Commit b18297ad authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Support distributed disclosure sessions

parent 5574c4d6
......@@ -47,6 +47,7 @@ func teardown(t *testing.T) {
MetaStore = newConfigurationStore()
Manager = newCredentialManager()
assert.NoError(t, os.RemoveAll("testdata/storage/test"))
// TODO first RemoveAll?!
}
// A convenience function for initializing big integers from known correct (10
......
......@@ -183,6 +183,8 @@ func startKeyshareSession(
if askPin {
ks.VerifyPin(-1)
} else {
ks.GetCommitments()
}
}
......@@ -356,42 +358,10 @@ func (ks *keyshareSession) GetProofPs() {
// merge in the received ProofP's, and finish.
func (ks *keyshareSession) Finish(challenge *big.Int, responses map[SchemeManagerIdentifier]string) {
switch ks.session.(type) {
case *DisclosureRequest:
case *SignatureRequest:
proofPs := make([]*gabi.ProofP, len(ks.builders))
for i, builder := range ks.builders {
// Parse each received JWT
managerID := NewIssuerIdentifier(builder.PublicKey().Issuer).SchemeManagerIdentifier()
if !MetaStore.SchemeManagers[managerID].Distributed() {
continue
}
msg := struct {
ProofP *gabi.ProofP
}{}
_, err := jwtDecode(responses[managerID], msg)
if err != nil {
ks.sessionHandler.KeyshareError(err)
return
}
// Decrypt the responses and populate a slice of ProofP's
proofPs[i] = msg.ProofP
bytes, err := ks.keyshareServer.PrivateKey.Decrypt(proofPs[i].C.Bytes())
if err != nil {
ks.sessionHandler.KeyshareError(err)
return
}
proofPs[i].C = new(big.Int).SetBytes(bytes)
}
// Create merged proofs and finish protocol
list, err := ks.builders.BuildDistributedProofList(challenge, proofPs)
if err != nil {
ks.sessionHandler.KeyshareError(err)
return
}
ks.sessionHandler.KeyshareDone(list)
case *DisclosureRequest: // Can't use fallthrough in a type switch in go
ks.finishDisclosureOrSigning(challenge, responses)
case *SignatureRequest: // So we have to do this in a separate method
ks.finishDisclosureOrSigning(challenge, responses)
case *IssuanceRequest:
// Calculate IssueCommitmentMessage, without merging in any of the received ProofP's:
// instead, include the keyshare server's JWT in the IssueCommitmentMessage for the
......@@ -410,6 +380,42 @@ func (ks *keyshareSession) Finish(challenge *big.Int, responses map[SchemeManage
}
}
func (ks *keyshareSession) finishDisclosureOrSigning(challenge *big.Int, responses map[SchemeManagerIdentifier]string) {
proofPs := make([]*gabi.ProofP, len(ks.builders))
for i, builder := range ks.builders {
// Parse each received JWT
managerID := NewIssuerIdentifier(builder.PublicKey().Issuer).SchemeManagerIdentifier()
if !MetaStore.SchemeManagers[managerID].Distributed() {
continue
}
msg := struct {
ProofP *gabi.ProofP
}{}
_, err := jwtDecode(responses[managerID], &msg)
if err != nil {
ks.sessionHandler.KeyshareError(err)
return
}
// Decrypt the responses and populate a slice of ProofP's
proofPs[i] = msg.ProofP
bytes, err := ks.keyshareServer.PrivateKey.Decrypt(proofPs[i].SResponse.Bytes())
if err != nil {
ks.sessionHandler.KeyshareError(err)
return
}
proofPs[i].SResponse = new(big.Int).SetBytes(bytes)
}
// Create merged proofs and finish protocol
list, err := ks.builders.BuildDistributedProofList(challenge, proofPs)
if err != nil {
ks.sessionHandler.KeyshareError(err)
return
}
ks.sessionHandler.KeyshareDone(list)
}
// TODO this message is ugly, should update protocol
func (comms *proofPCommitmentMap) UnmarshalJSON(bytes []byte) error {
comms.Commitments = map[publicKeyIdentifier]*gabi.ProofPCommitment{}
......
......@@ -29,7 +29,9 @@ func (th TestHandler) Failure(action Action, err *Error) {
th.c <- err
}
func (th TestHandler) UnsatisfiableRequest(action Action, missing AttributeDisjunctionList) {
th.c <- &Error{}
th.c <- &Error{
ErrorCode: ErrorCode("UnsatisfiableRequest"),
}
}
func (th TestHandler) AskVerificationPermission(request DisclosureRequest, ServerName string, callback PermissionHandler) {
choice := &DisclosureChoice{
......@@ -175,7 +177,9 @@ func sessionHelper(t *testing.T, jwtcontents interface{}, url string, init bool)
t.Fatal(*err)
}
teardown(t)
if init {
teardown(t)
}
}
func registerKeyshareServer(t *testing.T) {
......@@ -197,17 +201,32 @@ func registerKeyshareServer(t *testing.T) {
func TestKeyshareSession(t *testing.T) {
registerKeyshareServer(t)
id := NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
expiry := Timestamp(NewMetadataAttribute().Expiry())
credid := NewCredentialTypeIdentifier("test.test.mijnirma")
jwtcontents := NewIdentityProviderJwt("testip", &IssuanceRequest{
Credentials: []*CredentialRequest{
{
Validity: &expiry,
Credential: &credid,
Attributes: map[string]string{"email": "example@example.com"},
},
jwt := getIssuanceJwt("testip", id)
jwt.(*IdentityProviderJwt).Request.Request.Credentials = append(
jwt.(*IdentityProviderJwt).Request.Request.Credentials,
&CredentialRequest{
Validity: &expiry,
Credential: &credid,
Attributes: map[string]string{"email": "example@example.com"},
},
})
)
sessionHelper(t, jwtcontents, "issue", false)
sessionHelper(t, jwt, "issue", false)
jwt = getDisclosureJwt("testsp", id)
jwt.(*ServiceProviderJwt).Request.Request.Content = append(
jwt.(*ServiceProviderJwt).Request.Request.Content,
&AttributeDisjunction{
Label: "foo",
Attributes: []AttributeTypeIdentifier{NewAttributeTypeIdentifier("test.test.mijnirma.email")},
},
)
sessionHelper(t, jwt, "verification", false)
teardown(t)
}
......@@ -18,7 +18,7 @@ type HTTPTransport struct {
headers map[string]string
}
const verbose = false
const verbose = true
// NewHTTPTransport returns a new HTTPTransport.
func NewHTTPTransport(serverURL string) *HTTPTransport {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment