Timestamp server's URL recorded in scheme

652a2edd · Ivar Derksen · David Venhoek · 2bd67c46 · 652a2edd · 652a2edd
Commit 652a2edd authored Jul 03, 2019 by Ivar Derksen Committed by David Venhoek Aug 06, 2019
--- a/descriptions.go
+++ b/descriptions.go
@@ -23,6 +23,7 @@ type SchemeManager struct {
 	KeyshareServer    string
 	KeyshareWebsite   string
 	KeyshareAttribute string
+	TimestampServer   string
 	XMLVersion        int      `xml:"version,attr"`
 	XMLName           xml.Name `xml:"SchemeManager"`


--- a/timestamp.go
+++ b/timestamp.go
@@ -15,12 +15,12 @@ import (
 // over the message to be signed, the randomized signatures over the attributes, and the disclosed
 // attributes, for in attribute-based signature sessions.
 func GetTimestamp(message string, sigs []*big.Int, disclosed [][]*big.Int, conf *Configuration) (*atum.Timestamp, error) {
-	nonce, err := TimestampRequest(message, sigs, disclosed, true, conf)
+	nonce, timestampServerUrl, err := TimestampRequest(message, sigs, disclosed, true, conf)
 	if err != nil {
 		return nil, err
 	}
 	alg := atum.Ed25519
-	return atum.SendRequest(TimestampServerURL, atum.Request{
+	return atum.SendRequest(timestampServerUrl, atum.Request{
 		Nonce:           nonce,
 		PreferredSigAlg: &alg,
 	})
@@ -29,7 +29,8 @@ func GetTimestamp(message string, sigs []*big.Int, disclosed [][]*big.Int, conf
 // TimestampRequest computes the nonce to be signed by a timestamp server, given a message to be signed
 // in an attribute-based signature session along with the randomized signatures over the attributes
 // and the disclosed attributes.
-func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, new bool, conf *Configuration) ([]byte, error) {
+func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, new bool, conf *Configuration) (
+	nonceToSign []byte, timestampServerUrl string, err error) {
 	msgHash := sha256.Sum256([]byte(message))

 	// Convert the sigs and disclosed (double) slices to (double) slices of gobig.Int's for asn1
@@ -38,10 +39,12 @@ func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, n
 		sigsint[i] = k.Value()
 	}

+	timestampServerUrl = ""
 	disclosedint := make([][]*gobig.Int, len(disclosed))
 	dlreps := make([]*gobig.Int, len(disclosed))
 	var d interface{} = disclosedint
 	for i, _ := range disclosed {
+		meta := MetadataFromInt(disclosed[i][1], conf)
 		if !new {
 			disclosedint[i] = make([]*gobig.Int, len(disclosed[i]))
 			for j, k := range disclosed[i] {
@@ -49,15 +52,25 @@ func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, n
 			}
 		} else {
 			if len(disclosed[i]) < 2 || disclosed[i][1].Cmp(bigZero) == 0 {
-				return nil, errors.Errorf("metadata attribute of credential %d not disclosed", i)
+				return nil, "", errors.Errorf("metadata attribute of credential %d not disclosed", i)
 			}
-			meta := MetadataFromInt(disclosed[i][1], conf)
 			pk, err := conf.PublicKey(meta.CredentialType().IssuerIdentifier(), meta.KeyCounter())
 			if err != nil {
-				return nil, err
+				return nil, "", err
 			}
 			dlreps[i] = gabi.RepresentToPublicKey(pk, disclosed[i]).Value()
 		}
+
+		// Determine timestamp server that should be used
+		schemeId := meta.CredentialType().SchemeManagerIdentifier()
+		tss := conf.SchemeManagers[schemeId].TimestampServer
+		if tss == "" {
+			return nil, "", errors.Errorf("No timestamp server specified in scheme %s", schemeId.String())
+		}
+		if timestampServerUrl != "" && timestampServerUrl != tss {
+			return nil, "", errors.New("No support for multiple timestamp servers in timestamp format")
+		}
+		timestampServerUrl = tss
 	}
 	if new {
 		d = dlreps
@@ -71,22 +84,16 @@ func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, n
 		sigsint, msgHash[:], d,
 	})
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}

 	hashed := sha256.Sum256(bts)
-	return hashed[:], nil
+	return hashed[:], timestampServerUrl, nil
 }

-const TimestampServerURL = "https://metrics.privacybydesign.foundation/atum"
-
 // Given an SignedMessage, verify the timestamp over the signed message, disclosed attributes,
 // and rerandomized CL-signatures.
 func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) error {
-	if sm.Timestamp.ServerUrl != TimestampServerURL {
-		return errors.New("Untrusted timestamp server")
-	}
-
 	// Extract the disclosed attributes and randomized CL-signatures from the proofs in order to
 	// construct the nonce that should be signed by the timestamp server.
 	zero := big.NewInt(0)
@@ -112,10 +119,11 @@ func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) er
 		}
 	}

-	bts, err := TimestampRequest(message, sigs, disclosed, sm.Version() >= 2, conf)
+	bts, timestampServerUrl, err := TimestampRequest(message, sigs, disclosed, sm.Version() >= 2, conf)
 	if err != nil {
 		return err
 	}
+	sm.Timestamp.ServerUrl = timestampServerUrl // Timestamp server could be moved to other url
 	valid, err := sm.Timestamp.Verify(bts)
 	if err != nil {
 		return err