refactor: rename instances of keysharecore user structs

internal/keysharecore/operations.go

@@ -44,27 +44,27 @@ func (c *Core) NewUserSecrets(pinRaw string) (UserSecrets, error) {
 	}
 
 	// Build unencrypted packet
-	var p unencryptedUserSecrets
-	p.setPin(pin)
-	err = p.setKeyshareSecret(secret)
+	var s unencryptedUserSecrets
+	s.setPin(pin)
+	err = s.setKeyshareSecret(secret)
 	if err != nil {
 		return UserSecrets{}, err
 	}
-	p.setID(id)
+	s.setID(id)
 
 	// And encrypt
-	return c.encryptUserSecrets(p)
+	return c.encryptUserSecrets(s)
 }
 
 // ValidatePin checks pin for validity and generates JWT for future access.
-func (c *Core) ValidatePin(ep UserSecrets, pin string) (string, error) {
-	p, err := c.decryptUserSecretsIfPinOK(ep, pin)
+func (c *Core) ValidatePin(secrets UserSecrets, pin string) (string, error) {
+	s, err := c.decryptUserSecretsIfPinOK(secrets, pin)
 	if err != nil {
 		return "", err
 	}
 
 	// Generate jwt token
-	id := p.id()
+	id := s.id()
 	token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
 		"iss":      c.jwtIssuer,
 		"sub":      "auth_tok",
@@ -78,15 +78,15 @@ func (c *Core) ValidatePin(ep UserSecrets, pin string) (string, error) {
 
 // ValidateJWT checks whether the given JWT is currently valid as an access token for operations
 // on the provided encrypted keyshare packet.
-func (c *Core) ValidateJWT(ep UserSecrets, jwt string) error {
-	_, err := c.verifyAccess(ep, jwt)
+func (c *Core) ValidateJWT(secrets UserSecrets, jwt string) error {
+	_, err := c.verifyAccess(secrets, jwt)
 	return err
 }
 
 // ChangePin changes the pin in an encrypted keyshare packet to a new value, after validating that
 // the old value is known by the caller.
-func (c *Core) ChangePin(ep UserSecrets, oldpinRaw, newpinRaw string) (UserSecrets, error) {
-	p, err := c.decryptUserSecretsIfPinOK(ep, oldpinRaw)
+func (c *Core) ChangePin(secrets UserSecrets, oldpinRaw, newpinRaw string) (UserSecrets, error) {
+	s, err := c.decryptUserSecretsIfPinOK(secrets, oldpinRaw)
 	if err != nil {
 		return UserSecrets{}, err
 	}
@@ -102,14 +102,14 @@ func (c *Core) ChangePin(ep UserSecrets, oldpinRaw, newpinRaw string) (UserSecre
 	if err != nil {
 		return UserSecrets{}, err
 	}
-	p.setPin(newpin)
-	p.setID(id)
-	return c.encryptUserSecrets(p)
+	s.setPin(newpin)
+	s.setID(id)
+	return c.encryptUserSecrets(s)
 }
 
 // verifyAccess checks that a given access jwt is valid, and if so, return decrypted keyshare packet.
 // Note: Although this is an internal function, it is tested directly
-func (c *Core) verifyAccess(ep UserSecrets, jwtToken string) (unencryptedUserSecrets, error) {
+func (c *Core) verifyAccess(secrets UserSecrets, jwtToken string) (unencryptedUserSecrets, error) {
 	// Verify token validity
 	token, err := jwt.Parse(jwtToken, func(token *jwt.Token) (interface{}, error) {
 		if token.Method != jwt.SigningMethodRS256 {
@@ -141,21 +141,21 @@ func (c *Core) verifyAccess(ep UserSecrets, jwtToken string) (unencryptedUserSec
 		return unencryptedUserSecrets{}, ErrInvalidJWT
 	}
 
-	p, err := c.decryptUserSecrets(ep)
+	s, err := c.decryptUserSecrets(secrets)
 	if err != nil {
 		return unencryptedUserSecrets{}, err
 	}
-	refId := p.id()
+	refId := s.id()
 
 	if subtle.ConstantTimeCompare(refId[:], tokenID) != 1 {
 		return unencryptedUserSecrets{}, ErrInvalidJWT
 	}
 
-	return p, nil
+	return s, nil
 }
 
 // GenerateCommitments generates keyshare commitments using the specified Idemix public key(s).
-func (c *Core) GenerateCommitments(ep UserSecrets, accessToken string, keyIDs []irma.PublicKeyIdentifier) ([]*gabi.ProofPCommitment, uint64, error) {
+func (c *Core) GenerateCommitments(secrets UserSecrets, accessToken string, keyIDs []irma.PublicKeyIdentifier) ([]*gabi.ProofPCommitment, uint64, error) {
 	// Validate input request and build key list
 	var keyList []*gabikeys.PublicKey
 	for _, keyID := range keyIDs {
@@ -167,13 +167,13 @@ func (c *Core) GenerateCommitments(ep UserSecrets, accessToken string, keyIDs []
 	}
 
 	// verify access and decrypt
-	p, err := c.verifyAccess(ep, accessToken)
+	s, err := c.verifyAccess(secrets, accessToken)
 	if err != nil {
 		return nil, 0, err
 	}
 
 	// Generate commitment
-	commitSecret, commitments, err := gabi.NewKeyshareCommitments(p.keyshareSecret(), keyList)
+	commitSecret, commitments, err := gabi.NewKeyshareCommitments(s.keyshareSecret(), keyList)
 	if err != nil {
 		return nil, 0, err
 	}
@@ -194,7 +194,7 @@ func (c *Core) GenerateCommitments(ep UserSecrets, accessToken string, keyIDs []
 }
 
 // GenerateResponse generates the response of a zero-knowledge proof of the keyshare secret, for a given previous commit and challenge.
-func (c *Core) GenerateResponse(ep UserSecrets, accessToken string, commitID uint64, challenge *big.Int, keyID irma.PublicKeyIdentifier) (string, error) {
+func (c *Core) GenerateResponse(secrets UserSecrets, accessToken string, commitID uint64, challenge *big.Int, keyID irma.PublicKeyIdentifier) (string, error) {
 	// Validate request
 	if uint(challenge.BitLen()) > gabikeys.DefaultSystemParameters[1024].Lh || challenge.Cmp(big.NewInt(0)) < 0 {
 		return "", ErrInvalidChallenge
@@ -205,7 +205,7 @@ func (c *Core) GenerateResponse(ep UserSecrets, accessToken string, commitID uin
 	}
 
 	// verify access and decrypt
-	p, err := c.verifyAccess(ep, accessToken)
+	s, err := c.verifyAccess(secrets, accessToken)
 	if err != nil {
 		return "", err
 	}
@@ -221,7 +221,7 @@ func (c *Core) GenerateResponse(ep UserSecrets, accessToken string, commitID uin
 
 	// Generate response
 	token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
-		"ProofP": gabi.KeyshareResponse(p.keyshareSecret(), commit, challenge, key),
+		"ProofP": gabi.KeyshareResponse(s.keyshareSecret(), commit, challenge, key),
 		"iat":    time.Now().Unix(),
 		"sub":    "ProofP",
 		"iss":    c.jwtIssuer,

internal/keysharecore/operations_test.go

@@ -33,11 +33,11 @@ func TestPinFunctionality(t *testing.T) {
 	pin := string(bpin[:])
 
 	// Generate package
-	ep, err := c.NewUserSecrets(pin)
+	secrets, err := c.NewUserSecrets(pin)
 	require.NoError(t, err)
 
 	// Test with correct pin
-	j, err := c.ValidatePin(ep, pin)
+	j, err := c.ValidatePin(secrets, pin)
 	assert.NoError(t, err)
 	var claims jwt.StandardClaims
 	_, err = jwt.ParseWithClaims(j, &claims, func(_ *jwt.Token) (interface{}, error) {
@@ -53,15 +53,15 @@ func TestPinFunctionality(t *testing.T) {
 	_, err = rand.Read(bnewpin[:])
 	require.NoError(t, err)
 	newpin := string(bnewpin[:])
-	ep, err = c.ChangePin(ep, pin, newpin)
+	secrets, err = c.ChangePin(secrets, pin, newpin)
 	require.NoError(t, err)
 
 	// test correct pin
-	_, err = c.ValidatePin(ep, newpin)
+	_, err = c.ValidatePin(secrets, newpin)
 	assert.NoError(t, err)
 
 	// Test incorrect pin
-	_, err = c.ValidatePin(ep, pin)
+	_, err = c.ValidatePin(secrets, pin)
 	assert.Error(t, err)
 }
 
@@ -82,21 +82,21 @@ func TestVerifyAccess(t *testing.T) {
 	pin2 := string(bpin[:])
 
 	// and test keyshare secrets
-	ep1, err := c.NewUserSecrets(pin1)
+	secrets1, err := c.NewUserSecrets(pin1)
 	require.NoError(t, err)
-	ep2, err := c.NewUserSecrets(pin2)
+	secrets2, err := c.NewUserSecrets(pin2)
 	require.NoError(t, err)
 
 	// Test use jwt on wrong packet
-	jwtt, err := c.ValidatePin(ep1, pin1)
+	jwtt, err := c.ValidatePin(secrets1, pin1)
 	require.NoError(t, err)
-	_, err = c.verifyAccess(ep2, jwtt)
+	_, err = c.verifyAccess(secrets2, jwtt)
 	assert.Error(t, err)
 
 	// Test incorrectly constructed jwts
-	p, err := c.verifyAccess(ep1, jwtt)
+	s, err := c.verifyAccess(secrets1, jwtt)
 	require.NoError(t, err)
-	id := p.id()
+	id := s.id()
 	tokenID := base64.StdEncoding.EncodeToString(id[:])
 
 	// incorrect exp
@@ -107,7 +107,7 @@ func TestVerifyAccess(t *testing.T) {
 	})
 	jwtt, err = token.SignedString(c.jwtPrivateKey)
 	require.NoError(t, err)
-	_, err = c.verifyAccess(ep1, jwtt)
+	_, err = c.verifyAccess(secrets1, jwtt)
 	assert.Error(t, err)
 
 	// missing exp
@@ -117,7 +117,7 @@ func TestVerifyAccess(t *testing.T) {
 	})
 	jwtt, err = token.SignedString(c.jwtPrivateKey)
 	require.NoError(t, err)
-	_, err = c.verifyAccess(ep1, jwtt)
+	_, err = c.verifyAccess(secrets1, jwtt)
 	assert.Error(t, err)
 
 	// Incorrectly typed exp
@@ -128,7 +128,7 @@ func TestVerifyAccess(t *testing.T) {
 	})
 	jwtt, err = token.SignedString(c.jwtPrivateKey)
 	require.NoError(t, err)
-	_, err = c.verifyAccess(ep1, jwtt)
+	_, err = c.verifyAccess(secrets1, jwtt)
 	assert.Error(t, err)
 
 	// missing token_id
@@ -138,7 +138,7 @@ func TestVerifyAccess(t *testing.T) {
 	})
 	jwtt, err = token.SignedString(c.jwtPrivateKey)
 	require.NoError(t, err)
-	_, err = c.verifyAccess(ep1, jwtt)
+	_, err = c.verifyAccess(secrets1, jwtt)
 	assert.Error(t, err)
 
 	// mistyped token_id
@@ -149,7 +149,7 @@ func TestVerifyAccess(t *testing.T) {
 	})
 	jwtt, err = token.SignedString(c.jwtPrivateKey)
 	require.NoError(t, err)
-	_, err = c.verifyAccess(ep1, jwtt)
+	_, err = c.verifyAccess(secrets1, jwtt)
 	assert.Error(t, err)
 
 	// Incorrect signing method
@@ -160,7 +160,7 @@ func TestVerifyAccess(t *testing.T) {
 	})
 	jwtt, err = token.SignedString([]byte("bla"))
 	require.NoError(t, err)
-	_, err = c.verifyAccess(ep1, jwtt)
+	_, err = c.verifyAccess(secrets1, jwtt)
 	assert.Error(t, err)
 }
 
@@ -179,19 +179,19 @@ func TestProofFunctionality(t *testing.T) {
 	pin := string(bpin[:])
 
 	// generate keyshare secret
-	ep, err := c.NewUserSecrets(pin)
+	secrets, err := c.NewUserSecrets(pin)
 	require.NoError(t, err)
 
 	// Validate pin
-	jwtt, err := c.ValidatePin(ep, pin)
+	jwtt, err := c.ValidatePin(secrets, pin)
 	require.NoError(t, err)
 
 	// Get keyshare commitment
-	W, commitID, err := c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
+	W, commitID, err := c.GenerateCommitments(secrets, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
 	require.NoError(t, err)
 
 	// Get keyshare response
-	Rjwt, err := c.GenerateResponse(ep, jwtt, commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
+	Rjwt, err := c.GenerateResponse(secrets, jwtt, commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
 	require.NoError(t, err)
 
 	// Decode jwt
@@ -229,32 +229,32 @@ func TestCorruptedPacket(t *testing.T) {
 	pin := string(bpin[:])
 
 	// Generate packet
-	ep, err := c.NewUserSecrets(pin)
+	secrets, err := c.NewUserSecrets(pin)
 	require.NoError(t, err)
 
-	jwtt, err := c.ValidatePin(ep, pin)
+	jwtt, err := c.ValidatePin(secrets, pin)
 	require.NoError(t, err)
 
-	_, commitID, err := c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
+	_, commitID, err := c.GenerateCommitments(secrets, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
 	require.NoError(t, err)
 
 	// Corrupt packet
-	ep[12] = ep[12] + 1
+	secrets[12] = secrets[12] + 1
 
 	// Verify pin
-	_, err = c.ValidatePin(ep, pin)
+	_, err = c.ValidatePin(secrets, pin)
 	assert.Error(t, err, "ValidatePin accepts corrupted keyshare packet")
 
 	// Change pin
-	_, err = c.ChangePin(ep, pin, pin)
+	_, err = c.ChangePin(secrets, pin, pin)
 	assert.Error(t, err, "ChangePin accepts corrupted keyshare packet")
 
 	// GenerateCommitments
-	_, _, err = c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
+	_, _, err = c.GenerateCommitments(secrets, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
 	assert.Error(t, err, "GenerateCommitments accepts corrupted keyshare packet")
 
 	// GetResponse
-	_, err = c.GenerateResponse(ep, jwtt, commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
+	_, err = c.GenerateResponse(secrets, jwtt, commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
 	assert.Error(t, err, "GenerateResponse accepts corrupted keyshare packet")
 }
 
@@ -273,11 +273,11 @@ func TestIncorrectPin(t *testing.T) {
 	pin := string(bpin[:])
 
 	// Generate packet
-	ep, err := c.NewUserSecrets(pin)
+	secrets, err := c.NewUserSecrets(pin)
 	require.NoError(t, err)
 
 	// validate pin
-	jwtt, err := c.ValidatePin(ep, pin)
+	jwtt, err := c.ValidatePin(secrets, pin)
 	require.NoError(t, err)
 
 	// Corrupt pin
@@ -285,13 +285,13 @@ func TestIncorrectPin(t *testing.T) {
 	pin = string(bpin[:])
 
 	// Change pin
-	_, err = c.ChangePin(ep, pin, pin)
+	_, err = c.ChangePin(secrets, pin, pin)
 	assert.Error(t, err, "ChangePin accepts incorrect pin")
 
 	// GetResponse
-	_, commitID, err := c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
+	_, commitID, err := c.GenerateCommitments(secrets, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
 	require.NoError(t, err)
-	_, err = c.GenerateResponse(ep, "pin", commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
+	_, err = c.GenerateResponse(secrets, "pin", commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
 	assert.Error(t, err, "GenerateResponse accepts incorrect pin")
 }
 
@@ -310,21 +310,21 @@ func TestMissingKey(t *testing.T) {
 	pin := string(bpin[:])
 
 	// Generate packet
-	ep, err := c.NewUserSecrets(pin)
+	secrets, err := c.NewUserSecrets(pin)
 	require.NoError(t, err)
 
 	// Generate jwt
-	jwtt, err := c.ValidatePin(ep, pin)
+	jwtt, err := c.ValidatePin(secrets, pin)
 	require.NoError(t, err)
 
 	// GenerateCommitments
-	_, _, err = c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("DNE"), Counter: 1}})
+	_, _, err = c.GenerateCommitments(secrets, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("DNE"), Counter: 1}})
 	assert.Error(t, err, "Missing key not detected by generateCommitments")
 
 	// GenerateResponse
-	_, commitID, err := c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
+	_, commitID, err := c.GenerateCommitments(secrets, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
 	require.NoError(t, err)
-	_, err = c.GenerateResponse(ep, jwtt, commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("DNE"), Counter: 1})
+	_, err = c.GenerateResponse(secrets, jwtt, commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("DNE"), Counter: 1})
 	assert.Error(t, err, "Missing key not detected by generateresponse")
 }
 
@@ -343,29 +343,29 @@ func TestInvalidChallenge(t *testing.T) {
 	pin := string(bpin[:])
 
 	// Generate packet
-	ep, err := c.NewUserSecrets(pin)
+	secrets, err := c.NewUserSecrets(pin)
 	require.NoError(t, err)
 
 	// Validate pin
-	jwtt, err := c.ValidatePin(ep, pin)
+	jwtt, err := c.ValidatePin(secrets, pin)
 	require.NoError(t, err)
 
 	// Test negative challenge
-	_, commitID, err := c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
+	_, commitID, err := c.GenerateCommitments(secrets, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
 	require.NoError(t, err)
-	_, err = c.GenerateResponse(ep, jwtt, commitID, big.NewInt(-1), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
+	_, err = c.GenerateResponse(secrets, jwtt, commitID, big.NewInt(-1), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
 	assert.Error(t, err, "GenerateResponse incorrectly accepts negative challenge")
 
 	// Test too large challenge
-	_, commitID, err = c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
+	_, commitID, err = c.GenerateCommitments(secrets, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
 	require.NoError(t, err)
-	_, err = c.GenerateResponse(ep, jwtt, commitID, new(big.Int).Lsh(big.NewInt(1), 256), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
+	_, err = c.GenerateResponse(secrets, jwtt, commitID, new(big.Int).Lsh(big.NewInt(1), 256), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
 	assert.Error(t, err, "GenerateResponse accepts challenge that is too small")
 
 	// Test just-right challenge
-	_, commitID, err = c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
+	_, commitID, err = c.GenerateCommitments(secrets, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
 	require.NoError(t, err)
-	_, err = c.GenerateResponse(ep, jwtt, commitID, new(big.Int).Lsh(big.NewInt(1), 255), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
+	_, err = c.GenerateResponse(secrets, jwtt, commitID, new(big.Int).Lsh(big.NewInt(1), 255), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
 	assert.NoError(t, err, "GenerateResponse does not accept challenge of 256 bits")
 }
 
@@ -384,19 +384,19 @@ func TestDoubleCommitUse(t *testing.T) {
 	pin := string(bpin[:])
 
 	// Generate packet
-	ep, err := c.NewUserSecrets(pin)
+	secrets, err := c.NewUserSecrets(pin)
 	require.NoError(t, err)
 
 	// validate pin
-	jwtt, err := c.ValidatePin(ep, pin)
+	jwtt, err := c.ValidatePin(secrets, pin)
 	require.NoError(t, err)
 
 	// Use commit double
-	_, commitID, err := c.GenerateCommitments(ep, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
+	_, commitID, err := c.GenerateCommitments(secrets, jwtt, []irma.PublicKeyIdentifier{irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}})
 	require.NoError(t, err)
-	_, err = c.GenerateResponse(ep, jwtt, commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
+	_, err = c.GenerateResponse(secrets, jwtt, commitID, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
 	require.NoError(t, err)
-	_, err = c.GenerateResponse(ep, jwtt, commitID, big.NewInt(12346), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
+	_, err = c.GenerateResponse(secrets, jwtt, commitID, big.NewInt(12346), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
 	assert.Error(t, err, "GenerateResponse incorrectly allows double use of commit")
 }
 
@@ -415,15 +415,15 @@ func TestNonExistingCommit(t *testing.T) {
 	pin := string(bpin[:])
 
 	// Generate packet
-	ep, err := c.NewUserSecrets(pin)
+	secrets, err := c.NewUserSecrets(pin)
 	require.NoError(t, err)
 
 	// Generate jwt
-	jwtt, err := c.ValidatePin(ep, pin)
+	jwtt, err := c.ValidatePin(secrets, pin)
 	require.NoError(t, err)
 
 	// test
-	_, err = c.GenerateResponse(ep, jwtt, 2364, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
+	_, err = c.GenerateResponse(secrets, jwtt, 2364, big.NewInt(12345), irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1})
 	assert.Error(t, err, "GenerateResponse failed to detect non-existing commit")
 }
 

internal/keysharecore/packet.go

@@ -31,22 +31,22 @@ var (
 	ErrNoSuchKey              = errors.New("Key identifier unknown")
 )
 
-func (p *unencryptedUserSecrets) pin() [64]byte {
+func (s *unencryptedUserSecrets) pin() [64]byte {
 	var result [64]byte
-	copy(result[:], p[0:64])
+	copy(result[:], s[0:64])
 	return result
 }
 
-func (p *unencryptedUserSecrets) setPin(pw [64]byte) {
-	copy(p[0:64], pw[:])
+func (s *unencryptedUserSecrets) setPin(pw [64]byte) {
+	copy(s[0:64], pw[:])
 }
 
-func (p *unencryptedUserSecrets) keyshareSecret() *big.Int {
+func (s *unencryptedUserSecrets) keyshareSecret() *big.Int {
 	result := new(big.Int)
-	return result.SetBytes(p[64:128])
+	return result.SetBytes(s[64:128])
 }
 
-func (p *unencryptedUserSecrets) setKeyshareSecret(val *big.Int) error {
+func (s *unencryptedUserSecrets) setKeyshareSecret(val *big.Int) error {
 	if val.Sign() == -1 {
 		return ErrKeyshareSecretNegative
 	}
@@ -57,24 +57,24 @@ func (p *unencryptedUserSecrets) setKeyshareSecret(val *big.Int) error {
 	}
 	zerolen := 64 - len(data)
 	for i := 0; i < zerolen; i++ {
-		p[64+i] = 0
+		s[64+i] = 0
 	}
-	copy(p[64+zerolen:], data)
+	copy(s[64+zerolen:], data)
 
 	return nil
 }
 
-func (p *unencryptedUserSecrets) id() [32]byte {
+func (s *unencryptedUserSecrets) id() [32]byte {
 	var result [32]byte
-	copy(result[:], p[128:160])
+	copy(result[:], s[128:160])
 	return result
 }
 
-func (p *unencryptedUserSecrets) setID(id [32]byte) {
-	copy(p[128:160], id[:])
+func (s *unencryptedUserSecrets) setID(id [32]byte) {
+	copy(s[128:160], id[:])
 }
 
-func (c *Core) encryptUserSecrets(p unencryptedUserSecrets) (UserSecrets, error) {
+func (c *Core) encryptUserSecrets(secrets unencryptedUserSecrets) (UserSecrets, error) {
 	var result UserSecrets
 
 	// Store key id
@@ -91,14 +91,14 @@ func (c *Core) encryptUserSecrets(p unencryptedUserSecrets) (UserSecrets, error)
 	if err != nil {
 		return UserSecrets{}, err
 	}
-	gcm.Seal(result[:16], result[4:16], p[:], nil)
+	gcm.Seal(result[:16], result[4:16], secrets[:], nil)
 
 	return result, nil
 }
 
-func (c *Core) decryptUserSecrets(p UserSecrets) (unencryptedUserSecrets, error) {
+func (c *Core) decryptUserSecrets(secrets UserSecrets) (unencryptedUserSecrets, error) {
 	// determine key id
-	id := binary.LittleEndian.Uint32(p[0:])
+	id := binary.LittleEndian.Uint32(secrets[0:])
 
 	// Fetch key
 	key, ok := c.decryptionKeys[id]
@@ -112,29 +112,29 @@ func (c *Core) decryptUserSecrets(p UserSecrets) (unencryptedUserSecrets, error)
 		return unencryptedUserSecrets{}, err
 	}
 	var result unencryptedUserSecrets
-	_, err = gcm.Open(result[:0], p[4:16], p[16:], nil)
+	_, err = gcm.Open(result[:0], secrets[4:16], secrets[16:], nil)
 	if err != nil {
 		return unencryptedUserSecrets{}, err
 	}
 	return result, nil
 }
 
-func (c *Core) decryptUserSecretsIfPinOK(ep UserSecrets, pin string) (unencryptedUserSecrets, error) {
+func (c *Core) decryptUserSecretsIfPinOK(secrets UserSecrets, pin string) (unencryptedUserSecrets, error) {
 	paddedPin, err := padPin(pin)
 	if err != nil {
 		return unencryptedUserSecrets{}, err
 	}
 
-	p, err := c.decryptUserSecrets(ep)
+	s, err := c.decryptUserSecrets(secrets)
 	if err != nil {
 		return unencryptedUserSecrets{}, err
 	}
 
-	refPin := p.pin()
+	refPin := s.pin()
 	if subtle.ConstantTimeCompare(refPin[:], paddedPin[:]) != 1 {
 		return unencryptedUserSecrets{}, ErrInvalidPin
 	}
-	return p, nil
+	return s, nil
 }
 
 func newGCM(key AESKey) (cipher.AEAD, error) {

internal/testkeyshare/testkeyshare.go

@@ -27,13 +27,13 @@ func StartKeyshareServer(t *testing.T, l *logrus.Logger) {
 		Secrets:  keysharecore.UserSecrets{},
 	})
 	require.NoError(t, err)
-	var ep keysharecore.UserSecrets
-	p, err := base64.StdEncoding.DecodeString("YWJjZK4w5SC+7D4lDrhiJGvB1iwxSeF90dGGPoGqqG7g3ivbfHibOdkKoOTZPbFlttBzn2EJgaEsL24Re8OWWWw5pd31/GCd14RXcb9Wy2oWhbr0pvJDLpIxXZt/qiQC0nJiIAYWLGZOdj5o0irDfqP1CSfw3IoKkVEl4lHRj0LCeINJIOpEfGlFtl4DHlWu8SMQFV1AIm3Gv64XzGncdkclVd41ti7cicBrcK8N2u9WvY/jCS4/Lxa2syp/O4IY")
+	var secrets keysharecore.UserSecrets
+	bts, err := base64.StdEncoding.DecodeString("YWJjZK4w5SC+7D4lDrhiJGvB1iwxSeF90dGGPoGqqG7g3ivbfHibOdkKoOTZPbFlttBzn2EJgaEsL24Re8OWWWw5pd31/GCd14RXcb9Wy2oWhbr0pvJDLpIxXZt/qiQC0nJiIAYWLGZOdj5o0irDfqP1CSfw3IoKkVEl4lHRj0LCeINJIOpEfGlFtl4DHlWu8SMQFV1AIm3Gv64XzGncdkclVd41ti7cicBrcK8N2u9WvY/jCS4/Lxa2syp/O4IY")
 	require.NoError(t, err)
-	copy(ep[:], p)
+	copy(secrets[:], bts)