-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathtest_oberon.py
More file actions
118 lines (99 loc) · 4.06 KB
/
test_oberon.py
File metadata and controls
118 lines (99 loc) · 4.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
import unittest
from trinsicokapi import oberon
from trinsicokapi.proto.okapi.security.v1 import (
CreateOberonKeyRequest,
CreateOberonTokenRequest,
CreateOberonProofRequest,
VerifyOberonProofRequest,
UnBlindOberonTokenRequest,
BlindOberonTokenRequest,
VerifyOberonTokenRequest,
)
class OberonTests(unittest.TestCase):
def test_oberon_demo(self):
key = oberon.create_key(CreateOberonKeyRequest())
data = bytes("alice", "utf8")
nonce = bytes("1234", "utf8")
token = oberon.create_token(CreateOberonTokenRequest(data=data, sk=key.sk))
proof = oberon.create_proof(
CreateOberonProofRequest(data=data, nonce=nonce, token=token.token)
)
result = oberon.verify_proof(
VerifyOberonProofRequest(
data=data, nonce=nonce, pk=key.pk, proof=proof.proof
)
)
self.assertTrue(result.valid, "Proof should verify")
def test_oberon_verify_token(self):
data = bytes("4113", "utf8")
seed = bytes("123", "utf8")
other_seed = bytes("012", "utf8")
right_key = oberon.create_key(CreateOberonKeyRequest(seed=seed))
wrong_key = oberon.create_key(CreateOberonKeyRequest(seed=other_seed))
token_response = oberon.create_token(
CreateOberonTokenRequest(sk=right_key.sk, data=data)
)
assert oberon.verify_token(
VerifyOberonTokenRequest(
token=token_response.token, pk=right_key.pk, data=data
)
).valid
assert not oberon.verify_token(
VerifyOberonTokenRequest(
token=token_response.token, pk=wrong_key.pk, data=data
)
).valid
def test_demo_with_blinding(self):
key = oberon.create_key(CreateOberonKeyRequest())
data = bytes("alice", "utf8")
nonce = bytes("1234", "utf8")
issuer_2fa = bytes("issuer code", "utf8")
token_request = CreateOberonTokenRequest(data=data, sk=key.sk)
token_request.blinding.append(issuer_2fa)
blinded_token = oberon.create_token(token_request)
# Holder unblinds the token
unblind_request = UnBlindOberonTokenRequest(token=blinded_token.token)
unblind_request.blinding.append(issuer_2fa)
token = oberon.unblind_token(unblind_request)
# Holder prepares a proof without blinding
proof = oberon.create_proof(
CreateOberonProofRequest(data=data, nonce=nonce, token=token.token)
)
# Verifier verifies the proof
result = oberon.verify_proof(
VerifyOberonProofRequest(
data=data, nonce=nonce, pk=key.pk, proof=proof.proof
)
)
self.assertTrue(result.valid)
# Holder blinds the token with a personal pin
user_pin = bytes("0042", "utf8")
blind_request = BlindOberonTokenRequest(token=token.token)
blind_request.blinding.append(user_pin)
user_blinded_token = oberon.blind_token(blind_request)
proof_request = CreateOberonProofRequest(
data=data, nonce=nonce, token=user_blinded_token.token
)
proof_request.blinding.append(user_pin)
proof = oberon.create_proof(proof_request)
# Verifier verifies the proof
result = oberon.verify_proof(
VerifyOberonProofRequest(
data=data, nonce=nonce, pk=key.pk, proof=proof.proof
)
)
self.assertTrue(result.valid)
# Bad actor creates a proof with incorrect blinding pin
proof_request = CreateOberonProofRequest(
data=data, nonce=nonce, token=user_blinded_token.token
)
proof_request.blinding.append(bytes("invalid pin", "utf8"))
proof = oberon.create_proof(proof_request)
self.assertEqual(256, len(proof.proof))
# Verifies tries to verify proof, fails
result = oberon.verify_proof(
VerifyOberonProofRequest(
data=data, nonce=nonce, pk=key.pk, proof=proof.proof
)
)
self.assertFalse(result.valid)