Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
5574c4d6
Commit
5574c4d6
authored
Sep 23, 2017
by
Sietse Ringers
Browse files
Document code, make lint happy
parent
67f14955
Changes
6
Show whitespace changes
Inline
Side-by-side
descriptions.go
View file @
5574c4d6
...
...
@@ -127,6 +127,7 @@ func (sm *SchemeManager) Identifier() SchemeManagerIdentifier {
return
NewSchemeManagerIdentifier
(
sm
.
ID
)
}
// Distributed indicates if this scheme manager uses a keyshare server.
func
(
sm
*
SchemeManager
)
Distributed
()
bool
{
return
len
(
sm
.
KeyshareServer
)
>
0
}
...
...
keyshare.go
View file @
5574c4d6
...
...
@@ -13,6 +13,7 @@ import (
"github.com/mhe/gabi"
)
// KeysharePinRequestor is used to asking the user for his PIN.
type
KeysharePinRequestor
interface
{
AskPin
(
remainingAttempts
int
,
callback
func
(
proceed
bool
,
pin
string
))
}
...
...
@@ -83,6 +84,8 @@ type proofPCommitmentMap struct {
Commitments
map
[
publicKeyIdentifier
]
*
gabi
.
ProofPCommitment
`json:"c"`
}
// KeyshareHandler is used for asking the user for his email address and PIN,
// for registering at a keyshare server.
type
KeyshareHandler
interface
{
StartKeyshareRegistration
(
manager
*
SchemeManager
,
registrationCallback
func
(
email
,
pin
string
))
}
...
...
@@ -125,11 +128,11 @@ func startKeyshareSession(
pin
KeysharePinRequestor
,
)
{
ksscount
:=
0
for
_
,
managerI
d
:=
range
session
.
SchemeManagers
()
{
if
MetaStore
.
SchemeManagers
[
managerI
d
]
.
Distributed
()
{
for
_
,
managerI
D
:=
range
session
.
SchemeManagers
()
{
if
MetaStore
.
SchemeManagers
[
managerI
D
]
.
Distributed
()
{
ksscount
++
if
_
,
registered
:=
Manager
.
keyshareServers
[
managerI
d
];
!
registered
{
err
:=
errors
.
New
(
"Not registered to keyshare server of scheme manager "
+
managerI
d
.
String
())
if
_
,
registered
:=
Manager
.
keyshareServers
[
managerI
D
];
!
registered
{
err
:=
errors
.
New
(
"Not registered to keyshare server of scheme manager "
+
managerI
D
.
String
())
sessionHandler
.
KeyshareError
(
err
)
return
}
...
...
@@ -151,16 +154,16 @@ func startKeyshareSession(
askPin
:=
false
for
_
,
managerI
d
:=
range
session
.
SchemeManagers
()
{
if
!
MetaStore
.
SchemeManagers
[
managerI
d
]
.
Distributed
()
{
for
_
,
managerI
D
:=
range
session
.
SchemeManagers
()
{
if
!
MetaStore
.
SchemeManagers
[
managerI
D
]
.
Distributed
()
{
continue
}
ks
.
keyshareServer
=
Manager
.
keyshareServers
[
managerI
d
]
ks
.
keyshareServer
=
Manager
.
keyshareServers
[
managerI
D
]
transport
:=
NewHTTPTransport
(
ks
.
keyshareServer
.
URL
)
transport
.
SetHeader
(
kssUsernameHeader
,
ks
.
keyshareServer
.
Username
)
transport
.
SetHeader
(
kssAuthHeader
,
ks
.
keyshareServer
.
token
)
ks
.
transports
[
managerI
d
]
=
transport
ks
.
transports
[
managerI
D
]
=
transport
authstatus
:=
&
keyshareAuthorization
{}
err
:=
transport
.
Post
(
"users/isAuthorized"
,
authstatus
,
""
)
...
...
@@ -217,13 +220,13 @@ func (ks *keyshareSession) VerifyPin(attempts int) {
// - If this or anything else (specified in err) goes wrong, success will be false.
// If all is ok, success will be true.
func
(
ks
*
keyshareSession
)
verifyPinAttempt
(
pin
string
)
(
success
bool
,
tries
int
,
blocked
int
,
err
error
)
{
for
_
,
managerI
d
:=
range
ks
.
session
.
SchemeManagers
()
{
if
!
MetaStore
.
SchemeManagers
[
managerI
d
]
.
Distributed
()
{
for
_
,
managerI
D
:=
range
ks
.
session
.
SchemeManagers
()
{
if
!
MetaStore
.
SchemeManagers
[
managerI
D
]
.
Distributed
()
{
continue
}
kss
:=
Manager
.
keyshareServers
[
managerI
d
]
transport
:=
ks
.
transports
[
managerI
d
]
kss
:=
Manager
.
keyshareServers
[
managerI
D
]
transport
:=
ks
.
transports
[
managerI
D
]
pinmsg
:=
keysharePinMessage
{
Username
:
kss
.
Username
,
Pin
:
kss
.
HashedPin
(
pin
)}
pinresult
:=
&
keysharePinStatus
{}
err
=
transport
.
Post
(
"users/verify/pin"
,
pinresult
,
pinmsg
)
...
...
@@ -268,26 +271,26 @@ func (ks *keyshareSession) GetCommitments() {
// that we will use in the keyshare protocol with the keyshare server of this manager
for
_
,
builder
:=
range
ks
.
builders
{
pk
:=
builder
.
PublicKey
()
managerI
d
:=
NewIssuerIdentifier
(
pk
.
Issuer
)
.
SchemeManagerIdentifier
()
if
!
MetaStore
.
SchemeManagers
[
managerI
d
]
.
Distributed
()
{
managerI
D
:=
NewIssuerIdentifier
(
pk
.
Issuer
)
.
SchemeManagerIdentifier
()
if
!
MetaStore
.
SchemeManagers
[
managerI
D
]
.
Distributed
()
{
continue
}
if
_
,
contains
:=
pkids
[
managerI
d
];
!
contains
{
pkids
[
managerI
d
]
=
[]
*
publicKeyIdentifier
{}
if
_
,
contains
:=
pkids
[
managerI
D
];
!
contains
{
pkids
[
managerI
D
]
=
[]
*
publicKeyIdentifier
{}
}
pkids
[
managerI
d
]
=
append
(
pkids
[
managerI
d
],
&
publicKeyIdentifier
{
Issuer
:
pk
.
Issuer
,
Counter
:
pk
.
Counter
})
pkids
[
managerI
D
]
=
append
(
pkids
[
managerI
D
],
&
publicKeyIdentifier
{
Issuer
:
pk
.
Issuer
,
Counter
:
pk
.
Counter
})
}
// Now inform each keyshare server of with respect to which public keys
// we want them to send us commitments
for
_
,
managerI
d
:=
range
ks
.
session
.
SchemeManagers
()
{
if
!
MetaStore
.
SchemeManagers
[
managerI
d
]
.
Distributed
()
{
for
_
,
managerI
D
:=
range
ks
.
session
.
SchemeManagers
()
{
if
!
MetaStore
.
SchemeManagers
[
managerI
D
]
.
Distributed
()
{
continue
}
transport
:=
ks
.
transports
[
managerI
d
]
transport
:=
ks
.
transports
[
managerI
D
]
comms
:=
&
proofPCommitmentMap
{}
err
:=
transport
.
Post
(
"prove/getCommitments"
,
comms
,
pkids
[
managerI
d
])
err
:=
transport
.
Post
(
"prove/getCommitments"
,
comms
,
pkids
[
managerI
D
])
if
err
!=
nil
{
ks
.
sessionHandler
.
KeyshareError
(
err
)
return
...
...
@@ -331,8 +334,8 @@ func (ks *keyshareSession) GetProofPs() {
// Post the challenge, obtaining JWT's containing the ProofP's
responses
:=
map
[
SchemeManagerIdentifier
]
string
{}
for
_
,
managerI
d
:=
range
ks
.
session
.
SchemeManagers
()
{
transport
,
distributed
:=
ks
.
transports
[
managerI
d
]
for
_
,
managerI
D
:=
range
ks
.
session
.
SchemeManagers
()
{
transport
,
distributed
:=
ks
.
transports
[
managerI
D
]
if
!
distributed
{
continue
}
...
...
@@ -342,7 +345,7 @@ func (ks *keyshareSession) GetProofPs() {
ks
.
sessionHandler
.
KeyshareError
(
err
)
return
}
responses
[
managerI
d
]
=
jwt
responses
[
managerI
D
]
=
jwt
}
ks
.
Finish
(
challenge
,
responses
)
...
...
@@ -358,14 +361,14 @@ func (ks *keyshareSession) Finish(challenge *big.Int, responses map[SchemeManage
proofPs
:=
make
([]
*
gabi
.
ProofP
,
len
(
ks
.
builders
))
for
i
,
builder
:=
range
ks
.
builders
{
// Parse each received JWT
managerI
d
:=
NewIssuerIdentifier
(
builder
.
PublicKey
()
.
Issuer
)
.
SchemeManagerIdentifier
()
if
!
MetaStore
.
SchemeManagers
[
managerI
d
]
.
Distributed
()
{
managerI
D
:=
NewIssuerIdentifier
(
builder
.
PublicKey
()
.
Issuer
)
.
SchemeManagerIdentifier
()
if
!
MetaStore
.
SchemeManagers
[
managerI
D
]
.
Distributed
()
{
continue
}
msg
:=
struct
{
ProofP
*
gabi
.
ProofP
}{}
_
,
err
:=
jwtDecode
(
responses
[
managerI
d
],
msg
)
_
,
err
:=
jwtDecode
(
responses
[
managerI
D
],
msg
)
if
err
!=
nil
{
ks
.
sessionHandler
.
KeyshareError
(
err
)
return
...
...
@@ -417,20 +420,20 @@ func (comms *proofPCommitmentMap) UnmarshalJSON(bytes []byte) error {
return
err
}
for
_
,
raw
:=
range
temp
.
C
{
tempPkI
d
:=
struct
{
tempPkI
D
:=
struct
{
Issuer
struct
{
Identifier
string
`json:"identifier"`
}
`json:"issuer"`
Counter
uint
`json:"counter"`
}{}
comm
:=
gabi
.
ProofPCommitment
{}
if
err
:=
json
.
Unmarshal
([]
byte
(
*
raw
[
0
]),
&
tempPkI
d
);
err
!=
nil
{
if
err
:=
json
.
Unmarshal
([]
byte
(
*
raw
[
0
]),
&
tempPkI
D
);
err
!=
nil
{
return
err
}
if
err
:=
json
.
Unmarshal
([]
byte
(
*
raw
[
1
]),
&
comm
);
err
!=
nil
{
return
err
}
pkid
:=
publicKeyIdentifier
{
Issuer
:
tempPkI
d
.
Issuer
.
Identifier
,
Counter
:
tempPkI
d
.
Counter
}
pkid
:=
publicKeyIdentifier
{
Issuer
:
tempPkI
D
.
Issuer
.
Identifier
,
Counter
:
tempPkI
D
.
Counter
}
comms
.
Commitments
[
pkid
]
=
&
comm
}
return
nil
...
...
manager.go
View file @
5574c4d6
...
...
@@ -33,6 +33,7 @@ func newCredentialManager() *CredentialManager {
}
}
// CredentialList returns a list of information of all contained credentials.
func
(
cm
*
CredentialManager
)
CredentialList
()
CredentialList
{
list
:=
CredentialList
([]
*
Credential
{})
for
_
,
credlist
:=
range
cm
.
credentials
{
...
...
@@ -237,6 +238,7 @@ type Session interface {
SchemeManagers
()
[]
SchemeManagerIdentifier
}
// ProofBuilders constructs a list of proof builders for the specified attribute choice.
func
(
cm
*
CredentialManager
)
ProofBuilders
(
choice
*
DisclosureChoice
)
(
gabi
.
ProofBuilderList
,
error
)
{
todisclose
,
err
:=
cm
.
groupCredentials
(
choice
)
if
err
!=
nil
{
...
...
@@ -263,6 +265,8 @@ func (cm *CredentialManager) Proofs(choice *DisclosureChoice, request Session, i
return
builders
.
BuildProofList
(
request
.
GetContext
(),
request
.
GetNonce
(),
issig
),
nil
}
// IssuanceProofBuilders constructs a list of proof builders in the issuance protocol
// for the future credentials as well as possibly any disclosed attributes.
func
(
cm
*
CredentialManager
)
IssuanceProofBuilders
(
request
*
IssuanceRequest
)
(
gabi
.
ProofBuilderList
,
error
)
{
state
,
err
:=
newIssuanceState
()
if
err
!=
nil
{
...
...
@@ -355,8 +359,9 @@ func (cm *CredentialManager) unenrolledKeyshareServers() []*SchemeManager {
return
list
}
func
(
cm
*
CredentialManager
)
KeyshareEnroll
(
managerId
SchemeManagerIdentifier
,
email
,
pin
string
)
error
{
manager
,
ok
:=
MetaStore
.
SchemeManagers
[
managerId
]
// KeyshareEnroll attempts to register at the keyshare server of the specified scheme manager.
func
(
cm
*
CredentialManager
)
KeyshareEnroll
(
managerID
SchemeManagerIdentifier
,
email
,
pin
string
)
error
{
manager
,
ok
:=
MetaStore
.
SchemeManagers
[
managerID
]
if
!
ok
{
return
errors
.
New
(
"Unknown scheme manager"
)
}
...
...
@@ -385,10 +390,11 @@ func (cm *CredentialManager) KeyshareEnroll(managerId SchemeManagerIdentifier, e
return
err
}
cm
.
keyshareServers
[
managerI
d
]
=
kss
cm
.
keyshareServers
[
managerI
D
]
=
kss
return
cm
.
storeKeyshareServers
()
}
// KeyshareRemove unregisters the keyshare server of the specified scheme manager.
func
(
cm
*
CredentialManager
)
KeyshareRemove
(
manager
SchemeManagerIdentifier
)
error
{
if
_
,
contains
:=
cm
.
keyshareServers
[
manager
];
!
contains
{
return
errors
.
New
(
"Can't uninstall unknown keyshare server"
)
...
...
requests.go
View file @
5574c4d6
...
...
@@ -17,13 +17,15 @@ import (
type
SessionRequest
struct
{
Context
*
big
.
Int
`json:"nonce"`
Nonce
*
big
.
Int
`json:"context"`
choice
*
DisclosureChoice
`json:"-"`
choice
*
DisclosureChoice
}
// DisclosureChoice returns the attributes to be disclosed in this session.
func
(
sr
*
SessionRequest
)
DisclosureChoice
()
*
DisclosureChoice
{
return
sr
.
choice
}
// SetDisclosureChoice sets the attributes to be disclosed in this session.
func
(
sr
*
SessionRequest
)
SetDisclosureChoice
(
choice
*
DisclosureChoice
)
{
sr
.
choice
=
choice
}
...
...
@@ -151,6 +153,7 @@ func newIssuanceState() (*issuanceState, error) {
},
nil
}
// Distributed indicates if a keyshare is involved in this session.
func
(
ir
*
IssuanceRequest
)
Distributed
()
bool
{
for
_
,
manager
:=
range
ir
.
SchemeManagers
()
{
if
MetaStore
.
SchemeManagers
[
manager
]
.
Distributed
()
{
...
...
@@ -160,6 +163,7 @@ func (ir *IssuanceRequest) Distributed() bool {
return
false
}
// SchemeManagers returns a list of all scheme managers involved in this session.
func
(
ir
*
IssuanceRequest
)
SchemeManagers
()
[]
SchemeManagerIdentifier
{
list
:=
[]
SchemeManagerIdentifier
{}
for
_
,
cred
:=
range
ir
.
Credentials
{
...
...
@@ -188,6 +192,7 @@ func (ir *IssuanceRequest) GetNonce() *big.Int { return ir.Nonce }
// SetNonce sets the nonce of this session.
func
(
ir
*
IssuanceRequest
)
SetNonce
(
nonce
*
big
.
Int
)
{
ir
.
Nonce
=
nonce
}
// Distributed indicates if a keyshare is involved in this session.
func
(
dr
*
DisclosureRequest
)
Distributed
()
bool
{
for
_
,
manager
:=
range
dr
.
SchemeManagers
()
{
if
MetaStore
.
SchemeManagers
[
manager
]
.
Distributed
()
{
...
...
@@ -197,6 +202,7 @@ func (dr *DisclosureRequest) Distributed() bool {
return
false
}
// SchemeManagers returns a list of all scheme managers involved in this session.
func
(
dr
*
DisclosureRequest
)
SchemeManagers
()
[]
SchemeManagerIdentifier
{
list
:=
[]
SchemeManagerIdentifier
{}
for
_
,
disjunction
:=
range
dr
.
Content
{
...
...
storage.go
View file @
5574c4d6
...
...
@@ -94,6 +94,9 @@ func (cm *CredentialManager) ParseAndroidStorage() (err error) {
}
bytes
,
err
:=
ioutil
.
ReadFile
(
cm
.
path
(
cardemuXML
))
if
err
!=
nil
{
return
}
parsedxml
:=
struct
{
Strings
[]
struct
{
Name
string
`xml:"name,attr"`
...
...
transport.go
View file @
5574c4d6
...
...
@@ -35,6 +35,7 @@ func NewHTTPTransport(serverURL string) *HTTPTransport {
}
}
// SetHeader sets a header to be sent in requests.
func
(
transport
*
HTTPTransport
)
SetHeader
(
name
,
val
string
)
{
transport
.
headers
[
name
]
=
val
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment