/// <summary>
/// Validates the proof of fail.
/// </summary>
internal bool ValidateProofOfFail(ProofOfFail proof, PublicKey pkS, byte[] nS, byte[] c0, byte[] c1)
{
Validation.NotNull(proof);
Validation.NotNull(pkS);
Validation.NotNullOrEmptyByteArray(nS);
Validation.NotNullOrEmptyByteArray(c0);
Validation.NotNullOrEmptyByteArray(c1);
var term1 = proof.Term1.ToByteArray();
var term2 = proof.Term2.ToByteArray();
var term3 = proof.Term3.ToByteArray();
var term4 = proof.Term4.ToByteArray();
var challenge = this.HashZ(
Domains.ProofErr,
pkS.Encode(),
this.CurveG.GetEncoded(),
c0,
c1,
term1,
term2,
term3,
term4);
var hs0Point = this.HashToPoint(Domains.Dhs0, nS);
var term1Point = this.Curve.DecodePoint(term1);
var term2Point = this.Curve.DecodePoint(term2);
var term3Point = this.Curve.DecodePoint(term3);
var term4Point = this.Curve.DecodePoint(term4);
var blindAInt = new BigInteger(1, proof.BlindA.ToByteArray());
var blindBInt = new BigInteger(1, proof.BlindB.ToByteArray());
var c0Point = this.Curve.DecodePoint(c0);
var c1Point = this.Curve.DecodePoint(c1);
var t1Point = term1Point.Add(term2Point).Add(c1Point.Multiply(challenge));
var t2Point = c0Point.Multiply(blindAInt).Add(hs0Point.Multiply(blindBInt));
if (!t1Point.Equals(t2Point))
{
return(false);
}
t1Point = term3Point.Add(term4Point);
t2Point = pkS.Point.Multiply(blindAInt).Add(this.curveParams.G.Multiply(blindBInt));
if (!t1Point.Equals(t2Point))
{
return(false);
}
return(true);
}
private void ValidateProofOfFail(ProofOfFail proofOfFail, byte[] ns, byte[] c0, byte[] c1)
{
if (proofOfFail == null)
{
throw new ProofNotProvidedException();
}
var isValid = this.Crypto.ValidateProofOfFail(
proofOfFail,
this.ServicePublicKey,
ns,
c0,
c1);
if (!isValid)
{
throw new ProofOfFailNotValidException();
}
}
public void Should_ProveTheProofOfFail_When_SpecifiedListOfParametersArePassed()
{
var phe = new PheCrypto();
var pkS = phe.DecodePublicKey(Bytes.FromString("BBVbS+bzzP5v7HxBs7p41HJT7mDuC8w5XcSsDMRmr/4fsH4mAFBkgcFrJ8kNqL1O5/BsTVp1eSn/vLlAZ6nMJM0=", StringEncoding.BASE64));
var nS = Bytes.FromString("bkVqMplyydZjQxo8R0EtODHEOqTfl02j8T5ZOa0tRnw=", StringEncoding.BASE64);
var c0 = Bytes.FromString("BC5NNsFoaiMN1Flo/qPAzb0peVZSTJabpGR/ZW8y8t2iwqrJyQ7XiJfPzTFVGbDTbpF2NZOYJyoy8yWcu0ej/pk=", StringEncoding.BASE64);
var c1 = Bytes.FromString("BA3VawoS0AHkkoqvdoAQY+Rny76K5qJGBXI6HPYpar9v1VQA4PXoHW7uWECW8ulljYMtP06696JcNmQTsjYmDdk=", StringEncoding.BASE64);
var proof = new ProofOfFail
{
Term1 = Bytes.FromString("BEY086yK/21rcM/L1o1VlgFbG543aHd5wsSz149MAqsE9PjKOkBlLgo4L8erUZkyW9rnJlVy2OlppjJ5ti17JXs=", StringEncoding.BASE64),
Term2 = Bytes.FromString("BGB1gW1fJAJZKIicx5BBoGjCvsA29FONmVZ9KJQYB1pQoTRvz4LuF1m6BB7e1HtT58piuk8ZxHFqF4gmEDbTUiU=", StringEncoding.BASE64),
Term3 = Bytes.FromString("BPgnI6MoiihA1C/VdfvFN1f4nEd9Cvh5Mp4fRppYsOXjUBuB70jNlLq02DHLqlkcASEsL0wORH7LZbTqUdaEKgY=", StringEncoding.BASE64),
Term4 = Bytes.FromString("BFlUCX9E6QOpxxJOWuGhPujJOuJdVKFaU1C8aSyiHFSgcYB5PCp77Ir4fKPLQmHkMpAN65DokctO08d41E8a1Uk=", StringEncoding.BASE64),
BlindA = Bytes.FromString("QAucC4Dzg9/qcJsDoDopkRXsja1uAsOCQw0qKuEaEn8=", StringEncoding.BASE64),
BlindB = Bytes.FromString("Ub1/iklGLDXe+DwoviQ3tSiWd9hWTUpBJfWKhl9CSok=", StringEncoding.BASE64)
};
var isValid = phe.ValidateProofOfFail(proof, pkS, nS, c0, c1);
Assert.True(isValid);
}
/// <summary>
/// Verifies a <see cref="PasswordRecord"/> by specified password.
/// </summary>
public async Task <VerificationResult> VerifyAsync(PasswordRecord pwdRecord, string password)
{
var pwdBytes = Bytes.FromString(password);
var skC = this.ctx.GetClientSecretKeyForVersion(pwdRecord.Version);
var pkS = this.ctx.GetServerPublicKeyForVersion(pwdRecord.Version);
var c0 = this.ctx.Crypto.ComputeC0(skC, pwdBytes, pwdRecord.ClientNonce, pwdRecord.RecordT0);
var parameters = new VerificationRequestModel
{
AppId = this.ctx.AppId,
Version = pwdRecord.Version,
Verification = new VerificationModel
{
C0 = c0,
Ns = pwdRecord.ServerNonce
}
};
byte[] m = null;
var serverResult = await this.ctx.Client.VerifyAsync(parameters).ConfigureAwait(false);
if (serverResult.IsSuccess)
{
var proofModel = serverResult.ProofOfSuccess ?? throw new ProofNotProvidedException();
var proof = new ProofOfSuccess
{
Term1 = proofModel.Term1,
Term2 = proofModel.Term2,
Term3 = proofModel.Term3,
BlindX = proofModel.BlindX,
};
var isValid = this.ctx.Crypto.ValidateProofOfSuccess(proof, pkS, pwdRecord.ServerNonce, c0, serverResult.C1);
if (!isValid)
{
throw new ProofOfSuccessNotValidException();
}
m = this.ctx.Crypto.DecryptM(skC, pwdBytes, pwdRecord.ClientNonce, pwdRecord.RecordT1, serverResult.C1);
}
else
{
var proofModel = serverResult.ProofOfFail ?? throw new ProofNotProvidedException();
var proof = new ProofOfFail
{
Term1 = proofModel.Term1,
Term2 = proofModel.Term2,
Term3 = proofModel.Term3,
Term4 = proofModel.Term4,
BlindA = proofModel.BlindA,
BlindB = proofModel.BlindB,
};
var isValid = this.ctx.Crypto.ValidateProofOfFail(proof, pkS, pwdRecord.ServerNonce, c0, serverResult.C1);
if (!isValid)
{
throw new ProofOfFailNotValidException();
}
}
var result = new VerificationResult
{
IsSuccess = serverResult.IsSuccess,
Key = m
};
return(result);
}
