Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
56f09b6f
Commit
56f09b6f
authored
Jul 24, 2018
by
Sietse Ringers
Browse files
Make some functions that act on SignedMessage instances methods on SignedMessage
parent
a3454588
Changes
6
Hide whitespace changes
Inline
Side-by-side
irma_signature.go
View file @
56f09b6f
...
...
@@ -20,14 +20,14 @@ type SignedMessage struct {
Timestamp
*
atum
.
Timestamp
`json:"timestamp"`
}
func
(
i
m
*
SignedMessage
)
GetNonce
()
*
big
.
Int
{
return
ASN1ConvertSignatureNonce
(
i
m
.
Message
,
i
m
.
Nonce
,
i
m
.
Timestamp
)
func
(
s
m
*
SignedMessage
)
GetNonce
()
*
big
.
Int
{
return
ASN1ConvertSignatureNonce
(
s
m
.
Message
,
s
m
.
Nonce
,
s
m
.
Timestamp
)
}
func
(
i
m
*
SignedMessage
)
MatchesNonceAndContext
(
request
*
SignatureRequest
)
bool
{
return
i
m
.
Nonce
.
Cmp
(
request
.
Nonce
)
==
0
&&
i
m
.
Context
.
Cmp
(
request
.
Context
)
==
0
&&
i
m
.
GetNonce
()
.
Cmp
(
request
.
GetNonce
())
==
0
func
(
s
m
*
SignedMessage
)
MatchesNonceAndContext
(
request
*
SignatureRequest
)
bool
{
return
s
m
.
Nonce
.
Cmp
(
request
.
Nonce
)
==
0
&&
s
m
.
Context
.
Cmp
(
request
.
Context
)
==
0
&&
s
m
.
GetNonce
()
.
Cmp
(
request
.
GetNonce
())
==
0
}
// ASN1ConvertSignatureNonce computes the nonce that is used in the creation of the attribute-based signature:
...
...
irmaclient/irmaclient_test.go
View file @
56f09b6f
...
...
@@ -229,7 +229,7 @@ func TestLogging(t *testing.T) {
sig
,
err
:=
entry
.
GetSignedMessage
()
require
.
NoError
(
t
,
err
)
require
.
NotNil
(
t
,
sig
)
status
,
list
:=
irma
.
Verify
Sig
WithoutRequest
(
client
.
Configuration
,
sig
)
status
,
list
:=
sig
.
VerifyWithoutRequest
(
client
.
Configuration
)
require
.
Equal
(
t
,
irma
.
VALID
,
status
)
require
.
NotEmpty
(
t
,
list
)
require
.
Contains
(
t
,
list
[
0
]
.
Attributes
,
attrid
)
...
...
irmaclient/manual_session_test.go
View file @
56f09b6f
...
...
@@ -303,7 +303,7 @@ func (sh *ManualSessionHandler) Success(irmaAction irma.Action, result string) {
}
go
func
()
{
sh
.
resultChannel
<-
irma
.
Verify
Sig
(
client
.
Configuration
,
irmaSignedMessage
,
sh
.
sigVerifyRequest
)
sh
.
resultChannel
<-
irma
SignedMessage
.
Verify
(
client
.
Configuration
,
sh
.
sigVerifyRequest
)
}()
}
sh
.
errorChannel
<-
nil
...
...
irmago_test.go
View file @
56f09b6f
...
...
@@ -288,7 +288,7 @@ func TestVerifyValidSig(t *testing.T) {
require
.
Equal
(
t
,
sigRequest
.
Context
,
big
.
NewInt
(
1337
))
// Test if we can verify it with the original request
sigProofResult
:=
VerifySig
(
conf
,
irmaSignedMessage
,
sigRequest
)
sigProofResult
:=
irmaSignedMessage
.
Verify
(
conf
,
sigRequest
)
require
.
Equal
(
t
,
sigProofResult
.
ProofStatus
,
VALID
)
attributeList
:=
sigProofResult
.
ToAttributeResultList
()
require
.
Len
(
t
,
attributeList
,
1
)
...
...
@@ -305,7 +305,7 @@ func TestVerifyValidSig(t *testing.T) {
require
.
Equal
(
t
,
stringSigRequest
.
Context
,
big
.
NewInt
(
1337
))
// Test if we can verify it with the original request
stringSigProofResult
:=
VerifySig
(
conf
,
irmaSignedMessage
,
sigRequest
)
stringSigProofResult
:=
irmaSignedMessage
.
Verify
(
conf
,
sigRequest
)
require
.
Equal
(
t
,
stringSigProofResult
.
ProofStatus
,
VALID
)
stringAttributeList
:=
sigProofResult
.
ToAttributeResultList
()
require
.
Len
(
t
,
stringAttributeList
,
1
)
...
...
@@ -317,11 +317,11 @@ func TestVerifyValidSig(t *testing.T) {
unmatchedSigRequestJSON
:=
[]
byte
(
unmatched
)
unmatchedSigRequest
:=
&
SignatureRequest
{}
json
.
Unmarshal
(
unmatchedSigRequestJSON
,
unmatchedSigRequest
)
unmatchedResult
:=
VerifySig
(
conf
,
irmaSignedMessage
,
unmatchedSigRequest
)
unmatchedResult
:=
irmaSignedMessage
.
Verify
(
conf
,
unmatchedSigRequest
)
require
.
Equal
(
t
,
unmatchedResult
.
ProofStatus
,
UNMATCHED_REQUEST
)
// Test if we can also verify it without using the original request
proofStatus
,
disclosed
:=
Verify
Sig
WithoutRequest
(
conf
,
irmaSignedMessage
)
proofStatus
,
disclosed
:=
irmaSignedMessage
.
VerifyWithoutRequest
(
conf
)
require
.
Equal
(
t
,
proofStatus
,
VALID
)
require
.
Len
(
t
,
disclosed
,
1
)
require
.
Equal
(
t
,
disclosed
[
0
]
.
Attributes
[
NewAttributeTypeIdentifier
(
"irma-demo.RU.studentCard.studentID"
)][
"en"
],
"456"
)
...
...
@@ -340,10 +340,10 @@ func TestVerifyInValidSig(t *testing.T) {
sigRequest
:=
&
SignatureRequest
{}
json
.
Unmarshal
(
sigRequestJSON
,
sigRequest
)
sigProofResult
:=
VerifySig
(
conf
,
irmaSignedMessage
,
sigRequest
)
sigProofResult
:=
irmaSignedMessage
.
Verify
(
conf
,
sigRequest
)
require
.
Equal
(
t
,
sigProofResult
.
ProofStatus
,
INVALID_CRYPTO
)
proofStatus
,
disclosed
:=
Verify
Sig
WithoutRequest
(
conf
,
irmaSignedMessage
)
proofStatus
,
disclosed
:=
irmaSignedMessage
.
VerifyWithoutRequest
(
conf
)
require
.
Equal
(
t
,
proofStatus
,
INVALID_CRYPTO
)
require
.
Nil
(
t
,
disclosed
)
}
...
...
@@ -362,10 +362,10 @@ func TestVerifyInValidNonce(t *testing.T) {
sigRequest
:=
&
SignatureRequest
{}
json
.
Unmarshal
(
sigRequestJSON
,
sigRequest
)
sigProofResult
:=
VerifySig
(
conf
,
irmaSignedMessage
,
sigRequest
)
sigProofResult
:=
irmaSignedMessage
.
Verify
(
conf
,
sigRequest
)
require
.
Equal
(
t
,
sigProofResult
.
ProofStatus
,
INVALID_CRYPTO
)
proofStatus
,
disclosed
:=
Verify
Sig
WithoutRequest
(
conf
,
irmaSignedMessage
)
proofStatus
,
disclosed
:=
irmaSignedMessage
.
VerifyWithoutRequest
(
conf
)
require
.
Equal
(
t
,
proofStatus
,
INVALID_CRYPTO
)
require
.
Nil
(
t
,
disclosed
)
}
...
...
timestamp.go
View file @
56f09b6f
...
...
@@ -50,18 +50,18 @@ const TimestampServerURL = "https://metrics.privacybydesign.foundation/atum"
// Given an SignedMessage, verify the timestamp over the signed message, disclosed attributes,
// and rerandomized CL-signatures.
func
VerifyTimestamp
(
irmaSignature
*
SignedMessage
,
message
string
,
conf
*
Configuration
)
error
{
if
irmaSignature
.
Timestamp
.
ServerUrl
!=
TimestampServerURL
{
func
(
sm
*
SignedMessage
)
VerifyTimestamp
(
message
string
,
conf
*
Configuration
)
error
{
if
sm
.
Timestamp
.
ServerUrl
!=
TimestampServerURL
{
return
errors
.
New
(
"Untrusted timestamp server"
)
}
// Extract the disclosed attributes and randomized CL-signatures from the proofs in order to
// construct the nonce that should be signed by the timestamp server.
zero
:=
big
.
NewInt
(
0
)
size
:=
len
(
irmaSignature
.
Signature
)
size
:=
len
(
sm
.
Signature
)
sigs
:=
make
([]
*
big
.
Int
,
size
)
disclosed
:=
make
([][]
*
big
.
Int
,
size
)
for
i
,
proof
:=
range
irmaSignature
.
Signature
{
for
i
,
proof
:=
range
sm
.
Signature
{
proofd
:=
proof
.
(
*
gabi
.
ProofD
)
sigs
[
i
]
=
proofd
.
A
ct
:=
MetadataFromInt
(
proofd
.
ADisclosed
[
1
],
conf
)
.
CredentialType
()
...
...
@@ -84,7 +84,7 @@ func VerifyTimestamp(irmaSignature *SignedMessage, message string, conf *Configu
if
err
!=
nil
{
return
err
}
valid
,
err
:=
irmaSignature
.
Timestamp
.
Verify
(
bts
)
valid
,
err
:=
sm
.
Timestamp
.
Verify
(
bts
)
if
err
!=
nil
{
return
err
}
...
...
verify.go
View file @
56f09b6f
...
...
@@ -237,8 +237,8 @@ func addExtraAttributes(disclosed DisclosedCredentialList, proofResult *ProofRes
}
// Check an gabi prooflist against a signature proofrequest
func
check
Proof
WithRequest
(
configuration
*
Configuration
,
irmaSignature
*
SignedMessage
,
sigRequest
*
SignatureRequest
)
*
SignatureProofResult
{
disclosed
,
err
:=
ExtractDisclosedCredentials
(
configuration
,
irmaSignature
.
Signature
)
func
(
sm
*
SignedMessage
)
checkWithRequest
(
configuration
*
Configuration
,
sigRequest
*
SignatureRequest
)
*
SignatureProofResult
{
disclosed
,
err
:=
ExtractDisclosedCredentials
(
configuration
,
sm
.
Signature
)
if
err
!=
nil
{
fmt
.
Println
(
err
)
...
...
@@ -258,7 +258,7 @@ func checkProofWithRequest(configuration *Configuration, irmaSignature *SignedMe
}
// If all disjunctions are satisfied, check if a credential is expired
if
irmaSignature
.
Timestamp
==
nil
{
if
sm
.
Timestamp
==
nil
{
if
disclosed
.
IsExpired
(
time
.
Now
())
{
// At least one of the contained attributes has currently expired. We don't know the
// creation time of the ABS so we can't ascertain that the attributes were still valid then.
...
...
@@ -267,7 +267,7 @@ func checkProofWithRequest(configuration *Configuration, irmaSignature *SignedMe
return
signatureProofResult
}
}
else
{
if
disclosed
.
IsExpired
(
time
.
Unix
(
irmaSignature
.
Timestamp
.
Time
,
0
))
{
if
disclosed
.
IsExpired
(
time
.
Unix
(
sm
.
Timestamp
.
Time
,
0
))
{
// The ABS contains attributes that were expired at the time of creation of the ABS.
// This must not happen and in this case the signature is invalid
signatureProofResult
.
ProofStatus
=
INVALID_CRYPTO
...
...
@@ -292,10 +292,10 @@ func verify(configuration *Configuration, proofList gabi.ProofList, context *big
}
// Verify a signature proof and check if the attributes match the attributes in the original request
func
Verify
Sig
(
configuration
*
Configuration
,
irmaSignature
*
SignedMessage
,
sigRequest
*
SignatureRequest
)
*
SignatureProofResult
{
func
(
sm
*
SignedMessage
)
Verify
(
configuration
*
Configuration
,
sigRequest
*
SignatureRequest
)
*
SignatureProofResult
{
// First check if this signature matches the request
sigRequest
.
Timestamp
=
irmaSignature
.
Timestamp
if
!
irmaSignature
.
MatchesNonceAndContext
(
sigRequest
)
{
sigRequest
.
Timestamp
=
sm
.
Timestamp
if
!
sm
.
MatchesNonceAndContext
(
sigRequest
)
{
return
&
SignatureProofResult
{
ProofResult
:
&
ProofResult
{
ProofStatus
:
UNMATCHED_REQUEST
,
...
...
@@ -304,8 +304,8 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe
}
// Verify the timestamp
if
irmaSignature
.
Timestamp
!=
nil
{
if
err
:=
VerifyTimestamp
(
irmaSignature
,
sigRequest
.
Message
,
configuration
);
err
!=
nil
{
if
sm
.
Timestamp
!=
nil
{
if
err
:=
sm
.
VerifyTimestamp
(
sigRequest
.
Message
,
configuration
);
err
!=
nil
{
return
&
SignatureProofResult
{
ProofResult
:
&
ProofResult
{
ProofStatus
:
INVALID_TIMESTAMP
,
...
...
@@ -315,7 +315,7 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe
}
// Now, cryptographically verify the signature
if
!
verify
(
configuration
,
irmaSignature
.
Signature
,
sigRequest
.
GetContext
(),
sigRequest
.
GetNonce
(),
true
)
{
if
!
verify
(
configuration
,
sm
.
Signature
,
sigRequest
.
GetContext
(),
sigRequest
.
GetNonce
(),
true
)
{
return
&
SignatureProofResult
{
ProofResult
:
&
ProofResult
{
ProofStatus
:
INVALID_CRYPTO
,
...
...
@@ -324,37 +324,37 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe
}
// Finally, check whether attribute values in proof satisfy the original signature request
return
check
Proof
WithRequest
(
configuration
,
irmaSignature
,
sigRequest
)
return
sm
.
checkWithRequest
(
configuration
,
sigRequest
)
}
// Verify a signature cryptographically, but do not check/compare with a signature request
func
Verify
Sig
WithoutRequest
(
configuration
*
Configuration
,
irmaSignature
*
SignedMessage
)
(
ProofStatus
,
DisclosedCredentialList
)
{
func
(
sm
*
SignedMessage
)
VerifyWithoutRequest
(
configuration
*
Configuration
)
(
ProofStatus
,
DisclosedCredentialList
)
{
// First, verify the timestamp, if any
if
irmaSignature
.
Timestamp
!=
nil
{
if
err
:=
VerifyTimestamp
(
irmaSignature
,
irmaSignature
.
Message
,
configuration
);
err
!=
nil
{
if
sm
.
Timestamp
!=
nil
{
if
err
:=
sm
.
VerifyTimestamp
(
sm
.
Message
,
configuration
);
err
!=
nil
{
return
INVALID_TIMESTAMP
,
nil
}
}
// Cryptographically verify the signature
if
!
verify
(
configuration
,
irmaSignature
.
Signature
,
irmaSignature
.
Context
,
irmaSignature
.
GetNonce
(),
true
)
{
if
!
verify
(
configuration
,
sm
.
Signature
,
sm
.
Context
,
sm
.
GetNonce
(),
true
)
{
return
INVALID_CRYPTO
,
nil
}
// Extract attributes and return result
disclosed
,
err
:=
ExtractDisclosedCredentials
(
configuration
,
irmaSignature
.
Signature
)
disclosed
,
err
:=
ExtractDisclosedCredentials
(
configuration
,
sm
.
Signature
)
if
err
!=
nil
{
fmt
.
Println
(
err
)
return
INVALID_CRYPTO
,
nil
}
if
irmaSignature
.
Timestamp
==
nil
{
if
sm
.
Timestamp
==
nil
{
if
disclosed
.
IsExpired
(
time
.
Now
())
{
return
EXPIRED
,
disclosed
}
}
else
{
if
disclosed
.
IsExpired
(
time
.
Unix
(
irmaSignature
.
Timestamp
.
Time
,
0
))
{
if
disclosed
.
IsExpired
(
time
.
Unix
(
sm
.
Timestamp
.
Time
,
0
))
{
return
INVALID_CRYPTO
,
nil
}
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment