/// <summary> /// Validates the proof of fail. /// </summary> internal bool ValidateProofOfFail(ProofOfFail proof, PublicKey pkS, byte[] nS, byte[] c0, byte[] c1) { Validation.NotNull(proof); Validation.NotNull(pkS); Validation.NotNullOrEmptyByteArray(nS); Validation.NotNullOrEmptyByteArray(c0); Validation.NotNullOrEmptyByteArray(c1); var term1 = proof.Term1.ToByteArray(); var term2 = proof.Term2.ToByteArray(); var term3 = proof.Term3.ToByteArray(); var term4 = proof.Term4.ToByteArray(); var challenge = this.HashZ( Domains.ProofErr, pkS.Encode(), this.CurveG.GetEncoded(), c0, c1, term1, term2, term3, term4); var hs0Point = this.HashToPoint(Domains.Dhs0, nS); var term1Point = this.Curve.DecodePoint(term1); var term2Point = this.Curve.DecodePoint(term2); var term3Point = this.Curve.DecodePoint(term3); var term4Point = this.Curve.DecodePoint(term4); var blindAInt = new BigInteger(1, proof.BlindA.ToByteArray()); var blindBInt = new BigInteger(1, proof.BlindB.ToByteArray()); var c0Point = this.Curve.DecodePoint(c0); var c1Point = this.Curve.DecodePoint(c1); var t1Point = term1Point.Add(term2Point).Add(c1Point.Multiply(challenge)); var t2Point = c0Point.Multiply(blindAInt).Add(hs0Point.Multiply(blindBInt)); if (!t1Point.Equals(t2Point)) { return(false); } t1Point = term3Point.Add(term4Point); t2Point = pkS.Point.Multiply(blindAInt).Add(this.curveParams.G.Multiply(blindBInt)); if (!t1Point.Equals(t2Point)) { return(false); } return(true); }
private void ValidateProofOfFail(ProofOfFail proofOfFail, byte[] ns, byte[] c0, byte[] c1) { if (proofOfFail == null) { throw new ProofNotProvidedException(); } var isValid = this.Crypto.ValidateProofOfFail( proofOfFail, this.ServicePublicKey, ns, c0, c1); if (!isValid) { throw new ProofOfFailNotValidException(); } }
public void Should_ProveTheProofOfFail_When_SpecifiedListOfParametersArePassed() { var phe = new PheCrypto(); var pkS = phe.DecodePublicKey(Bytes.FromString("BBVbS+bzzP5v7HxBs7p41HJT7mDuC8w5XcSsDMRmr/4fsH4mAFBkgcFrJ8kNqL1O5/BsTVp1eSn/vLlAZ6nMJM0=", StringEncoding.BASE64)); var nS = Bytes.FromString("bkVqMplyydZjQxo8R0EtODHEOqTfl02j8T5ZOa0tRnw=", StringEncoding.BASE64); var c0 = Bytes.FromString("BC5NNsFoaiMN1Flo/qPAzb0peVZSTJabpGR/ZW8y8t2iwqrJyQ7XiJfPzTFVGbDTbpF2NZOYJyoy8yWcu0ej/pk=", StringEncoding.BASE64); var c1 = Bytes.FromString("BA3VawoS0AHkkoqvdoAQY+Rny76K5qJGBXI6HPYpar9v1VQA4PXoHW7uWECW8ulljYMtP06696JcNmQTsjYmDdk=", StringEncoding.BASE64); var proof = new ProofOfFail { Term1 = Bytes.FromString("BEY086yK/21rcM/L1o1VlgFbG543aHd5wsSz149MAqsE9PjKOkBlLgo4L8erUZkyW9rnJlVy2OlppjJ5ti17JXs=", StringEncoding.BASE64), Term2 = Bytes.FromString("BGB1gW1fJAJZKIicx5BBoGjCvsA29FONmVZ9KJQYB1pQoTRvz4LuF1m6BB7e1HtT58piuk8ZxHFqF4gmEDbTUiU=", StringEncoding.BASE64), Term3 = Bytes.FromString("BPgnI6MoiihA1C/VdfvFN1f4nEd9Cvh5Mp4fRppYsOXjUBuB70jNlLq02DHLqlkcASEsL0wORH7LZbTqUdaEKgY=", StringEncoding.BASE64), Term4 = Bytes.FromString("BFlUCX9E6QOpxxJOWuGhPujJOuJdVKFaU1C8aSyiHFSgcYB5PCp77Ir4fKPLQmHkMpAN65DokctO08d41E8a1Uk=", StringEncoding.BASE64), BlindA = Bytes.FromString("QAucC4Dzg9/qcJsDoDopkRXsja1uAsOCQw0qKuEaEn8=", StringEncoding.BASE64), BlindB = Bytes.FromString("Ub1/iklGLDXe+DwoviQ3tSiWd9hWTUpBJfWKhl9CSok=", StringEncoding.BASE64) }; var isValid = phe.ValidateProofOfFail(proof, pkS, nS, c0, c1); Assert.True(isValid); }
/// <summary> /// Verifies a <see cref="PasswordRecord"/> by specified password. /// </summary> public async Task <VerificationResult> VerifyAsync(PasswordRecord pwdRecord, string password) { var pwdBytes = Bytes.FromString(password); var skC = this.ctx.GetClientSecretKeyForVersion(pwdRecord.Version); var pkS = this.ctx.GetServerPublicKeyForVersion(pwdRecord.Version); var c0 = this.ctx.Crypto.ComputeC0(skC, pwdBytes, pwdRecord.ClientNonce, pwdRecord.RecordT0); var parameters = new VerificationRequestModel { AppId = this.ctx.AppId, Version = pwdRecord.Version, Verification = new VerificationModel { C0 = c0, Ns = pwdRecord.ServerNonce } }; byte[] m = null; var serverResult = await this.ctx.Client.VerifyAsync(parameters).ConfigureAwait(false); if (serverResult.IsSuccess) { var proofModel = serverResult.ProofOfSuccess ?? throw new ProofNotProvidedException(); var proof = new ProofOfSuccess { Term1 = proofModel.Term1, Term2 = proofModel.Term2, Term3 = proofModel.Term3, BlindX = proofModel.BlindX, }; var isValid = this.ctx.Crypto.ValidateProofOfSuccess(proof, pkS, pwdRecord.ServerNonce, c0, serverResult.C1); if (!isValid) { throw new ProofOfSuccessNotValidException(); } m = this.ctx.Crypto.DecryptM(skC, pwdBytes, pwdRecord.ClientNonce, pwdRecord.RecordT1, serverResult.C1); } else { var proofModel = serverResult.ProofOfFail ?? throw new ProofNotProvidedException(); var proof = new ProofOfFail { Term1 = proofModel.Term1, Term2 = proofModel.Term2, Term3 = proofModel.Term3, Term4 = proofModel.Term4, BlindA = proofModel.BlindA, BlindB = proofModel.BlindB, }; var isValid = this.ctx.Crypto.ValidateProofOfFail(proof, pkS, pwdRecord.ServerNonce, c0, serverResult.C1); if (!isValid) { throw new ProofOfFailNotValidException(); } } var result = new VerificationResult { IsSuccess = serverResult.IsSuccess, Key = m }; return(result); }