refactor: rename structs, interfaces, members, vars and more of the keyshare server

40ff4726 · Sietse Ringers · 66771bd7 · 40ff4726 · 40ff4726 · 40ff4726
Commit 40ff4726 authored May 27, 2021 by Sietse Ringers
--- a/internal/keysharecore/keys.go
+++ b/internal/keysharecore/keys.go
@@ -16,17 +16,20 @@ const (
 )

 type (
-	AesKey [32]byte
+	AESKey [32]byte

 	Core struct {
 		// Keys used for storage encryption/decryption
-		decryptionKeys  map[uint32]AesKey
-		encryptionKey   AesKey
-		encryptionKeyID uint32
+		decryptionKeys  map[uint32]AESKey
+		decryptionKey   AESKey
+		decryptionKeyID uint32

 		// Key used to sign keyshare protocol messages
-		signKey   *rsa.PrivateKey
-		signKeyID uint32
+		jwtPrivateKey   *rsa.PrivateKey
+		jwtPrivateKeyID uint32
+
+		jwtIssuer    string
+		jwtPinExpiry int

 		// Commit values generated in first step of keyshare protocol
 		commitmentData  map[uint64]*big.Int
@@ -35,16 +38,17 @@ type (
 		// IRMA issuer keys that are allowed to be used in keyshare
 		//  sessions
 		trustedKeys map[irma.PublicKeyIdentifier]*gabikeys.PublicKey
-
-		jwtIssuer    string
-		jwtPinExpiry int
 	}

 	Configuration struct {
-		AESKeyID     uint32
-		AESKey       AesKey
-		SignKeyID    uint32
-		SignKey      *rsa.PrivateKey
+		// Keys used for storage encryption/decryption
+		DecryptionKey   AESKey
+		DecryptionKeyID uint32
+
+		// Key used to sign keyshare protocol messages
+		JWTPrivateKey   *rsa.PrivateKey
+		JWTPrivateKeyID uint32
+
 		JWTIssuer    string
 		JWTPinExpiry int // in seconds
 	}
@@ -52,13 +56,13 @@ type (

 func NewKeyshareCore(conf *Configuration) *Core {
 	c := &Core{
-		decryptionKeys: map[uint32]AesKey{},
+		decryptionKeys: map[uint32]AESKey{},
 		commitmentData: map[uint64]*big.Int{},
 		trustedKeys:    map[irma.PublicKeyIdentifier]*gabikeys.PublicKey{},
 	}

-	c.setAESEncryptionKey(conf.AESKeyID, conf.AESKey)
-	c.setSignKey(conf.SignKeyID, conf.SignKey)
+	c.setDecryptionKey(conf.DecryptionKeyID, conf.DecryptionKey)
+	c.setJWTPrivateKey(conf.JWTPrivateKeyID, conf.JWTPrivateKey)

 	c.jwtIssuer = conf.JWTIssuer
 	if c.jwtIssuer == "" {
@@ -72,31 +76,31 @@ func NewKeyshareCore(conf *Configuration) *Core {
 	return c
 }

-func GenerateAESKey() (AesKey, error) {
-	var res AesKey
+func GenerateDecryptionKey() (AESKey, error) {
+	var res AESKey
 	_, err := rand.Read(res[:])
 	return res, err
 }

 // Add an aes key for decryption, with identifier keyid
 // Calling this will cause all keyshare packets generated with the key to be trusted
-func (c *Core) DangerousAddAESKey(keyID uint32, key AesKey) {
+func (c *Core) DangerousAddDecryptionKey(keyID uint32, key AESKey) {
 	c.decryptionKeys[keyID] = key
 }

 // Set the aes key for encrypting new/changed keyshare data
 // with identifier keyid
-// Calling this wil also cause all keyshare packets generated with the key to be trusted
-func (c *Core) setAESEncryptionKey(keyID uint32, key AesKey) {
+// Calling this will also cause all keyshare packets generated with the key to be trusted
+func (c *Core) setDecryptionKey(keyID uint32, key AESKey) {
 	c.decryptionKeys[keyID] = key
-	c.encryptionKey = key
-	c.encryptionKeyID = keyID
+	c.decryptionKey = key
+	c.decryptionKeyID = keyID
 }

 // Set key used to sign keyshare protocol messages
-func (c *Core) setSignKey(id uint32, key *rsa.PrivateKey) {
-	c.signKey = key
-	c.signKeyID = id
+func (c *Core) setJWTPrivateKey(id uint32, key *rsa.PrivateKey) {
+	c.jwtPrivateKey = key
+	c.jwtPrivateKeyID = id
 }

 // Add public key as trusted by keyshareCore. Calling this on incorrectly generated key material WILL compromise keyshare secrets!

--- a/internal/keysharecore/operations.go
+++ b/internal/keysharecore/operations.go
@@ -26,43 +26,43 @@ var (
 )

 // Generate a new keyshare secret, secured with the given pin
-func (c *Core) GenerateKeyshareSecret(pinRaw string) (EncryptedKeysharePacket, error) {
+func (c *Core) NewUser(pinRaw string) (User, error) {
 	secret, err := gabi.NewKeyshareSecret()
 	if err != nil {
-		return EncryptedKeysharePacket{}, err
+		return User{}, err
 	}

-	return c.DangerousBuildKeyshareSecret(pinRaw, secret)
+	return c.newUserFromSecret(pinRaw, secret)
 }

-func (c *Core) DangerousBuildKeyshareSecret(pinRaw string, secret *big.Int) (EncryptedKeysharePacket, error) {
+func (c *Core) newUserFromSecret(pinRaw string, secret *big.Int) (User, error) {
 	pin, err := padPin(pinRaw)
 	if err != nil {
-		return EncryptedKeysharePacket{}, err
+		return User{}, err
 	}

 	var id [32]byte
 	_, err = rand.Read(id[:])
 	if err != nil {
-		return EncryptedKeysharePacket{}, err
+		return User{}, err
 	}

 	// Build unencrypted packet
-	var p unencryptedKeysharePacket
+	var p unencryptedUser
 	p.setPin(pin)
 	err = p.setKeyshareSecret(secret)
 	if err != nil {
-		return EncryptedKeysharePacket{}, err
+		return User{}, err
 	}
 	p.setID(id)

 	// And encrypt
-	return c.encryptPacket(p)
+	return c.encryptUser(p)
 }

 // Check pin for validity, and generate jwt for future access
-func (c *Core) ValidatePin(ep EncryptedKeysharePacket, pin string, userID string) (string, error) {
-	p, err := c.decryptPacketIfPinOK(ep, pin)
+func (c *Core) ValidatePin(ep User, pin string, userID string) (string, error) {
+	p, err := c.decryptUserIfPinOK(ep, pin)
 	if err != nil {
 		return "", err
 	}
@@ -76,88 +76,88 @@ func (c *Core) ValidatePin(ep EncryptedKeysharePacket, pin string, userID string
 		"exp":      time.Now().Add(time.Duration(c.jwtPinExpiry) * time.Second).Unix(),
 		"token_id": base64.StdEncoding.EncodeToString(id[:]),
 	})
-	token.Header["kid"] = c.signKeyID
-	return token.SignedString(c.signKey)
+	token.Header["kid"] = c.jwtPrivateKeyID
+	return token.SignedString(c.jwtPrivateKey)
 }

 // Check whether the given JWT is currently valid as an access token for operations on the provided encrypted keyshare packet
-func (c *Core) ValidateJWT(ep EncryptedKeysharePacket, jwt string) error {
+func (c *Core) ValidateJWT(ep User, jwt string) error {
 	_, err := c.verifyAccess(ep, jwt)
 	return err
 }

 // Change pin in an encrypted keyshare packet to a new value, after validating that the old value is known by caller.
-func (c *Core) ChangePin(ep EncryptedKeysharePacket, oldpinRaw, newpinRaw string) (EncryptedKeysharePacket, error) {
-	p, err := c.decryptPacketIfPinOK(ep, oldpinRaw)
+func (c *Core) ChangePin(ep User, oldpinRaw, newpinRaw string) (User, error) {
+	p, err := c.decryptUserIfPinOK(ep, oldpinRaw)
 	if err != nil {
-		return EncryptedKeysharePacket{}, err
+		return User{}, err
 	}

 	newpin, err := padPin(newpinRaw)
 	if err != nil {
-		return EncryptedKeysharePacket{}, err
+		return User{}, err
 	}

 	// change and reencrypt
 	var id [32]byte
 	_, err = rand.Read(id[:])
 	if err != nil {
-		return EncryptedKeysharePacket{}, err
+		return User{}, err
 	}
 	p.setPin(newpin)
 	p.setID(id)
-	return c.encryptPacket(p)
+	return c.encryptUser(p)
 }

 // Verify that a given access jwt is valid, and if so, return decrypted keyshare packet
 //  Note: Although this is an internal function, it is tested directly
-func (c *Core) verifyAccess(ep EncryptedKeysharePacket, jwtToken string) (unencryptedKeysharePacket, error) {
+func (c *Core) verifyAccess(ep User, jwtToken string) (unencryptedUser, error) {
 	// Verify token validity
 	token, err := jwt.Parse(jwtToken, func(token *jwt.Token) (interface{}, error) {
 		if token.Method != jwt.SigningMethodRS256 {
 			return nil, ErrInvalidJWT
 		}

-		return &c.signKey.PublicKey, nil
+		return &c.jwtPrivateKey.PublicKey, nil
 	})
 	if err != nil {
-		return unencryptedKeysharePacket{}, ErrInvalidJWT
+		return unencryptedUser{}, ErrInvalidJWT
 	}

 	claims, ok := token.Claims.(jwt.MapClaims)
 	if !ok || claims.Valid() != nil {
-		return unencryptedKeysharePacket{}, ErrInvalidJWT
+		return unencryptedUser{}, ErrInvalidJWT
 	}
 	if !claims.VerifyExpiresAt(time.Now().Unix(), true) {
-		return unencryptedKeysharePacket{}, ErrInvalidJWT
+		return unencryptedUser{}, ErrInvalidJWT
 	}
 	if _, present := claims["token_id"]; !present {
-		return unencryptedKeysharePacket{}, ErrInvalidJWT
+		return unencryptedUser{}, ErrInvalidJWT
 	}
 	tokenIDB64, ok := claims["token_id"].(string)
 	if !ok {
-		return unencryptedKeysharePacket{}, ErrInvalidJWT
+		return unencryptedUser{}, ErrInvalidJWT
 	}
 	tokenID, err := base64.StdEncoding.DecodeString(tokenIDB64)
 	if err != nil {
-		return unencryptedKeysharePacket{}, ErrInvalidJWT
+		return unencryptedUser{}, ErrInvalidJWT
 	}

-	p, err := c.decryptPacket(ep)
+	p, err := c.decryptUser(ep)
 	if err != nil {
-		return unencryptedKeysharePacket{}, err
+		return unencryptedUser{}, err
 	}
 	refId := p.id()

 	if subtle.ConstantTimeCompare(refId[:], tokenID) != 1 {
-		return unencryptedKeysharePacket{}, ErrInvalidJWT
+		return unencryptedUser{}, ErrInvalidJWT
 	}

 	return p, nil
 }

 // Get keyshare commitment usign given idemix public key(s)
-func (c *Core) GenerateCommitments(ep EncryptedKeysharePacket, accessToken string, keyIDs []irma.PublicKeyIdentifier) ([]*gabi.ProofPCommitment, uint64, error) {
+func (c *Core) GenerateCommitments(ep User, accessToken string, keyIDs []irma.PublicKeyIdentifier) ([]*gabi.ProofPCommitment, uint64, error) {
 	// Validate input request and build key list
 	var keyList []*gabikeys.PublicKey
 	for _, keyID := range keyIDs {
@@ -196,7 +196,7 @@ func (c *Core) GenerateCommitments(ep EncryptedKeysharePacket, accessToken strin
 }

 // Generate response for zero-knowledge proof of keyshare secret, for a given previous commit and challenge
-func (c *Core) GenerateResponse(ep EncryptedKeysharePacket, accessToken string, commitID uint64, challenge *big.Int, keyID irma.PublicKeyIdentifier) (string, error) {
+func (c *Core) GenerateResponse(ep User, accessToken string, commitID uint64, challenge *big.Int, keyID irma.PublicKeyIdentifier) (string, error) {
 	// Validate request
 	if uint(challenge.BitLen()) > gabikeys.DefaultSystemParameters[1024].Lh || challenge.Cmp(big.NewInt(0)) < 0 {
 		return "", ErrInvalidChallenge
@@ -228,8 +228,8 @@ func (c *Core) GenerateResponse(ep EncryptedKeysharePacket, accessToken string,
 		"sub":    "ProofP",
 		"iss":    c.jwtIssuer,
 	})
-	token.Header["kid"] = c.signKeyID
-	return token.SignedString(c.signKey)
+	token.Header["kid"] = c.jwtPrivateKeyID
+	return token.SignedString(c.jwtPrivateKey)
 }

 // Pad pin string into 64 bytes, extending it with 0s if neccessary

--- a/internal/keysharecore/operations_test.go
+++ b/internal/keysharecore/operations_test.go
@@ -21,10 +21,10 @@ import (

 func TestPinFunctionality(t *testing.T) {
 	// Setup keys for test
-	var key AesKey
+	var key AESKey
 	_, err := rand.Read(key[:])
 	require.NoError(t, err)
-	c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
+	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})

 	// generate test pin
 	var bpin [64]byte
@@ -33,7 +33,7 @@ func TestPinFunctionality(t *testing.T) {
 	pin := string(bpin[:])

 	// Generate package
-	ep, err := c.GenerateKeyshareSecret(pin)
+	ep, err := c.NewUser(pin)
 	require.NoError(t, err)

 	// Test with correct pin
@@ -67,10 +67,10 @@ func TestPinFunctionality(t *testing.T) {

 func TestVerifyAccess(t *testing.T) {
 	// Setup keys for test
-	var key AesKey
+	var key AESKey
 	_, err := rand.Read(key[:])
 	require.NoError(t, err)
-	c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
+	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})

 	// Generate test pins
 	var bpin [64]byte
@@ -82,9 +82,9 @@ func TestVerifyAccess(t *testing.T) {
 	pin2 := string(bpin[:])

 	// and test keyshare secrets
-	ep1, err := c.GenerateKeyshareSecret(pin1)
+	ep1, err := c.NewUser(pin1)
 	require.NoError(t, err)
-	ep2, err := c.GenerateKeyshareSecret(pin2)
+	ep2, err := c.NewUser(pin2)
 	require.NoError(t, err)

 	// Test use jwt on wrong packet
@@ -105,7 +105,7 @@ func TestVerifyAccess(t *testing.T) {
 		"exp":      time.Now().Add(-3 * time.Minute).Unix(),
 		"token_id": tokenID,
 	})
-	jwtt, err = token.SignedString(c.signKey)
+	jwtt, err = token.SignedString(c.jwtPrivateKey)
 	require.NoError(t, err)
 	_, err = c.verifyAccess(ep1, jwtt)
 	assert.Error(t, err)
@@ -115,7 +115,7 @@ func TestVerifyAccess(t *testing.T) {
 		"iat":      time.Now().Unix(),
 		"token_id": tokenID,
 	})
-	jwtt, err = token.SignedString(c.signKey)
+	jwtt, err = token.SignedString(c.jwtPrivateKey)
 	require.NoError(t, err)
 	_, err = c.verifyAccess(ep1, jwtt)
 	assert.Error(t, err)
@@ -126,7 +126,7 @@ func TestVerifyAccess(t *testing.T) {
 		"exp":      "test",
 		"token_id": tokenID,
 	})
-	jwtt, err = token.SignedString(c.signKey)
+	jwtt, err = token.SignedString(c.jwtPrivateKey)
 	require.NoError(t, err)
 	_, err = c.verifyAccess(ep1, jwtt)
 	assert.Error(t, err)
@@ -136,7 +136,7 @@ func TestVerifyAccess(t *testing.T) {
 		"iat": time.Now().Unix(),
 		"exp": time.Now().Add(3 * time.Minute).Unix(),
 	})
-	jwtt, err = token.SignedString(c.signKey)
+	jwtt, err = token.SignedString(c.jwtPrivateKey)
 	require.NoError(t, err)
 	_, err = c.verifyAccess(ep1, jwtt)
 	assert.Error(t, err)
@@ -147,7 +147,7 @@ func TestVerifyAccess(t *testing.T) {
 		"exp":      time.Now().Add(3 * time.Minute).Unix(),
 		"token_id": 7,
 	})
-	jwtt, err = token.SignedString(c.signKey)
+	jwtt, err = token.SignedString(c.jwtPrivateKey)
 	require.NoError(t, err)
 	_, err = c.verifyAccess(ep1, jwtt)
 	assert.Error(t, err)
@@ -166,10 +166,10 @@ func TestVerifyAccess(t *testing.T) {

 func TestProofFunctionality(t *testing.T) {
 	// Setup keys for test
-	var key AesKey
+	var key AESKey
 	_, err := rand.Read(key[:])
 	require.NoError(t, err)
-	c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
+	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
 	c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)

 	// generate test pin
@@ -179,7 +179,7 @@ func TestProofFunctionality(t *testing.T) {
 	pin := string(bpin[:])

 	// generate keyshare secret
-	ep, err := c.GenerateKeyshareSecret(pin)
+	ep, err := c.NewUser(pin)
 	require.NoError(t, err)

 	// Validate pin
@@ -201,7 +201,7 @@ func TestProofFunctionality(t *testing.T) {
 	}{}
 	fmt.Println(Rjwt)
 	_, err = jwt.ParseWithClaims(Rjwt, claims, func(tok *jwt.Token) (interface{}, error) {
-		return &c.signKey.PublicKey, nil
+		return &c.jwtPrivateKey.PublicKey, nil
 	})
 	require.NoError(t, err)

@@ -216,10 +216,10 @@ func TestProofFunctionality(t *testing.T) {

 func TestCorruptedPacket(t *testing.T) {
 	// Setup keys for test
-	var key AesKey
+	var key AESKey
 	_, err := rand.Read(key[:])
 	require.NoError(t, err)
-	c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
+	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
 	c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)

 	// Test parameters
@@ -229,7 +229,7 @@ func TestCorruptedPacket(t *testing.T) {
 	pin := string(bpin[:])

 	// Generate packet
-	ep, err := c.GenerateKeyshareSecret(pin)
+	ep, err := c.NewUser(pin)
 	require.NoError(t, err)

 	jwtt, err := c.ValidatePin(ep, pin, "testid")
@@ -260,10 +260,10 @@ func TestCorruptedPacket(t *testing.T) {

 func TestIncorrectPin(t *testing.T) {
 	// Setup keys for test
-	var key AesKey
+	var key AESKey
 	_, err := rand.Read(key[:])
 	require.NoError(t, err)
-	c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
+	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
 	c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)

 	// Test parameters
@@ -273,7 +273,7 @@ func TestIncorrectPin(t *testing.T) {
 	pin := string(bpin[:])

 	// Generate packet
-	ep, err := c.GenerateKeyshareSecret(pin)
+	ep, err := c.NewUser(pin)
 	require.NoError(t, err)

 	// validate pin
@@ -297,10 +297,10 @@ func TestIncorrectPin(t *testing.T) {

 func TestMissingKey(t *testing.T) {
 	// Setup keys for test
-	var key AesKey
+	var key AESKey
 	_, err := rand.Read(key[:])
 	require.NoError(t, err)
-	c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
+	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
 	c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)

 	// Test parameters
@@ -310,7 +310,7 @@ func TestMissingKey(t *testing.T) {
 	pin := string(bpin[:])

 	// Generate packet
-	ep, err := c.GenerateKeyshareSecret(pin)
+	ep, err := c.NewUser(pin)
 	require.NoError(t, err)

 	// Generate jwt
@@ -330,10 +330,10 @@ func TestMissingKey(t *testing.T) {

 func TestInvalidChallenge(t *testing.T) {
 	// Setup keys for test
-	var key AesKey
+	var key AESKey
 	_, err := rand.Read(key[:])
 	require.NoError(t, err)
-	c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
+	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
 	c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)

 	// Test parameters
@@ -343,7 +343,7 @@ func TestInvalidChallenge(t *testing.T) {
 	pin := string(bpin[:])

 	// Generate packet
-	ep, err := c.GenerateKeyshareSecret(pin)
+	ep, err := c.NewUser(pin)
 	require.NoError(t, err)

 	// Validate pin
@@ -371,10 +371,10 @@ func TestInvalidChallenge(t *testing.T) {

 func TestDoubleCommitUse(t *testing.T) {
 	// Setup keys for test
-	var key AesKey
+	var key AESKey
 	_, err := rand.Read(key[:])
 	require.NoError(t, err)
-	c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
+	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
 	c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)

 	// Test parameters
@@ -384,7 +384,7 @@ func TestDoubleCommitUse(t *testing.T) {
 	pin := string(bpin[:])

 	// Generate packet
-	ep, err := c.GenerateKeyshareSecret(pin)
+	ep, err := c.NewUser(pin)
 	require.NoError(t, err)

 	// validate pin
@@ -402,10 +402,10 @@ func TestDoubleCommitUse(t *testing.T) {

 func TestNonExistingCommit(t *testing.T) {
 	// Setup keys for test
-	var key AesKey
+	var key AESKey
 	_, err := rand.Read(key[:])
 	require.NoError(t, err)
-	c := NewKeyshareCore(&Configuration{AESKeyID: 1, AESKey: key, SignKeyID: 1, SignKey: jwtTestKey})
+	c := NewKeyshareCore(&Configuration{DecryptionKeyID: 1, DecryptionKey: key, JWTPrivateKeyID: 1, JWTPrivateKey: jwtTestKey})
 	c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)

 	// Test parameters
@@ -415,7 +415,7 @@ func TestNonExistingCommit(t *testing.T) {
 	pin := string(bpin[:])

 	// Generate packet
-	ep, err := c.GenerateKeyshareSecret(pin)
+	ep, err := c.NewUser(pin)
 	require.NoError(t, err)

 	// Generate jwt

--- a/internal/keysharecore/packet.go
+++ b/internal/keysharecore/packet.go
@@ -18,10 +18,10 @@ type (
 	//  encryption layer applied before storing it. As such, we keep it here more explicit than
 	//  is standard in go. When modifying this structure, analyse whether such changes can have a
 	//  security impact through error side channels.
-	unencryptedKeysharePacket [64 + 64 + 32]byte
+	unencryptedUser [64 + 64 + 32]byte

 	// Size is that of unencrypted packet + 12 bytes for nonce + 16 bytes for tag + 4 bytes for key ID
-	EncryptedKeysharePacket [64 + 64 + 32 + 12 + 16 + 4]byte
+	User [64 + 64 + 32 + 12 + 16 + 4]byte
 )

 var (
@@ -30,22 +30,22 @@ var (
 	ErrNoSuchKey              = errors.New("Key identifier unknown")
 )

-func (p *unencryptedKeysharePacket) pin() [64]byte {
+func (p *unencryptedUser) pin() [64]byte {
 	var result [64]byte
 	copy(result[:], p[0:64])
 	return result
 }

-func (p *unencryptedKeysharePacket) setPin(pw [64]byte) {
+func (p *unencryptedUser) setPin(pw [64]byte) {
 	copy(p[0:64], pw[:])
 }

-func (p *unencryptedKeysharePacket) keyshareSecret() *big.Int {
+func (p *unencryptedUser) keyshareSecret() *big.Int {
 	result := new(big.Int)
 	return result.SetBytes(p[64:128])
 }

-func (p *unencryptedKeysharePacket) setKeyshareSecret(val *big.Int) error {
+func (p *unencryptedUser) setKeyshareSecret(val *big.Int) error {
 	if val.Sign() == -1 {
 		return ErrKeyshareSecretNegative
 	}
@@ -63,80 +63,80 @@ func (p *unencryptedKeysharePacket) setKeyshareSecret(val *big.Int) error {
 	return nil
 }

-func (p *unencryptedKeysharePacket) id() [32]byte {
+func (p *unencryptedUser) id() [32]byte {
 	var result [32]byte
 	copy(result[:], p[128:160])
 	return result
 }

-func (p *unencryptedKeysharePacket) setID(id [32]byte) {
+func (p *unencryptedUser) setID(id [32]byte) {
 	copy(p[128:160], id