refactor: move RevocationRecord back to gabi

7e7ff2a1 · Sietse Ringers · 8431fb78 · 7e7ff2a1 · 7e7ff2a1 · 7e7ff2a1
Commit 7e7ff2a1 authored Oct 16, 2019 by Sietse Ringers
--- a/internal/servercore/api.go
+++ b/internal/servercore/api.go
@@ -14,6 +14,7 @@ import (

 	"github.com/go-errors/errors"
 	"github.com/jasonlvhit/gocron"
+	"github.com/privacybydesign/gabi/revocation"
 	"github.com/privacybydesign/irmago"
 	"github.com/privacybydesign/irmago/server"
 	"github.com/sirupsen/logrus"
@@ -387,7 +388,7 @@ func (s *Server) handleRevocationMessage(
 			return server.JsonResponse(nil, server.RemoteError(server.ErrorInvalidRequest, "POST records expects 1 url arguments"))
 		}
 		cred := irma.NewCredentialTypeIdentifier(args[0])
-		var records []*irma.RevocationRecord
+		var records []*revocation.Record
 		if err := json.Unmarshal(message, &records); err != nil {
 			return server.JsonResponse(nil, server.RemoteError(server.ErrorMalformedInput, err.Error()))
 		}

--- a/internal/servercore/handle.go
+++ b/internal/servercore/handle.go
@@ -4,6 +4,7 @@ import (
 	"time"

 	"github.com/privacybydesign/gabi"
+	"github.com/privacybydesign/gabi/revocation"
 	"github.com/privacybydesign/gabi/signed"
 	"github.com/privacybydesign/irmago"
 	"github.com/privacybydesign/irmago/server"
@@ -215,7 +216,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
 }

 func (s *Server) handlePostRevocationRecords(
-	cred irma.CredentialTypeIdentifier, records []*irma.RevocationRecord,
+	cred irma.CredentialTypeIdentifier, records []*revocation.Record,
 ) (interface{}, *irma.RemoteError) {
 	db, err := s.conf.IrmaConfiguration.RevocationStorage.DB(cred)
 	if err != nil {
@@ -229,7 +230,7 @@ func (s *Server) handlePostRevocationRecords(

 func (s *Server) handleGetRevocationRecords(
 	cred irma.CredentialTypeIdentifier, index int,
-) ([]*irma.RevocationRecord, *irma.RemoteError) {
+) ([]*revocation.Record, *irma.RemoteError) {
 	if _, ok := s.conf.RevocationServers[cred]; !ok {
 		return nil, server.RemoteError(server.ErrorInvalidRequest, "not supported by this server")
 	}

--- a/irmaclient/credential.go
+++ b/irmaclient/credential.go
@@ -73,7 +73,7 @@ func (cred *credential) NonrevPrepare(conf *irma.Configuration, request irma.Ses

 // NonrevApplyUpdates updates the credential's nonrevocation witness using the specified messages,
 // if they all verify and if their indices are ahead and adjacent to that of our witness.
-func (cred *credential) NonrevApplyUpdates(messages []*irma.RevocationRecord, rs *irma.RevocationStorage) (bool, error) {
+func (cred *credential) NonrevApplyUpdates(messages []*revocation.Record, rs *irma.RevocationStorage) (bool, error) {
 	var err error
 	var pk *revocation.PublicKey
 	oldindex := cred.NonRevocationWitness.Index

--- a/requests.go
+++ b/requests.go
@@ -13,6 +13,7 @@ import (
 	"github.com/go-errors/errors"
 	"github.com/privacybydesign/gabi"
 	"github.com/privacybydesign/gabi/big"
+	"github.com/privacybydesign/gabi/revocation"
 	"github.com/privacybydesign/irmago/internal/fs"
 )

@@ -32,10 +33,10 @@ type BaseRequest struct {
 	Revocation []CredentialTypeIdentifier `json:"revocation,omitempty"`

 	// Set by the IRMA server during the session
-	Context           *big.Int                                         `json:"context,omitempty"`
-	Nonce             *big.Int                                         `json:"nonce,omitempty"`
-	ProtocolVersion   *ProtocolVersion                                 `json:"protocolVersion,omitempty"`
-	RevocationUpdates map[CredentialTypeIdentifier][]*RevocationRecord `json:"revocationUpdates,omitempty"`
+	Context           *big.Int                                          `json:"context,omitempty"`
+	Nonce             *big.Int                                          `json:"nonce,omitempty"`
+	ProtocolVersion   *ProtocolVersion                                  `json:"protocolVersion,omitempty"`
+	RevocationUpdates map[CredentialTypeIdentifier][]*revocation.Record `json:"revocationUpdates,omitempty"`

 	ids *IrmaIdentifierSet // cache for Identifiers() method


--- a/revocation.go
+++ b/revocation.go
@@ -16,13 +16,13 @@ import (

 type (
 	// DB is a bolthold database storing revocation state for a particular accumulator
-	// (RevocationRecord instances, and IssuanceRecord instances if used by an issuer).
+	// (Record instances, and IssuanceRecord instances if used by an issuer).
 	DB struct {
 		Current  revocation.Accumulator
 		Updated  time.Time
-		onChange []func(*RevocationRecord)
+		onChange []func(*revocation.Record)
 		bolt     *bolthold.Store
-		keystore keystore
+		keystore revocation.Keystore
 	}

 	RevocationStorage struct {
@@ -30,16 +30,6 @@ type (
 		conf *Configuration
 	}

-	// RevocationRecord contains a signed AccumulatorUpdate and associated information and is ued
-	// by clients, issuers and verifiers to update their revocation state, so that they can create
-	// and verify nonrevocation proofs and witnesses.
-	RevocationRecord struct {
-		StartIndex     uint64
-		EndIndex       uint64
-		PublicKeyIndex uint
-		Message        signed.Message // signed revocation.AccumulatorUpdate
-	}
-
 	TimeRecord struct {
 		Index      uint64
 		Start, End int64
@@ -57,9 +47,6 @@ type (
 	currentRecord struct {
 		Index uint64
 	}
-
-	// keystore provides support for revocation public key rollover.
-	keystore func(counter uint) (*revocation.PublicKey, error)
 )

 const boltCurrentIndexKey = "currentIndex"
@@ -98,15 +85,15 @@ func (rdb *DB) Revoke(sk *revocation.PrivateKey, key []byte) error {
 // Get returns all records that a client requires to update its revocation state if it is currently
 // at the specified index, that is, all records whose end index is greater than or equal to
 // the specified index.
-func (rdb *DB) RevocationRecords(index int) ([]*RevocationRecord, error) {
-	var records []*RevocationRecord
+func (rdb *DB) RevocationRecords(index int) ([]*revocation.Record, error) {
+	var records []*revocation.Record
 	if err := rdb.bolt.Find(&records, bolthold.Where(bolthold.Key).Ge(uint64(index))); err != nil {
 		return nil, err
 	}
 	return records, nil
 }

-func (rdb *DB) LatestRecords(count int) ([]*RevocationRecord, error) {
+func (rdb *DB) LatestRecords(count int) ([]*revocation.Record, error) {
 	c := int(rdb.Current.Index) - count + 1
 	if c < 0 {
 		c = 0
@@ -138,7 +125,7 @@ func (rdb *DB) IssuanceRecord(key []byte) (*IssuanceRecord, error) {
 	return r, nil
 }

-func (rdb *DB) AddRecords(records []*RevocationRecord) error {
+func (rdb *DB) AddRecords(records []*revocation.Record) error {
 	var err error
 	for _, r := range records {
 		if err = rdb.Add(r.Message, r.PublicKeyIndex); err != nil {
@@ -169,7 +156,7 @@ func (rdb *DB) Add(updateMsg signed.Message, counter uint) error {

 func (rdb *DB) add(update revocation.AccumulatorUpdate, updateMsg signed.Message, pkCounter uint, tx *bolt.Tx) error {
 	var err error
-	record := &RevocationRecord{
+	record := &revocation.Record{
 		StartIndex:     update.StartIndex,
 		EndIndex:       update.Accumulator.Index,
 		PublicKeyIndex: pkCounter,
@@ -221,7 +208,7 @@ func (rdb *DB) loadCurrent() error {
 		return err
 	}

-	var record RevocationRecord
+	var record revocation.Record
 	if err := rdb.bolt.Get(currentIndex.Index, &record); err != nil {
 		return err
 	}
@@ -274,26 +261,10 @@ func (rdb *DB) Close() error {
 	return nil
 }

-func (rdb *DB) OnChange(handler func(*RevocationRecord)) {
+func (rdb *DB) OnChange(handler func(*revocation.Record)) {
 	rdb.onChange = append(rdb.onChange, handler)
 }

-func (r *RevocationRecord) UnmarshalVerify(keystore keystore) (*revocation.AccumulatorUpdate, error) {
-	pk, err := keystore(r.PublicKeyIndex)
-	if err != nil {
-		return nil, err
-	}
-	msg := &revocation.AccumulatorUpdate{}
-	if err := signed.UnmarshalVerify(pk.ECDSA, r.Message, msg); err != nil {
-		return nil, err
-	}
-	if (r.StartIndex != msg.StartIndex) ||
-		(r.EndIndex > 0 && r.EndIndex != msg.StartIndex+uint64(len(msg.Revoked))-1) {
-		return nil, errors.New("record has invalid start or end index")
-	}
-	return msg, nil
-}
-
 func (rs *RevocationStorage) loadDB(credid CredentialTypeIdentifier) (*DB, error) {
 	path := filepath.Join(rs.conf.RevocationPath, credid.String())
 	keystore := rs.keystore(credid.IssuerIdentifier())
@@ -331,8 +302,8 @@ func (rs *RevocationStorage) PublicKey(issid IssuerIdentifier, counter uint) (*r
 	return revpk, nil
 }

-func (rs *RevocationStorage) GetUpdates(credid CredentialTypeIdentifier, index uint64) ([]*RevocationRecord, error) {
-	var records []*RevocationRecord
+func (rs *RevocationStorage) GetUpdates(credid CredentialTypeIdentifier, index uint64) ([]*revocation.Record, error) {
+	var records []*revocation.Record
 	err := NewHTTPTransport(rs.conf.CredentialTypes[credid].RevocationServer).
 		Get(fmt.Sprintf("-/revocation/records/%s/%d", credid, index), &records)
 	if err != nil {
@@ -355,7 +326,7 @@ func (rs *RevocationStorage) SetRecords(b *BaseRequest) error {
 	if len(b.Revocation) == 0 {
 		return nil
 	}
-	b.RevocationUpdates = make(map[CredentialTypeIdentifier][]*RevocationRecord, len(b.Revocation))
+	b.RevocationUpdates = make(map[CredentialTypeIdentifier][]*revocation.Record, len(b.Revocation))
 	for _, credid := range b.Revocation {
 		db, err := rs.DB(credid)
 		if err != nil {
@@ -476,7 +447,7 @@ func (rs *RevocationStorage) Close() error {
 	return merr.ErrorOrNil()
 }

-func (rs *RevocationStorage) keystore(issuerid IssuerIdentifier) keystore {
+func (rs *RevocationStorage) keystore(issuerid IssuerIdentifier) revocation.Keystore {
 	return func(counter uint) (*revocation.PublicKey, error) {
 		return rs.PublicKey(issuerid, counter)
 	}

--- a/server/conf.go
+++ b/server/conf.go
@@ -8,6 +8,7 @@ import (
 	"github.com/go-errors/errors"
 	"github.com/privacybydesign/gabi"
 	"github.com/privacybydesign/gabi/big"
+	"github.com/privacybydesign/gabi/revocation"
 	irma "github.com/privacybydesign/irmago"
 	"github.com/privacybydesign/irmago/internal/fs"
 	"github.com/sirupsen/logrus"
@@ -218,11 +219,11 @@ func (conf *Configuration) verifyRevocation() error {
 			return LogError(err)
 		}

-		db.OnChange(func(record *irma.RevocationRecord) {
+		db.OnChange(func(record *revocation.Record) {
 			transport := irma.NewHTTPTransport("")
 			o := struct{}{}
 			for _, url := range settings.PostURLs {
-				if err := transport.Post(url+"/-/revocation/records", &o, &[]*irma.RevocationRecord{record}); err != nil {
+				if err := transport.Post(url+"/-/revocation/records", &o, &[]*revocation.Record{record}); err != nil {
 					conf.Logger.Warn("error sending revocation update", err)
 				}
 			}

--- a/verify.go
+++ b/verify.go
@@ -8,6 +8,7 @@ import (
 	"github.com/go-errors/errors"
 	"github.com/privacybydesign/gabi"
 	"github.com/privacybydesign/gabi/big"
+	"github.com/privacybydesign/gabi/revocation"
 )

 // ProofStatus is the status of the complete proof
@@ -109,7 +110,7 @@ func (pl ProofList) VerifyProofs(
 	configuration *Configuration,
 	context *big.Int, nonce *big.Int,
 	publickeys []*gabi.PublicKey,
-	revRecords map[CredentialTypeIdentifier][]*RevocationRecord,
+	revRecords map[CredentialTypeIdentifier][]*revocation.Record,
 	isSig bool,
 ) (bool, error) {
 	// Empty proof lists are allowed (if consistent with the session request, which is checked elsewhere)
@@ -293,7 +294,7 @@ func (d *Disclosure) VerifyAgainstRequest(
 	issig bool,
 ) ([][]*DisclosedAttribute, ProofStatus, error) {
 	var required AttributeConDisCon
-	var revRecords map[CredentialTypeIdentifier][]*RevocationRecord
+	var revRecords map[CredentialTypeIdentifier][]*revocation.Record
 	if request != nil {
 		revRecords = request.Base().RevocationUpdates
 		required = request.Disclosure().Disclose