        private void ClientPIN_getKeyAgreement_Click(object sender, EventArgs e) {
+			selectFIDOApplet_Click(sender, e);
+			getKeyagreement_wrapping();
+		}
+
+		private CngKey getKeyagreement_wrapping() {
+
+			CborWriter cborWriter = new CborWriter();
+			cborWriter.WriteStartMap(2);
+			// key : 0x01 : pinUvAuthProtocol
+			cborWriter.WriteUInt32(1);
+			// value : 0x01 : pinUvAuthProtocol 1
+			cborWriter.WriteUInt32(1);
+			// key : 0x02 : subCommand
+			cborWriter.WriteUInt32(2);
+			// value : 0x02 : getKeyAgreement
+			cborWriter.WriteUInt32(2);
+			cborWriter.WriteEndMap();
+			byte[] commandCbor = cborWriter.Encode();
+			byte[] commandData = new byte[commandCbor.Length + 1];
+			commandData[0] = 0x06;
+			Array.Copy(commandCbor, 0, commandData, 1, commandCbor.Length);
+			Debug.WriteLine("get key agreement command data : "+BitConverter.ToString(commandData).Replace("-", ""));
+
+			var command = new CommandApdu(IsoCase.Case4Short, pcscReader.ActiveProtocol) {
+				CLA = 0x80,
+				INS = 0x10,
+				P1P2 = 0x0000,
+				Data = commandData
+			};
+
+			Response commandResponse = executecCommand(command);
+
+			byte[] data = commandResponse.GetData();
+			byte[] cborData = new byte[data.Length - 1];
+			Array.Copy(data, 1, cborData, 0, cborData.Length);
+
+			CborReader cborReader = new CborReader(cborData);
+			cborReader.ReadStartMap();
+			cborReader.ReadUInt32();
+			cborReader.ReadStartMap();
+
+			cborReader.ReadUInt32();
+			cborReader.ReadUInt32();
+
+			cborReader.ReadUInt32();
+			cborReader.ReadInt32();
+
+			cborReader.ReadInt32();
+			cborReader.ReadUInt32();
+
+			cborReader.ReadInt32();
+			byte[] x = cborReader.ReadByteString();
+
+			cborReader.ReadInt32();
+			byte[] y = cborReader.ReadByteString();
+
+			Debug.WriteLine("x.Length + y.Length : " + (x.Length + y.Length));
+
+
+			// magic||length(in little endian)
+			byte[] keyHeader = new byte[] { 0x45, 0x43, 0x4B, 0x31, 0x20, 0x00, 0x00, 0x00 };
+			byte[] keyByteString = new byte[keyHeader.Length + x.Length + y.Length];
+			Array.Copy(keyHeader, 0, keyByteString, 0, keyHeader.Length);
+			Array.Copy(x, 0, keyByteString, keyHeader.Length, x.Length);
+			Array.Copy(y, 0, keyByteString, keyHeader.Length + x.Length, y.Length);
+
+			Debug.WriteLine(BitConverter.ToString(keyByteString).Replace('-', ' ')) ;
+
+			CngKey cngKey = CngKey.Import(keyByteString, CngKeyBlobFormat.EccPublicBlob);
+
+			return cngKey;
+		}
+
+        private void SetPIN_Click(object sender, EventArgs e) {
+			if (pinBox.Text == "") {
+				MessageBox.Show("pinBox is empty");
+				return;
+			}
+			if (pinBox.Text.Length > 63) {
+				MessageBox.Show("PIN length is too long");
+				return;
+			}
+			if (pinBox.Text.Length < 4) {
+				MessageBox.Show("PIN length is too short");
+				return;
+			}
+
+            selectFIDOApplet_Click(sender, e);
+
+            #region get sharedKey
+
+            byte[] pinByteString = Encoding.UTF8.GetBytes(pinBox.Text);
+			byte[] paddedPinByteString= new byte[64];
+			Array.Fill<byte>(paddedPinByteString, 0x00);
+			Array.Copy(pinByteString, 0, paddedPinByteString, 0, pinByteString.Length);
+			Debug.WriteLine("padded pin byte string : " + BitConverter.ToString(paddedPinByteString));
+
+			ECDiffieHellmanCng ECDH = new ECDiffieHellmanCng();
+			ECDH.HashAlgorithm = CngAlgorithm.Sha256;
+			ECDH.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
+			ECDH.GenerateKey(System.Security.Cryptography.ECCurve.NamedCurves.nistP256);
+
+			CngKey peerKey = getKeyagreement_wrapping();
+
+			#region bouncy castle testing
+			//bouncyCastleTesting();
+            #endregion
+
+            byte[] sharedKey = ECDH.DeriveKeyMaterial(peerKey);
+
+			Debug.WriteLine("Client PIN : sharedKey from pc : "+BitConverter.ToString(sharedKey).Replace("-",""));
+			#endregion
+
+			byte[] selfPublicKey = ECDH.PublicKey.ToByteArray();
+			Debug.WriteLine("self public key : " + BitConverter.ToString(selfPublicKey).Replace("-",""));
+
+			byte[] x = new byte[32];
+			byte[] y = new byte[32];
+
+			Array.Copy(selfPublicKey, 8, x, 0, x.Length);
+			Array.Copy(selfPublicKey, 8+x.Length, y, 0, y.Length);
+			Debug.WriteLine("self x : " + BitConverter.ToString(x).Replace("-", ""));
+			Debug.WriteLine("self y : " + BitConverter.ToString(y).Replace("-", ""));
+
+
+            #region encrypt the padded pin byte string
+
+            byte[] newPinEnc = new byte[64];
+
+			// make AES cipher
+			byte[] IV = new byte[16];
+			Array.Fill(IV, (byte)0);
+			AesCng aes = new AesCng();
+			aes.KeySize = 256;
+			aes.Key = sharedKey;
+			aes.BlockSize = 128;
+			aes.Mode = CipherMode.CBC;
+			aes.Padding = PaddingMode.None;
+			aes.IV = IV;
+
+			newPinEnc =  aes.EncryptCbc(paddedPinByteString, IV, PaddingMode.None);
+
+			Debug.WriteLine("newPinEnc from pc : " + BitConverter.ToString(newPinEnc).Replace("-", "")) ;
+
+			#endregion
+
+			byte[] commandCbor = clientPin_SetPin_cbor_generator(x, y, new byte[] { }, newPinEnc);
+
+            byte[] commandData = new byte[commandCbor.Length + 1];
+            commandData[0] = 0x06;
+            Array.Copy(commandCbor, 0, commandData, 1, commandCbor.Length);
+            Debug.WriteLine("command Data : " + BitConverter.ToString(commandData).Replace("-",""));
+
+            var command = new CommandApdu(IsoCase.Case4Short, pcscReader.ActiveProtocol) {
+                CLA = 0x80,
+                INS = 0x10,
+                P1P2 = 0x0000,
+                Data = commandData
+            };
+
+            executecCommand(command);
+
+        }
+
+		private byte[] GetKeyAgreementBC(X9ECParameters ecParams, System.Security.Cryptography.ECPoint publicKey, byte[] privateKey) {
+			ECDomainParameters eCDomainParameters = new ECDomainParameters(ecParams.Curve, ecParams.G, ecParams.N);
+			Org.BouncyCastle.Math.EC.ECCurve curve = eCDomainParameters.Curve;
+
+			Org.BouncyCastle.Math.EC.ECPoint pubKey = curve.CreatePoint(new BigInteger(1, publicKey.X), new BigInteger(1, publicKey.Y));
+			BigInteger privKey = new BigInteger(1, privateKey);
+
+			ECPublicKeyParameters ecPubKeyParams = new ECPublicKeyParameters("ECDH", pubKey, SecObjectIdentifiers.SecP256r1);
+			ECPrivateKeyParameters ecPrivKeyParams = new ECPrivateKeyParameters(privKey, eCDomainParameters);
+
+			IBasicAgreement basicAgreement = AgreementUtilities.GetBasicAgreement("ECDH");
+			basicAgreement.Init(ecPrivKeyParams);
+			byte[] keyAgreement = basicAgreement.CalculateAgreement(ecPubKeyParams).ToByteArrayUnsigned();
+			return keyAgreement;
+		}
+
+		private byte[] GetKeyAgreementExplicit(X9ECParameters ecParams, System.Security.Cryptography.ECPoint publicKey, byte[] privateKey) {
+			ECDomainParameters eCDomainParameters = new ECDomainParameters(ecParams.Curve, ecParams.G, ecParams.N);
+			Org.BouncyCastle.Math.EC.ECCurve curve = eCDomainParameters.Curve;
+
+			Org.BouncyCastle.Math.EC.ECPoint pubKey = curve.CreatePoint(new BigInteger(1, publicKey.X), new BigInteger(1, publicKey.Y));
+			BigInteger privKey = new BigInteger(1, privateKey);
+
+			Org.BouncyCastle.Math.EC.ECPoint keyAgreementECPoint = pubKey.Multiply(privKey).Normalize();
+
+			// get the x-coordernate to be key agreement
+			byte[] keyAgreement = keyAgreementECPoint.XCoord.ToBigInteger().ToByteArrayUnsigned();
+			return keyAgreement;
+		}
+
+		private void bouncyCastleTesting() {
+
+			
+            using (var ecdhAlice = new ECDiffieHellmanCng())
+			using (var ecdhBob = new ECDiffieHellmanCng()) {
+				// Generate Alice's private and public key
+				ecdhAlice.HashAlgorithm = CngAlgorithm.Sha256;
+				ecdhAlice.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
+				ecdhAlice.GenerateKey(System.Security.Cryptography.ECCurve.NamedCurves.nistP256);
+				byte[] privateKeyAlice = ecdhAlice.ExportParameters(true).D;
+				System.Security.Cryptography.ECPoint publicKeyAlice = ecdhAlice.ExportParameters(false).Q;
+
+				// Generate Bob's private and public key
+				ecdhBob.HashAlgorithm = CngAlgorithm.Sha256;
+				ecdhBob.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
+				ecdhBob.GenerateKey(System.Security.Cryptography.ECCurve.NamedCurves.nistP256);
+				byte[] privateKeyBob = ecdhBob.ExportParameters(true).D;
+				System.Security.Cryptography.ECPoint publicKeyBob = ecdhBob.ExportParameters(false).Q;
+
+				// Alice's key agreement
+				byte[] keyAgreementAlice = GetKeyAgreementBC(NistNamedCurves.GetByName("P-256"), publicKeyBob, privateKeyAlice);
+				byte[] keyAgreementSHA256Alice = SHA256.Create().ComputeHash(keyAgreementAlice);
+				byte[] keyAgreementCngAlice = ecdhAlice.DeriveKeyMaterial(ecdhBob.PublicKey);
+				Debug.WriteLine("Alice's raw key agreement (BC):        " + Hex.ToHexString(keyAgreementAlice));
+				Debug.WriteLine("Alice's hashed key agreement (BC):     " + Hex.ToHexString(keyAgreementSHA256Alice));
+				Debug.WriteLine("Alice's key agreement (.NET):          " + Hex.ToHexString(keyAgreementCngAlice));
+				Debug.WriteLine("");
+
+				// Bob's key agreement
+				byte[] keyAgreementBob = GetKeyAgreementExplicit(NistNamedCurves.GetByName("P-256"), publicKeyAlice, privateKeyBob);
+				byte[] keyAgreementSHA256Bob = SHA256.Create().ComputeHash(keyAgreementBob);
+				byte[] keyAgreementCngBob = ecdhBob.DeriveKeyMaterial(ecdhAlice.PublicKey);
+				Debug.WriteLine("Bob's raw key agreement (explicit):    " + Hex.ToHexString(keyAgreementBob));
+				Debug.WriteLine("Bob's hashed key agreement (explicit): " + Hex.ToHexString(keyAgreementSHA256Bob));
+				Debug.WriteLine("Bob's key agreement (.NET):            " + Hex.ToHexString(keyAgreementCngBob));
+				Debug.WriteLine("");
+			}
+			
+		}
+
+		private byte[] clientPin_SetPin_cbor_generator(byte[] x, byte[] y, byte[] authParam, byte[] newPinEnc) {
+			CborWriter cborWriter = new CborWriter();
+			cborWriter.WriteStartMap(5);
+			// key : 0x01 : pinUvAuthProtocol
+			cborWriter.WriteUInt32(1);
+			// value : 0x01 : pinUvAuthProtocol One
+			cborWriter.WriteUInt32(1);
+
+			// key : 0x02 : subCommand
+			cborWriter.WriteUInt32(2);
+			// value : 0x03 : setPIN
+			cborWriter.WriteUInt32(3);
+
+			// key : 0x03 : COSE Key
+			cborWriter.WriteUInt32(3);
+			// value : map : COSE Key
+			cborWriter.WriteStartMap(5);
+			#region cose key
+			// key : 0x01 : kty
+			cborWriter.WriteUInt32(1);
+			// value : 0x02 : EC2
+			cborWriter.WriteUInt32(2);
+
+			// key : 0x03 : alg
+			cborWriter.WriteInt32(3);
+			// value : -7 : ES256
+			// value : -25 : ECDH-ES + HKDF-256
+			cborWriter.WriteInt32(-25);
+
+			// key : -1 : crv
+			cborWriter.WriteInt32(-1);
+			// value : 0x01 : 
+			cborWriter.WriteInt32(1);
+
+			// key : -2 : x-coordinate
+			cborWriter.WriteInt32(-2);
+			// value : byteStirng
+			cborWriter.WriteByteString(x);
+
+			// key : -3 : y-coordinate
+			cborWriter.WriteInt32(-3);
+			// value : byteString
+			cborWriter.WriteByteString(y);
+
+			#endregion
+			cborWriter.WriteEndMap();
+
+			// key : 0x04 : pinUvAuthParam
+			cborWriter.WriteUInt32(4);
+			// value : byteString
+			cborWriter.WriteByteString(authParam);
+
+			// key : 0x05 : newPinEnc
+			cborWriter.WriteUInt32(5);
+			cborWriter.WriteByteString(newPinEnc);
+
+			cborWriter.WriteEndMap();
+
+			return cborWriter.Encode();
+		}
     }
 }
\ No newline at end of file

FidoReader/app.manifest

+<?xml version="1.0" encoding="utf-8"?>
+<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
+  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
+  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
+    <security>
+      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
+        <!-- UAC Manifest Options
+             If you want to change the Windows User Account Control level replace the 
+             requestedExecutionLevel node with one of the following.
+
+        <requestedExecutionLevel  level="asInvoker" uiAccess="false" />
+        <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />
+        <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />
+
+            Specifying requestedExecutionLevel element will disable file and registry virtualization. 
+            Remove this element if your application requires this virtualization for backwards
+            compatibility.
+        -->
+        <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
+      </requestedPrivileges>
+    </security>
+  </trustInfo>
+
+  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
+    <application>
+      <!-- A list of the Windows versions that this application has been tested on
+           and is designed to work with. Uncomment the appropriate elements
+           and Windows will automatically select the most compatible environment. -->
+
+      <!-- Windows Vista -->
+      <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
+
+      <!-- Windows 7 -->
+      <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
+
+      <!-- Windows 8 -->
+      <!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
+
+      <!-- Windows 8.1 -->
+      <!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
+
+      <!-- Windows 10 -->
+      <!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
+
+    </application>
+  </compatibility>
+
+  <!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
+       DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need 
+       to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should 
+       also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. 
+       
+       Makes the application long-path aware. See https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation -->
+  <!--
+  <application xmlns="urn:schemas-microsoft-com:asm.v3">
+    <windowsSettings>
+      <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
+      <longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
+    </windowsSettings>
+  </application>
+  -->
+
+  <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
+  <!--
+  <dependency>
+    <dependentAssembly>
+      <assemblyIdentity
+          type="win32"
+          name="Microsoft.Windows.Common-Controls"
+          version="6.0.0.0"
+          processorArchitecture="*"
+          publicKeyToken="6595b64144ccf1df"
+          language="*"
+        />
+    </dependentAssembly>
+  </dependency>
+  -->
+
+</assembly>

FidoReader/bin/Debug/net6.0-windows/FidoReader.deps.json

@@ -8,6 +8,7 @@
     ".NETCoreApp,Version=v6.0": {
       "FidoReader/1.0.0": {
         "dependencies": {
+          "BouncyCastle": "1.8.9",
           "Dahomey.Cbor": "1.17.0",
           "Jsbeautifier": "0.0.1",
           "MySql.Data": "8.0.29",
@@ -23,14 +24,15 @@
           "FidoReader.dll": {}
         }
       },
-      "BouncyCastle.NetCore/1.8.5": {
+      "BouncyCastle/1.8.9": {
         "runtime": {
-          "lib/netstandard2.0/BouncyCastle.Crypto.dll": {
-            "assemblyVersion": "1.8.5.0",
-            "fileVersion": "1.8.19031.1"
+          "lib/BouncyCastle.Crypto.dll": {
+            "assemblyVersion": "1.8.9.0",
+            "fileVersion": "1.8.20343.1"
           }
         }
       },
+      "BouncyCastle.NetCore/1.8.5": {},
       "Dahomey.Cbor/1.17.0": {
         "dependencies": {
           "System.IO.Pipelines": "6.0.1"
@@ -380,6 +382,13 @@
       "serviceable": false,
       "sha512": ""
     },
+    "BouncyCastle/1.8.9": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-axnBgvdD5n+FnEG6efk/tfKuMFru7R/EoISH9zjh319yb3HD24TEHSAbNN/lTRT2ulOGRxDgOsCjkuk08iwWPg==",
+      "path": "bouncycastle/1.8.9",
+      "hashPath": "bouncycastle.1.8.9.nupkg.sha512"
+    },
     "BouncyCastle.NetCore/1.8.5": {
       "type": "package",
       "serviceable": true,

FidoReader/obj/Debug/net6.0-windows/FidoReader.AssemblyInfo.cs

 //------------------------------------------------------------------------------
 // <auto-generated>
-//     這段程式碼是由工具產生的。
-//     執行階段版本:4.0.30319.42000
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.42000
 //
-//     對這個檔案所做的變更可能會造成錯誤的行為，而且如果重新產生程式碼，
-//     變更將會遺失。
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
 // </auto-generated>
 //------------------------------------------------------------------------------
 
@@ -21,5 +21,5 @@ using System.Reflection;
 [assembly: System.Runtime.Versioning.TargetPlatformAttribute("Windows7.0")]
 [assembly: System.Runtime.Versioning.SupportedOSPlatformAttribute("Windows7.0")]
 
-// 由 MSBuild WriteCodeFragment 類別產生。
+// Generated by the MSBuild WriteCodeFragment class.
 

FidoReader/obj/Debug/net6.0-windows/FidoReader.GeneratedMSBuildEditorConfig.editorconfig

 is_global = true
-build_property.ApplicationManifest = 
+build_property.ApplicationManifest = app.manifest
 build_property.StartupObject = 
 build_property.ApplicationDefaultFont = 
 build_property.ApplicationHighDpiMode = 

FidoReader/obj/Debug/net6.0-windows/FidoReader.csproj.CoreCompileInputs.cache

-e415487a358ca4b07c65676047fc477a837a2904
+70c01be08d1fd5a0b16f4475ace7aca575aea393

FidoReader/obj/Debug/net6.0-windows/FidoReader.designer.deps.json

@@ -6,6 +6,14 @@
   "compilationOptions": {},
   "targets": {
     ".NETCoreApp,Version=v6.0": {
+      "BouncyCastle/1.8.9": {
+        "runtime": {
+          "lib/BouncyCastle.Crypto.dll": {
+            "assemblyVersion": "1.8.9.0",
+            "fileVersion": "1.8.20343.1"
+          }
+        }
+      },
       "BouncyCastle.NetCore/1.8.5": {
         "runtime": {
           "lib/netstandard2.0/BouncyCastle.Crypto.dll": {
@@ -518,6 +526,13 @@
     }
   },
   "libraries": {
+    "BouncyCastle/1.8.9": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-axnBgvdD5n+FnEG6efk/tfKuMFru7R/EoISH9zjh319yb3HD24TEHSAbNN/lTRT2ulOGRxDgOsCjkuk08iwWPg==",
+      "path": "bouncycastle/1.8.9",
+      "hashPath": "bouncycastle.1.8.9.nupkg.sha512"
+    },
     "BouncyCastle.NetCore/1.8.5": {
       "type": "package",
       "serviceable": true,

FidoReader/obj/FidoReader.csproj.nuget.dgspec.json

@@ -44,6 +44,10 @@
         "net6.0-windows7.0": {
           "targetAlias": "net6.0-windows",
           "dependencies": {
+            "BouncyCastle": {
+              "target": "Package",
+              "version": "[1.8.9, )"
+            },
             "Dahomey.Cbor": {
               "target": "Package",
               "version": "[1.17.0, )"

FidoReader/obj/project.assets.json

@@ -2,6 +2,15 @@
   "version": 3,
   "targets": {
     "net6.0-windows7.0": {
+      "BouncyCastle/1.8.9": {
+        "type": "package",
+        "compile": {
+          "lib/BouncyCastle.Crypto.dll": {}
+        },
+        "runtime": {
+          "lib/BouncyCastle.Crypto.dll": {}
+        }
+      },
       "BouncyCastle.NetCore/1.8.5": {
         "type": "package",
         "compile": {
@@ -568,6 +577,19 @@
     }
   },
   "libraries": {
+    "BouncyCastle/1.8.9": {
+      "sha512": "axnBgvdD5n+FnEG6efk/tfKuMFru7R/EoISH9zjh319yb3HD24TEHSAbNN/lTRT2ulOGRxDgOsCjkuk08iwWPg==",
+      "type": "package",
+      "path": "bouncycastle/1.8.9",
+      "files": [
+        ".nupkg.metadata",
+        ".signature.p7s",
+        "README.md",
+        "bouncycastle.1.8.9.nupkg.sha512",
+        "bouncycastle.nuspec",
+        "lib/BouncyCastle.Crypto.dll"
+      ]
+    },
     "BouncyCastle.NetCore/1.8.5": {
       "sha512": "6uxsQw2UXrt82VQAWC2td3oBSJjUZ3P4u4DliagB8wf67KsU53V8sW9xwdF+IwZOOZFR0TCZuv/YKZ2BlrfAag==",
       "type": "package",
@@ -1842,6 +1864,7 @@
   },
   "projectFileDependencyGroups": {
     "net6.0-windows7.0": [
+      "BouncyCastle >= 1.8.9",
       "Dahomey.Cbor >= 1.17.0",
       "Jsbeautifier >= 0.0.1",
       "MySql.Data >= 8.0.29",
@@ -1897,6 +1920,10 @@
       "net6.0-windows7.0": {
         "targetAlias": "net6.0-windows",
         "dependencies": {
+          "BouncyCastle": {
+            "target": "Package",
+            "version": "[1.8.9, )"
+          },
           "Dahomey.Cbor": {
             "target": "Package",
             "version": "[1.17.0, )"
@@ -1955,5 +1982,17 @@
         "runtimeIdentifierGraphPath": "C:\\Program Files\\dotnet\\sdk\\6.0.200\\RuntimeIdentifierGraph.json"
       }
     }
-  }
+  },
+  "logs": [
+    {
+      "code": "NU1701",
+      "level": "Warning",
+      "warningLevel": 1,
+      "message": "Package 'BouncyCastle 1.8.9' was restored using '.NETFramework,Version=v4.6.1, .NETFramework,Version=v4.6.2, .NETFramework,Version=v4.7, .NETFramework,Version=v4.7.1, .NETFramework,Version=v4.7.2, .NETFramework,Version=v4.8' instead of the project target framework 'net6.0-windows7.0'. This package may not be fully compatible with your project.",
+      "libraryId": "BouncyCastle",
+      "targetGraphs": [
+        "net6.0-windows7.0"
+      ]
+    }
+  ]
 }
\ No newline at end of file

FidoReader/obj/project.nuget.cache

 {
   "version": 2,
-  "dgSpecHash": "o30u0jePzkGYiSTL2zF91Wt2Ajl9yX83bAC+dQmvOY3N37XtOc4JXYgzDb4HZPIVIlo9lIYSbeQw01FGI9NmCw==",
+  "dgSpecHash": "DDMckub4Fgeei/Y4fl41Q8XaUezTPFT7Wjn0ILtZ1P8nkubH9FnGf0XoVeVjfz5cW4aEWjFrTVmyQV0jKdqrYQ==",
   "success": true,
   "projectFilePath": "C:\\Users\\josh2\\Documents\\TWISC\\forward privacy\\FidoReader\\FidoReader\\FidoReader.csproj",
   "expectedPackageFiles": [
+    "C:\\Users\\josh2\\.nuget\\packages\\bouncycastle\\1.8.9\\bouncycastle.1.8.9.nupkg.sha512",
     "C:\\Users\\josh2\\.nuget\\packages\\bouncycastle.netcore\\1.8.5\\bouncycastle.netcore.1.8.5.nupkg.sha512",
     "C:\\Users\\josh2\\.nuget\\packages\\dahomey.cbor\\1.17.0\\dahomey.cbor.1.17.0.nupkg.sha512",
     "C:\\Users\\josh2\\.nuget\\packages\\entityframework\\6.4.4\\entityframework.6.4.4.nupkg.sha512",
@@ -47,5 +48,16 @@
     "C:\\Users\\josh2\\.nuget\\packages\\system.text.encoding.codepages\\4.4.0\\system.text.encoding.codepages.4.4.0.nupkg.sha512",
     "C:\\Users\\josh2\\.nuget\\packages\\system.windows.extensions\\4.7.0\\system.windows.extensions.4.7.0.nupkg.sha512"
   ],
-  "logs": []
+  "logs": [
+    {
+      "code": "NU1701",
+      "level": "Warning",
+      "warningLevel": 1,
+      "message": "Package 'BouncyCastle 1.8.9' was restored using '.NETFramework,Version=v4.6.1, .NETFramework,Version=v4.6.2, .NETFramework,Version=v4.7, .NETFramework,Version=v4.7.1, .NETFramework,Version=v4.7.2, .NETFramework,Version=v4.8' instead of the project target framework 'net6.0-windows7.0'. This package may not be fully compatible with your project.",
+      "libraryId": "BouncyCastle",
+      "targetGraphs": [
+        "net6.0-windows7.0"
+      ]
+    }
+  ]
 }
\ No newline at end of file