/// <summary> /// Creates EnrollmentRecord which is then supposed to be stored in database for further authentication /// Also generates a key which then can be used to protect user's data. /// </summary> /// <returns>The account.</returns> /// <param name="pwdBytes">Password bytes.</param> /// <param name="pheRespData">Phe resp data.</param> public (byte[], byte[]) EnrollAccount(byte[] pwdBytes, byte[] pheRespData) { Validation.NotNullOrEmptyByteArray(pwdBytes); Validation.NotNullOrEmptyByteArray(pheRespData); var pheResp = Phe.EnrollmentResponse.Parser.ParseFrom(ByteString.CopyFrom(pheRespData)); var isValid = this.Crypto.ValidateProofOfSuccess( pheResp.Proof, this.ServicePublicKey, pheResp.Ns.ToByteArray(), pheResp.C0.ToByteArray(), pheResp.C1.ToByteArray()); if (!isValid) { throw new ProofOfSuccessNotValidException(); } var nS = pheResp.Ns; var nC = this.Crypto.GenerateNonce(); var(t0, t1, key) = this.Crypto.ComputeT( this.AppSecretKey, pwdBytes, nC, pheResp.C0.ToByteArray(), pheResp.C1.ToByteArray()); var enrollmentRecord = new EnrollmentRecord { Nc = ByteString.CopyFrom(nC), Ns = nS, T0 = ByteString.CopyFrom(t0), T1 = ByteString.CopyFrom(t1), }; return(enrollmentRecord.ToByteArray(), key); }
/// <summary> /// Update the specified EnrollmentRecord record. /// </summary> /// <returns>The updated Encrypted EnrollmentRecord.</returns> public byte[] UpdateEnrollmentRecord(byte[] token, byte[] enrollmentRecordData) { Validation.NotNullOrEmptyByteArray(token); Validation.NotNullOrEmptyByteArray(enrollmentRecordData); var enrollmentRecord = EnrollmentRecord.Parser.ParseFrom(ByteString.CopyFrom(enrollmentRecordData)); var(t0, t1) = this.Crypto.UpdateT( enrollmentRecord.Ns.ToByteArray(), enrollmentRecord.T0.ToByteArray(), enrollmentRecord.T1.ToByteArray(), token); var updatedEnrollmentRecord = new EnrollmentRecord { Nc = enrollmentRecord.Nc, Ns = enrollmentRecord.Ns, T0 = ByteString.CopyFrom(t0), T1 = ByteString.CopyFrom(t1), }; return(updatedEnrollmentRecord.ToByteArray()); }