Commit 96d12393 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Signature filename is now hash of attributes

parent d1f72f93
...@@ -8,6 +8,8 @@ import ( ...@@ -8,6 +8,8 @@ import (
"math/big" "math/big"
"time" "time"
"encoding/hex"
"github.com/mhe/gabi" "github.com/mhe/gabi"
) )
...@@ -66,6 +68,15 @@ func (al *AttributeList) Info() *CredentialInfo { ...@@ -66,6 +68,15 @@ func (al *AttributeList) Info() *CredentialInfo {
return al.info return al.info
} }
func (al *AttributeList) hash() string {
bytes := []byte{}
for _, i := range al.Ints {
bytes = append(bytes, i.Bytes()...)
}
shasum := sha256.Sum256(bytes)
return hex.EncodeToString(shasum[:])
}
// Strings converts the current instance to human-readable strings. // Strings converts the current instance to human-readable strings.
func (al *AttributeList) Strings() []string { func (al *AttributeList) Strings() []string {
if al.strings == nil { if al.strings == nil {
......
...@@ -13,6 +13,7 @@ import ( ...@@ -13,6 +13,7 @@ import (
type credential struct { type credential struct {
*gabi.Credential *gabi.Credential
*MetadataAttribute *MetadataAttribute
attrs *AttributeList
} }
// CredentialInfo contains all information of an IRMA credential. // CredentialInfo contains all information of an IRMA credential.
...@@ -67,6 +68,13 @@ func newCredential(gabicred *gabi.Credential, store *ConfigurationStore) (*crede ...@@ -67,6 +68,13 @@ func newCredential(gabicred *gabi.Credential, store *ConfigurationStore) (*crede
return cred, nil return cred, nil
} }
func (cred *credential) AttributeList() *AttributeList {
if cred.attrs == nil {
cred.attrs = NewAttributeListFromInts(cred.Credential.Attributes[1:], cred.MetadataAttribute.store)
}
return cred.attrs
}
// Len implements sort.Interface. // Len implements sort.Interface.
func (cl CredentialInfoList) Len() int { func (cl CredentialInfoList) Len() int {
return len(cl) return len(cl)
......
...@@ -88,8 +88,7 @@ func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int ...@@ -88,8 +88,7 @@ func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int
if attrs == nil { // We do not have the requested cred if attrs == nil { // We do not have the requested cred
return return
} }
ints := append([]*big.Int{cm.secretkey}, attrs.Ints...) sig, err := cm.loadSignature(attrs)
sig, err := cm.loadSignature(id, counter)
if err != nil { if err != nil {
return nil, err return nil, err
} }
...@@ -97,8 +96,7 @@ func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int ...@@ -97,8 +96,7 @@ func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int
err = errors.New("signature file not found") err = errors.New("signature file not found")
return nil, err return nil, err
} }
meta := MetadataFromInt(ints[1], cm.Store) pk, err := attrs.PublicKey()
pk, err := meta.PublicKey()
if err != nil { if err != nil {
return nil, err return nil, err
} }
...@@ -106,7 +104,7 @@ func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int ...@@ -106,7 +104,7 @@ func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int
return nil, errors.New("unknown public key") return nil, errors.New("unknown public key")
} }
cred, err := newCredential(&gabi.Credential{ cred, err := newCredential(&gabi.Credential{
Attributes: ints, Attributes: append([]*big.Int{cm.secretkey}, attrs.Ints...),
Signature: sig, Signature: sig,
Pk: pk, Pk: pk,
}, cm.Store) }, cm.Store)
...@@ -122,9 +120,8 @@ func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int ...@@ -122,9 +120,8 @@ func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int
// addCredential adds the specified credential to the CredentialManager, saving its signature // addCredential adds the specified credential to the CredentialManager, saving its signature
// imediately, and optionally cm.attributes as well. // imediately, and optionally cm.attributes as well.
func (cm *CredentialManager) addCredential(cred *credential, storeAttributes bool) (err error) { func (cm *CredentialManager) addCredential(cred *credential, storeAttributes bool) (err error) {
attrs := NewAttributeListFromInts(cred.Attributes[1:], cm.Store)
id := cred.CredentialType().Identifier() id := cred.CredentialType().Identifier()
cm.attributes[id] = append(cm.attrs(id), attrs) cm.attributes[id] = append(cm.attrs(id), cred.AttributeList())
if _, exists := cm.credentials[id]; !exists { if _, exists := cm.credentials[id]; !exists {
cm.credentials[id] = make(map[int]*credential) cm.credentials[id] = make(map[int]*credential)
...@@ -161,7 +158,7 @@ func (cm *CredentialManager) Candidates(disjunction *AttributeDisjunction) []*At ...@@ -161,7 +158,7 @@ func (cm *CredentialManager) Candidates(disjunction *AttributeDisjunction) []*At
if attribute.IsCredential() { if attribute.IsCredential() {
candidates = append(candidates, id) candidates = append(candidates, id)
} else { } else {
attrs := NewAttributeListFromInts(cred.Attributes[1:], cm.Store) attrs := cred.AttributeList()
val := attrs.Attribute(attribute) val := attrs.Attribute(attribute)
if val == "" { // This won't handle empty attributes correctly if val == "" { // This won't handle empty attributes correctly
continue continue
......
...@@ -6,7 +6,6 @@ import ( ...@@ -6,7 +6,6 @@ import (
"io" "io"
"io/ioutil" "io/ioutil"
"os" "os"
"strconv"
"crypto/rand" "crypto/rand"
"encoding/hex" "encoding/hex"
...@@ -185,8 +184,8 @@ func (cm *CredentialManager) path(file string) string { ...@@ -185,8 +184,8 @@ func (cm *CredentialManager) path(file string) string {
return cm.storagePath + "/" + file return cm.storagePath + "/" + file
} }
func (cm *CredentialManager) signatureFilename(id string, counter int) string { func (cm *CredentialManager) signatureFilename(attrs *AttributeList) string {
return cm.path(signaturesDir) + "/" + id + "-" + strconv.Itoa(counter) return cm.path(signaturesDir) + "/" + attrs.hash()
} }
// ensureStorageExists initializes the credential storage folder, // ensureStorageExists initializes the credential storage folder,
...@@ -257,7 +256,7 @@ func (cm *CredentialManager) storeSignature(cred *credential, counter int) (err ...@@ -257,7 +256,7 @@ func (cm *CredentialManager) storeSignature(cred *credential, counter int) (err
} }
// TODO existence check // TODO existence check
filename := cm.signatureFilename(cred.CredentialType().Identifier().String(), counter) filename := cm.signatureFilename(cred.AttributeList())
err = ioutil.WriteFile(filename, credbytes, 0600) err = ioutil.WriteFile(filename, credbytes, 0600)
return return
} }
...@@ -291,8 +290,8 @@ func (cm *CredentialManager) storePaillierKeys() (err error) { ...@@ -291,8 +290,8 @@ func (cm *CredentialManager) storePaillierKeys() (err error) {
return return
} }
func (cm *CredentialManager) loadSignature(id CredentialTypeIdentifier, counter int) (signature *gabi.CLSignature, err error) { func (cm *CredentialManager) loadSignature(attrs *AttributeList) (signature *gabi.CLSignature, err error) {
sigpath := cm.signatureFilename(id.String(), counter) sigpath := cm.signatureFilename(attrs)
exists, err := PathExists(sigpath) exists, err := PathExists(sigpath)
if err != nil { if err != nil {
return return
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment