Commit 79c2f2e7 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Support attribute-based signatures

parent e841481d
......@@ -284,7 +284,7 @@ type SessionRequest interface {
GetContext() *big.Int
}
func (cm *CredentialManager) Proofs(choice *DisclosureChoice, request SessionRequest) (gabi.ProofList, error) {
func (cm *CredentialManager) Proofs(choice *DisclosureChoice, request SessionRequest, issig bool) (gabi.ProofList, error) {
todisclose, err := cm.groupCredentials(choice)
if err != nil {
return nil, err
......@@ -299,5 +299,5 @@ func (cm *CredentialManager) Proofs(choice *DisclosureChoice, request SessionReq
builders = append(builders, cred.Credential.CreateDisclosureProofBuilder(list))
}
return gabi.BuildProofList(request.GetContext(), request.GetNonce(), builders), nil
return gabi.BuildProofList(request.GetContext(), request.GetNonce(), builders, issig), nil
}
......@@ -66,7 +66,7 @@ type ServiceProviderJwt struct {
type SignatureServerJwt struct {
ServerJwt
Request SignatureServerRequest `json:"sigrequest"`
Request SignatureServerRequest `json:"absrequest"`
}
type IdentityProviderJwt struct {
......@@ -86,6 +86,18 @@ func NewServiceProviderJwt(servername string, dr DisclosureRequest) *ServiceProv
}
}
func NewSignatureServerJwt(servername string, dr SignatureRequest) *SignatureServerJwt {
now := Timestamp(time.Now())
return &SignatureServerJwt{
ServerJwt: ServerJwt{
ServerName: servername,
IssuedAt: &now,
Type: "signature_request",
},
Request: SignatureServerRequest{Request: dr},
}
}
func (dr *DisclosureRequest) GetContext() *big.Int {
return dr.Context
}
......@@ -99,12 +111,10 @@ func (sr *SignatureRequest) GetContext() *big.Int {
}
func (sr *SignatureRequest) GetNonce() *big.Int {
// BigInteger messageHash = Crypto.sha256Hash(message.getBytes());
// return Crypto.sha256Hash(Crypto.asn1Encode(nonce, messageHash));
hashbytes := sha256.Sum256([]byte(sr.Message))
hashint := new(big.Int).SetBytes(hashbytes[:])
asn1bytes, err := asn1.Marshal([]*big.Int{sr.Nonce, hashint})
// TODO the 2 should be abstracted away
asn1bytes, err := asn1.Marshal([]interface{}{big.NewInt(2), sr.Nonce, hashint})
if err != nil {
log.Print(err) // TODO? does this happen?
}
......
......@@ -217,9 +217,9 @@ func (session *Session) do(proceed bool, choice *irmago.DisclosureChoice) {
var err error
switch session.Action {
case ActionSigning:
proofs, err = irmago.Manager.Proofs(choice, &session.ssRequest.Request.Request)
proofs, err = irmago.Manager.Proofs(choice, &session.ssRequest.Request.Request, true)
case ActionDisclosing:
proofs, err = irmago.Manager.Proofs(choice, &session.spRequest.Request.Request)
proofs, err = irmago.Manager.Proofs(choice, &session.spRequest.Request.Request, false)
case ActionIssuing:
err = errors.New("Issuing not yet implemented")
}
......
......@@ -81,19 +81,11 @@ func (th TestHandler) AskVerificationPermission(request DisclosureRequest, Serve
callback(true, choice)
}
func (th TestHandler) AskSignaturePermission(request SignatureRequest, ServerName string, choice PermissionHandler) {
th.AskVerificationPermission(request.DisclosureRequest, ServerName, choice)
}
func TestSession(t *testing.T) {
parseMetaStore(t)
parseStorage(t)
parseAndroidStorage(t)
id := irmago.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
//url := "https://demo.irmacard.org/tomcat/irma_api_server/api/v2/verification"
url := "http://localhost:8081/irma_api_server/api/v2/verification"
name := "testsp"
spRequest := NewServiceProviderJwt(name, DisclosureRequest{
func getDisclosureJwt(name string, id irmago.AttributeTypeIdentifier) interface{} {
return NewServiceProviderJwt(name, DisclosureRequest{
Content: irmago.AttributeDisjunctionList([]*irmago.AttributeDisjunction{
&irmago.AttributeDisjunction{
Label: "foo",
......@@ -101,10 +93,51 @@ func TestSession(t *testing.T) {
},
}),
})
}
func getSigningJwt(name string, id irmago.AttributeTypeIdentifier) interface{} {
return NewSignatureServerJwt(name, SignatureRequest{
Message: "test",
MessageType: "STRING",
DisclosureRequest: DisclosureRequest{
Content: irmago.AttributeDisjunctionList([]*irmago.AttributeDisjunction{
&irmago.AttributeDisjunction{
Label: "foo",
Attributes: []irmago.AttributeTypeIdentifier{id},
},
}),
},
})
}
func TestSigningSession(t *testing.T) {
id := irmago.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
//url := "https://demo.irmacard.org/tomcat/irma_api_server/api/v2/verification"
url := "http://localhost:8081/irma_api_server/api/v2/signature"
name := "testsigclient"
jwtcontents := getSigningJwt(name, id)
sessionHelper(t, jwtcontents, url)
}
func TestDisclosureSession(t *testing.T) {
id := irmago.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
//url := "https://demo.irmacard.org/tomcat/irma_api_server/api/v2/verification"
url := "http://localhost:8081/irma_api_server/api/v2/verification"
name := "testsp"
jwtcontents := getDisclosureJwt(name, id)
sessionHelper(t, jwtcontents, url)
}
func sessionHelper(t *testing.T, jwtcontents interface{}, url string) {
parseMetaStore(t)
parseStorage(t)
parseAndroidStorage(t)
headerbytes, err := json.Marshal(&map[string]string{"alg": "none", "typ": "JWT"})
require.NoError(t, err)
bodybytes, err := json.Marshal(spRequest)
bodybytes, err := json.Marshal(jwtcontents)
require.NoError(t, err)
jwt := base64.RawStdEncoding.EncodeToString(headerbytes) + "." + base64.RawStdEncoding.EncodeToString(bodybytes) + "."
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment