Commit 56f09b6f authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Make some functions that act on SignedMessage instances methods on SignedMessage

parent a3454588
...@@ -20,14 +20,14 @@ type SignedMessage struct { ...@@ -20,14 +20,14 @@ type SignedMessage struct {
Timestamp *atum.Timestamp `json:"timestamp"` Timestamp *atum.Timestamp `json:"timestamp"`
} }
func (im *SignedMessage) GetNonce() *big.Int { func (sm *SignedMessage) GetNonce() *big.Int {
return ASN1ConvertSignatureNonce(im.Message, im.Nonce, im.Timestamp) return ASN1ConvertSignatureNonce(sm.Message, sm.Nonce, sm.Timestamp)
} }
func (im *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool { func (sm *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool {
return im.Nonce.Cmp(request.Nonce) == 0 && return sm.Nonce.Cmp(request.Nonce) == 0 &&
im.Context.Cmp(request.Context) == 0 && sm.Context.Cmp(request.Context) == 0 &&
im.GetNonce().Cmp(request.GetNonce()) == 0 sm.GetNonce().Cmp(request.GetNonce()) == 0
} }
// ASN1ConvertSignatureNonce computes the nonce that is used in the creation of the attribute-based signature: // ASN1ConvertSignatureNonce computes the nonce that is used in the creation of the attribute-based signature:
......
...@@ -229,7 +229,7 @@ func TestLogging(t *testing.T) { ...@@ -229,7 +229,7 @@ func TestLogging(t *testing.T) {
sig, err := entry.GetSignedMessage() sig, err := entry.GetSignedMessage()
require.NoError(t, err) require.NoError(t, err)
require.NotNil(t, sig) require.NotNil(t, sig)
status, list := irma.VerifySigWithoutRequest(client.Configuration, sig) status, list := sig.VerifyWithoutRequest(client.Configuration)
require.Equal(t, irma.VALID, status) require.Equal(t, irma.VALID, status)
require.NotEmpty(t, list) require.NotEmpty(t, list)
require.Contains(t, list[0].Attributes, attrid) require.Contains(t, list[0].Attributes, attrid)
......
...@@ -303,7 +303,7 @@ func (sh *ManualSessionHandler) Success(irmaAction irma.Action, result string) { ...@@ -303,7 +303,7 @@ func (sh *ManualSessionHandler) Success(irmaAction irma.Action, result string) {
} }
go func() { go func() {
sh.resultChannel <- irma.VerifySig(client.Configuration, irmaSignedMessage, sh.sigVerifyRequest) sh.resultChannel <- irmaSignedMessage.Verify(client.Configuration, sh.sigVerifyRequest)
}() }()
} }
sh.errorChannel <- nil sh.errorChannel <- nil
......
...@@ -288,7 +288,7 @@ func TestVerifyValidSig(t *testing.T) { ...@@ -288,7 +288,7 @@ func TestVerifyValidSig(t *testing.T) {
require.Equal(t, sigRequest.Context, big.NewInt(1337)) require.Equal(t, sigRequest.Context, big.NewInt(1337))
// Test if we can verify it with the original request // Test if we can verify it with the original request
sigProofResult := VerifySig(conf, irmaSignedMessage, sigRequest) sigProofResult := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, sigProofResult.ProofStatus, VALID) require.Equal(t, sigProofResult.ProofStatus, VALID)
attributeList := sigProofResult.ToAttributeResultList() attributeList := sigProofResult.ToAttributeResultList()
require.Len(t, attributeList, 1) require.Len(t, attributeList, 1)
...@@ -305,7 +305,7 @@ func TestVerifyValidSig(t *testing.T) { ...@@ -305,7 +305,7 @@ func TestVerifyValidSig(t *testing.T) {
require.Equal(t, stringSigRequest.Context, big.NewInt(1337)) require.Equal(t, stringSigRequest.Context, big.NewInt(1337))
// Test if we can verify it with the original request // Test if we can verify it with the original request
stringSigProofResult := VerifySig(conf, irmaSignedMessage, sigRequest) stringSigProofResult := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, stringSigProofResult.ProofStatus, VALID) require.Equal(t, stringSigProofResult.ProofStatus, VALID)
stringAttributeList := sigProofResult.ToAttributeResultList() stringAttributeList := sigProofResult.ToAttributeResultList()
require.Len(t, stringAttributeList, 1) require.Len(t, stringAttributeList, 1)
...@@ -317,11 +317,11 @@ func TestVerifyValidSig(t *testing.T) { ...@@ -317,11 +317,11 @@ func TestVerifyValidSig(t *testing.T) {
unmatchedSigRequestJSON := []byte(unmatched) unmatchedSigRequestJSON := []byte(unmatched)
unmatchedSigRequest := &SignatureRequest{} unmatchedSigRequest := &SignatureRequest{}
json.Unmarshal(unmatchedSigRequestJSON, unmatchedSigRequest) json.Unmarshal(unmatchedSigRequestJSON, unmatchedSigRequest)
unmatchedResult := VerifySig(conf, irmaSignedMessage, unmatchedSigRequest) unmatchedResult := irmaSignedMessage.Verify(conf, unmatchedSigRequest)
require.Equal(t, unmatchedResult.ProofStatus, UNMATCHED_REQUEST) require.Equal(t, unmatchedResult.ProofStatus, UNMATCHED_REQUEST)
// Test if we can also verify it without using the original request // Test if we can also verify it without using the original request
proofStatus, disclosed := VerifySigWithoutRequest(conf, irmaSignedMessage) proofStatus, disclosed := irmaSignedMessage.VerifyWithoutRequest(conf)
require.Equal(t, proofStatus, VALID) require.Equal(t, proofStatus, VALID)
require.Len(t, disclosed, 1) require.Len(t, disclosed, 1)
require.Equal(t, disclosed[0].Attributes[NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")]["en"], "456") require.Equal(t, disclosed[0].Attributes[NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")]["en"], "456")
...@@ -340,10 +340,10 @@ func TestVerifyInValidSig(t *testing.T) { ...@@ -340,10 +340,10 @@ func TestVerifyInValidSig(t *testing.T) {
sigRequest := &SignatureRequest{} sigRequest := &SignatureRequest{}
json.Unmarshal(sigRequestJSON, sigRequest) json.Unmarshal(sigRequestJSON, sigRequest)
sigProofResult := VerifySig(conf, irmaSignedMessage, sigRequest) sigProofResult := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, sigProofResult.ProofStatus, INVALID_CRYPTO) require.Equal(t, sigProofResult.ProofStatus, INVALID_CRYPTO)
proofStatus, disclosed := VerifySigWithoutRequest(conf, irmaSignedMessage) proofStatus, disclosed := irmaSignedMessage.VerifyWithoutRequest(conf)
require.Equal(t, proofStatus, INVALID_CRYPTO) require.Equal(t, proofStatus, INVALID_CRYPTO)
require.Nil(t, disclosed) require.Nil(t, disclosed)
} }
...@@ -362,10 +362,10 @@ func TestVerifyInValidNonce(t *testing.T) { ...@@ -362,10 +362,10 @@ func TestVerifyInValidNonce(t *testing.T) {
sigRequest := &SignatureRequest{} sigRequest := &SignatureRequest{}
json.Unmarshal(sigRequestJSON, sigRequest) json.Unmarshal(sigRequestJSON, sigRequest)
sigProofResult := VerifySig(conf, irmaSignedMessage, sigRequest) sigProofResult := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, sigProofResult.ProofStatus, INVALID_CRYPTO) require.Equal(t, sigProofResult.ProofStatus, INVALID_CRYPTO)
proofStatus, disclosed := VerifySigWithoutRequest(conf, irmaSignedMessage) proofStatus, disclosed := irmaSignedMessage.VerifyWithoutRequest(conf)
require.Equal(t, proofStatus, INVALID_CRYPTO) require.Equal(t, proofStatus, INVALID_CRYPTO)
require.Nil(t, disclosed) require.Nil(t, disclosed)
} }
......
...@@ -50,18 +50,18 @@ const TimestampServerURL = "https://metrics.privacybydesign.foundation/atum" ...@@ -50,18 +50,18 @@ const TimestampServerURL = "https://metrics.privacybydesign.foundation/atum"
// Given an SignedMessage, verify the timestamp over the signed message, disclosed attributes, // Given an SignedMessage, verify the timestamp over the signed message, disclosed attributes,
// and rerandomized CL-signatures. // and rerandomized CL-signatures.
func VerifyTimestamp(irmaSignature *SignedMessage, message string, conf *Configuration) error { func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) error {
if irmaSignature.Timestamp.ServerUrl != TimestampServerURL { if sm.Timestamp.ServerUrl != TimestampServerURL {
return errors.New("Untrusted timestamp server") return errors.New("Untrusted timestamp server")
} }
// Extract the disclosed attributes and randomized CL-signatures from the proofs in order to // Extract the disclosed attributes and randomized CL-signatures from the proofs in order to
// construct the nonce that should be signed by the timestamp server. // construct the nonce that should be signed by the timestamp server.
zero := big.NewInt(0) zero := big.NewInt(0)
size := len(irmaSignature.Signature) size := len(sm.Signature)
sigs := make([]*big.Int, size) sigs := make([]*big.Int, size)
disclosed := make([][]*big.Int, size) disclosed := make([][]*big.Int, size)
for i, proof := range irmaSignature.Signature { for i, proof := range sm.Signature {
proofd := proof.(*gabi.ProofD) proofd := proof.(*gabi.ProofD)
sigs[i] = proofd.A sigs[i] = proofd.A
ct := MetadataFromInt(proofd.ADisclosed[1], conf).CredentialType() ct := MetadataFromInt(proofd.ADisclosed[1], conf).CredentialType()
...@@ -84,7 +84,7 @@ func VerifyTimestamp(irmaSignature *SignedMessage, message string, conf *Configu ...@@ -84,7 +84,7 @@ func VerifyTimestamp(irmaSignature *SignedMessage, message string, conf *Configu
if err != nil { if err != nil {
return err return err
} }
valid, err := irmaSignature.Timestamp.Verify(bts) valid, err := sm.Timestamp.Verify(bts)
if err != nil { if err != nil {
return err return err
} }
......
...@@ -237,8 +237,8 @@ func addExtraAttributes(disclosed DisclosedCredentialList, proofResult *ProofRes ...@@ -237,8 +237,8 @@ func addExtraAttributes(disclosed DisclosedCredentialList, proofResult *ProofRes
} }
// Check an gabi prooflist against a signature proofrequest // Check an gabi prooflist against a signature proofrequest
func checkProofWithRequest(configuration *Configuration, irmaSignature *SignedMessage, sigRequest *SignatureRequest) *SignatureProofResult { func (sm *SignedMessage) checkWithRequest(configuration *Configuration, sigRequest *SignatureRequest) *SignatureProofResult {
disclosed, err := ExtractDisclosedCredentials(configuration, irmaSignature.Signature) disclosed, err := ExtractDisclosedCredentials(configuration, sm.Signature)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
...@@ -258,7 +258,7 @@ func checkProofWithRequest(configuration *Configuration, irmaSignature *SignedMe ...@@ -258,7 +258,7 @@ func checkProofWithRequest(configuration *Configuration, irmaSignature *SignedMe
} }
// If all disjunctions are satisfied, check if a credential is expired // If all disjunctions are satisfied, check if a credential is expired
if irmaSignature.Timestamp == nil { if sm.Timestamp == nil {
if disclosed.IsExpired(time.Now()) { if disclosed.IsExpired(time.Now()) {
// At least one of the contained attributes has currently expired. We don't know the // At least one of the contained attributes has currently expired. We don't know the
// creation time of the ABS so we can't ascertain that the attributes were still valid then. // creation time of the ABS so we can't ascertain that the attributes were still valid then.
...@@ -267,7 +267,7 @@ func checkProofWithRequest(configuration *Configuration, irmaSignature *SignedMe ...@@ -267,7 +267,7 @@ func checkProofWithRequest(configuration *Configuration, irmaSignature *SignedMe
return signatureProofResult return signatureProofResult
} }
} else { } else {
if disclosed.IsExpired(time.Unix(irmaSignature.Timestamp.Time, 0)) { if disclosed.IsExpired(time.Unix(sm.Timestamp.Time, 0)) {
// The ABS contains attributes that were expired at the time of creation of the ABS. // The ABS contains attributes that were expired at the time of creation of the ABS.
// This must not happen and in this case the signature is invalid // This must not happen and in this case the signature is invalid
signatureProofResult.ProofStatus = INVALID_CRYPTO signatureProofResult.ProofStatus = INVALID_CRYPTO
...@@ -292,10 +292,10 @@ func verify(configuration *Configuration, proofList gabi.ProofList, context *big ...@@ -292,10 +292,10 @@ func verify(configuration *Configuration, proofList gabi.ProofList, context *big
} }
// Verify a signature proof and check if the attributes match the attributes in the original request // Verify a signature proof and check if the attributes match the attributes in the original request
func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRequest *SignatureRequest) *SignatureProofResult { func (sm *SignedMessage) Verify(configuration *Configuration, sigRequest *SignatureRequest) *SignatureProofResult {
// First check if this signature matches the request // First check if this signature matches the request
sigRequest.Timestamp = irmaSignature.Timestamp sigRequest.Timestamp = sm.Timestamp
if !irmaSignature.MatchesNonceAndContext(sigRequest) { if !sm.MatchesNonceAndContext(sigRequest) {
return &SignatureProofResult{ return &SignatureProofResult{
ProofResult: &ProofResult{ ProofResult: &ProofResult{
ProofStatus: UNMATCHED_REQUEST, ProofStatus: UNMATCHED_REQUEST,
...@@ -304,8 +304,8 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe ...@@ -304,8 +304,8 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe
} }
// Verify the timestamp // Verify the timestamp
if irmaSignature.Timestamp != nil { if sm.Timestamp != nil {
if err := VerifyTimestamp(irmaSignature, sigRequest.Message, configuration); err != nil { if err := sm.VerifyTimestamp(sigRequest.Message, configuration); err != nil {
return &SignatureProofResult{ return &SignatureProofResult{
ProofResult: &ProofResult{ ProofResult: &ProofResult{
ProofStatus: INVALID_TIMESTAMP, ProofStatus: INVALID_TIMESTAMP,
...@@ -315,7 +315,7 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe ...@@ -315,7 +315,7 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe
} }
// Now, cryptographically verify the signature // Now, cryptographically verify the signature
if !verify(configuration, irmaSignature.Signature, sigRequest.GetContext(), sigRequest.GetNonce(), true) { if !verify(configuration, sm.Signature, sigRequest.GetContext(), sigRequest.GetNonce(), true) {
return &SignatureProofResult{ return &SignatureProofResult{
ProofResult: &ProofResult{ ProofResult: &ProofResult{
ProofStatus: INVALID_CRYPTO, ProofStatus: INVALID_CRYPTO,
...@@ -324,37 +324,37 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe ...@@ -324,37 +324,37 @@ func VerifySig(configuration *Configuration, irmaSignature *SignedMessage, sigRe
} }
// Finally, check whether attribute values in proof satisfy the original signature request // Finally, check whether attribute values in proof satisfy the original signature request
return checkProofWithRequest(configuration, irmaSignature, sigRequest) return sm.checkWithRequest(configuration, sigRequest)
} }
// Verify a signature cryptographically, but do not check/compare with a signature request // Verify a signature cryptographically, but do not check/compare with a signature request
func VerifySigWithoutRequest(configuration *Configuration, irmaSignature *SignedMessage) (ProofStatus, DisclosedCredentialList) { func (sm *SignedMessage) VerifyWithoutRequest(configuration *Configuration) (ProofStatus, DisclosedCredentialList) {
// First, verify the timestamp, if any // First, verify the timestamp, if any
if irmaSignature.Timestamp != nil { if sm.Timestamp != nil {
if err := VerifyTimestamp(irmaSignature, irmaSignature.Message, configuration); err != nil { if err := sm.VerifyTimestamp(sm.Message, configuration); err != nil {
return INVALID_TIMESTAMP, nil return INVALID_TIMESTAMP, nil
} }
} }
// Cryptographically verify the signature // Cryptographically verify the signature
if !verify(configuration, irmaSignature.Signature, irmaSignature.Context, irmaSignature.GetNonce(), true) { if !verify(configuration, sm.Signature, sm.Context, sm.GetNonce(), true) {
return INVALID_CRYPTO, nil return INVALID_CRYPTO, nil
} }
// Extract attributes and return result // Extract attributes and return result
disclosed, err := ExtractDisclosedCredentials(configuration, irmaSignature.Signature) disclosed, err := ExtractDisclosedCredentials(configuration, sm.Signature)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
return INVALID_CRYPTO, nil return INVALID_CRYPTO, nil
} }
if irmaSignature.Timestamp == nil { if sm.Timestamp == nil {
if disclosed.IsExpired(time.Now()) { if disclosed.IsExpired(time.Now()) {
return EXPIRED, disclosed return EXPIRED, disclosed
} }
} else { } else {
if disclosed.IsExpired(time.Unix(irmaSignature.Timestamp.Time, 0)) { if disclosed.IsExpired(time.Unix(sm.Timestamp.Time, 0)) {
return INVALID_CRYPTO, nil return INVALID_CRYPTO, nil
} }
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment