public void Should_EnrollNewRecord_When_PasswordSpecified()
{
var rngMock = Substitute.For <IPheRandomGenerator>();
var offset = 0;
rngMock.GenerateNonce(16).Returns(x =>
{
offset += 16;
return(((Span <byte>) this.mockedRandomBytes).Slice(offset - 16, 16).ToArray());
});
rngMock.GenerateNonce(32).Returns(x =>
{
offset += 32;
return(((Span <byte>) this.mockedRandomBytes).Slice(offset - 32, 32).ToArray());
});
var crypto = new PheCrypto();
crypto.Rng = rngMock;
var enrollmentRecordRight = EnrollmentRecord.Parser.ParseFrom(Google.Protobuf.ByteString.CopyFrom(this.enrollmentRecord));
var appSecretKey = crypto.DecodeSecretKey(this.clientPrivate);
var servicePublicKey = crypto.DecodePublicKey(this.serverPublic);
var pheClient = new PheClient(appSecretKey, servicePublicKey);
pheClient.Crypto = crypto;
var(enrollmentRec, key) = pheClient.EnrollAccount(this.password, this.enrollmentResponse);
var enrollmentRecordGot = EnrollmentRecord.Parser.ParseFrom(Google.Protobuf.ByteString.CopyFrom(enrollmentRec));
Assert.Equal(Bytes.ToString(this.enrollmentRecord, StringEncoding.BASE64), Bytes.ToString(enrollmentRec, StringEncoding.BASE64));
Assert.Equal(Bytes.ToString(this.recordKey, StringEncoding.BASE64), Bytes.ToString(key, StringEncoding.BASE64));
}
public void TestRotatePublicServerKey()
{
var phe = new PheCrypto();
var oldPublicServerKey = phe.DecodePublicKey(this.serverPublic);
var newPublicServerKey = phe.RotatePublicKey(oldPublicServerKey, this.token);
Assert.Equal(this.rotatedServerPub, newPublicServerKey.Encode());
}
public void Should_RotateTheSamePublicKey_When_OldPublicKeyAndUpdateTokenAreGiven()
{
var a = Bytes.FromString("T20buheJjFOg+rsxP5ADIS7G3htdY/MUt9VozMOgEfA=", StringEncoding.BASE64);
var b = Bytes.FromString("UbXPXPtmKuudthZXXjJTE9AxBEgZB7mTFD+TGViCgHU=", StringEncoding.BASE64);
var pkS = Bytes.FromString("BBqqpApF8EsvQtLQlcR1sBon9RbKDcrsNypYDGatbx5JxvdQfGaszDwen01xQVWxL0UvrLfmzTBJHpL+q5+kyWw=", StringEncoding.BASE64);
var pkS1 = Bytes.FromString("BMiu/KcLEom9PwAeEeN9gYJZ45kdlYdo1bYPsd8YjWvRVgqJY2MzJlu2OR1d7ynxZvsdXbVY68pxG/oK3k+3xX0=", StringEncoding.BASE64);
var phe = new PheCrypto();
var phePkC = phe.DecodePublicKey(pkS);
var phePkC1 = phe.RotatePublicKey(phePkC, a, b);
Assert.Equal(pkS1, phePkC1.Encode());
}
public void TestValidPasswordRequest()
{
var rngMock = Substitute.For <IPheRandomGenerator>();
rngMock.GenerateNonce(16).Returns(this.mockedRandomBytes.Take(16).ToArray());
rngMock.GenerateNonce(32).Returns(this.mockedRandomBytes.Take(32).ToArray());
var crypto = new PheCrypto();
crypto.Rng = rngMock;
var appSecretKey = crypto.DecodeSecretKey(this.clientPrivate);
var servicePublicKey = crypto.DecodePublicKey(this.serverPublic);
var pheClient = new PheClient(appSecretKey, servicePublicKey);
pheClient.Crypto = crypto;
var req = pheClient.CreateVerifyPasswordRequest(this.password, this.enrollmentRecord);
Assert.Equal(this.verifyPasswordReq, req);
}
public void TestRotateEnrollmentRecord()
{
var rngMock = Substitute.For <IPheRandomGenerator>();
rngMock.GenerateNonce(16).Returns(this.mockedRandomBytes.Take(16).ToArray());
rngMock.GenerateNonce(32).Returns(this.mockedRandomBytes.Take(32).ToArray());
var crypto = new PheCrypto();
crypto.Rng = rngMock;
var appSecretKey = crypto.DecodeSecretKey(this.clientPrivate);
var servicePublicKey = crypto.DecodePublicKey(this.serverPublic);
var pheClient = new PheClient();
pheClient.Crypto = crypto;
var updatedEnrollmentRecord = pheClient.UpdateEnrollmentRecord(this.token, this.enrollmentRecord);
Assert.Equal(this.updatedRecord, updatedEnrollmentRecord);
}
public void TestRotateClientKey()
{
var rngMock = Substitute.For <IPheRandomGenerator>();
rngMock.GenerateNonce(16).Returns(this.mockedRandomBytes.Take(16).ToArray());
rngMock.GenerateNonce(32).Returns(this.mockedRandomBytes.Take(32).ToArray());
var crypto = new PheCrypto();
crypto.Rng = rngMock;
var appSecretKey = crypto.DecodeSecretKey(this.clientPrivate);
var servicePublicKey = crypto.DecodePublicKey(this.serverPublic);
var pheClient = new PheClient(appSecretKey, servicePublicKey);
pheClient.Crypto = crypto;
var(rotatedAppSecretKey, rotatedServicePublicKey) = pheClient.RotateKeys(this.token);
Assert.Equal(this.rotatedClientSk, rotatedAppSecretKey.Encode());
Assert.Equal(this.rotatedServerPub, rotatedServicePublicKey.Encode());
}
private static (int, PublicKey) EnsureServerPublicKey(string serverPublicKey, PheCrypto phe)
{
var keyParts = serverPublicKey.Split(".");
if (keyParts.Length != 3 ||
!Int32.TryParse(keyParts[1], out int version) ||
!keyParts[0].ToUpper().Equals("PK"))
{
throw new ArgumentException("has incorrect format", nameof(serverPublicKey));
}
var keyBytes = Bytes.FromString(keyParts[2], StringEncoding.BASE64);
if (keyBytes.Length != 65)
{
throw new ArgumentException("has incorrect length", nameof(serverPublicKey));
}
var publicKey = phe.DecodePublicKey(keyBytes);
return(version, publicKey);
}
public void Should_ProveTheProofOfFail_When_SpecifiedListOfParametersArePassed()
{
var phe = new PheCrypto();
var pkS = phe.DecodePublicKey(Bytes.FromString("BBVbS+bzzP5v7HxBs7p41HJT7mDuC8w5XcSsDMRmr/4fsH4mAFBkgcFrJ8kNqL1O5/BsTVp1eSn/vLlAZ6nMJM0=", StringEncoding.BASE64));
var nS = Bytes.FromString("bkVqMplyydZjQxo8R0EtODHEOqTfl02j8T5ZOa0tRnw=", StringEncoding.BASE64);
var c0 = Bytes.FromString("BC5NNsFoaiMN1Flo/qPAzb0peVZSTJabpGR/ZW8y8t2iwqrJyQ7XiJfPzTFVGbDTbpF2NZOYJyoy8yWcu0ej/pk=", StringEncoding.BASE64);
var c1 = Bytes.FromString("BA3VawoS0AHkkoqvdoAQY+Rny76K5qJGBXI6HPYpar9v1VQA4PXoHW7uWECW8ulljYMtP06696JcNmQTsjYmDdk=", StringEncoding.BASE64);
var proof = new ProofOfFail
{
Term1 = Bytes.FromString("BEY086yK/21rcM/L1o1VlgFbG543aHd5wsSz149MAqsE9PjKOkBlLgo4L8erUZkyW9rnJlVy2OlppjJ5ti17JXs=", StringEncoding.BASE64),
Term2 = Bytes.FromString("BGB1gW1fJAJZKIicx5BBoGjCvsA29FONmVZ9KJQYB1pQoTRvz4LuF1m6BB7e1HtT58piuk8ZxHFqF4gmEDbTUiU=", StringEncoding.BASE64),
Term3 = Bytes.FromString("BPgnI6MoiihA1C/VdfvFN1f4nEd9Cvh5Mp4fRppYsOXjUBuB70jNlLq02DHLqlkcASEsL0wORH7LZbTqUdaEKgY=", StringEncoding.BASE64),
Term4 = Bytes.FromString("BFlUCX9E6QOpxxJOWuGhPujJOuJdVKFaU1C8aSyiHFSgcYB5PCp77Ir4fKPLQmHkMpAN65DokctO08d41E8a1Uk=", StringEncoding.BASE64),
BlindA = Bytes.FromString("QAucC4Dzg9/qcJsDoDopkRXsja1uAsOCQw0qKuEaEn8=", StringEncoding.BASE64),
BlindB = Bytes.FromString("Ub1/iklGLDXe+DwoviQ3tSiWd9hWTUpBJfWKhl9CSok=", StringEncoding.BASE64)
};
var isValid = phe.ValidateProofOfFail(proof, pkS, nS, c0, c1);
Assert.True(isValid);
}