Commit 4c7a66f2 authored by David Venhoek's avatar David Venhoek Committed by Sietse Ringers
Browse files

Removed redundant keyshare from keysharecore name.

parent abb8bb50
......@@ -13,7 +13,7 @@ import (
type (
AesKey [32]byte
KeyshareCore struct {
Core struct {
// Keys used for storage encryption/decryption
decryptionKeys map[uint32]AesKey
encryptionKey AesKey
......@@ -33,8 +33,8 @@ type (
}
)
func NewKeyshareCore() *KeyshareCore {
return &KeyshareCore{
func NewKeyshareCore() *Core {
return &Core{
decryptionKeys: map[uint32]AesKey{},
commitmentData: map[uint64]*big.Int{},
trustedKeys: map[irma.PublicKeyIdentifier]*gabi.PublicKey{},
......@@ -49,26 +49,26 @@ func GenerateAESKey() (AesKey, error) {
// Add an aes key for decryption, with identifier keyid
// Calling this will cause all keyshare packets generated with the key to be trusted
func (c *KeyshareCore) DangerousAddAESKey(keyID uint32, key AesKey) {
func (c *Core) DangerousAddAESKey(keyID uint32, key AesKey) {
c.decryptionKeys[keyID] = key
}
// Set the aes key for encrypting new/changed keyshare data
// with identifier keyid
// Calling this wil also cause all keyshare packets generated with the key to be trusted
func (c *KeyshareCore) DangerousSetAESEncryptionKey(keyID uint32, key AesKey) {
func (c *Core) DangerousSetAESEncryptionKey(keyID uint32, key AesKey) {
c.decryptionKeys[keyID] = key
c.encryptionKey = key
c.encryptionKeyID = keyID
}
// Set key used to sign keyshare protocol messages
func (c *KeyshareCore) SetSignKey(key *rsa.PrivateKey, id int) {
func (c *Core) SetSignKey(key *rsa.PrivateKey, id int) {
c.signKey = key
c.signKeyID = id
}
// Add public key as trusted by keyshareCore. Calling this on incorrectly generated key material WILL compromise keyshare secrets!
func (c *KeyshareCore) DangerousAddTrustedPublicKey(keyID irma.PublicKeyIdentifier, key *gabi.PublicKey) {
func (c *Core) DangerousAddTrustedPublicKey(keyID irma.PublicKeyIdentifier, key *gabi.PublicKey) {
c.trustedKeys[keyID] = key
}
......@@ -24,7 +24,7 @@ var (
)
// Generate a new keyshare secret, secured with the given pin
func (c *KeyshareCore) GenerateKeyshareSecret(pinRaw string) (EncryptedKeysharePacket, error) {
func (c *Core) GenerateKeyshareSecret(pinRaw string) (EncryptedKeysharePacket, error) {
pin, err := padPin(pinRaw)
if err != nil {
return EncryptedKeysharePacket{}, err
......@@ -54,7 +54,7 @@ func (c *KeyshareCore) GenerateKeyshareSecret(pinRaw string) (EncryptedKeyshareP
return c.encryptPacket(p)
}
func (c *KeyshareCore) DangerousBuildKeyshareSecret(pinRaw string, secret *big.Int) (EncryptedKeysharePacket, error) {
func (c *Core) DangerousBuildKeyshareSecret(pinRaw string, secret *big.Int) (EncryptedKeysharePacket, error) {
pin, err := padPin(pinRaw)
if err != nil {
return EncryptedKeysharePacket{}, err
......@@ -79,7 +79,7 @@ func (c *KeyshareCore) DangerousBuildKeyshareSecret(pinRaw string, secret *big.I
// Check pin for validity, and generate jwt for future access
// userid is an extra field added to the jwt for
func (c *KeyshareCore) ValidatePin(ep EncryptedKeysharePacket, pin string, userID string) (string, error) {
func (c *Core) ValidatePin(ep EncryptedKeysharePacket, pin string, userID string) (string, error) {
paddedPin, err := padPin(pin)
if err != nil {
return "", err
......@@ -112,13 +112,13 @@ func (c *KeyshareCore) ValidatePin(ep EncryptedKeysharePacket, pin string, userI
}
// Check whether the given JWT is currently valid as an access token for operations on the provided encrypted keyshare packet
func (c *KeyshareCore) ValidateJWT(ep EncryptedKeysharePacket, jwt string) error {
func (c *Core) ValidateJWT(ep EncryptedKeysharePacket, jwt string) error {
_, err := c.verifyAccess(ep, jwt)
return err
}
// Change pin in an encrypted keyshare packet to a new value, after validating that the old value is known by caller.
func (c *KeyshareCore) ChangePin(ep EncryptedKeysharePacket, oldpinRaw, newpinRaw string) (EncryptedKeysharePacket, error) {
func (c *Core) ChangePin(ep EncryptedKeysharePacket, oldpinRaw, newpinRaw string) (EncryptedKeysharePacket, error) {
oldpin, err := padPin(oldpinRaw)
if err != nil {
return EncryptedKeysharePacket{}, err
......@@ -154,7 +154,7 @@ func (c *KeyshareCore) ChangePin(ep EncryptedKeysharePacket, oldpinRaw, newpinRa
// Verify that a given access jwt is valid, and if so, return decrypted keyshare packet
// Note: Although this is an internal function, it is tested directly
func (c *KeyshareCore) verifyAccess(ep EncryptedKeysharePacket, jwtToken string) (unencryptedKeysharePacket, error) {
func (c *Core) verifyAccess(ep EncryptedKeysharePacket, jwtToken string) (unencryptedKeysharePacket, error) {
// Verify token validity
token, err := jwt.Parse(jwtToken, func(token *jwt.Token) (interface{}, error) {
if token.Method != jwt.SigningMethodRS256 {
......@@ -200,7 +200,7 @@ func (c *KeyshareCore) verifyAccess(ep EncryptedKeysharePacket, jwtToken string)
}
// Get keyshare commitment usign given idemix public key(s)
func (c *KeyshareCore) GenerateCommitments(ep EncryptedKeysharePacket, accessToken string, keyIDs []irma.PublicKeyIdentifier) ([]*gabi.ProofPCommitment, uint64, error) {
func (c *Core) GenerateCommitments(ep EncryptedKeysharePacket, accessToken string, keyIDs []irma.PublicKeyIdentifier) ([]*gabi.ProofPCommitment, uint64, error) {
// Validate input request and build key list
var keyList []*gabi.PublicKey
for _, keyID := range keyIDs {
......@@ -239,7 +239,7 @@ func (c *KeyshareCore) GenerateCommitments(ep EncryptedKeysharePacket, accessTok
}
// Generate response for zero-knowledge proof of keyshare secret, for a given previous commit and challenge
func (c *KeyshareCore) GenerateResponse(ep EncryptedKeysharePacket, accessToken string, commitID uint64, challenge *big.Int, keyID irma.PublicKeyIdentifier) (string, error) {
func (c *Core) GenerateResponse(ep EncryptedKeysharePacket, accessToken string, commitID uint64, challenge *big.Int, keyID irma.PublicKeyIdentifier) (string, error) {
// Validate request
if uint(challenge.BitLen()) > gabi.DefaultSystemParameters[1024].Lh || challenge.Cmp(big.NewInt(0)) < 0 {
return "", ErrInvalidChallenge
......
......@@ -67,7 +67,7 @@ func (p *unencryptedKeysharePacket) setID(id [32]byte) {
copy(p[128:160], id[:])
}
func (c *KeyshareCore) encryptPacket(p unencryptedKeysharePacket) (EncryptedKeysharePacket, error) {
func (c *Core) encryptPacket(p unencryptedKeysharePacket) (EncryptedKeysharePacket, error) {
var result EncryptedKeysharePacket
// Store key id
......@@ -93,7 +93,7 @@ func (c *KeyshareCore) encryptPacket(p unencryptedKeysharePacket) (EncryptedKeys
return result, nil
}
func (c *KeyshareCore) decryptPacket(p EncryptedKeysharePacket) (unencryptedKeysharePacket, error) {
func (c *Core) decryptPacket(p EncryptedKeysharePacket) (unencryptedKeysharePacket, error) {
// determine key id
id := binary.LittleEndian.Uint32(p[0:])
......
......@@ -15,7 +15,7 @@ type Converter struct {
source_db *sql.DB
target_db *sql.DB
core *keysharecore.KeyshareCore
core *keysharecore.Core
logger *logrus.Logger
}
......
......@@ -107,7 +107,7 @@ func readAESKey(filename string) (uint32, keysharecore.AesKey, error) {
// Process a passed configuration to ensure all field values are valid and initialized
// as required by the rest of this keyshare server component.
func processConfiguration(conf *Configuration) (*keysharecore.KeyshareCore, error) {
func processConfiguration(conf *Configuration) (*keysharecore.Core, error) {
// Setup log
if conf.Logger == nil {
conf.Logger = server.NewLogger(conf.Verbose, conf.Quiet, conf.LogJSON)
......
......@@ -37,7 +37,7 @@ type Server struct {
conf *Configuration
// external components
core *keysharecore.KeyshareCore
core *keysharecore.Core
sessionserver *irmaserver.Server
db KeyshareDB
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment