Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
de9c0201
Commit
de9c0201
authored
Oct 03, 2017
by
Sietse Ringers
Browse files
Decouple keyshareSession from CredentialManager
parent
9659f28a
Changes
2
Hide whitespace changes
Inline
Side-by-side
keyshare.go
View file @
de9c0201
...
...
@@ -11,6 +11,10 @@ import (
"github.com/mhe/gabi"
)
// This file contains an implementation of the client side of the keyshare protocol,
// as well as the keyshareSessionHandler which is used to communicate with the user
// (currently only CredentialManager).
// KeysharePinRequestor is used to asking the user for his PIN.
type
KeysharePinRequestor
interface
{
AskPin
(
remainingAttempts
int
,
callback
func
(
proceed
bool
,
pin
string
))
...
...
@@ -24,13 +28,14 @@ type keyshareSessionHandler interface {
}
type
keyshareSession
struct
{
session
IrmaSession
builders
gabi
.
ProofBuilderList
transports
map
[
SchemeManagerIdentifier
]
*
HTTPTransport
sessionHandler
keyshareSessionHandler
pinRequestor
KeysharePinRequestor
keyshareServer
*
keyshareServer
credManager
*
CredentialManager
sessionHandler
keyshareSessionHandler
pinRequestor
KeysharePinRequestor
builders
gabi
.
ProofBuilderList
session
IrmaSession
store
*
ConfigurationStore
keyshareServers
map
[
SchemeManagerIdentifier
]
*
keyshareServer
keyshareServer
*
keyshareServer
// The one keyshare server in use in case of issuance
transports
map
[
SchemeManagerIdentifier
]
*
HTTPTransport
}
type
keyshareServer
struct
{
...
...
@@ -131,17 +136,18 @@ func (ks *keyshareServer) HashedPin(pin string) string {
// user cancels; or one of the keyshare servers blocks us.
// Error, blocked or success of the keyshare session is reported back to the keyshareSessionHandler.
func
startKeyshareSession
(
credManager
*
CredentialManager
,
session
IrmaSession
,
builders
gabi
.
ProofBuilderList
,
sessionHandler
keyshareSessionHandler
,
pin
KeysharePinRequestor
,
builders
gabi
.
ProofBuilderList
,
session
IrmaSession
,
store
*
ConfigurationStore
,
keyshareServers
map
[
SchemeManagerIdentifier
]
*
keyshareServer
,
)
{
ksscount
:=
0
for
_
,
managerID
:=
range
session
.
SchemeManagers
()
{
if
credManager
.
ConfigurationS
tore
.
SchemeManagers
[
managerID
]
.
Distributed
()
{
if
s
tore
.
SchemeManagers
[
managerID
]
.
Distributed
()
{
ksscount
++
if
_
,
registered
:=
credManager
.
keyshareServers
[
managerID
];
!
registered
{
if
_
,
registered
:=
keyshareServers
[
managerID
];
!
registered
{
err
:=
errors
.
New
(
"Not registered to keyshare server of scheme manager "
+
managerID
.
String
())
sessionHandler
.
KeyshareError
(
err
)
return
...
...
@@ -155,22 +161,23 @@ func startKeyshareSession(
}
ks
:=
&
keyshareSession
{
session
:
session
,
builders
:
builders
,
sessionHandler
:
sessionHandler
,
transports
:
map
[
SchemeManagerIdentifier
]
*
HTTPTransport
{},
pinRequestor
:
pin
,
credManager
:
credManager
,
session
:
session
,
builders
:
builders
,
sessionHandler
:
sessionHandler
,
transports
:
map
[
SchemeManagerIdentifier
]
*
HTTPTransport
{},
pinRequestor
:
pin
,
store
:
store
,
keyshareServers
:
keyshareServers
,
}
askPin
:=
false
for
_
,
managerID
:=
range
session
.
SchemeManagers
()
{
if
!
ks
.
credManager
.
ConfigurationS
tore
.
SchemeManagers
[
managerID
]
.
Distributed
()
{
if
!
ks
.
s
tore
.
SchemeManagers
[
managerID
]
.
Distributed
()
{
continue
}
ks
.
keyshareServer
=
ks
.
credManager
.
keyshareServers
[
managerID
]
ks
.
keyshareServer
=
ks
.
keyshareServers
[
managerID
]
transport
:=
NewHTTPTransport
(
ks
.
keyshareServer
.
URL
)
transport
.
SetHeader
(
kssUsernameHeader
,
ks
.
keyshareServer
.
Username
)
transport
.
SetHeader
(
kssAuthHeader
,
ks
.
keyshareServer
.
token
)
...
...
@@ -234,11 +241,11 @@ func (ks *keyshareSession) VerifyPin(attempts int) {
// If all is ok, success will be true.
func
(
ks
*
keyshareSession
)
verifyPinAttempt
(
pin
string
)
(
success
bool
,
tries
int
,
blocked
int
,
err
error
)
{
for
_
,
managerID
:=
range
ks
.
session
.
SchemeManagers
()
{
if
!
ks
.
credManager
.
ConfigurationS
tore
.
SchemeManagers
[
managerID
]
.
Distributed
()
{
if
!
ks
.
s
tore
.
SchemeManagers
[
managerID
]
.
Distributed
()
{
continue
}
kss
:=
ks
.
credManager
.
keyshareServers
[
managerID
]
kss
:=
ks
.
keyshareServers
[
managerID
]
transport
:=
ks
.
transports
[
managerID
]
pinmsg
:=
keysharePinMessage
{
Username
:
kss
.
Username
,
Pin
:
kss
.
HashedPin
(
pin
)}
pinresult
:=
&
keysharePinStatus
{}
...
...
@@ -285,7 +292,7 @@ func (ks *keyshareSession) GetCommitments() {
for
_
,
builder
:=
range
ks
.
builders
{
pk
:=
builder
.
PublicKey
()
managerID
:=
NewIssuerIdentifier
(
pk
.
Issuer
)
.
SchemeManagerIdentifier
()
if
!
ks
.
credManager
.
ConfigurationS
tore
.
SchemeManagers
[
managerID
]
.
Distributed
()
{
if
!
ks
.
s
tore
.
SchemeManagers
[
managerID
]
.
Distributed
()
{
continue
}
if
_
,
contains
:=
pkids
[
managerID
];
!
contains
{
...
...
@@ -297,7 +304,7 @@ func (ks *keyshareSession) GetCommitments() {
// Now inform each keyshare server of with respect to which public keys
// we want them to send us commitments
for
_
,
managerID
:=
range
ks
.
session
.
SchemeManagers
()
{
if
!
ks
.
credManager
.
ConfigurationS
tore
.
SchemeManagers
[
managerID
]
.
Distributed
()
{
if
!
ks
.
s
tore
.
SchemeManagers
[
managerID
]
.
Distributed
()
{
continue
}
...
...
@@ -401,7 +408,7 @@ func (ks *keyshareSession) finishDisclosureOrSigning(challenge *big.Int, respons
for
i
,
builder
:=
range
ks
.
builders
{
// Parse each received JWT
managerID
:=
NewIssuerIdentifier
(
builder
.
PublicKey
()
.
Issuer
)
.
SchemeManagerIdentifier
()
if
!
ks
.
credManager
.
ConfigurationS
tore
.
SchemeManagers
[
managerID
]
.
Distributed
()
{
if
!
ks
.
s
tore
.
SchemeManagers
[
managerID
]
.
Distributed
()
{
continue
}
msg
:=
struct
{
...
...
session.go
View file @
de9c0201
...
...
@@ -47,6 +47,9 @@ type session struct {
choice
*
DisclosureChoice
}
// We implement the handler for the keyshare protocol
var
_
keyshareSessionHandler
=
(
*
session
)(
nil
)
// Supported protocol versions. Minor version numbers should be reverse sorted.
var
supportedVersions
=
map
[
int
][]
int
{
2
:
{
2
,
1
},
...
...
@@ -225,7 +228,14 @@ func (session *session) do(proceed bool) {
session
.
fail
(
&
SessionError
{
ErrorType
:
ErrorCrypto
,
Err
:
err
})
}
startKeyshareSession
(
session
.
credManager
,
session
.
irmaSession
,
builders
,
session
,
session
.
Handler
)
startKeyshareSession
(
session
,
session
.
Handler
,
builders
,
session
.
irmaSession
,
session
.
credManager
.
ConfigurationStore
,
session
.
credManager
.
keyshareServers
,
)
}
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
