Support attribute-based signatures

manager.go

@@ -284,7 +284,7 @@ type SessionRequest interface {
 	GetContext() *big.Int
 }
 
-func (cm *CredentialManager) Proofs(choice *DisclosureChoice, request SessionRequest) (gabi.ProofList, error) {
+func (cm *CredentialManager) Proofs(choice *DisclosureChoice, request SessionRequest, issig bool) (gabi.ProofList, error) {
 	todisclose, err := cm.groupCredentials(choice)
 	if err != nil {
 		return nil, err
@@ -299,5 +299,5 @@ func (cm *CredentialManager) Proofs(choice *DisclosureChoice, request SessionReq
 		builders = append(builders, cred.Credential.CreateDisclosureProofBuilder(list))
 	}
 
-	return gabi.BuildProofList(request.GetContext(), request.GetNonce(), builders), nil
+	return gabi.BuildProofList(request.GetContext(), request.GetNonce(), builders, issig), nil
 }

protocol/requests.go

@@ -66,7 +66,7 @@ type ServiceProviderJwt struct {
 
 type SignatureServerJwt struct {
 	ServerJwt
-	Request SignatureServerRequest `json:"sigrequest"`
+	Request SignatureServerRequest `json:"absrequest"`
 }
 
 type IdentityProviderJwt struct {
@@ -86,6 +86,18 @@ func NewServiceProviderJwt(servername string, dr DisclosureRequest) *ServiceProv
 	}
 }
 
+func NewSignatureServerJwt(servername string, dr SignatureRequest) *SignatureServerJwt {
+	now := Timestamp(time.Now())
+	return &SignatureServerJwt{
+		ServerJwt: ServerJwt{
+			ServerName: servername,
+			IssuedAt:   &now,
+			Type:       "signature_request",
+		},
+		Request: SignatureServerRequest{Request: dr},
+	}
+}
+
 func (dr *DisclosureRequest) GetContext() *big.Int {
 	return dr.Context
 }
@@ -99,12 +111,10 @@ func (sr *SignatureRequest) GetContext() *big.Int {
 }
 
 func (sr *SignatureRequest) GetNonce() *big.Int {
-	// BigInteger messageHash = Crypto.sha256Hash(message.getBytes());
-	// return Crypto.sha256Hash(Crypto.asn1Encode(nonce, messageHash));
-
 	hashbytes := sha256.Sum256([]byte(sr.Message))
 	hashint := new(big.Int).SetBytes(hashbytes[:])
-	asn1bytes, err := asn1.Marshal([]*big.Int{sr.Nonce, hashint})
+	// TODO the 2 should be abstracted away
+	asn1bytes, err := asn1.Marshal([]interface{}{big.NewInt(2), sr.Nonce, hashint})
 	if err != nil {
 		log.Print(err) // TODO? does this happen?
 	}

protocol/session.go

@@ -217,9 +217,9 @@ func (session *Session) do(proceed bool, choice *irmago.DisclosureChoice) {
 	var err error
 	switch session.Action {
 	case ActionSigning:
-		proofs, err = irmago.Manager.Proofs(choice, &session.ssRequest.Request.Request)
+		proofs, err = irmago.Manager.Proofs(choice, &session.ssRequest.Request.Request, true)
 	case ActionDisclosing:
-		proofs, err = irmago.Manager.Proofs(choice, &session.spRequest.Request.Request)
+		proofs, err = irmago.Manager.Proofs(choice, &session.spRequest.Request.Request, false)
 	case ActionIssuing:
 		err = errors.New("Issuing not yet implemented")
 	}

protocol/session_test.go

@@ -81,19 +81,11 @@ func (th TestHandler) AskVerificationPermission(request DisclosureRequest, Serve
 	callback(true, choice)
 }
 func (th TestHandler) AskSignaturePermission(request SignatureRequest, ServerName string, choice PermissionHandler) {
+	th.AskVerificationPermission(request.DisclosureRequest, ServerName, choice)
 }
 
-func TestSession(t *testing.T) {
-	parseMetaStore(t)
-	parseStorage(t)
-	parseAndroidStorage(t)
-
-	id := irmago.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
-	//url := "https://demo.irmacard.org/tomcat/irma_api_server/api/v2/verification"
-	url := "http://localhost:8081/irma_api_server/api/v2/verification"
-	name := "testsp"
-
-	spRequest := NewServiceProviderJwt(name, DisclosureRequest{
+func getDisclosureJwt(name string, id irmago.AttributeTypeIdentifier) interface{} {
+	return NewServiceProviderJwt(name, DisclosureRequest{
 		Content: irmago.AttributeDisjunctionList([]*irmago.AttributeDisjunction{
 			&irmago.AttributeDisjunction{
 				Label:      "foo",
@@ -101,10 +93,51 @@ func TestSession(t *testing.T) {
 			},
 		}),
 	})
+}
+
+func getSigningJwt(name string, id irmago.AttributeTypeIdentifier) interface{} {
+	return NewSignatureServerJwt(name, SignatureRequest{
+		Message:     "test",
+		MessageType: "STRING",
+		DisclosureRequest: DisclosureRequest{
+			Content: irmago.AttributeDisjunctionList([]*irmago.AttributeDisjunction{
+				&irmago.AttributeDisjunction{
+					Label:      "foo",
+					Attributes: []irmago.AttributeTypeIdentifier{id},
+				},
+			}),
+		},
+	})
+}
+
+func TestSigningSession(t *testing.T) {
+	id := irmago.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
+	//url := "https://demo.irmacard.org/tomcat/irma_api_server/api/v2/verification"
+	url := "http://localhost:8081/irma_api_server/api/v2/signature"
+	name := "testsigclient"
+
+	jwtcontents := getSigningJwt(name, id)
+	sessionHelper(t, jwtcontents, url)
+}
+
+func TestDisclosureSession(t *testing.T) {
+	id := irmago.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
+	//url := "https://demo.irmacard.org/tomcat/irma_api_server/api/v2/verification"
+	url := "http://localhost:8081/irma_api_server/api/v2/verification"
+	name := "testsp"
+
+	jwtcontents := getDisclosureJwt(name, id)
+	sessionHelper(t, jwtcontents, url)
+}
+
+func sessionHelper(t *testing.T, jwtcontents interface{}, url string) {
+	parseMetaStore(t)
+	parseStorage(t)
+	parseAndroidStorage(t)
 
 	headerbytes, err := json.Marshal(&map[string]string{"alg": "none", "typ": "JWT"})
 	require.NoError(t, err)
-	bodybytes, err := json.Marshal(spRequest)
+	bodybytes, err := json.Marshal(jwtcontents)
 	require.NoError(t, err)
 
 	jwt := base64.RawStdEncoding.EncodeToString(headerbytes) + "." + base64.RawStdEncoding.EncodeToString(bodybytes) + "."