manager.go 21.6 KB
Newer Older
1
2
3
package irmago

import (
4
	"crypto/rand"
Sietse Ringers's avatar
Sietse Ringers committed
5
	"math/big"
Sietse Ringers's avatar
Sietse Ringers committed
6
	"sort"
7
	"time"
Sietse Ringers's avatar
Sietse Ringers committed
8

9
	"github.com/credentials/go-go-gadget-paillier"
Sietse Ringers's avatar
Sietse Ringers committed
10
	"github.com/go-errors/errors"
11
12
13
	"github.com/mhe/gabi"
)

Sietse Ringers's avatar
Sietse Ringers committed
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
// This file contains most methods of the CredentialManager (c.f. session.go
// and updates.go).
//
// The storage of credentials is split up in several parts:
//
// - The CL-signature of each credential is stored separately, so that we can
// load it on demand (i.e., during an IRMA session), instead of immediately
// at initialization.
//
// - The attributes of all credentials are stored together, as they all
// immediately need to be available anyway,
//
// - The secret key (the zeroth attribute of every credential), being the same
// across all credentials, is stored only once in a separate file (storing this
// in multiple places would be bad).

// CredentialManager (de)serializes credentials and keyshare server information
// from storage; as well as logs of earlier IRMA sessions; it provides access
// to the attributes and all related information of its credentials;
// it is the starting point for new IRMA sessions; and it computes some
// of the messages in the client side of the IRMA protocol.
35
type CredentialManager struct {
Sietse Ringers's avatar
Sietse Ringers committed
36
	// Stuff we manage on disk
37
	secretkey        *secretKey
38
39
40
	attributes       map[CredentialTypeIdentifier][]*AttributeList
	credentials      map[CredentialTypeIdentifier]map[int]*credential
	keyshareServers  map[SchemeManagerIdentifier]*keyshareServer
41
	paillierKeyCache *paillierPrivateKey
Sietse Ringers's avatar
Sietse Ringers committed
42
	logs             []*LogEntry
Sietse Ringers's avatar
Sietse Ringers committed
43
	updates          []update
44

Sietse Ringers's avatar
Sietse Ringers committed
45
46
47
48
	// Where we store/load it to/from
	storage storage

	// Other state
49
50
51
52
53
	ConfigurationStore       *ConfigurationStore
	UnenrolledSchemeManagers []SchemeManagerIdentifier
	irmaConfigurationPath    string
	androidStoragePath       string
	handler                  ClientHandler
54
55
56
}

// KeyshareHandler is used for asking the user for his email address and PIN,
57
// for enrolling at a keyshare server.
58
type KeyshareHandler interface {
59
60
	EnrollmentError(manager SchemeManagerIdentifier, err error)
	EnrollmentSuccess(manager SchemeManagerIdentifier)
61
62
63
64
65
66
67
}

type ClientHandler interface {
	KeyshareHandler

	UpdateConfigurationStore(new *IrmaIdentifierSet)
	UpdateAttributes()
Sietse Ringers's avatar
Sietse Ringers committed
68
69
}

70
71
72
73
type secretKey struct {
	Key *big.Int
}

74
75
76
77
78
// NewCredentialManager creates a new CredentialManager that uses the directory
// specified by storagePath for (de)serializing itself. irmaConfigurationPath
// is the path to a (possibly readonly) folder containing irma_configuration;
// androidStoragePath is an optional path to the files of the old android app
// (specify "" if you do not want to parse the old android app files),
79
// and handler is used for informing the user of new stuff, and when a
80
// enrollment to a keyshare server needs to happen.
81
82
83
// The credential manager returned by this function has been fully deserialized
// and is ready for use.
//
Sietse Ringers's avatar
Sietse Ringers committed
84
85
// NOTE: It is the responsibility of the caller that there exists a (properly
// protected) directory at storagePath!
86
87
88
89
func NewCredentialManager(
	storagePath string,
	irmaConfigurationPath string,
	androidStoragePath string,
90
	handler ClientHandler,
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
) (*CredentialManager, error) {
	var err error
	if err = AssertPathExists(storagePath); err != nil {
		return nil, err
	}
	if err = AssertPathExists(irmaConfigurationPath); err != nil {
		return nil, err
	}

	cm := &CredentialManager{
		credentials:           make(map[CredentialTypeIdentifier]map[int]*credential),
		keyshareServers:       make(map[SchemeManagerIdentifier]*keyshareServer),
		attributes:            make(map[CredentialTypeIdentifier][]*AttributeList),
		irmaConfigurationPath: irmaConfigurationPath,
		androidStoragePath:    androidStoragePath,
106
		handler:               handler,
107
108
109
110
111
112
113
114
	}

	cm.ConfigurationStore, err = NewConfigurationStore(storagePath+"/irma_configuration", irmaConfigurationPath)
	if err != nil {
		return nil, err
	}
	if err = cm.ConfigurationStore.ParseFolder(); err != nil {
		return nil, err
115
116
117
	}

	// Ensure storage path exists, and populate it with necessary files
118
	cm.storage = storage{storagePath: storagePath, ConfigurationStore: cm.ConfigurationStore}
Sietse Ringers's avatar
Sietse Ringers committed
119
	if err = cm.storage.EnsureStorageExists(); err != nil {
120
121
122
123
124
125
126
127
128
		return nil, err
	}

	// Perform new update functions from credentialManagerUpdates, if any
	if err = cm.update(); err != nil {
		return nil, err
	}

	// Load our stuff
Sietse Ringers's avatar
Sietse Ringers committed
129
	if cm.secretkey, err = cm.storage.LoadSecretKey(); err != nil {
130
131
		return nil, err
	}
Sietse Ringers's avatar
Sietse Ringers committed
132
	if cm.attributes, err = cm.storage.LoadAttributes(); err != nil {
133
134
		return nil, err
	}
135
	if cm.keyshareServers, err = cm.storage.LoadKeyshareServers(); err != nil {
136
137
		return nil, err
	}
138
	if cm.paillierKeyCache, err = cm.storage.LoadPaillierKeys(); err != nil {
139
140
		return nil, err
	}
141
142
143
	if cm.paillierKeyCache == nil {
		cm.paillierKey(false)
	}
144

145
146
	cm.UnenrolledSchemeManagers = cm.unenrolledSchemeManagers()
	if len(cm.UnenrolledSchemeManagers) > 1 {
147
148
149
150
151
152
		return nil, errors.New("Too many keyshare servers")
	}

	return cm, nil
}

153
154
155
// CredentialInfoList returns a list of information of all contained credentials.
func (cm *CredentialManager) CredentialInfoList() CredentialInfoList {
	list := CredentialInfoList([]*CredentialInfo{})
156
157

	for _, attrlistlist := range cm.attributes {
158
159
160
		for index, attrlist := range attrlistlist {
			info := attrlist.Info()
			info.Index = index
161
			list = append(list, info)
Sietse Ringers's avatar
Sietse Ringers committed
162
163
		}
	}
164

Sietse Ringers's avatar
Sietse Ringers committed
165
166
167
168
	sort.Sort(list)
	return list
}

Sietse Ringers's avatar
Sietse Ringers committed
169
170
171
172
173
// addCredential adds the specified credential to the CredentialManager, saving its signature
// imediately, and optionally cm.attributes as well.
func (cm *CredentialManager) addCredential(cred *credential, storeAttributes bool) (err error) {
	id := cred.CredentialType().Identifier()

174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
	// Don't add duplicate creds
	for _, attrlistlist := range cm.attributes {
		for _, attrs := range attrlistlist {
			if attrs.hash() == cred.AttributeList().hash() {
				return nil
			}
		}
	}

	// If this is a singleton credential type, ensure we have at most one by removing any previous instance
	if cred.CredentialType().IsSingleton && len(cm.creds(id)) > 0 {
		cm.remove(id, 0, false) // Index is 0, because if we're here we have exactly one
	}

	// Append the new cred to our attributes and credentials
	cm.attributes[id] = append(cm.attrs(id), cred.AttributeList())
Sietse Ringers's avatar
Sietse Ringers committed
190
191
192
	if _, exists := cm.credentials[id]; !exists {
		cm.credentials[id] = make(map[int]*credential)
	}
193
194
	counter := len(cm.attributes[id]) - 1
	cm.credentials[id][counter] = cred
Sietse Ringers's avatar
Sietse Ringers committed
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214

	if err = cm.storage.StoreSignature(cred); err != nil {
		return
	}
	if storeAttributes {
		err = cm.storage.StoreAttributes(cm.attributes)
	}
	return
}

func generateSecretKey() (*secretKey, error) {
	key, err := gabi.RandomBigInt(gabi.DefaultSystemParameters[1024].Lm)
	if err != nil {
		return nil, err
	}
	return &secretKey{Key: key}, nil
}

// Removal methods

215
216
217
218
219
220
221
222
223
func (cm *CredentialManager) remove(id CredentialTypeIdentifier, index int, storenow bool) error {
	// Remove attributes
	list, exists := cm.attributes[id]
	if !exists || index >= len(list) {
		return errors.Errorf("Can't remove credential %s-%d: no such credential", id.String(), index)
	}
	attrs := list[index]
	cm.attributes[id] = append(list[:index], list[index+1:]...)
	if storenow {
Sietse Ringers's avatar
Sietse Ringers committed
224
225
226
		if err := cm.storage.StoreAttributes(cm.attributes); err != nil {
			return err
		}
227
228
229
230
231
	}

	// Remove credential
	if creds, exists := cm.credentials[id]; exists {
		if _, exists := creds[index]; exists {
Sietse Ringers's avatar
Sietse Ringers committed
232
			delete(creds, index)
233
234
235
236
237
			cm.credentials[id] = creds
		}
	}

	// Remove signature from storage
Sietse Ringers's avatar
Sietse Ringers committed
238
	if err := cm.storage.DeleteSignature(attrs); err != nil {
239
240
241
		return err
	}

242
243
244
245
246
247
248
249
250
251
252
	removed := map[CredentialTypeIdentifier][]TranslatedString{}
	removed[id] = attrs.Strings()

	if storenow {
		return cm.addLogEntry(&LogEntry{
			Type:    actionRemoval,
			Time:    Timestamp(time.Now()),
			Removed: removed,
		})
	}
	return nil
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
}

func (cm *CredentialManager) RemoveCredential(id CredentialTypeIdentifier, index int) error {
	return cm.remove(id, index, true)
}

func (cm *CredentialManager) RemoveCredentialByHash(hash string) error {
	cred, index, err := cm.credentialByHash(hash)
	if err != nil {
		return err
	}
	return cm.RemoveCredential(cred.CredentialType().Identifier(), index)
}

func (cm *CredentialManager) RemoveAllCredentials() error {
268
	removed := map[CredentialTypeIdentifier][]TranslatedString{}
Sietse Ringers's avatar
Sietse Ringers committed
269
270
271
272
273
274
	for _, attrlistlist := range cm.attributes {
		for _, attrs := range attrlistlist {
			if attrs.CredentialType() != nil {
				removed[attrs.CredentialType().Identifier()] = attrs.Strings()
			}
			cm.storage.DeleteSignature(attrs)
275
276
		}
	}
Sietse Ringers's avatar
Sietse Ringers committed
277
	cm.attributes = map[CredentialTypeIdentifier][]*AttributeList{}
Sietse Ringers's avatar
Sietse Ringers committed
278
	if err := cm.storage.StoreAttributes(cm.attributes); err != nil {
279
280
		return err
	}
281
282
283
284
285
286
287
288
289

	logentry := &LogEntry{
		Type:    actionRemoval,
		Time:    Timestamp(time.Now()),
		Removed: removed,
	}
	if err := cm.addLogEntry(logentry); err != nil {
		return err
	}
Sietse Ringers's avatar
Sietse Ringers committed
290
	return cm.storage.StoreLogs(cm.logs)
291
292
}

293
// Attribute and credential getter methods
Sietse Ringers's avatar
Sietse Ringers committed
294

Sietse Ringers's avatar
Sietse Ringers committed
295
// attrs returns cm.attributes[id], initializing it to an empty slice if neccesary
296
func (cm *CredentialManager) attrs(id CredentialTypeIdentifier) []*AttributeList {
Sietse Ringers's avatar
Sietse Ringers committed
297
298
299
300
301
302
303
304
305
	list, exists := cm.attributes[id]
	if !exists {
		list = make([]*AttributeList, 0, 1)
		cm.attributes[id] = list
	}
	return list
}

// creds returns cm.credentials[id], initializing it to an empty map if neccesary
Sietse Ringers's avatar
Sietse Ringers committed
306
func (cm *CredentialManager) creds(id CredentialTypeIdentifier) map[int]*credential {
Sietse Ringers's avatar
Sietse Ringers committed
307
308
	list, exists := cm.credentials[id]
	if !exists {
Sietse Ringers's avatar
Sietse Ringers committed
309
		list = make(map[int]*credential)
Sietse Ringers's avatar
Sietse Ringers committed
310
311
312
313
314
		cm.credentials[id] = list
	}
	return list
}

Sietse Ringers's avatar
Sietse Ringers committed
315
// Attributes returns the attribute list of the requested credential, or nil if we do not have it.
316
func (cm *CredentialManager) Attributes(id CredentialTypeIdentifier, counter int) (attributes *AttributeList) {
Sietse Ringers's avatar
Sietse Ringers committed
317
318
	list := cm.attrs(id)
	if len(list) <= counter {
Sietse Ringers's avatar
Sietse Ringers committed
319
320
321
322
323
		return
	}
	return list[counter]
}

324
325
326
327
328
329
330
331
332
333
334
335
336
func (cm *CredentialManager) credentialByHash(hash string) (*credential, int, error) {
	for _, attrlistlist := range cm.attributes {
		for index, attrs := range attrlistlist {
			if attrs.hash() == hash {
				cred, err := cm.credential(attrs.CredentialType().Identifier(), index)
				return cred, index, err
			}
		}
	}
	return nil, 0, nil
}

func (cm *CredentialManager) credentialByID(id CredentialIdentifier) (*credential, error) {
Sietse Ringers's avatar
Sietse Ringers committed
337
338
339
340
341
342
343
344
345
	if _, exists := cm.attributes[id.Type]; !exists {
		return nil, nil
	}
	for index, attrs := range cm.attributes[id.Type] {
		if attrs.hash() == id.Hash {
			return cm.credential(attrs.CredentialType().Identifier(), index)
		}
	}
	return nil, nil
346
347
}

Sietse Ringers's avatar
Sietse Ringers committed
348
349
// credential returns the requested credential, or nil if we do not have it.
func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int) (cred *credential, err error) {
Sietse Ringers's avatar
Sietse Ringers committed
350
	// If the requested credential is not in credential map, we check if its attributes were
351
	// deserialized during NewCredentialManager(). If so, there should be a corresponding signature file,
Sietse Ringers's avatar
Sietse Ringers committed
352
	// so we read that, construct the credential, and add it to the credential map
Sietse Ringers's avatar
Sietse Ringers committed
353
	if _, exists := cm.creds(id)[counter]; !exists {
Sietse Ringers's avatar
Sietse Ringers committed
354
355
356
357
		attrs := cm.Attributes(id, counter)
		if attrs == nil { // We do not have the requested cred
			return
		}
Sietse Ringers's avatar
Sietse Ringers committed
358
		sig, err := cm.storage.LoadSignature(attrs)
Sietse Ringers's avatar
Sietse Ringers committed
359
360
361
362
363
364
365
		if err != nil {
			return nil, err
		}
		if sig == nil {
			err = errors.New("signature file not found")
			return nil, err
		}
366
		pk, err := attrs.PublicKey()
367
368
369
		if err != nil {
			return nil, err
		}
370
371
372
		if pk == nil {
			return nil, errors.New("unknown public key")
		}
373
		cred, err := newCredential(&gabi.Credential{
374
			Attributes: append([]*big.Int{cm.secretkey.Key}, attrs.Ints...),
375
			Signature:  sig,
376
			Pk:         pk,
377
		}, cm.ConfigurationStore)
378
379
380
		if err != nil {
			return nil, err
		}
Sietse Ringers's avatar
Sietse Ringers committed
381
382
383
384
		cm.credentials[id][counter] = cred
	}

	return cm.credentials[id][counter], nil
385
386
}

Sietse Ringers's avatar
Sietse Ringers committed
387
// Methods used in the IRMA protocol
388

Sietse Ringers's avatar
Sietse Ringers committed
389
390
// Candidates returns a list of attributes present in this credential manager
// that satisfy the specified attribute disjunction.
391
func (cm *CredentialManager) Candidates(disjunction *AttributeDisjunction) []*AttributeIdentifier {
392
	candidates := make([]*AttributeIdentifier, 0, 10)
393
394

	for _, attribute := range disjunction.Attributes {
Sietse Ringers's avatar
Sietse Ringers committed
395
		credID := attribute.CredentialTypeIdentifier()
396
		if !cm.ConfigurationStore.Contains(credID) {
397
398
			continue
		}
399
		creds := cm.attributes[credID]
400
401
402
403
		count := len(creds)
		if count == 0 {
			continue
		}
404
405
		for _, attrs := range creds {
			id := &AttributeIdentifier{Type: attribute, Hash: attrs.hash()}
406
407
408
			if attribute.IsCredential() {
				candidates = append(candidates, id)
			} else {
Sietse Ringers's avatar
Sietse Ringers committed
409
				val := attrs.untranslatedAttribute(attribute)
410
				if val == "" { // This won't handle empty attributes correctly
411
412
413
414
415
416
417
418
419
420
421
422
					continue
				}
				if !disjunction.HasValues() || val == disjunction.Values[attribute] {
					candidates = append(candidates, id)
				}
			}
		}
	}

	return candidates
}

Sietse Ringers's avatar
Sietse Ringers committed
423
424
425
// CheckSatisfiability checks if this credential manager has the required attributes
// to satisfy the specifed disjunction list. If not, the unsatisfiable disjunctions
// are returned.
426
427
428
429
430
431
432
433
434
func (cm *CredentialManager) CheckSatisfiability(
	disjunctions AttributeDisjunctionList,
) ([][]*AttributeIdentifier, AttributeDisjunctionList) {
	candidates := [][]*AttributeIdentifier{}
	missing := AttributeDisjunctionList{}
	for i, disjunction := range disjunctions {
		candidates = append(candidates, []*AttributeIdentifier{})
		candidates[i] = cm.Candidates(disjunction)
		if len(candidates[i]) == 0 {
435
436
437
			missing = append(missing, disjunction)
		}
	}
438
	return candidates, missing
439
}
440

441
func (cm *CredentialManager) groupCredentials(choice *DisclosureChoice) (map[CredentialIdentifier][]int, error) {
442
	grouped := make(map[CredentialIdentifier][]int)
443
444
445
	if choice == nil || choice.Attributes == nil {
		return grouped, nil
	}
446
447
448
449
450
451
452
453

	for _, attribute := range choice.Attributes {
		identifier := attribute.Type
		ici := attribute.CredentialIdentifier()

		// If this is the first attribute of its credential type that we encounter
		// in the disclosure choice, then there is no slice yet at grouped[ici]
		if _, present := grouped[ici]; !present {
454
455
			indices := make([]int, 1, 1)
			indices[0] = 1 // Always include metadata
456
457
458
459
460
461
			grouped[ici] = indices
		}

		if identifier.IsCredential() {
			continue // In this case we only disclose the metadata attribute, which is already handled
		}
462
		index, err := cm.ConfigurationStore.CredentialTypes[identifier.CredentialTypeIdentifier()].IndexOf(identifier)
463
464
465
466
		if err != nil {
			return nil, err
		}

Sietse Ringers's avatar
Sietse Ringers committed
467
		// These indices will be used in the []*big.Int at gabi.credential.Attributes,
468
		// which doesn't know about the secret key and metadata attribute, so +2
469
		grouped[ici] = append(grouped[ici], index+2)
470
471
472
473
474
	}

	return grouped, nil
}

475
// ProofBuilders constructs a list of proof builders for the specified attribute choice.
476
func (cm *CredentialManager) ProofBuilders(choice *DisclosureChoice) (gabi.ProofBuilderList, error) {
477
478
479
480
481
	todisclose, err := cm.groupCredentials(choice)
	if err != nil {
		return nil, err
	}

482
	builders := gabi.ProofBuilderList([]gabi.ProofBuilder{})
483
	for id, list := range todisclose {
Sietse Ringers's avatar
Sietse Ringers committed
484
		cred, err := cm.credentialByID(id)
485
486
487
488
489
		if err != nil {
			return nil, err
		}
		builders = append(builders, cred.Credential.CreateDisclosureProofBuilder(list))
	}
Sietse Ringers's avatar
Sietse Ringers committed
490
	return builders, nil
491
}
Sietse Ringers's avatar
Sietse Ringers committed
492

Sietse Ringers's avatar
Sietse Ringers committed
493
// Proofs computes disclosure proofs containing the attributes specified by choice.
494
func (cm *CredentialManager) Proofs(choice *DisclosureChoice, request IrmaSession, issig bool) (gabi.ProofList, error) {
Sietse Ringers's avatar
Sietse Ringers committed
495
	builders, err := cm.ProofBuilders(choice)
Sietse Ringers's avatar
Sietse Ringers committed
496
497
498
	if err != nil {
		return nil, err
	}
499
	return builders.BuildProofList(request.GetContext(), request.GetNonce(), issig), nil
Sietse Ringers's avatar
Sietse Ringers committed
500
501
}

502
503
// IssuanceProofBuilders constructs a list of proof builders in the issuance protocol
// for the future credentials as well as possibly any disclosed attributes.
504
func (cm *CredentialManager) IssuanceProofBuilders(request *IssuanceRequest) (gabi.ProofBuilderList, error) {
Sietse Ringers's avatar
Cleanup    
Sietse Ringers committed
505
	state, err := newIssuanceState()
Sietse Ringers's avatar
Sietse Ringers committed
506
507
508
509
510
	if err != nil {
		return nil, err
	}
	request.state = state

511
	proofBuilders := gabi.ProofBuilderList([]gabi.ProofBuilder{})
Sietse Ringers's avatar
Sietse Ringers committed
512
	for _, futurecred := range request.Credentials {
Sietse Ringers's avatar
Sietse Ringers committed
513
		var pk *gabi.PublicKey
514
		pk, err = cm.ConfigurationStore.PublicKey(futurecred.CredentialTypeID.IssuerIdentifier(), futurecred.KeyCounter)
515
516
517
		if err != nil {
			return nil, err
		}
518
519
		credBuilder := gabi.NewCredentialBuilder(
			pk, request.GetContext(), cm.secretkey.Key, state.nonce2)
Sietse Ringers's avatar
Sietse Ringers committed
520
521
522
		request.state.builders = append(request.state.builders, credBuilder)
		proofBuilders = append(proofBuilders, credBuilder)
	}
Sietse Ringers's avatar
Sietse Ringers committed
523

Sietse Ringers's avatar
Sietse Ringers committed
524
	disclosures, err := cm.ProofBuilders(request.choice)
Sietse Ringers's avatar
Sietse Ringers committed
525
526
527
	if err != nil {
		return nil, err
	}
Sietse Ringers's avatar
Sietse Ringers committed
528
	proofBuilders = append(disclosures, proofBuilders...)
Sietse Ringers's avatar
Sietse Ringers committed
529
530
	return proofBuilders, nil
}
Sietse Ringers's avatar
Sietse Ringers committed
531

Sietse Ringers's avatar
Sietse Ringers committed
532
533
534
535
536
537
538
// IssueCommitments computes issuance commitments, along with disclosure proofs
// specified by choice.
func (cm *CredentialManager) IssueCommitments(request *IssuanceRequest) (*gabi.IssueCommitmentMessage, error) {
	proofBuilders, err := cm.IssuanceProofBuilders(request)
	if err != nil {
		return nil, err
	}
539
	list := proofBuilders.BuildProofList(request.GetContext(), request.GetNonce(), false)
Sietse Ringers's avatar
Sietse Ringers committed
540
	return &gabi.IssueCommitmentMessage{Proofs: list, Nonce2: request.state.nonce2}, nil
Sietse Ringers's avatar
Sietse Ringers committed
541
542
}

Sietse Ringers's avatar
Sietse Ringers committed
543
544
// ConstructCredentials constructs and saves new credentials
// using the specified issuance signature messages.
Sietse Ringers's avatar
Sietse Ringers committed
545
546
547
548
549
func (cm *CredentialManager) ConstructCredentials(msg []*gabi.IssueSignatureMessage, request *IssuanceRequest) error {
	if len(msg) != len(request.state.builders) {
		return errors.New("Received unexpected amount of signatures")
	}

550
551
	// First collect all credentials in a slice, so that if one of them induces an error,
	// we save none of them to fail the session cleanly
552
	gabicreds := []*gabi.Credential{}
Sietse Ringers's avatar
Sietse Ringers committed
553
	for i, sig := range msg {
554
		attrs, err := request.Credentials[i].AttributeList(cm.ConfigurationStore)
Sietse Ringers's avatar
Sietse Ringers committed
555
556
557
558
559
560
561
		if err != nil {
			return err
		}
		cred, err := request.state.builders[i].ConstructCredential(sig, attrs.Ints)
		if err != nil {
			return err
		}
562
		gabicreds = append(gabicreds, cred)
Sietse Ringers's avatar
Sietse Ringers committed
563
564
	}

565
	for _, gabicred := range gabicreds {
566
		newcred, err := newCredential(gabicred, cm.ConfigurationStore)
567
568
569
		if err != nil {
			return err
		}
Sietse Ringers's avatar
Sietse Ringers committed
570
571
572
		if err = cm.addCredential(newcred, true); err != nil {
			return err
		}
Sietse Ringers's avatar
Sietse Ringers committed
573
	}
574

Sietse Ringers's avatar
Sietse Ringers committed
575
	return nil
Sietse Ringers's avatar
Sietse Ringers committed
576
}
577

Sietse Ringers's avatar
Sietse Ringers committed
578
579
// Keyshare server handling

580
// PaillierKey returns a new Paillier key (and generates a new one in a goroutine).
Sietse Ringers's avatar
Sietse Ringers committed
581
func (cm *CredentialManager) paillierKey(wait bool) *paillierPrivateKey {
Sietse Ringers's avatar
Sietse Ringers committed
582
	cached := cm.paillierKeyCache
Sietse Ringers's avatar
Sietse Ringers committed
583
	ch := make(chan bool)
584
585
586
587
588
589

	// Would just write cm.paillierKeyCache instead of cached here, but the worker
	// modifies cm.paillierKeyCache, and we must be sure that the boolean here and
	// the if-clause below match.
	go cm.paillierKeyWorker(cached == nil && wait, ch)
	if cached == nil && wait {
Sietse Ringers's avatar
Sietse Ringers committed
590
		<-ch
591
592
		// generate yet another one for future calls, but no need to wait now
		go cm.paillierKeyWorker(false, ch)
Sietse Ringers's avatar
Sietse Ringers committed
593
	}
Sietse Ringers's avatar
Sietse Ringers committed
594
	return cm.paillierKeyCache
595
}
Sietse Ringers's avatar
Sietse Ringers committed
596

597
598
599
600
601
602
603
604
605
func (cm *CredentialManager) paillierKeyWorker(wait bool, ch chan bool) {
	newkey, _ := paillier.GenerateKey(rand.Reader, 2048)
	cm.paillierKeyCache = (*paillierPrivateKey)(newkey)
	cm.storage.StorePaillierKeys(cm.paillierKeyCache)
	if wait {
		ch <- true
	}
}

606
func (cm *CredentialManager) unenrolledSchemeManagers() []SchemeManagerIdentifier {
Sietse Ringers's avatar
Sietse Ringers committed
607
	list := []SchemeManagerIdentifier{}
608
	for name, manager := range cm.ConfigurationStore.SchemeManagers {
Sietse Ringers's avatar
Sietse Ringers committed
609
610
		if _, contains := cm.keyshareServers[name]; manager.Distributed() && !contains {
			list = append(list, manager.Identifier())
Sietse Ringers's avatar
Sietse Ringers committed
611
612
613
614
		}
	}
	return list
}
Sietse Ringers's avatar
Sietse Ringers committed
615

616
// KeyshareEnroll attempts to enroll at the keyshare server of the specified scheme manager.
Sietse Ringers's avatar
Sietse Ringers committed
617
618
func (cm *CredentialManager) KeyshareEnroll(manager SchemeManagerIdentifier, email, pin string) {
	go func() {
619
620
621
622
623
624
625
626
		defer func() {
			handlePanic(func(err *SessionError) {
				if cm.handler != nil {
					cm.handler.EnrollmentError(manager, err)
				}
			})
		}()

Sietse Ringers's avatar
Sietse Ringers committed
627
		err := cm.keyshareEnrollWorker(manager, email, pin)
628
		cm.UnenrolledSchemeManagers = cm.unenrolledSchemeManagers()
Sietse Ringers's avatar
Sietse Ringers committed
629
		if err != nil {
630
			cm.handler.EnrollmentError(manager, err)
Sietse Ringers's avatar
Sietse Ringers committed
631
		} else {
632
			cm.handler.EnrollmentSuccess(manager)
Sietse Ringers's avatar
Sietse Ringers committed
633
634
		}
	}()
635

636
637
638
}

func (cm *CredentialManager) keyshareEnrollWorker(managerID SchemeManagerIdentifier, email, pin string) error {
639
	manager, ok := cm.ConfigurationStore.SchemeManagers[managerID]
Sietse Ringers's avatar
Sietse Ringers committed
640
641
642
643
644
645
646
647
648
649
650
	if !ok {
		return errors.New("Unknown scheme manager")
	}
	if len(manager.KeyshareServer) == 0 {
		return errors.New("Scheme manager has no keyshare server")
	}
	if len(pin) < 5 {
		return errors.New("PIN too short, must be at least 5 characters")
	}

	transport := NewHTTPTransport(manager.KeyshareServer)
651
	kss, err := newKeyshareServer(cm.paillierKey(true), manager.KeyshareServer, email)
Sietse Ringers's avatar
Sietse Ringers committed
652
653
654
	if err != nil {
		return err
	}
655
	message := keyshareEnrollment{
Sietse Ringers's avatar
Sietse Ringers committed
656
657
658
659
660
661
662
663
664
665
666
		Username:  email,
		Pin:       kss.HashedPin(pin),
		PublicKey: (*paillierPublicKey)(&kss.PrivateKey.PublicKey),
	}

	result := &struct{}{}
	err = transport.Post("web/users/selfenroll", result, message)
	if err != nil {
		return err
	}

667
	cm.keyshareServers[managerID] = kss
Sietse Ringers's avatar
Sietse Ringers committed
668
	return cm.storage.StoreKeyshareServers(cm.keyshareServers)
Sietse Ringers's avatar
Sietse Ringers committed
669
670
}

671
// KeyshareRemove unenrolls the keyshare server of the specified scheme manager.
Sietse Ringers's avatar
Sietse Ringers committed
672
673
674
675
676
func (cm *CredentialManager) KeyshareRemove(manager SchemeManagerIdentifier) error {
	if _, contains := cm.keyshareServers[manager]; !contains {
		return errors.New("Can't uninstall unknown keyshare server")
	}
	delete(cm.keyshareServers, manager)
Sietse Ringers's avatar
Sietse Ringers committed
677
	return cm.storage.StoreKeyshareServers(cm.keyshareServers)
Sietse Ringers's avatar
Sietse Ringers committed
678
}
Sietse Ringers's avatar
Sietse Ringers committed
679

680
681
func (cm *CredentialManager) KeyshareRemoveAll() error {
	cm.keyshareServers = map[SchemeManagerIdentifier]*keyshareServer{}
Tomas's avatar
Tomas committed
682
	cm.UnenrolledSchemeManagers = cm.unenrolledSchemeManagers()
683
684
685
	return cm.storage.StoreKeyshareServers(cm.keyshareServers)
}

Sietse Ringers's avatar
Sietse Ringers committed
686
687
// Add, load and store log entries

688
func (cm *CredentialManager) addLogEntry(entry *LogEntry) error {
Sietse Ringers's avatar
Sietse Ringers committed
689
	cm.logs = append(cm.logs, entry)
690
	return cm.storage.StoreLogs(cm.logs)
691
	return nil
Sietse Ringers's avatar
Sietse Ringers committed
692
693
694
695
696
}

func (cm *CredentialManager) Logs() ([]*LogEntry, error) {
	if cm.logs == nil || len(cm.logs) == 0 {
		var err error
Sietse Ringers's avatar
Sietse Ringers committed
697
		cm.logs, err = cm.storage.LoadLogs()
Sietse Ringers's avatar
Sietse Ringers committed
698
699
700
701
702
703
		if err != nil {
			return nil, err
		}
	}
	return cm.logs, nil
}