Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
I
irmago
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
IRMA
Github mirrors
irmago
Commits
7e7ff2a1
Commit
7e7ff2a1
authored
Oct 16, 2019
by
Sietse Ringers
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
refactor: move RevocationRecord back to gabi
parent
8431fb78
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
31 additions
and
55 deletions
+31
-55
internal/servercore/api.go
internal/servercore/api.go
+2
-1
internal/servercore/handle.go
internal/servercore/handle.go
+3
-2
irmaclient/credential.go
irmaclient/credential.go
+1
-1
requests.go
requests.go
+5
-4
revocation.go
revocation.go
+14
-43
server/conf.go
server/conf.go
+3
-2
verify.go
verify.go
+3
-2
No files found.
internal/servercore/api.go
View file @
7e7ff2a1
...
...
@@ -14,6 +14,7 @@ import (
"github.com/go-errors/errors"
"github.com/jasonlvhit/gocron"
"github.com/privacybydesign/gabi/revocation"
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/server"
"github.com/sirupsen/logrus"
...
...
@@ -387,7 +388,7 @@ func (s *Server) handleRevocationMessage(
return
server
.
JsonResponse
(
nil
,
server
.
RemoteError
(
server
.
ErrorInvalidRequest
,
"POST records expects 1 url arguments"
))
}
cred
:=
irma
.
NewCredentialTypeIdentifier
(
args
[
0
])
var
records
[]
*
irma
.
Revocation
Record
var
records
[]
*
revocation
.
Record
if
err
:=
json
.
Unmarshal
(
message
,
&
records
);
err
!=
nil
{
return
server
.
JsonResponse
(
nil
,
server
.
RemoteError
(
server
.
ErrorMalformedInput
,
err
.
Error
()))
}
...
...
internal/servercore/handle.go
View file @
7e7ff2a1
...
...
@@ -4,6 +4,7 @@ import (
"time"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/revocation"
"github.com/privacybydesign/gabi/signed"
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/server"
...
...
@@ -215,7 +216,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
}
func
(
s
*
Server
)
handlePostRevocationRecords
(
cred
irma
.
CredentialTypeIdentifier
,
records
[]
*
irma
.
Revocation
Record
,
cred
irma
.
CredentialTypeIdentifier
,
records
[]
*
revocation
.
Record
,
)
(
interface
{},
*
irma
.
RemoteError
)
{
db
,
err
:=
s
.
conf
.
IrmaConfiguration
.
RevocationStorage
.
DB
(
cred
)
if
err
!=
nil
{
...
...
@@ -229,7 +230,7 @@ func (s *Server) handlePostRevocationRecords(
func
(
s
*
Server
)
handleGetRevocationRecords
(
cred
irma
.
CredentialTypeIdentifier
,
index
int
,
)
([]
*
irma
.
Revocation
Record
,
*
irma
.
RemoteError
)
{
)
([]
*
revocation
.
Record
,
*
irma
.
RemoteError
)
{
if
_
,
ok
:=
s
.
conf
.
RevocationServers
[
cred
];
!
ok
{
return
nil
,
server
.
RemoteError
(
server
.
ErrorInvalidRequest
,
"not supported by this server"
)
}
...
...
irmaclient/credential.go
View file @
7e7ff2a1
...
...
@@ -73,7 +73,7 @@ func (cred *credential) NonrevPrepare(conf *irma.Configuration, request irma.Ses
// NonrevApplyUpdates updates the credential's nonrevocation witness using the specified messages,
// if they all verify and if their indices are ahead and adjacent to that of our witness.
func
(
cred
*
credential
)
NonrevApplyUpdates
(
messages
[]
*
irma
.
Revocation
Record
,
rs
*
irma
.
RevocationStorage
)
(
bool
,
error
)
{
func
(
cred
*
credential
)
NonrevApplyUpdates
(
messages
[]
*
revocation
.
Record
,
rs
*
irma
.
RevocationStorage
)
(
bool
,
error
)
{
var
err
error
var
pk
*
revocation
.
PublicKey
oldindex
:=
cred
.
NonRevocationWitness
.
Index
...
...
requests.go
View file @
7e7ff2a1
...
...
@@ -13,6 +13,7 @@ import (
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/big"
"github.com/privacybydesign/gabi/revocation"
"github.com/privacybydesign/irmago/internal/fs"
)
...
...
@@ -32,10 +33,10 @@ type BaseRequest struct {
Revocation
[]
CredentialTypeIdentifier
`json:"revocation,omitempty"`
// Set by the IRMA server during the session
Context
*
big
.
Int
`json:"context,omitempty"`
Nonce
*
big
.
Int
`json:"nonce,omitempty"`
ProtocolVersion
*
ProtocolVersion
`json:"protocolVersion,omitempty"`
RevocationUpdates
map
[
CredentialTypeIdentifier
][]
*
Revocation
Record
`json:"revocationUpdates,omitempty"`
Context
*
big
.
Int
`json:"context,omitempty"`
Nonce
*
big
.
Int
`json:"nonce,omitempty"`
ProtocolVersion
*
ProtocolVersion
`json:"protocolVersion,omitempty"`
RevocationUpdates
map
[
CredentialTypeIdentifier
][]
*
revocation
.
Record
`json:"revocationUpdates,omitempty"`
ids
*
IrmaIdentifierSet
// cache for Identifiers() method
...
...
revocation.go
View file @
7e7ff2a1
...
...
@@ -16,13 +16,13 @@ import (
type
(
// DB is a bolthold database storing revocation state for a particular accumulator
// (Re
vocationRe
cord instances, and IssuanceRecord instances if used by an issuer).
// (Record instances, and IssuanceRecord instances if used by an issuer).
DB
struct
{
Current
revocation
.
Accumulator
Updated
time
.
Time
onChange
[]
func
(
*
Revocation
Record
)
onChange
[]
func
(
*
revocation
.
Record
)
bolt
*
bolthold
.
Store
keystore
k
eystore
keystore
revocation
.
K
eystore
}
RevocationStorage
struct
{
...
...
@@ -30,16 +30,6 @@ type (
conf
*
Configuration
}
// RevocationRecord contains a signed AccumulatorUpdate and associated information and is ued
// by clients, issuers and verifiers to update their revocation state, so that they can create
// and verify nonrevocation proofs and witnesses.
RevocationRecord
struct
{
StartIndex
uint64
EndIndex
uint64
PublicKeyIndex
uint
Message
signed
.
Message
// signed revocation.AccumulatorUpdate
}
TimeRecord
struct
{
Index
uint64
Start
,
End
int64
...
...
@@ -57,9 +47,6 @@ type (
currentRecord
struct
{
Index
uint64
}
// keystore provides support for revocation public key rollover.
keystore
func
(
counter
uint
)
(
*
revocation
.
PublicKey
,
error
)
)
const
boltCurrentIndexKey
=
"currentIndex"
...
...
@@ -98,15 +85,15 @@ func (rdb *DB) Revoke(sk *revocation.PrivateKey, key []byte) error {
// Get returns all records that a client requires to update its revocation state if it is currently
// at the specified index, that is, all records whose end index is greater than or equal to
// the specified index.
func
(
rdb
*
DB
)
RevocationRecords
(
index
int
)
([]
*
Revocation
Record
,
error
)
{
var
records
[]
*
Revocation
Record
func
(
rdb
*
DB
)
RevocationRecords
(
index
int
)
([]
*
revocation
.
Record
,
error
)
{
var
records
[]
*
revocation
.
Record
if
err
:=
rdb
.
bolt
.
Find
(
&
records
,
bolthold
.
Where
(
bolthold
.
Key
)
.
Ge
(
uint64
(
index
)));
err
!=
nil
{
return
nil
,
err
}
return
records
,
nil
}
func
(
rdb
*
DB
)
LatestRecords
(
count
int
)
([]
*
Revocation
Record
,
error
)
{
func
(
rdb
*
DB
)
LatestRecords
(
count
int
)
([]
*
revocation
.
Record
,
error
)
{
c
:=
int
(
rdb
.
Current
.
Index
)
-
count
+
1
if
c
<
0
{
c
=
0
...
...
@@ -138,7 +125,7 @@ func (rdb *DB) IssuanceRecord(key []byte) (*IssuanceRecord, error) {
return
r
,
nil
}
func
(
rdb
*
DB
)
AddRecords
(
records
[]
*
Revocation
Record
)
error
{
func
(
rdb
*
DB
)
AddRecords
(
records
[]
*
revocation
.
Record
)
error
{
var
err
error
for
_
,
r
:=
range
records
{
if
err
=
rdb
.
Add
(
r
.
Message
,
r
.
PublicKeyIndex
);
err
!=
nil
{
...
...
@@ -169,7 +156,7 @@ func (rdb *DB) Add(updateMsg signed.Message, counter uint) error {
func
(
rdb
*
DB
)
add
(
update
revocation
.
AccumulatorUpdate
,
updateMsg
signed
.
Message
,
pkCounter
uint
,
tx
*
bolt
.
Tx
)
error
{
var
err
error
record
:=
&
Revocation
Record
{
record
:=
&
revocation
.
Record
{
StartIndex
:
update
.
StartIndex
,
EndIndex
:
update
.
Accumulator
.
Index
,
PublicKeyIndex
:
pkCounter
,
...
...
@@ -221,7 +208,7 @@ func (rdb *DB) loadCurrent() error {
return
err
}
var
record
Revocation
Record
var
record
revocation
.
Record
if
err
:=
rdb
.
bolt
.
Get
(
currentIndex
.
Index
,
&
record
);
err
!=
nil
{
return
err
}
...
...
@@ -274,26 +261,10 @@ func (rdb *DB) Close() error {
return
nil
}
func
(
rdb
*
DB
)
OnChange
(
handler
func
(
*
Revocation
Record
))
{
func
(
rdb
*
DB
)
OnChange
(
handler
func
(
*
revocation
.
Record
))
{
rdb
.
onChange
=
append
(
rdb
.
onChange
,
handler
)
}
func
(
r
*
RevocationRecord
)
UnmarshalVerify
(
keystore
keystore
)
(
*
revocation
.
AccumulatorUpdate
,
error
)
{
pk
,
err
:=
keystore
(
r
.
PublicKeyIndex
)
if
err
!=
nil
{
return
nil
,
err
}
msg
:=
&
revocation
.
AccumulatorUpdate
{}
if
err
:=
signed
.
UnmarshalVerify
(
pk
.
ECDSA
,
r
.
Message
,
msg
);
err
!=
nil
{
return
nil
,
err
}
if
(
r
.
StartIndex
!=
msg
.
StartIndex
)
||
(
r
.
EndIndex
>
0
&&
r
.
EndIndex
!=
msg
.
StartIndex
+
uint64
(
len
(
msg
.
Revoked
))
-
1
)
{
return
nil
,
errors
.
New
(
"record has invalid start or end index"
)
}
return
msg
,
nil
}
func
(
rs
*
RevocationStorage
)
loadDB
(
credid
CredentialTypeIdentifier
)
(
*
DB
,
error
)
{
path
:=
filepath
.
Join
(
rs
.
conf
.
RevocationPath
,
credid
.
String
())
keystore
:=
rs
.
keystore
(
credid
.
IssuerIdentifier
())
...
...
@@ -331,8 +302,8 @@ func (rs *RevocationStorage) PublicKey(issid IssuerIdentifier, counter uint) (*r
return
revpk
,
nil
}
func
(
rs
*
RevocationStorage
)
GetUpdates
(
credid
CredentialTypeIdentifier
,
index
uint64
)
([]
*
Revocation
Record
,
error
)
{
var
records
[]
*
Revocation
Record
func
(
rs
*
RevocationStorage
)
GetUpdates
(
credid
CredentialTypeIdentifier
,
index
uint64
)
([]
*
revocation
.
Record
,
error
)
{
var
records
[]
*
revocation
.
Record
err
:=
NewHTTPTransport
(
rs
.
conf
.
CredentialTypes
[
credid
]
.
RevocationServer
)
.
Get
(
fmt
.
Sprintf
(
"-/revocation/records/%s/%d"
,
credid
,
index
),
&
records
)
if
err
!=
nil
{
...
...
@@ -355,7 +326,7 @@ func (rs *RevocationStorage) SetRecords(b *BaseRequest) error {
if
len
(
b
.
Revocation
)
==
0
{
return
nil
}
b
.
RevocationUpdates
=
make
(
map
[
CredentialTypeIdentifier
][]
*
Revocation
Record
,
len
(
b
.
Revocation
))
b
.
RevocationUpdates
=
make
(
map
[
CredentialTypeIdentifier
][]
*
revocation
.
Record
,
len
(
b
.
Revocation
))
for
_
,
credid
:=
range
b
.
Revocation
{
db
,
err
:=
rs
.
DB
(
credid
)
if
err
!=
nil
{
...
...
@@ -476,7 +447,7 @@ func (rs *RevocationStorage) Close() error {
return
merr
.
ErrorOrNil
()
}
func
(
rs
*
RevocationStorage
)
keystore
(
issuerid
IssuerIdentifier
)
k
eystore
{
func
(
rs
*
RevocationStorage
)
keystore
(
issuerid
IssuerIdentifier
)
revocation
.
K
eystore
{
return
func
(
counter
uint
)
(
*
revocation
.
PublicKey
,
error
)
{
return
rs
.
PublicKey
(
issuerid
,
counter
)
}
...
...
server/conf.go
View file @
7e7ff2a1
...
...
@@ -8,6 +8,7 @@ import (
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/big"
"github.com/privacybydesign/gabi/revocation"
irma
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/internal/fs"
"github.com/sirupsen/logrus"
...
...
@@ -218,11 +219,11 @@ func (conf *Configuration) verifyRevocation() error {
return
LogError
(
err
)
}
db
.
OnChange
(
func
(
record
*
irma
.
Revocation
Record
)
{
db
.
OnChange
(
func
(
record
*
revocation
.
Record
)
{
transport
:=
irma
.
NewHTTPTransport
(
""
)
o
:=
struct
{}{}
for
_
,
url
:=
range
settings
.
PostURLs
{
if
err
:=
transport
.
Post
(
url
+
"/-/revocation/records"
,
&
o
,
&
[]
*
irma
.
Revocation
Record
{
record
});
err
!=
nil
{
if
err
:=
transport
.
Post
(
url
+
"/-/revocation/records"
,
&
o
,
&
[]
*
revocation
.
Record
{
record
});
err
!=
nil
{
conf
.
Logger
.
Warn
(
"error sending revocation update"
,
err
)
}
}
...
...
verify.go
View file @
7e7ff2a1
...
...
@@ -8,6 +8,7 @@ import (
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/big"
"github.com/privacybydesign/gabi/revocation"
)
// ProofStatus is the status of the complete proof
...
...
@@ -109,7 +110,7 @@ func (pl ProofList) VerifyProofs(
configuration
*
Configuration
,
context
*
big
.
Int
,
nonce
*
big
.
Int
,
publickeys
[]
*
gabi
.
PublicKey
,
revRecords
map
[
CredentialTypeIdentifier
][]
*
Revocation
Record
,
revRecords
map
[
CredentialTypeIdentifier
][]
*
revocation
.
Record
,
isSig
bool
,
)
(
bool
,
error
)
{
// Empty proof lists are allowed (if consistent with the session request, which is checked elsewhere)
...
...
@@ -293,7 +294,7 @@ func (d *Disclosure) VerifyAgainstRequest(
issig
bool
,
)
([][]
*
DisclosedAttribute
,
ProofStatus
,
error
)
{
var
required
AttributeConDisCon
var
revRecords
map
[
CredentialTypeIdentifier
][]
*
Revocation
Record
var
revRecords
map
[
CredentialTypeIdentifier
][]
*
revocation
.
Record
if
request
!=
nil
{
revRecords
=
request
.
Base
()
.
RevocationUpdates
required
=
request
.
Disclosure
()
.
Disclose
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment