fix: disclosures consisting of 0 credentials are now invalid

28336521 · Sietse Ringers · 43bbf0a6 · 28336521 · 28336521 · 28336521
Commit 28336521 authored Apr 07, 2019 by Sietse Ringers
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 13 deletions

Gopkg.lock Gopkg.lock +1 -1

irma_signature.go irma_signature.go +5 -1

irmago_test.go irmago_test.go +6 -0

verify.go verify.go +8 -11

No files found.
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -280,7 +280,7 @@
    "safeprime",
  ]
  pruneopts = "UT"
-  revision = "d24df08b9fc496d1a375a674be2e6d0e64b5e578"
+  revision = "a5a01cfeac1cf9781b73016f7f5492fd1bfca2ff"

 [[projects]]
  digest = "1:69b1cc331fca23d702bd72f860c6a647afd0aa9fcbc1d0659b1365e26546dd70"

--- a/irma_signature.go
+++ b/irma_signature.go
@@ -44,7 +44,11 @@ func (sm *SignedMessage) Disclosure() *Disclosure {
 // where serverNonce is the nonce sent by the signature requestor.
 func ASN1ConvertSignatureNonce(message string, nonce *big.Int, timestamp *atum.Timestamp) *big.Int {
 	msgHash := sha256.Sum256([]byte(message))
-	tohash := []interface{}{nonce.Value(), new(gobig.Int).SetBytes(msgHash[:])}
+	n := nonce.Value()
+	if n == nil {
+		n = gobig.NewInt(0)
+	}
+	tohash := []interface{}{n, new(gobig.Int).SetBytes(msgHash[:])}
 	if timestamp != nil {
 		tohash = append(tohash, timestamp.Sig.Data)
 	}

--- a/irmago_test.go
+++ b/irmago_test.go
@@ -354,6 +354,12 @@ func TestVerifyInValidNonce(t *testing.T) {
 	require.Equal(t, status, ProofStatusInvalid)
 }

+func TestEmptySignature(t *testing.T) {
+	msg := &SignedMessage{}
+	_, status, _ := msg.Verify(&Configuration{}, nil)
+	require.NotEqual(t, ProofStatusValid, status)
+}
+
 // Test attribute decoding with both old and new metadata versions
 func TestAttributeDecoding(t *testing.T) {
 	expected := "male"

--- a/verify.go
+++ b/verify.go
@@ -342,13 +342,6 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
 		message = sm.Message
 	}

-	// Verify the timestamp
-	if sm.Timestamp != nil {
-		if err := sm.VerifyTimestamp(message, configuration); err != nil {
-			return nil, ProofStatusInvalidTimestamp, nil
-		}
-	}
-
 	// Now, cryptographically verify the IRMA disclosure proofs in the signature
 	var required AttributeDisjunctionList
 	if request != nil {
@@ -359,17 +352,21 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
 		return result, status, err
 	}

-	// Check if a credential is expired
-	var t time.Time
+	// Next, verify the timestamp
+	t := time.Now()
 	if sm.Timestamp != nil {
+		if err := sm.VerifyTimestamp(message, configuration); err != nil {
+			return nil, ProofStatusInvalidTimestamp, nil
+		}
 		t = time.Unix(sm.Timestamp.Time, 0)
 	}
+
+	// Check if a credential was expired at creation time, according to the timestamp
 	if expired := ProofList(sm.Signature).Expired(configuration, &t); expired {
-		// The ABS contains attributes that were expired at the time of creation of the ABS.
 		return result, ProofStatusExpired, nil
 	}

-	// All disjunctions satisfied and nothing expired, proof is valid!
+	// The attributes were valid, nonexpired, and the request was satisfied
 	return result, ProofStatusValid, nil
 }