-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
10c6bdb
commit dfe3baa
Showing
8 changed files
with
197 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
namespace Okapi.Keys | ||
{ | ||
public class DIDKey | ||
public static class DIDKey | ||
{ | ||
/// <summary> | ||
/// Generate new key | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
namespace Okapi.Security | ||
{ | ||
public static class Oberon | ||
{ | ||
public static CreateOberonKeyResponse CreateKey(CreateOberonKeyRequest request) => | ||
Native.Call<CreateOberonKeyRequest, CreateOberonKeyResponse>(request, Native.oberon_create_key); | ||
|
||
public static CreateOberonTokenResponse CreateToken(CreateOberonTokenRequest request) => | ||
Native.Call<CreateOberonTokenRequest, CreateOberonTokenResponse>(request, Native.oberon_create_token); | ||
|
||
public static CreateOberonProofResponse CreateProof(CreateOberonProofRequest request) => | ||
Native.Call<CreateOberonProofRequest, CreateOberonProofResponse>(request, Native.oberon_create_proof); | ||
|
||
public static VerifyOberonProofResponse VerifyProof(VerifyOberonProofRequest request) => | ||
Native.Call<VerifyOberonProofRequest, VerifyOberonProofResponse>(request, Native.oberon_verify_proof); | ||
|
||
public static BlindOberonTokenResponse BlindToken(BlindOberonTokenRequest request) => | ||
Native.Call<BlindOberonTokenRequest, BlindOberonTokenResponse>(request, Native.oberon_blind_token); | ||
|
||
public static UnBlindOberonTokenResponse UnblindToken(UnBlindOberonTokenRequest request) => | ||
Native.Call<UnBlindOberonTokenRequest, UnBlindOberonTokenResponse>(request, Native.oberon_unblind_token); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,140 @@ | ||
using Google.Protobuf; | ||
using Okapi.Security; | ||
using Xunit; | ||
|
||
namespace Okapi.Tests | ||
{ | ||
public class OberonTests { | ||
|
||
[Fact] | ||
public void TestDemo() | ||
{ | ||
var key = Oberon.CreateKey(new CreateOberonKeyRequest()); | ||
|
||
var data = ByteString.CopyFromUtf8("alice"); | ||
var nonce = ByteString.CopyFromUtf8("1234"); | ||
|
||
var token = Oberon.CreateToken(new CreateOberonTokenRequest | ||
{ | ||
Data = data, | ||
Sk = key.Sk | ||
}); | ||
|
||
var proof = Oberon.CreateProof(new CreateOberonProofRequest | ||
{ | ||
Data = data, | ||
Nonce = nonce, | ||
Token = token.Token | ||
}); | ||
|
||
var result = Oberon.VerifyProof(new VerifyOberonProofRequest | ||
{ | ||
Data = data, | ||
Nonce = nonce, | ||
Pk = key.Pk, | ||
Proof = proof.Proof | ||
}); | ||
|
||
Assert.True(result.Valid); | ||
} | ||
|
||
[Fact] | ||
public void TestDemoWithBlinding() | ||
{ | ||
// Issuer generates oberon key pair | ||
var key = Oberon.CreateKey(new CreateOberonKeyRequest()); | ||
|
||
var data = ByteString.CopyFromUtf8("alice"); | ||
var nonce = ByteString.CopyFromUtf8("1234"); | ||
|
||
// blinding code to be used by issuer and given to holder | ||
// to transfer the token securely | ||
var issuer_2fa = ByteString.CopyFromUtf8("issuer code"); | ||
|
||
CreateOberonTokenRequest tokenRequst = new() | ||
{ | ||
Data = data, | ||
Sk = key.Sk | ||
}; | ||
tokenRequst.Blinding.Add(issuer_2fa); | ||
|
||
var blindedToken = Oberon.CreateToken(tokenRequst); | ||
|
||
// Holder unblinds the token | ||
UnBlindOberonTokenRequest unblindRequest = new() { Token = blindedToken.Token }; | ||
unblindRequest.Blinding.Add(issuer_2fa); | ||
|
||
var token = Oberon.UnblindToken(unblindRequest); | ||
|
||
// Holder prepares a proof without blinding | ||
var proof = Oberon.CreateProof(new CreateOberonProofRequest | ||
{ | ||
Data = data, | ||
Nonce = nonce, | ||
Token = token.Token | ||
}); | ||
|
||
// Verifier verifies the proof | ||
var result = Oberon.VerifyProof(new VerifyOberonProofRequest | ||
{ | ||
Data = data, | ||
Nonce = nonce, | ||
Pk = key.Pk, | ||
Proof = proof.Proof | ||
}); | ||
|
||
Assert.True(result.Valid); | ||
|
||
// Holder blinds the token with a personal pin | ||
var userPin = ByteString.CopyFromUtf8("0042"); | ||
BlindOberonTokenRequest blindRequest = new() { Token = token.Token }; | ||
blindRequest.Blinding.Add(userPin); | ||
|
||
var userBlindedToken = Oberon.BlindToken(blindRequest); | ||
|
||
// Holder prepares a proof using the pin blinding | ||
CreateOberonProofRequest proofRequest = new() | ||
{ | ||
Data = data, | ||
Nonce = nonce, | ||
Token = userBlindedToken.Token | ||
}; | ||
proofRequest.Blinding.Add(userPin); | ||
|
||
proof = Oberon.CreateProof(proofRequest); | ||
|
||
// Verifier verifies the proof | ||
result = Oberon.VerifyProof(new VerifyOberonProofRequest | ||
{ | ||
Data = data, | ||
Nonce = nonce, | ||
Pk = key.Pk, | ||
Proof = proof.Proof | ||
}); | ||
|
||
Assert.True(result.Valid); | ||
|
||
// Bad actor creates a proof with incorrect blinding pin | ||
proofRequest = new() | ||
{ | ||
Data = data, | ||
Nonce = nonce, | ||
Token = userBlindedToken.Token | ||
}; | ||
proofRequest.Blinding.Add(ByteString.CopyFromUtf8("invalid pin")); | ||
|
||
proof = Oberon.CreateProof(proofRequest); | ||
|
||
// Verifier tries to verify proof, fails | ||
result = Oberon.VerifyProof(new VerifyOberonProofRequest | ||
{ | ||
Data = data, | ||
Nonce = nonce, | ||
Pk = key.Pk, | ||
Proof = proof.Proof | ||
}); | ||
|
||
Assert.False(result.Valid); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters