Add basic opaque usage

2025-07-07 02:52:50 -05:00 · 2025-03-12 13:40:04 +01:00
parent 29dc69a77b
commit 377dad6852
5 changed files with 107 additions and 0 deletions
--- a/src/Api/Auth/Controllers/OpaqueKeyExchangeController.cs
+++ b/src/Api/Auth/Controllers/OpaqueKeyExchangeController.cs
@ -0,0 +1,63 @@
+using Bit.Api.Auth.Models.Request.Opaque;
+using Bit.Api.Auth.Models.Response.Opaque;
+using Bit.Core.Services;
+using Bitwarden.OPAQUE;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Bit.Api.Auth.Controllers;
+
+[Route("opaque")]
+public class OpaqueKeyExchangeController : Controller
+{
+    private readonly IUserService _userService;
+    private readonly BitwardenOpaque _bitwardenOpaque;
+    private CipherConfiguration _cipherConfiguration = new CipherConfiguration();
+
+    public OpaqueKeyExchangeController(
+        IUserService userService
+    )
+    {
+        _userService = userService;
+        _bitwardenOpaque = new BitwardenOpaque();
+        _cipherConfiguration.KeGroup = KeGroup.Ristretto255;
+        _cipherConfiguration.OprfCS = OprfCS.Ristretto255;
+        _cipherConfiguration.KeyExchange = KeyExchange.TripleDH;
+        _cipherConfiguration.KSF = new Argon2id(3, 256 * 1024, 4);
+    }
+
+    [HttpGet("~/opaque/start-registration")]
+    public async Task<RegisterStartResponse> StartRegistration(RegisterStartRequest request)
+    {
+        var user = await _userService.GetUserByPrincipalAsync(User);
+        var registrationRequest = _bitwardenOpaque.StartServerRegistration(_cipherConfiguration, System.Convert.FromBase64String(request.ClientRegistrationStartResult), user.Id.ToString());
+        var message = registrationRequest.Item1;
+        var serverSetup = registrationRequest.Item2;
+        // persist server setup
+        var sessionId = Guid.NewGuid();
+        SessionStore.RegisterSessions.Add(sessionId, new RegisterSession() { SessionId = sessionId, ServerSetup = serverSetup, cipherConfiguration = _cipherConfiguration });
+        return new RegisterStartResponse(sessionId, System.Convert.ToBase64String(message));
+    }
+
+
+    [HttpGet("~/opaque/finish-registration")]
+    public async Task<String> FinishRegistration(RegisterFinishRequest request)
+    {
+        var registrationFinish = _bitwardenOpaque.FinishServerRegistration(_cipherConfiguration, System.Convert.FromBase64String(request.ClientRegisterFinishResult));
+        Console.WriteLine("Registration Finish: " + registrationFinish);
+        return "Registration Finish";
+    }
+
+}
+
+public class RegisterSession
+{
+    public Guid SessionId { get; set; }
+    public byte[] ServerSetup { get; set; }
+    public CipherConfiguration cipherConfiguration { get; set; }
+}
+
+public class SessionStore()
+{
+    public static Dictionary<Guid, RegisterSession> RegisterSessions = new Dictionary<Guid, RegisterSession>();
+    public static Dictionary<Guid, byte[]> LoginSessions = new Dictionary<Guid, byte[]>();
+}