manager.go 20.8 KB
Newer Older
1
2
3
package irmago

import (
4
	"crypto/rand"
Sietse Ringers's avatar
Sietse Ringers committed
5
	"math/big"
Sietse Ringers's avatar
Sietse Ringers committed
6
	"sort"
7
	"time"
Sietse Ringers's avatar
Sietse Ringers committed
8

9
	"github.com/credentials/go-go-gadget-paillier"
Sietse Ringers's avatar
Sietse Ringers committed
10
	"github.com/go-errors/errors"
11
12
13
	"github.com/mhe/gabi"
)

Sietse Ringers's avatar
Sietse Ringers committed
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
// This file contains most methods of the CredentialManager (c.f. session.go
// and updates.go).
//
// The storage of credentials is split up in several parts:
//
// - The CL-signature of each credential is stored separately, so that we can
// load it on demand (i.e., during an IRMA session), instead of immediately
// at initialization.
//
// - The attributes of all credentials are stored together, as they all
// immediately need to be available anyway,
//
// - The secret key (the zeroth attribute of every credential), being the same
// across all credentials, is stored only once in a separate file (storing this
// in multiple places would be bad).

// CredentialManager (de)serializes credentials and keyshare server information
// from storage; as well as logs of earlier IRMA sessions; it provides access
// to the attributes and all related information of its credentials;
// it is the starting point for new IRMA sessions; and it computes some
// of the messages in the client side of the IRMA protocol.
35
type CredentialManager struct {
Sietse Ringers's avatar
Sietse Ringers committed
36
	// Stuff we manage on disk
37
	secretkey        *secretKey
38
39
40
	attributes       map[CredentialTypeIdentifier][]*AttributeList
	credentials      map[CredentialTypeIdentifier]map[int]*credential
	keyshareServers  map[SchemeManagerIdentifier]*keyshareServer
41
	paillierKeyCache *paillierPrivateKey
Sietse Ringers's avatar
Sietse Ringers committed
42
	logs             []*LogEntry
Sietse Ringers's avatar
Sietse Ringers committed
43
	updates          []update
44

Sietse Ringers's avatar
Sietse Ringers committed
45
46
47
48
49
	// Where we store/load it to/from
	storage storage

	// Other state
	ConfigurationStore    *ConfigurationStore
50
	irmaConfigurationPath string
51
	androidStoragePath    string
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
	handler               ClientHandler
}

// KeyshareHandler is used for asking the user for his email address and PIN,
// for registering at a keyshare server.
type KeyshareHandler interface {
	StartRegistration(manager *SchemeManager, registrationCallback func(email, pin string))
	RegistrationError(err error)
	RegistrationSuccess()
}

type ClientHandler interface {
	KeyshareHandler

	UpdateConfigurationStore(new *IrmaIdentifierSet)
	UpdateAttributes()
Sietse Ringers's avatar
Sietse Ringers committed
68
69
}

70
71
72
73
type secretKey struct {
	Key *big.Int
}

74
75
76
77
78
// NewCredentialManager creates a new CredentialManager that uses the directory
// specified by storagePath for (de)serializing itself. irmaConfigurationPath
// is the path to a (possibly readonly) folder containing irma_configuration;
// androidStoragePath is an optional path to the files of the old android app
// (specify "" if you do not want to parse the old android app files),
79
80
// and handler is used for informing the user of new stuff, and when a
// registration to a keyshare server needs to happen.
81
82
83
// The credential manager returned by this function has been fully deserialized
// and is ready for use.
//
Sietse Ringers's avatar
Sietse Ringers committed
84
85
// NOTE: It is the responsibility of the caller that there exists a (properly
// protected) directory at storagePath!
86
87
88
89
func NewCredentialManager(
	storagePath string,
	irmaConfigurationPath string,
	androidStoragePath string,
90
	handler ClientHandler,
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
) (*CredentialManager, error) {
	var err error
	if err = AssertPathExists(storagePath); err != nil {
		return nil, err
	}
	if err = AssertPathExists(irmaConfigurationPath); err != nil {
		return nil, err
	}

	cm := &CredentialManager{
		credentials:           make(map[CredentialTypeIdentifier]map[int]*credential),
		keyshareServers:       make(map[SchemeManagerIdentifier]*keyshareServer),
		attributes:            make(map[CredentialTypeIdentifier][]*AttributeList),
		irmaConfigurationPath: irmaConfigurationPath,
		androidStoragePath:    androidStoragePath,
106
		handler:               handler,
107
108
109
110
111
112
113
114
	}

	cm.ConfigurationStore, err = NewConfigurationStore(storagePath+"/irma_configuration", irmaConfigurationPath)
	if err != nil {
		return nil, err
	}
	if err = cm.ConfigurationStore.ParseFolder(); err != nil {
		return nil, err
115
116
117
	}

	// Ensure storage path exists, and populate it with necessary files
118
	cm.storage = storage{storagePath: storagePath, ConfigurationStore: cm.ConfigurationStore}
Sietse Ringers's avatar
Sietse Ringers committed
119
	if err = cm.storage.EnsureStorageExists(); err != nil {
120
121
122
123
124
125
126
127
128
		return nil, err
	}

	// Perform new update functions from credentialManagerUpdates, if any
	if err = cm.update(); err != nil {
		return nil, err
	}

	// Load our stuff
Sietse Ringers's avatar
Sietse Ringers committed
129
	if cm.secretkey, err = cm.storage.LoadSecretKey(); err != nil {
130
131
		return nil, err
	}
Sietse Ringers's avatar
Sietse Ringers committed
132
	if cm.attributes, err = cm.storage.LoadAttributes(); err != nil {
133
134
		return nil, err
	}
135
	if cm.keyshareServers, err = cm.storage.LoadKeyshareServers(); err != nil {
136
137
		return nil, err
	}
138
	if cm.paillierKeyCache, err = cm.storage.LoadPaillierKeys(); err != nil {
139
140
		return nil, err
	}
141
142
143
	if cm.paillierKeyCache == nil {
		cm.paillierKey(false)
	}
144
145
146
147
148

	unenrolled := cm.unenrolledKeyshareServers()
	switch len(unenrolled) {
	case 0: // nop
	case 1:
149
		cm.KeyshareEnroll(unenrolled[0], cm.handler)
150
151
152
153
154
155
156
	default:
		return nil, errors.New("Too many keyshare servers")
	}

	return cm, nil
}

157
158
159
// CredentialInfoList returns a list of information of all contained credentials.
func (cm *CredentialManager) CredentialInfoList() CredentialInfoList {
	list := CredentialInfoList([]*CredentialInfo{})
160
161

	for _, attrlistlist := range cm.attributes {
162
163
164
		for index, attrlist := range attrlistlist {
			info := attrlist.Info()
			info.Index = index
165
			list = append(list, info)
Sietse Ringers's avatar
Sietse Ringers committed
166
167
		}
	}
168

Sietse Ringers's avatar
Sietse Ringers committed
169
170
171
172
	sort.Sort(list)
	return list
}

Sietse Ringers's avatar
Sietse Ringers committed
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
// addCredential adds the specified credential to the CredentialManager, saving its signature
// imediately, and optionally cm.attributes as well.
func (cm *CredentialManager) addCredential(cred *credential, storeAttributes bool) (err error) {
	id := cred.CredentialType().Identifier()
	cm.attributes[id] = append(cm.attrs(id), cred.AttributeList())

	if _, exists := cm.credentials[id]; !exists {
		cm.credentials[id] = make(map[int]*credential)
	}
	if cred.CredentialType().IsSingleton {
		cm.credentials[id][0] = cred
	} else {
		counter := len(cm.attributes[id]) - 1
		cm.credentials[id][counter] = cred
	}

	if err = cm.storage.StoreSignature(cred); err != nil {
		return
	}
	if storeAttributes {
		err = cm.storage.StoreAttributes(cm.attributes)
	}
	return
}

func generateSecretKey() (*secretKey, error) {
	key, err := gabi.RandomBigInt(gabi.DefaultSystemParameters[1024].Lm)
	if err != nil {
		return nil, err
	}
	return &secretKey{Key: key}, nil
}

// Removal methods

208
209
210
211
212
213
214
215
216
func (cm *CredentialManager) remove(id CredentialTypeIdentifier, index int, storenow bool) error {
	// Remove attributes
	list, exists := cm.attributes[id]
	if !exists || index >= len(list) {
		return errors.Errorf("Can't remove credential %s-%d: no such credential", id.String(), index)
	}
	attrs := list[index]
	cm.attributes[id] = append(list[:index], list[index+1:]...)
	if storenow {
Sietse Ringers's avatar
Sietse Ringers committed
217
218
219
		if err := cm.storage.StoreAttributes(cm.attributes); err != nil {
			return err
		}
220
221
222
223
224
	}

	// Remove credential
	if creds, exists := cm.credentials[id]; exists {
		if _, exists := creds[index]; exists {
Sietse Ringers's avatar
Sietse Ringers committed
225
			delete(creds, index)
226
227
228
229
230
			cm.credentials[id] = creds
		}
	}

	// Remove signature from storage
Sietse Ringers's avatar
Sietse Ringers committed
231
	if err := cm.storage.DeleteSignature(attrs); err != nil {
232
233
234
		return err
	}

235
236
237
238
239
240
241
242
243
244
245
	removed := map[CredentialTypeIdentifier][]TranslatedString{}
	removed[id] = attrs.Strings()

	if storenow {
		return cm.addLogEntry(&LogEntry{
			Type:    actionRemoval,
			Time:    Timestamp(time.Now()),
			Removed: removed,
		})
	}
	return nil
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
}

func (cm *CredentialManager) RemoveCredential(id CredentialTypeIdentifier, index int) error {
	return cm.remove(id, index, true)
}

func (cm *CredentialManager) RemoveCredentialByHash(hash string) error {
	cred, index, err := cm.credentialByHash(hash)
	if err != nil {
		return err
	}
	return cm.RemoveCredential(cred.CredentialType().Identifier(), index)
}

func (cm *CredentialManager) RemoveAllCredentials() error {
261
	removed := map[CredentialTypeIdentifier][]TranslatedString{}
Sietse Ringers's avatar
Sietse Ringers committed
262
263
264
265
266
267
	for _, attrlistlist := range cm.attributes {
		for _, attrs := range attrlistlist {
			if attrs.CredentialType() != nil {
				removed[attrs.CredentialType().Identifier()] = attrs.Strings()
			}
			cm.storage.DeleteSignature(attrs)
268
269
		}
	}
Sietse Ringers's avatar
Sietse Ringers committed
270
	cm.attributes = map[CredentialTypeIdentifier][]*AttributeList{}
Sietse Ringers's avatar
Sietse Ringers committed
271
	if err := cm.storage.StoreAttributes(cm.attributes); err != nil {
272
273
		return err
	}
274
275
276
277
278
279
280
281
282

	logentry := &LogEntry{
		Type:    actionRemoval,
		Time:    Timestamp(time.Now()),
		Removed: removed,
	}
	if err := cm.addLogEntry(logentry); err != nil {
		return err
	}
Sietse Ringers's avatar
Sietse Ringers committed
283
	return cm.storage.StoreLogs(cm.logs)
284
285
}

286
// Attribute and credential getter methods
Sietse Ringers's avatar
Sietse Ringers committed
287

Sietse Ringers's avatar
Sietse Ringers committed
288
// attrs returns cm.attributes[id], initializing it to an empty slice if neccesary
289
func (cm *CredentialManager) attrs(id CredentialTypeIdentifier) []*AttributeList {
Sietse Ringers's avatar
Sietse Ringers committed
290
291
292
293
294
295
296
297
298
	list, exists := cm.attributes[id]
	if !exists {
		list = make([]*AttributeList, 0, 1)
		cm.attributes[id] = list
	}
	return list
}

// creds returns cm.credentials[id], initializing it to an empty map if neccesary
Sietse Ringers's avatar
Sietse Ringers committed
299
func (cm *CredentialManager) creds(id CredentialTypeIdentifier) map[int]*credential {
Sietse Ringers's avatar
Sietse Ringers committed
300
301
	list, exists := cm.credentials[id]
	if !exists {
Sietse Ringers's avatar
Sietse Ringers committed
302
		list = make(map[int]*credential)
Sietse Ringers's avatar
Sietse Ringers committed
303
304
305
306
307
		cm.credentials[id] = list
	}
	return list
}

Sietse Ringers's avatar
Sietse Ringers committed
308
// Attributes returns the attribute list of the requested credential, or nil if we do not have it.
309
func (cm *CredentialManager) Attributes(id CredentialTypeIdentifier, counter int) (attributes *AttributeList) {
Sietse Ringers's avatar
Sietse Ringers committed
310
311
	list := cm.attrs(id)
	if len(list) <= counter {
Sietse Ringers's avatar
Sietse Ringers committed
312
313
314
315
316
		return
	}
	return list[counter]
}

317
318
319
320
321
322
323
324
325
326
327
328
329
func (cm *CredentialManager) credentialByHash(hash string) (*credential, int, error) {
	for _, attrlistlist := range cm.attributes {
		for index, attrs := range attrlistlist {
			if attrs.hash() == hash {
				cred, err := cm.credential(attrs.CredentialType().Identifier(), index)
				return cred, index, err
			}
		}
	}
	return nil, 0, nil
}

func (cm *CredentialManager) credentialByID(id CredentialIdentifier) (*credential, error) {
Sietse Ringers's avatar
Sietse Ringers committed
330
331
332
333
334
335
336
337
338
	if _, exists := cm.attributes[id.Type]; !exists {
		return nil, nil
	}
	for index, attrs := range cm.attributes[id.Type] {
		if attrs.hash() == id.Hash {
			return cm.credential(attrs.CredentialType().Identifier(), index)
		}
	}
	return nil, nil
339
340
}

Sietse Ringers's avatar
Sietse Ringers committed
341
342
// credential returns the requested credential, or nil if we do not have it.
func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int) (cred *credential, err error) {
Sietse Ringers's avatar
Sietse Ringers committed
343
	// If the requested credential is not in credential map, we check if its attributes were
344
	// deserialized during NewCredentialManager(). If so, there should be a corresponding signature file,
Sietse Ringers's avatar
Sietse Ringers committed
345
	// so we read that, construct the credential, and add it to the credential map
Sietse Ringers's avatar
Sietse Ringers committed
346
	if _, exists := cm.creds(id)[counter]; !exists {
Sietse Ringers's avatar
Sietse Ringers committed
347
348
349
350
		attrs := cm.Attributes(id, counter)
		if attrs == nil { // We do not have the requested cred
			return
		}
Sietse Ringers's avatar
Sietse Ringers committed
351
		sig, err := cm.storage.LoadSignature(attrs)
Sietse Ringers's avatar
Sietse Ringers committed
352
353
354
355
356
357
358
		if err != nil {
			return nil, err
		}
		if sig == nil {
			err = errors.New("signature file not found")
			return nil, err
		}
359
		pk, err := attrs.PublicKey()
360
361
362
		if err != nil {
			return nil, err
		}
363
364
365
		if pk == nil {
			return nil, errors.New("unknown public key")
		}
366
		cred, err := newCredential(&gabi.Credential{
367
			Attributes: append([]*big.Int{cm.secretkey.Key}, attrs.Ints...),
368
			Signature:  sig,
369
			Pk:         pk,
370
		}, cm.ConfigurationStore)
371
372
373
		if err != nil {
			return nil, err
		}
Sietse Ringers's avatar
Sietse Ringers committed
374
375
376
377
		cm.credentials[id][counter] = cred
	}

	return cm.credentials[id][counter], nil
378
379
}

Sietse Ringers's avatar
Sietse Ringers committed
380
// Methods used in the IRMA protocol
381

Sietse Ringers's avatar
Sietse Ringers committed
382
383
// Candidates returns a list of attributes present in this credential manager
// that satisfy the specified attribute disjunction.
384
func (cm *CredentialManager) Candidates(disjunction *AttributeDisjunction) []*AttributeIdentifier {
385
	candidates := make([]*AttributeIdentifier, 0, 10)
386
387

	for _, attribute := range disjunction.Attributes {
Sietse Ringers's avatar
Sietse Ringers committed
388
		credID := attribute.CredentialTypeIdentifier()
389
		if !cm.ConfigurationStore.Contains(credID) {
390
391
			continue
		}
392
		creds := cm.attributes[credID]
393
394
395
396
		count := len(creds)
		if count == 0 {
			continue
		}
397
398
		for _, attrs := range creds {
			id := &AttributeIdentifier{Type: attribute, Hash: attrs.hash()}
399
400
401
			if attribute.IsCredential() {
				candidates = append(candidates, id)
			} else {
Sietse Ringers's avatar
Sietse Ringers committed
402
				val := attrs.untranslatedAttribute(attribute)
403
				if val == "" { // This won't handle empty attributes correctly
404
405
406
407
408
409
410
411
412
413
414
415
					continue
				}
				if !disjunction.HasValues() || val == disjunction.Values[attribute] {
					candidates = append(candidates, id)
				}
			}
		}
	}

	return candidates
}

Sietse Ringers's avatar
Sietse Ringers committed
416
417
418
// CheckSatisfiability checks if this credential manager has the required attributes
// to satisfy the specifed disjunction list. If not, the unsatisfiable disjunctions
// are returned.
419
420
421
422
423
424
425
426
427
func (cm *CredentialManager) CheckSatisfiability(
	disjunctions AttributeDisjunctionList,
) ([][]*AttributeIdentifier, AttributeDisjunctionList) {
	candidates := [][]*AttributeIdentifier{}
	missing := AttributeDisjunctionList{}
	for i, disjunction := range disjunctions {
		candidates = append(candidates, []*AttributeIdentifier{})
		candidates[i] = cm.Candidates(disjunction)
		if len(candidates[i]) == 0 {
428
429
430
			missing = append(missing, disjunction)
		}
	}
431
	return candidates, missing
432
}
433

434
func (cm *CredentialManager) groupCredentials(choice *DisclosureChoice) (map[CredentialIdentifier][]int, error) {
435
	grouped := make(map[CredentialIdentifier][]int)
436
437
438
	if choice == nil || choice.Attributes == nil {
		return grouped, nil
	}
439
440
441
442
443
444
445
446

	for _, attribute := range choice.Attributes {
		identifier := attribute.Type
		ici := attribute.CredentialIdentifier()

		// If this is the first attribute of its credential type that we encounter
		// in the disclosure choice, then there is no slice yet at grouped[ici]
		if _, present := grouped[ici]; !present {
447
448
			indices := make([]int, 1, 1)
			indices[0] = 1 // Always include metadata
449
450
451
452
453
454
			grouped[ici] = indices
		}

		if identifier.IsCredential() {
			continue // In this case we only disclose the metadata attribute, which is already handled
		}
455
		index, err := cm.ConfigurationStore.CredentialTypes[identifier.CredentialTypeIdentifier()].IndexOf(identifier)
456
457
458
459
		if err != nil {
			return nil, err
		}

Sietse Ringers's avatar
Sietse Ringers committed
460
		// These indices will be used in the []*big.Int at gabi.credential.Attributes,
461
		// which doesn't know about the secret key and metadata attribute, so +2
462
		grouped[ici] = append(grouped[ici], index+2)
463
464
465
466
467
	}

	return grouped, nil
}

468
// ProofBuilders constructs a list of proof builders for the specified attribute choice.
469
func (cm *CredentialManager) ProofBuilders(choice *DisclosureChoice) (gabi.ProofBuilderList, error) {
470
471
472
473
474
	todisclose, err := cm.groupCredentials(choice)
	if err != nil {
		return nil, err
	}

475
	builders := gabi.ProofBuilderList([]gabi.ProofBuilder{})
476
	for id, list := range todisclose {
Sietse Ringers's avatar
Sietse Ringers committed
477
		cred, err := cm.credentialByID(id)
478
479
480
481
482
		if err != nil {
			return nil, err
		}
		builders = append(builders, cred.Credential.CreateDisclosureProofBuilder(list))
	}
Sietse Ringers's avatar
Sietse Ringers committed
483
	return builders, nil
484
}
Sietse Ringers's avatar
Sietse Ringers committed
485

Sietse Ringers's avatar
Sietse Ringers committed
486
// Proofs computes disclosure proofs containing the attributes specified by choice.
487
func (cm *CredentialManager) Proofs(choice *DisclosureChoice, request IrmaSession, issig bool) (gabi.ProofList, error) {
Sietse Ringers's avatar
Sietse Ringers committed
488
	builders, err := cm.ProofBuilders(choice)
Sietse Ringers's avatar
Sietse Ringers committed
489
490
491
	if err != nil {
		return nil, err
	}
492
	return builders.BuildProofList(request.GetContext(), request.GetNonce(), issig), nil
Sietse Ringers's avatar
Sietse Ringers committed
493
494
}

495
496
// IssuanceProofBuilders constructs a list of proof builders in the issuance protocol
// for the future credentials as well as possibly any disclosed attributes.
497
func (cm *CredentialManager) IssuanceProofBuilders(request *IssuanceRequest) (gabi.ProofBuilderList, error) {
Sietse Ringers's avatar
Cleanup    
Sietse Ringers committed
498
	state, err := newIssuanceState()
Sietse Ringers's avatar
Sietse Ringers committed
499
500
501
502
503
	if err != nil {
		return nil, err
	}
	request.state = state

504
	proofBuilders := gabi.ProofBuilderList([]gabi.ProofBuilder{})
Sietse Ringers's avatar
Sietse Ringers committed
505
	for _, futurecred := range request.Credentials {
Sietse Ringers's avatar
Sietse Ringers committed
506
		var pk *gabi.PublicKey
507
		pk, err = cm.ConfigurationStore.PublicKey(futurecred.CredentialTypeID.IssuerIdentifier(), futurecred.KeyCounter)
508
509
510
		if err != nil {
			return nil, err
		}
511
512
		credBuilder := gabi.NewCredentialBuilder(
			pk, request.GetContext(), cm.secretkey.Key, state.nonce2)
Sietse Ringers's avatar
Sietse Ringers committed
513
514
515
		request.state.builders = append(request.state.builders, credBuilder)
		proofBuilders = append(proofBuilders, credBuilder)
	}
Sietse Ringers's avatar
Sietse Ringers committed
516

Sietse Ringers's avatar
Sietse Ringers committed
517
	disclosures, err := cm.ProofBuilders(request.choice)
Sietse Ringers's avatar
Sietse Ringers committed
518
519
520
	if err != nil {
		return nil, err
	}
Sietse Ringers's avatar
Sietse Ringers committed
521
	proofBuilders = append(disclosures, proofBuilders...)
Sietse Ringers's avatar
Sietse Ringers committed
522
523
	return proofBuilders, nil
}
Sietse Ringers's avatar
Sietse Ringers committed
524

Sietse Ringers's avatar
Sietse Ringers committed
525
526
527
528
529
530
531
// IssueCommitments computes issuance commitments, along with disclosure proofs
// specified by choice.
func (cm *CredentialManager) IssueCommitments(request *IssuanceRequest) (*gabi.IssueCommitmentMessage, error) {
	proofBuilders, err := cm.IssuanceProofBuilders(request)
	if err != nil {
		return nil, err
	}
532
	list := proofBuilders.BuildProofList(request.GetContext(), request.GetNonce(), false)
Sietse Ringers's avatar
Sietse Ringers committed
533
	return &gabi.IssueCommitmentMessage{Proofs: list, Nonce2: request.state.nonce2}, nil
Sietse Ringers's avatar
Sietse Ringers committed
534
535
}

Sietse Ringers's avatar
Sietse Ringers committed
536
537
// ConstructCredentials constructs and saves new credentials
// using the specified issuance signature messages.
Sietse Ringers's avatar
Sietse Ringers committed
538
539
540
541
542
func (cm *CredentialManager) ConstructCredentials(msg []*gabi.IssueSignatureMessage, request *IssuanceRequest) error {
	if len(msg) != len(request.state.builders) {
		return errors.New("Received unexpected amount of signatures")
	}

543
544
	// First collect all credentials in a slice, so that if one of them induces an error,
	// we save none of them to fail the session cleanly
545
	gabicreds := []*gabi.Credential{}
Sietse Ringers's avatar
Sietse Ringers committed
546
	for i, sig := range msg {
547
		attrs, err := request.Credentials[i].AttributeList(cm.ConfigurationStore)
Sietse Ringers's avatar
Sietse Ringers committed
548
549
550
551
552
553
554
		if err != nil {
			return err
		}
		cred, err := request.state.builders[i].ConstructCredential(sig, attrs.Ints)
		if err != nil {
			return err
		}
555
		gabicreds = append(gabicreds, cred)
Sietse Ringers's avatar
Sietse Ringers committed
556
557
	}

558
	for _, gabicred := range gabicreds {
559
		newcred, err := newCredential(gabicred, cm.ConfigurationStore)
560
561
562
		if err != nil {
			return err
		}
Sietse Ringers's avatar
Sietse Ringers committed
563
564
565
		if err = cm.addCredential(newcred, true); err != nil {
			return err
		}
Sietse Ringers's avatar
Sietse Ringers committed
566
	}
567

Sietse Ringers's avatar
Sietse Ringers committed
568
	return nil
Sietse Ringers's avatar
Sietse Ringers committed
569
}
570

Sietse Ringers's avatar
Sietse Ringers committed
571
572
// Keyshare server handling

573
// PaillierKey returns a new Paillier key (and generates a new one in a goroutine).
Sietse Ringers's avatar
Sietse Ringers committed
574
func (cm *CredentialManager) paillierKey(wait bool) *paillierPrivateKey {
Sietse Ringers's avatar
Sietse Ringers committed
575
	cached := cm.paillierKeyCache
Sietse Ringers's avatar
Sietse Ringers committed
576
	ch := make(chan bool)
577
578
579
580
581
582

	// Would just write cm.paillierKeyCache instead of cached here, but the worker
	// modifies cm.paillierKeyCache, and we must be sure that the boolean here and
	// the if-clause below match.
	go cm.paillierKeyWorker(cached == nil && wait, ch)
	if cached == nil && wait {
Sietse Ringers's avatar
Sietse Ringers committed
583
		<-ch
584
585
		// generate yet another one for future calls, but no need to wait now
		go cm.paillierKeyWorker(false, ch)
Sietse Ringers's avatar
Sietse Ringers committed
586
	}
Sietse Ringers's avatar
Sietse Ringers committed
587
	return cm.paillierKeyCache
588
}
Sietse Ringers's avatar
Sietse Ringers committed
589

590
591
592
593
594
595
596
597
598
func (cm *CredentialManager) paillierKeyWorker(wait bool, ch chan bool) {
	newkey, _ := paillier.GenerateKey(rand.Reader, 2048)
	cm.paillierKeyCache = (*paillierPrivateKey)(newkey)
	cm.storage.StorePaillierKeys(cm.paillierKeyCache)
	if wait {
		ch <- true
	}
}

Sietse Ringers's avatar
Sietse Ringers committed
599
600
func (cm *CredentialManager) unenrolledKeyshareServers() []*SchemeManager {
	list := []*SchemeManager{}
601
	for name, manager := range cm.ConfigurationStore.SchemeManagers {
Sietse Ringers's avatar
Sietse Ringers committed
602
603
604
605
606
607
		if _, contains := cm.keyshareServers[name]; len(manager.KeyshareServer) > 0 && !contains {
			list = append(list, manager)
		}
	}
	return list
}
Sietse Ringers's avatar
Sietse Ringers committed
608

609
// KeyshareEnroll attempts to register at the keyshare server of the specified scheme manager.
610
611
612
613
614
615
616
617
618
619
620
621
622
623
func (cm *CredentialManager) KeyshareEnroll(manager *SchemeManager, handler KeyshareHandler) {
	handler.StartRegistration(manager, func(email, pin string) {
		go func() {
			err := cm.keyshareEnrollWorker(manager.Identifier(), email, pin)
			if err != nil {
				handler.RegistrationError(err)
			} else {
				handler.RegistrationSuccess()
			}
		}()
	})
}

func (cm *CredentialManager) keyshareEnrollWorker(managerID SchemeManagerIdentifier, email, pin string) error {
624
	manager, ok := cm.ConfigurationStore.SchemeManagers[managerID]
Sietse Ringers's avatar
Sietse Ringers committed
625
626
627
628
629
630
631
632
633
634
635
	if !ok {
		return errors.New("Unknown scheme manager")
	}
	if len(manager.KeyshareServer) == 0 {
		return errors.New("Scheme manager has no keyshare server")
	}
	if len(pin) < 5 {
		return errors.New("PIN too short, must be at least 5 characters")
	}

	transport := NewHTTPTransport(manager.KeyshareServer)
636
	kss, err := newKeyshareServer(cm.paillierKey(true), manager.KeyshareServer, email)
Sietse Ringers's avatar
Sietse Ringers committed
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
	if err != nil {
		return err
	}
	message := keyshareRegistration{
		Username:  email,
		Pin:       kss.HashedPin(pin),
		PublicKey: (*paillierPublicKey)(&kss.PrivateKey.PublicKey),
	}

	result := &struct{}{}
	err = transport.Post("web/users/selfenroll", result, message)
	if err != nil {
		return err
	}

652
	cm.keyshareServers[managerID] = kss
Sietse Ringers's avatar
Sietse Ringers committed
653
	return cm.storage.StoreKeyshareServers(cm.keyshareServers)
Sietse Ringers's avatar
Sietse Ringers committed
654
655
}

656
// KeyshareRemove unregisters the keyshare server of the specified scheme manager.
Sietse Ringers's avatar
Sietse Ringers committed
657
658
659
660
661
func (cm *CredentialManager) KeyshareRemove(manager SchemeManagerIdentifier) error {
	if _, contains := cm.keyshareServers[manager]; !contains {
		return errors.New("Can't uninstall unknown keyshare server")
	}
	delete(cm.keyshareServers, manager)
Sietse Ringers's avatar
Sietse Ringers committed
662
	return cm.storage.StoreKeyshareServers(cm.keyshareServers)
Sietse Ringers's avatar
Sietse Ringers committed
663
}
Sietse Ringers's avatar
Sietse Ringers committed
664

Sietse Ringers's avatar
Sietse Ringers committed
665
666
// Add, load and store log entries

667
func (cm *CredentialManager) addLogEntry(entry *LogEntry) error {
Sietse Ringers's avatar
Sietse Ringers committed
668
	cm.logs = append(cm.logs, entry)
669
	return cm.storage.StoreLogs(cm.logs)
670
	return nil
Sietse Ringers's avatar
Sietse Ringers committed
671
672
673
674
675
}

func (cm *CredentialManager) Logs() ([]*LogEntry, error) {
	if cm.logs == nil || len(cm.logs) == 0 {
		var err error
Sietse Ringers's avatar
Sietse Ringers committed
676
		cm.logs, err = cm.storage.LoadLogs()
Sietse Ringers's avatar
Sietse Ringers committed
677
678
679
680
681
682
		if err != nil {
			return nil, err
		}
	}
	return cm.logs, nil
}