refactor: Remove session state from BaseRequest and SignatureRequest

internal/servercore/handle.go

@@ -127,7 +127,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
 
 	// Verify all proofs and check disclosed attributes, if any, against request
 	session.result.Disclosed, session.result.ProofStatus, err = commitments.Disclosure().VerifyAgainstDisjunctions(
-		session.conf.IrmaConfiguration, request.Disclose, request.GetContext(), request.GetNonce(), pubkeys, false)
+		session.conf.IrmaConfiguration, request.Disclose, request.GetContext(), request.GetNonce(nil), pubkeys, false)
 	if err != nil {
 		if err == irma.ErrorMissingPublicKey {
 			return nil, session.fail(server.ErrorUnknownPublicKey, "")

internal/sessiontest/handlers_test.go

@@ -101,28 +101,21 @@ func (th TestHandler) UnsatisfiableRequest(serverName irma.TranslatedString, mis
 		ErrorType: irma.ErrorType("UnsatisfiableRequest"),
 	})
 }
-func (th TestHandler) RequestVerificationPermission(request *irma.DisclosureRequest, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
-	choice := &irma.DisclosureChoice{
-		Attributes: [][]*irma.AttributeIdentifier{},
-	}
-	var candidates [][]*irma.AttributeIdentifier
-	for _, disjunction := range request.Disclose {
-		candidates, _ = th.client.Candidates(disjunction)
-		if len(candidates) == 0 {
-			th.Failure(&irma.SessionError{Err: errors.New("No disclosure candidates found")})
-		}
-		choice.Attributes = append(choice.Attributes, candidates[rand.Intn(len(candidates))])
+func (th TestHandler) RequestVerificationPermission(request *irma.DisclosureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
+	var choice irma.DisclosureChoice
+	for _, cand := range candidates {
+		choice.Attributes = append(choice.Attributes, cand[0])
 	}
 	if len(th.expectedServerName) != 0 {
 		require.Equal(th.t, th.expectedServerName, ServerName)
 	}
-	callback(true, choice)
+	callback(true, &choice)
 }
-func (th TestHandler) RequestIssuancePermission(request *irma.IssuanceRequest, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
-	th.RequestVerificationPermission(request.DisclosureRequest, ServerName, callback)
+func (th TestHandler) RequestIssuancePermission(request *irma.IssuanceRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
+	th.RequestVerificationPermission(request.DisclosureRequest, candidates, ServerName, callback)
 }
-func (th TestHandler) RequestSignaturePermission(request *irma.SignatureRequest, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
-	th.RequestVerificationPermission(request.DisclosureRequest, ServerName, callback)
+func (th TestHandler) RequestSignaturePermission(request *irma.SignatureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
+	th.RequestVerificationPermission(request.DisclosureRequest, candidates, ServerName, callback)
 }
 func (th TestHandler) RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool)) {
 	callback(true)
@@ -174,10 +167,10 @@ func (th *ManualTestHandler) Success(result string) {
 
 	th.c <- retval
 }
-func (th *ManualTestHandler) RequestSignaturePermission(request *irma.SignatureRequest, requesterName irma.TranslatedString, ph irmaclient.PermissionHandler) {
-	th.RequestVerificationPermission(request.DisclosureRequest, requesterName, ph)
+func (th *ManualTestHandler) RequestSignaturePermission(request *irma.SignatureRequest, candidates [][][]*irma.AttributeIdentifier, requesterName irma.TranslatedString, ph irmaclient.PermissionHandler) {
+	th.RequestVerificationPermission(request.DisclosureRequest, candidates, requesterName, ph)
 }
-func (th *ManualTestHandler) RequestIssuancePermission(request *irma.IssuanceRequest, issuerName irma.TranslatedString, ph irmaclient.PermissionHandler) {
+func (th *ManualTestHandler) RequestIssuancePermission(request *irma.IssuanceRequest, candidates [][][]*irma.AttributeIdentifier, issuerName irma.TranslatedString, ph irmaclient.PermissionHandler) {
 	ph(true, nil)
 }
 
@@ -185,9 +178,9 @@ func (th *ManualTestHandler) RequestIssuancePermission(request *irma.IssuanceReq
 func (th *ManualTestHandler) RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool)) {
 	th.Failure(&irma.SessionError{Err: errors.New("Unexpected session type")})
 }
-func (th *ManualTestHandler) RequestVerificationPermission(request *irma.DisclosureRequest, verifierName irma.TranslatedString, ph irmaclient.PermissionHandler) {
+func (th *ManualTestHandler) RequestVerificationPermission(request *irma.DisclosureRequest, candidates [][][]*irma.AttributeIdentifier, verifierName irma.TranslatedString, ph irmaclient.PermissionHandler) {
 	var choice irma.DisclosureChoice
-	for _, cand := range request.Candidates {
+	for _, cand := range candidates {
 		choice.Attributes = append(choice.Attributes, cand[0])
 	}
 	ph(true, &choice)

irma_signature.go

@@ -28,7 +28,7 @@ func (sm *SignedMessage) GetNonce() *big.Int {
 
 func (sm *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool {
 	return sm.Context.Cmp(request.GetContext()) == 0 &&
-		sm.GetNonce().Cmp(request.GetNonce()) == 0
+		sm.GetNonce().Cmp(request.GetNonce(sm.Timestamp)) == 0
 }
 
 func (sm *SignedMessage) Disclosure() *Disclosure {

irmaclient/client.go

@@ -4,6 +4,7 @@ import (
 	"strconv"
 	"time"
 
+	"github.com/bwesterb/go-atum"
 	"github.com/getsentry/raven-go"
 	"github.com/go-errors/errors"
 	"github.com/privacybydesign/gabi"
@@ -644,23 +645,24 @@ func (client *Client) groupCredentials(choice *irma.DisclosureChoice) (
 }
 
 // ProofBuilders constructs a list of proof builders for the specified attribute choice.
-func (client *Client) ProofBuilders(choice *irma.DisclosureChoice, request irma.SessionRequest, issig bool,
-) (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, error) {
+func (client *Client) ProofBuilders(choice *irma.DisclosureChoice, request irma.SessionRequest,
+) (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, *atum.Timestamp, error) {
 	todisclose, attributeIndices, err := client.groupCredentials(choice)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, nil, err
 	}
 
 	builders := gabi.ProofBuilderList([]gabi.ProofBuilder{})
 	for _, grp := range todisclose {
 		cred, err := client.credentialByID(grp.cred)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 		builders = append(builders, cred.Credential.CreateDisclosureProofBuilder(grp.attrs))
 	}
 
-	if issig {
+	var timestamp *atum.Timestamp
+	if r, ok := request.(*irma.SignatureRequest); ok {
 		var sigs []*big.Int
 		var disclosed [][]*big.Int
 		var s *big.Int
@@ -670,27 +672,27 @@ func (client *Client) ProofBuilders(choice *irma.DisclosureChoice, request irma.
 			sigs = append(sigs, s)
 			disclosed = append(disclosed, d)
 		}
-		r := request.(*irma.SignatureRequest)
-		r.Timestamp, err = irma.GetTimestamp(r.Message, sigs, disclosed)
+		timestamp, err = irma.GetTimestamp(r.Message, sigs, disclosed)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 	}
 
-	return builders, attributeIndices, nil
+	return builders, attributeIndices, timestamp, nil
 }
 
 // Proofs computes disclosure proofs containing the attributes specified by choice.
-func (client *Client) Proofs(choice *irma.DisclosureChoice, request irma.SessionRequest, issig bool) (*irma.Disclosure, error) {
-	builders, choices, err := client.ProofBuilders(choice, request, issig)
+func (client *Client) Proofs(choice *irma.DisclosureChoice, request irma.SessionRequest) (*irma.Disclosure, *atum.Timestamp, error) {
+	builders, choices, timestamp, err := client.ProofBuilders(choice, request)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
+	_, issig := request.(*irma.SignatureRequest)
 	return &irma.Disclosure{
-		Proofs:  builders.BuildProofList(request.Base().GetContext(), request.GetNonce(), issig),
+		Proofs:  builders.BuildProofList(request.Base().GetContext(), request.GetNonce(timestamp), issig),
 		Indices: choices,
-	}, nil
+	}, timestamp, nil
 }
 
 // generateIssuerProofNonce generates a nonce which the issuer must use in its gabi.ProofS.
@@ -701,7 +703,7 @@ func generateIssuerProofNonce() (*big.Int, error) {
 // IssuanceProofBuilders constructs a list of proof builders in the issuance protocol
 // for the future credentials as well as possibly any disclosed attributes, and generates
 // a nonce against which the issuer's proof of knowledge must verify.
-func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest,
+func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest, choice *irma.DisclosureChoice,
 ) (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, *big.Int, error) {
 	issuerProofNonce, err := generateIssuerProofNonce()
 	if err != nil {
@@ -719,7 +721,7 @@ func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest,
 		builders = append(builders, credBuilder)
 	}
 
-	disclosures, choices, err := client.ProofBuilders(request.Choice, request, false)
+	disclosures, choices, _, err := client.ProofBuilders(choice, request)
 	if err != nil {
 		return nil, nil, nil, err
 	}
@@ -729,15 +731,15 @@ func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest,
 
 // IssueCommitments computes issuance commitments, along with disclosure proofs specified by choice,
 // and also returns the credential builders which will become the new credentials upon combination with the issuer's signature.
-func (client *Client) IssueCommitments(request *irma.IssuanceRequest,
+func (client *Client) IssueCommitments(request *irma.IssuanceRequest, choice *irma.DisclosureChoice,
 ) (*irma.IssueCommitmentMessage, gabi.ProofBuilderList, error) {
-	builders, choices, issuerProofNonce, err := client.IssuanceProofBuilders(request)
+	builders, choices, issuerProofNonce, err := client.IssuanceProofBuilders(request, choice)
 	if err != nil {
 		return nil, nil, err
 	}
 	return &irma.IssueCommitmentMessage{
 		IssueCommitmentMessage: &gabi.IssueCommitmentMessage{
-			Proofs: builders.BuildProofList(request.GetContext(), request.GetNonce(), false),
+			Proofs: builders.BuildProofList(request.GetContext(), request.GetNonce(nil), false),
 			Nonce2: issuerProofNonce,
 		},
 		Indices: choices,

irmaclient/handlers.go

@@ -18,7 +18,7 @@ var _ Handler = (*keyshareEnrollmentHandler)(nil)
 
 // Session handlers in the order they are called
 
-func (h *keyshareEnrollmentHandler) RequestIssuancePermission(request *irma.IssuanceRequest, ServerName irma.TranslatedString, callback PermissionHandler) {
+func (h *keyshareEnrollmentHandler) RequestIssuancePermission(request *irma.IssuanceRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler) {
 	// Fetch the username from the credential request and save it along with the scheme manager
 	smi := request.Credentials[0].CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier()
 	attr := irma.NewAttributeTypeIdentifier(h.client.Configuration.SchemeManagers[smi].KeyshareAttribute)
@@ -55,10 +55,10 @@ func (h *keyshareEnrollmentHandler) fail(err error) {
 func (h *keyshareEnrollmentHandler) StatusUpdate(action irma.Action, status irma.Status) {}
 
 // The methods below should never be called, so we let each of them fail the session
-func (h *keyshareEnrollmentHandler) RequestVerificationPermission(request *irma.DisclosureRequest, ServerName irma.TranslatedString, callback PermissionHandler) {
+func (h *keyshareEnrollmentHandler) RequestVerificationPermission(request *irma.DisclosureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler) {
 	callback(false, nil)
 }
-func (h *keyshareEnrollmentHandler) RequestSignaturePermission(request *irma.SignatureRequest, ServerName irma.TranslatedString, callback PermissionHandler) {
+func (h *keyshareEnrollmentHandler) RequestSignaturePermission(request *irma.SignatureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler) {
 	callback(false, nil)
 }
 func (h *keyshareEnrollmentHandler) RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool)) {

irmaclient/keyshare.go

@@ -10,6 +10,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/bwesterb/go-atum"
 	"github.com/dgrijalva/jwt-go"
 	"github.com/go-errors/errors"
 	"github.com/privacybydesign/gabi"
@@ -48,6 +49,7 @@ type keyshareSession struct {
 	keyshareServer   *keyshareServer // The one keyshare server in use in case of issuance
 	transports       map[irma.SchemeManagerIdentifier]*irma.HTTPTransport
 	issuerProofNonce *big.Int
+	timestamp        *atum.Timestamp
 	pinCheck         bool
 }
 
@@ -159,6 +161,7 @@ func startKeyshareSession(
 	conf *irma.Configuration,
 	keyshareServers map[irma.SchemeManagerIdentifier]*keyshareServer,
 	issuerProofNonce *big.Int,
+	timestamp *atum.Timestamp,
 ) {
 	ksscount := 0
 	for managerID := range session.Identifiers().SchemeManagers {
@@ -186,6 +189,7 @@ func startKeyshareSession(
 		conf:             conf,
 		keyshareServers:  keyshareServers,
 		issuerProofNonce: issuerProofNonce,
+		timestamp:        timestamp,
 		pinCheck:         false,
 	}
 
@@ -403,7 +407,7 @@ func (ks *keyshareSession) GetCommitments() {
 // receive their responses (2nd and 3rd message in Schnorr zero-knowledge protocol).
 func (ks *keyshareSession) GetProofPs() {
 	_, issig := ks.session.(*irma.SignatureRequest)
-	challenge := ks.builders.Challenge(ks.session.Base().GetContext(), ks.session.GetNonce(), issig)
+	challenge := ks.builders.Challenge(ks.session.Base().GetContext(), ks.session.GetNonce(ks.timestamp), issig)
 
 	// Post the challenge, obtaining JWT's containing the ProofP's
 	responses := map[irma.SchemeManagerIdentifier]string{}

irmaclient/logs.go

@@ -132,7 +132,7 @@ func (session *session) createLogEntry(response interface{}) (*LogEntry, error)
 		// Get the signed message and timestamp
 		request := session.request.(*irma.SignatureRequest)
 		entry.SignedMessage = []byte(request.Message)
-		entry.Timestamp = request.Timestamp
+		entry.Timestamp = session.timestamp
 
 		fallthrough
 	case irma.ActionDisclosing:

irmaclient/session.go

@@ -7,6 +7,7 @@ import (
 	"reflect"
 	"strings"
 
+	"github.com/bwesterb/go-atum"
 	"github.com/go-errors/errors"
 	"github.com/privacybydesign/gabi"
 	"github.com/privacybydesign/gabi/big"
@@ -37,9 +38,9 @@ type Handler interface {
 	KeyshareEnrollmentMissing(manager irma.SchemeManagerIdentifier)
 	KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier)
 
-	RequestIssuancePermission(request *irma.IssuanceRequest, ServerName irma.TranslatedString, callback PermissionHandler)
-	RequestVerificationPermission(request *irma.DisclosureRequest, ServerName irma.TranslatedString, callback PermissionHandler)
-	RequestSignaturePermission(request *irma.SignatureRequest, ServerName irma.TranslatedString, callback PermissionHandler)
+	RequestIssuancePermission(request *irma.IssuanceRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler)
+	RequestVerificationPermission(request *irma.DisclosureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler)
+	RequestSignaturePermission(request *irma.SignatureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler)
 	RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool))
 
 	RequestPin(remainingAttempts int, callback PinHandler)
@@ -62,10 +63,13 @@ type session struct {
 	request     irma.SessionRequest
 	done        bool
 
-	// State for issuance protocol
+	// State for issuance sessions
 	issuerProofNonce *big.Int
 	builders         gabi.ProofBuilderList
 
+	// State for signature sessions
+	timestamp *atum.Timestamp
+
 	// These are empty on manual sessions
 	Hostname  string
 	ServerURL string
@@ -264,25 +268,23 @@ func (session *session) processSessionInfo() {
 		session.Handler.UnsatisfiableRequest(session.ServerName, missing)
 		return
 	}
-	baserequest.Candidates = candidates
 
 	// Ask for permission to execute the session
 	callback := PermissionHandler(func(proceed bool, choice *irma.DisclosureChoice) {
 		session.choice = choice
-		baserequest.Choice = choice
 		go session.doSession(proceed)
 	})
 	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
 	switch session.Action {
 	case irma.ActionDisclosing:
 		session.Handler.RequestVerificationPermission(
-			session.request.(*irma.DisclosureRequest), session.ServerName, callback)
+			session.request.(*irma.DisclosureRequest), candidates, session.ServerName, callback)
 	case irma.ActionSigning:
 		session.Handler.RequestSignaturePermission(
-			session.request.(*irma.SignatureRequest), session.ServerName, callback)
+			session.request.(*irma.SignatureRequest), candidates, session.ServerName, callback)
 	case irma.ActionIssuing:
 		session.Handler.RequestIssuancePermission(
-			session.request.(*irma.IssuanceRequest), session.ServerName, callback)
+			session.request.(*irma.IssuanceRequest), candidates, session.ServerName, callback)
 	default:
 		panic("Invalid session type") // does not happen, session.Action has been checked earlier
 	}
@@ -321,6 +323,7 @@ func (session *session) doSession(proceed bool) {
 			session.client.Configuration,
 			session.client.keyshareServers,
 			session.issuerProofNonce,
+			session.timestamp,
 		)
 	}
 }
@@ -336,7 +339,7 @@ func (session *session) sendResponse(message interface{}) {
 
 	switch session.Action {
 	case irma.ActionSigning:
-		irmaSignature, err := session.request.(*irma.SignatureRequest).SignatureFromMessage(message)
+		irmaSignature, err := session.request.(*irma.SignatureRequest).SignatureFromMessage(message, session.timestamp)
 		if err != nil {
 			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
 			return
@@ -446,12 +449,10 @@ func (session *session) getBuilders() (gabi.ProofBuilderList, irma.DisclosedAttr
 	var choices irma.DisclosedAttributeIndices
 
 	switch session.Action {
-	case irma.ActionSigning:
-		builders, choices, err = session.client.ProofBuilders(session.choice, session.request, true)
-	case irma.ActionDisclosing:
-		builders, choices, err = session.client.ProofBuilders(session.choice, session.request, false)
+	case irma.ActionSigning, irma.ActionDisclosing:
+		builders, choices, session.timestamp, err = session.client.ProofBuilders(session.choice, session.request)
 	case irma.ActionIssuing:
-		builders, choices, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest))
+		builders, choices, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest), session.choice)
 	}
 
 	return builders, choices, issuerProofNonce, err
@@ -464,12 +465,10 @@ func (session *session) getProof() (interface{}, error) {
 	var err error
 
 	switch session.Action {
-	case irma.ActionSigning:
-		message, err = session.client.Proofs(session.choice, session.request, true)
-	case irma.ActionDisclosing:
-		message, err = session.client.Proofs(session.choice, session.request, false)
+	case irma.ActionSigning, irma.ActionDisclosing:
+		message, session.timestamp, err = session.client.Proofs(session.choice, session.request)
 	case irma.ActionIssuing:
-		message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest))
+		message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest), session.choice)
 	}
 
 	return message, err

requests.go

@@ -17,15 +17,16 @@ import (
 
 // BaseRequest contains the context and nonce for an IRMA session.
 type BaseRequest struct {
-	Context *big.Int `json:"context,omitempty"`
-	Nonce   *big.Int `json:"nonce,omitempty"`
-	Type    Action   `json:"type"`
-
-	Candidates [][][]*AttributeIdentifier `json:"-"`
-	Choice     *DisclosureChoice          `json:"-"`
-	Ids        *IrmaIdentifierSet         `json:"-"`
+	// Denotes session type, must be "disclosing", "signing" or "issuing"
+	Type Action `json:"type"`
 
+	// Chosen by the IRMA server during the session
+	Context *big.Int         `json:"context,omitempty"`
+	Nonce   *big.Int         `json:"nonce,omitempty"`
 	Version *ProtocolVersion `json:"protocolVersion,omitempty"`
+
+	// cache for Identifiers() method
+	ids *IrmaIdentifierSet
 }
 
 // An AttributeCon is only satisfied if all of its containing attribute requests are satisfied.
@@ -49,9 +50,6 @@ type DisclosureRequest struct {
 type SignatureRequest struct {
 	*DisclosureRequest
 	Message string `json:"message"`
-
-	// Session state
-	Timestamp *atum.Timestamp `json:"-"`
 }
 
 // An IssuanceRequest is a request to issue certain credentials,
@@ -78,7 +76,7 @@ type CredentialRequest struct {
 type SessionRequest interface {
 	Validator
 	Base() *BaseRequest
-	GetNonce() *big.Int
+	GetNonce(timestamp *atum.Timestamp) *big.Int
 	Disclosure() *DisclosureRequest
 	Identifiers() *IrmaIdentifierSet
 	Action() Action
@@ -180,7 +178,7 @@ func (b *BaseRequest) GetContext() *big.Int {
 	return b.Context
 }
 
-func (b *BaseRequest) GetNonce() *big.Int {
+func (b *BaseRequest) GetNonce(*atum.Timestamp) *big.Int {
 	if b.Nonce == nil {
 		return bigZero
 	}
@@ -351,8 +349,8 @@ func (dr *DisclosureRequest) Disclosure() *DisclosureRequest {
 }
 
 func (dr *DisclosureRequest) Identifiers() *IrmaIdentifierSet {
-	if dr.Ids == nil {
-		dr.Ids = &IrmaIdentifierSet{
+	if dr.ids == nil {
+		dr.ids = &IrmaIdentifierSet{
 			SchemeManagers:  map[SchemeManagerIdentifier]struct{}{},
 			Issuers:         map[IssuerIdentifier]struct{}{},
 			CredentialTypes: map[CredentialTypeIdentifier]struct{}{},
@@ -361,13 +359,13 @@ func (dr *DisclosureRequest) Identifiers() *IrmaIdentifierSet {
 
 		_ = dr.Disclose.Iterate(func(a *AttributeRequest) error {
 			attr := a.Type
-			dr.Ids.SchemeManagers[attr.CredentialTypeIdentifier().IssuerIdentifier().SchemeManagerIdentifier()] = struct{}{}
-			dr.Ids.Issuers[attr.CredentialTypeIdentifier().IssuerIdentifier()] = struct{}{}
-			dr.Ids.CredentialTypes[attr.CredentialTypeIdentifier()] = struct{}{}
+			dr.ids.SchemeManagers[attr.CredentialTypeIdentifier().IssuerIdentifier().SchemeManagerIdentifier()] = struct{}{}
+			dr.ids.Issuers[attr.CredentialTypeIdentifier().IssuerIdentifier()] = struct{}{}
+			dr.ids.CredentialTypes[attr.CredentialTypeIdentifier()] = struct{}{}
 			return nil
 		})
 	}
-	return dr.Ids
+	return dr.ids
 }
 
 func (dr *DisclosureRequest) Base() *BaseRequest {
@@ -462,8 +460,8 @@ func (cr *CredentialRequest) AttributeList(conf *Configuration, metadataVersion
 }
 
 func (ir *IssuanceRequest) Identifiers() *IrmaIdentifierSet {
-	if ir.Ids == nil {
-		ir.Ids = &IrmaIdentifierSet{
+	if ir.ids == nil {
+		ir.ids = &IrmaIdentifierSet{
 			SchemeManagers:  map[SchemeManagerIdentifier]struct{}{},
 			Issuers:         map[IssuerIdentifier]struct{}{},
 			CredentialTypes: map[CredentialTypeIdentifier]struct{}{},
@@ -472,18 +470,18 @@ func (ir *IssuanceRequest) Identifiers() *IrmaIdentifierSet {
 
 		for _, credreq := range ir.Credentials {
 			issuer := credreq.CredentialTypeID.IssuerIdentifier()
-			ir.Ids.SchemeManagers[issuer.SchemeManagerIdentifier()] = struct{}{}
-			ir.Ids.Issuers[issuer] = struct{}{}
-			ir.Ids.CredentialTypes[credreq.CredentialTypeID] = struct{}{}
-			if ir.Ids.PublicKeys[issuer] == nil {
-				ir.Ids.PublicKeys[issuer] = []int{}
+			ir.ids.SchemeManagers[issuer.SchemeManagerIdentifier()] = struct{}{}
+			ir.ids.Issuers[issuer] = struct{}{}
+			ir.ids.CredentialTypes[credreq.CredentialTypeID] = struct{}{}
+			if ir.ids.PublicKeys[issuer] == nil {
+				ir.ids.PublicKeys[issuer] = []int{}
 			}
-			ir.Ids.PublicKeys[issuer] = append(ir.Ids.PublicKeys[issuer], credreq.KeyCounter)
+			ir.ids.PublicKeys[issuer] = append(ir.ids.PublicKeys[issuer], credreq.KeyCounter)
 		}
 
-		ir.Ids.join(ir.DisclosureRequest.Identifiers())
+		ir.ids.join(ir.DisclosureRequest.Identifiers())
 	}
-	return ir.Ids
+	return ir.ids
 }
 
 func (ir *IssuanceRequest) GetCredentialInfoList(conf *Configuration, version *ProtocolVersion) (CredentialInfoList, error) {
@@ -513,11 +511,11 @@ func (ir *IssuanceRequest) Validate() error {
 
 // GetNonce returns the nonce of this signature session
 // (with the message already hashed into it).
-func (sr *SignatureRequest) GetNonce() *big.Int {
-	return ASN1ConvertSignatureNonce(sr.Message, sr.BaseRequest.GetNonce(), sr.Timestamp)
+func (sr *SignatureRequest) GetNonce(timestamp *atum.Timestamp) *big.Int {
+	return ASN1ConvertSignatureNonce(sr.Message, sr.BaseRequest.GetNonce(nil), timestamp)
 }
 
-func (sr *SignatureRequest) SignatureFromMessage(message interface{}) (*SignedMessage, error) {
+func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp *atum.Timestamp) (*SignedMessage, error) {
 	signature, ok := message.(*Disclosure)
 
 	if !ok {
@@ -534,7 +532,7 @@ func (sr *SignatureRequest) SignatureFromMessage(message interface{}) (*SignedMe
 		Nonce:     nonce,
 		Context:   sr.GetContext(),
 		Message:   sr.Message,
-		Timestamp: sr.Timestamp,
+		Timestamp: timestamp,
 	}, nil
 }
 

verify.go

@@ -246,7 +246,7 @@ func (d *Disclosure) VerifyAgainstDisjunctions(
 }
 
 func (d *Disclosure) Verify(configuration *Configuration, request *DisclosureRequest) ([][]*DisclosedAttribute, ProofStatus, error) {
-	list, status, err := d.VerifyAgainstDisjunctions(configuration, request.Disclose, request.GetContext(), request.GetNonce(), nil, false)
+	list, status, err := d.VerifyAgainstDisjunctions(configuration, request.Disclose, request.GetContext(), request.GetNonce(nil), nil, false)
 	if err != nil {
 		return list, status, err
 	}
@@ -273,7 +273,6 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
 
 	// First check if this signature matches the request
 	if request != nil {
-		request.Timestamp = sm.Timestamp
 		if !sm.MatchesNonceAndContext(request) {
 			return nil, ProofStatusUnmatchedRequest, nil
 		}
@@ -285,10 +284,8 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
 	}
 
 	// Verify the timestamp
-	if sm.Timestamp != nil {
-		if err := sm.VerifyTimestamp(message, configuration); err != nil {
-			return nil, ProofStatusInvalidTimestamp, nil
-		}
+	if err := sm.VerifyTimestamp(message, configuration); err != nil {
+		return nil, ProofStatusInvalidTimestamp, nil
 	}
 
 	// Now, cryptographically verify the IRMA disclosure proofs in the signature
@@ -302,10 +299,7 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
 	}
 
 	// Check if a credential is expired
-	var t time.Time
-	if sm.Timestamp != nil {
-		t = time.Unix(sm.Timestamp.Time, 0)
-	}
+	t := time.Unix(sm.Timestamp.Time, 0)
 	if expired := ProofList(sm.Signature).Expired(configuration, &t); expired {
 		// The ABS contains attributes that were expired at the time of creation of the ABS.
 		return result, ProofStatusExpired, nil