Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
28336521
Commit
28336521
authored
Apr 07, 2019
by
Sietse Ringers
Browse files
fix: disclosures consisting of 0 credentials are now invalid
parent
43bbf0a6
Changes
4
Hide whitespace changes
Inline
Side-by-side
Gopkg.lock
View file @
28336521
...
...
@@ -280,7 +280,7 @@
"safeprime",
]
pruneopts = "UT"
revision = "
d24df08b9fc496d1a375a674be2e6d0e64b5e578
"
revision = "
a5a01cfeac1cf9781b73016f7f5492fd1bfca2ff
"
[[projects]]
digest = "1:69b1cc331fca23d702bd72f860c6a647afd0aa9fcbc1d0659b1365e26546dd70"
...
...
irma_signature.go
View file @
28336521
...
...
@@ -44,7 +44,11 @@ func (sm *SignedMessage) Disclosure() *Disclosure {
// where serverNonce is the nonce sent by the signature requestor.
func
ASN1ConvertSignatureNonce
(
message
string
,
nonce
*
big
.
Int
,
timestamp
*
atum
.
Timestamp
)
*
big
.
Int
{
msgHash
:=
sha256
.
Sum256
([]
byte
(
message
))
tohash
:=
[]
interface
{}{
nonce
.
Value
(),
new
(
gobig
.
Int
)
.
SetBytes
(
msgHash
[
:
])}
n
:=
nonce
.
Value
()
if
n
==
nil
{
n
=
gobig
.
NewInt
(
0
)
}
tohash
:=
[]
interface
{}{
n
,
new
(
gobig
.
Int
)
.
SetBytes
(
msgHash
[
:
])}
if
timestamp
!=
nil
{
tohash
=
append
(
tohash
,
timestamp
.
Sig
.
Data
)
}
...
...
irmago_test.go
View file @
28336521
...
...
@@ -354,6 +354,12 @@ func TestVerifyInValidNonce(t *testing.T) {
require
.
Equal
(
t
,
status
,
ProofStatusInvalid
)
}
func
TestEmptySignature
(
t
*
testing
.
T
)
{
msg
:=
&
SignedMessage
{}
_
,
status
,
_
:=
msg
.
Verify
(
&
Configuration
{},
nil
)
require
.
NotEqual
(
t
,
ProofStatusValid
,
status
)
}
// Test attribute decoding with both old and new metadata versions
func
TestAttributeDecoding
(
t
*
testing
.
T
)
{
expected
:=
"male"
...
...
verify.go
View file @
28336521
...
...
@@ -342,13 +342,6 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
message
=
sm
.
Message
}
// Verify the timestamp
if
sm
.
Timestamp
!=
nil
{
if
err
:=
sm
.
VerifyTimestamp
(
message
,
configuration
);
err
!=
nil
{
return
nil
,
ProofStatusInvalidTimestamp
,
nil
}
}
// Now, cryptographically verify the IRMA disclosure proofs in the signature
var
required
AttributeDisjunctionList
if
request
!=
nil
{
...
...
@@ -359,17 +352,21 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
return
result
,
status
,
err
}
//
Check if a credential is expired
var
t
time
.
Time
//
Next, verify the timestamp
t
:=
time
.
Now
()
if
sm
.
Timestamp
!=
nil
{
if
err
:=
sm
.
VerifyTimestamp
(
message
,
configuration
);
err
!=
nil
{
return
nil
,
ProofStatusInvalidTimestamp
,
nil
}
t
=
time
.
Unix
(
sm
.
Timestamp
.
Time
,
0
)
}
// Check if a credential was expired at creation time, according to the timestamp
if
expired
:=
ProofList
(
sm
.
Signature
)
.
Expired
(
configuration
,
&
t
);
expired
{
// The ABS contains attributes that were expired at the time of creation of the ABS.
return
result
,
ProofStatusExpired
,
nil
}
//
All disjunctions satisfied and nothing expired, proof is valid!
//
The attributes were valid, nonexpired, and the request was satisfied
return
result
,
ProofStatusValid
,
nil
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment