Commit be569e5e authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Save secret key as json object, like the other stored objects

parent 96d12393
......@@ -89,8 +89,10 @@ func verifyCredentials(t *testing.T, manager *CredentialManager) {
cred.Credential.Signature.Verify(pk, cred.Attributes),
"Credential %s-%d was invalid", credtype.String(), index,
)
require.Equal(t, cred.Attributes[0], manager.secretkey,
"Secret key of credential %s-%d unequal to main secret key")
require.Equal(t, cred.Attributes[0], manager.secretkey.Key,
"Secret key of credential %s-%d unequal to main secret key",
cred.CredentialType().Identifier().String(), index,
)
}
}
}
......
......@@ -14,7 +14,7 @@ import (
// CredentialManager manages credentials.
type CredentialManager struct {
secretkey *big.Int
secretkey *secretKey
storagePath string
attributes map[CredentialTypeIdentifier][]*AttributeList
credentials map[CredentialTypeIdentifier]map[int]*credential
......@@ -27,6 +27,10 @@ type CredentialManager struct {
updates []update
}
type secretKey struct {
Key *big.Int
}
// CredentialInfoList returns a list of information of all contained credentials.
func (cm *CredentialManager) CredentialInfoList() CredentialInfoList {
list := CredentialInfoList([]*CredentialInfo{})
......@@ -41,8 +45,12 @@ func (cm *CredentialManager) CredentialInfoList() CredentialInfoList {
return list
}
func (cm *CredentialManager) generateSecretKey() (sk *big.Int, err error) {
return gabi.RandomBigInt(gabi.DefaultSystemParameters[1024].Lm)
func (cm *CredentialManager) generateSecretKey() (*secretKey, error) {
key, err := gabi.RandomBigInt(gabi.DefaultSystemParameters[1024].Lm)
if err != nil {
return nil, err
}
return &secretKey{Key: key}, nil
}
// attrs returns cm.attributes[id], initializing it to an empty slice if neccesary
......@@ -104,7 +112,7 @@ func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int
return nil, errors.New("unknown public key")
}
cred, err := newCredential(&gabi.Credential{
Attributes: append([]*big.Int{cm.secretkey}, attrs.Ints...),
Attributes: append([]*big.Int{cm.secretkey.Key}, attrs.Ints...),
Signature: sig,
Pk: pk,
}, cm.Store)
......@@ -273,7 +281,8 @@ func (cm *CredentialManager) IssuanceProofBuilders(request *IssuanceRequest) (ga
if err != nil {
return nil, err
}
credBuilder := gabi.NewCredentialBuilder(pk, request.GetContext(), cm.secretkey, state.nonce2)
credBuilder := gabi.NewCredentialBuilder(
pk, request.GetContext(), cm.secretkey.Key, state.nonce2)
request.state.builders = append(request.state.builders, credBuilder)
proofBuilders = append(proofBuilders, credBuilder)
}
......
......@@ -9,7 +9,6 @@ import (
"crypto/rand"
"encoding/hex"
"math/big"
"path"
"time"
......@@ -217,8 +216,12 @@ func (cm *CredentialManager) ensureStorageExists() error {
return ensureDirectoryExists(cm.path(signaturesDir))
}
func (cm *CredentialManager) storeSecretKey(sk *big.Int) error {
return ioutil.WriteFile(cm.path(skFile), sk.Bytes(), 0600)
func (cm *CredentialManager) storeSecretKey(sk *secretKey) error {
bytes, err := json.Marshal(sk)
if err != nil {
return err
}
return ioutil.WriteFile(cm.path(skFile), bytes, 0600)
}
// Save the filecontents at the specified path atomically:
......@@ -310,20 +313,25 @@ func (cm *CredentialManager) loadSignature(attrs *AttributeList) (signature *gab
// loadSecretKey retrieves and returns the secret key from storage, or if no secret key
// was found in storage, it generates, saves, and returns a new secret key.
func (cm *CredentialManager) loadSecretKey() (*big.Int, error) {
func (cm *CredentialManager) loadSecretKey() (*secretKey, error) {
sk := &secretKey{}
var err error
exists, err := PathExists(cm.path(skFile))
if err != nil {
return nil, err
}
if exists {
var bytes []byte
if bytes, err = ioutil.ReadFile(cm.path(skFile)); err == nil {
return new(big.Int).SetBytes(bytes), nil
if bytes, err = ioutil.ReadFile(cm.path(skFile)); err != nil {
return nil, err
}
return nil, err
if err = json.Unmarshal(bytes, sk); err != nil {
return nil, err
}
return sk, err
}
sk, err := cm.generateSecretKey()
sk, err = cm.generateSecretKey()
if err != nil {
return nil, err
}
......
......@@ -82,7 +82,7 @@ func (cm *CredentialManager) ParseAndroidStorage() (present bool, err error) {
}
for _, list := range parsedjson {
cm.secretkey = list[0].Attributes[0]
cm.secretkey = &secretKey{Key: list[0].Attributes[0]}
for _, oldcred := range list {
gabicred := &gabi.Credential{
Attributes: oldcred.Attributes,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment