Commit 38e75746 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Rename signature proof statuses

parent 56f09b6f
......@@ -32,10 +32,10 @@ type AttributeResultList []*AttributeResult
type AttributeProofStatus string
const (
PRESENT = AttributeProofStatus("PRESENT") // Attribute is disclosed and matches the value
EXTRA = AttributeProofStatus("EXTRA") // Attribute is disclosed, but wasn't requested in request
MISSING = AttributeProofStatus("MISSING") // Attribute is NOT disclosed, but should be according to request
INVALID_VALUE = AttributeProofStatus("INVALID_VALUE") // Attribute is disclosed, but has invalid value according to request
AttributeProofStatusPresent = AttributeProofStatus("PRESENT") // Attribute is disclosed and matches the value
AttributeProofStatusExtra = AttributeProofStatus("EXTRA") // Attribute is disclosed, but wasn't requested in request
AttributeProofStatusMissing = AttributeProofStatus("MISSING") // Attribute is NOT disclosed, but should be according to request
AttributeProofStatusInvalidValue = AttributeProofStatus("INVALID_VALUE") // Attribute is disclosed, but has invalid value according to request
)
var (
......
......@@ -230,7 +230,7 @@ func TestLogging(t *testing.T) {
require.NoError(t, err)
require.NotNil(t, sig)
status, list := sig.VerifyWithoutRequest(client.Configuration)
require.Equal(t, irma.VALID, status)
require.Equal(t, irma.ProofStatusValid, status)
require.NotEmpty(t, list)
require.Contains(t, list[0].Attributes, attrid)
require.Equal(t, "s1234567", list[0].Attributes[attrid]["en"])
......
......@@ -80,12 +80,12 @@ func TestManualSession(t *testing.T) {
// No errors, obtain proof result from channel
result := <-ms.resultChannel
if ps := result.ProofStatus; ps != irma.VALID {
t.Logf("Invalid proof result: %v Expected: %v", ps, irma.VALID)
if ps := result.ProofStatus; ps != irma.ProofStatusValid {
t.Logf("Invalid proof result: %v Expected: %v", ps, irma.ProofStatusValid)
t.Fatal()
}
if attrStatus := result.ToAttributeResultList()[0].AttributeProofStatus; attrStatus != irma.PRESENT {
t.Logf("Invalid attribute result value: %v Expected: %v", attrStatus, irma.PRESENT)
if attrStatus := result.ToAttributeResultList()[0].AttributeProofStatus; attrStatus != irma.AttributeProofStatusPresent {
t.Logf("Invalid attribute result value: %v Expected: %v", attrStatus, irma.AttributeProofStatusPresent)
t.Fail()
}
test.ClearTestStorage(t)
......@@ -127,8 +127,8 @@ func TestManualSessionInvalidNonce(t *testing.T) {
}
// No errors, obtain proof result from channel
if result := <-ms.resultChannel; result.ProofStatus != irma.UNMATCHED_REQUEST {
t.Logf("Invalid proof result: %v Expected: %v", result.ProofStatus, irma.UNMATCHED_REQUEST)
if result := <-ms.resultChannel; result.ProofStatus != irma.ProofStatusUnmatchedRequest {
t.Logf("Invalid proof result: %v Expected: %v", result.ProofStatus, irma.ProofStatusUnmatchedRequest)
t.Fail()
}
test.ClearTestStorage(t)
......@@ -153,19 +153,19 @@ func TestManualSessionInvalidRequest(t *testing.T) {
// No errors, obtain proof result from channel
result := <-ms.resultChannel
if ps := result.ProofStatus; ps != irma.MISSING_ATTRIBUTES {
t.Logf("Invalid proof result: %v Expected: %v", ps, irma.MISSING_ATTRIBUTES)
if ps := result.ProofStatus; ps != irma.ProofStatusMissingAttributes {
t.Logf("Invalid proof result: %v Expected: %v", ps, irma.ProofStatusMissingAttributes)
t.Fail()
}
// First attribute result is MISSING, because it is in the request but not disclosed
if attrStatus := result.ToAttributeResultList()[0].AttributeProofStatus; attrStatus != irma.MISSING {
t.Logf("Invalid attribute result value: %v Expected: %v", attrStatus, irma.MISSING)
if attrStatus := result.ToAttributeResultList()[0].AttributeProofStatus; attrStatus != irma.AttributeProofStatusMissing {
t.Logf("Invalid attribute result value: %v Expected: %v", attrStatus, irma.AttributeProofStatusMissing)
t.Fail()
}
// Second attribute result is EXTRA, since it is disclosed, but not matching the sigrequest
if attrStatus := result.ToAttributeResultList()[1].AttributeProofStatus; attrStatus != irma.EXTRA {
t.Logf("Invalid attribute result value: %v Expected: %v", attrStatus, irma.EXTRA)
if attrStatus := result.ToAttributeResultList()[1].AttributeProofStatus; attrStatus != irma.AttributeProofStatusExtra {
t.Logf("Invalid attribute result value: %v Expected: %v", attrStatus, irma.AttributeProofStatusExtra)
t.Fail()
}
test.ClearTestStorage(t)
......@@ -190,12 +190,12 @@ func TestManualSessionInvalidAttributeValue(t *testing.T) {
// No errors, obtain proof result from channel
result := <-ms.resultChannel
if ps := result.ProofStatus; ps != irma.MISSING_ATTRIBUTES {
t.Logf("Invalid proof result: %v Expected: %v", ps, irma.MISSING_ATTRIBUTES)
if ps := result.ProofStatus; ps != irma.ProofStatusMissingAttributes {
t.Logf("Invalid proof result: %v Expected: %v", ps, irma.ProofStatusMissingAttributes)
t.Fail()
}
if attrStatus := result.ToAttributeResultList()[0].AttributeProofStatus; attrStatus != irma.INVALID_VALUE {
t.Logf("Invalid attribute result value: %v Expected: %v", attrStatus, irma.INVALID_VALUE)
if attrStatus := result.ToAttributeResultList()[0].AttributeProofStatus; attrStatus != irma.AttributeProofStatusInvalidValue {
t.Logf("Invalid attribute result value: %v Expected: %v", attrStatus, irma.AttributeProofStatusInvalidValue)
t.Fail()
}
test.ClearTestStorage(t)
......@@ -217,8 +217,8 @@ func TestManualKeyShareSession(t *testing.T) {
}
// No errors, obtain proof result from channel
if result := <-ms.resultChannel; result.ProofStatus != irma.VALID {
t.Logf("Invalid proof result: %v Expected: %v", result.ProofStatus, irma.VALID)
if result := <-ms.resultChannel; result.ProofStatus != irma.ProofStatusValid {
t.Logf("Invalid proof result: %v Expected: %v", result.ProofStatus, irma.ProofStatusValid)
t.Fail()
}
test.ClearTestStorage(t)
......@@ -250,16 +250,16 @@ func TestManualSessionMultiProof(t *testing.T) {
// No errors, obtain proof result from channel
result := <-ms.resultChannel
if ps := result.ProofStatus; ps != irma.VALID {
t.Logf("Invalid proof result: %v Expected: %v", result.ProofStatus, irma.VALID)
if ps := result.ProofStatus; ps != irma.ProofStatusValid {
t.Logf("Invalid proof result: %v Expected: %v", result.ProofStatus, irma.ProofStatusValid)
t.Fail()
}
if attrStatus := result.ToAttributeResultList()[0].AttributeProofStatus; attrStatus != irma.PRESENT {
t.Logf("Invalid attribute result value: %v Expected: %v", attrStatus, irma.PRESENT)
if attrStatus := result.ToAttributeResultList()[0].AttributeProofStatus; attrStatus != irma.AttributeProofStatusPresent {
t.Logf("Invalid attribute result value: %v Expected: %v", attrStatus, irma.AttributeProofStatusPresent)
t.Fail()
}
if attrStatus := result.ToAttributeResultList()[1].AttributeProofStatus; attrStatus != irma.PRESENT {
t.Logf("Invalid attribute result value: %v Expected: %v", attrStatus, irma.PRESENT)
if attrStatus := result.ToAttributeResultList()[1].AttributeProofStatus; attrStatus != irma.AttributeProofStatusPresent {
t.Logf("Invalid attribute result value: %v Expected: %v", attrStatus, irma.AttributeProofStatusPresent)
t.Fail()
}
test.ClearTestStorage(t)
......@@ -280,8 +280,8 @@ func TestManualSessionInvalidProof(t *testing.T) {
}
// No errors, obtain proof result from channel
if result := <-ms.resultChannel; result.ProofStatus != irma.INVALID_CRYPTO {
t.Logf("Invalid proof result: %v Expected: %v", result.ProofStatus, irma.INVALID_CRYPTO)
if result := <-ms.resultChannel; result.ProofStatus != irma.ProofStatusInvalidCrypto {
t.Logf("Invalid proof result: %v Expected: %v", result.ProofStatus, irma.ProofStatusInvalidCrypto)
t.Fail()
}
test.ClearTestStorage(t)
......
......@@ -289,10 +289,10 @@ func TestVerifyValidSig(t *testing.T) {
// Test if we can verify it with the original request
sigProofResult := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, sigProofResult.ProofStatus, VALID)
require.Equal(t, sigProofResult.ProofStatus, ProofStatusValid)
attributeList := sigProofResult.ToAttributeResultList()
require.Len(t, attributeList, 1)
require.Equal(t, attributeList[0].AttributeProofStatus, PRESENT)
require.Equal(t, attributeList[0].AttributeProofStatus, AttributeProofStatusPresent)
require.Equal(t, attributeList[0].AttributeValue["en"], "456")
// Test if we can verify it with a request that contains strings instead of ints for nonce and context
......@@ -306,10 +306,10 @@ func TestVerifyValidSig(t *testing.T) {
// Test if we can verify it with the original request
stringSigProofResult := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, stringSigProofResult.ProofStatus, VALID)
require.Equal(t, stringSigProofResult.ProofStatus, ProofStatusValid)
stringAttributeList := sigProofResult.ToAttributeResultList()
require.Len(t, stringAttributeList, 1)
require.Equal(t, stringAttributeList[0].AttributeProofStatus, PRESENT)
require.Equal(t, stringAttributeList[0].AttributeProofStatus, AttributeProofStatusPresent)
require.Equal(t, stringAttributeList[0].AttributeValue["en"], "456")
// Test verify against unmatched request (i.e. different nonce, context or message)
......@@ -318,11 +318,11 @@ func TestVerifyValidSig(t *testing.T) {
unmatchedSigRequest := &SignatureRequest{}
json.Unmarshal(unmatchedSigRequestJSON, unmatchedSigRequest)
unmatchedResult := irmaSignedMessage.Verify(conf, unmatchedSigRequest)
require.Equal(t, unmatchedResult.ProofStatus, UNMATCHED_REQUEST)
require.Equal(t, unmatchedResult.ProofStatus, ProofStatusUnmatchedRequest)
// Test if we can also verify it without using the original request
proofStatus, disclosed := irmaSignedMessage.VerifyWithoutRequest(conf)
require.Equal(t, proofStatus, VALID)
require.Equal(t, proofStatus, ProofStatusValid)
require.Len(t, disclosed, 1)
require.Equal(t, disclosed[0].Attributes[NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")]["en"], "456")
}
......@@ -341,10 +341,10 @@ func TestVerifyInValidSig(t *testing.T) {
json.Unmarshal(sigRequestJSON, sigRequest)
sigProofResult := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, sigProofResult.ProofStatus, INVALID_CRYPTO)
require.Equal(t, sigProofResult.ProofStatus, ProofStatusInvalidCrypto)
proofStatus, disclosed := irmaSignedMessage.VerifyWithoutRequest(conf)
require.Equal(t, proofStatus, INVALID_CRYPTO)
require.Equal(t, proofStatus, ProofStatusInvalidCrypto)
require.Nil(t, disclosed)
}
......@@ -363,10 +363,10 @@ func TestVerifyInValidNonce(t *testing.T) {
json.Unmarshal(sigRequestJSON, sigRequest)
sigProofResult := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, sigProofResult.ProofStatus, INVALID_CRYPTO)
require.Equal(t, sigProofResult.ProofStatus, ProofStatusInvalidCrypto)
proofStatus, disclosed := irmaSignedMessage.VerifyWithoutRequest(conf)
require.Equal(t, proofStatus, INVALID_CRYPTO)
require.Equal(t, proofStatus, ProofStatusInvalidCrypto)
require.Nil(t, disclosed)
}
......
......@@ -13,15 +13,15 @@ import (
type ProofStatus string
const (
VALID = ProofStatus("VALID")
INVALID_CRYPTO = ProofStatus("INVALID_CRYPTO")
INVALID_TIMESTAMP = ProofStatus("INVALID_TIMESTAMP")
UNMATCHED_REQUEST = ProofStatus("UNMATCHED_REQUEST")
MISSING_ATTRIBUTES = ProofStatus("MISSING_ATTRIBUTES")
ProofStatusValid = ProofStatus("VALID")
ProofStatusInvalidCrypto = ProofStatus("INVALID_CRYPTO")
ProofStatusInvalidTimestamp = ProofStatus("INVALID_TIMESTAMP")
ProofStatusUnmatchedRequest = ProofStatus("UNMATCHED_REQUEST")
ProofStatusMissingAttributes = ProofStatus("MISSING_ATTRIBUTES")
// The contained attributes are currently expired, but it is not certain if they already were expired
// during creation of the ABS.
EXPIRED = ProofStatus("EXPIRED")
ProofStatusExpired = ProofStatus("EXPIRED")
)
// ProofResult is a result of a complete proof, containing all the disclosed attributes and corresponding request
......@@ -68,18 +68,18 @@ func (disclosed DisclosedCredentialList) isAttributeSatisfied(attributeId Attrib
ar.AttributeValue = disclosedAttributeValue
if requestedValue == nil || *cred.rawAttributes[attributeId] == *requestedValue {
ar.AttributeProofStatus = PRESENT
ar.AttributeProofStatus = AttributeProofStatusPresent
return true, &ar
} else {
// If attribute is disclosed and present, but not equal to required value, mark it as invalid_value
// We won't return true and continue searching in other disclosed attributes
ar.AttributeProofStatus = INVALID_VALUE
ar.AttributeProofStatus = AttributeProofStatusInvalidValue
}
}
// If there is never a value assigned, then this attribute isn't disclosed, and thus missing
if len(ar.AttributeValue) == 0 {
ar.AttributeProofStatus = MISSING
ar.AttributeProofStatus = AttributeProofStatusMissing
}
return false, &ar
}
......@@ -101,7 +101,7 @@ func (disclosed DisclosedCredentialList) createAndCheckSignatureProofResult(conf
// Else, set proof status to missing_attributes, but check other as well to add other disjunctions to result
// (so user also knows attribute status of other disjunctions)
signatureProofResult.ProofStatus = MISSING_ATTRIBUTES
signatureProofResult.ProofStatus = ProofStatusMissingAttributes
}
signatureProofResult.Disjunctions = addExtraAttributes(disclosed, signatureProofResult.ProofResult)
......@@ -227,7 +227,7 @@ func addExtraAttributes(disclosed DisclosedCredentialList, proofResult *ProofRes
dummyDisj := DisclosedAttributeDisjunction{
DisclosedValue: cred.Attributes[attrId],
DisclosedId: attrId,
ProofStatus: EXTRA,
ProofStatus: AttributeProofStatusExtra,
}
returnDisjunctions = append(returnDisjunctions, &dummyDisj)
}
......@@ -244,7 +244,7 @@ func (sm *SignedMessage) checkWithRequest(configuration *Configuration, sigReque
fmt.Println(err)
return &SignatureProofResult{
ProofResult: &ProofResult{
ProofStatus: INVALID_CRYPTO,
ProofStatus: ProofStatusInvalidCrypto,
},
}
}
......@@ -253,7 +253,7 @@ func (sm *SignedMessage) checkWithRequest(configuration *Configuration, sigReque
// Return MISSING_ATTRIBUTES as proofstatus if one attribute is missing
// This status takes priority over 'EXPIRED'
if signatureProofResult.ProofStatus == MISSING_ATTRIBUTES {
if signatureProofResult.ProofStatus == ProofStatusMissingAttributes {
return signatureProofResult
}
......@@ -263,20 +263,20 @@ func (sm *SignedMessage) checkWithRequest(configuration *Configuration, sigReque
// At least one of the contained attributes has currently expired. We don't know the
// creation time of the ABS so we can't ascertain that the attributes were still valid then.
// Otherwise the signature is valid.
signatureProofResult.ProofStatus = EXPIRED
signatureProofResult.ProofStatus = ProofStatusExpired
return signatureProofResult
}
} else {
if disclosed.IsExpired(time.Unix(sm.Timestamp.Time, 0)) {
// The ABS contains attributes that were expired at the time of creation of the ABS.
// This must not happen and in this case the signature is invalid
signatureProofResult.ProofStatus = INVALID_CRYPTO
signatureProofResult.ProofStatus = ProofStatusInvalidCrypto
return signatureProofResult
}
}
// All disjunctions satisfied and nothing expired, proof is valid!
signatureProofResult.ProofStatus = VALID
signatureProofResult.ProofStatus = ProofStatusValid
return signatureProofResult
}
......@@ -298,7 +298,7 @@ func (sm *SignedMessage) Verify(configuration *Configuration, sigRequest *Signat
if !sm.MatchesNonceAndContext(sigRequest) {
return &SignatureProofResult{
ProofResult: &ProofResult{
ProofStatus: UNMATCHED_REQUEST,
ProofStatus: ProofStatusUnmatchedRequest,
},
}
}
......@@ -308,7 +308,7 @@ func (sm *SignedMessage) Verify(configuration *Configuration, sigRequest *Signat
if err := sm.VerifyTimestamp(sigRequest.Message, configuration); err != nil {
return &SignatureProofResult{
ProofResult: &ProofResult{
ProofStatus: INVALID_TIMESTAMP,
ProofStatus: ProofStatusInvalidTimestamp,
},
}
}
......@@ -318,7 +318,7 @@ func (sm *SignedMessage) Verify(configuration *Configuration, sigRequest *Signat
if !verify(configuration, sm.Signature, sigRequest.GetContext(), sigRequest.GetNonce(), true) {
return &SignatureProofResult{
ProofResult: &ProofResult{
ProofStatus: INVALID_CRYPTO,
ProofStatus: ProofStatusInvalidCrypto,
},
}
}
......@@ -332,13 +332,13 @@ func (sm *SignedMessage) VerifyWithoutRequest(configuration *Configuration) (Pro
// First, verify the timestamp, if any
if sm.Timestamp != nil {
if err := sm.VerifyTimestamp(sm.Message, configuration); err != nil {
return INVALID_TIMESTAMP, nil
return ProofStatusInvalidTimestamp, nil
}
}
// Cryptographically verify the signature
if !verify(configuration, sm.Signature, sm.Context, sm.GetNonce(), true) {
return INVALID_CRYPTO, nil
return ProofStatusInvalidCrypto, nil
}
// Extract attributes and return result
......@@ -346,18 +346,18 @@ func (sm *SignedMessage) VerifyWithoutRequest(configuration *Configuration) (Pro
if err != nil {
fmt.Println(err)
return INVALID_CRYPTO, nil
return ProofStatusInvalidCrypto, nil
}
if sm.Timestamp == nil {
if disclosed.IsExpired(time.Now()) {
return EXPIRED, disclosed
return ProofStatusExpired, disclosed
}
} else {
if disclosed.IsExpired(time.Unix(sm.Timestamp.Time, 0)) {
return INVALID_CRYPTO, nil
return ProofStatusInvalidCrypto, nil
}
}
return VALID, disclosed
return ProofStatusValid, disclosed
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment