/// <summary>
/// Creates EnrollmentRecord which is then supposed to be stored in database for further authentication
/// Also generates a key which then can be used to protect user's data.
/// </summary>
/// <returns>The account.</returns>
/// <param name="pwdBytes">Password bytes.</param>
/// <param name="pheRespData">Phe resp data.</param>
public (byte[], byte[]) EnrollAccount(byte[] pwdBytes, byte[] pheRespData)
{
Validation.NotNullOrEmptyByteArray(pwdBytes);
Validation.NotNullOrEmptyByteArray(pheRespData);
var pheResp = Phe.EnrollmentResponse.Parser.ParseFrom(ByteString.CopyFrom(pheRespData));
var isValid = this.Crypto.ValidateProofOfSuccess(
pheResp.Proof,
this.ServicePublicKey,
pheResp.Ns.ToByteArray(),
pheResp.C0.ToByteArray(),
pheResp.C1.ToByteArray());
if (!isValid)
{
throw new ProofOfSuccessNotValidException();
}
var nS = pheResp.Ns;
var nC = this.Crypto.GenerateNonce();
var(t0, t1, key) = this.Crypto.ComputeT(
this.AppSecretKey,
pwdBytes,
nC,
pheResp.C0.ToByteArray(),
pheResp.C1.ToByteArray());
var enrollmentRecord = new EnrollmentRecord
{
Nc = ByteString.CopyFrom(nC),
Ns = nS,
T0 = ByteString.CopyFrom(t0),
T1 = ByteString.CopyFrom(t1),
};
return(enrollmentRecord.ToByteArray(), key);
}
/// <summary>
/// Update the specified EnrollmentRecord record.
/// </summary>
/// <returns>The updated Encrypted EnrollmentRecord.</returns>
public byte[] UpdateEnrollmentRecord(byte[] token, byte[] enrollmentRecordData)
{
Validation.NotNullOrEmptyByteArray(token);
Validation.NotNullOrEmptyByteArray(enrollmentRecordData);
var enrollmentRecord = EnrollmentRecord.Parser.ParseFrom(ByteString.CopyFrom(enrollmentRecordData));
var(t0, t1) = this.Crypto.UpdateT(
enrollmentRecord.Ns.ToByteArray(),
enrollmentRecord.T0.ToByteArray(),
enrollmentRecord.T1.ToByteArray(),
token);
var updatedEnrollmentRecord = new EnrollmentRecord
{
Nc = enrollmentRecord.Nc,
Ns = enrollmentRecord.Ns,
T0 = ByteString.CopyFrom(t0),
T1 = ByteString.CopyFrom(t1),
};
return(updatedEnrollmentRecord.ToByteArray());
}
