Commit 4e3ff0dc authored by Sietse Ringers's avatar Sietse Ringers

feat: store nonrevocation witness along with credential signatures

parent 93e24c46
......@@ -433,7 +433,7 @@ func (client *Client) credential(id irma.CredentialTypeIdentifier, counter int)
if attrs == nil { // We do not have the requested cred
return
}
sig, err := client.storage.LoadSignature(attrs)
sig, witness, err := client.storage.LoadSignature(attrs)
if err != nil {
return nil, err
}
......@@ -449,9 +449,10 @@ func (client *Client) credential(id irma.CredentialTypeIdentifier, counter int)
return nil, errors.New("unknown public key")
}
cred, err := newCredential(&gabi.Credential{
Attributes: append([]*big.Int{client.secretkey.Key}, attrs.Ints...),
Signature: sig,
Pk: pk,
Attributes: append([]*big.Int{client.secretkey.Key}, attrs.Ints...),
Signature: sig,
NonRevocationWitness: witness,
Pk: pk,
}, client.Configuration)
if err != nil {
return nil, err
......
......@@ -54,16 +54,16 @@ func (f *fileStorage) signatureFilename(attrs *irma.AttributeList) string {
return filepath.Join(signaturesDir, attrs.Hash())
}
func (f *fileStorage) LoadSignature(attrs *irma.AttributeList) (signature *gabi.CLSignature, err error) {
sigpath := f.signatureFilename(attrs)
if err := fs.AssertPathExists(f.path(sigpath)); err != nil {
return nil, err
func (f *fileStorage) LoadSignature(attrs *irma.AttributeList) (signature *gabi.CLSignature, witness *revocation.Witness, err error) {
sigpath := s.signatureFilename(attrs)
if err := fs.AssertPathExists(s.path(sigpath)); err != nil {
return nil, nil, err
}
signature = new(gabi.CLSignature)
if err := f.load(signature, sigpath); err != nil {
return nil, err
sig := &clSignatureWitness{}
if err := s.loadFromFile(sig, sigpath); err != nil {
return nil, nil, err
}
return signature, nil
return sig.CLSignature, sig.Witness, nil
}
// LoadSecretKey retrieves and returns the secret key from file storage. When no secret key
......
......@@ -9,8 +9,11 @@ import (
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/gabi/revocation"
irma "github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/internal/fs"
"github.com/go-errors/errors"
"go.etcd.io/bbolt"
)
......@@ -131,11 +134,19 @@ func (s *storage) TxDeleteAllSignatures(tx *transaction) error {
return tx.DeleteBucket([]byte(signaturesBucket))
}
type clSignatureWitness struct {
*gabi.CLSignature
Witness *revocation.Witness
}
func (s *storage) TxStoreSignature(tx *transaction, cred *credential) error {
return s.TxStoreCLSignature(tx, cred.AttributeList().Hash(), cred.Signature)
return s.TxStoreCLSignature(tx, cred.AttributeList().Hash(), &clSignatureWitness{
CLSignature: cred.Signature,
Witness: cred.NonRevocationWitness,
})
}
func (s *storage) TxStoreCLSignature(tx *transaction, credHash string, sig *gabi.CLSignature) error {
func (s *storage) TxStoreCLSignature(tx *transaction, credHash string, sig *clSignatureWitness) error {
// We take the SHA256 hash over all attributes as the bucket key for the signature.
// This means that of the signatures of two credentials that have identical attributes
// only one gets stored, one overwriting the other - but that doesn't
......@@ -232,15 +243,15 @@ func (s *storage) TxStoreUpdates(tx *transaction, updates []update) error {
return s.txStore(tx, userdataBucket, updatesKey, updates)
}
func (s *storage) LoadSignature(attrs *irma.AttributeList) (signature *gabi.CLSignature, err error) {
signature = new(gabi.CLSignature)
found, err := s.load(signaturesBucket, attrs.Hash(), signature)
func (s *storage) LoadSignature(attrs *irma.AttributeList) (*gabi.CLSignature, *revocation.Witness, error) {
sig := new(clSignatureWitness)
found, err := s.load(signaturesBucket, attrs.Hash(), sig)
if err != nil {
return nil, err
return nil, nil, err
} else if !found {
return nil, errors.Errorf("Signature of credential with hash %s cannot be found", attrs.Hash())
return nil, nil, errors.Errorf("Signature of credential with hash %s cannot be found", attrs.Hash())
}
return
return sig.CLSignature, sig.Witness, nil
}
// LoadSecretKey retrieves and returns the secret key from bbolt storage, or if no secret key
......
......@@ -4,9 +4,7 @@ import (
"encoding/json"
"time"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/irmago"
irma "github.com/privacybydesign/irmago"
)
// This file contains the update mechanism for Client
......@@ -90,14 +88,17 @@ var clientUpdates = []func(client *Client) error{
return err
}
sigs := make(map[string]*gabi.CLSignature)
sigs := make(map[string]*clSignatureWitness)
for _, attrlistlist := range attrs {
for _, attrlist := range attrlistlist {
sig, err := client.fileStorage.LoadSignature(attrlist)
sig, witness, err := client.fileStorage.LoadSignature(attrlist)
if err != nil {
return err
}
sigs[attrlist.Hash()] = sig
sigs[attrlist.Hash()] = &clSignatureWitness{
CLSignature: sig,
Witness: witness,
}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment