Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
IRMA
Github mirrors
irmago
Commits
7e7ff2a1
Commit
7e7ff2a1
authored
Oct 16, 2019
by
Sietse Ringers
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
refactor: move RevocationRecord back to gabi
parent
8431fb78
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
31 additions
and
55 deletions
+31
-55
internal/servercore/api.go
internal/servercore/api.go
+2
-1
internal/servercore/handle.go
internal/servercore/handle.go
+3
-2
irmaclient/credential.go
irmaclient/credential.go
+1
-1
requests.go
requests.go
+5
-4
revocation.go
revocation.go
+14
-43
server/conf.go
server/conf.go
+3
-2
verify.go
verify.go
+3
-2
No files found.
internal/servercore/api.go
View file @
7e7ff2a1
...
...
@@ -14,6 +14,7 @@ import (
"github.com/go-errors/errors"
"github.com/jasonlvhit/gocron"
"github.com/privacybydesign/gabi/revocation"
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/server"
"github.com/sirupsen/logrus"
...
...
@@ -387,7 +388,7 @@ func (s *Server) handleRevocationMessage(
return
server
.
JsonResponse
(
nil
,
server
.
RemoteError
(
server
.
ErrorInvalidRequest
,
"POST records expects 1 url arguments"
))
}
cred
:=
irma
.
NewCredentialTypeIdentifier
(
args
[
0
])
var
records
[]
*
irma
.
R
evocationRecord
var
records
[]
*
r
evocation
.
Record
if
err
:=
json
.
Unmarshal
(
message
,
&
records
);
err
!=
nil
{
return
server
.
JsonResponse
(
nil
,
server
.
RemoteError
(
server
.
ErrorMalformedInput
,
err
.
Error
()))
}
...
...
internal/servercore/handle.go
View file @
7e7ff2a1
...
...
@@ -4,6 +4,7 @@ import (
"time"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/revocation"
"github.com/privacybydesign/gabi/signed"
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/server"
...
...
@@ -215,7 +216,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
}
func
(
s
*
Server
)
handlePostRevocationRecords
(
cred
irma
.
CredentialTypeIdentifier
,
records
[]
*
irma
.
R
evocationRecord
,
cred
irma
.
CredentialTypeIdentifier
,
records
[]
*
r
evocation
.
Record
,
)
(
interface
{},
*
irma
.
RemoteError
)
{
db
,
err
:=
s
.
conf
.
IrmaConfiguration
.
RevocationStorage
.
DB
(
cred
)
if
err
!=
nil
{
...
...
@@ -229,7 +230,7 @@ func (s *Server) handlePostRevocationRecords(
func
(
s
*
Server
)
handleGetRevocationRecords
(
cred
irma
.
CredentialTypeIdentifier
,
index
int
,
)
([]
*
irma
.
R
evocationRecord
,
*
irma
.
RemoteError
)
{
)
([]
*
r
evocation
.
Record
,
*
irma
.
RemoteError
)
{
if
_
,
ok
:=
s
.
conf
.
RevocationServers
[
cred
];
!
ok
{
return
nil
,
server
.
RemoteError
(
server
.
ErrorInvalidRequest
,
"not supported by this server"
)
}
...
...
irmaclient/credential.go
View file @
7e7ff2a1
...
...
@@ -73,7 +73,7 @@ func (cred *credential) NonrevPrepare(conf *irma.Configuration, request irma.Ses
// NonrevApplyUpdates updates the credential's nonrevocation witness using the specified messages,
// if they all verify and if their indices are ahead and adjacent to that of our witness.
func
(
cred
*
credential
)
NonrevApplyUpdates
(
messages
[]
*
irma
.
R
evocationRecord
,
rs
*
irma
.
RevocationStorage
)
(
bool
,
error
)
{
func
(
cred
*
credential
)
NonrevApplyUpdates
(
messages
[]
*
r
evocation
.
Record
,
rs
*
irma
.
RevocationStorage
)
(
bool
,
error
)
{
var
err
error
var
pk
*
revocation
.
PublicKey
oldindex
:=
cred
.
NonRevocationWitness
.
Index
...
...
requests.go
View file @
7e7ff2a1
...
...
@@ -13,6 +13,7 @@ import (
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/big"
"github.com/privacybydesign/gabi/revocation"
"github.com/privacybydesign/irmago/internal/fs"
)
...
...
@@ -32,10 +33,10 @@ type BaseRequest struct {
Revocation
[]
CredentialTypeIdentifier
`json:"revocation,omitempty"`
// Set by the IRMA server during the session
Context
*
big
.
Int
`json:"context,omitempty"`
Nonce
*
big
.
Int
`json:"nonce,omitempty"`
ProtocolVersion
*
ProtocolVersion
`json:"protocolVersion,omitempty"`
RevocationUpdates
map
[
CredentialTypeIdentifier
][]
*
R
evocationRecord
`json:"revocationUpdates,omitempty"`
Context
*
big
.
Int
`json:"context,omitempty"`
Nonce
*
big
.
Int
`json:"nonce,omitempty"`
ProtocolVersion
*
ProtocolVersion
`json:"protocolVersion,omitempty"`
RevocationUpdates
map
[
CredentialTypeIdentifier
][]
*
r
evocation
.
Record
`json:"revocationUpdates,omitempty"`
ids
*
IrmaIdentifierSet
// cache for Identifiers() method
...
...
revocation.go
View file @
7e7ff2a1
...
...
@@ -16,13 +16,13 @@ import (
type
(
// DB is a bolthold database storing revocation state for a particular accumulator
// (
Revocation
Record instances, and IssuanceRecord instances if used by an issuer).
// (Record instances, and IssuanceRecord instances if used by an issuer).
DB
struct
{
Current
revocation
.
Accumulator
Updated
time
.
Time
onChange
[]
func
(
*
R
evocationRecord
)
onChange
[]
func
(
*
r
evocation
.
Record
)
bolt
*
bolthold
.
Store
keystore
k
eystore
keystore
revocation
.
K
eystore
}
RevocationStorage
struct
{
...
...
@@ -30,16 +30,6 @@ type (
conf
*
Configuration
}
// RevocationRecord contains a signed AccumulatorUpdate and associated information and is ued
// by clients, issuers and verifiers to update their revocation state, so that they can create
// and verify nonrevocation proofs and witnesses.
RevocationRecord
struct
{
StartIndex
uint64
EndIndex
uint64
PublicKeyIndex
uint
Message
signed
.
Message
// signed revocation.AccumulatorUpdate
}
TimeRecord
struct
{
Index
uint64
Start
,
End
int64
...
...
@@ -57,9 +47,6 @@ type (
currentRecord
struct
{
Index
uint64
}
// keystore provides support for revocation public key rollover.
keystore
func
(
counter
uint
)
(
*
revocation
.
PublicKey
,
error
)
)
const
boltCurrentIndexKey
=
"currentIndex"
...
...
@@ -98,15 +85,15 @@ func (rdb *DB) Revoke(sk *revocation.PrivateKey, key []byte) error {
// Get returns all records that a client requires to update its revocation state if it is currently
// at the specified index, that is, all records whose end index is greater than or equal to
// the specified index.
func
(
rdb
*
DB
)
RevocationRecords
(
index
int
)
([]
*
R
evocationRecord
,
error
)
{
var
records
[]
*
R
evocationRecord
func
(
rdb
*
DB
)
RevocationRecords
(
index
int
)
([]
*
r
evocation
.
Record
,
error
)
{
var
records
[]
*
r
evocation
.
Record
if
err
:=
rdb
.
bolt
.
Find
(
&
records
,
bolthold
.
Where
(
bolthold
.
Key
)
.
Ge
(
uint64
(
index
)));
err
!=
nil
{
return
nil
,
err
}
return
records
,
nil
}
func
(
rdb
*
DB
)
LatestRecords
(
count
int
)
([]
*
R
evocationRecord
,
error
)
{
func
(
rdb
*
DB
)
LatestRecords
(
count
int
)
([]
*
r
evocation
.
Record
,
error
)
{
c
:=
int
(
rdb
.
Current
.
Index
)
-
count
+
1
if
c
<
0
{
c
=
0
...
...
@@ -138,7 +125,7 @@ func (rdb *DB) IssuanceRecord(key []byte) (*IssuanceRecord, error) {
return
r
,
nil
}
func
(
rdb
*
DB
)
AddRecords
(
records
[]
*
R
evocationRecord
)
error
{
func
(
rdb
*
DB
)
AddRecords
(
records
[]
*
r
evocation
.
Record
)
error
{
var
err
error
for
_
,
r
:=
range
records
{
if
err
=
rdb
.
Add
(
r
.
Message
,
r
.
PublicKeyIndex
);
err
!=
nil
{
...
...
@@ -169,7 +156,7 @@ func (rdb *DB) Add(updateMsg signed.Message, counter uint) error {
func
(
rdb
*
DB
)
add
(
update
revocation
.
AccumulatorUpdate
,
updateMsg
signed
.
Message
,
pkCounter
uint
,
tx
*
bolt
.
Tx
)
error
{
var
err
error
record
:=
&
R
evocationRecord
{
record
:=
&
r
evocation
.
Record
{
StartIndex
:
update
.
StartIndex
,
EndIndex
:
update
.
Accumulator
.
Index
,
PublicKeyIndex
:
pkCounter
,
...
...
@@ -221,7 +208,7 @@ func (rdb *DB) loadCurrent() error {
return
err
}
var
record
R
evocationRecord
var
record
r
evocation
.
Record
if
err
:=
rdb
.
bolt
.
Get
(
currentIndex
.
Index
,
&
record
);
err
!=
nil
{
return
err
}
...
...
@@ -274,26 +261,10 @@ func (rdb *DB) Close() error {
return
nil
}
func
(
rdb
*
DB
)
OnChange
(
handler
func
(
*
R
evocationRecord
))
{
func
(
rdb
*
DB
)
OnChange
(
handler
func
(
*
r
evocation
.
Record
))
{
rdb
.
onChange
=
append
(
rdb
.
onChange
,
handler
)
}
func
(
r
*
RevocationRecord
)
UnmarshalVerify
(
keystore
keystore
)
(
*
revocation
.
AccumulatorUpdate
,
error
)
{
pk
,
err
:=
keystore
(
r
.
PublicKeyIndex
)
if
err
!=
nil
{
return
nil
,
err
}
msg
:=
&
revocation
.
AccumulatorUpdate
{}
if
err
:=
signed
.
UnmarshalVerify
(
pk
.
ECDSA
,
r
.
Message
,
msg
);
err
!=
nil
{
return
nil
,
err
}
if
(
r
.
StartIndex
!=
msg
.
StartIndex
)
||
(
r
.
EndIndex
>
0
&&
r
.
EndIndex
!=
msg
.
StartIndex
+
uint64
(
len
(
msg
.
Revoked
))
-
1
)
{
return
nil
,
errors
.
New
(
"record has invalid start or end index"
)
}
return
msg
,
nil
}
func
(
rs
*
RevocationStorage
)
loadDB
(
credid
CredentialTypeIdentifier
)
(
*
DB
,
error
)
{
path
:=
filepath
.
Join
(
rs
.
conf
.
RevocationPath
,
credid
.
String
())
keystore
:=
rs
.
keystore
(
credid
.
IssuerIdentifier
())
...
...
@@ -331,8 +302,8 @@ func (rs *RevocationStorage) PublicKey(issid IssuerIdentifier, counter uint) (*r
return
revpk
,
nil
}
func
(
rs
*
RevocationStorage
)
GetUpdates
(
credid
CredentialTypeIdentifier
,
index
uint64
)
([]
*
R
evocationRecord
,
error
)
{
var
records
[]
*
R
evocationRecord
func
(
rs
*
RevocationStorage
)
GetUpdates
(
credid
CredentialTypeIdentifier
,
index
uint64
)
([]
*
r
evocation
.
Record
,
error
)
{
var
records
[]
*
r
evocation
.
Record
err
:=
NewHTTPTransport
(
rs
.
conf
.
CredentialTypes
[
credid
]
.
RevocationServer
)
.
Get
(
fmt
.
Sprintf
(
"-/revocation/records/%s/%d"
,
credid
,
index
),
&
records
)
if
err
!=
nil
{
...
...
@@ -355,7 +326,7 @@ func (rs *RevocationStorage) SetRecords(b *BaseRequest) error {
if
len
(
b
.
Revocation
)
==
0
{
return
nil
}
b
.
RevocationUpdates
=
make
(
map
[
CredentialTypeIdentifier
][]
*
R
evocationRecord
,
len
(
b
.
Revocation
))
b
.
RevocationUpdates
=
make
(
map
[
CredentialTypeIdentifier
][]
*
r
evocation
.
Record
,
len
(
b
.
Revocation
))
for
_
,
credid
:=
range
b
.
Revocation
{
db
,
err
:=
rs
.
DB
(
credid
)
if
err
!=
nil
{
...
...
@@ -476,7 +447,7 @@ func (rs *RevocationStorage) Close() error {
return
merr
.
ErrorOrNil
()
}
func
(
rs
*
RevocationStorage
)
keystore
(
issuerid
IssuerIdentifier
)
k
eystore
{
func
(
rs
*
RevocationStorage
)
keystore
(
issuerid
IssuerIdentifier
)
revocation
.
K
eystore
{
return
func
(
counter
uint
)
(
*
revocation
.
PublicKey
,
error
)
{
return
rs
.
PublicKey
(
issuerid
,
counter
)
}
...
...
server/conf.go
View file @
7e7ff2a1
...
...
@@ -8,6 +8,7 @@ import (
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/big"
"github.com/privacybydesign/gabi/revocation"
irma
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/internal/fs"
"github.com/sirupsen/logrus"
...
...
@@ -218,11 +219,11 @@ func (conf *Configuration) verifyRevocation() error {
return
LogError
(
err
)
}
db
.
OnChange
(
func
(
record
*
irma
.
R
evocationRecord
)
{
db
.
OnChange
(
func
(
record
*
r
evocation
.
Record
)
{
transport
:=
irma
.
NewHTTPTransport
(
""
)
o
:=
struct
{}{}
for
_
,
url
:=
range
settings
.
PostURLs
{
if
err
:=
transport
.
Post
(
url
+
"/-/revocation/records"
,
&
o
,
&
[]
*
irma
.
R
evocationRecord
{
record
});
err
!=
nil
{
if
err
:=
transport
.
Post
(
url
+
"/-/revocation/records"
,
&
o
,
&
[]
*
r
evocation
.
Record
{
record
});
err
!=
nil
{
conf
.
Logger
.
Warn
(
"error sending revocation update"
,
err
)
}
}
...
...
verify.go
View file @
7e7ff2a1
...
...
@@ -8,6 +8,7 @@ import (
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/big"
"github.com/privacybydesign/gabi/revocation"
)
// ProofStatus is the status of the complete proof
...
...
@@ -109,7 +110,7 @@ func (pl ProofList) VerifyProofs(
configuration
*
Configuration
,
context
*
big
.
Int
,
nonce
*
big
.
Int
,
publickeys
[]
*
gabi
.
PublicKey
,
revRecords
map
[
CredentialTypeIdentifier
][]
*
R
evocationRecord
,
revRecords
map
[
CredentialTypeIdentifier
][]
*
r
evocation
.
Record
,
isSig
bool
,
)
(
bool
,
error
)
{
// Empty proof lists are allowed (if consistent with the session request, which is checked elsewhere)
...
...
@@ -293,7 +294,7 @@ func (d *Disclosure) VerifyAgainstRequest(
issig
bool
,
)
([][]
*
DisclosedAttribute
,
ProofStatus
,
error
)
{
var
required
AttributeConDisCon
var
revRecords
map
[
CredentialTypeIdentifier
][]
*
R
evocationRecord
var
revRecords
map
[
CredentialTypeIdentifier
][]
*
r
evocation
.
Record
if
request
!=
nil
{
revRecords
=
request
.
Base
()
.
RevocationUpdates
required
=
request
.
Disclosure
()
.
Disclose
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment