Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
652a2edd
Commit
652a2edd
authored
Jul 03, 2019
by
Ivar Derksen
Committed by
David Venhoek
Aug 06, 2019
Browse files
Timestamp server's URL recorded in scheme
parent
2bd67c46
Changes
2
Hide whitespace changes
Inline
Side-by-side
descriptions.go
View file @
652a2edd
...
...
@@ -23,6 +23,7 @@ type SchemeManager struct {
KeyshareServer
string
KeyshareWebsite
string
KeyshareAttribute
string
TimestampServer
string
XMLVersion
int
`xml:"version,attr"`
XMLName
xml
.
Name
`xml:"SchemeManager"`
...
...
timestamp.go
View file @
652a2edd
...
...
@@ -15,12 +15,12 @@ import (
// over the message to be signed, the randomized signatures over the attributes, and the disclosed
// attributes, for in attribute-based signature sessions.
func
GetTimestamp
(
message
string
,
sigs
[]
*
big
.
Int
,
disclosed
[][]
*
big
.
Int
,
conf
*
Configuration
)
(
*
atum
.
Timestamp
,
error
)
{
nonce
,
err
:=
TimestampRequest
(
message
,
sigs
,
disclosed
,
true
,
conf
)
nonce
,
timestampServerUrl
,
err
:=
TimestampRequest
(
message
,
sigs
,
disclosed
,
true
,
conf
)
if
err
!=
nil
{
return
nil
,
err
}
alg
:=
atum
.
Ed25519
return
atum
.
SendRequest
(
T
imestampServerU
RL
,
atum
.
Request
{
return
atum
.
SendRequest
(
t
imestampServerU
rl
,
atum
.
Request
{
Nonce
:
nonce
,
PreferredSigAlg
:
&
alg
,
})
...
...
@@ -29,7 +29,8 @@ func GetTimestamp(message string, sigs []*big.Int, disclosed [][]*big.Int, conf
// TimestampRequest computes the nonce to be signed by a timestamp server, given a message to be signed
// in an attribute-based signature session along with the randomized signatures over the attributes
// and the disclosed attributes.
func
TimestampRequest
(
message
string
,
sigs
[]
*
big
.
Int
,
disclosed
[][]
*
big
.
Int
,
new
bool
,
conf
*
Configuration
)
([]
byte
,
error
)
{
func
TimestampRequest
(
message
string
,
sigs
[]
*
big
.
Int
,
disclosed
[][]
*
big
.
Int
,
new
bool
,
conf
*
Configuration
)
(
nonceToSign
[]
byte
,
timestampServerUrl
string
,
err
error
)
{
msgHash
:=
sha256
.
Sum256
([]
byte
(
message
))
// Convert the sigs and disclosed (double) slices to (double) slices of gobig.Int's for asn1
...
...
@@ -38,10 +39,12 @@ func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, n
sigsint
[
i
]
=
k
.
Value
()
}
timestampServerUrl
=
""
disclosedint
:=
make
([][]
*
gobig
.
Int
,
len
(
disclosed
))
dlreps
:=
make
([]
*
gobig
.
Int
,
len
(
disclosed
))
var
d
interface
{}
=
disclosedint
for
i
,
_
:=
range
disclosed
{
meta
:=
MetadataFromInt
(
disclosed
[
i
][
1
],
conf
)
if
!
new
{
disclosedint
[
i
]
=
make
([]
*
gobig
.
Int
,
len
(
disclosed
[
i
]))
for
j
,
k
:=
range
disclosed
[
i
]
{
...
...
@@ -49,15 +52,25 @@ func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, n
}
}
else
{
if
len
(
disclosed
[
i
])
<
2
||
disclosed
[
i
][
1
]
.
Cmp
(
bigZero
)
==
0
{
return
nil
,
errors
.
Errorf
(
"metadata attribute of credential %d not disclosed"
,
i
)
return
nil
,
""
,
errors
.
Errorf
(
"metadata attribute of credential %d not disclosed"
,
i
)
}
meta
:=
MetadataFromInt
(
disclosed
[
i
][
1
],
conf
)
pk
,
err
:=
conf
.
PublicKey
(
meta
.
CredentialType
()
.
IssuerIdentifier
(),
meta
.
KeyCounter
())
if
err
!=
nil
{
return
nil
,
err
return
nil
,
""
,
err
}
dlreps
[
i
]
=
gabi
.
RepresentToPublicKey
(
pk
,
disclosed
[
i
])
.
Value
()
}
// Determine timestamp server that should be used
schemeId
:=
meta
.
CredentialType
()
.
SchemeManagerIdentifier
()
tss
:=
conf
.
SchemeManagers
[
schemeId
]
.
TimestampServer
if
tss
==
""
{
return
nil
,
""
,
errors
.
Errorf
(
"No timestamp server specified in scheme %s"
,
schemeId
.
String
())
}
if
timestampServerUrl
!=
""
&&
timestampServerUrl
!=
tss
{
return
nil
,
""
,
errors
.
New
(
"No support for multiple timestamp servers in timestamp format"
)
}
timestampServerUrl
=
tss
}
if
new
{
d
=
dlreps
...
...
@@ -71,22 +84,16 @@ func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, n
sigsint
,
msgHash
[
:
],
d
,
})
if
err
!=
nil
{
return
nil
,
err
return
nil
,
""
,
err
}
hashed
:=
sha256
.
Sum256
(
bts
)
return
hashed
[
:
],
nil
return
hashed
[
:
],
timestampServerUrl
,
nil
}
const
TimestampServerURL
=
"https://metrics.privacybydesign.foundation/atum"
// Given an SignedMessage, verify the timestamp over the signed message, disclosed attributes,
// and rerandomized CL-signatures.
func
(
sm
*
SignedMessage
)
VerifyTimestamp
(
message
string
,
conf
*
Configuration
)
error
{
if
sm
.
Timestamp
.
ServerUrl
!=
TimestampServerURL
{
return
errors
.
New
(
"Untrusted timestamp server"
)
}
// Extract the disclosed attributes and randomized CL-signatures from the proofs in order to
// construct the nonce that should be signed by the timestamp server.
zero
:=
big
.
NewInt
(
0
)
...
...
@@ -112,10 +119,11 @@ func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) er
}
}
bts
,
err
:=
TimestampRequest
(
message
,
sigs
,
disclosed
,
sm
.
Version
()
>=
2
,
conf
)
bts
,
timestampServerUrl
,
err
:=
TimestampRequest
(
message
,
sigs
,
disclosed
,
sm
.
Version
()
>=
2
,
conf
)
if
err
!=
nil
{
return
err
}
sm
.
Timestamp
.
ServerUrl
=
timestampServerUrl
// Timestamp server could be moved to other url
valid
,
err
:=
sm
.
Timestamp
.
Verify
(
bts
)
if
err
!=
nil
{
return
err
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment