Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
47b28f82
Commit
47b28f82
authored
Mar 27, 2019
by
Sietse Ringers
Browse files
refactor: Remove session state from BaseRequest and SignatureRequest
parent
855ea196
Changes
10
Hide whitespace changes
Inline
Side-by-side
internal/servercore/handle.go
View file @
47b28f82
...
...
@@ -127,7 +127,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
// Verify all proofs and check disclosed attributes, if any, against request
session
.
result
.
Disclosed
,
session
.
result
.
ProofStatus
,
err
=
commitments
.
Disclosure
()
.
VerifyAgainstDisjunctions
(
session
.
conf
.
IrmaConfiguration
,
request
.
Disclose
,
request
.
GetContext
(),
request
.
GetNonce
(),
pubkeys
,
false
)
session
.
conf
.
IrmaConfiguration
,
request
.
Disclose
,
request
.
GetContext
(),
request
.
GetNonce
(
nil
),
pubkeys
,
false
)
if
err
!=
nil
{
if
err
==
irma
.
ErrorMissingPublicKey
{
return
nil
,
session
.
fail
(
server
.
ErrorUnknownPublicKey
,
""
)
...
...
internal/sessiontest/handlers_test.go
View file @
47b28f82
...
...
@@ -101,28 +101,21 @@ func (th TestHandler) UnsatisfiableRequest(serverName irma.TranslatedString, mis
ErrorType
:
irma
.
ErrorType
(
"UnsatisfiableRequest"
),
})
}
func
(
th
TestHandler
)
RequestVerificationPermission
(
request
*
irma
.
DisclosureRequest
,
ServerName
irma
.
TranslatedString
,
callback
irmaclient
.
PermissionHandler
)
{
choice
:=
&
irma
.
DisclosureChoice
{
Attributes
:
[][]
*
irma
.
AttributeIdentifier
{},
}
var
candidates
[][]
*
irma
.
AttributeIdentifier
for
_
,
disjunction
:=
range
request
.
Disclose
{
candidates
,
_
=
th
.
client
.
Candidates
(
disjunction
)
if
len
(
candidates
)
==
0
{
th
.
Failure
(
&
irma
.
SessionError
{
Err
:
errors
.
New
(
"No disclosure candidates found"
)})
}
choice
.
Attributes
=
append
(
choice
.
Attributes
,
candidates
[
rand
.
Intn
(
len
(
candidates
))])
func
(
th
TestHandler
)
RequestVerificationPermission
(
request
*
irma
.
DisclosureRequest
,
candidates
[][][]
*
irma
.
AttributeIdentifier
,
ServerName
irma
.
TranslatedString
,
callback
irmaclient
.
PermissionHandler
)
{
var
choice
irma
.
DisclosureChoice
for
_
,
cand
:=
range
candidates
{
choice
.
Attributes
=
append
(
choice
.
Attributes
,
cand
[
0
])
}
if
len
(
th
.
expectedServerName
)
!=
0
{
require
.
Equal
(
th
.
t
,
th
.
expectedServerName
,
ServerName
)
}
callback
(
true
,
choice
)
callback
(
true
,
&
choice
)
}
func
(
th
TestHandler
)
RequestIssuancePermission
(
request
*
irma
.
IssuanceRequest
,
ServerName
irma
.
TranslatedString
,
callback
irmaclient
.
PermissionHandler
)
{
th
.
RequestVerificationPermission
(
request
.
DisclosureRequest
,
ServerName
,
callback
)
func
(
th
TestHandler
)
RequestIssuancePermission
(
request
*
irma
.
IssuanceRequest
,
candidates
[][][]
*
irma
.
AttributeIdentifier
,
ServerName
irma
.
TranslatedString
,
callback
irmaclient
.
PermissionHandler
)
{
th
.
RequestVerificationPermission
(
request
.
DisclosureRequest
,
candidates
,
ServerName
,
callback
)
}
func
(
th
TestHandler
)
RequestSignaturePermission
(
request
*
irma
.
SignatureRequest
,
ServerName
irma
.
TranslatedString
,
callback
irmaclient
.
PermissionHandler
)
{
th
.
RequestVerificationPermission
(
request
.
DisclosureRequest
,
ServerName
,
callback
)
func
(
th
TestHandler
)
RequestSignaturePermission
(
request
*
irma
.
SignatureRequest
,
candidates
[][][]
*
irma
.
AttributeIdentifier
,
ServerName
irma
.
TranslatedString
,
callback
irmaclient
.
PermissionHandler
)
{
th
.
RequestVerificationPermission
(
request
.
DisclosureRequest
,
candidates
,
ServerName
,
callback
)
}
func
(
th
TestHandler
)
RequestSchemeManagerPermission
(
manager
*
irma
.
SchemeManager
,
callback
func
(
proceed
bool
))
{
callback
(
true
)
...
...
@@ -174,10 +167,10 @@ func (th *ManualTestHandler) Success(result string) {
th
.
c
<-
retval
}
func
(
th
*
ManualTestHandler
)
RequestSignaturePermission
(
request
*
irma
.
SignatureRequest
,
requesterName
irma
.
TranslatedString
,
ph
irmaclient
.
PermissionHandler
)
{
th
.
RequestVerificationPermission
(
request
.
DisclosureRequest
,
requesterName
,
ph
)
func
(
th
*
ManualTestHandler
)
RequestSignaturePermission
(
request
*
irma
.
SignatureRequest
,
candidates
[][][]
*
irma
.
AttributeIdentifier
,
requesterName
irma
.
TranslatedString
,
ph
irmaclient
.
PermissionHandler
)
{
th
.
RequestVerificationPermission
(
request
.
DisclosureRequest
,
candidates
,
requesterName
,
ph
)
}
func
(
th
*
ManualTestHandler
)
RequestIssuancePermission
(
request
*
irma
.
IssuanceRequest
,
issuerName
irma
.
TranslatedString
,
ph
irmaclient
.
PermissionHandler
)
{
func
(
th
*
ManualTestHandler
)
RequestIssuancePermission
(
request
*
irma
.
IssuanceRequest
,
candidates
[][][]
*
irma
.
AttributeIdentifier
,
issuerName
irma
.
TranslatedString
,
ph
irmaclient
.
PermissionHandler
)
{
ph
(
true
,
nil
)
}
...
...
@@ -185,9 +178,9 @@ func (th *ManualTestHandler) RequestIssuancePermission(request *irma.IssuanceReq
func
(
th
*
ManualTestHandler
)
RequestSchemeManagerPermission
(
manager
*
irma
.
SchemeManager
,
callback
func
(
proceed
bool
))
{
th
.
Failure
(
&
irma
.
SessionError
{
Err
:
errors
.
New
(
"Unexpected session type"
)})
}
func
(
th
*
ManualTestHandler
)
RequestVerificationPermission
(
request
*
irma
.
DisclosureRequest
,
verifierName
irma
.
TranslatedString
,
ph
irmaclient
.
PermissionHandler
)
{
func
(
th
*
ManualTestHandler
)
RequestVerificationPermission
(
request
*
irma
.
DisclosureRequest
,
candidates
[][][]
*
irma
.
AttributeIdentifier
,
verifierName
irma
.
TranslatedString
,
ph
irmaclient
.
PermissionHandler
)
{
var
choice
irma
.
DisclosureChoice
for
_
,
cand
:=
range
request
.
C
andidates
{
for
_
,
cand
:=
range
c
andidates
{
choice
.
Attributes
=
append
(
choice
.
Attributes
,
cand
[
0
])
}
ph
(
true
,
&
choice
)
...
...
irma_signature.go
View file @
47b28f82
...
...
@@ -28,7 +28,7 @@ func (sm *SignedMessage) GetNonce() *big.Int {
func
(
sm
*
SignedMessage
)
MatchesNonceAndContext
(
request
*
SignatureRequest
)
bool
{
return
sm
.
Context
.
Cmp
(
request
.
GetContext
())
==
0
&&
sm
.
GetNonce
()
.
Cmp
(
request
.
GetNonce
())
==
0
sm
.
GetNonce
()
.
Cmp
(
request
.
GetNonce
(
sm
.
Timestamp
))
==
0
}
func
(
sm
*
SignedMessage
)
Disclosure
()
*
Disclosure
{
...
...
irmaclient/client.go
View file @
47b28f82
...
...
@@ -4,6 +4,7 @@ import (
"strconv"
"time"
"github.com/bwesterb/go-atum"
"github.com/getsentry/raven-go"
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
...
...
@@ -644,23 +645,24 @@ func (client *Client) groupCredentials(choice *irma.DisclosureChoice) (
}
// ProofBuilders constructs a list of proof builders for the specified attribute choice.
func
(
client
*
Client
)
ProofBuilders
(
choice
*
irma
.
DisclosureChoice
,
request
irma
.
SessionRequest
,
issig
bool
,
)
(
gabi
.
ProofBuilderList
,
irma
.
DisclosedAttributeIndices
,
error
)
{
func
(
client
*
Client
)
ProofBuilders
(
choice
*
irma
.
DisclosureChoice
,
request
irma
.
SessionRequest
,
)
(
gabi
.
ProofBuilderList
,
irma
.
DisclosedAttributeIndices
,
*
atum
.
Timestamp
,
error
)
{
todisclose
,
attributeIndices
,
err
:=
client
.
groupCredentials
(
choice
)
if
err
!=
nil
{
return
nil
,
nil
,
err
return
nil
,
nil
,
nil
,
err
}
builders
:=
gabi
.
ProofBuilderList
([]
gabi
.
ProofBuilder
{})
for
_
,
grp
:=
range
todisclose
{
cred
,
err
:=
client
.
credentialByID
(
grp
.
cred
)
if
err
!=
nil
{
return
nil
,
nil
,
err
return
nil
,
nil
,
nil
,
err
}
builders
=
append
(
builders
,
cred
.
Credential
.
CreateDisclosureProofBuilder
(
grp
.
attrs
))
}
if
issig
{
var
timestamp
*
atum
.
Timestamp
if
r
,
ok
:=
request
.
(
*
irma
.
SignatureRequest
);
ok
{
var
sigs
[]
*
big
.
Int
var
disclosed
[][]
*
big
.
Int
var
s
*
big
.
Int
...
...
@@ -670,27 +672,27 @@ func (client *Client) ProofBuilders(choice *irma.DisclosureChoice, request irma.
sigs
=
append
(
sigs
,
s
)
disclosed
=
append
(
disclosed
,
d
)
}
r
:=
request
.
(
*
irma
.
SignatureRequest
)
r
.
Timestamp
,
err
=
irma
.
GetTimestamp
(
r
.
Message
,
sigs
,
disclosed
)
timestamp
,
err
=
irma
.
GetTimestamp
(
r
.
Message
,
sigs
,
disclosed
)
if
err
!=
nil
{
return
nil
,
nil
,
err
return
nil
,
nil
,
nil
,
err
}
}
return
builders
,
attributeIndices
,
nil
return
builders
,
attributeIndices
,
timestamp
,
nil
}
// Proofs computes disclosure proofs containing the attributes specified by choice.
func
(
client
*
Client
)
Proofs
(
choice
*
irma
.
DisclosureChoice
,
request
irma
.
SessionRequest
,
issig
bool
)
(
*
irma
.
Disclosure
,
error
)
{
builders
,
choices
,
err
:=
client
.
ProofBuilders
(
choice
,
request
,
issig
)
func
(
client
*
Client
)
Proofs
(
choice
*
irma
.
DisclosureChoice
,
request
irma
.
SessionRequest
)
(
*
irma
.
Disclosure
,
*
atum
.
Timestamp
,
error
)
{
builders
,
choices
,
timestamp
,
err
:=
client
.
ProofBuilders
(
choice
,
request
)
if
err
!=
nil
{
return
nil
,
err
return
nil
,
nil
,
err
}
_
,
issig
:=
request
.
(
*
irma
.
SignatureRequest
)
return
&
irma
.
Disclosure
{
Proofs
:
builders
.
BuildProofList
(
request
.
Base
()
.
GetContext
(),
request
.
GetNonce
(),
issig
),
Proofs
:
builders
.
BuildProofList
(
request
.
Base
()
.
GetContext
(),
request
.
GetNonce
(
timestamp
),
issig
),
Indices
:
choices
,
},
nil
},
timestamp
,
nil
}
// generateIssuerProofNonce generates a nonce which the issuer must use in its gabi.ProofS.
...
...
@@ -701,7 +703,7 @@ func generateIssuerProofNonce() (*big.Int, error) {
// IssuanceProofBuilders constructs a list of proof builders in the issuance protocol
// for the future credentials as well as possibly any disclosed attributes, and generates
// a nonce against which the issuer's proof of knowledge must verify.
func
(
client
*
Client
)
IssuanceProofBuilders
(
request
*
irma
.
IssuanceRequest
,
func
(
client
*
Client
)
IssuanceProofBuilders
(
request
*
irma
.
IssuanceRequest
,
choice
*
irma
.
DisclosureChoice
,
)
(
gabi
.
ProofBuilderList
,
irma
.
DisclosedAttributeIndices
,
*
big
.
Int
,
error
)
{
issuerProofNonce
,
err
:=
generateIssuerProofNonce
()
if
err
!=
nil
{
...
...
@@ -719,7 +721,7 @@ func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest,
builders
=
append
(
builders
,
credBuilder
)
}
disclosures
,
choices
,
err
:=
client
.
ProofBuilders
(
request
.
C
hoice
,
request
,
false
)
disclosures
,
choices
,
_
,
err
:=
client
.
ProofBuilders
(
c
hoice
,
request
)
if
err
!=
nil
{
return
nil
,
nil
,
nil
,
err
}
...
...
@@ -729,15 +731,15 @@ func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest,
// IssueCommitments computes issuance commitments, along with disclosure proofs specified by choice,
// and also returns the credential builders which will become the new credentials upon combination with the issuer's signature.
func
(
client
*
Client
)
IssueCommitments
(
request
*
irma
.
IssuanceRequest
,
func
(
client
*
Client
)
IssueCommitments
(
request
*
irma
.
IssuanceRequest
,
choice
*
irma
.
DisclosureChoice
,
)
(
*
irma
.
IssueCommitmentMessage
,
gabi
.
ProofBuilderList
,
error
)
{
builders
,
choices
,
issuerProofNonce
,
err
:=
client
.
IssuanceProofBuilders
(
request
)
builders
,
choices
,
issuerProofNonce
,
err
:=
client
.
IssuanceProofBuilders
(
request
,
choice
)
if
err
!=
nil
{
return
nil
,
nil
,
err
}
return
&
irma
.
IssueCommitmentMessage
{
IssueCommitmentMessage
:
&
gabi
.
IssueCommitmentMessage
{
Proofs
:
builders
.
BuildProofList
(
request
.
GetContext
(),
request
.
GetNonce
(),
false
),
Proofs
:
builders
.
BuildProofList
(
request
.
GetContext
(),
request
.
GetNonce
(
nil
),
false
),
Nonce2
:
issuerProofNonce
,
},
Indices
:
choices
,
...
...
irmaclient/handlers.go
View file @
47b28f82
...
...
@@ -18,7 +18,7 @@ var _ Handler = (*keyshareEnrollmentHandler)(nil)
// Session handlers in the order they are called
func
(
h
*
keyshareEnrollmentHandler
)
RequestIssuancePermission
(
request
*
irma
.
IssuanceRequest
,
ServerName
irma
.
TranslatedString
,
callback
PermissionHandler
)
{
func
(
h
*
keyshareEnrollmentHandler
)
RequestIssuancePermission
(
request
*
irma
.
IssuanceRequest
,
candidates
[][][]
*
irma
.
AttributeIdentifier
,
ServerName
irma
.
TranslatedString
,
callback
PermissionHandler
)
{
// Fetch the username from the credential request and save it along with the scheme manager
smi
:=
request
.
Credentials
[
0
]
.
CredentialTypeID
.
IssuerIdentifier
()
.
SchemeManagerIdentifier
()
attr
:=
irma
.
NewAttributeTypeIdentifier
(
h
.
client
.
Configuration
.
SchemeManagers
[
smi
]
.
KeyshareAttribute
)
...
...
@@ -55,10 +55,10 @@ func (h *keyshareEnrollmentHandler) fail(err error) {
func
(
h
*
keyshareEnrollmentHandler
)
StatusUpdate
(
action
irma
.
Action
,
status
irma
.
Status
)
{}
// The methods below should never be called, so we let each of them fail the session
func
(
h
*
keyshareEnrollmentHandler
)
RequestVerificationPermission
(
request
*
irma
.
DisclosureRequest
,
ServerName
irma
.
TranslatedString
,
callback
PermissionHandler
)
{
func
(
h
*
keyshareEnrollmentHandler
)
RequestVerificationPermission
(
request
*
irma
.
DisclosureRequest
,
candidates
[][][]
*
irma
.
AttributeIdentifier
,
ServerName
irma
.
TranslatedString
,
callback
PermissionHandler
)
{
callback
(
false
,
nil
)
}
func
(
h
*
keyshareEnrollmentHandler
)
RequestSignaturePermission
(
request
*
irma
.
SignatureRequest
,
ServerName
irma
.
TranslatedString
,
callback
PermissionHandler
)
{
func
(
h
*
keyshareEnrollmentHandler
)
RequestSignaturePermission
(
request
*
irma
.
SignatureRequest
,
candidates
[][][]
*
irma
.
AttributeIdentifier
,
ServerName
irma
.
TranslatedString
,
callback
PermissionHandler
)
{
callback
(
false
,
nil
)
}
func
(
h
*
keyshareEnrollmentHandler
)
RequestSchemeManagerPermission
(
manager
*
irma
.
SchemeManager
,
callback
func
(
proceed
bool
))
{
...
...
irmaclient/keyshare.go
View file @
47b28f82
...
...
@@ -10,6 +10,7 @@ import (
"strings"
"time"
"github.com/bwesterb/go-atum"
"github.com/dgrijalva/jwt-go"
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
...
...
@@ -48,6 +49,7 @@ type keyshareSession struct {
keyshareServer
*
keyshareServer
// The one keyshare server in use in case of issuance
transports
map
[
irma
.
SchemeManagerIdentifier
]
*
irma
.
HTTPTransport
issuerProofNonce
*
big
.
Int
timestamp
*
atum
.
Timestamp
pinCheck
bool
}
...
...
@@ -159,6 +161,7 @@ func startKeyshareSession(
conf
*
irma
.
Configuration
,
keyshareServers
map
[
irma
.
SchemeManagerIdentifier
]
*
keyshareServer
,
issuerProofNonce
*
big
.
Int
,
timestamp
*
atum
.
Timestamp
,
)
{
ksscount
:=
0
for
managerID
:=
range
session
.
Identifiers
()
.
SchemeManagers
{
...
...
@@ -186,6 +189,7 @@ func startKeyshareSession(
conf
:
conf
,
keyshareServers
:
keyshareServers
,
issuerProofNonce
:
issuerProofNonce
,
timestamp
:
timestamp
,
pinCheck
:
false
,
}
...
...
@@ -403,7 +407,7 @@ func (ks *keyshareSession) GetCommitments() {
// receive their responses (2nd and 3rd message in Schnorr zero-knowledge protocol).
func
(
ks
*
keyshareSession
)
GetProofPs
()
{
_
,
issig
:=
ks
.
session
.
(
*
irma
.
SignatureRequest
)
challenge
:=
ks
.
builders
.
Challenge
(
ks
.
session
.
Base
()
.
GetContext
(),
ks
.
session
.
GetNonce
(),
issig
)
challenge
:=
ks
.
builders
.
Challenge
(
ks
.
session
.
Base
()
.
GetContext
(),
ks
.
session
.
GetNonce
(
ks
.
timestamp
),
issig
)
// Post the challenge, obtaining JWT's containing the ProofP's
responses
:=
map
[
irma
.
SchemeManagerIdentifier
]
string
{}
...
...
irmaclient/logs.go
View file @
47b28f82
...
...
@@ -132,7 +132,7 @@ func (session *session) createLogEntry(response interface{}) (*LogEntry, error)
// Get the signed message and timestamp
request
:=
session
.
request
.
(
*
irma
.
SignatureRequest
)
entry
.
SignedMessage
=
[]
byte
(
request
.
Message
)
entry
.
Timestamp
=
request
.
T
imestamp
entry
.
Timestamp
=
session
.
t
imestamp
fallthrough
case
irma
.
ActionDisclosing
:
...
...
irmaclient/session.go
View file @
47b28f82
...
...
@@ -7,6 +7,7 @@ import (
"reflect"
"strings"
"github.com/bwesterb/go-atum"
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/big"
...
...
@@ -37,9 +38,9 @@ type Handler interface {
KeyshareEnrollmentMissing
(
manager
irma
.
SchemeManagerIdentifier
)
KeyshareEnrollmentDeleted
(
manager
irma
.
SchemeManagerIdentifier
)
RequestIssuancePermission
(
request
*
irma
.
IssuanceRequest
,
ServerName
irma
.
TranslatedString
,
callback
PermissionHandler
)
RequestVerificationPermission
(
request
*
irma
.
DisclosureRequest
,
ServerName
irma
.
TranslatedString
,
callback
PermissionHandler
)
RequestSignaturePermission
(
request
*
irma
.
SignatureRequest
,
ServerName
irma
.
TranslatedString
,
callback
PermissionHandler
)
RequestIssuancePermission
(
request
*
irma
.
IssuanceRequest
,
candidates
[][][]
*
irma
.
AttributeIdentifier
,
ServerName
irma
.
TranslatedString
,
callback
PermissionHandler
)
RequestVerificationPermission
(
request
*
irma
.
DisclosureRequest
,
candidates
[][][]
*
irma
.
AttributeIdentifier
,
ServerName
irma
.
TranslatedString
,
callback
PermissionHandler
)
RequestSignaturePermission
(
request
*
irma
.
SignatureRequest
,
candidates
[][][]
*
irma
.
AttributeIdentifier
,
ServerName
irma
.
TranslatedString
,
callback
PermissionHandler
)
RequestSchemeManagerPermission
(
manager
*
irma
.
SchemeManager
,
callback
func
(
proceed
bool
))
RequestPin
(
remainingAttempts
int
,
callback
PinHandler
)
...
...
@@ -62,10 +63,13 @@ type session struct {
request
irma
.
SessionRequest
done
bool
// State for issuance
protocol
// State for issuance
sessions
issuerProofNonce
*
big
.
Int
builders
gabi
.
ProofBuilderList
// State for signature sessions
timestamp
*
atum
.
Timestamp
// These are empty on manual sessions
Hostname
string
ServerURL
string
...
...
@@ -264,25 +268,23 @@ func (session *session) processSessionInfo() {
session
.
Handler
.
UnsatisfiableRequest
(
session
.
ServerName
,
missing
)
return
}
baserequest
.
Candidates
=
candidates
// Ask for permission to execute the session
callback
:=
PermissionHandler
(
func
(
proceed
bool
,
choice
*
irma
.
DisclosureChoice
)
{
session
.
choice
=
choice
baserequest
.
Choice
=
choice
go
session
.
doSession
(
proceed
)
})
session
.
Handler
.
StatusUpdate
(
session
.
Action
,
irma
.
StatusConnected
)
switch
session
.
Action
{
case
irma
.
ActionDisclosing
:
session
.
Handler
.
RequestVerificationPermission
(
session
.
request
.
(
*
irma
.
DisclosureRequest
),
session
.
ServerName
,
callback
)
session
.
request
.
(
*
irma
.
DisclosureRequest
),
candidates
,
session
.
ServerName
,
callback
)
case
irma
.
ActionSigning
:
session
.
Handler
.
RequestSignaturePermission
(
session
.
request
.
(
*
irma
.
SignatureRequest
),
session
.
ServerName
,
callback
)
session
.
request
.
(
*
irma
.
SignatureRequest
),
candidates
,
session
.
ServerName
,
callback
)
case
irma
.
ActionIssuing
:
session
.
Handler
.
RequestIssuancePermission
(
session
.
request
.
(
*
irma
.
IssuanceRequest
),
session
.
ServerName
,
callback
)
session
.
request
.
(
*
irma
.
IssuanceRequest
),
candidates
,
session
.
ServerName
,
callback
)
default
:
panic
(
"Invalid session type"
)
// does not happen, session.Action has been checked earlier
}
...
...
@@ -321,6 +323,7 @@ func (session *session) doSession(proceed bool) {
session
.
client
.
Configuration
,
session
.
client
.
keyshareServers
,
session
.
issuerProofNonce
,
session
.
timestamp
,
)
}
}
...
...
@@ -336,7 +339,7 @@ func (session *session) sendResponse(message interface{}) {
switch
session
.
Action
{
case
irma
.
ActionSigning
:
irmaSignature
,
err
:=
session
.
request
.
(
*
irma
.
SignatureRequest
)
.
SignatureFromMessage
(
message
)
irmaSignature
,
err
:=
session
.
request
.
(
*
irma
.
SignatureRequest
)
.
SignatureFromMessage
(
message
,
session
.
timestamp
)
if
err
!=
nil
{
session
.
fail
(
&
irma
.
SessionError
{
ErrorType
:
irma
.
ErrorSerialization
,
Info
:
"Type assertion failed"
})
return
...
...
@@ -446,12 +449,10 @@ func (session *session) getBuilders() (gabi.ProofBuilderList, irma.DisclosedAttr
var
choices
irma
.
DisclosedAttributeIndices
switch
session
.
Action
{
case
irma
.
ActionSigning
:
builders
,
choices
,
err
=
session
.
client
.
ProofBuilders
(
session
.
choice
,
session
.
request
,
true
)
case
irma
.
ActionDisclosing
:
builders
,
choices
,
err
=
session
.
client
.
ProofBuilders
(
session
.
choice
,
session
.
request
,
false
)
case
irma
.
ActionSigning
,
irma
.
ActionDisclosing
:
builders
,
choices
,
session
.
timestamp
,
err
=
session
.
client
.
ProofBuilders
(
session
.
choice
,
session
.
request
)
case
irma
.
ActionIssuing
:
builders
,
choices
,
issuerProofNonce
,
err
=
session
.
client
.
IssuanceProofBuilders
(
session
.
request
.
(
*
irma
.
IssuanceRequest
))
builders
,
choices
,
issuerProofNonce
,
err
=
session
.
client
.
IssuanceProofBuilders
(
session
.
request
.
(
*
irma
.
IssuanceRequest
)
,
session
.
choice
)
}
return
builders
,
choices
,
issuerProofNonce
,
err
...
...
@@ -464,12 +465,10 @@ func (session *session) getProof() (interface{}, error) {
var
err
error
switch
session
.
Action
{
case
irma
.
ActionSigning
:
message
,
err
=
session
.
client
.
Proofs
(
session
.
choice
,
session
.
request
,
true
)
case
irma
.
ActionDisclosing
:
message
,
err
=
session
.
client
.
Proofs
(
session
.
choice
,
session
.
request
,
false
)
case
irma
.
ActionSigning
,
irma
.
ActionDisclosing
:
message
,
session
.
timestamp
,
err
=
session
.
client
.
Proofs
(
session
.
choice
,
session
.
request
)
case
irma
.
ActionIssuing
:
message
,
session
.
builders
,
err
=
session
.
client
.
IssueCommitments
(
session
.
request
.
(
*
irma
.
IssuanceRequest
))
message
,
session
.
builders
,
err
=
session
.
client
.
IssueCommitments
(
session
.
request
.
(
*
irma
.
IssuanceRequest
)
,
session
.
choice
)
}
return
message
,
err
...
...
requests.go
View file @
47b28f82
...
...
@@ -17,15 +17,16 @@ import (
// BaseRequest contains the context and nonce for an IRMA session.
type
BaseRequest
struct
{
Context
*
big
.
Int
`json:"context,omitempty"`
Nonce
*
big
.
Int
`json:"nonce,omitempty"`
Type
Action
`json:"type"`
Candidates
[][][]
*
AttributeIdentifier
`json:"-"`
Choice
*
DisclosureChoice
`json:"-"`
Ids
*
IrmaIdentifierSet
`json:"-"`
// Denotes session type, must be "disclosing", "signing" or "issuing"
Type
Action
`json:"type"`
// Chosen by the IRMA server during the session
Context
*
big
.
Int
`json:"context,omitempty"`
Nonce
*
big
.
Int
`json:"nonce,omitempty"`
Version
*
ProtocolVersion
`json:"protocolVersion,omitempty"`
// cache for Identifiers() method
ids
*
IrmaIdentifierSet
}
// An AttributeCon is only satisfied if all of its containing attribute requests are satisfied.
...
...
@@ -49,9 +50,6 @@ type DisclosureRequest struct {
type
SignatureRequest
struct
{
*
DisclosureRequest
Message
string
`json:"message"`
// Session state
Timestamp
*
atum
.
Timestamp
`json:"-"`
}
// An IssuanceRequest is a request to issue certain credentials,
...
...
@@ -78,7 +76,7 @@ type CredentialRequest struct {
type
SessionRequest
interface
{
Validator
Base
()
*
BaseRequest
GetNonce
()
*
big
.
Int
GetNonce
(
timestamp
*
atum
.
Timestamp
)
*
big
.
Int
Disclosure
()
*
DisclosureRequest
Identifiers
()
*
IrmaIdentifierSet
Action
()
Action
...
...
@@ -180,7 +178,7 @@ func (b *BaseRequest) GetContext() *big.Int {
return
b
.
Context
}
func
(
b
*
BaseRequest
)
GetNonce
()
*
big
.
Int
{
func
(
b
*
BaseRequest
)
GetNonce
(
*
atum
.
Timestamp
)
*
big
.
Int
{
if
b
.
Nonce
==
nil
{
return
bigZero
}
...
...
@@ -351,8 +349,8 @@ func (dr *DisclosureRequest) Disclosure() *DisclosureRequest {
}
func
(
dr
*
DisclosureRequest
)
Identifiers
()
*
IrmaIdentifierSet
{
if
dr
.
I
ds
==
nil
{
dr
.
I
ds
=
&
IrmaIdentifierSet
{
if
dr
.
i
ds
==
nil
{
dr
.
i
ds
=
&
IrmaIdentifierSet
{
SchemeManagers
:
map
[
SchemeManagerIdentifier
]
struct
{}{},
Issuers
:
map
[
IssuerIdentifier
]
struct
{}{},
CredentialTypes
:
map
[
CredentialTypeIdentifier
]
struct
{}{},
...
...
@@ -361,13 +359,13 @@ func (dr *DisclosureRequest) Identifiers() *IrmaIdentifierSet {
_
=
dr
.
Disclose
.
Iterate
(
func
(
a
*
AttributeRequest
)
error
{
attr
:=
a
.
Type
dr
.
I
ds
.
SchemeManagers
[
attr
.
CredentialTypeIdentifier
()
.
IssuerIdentifier
()
.
SchemeManagerIdentifier
()]
=
struct
{}{}
dr
.
I
ds
.
Issuers
[
attr
.
CredentialTypeIdentifier
()
.
IssuerIdentifier
()]
=
struct
{}{}
dr
.
I
ds
.
CredentialTypes
[
attr
.
CredentialTypeIdentifier
()]
=
struct
{}{}
dr
.
i
ds
.
SchemeManagers
[
attr
.
CredentialTypeIdentifier
()
.
IssuerIdentifier
()
.
SchemeManagerIdentifier
()]
=
struct
{}{}
dr
.
i
ds
.
Issuers
[
attr
.
CredentialTypeIdentifier
()
.
IssuerIdentifier
()]
=
struct
{}{}
dr
.
i
ds
.
CredentialTypes
[
attr
.
CredentialTypeIdentifier
()]
=
struct
{}{}
return
nil
})
}
return
dr
.
I
ds
return
dr
.
i
ds
}
func
(
dr
*
DisclosureRequest
)
Base
()
*
BaseRequest
{
...
...
@@ -462,8 +460,8 @@ func (cr *CredentialRequest) AttributeList(conf *Configuration, metadataVersion
}
func
(
ir
*
IssuanceRequest
)
Identifiers
()
*
IrmaIdentifierSet
{
if
ir
.
I
ds
==
nil
{
ir
.
I
ds
=
&
IrmaIdentifierSet
{
if
ir
.
i
ds
==
nil
{
ir
.
i
ds
=
&
IrmaIdentifierSet
{
SchemeManagers
:
map
[
SchemeManagerIdentifier
]
struct
{}{},
Issuers
:
map
[
IssuerIdentifier
]
struct
{}{},
CredentialTypes
:
map
[
CredentialTypeIdentifier
]
struct
{}{},
...
...
@@ -472,18 +470,18 @@ func (ir *IssuanceRequest) Identifiers() *IrmaIdentifierSet {
for
_
,
credreq
:=
range
ir
.
Credentials
{
issuer
:=
credreq
.
CredentialTypeID
.
IssuerIdentifier
()
ir
.
I
ds
.
SchemeManagers
[
issuer
.
SchemeManagerIdentifier
()]
=
struct
{}{}
ir
.
I
ds
.
Issuers
[
issuer
]
=
struct
{}{}
ir
.
I
ds
.
CredentialTypes
[
credreq
.
CredentialTypeID
]
=
struct
{}{}
if
ir
.
I
ds
.
PublicKeys
[
issuer
]
==
nil
{
ir
.
I
ds
.
PublicKeys
[
issuer
]
=
[]
int
{}
ir
.
i
ds
.
SchemeManagers
[
issuer
.
SchemeManagerIdentifier
()]
=
struct
{}{}
ir
.
i
ds
.
Issuers
[
issuer
]
=
struct
{}{}
ir
.
i
ds
.
CredentialTypes
[
credreq
.
CredentialTypeID
]
=
struct
{}{}
if
ir
.
i
ds
.
PublicKeys
[
issuer
]
==
nil
{
ir
.
i
ds
.
PublicKeys
[
issuer
]
=
[]
int
{}
}
ir
.
I
ds
.
PublicKeys
[
issuer
]
=
append
(
ir
.
I
ds
.
PublicKeys
[
issuer
],
credreq
.
KeyCounter
)
ir
.
i
ds
.
PublicKeys
[
issuer
]
=
append
(
ir
.
i
ds
.
PublicKeys
[
issuer
],
credreq
.
KeyCounter
)
}
ir
.
I
ds
.
join
(
ir
.
DisclosureRequest
.
Identifiers
())
ir
.
i
ds
.
join
(
ir
.
DisclosureRequest
.
Identifiers
())
}
return
ir
.
I
ds
return
ir
.
i
ds
}
func
(
ir
*
IssuanceRequest
)
GetCredentialInfoList
(
conf
*
Configuration
,
version
*
ProtocolVersion
)
(
CredentialInfoList
,
error
)
{
...
...
@@ -513,11 +511,11 @@ func (ir *IssuanceRequest) Validate() error {
// GetNonce returns the nonce of this signature session
// (with the message already hashed into it).
func
(
sr
*
SignatureRequest
)
GetNonce
()
*
big
.
Int
{
return
ASN1ConvertSignatureNonce
(
sr
.
Message
,
sr
.
BaseRequest
.
GetNonce
(
),
sr
.
T
imestamp
)
func
(
sr
*
SignatureRequest
)
GetNonce
(
timestamp
*
atum
.
Timestamp
)
*
big
.
Int
{
return
ASN1ConvertSignatureNonce
(
sr
.
Message
,
sr
.
BaseRequest
.
GetNonce
(
nil
),
t
imestamp
)
}
func
(
sr
*
SignatureRequest
)
SignatureFromMessage
(
message
interface
{})
(
*
SignedMessage
,
error
)
{
func
(
sr
*
SignatureRequest
)
SignatureFromMessage
(
message
interface
{}
,
timestamp
*
atum
.
Timestamp
)
(
*
SignedMessage
,
error
)
{
signature
,
ok
:=
message
.
(
*
Disclosure
)
if
!
ok
{
...
...
@@ -534,7 +532,7 @@ func (sr *SignatureRequest) SignatureFromMessage(message interface{}) (*SignedMe
Nonce
:
nonce
,
Context
:
sr
.
GetContext
(),
Message
:
sr
.
Message
,
Timestamp
:
sr
.
T
imestamp
,
Timestamp
:
t
imestamp
,
},
nil
}
...
...
verify.go
View file @
47b28f82
...
...
@@ -246,7 +246,7 @@ func (d *Disclosure) VerifyAgainstDisjunctions(
}
func
(
d
*
Disclosure
)
Verify
(
configuration
*
Configuration
,
request
*
DisclosureRequest
)
([][]
*
DisclosedAttribute
,
ProofStatus
,
error
)
{
list
,
status
,
err
:=
d
.
VerifyAgainstDisjunctions
(
configuration
,
request
.
Disclose
,
request
.
GetContext
(),
request
.
GetNonce
(),
nil
,
false
)
list
,
status
,
err
:=
d
.
VerifyAgainstDisjunctions
(
configuration
,
request
.
Disclose
,
request
.
GetContext
(),
request
.
GetNonce
(
nil
),
nil
,
false
)
if
err
!=
nil
{
return
list
,
status
,
err
}
...
...
@@ -273,7 +273,6 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
// First check if this signature matches the request
if
request
!=
nil
{
request
.
Timestamp
=
sm
.
Timestamp
if
!
sm
.
MatchesNonceAndContext
(
request
)
{
return
nil
,
ProofStatusUnmatchedRequest
,
nil
}
...
...
@@ -285,10 +284,8 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
}
// Verify the timestamp
if
sm
.
Timestamp
!=
nil
{
if
err
:=
sm
.
VerifyTimestamp
(
message
,
configuration
);
err
!=
nil
{
return
nil
,
ProofStatusInvalidTimestamp
,
nil
}
if
err
:=
sm
.
VerifyTimestamp
(
message
,
configuration
);
err
!=
nil
{
return
nil
,
ProofStatusInvalidTimestamp
,
nil
}
// Now, cryptographically verify the IRMA disclosure proofs in the signature
...
...
@@ -302,10 +299,7 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
}
// Check if a credential is expired
var
t
time
.
Time
if
sm
.
Timestamp
!=
nil
{
t
=
time
.
Unix
(
sm
.
Timestamp
.
Time
,
0
)
}
t
:=
time
.
Unix
(
sm
.
Timestamp
.
Time
,
0
)
if
expired
:=
ProofList
(
sm
.
Signature
)
.
Expired
(
configuration
,
&
t
);
expired
{
// The ABS contains attributes that were expired at the time of creation of the ABS.
return
result
,
ProofStatusExpired
,
nil
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment