public void CollaborativeIssuanceTrustedGamma()
{
// Issuance
byte[][] attributes = new byte[][] { encoding.GetBytes("Attribute 1"), encoding.GetBytes("Attribute 2"), encoding.GetBytes("Attribute 3") };
ProverProtocolParameters ppp = new ProverProtocolParameters(ip);
ppp.Attributes = attributes;
Prover prover = ppp.CreateProver();
IssuerProtocolParameters ipp = new IssuerProtocolParameters(ikap);
ipp.Gamma = ProtocolHelper.ComputeIssuanceInput(ip, attributes, null, null); // computed by some other party.
Issuer issuer = ipp.CreateIssuer();
FirstIssuanceMessage msg1 = issuer.GenerateFirstMessage();
SecondIssuanceMessage msg2 = prover.GenerateSecondMessage(msg1);
ThirdIssuanceMessage msg3 = issuer.GenerateThirdMessage(msg2);
UProveKeyAndToken[] upkt = prover.GenerateTokens(msg3);
// use the token to make sure everything is ok
int[] disclosed = new int[0];
byte[] message = encoding.GetBytes("this is the presentation message, this can be a very long message");
UProveCrypto.Math.FieldZqElement[] unused;
byte[] scope = null;
PresentationProof proof = PresentationProof.Generate(ip, disclosed, null, 1, scope, message, null, null, upkt[0], attributes, out unused);
proof.Verify(ip, disclosed, null, 1, scope, message, null, upkt[0].Token);
}
/// <summary>
/// creates the second message to the received first message from the issuer
/// </summary>
/// <param name="devicePublicKey">if the tokens are hard token protected, this is
/// the public key of that device</param>
/// <returns>SecondMessage as json string or if there was a failure, an empty string</returns>
public string GenerateSecondMessage(GroupElement devicePublicKey = null)
{
try
{
LogService.Log(LogService.LogType.Info, "IssuingProver - GenerateSecondMessage called");
// initialize prover protocol
ProverProtocolParameters ppp = new ProverProtocolParameters(IP);
ppp.Attributes = ByteAttributes = ci.ConvertAttributeListToBase64ByteArray(Attributes);
ppp.NumberOfTokens = numberOfTokens;
ppp.TokenInformation = ti != null ? ti : null;
ppp.ProverInformation = pi;
if (devicePublicKey != null)
{
ppp.DevicePublicKey = devicePublicKey;
}
prover = ppp.CreateProver();
string secondMessageJson = IP.Serialize <SecondIssuanceMessage>(
prover.GenerateSecondMessage(IP.Deserialize <FirstIssuanceMessage>(firstMessageJson)));
LogService.Log(LogService.LogType.Info, "IssuingProver - SecondMessage created: " + secondMessageJson);
return(secondMessageJson);
}
catch (Exception e)
{
LogService.Log(LogService.LogType.Error, "IssuingProver - Error during second message generation.", e);
throw new CommunicationException("IssuingProver - Error during second message generation.", e);
}
}
private GenerateTokensInfo HandleGenerateTokens(Prover prover, ThirdIssuanceMessage thirdIssuanceMessage)
{
GenerateTokensInfo gInfo = new GenerateTokensInfo();
gInfo.Tokens = prover.GenerateTokens(thirdIssuanceMessage, true);
return(gInfo);
}
public static void MyClassInitialize(TestContext testContext)
{
//
// generate issuer parameters
//
IssuerSetupParameters isp = new IssuerSetupParameters(maxNumberOfAttributes);
isp.UidP = new byte[] { (byte)0 };
//isp.NumberOfAttributes = 1;
isp.E = new byte[] { (byte)0 }; // encode xid directly has an
IssuerKeyAndParameters ikap = isp.Generate();
ip = ikap.IssuerParameters;
//
// issue a token
//
xid = ip.Gq.FieldZq.GetRandomElement(false);
IssuerProtocolParameters ipp = new IssuerProtocolParameters(ikap);
ProverProtocolParameters ppp = new ProverProtocolParameters(ip);
attributes = new byte[][] { xid.ToByteArray() };
ipp.Attributes = ppp.Attributes = attributes;
ipp.NumberOfTokens = ppp.NumberOfTokens = 1;
Issuer issuer = ipp.CreateIssuer();
Prover prover = ppp.CreateProver();
upkt = prover.GenerateTokens(issuer.GenerateThirdMessage(prover.GenerateSecondMessage(issuer.GenerateFirstMessage())))[0];
}
public bool Move(Direction dir)
{
if (Pbattery != null && Pbattery.TakePower(PpowerAmount))
{
switch (dir)
{
case Direction.Down:
Prover.UpdatePos(Prover.Location.X, Prover.Location.Y + 1f);
break;
case Direction.Up:
Prover.UpdatePos(Prover.Location.X, Prover.Location.Y - 1f);
break;
case Direction.Left:
Prover.UpdatePos(Prover.Location.X - 1f, Prover.Location.Y);
break;
case Direction.Right:
Prover.UpdatePos(Prover.Location.X + 1f, Prover.Location.Y);
break;
}
return(true);
}
else
{
return(false);
}
}
public void TestProver()
{
byte[][] A = new byte[][] { };
byte[] TI = null;
byte[] PI = null;
IssuerSetupParameters isp = new IssuerSetupParameters(maxNumberOfAttributes);
isp.UidP = new byte[] { 0 };
isp.E = new byte[] { 0 };
IssuerKeyAndParameters ikap = isp.Generate();
IssuerProtocolParameters ipp = new IssuerProtocolParameters(ikap);
ipp.Attributes = A;
ipp.NumberOfTokens = 1;
ipp.TokenInformation = TI;
Issuer issuer = ipp.CreateIssuer();
FirstIssuanceMessage msg1 = null;
SecondIssuanceMessage msg2 = null;
ThirdIssuanceMessage msg3 = null;
msg1 = issuer.GenerateFirstMessage();
try { new Prover(null, 1, A, TI, PI, null); Assert.Fail(); } catch (ArgumentNullException) { }
try { new Prover(ikap.IssuerParameters, -1, A, TI, PI, null); Assert.Fail(); } catch (ArgumentException) { }
try { new Prover(ikap.IssuerParameters, 0, A, TI, PI, null); Assert.Fail(); } catch (ArgumentException) { }
Prover prover = new Prover(ikap.IssuerParameters, 1, A, TI, PI, null);
try { prover.GenerateTokens(msg3); Assert.Fail(); } catch (InvalidOperationException) { }
msg2 = prover.GenerateSecondMessage(msg1);
try { msg2 = prover.GenerateSecondMessage(msg1); Assert.Fail(); } catch (InvalidOperationException) { }
msg3 = issuer.GenerateThirdMessage(msg2);
prover.GenerateTokens(msg3);
try { prover.GenerateTokens(msg3); Assert.Fail(); } catch (InvalidOperationException) { }
}
private static UProveKeyAndToken[] IssueUProveTokens(IssuerKeyAndParameters ikap, IssuerParameters ip, byte[][] attributes, int numOfTokens, byte[] ti = null, byte[] pi = null)
{
WriteLine("Issuing " + numOfTokens + " tokens");
// setup the issuer and generate the first issuance message
IssuerProtocolParameters ipp = new IssuerProtocolParameters(ikap);
ipp.Attributes = attributes;
ipp.NumberOfTokens = numOfTokens;
ipp.TokenInformation = ti;
Issuer issuer = ipp.CreateIssuer();
string firstMessage = ip.Serialize <FirstIssuanceMessage>(issuer.GenerateFirstMessage());
// setup the prover and generate the second issuance message
ProverProtocolParameters ppp = new ProverProtocolParameters(ip);
ppp.Attributes = attributes;
ppp.NumberOfTokens = numOfTokens;
ppp.TokenInformation = ti;
ppp.ProverInformation = pi;
Prover prover = ppp.CreateProver();
string secondMessage = ip.Serialize <SecondIssuanceMessage>(prover.GenerateSecondMessage(ip.Deserialize <FirstIssuanceMessage>(firstMessage)));
// generate the third issuance message
string thirdMessage = ip.Serialize <ThirdIssuanceMessage>(issuer.GenerateThirdMessage(ip.Deserialize <SecondIssuanceMessage>(secondMessage)));
// generate the tokens
return(prover.GenerateTokens(ip.Deserialize <ThirdIssuanceMessage>(thirdMessage)));
}
public SecondIssuanceMessageInfo SecondMessage(SecondIssuanceMessageSpec spec)
{
if (spec.IssuerParameter == null)
{
ApiArgumentFault fault = new ApiArgumentFault();
fault.Details = "Issuer with unique ID was found";
fault.Argument = "IssuerSetupParametersSpec.ID";
fault.ArgumentValue = spec.IssuerParameter.Serialize();
throw new FaultException <ApiArgumentFault>(fault);
}
ProverProtocolParameters pProtoParam = new ProverProtocolParameters(spec.IssuerParameter);
pProtoParam.NumberOfTokens = spec.NumberOfTokens;
if (!String.IsNullOrWhiteSpace(spec.TokenInfomation))
{
pProtoParam.TokenInformation = ExtensionMethods.ToByteArray(spec.TokenInfomation);
}
if (!String.IsNullOrWhiteSpace(spec.Gamma))
{
pProtoParam.Gamma = ExtensionMethods.ToGroupElement(spec.Gamma, spec.IssuerParameter);
}
if (!String.IsNullOrWhiteSpace(spec.DevicePublicKey))
{
pProtoParam.DevicePublicKey = ExtensionMethods.ToGroupElement(spec.DevicePublicKey, spec.IssuerParameter);
}
if (!String.IsNullOrWhiteSpace(spec.ProverInfomation))
{
pProtoParam.ProverInformation = ExtensionMethods.ToByteArray(spec.ProverInfomation);
}
if (spec.RandomData != null)
{
pProtoParam.ProverRandomData = spec.RandomData;
}
if (spec.BatchSecurityLevel > 0)
{
pProtoParam.BatchValidationSecurityLevel = spec.BatchSecurityLevel;
}
pProtoParam.Validate();
Prover prover = pProtoParam.CreateProver();
SecondIssuanceMessage secondMessage = prover.GenerateSecondMessage(spec.FirstMessage);
PostSecondMessageState postSecondMessageState = prover.ExportPostSecondMessageState();
SecondIssuanceMessageInfo simInfo = new SecondIssuanceMessageInfo();
simInfo.PostSecondMessageState = postSecondMessageState;
simInfo.SecondMessage = secondMessage;
Guid issuerInstance = Guid.NewGuid();
simInfo.ProverInstanceID = issuerInstance;
proverInstanceDB.TryAdd(issuerInstance, new ProverInstanceData(prover));
return(simInfo);
}
public SecondIssuanceMessageComposite getSecondMessage(string[] attributesParam, IssuerParametersComposite ipc, int numberOfTokensParam, FirstIssuanceMessageComposite firstMessage, string sessionID)
{
/*
* token issuance - generate second message
*/
cOut.write("Issuing U-Prove tokens - generate second message, prover side");
VerifySessionId(sessionID);
try
{
string tokenInformationParam = null;
string proverInformationParam = null;
// specify the attribute values agreed to by the Issuer and Prover
int numberOfAttributes = attributesParam.Length;
byte[][] attributes = new byte[numberOfAttributes][];
for (int i = 0; i < numberOfAttributes; i++)
{
attributes[i] = encoding.GetBytes(attributesParam[i]);
}
// specify the special field values
byte[] tokenInformation = (tokenInformationParam == null) ? new byte[] { } : encoding.GetBytes(tokenInformationParam);
byte[] proverInformation = (proverInformationParam == null) ? new byte[] { } : encoding.GetBytes(proverInformationParam);
// specify the number of tokens to issue
int numberOfTokens = numberOfTokensParam;
IssuerParameters ip = ConvertUtils.convertIssuerParametersComposite(ipc, sessionDB[sessionID]);
// Convert serializable FirstIssuanceMessageComposite members to FirstIssuanceMessage
FirstIssuanceMessage fi = ConvertUtils.convertFirstIssuanceMessageComposite(firstMessage, ip);
// setup the prover and generate the second issuance message
Prover prover = new Prover(ip, numberOfTokens, attributes, tokenInformation, proverInformation, sessionDB[sessionID].deviceManager.GetDevice());
// Store the prover in proversDictionary using the sessionKey as key
sessionDB[sessionID].prover = prover;
SecondIssuanceMessage sm = prover.GenerateSecondMessage(fi);
// Convert SecondIssuanceMessage members to serializable SecondIssuanceMessageComposite
SecondIssuanceMessageComposite smc = ConvertUtils.convertSecondIssuanceMessage(sm);
// Add the sessionKey to SecondIssuanceMessageComposite
smc.SessionKey = sessionID;
return(smc);
}
catch (Exception e)
{
cOut.write(e.ToString());
DebugUtils.DebugPrint(e.StackTrace.ToString());
}
return(null);
}
public void RandomZero()
{
var mockRandom = new MockRandom();
mockRandom.GetScalarResults.Add(Scalar.Zero);
// Don't tolerate if the second zero scalar random is received.
mockRandom.GetScalarResults.Add(Scalar.Zero);
Assert.ThrowsAny <InvalidOperationException>(() => Prover.CreateProof(new KnowledgeOfDlogParams(Scalar.One, new Statement(Scalar.One * Generators.G, Generators.G)), mockRandom));
}
public void RandomOverflow()
{
var mockRandom = new MockRandom();
foreach (var scalar in CryptoHelpers.GetScalars(x => x.IsOverflow))
{
mockRandom.GetScalarResults.Add(scalar);
Assert.ThrowsAny <InvalidOperationException>(() => Prover.CreateProof(new KnowledgeOfDlogParams(Scalar.One, new Statement(Scalar.One * Generators.G, Generators.G)), mockRandom));
}
}
public void CollaborativeIssuanceTest()
{
// Issuer setup
IssuerSetupParameters isp = new IssuerSetupParameters();
isp.UidP = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
isp.E = new byte[] { (byte)1, (byte)1, (byte)1, (byte)1 };
isp.UseRecommendedParameterSet = true;
isp.S = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
IssuerKeyAndParameters ikap = isp.Generate();
IssuerParameters ip = ikap.IssuerParameters;
// Issuance
byte[][] attributes = new byte[][] { encoding.GetBytes("Attribute 1"), encoding.GetBytes("Attribute 2"), encoding.GetBytes("Attribute 3"), encoding.GetBytes("Attribute 4") };
byte[] tokenInformation = new byte[] { };
byte[] proverInformation = new byte[] { };
int numberOfTokens = 2;
// Test cases
// 1: CA-RA split (a party trusted by the issuer provides the gamma value)
int numTestCases = 1;
for (int testCase = 1; testCase <= numTestCases; testCase++)
{
ProverProtocolParameters ppp = new ProverProtocolParameters(ip);
ppp.Attributes = attributes;
ppp.NumberOfTokens = numberOfTokens;
ppp.TokenInformation = tokenInformation;
ppp.ProverInformation = proverInformation;
Prover prover = ppp.CreateProver();
IssuerProtocolParameters ipp = new IssuerProtocolParameters(ikap);
if (testCase == 1)
{
ipp.Gamma = ProtocolHelper.ComputeIssuanceInput(ip, attributes, tokenInformation, null);
}
ipp.NumberOfTokens = numberOfTokens;
Issuer issuer = ipp.CreateIssuer();
FirstIssuanceMessage msg1 = issuer.GenerateFirstMessage();
SecondIssuanceMessage msg2 = prover.GenerateSecondMessage(msg1);
ThirdIssuanceMessage msg3 = issuer.GenerateThirdMessage(msg2);
UProveKeyAndToken[] upkt = prover.GenerateTokens(msg3);
// use the token to make sure everything is ok
int[] disclosed = new int[0];
byte[] message = encoding.GetBytes("this is the presentation message, this can be a very long message");
FieldZqElement[] unused;
byte[] scope = null;
PresentationProof proof = PresentationProof.Generate(ip, disclosed, null, 1, scope, message, null, null, upkt[0], attributes, out unused);
proof.Verify(ip, disclosed, null, 1, scope, message, null, upkt[0].Token);
}
}
/// <summary>
/// Returns provers password.
/// </summary>
/// <returns>The password.</returns>
/// <param name="password">Password.</param>
/// <param name="version">Version.</param>
public string ProverPassword(SecureString password, int version)
{
Guard.Argument(password, nameof(password)).NotNull();
Guard.Argument(version, nameof(version)).NotNegative();
using (var insecurePassword = password.Insecure())
{
var hash = Cryptography.GenericHashNoKey($"{version} {insecurePassword.Value}");
return(Prover.GetHashStringNumber(hash).ToByteArray().ToHex());
}
}
public void End2EndVerificationSimple(uint scalarSeed)
{
var secret = new Scalar(scalarSeed);
var generator = Generators.G;
var publicPoint = secret * generator;
var statement = new Statement(publicPoint, generator);
var knowledgeParams = new KnowledgeOfDlogParams(secret, statement);
var proof = Prover.CreateProof(knowledgeParams);
Assert.True(Verifier.Verify(proof, statement));
}
public void End2EndVerification()
{
foreach (var secret in CryptoHelpers.GetScalars(x => !x.IsOverflow && !x.IsZero))
{
var generator = Generators.G;
var publicPoint = secret * generator;
var statement = new Statement(publicPoint, generator);
var knowledgeParams = new KnowledgeOfDlogParams(secret, statement);
var proof = Prover.CreateProof(knowledgeParams);
Assert.True(Verifier.Verify(proof, statement));
}
}
/// <summary>
/// Returns provers password.
/// </summary>
/// <returns>The password.</returns>
/// <param name="password">Password.</param>
/// <param name="version">Version.</param>
public string ProverPassword(SecureString password, int version)
{
if (password == null)
{
throw new ArgumentNullException(nameof(password));
}
using (var insecurePassword = password.Insecure())
{
var hash = Cryptography.GenericHashNoKey(string.Format("{0} {1}", version, insecurePassword.Value));
return(Prover.GetHashStringNumber(hash).ToByteArray().ToHex());
}
}
UProveKeyAndToken[] IssueSourceToken(byte[][] attributes)
{
byte[] tokenInformation = new byte[] { };
IssuerProtocolParameters ipp = new IssuerProtocolParameters(sourceIkap);
ipp.Attributes = attributes;
ipp.TokenInformation = tokenInformation;
Issuer issuer = ipp.CreateIssuer();
FirstIssuanceMessage msg1 = issuer.GenerateFirstMessage();
ProverProtocolParameters ppp = new ProverProtocolParameters(sourceIp);
ppp.Attributes = attributes;
ppp.TokenInformation = tokenInformation;
Prover prover = ppp.CreateProver();
SecondIssuanceMessage msg2 = prover.GenerateSecondMessage(msg1);
ThirdIssuanceMessage msg3 = issuer.GenerateThirdMessage(msg2);
return prover.GenerateTokens(msg3);
}
public List <UProveKeyAndTokenComposite> generateTokens(ThirdIssuanceMessageComposite thirdMessage, string sessionID)
{
/*
* token issuance - generate tokens.
*/
cOut.write("Issuing U-Prove tokens - generate tokens, prover side");
VerifySessionId(sessionID);
try
{
// Convert serializable ThirdIssuanceMessageComposite members to ThirdIssuanceMessage.
ThirdIssuanceMessage tm = ConvertUtils.convertThirdIssuanceMessageComposite(thirdMessage);
// Retrieve correct Prover instance from proversDictionary for the given sessionKey.
if (sessionDB.ContainsKey(sessionID))
{
Prover prover = sessionDB[sessionID].prover;
// generate the tokens.
UProveKeyAndToken[] upkt = prover.GenerateTokens(tm);
// Serialize them.
cOut.write("Generating tokens...");
List <UProveKeyAndTokenComposite> tokens = new List <UProveKeyAndTokenComposite>();
foreach (UProveKeyAndToken t in upkt)
{
byte[] bigInt = t.PrivateKey.ToByteArray();
UProveKeyAndTokenComposite keyAndTokenComposite = new UProveKeyAndTokenComposite();
keyAndTokenComposite.PrivateKey = bigInt;
keyAndTokenComposite.Token = ConvertUtils.convertUProveToken(t.Token);
tokens.Add(keyAndTokenComposite);
}
return(tokens);
}
}
catch (Exception e)
{
cOut.write(e.ToString());
DebugUtils.DebugPrint(e.StackTrace.ToString());
}
return(null);
}
private void RunProtocol(IssuerKeyAndParameters ikap, IssuerParameters ip)
{
ip.Verify(); // sanity check
// Issuance
int numberOfAttribs = ip.G.Length - 2; // minus g_0 and g_t
byte[][] attributes = new byte[numberOfAttribs][];
for (int i = 0; i < numberOfAttribs; i++)
{
attributes[i] = new byte[] { (byte)i };
}
byte[] tokenInformation = new byte[] { 0x01 };
byte[] proverInformation = new byte[] { 0x01 };
int numberOfTokens = 1;
IssuerProtocolParameters ipp = new IssuerProtocolParameters(ikap);
ipp.Attributes = attributes;
ipp.NumberOfTokens = numberOfTokens;
ipp.TokenInformation = tokenInformation;
Issuer issuer = ipp.CreateIssuer();
FirstIssuanceMessage msg1 = issuer.GenerateFirstMessage();
ProverProtocolParameters ppp = new ProverProtocolParameters(ip);
ppp.NumberOfTokens = numberOfTokens;
ppp.Attributes = attributes;
ppp.TokenInformation = tokenInformation;
ppp.ProverInformation = proverInformation;
Prover prover = ppp.CreateProver();
SecondIssuanceMessage msg2 = prover.GenerateSecondMessage(msg1);
ThirdIssuanceMessage msg3 = issuer.GenerateThirdMessage(msg2);
// issue token
UProveKeyAndToken[] upkt = prover.GenerateTokens(msg3);
// Presentation
int[] disclosed = new int[] { 1 };
byte[] message = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
// generate the presentation proof
PresentationProof proof = PresentationProof.Generate(new ProverPresentationProtocolParameters(ip, disclosed, message, upkt[0], attributes));
// verify the presentation proof
proof.Verify(new VerifierPresentationProtocolParameters(ip, disclosed, message, upkt[0].Token));
}
public void End2EndVerificationSimple(uint scalarSeed1, uint scalarSeed2)
{
var secrets = new[] { new Scalar(scalarSeed1), new Scalar(scalarSeed2) };
var generators = new[] { Generators.G, Generators.Ga };
var publicPoint = GroupElement.Infinity;
foreach (var(secret, generator) in secrets.ZipForceEqualLength(generators))
{
publicPoint += secret * generator;
}
var statement = new Statement(publicPoint, generators);
var knowledge = new KnowledgeOfRepParams(secrets, statement);
var proof = Prover.CreateProof(knowledge);
Assert.True(Verifier.Verify(proof, statement));
}
public void TestIssuerStateExport()
{
IssuerKeyAndParameters ikap;
IssuerProtocolParameters ipp;
ProverProtocolParameters ppp;
StaticTestHelpers.GenerateTestIssuanceParameters("test issuer params", "test spec", 3, true, 6, out ikap, out ipp, out ppp);
// generate test issuer parameters
Issuer issuer = ipp.CreateIssuer();
IssuerParameters ip = ikap.IssuerParameters;
Prover prover = ppp.CreateProver();
FirstIssuanceMessage msg1 = null;
SecondIssuanceMessage msg2 = null;
ThirdIssuanceMessage msg3 = null;
msg1 = issuer.GenerateFirstMessage();
PostFirstMessageState state = issuer.ExportPostFirstMessageState();
string serializedState = ikap.IssuerParameters.Serialize(state);
msg2 = prover.GenerateSecondMessage(msg1);
// make sure the original issuer is unusable
try
{
issuer.GenerateThirdMessage(msg2);
Assert.Fail();
}
catch (Exception)
{
// expected
}
// complete the issuance with a new issuer instance
Issuer issuer2 = new Issuer(ikap, ikap.IssuerParameters.Deserialize <PostFirstMessageState>(serializedState));
msg3 = issuer2.GenerateThirdMessage(msg2);
// make sure tokens are valid by completing the issuance
prover.GenerateTokens(msg3);
}
public void End2EndVerification()
{
var goodScalars = CryptoHelpers.GetScalars(x => !x.IsOverflow && !x.IsZero);
foreach (var secret1 in goodScalars)
{
foreach (var secret2 in goodScalars.Where(x => x != secret1))
{
var secrets = new[] { secret1, secret2 };
var generators = new[] { Generators.G, Generators.Ga };
var publicPoint = GroupElement.Infinity;
foreach (var(secret, generator) in secrets.ZipForceEqualLength(generators))
{
publicPoint += secret * generator;
}
Statement statement = new Statement(publicPoint, generators);
var knowledge = new KnowledgeOfRepParams(secrets, statement);
var proof = Prover.CreateProof(knowledge);
Assert.True(Verifier.Verify(proof, statement));
}
}
}
public void DrillDown()
{
if (_wear > 100)
{
Random rnd = new Random();
if (rnd.Next(1, 5) == 1)
{
return;
}
}
Speciman search = PGC.TakeSpecimanAt(GameMain.newPoint2D(Prover.Location.X, Prover.Location.Y));
if (search != null)
{
Prover.AddSpeciman(search);
_wear += 5;
}
else
{
_wear += 10;
}
}
public GenerateTokensInfo GenerateTokens(GenerateTokensSpec spec)
{
// first we will try to lookup the cache value of the prover object.
Prover prover = null;
if (spec.ProverInstanceID != null)
{
ProverInstanceData proverInstance;
bool ok = proverInstanceDB.TryGetValue(spec.ProverInstanceID, out proverInstance);
if (ok)
{
prover = proverInstance.Prover;
}
else
{
//XXX add log about Prover not found in cache.
}
}
if (prover != null)
{
return(HandleGenerateTokens(prover, spec.ThirdMessage));
}
if (spec.SecondMessageState != null && spec.IssuerParameter != null)
{
prover = new Prover(spec.IssuerParameter, spec.SecondMessageState);
proverInstanceDB.TryAdd(spec.ProverInstanceID, new ProverInstanceData(prover));
return(HandleGenerateTokens(prover, spec.ThirdMessage));
}
ApiArgumentFault fault = new ApiArgumentFault();
fault.Details = "Prover with unique ID was found or SecondMessageState and IssuerParameter not provided.";
fault.Argument = "GenerateTokensSpec.ProverInstanceID/GenerateTokensSpec.SecondMessageState/GenerateTokensSpec.IssuerParameter";
fault.ArgumentValue = spec.ProverInstanceID.ToString();
throw new FaultException <ApiArgumentFault>(fault);
}
public void End2EndVerificationLargeScalar()
{
uint val = int.MaxValue;
var gen = new Scalar(4) * Generators.G;
var secret = new Scalar(val, val, val, val, val, val, val, val);
var p = secret * gen;
var statement = new Statement(p, gen);
var knowledgeParams = new KnowledgeOfDlogParams(secret, statement);
var proof = Prover.CreateProof(knowledgeParams);
Assert.True(Verifier.Verify(proof, statement));
secret = EC.N + (new Scalar(1)).Negate();
p = secret * gen;
statement = new Statement(p, gen);
knowledgeParams = new KnowledgeOfDlogParams(secret, statement);
proof = Prover.CreateProof(knowledgeParams);
Assert.True(Verifier.Verify(proof, statement));
secret = EC.NC;
p = secret * gen;
statement = new Statement(p, gen);
knowledgeParams = new KnowledgeOfDlogParams(secret, statement);
proof = Prover.CreateProof(knowledgeParams);
Assert.True(Verifier.Verify(proof, statement));
secret = EC.NC + new Scalar(1);
p = secret * gen;
statement = new Statement(p, gen);
knowledgeParams = new KnowledgeOfDlogParams(secret, statement);
proof = Prover.CreateProof(knowledgeParams);
Assert.True(Verifier.Verify(proof, statement));
secret = EC.NC + (new Scalar(1)).Negate();
p = secret * gen;
statement = new Statement(p, gen);
knowledgeParams = new KnowledgeOfDlogParams(secret, statement);
proof = Prover.CreateProof(knowledgeParams);
Assert.True(Verifier.Verify(proof, statement));
}
private void RunFuzzedTest(bool useSubgroupConstruction, string hashFunction, int numberOfAttributes, bool supportDevice, int numberOfTokens, int[] dArray, int[] cArray, int pseudonymIndex)
{
// Issuer setup
IssuerSetupParameters isp = new IssuerSetupParameters(numberOfAttributes);
isp.GroupConstruction = useSubgroupConstruction ? GroupType.Subgroup : GroupType.ECC;
isp.UidP = GetRandomBytes(MaxByteArrayLength);
isp.UidH = hashFunction;
//isp.E = IssuerSetupParameters.GetDefaultEValues(numberOfAttributes); // extension by Fablei -> do not change MaxNumberOfAttributes
isp.S = GetRandomBytes(MaxByteArrayLength);
IssuerKeyAndParameters ikap = isp.Generate(supportDevice);
IssuerParameters ip = ikap.IssuerParameters;
ip.Verify();
IDevice device = null;
GroupElement hd = null;
if (supportDevice)
{
device = new VirtualDevice(ip);
hd = device.GetDevicePublicKey();
}
// Issuance
byte[][] attributes = new byte[numberOfAttributes][];
for (int index = 0; index < numberOfAttributes; index++)
{
attributes[index] = GetRandomBytes(MaxByteArrayLength);
}
byte[] tokenInformation = GetRandomBytes(MaxByteArrayLength);
byte[] proverInformation = GetRandomBytes(MaxByteArrayLength);
IssuerProtocolParameters ipp = new IssuerProtocolParameters(ikap);
ipp.Attributes = attributes;
ipp.NumberOfTokens = numberOfTokens;
ipp.TokenInformation = tokenInformation;
ipp.DevicePublicKey = hd;
Issuer issuer = ipp.CreateIssuer();
string msg1 = ip.Serialize(issuer.GenerateFirstMessage());
ProverProtocolParameters ppp = new ProverProtocolParameters(ip);
ppp.Attributes = attributes;
ppp.NumberOfTokens = numberOfTokens;
ppp.TokenInformation = tokenInformation;
ppp.ProverInformation = proverInformation;
ppp.DevicePublicKey = hd;
Prover prover = ppp.CreateProver();
string msg2 = ip.Serialize(prover.GenerateSecondMessage(ip.Deserialize <FirstIssuanceMessage>(msg1)));
string msg3 = ip.Serialize(issuer.GenerateThirdMessage(ip.Deserialize <SecondIssuanceMessage>(msg2)));
// issue token
UProveKeyAndToken[] upkt = prover.GenerateTokens(ip.Deserialize <ThirdIssuanceMessage>(msg3));
// Presentation
byte[] message = GetRandomBytes(MaxByteArrayLength);
byte[] deviceMessage = null;
IDevicePresentationContext deviceContext = null;
if (supportDevice)
{
deviceMessage = GetRandomBytes(MaxByteArrayLength);
deviceContext = device.GetPresentationContext();
}
int tokenIndex = random.Next(upkt.Length);
// generate the presentation proof
PresentationProof proof = PresentationProof.Generate(ip, dArray, message, deviceMessage, deviceContext, upkt[tokenIndex], attributes);
// verify the presentation proof
proof.Verify(ip, dArray, message, deviceMessage, upkt[tokenIndex].Token);
}
public void PseudonymAndCommitmentsTest()
{
// Issuer setup
IssuerSetupParameters isp = new IssuerSetupParameters(maxNumberOfAttributes);
isp.UidP = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
isp.E = new byte[] { (byte)1, (byte)1, (byte)1, (byte)1 };
isp.UseRecommendedParameterSet = true;
isp.S = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
IssuerKeyAndParameters ikap = isp.Generate();
IssuerParameters ip = ikap.IssuerParameters;
// Issuance
byte[][] attributes = new byte[][] { encoding.GetBytes("Attribute 1"), encoding.GetBytes("Attribute 2"), encoding.GetBytes("Attribute 3"), encoding.GetBytes("Attribute 4") };
byte[] tokenInformation = new byte[] { };
byte[] proverInformation = new byte[] { };
int numberOfTokens = 1;
IssuerProtocolParameters ipp = new IssuerProtocolParameters(ikap);
ipp.Attributes = attributes;
ipp.NumberOfTokens = numberOfTokens;
ipp.TokenInformation = tokenInformation;
Issuer issuer = ipp.CreateIssuer();
FirstIssuanceMessage msg1 = issuer.GenerateFirstMessage();
ProverProtocolParameters ppp = new ProverProtocolParameters(ip);
ppp.Attributes = attributes;
ppp.NumberOfTokens = numberOfTokens;
ppp.TokenInformation = tokenInformation;
ppp.ProverInformation = proverInformation;
Prover prover = ppp.CreateProver();
SecondIssuanceMessage msg2 = prover.GenerateSecondMessage(msg1);
ThirdIssuanceMessage msg3 = issuer.GenerateThirdMessage(msg2);
UProveKeyAndToken[] upkt = prover.GenerateTokens(msg3);
// Pseudonym
int[] disclosed = new int[0];
int[] committed = new int[] { 2, 4 };
byte[] message = encoding.GetBytes("this is the presentation message, this can be a very long message");
byte[] scope = encoding.GetBytes("scope");
PresentationProof proof;
FieldZqElement[] tildeO;
// Valid presentation
proof = PresentationProof.Generate(ip, disclosed, committed, 1, scope, message, null, null, upkt[0], attributes, out tildeO);
proof.Verify(ip, disclosed, committed, 1, scope, message, null, upkt[0].Token);
// Invalid pseudonym (wrong scope)
proof = PresentationProof.Generate(ip, disclosed, committed, 1, scope, message, null, null, upkt[0], attributes, out tildeO);
try { proof.Verify(ip, disclosed, committed, 1, encoding.GetBytes("bad scope"), message, null, upkt[0].Token); Assert.Fail(); }
catch (InvalidUProveArtifactException) { }
// Invalid pseudonym (wrong attribute)
try { proof.Verify(ip, disclosed, committed, 2, scope, message, null, upkt[0].Token); Assert.Fail(); }
catch (InvalidUProveArtifactException) { }
// Invalid commitment (null list)
try { proof.Verify(ip, disclosed, null, 2, scope, message, null, upkt[0].Token); Assert.Fail(); }
catch (InvalidUProveArtifactException) { }
// Invalid commitment (wrong committed values)
try { proof.Verify(ip, disclosed, new int[] { 1, 4 }, 2, scope, message, null, upkt[0].Token); Assert.Fail(); }
catch (InvalidUProveArtifactException) { }
// Invalid commitment (wront number of committed values)
try { proof.Verify(ip, disclosed, new int[] { 1 }, 2, scope, message, null, upkt[0].Token); Assert.Fail(); }
catch (InvalidUProveArtifactException) { }
// Invalid commitment (value)
proof.Commitments[0].TildeA[0]++;
try { proof.Verify(ip, disclosed, committed, 2, scope, message, null, upkt[0].Token); Assert.Fail(); }
catch (InvalidUProveArtifactException) { }
// Ensure tildeO is correct
GroupElement Cx2 = proof.Commitments[0].TildeC; // x2 is the first committed attribute
FieldZqElement x2 = ProtocolHelper.ComputeXi(ip, 1, attributes[1]); // attributes[] is zero indexed.
FieldZqElement tildeO2 = tildeO[0];
// double check that Cx2 is computed correctly.
GroupElement Cx2Prime = ip.Gq.MultiExponentiate(new GroupElement[] { ip.Gq.G, ip.G[1] }, new FieldZqElement[] { x2, tildeO2 });
Assert.IsTrue(Cx2Prime.Equals(Cx2));
}
public void FiatShamirComposition()
{
var rnd = new MockRandom();
rnd.GetBytesResults.Add(new byte[32]);
rnd.GetBytesResults.Add(new byte[32]);
var witness1 = new ScalarVector(Scalar.One);
var witness2 = new ScalarVector(Scalar.One + Scalar.One);
var g = new GroupElementVector(Generators.G);
var publicPoint1 = witness1 * g;
var publicPoint2 = witness2 * g;
var statement1 = new Statement(new Equation(publicPoint1, g));
var statement2 = new Statement(new Equation(publicPoint2, g));
var prover1 = new Prover(new Knowledge(statement1, witness1));
var prover2 = new Prover(new Knowledge(statement2, witness2));
var proverTranscript = new WalletWasabi.Crypto.ZeroKnowledge.Transcript(new byte[0]);
var verifierTranscript = proverTranscript.MakeCopy();
var prover1Nonces = prover1.CommitToStatements(proverTranscript);
var prover2Nonces = prover2.CommitToStatements(proverTranscript);
var prover1Respond = prover1Nonces(rnd);
var prover2Respond = prover2Nonces(rnd);
var proof1 = prover1Respond();
var proof2 = prover2Respond();
var verifier1 = new Verifier(statement1);
var verifier2 = new Verifier(statement2);
// First, verify as a compound proof
var correctVerifierTranscript = verifierTranscript.MakeCopy();
var correctVerifier1Nonces = verifier1.CommitToStatements(correctVerifierTranscript);
var correctVerifier2Nonces = verifier2.CommitToStatements(correctVerifierTranscript);
var correctVerifier1Verify = correctVerifier1Nonces(proof1);
var correctVerifier2Verify = correctVerifier2Nonces(proof2);
Assert.True(correctVerifier1Verify());
Assert.True(correctVerifier2Verify());
// If the verifiers are not run interleaved, they should reject.
var notInterleavedVerifierTranscript = verifierTranscript.MakeCopy();
var notInterleavedVerifier1Nonces = verifier1.CommitToStatements(correctVerifierTranscript);
var notInterleavedVerifier1Verify = notInterleavedVerifier1Nonces(proof1);
Assert.False(notInterleavedVerifier1Verify());
var notInterleavedVerifier2Nonces = verifier2.CommitToStatements(correctVerifierTranscript);
var notInterleavedVerifier2Verify = notInterleavedVerifier2Nonces(proof2);
Assert.False(notInterleavedVerifier2Verify());
// If the verifiers are run independently (without sharing a transcript),
// they should reject.
var incompleteTranscript1 = verifierTranscript.MakeCopy();
var incompleteTranscript2 = verifierTranscript.MakeCopy();
var incompleteTranscriptVerifier1Nonces = verifier1.CommitToStatements(incompleteTranscript1);
var incompleteTranscriptVerifier2Nonces = verifier2.CommitToStatements(incompleteTranscript2);
var incompleteTranscriptVerifier1Verify = incompleteTranscriptVerifier1Nonces(proof1);
var incompleteTranscriptVerifier2Verify = incompleteTranscriptVerifier2Nonces(proof2);
Assert.False(incompleteTranscriptVerifier1Verify());
Assert.False(incompleteTranscriptVerifier2Verify());
// If the sub-proofs are swapped between the verifiers, they should reject.
var incorrectProofVerifierTranscript = verifierTranscript.MakeCopy();
var incorrectProofVerifier1Nonces = verifier1.CommitToStatements(correctVerifierTranscript);
var incorrectProofVerifier2Nonces = verifier2.CommitToStatements(correctVerifierTranscript);
var incorrectProofVerifier1Verify = incorrectProofVerifier1Nonces(proof2);
var incorrectProofVerifier2Verify = incorrectProofVerifier2Nonces(proof1);
Assert.False(incorrectProofVerifier1Verify());
Assert.False(incorrectProofVerifier2Verify());
// If the order of the verifiers is changed, they should reject.
var incorrectOrderVerifierTranscript = verifierTranscript.MakeCopy();
var incorrectOrderVerifier1Nonces = verifier1.CommitToStatements(correctVerifierTranscript);
var incorrectOrderVerifier2Nonces = verifier2.CommitToStatements(correctVerifierTranscript);
var incorrectOrderVerifier2Verify = incorrectOrderVerifier2Nonces(proof2);
var incorrectOrderVerifier1Verify = incorrectOrderVerifier1Nonces(proof1);
Assert.False(incorrectOrderVerifier1Verify());
Assert.False(incorrectOrderVerifier2Verify());
// If the proofs are committed to the transcript in the right order but
// with the wrong verifier (combination of previous two cases) they should
// reject.
var incorrectOrderAndProofVerifierTranscript = verifierTranscript.MakeCopy();
var incorrectOrderAndProofVerifier1Nonces = verifier1.CommitToStatements(correctVerifierTranscript);
var incorrectOrderAndProofVerifier2Nonces = verifier2.CommitToStatements(correctVerifierTranscript);
var incorrectOrderAndProofVerifier2Verify = incorrectOrderAndProofVerifier2Nonces(proof1);
var incorrectOrderAndProofVerifier1Verify = incorrectOrderAndProofVerifier1Nonces(proof2);
Assert.False(incorrectOrderAndProofVerifier2Verify());
Assert.False(incorrectOrderAndProofVerifier1Verify());
}
internal ProverInstanceData(Prover issuer)
{
this.LastAccessed = DateTime.Now;
_prover = issuer;
}
private static string CreateClientToken(SigningCredentials credential, string clientId, string audience,
List <string> rootCertSubject,
UiLambdaSet uiLambda = null)
{
// oz
//// string x5c = "";
string[] x5c = null;
string certFileName = certPfx;
string password = certPfxPW;
X509Certificate2 certificate = null;
if (credential == null)
{
var res = UiLambdaSet.MesssageBoxShow(uiLambda, "",
"Select certificate chain from certificate store? \n" +
"(otherwise use file Andreas_Orzelski_Chain.pfx)",
"Select certificate chain", MessageBoxButtons.YesNo);
if (res == DialogResult.No)
{
certFileName = "Andreas_Orzelski_Chain.pfx";
password = "******";
credential = new X509SigningCredentials(new X509Certificate2(certFileName, password));
}
}
if (credential == null)
{
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(
X509FindType.FindByTimeValid, DateTime.Now, false);
Boolean rootCertFound = false;
X509Certificate2Collection fcollection2 = new X509Certificate2Collection();
foreach (X509Certificate2 fc in fcollection)
{
X509Chain fch = new X509Chain();
fch.Build(fc);
foreach (X509ChainElement element in fch.ChainElements)
{
if (rootCertSubject.Contains(element.Certificate.Subject))
{
rootCertFound = true;
fcollection2.Add(fc);
}
}
}
if (rootCertFound)
{
fcollection = fcollection2;
}
X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(fcollection,
"Test Certificate Select",
"Select a certificate from the following list to get information on that certificate",
X509SelectionFlag.SingleSelection);
if (scollection.Count != 0)
{
certificate = scollection[0];
X509Chain ch = new X509Chain();
ch.Build(certificate);
string[] X509Base64 = new string[ch.ChainElements.Count];
int j = 0;
foreach (X509ChainElement element in ch.ChainElements)
{
X509Base64[j++] = Convert.ToBase64String(element.Certificate.GetRawCertData());
}
x5c = X509Base64;
}
}
else
{
// use old fixed certificate chain
X509Certificate2Collection xc = new X509Certificate2Collection();
xc.Import(certFileName, password, X509KeyStorageFlags.PersistKeySet);
string[] X509Base64 = new string[xc.Count];
int j = xc.Count;
var xce = xc.GetEnumerator();
for (int i = 0; i < xc.Count; i++)
{
xce.MoveNext();
X509Base64[--j] = Convert.ToBase64String(xce.Current.GetRawCertData());
}
x5c = X509Base64;
certificate = new X509Certificate2(certFileName, password);
}
string email = "";
string subject = certificate.Subject;
var split = subject.Split(new Char[] { ',' });
if (split[0] != "")
{
var split2 = split[0].Split(new Char[] { '=' });
if (split2[0] == "E")
{
email = split2[1];
}
}
Console.WriteLine("email: " + email);
//
StringBuilder builder = new StringBuilder();
builder.AppendLine("-----BEGIN CERTIFICATE-----");
builder.AppendLine(
Convert.ToBase64String(certificate.RawData, Base64FormattingOptions.InsertLineBreaks));
builder.AppendLine("-----END CERTIFICATE-----");
UiLambdaSet.MesssageBoxShow(uiLambda, builder.ToString(), "", "Client Certificate", MessageBoxButtons.OK);
credential = new X509SigningCredentials(certificate);
// oz end
var now = DateTime.UtcNow;
var token = new JwtSecurityToken(
clientId,
audience,
new List <Claim>()
{
new Claim(JwtClaimTypes.JwtId, Guid.NewGuid().ToString()),
new Claim(JwtClaimTypes.Subject, clientId),
new Claim(JwtClaimTypes.IssuedAt, now.ToEpochTime().ToString(), ClaimValueTypes.Integer64),
// OZ
new Claim(JwtClaimTypes.Email, email)
// new Claim("x5c", x5c)
},
now,
now.AddMinutes(1),
credential)
;
token.Header.Add("x5c", x5c);
if (ssiURL != "")
{
//// Prover prover = new Prover("http://192.168.178.33:5001"); //AASX Package Explorer
Prover prover = new Prover(ssiURL); //AASX Package Explorer
string invitation = prover.CreateInvitation();
token.Header.Add("ssiInvitation", invitation);
}
// oz
var tokenHandler = new JwtSecurityTokenHandler();
return(tokenHandler.WriteToken(token));
}
