Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
I
irmago
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
IRMA
Github mirrors
irmago
Commits
df97b2ee
Commit
df97b2ee
authored
Jan 12, 2020
by
Sietse Ringers
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
test: nonrevocation proofs against newer accumulators are accepted
parent
e6029fdd
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
49 additions
and
12 deletions
+49
-12
internal/sessiontest/requestor_test.go
internal/sessiontest/requestor_test.go
+40
-9
irmaclient/revocation.go
irmaclient/revocation.go
+2
-2
irmaclient/session.go
irmaclient/session.go
+1
-1
revocation.go
revocation.go
+6
-0
No files found.
internal/sessiontest/requestor_test.go
View file @
df97b2ee
...
...
@@ -11,6 +11,7 @@ import (
"testing"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/revocation"
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/internal/test"
...
...
@@ -377,6 +378,9 @@ func revoke(t *testing.T, key string, conf *irma.RevocationStorage, cred irma.Cr
ValidUntil
:
time
.
Now
()
.
Add
(
1
*
time
.
Hour
)
.
UnixNano
(),
}))
require
.
NoError
(
t
,
conf
.
Revoke
(
cred
,
key
))
_
,
newacc
,
err
:=
conf
.
Accumulator
(
cred
,
2
)
require
.
NoError
(
t
,
err
)
*
acc
=
*
newacc
}
var
revocationIssuanceRequest
=
irma
.
NewIssuanceRequest
([]
*
irma
.
CredentialRequest
{{
...
...
@@ -387,7 +391,7 @@ var revocationIssuanceRequest = irma.NewIssuanceRequest([]*irma.CredentialReques
},
}})
func
TestRevocationO
utdated
Accumulator
(
t
*
testing
.
T
)
{
func
TestRevocationO
ther
Accumulator
(
t
*
testing
.
T
)
{
defer
test
.
ClearTestStorage
(
t
)
attr
:=
irma
.
NewAttributeTypeIdentifier
(
"irma-demo.MijnOverheid.root.BSN"
)
cred
:=
attr
.
CredentialTypeIdentifier
()
...
...
@@ -408,26 +412,53 @@ func TestRevocationOutdatedAccumulator(t *testing.T) {
request
:=
revocationRequest
()
.
(
*
irma
.
DisclosureRequest
)
require
.
NoError
(
t
,
revocationConfiguration
.
IrmaConfiguration
.
Revocation
.
SetRevocationUpdates
(
request
.
Base
()))
events
:=
request
.
RevocationUpdates
[
cred
][
2
]
.
Events
i
:=
events
[
len
(
events
)
-
1
]
.
Index
require
.
Equal
(
t
,
uint64
(
1
),
events
[
len
(
events
)
-
1
]
.
Index
)
// Construct disclosure proof with nonrevocation proof
// Construct disclosure proof with nonrevocation proof
against accumulator with index 1
candidates
,
missing
:=
client
.
CheckSatisfiability
(
request
.
Disclosure
()
.
Disclose
)
require
.
Empty
(
t
,
missing
)
disclosure
,
_
,
err
:=
client
.
Proofs
(
&
irma
.
DisclosureChoice
{
Attributes
:
[][]
*
irma
.
AttributeIdentifier
{
candidates
[
0
][
0
]}},
request
)
choice
:=
&
irma
.
DisclosureChoice
{
Attributes
:
[][]
*
irma
.
AttributeIdentifier
{
candidates
[
0
][
0
]}}
disclosure
,
_
,
err
:=
client
.
Proofs
(
choice
,
request
)
require
.
NoError
(
t
,
err
)
pacc
,
err
:=
disclosure
.
Proofs
[
0
]
.
(
*
gabi
.
ProofD
)
.
NonRevocationProof
.
SignedAccumulator
.
UnmarshalVerify
(
pk
)
require
.
NoError
(
t
,
err
)
require
.
Equal
(
t
,
uint64
(
1
),
pacc
.
Index
)
// Revoke a bogus credential and update the session request,
// indicated that we expect a nonrevocation proof wrt
the just-updated accumulator
revoke
(
t
,
"
1
"
,
conf
,
cred
,
acc
)
// Revoke a bogus credential
, advancing accumulator index to 2,
and update the session request,
// indicated that we expect a nonrevocation proof wrt
accumulator with index 2
revoke
(
t
,
"
2
"
,
conf
,
cred
,
acc
)
request
.
RevocationUpdates
=
nil
require
.
NoError
(
t
,
revocationConfiguration
.
IrmaConfiguration
.
Revocation
.
SetRevocationUpdates
(
request
.
Base
()))
require
.
NoError
(
t
,
conf
.
SetRevocationUpdates
(
request
.
Base
()))
events
=
request
.
RevocationUpdates
[
cred
][
2
]
.
Events
require
.
True
(
t
,
events
[
len
(
events
)
-
1
]
.
Index
>
i
)
require
.
Equal
(
t
,
uint64
(
2
),
events
[
len
(
events
)
-
1
]
.
Index
)
// Try to verify against updated session request
_
,
status
,
err
:=
disclosure
.
Verify
(
client
.
Configuration
,
request
)
require
.
Error
(
t
,
err
)
require
.
Equal
(
t
,
irma
.
ProofStatusInvalid
,
status
)
// Revoke another bogus credential, advancing index to 3, and make a new disclosure request
// requiring a nonrevocation proof against the accumulator with index 3
revoke
(
t
,
"3"
,
conf
,
cred
,
acc
)
newrequest
:=
revocationRequest
()
.
(
*
irma
.
DisclosureRequest
)
require
.
NoError
(
t
,
conf
.
SetRevocationUpdates
(
newrequest
.
Base
()))
events
=
newrequest
.
RevocationUpdates
[
cred
][
2
]
.
Events
require
.
Equal
(
t
,
uint64
(
3
),
events
[
len
(
events
)
-
1
]
.
Index
)
// Use newrequest to update client to index 3 and contruct a disclosure proof
require
.
NoError
(
t
,
client
.
NonrevPrepare
(
newrequest
))
disclosure
,
_
,
err
=
client
.
Proofs
(
choice
,
newrequest
)
require
.
NoError
(
t
,
err
)
pacc
,
err
=
disclosure
.
Proofs
[
0
]
.
(
*
gabi
.
ProofD
)
.
NonRevocationProof
.
SignedAccumulator
.
UnmarshalVerify
(
pk
)
require
.
NoError
(
t
,
err
)
require
.
Equal
(
t
,
uint64
(
3
),
pacc
.
Index
)
// Check that the nonrevocation proof which uses a newer accumulator than ours verifies
events
=
request
.
RevocationUpdates
[
cred
][
2
]
.
Events
require
.
Equal
(
t
,
uint64
(
2
),
events
[
len
(
events
)
-
1
]
.
Index
)
_
,
status
,
err
=
disclosure
.
Verify
(
client
.
Configuration
,
request
)
require
.
NoError
(
t
,
err
)
require
.
Equal
(
t
,
irma
.
ProofStatusValid
,
status
)
}
func
TestRevocationClientUpdate
(
t
*
testing
.
T
)
{
...
...
irmaclient/revocation.go
View file @
df97b2ee
...
...
@@ -71,10 +71,10 @@ func (client *Client) initRevocation() {
})
}
//
n
onrevPrepare updates the revocation state for each credential in the request
//
N
onrevPrepare updates the revocation state for each credential in the request
// requiring a nonrevocation proof, using the updates included in the request, or the remote
// revocation server if those do not suffice.
func
(
client
*
Client
)
n
onrevPrepare
(
request
irma
.
SessionRequest
)
error
{
func
(
client
*
Client
)
N
onrevPrepare
(
request
irma
.
SessionRequest
)
error
{
base
:=
request
.
Base
()
if
err
:=
base
.
RevocationConsistent
();
err
!=
nil
{
return
err
...
...
irmaclient/session.go
View file @
df97b2ee
...
...
@@ -313,7 +313,7 @@ func (session *session) processSessionInfo() {
// Prepare and update all revocation state asynchroniously while the user makes her choices
go
func
()
{
session
.
prepRevocation
<-
session
.
client
.
n
onrevPrepare
(
session
.
request
)
session
.
prepRevocation
<-
session
.
client
.
N
onrevPrepare
(
session
.
request
)
}()
// Ask for permission to execute the session
...
...
revocation.go
View file @
df97b2ee
...
...
@@ -368,6 +368,12 @@ func (rs *RevocationStorage) revokeAttr(tx revStorage, typ CredentialTypeIdentif
// Accumulator methods
func
(
rs
*
RevocationStorage
)
Accumulator
(
typ
CredentialTypeIdentifier
,
pkcounter
uint
)
(
*
revocation
.
SignedAccumulator
,
*
revocation
.
Accumulator
,
error
,
)
{
return
rs
.
accumulator
(
rs
.
db
,
typ
,
pkcounter
)
}
// accumulator retrieves, verifies and deserializes the accumulator of the given type and key.
func
(
rs
*
RevocationStorage
)
accumulator
(
tx
revStorage
,
typ
CredentialTypeIdentifier
,
pkcounter
uint
)
(
*
revocation
.
SignedAccumulator
,
*
revocation
.
Accumulator
,
error
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment