Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
I
irmago
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
IRMA
Github mirrors
irmago
Commits
56f09b6f
Commit
56f09b6f
authored
Jul 24, 2018
by
Sietse Ringers
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Make some functions that act on SignedMessage instances methods on SignedMessage
parent
a3454588
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
39 additions
and
39 deletions
+39
-39
irma_signature.go
irma_signature.go
+6
-6
irmaclient/irmaclient_test.go
irmaclient/irmaclient_test.go
+1
-1
irmaclient/manual_session_test.go
irmaclient/manual_session_test.go
+1
-1
irmago_test.go
irmago_test.go
+8
-8
timestamp.go
timestamp.go
+5
-5
verify.go
verify.go
+18
-18
No files found.
irma_signature.go
View file @
56f09b6f
...
...
@@ -20,14 +20,14 @@ type SignedMessage struct {
Timestamp
*
atum
.
Timestamp
`json:"timestamp"`
}
func
(
i
m
*
SignedMessage
)
GetNonce
()
*
big
.
Int
{
return
ASN1ConvertSignatureNonce
(
im
.
Message
,
im
.
Nonce
,
i
m
.
Timestamp
)
func
(
s
m
*
SignedMessage
)
GetNonce
()
*
big
.
Int
{
return
ASN1ConvertSignatureNonce
(
sm
.
Message
,
sm
.
Nonce
,
s
m
.
Timestamp
)
}
func
(
i
m
*
SignedMessage
)
MatchesNonceAndContext
(
request
*
SignatureRequest
)
bool
{
return
i
m
.
Nonce
.
Cmp
(
request
.
Nonce
)
==
0
&&
i
m
.
Context
.
Cmp
(
request
.
Context
)
==
0
&&
i
m
.
GetNonce
()
.
Cmp
(
request
.
GetNonce
())
==
0
func
(
s
m
*
SignedMessage
)
MatchesNonceAndContext
(
request
*
SignatureRequest
)
bool
{
return
s
m
.
Nonce
.
Cmp
(
request
.
Nonce
)
==
0
&&
s
m
.
Context
.
Cmp
(
request
.
Context
)
==
0
&&
s
m
.
GetNonce
()
.
Cmp
(
request
.
GetNonce
())
==
0
}
// ASN1ConvertSignatureNonce computes the nonce that is used in the creation of the attribute-based signature:
...
...
irmaclient/irmaclient_test.go
View file @
56f09b6f
...
...
@@ -229,7 +229,7 @@ func TestLogging(t *testing.T) {
sig
,
err
:=
entry
.
GetSignedMessage
()
require
.
NoError
(
t
,
err
)
require
.
NotNil
(
t
,
sig
)
status
,
list
:=
irma
.
VerifySigWithoutRequest
(
client
.
Configuration
,
sig
)
status
,
list
:=
sig
.
VerifyWithoutRequest
(
client
.
Configuration
)
require
.
Equal
(
t
,
irma
.
VALID
,
status
)
require
.
NotEmpty
(
t
,
list
)
require
.
Contains
(
t
,
list
[
0
]
.
Attributes
,
attrid
)
...
...
irmaclient/manual_session_test.go
View file @
56f09b6f
...
...
@@ -303,7 +303,7 @@ func (sh *ManualSessionHandler) Success(irmaAction irma.Action, result string) {
}
go
func
()
{
sh
.
resultChannel
<-
irma
.
VerifySig
(
client
.
Configuration
,
irmaSignedMessage
,
sh
.
sigVerifyRequest
)
sh
.
resultChannel
<-
irma
SignedMessage
.
Verify
(
client
.
Configuration
,
sh
.
sigVerifyRequest
)
}()
}
sh
.
errorChannel
<-
nil
...
...
irmago_test.go
View file @
56f09b6f
...
...
@@ -288,7 +288,7 @@ func TestVerifyValidSig(t *testing.T) {
require
.
Equal
(
t
,
sigRequest
.
Context
,
big
.
NewInt
(
1337
))
// Test if we can verify it with the original request
sigProofResult
:=
VerifySig
(
conf
,
irmaSignedMessage
,
sigRequest
)
sigProofResult
:=
irmaSignedMessage
.
Verify
(
conf
,
sigRequest
)
require
.
Equal
(
t
,
sigProofResult
.
ProofStatus
,
VALID
)
attributeList
:=
sigProofResult
.
ToAttributeResultList
()
require
.
Len
(
t
,
attributeList
,
1
)
...
...
@@ -305,7 +305,7 @@ func TestVerifyValidSig(t *testing.T) {
require
.
Equal
(
t
,
stringSigRequest
.
Context
,
big
.
NewInt
(
1337
))
// Test if we can verify it with the original request
stringSigProofResult
:=
VerifySig
(
conf
,
irmaSignedMessage
,
sigRequest
)
stringSigProofResult
:=
irmaSignedMessage
.
Verify
(
conf
,
sigRequest
)
require
.
Equal
(
t
,
stringSigProofResult
.
ProofStatus
,
VALID
)
stringAttributeList
:=
sigProofResult
.
ToAttributeResultList
()
require
.
Len
(
t
,
stringAttributeList
,
1
)
...
...
@@ -317,11 +317,11 @@ func TestVerifyValidSig(t *testing.T) {
unmatchedSigRequestJSON
:=
[]
byte
(
unmatched
)
unmatchedSigRequest
:=
&
SignatureRequest
{}
json
.
Unmarshal
(
unmatchedSigRequestJSON
,
unmatchedSigRequest
)
unmatchedResult
:=
VerifySig
(
conf
,
irmaSignedMessage
,
unmatchedSigRequest
)
unmatchedResult
:=
irmaSignedMessage
.
Verify
(
conf
,
unmatchedSigRequest
)
require
.
Equal
(
t
,
unmatchedResult
.
ProofStatus
,
UNMATCHED_REQUEST
)
// Test if we can also verify it without using the original request
proofStatus
,
disclosed
:=
VerifySigWithoutRequest
(
conf
,
irmaSignedMessage
)
proofStatus
,
disclosed
:=
irmaSignedMessage
.
VerifyWithoutRequest
(
conf
)
require
.
Equal
(
t
,
proofStatus
,
VALID
)
require
.
Len
(
t
,
disclosed
,
1
)
require
.
Equal
(
t
,
disclosed
[
0
]
.
Attributes
[
NewAttributeTypeIdentifier
(
"irma-demo.RU.studentCard.studentID"
)][
"en"
],
"456"
)
...
...
@@ -340,10 +340,10 @@ func TestVerifyInValidSig(t *testing.T) {
sigRequest
:=
&
SignatureRequest
{}
json
.
Unmarshal
(
sigRequestJSON
,
sigRequest
)
sigProofResult
:=
VerifySig
(
conf
,
irmaSignedMessage
,
sigRequest
)
sigProofResult
:=
irmaSignedMessage
.
Verify
(
conf
,
sigRequest
)
require
.
Equal
(
t
,
sigProofResult
.
ProofStatus
,
INVALID_CRYPTO
)
proofStatus
,
disclosed
:=
VerifySigWithoutRequest
(
conf
,
irmaSignedMessage
)
proofStatus
,
disclosed
:=
irmaSignedMessage
.
VerifyWithoutRequest
(
conf
)
require
.
Equal
(
t
,
proofStatus
,
INVALID_CRYPTO
)
require
.
Nil
(
t
,
disclosed
)
}
...
...
@@ -362,10 +362,10 @@ func TestVerifyInValidNonce(t *testing.T) {
sigRequest
:=
&
SignatureRequest
{}
json
.
Unmarshal
(
sigRequestJSON
,
sigRequest
)
sigProofResult
:=
VerifySig
(
conf
,
irmaSignedMessage
,
sigRequest
)
sigProofResult
:=
irmaSignedMessage
.
Verify
(
conf
,
sigRequest
)
require
.
Equal
(
t
,
sigProofResult
.
ProofStatus
,
INVALID_CRYPTO
)
proofStatus
,
disclosed
:=
VerifySigWithoutRequest
(
conf
,
irmaSignedMessage
)
proofStatus
,
disclosed
:=
irmaSignedMessage
.
VerifyWithoutRequest
(
conf
)
require
.
Equal
(
t
,
proofStatus
,
INVALID_CRYPTO
)
require
.
Nil
(
t
,
disclosed
)
}
...
...
timestamp.go
View file @
56f09b6f
...
...
@@ -50,18 +50,18 @@ const TimestampServerURL = "https://metrics.privacybydesign.foundation/atum"
// Given an SignedMessage, verify the timestamp over the signed message, disclosed attributes,
// and rerandomized CL-signatures.
func
VerifyTimestamp
(
irmaSignature
*
SignedMessage
,
message
string
,
conf
*
Configuration
)
error
{
if
irmaSignature
.
Timestamp
.
ServerUrl
!=
TimestampServerURL
{
func
(
sm
*
SignedMessage
)
VerifyTimestamp
(
message
string
,
conf
*
Configuration
)
error
{
if
sm
.
Timestamp
.
ServerUrl
!=
TimestampServerURL
{
return
errors
.
New
(
"Untrusted timestamp server"
)
}
// Extract the disclosed attributes and randomized CL-signatures from the proofs in order to
// construct the nonce that should be signed by the timestamp server.
zero
:=
big
.
NewInt
(
0
)
size
:=
len
(
irmaSignature
.
Signature
)
size
:=
len
(
sm
.
Signature
)
sigs
:=
make
([]
*
big
.
Int
,
size
)
disclosed
:=
make
([][]
*
big
.
Int
,
size
)
for
i
,
proof
:=
range
irmaSignature
.
Signature
{
for
i
,
proof
:=
range
sm
.
Signature
{
proofd
:=
proof
.
(
*
gabi
.
ProofD
)
sigs
[
i
]
=
proofd
.
A
ct
:=
MetadataFromInt
(
proofd
.
ADisclosed
[
1
],
conf
)
.
CredentialType
()
...
...
@@ -84,7 +84,7 @@ func VerifyTimestamp(irmaSignature *SignedMessage, message string, conf *Configu
if
err
!=
nil
{
return
err
}
valid
,
err
:=
irmaSignature
.
Timestamp
.
Verify
(
bts
)
valid
,
err
:=
sm
.
Timestamp
.
Verify
(
bts
)
if
err
!=
nil
{
return
err
}
...
...
verify.go
View file @
56f09b6f
...
...
@@ -237,8 +237,8 @@ func addExtraAttributes(disclosed DisclosedCredentialList, proofResult *ProofRes
}
// Check an gabi prooflist against a signature proofrequest
func
checkProofWithRequest
(
configuration
*
Configuration
,
irmaSignature
*
SignedMessage
,
sigRequest
*
SignatureRequest
)
*
SignatureProofResult
{
disclosed
,
err
:=
ExtractDisclosedCredentials
(
configuration
,
irmaSignature
.
Signature
)
func
(
sm
*
SignedMessage
)
checkWithRequest
(
configuration
*
Configuration
,
sigRequest
*
SignatureRequest
)
*
SignatureProofResult
{
disclosed
,
err
:=
ExtractDisclosedCredentials
(
configuration
,
sm
.
Signature
)
if
err
!=
nil
{
fmt
.
Println
(
err
)
...
...
@@ -258,7 +258,7 @@ func checkProofWithRequest(configuration *Configuration, irmaSignature *SignedMe
}
// If all disjunctions are satisfied, check if a credential is expired
if
irmaSignature
.
Timestamp
==
nil
{
if
sm
.
Timestamp
==
nil
{
if
disclosed
.
IsExpired
(
time
.
Now
())
{
// At least one of the contained attributes has currently expired. We don't know the
// creation time of the ABS so we can't ascertain that the attributes were still valid then.
...
...
@@ -267,7 +267,7 @@ func checkProofWithRequest(configuration *Configuration, irmaSignature *SignedMe
return
signatureProofResult
}
}
else
{
if
disclosed
.
IsExpired
(
time
.
Unix
(
irmaSignature
.
Timestamp
.
Time
,
0
))
{
if
disclosed
.
IsExpired
(
time
.
Unix
(
sm
.
Timestamp
.
Time
,
0
))
{
// The ABS contains attributes that were expired at the time of creation of the ABS.
// This must not happen and in this case the signature is invalid
signatureProofResult
.
ProofStatus
=
INVALID_CRYPTO
...
...
@@ -292,10 +292,10 @@ func verify(configuration *Configuration, proofList gabi.ProofList, context *big
}
// Verify a signature proof and check if the attributes match the attributes in the original request
func
VerifySig
(
configuration
*
Configuration
,
irmaSignature
*
SignedMessage
,
sigRequest
*
SignatureRequest
)
*
SignatureProofResult
{
func
(
sm
*
SignedMessage
)
Verify
(
configuration
*
Configuration
,
sigRequest
*
SignatureRequest
)
*
SignatureProofResult
{
// First check if this signature matches the request
sigRequest
.
Timestamp
=
irmaSignature
.
Timestamp
if
!
irmaSignature
.
MatchesNonceAndContext
(
sigRequest
)
{
sigRequest
.
Timestamp
=
sm
.
Timestamp
if
!
sm
.
MatchesNonceAndContext
(
sigRequest
)
{
return
&
SignatureProofResult
{
ProofResult
:
&
ProofResult
{
ProofStatus
:
UNMATCHED_REQUEST
,
...
...
@@ -304,8 +304,8 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe
}
// Verify the timestamp
if
irmaSignature
.
Timestamp
!=
nil
{
if
err
:=
VerifyTimestamp
(
irmaSignature
,
sigRequest
.
Message
,
configuration
);
err
!=
nil
{
if
sm
.
Timestamp
!=
nil
{
if
err
:=
sm
.
VerifyTimestamp
(
sigRequest
.
Message
,
configuration
);
err
!=
nil
{
return
&
SignatureProofResult
{
ProofResult
:
&
ProofResult
{
ProofStatus
:
INVALID_TIMESTAMP
,
...
...
@@ -315,7 +315,7 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe
}
// Now, cryptographically verify the signature
if
!
verify
(
configuration
,
irmaSignature
.
Signature
,
sigRequest
.
GetContext
(),
sigRequest
.
GetNonce
(),
true
)
{
if
!
verify
(
configuration
,
sm
.
Signature
,
sigRequest
.
GetContext
(),
sigRequest
.
GetNonce
(),
true
)
{
return
&
SignatureProofResult
{
ProofResult
:
&
ProofResult
{
ProofStatus
:
INVALID_CRYPTO
,
...
...
@@ -324,37 +324,37 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe
}
// Finally, check whether attribute values in proof satisfy the original signature request
return
checkProofWithRequest
(
configuration
,
irmaSignature
,
sigRequest
)
return
sm
.
checkWithRequest
(
configuration
,
sigRequest
)
}
// Verify a signature cryptographically, but do not check/compare with a signature request
func
VerifySigWithoutRequest
(
configuration
*
Configuration
,
irmaSignature
*
SignedMessage
)
(
ProofStatus
,
DisclosedCredentialList
)
{
func
(
sm
*
SignedMessage
)
VerifyWithoutRequest
(
configuration
*
Configuration
)
(
ProofStatus
,
DisclosedCredentialList
)
{
// First, verify the timestamp, if any
if
irmaSignature
.
Timestamp
!=
nil
{
if
err
:=
VerifyTimestamp
(
irmaSignature
,
irmaSignature
.
Message
,
configuration
);
err
!=
nil
{
if
sm
.
Timestamp
!=
nil
{
if
err
:=
sm
.
VerifyTimestamp
(
sm
.
Message
,
configuration
);
err
!=
nil
{
return
INVALID_TIMESTAMP
,
nil
}
}
// Cryptographically verify the signature
if
!
verify
(
configuration
,
irmaSignature
.
Signature
,
irmaSignature
.
Context
,
irmaSignature
.
GetNonce
(),
true
)
{
if
!
verify
(
configuration
,
sm
.
Signature
,
sm
.
Context
,
sm
.
GetNonce
(),
true
)
{
return
INVALID_CRYPTO
,
nil
}
// Extract attributes and return result
disclosed
,
err
:=
ExtractDisclosedCredentials
(
configuration
,
irmaSignature
.
Signature
)
disclosed
,
err
:=
ExtractDisclosedCredentials
(
configuration
,
sm
.
Signature
)
if
err
!=
nil
{
fmt
.
Println
(
err
)
return
INVALID_CRYPTO
,
nil
}
if
irmaSignature
.
Timestamp
==
nil
{
if
sm
.
Timestamp
==
nil
{
if
disclosed
.
IsExpired
(
time
.
Now
())
{
return
EXPIRED
,
disclosed
}
}
else
{
if
disclosed
.
IsExpired
(
time
.
Unix
(
irmaSignature
.
Timestamp
.
Time
,
0
))
{
if
disclosed
.
IsExpired
(
time
.
Unix
(
sm
.
Timestamp
.
Time
,
0
))
{
return
INVALID_CRYPTO
,
nil
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment