Commit 56f09b6f authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Make some functions that act on SignedMessage instances methods on SignedMessage

parent a3454588
......@@ -20,14 +20,14 @@ type SignedMessage struct {
Timestamp *atum.Timestamp `json:"timestamp"`
}
func (im *SignedMessage) GetNonce() *big.Int {
return ASN1ConvertSignatureNonce(im.Message, im.Nonce, im.Timestamp)
func (sm *SignedMessage) GetNonce() *big.Int {
return ASN1ConvertSignatureNonce(sm.Message, sm.Nonce, sm.Timestamp)
}
func (im *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool {
return im.Nonce.Cmp(request.Nonce) == 0 &&
im.Context.Cmp(request.Context) == 0 &&
im.GetNonce().Cmp(request.GetNonce()) == 0
func (sm *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool {
return sm.Nonce.Cmp(request.Nonce) == 0 &&
sm.Context.Cmp(request.Context) == 0 &&
sm.GetNonce().Cmp(request.GetNonce()) == 0
}
// ASN1ConvertSignatureNonce computes the nonce that is used in the creation of the attribute-based signature:
......
......@@ -229,7 +229,7 @@ func TestLogging(t *testing.T) {
sig, err := entry.GetSignedMessage()
require.NoError(t, err)
require.NotNil(t, sig)
status, list := irma.VerifySigWithoutRequest(client.Configuration, sig)
status, list := sig.VerifyWithoutRequest(client.Configuration)
require.Equal(t, irma.VALID, status)
require.NotEmpty(t, list)
require.Contains(t, list[0].Attributes, attrid)
......
......@@ -303,7 +303,7 @@ func (sh *ManualSessionHandler) Success(irmaAction irma.Action, result string) {
}
go func() {
sh.resultChannel <- irma.VerifySig(client.Configuration, irmaSignedMessage, sh.sigVerifyRequest)
sh.resultChannel <- irmaSignedMessage.Verify(client.Configuration, sh.sigVerifyRequest)
}()
}
sh.errorChannel <- nil
......
......@@ -288,7 +288,7 @@ func TestVerifyValidSig(t *testing.T) {
require.Equal(t, sigRequest.Context, big.NewInt(1337))
// Test if we can verify it with the original request
sigProofResult := VerifySig(conf, irmaSignedMessage, sigRequest)
sigProofResult := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, sigProofResult.ProofStatus, VALID)
attributeList := sigProofResult.ToAttributeResultList()
require.Len(t, attributeList, 1)
......@@ -305,7 +305,7 @@ func TestVerifyValidSig(t *testing.T) {
require.Equal(t, stringSigRequest.Context, big.NewInt(1337))
// Test if we can verify it with the original request
stringSigProofResult := VerifySig(conf, irmaSignedMessage, sigRequest)
stringSigProofResult := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, stringSigProofResult.ProofStatus, VALID)
stringAttributeList := sigProofResult.ToAttributeResultList()
require.Len(t, stringAttributeList, 1)
......@@ -317,11 +317,11 @@ func TestVerifyValidSig(t *testing.T) {
unmatchedSigRequestJSON := []byte(unmatched)
unmatchedSigRequest := &SignatureRequest{}
json.Unmarshal(unmatchedSigRequestJSON, unmatchedSigRequest)
unmatchedResult := VerifySig(conf, irmaSignedMessage, unmatchedSigRequest)
unmatchedResult := irmaSignedMessage.Verify(conf, unmatchedSigRequest)
require.Equal(t, unmatchedResult.ProofStatus, UNMATCHED_REQUEST)
// Test if we can also verify it without using the original request
proofStatus, disclosed := VerifySigWithoutRequest(conf, irmaSignedMessage)
proofStatus, disclosed := irmaSignedMessage.VerifyWithoutRequest(conf)
require.Equal(t, proofStatus, VALID)
require.Len(t, disclosed, 1)
require.Equal(t, disclosed[0].Attributes[NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")]["en"], "456")
......@@ -340,10 +340,10 @@ func TestVerifyInValidSig(t *testing.T) {
sigRequest := &SignatureRequest{}
json.Unmarshal(sigRequestJSON, sigRequest)
sigProofResult := VerifySig(conf, irmaSignedMessage, sigRequest)
sigProofResult := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, sigProofResult.ProofStatus, INVALID_CRYPTO)
proofStatus, disclosed := VerifySigWithoutRequest(conf, irmaSignedMessage)
proofStatus, disclosed := irmaSignedMessage.VerifyWithoutRequest(conf)
require.Equal(t, proofStatus, INVALID_CRYPTO)
require.Nil(t, disclosed)
}
......@@ -362,10 +362,10 @@ func TestVerifyInValidNonce(t *testing.T) {
sigRequest := &SignatureRequest{}
json.Unmarshal(sigRequestJSON, sigRequest)
sigProofResult := VerifySig(conf, irmaSignedMessage, sigRequest)
sigProofResult := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, sigProofResult.ProofStatus, INVALID_CRYPTO)
proofStatus, disclosed := VerifySigWithoutRequest(conf, irmaSignedMessage)
proofStatus, disclosed := irmaSignedMessage.VerifyWithoutRequest(conf)
require.Equal(t, proofStatus, INVALID_CRYPTO)
require.Nil(t, disclosed)
}
......
......@@ -50,18 +50,18 @@ const TimestampServerURL = "https://metrics.privacybydesign.foundation/atum"
// Given an SignedMessage, verify the timestamp over the signed message, disclosed attributes,
// and rerandomized CL-signatures.
func VerifyTimestamp(irmaSignature *SignedMessage, message string, conf *Configuration) error {
if irmaSignature.Timestamp.ServerUrl != TimestampServerURL {
func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) error {
if sm.Timestamp.ServerUrl != TimestampServerURL {
return errors.New("Untrusted timestamp server")
}
// Extract the disclosed attributes and randomized CL-signatures from the proofs in order to
// construct the nonce that should be signed by the timestamp server.
zero := big.NewInt(0)
size := len(irmaSignature.Signature)
size := len(sm.Signature)
sigs := make([]*big.Int, size)
disclosed := make([][]*big.Int, size)
for i, proof := range irmaSignature.Signature {
for i, proof := range sm.Signature {
proofd := proof.(*gabi.ProofD)
sigs[i] = proofd.A
ct := MetadataFromInt(proofd.ADisclosed[1], conf).CredentialType()
......@@ -84,7 +84,7 @@ func VerifyTimestamp(irmaSignature *SignedMessage, message string, conf *Configu
if err != nil {
return err
}
valid, err := irmaSignature.Timestamp.Verify(bts)
valid, err := sm.Timestamp.Verify(bts)
if err != nil {
return err
}
......
......@@ -237,8 +237,8 @@ func addExtraAttributes(disclosed DisclosedCredentialList, proofResult *ProofRes
}
// Check an gabi prooflist against a signature proofrequest
func checkProofWithRequest(configuration *Configuration, irmaSignature *SignedMessage, sigRequest *SignatureRequest) *SignatureProofResult {
disclosed, err := ExtractDisclosedCredentials(configuration, irmaSignature.Signature)
func (sm *SignedMessage) checkWithRequest(configuration *Configuration, sigRequest *SignatureRequest) *SignatureProofResult {
disclosed, err := ExtractDisclosedCredentials(configuration, sm.Signature)
if err != nil {
fmt.Println(err)
......@@ -258,7 +258,7 @@ func checkProofWithRequest(configuration *Configuration, irmaSignature *SignedMe
}
// If all disjunctions are satisfied, check if a credential is expired
if irmaSignature.Timestamp == nil {
if sm.Timestamp == nil {
if disclosed.IsExpired(time.Now()) {
// At least one of the contained attributes has currently expired. We don't know the
// creation time of the ABS so we can't ascertain that the attributes were still valid then.
......@@ -267,7 +267,7 @@ func checkProofWithRequest(configuration *Configuration, irmaSignature *SignedMe
return signatureProofResult
}
} else {
if disclosed.IsExpired(time.Unix(irmaSignature.Timestamp.Time, 0)) {
if disclosed.IsExpired(time.Unix(sm.Timestamp.Time, 0)) {
// The ABS contains attributes that were expired at the time of creation of the ABS.
// This must not happen and in this case the signature is invalid
signatureProofResult.ProofStatus = INVALID_CRYPTO
......@@ -292,10 +292,10 @@ func verify(configuration *Configuration, proofList gabi.ProofList, context *big
}
// Verify a signature proof and check if the attributes match the attributes in the original request
func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRequest *SignatureRequest) *SignatureProofResult {
func (sm *SignedMessage) Verify(configuration *Configuration, sigRequest *SignatureRequest) *SignatureProofResult {
// First check if this signature matches the request
sigRequest.Timestamp = irmaSignature.Timestamp
if !irmaSignature.MatchesNonceAndContext(sigRequest) {
sigRequest.Timestamp = sm.Timestamp
if !sm.MatchesNonceAndContext(sigRequest) {
return &SignatureProofResult{
ProofResult: &ProofResult{
ProofStatus: UNMATCHED_REQUEST,
......@@ -304,8 +304,8 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe
}
// Verify the timestamp
if irmaSignature.Timestamp != nil {
if err := VerifyTimestamp(irmaSignature, sigRequest.Message, configuration); err != nil {
if sm.Timestamp != nil {
if err := sm.VerifyTimestamp(sigRequest.Message, configuration); err != nil {
return &SignatureProofResult{
ProofResult: &ProofResult{
ProofStatus: INVALID_TIMESTAMP,
......@@ -315,7 +315,7 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe
}
// Now, cryptographically verify the signature
if !verify(configuration, irmaSignature.Signature, sigRequest.GetContext(), sigRequest.GetNonce(), true) {
if !verify(configuration, sm.Signature, sigRequest.GetContext(), sigRequest.GetNonce(), true) {
return &SignatureProofResult{
ProofResult: &ProofResult{
ProofStatus: INVALID_CRYPTO,
......@@ -324,37 +324,37 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe
}
// Finally, check whether attribute values in proof satisfy the original signature request
return checkProofWithRequest(configuration, irmaSignature, sigRequest)
return sm.checkWithRequest(configuration, sigRequest)
}
// Verify a signature cryptographically, but do not check/compare with a signature request
func VerifySigWithoutRequest(configuration *Configuration, irmaSignature *SignedMessage) (ProofStatus, DisclosedCredentialList) {
func (sm *SignedMessage) VerifyWithoutRequest(configuration *Configuration) (ProofStatus, DisclosedCredentialList) {
// First, verify the timestamp, if any
if irmaSignature.Timestamp != nil {
if err := VerifyTimestamp(irmaSignature, irmaSignature.Message, configuration); err != nil {
if sm.Timestamp != nil {
if err := sm.VerifyTimestamp(sm.Message, configuration); err != nil {
return INVALID_TIMESTAMP, nil
}
}
// Cryptographically verify the signature
if !verify(configuration, irmaSignature.Signature, irmaSignature.Context, irmaSignature.GetNonce(), true) {
if !verify(configuration, sm.Signature, sm.Context, sm.GetNonce(), true) {
return INVALID_CRYPTO, nil
}
// Extract attributes and return result
disclosed, err := ExtractDisclosedCredentials(configuration, irmaSignature.Signature)
disclosed, err := ExtractDisclosedCredentials(configuration, sm.Signature)
if err != nil {
fmt.Println(err)
return INVALID_CRYPTO, nil
}
if irmaSignature.Timestamp == nil {
if sm.Timestamp == nil {
if disclosed.IsExpired(time.Now()) {
return EXPIRED, disclosed
}
} else {
if disclosed.IsExpired(time.Unix(irmaSignature.Timestamp.Time, 0)) {
if disclosed.IsExpired(time.Unix(sm.Timestamp.Time, 0)) {
return INVALID_CRYPTO, nil
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment