Save secret key as json object, like the other stored objects

be569e5e · Sietse Ringers · 96d12393 · be569e5e · be569e5e · be569e5e
Commit be569e5e authored Sep 30, 2017 by Sietse Ringers
--- a/irmago_test.go
+++ b/irmago_test.go
@@ -89,8 +89,10 @@ func verifyCredentials(t *testing.T, manager *CredentialManager) {
 				cred.Credential.Signature.Verify(pk, cred.Attributes),
 				"Credential %s-%d was invalid", credtype.String(), index,
 			)
-			require.Equal(t, cred.Attributes[0], manager.secretkey,
-				"Secret key of credential %s-%d unequal to main secret key")
+			require.Equal(t, cred.Attributes[0], manager.secretkey.Key,
+				"Secret key of credential %s-%d unequal to main secret key",
+				cred.CredentialType().Identifier().String(), index,
+			)
 		}
 	}
 }

--- a/manager.go
+++ b/manager.go
@@ -14,7 +14,7 @@ import (

 // CredentialManager manages credentials.
 type CredentialManager struct {
-	secretkey        *big.Int
+	secretkey        *secretKey
 	storagePath      string
 	attributes       map[CredentialTypeIdentifier][]*AttributeList
 	credentials      map[CredentialTypeIdentifier]map[int]*credential
@@ -27,6 +27,10 @@ type CredentialManager struct {
 	updates               []update
 }

+type secretKey struct {
+	Key *big.Int
+}
+
 // CredentialInfoList returns a list of information of all contained credentials.
 func (cm *CredentialManager) CredentialInfoList() CredentialInfoList {
 	list := CredentialInfoList([]*CredentialInfo{})
@@ -41,8 +45,12 @@ func (cm *CredentialManager) CredentialInfoList() CredentialInfoList {
 	return list
 }

-func (cm *CredentialManager) generateSecretKey() (sk *big.Int, err error) {
-	return gabi.RandomBigInt(gabi.DefaultSystemParameters[1024].Lm)
+func (cm *CredentialManager) generateSecretKey() (*secretKey, error) {
+	key, err := gabi.RandomBigInt(gabi.DefaultSystemParameters[1024].Lm)
+	if err != nil {
+		return nil, err
+	}
+	return &secretKey{Key: key}, nil
 }

 // attrs returns cm.attributes[id], initializing it to an empty slice if neccesary
@@ -104,7 +112,7 @@ func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int
 			return nil, errors.New("unknown public key")
 		}
 		cred, err := newCredential(&gabi.Credential{
-			Attributes: append([]*big.Int{cm.secretkey}, attrs.Ints...),
+			Attributes: append([]*big.Int{cm.secretkey.Key}, attrs.Ints...),
 			Signature:  sig,
 			Pk:         pk,
 		}, cm.Store)
@@ -273,7 +281,8 @@ func (cm *CredentialManager) IssuanceProofBuilders(request *IssuanceRequest) (ga
 		if err != nil {
 			return nil, err
 		}
-		credBuilder := gabi.NewCredentialBuilder(pk, request.GetContext(), cm.secretkey, state.nonce2)
+		credBuilder := gabi.NewCredentialBuilder(
+			pk, request.GetContext(), cm.secretkey.Key, state.nonce2)
 		request.state.builders = append(request.state.builders, credBuilder)
 		proofBuilders = append(proofBuilders, credBuilder)
 	}

--- a/storage.go
+++ b/storage.go
@@ -9,7 +9,6 @@ import (

 	"crypto/rand"
 	"encoding/hex"
-	"math/big"
 	"path"

 	"time"
@@ -217,8 +216,12 @@ func (cm *CredentialManager) ensureStorageExists() error {
 	return ensureDirectoryExists(cm.path(signaturesDir))
 }

-func (cm *CredentialManager) storeSecretKey(sk *big.Int) error {
-	return ioutil.WriteFile(cm.path(skFile), sk.Bytes(), 0600)
+func (cm *CredentialManager) storeSecretKey(sk *secretKey) error {
+	bytes, err := json.Marshal(sk)
+	if err != nil {
+		return err
+	}
+	return ioutil.WriteFile(cm.path(skFile), bytes, 0600)
 }

 // Save the filecontents at the specified path atomically:
@@ -310,20 +313,25 @@ func (cm *CredentialManager) loadSignature(attrs *AttributeList) (signature *gab

 // loadSecretKey retrieves and returns the secret key from storage, or if no secret key
 // was found in storage, it generates, saves, and returns a new secret key.
-func (cm *CredentialManager) loadSecretKey() (*big.Int, error) {
+func (cm *CredentialManager) loadSecretKey() (*secretKey, error) {
+	sk := &secretKey{}
+	var err error
 	exists, err := PathExists(cm.path(skFile))
 	if err != nil {
 		return nil, err
 	}
 	if exists {
 		var bytes []byte
-		if bytes, err = ioutil.ReadFile(cm.path(skFile)); err == nil {
-			return new(big.Int).SetBytes(bytes), nil
+		if bytes, err = ioutil.ReadFile(cm.path(skFile)); err != nil {
+			return nil, err
 		}
-		return nil, err
+		if err = json.Unmarshal(bytes, sk); err != nil {
+			return nil, err
+		}
+		return sk, err
 	}

-	sk, err := cm.generateSecretKey()
+	sk, err = cm.generateSecretKey()
 	if err != nil {
 		return nil, err
 	}

--- a/updates.go
+++ b/updates.go
@@ -82,7 +82,7 @@ func (cm *CredentialManager) ParseAndroidStorage() (present bool, err error) {
 	}

 	for _, list := range parsedjson {
-		cm.secretkey = list[0].Attributes[0]
+		cm.secretkey = &secretKey{Key: list[0].Attributes[0]}
 		for _, oldcred := range list {
 			gabicred := &gabi.Credential{
 				Attributes: oldcred.Attributes,