session.go 19.9 KB
Newer Older
1
package irmaclient
2
3

import (
Koen van Ingen's avatar
Koen van Ingen committed
4
	"encoding/json"
Sietse Ringers's avatar
Sietse Ringers committed
5
	"fmt"
6
	"net/url"
7
8
	"strings"

9
10
	"math/big"

11
	"github.com/go-errors/errors"
12
	"github.com/mhe/gabi"
13
	"github.com/privacybydesign/irmago"
14
15
)

Sietse Ringers's avatar
Sietse Ringers committed
16
17
18
// This file contains the logic and state of performing IRMA sessions, communicates
// with IRMA API servers, and uses the calling Client to construct messages and replies
// in the IRMA protocol.
Sietse Ringers's avatar
Sietse Ringers committed
19

Sietse Ringers's avatar
Sietse Ringers committed
20
21
// PermissionHandler is a callback for providing permission for an IRMA session
// and specifying the attributes to be disclosed.
22
type PermissionHandler func(proceed bool, choice *irma.DisclosureChoice)
23

Sietse Ringers's avatar
Sietse Ringers committed
24
// PinHandler is used to provide the user's PIN code.
25
26
type PinHandler func(proceed bool, pin string)

27
28
// A Handler contains callbacks for communication to the user.
type Handler interface {
29
	StatusUpdate(action irma.Action, status irma.Status)
30
31
32
33
	Success(result string)
	Cancelled()
	Failure(err *irma.SessionError)
	UnsatisfiableRequest(ServerName string, missing irma.AttributeDisjunctionList)
34
35

	KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int)
36
	KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier)
37
	KeyshareEnrollmentMissing(manager irma.SchemeManagerIdentifier)
38
	KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier)
39
40
41
42
43

	RequestIssuancePermission(request irma.IssuanceRequest, ServerName string, callback PermissionHandler)
	RequestVerificationPermission(request irma.DisclosureRequest, ServerName string, callback PermissionHandler)
	RequestSignaturePermission(request irma.SignatureRequest, ServerName string, callback PermissionHandler)
	RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool))
Sietse Ringers's avatar
Sietse Ringers committed
44

45
	RequestPin(remainingAttempts int, callback PinHandler)
46
47
}

Sietse Ringers's avatar
Sietse Ringers committed
48
// SessionDismisser can dismiss the current IRMA session.
49
50
51
52
type SessionDismisser interface {
	Dismiss()
}

Sietse Ringers's avatar
Sietse Ringers committed
53
type session struct {
54
55
56
57
	Action     irma.Action
	Handler    Handler
	Version    *irma.ProtocolVersion
	ServerName string
58

59
60
61
62
	choice  *irma.DisclosureChoice
	client  *Client
	request irma.SessionRequest
	done    bool
63

64
65
66
67
	// State for issuance protocol
	issuerProofNonce *big.Int
	builders         gabi.ProofBuilderList

68
	// These are empty on manual sessions
69
	ServerURL string
Koen van Ingen's avatar
Koen van Ingen committed
70
	transport *irma.HTTPTransport
71
72
}

73
// We implement the handler for the keyshare protocol
74
var _ keyshareSessionHandler = (*session)(nil)
75

76
77
// Supported protocol versions. Minor version numbers should be reverse sorted.
var supportedVersions = map[int][]int{
Sietse Ringers's avatar
Sietse Ringers committed
78
	2: {4},
79
}
Sietse Ringers's avatar
Sietse Ringers committed
80
81
82
83
84
85
86
var minVersion = &irma.ProtocolVersion{Major: 2, Minor: supportedVersions[2][0]}
var maxVersion = &irma.ProtocolVersion{Major: 2, Minor: supportedVersions[2][len(supportedVersions[2])-1]}

const (
	minVersionHeader = "X-IRMA-MinProtocolVersion"
	maxVersionHeader = "X-IRMA-MaxProtocolVersion"
)
87

88
// Session constructors
89

90
91
// NewSession starts a new IRMA session, given (along with a handler to pass feedback to) a session request.
// When the request is not suitable to start an IRMA session from, it calls the Failure method of the specified Handler.
92
93
94
95
96
97
98
99
func (client *Client) NewSession(sessionrequest string, handler Handler) SessionDismisser {
	bts := []byte(sessionrequest)

	qr := &irma.Qr{}
	if err := irma.UnmarshalValidate(bts, qr); err == nil {
		return client.newQrSession(qr, handler)
	}

100
101
102
103
104
105
106
	schemeRequest := &irma.SchemeManagerRequest{}
	if err := irma.UnmarshalValidate(bts, schemeRequest); err == nil {
		return client.newSchemeSession(schemeRequest, handler)
	}

	sigRequest := &irma.SignatureRequest{}
	if err := irma.UnmarshalValidate(bts, sigRequest); err == nil {
107
108
109
110
111
112
		return client.newManualSession(sigRequest, handler, irma.ActionSigning)
	}

	disclosureRequest := &irma.DisclosureRequest{}
	if err := irma.UnmarshalValidate(bts, disclosureRequest); err == nil {
		return client.newManualSession(disclosureRequest, handler, irma.ActionDisclosing)
Koen van Ingen's avatar
Koen van Ingen committed
113
114
	}

115
	handler.Failure(&irma.SessionError{Err: errors.New("Session request could not be parsed")})
116
117
118
119
	return nil
}

// newManualSession starts a manual session, given a signature request in JSON and a handler to pass messages to
120
func (client *Client) newManualSession(request irma.SessionRequest, handler Handler, action irma.Action) SessionDismisser {
121
	session := &session{
122
		Action:     action,
123
124
		Handler:    handler,
		client:     client,
Sietse Ringers's avatar
Sietse Ringers committed
125
		Version:    minVersion,
126
127
		ServerName: "",
		request:    request,
Koen van Ingen's avatar
Koen van Ingen committed
128
	}
129
	session.Handler.StatusUpdate(session.Action, irma.StatusManualStarted)
Koen van Ingen's avatar
Koen van Ingen committed
130

131
	session.processSessionInfo()
132
	return session
133
134
}

135
136
137
138
139
140
141
142
143
144
145
146
147
148
func (client *Client) newSchemeSession(qr *irma.SchemeManagerRequest, handler Handler) SessionDismisser {
	session := &session{
		ServerURL: qr.URL,
		transport: irma.NewHTTPTransport(qr.URL),
		Action:    irma.ActionSchemeManager,
		Handler:   handler,
		client:    client,
	}
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)

	go session.managerSession()
	return session
}

149
150
// newQrSession creates and starts a new interactive IRMA session
func (client *Client) newQrSession(qr *irma.Qr, handler Handler) SessionDismisser {
151
	u, _ := url.ParseRequestURI(qr.URL) // Qr validator already checked this for errors
152
	session := &session{
153
154
155
156
157
158
		ServerURL:  qr.URL,
		ServerName: u.Hostname(),
		transport:  irma.NewHTTPTransport(qr.URL),
		Action:     irma.Action(qr.Type),
		Handler:    handler,
		client:     client,
159
	}
160
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
161

162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
	// Check if the action is one of the supported types
	switch session.Action {
	case irma.ActionDisclosing:
		session.request = &irma.DisclosureRequest{}
	case irma.ActionSigning:
		session.request = &irma.SignatureRequest{}
	case irma.ActionIssuing:
		session.request = &irma.IssuanceRequest{}
	case irma.ActionUnknown:
		fallthrough
	default:
		session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownAction, Info: string(session.Action)})
		return nil
	}

Sietse Ringers's avatar
Sietse Ringers committed
177
178
	session.transport.SetHeader(minVersionHeader, minVersion.String())
	session.transport.SetHeader(maxVersionHeader, maxVersion.String())
179
180
181
	if !strings.HasSuffix(session.ServerURL, "/") {
		session.ServerURL += "/"
	}
182

Sietse Ringers's avatar
Sietse Ringers committed
183
	go session.getSessionInfo()
184
	return session
185
186
}

187
188
// Core session methods

189
// getSessionInfo retrieves the first message in the IRMA protocol (only in interactive sessions)
Sietse Ringers's avatar
Sietse Ringers committed
190
191
func (session *session) getSessionInfo() {
	defer session.recoverFromPanic()
192

193
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
194

Sietse Ringers's avatar
Sietse Ringers committed
195
	// Get the first IRMA protocol message and parse it
196
	err := session.transport.Get("", session.request)
Sietse Ringers's avatar
Sietse Ringers committed
197
	if err != nil {
198
		session.fail(err.(*irma.SessionError))
Sietse Ringers's avatar
Sietse Ringers committed
199
200
		return
	}
201

202
	session.processSessionInfo()
203
204
205
206
}

// processSessionInfo continues the session after all session state has been received:
// it checks if the session can be performed and asks the user for consent.
207
func (session *session) processSessionInfo() {
208
209
	defer session.recoverFromPanic()

210
	if !session.checkAndUpateConfiguration() {
211
212
213
		return
	}

214
215
216
217
218
219
220
221
	confirmedProtocolVersion := session.request.GetVersion()
	if confirmedProtocolVersion != nil {
		session.Version = confirmedProtocolVersion
	} else {
		session.Version = irma.NewVersion(2, 0)
		session.request.SetVersion(session.Version)
	}

222
	if session.Action == irma.ActionIssuing {
223
		ir := session.request.(*irma.IssuanceRequest)
Tomas's avatar
Tomas committed
224
225
226
227
228
229
230
		_, err := ir.GetCredentialInfoList(session.client.Configuration, session.Version)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownCredentialType, Err: err})
			return
		}

		// Calculate singleton credentials to be removed
Sietse Ringers's avatar
Sietse Ringers committed
231
		for _, credreq := range ir.Credentials {
232
233
234
235
			preexistingCredentials := session.client.attrs(*credreq.CredentialTypeID)
			if len(preexistingCredentials) != 0 && preexistingCredentials[0].IsValid() && preexistingCredentials[0].CredentialType().IsSingleton {
				ir.RemovalCredentialInfoList = append(ir.RemovalCredentialInfoList, preexistingCredentials[0].Info())
			}
236
237
238
		}
	}

239
	candidates, missing := session.client.CheckSatisfiability(session.request.ToDisclose())
240
	if len(missing) > 0 {
241
		session.Handler.UnsatisfiableRequest(session.ServerName, missing)
242
243
		return
	}
244
	session.request.SetCandidates(candidates)
245

Sietse Ringers's avatar
Sietse Ringers committed
246
	// Ask for permission to execute the session
247
	callback := PermissionHandler(func(proceed bool, choice *irma.DisclosureChoice) {
Sietse Ringers's avatar
Sietse Ringers committed
248
		session.choice = choice
249
		session.request.SetDisclosureChoice(choice)
Sietse Ringers's avatar
Sietse Ringers committed
250
		go session.doSession(proceed)
251
	})
252
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
253
	switch session.Action {
254
	case irma.ActionDisclosing:
255
		session.Handler.RequestVerificationPermission(
256
			*session.request.(*irma.DisclosureRequest), session.ServerName, callback)
257
	case irma.ActionSigning:
258
		session.Handler.RequestSignaturePermission(
259
			*session.request.(*irma.SignatureRequest), session.ServerName, callback)
260
	case irma.ActionIssuing:
261
		session.Handler.RequestIssuancePermission(
262
			*session.request.(*irma.IssuanceRequest), session.ServerName, callback)
263
264
265
266
267
	default:
		panic("Invalid session type") // does not happen, session.Action has been checked earlier
	}
}

268
269
270
// doSession performs the session: it computes all proofs of knowledge, constructs credentials in case of issuance,
// asks for the pin and performs the keyshare session, and finishes the session by either POSTing the result to the
// API server or returning it to the caller (in case of interactive and noninteractive sessions, respectively).
Sietse Ringers's avatar
Sietse Ringers committed
271
272
func (session *session) doSession(proceed bool) {
	defer session.recoverFromPanic()
273

274
	if !proceed {
275
		session.cancel()
276
277
		return
	}
278
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
279

280
	if !session.Distributed() {
Koen van Ingen's avatar
Koen van Ingen committed
281
		message, err := session.getProof()
Sietse Ringers's avatar
Sietse Ringers committed
282
		if err != nil {
283
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
284
285
286
287
			return
		}
		session.sendResponse(message)
	} else {
288
289
		var err error
		session.builders, session.issuerProofNonce, err = session.getBuilders()
Sietse Ringers's avatar
Sietse Ringers committed
290
		if err != nil {
291
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
292
		}
293
294
295
		startKeyshareSession(
			session,
			session.Handler,
296
			session.builders,
297
			session.request,
298
			session.client.Configuration,
299
			session.client.keyshareServers,
300
			session.issuerProofNonce,
301
		)
302
	}
Sietse Ringers's avatar
Sietse Ringers committed
303
}
304

Sietse Ringers's avatar
Sietse Ringers committed
305
306
type disclosureResponse string

307
308
// sendResponse sends the proofs of knowledge of the hidden attributes and/or the secret key, or the constructed
// attribute-based signature, to the API server.
309
func (session *session) sendResponse(message interface{}) {
Sietse Ringers's avatar
Sietse Ringers committed
310
	var log *LogEntry
Sietse Ringers's avatar
Sietse Ringers committed
311
	var err error
312
313
	var messageJson []byte

314
315
	switch session.Action {
	case irma.ActionSigning:
316
		irmaSignature, err := session.request.(*irma.SignatureRequest).SignatureFromMessage(message)
317
318
319
320
321
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
			return
		}

322
323
324
325
326
327
328
		messageJson, err = json.Marshal(irmaSignature)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Err: err})
			return
		}

		if session.IsInteractive() {
329
			var response disclosureResponse
330
			if err = session.transport.Post("proofs", &response, irmaSignature); err != nil {
331
332
333
334
335
336
337
				session.fail(err.(*irma.SessionError))
				return
			}
			if response != "VALID" {
				session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
				return
			}
Sietse Ringers's avatar
Sietse Ringers committed
338
		}
339
		log, _ = session.createLogEntry(message.(gabi.ProofList)) // TODO err
340
	case irma.ActionDisclosing:
341
342
343
		messageJson, err = json.Marshal(message)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Err: err})
344
345
			return
		}
346
347
348
349
350
351
352
353
354
355
		if session.IsInteractive() {
			var response disclosureResponse
			if err = session.transport.Post("proofs", &response, message); err != nil {
				session.fail(err.(*irma.SessionError))
				return
			}
			if response != "VALID" {
				session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
				return
			}
356
357
358
359
360
361
362
363
		}
		log, _ = session.createLogEntry(message.(gabi.ProofList)) // TODO err
	case irma.ActionIssuing:
		response := []*gabi.IssueSignatureMessage{}
		if err = session.transport.Post("commitments", &response, message); err != nil {
			session.fail(err.(*irma.SessionError))
			return
		}
364
		if err = session.client.ConstructCredentials(response, session.request.(*irma.IssuanceRequest), session.builders); err != nil {
365
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
366
367
			return
		}
368
		log, _ = session.createLogEntry(message) // TODO err
369
370
	}

371
	_ = session.client.addLogEntry(log) // TODO err
372
	if session.Action == irma.ActionIssuing {
373
		session.client.handler.UpdateAttributes()
374
	}
375
	session.done = true
376
	session.Handler.Success(string(messageJson))
377
378
}

379
// managerSession performs a "session" in which a new scheme manager is added (asking for permission first).
380
func (session *session) managerSession() {
381
	defer session.recoverFromPanic()
382
383
384
385

	// We have to download the scheme manager description.xml here before installing it,
	// because we need to show its contents (name, description, website) to the user
	// when asking installation permission.
386
	manager, err := irma.DownloadSchemeManager(session.ServerURL)
387
	if err != nil {
388
		session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
389
390
		return
	}
391

392
	session.Handler.RequestSchemeManagerPermission(manager, func(proceed bool) {
393
		if !proceed {
394
			session.Handler.Cancelled() // No need to DELETE session here
395
396
			return
		}
397
		if err := session.client.Configuration.InstallSchemeManager(manager); err != nil {
398
			session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
399
400
			return
		}
401
402

		// Update state and inform user of success
403
		session.client.handler.UpdateConfiguration(
404
405
406
407
			&irma.IrmaIdentifierSet{
				SchemeManagers:  map[irma.SchemeManagerIdentifier]struct{}{manager.Identifier(): {}},
				Issuers:         map[irma.IssuerIdentifier]struct{}{},
				CredentialTypes: map[irma.CredentialTypeIdentifier]struct{}{},
Sietse Ringers's avatar
Sietse Ringers committed
408
409
			},
		)
410
		session.Handler.Success("")
411
412
413
	})
	return
}
414

415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
// Response calculation methods

// getBuilders computes the builders for disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively).
func (session *session) getBuilders() (gabi.ProofBuilderList, *big.Int, error) {
	var builders gabi.ProofBuilderList
	var err error

	var issuerProofNonce *big.Int
	switch session.Action {
	case irma.ActionSigning:
		builders, err = session.client.ProofBuilders(session.choice, session.request, true)
	case irma.ActionDisclosing:
		builders, err = session.client.ProofBuilders(session.choice, session.request, false)
	case irma.ActionIssuing:
		builders, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest))
	}

	return builders, issuerProofNonce, err
}

// getProofs computes the disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively) to be sent to the server.
func (session *session) getProof() (interface{}, error) {
	var message interface{}
	var err error

	switch session.Action {
	case irma.ActionSigning:
		message, err = session.client.Proofs(session.choice, session.request, true)
	case irma.ActionDisclosing:
		message, err = session.client.Proofs(session.choice, session.request, false)
	case irma.ActionIssuing:
		message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest))
	}

	return message, err
}

// Helper functions

// checkKeyshareEnrollment checks if we are enrolled into all involved keyshare servers,
// and aborts the session if not
func (session *session) checkKeyshareEnrollment() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, ok := session.client.Configuration.SchemeManagers[id]
		if !ok {
462
			session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorUnknownSchemeManager, Info: id.String()})
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
			return false
		}
		distributed := manager.Distributed()
		_, enrolled := session.client.keyshareServers[id]
		if distributed && !enrolled {
			session.Handler.KeyshareEnrollmentMissing(id)
			return false
		}
	}
	return true
}

func (session *session) checkAndUpateConfiguration() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, contains := session.client.Configuration.SchemeManagers[id]
		if !contains {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorUnknownSchemeManager,
				Info:      id.String(),
			})
			return false
		}
		if !manager.Valid {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorInvalidSchemeManager,
				Info:      string(manager.Status),
			})
			return false
		}
	}

	// Check if we are enrolled into all involved keyshare servers
	if !session.checkKeyshareEnrollment() {
		return false
	}

	// Download missing credential types/issuers/public keys from the scheme manager
	downloaded, err := session.client.Configuration.Download(session.request)
	if err != nil {
		session.fail(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
		return false
	}
	if downloaded != nil && !downloaded.Empty() {
		session.client.handler.UpdateConfiguration(downloaded)
	}
	return true
}

// IsInteractive returns whether this session uses an API server or not.
func (session *session) IsInteractive() bool {
	return session.ServerURL != ""
}

// Distributed returns whether or not this session involves a keyshare server.
func (session *session) Distributed() bool {
	var smi irma.SchemeManagerIdentifier
	if session.Action == irma.ActionIssuing {
		for _, credreq := range session.request.(*irma.IssuanceRequest).Credentials {
			smi = credreq.CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier()
			if session.client.Configuration.SchemeManagers[smi].Distributed() {
				return true
			}
		}
	}

	if session.choice == nil || session.choice.Attributes == nil {
		return false
	}

	for _, ai := range session.choice.Attributes {
		smi = ai.Type.CredentialTypeIdentifier().IssuerIdentifier().SchemeManagerIdentifier()
		if session.client.Configuration.SchemeManagers[smi].Distributed() {
			return true
		}
	}

	return false
}

542
543
// Session lifetime functions

544
545
546
func (session *session) recoverFromPanic() {
	if e := recover(); e != nil {
		if session.Handler != nil {
547
			session.Handler.Failure(panicToError(e))
548
549
550
551
		}
	}
}

552
553
554
555
556
557
558
559
560
561
func panicToError(e interface{}) *irma.SessionError {
	var info string
	switch x := e.(type) {
	case string:
		info = x
	case error:
		info = x.Error()
	case fmt.Stringer:
		info = x.String()
	default: // nop
562
	}
563
	fmt.Println("Panic: " + info)
564
	return &irma.SessionError{ErrorType: irma.ErrorPanic, Info: info}
565
566
567
}

// Idempotently send DELETE to remote server, returning whether or not we did something
568
func (session *session) delete() bool {
569
	if !session.done {
570
571
572
		if session.IsInteractive() {
			session.transport.Delete()
		}
573
		session.done = true
574
575
576
577
578
		return true
	}
	return false
}

579
func (session *session) fail(err *irma.SessionError) {
580
581
	if session.delete() {
		err.Err = errors.Wrap(err.Err, 0)
582
		session.Handler.Failure(err)
583
584
585
	}
}

586
func (session *session) cancel() {
587
	if session.delete() {
588
		session.Handler.Cancelled()
589
590
591
	}
}

592
func (session *session) Dismiss() {
593
594
	session.cancel()
}
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635

// Keyshare session handler methods

func (session *session) KeyshareDone(message interface{}) {
	session.sendResponse(message)
}

func (session *session) KeyshareCancelled() {
	session.cancel()
}

func (session *session) KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentIncomplete(manager)
}

func (session *session) KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentDeleted(manager)
}

func (session *session) KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int) {
	session.Handler.KeyshareBlocked(manager, duration)
}

func (session *session) KeyshareError(manager *irma.SchemeManagerIdentifier, err error) {
	var serr *irma.SessionError
	var ok bool
	if serr, ok = err.(*irma.SessionError); !ok {
		serr = &irma.SessionError{ErrorType: irma.ErrorKeyshare, Err: err}
	} else {
		serr.ErrorType = irma.ErrorKeyshare
	}
	session.fail(serr)
}

func (session *session) KeysharePin() {
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
}

func (session *session) KeysharePinOK() {
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
}