From 6b3cadaba5f28207f748cbdaa1b0e7950c017b07 Mon Sep 17 00:00:00 2001 From: Soumya Mohapatra Date: Sun, 7 Jun 2026 22:53:42 +0530 Subject: [PATCH 1/9] refactor: remove weak-bb package (dead code) The weak-bb (Weak Boneh-Boyen) package was only referenced in unreachable code paths. Both aries/revocation.go and dlog/crypto/revocation_authority.go called WbbKeyGen in an else branch that always returned an error ('the specified revocation algorithm is not supported'). The only supported algorithm is AlgNoRevocation, which never uses weak-bb. Changes: - Delete bccsp/schemes/weak-bb/ entirely - Remove dead else branch from aries RevocationAuthority.Sign() - Remove dead else branch from dlog createCRI() - Remove weak-bb test section from dlog idemix_test.go Signed-off-by: Soumya Mohapatra --- bccsp/schemes/aries/revocation.go | 21 +++----- bccsp/schemes/dlog/crypto/idemix_test.go | 15 +----- .../dlog/crypto/revocation_authority.go | 5 +- bccsp/schemes/weak-bb/weak-bb.go | 53 ------------------- 4 files changed, 8 insertions(+), 86 deletions(-) delete mode 100644 bccsp/schemes/weak-bb/weak-bb.go diff --git a/bccsp/schemes/aries/revocation.go b/bccsp/schemes/aries/revocation.go index 053de7ad..c026b90d 100644 --- a/bccsp/schemes/aries/revocation.go +++ b/bccsp/schemes/aries/revocation.go @@ -16,7 +16,6 @@ import ( "io" "math/big" - weakbb "github.com/IBM/idemix/bccsp/schemes/weak-bb" "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" "github.com/golang/protobuf/proto" @@ -50,18 +49,14 @@ func (r *RevocationAuthority) Sign(key *ecdsa.PrivateKey, _ [][]byte, epoch int, return nil, errors.Errorf("CreateCRI received nil input") } + if alg != types.AlgNoRevocation { + return nil, errors.Errorf("the specified revocation algorithm is not supported.") + } + cri := &CredentialRevocationInformation{} cri.RevocationAlg = int32(alg) cri.Epoch = int64(epoch) - - if alg == types.AlgNoRevocation { - // put a dummy PK in the proto - cri.EpochPk = r.Curve.GenG2.Bytes() - } else { - // create epoch key - _, epochPk := weakbb.WbbKeyGen(r.Curve, r.Rng) - cri.EpochPk = epochPk.Bytes() - } + cri.EpochPk = r.Curve.GenG2.Bytes() // sign epoch + epoch key with long term key bytesToSign, err := proto.Marshal(cri) @@ -76,11 +71,7 @@ func (r *RevocationAuthority) Sign(key *ecdsa.PrivateKey, _ [][]byte, epoch int, return nil, err } - if alg == types.AlgNoRevocation { - return proto.Marshal(cri) - } else { - return nil, errors.Errorf("the specified revocation algorithm is not supported.") - } + return proto.Marshal(cri) } // Verify verifies that the revocation PK for a certain epoch is valid, diff --git a/bccsp/schemes/dlog/crypto/idemix_test.go b/bccsp/schemes/dlog/crypto/idemix_test.go index fdc4a37c..a4a72e9b 100644 --- a/bccsp/schemes/dlog/crypto/idemix_test.go +++ b/bccsp/schemes/dlog/crypto/idemix_test.go @@ -15,7 +15,6 @@ import ( "github.com/stretchr/testify/require" "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" - weakbb "github.com/IBM/idemix/bccsp/schemes/weak-bb" opts "github.com/IBM/idemix/bccsp/types" ) @@ -73,20 +72,8 @@ func testIdemix(t *testing.T, curve *math.Curve, tr Translator) { idmx := &Idemix{ Curve: curve, } - // Test weak BB sigs: - // Test KeyGen - rng, err := curve.Rand() - require.NoError(t, err) - wbbsk, wbbpk := weakbb.WbbKeyGen(curve, rng) - // Get random message - testmsg := curve.NewRandomZr(rng) - - // Test Signing - wbbsig := weakbb.WbbSign(curve, wbbsk, testmsg) - - // Test Verification - err = weakbb.WbbVerify(curve, wbbpk, wbbsig, testmsg) + rng, err := curve.Rand() require.NoError(t, err) // Test idemix functionality diff --git a/bccsp/schemes/dlog/crypto/revocation_authority.go b/bccsp/schemes/dlog/crypto/revocation_authority.go index 2b8572ca..e4c21bbc 100644 --- a/bccsp/schemes/dlog/crypto/revocation_authority.go +++ b/bccsp/schemes/dlog/crypto/revocation_authority.go @@ -16,7 +16,6 @@ import ( "math/big" amcl "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" - weakbb "github.com/IBM/idemix/bccsp/schemes/weak-bb" math "github.com/IBM/mathlib" "github.com/golang/protobuf/proto" "github.com/pkg/errors" @@ -75,9 +74,7 @@ func createCRI(key *ecdsa.PrivateKey, unrevokedHandles []*math.Zr, epoch int, al // put a dummy PK in the proto cri.EpochPk = t.G2ToProto(curve.GenG2) } else { - // create epoch key - _, epochPk := weakbb.WbbKeyGen(curve, rng) - cri.EpochPk = t.G2ToProto(epochPk) + return nil, errors.Errorf("the specified revocation algorithm is not supported.") } // sign epoch + epoch key with long term key diff --git a/bccsp/schemes/weak-bb/weak-bb.go b/bccsp/schemes/weak-bb/weak-bb.go deleted file mode 100644 index 6c4793c2..00000000 --- a/bccsp/schemes/weak-bb/weak-bb.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -// Deprecated: Package weakbb implements Weak Boneh-Boyen signatures for epoch-based -// revocation. The dlog scheme's usage of this package will be removed in Phase 6. -// The aries scheme will continue to use it. -package weakbb - -import ( - "io" - - math "github.com/IBM/mathlib" - "github.com/pkg/errors" -) - -// WbbKeyGen creates a fresh weak-Boneh-Boyen signature key pair (http://ia.cr/2004/171) -func WbbKeyGen(curve *math.Curve, rng io.Reader) (*math.Zr, *math.G2) { - // sample sk uniform from Zq - sk := curve.NewRandomZr(rng) - // set pk = g2^sk - pk := curve.GenG2.Mul(sk) - return sk, pk -} - -// WbbSign places a weak Boneh-Boyen signature on message m using secret key sk -func WbbSign(curve *math.Curve, sk *math.Zr, m *math.Zr) *math.G1 { - // compute exp = 1/(m + sk) mod q - exp := curve.ModAdd(sk, m, curve.GroupOrder) - exp.InvModP(curve.GroupOrder) - - // return signature sig = g1^(1/(m + sk)) - return curve.GenG1.Mul(exp) -} - -// WbbVerify verifies a weak Boneh-Boyen signature sig on message m with public key pk -func WbbVerify(curve *math.Curve, pk *math.G2, sig *math.G1, m *math.Zr) error { - if pk == nil || sig == nil || m == nil { - return errors.Errorf("Weak-BB signature invalid: received nil input") - } - // Set P = pk * g2^m - P := curve.NewG2() - P.Clone(pk) - P.Add(curve.GenG2.Mul(m)) - P.Affine() - // check that e(sig, pk * g2^m) = e(g1, g2) - if !curve.FExp(curve.Pairing(P, sig)).Equals(curve.GenGt) { - return errors.Errorf("Weak-BB signature is invalid") - } - return nil -} From 41132c927b585a57fba2bd095871a08908c5c7da Mon Sep 17 00:00:00 2001 From: Soumya Mohapatra Date: Sun, 7 Jun 2026 23:04:14 +0530 Subject: [PATCH 2/9] refactor: remove Translator dependency from handlers and keystore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace the dlog Translator interface (G1ToProto/G1FromProto) with direct G1.Bytes()/curve.NewG1FromBytes() calls. The Translator was a trivial indirection — Gurvy's G1ToProto just splits G1.Bytes() into X and Y halves, and G1FromProto concatenates them back. - handlers/nym.go: NymSecretKey, nymPublicKey, NymKeyDerivation, NymPublicKeyImporter, NymKeyImporter now use *math.Curve instead of idemix.Translator - keystore/kvsbased.go: Store nym PK as raw []byte instead of *amcl.ECP proto; remove dlog/amcl imports Signed-off-by: Soumya Mohapatra --- bccsp/handlers/nym.go | 39 ++++++++++++++------------------------ bccsp/keystore/kvsbased.go | 13 +++++-------- 2 files changed, 19 insertions(+), 33 deletions(-) diff --git a/bccsp/handlers/nym.go b/bccsp/handlers/nym.go index dcc31a1f..d5d30a82 100644 --- a/bccsp/handlers/nym.go +++ b/bccsp/handlers/nym.go @@ -8,7 +8,6 @@ package handlers import ( "crypto/sha256" - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" "github.com/IBM/idemix/bccsp/types" bccsp "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" @@ -26,7 +25,7 @@ type NymSecretKey struct { // Exportable if true, sk can be exported via the Bytes function Exportable bool - Translator idemix.Translator + Curve *math.Curve } func computeSKI(serialise func() []byte) []byte { @@ -38,9 +37,9 @@ func computeSKI(serialise func() []byte) []byte { } -func NewNymSecretKey(sk *math.Zr, pk *math.G1, translator idemix.Translator, exportable bool) (*NymSecretKey, error) { +func NewNymSecretKey(sk *math.Zr, pk *math.G1, curve *math.Curve, exportable bool) (*NymSecretKey, error) { ski := computeSKI(sk.Bytes) - return &NymSecretKey{Ski: ski, Sk: sk, Pk: pk, Exportable: exportable, Translator: translator}, nil + return &NymSecretKey{Ski: ski, Sk: sk, Pk: pk, Exportable: exportable, Curve: curve}, nil } func (k *NymSecretKey) Bytes() ([]byte, error) { @@ -67,7 +66,7 @@ func (*NymSecretKey) Private() bool { func (k *NymSecretKey) PublicKey() (bccsp.Key, error) { ski := computeSKI(k.Pk.Bytes) - return &nymPublicKey{ski: ski, pk: k.Pk, translator: k.Translator}, nil + return &nymPublicKey{ski: ski, pk: k.Pk}, nil } type nymPublicKey struct { @@ -75,17 +74,14 @@ type nymPublicKey struct { ski []byte // pk is the idemix reference to the nym public part pk *math.G1 - - translator idemix.Translator } -func NewNymPublicKey(pk *math.G1, translator idemix.Translator) *nymPublicKey { - return &nymPublicKey{pk: pk, translator: translator} +func NewNymPublicKey(pk *math.G1) *nymPublicKey { + return &nymPublicKey{pk: pk} } func (k *nymPublicKey) Bytes() ([]byte, error) { - ecp := k.translator.G1ToProto(k.pk) - return append(ecp.X, ecp.Y...), nil + return k.pk.Bytes(), nil } func (k *nymPublicKey) SKI() []byte { @@ -112,7 +108,7 @@ type NymKeyDerivation struct { // User implements the underlying cryptographic algorithms User types.User - Translator idemix.Translator + Curve *math.Curve } func (kd *NymKeyDerivation) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error) { @@ -137,15 +133,13 @@ func (kd *NymKeyDerivation) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk b return nil, err } - return NewNymSecretKey(RandNym, Nym, kd.Translator, kd.Exportable) + return NewNymSecretKey(RandNym, Nym, kd.Curve, kd.Exportable) } // NymPublicKeyImporter imports nym public keys type NymPublicKeyImporter struct { // User implements the underlying cryptographic algorithms User types.User - - Translator idemix.Translator } func (i *NymPublicKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error) { @@ -162,28 +156,23 @@ func (i *NymPublicKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOp if err != nil { // A Nym public key is just a group element. There are 2 main ways of serialising // an uncompressed point: either the two coordinates, or the prefix `0x04` and the - // two coordinates. Typically these serialisation issues are handled with a - // `translator` object which gets bytes, understands the serialisation and produces - // a group element. This code does not have that, however. As a consequence, we - // handle the issue by prefixing the `0x04` byte and re-attempting deserialisation - // in case it first failed. Issue https://github.com/IBM/idemix/issues/42 has - // been created to fix this properly by adding the translator. + // two coordinates. Handle both formats by retrying with the prefix. pk, err = i.User.NewPublicNymFromBytes(append([]byte{04}, bytes...)) if err != nil { return nil, err } } - return &nymPublicKey{pk: pk, translator: i.Translator}, nil + return &nymPublicKey{pk: pk}, nil } -// NymKeyImporter imports nym public keys +// NymKeyImporter imports nym secret keys type NymKeyImporter struct { Exportable bool // User implements the underlying cryptographic algorithms User types.User - Translator idemix.Translator + Curve *math.Curve } func (i *NymKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error) { @@ -201,5 +190,5 @@ func (i *NymKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k return nil, err } - return NewNymSecretKey(sk, pk, i.Translator, i.Exportable) + return NewNymSecretKey(sk, pk, i.Curve, i.Exportable) } diff --git a/bccsp/keystore/kvsbased.go b/bccsp/keystore/kvsbased.go index f15eff41..8de0e643 100644 --- a/bccsp/keystore/kvsbased.go +++ b/bccsp/keystore/kvsbased.go @@ -10,8 +10,6 @@ import ( "encoding/hex" "github.com/IBM/idemix/bccsp/handlers" - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" bccsp "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" "github.com/pkg/errors" @@ -25,7 +23,7 @@ type KVS interface { type NymSecretKey struct { Ski []byte Sk []byte - Pk *amcl.ECP + Pk []byte Exportable bool } @@ -42,8 +40,7 @@ type entry struct { // KVSStore is a read-only KeyStore that neither loads nor stores keys. type KVSStore struct { KVS - Translator idemix.Translator - Curve *math.Curve + Curve *math.Curve } // ReadOnly returns true if this KeyStore is read only, false otherwise. @@ -64,7 +61,7 @@ func (ks *KVSStore) GetKey(ski []byte) (bccsp.Key, error) { switch { case entry.NymSecretKey != nil: - pk, err := ks.Translator.G1FromProto(entry.NymSecretKey.Pk) + pk, err := ks.Curve.NewG1FromBytes(entry.NymSecretKey.Pk) if err != nil { return nil, err } @@ -74,7 +71,7 @@ func (ks *KVSStore) GetKey(ski []byte) (bccsp.Key, error) { Sk: ks.Curve.NewZrFromBytes(entry.NymSecretKey.Sk), Ski: entry.NymSecretKey.Ski, Pk: pk, - Translator: ks.Translator, + Curve: ks.Curve, }, nil case entry.UserSecretKey != nil: return &handlers.UserSecretKey{ @@ -97,7 +94,7 @@ func (ks *KVSStore) StoreKey(k bccsp.Key) error { entry.NymSecretKey = &NymSecretKey{ Ski: key.Ski, Sk: key.Sk.Bytes(), - Pk: ks.Translator.G1ToProto(key.Pk), + Pk: key.Pk.Bytes(), Exportable: key.Exportable, } From d51070dff1c8f24faa72d5fa91e9e22955610946 Mon Sep 17 00:00:00 2001 From: Soumya Mohapatra Date: Sun, 7 Jun 2026 23:04:35 +0530 Subject: [PATCH 3/9] refactor: remove legacy factory, simplify NewAries and CLI - bccsp/bccsp.go: Delete the legacy New() factory function entirely. Simplify NewAries() to no longer take a Translator parameter. - msp/idemixmsp.go: NewIdemixMsp() now uses Aries (BBS+) directly instead of the legacy dlog scheme. NewIdemixMspAries() unchanged. Remove amcl import. - tools/idemixgen/main.go: Remove all legacy curve options, the --aries flag (always Aries now), the Translator interface, and the dlog Idemix struct usage. Aries-only with BLS12_381_BBS. - tools/idemixgen/idemixca/idemixca.go: Delete (legacy-only). The Aries variant (iedmixca_aries.go) remains. Signed-off-by: Soumya Mohapatra --- bccsp/bccsp.go | 170 +-------------------------- msp/idemixmsp.go | 11 +- tools/idemixgen/idemixca/idemixca.go | 118 ------------------- tools/idemixgen/main.go | 108 +++-------------- 4 files changed, 26 insertions(+), 381 deletions(-) delete mode 100644 tools/idemixgen/idemixca/idemixca.go diff --git a/bccsp/bccsp.go b/bccsp/bccsp.go index 48a47b92..c6b2f9e7 100644 --- a/bccsp/bccsp.go +++ b/bccsp/bccsp.go @@ -11,8 +11,6 @@ import ( "github.com/IBM/idemix/bbs" "github.com/IBM/idemix/bccsp/handlers" "github.com/IBM/idemix/bccsp/schemes/aries" - "github.com/IBM/idemix/bccsp/schemes/dlog/bridge" - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" bccsp "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" "github.com/pkg/errors" @@ -22,162 +20,7 @@ type csp struct { *CSP } -func New(keyStore bccsp.KeyStore, curve *math.Curve, translator idemix.Translator, exportable bool) (*csp, error) { - base, err := NewImpl(keyStore) - if err != nil { - return nil, errors.Wrap(err, "failed instantiating base bccsp") - } - - csp := &csp{CSP: base} - - idmx := &idemix.Idemix{ - Curve: curve, - Translator: translator, - } - - // key generators - base.AddWrapper(reflect.TypeOf(&bccsp.IdemixIssuerKeyGenOpts{}), - &handlers.IssuerKeyGen{ - Exportable: exportable, - Issuer: &bridge.Issuer{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeOf(&bccsp.IdemixUserSecretKeyGenOpts{}), - &handlers.UserKeyGen{ - Exportable: exportable, - User: &bridge.User{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeOf(&bccsp.IdemixRevocationKeyGenOpts{}), - &handlers.RevocationKeyGen{ - Exportable: exportable, - Revocation: &bridge.Revocation{ - Idemix: idmx, Translator: translator, - }, - }) - - // key derivers - base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), - &handlers.NymKeyDerivation{ - Exportable: exportable, - Translator: translator, - User: &bridge.User{ - Idemix: idmx, Translator: translator, - }, - }) - - // signers - base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), - &userSecreKeySignerMultiplexer{ - signer: &handlers.Signer{ - SignatureScheme: &bridge.SignatureScheme{ - Idemix: idmx, Translator: translator, - }}, - nymSigner: &handlers.NymSigner{ - NymSignatureScheme: &bridge.NymSignatureScheme{ - Idemix: idmx, Translator: translator, - }}, - credentialRequestSigner: &handlers.CredentialRequestSigner{ - CredRequest: &bridge.CredRequest{ - Idemix: idmx, Translator: translator, - }}, - }) - base.AddWrapper(reflect.TypeOf(handlers.NewIssuerSecretKey(nil, true)), - &handlers.CredentialSigner{ - Credential: &bridge.Credential{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeOf(handlers.NewRevocationSecretKey(nil, true)), - &handlers.CriSigner{ - Revocation: &bridge.Revocation{ - Idemix: idmx, Translator: translator, - }, - }) - - // verifiers - base.AddWrapper(reflect.TypeOf(handlers.NewIssuerPublicKey(nil)), - &issuerPublicKeyVerifierMultiplexer{ - verifier: &handlers.Verifier{ - SignatureScheme: &bridge.SignatureScheme{ - Idemix: idmx, Translator: translator, - }}, - credentialRequestVerifier: &handlers.CredentialRequestVerifier{ - CredRequest: &bridge.CredRequest{ - Idemix: idmx, Translator: translator, - }}, - }) - base.AddWrapper(reflect.TypeOf(handlers.NewNymPublicKey(nil, translator)), - &handlers.NymVerifier{ - NymSignatureScheme: &bridge.NymSignatureScheme{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), - &handlers.CredentialVerifier{ - Credential: &bridge.Credential{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeOf(handlers.NewRevocationPublicKey(nil)), - &handlers.CriVerifier{ - Revocation: &bridge.Revocation{ - Idemix: idmx, Translator: translator, - }, - }) - - // importers - base.AddWrapper(reflect.TypeOf(&bccsp.IdemixUserSecretKeyImportOpts{}), - &handlers.UserKeyImporter{ - Exportable: exportable, - User: &bridge.User{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeOf(&bccsp.IdemixIssuerPublicKeyImportOpts{}), - &handlers.IssuerPublicKeyImporter{ - Issuer: &bridge.Issuer{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeOf(&bccsp.IdemixIssuerKeyImportOpts{}), - &handlers.IssuerKeyImporter{ - Exportable: exportable, - Issuer: &bridge.Issuer{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeOf(&bccsp.IdemixNymPublicKeyImportOpts{}), - &handlers.NymPublicKeyImporter{ - User: &bridge.User{ - Idemix: idmx, Translator: translator, - }, - Translator: translator, - }) - base.AddWrapper(reflect.TypeOf(&bccsp.IdemixNymKeyImportOpts{}), - &handlers.NymKeyImporter{ - Exportable: exportable, - User: &bridge.User{ - Idemix: idmx, Translator: translator, - }, - Translator: translator, - }) - base.AddWrapper(reflect.TypeOf(&bccsp.IdemixRevocationPublicKeyImportOpts{}), - &handlers.RevocationPublicKeyImporter{}) - base.AddWrapper(reflect.TypeOf(&bccsp.IdemixRevocationKeyImportOpts{}), - &handlers.RevocationKeyImporter{ - Exportable: exportable, - Revocation: &bridge.Revocation{ - Idemix: idmx, Translator: translator, - }, - }) - - return csp, nil -} - -func NewAries(keyStore bccsp.KeyStore, curve *math.Curve, _translator idemix.Translator, exportable bool) (*csp, error) { +func NewAries(keyStore bccsp.KeyStore, curve *math.Curve, exportable bool) (*csp, error) { base, err := NewImpl(keyStore) if err != nil { return nil, errors.Wrap(err, "failed instantiating base bccsp") @@ -219,7 +62,7 @@ func NewAries(keyStore bccsp.KeyStore, curve *math.Curve, _translator idemix.Tra base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), &handlers.NymKeyDerivation{ Exportable: exportable, - Translator: _translator, + Curve: curve, User: &aries.User{ Curve: curve, Rng: rng, @@ -246,7 +89,7 @@ func NewAries(keyStore bccsp.KeyStore, curve *math.Curve, _translator idemix.Tra CredRequest: &aries.CredRequest{ Curve: curve, }}, - credentialRequestSigner: nil, // aries does not implement this approach + credentialRequestSigner: nil, }) base.AddWrapper(reflect.TypeOf(handlers.NewIssuerSecretKey(nil, true)), &handlers.CredentialSigner{ @@ -275,9 +118,9 @@ func NewAries(keyStore bccsp.KeyStore, curve *math.Curve, _translator idemix.Tra CredRequest: &aries.CredRequest{ Curve: curve, }}, - credentialRequestVerifier: nil, // aries does not implement this type of issuance + credentialRequestVerifier: nil, }) - base.AddWrapper(reflect.TypeOf(handlers.NewNymPublicKey(nil, _translator)), + base.AddWrapper(reflect.TypeOf(handlers.NewNymPublicKey(nil)), &handlers.NymVerifier{ SmartcardNymSignatureScheme: &aries.SmartcardIdemixBackend{ Curve: curve, @@ -330,7 +173,6 @@ func NewAries(keyStore bccsp.KeyStore, curve *math.Curve, _translator idemix.Tra Curve: curve, Rng: rng, }, - Translator: _translator, }) base.AddWrapper(reflect.TypeOf(&bccsp.IdemixNymKeyImportOpts{}), &handlers.NymKeyImporter{ @@ -339,7 +181,7 @@ func NewAries(keyStore bccsp.KeyStore, curve *math.Curve, _translator idemix.Tra Curve: curve, Rng: rng, }, - Translator: _translator, + Curve: curve, }) base.AddWrapper(reflect.TypeOf(&bccsp.IdemixRevocationPublicKeyImportOpts{}), &handlers.RevocationPublicKeyImporter{}) diff --git a/msp/idemixmsp.go b/msp/idemixmsp.go index bd791289..47fb11a6 100644 --- a/msp/idemixmsp.go +++ b/msp/idemixmsp.go @@ -16,7 +16,6 @@ import ( idemix "github.com/IBM/idemix/bccsp" "github.com/IBM/idemix/bccsp/keystore" - "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" bccsp "github.com/IBM/idemix/bccsp/types" "github.com/IBM/idemix/common/flogging" im "github.com/IBM/idemix/msp/config" @@ -81,12 +80,12 @@ type Idemixmsp struct { var mspLogger = flogging.MustGetLogger("idemix") var mspIdentityLogger = flogging.MustGetLogger("idemix.identity") -// NewIdemixMsp creates a new instance of idemixmsp +// NewIdemixMsp creates a new instance of idemixmsp using the Aries (BBS+) scheme func NewIdemixMsp(version MSPVersion) (MSP, error) { mspLogger.Debugf("Creating Idemix-based MSP instance") - curve := math.Curves[math.FP256BN_AMCL] - csp, err := idemix.New(&keystore.Dummy{}, curve, &amcl.Fp256bn{C: curve}, true) + curve := math.Curves[math.BLS12_381_BBS] + csp, err := idemix.NewAries(&keystore.Dummy{}, curve, true) if err != nil { panic(fmt.Sprintf("unexpected condition, error received [%s]", err)) } @@ -96,12 +95,12 @@ func NewIdemixMsp(version MSPVersion) (MSP, error) { return &msp, nil } -// NewIdemixMspAries creates a new instance of idemixmsp +// NewIdemixMspAries creates a new instance of idemixmsp using the Aries (BBS+) scheme func NewIdemixMspAries(version MSPVersion) (MSP, error) { mspLogger.Debugf("Creating Idemix-based MSP instance") curve := math.Curves[math.BLS12_381_BBS] - csp, err := idemix.NewAries(&keystore.Dummy{}, curve, &amcl.Gurvy{C: curve}, true) + csp, err := idemix.NewAries(&keystore.Dummy{}, curve, true) if err != nil { panic(fmt.Sprintf("unexpected condition, error received [%s]", err)) } diff --git a/tools/idemixgen/idemixca/idemixca.go b/tools/idemixgen/idemixca/idemixca.go deleted file mode 100644 index 56d56c01..00000000 --- a/tools/idemixgen/idemixca/idemixca.go +++ /dev/null @@ -1,118 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemixca - -import ( - "crypto/ecdsa" - - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - imsp "github.com/IBM/idemix/msp" - im "github.com/IBM/idemix/msp/config" - math "github.com/IBM/mathlib" - "github.com/golang/protobuf/proto" - "github.com/pkg/errors" -) - -// GenerateIssuerKey invokes Idemix library to generate an issuer (CA) signing key pair. -// Currently four attributes are supported by the issuer: -// AttributeNameOU is the organization unit name -// AttributeNameRole is the role (member or admin) name -// AttributeNameEnrollmentId is the enrollment id -// AttributeNameRevocationHandle contains the revocation handle, which can be used to revoke this user -// Generated keys are serialized to bytes. -func GenerateIssuerKey(idmx *idemix.Idemix, tr idemix.Translator) ([]byte, []byte, error) { - rng, err := idmx.Curve.Rand() - if err != nil { - return nil, nil, err - } - AttributeNames := []string{imsp.AttributeNameOU, imsp.AttributeNameRole, imsp.AttributeNameEnrollmentId, imsp.AttributeNameRevocationHandle} - key, err := idmx.NewIssuerKey(AttributeNames, rng, tr) - if err != nil { - return nil, nil, errors.WithMessage(err, "cannot generate CA key") - } - ipkSerialized, err := proto.Marshal(key.Ipk) - - return key.Isk, ipkSerialized, err -} - -// GenerateSignerConfig creates a new signer config. -// It generates a fresh user secret and issues a credential -// with four attributes (described above) using the CA's key pair. -func GenerateSignerConfig( - roleMask int, - ouString string, - enrollmentId, - revocationHandle string, - iskBytes, ipkBytes []byte, - revKey *ecdsa.PrivateKey, - idmx *idemix.Idemix, - tr idemix.Translator, -) ([]byte, error) { - attrs := make([]*math.Zr, 4) - - if ouString == "" { - return nil, errors.Errorf("the OU attribute value is empty") - } - - if enrollmentId == "" { - return nil, errors.Errorf("the enrollment id value is empty") - } - - attrs[imsp.AttributeIndexOU] = idmx.Curve.HashToZr([]byte(ouString)) - attrs[imsp.AttributeIndexRole] = idmx.Curve.NewZrFromInt(int64(roleMask)) - attrs[imsp.AttributeIndexEnrollmentId] = idmx.Curve.HashToZr([]byte(enrollmentId)) - attrs[imsp.AttributeIndexRevocationHandle] = idmx.Curve.HashToZr([]byte(revocationHandle)) - - ipk := &idemix.IssuerPublicKey{} - err := proto.Unmarshal(ipkBytes, ipk) - if err != nil { - return nil, errors.WithMessage(err, "Error unmarshalling ipk") - } - key := &idemix.IssuerKey{Isk: iskBytes, Ipk: ipk} - - rng, err := idmx.Curve.Rand() - if err != nil { - return nil, errors.WithMessage(err, "Error getting PRNG") - } - sk := idmx.Curve.NewRandomZr(rng) - ni := idmx.Curve.NewRandomZr(rng).Bytes() - msg, err := idmx.NewCredRequest(sk, ni, key.Ipk, rng, tr) - if err != nil { - return nil, errors.WithMessage(err, "failed to generate a credential request") - } - cred, err := idmx.NewCredential(key, msg, attrs, rng, tr) - if err != nil { - return nil, errors.WithMessage(err, "failed to generate a credential") - } - - credBytes, err := proto.Marshal(cred) - if err != nil { - return nil, errors.WithMessage(err, "failed to marshal credential") - } - - // NOTE currently, idemixca creates CRI's with "ALG_NO_REVOCATION" - cri, err := idmx.CreateCRI(revKey, []*math.Zr{idmx.Curve.HashToZr([]byte(revocationHandle))}, 0, idemix.ALG_NO_REVOCATION, rng, tr) - if err != nil { - return nil, err - } - criBytes, err := proto.Marshal(cri) - if err != nil { - return nil, errors.WithMessage(err, "failed to marshal CRI") - } - - signer := &im.IdemixMSPSignerConfig{ - Cred: credBytes, - Sk: sk.Bytes(), - OrganizationalUnitIdentifier: ouString, - Role: int32(roleMask), - EnrollmentId: enrollmentId, - RevocationHandle: revocationHandle, - CredentialRevocationInformation: criBytes, - } - - return proto.Marshal(signer) -} diff --git a/tools/idemixgen/main.go b/tools/idemixgen/main.go index 896c40a8..2d20e760 100644 --- a/tools/idemixgen/main.go +++ b/tools/idemixgen/main.go @@ -7,12 +7,14 @@ SPDX-License-Identifier: Apache-2.0 package main // idemixgen is a command line tool that generates the CA's keys and -// generates MSP configs for siging and for verification +// generates MSP configs for signing and for verification // This tool can be used to setup the peers and CA to support // the Identity Mixer MSP import ( "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" "crypto/x509" "encoding/pem" "fmt" @@ -24,8 +26,6 @@ import ( "github.com/alecthomas/kingpin/v2" "github.com/pkg/errors" - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" imsp "github.com/IBM/idemix/msp" "github.com/IBM/idemix/tools/idemixgen/idemixca" "github.com/IBM/idemix/tools/idemixgen/metadata" @@ -36,14 +36,7 @@ const ( IdemixConfigIssuerSecretKey = "IssuerSecretKey" IdemixConfigRevocationKey = "RevocationKey" - FP256BN_AMCL = "FP256BN_AMCL" - BN254 = "BN254" - FP256BN_AMCL_MIRACL = "FP256BN_AMCL_MIRACL" - BLS12_377_GURVY = "BLS12_377_GURVY" - BLS12_381_GURVY = "BLS12_381_GURVY" - BLS12_381 = "BLS12_381" - BLS12_381_BBS = "BLS12_381_BBS" - BLS12_381_BBS_GURVY = "BLS12_381_BBS_GURVY" + BLS12_381_BBS = "BLS12_381_BBS" ) // command line flags @@ -51,16 +44,6 @@ var ( app = kingpin.New("idemixgen", "Utility for generating key material to be used with the Identity Mixer MSP in Hyperledger Fabric") outputDir = app.Flag("output", "The output directory in which to place artifacts").Default("idemix-config").String() - curveID = app.Flag("curve", "The curve to use to generate the crypto material").Short('c').Default(FP256BN_AMCL). - Enum(FP256BN_AMCL, - BN254, - FP256BN_AMCL_MIRACL, - BLS12_377_GURVY, - BLS12_381_GURVY, - BLS12_381, - BLS12_381_BBS, - BLS12_381_BBS_GURVY) - useAries = app.Flag("aries", "Use the aries-backed implementation").Bool() genIssuerKey = app.Command("ca-keygen", "Generate CA key material") genSignerConfig = app.Command("signerconfig", "Generate a default signer for this Idemix MSP") @@ -73,73 +56,24 @@ var ( version = app.Command("version", "Show version information") ) -type Translator interface { - G1ToProto(*math.G1) *amcl.ECP - G1FromProto(*amcl.ECP) (*math.G1, error) - G1FromRawBytes([]byte) (*math.G1, error) - G2ToProto(*math.G2) *amcl.ECP2 - G2FromProto(*amcl.ECP2) (*math.G2, error) -} - func main() { app.HelpFlag.Short('h') command := kingpin.MustParse(app.Parse(os.Args[1:])) - var curve *math.Curve - var tr Translator - switch *curveID { - case FP256BN_AMCL: - curve = math.Curves[math.FP256BN_AMCL] - tr = &amcl.Fp256bn{C: curve} - case BN254: - curve = math.Curves[math.BN254] - tr = &amcl.Gurvy{C: curve} - case FP256BN_AMCL_MIRACL: - curve = math.Curves[math.FP256BN_AMCL_MIRACL] - tr = &amcl.Fp256bnMiracl{C: curve} - case BLS12_377_GURVY: - curve = math.Curves[math.BLS12_377_GURVY] - tr = &amcl.Gurvy{C: curve} - case BLS12_381_GURVY: - curve = math.Curves[math.BLS12_381_GURVY] - tr = &amcl.Gurvy{C: curve} - case BLS12_381: - curve = math.Curves[math.BLS12_381] - tr = &amcl.Gurvy{C: curve} - case BLS12_381_BBS: - curve = math.Curves[math.BLS12_381_BBS] - tr = &amcl.Gurvy{C: curve} - case BLS12_381_BBS_GURVY: - curve = math.Curves[math.BLS12_381_BBS_GURVY] - tr = &amcl.Gurvy{C: curve} - default: - handleError(fmt.Errorf("invalid curve [%s]", *curveID)) - } - - idmx := &idemix.Idemix{ - Curve: curve, - } + curve := math.Curves[math.BLS12_381_BBS] switch command { case genIssuerKey.FullCommand(): - var isk, ipk []byte - var err error - - if *useAries { - isk, ipk, err = idemixca.GenerateIssuerKeyAries(curve) - } else { - isk, ipk, err = idemixca.GenerateIssuerKey(idmx, tr) - } + isk, ipk, err := idemixca.GenerateIssuerKeyAries(curve) handleError(err) - revocationKey, err := idmx.GenerateLongTermRevocationKey() + revocationKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) handleError(err) encodedRevocationSK, err := x509.MarshalECPrivateKey(revocationKey) handleError(err) pemEncodedRevocationSK := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: encodedRevocationSK}) - handleError(err) encodedRevocationPK, err := x509.MarshalPKIXPublicKey(revocationKey.Public()) handleError(err) pemEncodedRevocationPK := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: encodedRevocationPK}) @@ -174,26 +108,14 @@ func main() { rsk := readRevocationKey() rpk := readRevocationPublicKey() - var config []byte - var err error - if *useAries { - config, err = idemixca.GenerateSignerConfigAries( - roleMask, - *genCredOU, - *genCredEnrollmentId, - *genCredRevocationHandle, - iskBytes, ipkBytes, rsk, - curve, - ) - } else { - config, err = idemixca.GenerateSignerConfig( - roleMask, - *genCredOU, - *genCredEnrollmentId, - *genCredRevocationHandle, - iskBytes, ipkBytes, rsk, idmx, tr, - ) - } + config, err := idemixca.GenerateSignerConfigAries( + roleMask, + *genCredOU, + *genCredEnrollmentId, + *genCredRevocationHandle, + iskBytes, ipkBytes, rsk, + curve, + ) handleError(err) path := filepath.Join(*outputDir, imsp.IdemixConfigDirUser) From 3d8c062dd0348f03bcbd8d241a3abb02d9d4bbe3 Mon Sep 17 00:00:00 2001 From: Soumya Mohapatra Date: Sun, 7 Jun 2026 23:04:51 +0530 Subject: [PATCH 4/9] refactor: delete dlog scheme and legacy tests Delete the entire bccsp/schemes/dlog/ directory: - bridge/ (adapter from handlers to dlog crypto) - crypto/ (core CL-signature implementation + protobuf) - crypto/translator/amcl/ (point serialization + proto types) Delete legacy integration tests: - bccsp/bccsp_test.go (tested the legacy New() factory) - bccsp/legacy_test.go (legacy-specific test scenarios) The only remaining crypto scheme is Aries (BBS+). Signed-off-by: Soumya Mohapatra --- bccsp/bccsp_test.go | 392 ---- bccsp/legacy_test.go | 1809 ----------------- .../schemes/dlog/bridge/bridge_suite_test.go | 24 - bccsp/schemes/dlog/bridge/bridge_test.go | 1530 -------------- bccsp/schemes/dlog/bridge/credential.go | 130 -- bccsp/schemes/dlog/bridge/credrequest.go | 92 - bccsp/schemes/dlog/bridge/issuer.go | 147 -- .../schemes/dlog/bridge/nymsignaturescheme.go | 75 - bccsp/schemes/dlog/bridge/rand.go | 20 - bccsp/schemes/dlog/bridge/revocation.go | 76 - bccsp/schemes/dlog/bridge/signaturescheme.go | 274 --- bccsp/schemes/dlog/bridge/user.go | 96 - bccsp/schemes/dlog/crypto/credential.go | 220 -- bccsp/schemes/dlog/crypto/credrequest.go | 125 -- bccsp/schemes/dlog/crypto/idemix.go | 19 - bccsp/schemes/dlog/crypto/idemix.pb.go | 896 -------- bccsp/schemes/dlog/crypto/idemix.proto | 150 -- bccsp/schemes/dlog/crypto/idemix_test.go | 843 -------- bccsp/schemes/dlog/crypto/issuerkey.go | 231 --- bccsp/schemes/dlog/crypto/logging.go | 37 - .../dlog/crypto/nonrevocation-prover.go | 47 - .../dlog/crypto/nonrevocation-verifier.go | 36 - bccsp/schemes/dlog/crypto/nymeid.go | 59 - bccsp/schemes/dlog/crypto/nymrh.go | 59 - bccsp/schemes/dlog/crypto/nymsignature.go | 128 -- .../dlog/crypto/revocation_authority.go | 133 -- bccsp/schemes/dlog/crypto/signature.go | 1190 ----------- .../dlog/crypto/translator/amcl/amcl.pb.go | 163 -- .../dlog/crypto/translator/amcl/amcl.proto | 32 - .../dlog/crypto/translator/amcl/fp256bn.go | 168 -- .../crypto/translator/amcl/fp256bn_test.go | 158 -- .../dlog/crypto/translator/amcl/gurvy.go | 64 - .../dlog/crypto/translator/amcl/gurvy_test.go | 75 - .../translator/amcl/testdata/old/g2.bytes | 1 - .../amcl/testdata/old/g2.proto.bytes | 2 - bccsp/schemes/dlog/crypto/util.go | 71 - 36 files changed, 9572 deletions(-) delete mode 100644 bccsp/bccsp_test.go delete mode 100644 bccsp/legacy_test.go delete mode 100644 bccsp/schemes/dlog/bridge/bridge_suite_test.go delete mode 100644 bccsp/schemes/dlog/bridge/bridge_test.go delete mode 100644 bccsp/schemes/dlog/bridge/credential.go delete mode 100644 bccsp/schemes/dlog/bridge/credrequest.go delete mode 100644 bccsp/schemes/dlog/bridge/issuer.go delete mode 100644 bccsp/schemes/dlog/bridge/nymsignaturescheme.go delete mode 100644 bccsp/schemes/dlog/bridge/rand.go delete mode 100644 bccsp/schemes/dlog/bridge/revocation.go delete mode 100644 bccsp/schemes/dlog/bridge/signaturescheme.go delete mode 100644 bccsp/schemes/dlog/bridge/user.go delete mode 100644 bccsp/schemes/dlog/crypto/credential.go delete mode 100644 bccsp/schemes/dlog/crypto/credrequest.go delete mode 100644 bccsp/schemes/dlog/crypto/idemix.go delete mode 100644 bccsp/schemes/dlog/crypto/idemix.pb.go delete mode 100644 bccsp/schemes/dlog/crypto/idemix.proto delete mode 100644 bccsp/schemes/dlog/crypto/idemix_test.go delete mode 100644 bccsp/schemes/dlog/crypto/issuerkey.go delete mode 100644 bccsp/schemes/dlog/crypto/logging.go delete mode 100644 bccsp/schemes/dlog/crypto/nonrevocation-prover.go delete mode 100644 bccsp/schemes/dlog/crypto/nonrevocation-verifier.go delete mode 100644 bccsp/schemes/dlog/crypto/nymeid.go delete mode 100644 bccsp/schemes/dlog/crypto/nymrh.go delete mode 100644 bccsp/schemes/dlog/crypto/nymsignature.go delete mode 100644 bccsp/schemes/dlog/crypto/revocation_authority.go delete mode 100644 bccsp/schemes/dlog/crypto/signature.go delete mode 100644 bccsp/schemes/dlog/crypto/translator/amcl/amcl.pb.go delete mode 100644 bccsp/schemes/dlog/crypto/translator/amcl/amcl.proto delete mode 100644 bccsp/schemes/dlog/crypto/translator/amcl/fp256bn.go delete mode 100644 bccsp/schemes/dlog/crypto/translator/amcl/fp256bn_test.go delete mode 100644 bccsp/schemes/dlog/crypto/translator/amcl/gurvy.go delete mode 100644 bccsp/schemes/dlog/crypto/translator/amcl/gurvy_test.go delete mode 100644 bccsp/schemes/dlog/crypto/translator/amcl/testdata/old/g2.bytes delete mode 100644 bccsp/schemes/dlog/crypto/translator/amcl/testdata/old/g2.proto.bytes delete mode 100644 bccsp/schemes/dlog/crypto/util.go diff --git a/bccsp/bccsp_test.go b/bccsp/bccsp_test.go deleted file mode 100644 index 4542289f..00000000 --- a/bccsp/bccsp_test.go +++ /dev/null @@ -1,392 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ -package idemix_test - -import ( - "fmt" - "io/ioutil" - - math "github.com/IBM/mathlib" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - "github.com/pkg/errors" - - idemix "github.com/IBM/idemix/bccsp" - "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" - bccsp "github.com/IBM/idemix/bccsp/types" -) - -// NewDummyKeyStore instantiate a dummy key store -// that neither loads nor stores keys -func NewDummyKeyStore() bccsp.KeyStore { - return &dummyKeyStore{} -} - -// dummyKeyStore is a read-only KeyStore that neither loads nor stores keys. -type dummyKeyStore struct { -} - -// ReadOnly returns true if this KeyStore is read only, false otherwise. -// If ReadOnly is true then StoreKey will fail. -func (ks *dummyKeyStore) ReadOnly() bool { - return true -} - -// GetKey returns a key object whose SKI is the one passed. -func (ks *dummyKeyStore) GetKey(ski []byte) (bccsp.Key, error) { - return nil, errors.New("Key not found. This is a dummy KeyStore") -} - -// StoreKey stores the key k in this KeyStore. -// If this KeyStore is read only then the method will fail. -func (ks *dummyKeyStore) StoreKey(k bccsp.Key) error { - return errors.New("Cannot store key. This is a dummy read-only KeyStore") -} - -var _ = Describe("Idemix Bridge", func() { - testWithCurve(math.FP256BN_AMCL, &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}) - testWithCurve(math.BN254, &amcl.Gurvy{C: math.Curves[math.BN254]}) - testWithCurve(math.FP256BN_AMCL_MIRACL, &amcl.Fp256bnMiracl{C: math.Curves[math.FP256BN_AMCL_MIRACL]}) - testWithCurve(math.BLS12_381, &amcl.Gurvy{C: math.Curves[math.BLS12_381]}) - testWithCurve(math.BLS12_377_GURVY, &amcl.Gurvy{C: math.Curves[math.BLS12_377_GURVY]}) - testWithCurve(math.BLS12_381_GURVY, &amcl.Gurvy{C: math.Curves[math.BLS12_381_GURVY]}) -}) - -func curveName(id math.CurveID) string { - switch id { - case math.FP256BN_AMCL: - return "FP256BN_AMCL" - case math.BN254: - return "BN254" - case math.FP256BN_AMCL_MIRACL: - return "FP256BN_AMCL_MIRACL" - case math.BLS12_381: - return "BLS12_381" - case math.BLS12_377_GURVY: - return "BLS12_377_GURVY" - case math.BLS12_381_GURVY: - return "BLS12_381_GURVY" - default: - panic(fmt.Sprintf("unknown curve %d", id)) - } -} - -var _ = Describe("aries test", func() { - testAries() -}) - -var _ = Describe("Idemix Bridge Compatibility", func() { - - Describe("setting up the environment with one issuer and one user", func() { - var ( - CSP bccsp.BCCSP - IssuerKey bccsp.Key - IssuerPublicKey bccsp.Key - AttributeNames []string - - UserKey bccsp.Key - // NymKey bccsp.Key - NymPublicKey bccsp.Key - - IssuerNonce []byte - credRequest []byte - - credential []byte - - RevocationKey bccsp.Key - RevocationPublicKey bccsp.Key - cri []byte - ) - - BeforeEach(func() { - curve := math.Curves[math.FP256BN_AMCL] - translator := &amcl.Fp256bn{C: curve} - - var err error - CSP, err = idemix.New(NewDummyKeyStore(), curve, translator, true) - Expect(err).NotTo(HaveOccurred()) - - // Issuer - AttributeNames = []string{"Attr1", "Attr2", "Attr3", "Attr4", "Attr5"} - raw, err := ioutil.ReadFile("./testdata/old/issuerkey.sk") - Expect(err).NotTo(HaveOccurred()) - IssuerKey, err = CSP.KeyImport(raw, &bccsp.IdemixIssuerKeyImportOpts{Temporary: true, AttributeNames: AttributeNames}) - Expect(err).NotTo(HaveOccurred()) - IssuerPublicKey, err = IssuerKey.PublicKey() - Expect(err).NotTo(HaveOccurred()) - - // User - raw, err = ioutil.ReadFile("./testdata/old/userkey.sk") - Expect(err).NotTo(HaveOccurred()) - UserKey, err = CSP.KeyImport(raw, &bccsp.IdemixUserSecretKeyImportOpts{Temporary: true}) - Expect(err).NotTo(HaveOccurred()) - - // User Nym Key - // rawNymKeySk, err := ioutil.ReadFile("./testdata/old/nymkey.sk") - // Expect(err).NotTo(HaveOccurred()) - rawNymKeyPk, err := ioutil.ReadFile("./testdata/old/nymkey.pk") - Expect(err).NotTo(HaveOccurred()) - - // NymKey, err = CSP.KeyImport(append(rawNymKeySk, rawNymKeyPk...), &bccsp.IdemixNymKeyImportOpts{Temporary: true}) - // Expect(err).NotTo(HaveOccurred()) - NymPublicKey, err = CSP.KeyImport(rawNymKeyPk, &bccsp.IdemixNymPublicKeyImportOpts{Temporary: true}) - Expect(err).NotTo(HaveOccurred()) - - // IssuerNonce = make([]byte, 32) - // n, err := rand.Read(IssuerNonce) - // Expect(n).To(BeEquivalentTo(32)) - // Expect(err).NotTo(HaveOccurred()) - IssuerNonce, err = ioutil.ReadFile("./testdata/old/issuer_nonce") - Expect(err).NotTo(HaveOccurred()) - - // Credential Request for User - credRequest, err = ioutil.ReadFile("./testdata/old/cred_request.sign") - Expect(err).NotTo(HaveOccurred()) - // credRequest, err = CSP.Sign( - // UserKey, - // nil, - // &bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: IssuerPublicKey, IssuerNonce: IssuerNonce}, - // ) - // Expect(err).NotTo(HaveOccurred()) - - // Credential - // credential, err = CSP.Sign( - // IssuerKey, - // credRequest, - // &bccsp.IdemixCredentialSignerOpts{ - // Attributes: []bccsp.IdemixAttribute{ - // {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, - // {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1}}, - // {Type: bccsp.IdemixIntAttribute, Value: 1}, - // {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, - // {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2, 3}}, - // }, - // }, - // ) - // Expect(err).NotTo(HaveOccurred()) - credential, err = ioutil.ReadFile("./testdata/old/credential.sign") - Expect(err).NotTo(HaveOccurred()) - - // Revocation - raw, err = ioutil.ReadFile("./testdata/old/revocation.sk") - Expect(err).NotTo(HaveOccurred()) - RevocationKey, err = CSP.KeyImport(raw, &bccsp.IdemixRevocationKeyImportOpts{Temporary: true}) - Expect(err).NotTo(HaveOccurred()) - RevocationPublicKey, err = RevocationKey.PublicKey() - Expect(err).NotTo(HaveOccurred()) - - // CRI - // cri, err = CSP.Sign( - // RevocationKey, - // nil, - // &bccsp.IdemixCRISignerOpts{}, - // ) - // Expect(err).NotTo(HaveOccurred()) - cri, err = ioutil.ReadFile("./testdata/old/cri.sign") - Expect(err).NotTo(HaveOccurred()) - }) - - It("the environment is properly set", func() { - // Verify CredRequest - valid, err := CSP.Verify( - IssuerPublicKey, - credRequest, - nil, - &bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce}, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - // Verify Credential - valid, err = CSP.Verify( - UserKey, - credential, - nil, - &bccsp.IdemixCredentialSignerOpts{ - IssuerPK: IssuerPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1}}, - {Type: bccsp.IdemixIntAttribute, Value: 1}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2, 3}}, - }, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - // Verify CRI - valid, err = CSP.Verify( - RevocationPublicKey, - cri, - nil, - &bccsp.IdemixCRISignerOpts{}, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - Describe("producing an idemix signature with no disclosed attribute", func() { - var ( - digest []byte - signature []byte - ) - - BeforeEach(func() { - var err error - - digest = []byte("a digest") - - // signature, err = CSP.Sign( - // UserKey, - // digest, - // &bccsp.IdemixSignerOpts{ - // Credential: credential, - // Nym: NymKey, - // IssuerPK: IssuerPublicKey, - // Attributes: []bccsp.IdemixAttribute{ - // {Type: bccsp.IdemixHiddenAttribute}, - // {Type: bccsp.IdemixHiddenAttribute}, - // {Type: bccsp.IdemixHiddenAttribute}, - // {Type: bccsp.IdemixHiddenAttribute}, - // {Type: bccsp.IdemixHiddenAttribute}, - // }, - // RhIndex: 4, - // Epoch: 0, - // CRI: cri, - // }, - // ) - // Expect(err).NotTo(HaveOccurred()) - signature, err = ioutil.ReadFile("./testdata/old/signature_no_disclosed_attribute.sign") - Expect(err).NotTo(HaveOccurred()) - }) - - It("the signature is valid", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - }) - - Describe("producing an idemix signature with disclosed attributes", func() { - var ( - digest []byte - signature []byte - ) - - BeforeEach(func() { - var err error - - digest = []byte("a digest") - - // signature, err = CSP.Sign( - // UserKey, - // digest, - // &bccsp.IdemixSignerOpts{ - // Credential: credential, - // Nym: NymKey, - // IssuerPK: IssuerPublicKey, - // Attributes: []bccsp.IdemixAttribute{ - // {Type: bccsp.IdemixBytesAttribute}, - // {Type: bccsp.IdemixHiddenAttribute}, - // {Type: bccsp.IdemixIntAttribute}, - // {Type: bccsp.IdemixHiddenAttribute}, - // {Type: bccsp.IdemixHiddenAttribute}, - // }, - // RhIndex: 4, - // Epoch: 0, - // CRI: cri, - // }, - // ) - // Expect(err).NotTo(HaveOccurred()) - signature, err = ioutil.ReadFile("./testdata/old/signature_with_disclosed_attribute.sign") - Expect(err).NotTo(HaveOccurred()) - }) - - It("the signature is valid", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixIntAttribute, Value: 1}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - }) - - Describe("producing an idemix nym signature", func() { - var ( - digest []byte - signature []byte - ) - - BeforeEach(func() { - var err error - - digest = []byte("a digest") - - // signature, err = CSP.Sign( - // UserKey, - // digest, - // &bccsp.IdemixNymSignerOpts{ - // Nym: NymKey, - // IssuerPK: IssuerPublicKey, - // }, - // ) - // Expect(err).NotTo(HaveOccurred()) - signature, err = ioutil.ReadFile("./testdata/old/nym_signature.sign") - Expect(err).NotTo(HaveOccurred()) - }) - - It("the signature is valid", func() { - valid, err := CSP.Verify( - NymPublicKey, - signature, - digest, - &bccsp.IdemixNymSignerOpts{ - IssuerPK: IssuerPublicKey, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - }) - }) -}) diff --git a/bccsp/legacy_test.go b/bccsp/legacy_test.go deleted file mode 100644 index d5675589..00000000 --- a/bccsp/legacy_test.go +++ /dev/null @@ -1,1809 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ -package idemix_test - -import ( - "crypto/rand" - "fmt" - "io/ioutil" - "os" - "path" - - idemix "github.com/IBM/idemix/bccsp" - idemix1 "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - bccsp "github.com/IBM/idemix/bccsp/types" - math "github.com/IBM/mathlib" - "github.com/golang/protobuf/proto" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" -) - -func testWithCurve(id math.CurveID, translator idemix1.Translator) { - Describe(fmt.Sprintf("setting up the environment with one issuer and one user with curve %s", curveName(id)), func() { - var ( - CSP bccsp.BCCSP - IssuerKey bccsp.Key - IssuerPublicKey bccsp.Key - AttributeNames []string - - UserKey bccsp.Key - NymKey bccsp.Key - NymPublicKey bccsp.Key - - IssuerNonce []byte - credRequest []byte - - credential []byte - - RevocationKey bccsp.Key - RevocationPublicKey bccsp.Key - cri []byte - rootDir string - ) - - BeforeEach(func() { - var err error - - rootDir, err = ioutil.TempDir(os.TempDir(), "idemixtest") - Expect(err).NotTo(HaveOccurred()) - - CSP, err = idemix.New(NewDummyKeyStore(), math.Curves[id], translator, true) - Expect(err).NotTo(HaveOccurred()) - - // Issuer - AttributeNames = []string{"Attr1", "Attr2", "Attr3", "Attr4", "Attr5"} - IssuerKey, err = CSP.KeyGen(&bccsp.IdemixIssuerKeyGenOpts{Temporary: true, AttributeNames: AttributeNames}) - Expect(err).NotTo(HaveOccurred()) - IssuerPublicKey, err = IssuerKey.PublicKey() - Expect(err).NotTo(HaveOccurred()) - - raw, err := IssuerKey.Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(ioutil.WriteFile(path.Join(rootDir, "issuerkey.sk"), raw, 0666)).NotTo(HaveOccurred()) - raw, err = IssuerPublicKey.Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(ioutil.WriteFile(path.Join(rootDir, "issuerkey.pk"), raw, 0666)).NotTo(HaveOccurred()) - - // User - UserKey, err = CSP.KeyGen(&bccsp.IdemixUserSecretKeyGenOpts{Temporary: true}) - Expect(err).NotTo(HaveOccurred()) - - raw, err = UserKey.Bytes() - Expect(err).NotTo(HaveOccurred()) - // Expect(len(raw)).To(Equal(32)) - Expect(ioutil.WriteFile(path.Join(rootDir, "userkey.sk"), raw, 0666)).NotTo(HaveOccurred()) - - // User Nym Key - NymKey, err = CSP.KeyDeriv(UserKey, &bccsp.IdemixNymKeyDerivationOpts{Temporary: true, IssuerPK: IssuerPublicKey}) - Expect(err).NotTo(HaveOccurred()) - NymPublicKey, err = NymKey.PublicKey() - Expect(err).NotTo(HaveOccurred()) - - raw, err = NymKey.Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(ioutil.WriteFile(path.Join(rootDir, "nymkey.sk"), raw, 0666)).NotTo(HaveOccurred()) - raw, err = NymPublicKey.Bytes() - Expect(len(raw)).To(Equal(2 * math.Curves[id].CoordByteSize)) - Expect(err).NotTo(HaveOccurred()) - Expect(ioutil.WriteFile(path.Join(rootDir, "nymkey.pk"), raw, 0666)).NotTo(HaveOccurred()) - - IssuerNonce = make([]byte, math.Curves[id].ScalarByteSize) - n, err := rand.Read(IssuerNonce) - Expect(n).To(BeEquivalentTo(math.Curves[id].ScalarByteSize)) - Expect(err).NotTo(HaveOccurred()) - - // Credential Request for User - credRequest, err = CSP.Sign( - UserKey, - nil, - &bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: IssuerPublicKey, IssuerNonce: IssuerNonce}, - ) - Expect(err).NotTo(HaveOccurred()) - - // Credential - credential, err = CSP.Sign( - IssuerKey, - credRequest, - &bccsp.IdemixCredentialSignerOpts{ - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1}}, - {Type: bccsp.IdemixIntAttribute, Value: 1}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2, 3}}, - }, - }, - ) - Expect(err).NotTo(HaveOccurred()) - - // Revocation - RevocationKey, err = CSP.KeyGen(&bccsp.IdemixRevocationKeyGenOpts{Temporary: true}) - Expect(err).NotTo(HaveOccurred()) - RevocationPublicKey, err = RevocationKey.PublicKey() - Expect(err).NotTo(HaveOccurred()) - - raw, err = RevocationKey.Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(ioutil.WriteFile(path.Join(rootDir, "revocation.sk"), raw, 0666)).NotTo(HaveOccurred()) - raw, err = RevocationPublicKey.Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(ioutil.WriteFile(path.Join(rootDir, "revocation.pk"), raw, 0666)).NotTo(HaveOccurred()) - - // CRI - cri, err = CSP.Sign( - RevocationKey, - nil, - &bccsp.IdemixCRISignerOpts{}, - ) - Expect(err).NotTo(HaveOccurred()) - - }) - - It("the environment is properly set", func() { - // Verify CredRequest - valid, err := CSP.Verify( - IssuerPublicKey, - credRequest, - nil, - &bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce}, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - // Verify Credential - valid, err = CSP.Verify( - UserKey, - credential, - nil, - &bccsp.IdemixCredentialSignerOpts{ - IssuerPK: IssuerPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1}}, - {Type: bccsp.IdemixIntAttribute, Value: 1}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2, 3}}, - }, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - // Verify CRI - valid, err = CSP.Verify( - RevocationPublicKey, - cri, - nil, - &bccsp.IdemixCRISignerOpts{}, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - Describe("producing an idemix signature with no disclosed attribute", func() { - var ( - digest []byte - signature []byte - ) - - BeforeEach(func() { - var err error - - digest = []byte("a digest") - - signature, err = CSP.Sign( - UserKey, - digest, - &bccsp.IdemixSignerOpts{ - Credential: credential, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - CRI: cri, - }, - ) - Expect(err).NotTo(HaveOccurred()) - }) - - It("the signature is valid", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - VerificationType: bccsp.BestEffort, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("the signature is valid", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - // VerificationType: bccsp.Basic, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("the signature is valid even when there's garbage in the nym eid field if we do basic verification", func() { - sig := &idemix1.Signature{} - err := proto.Unmarshal(signature, sig) - Expect(err).NotTo(HaveOccurred()) - - sig.EidNym = &idemix1.EIDNym{ - ProofSEid: []byte("invalid garbage"), - } - - sigBytes, err := proto.Marshal(sig) - Expect(err).NotTo(HaveOccurred()) - - valid, err := CSP.Verify( - IssuerPublicKey, - sigBytes, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - // VerificationType: bccsp.Basic, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("the signature is not valid when there's garbage in the nym eid field and we do ExpectStandard verification", func() { - sig := &idemix1.Signature{} - err := proto.Unmarshal(signature, sig) - Expect(err).NotTo(HaveOccurred()) - - sig.EidNym = &idemix1.EIDNym{ - ProofSEid: []byte("invalid garbage"), - } - - sigBytes, err := proto.Marshal(sig) - Expect(err).NotTo(HaveOccurred()) - - valid, err := CSP.Verify( - IssuerPublicKey, - sigBytes, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - VerificationType: bccsp.ExpectStandard, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("EidNym available but ExpectStandard required")) - Expect(valid).To(BeFalse()) - }) - - It("the signature is not valid when there's garbage in the nym eid field and we do ExpectEidNym verification", func() { - sig := &idemix1.Signature{} - err := proto.Unmarshal(signature, sig) - Expect(err).NotTo(HaveOccurred()) - - sig.EidNym = &idemix1.EIDNym{ - ProofSEid: []byte("invalid garbage"), - } - - sigBytes, err := proto.Marshal(sig) - Expect(err).NotTo(HaveOccurred()) - - valid, err := CSP.Verify( - IssuerPublicKey, - sigBytes, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - VerificationType: bccsp.ExpectEidNym, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("no EidNym provided but ExpectEidNym required")) - Expect(valid).To(BeFalse()) - }) - - It("the signature is not valid when there's garbage in the nym eid field and we do BestEffort verification", func() { - sig := &idemix1.Signature{} - err := proto.Unmarshal(signature, sig) - Expect(err).NotTo(HaveOccurred()) - - sig.EidNym = &idemix1.EIDNym{ - ProofSEid: []byte("invalid garbageinvalid garbageinvalid garbageinvalid garbageinvalid garbageinvalid garbageinvalid garbageinvalid garbage"), - Nym: translator.G1ToProto(math.Curves[id].GenG1), - } - - sigBytes, err := proto.Marshal(sig) - Expect(err).NotTo(HaveOccurred()) - - valid, err := CSP.Verify( - IssuerPublicKey, - sigBytes, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.BestEffort, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("zero-knowledge proof is invalid")) - Expect(valid).To(BeFalse()) - }) - - It("the signature is valid when we expect a standard signature", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - VerificationType: bccsp.ExpectStandard, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("the signature is not valid when we expect a signature with nym eid", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - VerificationType: bccsp.ExpectEidNym, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("no EidNym provided but ExpectEidNym required")) - Expect(valid).To(BeFalse()) - }) - - }) - - Describe("producing an idemix signature with an eid nym", func() { - var ( - digest []byte - signature []byte - signOpts *bccsp.IdemixSignerOpts - ) - - BeforeEach(func() { - var err error - - digest = []byte("a digest") - - signOpts = &bccsp.IdemixSignerOpts{ - Credential: credential, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - CRI: cri, - SigType: bccsp.EidNym, - } - - signature, err = CSP.Sign( - UserKey, - digest, - signOpts, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(signOpts.Metadata).NotTo(BeNil()) - }) - - It("the signature is not valid if we use basic verification", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - // VerificationType: bccsp.Basic, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("zero-knowledge proof is invalid")) - Expect(valid).To(BeFalse()) - }) - - It("the signature is valid", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.BestEffort, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("the signature is valid when we expect an eid nym", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNym, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("the signature is valid when we expect an eid nym and supply the right one", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNym, - Metadata: &bccsp.IdemixSignerMetadata{ - EidNym: signOpts.Metadata.EidNym, - }, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("the signature is not valid when we expect an eid nym and supply the wrong one", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNym, - Metadata: &bccsp.IdemixSignerMetadata{ - EidNym: math.Curves[id].GenG1.Bytes(), - }, - }, - ) - Expect(err).NotTo(BeNil()) - Expect(err.Error()).To(ContainSubstring("signature invalid: nym eid validation failed, signature nym eid does not match metadata")) - Expect(valid).To(BeFalse()) - }) - - It("the signature is not valid when we expect an eid nym and supply garbage", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNym, - Metadata: &bccsp.IdemixSignerMetadata{ - EidNym: []byte("garbage"), - }, - }, - ) - Expect(err).NotTo(BeNil()) - Expect(err.Error()).To(ContainSubstring("signature invalid: nym eid validation failed, failed to unmarshal meta nym eid")) - Expect(valid).To(BeFalse()) - }) - - It("the signature is valid when we expect an eid nym and request auditing of the eid nym", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNym, - Metadata: signOpts.Metadata, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("the signature is not valid when we expect an eid nym and request auditing of the eid nym with a wrong randomness", func() { - signOpts.Metadata.EidNymAuditData.Rand = signOpts.Metadata.EidNymAuditData.Attr - - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNym, - Metadata: signOpts.Metadata, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("signature invalid: nym eid validation failed")) - Expect(valid).To(BeFalse()) - }) - - It("the signature is not valid when we expect a standard signature", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectStandard, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("EidNym available but ExpectStandard required")) - Expect(valid).To(BeFalse()) - }) - - It("nym eid auditing with the right enrollment ID succeeds", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.EidNymAuditOpts{ - EidIndex: 3, - EnrollmentID: string([]byte{0, 1, 2}), - RNymEid: signOpts.Metadata.EidNymAuditData.Rand, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - valid, err = CSP.Verify( - IssuerPublicKey, - signOpts.Metadata.EidNymAuditData.Nym.Bytes(), - digest, - &bccsp.EidNymAuditOpts{ - AuditVerificationType: bccsp.AuditExpectEidNym, - EidIndex: 3, - EnrollmentID: string([]byte{0, 1, 2}), - RNymEid: signOpts.Metadata.EidNymAuditData.Rand, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("nym eid auditing with the wrong enrollment ID fails", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.EidNymAuditOpts{ - EidIndex: 3, - EnrollmentID: "Have you seen the writing on the wall?", - RNymEid: signOpts.Metadata.EidNymAuditData.Rand, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("eid nym does not match")) - Expect(valid).To(BeFalse()) - - valid, err = CSP.Verify( - IssuerPublicKey, - signOpts.Metadata.EidNymAuditData.Nym.Bytes(), - digest, - &bccsp.EidNymAuditOpts{ - AuditVerificationType: bccsp.AuditExpectEidNym, - EidIndex: 3, - EnrollmentID: "Have you seen the writing on the wall?", - RNymEid: signOpts.Metadata.EidNymAuditData.Rand, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("eid nym does not match")) - Expect(valid).To(BeFalse()) - }) - - It("valid signature against meta", func() { - signOpts2 := &bccsp.IdemixSignerOpts{ - Credential: credential, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - CRI: cri, - SigType: bccsp.EidNym, - Metadata: signOpts.Metadata, - } - signature2, err := CSP.Sign( - UserKey, - digest, - signOpts2, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(signOpts2.Metadata).NotTo(BeNil()) - - Expect(signOpts2.Metadata.EidNymAuditData.Nym.Equals(signOpts.Metadata.EidNymAuditData.Nym)).To(BeTrue()) - Expect(signOpts2.Metadata.EidNymAuditData.Attr.Equals(signOpts2.Metadata.EidNymAuditData.Attr)).To(BeTrue()) - Expect(signOpts2.Metadata.EidNymAuditData.Rand.Equals(signOpts.Metadata.EidNymAuditData.Rand)).To(BeTrue()) - - valid, err := CSP.Verify( - IssuerPublicKey, - signature2, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNym, - Metadata: signOpts.Metadata, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - valid, err = CSP.Verify( - IssuerPublicKey, - signature2, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNym, - Metadata: signOpts2.Metadata, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - }) - - Describe("producing an idemix signature with an eid nym and rh nym", func() { - var ( - digest []byte - signature []byte - signOpts *bccsp.IdemixSignerOpts - ) - - BeforeEach(func() { - var err error - - digest = []byte("a digest") - - signOpts = &bccsp.IdemixSignerOpts{ - Credential: credential, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - CRI: cri, - SigType: bccsp.EidNymRhNym, - } - - signature, err = CSP.Sign( - UserKey, - digest, - signOpts, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(signOpts.Metadata).NotTo(BeNil()) - }) - - It("the signature is not valid if we use basic verification", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - // VerificationType: bccsp.Basic, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("zero-knowledge proof is invalid")) - Expect(valid).To(BeFalse()) - }) - - It("the signature is valid", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.BestEffort, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("the signature is not valid when we expect only an eid nym", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNym, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("zero-knowledge proof is invalid")) - Expect(valid).To(BeFalse()) - }) - - It("the signature is valid when we expect both an eid nym and rh nym and request auditing of the eid nym and the rh nym", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNymRhNym, - Metadata: signOpts.Metadata, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("the signature is valid when we expect both an eid nym and rh nym and supply the right eid nym and rh nym", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNymRhNym, - Metadata: &bccsp.IdemixSignerMetadata{ - EidNym: signOpts.Metadata.EidNym, - RhNym: signOpts.Metadata.RhNym, - }, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("the signature is not valid when we expect both an eid nym and rh nym and supply the right eid nym and the wrong rh nym", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNymRhNym, - Metadata: &bccsp.IdemixSignerMetadata{ - EidNym: signOpts.Metadata.EidNym, - RhNym: math.Curves[id].GenG1.Bytes(), - }, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("signature invalid: nym rh validation failed, signature nym rh does not match metadata")) - Expect(valid).To(BeFalse()) - }) - - It("the signature is not valid when we expect both an eid nym and rh nym and supply the right eid nym and garbage rh nym", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNymRhNym, - Metadata: &bccsp.IdemixSignerMetadata{ - EidNym: signOpts.Metadata.EidNym, - RhNym: []byte("garbage"), - }, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("signature invalid: nym rh validation failed, failed to unmarshal meta nym rh")) - Expect(valid).To(BeFalse()) - }) - - It("the signature is not valid when we expect both an eid nym and rh nym and supply the wrong eid nym and the right rh nym", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNymRhNym, - Metadata: &bccsp.IdemixSignerMetadata{ - EidNym: math.Curves[id].GenG1.Bytes(), - RhNym: signOpts.Metadata.RhNym, - }, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("signature invalid: nym eid validation failed, signature nym eid does not match metadata")) - Expect(valid).To(BeFalse()) - }) - - It("the signature is not valid when we expect both an eid nym and rh nym and request auditing of the eid nym with a wrong randomness", func() { - signOpts.Metadata.EidNymAuditData.Rand = signOpts.Metadata.EidNymAuditData.Attr - - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNymRhNym, - Metadata: signOpts.Metadata, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("signature invalid: nym eid validation failed")) - Expect(valid).To(BeFalse()) - }) - - It("the signature is not valid when we expect both an eid nym and rh nym and request auditing of the rh nym with a wrong randomness", func() { - signOpts.Metadata.RhNymAuditData.Rand = signOpts.Metadata.RhNymAuditData.Attr - - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNymRhNym, - Metadata: signOpts.Metadata, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("signature invalid: nym rh validation failed")) - Expect(valid).To(BeFalse()) - }) - - It("the signature is not valid when we expect a standard signature", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectStandard, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("RhNym available but ExpectStandard required")) - Expect(valid).To(BeFalse()) - }) - - It("nym eid auditing with the right enrollment ID succeeds", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.EidNymAuditOpts{ - EidIndex: 3, - EnrollmentID: string([]byte{0, 1, 2}), - RNymEid: signOpts.Metadata.EidNymAuditData.Rand, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - valid, err = CSP.Verify( - IssuerPublicKey, - signOpts.Metadata.EidNymAuditData.Nym.Bytes(), - digest, - &bccsp.EidNymAuditOpts{ - AuditVerificationType: bccsp.AuditExpectEidNym, - EidIndex: 3, - EnrollmentID: string([]byte{0, 1, 2}), - RNymEid: signOpts.Metadata.EidNymAuditData.Rand, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("nym eid auditing with the wrong enrollment ID fails", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.EidNymAuditOpts{ - EidIndex: 3, - EnrollmentID: "Have you seen the writing on the wall?", - RNymEid: signOpts.Metadata.EidNymAuditData.Rand, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("eid nym does not match")) - Expect(valid).To(BeFalse()) - - valid, err = CSP.Verify( - IssuerPublicKey, - signOpts.Metadata.EidNymAuditData.Nym.Bytes(), - digest, - &bccsp.EidNymAuditOpts{ - AuditVerificationType: bccsp.AuditExpectEidNym, - EidIndex: 3, - EnrollmentID: "Have you seen the writing on the wall?", - RNymEid: signOpts.Metadata.EidNymAuditData.Rand, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("eid nym does not match")) - Expect(valid).To(BeFalse()) - }) - - It("nym rh auditing with the right revocation handle succeeds", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.RhNymAuditOpts{ - RhIndex: 4, - RevocationHandle: string([]byte{0, 1, 2, 3}), - RNymRh: signOpts.Metadata.RhNymAuditData.Rand, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - valid, err = CSP.Verify( - IssuerPublicKey, - signOpts.Metadata.RhNymAuditData.Nym.Bytes(), - digest, - &bccsp.RhNymAuditOpts{ - AuditVerificationType: bccsp.AuditExpectEidNymRhNym, - RhIndex: 4, - RevocationHandle: string([]byte{0, 1, 2, 3}), - RNymRh: signOpts.Metadata.RhNymAuditData.Rand, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("nym eid auditing with the wrong enrollment ID fails", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.EidNymAuditOpts{ - EidIndex: 3, - EnrollmentID: "Have you seen the writing on the wall?", - RNymEid: signOpts.Metadata.EidNymAuditData.Rand, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("eid nym does not match")) - Expect(valid).To(BeFalse()) - - valid, err = CSP.Verify( - IssuerPublicKey, - signOpts.Metadata.EidNymAuditData.Nym.Bytes(), - digest, - &bccsp.EidNymAuditOpts{ - AuditVerificationType: bccsp.AuditExpectEidNym, - EidIndex: 3, - EnrollmentID: "Have you seen the writing on the wall?", - RNymEid: signOpts.Metadata.EidNymAuditData.Rand, - }, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("eid nym does not match")) - Expect(valid).To(BeFalse()) - }) - - It("valid signature against meta", func() { - signOpts2 := &bccsp.IdemixSignerOpts{ - Credential: credential, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - CRI: cri, - SigType: bccsp.EidNymRhNym, - Metadata: signOpts.Metadata, - } - signature2, err := CSP.Sign( - UserKey, - digest, - signOpts2, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(signOpts2.Metadata).NotTo(BeNil()) - - Expect(signOpts2.Metadata.EidNymAuditData.Nym.Equals(signOpts.Metadata.EidNymAuditData.Nym)).To(BeTrue()) - Expect(signOpts2.Metadata.EidNymAuditData.Attr.Equals(signOpts2.Metadata.EidNymAuditData.Attr)).To(BeTrue()) - Expect(signOpts2.Metadata.EidNymAuditData.Rand.Equals(signOpts.Metadata.EidNymAuditData.Rand)).To(BeTrue()) - - Expect(signOpts2.Metadata.RhNymAuditData.Nym.Equals(signOpts.Metadata.RhNymAuditData.Nym)).To(BeTrue()) - Expect(signOpts2.Metadata.RhNymAuditData.Attr.Equals(signOpts2.Metadata.RhNymAuditData.Attr)).To(BeTrue()) - Expect(signOpts2.Metadata.RhNymAuditData.Rand.Equals(signOpts.Metadata.RhNymAuditData.Rand)).To(BeTrue()) - - valid, err := CSP.Verify( - IssuerPublicKey, - signature2, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNymRhNym, - Metadata: signOpts.Metadata, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - valid, err = CSP.Verify( - IssuerPublicKey, - signature2, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 3, - Epoch: 0, - VerificationType: bccsp.ExpectEidNymRhNym, - Metadata: signOpts2.Metadata, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - }) - - Describe("producing an idemix signature with disclosed attributes", func() { - var ( - digest []byte - signature []byte - ) - - BeforeEach(func() { - var err error - - digest = []byte("a digest") - - signature, err = CSP.Sign( - UserKey, - digest, - &bccsp.IdemixSignerOpts{ - Credential: credential, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixBytesAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixIntAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - CRI: cri, - }, - ) - Expect(err).NotTo(HaveOccurred()) - }) - - It("the signature is valid", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixIntAttribute, Value: 1}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - }) - - Describe("producing an idemix nym signature", func() { - var ( - digest []byte - signature []byte - ) - - BeforeEach(func() { - var err error - - digest = []byte("a digest") - - signature, err = CSP.Sign( - UserKey, - digest, - &bccsp.IdemixNymSignerOpts{ - Nym: NymKey, - IssuerPK: IssuerPublicKey, - }, - ) - Expect(err).NotTo(HaveOccurred()) - }) - - It("the signature is valid", func() { - valid, err := CSP.Verify( - NymPublicKey, - signature, - digest, - &bccsp.IdemixNymSignerOpts{ - IssuerPK: IssuerPublicKey, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - }) - - Describe("Idemix Bridge Load", func() { - - Describe("setting up the environment with one issuer and one user", func() { - var ( - CSP bccsp.BCCSP - IssuerKey bccsp.Key - IssuerPublicKey bccsp.Key - AttributeNames []string - - UserKey bccsp.Key - NymKey bccsp.Key - NymPublicKey bccsp.Key - - IssuerNonce []byte - credRequest []byte - - credential []byte - - RevocationKey bccsp.Key - RevocationPublicKey bccsp.Key - cri []byte - ) - - BeforeEach(func() { - var err error - CSP, err = idemix.New(NewDummyKeyStore(), math.Curves[id], translator, true) - Expect(err).NotTo(HaveOccurred()) - - // Issuer - AttributeNames = []string{"Attr1", "Attr2", "Attr3", "Attr4", "Attr5"} - raw, err := ioutil.ReadFile(path.Join(rootDir, "issuerkey.sk")) - Expect(err).NotTo(HaveOccurred()) - IssuerKey, err = CSP.KeyImport(raw, &bccsp.IdemixIssuerKeyImportOpts{Temporary: true, AttributeNames: AttributeNames}) - Expect(err).NotTo(HaveOccurred()) - IssuerPublicKey, err = IssuerKey.PublicKey() - Expect(err).NotTo(HaveOccurred()) - - // User - raw, err = ioutil.ReadFile(path.Join(rootDir, "userkey.sk")) - Expect(err).NotTo(HaveOccurred()) - UserKey, err = CSP.KeyImport(raw, &bccsp.IdemixUserSecretKeyImportOpts{Temporary: true}) - Expect(err).NotTo(HaveOccurred()) - - // User Nym Key - rawNymKeySk, err := ioutil.ReadFile(path.Join(rootDir, "nymkey.sk")) - Expect(err).NotTo(HaveOccurred()) - rawNymKeyPk, err := ioutil.ReadFile(path.Join(rootDir, "nymkey.pk")) - Expect(err).NotTo(HaveOccurred()) - Expect(len(rawNymKeyPk)).To(Equal(2 * math.Curves[id].CoordByteSize)) - - NymKey, err = CSP.KeyImport(append(rawNymKeySk, rawNymKeyPk...), &bccsp.IdemixNymKeyImportOpts{Temporary: true}) - Expect(err).NotTo(HaveOccurred()) - NymPublicKey, err = CSP.KeyImport(rawNymKeyPk, &bccsp.IdemixNymPublicKeyImportOpts{Temporary: true}) - Expect(err).NotTo(HaveOccurred()) - - IssuerNonce = make([]byte, math.Curves[id].ScalarByteSize) - n, err := rand.Read(IssuerNonce) - Expect(n).To(BeEquivalentTo(math.Curves[id].ScalarByteSize)) - Expect(err).NotTo(HaveOccurred()) - - // Credential Request for User - credRequest, err = CSP.Sign( - UserKey, - nil, - &bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: IssuerPublicKey, IssuerNonce: IssuerNonce}, - ) - Expect(err).NotTo(HaveOccurred()) - - // Credential - credential, err = CSP.Sign( - IssuerKey, - credRequest, - &bccsp.IdemixCredentialSignerOpts{ - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1}}, - {Type: bccsp.IdemixIntAttribute, Value: 1}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2, 3}}, - }, - }, - ) - Expect(err).NotTo(HaveOccurred()) - - // Revocation - raw, err = ioutil.ReadFile(path.Join(rootDir, "revocation.sk")) - Expect(err).NotTo(HaveOccurred()) - RevocationKey, err = CSP.KeyImport(raw, &bccsp.IdemixRevocationKeyImportOpts{Temporary: true}) - Expect(err).NotTo(HaveOccurred()) - RevocationPublicKey, err = RevocationKey.PublicKey() - Expect(err).NotTo(HaveOccurred()) - - // CRI - cri, err = CSP.Sign( - RevocationKey, - nil, - &bccsp.IdemixCRISignerOpts{}, - ) - Expect(err).NotTo(HaveOccurred()) - }) - - It("the environment is properly set", func() { - // Verify CredRequest - valid, err := CSP.Verify( - IssuerPublicKey, - credRequest, - nil, - &bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce}, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - // Verify Credential - valid, err = CSP.Verify( - UserKey, - credential, - nil, - &bccsp.IdemixCredentialSignerOpts{ - IssuerPK: IssuerPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1}}, - {Type: bccsp.IdemixIntAttribute, Value: 1}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2, 3}}, - }, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - // Verify CRI - valid, err = CSP.Verify( - RevocationPublicKey, - cri, - nil, - &bccsp.IdemixCRISignerOpts{}, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - Describe("producing an idemix signature with no disclosed attribute", func() { - var ( - digest []byte - signature []byte - ) - - BeforeEach(func() { - var err error - - digest = []byte("a digest") - - signature, err = CSP.Sign( - UserKey, - digest, - &bccsp.IdemixSignerOpts{ - Credential: credential, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - CRI: cri, - }, - ) - Expect(err).NotTo(HaveOccurred()) - }) - - It("the signature is valid", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - }) - - Describe("producing an idemix signature with disclosed attributes", func() { - var ( - digest []byte - signature []byte - ) - - BeforeEach(func() { - var err error - - digest = []byte("a digest") - - signature, err = CSP.Sign( - UserKey, - digest, - &bccsp.IdemixSignerOpts{ - Credential: credential, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixBytesAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixIntAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - CRI: cri, - }, - ) - Expect(err).NotTo(HaveOccurred()) - }) - - It("the signature is valid", func() { - valid, err := CSP.Verify( - IssuerPublicKey, - signature, - digest, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixIntAttribute, Value: 1}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - }) - - Describe("producing an idemix nym signature", func() { - var ( - digest []byte - signature []byte - ) - - BeforeEach(func() { - var err error - - digest = []byte("a digest") - - signature, err = CSP.Sign( - UserKey, - digest, - &bccsp.IdemixNymSignerOpts{ - Nym: NymKey, - IssuerPK: IssuerPublicKey, - }, - ) - Expect(err).NotTo(HaveOccurred()) - }) - - It("the signature is valid", func() { - valid, err := CSP.Verify( - NymPublicKey, - signature, - digest, - &bccsp.IdemixNymSignerOpts{ - IssuerPK: IssuerPublicKey, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - }) - }) - }) - }) -} diff --git a/bccsp/schemes/dlog/bridge/bridge_suite_test.go b/bccsp/schemes/dlog/bridge/bridge_suite_test.go deleted file mode 100644 index 5df0e9dd..00000000 --- a/bccsp/schemes/dlog/bridge/bridge_suite_test.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ -package bridge_test - -import ( - "io" - "testing" - - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" -) - -func TestPlain(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "Plain Suite") -} - -// NewRandPanic is an utility test function that always panic when invoked -func NewRandPanic() io.Reader { - panic("new rand panic") -} diff --git a/bccsp/schemes/dlog/bridge/bridge_test.go b/bccsp/schemes/dlog/bridge/bridge_test.go deleted file mode 100644 index 6772a139..00000000 --- a/bccsp/schemes/dlog/bridge/bridge_test.go +++ /dev/null @@ -1,1530 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ -package bridge_test - -import ( - "crypto/rand" - "fmt" - "io" - - "github.com/IBM/idemix/bccsp/handlers" - "github.com/IBM/idemix/bccsp/schemes/dlog/bridge" - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" - "github.com/IBM/idemix/bccsp/types" - "github.com/IBM/idemix/bccsp/types/mock" - math "github.com/IBM/mathlib" - "github.com/golang/protobuf/proto" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" -) - -func rndOrPanic(curve *math.Curve) io.Reader { - rnd, err := curve.Rand() - if err != nil { - panic(err) - } - - return rnd -} - -var _ = Describe("Idemix Bridge", func() { - var ( - userSecretKey *math.Zr - issuerPublicKey types.IssuerPublicKey - issuerSecretKey types.IssuerSecretKey - nymPublicKey *math.G1 - nymSecretKey *math.Zr - ) - - BeforeEach(func() { - userSecretKey = math.Curves[math.FP256BN_AMCL].NewZrFromInt(0) - issuerPublicKey = &bridge.IssuerPublicKey{} - issuerSecretKey = &bridge.IssuerSecretKey{} - nymPublicKey = math.Curves[math.FP256BN_AMCL].GenG1 - nymSecretKey = math.Curves[math.FP256BN_AMCL].NewZrFromInt(0) - }) - - Describe("issuer", func() { - var ( - Issuer *bridge.Issuer - ) - - BeforeEach(func() { - Issuer = &bridge.Issuer{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - }) - - Context("key generation", func() { - - Context("successful generation", func() { - var ( - key types.IssuerSecretKey - err error - attributes []string - ) - - It("with valid attributes", func() { - attributes = []string{"A", "B"} - key, err = Issuer.NewKey(attributes) - Expect(err).NotTo(HaveOccurred()) - Expect(key).NotTo(BeNil()) - }) - - It("with empty attributes", func() { - attributes = nil - key, err = Issuer.NewKey(attributes) - Expect(err).NotTo(HaveOccurred()) - Expect(key).NotTo(BeNil()) - }) - - AfterEach(func() { - raw, err := key.Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(raw).NotTo(BeEmpty()) - - pk := key.Public() - Expect(pk).NotTo(BeNil()) - - h := pk.Hash() - Expect(h).NotTo(BeEmpty()) - - raw, err = pk.Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(raw).NotTo(BeEmpty()) - - pk2, err := Issuer.NewPublicKeyFromBytes(raw, attributes) - Expect(err).NotTo(HaveOccurred()) - - raw2, err := pk2.Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(raw2).NotTo(BeEmpty()) - Expect(pk2.Hash()).To(BeEquivalentTo(pk.Hash())) - Expect(raw2).To(BeEquivalentTo(raw)) - }) - }) - }) - - Context("public key import", func() { - - It("fails to unmarshal issuer public key", func() { - pk, err := Issuer.NewPublicKeyFromBytes([]byte{0, 1, 2, 3, 4}, nil) - Expect(err.Error()).To(ContainSubstring("failed to unmarshal issuer public key: proto")) - Expect(pk).To(BeNil()) - }) - - It("fails to unmarshal issuer public key", func() { - pk, err := Issuer.NewPublicKeyFromBytes(nil, nil) - Expect(err).To(MatchError(ContainSubstring("nil argument"))) - Expect(pk).To(BeNil()) - }) - - Context("and it is modified", func() { - var ( - pk types.IssuerPublicKey - ) - BeforeEach(func() { - attributes := []string{"A", "B"} - key, err := Issuer.NewKey(attributes) - Expect(err).NotTo(HaveOccurred()) - pk = key.Public() - Expect(pk).NotTo(BeNil()) - }) - - It("fails to validate invalid issuer public key", func() { - if pk.(*bridge.IssuerPublicKey).PK.ProofC[0] != 1 { - pk.(*bridge.IssuerPublicKey).PK.ProofC[0] = 1 - } else { - pk.(*bridge.IssuerPublicKey).PK.ProofC[0] = 0 - } - raw, err := pk.Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(raw).NotTo(BeEmpty()) - - pk, err = Issuer.NewPublicKeyFromBytes(raw, nil) - Expect(err).To(MatchError("invalid issuer public key: zero knowledge proof in public key invalid")) - Expect(pk).To(BeNil()) - }) - - It("fails to verify attributes, different length", func() { - raw, err := pk.Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(raw).NotTo(BeEmpty()) - - pk, err := Issuer.NewPublicKeyFromBytes(raw, []string{"A"}) - Expect(err).To(MatchError("invalid number of attributes, expected [2], got [1]")) - Expect(pk).To(BeNil()) - }) - - It("fails to verify attributes, different attributes", func() { - raw, err := pk.Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(raw).NotTo(BeEmpty()) - - pk, err := Issuer.NewPublicKeyFromBytes(raw, []string{"A", "C"}) - Expect(err).To(MatchError("invalid attribute name at position [1]")) - Expect(pk).To(BeNil()) - }) - }) - - }) - }) - - Describe("user", func() { - var ( - User *bridge.User - ) - - BeforeEach(func() { - User = &bridge.User{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - }) - - Context("secret key import", func() { - It("success", func() { - key, err := User.NewKey() - Expect(err).NotTo(HaveOccurred()) - - raw := key.Bytes() - Expect(raw).NotTo(BeNil()) - - key2, err := User.NewKeyFromBytes(raw) - Expect(err).NotTo(HaveOccurred()) - - raw2 := key2.Bytes() - Expect(raw2).NotTo(BeNil()) - - Expect(raw2).To(BeEquivalentTo(raw)) - }) - - It("fails on nil raw", func() { - key, err := User.NewKeyFromBytes(nil) - Expect(err).To(MatchError("invalid length, expected [32], got [0]")) - Expect(key).To(BeNil()) - }) - - It("fails on invalid raw", func() { - key, err := User.NewKeyFromBytes([]byte{0, 1, 2, 3}) - Expect(err).To(MatchError("invalid length, expected [32], got [4]")) - Expect(key).To(BeNil()) - }) - }) - - Context("nym generation", func() { - - It("fails on nil issuer public key", func() { - r1, r2, err := User.MakeNym(userSecretKey, nil) - Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got []")) - Expect(r1).To(BeNil()) - Expect(r2).To(BeNil()) - }) - - It("fails on invalid issuer public key", func() { - r1, r2, err := User.MakeNym(userSecretKey, &mock.IssuerPublicKey{}) - Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [*mock.IssuerPublicKey]")) - Expect(r1).To(BeNil()) - Expect(r2).To(BeNil()) - }) - }) - - Context("public nym import", func() { - It("success", func() { - curve := math.Curves[math.FP256BN_AMCL] - rng, err := curve.Rand() - Expect(err).NotTo(HaveOccurred()) - - g := curve.GenG1 - r := curve.NewRandomZr(rng) - h := g.Mul(r) - - npk := handlers.NewNymPublicKey(h, &amcl.Fp256bn{C: curve}) - raw, err := npk.Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(raw).NotTo(BeNil()) - - npk2, err := User.NewPublicNymFromBytes(raw) - Expect(err).NotTo(HaveOccurred()) - - Expect(npk2.Equals(h)).To(BeTrue()) - - raw2, err := handlers.NewNymPublicKey(npk2, &amcl.Fp256bn{C: curve}).Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(raw2).NotTo(BeNil()) - - Expect(raw2).To(BeEquivalentTo(raw)) - }) - - It("panic on nil raw", func() { - key, err := User.NewPublicNymFromBytes(nil) - Expect(err).To(MatchError("invalid marshalled length")) - Expect(key).To(BeNil()) - }) - - It("failure unmarshalling invalid raw", func() { - key, err := User.NewPublicNymFromBytes([]byte{0, 1, 2, 3}) - Expect(err).To(MatchError("invalid marshalled length")) - Expect(key).To(BeNil()) - }) - - }) - }) - - Describe("credential request", func() { - var ( - CredRequest *bridge.CredRequest - IssuerNonce []byte - ) - BeforeEach(func() { - CredRequest = &bridge.CredRequest{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - IssuerNonce = make([]byte, 32) - n, err := rand.Read(IssuerNonce) - Expect(n).To(BeEquivalentTo(32)) - Expect(err).NotTo(HaveOccurred()) - }) - - Context("sign", func() { - It("fail on nil issuer public key", func() { - raw, err := CredRequest.Sign(userSecretKey, nil, IssuerNonce) - Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got []")) - Expect(raw).To(BeNil()) - }) - - It("fail on invalid issuer public key", func() { - raw, err := CredRequest.Sign(userSecretKey, &mock.IssuerPublicKey{}, IssuerNonce) - Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [*mock.IssuerPublicKey]")) - Expect(raw).To(BeNil()) - }) - - It("fail on nil nonce", func() { - raw, err := CredRequest.Sign(userSecretKey, issuerPublicKey, nil) - Expect(err).To(MatchError("invalid issuer nonce, expected length 32, got 0")) - Expect(raw).To(BeNil()) - }) - - It("fail on empty nonce", func() { - raw, err := CredRequest.Sign(userSecretKey, issuerPublicKey, []byte{}) - Expect(err).To(MatchError("invalid issuer nonce, expected length 32, got 0")) - Expect(raw).To(BeNil()) - }) - }) - - Context("verify", func() { - It("panic on nil credential request", func() { - err := CredRequest.Verify(nil, issuerPublicKey, IssuerNonce) - Expect(err).To(MatchError(ContainSubstring("nil argument"))) - }) - - It("fail on invalid credential request", func() { - err := CredRequest.Verify([]byte{0, 1, 2, 3, 4}, issuerPublicKey, IssuerNonce) - Expect(err.Error()).To(ContainSubstring("cannot parse invalid wire-format data")) - }) - - It("fail on nil issuer public key", func() { - err := CredRequest.Verify(nil, nil, IssuerNonce) - Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got []")) - }) - - It("fail on invalid issuer public key", func() { - err := CredRequest.Verify(nil, &mock.IssuerPublicKey{}, IssuerNonce) - Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [*mock.IssuerPublicKey]")) - }) - - }) - }) - - Describe("credential", func() { - var ( - Credential types.Credential - ) - BeforeEach(func() { - Credential = &bridge.Credential{ - Idemix: &idemix.Idemix{ - Curve: math.Curves[math.FP256BN_AMCL], - }, - } - }) - - Context("sign", func() { - - It("fail on nil issuer secret key", func() { - raw, err := Credential.Sign(nil, []byte{0, 1, 2, 3, 4}, nil) - Expect(err).To(MatchError("invalid issuer secret key, expected *Big, got []")) - Expect(raw).To(BeNil()) - }) - - It("fail on invalid credential request", func() { - raw, err := Credential.Sign(issuerSecretKey, []byte{0, 1, 2, 3, 4}, nil) - Expect(err.Error()).To(ContainSubstring("failed unmarshalling credential request: proto")) - Expect(raw).To(BeNil()) - }) - - It("fail on nil inputs", func() { - raw, err := Credential.Sign(issuerSecretKey, nil, nil) - Expect(err).To(MatchError("failure [runtime error: invalid memory address or nil pointer dereference]")) - Expect(raw).To(BeNil()) - }) - - It("fail on invalid attributes", func() { - raw, err := Credential.Sign(issuerSecretKey, nil, []types.IdemixAttribute{ - {Type: 5, Value: nil}, - }) - Expect(err).To(MatchError("attribute type not allowed or supported [5] at position [0]")) - Expect(raw).To(BeNil()) - }) - }) - - Context("verify", func() { - It("fail on nil issuer public key", func() { - err := Credential.Verify(userSecretKey, nil, nil, nil) - Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [*math.Zr]")) - }) - - It("fail on invalid issuer public key", func() { - err := Credential.Verify(userSecretKey, &mock.IssuerPublicKey{}, nil, nil) - Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [*math.Zr]")) - }) - - It("fail on invalid attributes", func() { - err := Credential.Verify(userSecretKey, issuerPublicKey, nil, []types.IdemixAttribute{ - {Type: 5, Value: nil}, - }) - Expect(err).To(MatchError("attribute type not allowed or supported [5] at position [0]")) - }) - }) - }) - - Describe("revocation", func() { - var ( - Revocation types.Revocation - ) - BeforeEach(func() { - Revocation = &bridge.Revocation{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}} - }) - - Context("sign", func() { - - It("fail on nil inputs", func() { - raw, err := Revocation.Sign(nil, nil, 0, 0) - Expect(err).To(MatchError("failed creating CRI: CreateCRI received nil input")) - Expect(raw).To(BeNil()) - }) - - It("fail on invalid handlers", func() { - raw, err := Revocation.Sign(nil, [][]byte{{0, 2, 3, 4}}, 0, 0) - Expect(err).To(MatchError(ContainSubstring("CreateCRI received nil input"))) - Expect(raw).To(BeNil()) - }) - }) - - Context("verify", func() { - It("fail on nil inputs", func() { - err := Revocation.Verify(nil, nil, 0, 0) - Expect(err).To(MatchError("EpochPK invalid: received nil input")) - }) - - It("fail on malformed cri", func() { - err := Revocation.Verify(nil, []byte{0, 1, 2, 3, 4}, 0, 0) - Expect(err.Error()).To(ContainSubstring("cannot parse invalid wire-format data")) - }) - }) - }) - - Describe("signature", func() { - var ( - SignatureScheme types.SignatureScheme - ) - BeforeEach(func() { - SignatureScheme = &bridge.SignatureScheme{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}} - }) - - Context("sign", func() { - It("fail on nil issuer public key", func() { - signature, _, err := SignatureScheme.Sign(nil, userSecretKey, nymPublicKey, nymSecretKey, nil, nil, nil, 0, 0, nil, 0, nil) - Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got []")) - Expect(signature).To(BeNil()) - }) - }) - - Context("verify", func() { - It("fail on nil issuer Public key", func() { - err := SignatureScheme.Verify(nil, nil, nil, nil, 0, 2, 1, nil, 0, 0, nil) - Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got []")) - }) - - It("fail on nil signature", func() { - err := SignatureScheme.Verify(issuerPublicKey, nil, nil, nil, 0, 2, 1, nil, 0, 0, nil) - Expect(err).To(MatchError("cannot verify idemix signature: received nil input")) - }) - - It("fail on invalid signature", func() { - err := SignatureScheme.Verify(issuerPublicKey, []byte{0, 1, 2, 3, 4}, nil, nil, 0, 2, 1, nil, 0, 0, nil) - Expect(err.Error()).To(ContainSubstring("cannot parse invalid wire-format data")) - }) - - It("fail on invalid attributes", func() { - err := SignatureScheme.Verify(issuerPublicKey, nil, nil, - []types.IdemixAttribute{{Type: -1}}, 0, 2, 1, nil, 0, 0, nil) - Expect(err).To(MatchError("attribute type not allowed or supported [-1] at position [0]")) - }) - }) - }) - - Describe("nym signature", func() { - var ( - NymSignatureScheme types.NymSignatureScheme - ) - BeforeEach(func() { - NymSignatureScheme = &bridge.NymSignatureScheme{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - }) - - Context("sign", func() { - It("fail on nil issuer public key", func() { - signature, err := NymSignatureScheme.Sign(userSecretKey, nymPublicKey, nymSecretKey, nil, nil) - Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got []")) - Expect(signature).To(BeNil()) - }) - }) - - Context("verify", func() { - It("fail on nil issuer Public key", func() { - err := NymSignatureScheme.Verify(nil, nil, nil, nil, 0) - Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got []")) - }) - - It("panic on nil signature", func() { - err := NymSignatureScheme.Verify(issuerPublicKey, nymPublicKey, nil, nil, 0) - Expect(err).To(MatchError(ContainSubstring("failure [runtime error: invalid memory address or nil pointer dereference]"))) - }) - - It("fail on invalid signature", func() { - err := NymSignatureScheme.Verify(issuerPublicKey, nymPublicKey, []byte{0, 1, 2, 3, 4}, nil, 0) - Expect(err.Error()).To(ContainSubstring("error unmarshalling signature")) - }) - - }) - }) - - Describe("setting up the environment with one issuer and one user", func() { - var ( - Issuer types.Issuer - IssuerKeyGen *handlers.IssuerKeyGen - IssuerKey types.Key - IssuerPublicKey types.Key - AttributeNames []string - - User types.User - UserKeyGen *handlers.UserKeyGen - UserKey types.Key - NymKeyDerivation *handlers.NymKeyDerivation - NymKey types.Key - NymPublicKey types.Key - - CredRequest types.CredRequest - CredentialRequestSigner *handlers.CredentialRequestSigner - CredentialRequestVerifier *handlers.CredentialRequestVerifier - IssuerNonce []byte - credRequest []byte - - Credential types.Credential - CredentialSigner *handlers.CredentialSigner - CredentialVerifier *handlers.CredentialVerifier - credential []byte - - Revocation types.Revocation - RevocationKeyGen *handlers.RevocationKeyGen - RevocationKey types.Key - RevocationPublicKey types.Key - CriSigner *handlers.CriSigner - CriVerifier *handlers.CriVerifier - cri []byte - ) - - BeforeEach(func() { - // Issuer - var err error - Issuer = &bridge.Issuer{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - IssuerKeyGen = &handlers.IssuerKeyGen{Issuer: Issuer} - AttributeNames = []string{"Attr1", "Attr2", "Attr3", "Attr4", "Attr5"} - IssuerKey, err = IssuerKeyGen.KeyGen(&types.IdemixIssuerKeyGenOpts{Temporary: true, AttributeNames: AttributeNames}) - Expect(err).NotTo(HaveOccurred()) - IssuerPublicKey, err = IssuerKey.PublicKey() - Expect(err).NotTo(HaveOccurred()) - - // User - User = &bridge.User{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - UserKeyGen = &handlers.UserKeyGen{User: User} - UserKey, err = UserKeyGen.KeyGen(&types.IdemixUserSecretKeyGenOpts{}) - Expect(err).NotTo(HaveOccurred()) - - // User Nym Key - NymKeyDerivation = &handlers.NymKeyDerivation{User: User, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - NymKey, err = NymKeyDerivation.KeyDeriv(UserKey, &types.IdemixNymKeyDerivationOpts{IssuerPK: IssuerPublicKey}) - Expect(err).NotTo(HaveOccurred()) - NymPublicKey, err = NymKey.PublicKey() - Expect(err).NotTo(HaveOccurred()) - - // Credential Request for User - IssuerNonce = make([]byte, 32) - n, err := rand.Read(IssuerNonce) - Expect(n).To(BeEquivalentTo(32)) - Expect(err).NotTo(HaveOccurred()) - - CredRequest = &bridge.CredRequest{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - CredentialRequestSigner = &handlers.CredentialRequestSigner{CredRequest: CredRequest} - CredentialRequestVerifier = &handlers.CredentialRequestVerifier{CredRequest: CredRequest} - credRequest, err = CredentialRequestSigner.Sign( - UserKey, - nil, - &types.IdemixCredentialRequestSignerOpts{IssuerPK: IssuerPublicKey, IssuerNonce: IssuerNonce}, - ) - Expect(err).NotTo(HaveOccurred()) - - // Credential - Credential = &bridge.Credential{ - Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}, - Idemix: &idemix.Idemix{ - Curve: math.Curves[math.FP256BN_AMCL], - }, - } - CredentialSigner = &handlers.CredentialSigner{Credential: Credential} - CredentialVerifier = &handlers.CredentialVerifier{Credential: Credential} - credential, err = CredentialSigner.Sign( - IssuerKey, - credRequest, - &types.IdemixCredentialSignerOpts{ - Attributes: []types.IdemixAttribute{ - {Type: types.IdemixBytesAttribute, Value: []byte{0}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1}}, - {Type: types.IdemixBytesAttribute, Value: []byte{2, 1, 0}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1, 2, 3}}, - }, - }, - ) - Expect(err).NotTo(HaveOccurred()) - - // Revocation - Revocation = &bridge.Revocation{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - RevocationKeyGen = &handlers.RevocationKeyGen{Revocation: Revocation} - RevocationKey, err = RevocationKeyGen.KeyGen(&types.IdemixRevocationKeyGenOpts{}) - Expect(err).NotTo(HaveOccurred()) - RevocationPublicKey, err = RevocationKey.PublicKey() - Expect(err).NotTo(HaveOccurred()) - - // CRI - CriSigner = &handlers.CriSigner{Revocation: Revocation} - CriVerifier = &handlers.CriVerifier{Revocation: Revocation} - cri, err = CriSigner.Sign( - RevocationKey, - nil, - &types.IdemixCRISignerOpts{}, - ) - Expect(err).NotTo(HaveOccurred()) - }) - - It("the environment is properly set", func() { - // Verify CredRequest - valid, err := CredentialRequestVerifier.Verify( - IssuerPublicKey, - credRequest, - nil, - &types.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce}, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - // Verify Credential - valid, err = CredentialVerifier.Verify( - UserKey, - credential, - nil, - &types.IdemixCredentialSignerOpts{ - IssuerPK: IssuerPublicKey, - Attributes: []types.IdemixAttribute{ - {Type: types.IdemixBytesAttribute, Value: []byte{0}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1}}, - {Type: types.IdemixBytesAttribute, Value: []byte{2, 1, 0}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, - {Type: types.IdemixHiddenAttribute}, - }, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - // Verify CRI - valid, err = CriVerifier.Verify( - RevocationPublicKey, - cri, - nil, - &types.IdemixCRISignerOpts{}, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - Context("the environment is not valid with the respect to different parameters", func() { - - It("invalid credential request nonce", func() { - valid, err := CredentialRequestVerifier.Verify( - IssuerPublicKey, - credRequest, - nil, - &types.IdemixCredentialRequestSignerOpts{IssuerNonce: []byte("pine-apple-pine-apple-pine-apple")}, - ) - Expect(err).To(MatchError(fmt.Sprintf("invalid nonce, expected [%v], got [%v]", []byte("pine-apple-pine-apple-pine-apple"), IssuerNonce))) - Expect(valid).NotTo(BeTrue()) - }) - - It("invalid credential request nonce, too short", func() { - valid, err := CredentialRequestVerifier.Verify( - IssuerPublicKey, - credRequest, - nil, - &types.IdemixCredentialRequestSignerOpts{IssuerNonce: []byte("pin-apple-pine-apple-pineapple")}, - ) - Expect(err).To(MatchError("invalid issuer nonce, expected length 32, got 30")) - Expect(valid).NotTo(BeTrue()) - }) - - It("invalid credential request", func() { - if credRequest[4] == 0 { - credRequest[4] = 1 - } else { - credRequest[4] = 0 - } - valid, err := CredentialRequestVerifier.Verify( - IssuerPublicKey, - credRequest, - nil, - &types.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce}, - ) - Expect(err).To(MatchError("zero knowledge proof is invalid")) - Expect(valid).NotTo(BeTrue()) - }) - - It("invalid credential request in verifying credential", func() { - if credRequest[4] == 0 { - credRequest[4] = 1 - } else { - credRequest[4] = 0 - } - credential, err := CredentialSigner.Sign( - IssuerKey, - credRequest, - &types.IdemixCredentialSignerOpts{ - Attributes: []types.IdemixAttribute{ - {Type: types.IdemixBytesAttribute, Value: []byte{0}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1}}, - {Type: types.IdemixBytesAttribute, Value: []byte{2, 1, 0}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1, 2, 3}}, - }, - }, - ) - Expect(err).To(MatchError("failed creating new credential: zero knowledge proof is invalid")) - Expect(credential).To(BeNil()) - }) - - It("nil credential", func() { - // Verify Credential - valid, err := CredentialVerifier.Verify( - UserKey, - nil, - nil, - &types.IdemixCredentialSignerOpts{ - IssuerPK: IssuerPublicKey, - Attributes: []types.IdemixAttribute{ - {Type: types.IdemixBytesAttribute, Value: []byte{1}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1}}, - {Type: types.IdemixBytesAttribute, Value: []byte{2, 1, 0}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, - {Type: types.IdemixHiddenAttribute}, - }, - }, - ) - Expect(err).To(MatchError("invalid signature, it must not be empty")) - Expect(valid).To(BeFalse()) - }) - - It("malformed credential", func() { - // Verify Credential - valid, err := CredentialVerifier.Verify( - UserKey, - []byte{0, 1, 2, 3, 4}, - nil, - &types.IdemixCredentialSignerOpts{ - IssuerPK: IssuerPublicKey, - Attributes: []types.IdemixAttribute{ - {Type: types.IdemixBytesAttribute, Value: []byte{1}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1}}, - {Type: types.IdemixBytesAttribute, Value: []byte{2, 1, 0}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, - {Type: types.IdemixHiddenAttribute}, - }, - }, - ) - Expect(err.Error()).To(ContainSubstring("cannot parse invalid wire-format data")) - Expect(valid).To(BeFalse()) - }) - - It("invalid credential", func() { - // Invalidate credential by changing it in one position - if credential[4] == 0 { - credential[4] = 1 - } else { - credential[4] = 0 - } - - // Verify Credential - valid, err := CredentialVerifier.Verify( - UserKey, - credential, - nil, - &types.IdemixCredentialSignerOpts{ - IssuerPK: IssuerPublicKey, - Attributes: []types.IdemixAttribute{ - {Type: types.IdemixBytesAttribute, Value: []byte{0}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1}}, - {Type: types.IdemixBytesAttribute, Value: []byte{2, 1, 0}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, - {Type: types.IdemixHiddenAttribute}, - }, - }, - ) - Expect(err).To(MatchError("credential is not cryptographically valid")) - Expect(valid).To(BeFalse()) - }) - - It("invalid byte array in credential", func() { - // Verify Credential - valid, err := CredentialVerifier.Verify( - UserKey, - credential, - nil, - &types.IdemixCredentialSignerOpts{ - IssuerPK: IssuerPublicKey, - Attributes: []types.IdemixAttribute{ - {Type: types.IdemixBytesAttribute, Value: []byte{1}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1}}, - {Type: types.IdemixIntAttribute, Value: 1}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, - {Type: types.IdemixHiddenAttribute}, - }, - }, - ) - Expect(err).To(MatchError("credential does not contain the correct attribute value at position [0]")) - Expect(valid).To(BeFalse()) - }) - - It("invalid int in credential", func() { - // Verify Credential - valid, err := CredentialVerifier.Verify( - UserKey, - credential, - nil, - &types.IdemixCredentialSignerOpts{ - IssuerPK: IssuerPublicKey, - Attributes: []types.IdemixAttribute{ - {Type: types.IdemixBytesAttribute, Value: []byte{0}}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1}}, - {Type: types.IdemixIntAttribute, Value: 2}, - {Type: types.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, - {Type: types.IdemixHiddenAttribute}, - }, - }, - ) - Expect(err).To(MatchError("credential does not contain the correct attribute value at position [2]")) - Expect(valid).To(BeFalse()) - - }) - - It("invalid cri", func() { - // Verify CRI - cri[8] = 0 - valid, err := CriVerifier.Verify( - RevocationPublicKey, - cri, - nil, - &types.IdemixCRISignerOpts{}, - ) - Expect(err).To(MatchError("EpochPKSig invalid")) - Expect(valid).To(BeFalse()) - }) - }) - - Describe("the environment is not properly set", func() { - - Describe("issuer", func() { - Context("duplicate attribute", func() { - It("returns an error", func() { - AttributeNames = []string{"A", "A"} - IssuerKey, err := IssuerKeyGen.KeyGen(&types.IdemixIssuerKeyGenOpts{Temporary: true, AttributeNames: AttributeNames}) - Expect(err).To(MatchError("attribute A appears multiple times in AttributeNames")) - Expect(IssuerKey).To(BeNil()) - }) - }) - }) - - }) - - Describe("producing a signature with a nym eid", func() { - var ( - SignatureScheme types.SignatureScheme - Signer *handlers.Signer - Verifier *handlers.Verifier - - digest []byte - SignerOpts *types.IdemixSignerOpts - signature []byte - ) - - BeforeEach(func() { - SignatureScheme = &bridge.SignatureScheme{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - Signer = &handlers.Signer{SignatureScheme: SignatureScheme} - Verifier = &handlers.Verifier{SignatureScheme: SignatureScheme} - - digest = []byte("a digest") - SignerOpts = &types.IdemixSignerOpts{ - Credential: credential, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: []types.IdemixAttribute{ - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - }, - RhIndex: 2, - EidIndex: 3, - SigType: types.EidNym, - } - - var err error - signature, err = Signer.Sign(UserKey, digest, SignerOpts) - Expect(err).NotTo(HaveOccurred()) - }) - - It("nym eid audit succeed", func() { - valid, err := Verifier.AuditNymEid(IssuerPublicKey, signature, digest, &types.EidNymAuditOpts{ - EidIndex: 3, - RNymEid: SignerOpts.Metadata.EidNymAuditData.Rand, - EnrollmentID: string([]byte{0, 1, 2}), - AuditVerificationType: types.AuditExpectSignature, - }) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - valid, err = Verifier.AuditNymEid(IssuerPublicKey, SignerOpts.Metadata.EidNymAuditData.Nym.Bytes(), digest, &types.EidNymAuditOpts{ - EidIndex: 3, - RNymEid: SignerOpts.Metadata.EidNymAuditData.Rand, - EnrollmentID: string([]byte{0, 1, 2}), - AuditVerificationType: types.AuditExpectEidNym, - }) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - - valid, err = Verifier.AuditNymEid(IssuerPublicKey, SignerOpts.Metadata.EidNymAuditData.Nym.Bytes(), digest, &types.EidNymAuditOpts{ - EidIndex: 3, - RNymEid: SignerOpts.Metadata.EidNymAuditData.Rand, - EnrollmentID: string([]byte{0, 1, 2}), - AuditVerificationType: types.AuditExpectEidNymRhNym, - }) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - It("fails because it gets the wrong type of signature", func() { - valid, err := Verifier.AuditNymEid(IssuerPublicKey, []byte("To ride the storm, to an empire of the clouds"), digest, &types.EidNymAuditOpts{ - EidIndex: 3, - RNymEid: SignerOpts.Metadata.EidNymAuditData.Rand, - EnrollmentID: string([]byte{0, 1, 2}), - }) - Expect(err.Error()).To(ContainSubstring("cannot parse invalid wire-format data")) - Expect(valid).To(BeFalse()) - }) - }) - - Describe("producing a signature with a nym eid and a nym rh", func() { - var ( - SignatureScheme types.SignatureScheme - Signer *handlers.Signer - Verifier *handlers.Verifier - - digest []byte - SignerOpts *types.IdemixSignerOpts - signature []byte - ) - - BeforeEach(func() { - SignatureScheme = &bridge.SignatureScheme{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - Signer = &handlers.Signer{SignatureScheme: SignatureScheme} - Verifier = &handlers.Verifier{SignatureScheme: SignatureScheme} - - digest = []byte("a digest") - SignerOpts = &types.IdemixSignerOpts{ - Credential: credential, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: []types.IdemixAttribute{ - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - }, - RhIndex: 2, - EidIndex: 3, - SigType: types.EidNymRhNym, - } - - var err error - signature, err = Signer.Sign(UserKey, digest, SignerOpts) - Expect(err).NotTo(HaveOccurred()) - }) - - It("nym eid and rh audit succeed", func() { - validNymEid, err := Verifier.AuditNymEid(IssuerPublicKey, signature, digest, &types.EidNymAuditOpts{ - EidIndex: 3, - RNymEid: SignerOpts.Metadata.EidNymAuditData.Rand, - EnrollmentID: string([]byte{0, 1, 2}), - }) - Expect(err).NotTo(HaveOccurred()) - Expect(validNymEid).To(BeTrue()) - - validNymRh, err := Verifier.AuditNymRh(IssuerPublicKey, signature, digest, &types.RhNymAuditOpts{ - RhIndex: 2, - RNymRh: SignerOpts.Metadata.RhNymAuditData.Rand, - RevocationHandle: string([]byte{2, 1, 0}), - AuditVerificationType: types.AuditExpectSignature, - }) - Expect(err).NotTo(HaveOccurred()) - Expect(validNymRh).To(BeTrue()) - - validNymRh, err = Verifier.AuditNymRh(IssuerPublicKey, SignerOpts.Metadata.RhNymAuditData.Nym.Bytes(), digest, &types.RhNymAuditOpts{ - RhIndex: 2, - RNymRh: SignerOpts.Metadata.RhNymAuditData.Rand, - RevocationHandle: string([]byte{2, 1, 0}), - AuditVerificationType: types.AuditExpectEidNymRhNym, - }) - Expect(err).NotTo(HaveOccurred()) - Expect(validNymRh).To(BeTrue()) - - _, err = Verifier.AuditNymRh(IssuerPublicKey, SignerOpts.Metadata.RhNymAuditData.Nym.Bytes(), digest, &types.RhNymAuditOpts{ - RhIndex: 2, - RNymRh: SignerOpts.Metadata.RhNymAuditData.Rand, - RevocationHandle: string([]byte{2, 1, 0}), - AuditVerificationType: types.AuditExpectEidNym, - }) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("invalid audit type [1]")) - }) - - It("fails because it gets the wrong type of signature", func() { - validNymEid, err := Verifier.AuditNymEid(IssuerPublicKey, []byte("To ride the storm, to an empire of the clouds"), digest, &types.EidNymAuditOpts{ - EidIndex: 3, - RNymEid: SignerOpts.Metadata.EidNymAuditData.Rand, - EnrollmentID: string([]byte{0, 1, 2}), - }) - Expect(err.Error()).To(ContainSubstring("cannot parse invalid wire-format data")) - Expect(validNymEid).To(BeFalse()) - - validNymRh, err := Verifier.AuditNymRh(IssuerPublicKey, []byte("To ride the storm, to an empire of the clouds"), digest, &types.RhNymAuditOpts{ - RhIndex: 2, - RNymRh: SignerOpts.Metadata.RhNymAuditData.Rand, - RevocationHandle: string([]byte{2, 1, 0}), - }) - Expect(err.Error()).To(ContainSubstring("cannot parse invalid wire-format data")) - Expect(validNymRh).To(BeFalse()) - }) - }) - - Describe("producing and verifying idemix signature with different sets of attributes", func() { - var ( - SignatureScheme types.SignatureScheme - Signer *handlers.Signer - Verifier *handlers.Verifier - digest []byte - signature []byte - - SignAttributes []types.IdemixAttribute - VerifyAttributes []types.IdemixAttribute - RhIndex int - Epoch int - errMessage string - validity bool - ) - - BeforeEach(func() { - SignatureScheme = &bridge.SignatureScheme{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - Signer = &handlers.Signer{SignatureScheme: SignatureScheme} - Verifier = &handlers.Verifier{SignatureScheme: SignatureScheme} - - digest = []byte("a digest") - RhIndex = 4 - Epoch = 0 - errMessage = "" - }) - - It("the signature with no disclosed attributes is valid", func() { - validity = true - SignAttributes = []types.IdemixAttribute{ - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - } - VerifyAttributes = SignAttributes - }) - - It("the signature with disclosed attributes is valid", func() { - validity = true - SignAttributes = []types.IdemixAttribute{ - {Type: types.IdemixBytesAttribute, Value: []byte{0}}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - } - VerifyAttributes = SignAttributes - }) - - It("the signature with different disclosed attributes is not valid", func() { - validity = false - errMessage = "signature invalid: zero-knowledge proof is invalid" - SignAttributes = []types.IdemixAttribute{ - {Type: types.IdemixBytesAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixIntAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - } - VerifyAttributes = []types.IdemixAttribute{ - {Type: types.IdemixBytesAttribute, Value: []byte{1}}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixIntAttribute, Value: 1}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - } - }) - - It("the signature with different disclosed attributes is not valid", func() { - validity = false - errMessage = "signature invalid: zero-knowledge proof is invalid" - SignAttributes = []types.IdemixAttribute{ - {Type: types.IdemixBytesAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixIntAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - } - VerifyAttributes = []types.IdemixAttribute{ - {Type: types.IdemixBytesAttribute, Value: []byte{0}}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixIntAttribute, Value: 10}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - } - }) - - AfterEach(func() { - var err error - signature, err = Signer.Sign( - UserKey, - digest, - &types.IdemixSignerOpts{ - Credential: credential, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: SignAttributes, - RhIndex: RhIndex, - EidIndex: 2, - Epoch: Epoch, - CRI: cri, - }, - ) - Expect(err).NotTo(HaveOccurred()) - - valid, err := Verifier.Verify( - IssuerPublicKey, - signature, - digest, - &types.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: VerifyAttributes, - RhIndex: RhIndex, - EidIndex: 2, - Epoch: Epoch, - }, - ) - - if errMessage == "" { - Expect(err).NotTo(HaveOccurred()) - } else { - Expect(err).To(MatchError(errMessage)) - } - Expect(valid).To(BeEquivalentTo(validity)) - }) - - }) - - Context("producing an idemix signature", func() { - var ( - SignatureScheme types.SignatureScheme - Signer *handlers.Signer - SignAttributes []types.IdemixAttribute - Verifier *handlers.Verifier - ) - - BeforeEach(func() { - SignatureScheme = &bridge.SignatureScheme{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - Signer = &handlers.Signer{SignatureScheme: SignatureScheme} - SignAttributes = []types.IdemixAttribute{ - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - } - Verifier = &handlers.Verifier{SignatureScheme: SignatureScheme} - }) - - It("fails when the credential is malformed", func() { - signature, err := Signer.Sign( - UserKey, - []byte("a message"), - &types.IdemixSignerOpts{ - Credential: []byte{0, 1, 2, 3}, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: SignAttributes, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - CRI: cri, - }, - ) - Expect(err.Error()).To(ContainSubstring("cannot parse invalid wire-format data")) - Expect(signature).To(BeNil()) - }) - - It("fails when the cri is malformed", func() { - signature, err := Signer.Sign( - UserKey, - []byte("a message"), - &types.IdemixSignerOpts{ - Credential: credential, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: SignAttributes, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - CRI: []byte{0, 1, 2, 3, 4}, - }, - ) - Expect(err.Error()).To(ContainSubstring("failed unmarshalling credential revocation information: proto")) - Expect(signature).To(BeNil()) - }) - - It("fails when invalid rhIndex is passed", func() { - signature, err := Signer.Sign( - UserKey, - []byte("a message"), - &types.IdemixSignerOpts{ - Credential: credential, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: SignAttributes, - RhIndex: 5, - EidIndex: 2, - Epoch: 0, - CRI: cri, - }, - ) - Expect(err).To(MatchError("failed creating new signature: cannot create idemix signature: received invalid input")) - Expect(signature).To(BeNil()) - }) - - It("fails when the credential is invalid", func() { - if credential[4] != 0 { - credential[4] = 0 - } else { - credential[4] = 1 - } - - signature, err := Signer.Sign( - UserKey, - []byte("a message"), - &types.IdemixSignerOpts{ - Credential: credential, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: SignAttributes, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - CRI: cri, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(signature).NotTo(BeNil()) - - valid, err := Verifier.Verify( - IssuerPublicKey, - signature, - []byte("a message"), - &types.IdemixSignerOpts{ - RevocationPublicKey: RevocationPublicKey, - Attributes: SignAttributes, - RhIndex: 0, - EidIndex: 2, - Epoch: 0, - }, - ) - Expect(err).To(MatchError("signature invalid: APrime = 1")) - Expect(valid).To(BeFalse()) - - }) - - It("fails when the credential is nil", func() { - credential[4] = 0 - signature, err := Signer.Sign( - UserKey, - []byte("a message"), - &types.IdemixSignerOpts{ - Credential: nil, - Nym: NymKey, - IssuerPK: IssuerPublicKey, - Attributes: SignAttributes, - RhIndex: 4, - EidIndex: 2, - Epoch: 0, - CRI: cri, - }, - ) - Expect(err).To(MatchError(ContainSubstring("nil argument"))) - Expect(signature).To(BeNil()) - }) - }) - - Describe("producing an idemix nym signature", func() { - var ( - NymSignatureScheme *bridge.NymSignatureScheme - NymSigner *handlers.NymSigner - NymVerifier *handlers.NymVerifier - digest []byte - signature []byte - ) - - BeforeEach(func() { - var err error - NymSignatureScheme = &bridge.NymSignatureScheme{Idemix: &idemix.Idemix{Curve: math.Curves[math.FP256BN_AMCL]}, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - NymSigner = &handlers.NymSigner{NymSignatureScheme: NymSignatureScheme} - NymVerifier = &handlers.NymVerifier{NymSignatureScheme: NymSignatureScheme} - - digest = []byte("a digest") - - signature, err = NymSigner.Sign( - UserKey, - digest, - &types.IdemixNymSignerOpts{ - Nym: NymKey, - IssuerPK: IssuerPublicKey, - }, - ) - Expect(err).NotTo(HaveOccurred()) - }) - - It("the signature is valid", func() { - valid, err := NymVerifier.Verify( - NymPublicKey, - signature, - digest, - &types.IdemixNymSignerOpts{ - IssuerPK: IssuerPublicKey, - }, - ) - Expect(err).NotTo(HaveOccurred()) - Expect(valid).To(BeTrue()) - }) - - Context("the signature is malformed", func() { - var nymSignature *idemix.NymSignature - - BeforeEach(func() { - nymSignature = &idemix.NymSignature{} - err := proto.Unmarshal(signature, nymSignature) - Expect(err).NotTo(HaveOccurred()) - }) - - marshalAndVerify := func(nymSignature *idemix.NymSignature) (bool, error) { - signature, err := proto.Marshal(nymSignature) - Expect(err).NotTo(HaveOccurred()) - - return NymVerifier.Verify( - NymPublicKey, - signature, - digest, - &types.IdemixNymSignerOpts{ - IssuerPK: IssuerPublicKey, - }, - ) - } - - Context("cause nonce does not encode a proper Big", func() { - It("returns an error", func() { - nymSignature.Nonce = []byte{0, 1, 2, 3, 4} - valid, err := marshalAndVerify(nymSignature) - Expect(valid).To(BeFalse()) - Expect(err).To(MatchError(ContainSubstring("pseudonym signature invalid: zero-knowledge proof is invalid"))) - }) - }) - - Context("cause nonce is nil", func() { - It("returns an error", func() { - nymSignature.Nonce = nil - valid, err := marshalAndVerify(nymSignature) - Expect(valid).To(BeFalse()) - Expect(err).To(MatchError(ContainSubstring("pseudonym signature invalid: zero-knowledge proof is invalid"))) - }) - }) - - Context("cause nonce encode a different thing", func() { - It("returns an error", func() { - var err error - nymSignature.Nonce = math.Curves[math.FP256BN_AMCL].NewZrFromInt(1).Bytes() - - valid, err := marshalAndVerify(nymSignature) - Expect(valid).To(BeFalse()) - Expect(err).To(MatchError("pseudonym signature invalid: zero-knowledge proof is invalid")) - }) - }) - - Context("cause ProofC is not encoded properly", func() { - It("returns an error", func() { - nymSignature.ProofC = []byte{0, 1, 2, 3, 4} - - valid, err := marshalAndVerify(nymSignature) - Expect(valid).To(BeFalse()) - Expect(err).To(MatchError(ContainSubstring("pseudonym signature invalid: zero-knowledge proof is invalid"))) - }) - }) - - Context("cause ProofC is nil", func() { - It("returns an error", func() { - nymSignature.ProofC = nil - - valid, err := marshalAndVerify(nymSignature) - Expect(valid).To(BeFalse()) - Expect(err).To(MatchError(ContainSubstring("pseudonym signature invalid: zero-knowledge proof is invalid"))) - }) - }) - - Context("cause ProofC encode a different thing", func() { - It("returns an error", func() { - var err error - nymSignature.Nonce = math.Curves[math.FP256BN_AMCL].NewZrFromInt(1).Bytes() - - valid, err := marshalAndVerify(nymSignature) - Expect(valid).To(BeFalse()) - Expect(err).To(MatchError("pseudonym signature invalid: zero-knowledge proof is invalid")) - }) - }) - - Context("cause ProofSRNym is not encoded properly", func() { - It("returns an error", func() { - nymSignature.ProofSRNym = []byte{0, 1, 2, 3, 4} - - valid, err := marshalAndVerify(nymSignature) - Expect(valid).To(BeFalse()) - Expect(err).To(MatchError(ContainSubstring("pseudonym signature invalid: zero-knowledge proof is invalid"))) - }) - }) - - Context("cause ProofSRNym is nil", func() { - It("returns an error", func() { - nymSignature.ProofSRNym = nil - valid, err := marshalAndVerify(nymSignature) - Expect(valid).To(BeFalse()) - Expect(err).To(MatchError(ContainSubstring("pseudonym signature invalid: zero-knowledge proof is invalid"))) - }) - }) - - Context("cause ProofSRNym encode a different thing", func() { - It("returns an error", func() { - var err error - nymSignature.Nonce = math.Curves[math.FP256BN_AMCL].NewZrFromInt(1).Bytes() - - valid, err := marshalAndVerify(nymSignature) - Expect(valid).To(BeFalse()) - Expect(err).To(MatchError("pseudonym signature invalid: zero-knowledge proof is invalid")) - }) - }) - - Context("cause ProofSSk is not encoded properly", func() { - It("returns an error", func() { - nymSignature.ProofSSk = []byte{0, 1, 2, 3, 4} - - valid, err := marshalAndVerify(nymSignature) - Expect(valid).To(BeFalse()) - Expect(err).To(MatchError(ContainSubstring("pseudonym signature invalid: zero-knowledge proof is invalid"))) - }) - }) - - Context("cause ProofSSk is nil", func() { - It("returns an error", func() { - nymSignature.ProofSSk = nil - - valid, err := marshalAndVerify(nymSignature) - Expect(valid).To(BeFalse()) - Expect(err).To(MatchError(ContainSubstring("pseudonym signature invalid: zero-knowledge proof is invalid"))) - }) - }) - - Context("cause ProofSSk encode a different thing", func() { - It("returns an error", func() { - var err error - nymSignature.Nonce = math.Curves[math.FP256BN_AMCL].NewZrFromInt(1).Bytes() - - valid, err := marshalAndVerify(nymSignature) - Expect(valid).To(BeFalse()) - Expect(err).To(MatchError("pseudonym signature invalid: zero-knowledge proof is invalid")) - }) - }) - }) - }) - - Context("importing nym key", func() { - var ( - NymPublicKeyImporter *handlers.NymPublicKeyImporter - ) - - BeforeEach(func() { - NymPublicKeyImporter = &handlers.NymPublicKeyImporter{User: User, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - }) - - It("nym key import is successful", func() { - // User Nym Key - NymKeyDerivation = &handlers.NymKeyDerivation{User: User, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} - NymKey, err := NymKeyDerivation.KeyDeriv(UserKey, &types.IdemixNymKeyDerivationOpts{IssuerPK: IssuerPublicKey}) - Expect(err).NotTo(HaveOccurred()) - NymPublicKey, err = NymKey.PublicKey() - Expect(err).NotTo(HaveOccurred()) - - raw, err := NymPublicKey.Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(raw).NotTo(BeEmpty()) - - k, err := NymPublicKeyImporter.KeyImport(raw, nil) - Expect(err).NotTo(HaveOccurred()) - raw2, err := k.Bytes() - Expect(err).NotTo(HaveOccurred()) - Expect(raw2).To(BeEquivalentTo(raw)) - }) - }) - }) -}) diff --git a/bccsp/schemes/dlog/bridge/credential.go b/bccsp/schemes/dlog/bridge/credential.go deleted file mode 100644 index 062a1486..00000000 --- a/bccsp/schemes/dlog/bridge/credential.go +++ /dev/null @@ -1,130 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ -package bridge - -import ( - "bytes" - - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - "github.com/IBM/idemix/bccsp/types" - math "github.com/IBM/mathlib" - "github.com/golang/protobuf/proto" - "github.com/pkg/errors" -) - -// Credential encapsulates the idemix algorithms to produce (sign) a credential -// and verify it. Recall that a credential is produced by the Issuer upon a credential request, -// and it is verified by the requester. -type Credential struct { - Translator idemix.Translator - Idemix *idemix.Idemix -} - -// Sign produces an idemix credential. It takes in input the issuer secret key, -// a serialised credential request, and a list of attribute values. -// Notice that attributes should not contain attributes whose type is IdemixHiddenAttribute -// cause the credential needs to carry all the attribute values. -func (c *Credential) Sign(key types.IssuerSecretKey, credentialRequest []byte, attributes []types.IdemixAttribute) (res []byte, err error) { - defer func() { - if r := recover(); r != nil { - res = nil - err = errors.Errorf("failure [%s]", r) - } - }() - - iisk, ok := key.(*IssuerSecretKey) - if !ok { - return nil, errors.Errorf("invalid issuer secret key, expected *Big, got [%T]", key) - } - - cr := &idemix.CredRequest{} - err = proto.Unmarshal(credentialRequest, cr) - if err != nil { - return nil, errors.Wrap(err, "failed unmarshalling credential request") - } - - attrValues := make([]*math.Zr, len(attributes)) - for i := 0; i < len(attributes); i++ { - switch attributes[i].Type { - case types.IdemixBytesAttribute: - attrValues[i] = c.Idemix.Curve.HashToZr(attributes[i].Value.([]byte)) - case types.IdemixIntAttribute: - var value int64 - if v, ok := attributes[i].Value.(int); ok { - value = int64(v) - } else if v, ok := attributes[i].Value.(int64); ok { - value = v - } else { - return nil, errors.Errorf("invalid int type for IdemixIntAttribute attribute") - } - attrValues[i] = c.Idemix.Curve.NewZrFromInt(value) - default: - return nil, errors.Errorf("attribute type not allowed or supported [%v] at position [%d]", attributes[i].Type, i) - } - } - - cred, err := c.Idemix.NewCredential(iisk.SK, cr, attrValues, newRandOrPanic(c.Idemix.Curve), c.Translator) - if err != nil { - return nil, errors.WithMessage(err, "failed creating new credential") - } - - return proto.Marshal(cred) -} - -// Verify checks that an idemix credential is cryptographically correct. It takes -// in input the user secret key (sk), the issuer public key (ipk), the serialised credential (credential), -// and a list of attributes. The list of attributes is optional, in case it is specified, Verify -// checks that the credential carries the specified attributes. -func (c *Credential) Verify(sk *math.Zr, ipk types.IssuerPublicKey, credential []byte, attributes []types.IdemixAttribute) (err error) { - defer func() { - if r := recover(); r != nil { - err = errors.Errorf("failure [%s]", r) - } - }() - - iipk, ok := ipk.(*IssuerPublicKey) - if !ok { - return errors.Errorf("invalid issuer public key, expected *IssuerPublicKey, got [%T]", sk) - } - - cred := &idemix.Credential{} - err = proto.Unmarshal(credential, cred) - if err != nil { - return err - } - - for i := 0; i < len(attributes); i++ { - switch attributes[i].Type { - case types.IdemixBytesAttribute: - if !bytes.Equal( - c.Idemix.Curve.HashToZr(attributes[i].Value.([]byte)).Bytes(), - cred.Attrs[i]) { - return errors.Errorf("credential does not contain the correct attribute value at position [%d]", i) - } - case types.IdemixIntAttribute: - var value int64 - if v, ok := attributes[i].Value.(int); ok { - value = int64(v) - } else if v, ok := attributes[i].Value.(int64); ok { - value = v - } else { - return errors.Errorf("invalid int type for IdemixIntAttribute attribute") - } - - if !bytes.Equal( - c.Idemix.Curve.NewZrFromInt(value).Bytes(), - cred.Attrs[i]) { - return errors.Errorf("credential does not contain the correct attribute value at position [%d]", i) - } - case types.IdemixHiddenAttribute: - continue - default: - return errors.Errorf("attribute type not allowed or supported [%v] at position [%d]", attributes[i].Type, i) - } - } - - return cred.Ver(sk, iipk.PK, c.Idemix.Curve, c.Translator) -} diff --git a/bccsp/schemes/dlog/bridge/credrequest.go b/bccsp/schemes/dlog/bridge/credrequest.go deleted file mode 100644 index 8cde1593..00000000 --- a/bccsp/schemes/dlog/bridge/credrequest.go +++ /dev/null @@ -1,92 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ -package bridge - -import ( - "bytes" - - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - "github.com/IBM/idemix/bccsp/types" - math "github.com/IBM/mathlib" - "github.com/golang/protobuf/proto" - "github.com/pkg/errors" -) - -// CredRequest encapsulates the idemix algorithms to produce (sign) a credential request -// and verify it. Recall that a credential request is produced by a user, -// and it is verified by the issuer at credential creation time. -type CredRequest struct { - Translator idemix.Translator - Idemix *idemix.Idemix -} - -// Sign produces an idemix credential request. It takes in input a user secret key and -// an issuer public key. -func (cr *CredRequest) Sign(sk *math.Zr, ipk types.IssuerPublicKey, nonce []byte) (res []byte, err error) { - defer func() { - if r := recover(); r != nil { - res = nil - err = errors.Errorf("failure [%s]", r) - } - }() - - iipk, ok := ipk.(*IssuerPublicKey) - if !ok { - return nil, errors.Errorf("invalid issuer public key, expected *IssuerPublicKey, got [%T]", ipk) - } - if len(nonce) != cr.Idemix.Curve.ScalarByteSize { - return nil, errors.Errorf("invalid issuer nonce, expected length %d, got %d", cr.Idemix.Curve.ScalarByteSize, len(nonce)) - } - - credRequest, err := cr.Idemix.NewCredRequest( - sk, - nonce, - iipk.PK, - newRandOrPanic(cr.Idemix.Curve), - cr.Translator, - ) - if err != nil { - return nil, err - } - - return proto.Marshal(credRequest) -} - -// Verify checks that the passed credential request is valid with the respect to the passed -// issuer public key. -func (cr *CredRequest) Verify(credentialRequest []byte, ipk types.IssuerPublicKey, nonce []byte) (err error) { - defer func() { - if r := recover(); r != nil { - err = errors.Errorf("failure [%s]", r) - } - }() - - credRequest := &idemix.CredRequest{} - err = proto.Unmarshal(credentialRequest, credRequest) - if err != nil { - return err - } - - iipk, ok := ipk.(*IssuerPublicKey) - if !ok { - return errors.Errorf("invalid issuer public key, expected *IssuerPublicKey, got [%T]", ipk) - } - - err = credRequest.Check(iipk.PK, cr.Idemix.Curve, cr.Translator) - if err != nil { - return err - } - - // Nonce checks - if len(nonce) != cr.Idemix.Curve.ScalarByteSize { - return errors.Errorf("invalid issuer nonce, expected length %d, got %d", cr.Idemix.Curve.ScalarByteSize, len(nonce)) - } - if !bytes.Equal(nonce, credRequest.IssuerNonce) { - return errors.Errorf("invalid nonce, expected [%v], got [%v]", nonce, credRequest.IssuerNonce) - } - - return nil -} diff --git a/bccsp/schemes/dlog/bridge/issuer.go b/bccsp/schemes/dlog/bridge/issuer.go deleted file mode 100644 index 1fcfb550..00000000 --- a/bccsp/schemes/dlog/bridge/issuer.go +++ /dev/null @@ -1,147 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ -package bridge - -import ( - "fmt" - - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - "github.com/IBM/idemix/bccsp/types" - bccsp "github.com/IBM/idemix/bccsp/types" - "github.com/golang/protobuf/proto" - "github.com/pkg/errors" -) - -// IssuerPublicKey encapsulate an idemix issuer public key. -type IssuerPublicKey struct { - PK *idemix.IssuerPublicKey -} - -func (o *IssuerPublicKey) Bytes() ([]byte, error) { - return proto.Marshal(o.PK) -} - -func (o *IssuerPublicKey) Hash() []byte { - return o.PK.Hash -} - -// IssuerPublicKey encapsulate an idemix issuer secret key. -type IssuerSecretKey struct { - SK *idemix.IssuerKey -} - -func (o *IssuerSecretKey) Bytes() ([]byte, error) { - return proto.Marshal(o.SK) -} - -func (o *IssuerSecretKey) Public() types.IssuerPublicKey { - return &IssuerPublicKey{o.SK.Ipk} -} - -// Issuer encapsulates the idemix algorithms to generate issuer key-pairs -type Issuer struct { - Translator idemix.Translator - Idemix *idemix.Idemix -} - -// NewKey generates a new issuer key-pair -func (i *Issuer) NewKey(attributeNames []string) (res types.IssuerSecretKey, err error) { - defer func() { - if r := recover(); r != nil { - res = nil - err = errors.Errorf("failure [%s]", r) - } - }() - - sk, err := i.Idemix.NewIssuerKey(attributeNames, newRandOrPanic(i.Idemix.Curve), i.Translator) - if err != nil { - return - } - - res = &IssuerSecretKey{SK: sk} - - return -} - -func (i *Issuer) NewKeyFromBytes(raw []byte, attributes []string) (res types.IssuerSecretKey, err error) { - defer func() { - if r := recover(); r != nil { - res = nil - err = errors.Errorf("failure [%s]", r) - } - }() - - sk, err := i.Idemix.NewIssuerKeyFromBytes(raw) - if err != nil { - return - } - - res = &IssuerSecretKey{SK: sk} - - return -} - -func (i *Issuer) Bases(ipk types.IssuerPublicKey, ipkType types.CommitmentBasesRequest, RhIndex, EidIndex, SKIndex int) (map[types.CommitmentType]interface{}, error) { - panic("not implemented") -} - -func (i *Issuer) NewPublicKeyFromBytes(raw []byte, attributes []string) (res types.IssuerPublicKey, err error) { - defer func() { - if r := recover(); r != nil { - res = nil - err = errors.Errorf("failure [%s]", r) - } - }() - - ipk := new(idemix.IssuerPublicKey) - err = proto.Unmarshal(raw, ipk) - if err != nil { - return nil, errors.WithStack(&bccsp.IdemixIssuerPublicKeyImporterError{ - Type: bccsp.IdemixIssuerPublicKeyImporterUnmarshallingError, - ErrorMsg: "failed to unmarshal issuer public key", - Cause: err}) - } - - err = ipk.SetHash(i.Idemix.Curve) - if err != nil { - return nil, errors.WithStack(&bccsp.IdemixIssuerPublicKeyImporterError{ - Type: bccsp.IdemixIssuerPublicKeyImporterHashError, - ErrorMsg: "setting the hash of the issuer public key failed", - Cause: err}) - } - - err = ipk.Check(i.Idemix.Curve, i.Translator) - if err != nil { - return nil, errors.WithStack(&bccsp.IdemixIssuerPublicKeyImporterError{ - Type: bccsp.IdemixIssuerPublicKeyImporterValidationError, - ErrorMsg: "invalid issuer public key", - Cause: err}) - } - - if len(attributes) != 0 { - // Check the attributes - if len(attributes) != len(ipk.AttributeNames) { - return nil, errors.WithStack(&bccsp.IdemixIssuerPublicKeyImporterError{ - Type: bccsp.IdemixIssuerPublicKeyImporterNumAttributesError, - ErrorMsg: fmt.Sprintf("invalid number of attributes, expected [%d], got [%d]", - len(ipk.AttributeNames), len(attributes)), - }) - } - - for i, attr := range attributes { - if ipk.AttributeNames[i] != attr { - return nil, errors.WithStack(&bccsp.IdemixIssuerPublicKeyImporterError{ - Type: bccsp.IdemixIssuerPublicKeyImporterAttributeNameError, - ErrorMsg: fmt.Sprintf("invalid attribute name at position [%d]", i), - }) - } - } - } - - res = &IssuerPublicKey{PK: ipk} - - return -} diff --git a/bccsp/schemes/dlog/bridge/nymsignaturescheme.go b/bccsp/schemes/dlog/bridge/nymsignaturescheme.go deleted file mode 100644 index 9921367a..00000000 --- a/bccsp/schemes/dlog/bridge/nymsignaturescheme.go +++ /dev/null @@ -1,75 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ -package bridge - -import ( - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - "github.com/IBM/idemix/bccsp/types" - math "github.com/IBM/mathlib" - - "github.com/golang/protobuf/proto" - "github.com/pkg/errors" -) - -// NymSignatureScheme encapsulates the idemix algorithms to sign and verify using an idemix -// pseudonym. -type NymSignatureScheme struct { - Translator idemix.Translator - Idemix *idemix.Idemix -} - -// Sign produces a signature over the passed digest. It takes in input, the user secret key (sk), -// the pseudonym public key (Nym) and secret key (RNym), and the issuer public key (ipk). -func (n *NymSignatureScheme) Sign(sk *math.Zr, Nym *math.G1, RNym *math.Zr, ipk types.IssuerPublicKey, digest []byte) (res []byte, err error) { - defer func() { - if r := recover(); r != nil { - res = nil - err = errors.Errorf("failure [%s]", r) - } - }() - - iipk, ok := ipk.(*IssuerPublicKey) - if !ok { - return nil, errors.Errorf("invalid issuer public key, expected *IssuerPublicKey, got [%T]", ipk) - } - - sig, err := n.Idemix.NewNymSignature( - sk, - Nym, - RNym, - iipk.PK, - digest, - newRandOrPanic(n.Idemix.Curve), - n.Translator) - if err != nil { - return nil, errors.WithMessage(err, "failed creating new nym signature") - } - - return proto.Marshal(sig) -} - -// Verify checks that the passed signatures is valid with the respect to the passed digest, issuer public key, -// and pseudonym public key. -func (n *NymSignatureScheme) Verify(ipk types.IssuerPublicKey, Nym *math.G1, signature, digest []byte, _ int) (err error) { - defer func() { - if r := recover(); r != nil { - err = errors.Errorf("failure [%s]", r) - } - }() - - iipk, ok := ipk.(*IssuerPublicKey) - if !ok { - return errors.Errorf("invalid issuer public key, expected *IssuerPublicKey, got [%T]", ipk) - } - - sig := &idemix.NymSignature{} - err = proto.Unmarshal(signature, sig) - if err != nil { - return errors.Wrap(err, "error unmarshalling signature") - } - - return sig.Ver(Nym, iipk.PK, digest, n.Idemix.Curve, n.Translator) -} diff --git a/bccsp/schemes/dlog/bridge/rand.go b/bccsp/schemes/dlog/bridge/rand.go deleted file mode 100644 index efdd3d22..00000000 --- a/bccsp/schemes/dlog/bridge/rand.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ -package bridge - -import ( - "io" - - math "github.com/IBM/mathlib" -) - -func newRandOrPanic(curve *math.Curve) io.Reader { - rng, err := curve.Rand() - if err != nil { - panic(err) - } - return rng -} diff --git a/bccsp/schemes/dlog/bridge/revocation.go b/bccsp/schemes/dlog/bridge/revocation.go deleted file mode 100644 index 47be5ca2..00000000 --- a/bccsp/schemes/dlog/bridge/revocation.go +++ /dev/null @@ -1,76 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ -package bridge - -import ( - "crypto/ecdsa" - - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - bccsp "github.com/IBM/idemix/bccsp/types" - math "github.com/IBM/mathlib" - "github.com/golang/protobuf/proto" - "github.com/pkg/errors" -) - -// Revocation encapsulates the idemix algorithms for revocation -type Revocation struct { - Translator idemix.Translator - Idemix *idemix.Idemix -} - -// NewKey generate a new revocation key-pair. -func (r *Revocation) NewKey() (*ecdsa.PrivateKey, error) { - return r.Idemix.GenerateLongTermRevocationKey() -} - -func (r *Revocation) NewKeyFromBytes(raw []byte) (*ecdsa.PrivateKey, error) { - return r.Idemix.LongTermRevocationKeyFromBytes(raw) -} - -// Sign generates a new CRI with the respect to the passed unrevoked handles, epoch, and revocation algorithm. -func (r *Revocation) Sign(key *ecdsa.PrivateKey, unrevokedHandles [][]byte, epoch int, alg bccsp.RevocationAlgorithm) (res []byte, err error) { - defer func() { - if r := recover(); r != nil { - res = nil - err = errors.Errorf("failure [%s]", r) - } - }() - - handles := make([]*math.Zr, len(unrevokedHandles)) - for i := 0; i < len(unrevokedHandles); i++ { - handles[i] = r.Idemix.Curve.NewZrFromBytes(unrevokedHandles[i]) - } - cri, err := r.Idemix.CreateCRI(key, handles, epoch, idemix.RevocationAlgorithm(alg), newRandOrPanic(r.Idemix.Curve), r.Translator) - if err != nil { - return nil, errors.WithMessage(err, "failed creating CRI") - } - - return proto.Marshal(cri) -} - -// Verify checks that the passed serialised CRI (criRaw) is valid with the respect to the passed revocation public key, -// epoch, and revocation algorithm. -func (r *Revocation) Verify(pk *ecdsa.PublicKey, criRaw []byte, epoch int, alg bccsp.RevocationAlgorithm) (err error) { - defer func() { - if r := recover(); r != nil { - err = errors.Errorf("failure [%s]", r) - } - }() - - cri := &idemix.CredentialRevocationInformation{} - err = proto.Unmarshal(criRaw, cri) - if err != nil { - return err - } - - return r.Idemix.VerifyEpochPK( - pk, - cri.EpochPk, - cri.EpochPkSig, - int(cri.Epoch), - idemix.RevocationAlgorithm(cri.RevocationAlg), - ) -} diff --git a/bccsp/schemes/dlog/bridge/signaturescheme.go b/bccsp/schemes/dlog/bridge/signaturescheme.go deleted file mode 100644 index ace60a36..00000000 --- a/bccsp/schemes/dlog/bridge/signaturescheme.go +++ /dev/null @@ -1,274 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package bridge - -import ( - "crypto/ecdsa" - - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - "github.com/IBM/idemix/bccsp/types" - bccsp "github.com/IBM/idemix/bccsp/types" - math "github.com/IBM/mathlib" - "github.com/golang/protobuf/proto" - "github.com/pkg/errors" -) - -// SignatureScheme encapsulates the idemix algorithms to sign and verify using an idemix credential. -type SignatureScheme struct { - Translator idemix.Translator - Idemix *idemix.Idemix -} - -// Sign produces an idemix-signature with the respect to the passed serialised credential (cred), -// user secret key (sk), pseudonym public key (Nym) and secret key (RNym), issuer public key (ipk), -// and attributes to be disclosed. -func (s *SignatureScheme) Sign(cred []byte, sk *math.Zr, Nym *math.G1, RNym *math.Zr, ipk types.IssuerPublicKey, attributes []bccsp.IdemixAttribute, - msg []byte, rhIndex, eidIndex int, criRaw []byte, sigType bccsp.SignatureType, metadata *bccsp.IdemixSignerMetadata) (res []byte, meta *bccsp.IdemixSignerMetadata, err error) { - defer func() { - if r := recover(); r != nil { - res = nil - err = errors.Errorf("failure [%s]", r) - } - }() - - iipk, ok := ipk.(*IssuerPublicKey) - if !ok { - return nil, nil, errors.Errorf("invalid issuer public key, expected *IssuerPublicKey, got [%T]", ipk) - } - - credential := &idemix.Credential{} - err = proto.Unmarshal(cred, credential) - if err != nil { - return nil, nil, errors.Wrap(err, "failed unmarshalling credential") - } - - cri := &idemix.CredentialRevocationInformation{} - err = proto.Unmarshal(criRaw, cri) - if err != nil { - return nil, nil, errors.Wrap(err, "failed unmarshalling credential revocation information") - } - - disclosure := make([]byte, len(attributes)) - for i := 0; i < len(attributes); i++ { - if attributes[i].Type == bccsp.IdemixHiddenAttribute { - disclosure[i] = 0 - } else { - disclosure[i] = 1 - } - } - - sig, meta, err := s.Idemix.NewSignature( - credential, - sk, - Nym, - RNym, - iipk.PK, - disclosure, - msg, - rhIndex, - eidIndex, - cri, - newRandOrPanic(s.Idemix.Curve), - s.Translator, - sigType, - metadata, - ) - if err != nil { - return nil, nil, errors.WithMessage(err, "failed creating new signature") - } - - sigBytes, err := proto.Marshal(sig) - if err != nil { - return nil, nil, errors.WithMessage(err, "marshalling error") - } - - return sigBytes, meta, nil -} - -// AuditNymEid Audits the pseudonymous enrollment id of a signature -func (s *SignatureScheme) AuditNymEid( - ipk types.IssuerPublicKey, - eidIndex, _ int, - signature []byte, - enrollmentID string, - RNymEid *math.Zr, - verType bccsp.AuditVerificationType, -) (err error) { - defer func() { - if r := recover(); r != nil { - err = errors.Errorf("failure [%s]", r) - } - }() - - iipk, ok := ipk.(*IssuerPublicKey) - if !ok { - return errors.Errorf("invalid issuer public key, expected *IssuerPublicKey, got [%T]", ipk) - } - - eidAttr := s.Idemix.Curve.HashToZr([]byte(enrollmentID)) - - switch verType { - case bccsp.AuditExpectSignature: - sig := &idemix.Signature{} - err = proto.Unmarshal(signature, sig) - if err != nil { - return err - } - return sig.AuditNymEid( - iipk.PK, - eidAttr, - eidIndex, - RNymEid, - s.Idemix.Curve, - s.Translator, - ) - case bccsp.AuditExpectEidNymRhNym: - fallthrough - case bccsp.AuditExpectEidNym: - // 1. cast signature to NymEID - nymEID := idemix.NymEID(signature) - // 2. check audit on nymEID - return nymEID.AuditNymEid( - iipk.PK, - eidAttr, - eidIndex, - RNymEid, - s.Idemix.Curve, - s.Translator, - ) - default: - return errors.Errorf("invalid audit type [%d]", verType) - } -} - -// AuditNymRh Audits the pseudonymous revocation handle of a signature -func (s *SignatureScheme) AuditNymRh( - ipk types.IssuerPublicKey, - rhIndex, _ int, - signature []byte, - revocationHandle string, - RNymRh *math.Zr, - verType bccsp.AuditVerificationType, -) (err error) { - defer func() { - if r := recover(); r != nil { - err = errors.Errorf("failure [%s]", r) - } - }() - - iipk, ok := ipk.(*IssuerPublicKey) - if !ok { - return errors.Errorf("invalid issuer public key, expected *IssuerPublicKey, got [%T]", ipk) - } - - rhAttr := s.Idemix.Curve.HashToZr([]byte(revocationHandle)) - - switch verType { - case bccsp.AuditExpectSignature: - sig := &idemix.Signature{} - err = proto.Unmarshal(signature, sig) - if err != nil { - return err - } - return sig.AuditNymRh( - iipk.PK, - rhAttr, - rhIndex, - RNymRh, - s.Idemix.Curve, - s.Translator, - ) - case bccsp.AuditExpectEidNymRhNym: - // 1. cast signature to NymRH - nymRH := idemix.NymRH(signature) - // 2. check audit on nymRH - return nymRH.AuditNymRh( - iipk.PK, - rhAttr, - rhIndex, - RNymRh, - s.Idemix.Curve, - s.Translator, - ) - default: - return errors.Errorf("invalid audit type [%d]", verType) - } -} - -// Verify checks that an idemix signature is valid with the respect to the passed issuer public key, digest, attributes, -// revocation index (rhIndex), revocation public key, and epoch. -func (s *SignatureScheme) Verify( - ipk types.IssuerPublicKey, - signature, digest []byte, - attributes []bccsp.IdemixAttribute, - rhIndex, eidIndex, _ int, - revocationPublicKey *ecdsa.PublicKey, - epoch int, - verType bccsp.VerificationType, - meta *bccsp.IdemixSignerMetadata, -) (err error) { - defer func() { - if r := recover(); r != nil { - err = errors.Errorf("failure [%s]", r) - } - }() - - iipk, ok := ipk.(*IssuerPublicKey) - if !ok { - return errors.Errorf("invalid issuer public key, expected *IssuerPublicKey, got [%T]", ipk) - } - - sig := &idemix.Signature{} - err = proto.Unmarshal(signature, sig) - if err != nil { - return err - } - disclosure := make([]byte, len(attributes)) - attrValues := make([]*math.Zr, len(attributes)) - for i := 0; i < len(attributes); i++ { - switch attributes[i].Type { - case bccsp.IdemixHiddenAttribute: - disclosure[i] = 0 - attrValues[i] = nil - case bccsp.IdemixBytesAttribute: - disclosure[i] = 1 - attrValues[i] = s.Idemix.Curve.HashToZr(attributes[i].Value.([]byte)) - case bccsp.IdemixIntAttribute: - var value int64 - if v, ok := attributes[i].Value.(int); ok { - value = int64(v) - } else if v, ok := attributes[i].Value.(int64); ok { - value = v - } else { - return errors.Errorf("invalid int type for IdemixIntAttribute attribute") - } - - disclosure[i] = 1 - attrValues[i] = s.Idemix.Curve.NewZrFromInt(value) - default: - err = errors.Errorf("attribute type not allowed or supported [%v] at position [%d]", attributes[i].Type, i) - } - } - if err != nil { - return - } - - return sig.Ver( - disclosure, - iipk.PK, - digest, - attrValues, - rhIndex, - eidIndex, - revocationPublicKey, - epoch, - s.Idemix.Curve, - s.Translator, - verType, - meta, - ) -} diff --git a/bccsp/schemes/dlog/bridge/user.go b/bccsp/schemes/dlog/bridge/user.go deleted file mode 100644 index bdaf2052..00000000 --- a/bccsp/schemes/dlog/bridge/user.go +++ /dev/null @@ -1,96 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ -package bridge - -import ( - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - "github.com/IBM/idemix/bccsp/types" - math "github.com/IBM/mathlib" - "github.com/pkg/errors" -) - -// User encapsulates the idemix algorithms to generate user secret keys and pseudonym. -type User struct { - Translator idemix.Translator - Idemix *idemix.Idemix -} - -// NewKey generates an idemix user secret key -func (u *User) NewKey() (res *math.Zr, err error) { - defer func() { - if r := recover(); r != nil { - res = nil - err = errors.Errorf("failure [%s]", r) - } - }() - - res = u.Idemix.Curve.NewRandomZr(newRandOrPanic(u.Idemix.Curve)) - - return -} - -func (u *User) NewKeyFromBytes(raw []byte) (res *math.Zr, err error) { - if len(raw) != u.Idemix.Curve.ScalarByteSize { - return nil, errors.Errorf("invalid length, expected [%d], got [%d]", u.Idemix.Curve.ScalarByteSize, len(raw)) - } - - res = u.Idemix.Curve.NewZrFromBytes(raw) - - return -} - -// MakeNym generates a new pseudonym key-pair derived from the passed user secret key (sk) and issuer public key (ipk) -func (u *User) MakeNym(sk *math.Zr, ipk types.IssuerPublicKey) (r1 *math.G1, r2 *math.Zr, err error) { - defer func() { - if r := recover(); r != nil { - r1 = nil - r2 = nil - err = errors.Errorf("failure [%s]", r) - } - }() - - iipk, ok := ipk.(*IssuerPublicKey) - if !ok { - return nil, nil, errors.Errorf("invalid issuer public key, expected *IssuerPublicKey, got [%T]", ipk) - } - - ecp, big, err := u.Idemix.MakeNym(sk, iipk.PK, newRandOrPanic(u.Idemix.Curve), u.Translator) - - r1 = ecp - r2 = big - - return -} - -// MakeNym generates a new pseudonym key-pair derived from the passed user secret key (sk) and issuer public key (ipk) -func (u *User) NewNymFromBytes(raw []byte) (r1 *math.G1, r2 *math.Zr, err error) { - defer func() { - if r := recover(); r != nil { - r1 = nil - r2 = nil - err = errors.Errorf("failure [%s]", r) - } - }() - - ecp, big, err := u.Idemix.MakeNymFromBytes(raw) - r1 = ecp - r2 = big - - return -} - -func (u *User) NewPublicNymFromBytes(raw []byte) (res *math.G1, err error) { - defer func() { - if r := recover(); r != nil { - res = nil - err = errors.Errorf("failure [%s]", r) - } - }() - - res, err = u.Translator.G1FromRawBytes(raw) - - return -} diff --git a/bccsp/schemes/dlog/crypto/credential.go b/bccsp/schemes/dlog/crypto/credential.go deleted file mode 100644 index 307a6a75..00000000 --- a/bccsp/schemes/dlog/crypto/credential.go +++ /dev/null @@ -1,220 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemix - -import ( - "io" - - amcl "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" - math "github.com/IBM/mathlib" - "github.com/pkg/errors" -) - -type Translator interface { - G1ToProto(*math.G1) *amcl.ECP - G1FromProto(*amcl.ECP) (*math.G1, error) - G1FromRawBytes([]byte) (*math.G1, error) - G2ToProto(*math.G2) *amcl.ECP2 - G2FromProto(*amcl.ECP2) (*math.G2, error) -} - -// Identity Mixer Credential is a list of attributes certified (signed) by the issuer -// A credential also contains a user secret key blindly signed by the issuer -// Without the secret key the credential cannot be used - -// Credential issuance is an interactive protocol between a user and an issuer -// The issuer takes its secret and public keys and user attribute values as input -// The user takes the issuer public key and user secret as input -// The issuance protocol consists of the following steps: -// 1) The issuer sends a random nonce to the user -// 2) The user creates a Credential Request using the public key of the issuer, user secret, and the nonce as input -// The request consists of a commitment to the user secret (can be seen as a public key) and a zero-knowledge proof -// of knowledge of the user secret key -// The user sends the credential request to the issuer -// 3) The issuer verifies the credential request by verifying the zero-knowledge proof -// If the request is valid, the issuer issues a credential to the user by signing the commitment to the secret key -// together with the attribute values and sends the credential back to the user -// 4) The user verifies the issuer's signature and stores the credential that consists of -// the signature value, a randomness used to create the signature, the user secret, and the attribute values - -// NewCredential issues a new credential, which is the last step of the interactive issuance protocol -// All attribute values are added by the issuer at this step and then signed together with a commitment to -// the user's secret key from a credential request -func (i *Idemix) NewCredential(key *IssuerKey, m *CredRequest, attrs []*math.Zr, rng io.Reader, t Translator) (*Credential, error) { - return newCredential(key, m, attrs, rng, t, i.Curve) -} - -func newCredential(key *IssuerKey, m *CredRequest, attrs []*math.Zr, rng io.Reader, t Translator, curve *math.Curve) (*Credential, error) { - // check the credential request that contains - err := m.Check(key.Ipk, curve, t) - if err != nil { - return nil, err - } - - if len(attrs) != len(key.Ipk.AttributeNames) { - return nil, errors.Errorf("incorrect number of attribute values passed") - } - - // Place a BBS+ signature on the user key and the attribute values - // (For BBS+, see e.g. "Constant-Size Dynamic k-TAA" by Man Ho Au, Willy Susilo, Yi Mu) - // or http://eprint.iacr.org/2016/663.pdf, Sec. 4.3. - - // For a credential, a BBS+ signature consists of the following three elements: - // 1. E, random value in the proper group - // 2. S, random value in the proper group - // 3. A as B^Exp where B=g_1 \cdot h_r^s \cdot h_sk^sk \cdot \prod_{i=1}^L h_i^{m_i} and Exp = \frac{1}{e+x} - // Notice that: - // h_r is h_0 in http://eprint.iacr.org/2016/663.pdf, Sec. 4.3. - - // Pick randomness E and S - E := curve.NewRandomZr(rng) - S := curve.NewRandomZr(rng) - - // Set B as g_1 \cdot h_r^s \cdot h_sk^sk \cdot \prod_{i=1}^L h_i^{m_i} and Exp = \frac{1}{e+x} - B := curve.NewG1() - B.Clone(curve.GenG1) // g_1 - Nym, err := t.G1FromProto(m.Nym) - if err != nil { - return nil, err - } - B.Add(Nym) // in this case, recall Nym=h_sk^sk - HRand, err := t.G1FromProto(key.Ipk.HRand) - if err != nil { - return nil, err - } - B.Add(HRand.Mul(S)) // h_r^s - - HAttrs := make([]*math.G1, len(key.Ipk.HAttrs)) - for i := range key.Ipk.HAttrs { - var err error - HAttrs[i], err = t.G1FromProto(key.Ipk.HAttrs[i]) - if err != nil { - return nil, err - } - } - - // Append attributes - // Use Mul2 instead of Mul as much as possible for efficiency reasones - for i := 0; i < len(attrs)/2; i++ { - B.Add( - // Add two attributes in one shot - HAttrs[2*i].Mul2( - attrs[2*i], - HAttrs[2*i+1], - attrs[2*i+1], - ), - ) - } - // Check for residue in case len(attrs)%2 is odd - if len(attrs)%2 != 0 { - B.Add(HAttrs[len(attrs)-1].Mul(attrs[len(attrs)-1])) - } - - // Set Exp as \frac{1}{e+x} - Exp := curve.ModAdd(curve.NewZrFromBytes(key.GetIsk()), E, curve.GroupOrder) - Exp.InvModP(curve.GroupOrder) - // Finalise A as B^Exp - A := B.Mul(Exp) - // The signature is now generated. - - // Notice that here we release also B, this does not harm security cause - // it can be compute publicly from the BBS+ signature itself. - CredAttrs := make([][]byte, len(attrs)) - for index, attribute := range attrs { - CredAttrs[index] = attribute.Bytes() - } - - return &Credential{ - A: t.G1ToProto(A), - B: t.G1ToProto(B), - E: E.Bytes(), - S: S.Bytes(), - Attrs: CredAttrs}, nil -} - -// Ver cryptographically verifies the credential by verifying the signature -// on the attribute values and user's secret key -func (cred *Credential) Ver(sk *math.Zr, ipk *IssuerPublicKey, curve *math.Curve, t Translator) error { - // Validate Input - - // - parse the credential - A, err := t.G1FromProto(cred.GetA()) - if err != nil { - return err - } - B, err := t.G1FromProto(cred.GetB()) - if err != nil { - return err - } - E := curve.NewZrFromBytes(cred.GetE()) - S := curve.NewZrFromBytes(cred.GetS()) - - // - verify that all attribute values are present - for i := 0; i < len(cred.GetAttrs()); i++ { - if cred.Attrs[i] == nil { - return errors.Errorf("credential has no value for attribute %s", ipk.AttributeNames[i]) - } - } - - HSk, err := t.G1FromProto(ipk.HSk) - if err != nil { - return err - } - - HRand, err := t.G1FromProto(ipk.HRand) - if err != nil { - return err - } - - HAttrs := make([]*math.G1, len(ipk.HAttrs)) - for i := range ipk.HAttrs { - var err error - HAttrs[i], err = t.G1FromProto(ipk.HAttrs[i]) - if err != nil { - return err - } - } - - // - verify cryptographic signature on the attributes and the user secret key - BPrime := curve.NewG1() - BPrime.Clone(curve.GenG1) - BPrime.Add(HSk.Mul2(sk, HRand, S)) - for i := 0; i < len(cred.Attrs)/2; i++ { - BPrime.Add( - HAttrs[2*i].Mul2( - curve.NewZrFromBytes(cred.Attrs[2*i]), - HAttrs[2*i+1], - curve.NewZrFromBytes(cred.Attrs[2*i+1]), - ), - ) - } - if len(cred.Attrs)%2 != 0 { - BPrime.Add(HAttrs[len(cred.Attrs)-1].Mul(curve.NewZrFromBytes(cred.Attrs[len(cred.Attrs)-1]))) - } - if !B.Equals(BPrime) { - return errors.Errorf("b-value from credential does not match the attribute values") - } - - W, err := t.G2FromProto(ipk.W) - if err != nil { - return err - } - - // Verify BBS+ signature. Namely: e(w \cdot g_2^e, A) =? e(g_2, B) - a := curve.GenG2.Mul(E) - a.Add(W) - a.Affine() - - left := curve.FExp(curve.Pairing(a, A)) - right := curve.FExp(curve.Pairing(curve.GenG2, B)) - - if !left.Equals(right) { - return errors.Errorf("credential is not cryptographically valid") - } - - return nil -} diff --git a/bccsp/schemes/dlog/crypto/credrequest.go b/bccsp/schemes/dlog/crypto/credrequest.go deleted file mode 100644 index 7f5b8eb0..00000000 --- a/bccsp/schemes/dlog/crypto/credrequest.go +++ /dev/null @@ -1,125 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemix - -import ( - "io" - - math "github.com/IBM/mathlib" - "github.com/pkg/errors" -) - -// credRequestLabel is the label used in zero-knowledge proof (ZKP) to identify that this ZKP is a credential request -const credRequestLabel = "credRequest" - -// Credential issuance is an interactive protocol between a user and an issuer -// The issuer takes its secret and public keys and user attribute values as input -// The user takes the issuer public key and user secret as input -// The issuance protocol consists of the following steps: -// 1) The issuer sends a random nonce to the user -// 2) The user creates a Credential Request using the public key of the issuer, user secret, and the nonce as input -// The request consists of a commitment to the user secret (can be seen as a public key) and a zero-knowledge proof -// of knowledge of the user secret key -// The user sends the credential request to the issuer -// 3) The issuer verifies the credential request by verifying the zero-knowledge proof -// If the request is valid, the issuer issues a credential to the user by signing the commitment to the secret key -// together with the attribute values and sends the credential back to the user -// 4) The user verifies the issuer's signature and stores the credential that consists of -// the signature value, a randomness used to create the signature, the user secret, and the attribute values - -// NewCredRequest creates a new Credential Request, the first message of the interactive credential issuance protocol -// (from user to issuer) -func (i *Idemix) NewCredRequest(sk *math.Zr, IssuerNonce []byte, ipk *IssuerPublicKey, rng io.Reader, tr Translator) (*CredRequest, error) { - return newCredRequest(sk, IssuerNonce, ipk, rng, i.Curve, tr) -} - -func newCredRequest(sk *math.Zr, IssuerNonce []byte, ipk *IssuerPublicKey, rng io.Reader, curve *math.Curve, tr Translator) (*CredRequest, error) { - // Set Nym as h_{sk}^{sk} - HSk, err := tr.G1FromProto(ipk.HSk) - if err != nil { - return nil, err - } - Nym := HSk.Mul(sk) - - // generate a zero-knowledge proof of knowledge (ZK PoK) of the secret key - - // Sample the randomness needed for the proof - rSk := curve.NewRandomZr(rng) - - // Step 1: First message (t-values) - t := HSk.Mul(rSk) // t = h_{sk}^{r_{sk}}, cover Nym - - // Step 2: Compute the Fiat-Shamir hash, forming the challenge of the ZKP. - // proofData is the data being hashed, it consists of: - // the credential request label - // 3 elements of G1 each taking 2*math.FieldBytes+1 bytes - // hash of the issuer public key of length math.FieldBytes - // issuer nonce of length math.FieldBytes - proofData := make([]byte, len([]byte(credRequestLabel))+3*curve.G1ByteSize+2*curve.ScalarByteSize) - index := 0 - index = appendBytesString(proofData, index, credRequestLabel) - index = appendBytesG1(proofData, index, t) - index = appendBytesG1(proofData, index, HSk) - index = appendBytesG1(proofData, index, Nym) - index = appendBytes(proofData, index, IssuerNonce) - copy(proofData[index:], ipk.Hash) - proofC := curve.HashToZr(proofData) - - // Step 3: reply to the challenge message (s-values) - proofS := curve.ModAdd(curve.ModMul(proofC, sk, curve.GroupOrder), rSk, curve.GroupOrder) // s = r_{sk} + C \cdot sk - - // Done - return &CredRequest{ - Nym: tr.G1ToProto(Nym), - IssuerNonce: IssuerNonce, - ProofC: proofC.Bytes(), - ProofS: proofS.Bytes(), - }, nil -} - -// Check cryptographically verifies the credential request -func (m *CredRequest) Check(ipk *IssuerPublicKey, curve *math.Curve, tr Translator) error { - Nym, err := tr.G1FromProto(m.GetNym()) - if err != nil { - return err - } - - IssuerNonce := m.GetIssuerNonce() - ProofC := curve.NewZrFromBytes(m.GetProofC()) - ProofS := curve.NewZrFromBytes(m.GetProofS()) - - HSk, err := tr.G1FromProto(ipk.HSk) - if err != nil { - return err - } - - if Nym == nil || IssuerNonce == nil || ProofC == nil || ProofS == nil { - return errors.Errorf("one of the proof values is undefined") - } - - // Verify Proof - - // Recompute t-values using s-values - t := HSk.Mul(ProofS) - t.Sub(Nym.Mul(ProofC)) // t = h_{sk}^s / Nym^C - - // Recompute challenge - proofData := make([]byte, len([]byte(credRequestLabel))+3*curve.G1ByteSize+2*curve.ScalarByteSize) - index := 0 - index = appendBytesString(proofData, index, credRequestLabel) - index = appendBytesG1(proofData, index, t) - index = appendBytesG1(proofData, index, HSk) - index = appendBytesG1(proofData, index, Nym) - index = appendBytes(proofData, index, IssuerNonce) - copy(proofData[index:], ipk.Hash) - - if !ProofC.Equals(curve.HashToZr(proofData)) { - return errors.Errorf("zero knowledge proof is invalid") - } - - return nil -} diff --git a/bccsp/schemes/dlog/crypto/idemix.go b/bccsp/schemes/dlog/crypto/idemix.go deleted file mode 100644 index ea6959b2..00000000 --- a/bccsp/schemes/dlog/crypto/idemix.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -// Deprecated: Package idemix implements the legacy CL-signature based scheme. -// It will be removed in Phase 6 of the modernization plan. Use -// bccsp/schemes/aries (BBS+) instead. -package idemix - -import ( - math "github.com/IBM/mathlib" -) - -type Idemix struct { - Curve *math.Curve - Translator Translator -} diff --git a/bccsp/schemes/dlog/crypto/idemix.pb.go b/bccsp/schemes/dlog/crypto/idemix.pb.go deleted file mode 100644 index b02cedd7..00000000 --- a/bccsp/schemes/dlog/crypto/idemix.pb.go +++ /dev/null @@ -1,896 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// source: bccsp/schemes/dlog/crypto/idemix.proto - -package idemix - -import ( - fmt "fmt" - amcl "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" - proto "github.com/golang/protobuf/proto" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package - -// IssuerPublicKey specifies an issuer public key that consists of -// attribute_names - a list of the attribute names of a credential issued by the issuer -// h_sk, h_rand, h_attrs, w, bar_g1, bar_g2 - group elements corresponding to the signing key, randomness, and attributes -// proof_c, proof_s compose a zero-knowledge proof of knowledge of the secret key -// hash is a hash of the public key appended to it -type IssuerPublicKey struct { - AttributeNames []string `protobuf:"bytes,1,rep,name=attribute_names,json=attributeNames,proto3" json:"attribute_names,omitempty"` - HSk *amcl.ECP `protobuf:"bytes,2,opt,name=h_sk,json=hSk,proto3" json:"h_sk,omitempty"` - HRand *amcl.ECP `protobuf:"bytes,3,opt,name=h_rand,json=hRand,proto3" json:"h_rand,omitempty"` - HAttrs []*amcl.ECP `protobuf:"bytes,4,rep,name=h_attrs,json=hAttrs,proto3" json:"h_attrs,omitempty"` - W *amcl.ECP2 `protobuf:"bytes,5,opt,name=w,proto3" json:"w,omitempty"` - BarG1 *amcl.ECP `protobuf:"bytes,6,opt,name=bar_g1,json=barG1,proto3" json:"bar_g1,omitempty"` - BarG2 *amcl.ECP `protobuf:"bytes,7,opt,name=bar_g2,json=barG2,proto3" json:"bar_g2,omitempty"` - ProofC []byte `protobuf:"bytes,8,opt,name=proof_c,json=proofC,proto3" json:"proof_c,omitempty"` - ProofS []byte `protobuf:"bytes,9,opt,name=proof_s,json=proofS,proto3" json:"proof_s,omitempty"` - Hash []byte `protobuf:"bytes,10,opt,name=hash,proto3" json:"hash,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *IssuerPublicKey) Reset() { *m = IssuerPublicKey{} } -func (m *IssuerPublicKey) String() string { return proto.CompactTextString(m) } -func (*IssuerPublicKey) ProtoMessage() {} -func (*IssuerPublicKey) Descriptor() ([]byte, []int) { - return fileDescriptor_7f94c3d451691341, []int{0} -} - -func (m *IssuerPublicKey) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_IssuerPublicKey.Unmarshal(m, b) -} -func (m *IssuerPublicKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_IssuerPublicKey.Marshal(b, m, deterministic) -} -func (m *IssuerPublicKey) XXX_Merge(src proto.Message) { - xxx_messageInfo_IssuerPublicKey.Merge(m, src) -} -func (m *IssuerPublicKey) XXX_Size() int { - return xxx_messageInfo_IssuerPublicKey.Size(m) -} -func (m *IssuerPublicKey) XXX_DiscardUnknown() { - xxx_messageInfo_IssuerPublicKey.DiscardUnknown(m) -} - -var xxx_messageInfo_IssuerPublicKey proto.InternalMessageInfo - -func (m *IssuerPublicKey) GetAttributeNames() []string { - if m != nil { - return m.AttributeNames - } - return nil -} - -func (m *IssuerPublicKey) GetHSk() *amcl.ECP { - if m != nil { - return m.HSk - } - return nil -} - -func (m *IssuerPublicKey) GetHRand() *amcl.ECP { - if m != nil { - return m.HRand - } - return nil -} - -func (m *IssuerPublicKey) GetHAttrs() []*amcl.ECP { - if m != nil { - return m.HAttrs - } - return nil -} - -func (m *IssuerPublicKey) GetW() *amcl.ECP2 { - if m != nil { - return m.W - } - return nil -} - -func (m *IssuerPublicKey) GetBarG1() *amcl.ECP { - if m != nil { - return m.BarG1 - } - return nil -} - -func (m *IssuerPublicKey) GetBarG2() *amcl.ECP { - if m != nil { - return m.BarG2 - } - return nil -} - -func (m *IssuerPublicKey) GetProofC() []byte { - if m != nil { - return m.ProofC - } - return nil -} - -func (m *IssuerPublicKey) GetProofS() []byte { - if m != nil { - return m.ProofS - } - return nil -} - -func (m *IssuerPublicKey) GetHash() []byte { - if m != nil { - return m.Hash - } - return nil -} - -// IssuerKey specifies an issuer key pair that consists of -// ISk - the issuer secret key and -// IssuerPublicKey - the issuer public key -type IssuerKey struct { - Isk []byte `protobuf:"bytes,1,opt,name=isk,proto3" json:"isk,omitempty"` - Ipk *IssuerPublicKey `protobuf:"bytes,2,opt,name=ipk,proto3" json:"ipk,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *IssuerKey) Reset() { *m = IssuerKey{} } -func (m *IssuerKey) String() string { return proto.CompactTextString(m) } -func (*IssuerKey) ProtoMessage() {} -func (*IssuerKey) Descriptor() ([]byte, []int) { - return fileDescriptor_7f94c3d451691341, []int{1} -} - -func (m *IssuerKey) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_IssuerKey.Unmarshal(m, b) -} -func (m *IssuerKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_IssuerKey.Marshal(b, m, deterministic) -} -func (m *IssuerKey) XXX_Merge(src proto.Message) { - xxx_messageInfo_IssuerKey.Merge(m, src) -} -func (m *IssuerKey) XXX_Size() int { - return xxx_messageInfo_IssuerKey.Size(m) -} -func (m *IssuerKey) XXX_DiscardUnknown() { - xxx_messageInfo_IssuerKey.DiscardUnknown(m) -} - -var xxx_messageInfo_IssuerKey proto.InternalMessageInfo - -func (m *IssuerKey) GetIsk() []byte { - if m != nil { - return m.Isk - } - return nil -} - -func (m *IssuerKey) GetIpk() *IssuerPublicKey { - if m != nil { - return m.Ipk - } - return nil -} - -// Credential specifies a credential object that consists of -// a, b, e, s - signature value -// attrs - attribute values -type Credential struct { - A *amcl.ECP `protobuf:"bytes,1,opt,name=a,proto3" json:"a,omitempty"` - B *amcl.ECP `protobuf:"bytes,2,opt,name=b,proto3" json:"b,omitempty"` - E []byte `protobuf:"bytes,3,opt,name=e,proto3" json:"e,omitempty"` - S []byte `protobuf:"bytes,4,opt,name=s,proto3" json:"s,omitempty"` - Attrs [][]byte `protobuf:"bytes,5,rep,name=attrs,proto3" json:"attrs,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Credential) Reset() { *m = Credential{} } -func (m *Credential) String() string { return proto.CompactTextString(m) } -func (*Credential) ProtoMessage() {} -func (*Credential) Descriptor() ([]byte, []int) { - return fileDescriptor_7f94c3d451691341, []int{2} -} - -func (m *Credential) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Credential.Unmarshal(m, b) -} -func (m *Credential) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Credential.Marshal(b, m, deterministic) -} -func (m *Credential) XXX_Merge(src proto.Message) { - xxx_messageInfo_Credential.Merge(m, src) -} -func (m *Credential) XXX_Size() int { - return xxx_messageInfo_Credential.Size(m) -} -func (m *Credential) XXX_DiscardUnknown() { - xxx_messageInfo_Credential.DiscardUnknown(m) -} - -var xxx_messageInfo_Credential proto.InternalMessageInfo - -func (m *Credential) GetA() *amcl.ECP { - if m != nil { - return m.A - } - return nil -} - -func (m *Credential) GetB() *amcl.ECP { - if m != nil { - return m.B - } - return nil -} - -func (m *Credential) GetE() []byte { - if m != nil { - return m.E - } - return nil -} - -func (m *Credential) GetS() []byte { - if m != nil { - return m.S - } - return nil -} - -func (m *Credential) GetAttrs() [][]byte { - if m != nil { - return m.Attrs - } - return nil -} - -// CredRequest specifies a credential request object that consists of -// nym - a pseudonym, which is a commitment to the user secret -// issuer_nonce - a random nonce provided by the issuer -// proof_c, proof_s - a zero-knowledge proof of knowledge of the -// user secret inside Nym -type CredRequest struct { - Nym *amcl.ECP `protobuf:"bytes,1,opt,name=nym,proto3" json:"nym,omitempty"` - IssuerNonce []byte `protobuf:"bytes,2,opt,name=issuer_nonce,json=issuerNonce,proto3" json:"issuer_nonce,omitempty"` - ProofC []byte `protobuf:"bytes,3,opt,name=proof_c,json=proofC,proto3" json:"proof_c,omitempty"` - ProofS []byte `protobuf:"bytes,4,opt,name=proof_s,json=proofS,proto3" json:"proof_s,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *CredRequest) Reset() { *m = CredRequest{} } -func (m *CredRequest) String() string { return proto.CompactTextString(m) } -func (*CredRequest) ProtoMessage() {} -func (*CredRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_7f94c3d451691341, []int{3} -} - -func (m *CredRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CredRequest.Unmarshal(m, b) -} -func (m *CredRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CredRequest.Marshal(b, m, deterministic) -} -func (m *CredRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_CredRequest.Merge(m, src) -} -func (m *CredRequest) XXX_Size() int { - return xxx_messageInfo_CredRequest.Size(m) -} -func (m *CredRequest) XXX_DiscardUnknown() { - xxx_messageInfo_CredRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_CredRequest proto.InternalMessageInfo - -func (m *CredRequest) GetNym() *amcl.ECP { - if m != nil { - return m.Nym - } - return nil -} - -func (m *CredRequest) GetIssuerNonce() []byte { - if m != nil { - return m.IssuerNonce - } - return nil -} - -func (m *CredRequest) GetProofC() []byte { - if m != nil { - return m.ProofC - } - return nil -} - -func (m *CredRequest) GetProofS() []byte { - if m != nil { - return m.ProofS - } - return nil -} - -// EIDNym specifies a pseudonymous enrollment id object that consists of -// nym - pseudonymous enrollment id -// s_eid - field element -type EIDNym struct { - Nym *amcl.ECP `protobuf:"bytes,1,opt,name=nym,proto3" json:"nym,omitempty"` - ProofSEid []byte `protobuf:"bytes,2,opt,name=proof_s_eid,json=proofSEid,proto3" json:"proof_s_eid,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *EIDNym) Reset() { *m = EIDNym{} } -func (m *EIDNym) String() string { return proto.CompactTextString(m) } -func (*EIDNym) ProtoMessage() {} -func (*EIDNym) Descriptor() ([]byte, []int) { - return fileDescriptor_7f94c3d451691341, []int{4} -} - -func (m *EIDNym) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_EIDNym.Unmarshal(m, b) -} -func (m *EIDNym) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_EIDNym.Marshal(b, m, deterministic) -} -func (m *EIDNym) XXX_Merge(src proto.Message) { - xxx_messageInfo_EIDNym.Merge(m, src) -} -func (m *EIDNym) XXX_Size() int { - return xxx_messageInfo_EIDNym.Size(m) -} -func (m *EIDNym) XXX_DiscardUnknown() { - xxx_messageInfo_EIDNym.DiscardUnknown(m) -} - -var xxx_messageInfo_EIDNym proto.InternalMessageInfo - -func (m *EIDNym) GetNym() *amcl.ECP { - if m != nil { - return m.Nym - } - return nil -} - -func (m *EIDNym) GetProofSEid() []byte { - if m != nil { - return m.ProofSEid - } - return nil -} - -// RHNym specifies a pseudonymous revocation handle object that consists of -// nym - pseudonymous revocation handle -// s_rh - field element -type RHNym struct { - Nym *amcl.ECP `protobuf:"bytes,1,opt,name=nym,proto3" json:"nym,omitempty"` - ProofSRh []byte `protobuf:"bytes,2,opt,name=proof_s_rh,json=proofSRh,proto3" json:"proof_s_rh,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *RHNym) Reset() { *m = RHNym{} } -func (m *RHNym) String() string { return proto.CompactTextString(m) } -func (*RHNym) ProtoMessage() {} -func (*RHNym) Descriptor() ([]byte, []int) { - return fileDescriptor_7f94c3d451691341, []int{5} -} - -func (m *RHNym) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_RHNym.Unmarshal(m, b) -} -func (m *RHNym) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_RHNym.Marshal(b, m, deterministic) -} -func (m *RHNym) XXX_Merge(src proto.Message) { - xxx_messageInfo_RHNym.Merge(m, src) -} -func (m *RHNym) XXX_Size() int { - return xxx_messageInfo_RHNym.Size(m) -} -func (m *RHNym) XXX_DiscardUnknown() { - xxx_messageInfo_RHNym.DiscardUnknown(m) -} - -var xxx_messageInfo_RHNym proto.InternalMessageInfo - -func (m *RHNym) GetNym() *amcl.ECP { - if m != nil { - return m.Nym - } - return nil -} - -func (m *RHNym) GetProofSRh() []byte { - if m != nil { - return m.ProofSRh - } - return nil -} - -// Signature specifies a signature object that consists of -// a_prime, a_bar, b_prime, proof_* - randomized credential signature values -// and a zero-knowledge proof of knowledge of a credential -// and the corresponding user secret together with the attribute values -// nonce - a fresh nonce used for the signature -// nym - a fresh pseudonym (a commitment to to the user secret) -type Signature struct { - APrime *amcl.ECP `protobuf:"bytes,1,opt,name=a_prime,json=aPrime,proto3" json:"a_prime,omitempty"` - ABar *amcl.ECP `protobuf:"bytes,2,opt,name=a_bar,json=aBar,proto3" json:"a_bar,omitempty"` - BPrime *amcl.ECP `protobuf:"bytes,3,opt,name=b_prime,json=bPrime,proto3" json:"b_prime,omitempty"` - ProofC []byte `protobuf:"bytes,4,opt,name=proof_c,json=proofC,proto3" json:"proof_c,omitempty"` - ProofSSk []byte `protobuf:"bytes,5,opt,name=proof_s_sk,json=proofSSk,proto3" json:"proof_s_sk,omitempty"` - ProofSE []byte `protobuf:"bytes,6,opt,name=proof_s_e,json=proofSE,proto3" json:"proof_s_e,omitempty"` - ProofSR2 []byte `protobuf:"bytes,7,opt,name=proof_s_r2,json=proofSR2,proto3" json:"proof_s_r2,omitempty"` - ProofSR3 []byte `protobuf:"bytes,8,opt,name=proof_s_r3,json=proofSR3,proto3" json:"proof_s_r3,omitempty"` - ProofSSPrime []byte `protobuf:"bytes,9,opt,name=proof_s_s_prime,json=proofSSPrime,proto3" json:"proof_s_s_prime,omitempty"` - ProofSAttrs [][]byte `protobuf:"bytes,10,rep,name=proof_s_attrs,json=proofSAttrs,proto3" json:"proof_s_attrs,omitempty"` - Nonce []byte `protobuf:"bytes,11,opt,name=nonce,proto3" json:"nonce,omitempty"` - Nym *amcl.ECP `protobuf:"bytes,12,opt,name=nym,proto3" json:"nym,omitempty"` - ProofSRNym []byte `protobuf:"bytes,13,opt,name=proof_s_r_nym,json=proofSRNym,proto3" json:"proof_s_r_nym,omitempty"` - RevocationEpochPk *amcl.ECP2 `protobuf:"bytes,14,opt,name=revocation_epoch_pk,json=revocationEpochPk,proto3" json:"revocation_epoch_pk,omitempty"` - RevocationPkSig []byte `protobuf:"bytes,15,opt,name=revocation_pk_sig,json=revocationPkSig,proto3" json:"revocation_pk_sig,omitempty"` - Epoch int64 `protobuf:"varint,16,opt,name=epoch,proto3" json:"epoch,omitempty"` - NonRevocationProof *NonRevocationProof `protobuf:"bytes,17,opt,name=non_revocation_proof,json=nonRevocationProof,proto3" json:"non_revocation_proof,omitempty"` - EidNym *EIDNym `protobuf:"bytes,18,opt,name=eid_nym,json=eidNym,proto3" json:"eid_nym,omitempty"` - RhNym *RHNym `protobuf:"bytes,19,opt,name=rh_nym,json=rhNym,proto3" json:"rh_nym,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Signature) Reset() { *m = Signature{} } -func (m *Signature) String() string { return proto.CompactTextString(m) } -func (*Signature) ProtoMessage() {} -func (*Signature) Descriptor() ([]byte, []int) { - return fileDescriptor_7f94c3d451691341, []int{6} -} - -func (m *Signature) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Signature.Unmarshal(m, b) -} -func (m *Signature) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Signature.Marshal(b, m, deterministic) -} -func (m *Signature) XXX_Merge(src proto.Message) { - xxx_messageInfo_Signature.Merge(m, src) -} -func (m *Signature) XXX_Size() int { - return xxx_messageInfo_Signature.Size(m) -} -func (m *Signature) XXX_DiscardUnknown() { - xxx_messageInfo_Signature.DiscardUnknown(m) -} - -var xxx_messageInfo_Signature proto.InternalMessageInfo - -func (m *Signature) GetAPrime() *amcl.ECP { - if m != nil { - return m.APrime - } - return nil -} - -func (m *Signature) GetABar() *amcl.ECP { - if m != nil { - return m.ABar - } - return nil -} - -func (m *Signature) GetBPrime() *amcl.ECP { - if m != nil { - return m.BPrime - } - return nil -} - -func (m *Signature) GetProofC() []byte { - if m != nil { - return m.ProofC - } - return nil -} - -func (m *Signature) GetProofSSk() []byte { - if m != nil { - return m.ProofSSk - } - return nil -} - -func (m *Signature) GetProofSE() []byte { - if m != nil { - return m.ProofSE - } - return nil -} - -func (m *Signature) GetProofSR2() []byte { - if m != nil { - return m.ProofSR2 - } - return nil -} - -func (m *Signature) GetProofSR3() []byte { - if m != nil { - return m.ProofSR3 - } - return nil -} - -func (m *Signature) GetProofSSPrime() []byte { - if m != nil { - return m.ProofSSPrime - } - return nil -} - -func (m *Signature) GetProofSAttrs() [][]byte { - if m != nil { - return m.ProofSAttrs - } - return nil -} - -func (m *Signature) GetNonce() []byte { - if m != nil { - return m.Nonce - } - return nil -} - -func (m *Signature) GetNym() *amcl.ECP { - if m != nil { - return m.Nym - } - return nil -} - -func (m *Signature) GetProofSRNym() []byte { - if m != nil { - return m.ProofSRNym - } - return nil -} - -func (m *Signature) GetRevocationEpochPk() *amcl.ECP2 { - if m != nil { - return m.RevocationEpochPk - } - return nil -} - -func (m *Signature) GetRevocationPkSig() []byte { - if m != nil { - return m.RevocationPkSig - } - return nil -} - -func (m *Signature) GetEpoch() int64 { - if m != nil { - return m.Epoch - } - return 0 -} - -func (m *Signature) GetNonRevocationProof() *NonRevocationProof { - if m != nil { - return m.NonRevocationProof - } - return nil -} - -func (m *Signature) GetEidNym() *EIDNym { - if m != nil { - return m.EidNym - } - return nil -} - -func (m *Signature) GetRhNym() *RHNym { - if m != nil { - return m.RhNym - } - return nil -} - -// NonRevocationProof contains proof that the credential is not revoked -type NonRevocationProof struct { - RevocationAlg int32 `protobuf:"varint,1,opt,name=revocation_alg,json=revocationAlg,proto3" json:"revocation_alg,omitempty"` - NonRevocationProof []byte `protobuf:"bytes,2,opt,name=non_revocation_proof,json=nonRevocationProof,proto3" json:"non_revocation_proof,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *NonRevocationProof) Reset() { *m = NonRevocationProof{} } -func (m *NonRevocationProof) String() string { return proto.CompactTextString(m) } -func (*NonRevocationProof) ProtoMessage() {} -func (*NonRevocationProof) Descriptor() ([]byte, []int) { - return fileDescriptor_7f94c3d451691341, []int{7} -} - -func (m *NonRevocationProof) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_NonRevocationProof.Unmarshal(m, b) -} -func (m *NonRevocationProof) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_NonRevocationProof.Marshal(b, m, deterministic) -} -func (m *NonRevocationProof) XXX_Merge(src proto.Message) { - xxx_messageInfo_NonRevocationProof.Merge(m, src) -} -func (m *NonRevocationProof) XXX_Size() int { - return xxx_messageInfo_NonRevocationProof.Size(m) -} -func (m *NonRevocationProof) XXX_DiscardUnknown() { - xxx_messageInfo_NonRevocationProof.DiscardUnknown(m) -} - -var xxx_messageInfo_NonRevocationProof proto.InternalMessageInfo - -func (m *NonRevocationProof) GetRevocationAlg() int32 { - if m != nil { - return m.RevocationAlg - } - return 0 -} - -func (m *NonRevocationProof) GetNonRevocationProof() []byte { - if m != nil { - return m.NonRevocationProof - } - return nil -} - -// NymSignature specifies a signature object that signs a message -// with respect to a pseudonym. It differs from the standard idemix.signature in the fact that -// the standard signature object also proves that the pseudonym is based on a secret certified by -// a CA (issuer), whereas NymSignature only proves that the the owner of the pseudonym -// signed the message -type NymSignature struct { - // proof_c is the Fiat-Shamir challenge of the ZKP - ProofC []byte `protobuf:"bytes,1,opt,name=proof_c,json=proofC,proto3" json:"proof_c,omitempty"` - // proof_s_sk is the s-value proving knowledge of the user secret key - ProofSSk []byte `protobuf:"bytes,2,opt,name=proof_s_sk,json=proofSSk,proto3" json:"proof_s_sk,omitempty"` - // proof_s_r_nym is the s-value proving knowledge of the pseudonym secret - ProofSRNym []byte `protobuf:"bytes,3,opt,name=proof_s_r_nym,json=proofSRNym,proto3" json:"proof_s_r_nym,omitempty"` - // nonce is a fresh nonce used for the signature - Nonce []byte `protobuf:"bytes,4,opt,name=nonce,proto3" json:"nonce,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *NymSignature) Reset() { *m = NymSignature{} } -func (m *NymSignature) String() string { return proto.CompactTextString(m) } -func (*NymSignature) ProtoMessage() {} -func (*NymSignature) Descriptor() ([]byte, []int) { - return fileDescriptor_7f94c3d451691341, []int{8} -} - -func (m *NymSignature) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_NymSignature.Unmarshal(m, b) -} -func (m *NymSignature) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_NymSignature.Marshal(b, m, deterministic) -} -func (m *NymSignature) XXX_Merge(src proto.Message) { - xxx_messageInfo_NymSignature.Merge(m, src) -} -func (m *NymSignature) XXX_Size() int { - return xxx_messageInfo_NymSignature.Size(m) -} -func (m *NymSignature) XXX_DiscardUnknown() { - xxx_messageInfo_NymSignature.DiscardUnknown(m) -} - -var xxx_messageInfo_NymSignature proto.InternalMessageInfo - -func (m *NymSignature) GetProofC() []byte { - if m != nil { - return m.ProofC - } - return nil -} - -func (m *NymSignature) GetProofSSk() []byte { - if m != nil { - return m.ProofSSk - } - return nil -} - -func (m *NymSignature) GetProofSRNym() []byte { - if m != nil { - return m.ProofSRNym - } - return nil -} - -func (m *NymSignature) GetNonce() []byte { - if m != nil { - return m.Nonce - } - return nil -} - -type CredentialRevocationInformation struct { - // epoch contains the epoch (time window) in which this CRI is valid - Epoch int64 `protobuf:"varint,1,opt,name=epoch,proto3" json:"epoch,omitempty"` - // epoch_pk is the public key that is used by the revocation authority in this epoch - EpochPk *amcl.ECP2 `protobuf:"bytes,2,opt,name=epoch_pk,json=epochPk,proto3" json:"epoch_pk,omitempty"` - // epoch_pk_sig is a signature on the EpochPK valid under the revocation authority's long term key - EpochPkSig []byte `protobuf:"bytes,3,opt,name=epoch_pk_sig,json=epochPkSig,proto3" json:"epoch_pk_sig,omitempty"` - // revocation_alg denotes which revocation algorithm is used - RevocationAlg int32 `protobuf:"varint,4,opt,name=revocation_alg,json=revocationAlg,proto3" json:"revocation_alg,omitempty"` - // revocation_data contains data specific to the revocation algorithm used - RevocationData []byte `protobuf:"bytes,5,opt,name=revocation_data,json=revocationData,proto3" json:"revocation_data,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *CredentialRevocationInformation) Reset() { *m = CredentialRevocationInformation{} } -func (m *CredentialRevocationInformation) String() string { return proto.CompactTextString(m) } -func (*CredentialRevocationInformation) ProtoMessage() {} -func (*CredentialRevocationInformation) Descriptor() ([]byte, []int) { - return fileDescriptor_7f94c3d451691341, []int{9} -} - -func (m *CredentialRevocationInformation) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CredentialRevocationInformation.Unmarshal(m, b) -} -func (m *CredentialRevocationInformation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CredentialRevocationInformation.Marshal(b, m, deterministic) -} -func (m *CredentialRevocationInformation) XXX_Merge(src proto.Message) { - xxx_messageInfo_CredentialRevocationInformation.Merge(m, src) -} -func (m *CredentialRevocationInformation) XXX_Size() int { - return xxx_messageInfo_CredentialRevocationInformation.Size(m) -} -func (m *CredentialRevocationInformation) XXX_DiscardUnknown() { - xxx_messageInfo_CredentialRevocationInformation.DiscardUnknown(m) -} - -var xxx_messageInfo_CredentialRevocationInformation proto.InternalMessageInfo - -func (m *CredentialRevocationInformation) GetEpoch() int64 { - if m != nil { - return m.Epoch - } - return 0 -} - -func (m *CredentialRevocationInformation) GetEpochPk() *amcl.ECP2 { - if m != nil { - return m.EpochPk - } - return nil -} - -func (m *CredentialRevocationInformation) GetEpochPkSig() []byte { - if m != nil { - return m.EpochPkSig - } - return nil -} - -func (m *CredentialRevocationInformation) GetRevocationAlg() int32 { - if m != nil { - return m.RevocationAlg - } - return 0 -} - -func (m *CredentialRevocationInformation) GetRevocationData() []byte { - if m != nil { - return m.RevocationData - } - return nil -} - -func init() { - proto.RegisterType((*IssuerPublicKey)(nil), "idemix.IssuerPublicKey") - proto.RegisterType((*IssuerKey)(nil), "idemix.IssuerKey") - proto.RegisterType((*Credential)(nil), "idemix.Credential") - proto.RegisterType((*CredRequest)(nil), "idemix.CredRequest") - proto.RegisterType((*EIDNym)(nil), "idemix.EIDNym") - proto.RegisterType((*RHNym)(nil), "idemix.RHNym") - proto.RegisterType((*Signature)(nil), "idemix.Signature") - proto.RegisterType((*NonRevocationProof)(nil), "idemix.NonRevocationProof") - proto.RegisterType((*NymSignature)(nil), "idemix.NymSignature") - proto.RegisterType((*CredentialRevocationInformation)(nil), "idemix.CredentialRevocationInformation") -} - -func init() { - proto.RegisterFile("bccsp/schemes/dlog/crypto/idemix.proto", fileDescriptor_7f94c3d451691341) -} - -var fileDescriptor_7f94c3d451691341 = []byte{ - // 949 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x56, 0xcd, 0x8e, 0xe3, 0x44, - 0x10, 0x96, 0xe3, 0xd8, 0x99, 0x54, 0x3c, 0x33, 0xbb, 0xbd, 0x23, 0x8d, 0x35, 0xac, 0x96, 0x60, - 0x31, 0x4c, 0xe0, 0x30, 0x61, 0x33, 0x9c, 0xb8, 0x6d, 0x66, 0xa3, 0xdd, 0x08, 0x36, 0x8a, 0x3a, - 0x97, 0x15, 0x42, 0xb2, 0xda, 0x76, 0x6f, 0xdc, 0x4a, 0xfc, 0x43, 0xdb, 0x61, 0xc9, 0x05, 0x24, - 0x1e, 0x85, 0x23, 0x0f, 0xc1, 0x81, 0x23, 0x27, 0x9e, 0x81, 0x23, 0x4f, 0x81, 0xba, 0xdb, 0x7f, - 0x19, 0xcf, 0x2c, 0x97, 0xa4, 0xbb, 0xaa, 0xfa, 0xab, 0xea, 0xaf, 0xbe, 0xb2, 0x0d, 0x9f, 0x79, - 0xbe, 0x9f, 0xa5, 0xe3, 0xcc, 0x0f, 0x69, 0x44, 0xb3, 0x71, 0xb0, 0x4d, 0xd6, 0x63, 0x9f, 0xef, - 0xd3, 0x3c, 0x19, 0xb3, 0x80, 0x46, 0xec, 0xa7, 0xeb, 0x94, 0x27, 0x79, 0x82, 0x4c, 0xb5, 0xbb, - 0xf8, 0xea, 0xe1, 0xf8, 0x9c, 0x93, 0x38, 0xdb, 0x92, 0x3c, 0xe1, 0x63, 0x12, 0xf9, 0x5b, 0xf9, - 0xa3, 0x4e, 0x3b, 0x7f, 0x76, 0xe0, 0x74, 0x9e, 0x65, 0x3b, 0xca, 0x97, 0x3b, 0x6f, 0xcb, 0xfc, - 0x6f, 0xe8, 0x1e, 0x5d, 0xc1, 0x29, 0xc9, 0x73, 0xce, 0xbc, 0x5d, 0x4e, 0xdd, 0x98, 0x44, 0x34, - 0xb3, 0xb5, 0xa1, 0x3e, 0xea, 0xe3, 0x93, 0xca, 0xbc, 0x10, 0x56, 0xf4, 0x14, 0xba, 0xa1, 0x9b, - 0x6d, 0xec, 0xce, 0x50, 0x1b, 0x0d, 0x26, 0xfd, 0x6b, 0x89, 0x3b, 0xbb, 0x5d, 0x62, 0x3d, 0x5c, - 0x6d, 0xd0, 0x10, 0xcc, 0xd0, 0xe5, 0x24, 0x0e, 0x6c, 0xfd, 0xae, 0xdf, 0x08, 0x31, 0x89, 0x03, - 0xe4, 0x40, 0x2f, 0x74, 0x05, 0x66, 0x66, 0x77, 0x87, 0xfa, 0x61, 0x88, 0x19, 0xbe, 0x10, 0x0e, - 0x64, 0x83, 0xf6, 0xde, 0x36, 0x24, 0x00, 0x54, 0xde, 0x09, 0xd6, 0xde, 0x0b, 0x7c, 0x8f, 0x70, - 0x77, 0xfd, 0xdc, 0x36, 0x5b, 0xf8, 0x1e, 0xe1, 0xaf, 0x9e, 0x57, 0x11, 0x13, 0xbb, 0x77, 0x6f, - 0xc4, 0x04, 0x9d, 0x43, 0x2f, 0xe5, 0x49, 0xf2, 0xce, 0xf5, 0xed, 0xa3, 0xa1, 0x36, 0xb2, 0xb0, - 0x29, 0xb7, 0xb7, 0xb5, 0x23, 0xb3, 0xfb, 0x0d, 0xc7, 0x0a, 0x21, 0xe8, 0x86, 0x24, 0x0b, 0x6d, - 0x90, 0x56, 0xb9, 0x76, 0x5e, 0x43, 0x5f, 0x71, 0x28, 0xd8, 0x7b, 0x04, 0x3a, 0xcb, 0x36, 0xb6, - 0x26, 0xfd, 0x62, 0x89, 0x3e, 0x07, 0x9d, 0xa5, 0x25, 0x4b, 0xe7, 0xd7, 0x45, 0xf7, 0xee, 0xb0, - 0x8e, 0x45, 0x8c, 0x93, 0x02, 0xdc, 0x72, 0x1a, 0xd0, 0x38, 0x67, 0x64, 0x8b, 0xce, 0x41, 0x23, - 0x12, 0xe8, 0xa0, 0x74, 0x8d, 0x08, 0x87, 0xd7, 0x66, 0x5d, 0xf3, 0x90, 0x05, 0x1a, 0x95, 0x74, - 0x5b, 0x58, 0xa3, 0x62, 0x27, 0x98, 0x95, 0xbb, 0x0c, 0x9d, 0x81, 0xa1, 0xb8, 0x36, 0x86, 0xfa, - 0xc8, 0xc2, 0x6a, 0xe3, 0xfc, 0x02, 0x03, 0x91, 0x11, 0xd3, 0x1f, 0x76, 0x34, 0xcb, 0xd1, 0x47, - 0xa0, 0xc7, 0xfb, 0xa8, 0x9d, 0x54, 0x58, 0xd1, 0x27, 0x60, 0x31, 0x59, 0xb5, 0x1b, 0x27, 0xb1, - 0x4f, 0x65, 0x05, 0x16, 0x1e, 0x28, 0xdb, 0x42, 0x98, 0x9a, 0x84, 0xea, 0x0f, 0x11, 0xda, 0x6d, - 0x12, 0xea, 0xcc, 0xc0, 0x9c, 0xcd, 0x5f, 0x2e, 0xf6, 0xd1, 0x87, 0x73, 0x3f, 0x83, 0x41, 0x71, - 0xde, 0xa5, 0x2c, 0x28, 0x52, 0xf7, 0x15, 0xc6, 0x8c, 0x05, 0xce, 0x14, 0x0c, 0xfc, 0xfa, 0x7f, - 0x51, 0x9e, 0x02, 0x94, 0x28, 0x3c, 0x2c, 0x40, 0x8e, 0x14, 0x08, 0x0e, 0x9d, 0x3f, 0x0c, 0xe8, - 0xaf, 0xd8, 0x3a, 0x26, 0xf9, 0x8e, 0x53, 0xa1, 0x4e, 0xe2, 0xa6, 0x9c, 0x45, 0xb4, 0x0d, 0x66, - 0x92, 0xa5, 0x70, 0xa0, 0x67, 0x60, 0x10, 0xd7, 0x23, 0xbc, 0xdd, 0x8c, 0x2e, 0x99, 0x12, 0x2e, - 0x30, 0xbc, 0x02, 0xa3, 0x35, 0x04, 0xa6, 0xa7, 0x30, 0x1a, 0x94, 0x75, 0x0f, 0x28, 0x6b, 0x14, - 0x9b, 0x6d, 0xe4, 0x0c, 0x54, 0xc5, 0xae, 0x36, 0xe8, 0x02, 0xfa, 0x15, 0x21, 0x72, 0x02, 0x2c, - 0xdc, 0x2b, 0xe8, 0x38, 0xb8, 0xa6, 0x12, 0x7f, 0x7d, 0xcd, 0xc9, 0x81, 0xf7, 0xa6, 0xd0, 0x7d, - 0xe9, 0xbd, 0x41, 0x97, 0x70, 0x5a, 0x65, 0x2d, 0x4a, 0x57, 0x13, 0x60, 0x15, 0xa9, 0x55, 0xd5, - 0x0e, 0x1c, 0x97, 0x61, 0x4a, 0x55, 0x20, 0x55, 0xa5, 0x9a, 0xb4, 0x52, 0xb3, 0x7b, 0x06, 0x86, - 0x12, 0xca, 0x40, 0x02, 0xa8, 0x4d, 0xd9, 0x20, 0xeb, 0x01, 0x89, 0x55, 0xb0, 0xdc, 0x15, 0x61, - 0xc7, 0xf2, 0x28, 0x14, 0xe5, 0x89, 0x06, 0x7f, 0x0d, 0x4f, 0x38, 0xfd, 0x31, 0xf1, 0x49, 0xce, - 0x92, 0xd8, 0xa5, 0x69, 0xe2, 0x87, 0x6e, 0xba, 0xb1, 0x4f, 0x5a, 0xcf, 0x88, 0xc7, 0x75, 0xd8, - 0x4c, 0x44, 0x2d, 0x37, 0xe8, 0x0b, 0x68, 0x18, 0xdd, 0x74, 0xe3, 0x66, 0x6c, 0x6d, 0x9f, 0xca, - 0x14, 0xa7, 0xb5, 0x63, 0xb9, 0x59, 0xb1, 0xb5, 0xa8, 0x5e, 0x82, 0xdb, 0x8f, 0x86, 0xda, 0x48, - 0xc7, 0x6a, 0x83, 0xbe, 0x85, 0xb3, 0x38, 0x89, 0xdd, 0x26, 0x8a, 0x28, 0xcd, 0x7e, 0x2c, 0xd3, - 0x5f, 0x94, 0xd3, 0xbd, 0x48, 0x62, 0x5c, 0xe3, 0x89, 0x08, 0x8c, 0xe2, 0x96, 0x0d, 0x5d, 0x41, - 0x8f, 0xb2, 0x40, 0x5e, 0x14, 0x49, 0x80, 0x93, 0x12, 0x40, 0xcd, 0x04, 0x36, 0x29, 0x0b, 0xc4, - 0xa5, 0x3f, 0x05, 0x93, 0x87, 0x32, 0xee, 0x89, 0x8c, 0x3b, 0x2e, 0xe3, 0xa4, 0xe8, 0xb1, 0xc1, - 0xc3, 0xc5, 0x3e, 0x72, 0x22, 0x40, 0xed, 0xc4, 0xe8, 0x12, 0x4e, 0x1a, 0xe5, 0x92, 0xed, 0x5a, - 0xea, 0xd9, 0xc0, 0xc7, 0xb5, 0xf5, 0xc5, 0x76, 0x8d, 0xbe, 0x7c, 0xe0, 0x66, 0x6a, 0x4a, 0xee, - 0xa9, 0xde, 0xf9, 0x19, 0xac, 0xc5, 0x3e, 0xaa, 0x27, 0xa6, 0xa1, 0x64, 0xed, 0x03, 0x4a, 0xee, - 0xdc, 0x51, 0x72, 0xab, 0xe7, 0x7a, 0xab, 0xe7, 0x95, 0x92, 0xba, 0x0d, 0x25, 0x39, 0x7f, 0x6b, - 0xf0, 0x71, 0xfd, 0xb8, 0xac, 0xab, 0x9b, 0xc7, 0xef, 0x12, 0x1e, 0xc9, 0x65, 0xdd, 0x45, 0xad, - 0xd9, 0xc5, 0x4b, 0x38, 0xaa, 0x84, 0xd3, 0x69, 0x09, 0xa7, 0x47, 0x0b, 0xb9, 0x0c, 0xc1, 0x2a, - 0xc3, 0xa4, 0x52, 0x8a, 0xc2, 0x0a, 0xb7, 0x10, 0x49, 0x9b, 0xdb, 0xee, 0x7d, 0xdc, 0x5e, 0x41, - 0x43, 0x5e, 0x6e, 0x40, 0x72, 0x52, 0xcc, 0x73, 0xe3, 0xf4, 0x4b, 0x92, 0x93, 0xe9, 0xaf, 0x1a, - 0x80, 0x9f, 0x44, 0x45, 0x77, 0xa7, 0x83, 0xb9, 0xfc, 0x5f, 0x8a, 0x77, 0xf5, 0x52, 0xfb, 0x6e, - 0xbc, 0x66, 0x79, 0xb8, 0xf3, 0xae, 0xfd, 0x24, 0x1a, 0xcf, 0xa7, 0x6f, 0x8a, 0x0f, 0x81, 0xf1, - 0x3d, 0x6f, 0x7e, 0xe5, 0xf9, 0xad, 0xa3, 0xcf, 0xdf, 0xbe, 0xfd, 0xbd, 0x63, 0x2a, 0x98, 0xbf, - 0xca, 0xc5, 0x3f, 0x1d, 0xa4, 0x16, 0xdf, 0xbf, 0x5a, 0x4e, 0xdf, 0xd0, 0x9c, 0x88, 0x8a, 0xfe, - 0x2d, 0xbd, 0x9e, 0x29, 0xbf, 0x0d, 0x6e, 0xfe, 0x0b, 0x00, 0x00, 0xff, 0xff, 0xe3, 0x36, 0xd7, - 0xe8, 0x83, 0x08, 0x00, 0x00, -} diff --git a/bccsp/schemes/dlog/crypto/idemix.proto b/bccsp/schemes/dlog/crypto/idemix.proto deleted file mode 100644 index 3e11e35e..00000000 --- a/bccsp/schemes/dlog/crypto/idemix.proto +++ /dev/null @@ -1,150 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -syntax = "proto3"; - -option go_package = "github.com/IBM/idemix/bccsp/schemes/dlog/idemix"; - -// The Identity Mixer protocols make use of pairings (bilinear maps) - -// functions that can be described as e: G1 x G2 -> GT that -// map group elements from the source groups (G1 and G2) to the target group -// Such groups can be represented by the points on an elliptic curve - -package idemix; - -import "bccsp/schemes/dlog/crypto/translator/amcl/amcl.proto"; - -// IssuerPublicKey specifies an issuer public key that consists of -// attribute_names - a list of the attribute names of a credential issued by the issuer -// h_sk, h_rand, h_attrs, w, bar_g1, bar_g2 - group elements corresponding to the signing key, randomness, and attributes -// proof_c, proof_s compose a zero-knowledge proof of knowledge of the secret key -// hash is a hash of the public key appended to it -message IssuerPublicKey { - repeated string attribute_names = 1; - amcl.ECP h_sk = 2; - amcl.ECP h_rand = 3; - repeated amcl.ECP h_attrs = 4; - amcl.ECP2 w = 5; - amcl.ECP bar_g1 = 6; - amcl.ECP bar_g2 = 7; - bytes proof_c = 8; - bytes proof_s = 9; - bytes hash = 10; -} - -// IssuerKey specifies an issuer key pair that consists of -// ISk - the issuer secret key and -// IssuerPublicKey - the issuer public key -message IssuerKey { - bytes isk = 1; - IssuerPublicKey ipk = 2; -} - -// Credential specifies a credential object that consists of -// a, b, e, s - signature value -// attrs - attribute values -message Credential { - amcl.ECP a = 1; - amcl.ECP b = 2; - bytes e = 3; - bytes s = 4; - repeated bytes attrs = 5; -} - -// CredRequest specifies a credential request object that consists of -// nym - a pseudonym, which is a commitment to the user secret -// issuer_nonce - a random nonce provided by the issuer -// proof_c, proof_s - a zero-knowledge proof of knowledge of the -// user secret inside Nym -message CredRequest { - amcl.ECP nym = 1; - bytes issuer_nonce = 2; - bytes proof_c = 3; - bytes proof_s = 4; -} - -// EIDNym specifies a pseudonymous enrollment id object that consists of -// nym - pseudonymous enrollment id -// s_eid - field element -message EIDNym { - amcl.ECP nym = 1; - bytes proof_s_eid = 2; -} - -// RHNym specifies a pseudonymous revocation handle object that consists of -// nym - pseudonymous revocation handle -// s_rh - field element -message RHNym { - amcl.ECP nym = 1; - bytes proof_s_rh = 2; -} - -// Signature specifies a signature object that consists of -// a_prime, a_bar, b_prime, proof_* - randomized credential signature values -// and a zero-knowledge proof of knowledge of a credential -// and the corresponding user secret together with the attribute values -// nonce - a fresh nonce used for the signature -// nym - a fresh pseudonym (a commitment to to the user secret) -message Signature { - amcl.ECP a_prime = 1; - amcl.ECP a_bar = 2; - amcl.ECP b_prime = 3; - bytes proof_c = 4; - bytes proof_s_sk = 5; - bytes proof_s_e = 6; - bytes proof_s_r2 = 7; - bytes proof_s_r3 = 8; - bytes proof_s_s_prime = 9; - repeated bytes proof_s_attrs = 10; - bytes nonce = 11; - amcl.ECP nym = 12; - bytes proof_s_r_nym = 13; - amcl.ECP2 revocation_epoch_pk = 14; - bytes revocation_pk_sig = 15; - int64 epoch = 16; - NonRevocationProof non_revocation_proof = 17; - EIDNym eid_nym = 18; - RHNym rh_nym = 19; -} - -// NonRevocationProof contains proof that the credential is not revoked -message NonRevocationProof { - int32 revocation_alg = 1; - bytes non_revocation_proof = 2; -} - -// NymSignature specifies a signature object that signs a message -// with respect to a pseudonym. It differs from the standard idemix.signature in the fact that -// the standard signature object also proves that the pseudonym is based on a secret certified by -// a CA (issuer), whereas NymSignature only proves that the the owner of the pseudonym -// signed the message -message NymSignature { - // proof_c is the Fiat-Shamir challenge of the ZKP - bytes proof_c = 1; - // proof_s_sk is the s-value proving knowledge of the user secret key - bytes proof_s_sk = 2; - //proof_s_r_nym is the s-value proving knowledge of the pseudonym secret - bytes proof_s_r_nym = 3; - // nonce is a fresh nonce used for the signature - bytes nonce = 4; -} - -message CredentialRevocationInformation { - // epoch contains the epoch (time window) in which this CRI is valid - int64 epoch = 1; - - // epoch_pk is the public key that is used by the revocation authority in this epoch - amcl.ECP2 epoch_pk = 2; - - // epoch_pk_sig is a signature on the EpochPK valid under the revocation authority's long term key - bytes epoch_pk_sig = 3; - - // revocation_alg denotes which revocation algorithm is used - int32 revocation_alg = 4; - - // revocation_data contains data specific to the revocation algorithm used - bytes revocation_data = 5; -} diff --git a/bccsp/schemes/dlog/crypto/idemix_test.go b/bccsp/schemes/dlog/crypto/idemix_test.go deleted file mode 100644 index a4a72e9b..00000000 --- a/bccsp/schemes/dlog/crypto/idemix_test.go +++ /dev/null @@ -1,843 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemix - -import ( - "bytes" - "sync" - "testing" - - math "github.com/IBM/mathlib" - "github.com/stretchr/testify/require" - - "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" - opts "github.com/IBM/idemix/bccsp/types" -) - -type testEnv struct { - curve *math.Curve - tr Translator -} - -var envs = []testEnv{ - { - curve: math.Curves[math.FP256BN_AMCL], - tr: &amcl.Fp256bn{ - C: math.Curves[math.FP256BN_AMCL], - }, - }, - { - curve: math.Curves[math.FP256BN_AMCL_MIRACL], - tr: &amcl.Fp256bnMiracl{ - C: math.Curves[math.FP256BN_AMCL_MIRACL], - }, - }, - { - curve: math.Curves[math.BN254], - tr: &amcl.Gurvy{ - C: math.Curves[math.BN254], - }, - }, - { - curve: math.Curves[math.BLS12_381], - tr: &amcl.Gurvy{ - C: math.Curves[math.BLS12_381], - }, - }, - { - curve: math.Curves[math.BLS12_381_GURVY], - tr: &amcl.Gurvy{ - C: math.Curves[math.BLS12_381_GURVY], - }, - }, - { - curve: math.Curves[math.BLS12_377_GURVY], - tr: &amcl.Gurvy{ - C: math.Curves[math.BLS12_377_GURVY], - }, - }, -} - -func TestIdemixAllCurves(t *testing.T) { - for _, e := range envs { - testIdemix(t, e.curve, e.tr) - } -} - -func testIdemix(t *testing.T, curve *math.Curve, tr Translator) { - idmx := &Idemix{ - Curve: curve, - } - - rng, err := curve.Rand() - require.NoError(t, err) - - // Test idemix functionality - AttributeNames := []string{"Attr1", "Attr2", "Attr3", "Attr4", "Attr5"} - attrs := make([]*math.Zr, len(AttributeNames)) - for i := range AttributeNames { - attrs[i] = curve.NewZrFromInt(int64(i)) - } - - // Test issuer key generation - if err != nil { - t.Fatalf("Error getting rng: \"%s\"", err) - return - } - // Create a new key pair - key, err := idmx.NewIssuerKey(AttributeNames, rng, tr) - if err != nil { - t.Fatalf("Issuer key generation should have succeeded but gave error \"%s\"", err) - return - } - - // Check that the key is valid - err = key.GetIpk().Check(curve, tr) - if err != nil { - t.Fatalf("Issuer public key should be valid") - return - } - - // Make sure Check() is invalid for a public key with invalid proof - proofC := key.Ipk.GetProofC() - key.Ipk.ProofC = curve.NewRandomZr(rng).Bytes() - require.Error(t, key.Ipk.Check(curve, tr), "public key with broken zero-knowledge proof should be invalid") - - // Make sure Check() is invalid for a public key with incorrect number of HAttrs - hAttrs := key.Ipk.GetHAttrs() - key.Ipk.HAttrs = key.Ipk.HAttrs[:0] - require.Error(t, key.Ipk.Check(curve, tr), "public key with incorrect number of HAttrs should be invalid") - key.Ipk.HAttrs = hAttrs - - // Restore IPk to be valid - key.Ipk.ProofC = proofC - h := key.Ipk.GetHash() - require.NoError(t, key.Ipk.Check(curve, tr), "restored public key should be valid") - require.Zero(t, bytes.Compare(h, key.Ipk.GetHash()), "IPK hash changed on ipk Check") - - // Create public with duplicate attribute names should fail - _, err = idmx.NewIssuerKey([]string{"Attr1", "Attr2", "Attr1"}, rng, tr) - require.Error(t, err, "issuer key generation should fail with duplicate attribute names") - - // Test issuance - sk := curve.NewRandomZr(rng) - ni := curve.NewRandomZr(rng) - m, err := idmx.NewCredRequest(sk, ni.Bytes(), key.Ipk, rng, tr) - require.NoError(t, err, "NewCredRequest failed: \"%s\"", err) - - cred, err := idmx.NewCredential(key, m, attrs, rng, tr) - require.NoError(t, err, "Failed to issue a credential: \"%s\"", err) - - require.NoError(t, cred.Ver(sk, key.Ipk, idmx.Curve, tr), "credential should be valid") - - // Issuing a credential with the incorrect amount of attributes should fail - _, err = idmx.NewCredential(key, m, []*math.Zr{}, rng, tr) - require.Error(t, err, "issuing a credential with the incorrect amount of attributes should fail") - - // Breaking the ZK proof of the CredRequest should make it invalid - proofC = m.GetProofC() - m.ProofC = curve.NewRandomZr(rng).Bytes() - require.Error(t, m.Check(key.Ipk, idmx.Curve, tr), "CredRequest with broken ZK proof should not be valid") - - // Creating a credential from a broken CredRequest should fail - _, err = idmx.NewCredential(key, m, attrs, rng, tr) - require.Error(t, err, "creating a credential from an invalid CredRequest should fail") - m.ProofC = proofC - - // A credential with nil attribute should be invalid - attrsBackup := cred.GetAttrs() - cred.Attrs = [][]byte{nil, nil, nil, nil, nil} - require.Error(t, cred.Ver(sk, key.Ipk, idmx.Curve, tr), "credential with nil attribute should be invalid") - cred.Attrs = attrsBackup - - // Generate a revocation key pair - revocationKey, err := idmx.GenerateLongTermRevocationKey() - require.NoError(t, err) - - // Create CRI that contains no revocation mechanism - epoch := 0 - cri, err := idmx.CreateCRI(revocationKey, []*math.Zr{}, epoch, ALG_NO_REVOCATION, rng, tr) - require.NoError(t, err) - err = idmx.VerifyEpochPK(&revocationKey.PublicKey, cri.EpochPk, cri.EpochPkSig, int(cri.Epoch), RevocationAlgorithm(cri.RevocationAlg)) - require.NoError(t, err) - - // make sure that epoch pk is not valid in future epoch - err = idmx.VerifyEpochPK(&revocationKey.PublicKey, cri.EpochPk, cri.EpochPkSig, int(cri.Epoch)+1, RevocationAlgorithm(cri.RevocationAlg)) - require.Error(t, err) - - // Test bad input - _, err = idmx.CreateCRI(nil, []*math.Zr{}, epoch, ALG_NO_REVOCATION, rng, tr) - require.Error(t, err) - _, err = idmx.CreateCRI(revocationKey, []*math.Zr{}, epoch, ALG_NO_REVOCATION, nil, tr) - require.Error(t, err) - - // Test signing no disclosure - Nym, RandNym, err := idmx.MakeNym(sk, key.Ipk, rng, tr) - require.NoError(t, err, "MakeNym failed: \"%s\"", err) - - disclosure := []byte{0, 0, 0, 0, 0} - msg := []byte{1, 2, 3, 4, 5} - rhindex := 4 - sig, _, err := idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, 0, cri, rng, tr, opts.Standard, nil) - require.NoError(t, err) - - err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) - if err != nil { - t.Fatalf("Signature should be valid but verification returned error: %s", err) - return - } - - err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) - if err != nil { - t.Fatalf("Signature should be valid but verification returned error: %s", err) - return - } - - err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.Error(t, err) - require.Equal(t, "no EidNym provided but ExpectEidNym required", err.Error()) - - eidIndex := 2 - sig, meta, err := idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, eidIndex, cri, rng, tr, opts.EidNym, nil) - require.NoError(t, err) - - // assert that the returned randomness is the right one - H_a_eid, err := tr.G1FromProto(key.Ipk.HAttrs[eidIndex]) - require.NoError(t, err, "G1FromProto failed: \"%s\"", err) - HRand, err := tr.G1FromProto(key.Ipk.HRand) - require.NoError(t, err, "G1FromProto failed: \"%s\"", err) - Nym_eid := H_a_eid.Mul2(attrs[eidIndex], HRand, meta.EidNymAuditData.Rand) - EidNym, err := tr.G1FromProto(sig.EidNym.Nym) - require.NoError(t, err, "G1FromProto failed: \"%s\"", err) - require.True(t, Nym_eid.Equals(EidNym)) - - err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) - if err != nil { - t.Fatalf("Signature should be valid but verification returned error: %s", err) - return - } - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) - require.Error(t, err) - require.Equal(t, "EidNym available but ExpectStandard required", err.Error()) - - // supply the meta to audit the nym eid - err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.NoError(t, err) - - sig, meta2, err := idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, eidIndex, cri, rng, tr, opts.EidNym, meta) - require.NoError(t, err) - require.True(t, meta.EidNymAuditData.Rand.Equals(meta2.EidNymAuditData.Rand)) - require.True(t, meta.EidNymAuditData.Nym.Equals(meta2.EidNymAuditData.Nym)) - require.True(t, meta.EidNymAuditData.Attr.Equals(meta2.EidNymAuditData.Attr)) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta2) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.NoError(t, err) - meta2.EidNym = meta2.EidNymAuditData.Nym.Bytes() - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta2) - require.NoError(t, err) - meta2.EidNym = []byte{0, 1, 2} - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta2) - require.Equal(t, "signature invalid: nym eid validation failed, failed to unmarshal meta nym eid", err.Error()) - meta2.EidNym = meta2.EidNymAuditData.Nym.Mul(curve.NewZrFromInt(2)).Bytes() - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta2) - require.Equal(t, "signature invalid: nym eid validation failed, signature nym eid does not match metadata", err.Error()) - meta2.EidNym = nil - meta2.EidNymAuditData.Nym = meta2.EidNymAuditData.Nym.Mul(curve.NewZrFromInt(2)) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta2) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match metadata", err.Error()) - meta2.EidNymAuditData.Nym = nil - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta2) - require.NoError(t, err) - - // tamper with the randomness of the nym eid to expect a failed verification - meta.EidNymAuditData.Attr = curve.NewZrFromInt(35) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) - - // Test signing selective disclosure - disclosure = []byte{0, 1, 1, 1, 0} - sig, _, err = idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, 0, cri, rng, tr, opts.Standard, nil) - require.NoError(t, err) - - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.Error(t, err) - require.Equal(t, "no EidNym provided but ExpectEidNym required", err.Error()) - - // Test NymSignatures - nymsig, err := idmx.NewNymSignature(sk, Nym, RandNym, key.Ipk, []byte("testing"), rng, tr) - require.NoError(t, err) - - err = nymsig.Ver(Nym, key.Ipk, []byte("testing"), idmx.Curve, tr) - if err != nil { - t.Fatalf("NymSig should be valid but verification returned error: %s", err) - return - } -} - -func TestCredentialVerParallelAMCL(t *testing.T) { - t.Parallel() - curve := math.Curves[math.FP256BN_AMCL_MIRACL] - testCredentialVerParallel( - t, - curve, - &amcl.Fp256bnMiracl{C: curve}, - ) -} - -func TestCredentialVerParallelGurvy254(t *testing.T) { - t.Parallel() - curve := math.Curves[math.BN254] - testCredentialVerParallel( - t, - curve, - &amcl.Gurvy{C: curve}, - ) -} - -func testCredentialVerParallel(t *testing.T, curve *math.Curve, tr Translator) { - idmx := &Idemix{ - Curve: curve, - } - rng, err := curve.Rand() - require.NoError(t, err) - AttributeNames := []string{"Attr1", "Attr2", "Attr3", "Attr4", "Attr5"} - attrs := make([]*math.Zr, len(AttributeNames)) - for i := range AttributeNames { - attrs[i] = curve.NewZrFromInt(int64(i)) - } - // Create a new key pair - key, err := idmx.NewIssuerKey(AttributeNames, rng, tr) - require.NoError(t, err) - - // Check that the key is valid - err = key.GetIpk().Check(curve, tr) - require.NoError(t, err) - - // Test issuance - waitGroup := &sync.WaitGroup{} - waitGroup.Add(100) - for i := 0; i < 100; i++ { - go func() { - defer waitGroup.Done() - - rng, err := curve.Rand() - require.NoError(t, err) - sk := curve.NewRandomZr(rng) - ni := curve.NewRandomZr(rng) - m, err := idmx.NewCredRequest(sk, ni.Bytes(), key.Ipk, rng, tr) - require.NoError(t, err, "NewCredRequest failed: \"%s\"", err) - cred, err := idmx.NewCredential(key, m, attrs, rng, tr) - require.NoError(t, err, "Failed to issue a credential: \"%s\"", err) - require.NoError(t, cred.Ver(sk, key.Ipk, idmx.Curve, tr), "credential should be valid") - }() - } - waitGroup.Wait() -} - -func TestSigParallelAMCL(t *testing.T) { - t.Parallel() - curve := math.Curves[math.FP256BN_AMCL_MIRACL] - testSigParallel( - t, - curve, - &amcl.Fp256bnMiracl{C: curve}, - ) -} - -func TestSigParallelGurvy254(t *testing.T) { - t.Parallel() - curve := math.Curves[math.BN254] - testSigParallel( - t, - curve, - &amcl.Gurvy{C: curve}, - ) -} - -func testSigParallel(t *testing.T, curve *math.Curve, tr Translator) { - idmx := &Idemix{ - Curve: curve, - } - // Test weak BB sigs: - // Test KeyGen - rng, err := curve.Rand() - require.NoError(t, err) - - // Test idemix functionality - AttributeNames := []string{"Attr1", "Attr2", "Attr3", "Attr4", "Attr5"} - attrs := make([]*math.Zr, len(AttributeNames)) - for i := range AttributeNames { - attrs[i] = curve.NewZrFromInt(int64(i)) - } - - // Create a new key pair - key, err := idmx.NewIssuerKey(AttributeNames, rng, tr) - require.NoError(t, err) - - // Check that the key is valid - err = key.GetIpk().Check(curve, tr) - require.NoError(t, err) - - // Test issuance - sk := curve.NewRandomZr(rng) - ni := curve.NewRandomZr(rng) - m, err := idmx.NewCredRequest(sk, ni.Bytes(), key.Ipk, rng, tr) - require.NoError(t, err, "NewCredRequest failed: \"%s\"", err) - - cred, err := idmx.NewCredential(key, m, attrs, rng, tr) - require.NoError(t, err, "Failed to issue a credential: \"%s\"", err) - require.NoError(t, cred.Ver(sk, key.Ipk, idmx.Curve, tr), "credential should be valid") - - // Generate a revocation key pair - revocationKey, err := idmx.GenerateLongTermRevocationKey() - require.NoError(t, err) - - // Create CRI that contains no revocation mechanism - epoch := 0 - cri, err := idmx.CreateCRI(revocationKey, []*math.Zr{}, epoch, ALG_NO_REVOCATION, rng, tr) - require.NoError(t, err) - err = idmx.VerifyEpochPK(&revocationKey.PublicKey, cri.EpochPk, cri.EpochPkSig, int(cri.Epoch), RevocationAlgorithm(cri.RevocationAlg)) - require.NoError(t, err) - - Nym, RandNym, err := idmx.MakeNym(sk, key.Ipk, rng, tr) - require.NoError(t, err, "MakeNym failed: \"%s\"", err) - - waitGroup := &sync.WaitGroup{} - n := 100 - - waitGroup.Add(n) - for i := 0; i < n; i++ { - go func() { - defer waitGroup.Done() - rng, _ := curve.Rand() - - // Test signing no disclosure - - disclosure := []byte{0, 0, 0, 0, 0} - msg := []byte{1, 2, 3, 4, 5} - rhindex := 4 - sig, _, err := idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, 0, cri, rng, tr, opts.Standard, nil) - require.NoError(t, err) - - err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) - if err != nil { - t.Logf("Signature should be valid but verification returned error: %s", err) - t.Fail() - return - } - - err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) - if err != nil { - t.Logf("Signature should be valid but verification returned error: %s", err) - t.Fail() - return - } - - err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.Error(t, err) - require.Equal(t, "no EidNym provided but ExpectEidNym required", err.Error()) - - eidIndex := 2 - sig, meta, err := idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, eidIndex, cri, rng, tr, opts.EidNym, nil) - require.NoError(t, err) - - // assert that the returned randomness is the right one - H_a_eid, err := tr.G1FromProto(key.Ipk.HAttrs[eidIndex]) - if err != nil { - t.Logf("G1FromProto returned error: %s", err) - t.Fail() - return - } - HRand, err := tr.G1FromProto(key.Ipk.HRand) - if err != nil { - t.Logf("G1FromProto returned error: %s", err) - t.Fail() - return - } - Nym_eid := H_a_eid.Mul2(attrs[eidIndex], HRand, meta.EidNymAuditData.Rand) - EidNym, err := tr.G1FromProto(sig.EidNym.Nym) - if err != nil { - t.Logf("G1FromProto returned error: %s", err) - t.Fail() - return - } - require.True(t, Nym_eid.Equals(EidNym)) - - err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) - if err != nil { - t.Logf("Signature should be valid but verification returned error: %s", err) - t.Fail() - return - } - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) - require.Error(t, err) - require.Equal(t, "EidNym available but ExpectStandard required", err.Error()) - - // supply the meta to audit the nym eid - err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.NoError(t, err) - // tamper with the randomness of the nym eid to expect a failed verification - meta.EidNymAuditData.Attr = curve.NewZrFromInt(35) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) - - // Test signing selective disclosure - disclosure = []byte{0, 1, 1, 1, 0} - sig, _, err = idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, 0, cri, rng, tr, opts.Standard, nil) - require.NoError(t, err) - - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.Error(t, err) - require.Equal(t, "no EidNym provided but ExpectEidNym required", err.Error()) - }() - } - - waitGroup.Add(n) - for i := 0; i < n; i++ { - go func() { - defer waitGroup.Done() - rng, _ := curve.Rand() - - disclosure := []byte{0, 0, 0, 0, 0} - msg := []byte{1, 2, 3, 4, 5} - rhindex := 4 - - eidIndex := 2 - sig, meta, err := idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, eidIndex, cri, rng, tr, opts.EidNym, nil) - require.NoError(t, err) - - // assert that the returned randomness is the right one - H_a_eid, err := tr.G1FromProto(key.Ipk.HAttrs[eidIndex]) - require.NoError(t, err) - HRand, err := tr.G1FromProto(key.Ipk.HRand) - require.NoError(t, err) - Nym_eid := H_a_eid.Mul2(attrs[eidIndex], HRand, meta.EidNymAuditData.Rand) - EidNym, err := tr.G1FromProto(sig.EidNym.Nym) - require.NoError(t, err) - require.True(t, Nym_eid.Equals(EidNym)) - - // and now do it with the function - err = sig.AuditNymEid(key.Ipk, attrs[eidIndex], eidIndex, meta.EidNymAuditData.Rand, idmx.Curve, tr) - require.NoError(t, err) - - err = NymEID(meta.EidNymAuditData.Nym.Bytes()).AuditNymEid(key.Ipk, attrs[eidIndex], eidIndex, meta.EidNymAuditData.Rand, idmx.Curve, tr) - require.NoError(t, err) - - err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) - if err != nil { - t.Logf("Signature should be valid but verification returned error: %s", err) - t.Fail() - return - } - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) - require.Error(t, err) - require.Equal(t, "EidNym available but ExpectStandard required", err.Error()) - - // supply the meta to audit the nym eid - err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.NoError(t, err) - // tamper with the randomness of the nym eid to expect a failed verification - meta.EidNymAuditData.Attr = curve.NewZrFromInt(35) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) - }() - } - - waitGroup.Add(n) - for i := 0; i < n; i++ { - go func() { - defer waitGroup.Done() - rng, _ := curve.Rand() - - disclosure := []byte{0, 0, 0, 0, 0} - msg := []byte{1, 2, 3, 4, 5} - rhindex := 4 - - eidIndex := 2 - sig, meta, err := idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, eidIndex, cri, rng, tr, opts.EidNymRhNym, nil) - require.NoError(t, err) - - // assert that the returned randomness is the right one - H_a_eid, err := tr.G1FromProto(key.Ipk.HAttrs[eidIndex]) - require.NoError(t, err) - HRand, err := tr.G1FromProto(key.Ipk.HRand) - require.NoError(t, err) - Nym_eid := H_a_eid.Mul2(attrs[eidIndex], HRand, meta.EidNymAuditData.Rand) - EidNym, err := tr.G1FromProto(sig.EidNym.Nym) - require.NoError(t, err) - require.True(t, Nym_eid.Equals(EidNym)) - - // and now do it with the function - err = sig.AuditNymEid(key.Ipk, attrs[eidIndex], eidIndex, meta.EidNymAuditData.Rand, idmx.Curve, tr) - require.NoError(t, err) - - err = NymEID(meta.EidNymAuditData.Nym.Bytes()).AuditNymEid(key.Ipk, attrs[eidIndex], eidIndex, meta.EidNymAuditData.Rand, idmx.Curve, tr) - require.NoError(t, err) - - err = sig.AuditNymRh(key.Ipk, attrs[rhindex], rhindex, meta.RhNymAuditData.Rand, idmx.Curve, tr) - require.NoError(t, err) - - err = NymRH(meta.RhNymAuditData.Nym.Bytes()).AuditNymRh(key.Ipk, attrs[rhindex], rhindex, meta.RhNymAuditData.Rand, idmx.Curve, tr) - require.NoError(t, err) - - err = sig.Ver(disclosure, key.Ipk, msg, nil, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) - if err != nil { - t.Logf("Signature should be valid but verification returned error: %s", err) - t.Fail() - return - } - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNymRhNym, nil) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.Error(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) - require.Error(t, err) - require.Equal(t, "RhNym available but ExpectStandard required", err.Error()) - - // supply the meta to audit the nym eid and rh - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.Error(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNymRhNym, meta) - require.NoError(t, err) - - // tamper with the randomness of the nym eid to expect a failed verification - tmp := meta.EidNymAuditData.Attr - meta.EidNymAuditData.Attr = curve.NewZrFromInt(35) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNymRhNym, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) - meta.EidNymAuditData.Attr = tmp - - // tamper with the randomness of the nym rh to expect a failed verification - meta.RhNymAuditData.Attr = curve.NewZrFromInt(35) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym rh validation failed, does not match regenerated nym rh", err.Error()) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNymRhNym, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym rh validation failed, does not match regenerated nym rh", err.Error()) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: zero-knowledge proof is invalid", err.Error()) - }() - } - - waitGroup.Add(n) - for i := 0; i < n; i++ { - go func() { - defer waitGroup.Done() - rng, _ := curve.Rand() - - msg := []byte{1, 2, 3, 4, 5} - rhindex := 4 - - // Test signing selective disclosure - disclosure := []byte{0, 1, 1, 1, 0} - sig, _, err := idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, 0, cri, rng, tr, opts.Standard, nil) - require.NoError(t, err) - - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) - require.NoError(t, err) - err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.Error(t, err) - require.Equal(t, "no EidNym provided but ExpectEidNym required", err.Error()) - }() - } - - waitGroup.Wait() -} - -func TestNymSigParallelAMCL(t *testing.T) { - t.Parallel() - curve := math.Curves[math.FP256BN_AMCL_MIRACL] - testNymSigParallel( - t, - curve, - &amcl.Fp256bnMiracl{C: curve}, - ) -} - -func TestNymSigParallelGurvy254(t *testing.T) { - t.Parallel() - curve := math.Curves[math.BN254] - testNymSigParallel( - t, - curve, - &amcl.Gurvy{C: curve}, - ) -} - -func testNymSigParallel(t *testing.T, curve *math.Curve, tr Translator) { - idmx := &Idemix{ - Curve: curve, - } - // Test weak BB sigs: - // Test KeyGen - rng, err := curve.Rand() - require.NoError(t, err) - - // Test idemix functionality - AttributeNames := []string{"Attr1", "Attr2", "Attr3", "Attr4", "Attr5"} - attrs := make([]*math.Zr, len(AttributeNames)) - for i := range AttributeNames { - attrs[i] = curve.NewZrFromInt(int64(i)) - } - - // Create a new key pair - key, err := idmx.NewIssuerKey(AttributeNames, rng, tr) - require.NoError(t, err) - - // Check that the key is valid - err = key.GetIpk().Check(curve, tr) - require.NoError(t, err) - - // Test issuance - sk := curve.NewRandomZr(rng) - ni := curve.NewRandomZr(rng) - m, err := idmx.NewCredRequest(sk, ni.Bytes(), key.Ipk, rng, tr) - require.NoError(t, err) - - cred, err := idmx.NewCredential(key, m, attrs, rng, tr) - require.NoError(t, err, "Failed to issue a credential: \"%s\"", err) - require.NoError(t, cred.Ver(sk, key.Ipk, idmx.Curve, tr), "credential should be valid") - - // Generate a revocation key pair - revocationKey, err := idmx.GenerateLongTermRevocationKey() - require.NoError(t, err) - - // Create CRI that contains no revocation mechanism - epoch := 0 - cri, err := idmx.CreateCRI(revocationKey, []*math.Zr{}, epoch, ALG_NO_REVOCATION, rng, tr) - require.NoError(t, err) - err = idmx.VerifyEpochPK(&revocationKey.PublicKey, cri.EpochPk, cri.EpochPkSig, int(cri.Epoch), RevocationAlgorithm(cri.RevocationAlg)) - require.NoError(t, err) - - Nym, RandNym, err := idmx.MakeNym(sk, key.Ipk, rng, tr) - require.NoError(t, err) - - waitGroup := &sync.WaitGroup{} - n := 100 - - waitGroup.Add(n) - for i := 0; i < n; i++ { - go func() { - defer waitGroup.Done() - rng, _ := curve.Rand() - - // Test NymSignatures - nymsig, err := idmx.NewNymSignature(sk, Nym, RandNym, key.Ipk, []byte("testing"), rng, tr) - require.NoError(t, err) - - err = nymsig.Ver(Nym, key.Ipk, []byte("testing"), idmx.Curve, tr) - if err != nil { - t.Logf("NymSig should be valid but verification returned error: %s", err) - t.Fail() - return - } - }() - } - - waitGroup.Wait() -} - -func TestIPKCheckAMCL(t *testing.T) { - t.Parallel() - curve := math.Curves[math.FP256BN_AMCL_MIRACL] - testIPKCheck( - t, - curve, - &amcl.Fp256bnMiracl{C: curve}, - ) -} - -func TestIPKCheckGurvy254(t *testing.T) { - t.Parallel() - curve := math.Curves[math.BN254] - testIPKCheck( - t, - curve, - &amcl.Gurvy{C: curve}, - ) -} - -func testIPKCheck(t *testing.T, curve *math.Curve, tr Translator) { - idmx := &Idemix{ - Curve: curve, - } - waitGroup := &sync.WaitGroup{} - n := 50 - waitGroup.Add(n) - for i := 0; i < n; i++ { - go func() { - defer waitGroup.Done() - // Test weak BB sigs: - // Test KeyGen - rng, err := curve.Rand() - require.NoError(t, err) - - // Test idemix functionality - AttributeNames := []string{"Attr1", "Attr2", "Attr3", "Attr4", "Attr5"} - attrs := make([]*math.Zr, len(AttributeNames)) - for i := range AttributeNames { - attrs[i] = curve.NewZrFromInt(int64(i)) - } - - // Create a new key pair - key, err := idmx.NewIssuerKey(AttributeNames, rng, tr) - require.NoError(t, err) - - // Check that the key is valid - err = key.GetIpk().Check(curve, tr) - require.NoError(t, err) - }() - } - waitGroup.Wait() -} diff --git a/bccsp/schemes/dlog/crypto/issuerkey.go b/bccsp/schemes/dlog/crypto/issuerkey.go deleted file mode 100644 index ffae2fc2..00000000 --- a/bccsp/schemes/dlog/crypto/issuerkey.go +++ /dev/null @@ -1,231 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemix - -import ( - "io" - - amcl "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" - math "github.com/IBM/mathlib" - "github.com/golang/protobuf/proto" - "github.com/pkg/errors" -) - -// The Issuer secret ISk and public IPk keys are used to issue credentials and -// to verify signatures created using the credentials - -// The Issuer Secret Key is a random exponent (generated randomly from Z*_p) - -// The Issuer Public Key consists of several elliptic curve points (ECP), -// where index 1 corresponds to group G1 and 2 to group G2) -// HSk, HRand, BarG1, BarG2, an ECP array HAttrs, and an ECP2 W, -// and a proof of knowledge of the corresponding secret key - -// NewIssuerKey creates a new issuer key pair taking an array of attribute names -// that will be contained in credentials certified by this issuer (a credential specification) -// See http://eprint.iacr.org/2016/663.pdf Sec. 4.3, for references. -func (i *Idemix) NewIssuerKey(AttributeNames []string, rng io.Reader, t Translator) (*IssuerKey, error) { - return newIssuerKey(AttributeNames, rng, i.Curve, t) -} - -func newIssuerKey(AttributeNames []string, rng io.Reader, curve *math.Curve, t Translator) (*IssuerKey, error) { - // validate inputs - - // check for duplicated attributes - attributeNamesMap := map[string]bool{} - for _, name := range AttributeNames { - if attributeNamesMap[name] { - return nil, errors.Errorf("attribute %s appears multiple times in AttributeNames", name) - } - attributeNamesMap[name] = true - } - - key := new(IssuerKey) - - // generate issuer secret key - ISk := curve.NewRandomZr(rng) - key.Isk = ISk.Bytes() - - // generate the corresponding public key - key.Ipk = new(IssuerPublicKey) - key.Ipk.AttributeNames = AttributeNames - - W := curve.GenG2.Mul(ISk) - key.Ipk.W = t.G2ToProto(W) - - // generate bases that correspond to the attributes - key.Ipk.HAttrs = make([]*amcl.ECP, len(AttributeNames)) - for i := 0; i < len(AttributeNames); i++ { - key.Ipk.HAttrs[i] = t.G1ToProto(curve.GenG1.Mul(curve.NewRandomZr(rng))) - } - - // generate base for the secret key - HSk := curve.GenG1.Mul(curve.NewRandomZr(rng)) - key.Ipk.HSk = t.G1ToProto(HSk) - - // generate base for the randomness - HRand := curve.GenG1.Mul(curve.NewRandomZr(rng)) - key.Ipk.HRand = t.G1ToProto(HRand) - - BarG1 := curve.GenG1.Mul(curve.NewRandomZr(rng)) - key.Ipk.BarG1 = t.G1ToProto(BarG1) - - BarG2 := BarG1.Mul(ISk) - key.Ipk.BarG2 = t.G1ToProto(BarG2) - - // generate a zero-knowledge proof of knowledge (ZK PoK) of the secret key which - // is in W and BarG2. - - // Sample the randomness needed for the proof - r := curve.NewRandomZr(rng) - - // Step 1: First message (t-values) - t1 := curve.GenG2.Mul(r) // t1 = g_2^r, cover W - t2 := BarG1.Mul(r) // t2 = (\bar g_1)^r, cover BarG2 - - // Step 2: Compute the Fiat-Shamir hash, forming the challenge of the ZKP. - proofData := make([]byte, 3*curve.G1ByteSize+3*curve.G2ByteSize) - index := 0 - index = appendBytesG2(proofData, index, t1) - index = appendBytesG1(proofData, index, t2) - index = appendBytesG2(proofData, index, curve.GenG2) - index = appendBytesG1(proofData, index, BarG1) - index = appendBytesG2(proofData, index, W) - index = appendBytesG1(proofData, index, BarG2) - - proofC := curve.HashToZr(proofData) - key.Ipk.ProofC = proofC.Bytes() - - // Step 3: reply to the challenge message (s-values) - proofS := curve.ModAdd(curve.ModMul(proofC, ISk, curve.GroupOrder), r, curve.GroupOrder) // // s = r + C \cdot ISk - key.Ipk.ProofS = proofS.Bytes() - - // Hash the public key - serializedIPk, err := proto.Marshal(key.Ipk) - if err != nil { - return nil, errors.Wrap(err, "failed to marshal issuer public key") - } - key.Ipk.Hash = curve.HashToZr(serializedIPk).Bytes() - - // We are done - return key, nil -} - -func (i *Idemix) NewIssuerKeyFromBytes(raw []byte) (*IssuerKey, error) { - return newIssuerKeyFromBytes(raw) -} - -func newIssuerKeyFromBytes(raw []byte) (*IssuerKey, error) { - ik := &IssuerKey{} - if err := proto.Unmarshal(raw, ik); err != nil { - return nil, err - } - - //raw, err :=proto.Marshal(ik.Ipk.W) - //if err != nil { - // panic(err) - //} - //fmt.Printf("IPKW : [%v]", ik.Ipk.W.Xa) - - return ik, nil -} - -// Check checks that this issuer public key is valid, i.e. -// that all components are present and a ZK proofs verifies -func (IPk *IssuerPublicKey) Check(curve *math.Curve, t Translator) error { - // Unmarshall the public key - NumAttrs := len(IPk.GetAttributeNames()) - HSk, err := t.G1FromProto(IPk.GetHSk()) - if err != nil { - return err - } - - HRand, err := t.G1FromProto(IPk.GetHRand()) - if err != nil { - return err - } - - HAttrs := make([]*math.G1, len(IPk.GetHAttrs())) - for i := 0; i < len(IPk.GetHAttrs()); i++ { - HAttrs[i], err = t.G1FromProto(IPk.GetHAttrs()[i]) - if err != nil { - return err - } - } - BarG1, err := t.G1FromProto(IPk.GetBarG1()) - if err != nil { - return err - } - - BarG2, err := t.G1FromProto(IPk.GetBarG2()) - if err != nil { - return err - } - - W, err := t.G2FromProto(IPk.GetW()) - if err != nil { - return err - } - - ProofC := curve.NewZrFromBytes(IPk.GetProofC()) - ProofS := curve.NewZrFromBytes(IPk.GetProofS()) - - // Check that the public key is well-formed - if NumAttrs < 0 || - HSk == nil || - HRand == nil || - BarG1 == nil || - BarG1.IsInfinity() || - BarG2 == nil || - HAttrs == nil || - len(IPk.HAttrs) < NumAttrs { - return errors.Errorf("some part of the public key is undefined") - } - for i := 0; i < NumAttrs; i++ { - if IPk.HAttrs[i] == nil { - return errors.Errorf("some part of the public key is undefined") - } - } - - // Verify Proof - - // Recompute challenge - proofData := make([]byte, 3*curve.G1ByteSize+3*curve.G2ByteSize) - index := 0 - - // Recompute t-values using s-values - t1 := curve.GenG2.Mul(ProofS) - t1.Add(W.Mul(curve.ModNeg(ProofC, curve.GroupOrder))) // t1 = g_2^s \cdot W^{-C} - - t2 := BarG1.Mul(ProofS) - t2.Add(BarG2.Mul(curve.ModNeg(ProofC, curve.GroupOrder))) // t2 = {\bar g_1}^s \cdot {\bar g_2}^C - - index = appendBytesG2(proofData, index, t1) - index = appendBytesG1(proofData, index, t2) - index = appendBytesG2(proofData, index, curve.GenG2) - index = appendBytesG1(proofData, index, BarG1) - index = appendBytesG2(proofData, index, W) - index = appendBytesG1(proofData, index, BarG2) - - // Verify that the challenge is the same - if !ProofC.Equals(curve.HashToZr(proofData)) { - return errors.Errorf("zero knowledge proof in public key invalid") - } - - return IPk.SetHash(curve) -} - -// SetHash appends a hash of a serialized public key -func (IPk *IssuerPublicKey) SetHash(curve *math.Curve) error { - IPk.Hash = nil - serializedIPk, err := proto.Marshal(IPk) - if err != nil { - return errors.Wrap(err, "Failed to marshal issuer public key") - } - IPk.Hash = curve.HashToZr(serializedIPk).Bytes() - return nil -} diff --git a/bccsp/schemes/dlog/crypto/logging.go b/bccsp/schemes/dlog/crypto/logging.go deleted file mode 100644 index 7feb99d5..00000000 --- a/bccsp/schemes/dlog/crypto/logging.go +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemix - -import "log" - -// logger is used to log debug information. -var logger Logger = LogFunc(log.Printf) - -// SetLogger sets the logger instance used for debug and error reporting. The -// logger reference is not mutex-protected so this must be set before calling -// any other library functions. -// -// If a custom logger is not defined, the global logger from the standard -// library's log package is used. -func SetLogger(l Logger) { - logger = l -} - -// Logger defines the contract for logging. This interface is explicitly -// defined to be compatible with the logger in the standard library log -// package. -type Logger interface { - Printf(format string, a ...interface{}) -} - -// LogFunc is a function adapter for logging. -type LogFunc func(format string, a ...interface{}) - -// Printf is used to create a formatted string log record. -func (l LogFunc) Printf(format string, a ...interface{}) { - l(format, a...) -} diff --git a/bccsp/schemes/dlog/crypto/nonrevocation-prover.go b/bccsp/schemes/dlog/crypto/nonrevocation-prover.go deleted file mode 100644 index c9146b53..00000000 --- a/bccsp/schemes/dlog/crypto/nonrevocation-prover.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemix - -import ( - "io" - - math "github.com/IBM/mathlib" - "github.com/pkg/errors" -) - -// nonRevokedProver is the Prover of the ZK proof system that handles revocation. -type nonRevokedProver interface { - // getFSContribution returns the non-revocation contribution to the Fiat-Shamir hash, forming the challenge of the ZKP, - getFSContribution(rh *math.Zr, rRh *math.Zr, cri *CredentialRevocationInformation, rng io.Reader) ([]byte, error) - - // getNonRevokedProof returns a proof of non-revocation with the respect to passed challenge - getNonRevokedProof(chal *math.Zr) (*NonRevocationProof, error) -} - -// nopNonRevokedProver is an empty nonRevokedProver -type nopNonRevokedProver struct{} - -func (prover *nopNonRevokedProver) getFSContribution(rh *math.Zr, rRh *math.Zr, cri *CredentialRevocationInformation, rng io.Reader) ([]byte, error) { - return nil, nil -} - -func (prover *nopNonRevokedProver) getNonRevokedProof(chal *math.Zr) (*NonRevocationProof, error) { - ret := &NonRevocationProof{} - ret.RevocationAlg = int32(ALG_NO_REVOCATION) - return ret, nil -} - -// getNonRevocationProver returns the nonRevokedProver bound to the passed revocation algorithm -func getNonRevocationProver(algorithm RevocationAlgorithm) (nonRevokedProver, error) { - switch algorithm { - case ALG_NO_REVOCATION: - return &nopNonRevokedProver{}, nil - default: - // unknown revocation algorithm - return nil, errors.Errorf("unknown revocation algorithm %d", algorithm) - } -} diff --git a/bccsp/schemes/dlog/crypto/nonrevocation-verifier.go b/bccsp/schemes/dlog/crypto/nonrevocation-verifier.go deleted file mode 100644 index a018aa5e..00000000 --- a/bccsp/schemes/dlog/crypto/nonrevocation-verifier.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemix - -import ( - math "github.com/IBM/mathlib" - "github.com/pkg/errors" -) - -// nonRevokedProver is the Verifier of the ZK proof system that handles revocation. -type nonRevocationVerifier interface { - // recomputeFSContribution recomputes the contribution of the non-revocation proof to the ZKP challenge - recomputeFSContribution(proof *NonRevocationProof, chal *math.Zr, epochPK *math.G2, proofSRh *math.Zr) ([]byte, error) -} - -// nopNonRevocationVerifier is an empty nonRevocationVerifier that produces an empty contribution -type nopNonRevocationVerifier struct{} - -func (verifier *nopNonRevocationVerifier) recomputeFSContribution(proof *NonRevocationProof, chal *math.Zr, epochPK *math.G2, proofSRh *math.Zr) ([]byte, error) { - return nil, nil -} - -// getNonRevocationVerifier returns the nonRevocationVerifier bound to the passed revocation algorithm -func getNonRevocationVerifier(algorithm RevocationAlgorithm) (nonRevocationVerifier, error) { - switch algorithm { - case ALG_NO_REVOCATION: - return &nopNonRevocationVerifier{}, nil - default: - // unknown revocation algorithm - return nil, errors.Errorf("unknown revocation algorithm %d", algorithm) - } -} diff --git a/bccsp/schemes/dlog/crypto/nymeid.go b/bccsp/schemes/dlog/crypto/nymeid.go deleted file mode 100644 index c0131bac..00000000 --- a/bccsp/schemes/dlog/crypto/nymeid.go +++ /dev/null @@ -1,59 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemix - -import ( - math "github.com/IBM/mathlib" - "github.com/pkg/errors" -) - -type NymEID []byte - -func (nym NymEID) AuditNymEid( - ipk *IssuerPublicKey, - eidAttr *math.Zr, - eidIndex int, - RNymEid *math.Zr, - curve *math.Curve, - t Translator, -) error { - // Validate inputs - if ipk == nil { - return errors.Errorf("cannot verify idemix signature: received nil input") - } - - if len(nym) == 0 { - return errors.Errorf("no EidNym provided") - } - - if len(ipk.HAttrs) <= eidIndex { - return errors.Errorf("could not access H_a_eid in array") - } - - H_a_eid, err := t.G1FromProto(ipk.HAttrs[eidIndex]) - if err != nil { - return errors.Wrap(err, "could not deserialize H_a_eid") - } - - HRand, err := t.G1FromProto(ipk.HRand) - if err != nil { - return errors.Wrap(err, "could not deserialize HRand") - } - - EidNym, err := curve.NewG1FromBytes(nym) - if err != nil { - return errors.Wrap(err, "could not deserialize EidNym") - } - - Nym_eid := H_a_eid.Mul2(eidAttr, HRand, RNymEid) - - if !Nym_eid.Equals(EidNym) { - return errors.New("eid nym does not match") - } - - return nil -} diff --git a/bccsp/schemes/dlog/crypto/nymrh.go b/bccsp/schemes/dlog/crypto/nymrh.go deleted file mode 100644 index 11017ac9..00000000 --- a/bccsp/schemes/dlog/crypto/nymrh.go +++ /dev/null @@ -1,59 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemix - -import ( - math "github.com/IBM/mathlib" - "github.com/pkg/errors" -) - -type NymRH []byte - -func (nym NymRH) AuditNymRh( - ipk *IssuerPublicKey, - rhAttr *math.Zr, - rhIndex int, - RNymRh *math.Zr, - curve *math.Curve, - t Translator, -) error { - // Validate inputs - if ipk == nil { - return errors.Errorf("cannot verify idemix signature: received nil input") - } - - if len(nym) == 0 { - return errors.Errorf("no RhNym provided") - } - - if len(ipk.HAttrs) <= rhIndex { - return errors.Errorf("could not access H_a_rh in array") - } - - H_a_rh, err := t.G1FromProto(ipk.HAttrs[rhIndex]) - if err != nil { - return errors.Wrap(err, "could not deserialize H_a_rh") - } - - HRand, err := t.G1FromProto(ipk.HRand) - if err != nil { - return errors.Wrap(err, "could not deserialize HRand") - } - - RhNym, err := curve.NewG1FromBytes(nym) - if err != nil { - return errors.Wrap(err, "could not deserialize RhNym") - } - - Nym_rh := H_a_rh.Mul2(rhAttr, HRand, RNymRh) - - if !Nym_rh.Equals(RhNym) { - return errors.New("rh nym does not match") - } - - return nil -} diff --git a/bccsp/schemes/dlog/crypto/nymsignature.go b/bccsp/schemes/dlog/crypto/nymsignature.go deleted file mode 100644 index 3e40fbc6..00000000 --- a/bccsp/schemes/dlog/crypto/nymsignature.go +++ /dev/null @@ -1,128 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemix - -import ( - "io" - - math "github.com/IBM/mathlib" - "github.com/pkg/errors" -) - -// NewSignature creates a new idemix pseudonym signature -func (i *Idemix) NewNymSignature(sk *math.Zr, Nym *math.G1, RNym *math.Zr, ipk *IssuerPublicKey, msg []byte, rng io.Reader, tr Translator) (*NymSignature, error) { - return newNymSignature(sk, Nym, RNym, ipk, msg, rng, i.Curve, tr) -} - -func newNymSignature(sk *math.Zr, Nym *math.G1, RNym *math.Zr, ipk *IssuerPublicKey, msg []byte, rng io.Reader, curve *math.Curve, tr Translator) (*NymSignature, error) { - // Validate inputs - if sk == nil || Nym == nil || RNym == nil || ipk == nil || rng == nil { - return nil, errors.Errorf("cannot create NymSignature: received nil input") - } - - Nonce := curve.NewRandomZr(rng) - - HRand, err := tr.G1FromProto(ipk.HRand) - if err != nil { - return nil, err - } - - HSk, err := tr.G1FromProto(ipk.HSk) - if err != nil { - return nil, err - } - - // The rest of this function constructs the non-interactive zero knowledge proof proving that - // the signer 'owns' this pseudonym, i.e., it knows the secret key and randomness on which it is based. - // Recall that (Nym,RNym) is the output of MakeNym. Therefore, Nym = h_{sk}^sk \cdot h_r^r - - // Sample the randomness needed for the proof - rSk := curve.NewRandomZr(rng) - rRNym := curve.NewRandomZr(rng) - - // Step 1: First message (t-values) - t := HSk.Mul2(rSk, HRand, rRNym) // t = h_{sk}^{r_sk} \cdot h_r^{r_{RNym} - - // Step 2: Compute the Fiat-Shamir hash, forming the challenge of the ZKP. - // proofData will hold the data being hashed, it consists of: - // - the signature label - // - 2 elements of G1 each taking 2*math.FieldBytes+1 bytes - // - one bigint (hash of the issuer public key) of length math.FieldBytes - // - disclosed attributes - // - message being signed - proofData := make([]byte, len([]byte(signLabel))+2*curve.G1ByteSize+curve.ScalarByteSize+len(msg)) - index := 0 - index = appendBytesString(proofData, index, signLabel) - index = appendBytesG1(proofData, index, t) - index = appendBytesG1(proofData, index, Nym) - copy(proofData[index:], ipk.Hash) - index = index + curve.ScalarByteSize - copy(proofData[index:], msg) - c := curve.HashToZr(proofData) - // combine the previous hash and the nonce and hash again to compute the final Fiat-Shamir value 'ProofC' - index = 0 - proofData = proofData[:2*curve.ScalarByteSize] - index = appendBytesBig(proofData, index, c) - appendBytesBig(proofData, index, Nonce) - ProofC := curve.HashToZr(proofData) - - // Step 3: reply to the challenge message (s-values) - ProofSSk := curve.ModAdd(rSk, curve.ModMul(ProofC, sk, curve.GroupOrder), curve.GroupOrder) // s_{sk} = r_{sk} + C \cdot sk - ProofSRNym := curve.ModAdd(rRNym, curve.ModMul(ProofC, RNym, curve.GroupOrder), curve.GroupOrder) // s_{RNym} = r_{RNym} + C \cdot RNym - - // The signature consists of the Fiat-Shamir hash (ProofC), the s-values (ProofSSk, ProofSRNym), and the nonce. - return &NymSignature{ - ProofC: ProofC.Bytes(), - ProofSSk: ProofSSk.Bytes(), - ProofSRNym: ProofSRNym.Bytes(), - Nonce: Nonce.Bytes()}, nil -} - -// Ver verifies an idemix NymSignature -func (sig *NymSignature) Ver(nym *math.G1, ipk *IssuerPublicKey, msg []byte, curve *math.Curve, tr Translator) error { - ProofC := curve.NewZrFromBytes(sig.GetProofC()) - ProofSSk := curve.NewZrFromBytes(sig.GetProofSSk()) - ProofSRNym := curve.NewZrFromBytes(sig.GetProofSRNym()) - Nonce := curve.NewZrFromBytes(sig.GetNonce()) - - HRand, err := tr.G1FromProto(ipk.HRand) - if err != nil { - return err - } - - HSk, err := tr.G1FromProto(ipk.HSk) - if err != nil { - return err - } - - // Verify Proof - - // Recompute t-values using s-values - t := HSk.Mul2(ProofSSk, HRand, ProofSRNym) - t.Sub(nym.Mul(ProofC)) // t = h_{sk}^{s_{sk} \ cdot h_r^{s_{RNym} - - // Recompute challenge - proofData := make([]byte, len([]byte(signLabel))+2*curve.G1ByteSize+curve.ScalarByteSize+len(msg)) - index := 0 - index = appendBytesString(proofData, index, signLabel) - index = appendBytesG1(proofData, index, t) - index = appendBytesG1(proofData, index, nym) - copy(proofData[index:], ipk.Hash) - index = index + curve.ScalarByteSize - copy(proofData[index:], msg) - c := curve.HashToZr(proofData) - index = 0 - proofData = proofData[:2*curve.ScalarByteSize] - index = appendBytesBig(proofData, index, c) - appendBytesBig(proofData, index, Nonce) - - if !ProofC.Equals(curve.HashToZr(proofData)) { - return errors.Errorf("pseudonym signature invalid: zero-knowledge proof is invalid") - } - - return nil -} diff --git a/bccsp/schemes/dlog/crypto/revocation_authority.go b/bccsp/schemes/dlog/crypto/revocation_authority.go deleted file mode 100644 index e4c21bbc..00000000 --- a/bccsp/schemes/dlog/crypto/revocation_authority.go +++ /dev/null @@ -1,133 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemix - -import ( - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" - "crypto/sha256" - "encoding/asn1" - "io" - "math/big" - - amcl "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" - math "github.com/IBM/mathlib" - "github.com/golang/protobuf/proto" - "github.com/pkg/errors" -) - -type RevocationAlgorithm int32 - -const ( - ALG_NO_REVOCATION RevocationAlgorithm = iota -) - -var ProofBytes = map[RevocationAlgorithm]int{ - ALG_NO_REVOCATION: 0, -} - -// GenerateLongTermRevocationKey generates a long term signing key that will be used for revocation -func (i *Idemix) GenerateLongTermRevocationKey() (*ecdsa.PrivateKey, error) { - return generateLongTermRevocationKey() -} - -func generateLongTermRevocationKey() (*ecdsa.PrivateKey, error) { - return ecdsa.GenerateKey(elliptic.P384(), rand.Reader) -} - -// GenerateLongTermRevocationKey generates a long term signing key that will be used for revocation -func (i *Idemix) LongTermRevocationKeyFromBytes(raw []byte) (*ecdsa.PrivateKey, error) { - return longTermRevocationKeyFromBytes(raw) -} - -func longTermRevocationKeyFromBytes(raw []byte) (*ecdsa.PrivateKey, error) { - priv := &ecdsa.PrivateKey{} - priv.D = new(big.Int).SetBytes(raw) - priv.PublicKey.Curve = elliptic.P384() - priv.PublicKey.X, priv.PublicKey.Y = elliptic.P384().ScalarBaseMult(priv.D.Bytes()) - - return priv, nil -} - -// CreateCRI creates the Credential Revocation Information for a certain time period (epoch). -// Users can use the CRI to prove that they are not revoked. -// Note that when not using revocation (i.e., alg = ALG_NO_REVOCATION), the entered unrevokedHandles are not used, -// and the resulting CRI can be used by any signer. -func (i *Idemix) CreateCRI(key *ecdsa.PrivateKey, unrevokedHandles []*math.Zr, epoch int, alg RevocationAlgorithm, rng io.Reader, t Translator) (*CredentialRevocationInformation, error) { - return createCRI(key, unrevokedHandles, epoch, alg, rng, i.Curve, t) -} - -func createCRI(key *ecdsa.PrivateKey, unrevokedHandles []*math.Zr, epoch int, alg RevocationAlgorithm, rng io.Reader, curve *math.Curve, t Translator) (*CredentialRevocationInformation, error) { - if key == nil || rng == nil { - return nil, errors.Errorf("CreateCRI received nil input") - } - cri := &CredentialRevocationInformation{} - cri.RevocationAlg = int32(alg) - cri.Epoch = int64(epoch) - - if alg == ALG_NO_REVOCATION { - // put a dummy PK in the proto - cri.EpochPk = t.G2ToProto(curve.GenG2) - } else { - return nil, errors.Errorf("the specified revocation algorithm is not supported.") - } - - // sign epoch + epoch key with long term key - bytesToSign, err := proto.Marshal(cri) - if err != nil { - return nil, errors.Wrap(err, "failed to marshal CRI") - } - - digest := sha256.Sum256(bytesToSign) - - cri.EpochPkSig, err = key.Sign(rand.Reader, digest[:], nil) - if err != nil { - return nil, err - } - - if alg == ALG_NO_REVOCATION { - return cri, nil - } else { - return nil, errors.Errorf("the specified revocation algorithm is not supported.") - } -} - -// VerifyEpochPK verifies that the revocation PK for a certain epoch is valid, -// by checking that it was signed with the long term revocation key. -// Note that even if we use no revocation (i.e., alg = ALG_NO_REVOCATION), we need -// to verify the signature to make sure the issuer indeed signed that no revocation -// is used in this epoch. -func (i *Idemix) VerifyEpochPK(pk *ecdsa.PublicKey, epochPK *amcl.ECP2, epochPkSig []byte, epoch int, alg RevocationAlgorithm) error { - return verifyEpochPK(pk, epochPK, epochPkSig, epoch, alg) -} - -func verifyEpochPK(pk *ecdsa.PublicKey, epochPK *amcl.ECP2, epochPkSig []byte, epoch int, alg RevocationAlgorithm) error { - if pk == nil || epochPK == nil { - return errors.Errorf("EpochPK invalid: received nil input") - } - cri := &CredentialRevocationInformation{} - cri.RevocationAlg = int32(alg) - cri.EpochPk = epochPK - cri.Epoch = int64(epoch) - bytesToSign, err := proto.Marshal(cri) - if err != nil { - return err - } - digest := sha256.Sum256(bytesToSign) - - var sig struct{ R, S *big.Int } - if _, err := asn1.Unmarshal(epochPkSig, &sig); err != nil { - return errors.Wrap(err, "failed unmashalling signature") - } - - if !ecdsa.Verify(pk, digest[:], sig.R, sig.S) { - return errors.Errorf("EpochPKSig invalid") - } - - return nil -} diff --git a/bccsp/schemes/dlog/crypto/signature.go b/bccsp/schemes/dlog/crypto/signature.go deleted file mode 100644 index 9312876e..00000000 --- a/bccsp/schemes/dlog/crypto/signature.go +++ /dev/null @@ -1,1190 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemix - -import ( - "crypto/ecdsa" - "fmt" - "io" - "sort" - - opts "github.com/IBM/idemix/bccsp/types" - math "github.com/IBM/mathlib" - "github.com/pkg/errors" -) - -// signLabel is the label used in zero-knowledge proof (ZKP) to identify that this ZKP is a signature of knowledge -const signLabel = "sign" -const signWithEidNymLabel = "signWithEidNym" -const signWithEidNymRhNymLabel = "signWithEidNymRhNym" // When the revocation handle is present the enrollment id must also be present - -// A signature that is produced using an Identity Mixer credential is a so-called signature of knowledge -// (for details see C.P.Schnorr "Efficient Identification and Signatures for Smart Cards") -// An Identity Mixer signature is a signature of knowledge that signs a message and proves (in zero-knowledge) -// the knowledge of the user secret (and possibly attributes) signed inside a credential -// that was issued by a certain issuer (referred to with the issuer public key) -// The signature is verified using the message being signed and the public key of the issuer -// Some of the attributes from the credential can be selectively disclosed or different statements can be proven about -// credential attributes without disclosing them in the clear -// The difference between a standard signature using X.509 certificates and an Identity Mixer signature is -// the advanced privacy features provided by Identity Mixer (due to zero-knowledge proofs): -// - Unlinkability of the signatures produced with the same credential -// - Selective attribute disclosure and predicates over attributes - -// Make a slice of all the attribute indices that will not be disclosed -func hiddenIndices(Disclosure []byte) []int { - HiddenIndices := make([]int, 0) - for index, disclose := range Disclosure { - if disclose == 0 { - HiddenIndices = append(HiddenIndices, index) - } - } - return HiddenIndices -} - -// NewSignature creates a new idemix signature (Schnorr-type signature) -// The []byte Disclosure steers which attributes are disclosed: -// if Disclosure[i] == 0 then attribute i remains hidden and otherwise it is disclosed. -// We require the revocation handle to remain undisclosed (i.e., Disclosure[rhIndex] == 0). -// We use the zero-knowledge proof by http://eprint.iacr.org/2016/663.pdf, Sec. 4.5 to prove knowledge of a BBS+ signature -func (i *Idemix) NewSignature( - cred *Credential, - sk *math.Zr, - Nym *math.G1, - RNym *math.Zr, - ipk *IssuerPublicKey, - Disclosure, msg []byte, - rhIndex, eidIndex int, - cri *CredentialRevocationInformation, - rng io.Reader, - tr Translator, - sigType opts.SignatureType, - metadata *opts.IdemixSignerMetadata, -) (*Signature, *opts.IdemixSignerMetadata, error) { - switch sigType { - case opts.Standard: // Generation of standard signature - return newSignature(cred, sk, Nym, RNym, ipk, Disclosure, msg, rhIndex, cri, rng, i.Curve, tr, metadata) - case opts.EidNym: // Generation of pseudonymous eid signature - return newSignatureWithEIDNym(cred, sk, Nym, RNym, ipk, Disclosure, msg, rhIndex, eidIndex, cri, rng, i.Curve, tr, metadata) - case opts.EidNymRhNym: // Generation of pseudonymous eid and rh signature - return newSignatureWithEIDNymAndRHNym(cred, sk, Nym, RNym, ipk, Disclosure, msg, rhIndex, eidIndex, cri, rng, i.Curve, tr, metadata) - } - - panic(fmt.Sprintf("programming error, requested signature type %d", sigType)) -} - -func newSignature( - cred *Credential, - sk *math.Zr, - Nym *math.G1, - RNym *math.Zr, - ipk *IssuerPublicKey, - Disclosure []byte, - msg []byte, - rhIndex int, - cri *CredentialRevocationInformation, - rng io.Reader, - curve *math.Curve, - tr Translator, - metadata *opts.IdemixSignerMetadata, -) (*Signature, *opts.IdemixSignerMetadata, error) { - t1, t2, t3, APrime, ABar, BPrime, nonRevokedProofHashData, E, Nonce, rSk, rSPrime, rR2, rR3, r2, r3, re, sPrime, rRNym, rAttrs, prover, HiddenIndices, err := prepare(cred, sk, Nym, RNym, ipk, Disclosure, msg, rhIndex, cri, rng, curve, tr) - if err != nil { - return nil, nil, err - } - - return finalise( - cred, - sk, - Nym, - RNym, - ipk, - Disclosure, - msg, - rhIndex, -1, - cri, - rng, - curve, - tr, - t1, t2, t3, - APrime, ABar, BPrime, - nonRevokedProofHashData, - E, - Nonce, - rSk, rSPrime, rR2, rR3, r2, r3, re, sPrime, rRNym, - rAttrs, - prover, - HiddenIndices, - opts.Standard, - metadata, - ) -} - -func newSignatureWithEIDNym( - cred *Credential, - sk *math.Zr, - Nym *math.G1, - RNym *math.Zr, - ipk *IssuerPublicKey, - Disclosure []byte, - msg []byte, - rhIndex, eidIndex int, - cri *CredentialRevocationInformation, - rng io.Reader, - curve *math.Curve, - tr Translator, - metadata *opts.IdemixSignerMetadata, -) (*Signature, *opts.IdemixSignerMetadata, error) { - if Disclosure[eidIndex] != 0 { - return nil, nil, errors.Errorf("cannot create idemix signature: disclosure of enrollment ID requested for NewSignatureWithEIDNym") - } - - t1, t2, t3, APrime, ABar, BPrime, nonRevokedProofHashData, E, Nonce, rSk, rSPrime, rR2, rR3, r2, r3, re, sPrime, rRNym, rAttrs, prover, HiddenIndices, err := prepare(cred, sk, Nym, RNym, ipk, Disclosure, msg, rhIndex, cri, rng, curve, tr) - if err != nil { - return nil, nil, err - } - - return finalise( - cred, - sk, - Nym, - RNym, - ipk, - Disclosure, - msg, - rhIndex, eidIndex, - cri, - rng, - curve, - tr, - t1, t2, t3, - APrime, ABar, BPrime, - nonRevokedProofHashData, - E, - Nonce, - rSk, rSPrime, rR2, rR3, r2, r3, re, sPrime, rRNym, - rAttrs, - prover, - HiddenIndices, - opts.EidNym, - metadata, - ) -} - -func newSignatureWithEIDNymAndRHNym( - cred *Credential, - sk *math.Zr, - Nym *math.G1, - RNym *math.Zr, - ipk *IssuerPublicKey, - Disclosure []byte, - msg []byte, - rhIndex, eidIndex int, - cri *CredentialRevocationInformation, - rng io.Reader, - curve *math.Curve, - tr Translator, - metadata *opts.IdemixSignerMetadata, -) (*Signature, *opts.IdemixSignerMetadata, error) { - if Disclosure[eidIndex] != 0 { - return nil, nil, errors.Errorf("cannot create idemix signature: disclosure of enrollment ID requested for NewSignatureWithEIDNym") - } - - if Disclosure[rhIndex] != 0 { - return nil, nil, errors.Errorf("cannot create idemix signature: disclosure of revocation handle requested for NewSignatureWithEIDNymAndRHNym") - } - - t1, t2, t3, APrime, ABar, BPrime, nonRevokedProofHashData, E, Nonce, rSk, rSPrime, rR2, rR3, r2, r3, re, sPrime, rRNym, rAttrs, prover, HiddenIndices, err := prepare(cred, sk, Nym, RNym, ipk, Disclosure, msg, rhIndex, cri, rng, curve, tr) - if err != nil { - return nil, nil, err - } - - return finalise( - cred, - sk, - Nym, - RNym, - ipk, - Disclosure, - msg, - rhIndex, eidIndex, - cri, - rng, - curve, - tr, - t1, t2, t3, - APrime, ABar, BPrime, - nonRevokedProofHashData, - E, - Nonce, - rSk, rSPrime, rR2, rR3, r2, r3, re, sPrime, rRNym, - rAttrs, - prover, - HiddenIndices, - opts.EidNymRhNym, - metadata, - ) -} - -func prepare( - cred *Credential, - sk *math.Zr, - Nym *math.G1, - RNym *math.Zr, - ipk *IssuerPublicKey, - Disclosure []byte, - msg []byte, - rhIndex int, - cri *CredentialRevocationInformation, - rng io.Reader, - curve *math.Curve, - tr Translator, -) (*math.G1, *math.G1, *math.G1, *math.G1, *math.G1, *math.G1, - []byte, - *math.Zr, - *math.Zr, - *math.Zr, *math.Zr, *math.Zr, *math.Zr, *math.Zr, *math.Zr, *math.Zr, *math.Zr, *math.Zr, - []*math.Zr, - nonRevokedProver, - []int, error, -) { - // Validate inputs - if cred == nil || sk == nil || Nym == nil || RNym == nil || ipk == nil || rng == nil || cri == nil { - return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, errors.Errorf("cannot create idemix signature: received nil input") - } - - if rhIndex < 0 || rhIndex >= len(ipk.AttributeNames) || len(Disclosure) != len(ipk.AttributeNames) { - return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, errors.Errorf("cannot create idemix signature: received invalid input") - } - - if cri.RevocationAlg != int32(ALG_NO_REVOCATION) && Disclosure[rhIndex] == 1 { - return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, errors.Errorf("Attribute %d is disclosed but also used as revocation handle attribute, which should remain hidden.", rhIndex) - } - - // locate the indices of the attributes to hide and sample randomness for them - HiddenIndices := hiddenIndices(Disclosure) - - // Generate required randomness r_1, r_2 - r1 := curve.NewRandomZr(rng) - r2 := curve.NewRandomZr(rng) - // Set r_3 as \frac{1}{r_1} - r3 := r1.Copy() - r3.InvModP(curve.GroupOrder) - - // Sample a nonce - Nonce := curve.NewRandomZr(rng) - - // Parse credential - A, err := tr.G1FromProto(cred.A) - if err != nil { - return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, err - } - - B, err := tr.G1FromProto(cred.B) - if err != nil { - return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, err - } - - // Randomize credential - - // Compute A' as A^{r_1} - APrime := A.Mul(r1) - // logger.Printf("Signature Generation : \n"+ - // " [APrime:%v]\n", - // APrime.Bytes(), - // ) - - // Compute ABar as A'^{-e} b^{r1} - ABar := B.Mul(r1) - ABar.Sub(APrime.Mul(curve.NewZrFromBytes(cred.E))) - // logger.Printf("Signature Generation : \n"+ - // " [ABar:%v]\n", - // ABar.Bytes(), - // ) - - // Compute B' as b^{r1} / h_r^{r2}, where h_r is h_r - BPrime := B.Mul(r1) - HRand, err := tr.G1FromProto(ipk.HRand) - if err != nil { - return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, err - } - - // Parse h_{sk} from ipk - HSk, err := tr.G1FromProto(ipk.HSk) - if err != nil { - return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, err - } - - BPrime.Sub(HRand.Mul(r2)) - - S := curve.NewZrFromBytes(cred.S) - E := curve.NewZrFromBytes(cred.E) - - // Compute s' as s - r_2 \cdot r_3 - sPrime := curve.ModSub(S, curve.ModMul(r2, r3, curve.GroupOrder), curve.GroupOrder) - - // The rest of this function constructs the non-interactive zero knowledge proof - // that links the signature, the non-disclosed attributes and the nym. - - // Sample the randomness used to compute the commitment values (aka t-values) for the ZKP - rSk := curve.NewRandomZr(rng) - re := curve.NewRandomZr(rng) - rR2 := curve.NewRandomZr(rng) - rR3 := curve.NewRandomZr(rng) - rSPrime := curve.NewRandomZr(rng) - rRNym := curve.NewRandomZr(rng) - - rAttrs := make([]*math.Zr, len(HiddenIndices)) - for i := range HiddenIndices { - rAttrs[i] = curve.NewRandomZr(rng) - } - - // First compute the non-revocation proof. - // The challenge of the ZKP needs to depend on it, as well. - prover, err := getNonRevocationProver(RevocationAlgorithm(cri.RevocationAlg)) - if err != nil { - return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, err - } - nonRevokedProofHashData, err := prover.getFSContribution( - curve.NewZrFromBytes(cred.Attrs[rhIndex]), - rAttrs[sort.SearchInts(HiddenIndices, rhIndex)], - cri, - rng, - ) - if err != nil { - return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, errors.Wrap(err, "failed to compute non-revoked proof") - } - - // Step 1: First message (t-values) - - HAttrs := make([]*math.G1, len(ipk.HAttrs)) - for i := range ipk.HAttrs { - var err error - HAttrs[i], err = tr.G1FromProto(ipk.HAttrs[i]) - if err != nil { - return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, err - } - } - - // t1 is related to knowledge of the credential (recall, it is a BBS+ signature) - t1 := APrime.Mul2(re, HRand, rR2) // A'^{r_E} \cdot h_r^{r_{r2}} - - // t2: is related to knowledge of the non-disclosed attributes that signed in (A,B,S,E) - t2 := HRand.Mul(rSPrime) // h_r^{r_{s'}} - t2.Add(BPrime.Mul2(rR3, HSk, rSk)) // B'^{r_{r3}} \cdot h_{sk}^{r_{sk}} - for i := 0; i < len(HiddenIndices)/2; i++ { - t2.Add( - // \cdot h_{2 \cdot i}^{r_{attrs,i} - HAttrs[HiddenIndices[2*i]].Mul2( - rAttrs[2*i], - HAttrs[HiddenIndices[2*i+1]], - rAttrs[2*i+1], - ), - ) - } - if len(HiddenIndices)%2 != 0 { - t2.Add(HAttrs[HiddenIndices[len(HiddenIndices)-1]].Mul(rAttrs[len(HiddenIndices)-1])) - } - - // t3 is related to the knowledge of the secrets behind the pseudonym, which is also signed in (A,B,S,E) - t3 := HSk.Mul2(rSk, HRand, rRNym) // h_{sk}^{r_{sk}} \cdot h_r^{r_{rnym}} - - return t1, t2, t3, - APrime, ABar, BPrime, - nonRevokedProofHashData, - E, - Nonce, - rSk, rSPrime, rR2, rR3, r2, r3, re, sPrime, rRNym, - rAttrs, - prover, - HiddenIndices, nil -} - -func finalise( - cred *Credential, - sk *math.Zr, - Nym *math.G1, - RNym *math.Zr, - ipk *IssuerPublicKey, - Disclosure []byte, - msg []byte, - rhIndex, eidIndex int, - cri *CredentialRevocationInformation, - rng io.Reader, - curve *math.Curve, - tr Translator, - t1, t2, t3 *math.G1, - APrime, ABar, BPrime *math.G1, - nonRevokedProofHashData []byte, - E *math.Zr, - Nonce *math.Zr, - rSk, rSPrime, rR2, rR3, r2, r3, re, sPrime, rRNym *math.Zr, - rAttrs []*math.Zr, - prover nonRevokedProver, - HiddenIndices []int, - sigType opts.SignatureType, - metadata *opts.IdemixSignerMetadata, -) (*Signature, *opts.IdemixSignerMetadata, error) { - - var Nym_eid, Nym_rh *math.G1 - var t4_eid, t4_rh *math.G1 - var r_r_eid, r_eid, r_r_rh, r_rh *math.Zr - var EID, RH *math.Zr - var err error - - if sigType == opts.EidNym || sigType == opts.EidNymRhNym { - EID = curve.NewZrFromBytes(cred.Attrs[eidIndex]) - if metadata != nil { - if metadata.EidNymAuditData == nil { - return nil, nil, errors.Errorf("invalid argument, expected metadata") - } - - if !metadata.EidNymAuditData.Attr.Equals(EID) { - return nil, nil, errors.Errorf("invalid argument, eid nym audit metadata does not match (1)") - } - r_eid = metadata.EidNymAuditData.Rand - } else { - r_eid = curve.NewRandomZr(rng) - } - - r_a_eid := rAttrs[sort.SearchInts(HiddenIndices, eidIndex)] - H_a_eid, err := tr.G1FromProto(ipk.HAttrs[eidIndex]) - if err != nil { - return nil, nil, err - } - - a_eid := EID - HRand, err := tr.G1FromProto(ipk.HRand) - if err != nil { - return nil, nil, err - } - - // Generate new required randomness r_r_eid - r_r_eid = curve.NewRandomZr(rng) - - // Nym_eid is a hiding and binding commitment to the enrollment id - Nym_eid = H_a_eid.Mul2(a_eid, HRand, r_eid) // H_{a_{eid}}^{a_{eid}} \cdot H_{r}^{r_{eid}} - - if metadata != nil { - if !metadata.EidNymAuditData.Nym.Equals(Nym_eid) { - return nil, nil, errors.Errorf("invalid argument, eid nym audit metadata does not match (2)") - } - } - - // t4 is the new t-value for the eid nym computed above - t4_eid = H_a_eid.Mul2(r_a_eid, HRand, r_r_eid) // H_{a_{eid}}^{r_{a_{2}}} \cdot H_{r}^{r_{r_{eid}}} - } - - if sigType == opts.EidNymRhNym { - RH = curve.NewZrFromBytes(cred.Attrs[rhIndex]) - if metadata != nil { - if metadata.RhNymAuditData == nil { - return nil, nil, errors.Errorf("invalid argument, expected metadata") - } - - if !metadata.RhNymAuditData.Attr.Equals(RH) { - return nil, nil, errors.Errorf("invalid argument, rh nym audit metadata does not match (1)") - } - r_rh = metadata.RhNymAuditData.Rand - } else { - r_rh = curve.NewRandomZr(rng) - } - - r_a_rh := rAttrs[sort.SearchInts(HiddenIndices, rhIndex)] - H_a_rh, err := tr.G1FromProto(ipk.HAttrs[rhIndex]) - if err != nil { - return nil, nil, err - } - - a_rh := RH - HRand, err := tr.G1FromProto(ipk.HRand) - if err != nil { - return nil, nil, err - } - - // Generate new required randomness r_r_rh - r_r_rh = curve.NewRandomZr(rng) - - // Nym_rh is a hiding and binding commitment to the revocation handle - Nym_rh = H_a_rh.Mul2(a_rh, HRand, r_rh) // H_{a_{rh}}^{a_{rh}} \cdot H_{r}^{r_{rh}} - - if metadata != nil { - if !metadata.RhNymAuditData.Nym.Equals(Nym_rh) { - return nil, nil, errors.Errorf("invalid argument, rh nym audit metadata does not match (2)") - } - } - - // t4 is the new t-value for the rh nym computed above - t4_rh = H_a_rh.Mul2(r_a_rh, HRand, r_r_rh) // H_{a_{rh}}^{r_{a_{2}}} \cdot H_{r}^{r_{r_{rh}}} - } - - // Step 2: Compute the Fiat-Shamir hash, forming the challenge of the ZKP. - - // Compute the Fiat-Shamir hash, forming the challenge of the ZKP. - // proofData is the data being hashed, it consists of: - // the signature label - // 7 elements of G1 each taking 2*math.FieldBytes+1 bytes - // one bigint (hash of the issuer public key) of length math.FieldBytes - // disclosed attributes - // message being signed - // the minimum amount of bytes needed for the nonrevocation proof - pdl := curve.ScalarByteSize + len(Disclosure) + len(msg) + ProofBytes[RevocationAlgorithm(cri.RevocationAlg)] - switch sigType { - case opts.Standard: // additional bytes for a standard sign label - pdl += len([]byte(signLabel)) + 7*curve.G1ByteSize - case opts.EidNym: // additional bytes for a sign label including an enrollment id attribute - pdl += len([]byte(signWithEidNymLabel)) + 9*curve.G1ByteSize - case opts.EidNymRhNym: // additional bytes for a sign label including both an enrollment id and a revocation handle attribute - pdl += len([]byte(signWithEidNymRhNymLabel)) + 11*curve.G1ByteSize - default: - panic("programming error") - } - proofData := make([]byte, pdl) - index := 0 - switch sigType { - case opts.Standard: - index = appendBytesString(proofData, index, signLabel) - case opts.EidNym: - index = appendBytesString(proofData, index, signWithEidNymLabel) - case opts.EidNymRhNym: - index = appendBytesString(proofData, index, signWithEidNymRhNymLabel) - default: - panic("programming error") - } - index = appendBytesG1(proofData, index, t1) - index = appendBytesG1(proofData, index, t2) - index = appendBytesG1(proofData, index, t3) - index = appendBytesG1(proofData, index, APrime) - index = appendBytesG1(proofData, index, ABar) - index = appendBytesG1(proofData, index, BPrime) - index = appendBytesG1(proofData, index, Nym) - if sigType == opts.EidNym || sigType == opts.EidNymRhNym { - index = appendBytesG1(proofData, index, Nym_eid) - index = appendBytesG1(proofData, index, t4_eid) - } - if sigType == opts.EidNymRhNym { - index = appendBytesG1(proofData, index, Nym_rh) - index = appendBytesG1(proofData, index, t4_rh) - } - index = appendBytes(proofData, index, nonRevokedProofHashData) - copy(proofData[index:], ipk.Hash) - index = index + curve.ScalarByteSize - copy(proofData[index:], Disclosure) - index = index + len(Disclosure) - copy(proofData[index:], msg) - c := curve.HashToZr(proofData) - - // add the previous hash and the nonce and hash again to compute a second hash (C value) - index = 0 - proofData = proofData[:2*curve.ScalarByteSize] - index = appendBytesBig(proofData, index, c) - appendBytesBig(proofData, index, Nonce) - ProofC := curve.HashToZr(proofData) - - // Step 3: reply to the challenge message (s-values) - ProofSSk := curve.ModAdd(rSk, curve.ModMul(ProofC, sk, curve.GroupOrder), curve.GroupOrder) // s_sk = rSK + C \cdot sk - ProofSE := curve.ModSub(re, curve.ModMul(ProofC, E, curve.GroupOrder), curve.GroupOrder) // s_e = re + C \cdot E - ProofSR2 := curve.ModAdd(rR2, curve.ModMul(ProofC, r2, curve.GroupOrder), curve.GroupOrder) // s_r2 = rR2 + C \cdot r2 - ProofSR3 := curve.ModSub(rR3, curve.ModMul(ProofC, r3, curve.GroupOrder), curve.GroupOrder) // s_r3 = rR3 + C \cdot r3 - ProofSSPrime := curve.ModAdd(rSPrime, curve.ModMul(ProofC, sPrime, curve.GroupOrder), curve.GroupOrder) // s_S' = rSPrime + C \cdot sPrime - ProofSRNym := curve.ModAdd(rRNym, curve.ModMul(ProofC, RNym, curve.GroupOrder), curve.GroupOrder) // s_RNym = rRNym + C \cdot RNym - ProofSAttrs := make([][]byte, len(HiddenIndices)) - for i, j := range HiddenIndices { - ProofSAttrs[i] = - // s_attrsi = rAttrsi + C \cdot cred.Attrs[j] - curve.ModAdd(rAttrs[i], curve.ModMul(ProofC, curve.NewZrFromBytes(cred.Attrs[j]), curve.GroupOrder), curve.GroupOrder).Bytes() - } - - // Compute the revocation part - nonRevokedProof, err := prover.getNonRevokedProof(ProofC) - if err != nil { - return nil, nil, err - } - - // logger.Printf("Signature Generation : \n"+ - // " [t1:%v]\n,"+ - // " [t2:%v]\n,"+ - // " [t3:%v]\n,"+ - // " [APrime:%v]\n,"+ - // " [ABar:%v]\n,"+ - // " [BPrime:%v]\n,"+ - // " [Nym:%v]\n,"+ - // " [nonRevokedProofBytes:%v]\n,"+ - // " [ipk.Hash:%v]\n,"+ - // " [Disclosure:%v]\n,"+ - // " [msg:%v]\n,"+ - // " [ProofData:%v]\n,"+ - // " [ProofC:%v]\n"+ - // " [HSk:%v]\n,"+ - // " [ProofSSK:%v]\n,"+ - // " [HRand:%v]\n,"+ - // " [ProofSRNym:%v]\n", - // t1.Bytes(), - // t2.Bytes(), - // t3.Bytes(), - // APrime.Bytes(), - // ABar.Bytes(), - // BPrime.Bytes(), - // Nym.Bytes(), - // nil, - // ipk.Hash, - // Disclosure, - // msg, - // proofData, - // ProofC.Bytes(), - // HSk.Bytes(), - // ProofSSk.Bytes(), - // HRand.Bytes(), - // ProofSRNym.Bytes(), - // ) - - // We are done. Return signature - sig := &Signature{ - APrime: tr.G1ToProto(APrime), - ABar: tr.G1ToProto(ABar), - BPrime: tr.G1ToProto(BPrime), - ProofC: ProofC.Bytes(), - ProofSSk: ProofSSk.Bytes(), - ProofSE: ProofSE.Bytes(), - ProofSR2: ProofSR2.Bytes(), - ProofSR3: ProofSR3.Bytes(), - ProofSSPrime: ProofSSPrime.Bytes(), - ProofSAttrs: ProofSAttrs, - Nonce: Nonce.Bytes(), - Nym: tr.G1ToProto(Nym), - ProofSRNym: ProofSRNym.Bytes(), - RevocationEpochPk: cri.EpochPk, - RevocationPkSig: cri.EpochPkSig, - Epoch: cri.Epoch, - NonRevocationProof: nonRevokedProof, - } - - if sigType == opts.EidNym || sigType == opts.EidNymRhNym { - ProofSEid := curve.ModAdd(r_r_eid, curve.ModMul(ProofC, r_eid, curve.GroupOrder), curve.GroupOrder) // s_{r{eid}} = r_r_eid + C \cdot r_eid - sig.EidNym = &EIDNym{ - Nym: tr.G1ToProto(Nym_eid), - ProofSEid: ProofSEid.Bytes(), - } - } - - if sigType == opts.EidNymRhNym { - ProofSRh := curve.ModAdd(r_r_rh, curve.ModMul(ProofC, r_rh, curve.GroupOrder), curve.GroupOrder) - sig.RhNym = &RHNym{ - Nym: tr.G1ToProto(Nym_rh), - ProofSRh: ProofSRh.Bytes(), - } - } - - var m *opts.IdemixSignerMetadata - if sigType == opts.EidNym { - m = &opts.IdemixSignerMetadata{ - EidNymAuditData: &opts.AttrNymAuditData{ - Nym: Nym_eid, - Rand: r_eid, - Attr: EID, - }, - } - } - - if sigType == opts.EidNymRhNym { - m = &opts.IdemixSignerMetadata{ - EidNymAuditData: &opts.AttrNymAuditData{ - Nym: Nym_eid, - Rand: r_eid, - Attr: EID, - }, - RhNymAuditData: &opts.AttrNymAuditData{ - Nym: Nym_rh, - Rand: r_rh, - Attr: RH, - }, - } - } - - return sig, m, nil -} - -func (sig *Signature) AuditNymEid( - ipk *IssuerPublicKey, - eidAttr *math.Zr, - eidIndex int, - RNymEid *math.Zr, - curve *math.Curve, - t Translator, -) error { - // Validate inputs - if ipk == nil { - return errors.Errorf("cannot verify idemix signature: received nil input") - } - - if sig.EidNym == nil || sig.EidNym.Nym == nil { - return errors.Errorf("no EidNym provided") - } - - if len(ipk.HAttrs) <= eidIndex { - return errors.Errorf("could not access H_a_eid in array") - } - - H_a_eid, err := t.G1FromProto(ipk.HAttrs[eidIndex]) - if err != nil { - return errors.Wrap(err, "could not deserialize H_a_eid") - } - - HRand, err := t.G1FromProto(ipk.HRand) - if err != nil { - return errors.Wrap(err, "could not deserialize HRand") - } - - EidNym, err := t.G1FromProto(sig.EidNym.Nym) - if err != nil { - return errors.Wrap(err, "could not deserialize EidNym") - } - - Nym_eid := H_a_eid.Mul2(eidAttr, HRand, RNymEid) - - if !Nym_eid.Equals(EidNym) { - return errors.New("eid nym does not match") - } - - return nil -} - -func (sig *Signature) AuditNymRh( - ipk *IssuerPublicKey, - rhAttr *math.Zr, - rhIndex int, - RNymRh *math.Zr, - curve *math.Curve, - t Translator, -) error { - // Validate inputs - if ipk == nil { - return errors.Errorf("cannot verify idemix signature: received nil input") - } - - if sig.RhNym == nil || sig.RhNym.Nym == nil { - return errors.Errorf("no RhNym provided") - } - - if len(ipk.HAttrs) <= rhIndex { - return errors.Errorf("could not access H_a_rh in array") - } - - H_a_rh, err := t.G1FromProto(ipk.HAttrs[rhIndex]) - if err != nil { - return errors.Wrap(err, "could not deserialize H_a_rh") - } - - HRand, err := t.G1FromProto(ipk.HRand) - if err != nil { - return errors.Wrap(err, "could not deserialize HRand") - } - - RhNym, err := t.G1FromProto(sig.RhNym.Nym) - if err != nil { - return errors.Wrap(err, "could not deserialize RhNym") - } - - Nym_rh := H_a_rh.Mul2(rhAttr, HRand, RNymRh) - - if !Nym_rh.Equals(RhNym) { - return errors.New("rh nym does not match") - } - - return nil -} - -// Ver verifies an idemix signature -// Disclosure steers which attributes it expects to be disclosed -// attributeValues contains the desired attribute values. -// This function will check that if attribute i is disclosed, the i-th attribute equals attributeValues[i]. -func (sig *Signature) Ver( - Disclosure []byte, - ipk *IssuerPublicKey, - msg []byte, - attributeValues []*math.Zr, - rhIndex, eidIndex int, - revPk *ecdsa.PublicKey, - epoch int, - curve *math.Curve, - t Translator, - verType opts.VerificationType, - meta *opts.IdemixSignerMetadata, -) error { - // Validate inputs - if ipk == nil { - return errors.Errorf("cannot verify idemix signature: received nil input") - } - - if rhIndex < 0 || rhIndex >= len(ipk.AttributeNames) || len(Disclosure) != len(ipk.AttributeNames) { - return errors.Errorf("cannot verify idemix signature: received invalid input") - } - - if sig.NonRevocationProof.RevocationAlg != int32(ALG_NO_REVOCATION) && Disclosure[rhIndex] == 1 { - return errors.Errorf("Attribute %d is disclosed but is also used as revocation handle, which should remain hidden.", rhIndex) - } - if verType == opts.ExpectEidNym && - (sig.EidNym == nil || sig.EidNym.Nym == nil || sig.EidNym.ProofSEid == nil) { - return errors.Errorf("no EidNym provided but ExpectEidNym required") - } - - if verType == opts.ExpectEidNymRhNym { - if sig.EidNym == nil || sig.EidNym.Nym == nil || sig.EidNym.ProofSEid == nil { - return errors.Errorf("no EidNym provided but ExpectEidNymRhNym required") - } - if sig.RhNym == nil || sig.RhNym.Nym == nil || sig.RhNym.ProofSRh == nil { - return errors.Errorf("no RhNym provided but ExpectEidNymRhNym required") - } - } - - if verType == opts.ExpectStandard { - if sig.RhNym != nil { - return errors.Errorf("RhNym available but ExpectStandard required") - } - if sig.EidNym != nil { - return errors.Errorf("EidNym available but ExpectStandard required") - } - } - - verifyRHNym := (verType == opts.BestEffort && sig.RhNym != nil) || verType == opts.ExpectEidNymRhNym - verifyEIDNym := (verType == opts.BestEffort && sig.EidNym != nil) || verType == opts.ExpectEidNym || verType == opts.ExpectEidNymRhNym || verifyRHNym - - HiddenIndices := hiddenIndices(Disclosure) - - // Parse signature - APrime, err := t.G1FromProto(sig.GetAPrime()) - if err != nil { - return err - } - //logger.Printf("Signature Verification : \n"+ - // " [APrime:%v]\n", - // APrime.Bytes(), - //) - ABar, err := t.G1FromProto(sig.GetABar()) - if err != nil { - return err - } - //logger.Printf("Signature Verification : \n"+ - // " [ABar:%v]\n", - // ABar.Bytes(), - //) - BPrime, err := t.G1FromProto(sig.GetBPrime()) - if err != nil { - return err - } - Nym, err := t.G1FromProto(sig.GetNym()) - if err != nil { - return err - } - ProofC := curve.NewZrFromBytes(sig.GetProofC()) - ProofSSk := curve.NewZrFromBytes(sig.GetProofSSk()) - ProofSE := curve.NewZrFromBytes(sig.GetProofSE()) - ProofSR2 := curve.NewZrFromBytes(sig.GetProofSR2()) - ProofSR3 := curve.NewZrFromBytes(sig.GetProofSR3()) - ProofSSPrime := curve.NewZrFromBytes(sig.GetProofSSPrime()) - ProofSRNym := curve.NewZrFromBytes(sig.GetProofSRNym()) - ProofSAttrs := make([]*math.Zr, len(sig.GetProofSAttrs())) - if len(sig.ProofSAttrs) != len(HiddenIndices) { - return errors.Errorf("signature invalid: incorrect amount of s-values for AttributeProofSpec") - } - for i, b := range sig.ProofSAttrs { - ProofSAttrs[i] = curve.NewZrFromBytes(b) - } - Nonce := curve.NewZrFromBytes(sig.GetNonce()) - - // Parse issuer public key - W, err := t.G2FromProto(ipk.W) - if err != nil { - return err - } - HRand, err := t.G1FromProto(ipk.HRand) - if err != nil { - return err - } - HSk, err := t.G1FromProto(ipk.HSk) - if err != nil { - return err - } - //logger.Printf("Signature Verification : \n"+ - // " [W:%v]\n", - // W.Bytes(), - //) - - // Verify signature - if APrime.IsInfinity() { - return errors.Errorf("signature invalid: APrime = 1") - } - temp1 := curve.Pairing(W, APrime) - temp2 := curve.Pairing(curve.GenG2, ABar) - temp2.Inverse() - temp1.Mul(temp2) - if !curve.FExp(temp1).IsUnity() { - return errors.Errorf("signature invalid: APrime and ABar don't have the expected structure") - } - - // Verify ZK proof - - // Recover t-values - - HAttrs := make([]*math.G1, len(ipk.HAttrs)) - for i := range ipk.HAttrs { - var err error - HAttrs[i], err = t.G1FromProto(ipk.HAttrs[i]) - if err != nil { - return err - } - } - // Recompute t1 - t1 := APrime.Mul2(ProofSE, HRand, ProofSR2) - temp := curve.NewG1() - temp.Clone(ABar) - temp.Sub(BPrime) - t1.Sub(temp.Mul(ProofC)) - - // Recompute t2 - t2 := HRand.Mul(ProofSSPrime) - t2.Add(BPrime.Mul2(ProofSR3, HSk, ProofSSk)) - for i := 0; i < len(HiddenIndices)/2; i++ { - t2.Add(HAttrs[HiddenIndices[2*i]].Mul2(ProofSAttrs[2*i], HAttrs[HiddenIndices[2*i+1]], ProofSAttrs[2*i+1])) - } - if len(HiddenIndices)%2 != 0 { - t2.Add(HAttrs[HiddenIndices[len(HiddenIndices)-1]].Mul(ProofSAttrs[len(HiddenIndices)-1])) - } - temp = curve.NewG1() - temp.Clone(curve.GenG1) - for index, disclose := range Disclosure { - if disclose != 0 { - temp.Add(HAttrs[index].Mul(attributeValues[index])) - } - } - t2.Add(temp.Mul(ProofC)) - - // Recompute t3 - t3 := HSk.Mul2(ProofSSk, HRand, ProofSRNym) - t3.Sub(Nym.Mul(ProofC)) - - // Attribute pseudonym extension signature verification - var t4_eid *math.G1 - if verifyEIDNym { - H_a_eid, err := t.G1FromProto(ipk.HAttrs[eidIndex]) - if err != nil { - return err - } - - t4_eid = H_a_eid.Mul2(ProofSAttrs[sort.SearchInts(HiddenIndices, eidIndex)], HRand, curve.NewZrFromBytes(sig.EidNym.ProofSEid)) - EidNym, err := t.G1FromProto(sig.EidNym.Nym) - if err != nil { - return err - } - t4_eid.Sub(EidNym.Mul(ProofC)) - } - var t4_rh *math.G1 - if verifyRHNym { - H_a_rh, err := t.G1FromProto(ipk.HAttrs[rhIndex]) - if err != nil { - return err - } - - t4_rh = H_a_rh.Mul2(ProofSAttrs[sort.SearchInts(HiddenIndices, rhIndex)], HRand, curve.NewZrFromBytes(sig.RhNym.ProofSRh)) - RhNym, err := t.G1FromProto(sig.RhNym.Nym) - if err != nil { - return err - } - t4_rh.Sub(RhNym.Mul(ProofC)) - } - // add contribution from the non-revocation proof - nonRevokedVer, err := getNonRevocationVerifier(RevocationAlgorithm(sig.NonRevocationProof.RevocationAlg)) - if err != nil { - return err - } - - i := sort.SearchInts(HiddenIndices, rhIndex) - proofSRh := ProofSAttrs[i] - RevocationEpochPk, err := t.G2FromProto(sig.RevocationEpochPk) - if err != nil { - return err - } - - nonRevokedProofBytes, err := nonRevokedVer.recomputeFSContribution(sig.NonRevocationProof, ProofC, RevocationEpochPk, proofSRh) - if err != nil { - return err - } - // Recompute challenge - // proofData is the data being hashed, it consists of: - // the signature label - // 7 elements of G1 each taking 2*math.FieldBytes+1 bytes - // one bigint (hash of the issuer public key) of length math.FieldBytes - // disclosed attributes - // message that was signed - // pdl is minimum length of proof data - pdl := curve.ScalarByteSize + len(Disclosure) + len(msg) + ProofBytes[RevocationAlgorithm(sig.NonRevocationProof.RevocationAlg)] - if verifyRHNym { // additional length for both an enrollment id and revocation handle attribute - pdl += len([]byte(signWithEidNymRhNymLabel)) + 11*curve.G1ByteSize - } else if verifyEIDNym { // additional length for an enrollment id attribute - pdl += len([]byte(signWithEidNymLabel)) + 9*curve.G1ByteSize - } else { // additional length for a standard sign label - pdl += len([]byte(signLabel)) + 7*curve.G1ByteSize - } - proofData := make([]byte, pdl) - index := 0 - if verifyRHNym { - index = appendBytesString(proofData, index, signWithEidNymRhNymLabel) - } else if verifyEIDNym { - index = appendBytesString(proofData, index, signWithEidNymLabel) - } else { - index = appendBytesString(proofData, index, signLabel) - } - index = appendBytesG1(proofData, index, t1) - index = appendBytesG1(proofData, index, t2) - index = appendBytesG1(proofData, index, t3) - index = appendBytesG1(proofData, index, APrime) - index = appendBytesG1(proofData, index, ABar) - index = appendBytesG1(proofData, index, BPrime) - index = appendBytesG1(proofData, index, Nym) - if verifyEIDNym { - EidNym, err := t.G1FromProto(sig.EidNym.Nym) - if err != nil { - return err - } - index = appendBytesG1(proofData, index, EidNym) - index = appendBytesG1(proofData, index, t4_eid) - } - if verifyRHNym { - RhNym, err := t.G1FromProto(sig.RhNym.Nym) - if err != nil { - return err - } - index = appendBytesG1(proofData, index, RhNym) - index = appendBytesG1(proofData, index, t4_rh) - } - index = appendBytes(proofData, index, nonRevokedProofBytes) - copy(proofData[index:], ipk.Hash) - index = index + curve.ScalarByteSize - copy(proofData[index:], Disclosure) - index = index + len(Disclosure) - copy(proofData[index:], msg) - - c := curve.HashToZr(proofData) - index = 0 - proofData = proofData[:2*curve.ScalarByteSize] - index = appendBytesBig(proofData, index, c) - appendBytesBig(proofData, index, Nonce) - - // audit eid nym if data provided and verification requested - if (verifyEIDNym || verifyRHNym) && meta != nil { - EidNym, err := t.G1FromProto(sig.EidNym.Nym) - if err != nil { - return err - } - - if meta.EidNymAuditData != nil { - H_a_eid, err := t.G1FromProto(ipk.HAttrs[eidIndex]) - if err != nil { - return err - } - - Nym_eid := H_a_eid.Mul2(meta.EidNymAuditData.Attr, HRand, meta.EidNymAuditData.Rand) - if !Nym_eid.Equals(EidNym) { - return errors.Errorf("signature invalid: nym eid validation failed, does not match regenerated nym eid") - } - - if meta.EidNymAuditData.Nym != nil && !EidNym.Equals(meta.EidNymAuditData.Nym) { - return errors.Errorf("signature invalid: nym eid validation failed, does not match metadata") - } - } - - if len(meta.EidNym) != 0 { - NymEID, err := curve.NewG1FromBytes(meta.EidNym) - if err != nil { - return errors.Errorf("signature invalid: nym eid validation failed, failed to unmarshal meta nym eid") - } - if !NymEID.Equals(EidNym) { - return errors.Errorf("signature invalid: nym eid validation failed, signature nym eid does not match metadata") - } - } - } - // audit rh nym if data provided and verification requested - if verifyRHNym && meta != nil { - RhNym, err := t.G1FromProto(sig.RhNym.Nym) - if err != nil { - return err - } - - if meta.RhNymAuditData != nil { - H_a_rh, err := t.G1FromProto(ipk.HAttrs[rhIndex]) - if err != nil { - return err - } - - Nym_rh := H_a_rh.Mul2(meta.RhNymAuditData.Attr, HRand, meta.RhNymAuditData.Rand) - if !Nym_rh.Equals(RhNym) { - return errors.Errorf("signature invalid: nym rh validation failed, does not match regenerated nym rh") - } - - if meta.RhNymAuditData.Nym != nil && !RhNym.Equals(meta.RhNymAuditData.Nym) { - return errors.Errorf("signature invalid: nym rh validation failed, does not match metadata") - } - } - - if len(meta.RhNym) != 0 { - NymRH, err := curve.NewG1FromBytes(meta.RhNym) - if err != nil { - return errors.Errorf("signature invalid: nym rh validation failed, failed to unmarshal meta nym rh") - } - if !NymRH.Equals(RhNym) { - return errors.Errorf("signature invalid: nym rh validation failed, signature nym rh does not match metadata") - } - } - } - - recomputedProofC := curve.HashToZr(proofData) - if !ProofC.Equals(recomputedProofC) { - // This debug line helps identify where the mismatch happened - logger.Printf("Signature Verification : \n"+ - " [t1:%v]\n,"+ - " [t2:%v]\n,"+ - " [t3:%v]\n,"+ - " [APrime:%v]\n,"+ - " [ABar:%v]\n,"+ - " [BPrime:%v]\n,"+ - " [Nym:%v]\n,"+ - " [nonRevokedProofBytes:%v]\n,"+ - " [ipk.Hash:%v]\n,"+ - " [Disclosure:%v]\n,"+ - " [msg:%v]\n,"+ - " [proofdata:%v]\n,"+ - " [ProofC:%v]\n,"+ - " [recomputedProofC:%v]\n,"+ - " [HSk:%v]\n,"+ - " [ProofSSK:%v]\n,"+ - " [HRand:%v]\n,"+ - " [ProofSRNym:%v]\n", - t1.Bytes(), - t2.Bytes(), - t3.Bytes(), - APrime.Bytes(), - ABar.Bytes(), - BPrime.Bytes(), - Nym.Bytes(), - nonRevokedProofBytes, - ipk.Hash, - Disclosure, - msg, - proofData, - ProofC.Bytes(), - recomputedProofC.Bytes(), - HSk.Bytes(), - ProofSSk.Bytes(), - HRand.Bytes(), - ProofSRNym.Bytes(), - ) - return errors.Errorf("signature invalid: zero-knowledge proof is invalid") - } - - // Signature is valid - return nil -} diff --git a/bccsp/schemes/dlog/crypto/translator/amcl/amcl.pb.go b/bccsp/schemes/dlog/crypto/translator/amcl/amcl.pb.go deleted file mode 100644 index 40be3575..00000000 --- a/bccsp/schemes/dlog/crypto/translator/amcl/amcl.pb.go +++ /dev/null @@ -1,163 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// source: bccsp/schemes/dlog/crypto/translator/amcl/amcl.proto - -package amcl - -import ( - fmt "fmt" - proto "github.com/golang/protobuf/proto" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package - -// ECP is an elliptic curve point specified by its coordinates -// ECP corresponds to an element of the first group (G1) -type ECP struct { - X []byte `protobuf:"bytes,1,opt,name=x,proto3" json:"x,omitempty"` - Y []byte `protobuf:"bytes,2,opt,name=y,proto3" json:"y,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ECP) Reset() { *m = ECP{} } -func (m *ECP) String() string { return proto.CompactTextString(m) } -func (*ECP) ProtoMessage() {} -func (*ECP) Descriptor() ([]byte, []int) { - return fileDescriptor_250ddfa5c5f8dbbb, []int{0} -} - -func (m *ECP) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ECP.Unmarshal(m, b) -} -func (m *ECP) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ECP.Marshal(b, m, deterministic) -} -func (m *ECP) XXX_Merge(src proto.Message) { - xxx_messageInfo_ECP.Merge(m, src) -} -func (m *ECP) XXX_Size() int { - return xxx_messageInfo_ECP.Size(m) -} -func (m *ECP) XXX_DiscardUnknown() { - xxx_messageInfo_ECP.DiscardUnknown(m) -} - -var xxx_messageInfo_ECP proto.InternalMessageInfo - -func (m *ECP) GetX() []byte { - if m != nil { - return m.X - } - return nil -} - -func (m *ECP) GetY() []byte { - if m != nil { - return m.Y - } - return nil -} - -// ECP2 is an elliptic curve point specified by its coordinates -// ECP2 corresponds to an element of the second group (G2) -type ECP2 struct { - Xa []byte `protobuf:"bytes,1,opt,name=xa,proto3" json:"xa,omitempty"` - Xb []byte `protobuf:"bytes,2,opt,name=xb,proto3" json:"xb,omitempty"` - Ya []byte `protobuf:"bytes,3,opt,name=ya,proto3" json:"ya,omitempty"` - Yb []byte `protobuf:"bytes,4,opt,name=yb,proto3" json:"yb,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ECP2) Reset() { *m = ECP2{} } -func (m *ECP2) String() string { return proto.CompactTextString(m) } -func (*ECP2) ProtoMessage() {} -func (*ECP2) Descriptor() ([]byte, []int) { - return fileDescriptor_250ddfa5c5f8dbbb, []int{1} -} - -func (m *ECP2) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ECP2.Unmarshal(m, b) -} -func (m *ECP2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ECP2.Marshal(b, m, deterministic) -} -func (m *ECP2) XXX_Merge(src proto.Message) { - xxx_messageInfo_ECP2.Merge(m, src) -} -func (m *ECP2) XXX_Size() int { - return xxx_messageInfo_ECP2.Size(m) -} -func (m *ECP2) XXX_DiscardUnknown() { - xxx_messageInfo_ECP2.DiscardUnknown(m) -} - -var xxx_messageInfo_ECP2 proto.InternalMessageInfo - -func (m *ECP2) GetXa() []byte { - if m != nil { - return m.Xa - } - return nil -} - -func (m *ECP2) GetXb() []byte { - if m != nil { - return m.Xb - } - return nil -} - -func (m *ECP2) GetYa() []byte { - if m != nil { - return m.Ya - } - return nil -} - -func (m *ECP2) GetYb() []byte { - if m != nil { - return m.Yb - } - return nil -} - -func init() { - proto.RegisterType((*ECP)(nil), "amcl.ECP") - proto.RegisterType((*ECP2)(nil), "amcl.ECP2") -} - -func init() { - proto.RegisterFile("bccsp/schemes/dlog/crypto/translator/amcl/amcl.proto", fileDescriptor_250ddfa5c5f8dbbb) -} - -var fileDescriptor_250ddfa5c5f8dbbb = []byte{ - // 239 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x32, 0x49, 0x4a, 0x4e, 0x2e, - 0x2e, 0xd0, 0x2f, 0x4e, 0xce, 0x48, 0xcd, 0x4d, 0x2d, 0xd6, 0x4f, 0xc9, 0xc9, 0x4f, 0xd7, 0x4f, - 0x2e, 0xaa, 0x2c, 0x28, 0xc9, 0xd7, 0x2f, 0x29, 0x4a, 0xcc, 0x2b, 0xce, 0x49, 0x2c, 0xc9, 0x2f, - 0xd2, 0x4f, 0xcc, 0x4d, 0xce, 0x01, 0x13, 0x7a, 0x05, 0x45, 0xf9, 0x25, 0xf9, 0x42, 0x2c, 0x20, - 0xb6, 0x92, 0x22, 0x17, 0xb3, 0xab, 0x73, 0x80, 0x10, 0x0f, 0x17, 0x63, 0x85, 0x04, 0xa3, 0x02, - 0xa3, 0x06, 0x4f, 0x10, 0x63, 0x05, 0x88, 0x57, 0x29, 0xc1, 0x04, 0xe1, 0x55, 0x2a, 0xb9, 0x71, - 0xb1, 0xb8, 0x3a, 0x07, 0x18, 0x09, 0xf1, 0x71, 0x31, 0x55, 0x24, 0x42, 0x15, 0x31, 0x55, 0x24, - 0x82, 0xf9, 0x49, 0x50, 0x65, 0x4c, 0x15, 0x49, 0x20, 0x7e, 0x65, 0xa2, 0x04, 0x33, 0x84, 0x5f, - 0x09, 0x96, 0xaf, 0x4c, 0x92, 0x60, 0x81, 0xf2, 0x93, 0x9c, 0xda, 0x18, 0xb9, 0x38, 0x92, 0xf3, - 0x73, 0xf5, 0x40, 0xf6, 0x3a, 0x71, 0x3a, 0xe6, 0x26, 0xe7, 0x04, 0x80, 0x1c, 0x12, 0xc0, 0x18, - 0x65, 0x9f, 0x9e, 0x59, 0x92, 0x51, 0x9a, 0xa4, 0x97, 0x9c, 0x9f, 0xab, 0xef, 0xe9, 0xe4, 0xab, - 0x9f, 0x99, 0x92, 0x9a, 0x9b, 0x59, 0xa1, 0x4f, 0xb4, 0xb7, 0x16, 0x31, 0x31, 0x3b, 0x46, 0x44, - 0xac, 0x62, 0x62, 0x01, 0x19, 0x7a, 0x0a, 0x42, 0x3d, 0x62, 0x12, 0x00, 0x51, 0x31, 0xee, 0x01, - 0x4e, 0xbe, 0xa9, 0x25, 0x89, 0x29, 0x89, 0x25, 0x89, 0xaf, 0x20, 0x32, 0x49, 0x6c, 0xe0, 0x00, - 0x30, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x42, 0x17, 0x88, 0x52, 0x38, 0x01, 0x00, 0x00, -} diff --git a/bccsp/schemes/dlog/crypto/translator/amcl/amcl.proto b/bccsp/schemes/dlog/crypto/translator/amcl/amcl.proto deleted file mode 100644 index 6ecfef31..00000000 --- a/bccsp/schemes/dlog/crypto/translator/amcl/amcl.proto +++ /dev/null @@ -1,32 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -syntax = "proto3"; - -package amcl; - -option go_package = "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl"; - -// The Identity Mixer protocols make use of pairings (bilinear maps) - -// functions that can be described as e: G1 x G2 -> GT that -// map group elements from the source groups (G1 and G2) to the target group -// Such groups can be represented by the points on an elliptic curve - -// ECP is an elliptic curve point specified by its coordinates -// ECP corresponds to an element of the first group (G1) -message ECP { - bytes x = 1; - bytes y = 2; -} - -// ECP2 is an elliptic curve point specified by its coordinates -// ECP2 corresponds to an element of the second group (G2) -message ECP2 { - bytes xa = 1; - bytes xb = 2; - bytes ya = 3; - bytes yb = 4; -} \ No newline at end of file diff --git a/bccsp/schemes/dlog/crypto/translator/amcl/fp256bn.go b/bccsp/schemes/dlog/crypto/translator/amcl/fp256bn.go deleted file mode 100644 index 6d0320b8..00000000 --- a/bccsp/schemes/dlog/crypto/translator/amcl/fp256bn.go +++ /dev/null @@ -1,168 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package amcl - -import ( - fmt "fmt" - - math "github.com/IBM/mathlib" -) - -type Fp256bn struct { - C *math.Curve -} - -func (a *Fp256bn) G1ToProto(g1 *math.G1) *ECP { - if g1 == nil { - panic("nil argument") - } - - bytes := g1.Bytes()[1:] - l := len(bytes) / 2 - return &ECP{ - X: bytes[:l], - Y: bytes[l:], - } -} - -func (a *Fp256bn) G1FromRawBytes(raw []byte) (*math.G1, error) { - l := len(raw) / 2 - - return a.G1FromProto(&ECP{ - X: raw[:l], - Y: raw[l:], - }) -} - -func (a *Fp256bn) G1FromProto(e *ECP) (*math.G1, error) { - if e == nil { - return nil, fmt.Errorf("nil argument") - } - - if len(e.X) != a.C.CoordByteSize || len(e.Y) != a.C.CoordByteSize { - return nil, fmt.Errorf("invalid marshalled length") - } - - bytes := make([]byte, len(e.X)*2+1) - l := len(e.X) - bytes[0] = 0x04 - copy(bytes[1:], e.X) - copy(bytes[l+1:], e.Y) - return a.C.NewG1FromBytes(bytes) -} - -func (a *Fp256bn) G2ToProto(g2 *math.G2) *ECP2 { - if g2 == nil { - panic("nil argument") - } - - bytes := g2.Bytes() - l := len(bytes) / 4 - return &ECP2{ - Xa: bytes[0:l], - Xb: bytes[l : 2*l], - Ya: bytes[2*l : 3*l], - Yb: bytes[3*l:], - } - -} - -func (a *Fp256bn) G2FromProto(e *ECP2) (*math.G2, error) { - if e == nil { - return nil, fmt.Errorf("nil argument") - } - - if len(e.Xa) != a.C.CoordByteSize || len(e.Xb) != a.C.CoordByteSize || len(e.Ya) != a.C.CoordByteSize || len(e.Yb) != a.C.CoordByteSize { - return nil, fmt.Errorf("invalid marshalled length") - } - - bytes := make([]byte, len(e.Xa)*4) - l := len(e.Xa) - copy(bytes[0:l], e.Xa) - copy(bytes[l:2*l], e.Xb) - copy(bytes[2*l:3*l], e.Ya) - copy(bytes[3*l:], e.Yb) - return a.C.NewG2FromBytes(bytes) -} - -type Fp256bnMiracl struct { - C *math.Curve -} - -func (a *Fp256bnMiracl) G1ToProto(g1 *math.G1) *ECP { - if g1 == nil { - panic("nil argument") - } - - bytes := g1.Bytes()[1:] - l := len(bytes) / 2 - return &ECP{ - X: bytes[:l], - Y: bytes[l:], - } -} - -func (a *Fp256bnMiracl) G1FromRawBytes(raw []byte) (*math.G1, error) { - l := len(raw) / 2 - - return a.G1FromProto(&ECP{ - X: raw[:l], - Y: raw[l:], - }) -} - -func (a *Fp256bnMiracl) G1FromProto(e *ECP) (*math.G1, error) { - if e == nil { - return nil, fmt.Errorf("nil argument") - } - - if len(e.X) != a.C.CoordByteSize || len(e.Y) != a.C.CoordByteSize { - return nil, fmt.Errorf("invalid marshalled length") - } - - bytes := make([]byte, len(e.X)*2+1) - l := len(e.X) - bytes[0] = 0x04 - copy(bytes[1:], e.X) - copy(bytes[l+1:], e.Y) - return a.C.NewG1FromBytes(bytes) -} - -func (a *Fp256bnMiracl) G2ToProto(g2 *math.G2) *ECP2 { - if g2 == nil { - panic("nil argument") - } - - bytes := g2.Bytes()[1:] - l := len(bytes) / 4 - return &ECP2{ - Xa: bytes[0:l], - Xb: bytes[l : 2*l], - Ya: bytes[2*l : 3*l], - Yb: bytes[3*l:], - } - -} - -func (a *Fp256bnMiracl) G2FromProto(e *ECP2) (*math.G2, error) { - if e == nil { - return nil, fmt.Errorf("nil argument") - } - - if len(e.Xa) != a.C.CoordByteSize || len(e.Xb) != a.C.CoordByteSize || len(e.Ya) != a.C.CoordByteSize || len(e.Yb) != a.C.CoordByteSize { - return nil, fmt.Errorf("invalid marshalled length") - } - - bytes := make([]byte, 1+len(e.Xa)*4) - bytes[0] = 0x04 - l := len(e.Xa) - copy(bytes[1:], e.Xa) - copy(bytes[1+l:], e.Xb) - copy(bytes[1+2*l:], e.Ya) - copy(bytes[1+3*l:], e.Yb) - return a.C.NewG2FromBytes(bytes) -} diff --git a/bccsp/schemes/dlog/crypto/translator/amcl/fp256bn_test.go b/bccsp/schemes/dlog/crypto/translator/amcl/fp256bn_test.go deleted file mode 100644 index 78493922..00000000 --- a/bccsp/schemes/dlog/crypto/translator/amcl/fp256bn_test.go +++ /dev/null @@ -1,158 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package amcl - -import ( - "io/ioutil" - "testing" - - math "github.com/IBM/mathlib" - "github.com/golang/protobuf/proto" - "github.com/stretchr/testify/assert" -) - -func TestFp256bnTranslatorGen(t *testing.T) { - curve := math.Curves[math.FP256BN_AMCL] - tr := &Fp256bn{ - C: curve, - } - - genG1 := curve.GenG1 - ecp := tr.G1ToProto(genG1) - p, err := tr.G1FromProto(ecp) - assert.True(t, p.Equals(genG1)) - assert.NoError(t, err) - - genG2 := curve.GenG2 - ecp2 := tr.G2ToProto(genG2) - p2, err := tr.G2FromProto(ecp2) - assert.True(t, p2.Equals(genG2)) - assert.NoError(t, err) -} - -func TestFp256bnTranslatorRndG1(t *testing.T) { - curve := math.Curves[math.FP256BN_AMCL] - tr := &Fp256bn{ - C: curve, - } - - rnd, err := curve.Rand() - assert.NoError(t, err) - - g := curve.GenG1 - r := curve.NewRandomZr(rnd) - h := g.Mul(r) - - ecp := tr.G1ToProto(h) - assert.NotNil(t, ecp) - - h1, err := tr.G1FromProto(ecp) - assert.True(t, h.Equals(h1)) - assert.NoError(t, err) -} - -func TestFp256bnTranslatorRndG2(t *testing.T) { - curve := math.Curves[math.FP256BN_AMCL] - tr := &Fp256bn{ - C: curve, - } - - rnd, err := curve.Rand() - assert.NoError(t, err) - - g := curve.GenG2 - r := curve.NewRandomZr(rnd) - h := g.Mul(r) - - ecp := tr.G2ToProto(h) - assert.NotNil(t, ecp) - - h1, err := tr.G2FromProto(ecp) - assert.True(t, h.Equals(h1)) - assert.NoError(t, err) -} - -func TestFp256bnMiraclTranslatorGen(t *testing.T) { - curve := math.Curves[math.FP256BN_AMCL_MIRACL] - tr := &Fp256bnMiracl{ - C: curve, - } - - genG1 := curve.GenG1 - ecp := tr.G1ToProto(genG1) - p, err := tr.G1FromProto(ecp) - assert.True(t, p.Equals(genG1)) - assert.NoError(t, err) - - genG2 := curve.GenG2 - ecp2 := tr.G2ToProto(genG2) - p2, err := tr.G2FromProto(ecp2) - assert.True(t, p2.Equals(genG2)) - assert.NoError(t, err) -} - -func TestFp256bnMiraclTranslatorRndG1(t *testing.T) { - curve := math.Curves[math.FP256BN_AMCL_MIRACL] - tr := &Fp256bnMiracl{ - C: curve, - } - - rnd, err := curve.Rand() - assert.NoError(t, err) - - g := curve.GenG1 - r := curve.NewRandomZr(rnd) - h := g.Mul(r) - - ecp := tr.G1ToProto(h) - assert.NotNil(t, ecp) - - h1, err := tr.G1FromProto(ecp) - assert.True(t, h.Equals(h1)) - assert.NoError(t, err) -} - -func TestFp256bnMiraclTranslatorRndG2(t *testing.T) { - curve := math.Curves[math.FP256BN_AMCL_MIRACL] - tr := &Fp256bnMiracl{ - C: curve, - } - - rnd, err := curve.Rand() - assert.NoError(t, err) - - g := curve.GenG2 - r := curve.NewRandomZr(rnd) - h := g.Mul(r) - - ecp := tr.G2ToProto(h) - assert.NotNil(t, ecp) - - h1, err := tr.G2FromProto(ecp) - assert.True(t, h.Equals(h1)) - assert.NoError(t, err) -} - -func TestFp256bnTranslatorG2FromFile(t *testing.T) { - curve := math.Curves[math.FP256BN_AMCL] - tr := &Fp256bn{ - C: curve, - } - - wBytes, err := ioutil.ReadFile("./testdata/old/g2.bytes") - assert.NoError(t, err) - wProtoBytes, err := ioutil.ReadFile("./testdata/old/g2.proto.bytes") - assert.NoError(t, err) - - ecp := &ECP2{} - err = proto.Unmarshal(wProtoBytes, ecp) - assert.NoError(t, err) - - h1, err := tr.G2FromProto(ecp) - assert.Equal(t, wBytes, h1.Bytes()) - assert.NoError(t, err) -} diff --git a/bccsp/schemes/dlog/crypto/translator/amcl/gurvy.go b/bccsp/schemes/dlog/crypto/translator/amcl/gurvy.go deleted file mode 100644 index 2be82f27..00000000 --- a/bccsp/schemes/dlog/crypto/translator/amcl/gurvy.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package amcl - -import ( - math "github.com/IBM/mathlib" -) - -type Gurvy struct { - C *math.Curve -} - -func (a *Gurvy) G1ToProto(g1 *math.G1) *ECP { - bytes := g1.Bytes() - - l := len(bytes) / 2 - return &ECP{ - X: bytes[:l], - Y: bytes[l:], - } -} - -func (a *Gurvy) G1FromRawBytes(raw []byte) (*math.G1, error) { - l := len(raw) / 2 - - return a.G1FromProto(&ECP{ - X: raw[:l], - Y: raw[l:], - }) -} - -func (a *Gurvy) G1FromProto(e *ECP) (*math.G1, error) { - bytes := make([]byte, len(e.X)*2) - l := len(e.X) - copy(bytes, e.X) - copy(bytes[l:], e.Y) - return a.C.NewG1FromBytes(bytes) -} - -func (a *Gurvy) G2ToProto(g2 *math.G2) *ECP2 { - bytes := g2.Bytes() - l := len(bytes) / 4 - return &ECP2{ - Xa: bytes[0:l], - Xb: bytes[l : 2*l], - Ya: bytes[2*l : 3*l], - Yb: bytes[3*l:], - } - -} - -func (a *Gurvy) G2FromProto(e *ECP2) (*math.G2, error) { - bytes := make([]byte, len(e.Xa)*4) - l := len(e.Xa) - copy(bytes[0:l], e.Xa) - copy(bytes[l:2*l], e.Xb) - copy(bytes[2*l:3*l], e.Ya) - copy(bytes[3*l:], e.Yb) - return a.C.NewG2FromBytes(bytes) -} diff --git a/bccsp/schemes/dlog/crypto/translator/amcl/gurvy_test.go b/bccsp/schemes/dlog/crypto/translator/amcl/gurvy_test.go deleted file mode 100644 index c14999aa..00000000 --- a/bccsp/schemes/dlog/crypto/translator/amcl/gurvy_test.go +++ /dev/null @@ -1,75 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package amcl - -import ( - "testing" - - math "github.com/IBM/mathlib" - "github.com/stretchr/testify/assert" -) - -func TestGurvyTranslatorGen(t *testing.T) { - curve := math.Curves[math.BN254] - tr := &Gurvy{ - C: curve, - } - - genG1 := curve.GenG1 - ecp := tr.G1ToProto(genG1) - p, err := tr.G1FromProto(ecp) - assert.NoError(t, err) - assert.True(t, p.Equals(genG1)) - - genG2 := curve.GenG2 - ecp2 := tr.G2ToProto(genG2) - p2, err := tr.G2FromProto(ecp2) - assert.True(t, p2.Equals(genG2)) - assert.NoError(t, err) -} - -func TestGurvyTranslatorRndG1(t *testing.T) { - curve := math.Curves[math.BN254] - tr := &Gurvy{ - C: curve, - } - - rnd, err := curve.Rand() - assert.NoError(t, err) - - g := curve.GenG1 - r := curve.NewRandomZr(rnd) - h := g.Mul(r) - - ecp := tr.G1ToProto(h) - assert.NotNil(t, ecp) - - h1, err := tr.G1FromProto(ecp) - assert.True(t, h.Equals(h1)) - assert.NoError(t, err) -} - -func TestGurvyTranslatorRndG2(t *testing.T) { - curve := math.Curves[math.BN254] - tr := &Gurvy{ - C: curve, - } - - rnd, err := curve.Rand() - assert.NoError(t, err) - - g := curve.GenG2 - r := curve.NewRandomZr(rnd) - h := g.Mul(r) - - ecp := tr.G2ToProto(h) - assert.NotNil(t, ecp) - - h1, err := tr.G2FromProto(ecp) - assert.True(t, h.Equals(h1)) - assert.NoError(t, err) -} diff --git a/bccsp/schemes/dlog/crypto/translator/amcl/testdata/old/g2.bytes b/bccsp/schemes/dlog/crypto/translator/amcl/testdata/old/g2.bytes deleted file mode 100644 index 1eb8c970..00000000 --- a/bccsp/schemes/dlog/crypto/translator/amcl/testdata/old/g2.bytes +++ /dev/null @@ -1 +0,0 @@ -u`gU7$>>SXѰ`S,B4ImǍ/E T7?m4rŪkz:&/Q[^i&~D-򝥕z3YiU_/w. \ No newline at end of file diff --git a/bccsp/schemes/dlog/crypto/translator/amcl/testdata/old/g2.proto.bytes b/bccsp/schemes/dlog/crypto/translator/amcl/testdata/old/g2.proto.bytes deleted file mode 100644 index e9fd0739..00000000 --- a/bccsp/schemes/dlog/crypto/translator/amcl/testdata/old/g2.proto.bytes +++ /dev/null @@ -1,2 +0,0 @@ - - u`gU7$>>SXѰ`S ,B4ImǍ/E T7?m4r Ūkz:&/Q[^i&~" D-򝥕z3YiU_/w. \ No newline at end of file diff --git a/bccsp/schemes/dlog/crypto/util.go b/bccsp/schemes/dlog/crypto/util.go deleted file mode 100644 index fe95016f..00000000 --- a/bccsp/schemes/dlog/crypto/util.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemix - -import ( - "io" - - amcl "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" - math "github.com/IBM/mathlib" -) - -func appendBytes(data []byte, index int, bytesToAdd []byte) int { - copy(data[index:], bytesToAdd) - return index + len(bytesToAdd) -} -func appendBytesG1(data []byte, index int, E *math.G1) int { - return appendBytes(data, index, E.Bytes()) -} -func appendBytesG2(data []byte, index int, E *math.G2) int { - return appendBytes(data, index, E.Bytes()) -} -func appendBytesBig(data []byte, index int, B *math.Zr) int { - return appendBytes(data, index, B.Bytes()) -} -func appendBytesString(data []byte, index int, s string) int { - bytes := []byte(s) - copy(data[index:], bytes) - return index + len(bytes) -} - -// MakeNym creates a new unlinkable pseudonym -func (i *Idemix) MakeNym(sk *math.Zr, IPk *IssuerPublicKey, rng io.Reader, t Translator) (*math.G1, *math.Zr, error) { - return makeNym(sk, IPk, rng, i.Curve, t) -} - -func makeNym(sk *math.Zr, IPk *IssuerPublicKey, rng io.Reader, curve *math.Curve, t Translator) (*math.G1, *math.Zr, error) { - // Construct a commitment to the sk - // Nym = h_{sk}^sk \cdot h_r^r - RandNym := curve.NewRandomZr(rng) - HSk, err := t.G1FromProto(IPk.HSk) - if err != nil { - return nil, nil, err - } - HRand, err := t.G1FromProto(IPk.HRand) - if err != nil { - return nil, nil, err - } - Nym := HSk.Mul2(sk, HRand, RandNym) - return Nym, RandNym, nil -} - -func (i *Idemix) MakeNymFromBytes(raw []byte) (*math.G1, *math.Zr, error) { - return makeNymFromBytes(i.Curve, raw, i.Translator) -} - -func makeNymFromBytes(curve *math.Curve, raw []byte, translator Translator) (*math.G1, *math.Zr, error) { - RandNym := curve.NewZrFromBytes(raw[:curve.ScalarByteSize]) - pk, err := translator.G1FromProto(&amcl.ECP{ - X: raw[curve.ScalarByteSize : curve.ScalarByteSize+curve.CoordByteSize], - Y: raw[curve.ScalarByteSize+curve.CoordByteSize:], - }) - if err != nil { - return nil, nil, err - } - - return pk, RandNym, nil -} From 1c536b4b01a906d9e5036e80eb1f58879b8cc6d6 Mon Sep 17 00:00:00 2001 From: Soumya Mohapatra Date: Sun, 7 Jun 2026 23:16:03 +0530 Subject: [PATCH 5/9] test: add test helpers and fix aries_test for dlog removal - Add bccsp/helpers_test.go with NewDummyKeyStore() helper (was previously defined in the deleted bccsp_test.go) - Update aries_test.go: remove amcl/translator import and usage, update NewAries() calls to new signature (no translator param) Signed-off-by: Soumya Mohapatra --- bccsp/aries_test.go | 6 ++---- bccsp/helpers_test.go | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 bccsp/helpers_test.go diff --git a/bccsp/aries_test.go b/bccsp/aries_test.go index 79242802..5aa6a05e 100644 --- a/bccsp/aries_test.go +++ b/bccsp/aries_test.go @@ -13,7 +13,6 @@ import ( idemix "github.com/IBM/idemix/bccsp" "github.com/IBM/idemix/bccsp/schemes/aries" - "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" bccsp "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" "github.com/golang/protobuf/proto" @@ -23,7 +22,6 @@ import ( func testAries() { curve := math.Curves[math.BLS12_381_BBS] - translator := &amcl.Gurvy{C: curve} Describe("setting up the environment with one issuer and one user with curve", func() { var ( @@ -55,7 +53,7 @@ func testAries() { rootDir, err = ioutil.TempDir(os.TempDir(), "idemixtest") Expect(err).NotTo(HaveOccurred()) - CSP, err = idemix.NewAries(NewDummyKeyStore(), curve, translator, true) + CSP, err = idemix.NewAries(NewDummyKeyStore(), curve, true) Expect(err).NotTo(HaveOccurred()) // Issuer @@ -1623,7 +1621,7 @@ func testAries() { BeforeEach(func() { var err error - CSP, err = idemix.NewAries(NewDummyKeyStore(), curve, translator, true) + CSP, err = idemix.NewAries(NewDummyKeyStore(), curve, true) Expect(err).NotTo(HaveOccurred()) // Issuer diff --git a/bccsp/helpers_test.go b/bccsp/helpers_test.go new file mode 100644 index 00000000..f1b16ba8 --- /dev/null +++ b/bccsp/helpers_test.go @@ -0,0 +1,15 @@ +/* +Copyright IBM Corp. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ +package idemix_test + +import ( + "github.com/IBM/idemix/bccsp/keystore" + bccsp "github.com/IBM/idemix/bccsp/types" +) + +func NewDummyKeyStore() bccsp.KeyStore { + return &keystore.Dummy{} +} From c0342d109816410f6baee798909ccea9996b85fe Mon Sep 17 00:00:00 2001 From: Soumya Mohapatra Date: Sun, 7 Jun 2026 23:16:26 +0530 Subject: [PATCH 6/9] test: update handler tests for Translator removal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - nymsigner_test.go: replace amcl.Fp256bn with math.Curves, update NewNymSecretKey/NewNymPublicKey calls to new signatures - signer_test.go: same pattern — remove amcl import, use BLS12_381_BBS - user_test.go: replace Translator field with Curve field, remove amcl Signed-off-by: Soumya Mohapatra --- bccsp/handlers/nymsigner_test.go | 21 ++++++++++----------- bccsp/handlers/signer_test.go | 7 +++---- bccsp/handlers/user_test.go | 21 ++++++++++----------- 3 files changed, 23 insertions(+), 26 deletions(-) diff --git a/bccsp/handlers/nymsigner_test.go b/bccsp/handlers/nymsigner_test.go index c1d8559f..b5dfd4ea 100644 --- a/bccsp/handlers/nymsigner_test.go +++ b/bccsp/handlers/nymsigner_test.go @@ -9,7 +9,6 @@ import ( "errors" "github.com/IBM/idemix/bccsp/handlers" - "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" bccsp "github.com/IBM/idemix/bccsp/types" "github.com/IBM/idemix/bccsp/types/mock" math "github.com/IBM/mathlib" @@ -32,8 +31,8 @@ var _ = Describe("Nym Signature", func() { NymSigner = &handlers.NymSigner{NymSignatureScheme: fakeSignatureScheme} var err error - sk := math.Curves[math.FP256BN_AMCL].NewZrFromInt(0) - nymSK, err = handlers.NewNymSecretKey(sk, nil, &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}, false) + sk := math.Curves[math.BLS12_381_BBS].NewZrFromInt(0) + nymSK, err = handlers.NewNymSecretKey(sk, nil, math.Curves[math.BLS12_381_BBS], false) Expect(err).NotTo(HaveOccurred()) }) @@ -215,7 +214,7 @@ var _ = Describe("Nym Signature", func() { It("returns no error and valid signature", func() { valid, err := NymVerifier.Verify( - handlers.NewNymPublicKey(nil, &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}), + handlers.NewNymPublicKey(nil), []byte("a signature"), []byte("a digest"), &bccsp.IdemixNymSignerOpts{ @@ -234,7 +233,7 @@ var _ = Describe("Nym Signature", func() { It("returns an error", func() { valid, err := NymVerifier.Verify( - handlers.NewNymPublicKey(nil, &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}), + handlers.NewNymPublicKey(nil), []byte("a signature"), []byte("a digest"), &bccsp.IdemixNymSignerOpts{ @@ -277,7 +276,7 @@ var _ = Describe("Nym Signature", func() { Context("and the signature is empty", func() { It("returns error", func() { valid, err := NymVerifier.Verify( - handlers.NewNymPublicKey(nil, &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}), + handlers.NewNymPublicKey(nil), nil, []byte("a digest"), &bccsp.IdemixNymSignerOpts{IssuerPK: handlers.NewIssuerPublicKey(nil)}, @@ -290,7 +289,7 @@ var _ = Describe("Nym Signature", func() { Context("and the option is empty", func() { It("returns error", func() { valid, err := NymVerifier.Verify( - handlers.NewNymPublicKey(nil, &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}), + handlers.NewNymPublicKey(nil), []byte("a signature"), []byte("a digest"), nil, @@ -303,7 +302,7 @@ var _ = Describe("Nym Signature", func() { Context("and the option is not of type *IdemixNymSignerOpts", func() { It("returns error", func() { valid, err := NymVerifier.Verify( - handlers.NewNymPublicKey(nil, &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}), + handlers.NewNymPublicKey(nil), []byte("a signature"), []byte("a digest"), &bccsp.IdemixCredentialRequestSignerOpts{}, @@ -316,7 +315,7 @@ var _ = Describe("Nym Signature", func() { Context("and the option's issuer public key is empty", func() { It("returns error", func() { valid, err := NymVerifier.Verify( - handlers.NewNymPublicKey(nil, &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}), + handlers.NewNymPublicKey(nil), []byte("fake signature"), nil, &bccsp.IdemixNymSignerOpts{}, @@ -329,11 +328,11 @@ var _ = Describe("Nym Signature", func() { Context("and the option's issuer public key is not of type *issuerPublicKey", func() { It("returns error", func() { valid, err := NymVerifier.Verify( - handlers.NewNymPublicKey(nil, &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}), + handlers.NewNymPublicKey(nil), []byte("fake signature"), nil, &bccsp.IdemixNymSignerOpts{ - IssuerPK: handlers.NewNymPublicKey(nil, &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}), + IssuerPK: handlers.NewNymPublicKey(nil), }, ) Expect(err).To(MatchError("invalid issuer public key, expected *issuerPublicKey")) diff --git a/bccsp/handlers/signer_test.go b/bccsp/handlers/signer_test.go index f619f923..9101eafd 100644 --- a/bccsp/handlers/signer_test.go +++ b/bccsp/handlers/signer_test.go @@ -9,7 +9,6 @@ import ( "errors" "github.com/IBM/idemix/bccsp/handlers" - "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" bccsp "github.com/IBM/idemix/bccsp/types" "github.com/IBM/idemix/bccsp/types/mock" math "github.com/IBM/mathlib" @@ -32,8 +31,8 @@ var _ = Describe("Signature", func() { Signer = &handlers.Signer{SignatureScheme: fakeSignatureScheme} var err error - sk := math.Curves[math.FP256BN_AMCL].NewZrFromInt(0) - nymSK, err = handlers.NewNymSecretKey(sk, nil, &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}, false) + sk := math.Curves[math.BLS12_381_BBS].NewZrFromInt(0) + nymSK, err = handlers.NewNymSecretKey(sk, nil, math.Curves[math.BLS12_381_BBS], false) Expect(err).NotTo(HaveOccurred()) }) @@ -68,7 +67,7 @@ var _ = Describe("Signature", func() { ) BeforeEach(func() { fakeSignature = []byte("fake signature") - randomRandomness = math.Curves[math.FP256BN_AMCL].NewZrFromInt(35) + randomRandomness = math.Curves[math.BLS12_381_BBS].NewZrFromInt(35) fakeSignatureScheme.SignReturns(fakeSignature, &bccsp.IdemixSignerMetadata{EidNymAuditData: &bccsp.AttrNymAuditData{Rand: randomRandomness}}, nil) }) diff --git a/bccsp/handlers/user_test.go b/bccsp/handlers/user_test.go index ac388734..c9103a48 100644 --- a/bccsp/handlers/user_test.go +++ b/bccsp/handlers/user_test.go @@ -9,7 +9,6 @@ import ( "crypto/sha256" "github.com/IBM/idemix/bccsp/handlers" - "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" bccsp "github.com/IBM/idemix/bccsp/types" "github.com/IBM/idemix/bccsp/types/mock" math "github.com/IBM/mathlib" @@ -46,7 +45,7 @@ var _ = Describe("User", func() { SKI []byte ) BeforeEach(func() { - fakeIdemixKey = math.Curves[math.FP256BN_AMCL].NewZrFromInt(0) + fakeIdemixKey = math.Curves[math.BLS12_381_BBS].NewZrFromInt(0) fakeUser.NewKeyReturns(fakeIdemixKey, nil) hash := sha256.New() @@ -126,7 +125,7 @@ var _ = Describe("User", func() { ) BeforeEach(func() { - NymKeyDerivation = &handlers.NymKeyDerivation{Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} + NymKeyDerivation = &handlers.NymKeyDerivation{Curve: math.Curves[math.BLS12_381_BBS]} NymKeyDerivation.User = fakeUser }) @@ -140,9 +139,9 @@ var _ = Describe("User", func() { ) BeforeEach(func() { - userKey = math.Curves[math.FP256BN_AMCL].NewZrFromInt(0) - result2 = math.Curves[math.FP256BN_AMCL].NewZrFromInt(0) - result1 = math.Curves[math.FP256BN_AMCL].GenG1 + userKey = math.Curves[math.BLS12_381_BBS].NewZrFromInt(0) + result2 = math.Curves[math.BLS12_381_BBS].NewZrFromInt(0) + result1 = math.Curves[math.BLS12_381_BBS].GenG1 fakeUser.MakeNymReturns(result1, result2, nil) }) @@ -173,7 +172,7 @@ var _ = Describe("User", func() { NymKeyDerivation.Exportable = true fakeUserSecretKey = handlers.NewUserSecretKey(userKey, true) fakeIssuerPublicKey = handlers.NewIssuerPublicKey(nil) - fakeNym, err = handlers.NewNymSecretKey(result2, result1, &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}, true) + fakeNym, err = handlers.NewNymSecretKey(result2, result1, math.Curves[math.BLS12_381_BBS], true) Expect(err).NotTo(HaveOccurred()) }) @@ -194,7 +193,7 @@ var _ = Describe("User", func() { var err error NymKeyDerivation.Exportable = false fakeUserSecretKey = handlers.NewUserSecretKey(userKey, false) - fakeNym, err = handlers.NewNymSecretKey(result2, result1, &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}, false) + fakeNym, err = handlers.NewNymSecretKey(result2, result1, math.Curves[math.BLS12_381_BBS], false) Expect(err).NotTo(HaveOccurred()) }) @@ -308,7 +307,7 @@ var _ = Describe("User", func() { Context("and the underlying cryptographic algorithm succeed", func() { BeforeEach(func() { - sk := math.Curves[math.FP256BN_AMCL].NewZrFromInt(1) + sk := math.Curves[math.BLS12_381_BBS].NewZrFromInt(1) fakeUser.NewKeyFromBytesReturns(sk, nil) }) @@ -363,13 +362,13 @@ var _ = Describe("User", func() { ) BeforeEach(func() { - NymPublicKeyImporter = &handlers.NymPublicKeyImporter{User: fakeUser, Translator: &amcl.Fp256bn{C: math.Curves[math.FP256BN_AMCL]}} + NymPublicKeyImporter = &handlers.NymPublicKeyImporter{User: fakeUser} }) Context("and the underlying cryptographic algorithm succeed", func() { BeforeEach(func() { - ecp := math.Curves[math.FP256BN_AMCL].GenG1 + ecp := math.Curves[math.BLS12_381_BBS].GenG1 fakeUser.NewPublicNymFromBytesReturns(ecp, nil) }) From c2efa33b82a04b257de6ea50edec1e17f7ab4f69 Mon Sep 17 00:00:00 2001 From: Soumya Mohapatra Date: Sun, 7 Jun 2026 23:16:47 +0530 Subject: [PATCH 7/9] test: fix remaining tests for dlog/amcl removal - kvsbased_test.go: use BLS12_381_BBS curve, remove Translator field, fix duplicate Curve field, update NewNymSecretKey call - perf_test.go: remove amcl import, replace idemix.New with NewAries - smartcard_test.go: use BLS12_381_BBS curve, fix NewNymPublicKey and NewNymSecretKey calls to new signatures - msp/idemixmsp_test.go: replace dlog issuer key generation with Aries issuer for the bad-IPK test case - idemixca_test.go: remove legacy TestIdemixCa test, remove dlog imports Signed-off-by: Soumya Mohapatra --- bccsp/keystore/kvsbased_test.go | 11 ++--- bccsp/perf_test.go | 7 +-- bccsp/smartcard_test.go | 17 +++---- msp/idemixmsp_test.go | 21 +++------ tools/idemixgen/idemixca/idemixca_test.go | 54 ----------------------- 5 files changed, 19 insertions(+), 91 deletions(-) diff --git a/bccsp/keystore/kvsbased_test.go b/bccsp/keystore/kvsbased_test.go index 6274058b..5442a1ea 100644 --- a/bccsp/keystore/kvsbased_test.go +++ b/bccsp/keystore/kvsbased_test.go @@ -13,15 +13,13 @@ import ( "github.com/IBM/idemix/bccsp/handlers" "github.com/IBM/idemix/bccsp/keystore/kvs" - "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" bccsp "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" "github.com/stretchr/testify/assert" ) func TestFileBased(t *testing.T) { - curve := math.Curves[math.FP256BN_AMCL] - translator := &amcl.Fp256bn{C: curve} + curve := math.Curves[math.BLS12_381_BBS] rnd, err := curve.Rand() assert.NoError(t, err) @@ -33,12 +31,11 @@ func TestFileBased(t *testing.T) { assert.NoError(t, err) keystore := &KVSStore{ - KVS: kvs, - Translator: translator, - Curve: curve, + KVS: kvs, + Curve: curve, } - nsk, err := handlers.NewNymSecretKey(curve.NewRandomZr(rnd), curve.GenG1.Mul(curve.NewRandomZr(rnd)), translator, true) + nsk, err := handlers.NewNymSecretKey(curve.NewRandomZr(rnd), curve.GenG1.Mul(curve.NewRandomZr(rnd)), curve, true) assert.NoError(t, err) keys := []bccsp.Key{ handlers.NewUserSecretKey(curve.NewRandomZr(rnd), true), diff --git a/bccsp/perf_test.go b/bccsp/perf_test.go index f2d56413..7624d043 100644 --- a/bccsp/perf_test.go +++ b/bccsp/perf_test.go @@ -15,7 +15,6 @@ import ( idemix "github.com/IBM/idemix/bccsp" "github.com/IBM/idemix/bccsp/schemes/aries" - "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" bccsp "github.com/IBM/idemix/bccsp/types" imsp "github.com/IBM/idemix/msp" math "github.com/IBM/mathlib" @@ -24,9 +23,8 @@ import ( func setupAries(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, []byte) { curve := math.Curves[math.BLS12_381_BBS] - translator := &amcl.Gurvy{C: curve} - CSP, err := idemix.NewAries(NewDummyKeyStore(), curve, translator, true) + CSP, err := idemix.NewAries(NewDummyKeyStore(), curve, true) assert.NoError(b, err) AttributeNames := []string{imsp.AttributeNameOU, imsp.AttributeNameRole, imsp.AttributeNameEnrollmentId, imsp.AttributeNameRevocationHandle} @@ -106,9 +104,8 @@ func setupAries(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, []b func setupLegacy(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, []byte) { curve := math.Curves[math.BLS12_381_BBS] - translator := &amcl.Gurvy{C: curve} - CSP, err := idemix.New(NewDummyKeyStore(), curve, translator, true) + CSP, err := idemix.NewAries(NewDummyKeyStore(), curve, true) assert.NoError(b, err) AttributeNames := []string{imsp.AttributeNameOU, imsp.AttributeNameRole, imsp.AttributeNameEnrollmentId, imsp.AttributeNameRevocationHandle} diff --git a/bccsp/smartcard_test.go b/bccsp/smartcard_test.go index d7e7d586..a095e401 100644 --- a/bccsp/smartcard_test.go +++ b/bccsp/smartcard_test.go @@ -17,7 +17,6 @@ import ( idemix "github.com/IBM/idemix/bccsp" "github.com/IBM/idemix/bccsp/handlers" "github.com/IBM/idemix/bccsp/schemes/aries" - "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" "github.com/IBM/idemix/bccsp/types" "github.com/IBM/idemix/msp/config" math "github.com/IBM/mathlib" @@ -26,7 +25,7 @@ import ( ) func getSmartcard(t *testing.T) (*aries.Smartcard, *math.Curve) { - c := math.Curves[math.FP256BN_AMCL_MIRACL] + c := math.Curves[math.BLS12_381_BBS] rng, err := c.Rand() assert.NoError(t, err) @@ -86,7 +85,6 @@ func readFile(t *testing.T, name string) []byte { func TestSmartcardHybrid(t *testing.T) { sc, curve := getSmartcard(t) - translator := &amcl.Gurvy{C: curve} /*******************************************************************************/ /****************************read out idemix config*****************************/ @@ -105,7 +103,7 @@ func TestSmartcardHybrid(t *testing.T) { /*****************instantiate an idemix bccsp and import ipk********************/ /*******************************************************************************/ - CSP, err := idemix.NewAries(NewDummyKeyStore(), curve, translator, true) + CSP, err := idemix.NewAries(NewDummyKeyStore(), curve, true) assert.NoError(t, err) IssuerPublicKey, err := CSP.KeyImport(readFile(t, "testdata/idemix/msp/IssuerPublicKey"), &types.IdemixIssuerPublicKeyImportOpts{Temporary: true, AttributeNames: []string{"", "", "", ""}}) @@ -138,7 +136,7 @@ func TestSmartcardHybrid(t *testing.T) { /*****verify with csp*****/ - valid, err := CSP.Verify(handlers.NewNymPublicKey(nil, nil), sig, msg, &types.IdemixNymSignerOpts{ + valid, err := CSP.Verify(handlers.NewNymPublicKey(nil), sig, msg, &types.IdemixNymSignerOpts{ IssuerPK: IssuerPublicKey, IsSmartcard: true, NymEid: nymEid, @@ -210,7 +208,6 @@ func TestSmartcardHybrid(t *testing.T) { func TestSmartcardCSP(t *testing.T) { sc, curve := getSmartcard(t) - translator := &amcl.Gurvy{C: curve} /*******************************************************************************/ /****************************read out idemix config*****************************/ @@ -229,7 +226,7 @@ func TestSmartcardCSP(t *testing.T) { /*****************instantiate an idemix bccsp and import ipk********************/ /*******************************************************************************/ - CSP, err := idemix.NewAries(NewDummyKeyStore(), curve, translator, true) + CSP, err := idemix.NewAries(NewDummyKeyStore(), curve, true) assert.NoError(t, err) IssuerPublicKey, err := CSP.KeyImport(readFile(t, "testdata/idemix/msp/IssuerPublicKey"), &types.IdemixIssuerPublicKeyImportOpts{Temporary: true, AttributeNames: []string{"", "", "", ""}}) @@ -266,7 +263,7 @@ func TestSmartcardCSP(t *testing.T) { /*****verify*****/ - valid, err := CSP.Verify(handlers.NewNymPublicKey(nil, nil), sig, msg, &types.IdemixNymSignerOpts{ + valid, err := CSP.Verify(handlers.NewNymPublicKey(nil), sig, msg, &types.IdemixNymSignerOpts{ IssuerPK: IssuerPublicKey, IsSmartcard: true, NymEid: nymEid, @@ -280,7 +277,7 @@ func TestSmartcardCSP(t *testing.T) { /*****sign*****/ - nymsk, err := handlers.NewNymSecretKey(opts.RNym, opts.NymG1, translator, true) + nymsk, err := handlers.NewNymSecretKey(opts.RNym, opts.NymG1, curve, true) assert.NoError(t, err) signOpts := &types.IdemixSignerOpts{ @@ -353,7 +350,7 @@ func TestSmartcardCSP(t *testing.T) { /*****sign*****/ - nymsk, err = handlers.NewNymSecretKey(opts.RNym, opts.NymG1, translator, true) + nymsk, err = handlers.NewNymSecretKey(opts.RNym, opts.NymG1, curve, true) assert.NoError(t, err) signOpts = &types.IdemixSignerOpts{ diff --git a/msp/idemixmsp_test.go b/msp/idemixmsp_test.go index d5bd609a..e0e6f398 100644 --- a/msp/idemixmsp_test.go +++ b/msp/idemixmsp_test.go @@ -9,8 +9,7 @@ package msp import ( "testing" - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - amclt "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" + "github.com/IBM/idemix/bccsp/schemes/aries" im "github.com/IBM/idemix/msp/config" math "github.com/IBM/mathlib" "github.com/golang/protobuf/proto" @@ -81,11 +80,6 @@ func TestSetup(t *testing.T) { } func TestSetupBad(t *testing.T) { - curve := math.Curves[math.FP256BN_AMCL] - tr := &amclt.Fp256bn{ - C: curve, - } - _, err := setup("testdata/idemix/badpath", "MSPID") require.Error(t, err) require.Contains(t, err.Error(), "Getting MSP config failed") @@ -116,15 +110,12 @@ func TestSetupBad(t *testing.T) { err = proto.Unmarshal(conf.Config, idemixconfig) require.NoError(t, err) - // Create MSP config with IPK with incorrect attribute names - idmx := &idemix.Idemix{ - Curve: curve, - } - rng, err := curve.Rand() - require.NoError(t, err) - key, err := idmx.NewIssuerKey([]string{}, rng, tr) + // Create MSP config with IPK with incorrect attribute names (empty attrs) + curve := math.Curves[math.BLS12_381_BBS] + issuer := &aries.Issuer{Curve: curve} + key, err := issuer.NewKey([]string{}) require.NoError(t, err) - ipkBytes, err := proto.Marshal(key.Ipk) + ipkBytes, err := key.Public().Bytes() require.NoError(t, err) idemixconfig.Ipk = ipkBytes diff --git a/tools/idemixgen/idemixca/idemixca_test.go b/tools/idemixgen/idemixca/idemixca_test.go index 80609bdb..b94a629e 100644 --- a/tools/idemixgen/idemixca/idemixca_test.go +++ b/tools/idemixgen/idemixca/idemixca_test.go @@ -15,11 +15,8 @@ import ( "testing" "github.com/IBM/idemix/bccsp/schemes/aries" - idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - amclt "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" imsp "github.com/IBM/idemix/msp" math "github.com/IBM/mathlib" - "github.com/golang/protobuf/proto" "github.com/pkg/errors" "github.com/stretchr/testify/require" ) @@ -84,57 +81,6 @@ func TestIdemixCaAries(t *testing.T) { require.EqualError(t, err, "the enrollment id value is empty") } -func TestIdemixCa(t *testing.T) { - cleanup() - - curve := math.Curves[math.FP256BN_AMCL] - tr := &amclt.Fp256bn{ - C: curve, - } - - idmx := &idemix.Idemix{ - Curve: curve, - } - - iskBytes, ipkBytes, err := GenerateIssuerKey(idmx, tr) - require.NoError(t, err) - - revocationkey, err := idmx.GenerateLongTermRevocationKey() - require.NoError(t, err) - - ipk := &idemix.IssuerPublicKey{} - err = proto.Unmarshal(ipkBytes, ipk) - require.NoError(t, err) - - encodedRevocationPK, err := x509.MarshalPKIXPublicKey(revocationkey.Public()) - require.NoError(t, err) - pemEncodedRevocationPK := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: encodedRevocationPK}) - - writeVerifierToFile(ipkBytes, pemEncodedRevocationPK) - - conf, err := GenerateSignerConfig(imsp.GetRoleMaskFromIdemixRole(imsp.MEMBER), "OU1", "enrollmentid1", "1", iskBytes, ipkBytes, revocationkey, idmx, tr) - require.NoError(t, err) - cleanupSigner() - require.NoError(t, writeSignerToFile(conf)) - require.NoError(t, setupMSP(imsp.IDEMIX)) - - conf, err = GenerateSignerConfig(imsp.GetRoleMaskFromIdemixRole(imsp.ADMIN), "OU1", "enrollmentid2", "1234", iskBytes, ipkBytes, revocationkey, idmx, tr) - require.NoError(t, err) - cleanupSigner() - require.NoError(t, writeSignerToFile(conf)) - require.NoError(t, setupMSP(imsp.IDEMIX)) - - // Without the verifier dir present, setup should give an error - cleanupVerifier() - require.Error(t, setupMSP(imsp.IDEMIX)) - - _, err = GenerateSignerConfig(imsp.GetRoleMaskFromIdemixRole(imsp.ADMIN), "", "enrollmentid", "1", iskBytes, ipkBytes, revocationkey, idmx, tr) - require.EqualError(t, err, "the OU attribute value is empty") - - _, err = GenerateSignerConfig(imsp.GetRoleMaskFromIdemixRole(imsp.ADMIN), "OU1", "", "1", iskBytes, ipkBytes, revocationkey, idmx, tr) - require.EqualError(t, err, "the enrollment id value is empty") -} - func cleanup() error { // clean up any previous files err := os.RemoveAll(testDir) From fc80bf56fc1fe592b66ddd3f4febd8bc551223fd Mon Sep 17 00:00:00 2001 From: Soumya Mohapatra Date: Sun, 7 Jun 2026 23:22:56 +0530 Subject: [PATCH 8/9] test: remove legacy testdata and tests incompatible with Aries-only - Delete msp/audit_legacy_test.go (used legacy testdata/idemix/) - Delete msp/idemixmsp_test.go (used legacy testdata/idemix/) - Delete msp/testdata/idemix/ (legacy scheme fixtures) - Add msp/helpers_test.go (setupWithTypeAndVersion, getDefaultSigner) - Delete bccsp/smartcard_test.go (used legacy FP256BN testdata) - Delete bccsp/testdata/ (legacy smartcard fixtures) - Fix user_test.go: update expected Bytes() to match BLS12_381_BBS The Aries-specific tests (idemixmsp_aries_test.go, audit_aries_test.go, schemes/aries/smartcard_test.go) provide full coverage of these paths. Signed-off-by: Soumya Mohapatra --- bccsp/handlers/user_test.go | 2 +- bccsp/smartcard_test.go | 482 ----------- bccsp/testdata/idemix/ca/IssuerPublicKey | 1 - bccsp/testdata/idemix/ca/IssuerSecretKey | 1 - bccsp/testdata/idemix/ca/RevocationKey | 6 - bccsp/testdata/idemix/msp/IssuerPublicKey | 1 - bccsp/testdata/idemix/msp/RevocationPublicKey | 5 - bccsp/testdata/idemix/user/SignerConfig | Bin 561 -> 0 bytes bccsp/testdata/old/cred_request.sign | 4 - bccsp/testdata/old/credential.sign | Bin 378 -> 0 bytes bccsp/testdata/old/cri.sign | Bin 244 -> 0 bytes bccsp/testdata/old/issuer_nonce | 1 - bccsp/testdata/old/issuerkey.pk | Bin 906 -> 0 bytes bccsp/testdata/old/issuerkey.sk | Bin 943 -> 0 bytes bccsp/testdata/old/nym_signature.sign | 2 - bccsp/testdata/old/nymkey.pk | 1 - bccsp/testdata/old/nymkey.sk | 1 - bccsp/testdata/old/revocation.pk | Bin 120 -> 0 bytes bccsp/testdata/old/revocation.sk | 1 - .../old/signature_no_disclosed_attribute.sign | Bin 969 -> 0 bytes .../signature_with_disclosed_attribute.sign | Bin 901 -> 0 bytes bccsp/testdata/old/userkey.sk | 1 - msp/audit_legacy_test.go | 225 ------ msp/helpers_test.go | 57 ++ msp/idemixmsp_test.go | 762 ------------------ msp/testdata/idemix/EidRH/ca/IssuerPublicKey | Bin 843 -> 0 bytes msp/testdata/idemix/EidRH/ca/IssuerSecretKey | 1 - msp/testdata/idemix/EidRH/ca/RevocationKey | 6 - msp/testdata/idemix/EidRH/msp/IssuerPublicKey | Bin 843 -> 0 bytes .../idemix/EidRH/msp/RevocationPublicKey | 5 - msp/testdata/idemix/EidRH/user/SignerConfig | Bin 677 -> 0 bytes .../idemix/MSP1OU1/ca/IssuerPublicKey | 16 - .../idemix/MSP1OU1/ca/IssuerSecretKey | 1 - msp/testdata/idemix/MSP1OU1/ca/RevocationKey | 6 - .../idemix/MSP1OU1/msp/IssuerPublicKey | 16 - .../idemix/MSP1OU1/msp/RevocationPublicKey | 5 - msp/testdata/idemix/MSP1OU1/user/SignerConfig | Bin 644 -> 0 bytes .../idemix/MSP1OU1Admin/ca/IssuerPublicKey | 16 - .../idemix/MSP1OU1Admin/ca/IssuerSecretKey | 1 - .../idemix/MSP1OU1Admin/ca/RevocationKey | 6 - .../idemix/MSP1OU1Admin/msp/IssuerPublicKey | 16 - .../MSP1OU1Admin/msp/RevocationPublicKey | 5 - .../idemix/MSP1OU1Admin/user/SignerConfig | Bin 650 -> 0 bytes .../idemix/MSP1OU2/ca/IssuerPublicKey | 16 - .../idemix/MSP1OU2/ca/IssuerSecretKey | 1 - msp/testdata/idemix/MSP1OU2/ca/RevocationKey | 6 - .../idemix/MSP1OU2/msp/IssuerPublicKey | 16 - .../idemix/MSP1OU2/msp/RevocationPublicKey | 5 - msp/testdata/idemix/MSP1OU2/user/SignerConfig | Bin 644 -> 0 bytes .../idemix/MSP1Verifier/ca/IssuerPublicKey | 16 - .../idemix/MSP1Verifier/ca/IssuerSecretKey | 1 - .../idemix/MSP1Verifier/ca/RevocationKey | 6 - .../idemix/MSP1Verifier/msp/IssuerPublicKey | 16 - .../MSP1Verifier/msp/RevocationPublicKey | 5 - .../idemix/MSP2OU1/ca/IssuerPublicKey | Bin 843 -> 0 bytes .../idemix/MSP2OU1/ca/IssuerSecretKey | 1 - msp/testdata/idemix/MSP2OU1/ca/RevocationKey | 6 - .../idemix/MSP2OU1/msp/IssuerPublicKey | Bin 843 -> 0 bytes .../idemix/MSP2OU1/msp/RevocationPublicKey | 5 - msp/testdata/idemix/MSP2OU1/user/SignerConfig | Bin 645 -> 0 bytes 60 files changed, 58 insertions(+), 1695 deletions(-) delete mode 100644 bccsp/smartcard_test.go delete mode 100644 bccsp/testdata/idemix/ca/IssuerPublicKey delete mode 100644 bccsp/testdata/idemix/ca/IssuerSecretKey delete mode 100644 bccsp/testdata/idemix/ca/RevocationKey delete mode 100644 bccsp/testdata/idemix/msp/IssuerPublicKey delete mode 100644 bccsp/testdata/idemix/msp/RevocationPublicKey delete mode 100644 bccsp/testdata/idemix/user/SignerConfig delete mode 100644 bccsp/testdata/old/cred_request.sign delete mode 100644 bccsp/testdata/old/credential.sign delete mode 100644 bccsp/testdata/old/cri.sign delete mode 100644 bccsp/testdata/old/issuer_nonce delete mode 100644 bccsp/testdata/old/issuerkey.pk delete mode 100644 bccsp/testdata/old/issuerkey.sk delete mode 100644 bccsp/testdata/old/nym_signature.sign delete mode 100644 bccsp/testdata/old/nymkey.pk delete mode 100644 bccsp/testdata/old/nymkey.sk delete mode 100644 bccsp/testdata/old/revocation.pk delete mode 100644 bccsp/testdata/old/revocation.sk delete mode 100644 bccsp/testdata/old/signature_no_disclosed_attribute.sign delete mode 100644 bccsp/testdata/old/signature_with_disclosed_attribute.sign delete mode 100644 bccsp/testdata/old/userkey.sk delete mode 100644 msp/audit_legacy_test.go create mode 100644 msp/helpers_test.go delete mode 100644 msp/idemixmsp_test.go delete mode 100644 msp/testdata/idemix/EidRH/ca/IssuerPublicKey delete mode 100644 msp/testdata/idemix/EidRH/ca/IssuerSecretKey delete mode 100644 msp/testdata/idemix/EidRH/ca/RevocationKey delete mode 100644 msp/testdata/idemix/EidRH/msp/IssuerPublicKey delete mode 100644 msp/testdata/idemix/EidRH/msp/RevocationPublicKey delete mode 100644 msp/testdata/idemix/EidRH/user/SignerConfig delete mode 100644 msp/testdata/idemix/MSP1OU1/ca/IssuerPublicKey delete mode 100644 msp/testdata/idemix/MSP1OU1/ca/IssuerSecretKey delete mode 100644 msp/testdata/idemix/MSP1OU1/ca/RevocationKey delete mode 100644 msp/testdata/idemix/MSP1OU1/msp/IssuerPublicKey delete mode 100644 msp/testdata/idemix/MSP1OU1/msp/RevocationPublicKey delete mode 100644 msp/testdata/idemix/MSP1OU1/user/SignerConfig delete mode 100644 msp/testdata/idemix/MSP1OU1Admin/ca/IssuerPublicKey delete mode 100644 msp/testdata/idemix/MSP1OU1Admin/ca/IssuerSecretKey delete mode 100644 msp/testdata/idemix/MSP1OU1Admin/ca/RevocationKey delete mode 100644 msp/testdata/idemix/MSP1OU1Admin/msp/IssuerPublicKey delete mode 100644 msp/testdata/idemix/MSP1OU1Admin/msp/RevocationPublicKey delete mode 100644 msp/testdata/idemix/MSP1OU1Admin/user/SignerConfig delete mode 100644 msp/testdata/idemix/MSP1OU2/ca/IssuerPublicKey delete mode 100644 msp/testdata/idemix/MSP1OU2/ca/IssuerSecretKey delete mode 100644 msp/testdata/idemix/MSP1OU2/ca/RevocationKey delete mode 100644 msp/testdata/idemix/MSP1OU2/msp/IssuerPublicKey delete mode 100644 msp/testdata/idemix/MSP1OU2/msp/RevocationPublicKey delete mode 100644 msp/testdata/idemix/MSP1OU2/user/SignerConfig delete mode 100644 msp/testdata/idemix/MSP1Verifier/ca/IssuerPublicKey delete mode 100644 msp/testdata/idemix/MSP1Verifier/ca/IssuerSecretKey delete mode 100644 msp/testdata/idemix/MSP1Verifier/ca/RevocationKey delete mode 100644 msp/testdata/idemix/MSP1Verifier/msp/IssuerPublicKey delete mode 100644 msp/testdata/idemix/MSP1Verifier/msp/RevocationPublicKey delete mode 100644 msp/testdata/idemix/MSP2OU1/ca/IssuerPublicKey delete mode 100644 msp/testdata/idemix/MSP2OU1/ca/IssuerSecretKey delete mode 100644 msp/testdata/idemix/MSP2OU1/ca/RevocationKey delete mode 100644 msp/testdata/idemix/MSP2OU1/msp/IssuerPublicKey delete mode 100644 msp/testdata/idemix/MSP2OU1/msp/RevocationPublicKey delete mode 100644 msp/testdata/idemix/MSP2OU1/user/SignerConfig diff --git a/bccsp/handlers/user_test.go b/bccsp/handlers/user_test.go index c9103a48..1271f646 100644 --- a/bccsp/handlers/user_test.go +++ b/bccsp/handlers/user_test.go @@ -379,7 +379,7 @@ var _ = Describe("User", func() { bytes, err := k.Bytes() Expect(err).NotTo(HaveOccurred()) - Expect(bytes).To(BeEquivalentTo([]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2})) + Expect(bytes).To(BeEquivalentTo(math.Curves[math.BLS12_381_BBS].GenG1.Bytes())) }) }) diff --git a/bccsp/smartcard_test.go b/bccsp/smartcard_test.go deleted file mode 100644 index a095e401..00000000 --- a/bccsp/smartcard_test.go +++ /dev/null @@ -1,482 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package idemix_test - -import ( - "crypto/aes" - "crypto/rand" - "encoding/hex" - "os" - "testing" - - "github.com/IBM/idemix/bbs" - idemix "github.com/IBM/idemix/bccsp" - "github.com/IBM/idemix/bccsp/handlers" - "github.com/IBM/idemix/bccsp/schemes/aries" - "github.com/IBM/idemix/bccsp/types" - "github.com/IBM/idemix/msp/config" - math "github.com/IBM/mathlib" - "github.com/golang/protobuf/proto" - "github.com/stretchr/testify/assert" -) - -func getSmartcard(t *testing.T) (*aries.Smartcard, *math.Curve) { - c := math.Curves[math.BLS12_381_BBS] - - rng, err := c.Rand() - assert.NoError(t, err) - - k0, err := hex.DecodeString("4669650c993c43ef45742c3aa8aeb842") - assert.NoError(t, err) - k1, err := hex.DecodeString("358abd275e6a945d680d40474f5f16c7") - assert.NoError(t, err) - - ciph0, err := aes.NewCipher(k0) - assert.NoError(t, err) - ciph1, err := aes.NewCipher(k1) - assert.NoError(t, err) - - h0Bytes, err := hex.DecodeString("0441c48875b5045400ce6bb4ce5b9c733f6d539a89f1ec2c24e0e04f56932c52ffd918f0679996b017363c591df413e1ac0be63e919defd6edc0686d41b1fcd68d") - assert.NoError(t, err) - h0, err := c.NewG1FromBytes(h0Bytes) - assert.NoError(t, err) - - h1Bytes, err := hex.DecodeString("041e304080e9afd0d04317d12b5cb058cd4f322a1cddb71e64a47528353d51f7a8324fce4698dff52cd8d4c7dd2c8c94c6fba8ce12493d182e4d849106dc5c46de") - assert.NoError(t, err) - h1, err := c.NewG1FromBytes(h1Bytes) - assert.NoError(t, err) - - h2Bytes, err := hex.DecodeString("04196c48c6d0249de961b97433a577da537c341ad0ea0cde4dfa40ef6bab9b59f274a07a3665518401119957a52a32a18256d7215e4f1d0ce6c9e2646d939c07f9") - assert.NoError(t, err) - h2, err := c.NewG1FromBytes(h2Bytes) - assert.NoError(t, err) - - eidBytes, err := hex.DecodeString("003522e297a5f7db7521e23d9f9b87378126acd80429cf4ec07344f06bd9f7d5") - assert.NoError(t, err) - eid := c.NewZrFromBytes(eidBytes) - - skBytes, err := hex.DecodeString("00f022e297a5f7db7521e23d9f9b87378182acd80429cf4ec07344f06bd9f7d5") - assert.NoError(t, err) - sk := c.NewZrFromBytes(skBytes) - - return &aries.Smartcard{ - H0: h0, - H1: h1, - H2: h2, - Uid_sk: sk, - EID: eid, - PRF_K0: ciph0, - PRF_K1: ciph1, - Curve: c, - Rng: rng, - }, c -} - -func readFile(t *testing.T, name string) []byte { - bytes, err := os.ReadFile(name) - assert.NoError(t, err) - - return bytes -} - -func TestSmartcardHybrid(t *testing.T) { - sc, curve := getSmartcard(t) - - /*******************************************************************************/ - /****************************read out idemix config*****************************/ - /*******************************************************************************/ - - issuer := &aries.Issuer{Curve: curve} - - _ipk, err := issuer.NewPublicKeyFromBytes(readFile(t, "testdata/idemix/msp/IssuerPublicKey"), []string{"", "", "", ""}) - assert.NoError(t, err) - - conf := &config.IdemixMSPSignerConfig{} - err = proto.Unmarshal(readFile(t, "testdata/idemix/user/SignerConfig"), conf) - assert.NoError(t, err) - - /*******************************************************************************/ - /*****************instantiate an idemix bccsp and import ipk********************/ - /*******************************************************************************/ - - CSP, err := idemix.NewAries(NewDummyKeyStore(), curve, true) - assert.NoError(t, err) - - IssuerPublicKey, err := CSP.KeyImport(readFile(t, "testdata/idemix/msp/IssuerPublicKey"), &types.IdemixIssuerPublicKeyImportOpts{Temporary: true, AttributeNames: []string{"", "", "", ""}}) - assert.NoError(t, err) - - /*******************************************************************************/ - /**************configure the smartcard to work with these creds*****************/ - /*******************************************************************************/ - - ipk := _ipk.(*aries.IssuerPublicKey) - sc.H0 = ipk.PKwG.H0 - sc.H1 = ipk.PKwG.H[0] - sc.H2 = ipk.PKwG.H[3] - sc.EID = bbs.FrFromOKM([]byte(conf.EnrollmentId), curve) - sc.Uid_sk = curve.NewZrFromBytes(conf.Sk) - - /*******************************************************************************/ - /**************************NYM SIGNATURE****************************************/ - /*******************************************************************************/ - - scIdmx := &aries.SmartcardIdemixBackend{Curve: curve} - - msg := []byte("msg") - rNymEid, nymEid := sc.NymEid() - - /*****sign low-level*****/ - - sig, nym, rNym, err := scIdmx.Sign(sc, ipk, msg) - assert.NoError(t, err) - - /*****verify with csp*****/ - - valid, err := CSP.Verify(handlers.NewNymPublicKey(nil), sig, msg, &types.IdemixNymSignerOpts{ - IssuerPK: IssuerPublicKey, - IsSmartcard: true, - NymEid: nymEid, - }) - assert.NoError(t, err) - assert.True(t, valid) - - /*******************************************************************************/ - /**************************IDEMIX SIGNATURE*************************************/ - /*******************************************************************************/ - - rhIndex, eidIndex := 3, 2 - - idemixAttrs := []types.IdemixAttribute{ - { - Type: types.IdemixBytesAttribute, - Value: []byte(conf.OrganizationalUnitIdentifier), - }, - { - Type: types.IdemixIntAttribute, - Value: int(conf.Role), - }, - { - Type: types.IdemixHiddenAttribute, - }, - { - Type: types.IdemixHiddenAttribute, - }, - } - - meta := &types.IdemixSignerMetadata{ - EidNym: nymEid.Bytes(), - EidNymAuditData: &types.AttrNymAuditData{ - Nym: nymEid, - Rand: rNymEid, - Attr: bbs.FrFromOKM([]byte(conf.EnrollmentId), curve), - }, - } - - signer := &aries.Signer{ - Curve: sc.Curve, - Rng: rand.Reader, - } - - /*****sign low-level*****/ - - sig, _, err = signer.Sign(conf.Cred, nil, nym, rNym, ipk, idemixAttrs, nil, rhIndex, eidIndex, nil, types.Smartcard, meta) - assert.NoError(t, err) - - /*****verify with csp*****/ - - valid, err = CSP.Verify( - IssuerPublicKey, - sig, - nil, - &types.IdemixSignerOpts{ - Attributes: idemixAttrs, - RhIndex: 3, - EidIndex: 2, - VerificationType: types.ExpectSmartcard, - Metadata: &types.IdemixSignerMetadata{ - EidNym: nymEid.Bytes(), - }, - }, - ) - assert.NoError(t, err) - assert.True(t, valid) -} - -func TestSmartcardCSP(t *testing.T) { - sc, curve := getSmartcard(t) - - /*******************************************************************************/ - /****************************read out idemix config*****************************/ - /*******************************************************************************/ - - issuer := &aries.Issuer{Curve: curve} - - _ipk, err := issuer.NewPublicKeyFromBytes(readFile(t, "testdata/idemix/msp/IssuerPublicKey"), []string{"", "", "", ""}) - assert.NoError(t, err) - - conf := &config.IdemixMSPSignerConfig{} - err = proto.Unmarshal(readFile(t, "testdata/idemix/user/SignerConfig"), conf) - assert.NoError(t, err) - - /*******************************************************************************/ - /*****************instantiate an idemix bccsp and import ipk********************/ - /*******************************************************************************/ - - CSP, err := idemix.NewAries(NewDummyKeyStore(), curve, true) - assert.NoError(t, err) - - IssuerPublicKey, err := CSP.KeyImport(readFile(t, "testdata/idemix/msp/IssuerPublicKey"), &types.IdemixIssuerPublicKeyImportOpts{Temporary: true, AttributeNames: []string{"", "", "", ""}}) - assert.NoError(t, err) - - /*******************************************************************************/ - /**************configure the smartcard to work with these creds*****************/ - /*******************************************************************************/ - - ipk := _ipk.(*aries.IssuerPublicKey) - sc.H0 = ipk.PKwG.H0 - sc.H1 = ipk.PKwG.H[0] - sc.H2 = ipk.PKwG.H[3] - sc.EID = bbs.FrFromOKM([]byte(conf.EnrollmentId), curve) - sc.Uid_sk = curve.NewZrFromBytes(conf.Sk) - - /*******************************************************************************/ - /**************************NYM SIGNATURE****************************************/ - /*******************************************************************************/ - - msg := []byte("msg") - rNymEid, nymEid := sc.NymEid() - - /*****sign*****/ - - opts := &types.IdemixNymSignerOpts{ - IssuerPK: IssuerPublicKey, - IsSmartcard: true, - Smartcard: sc, - } - - sig, err := CSP.Sign(handlers.NewUserSecretKey(nil, true), msg, opts) - assert.NoError(t, err) - - /*****verify*****/ - - valid, err := CSP.Verify(handlers.NewNymPublicKey(nil), sig, msg, &types.IdemixNymSignerOpts{ - IssuerPK: IssuerPublicKey, - IsSmartcard: true, - NymEid: nymEid, - }) - assert.NoError(t, err) - assert.True(t, valid) - - /*******************************************************************************/ - /**************************IDEMIX SIGNATURE*************************************/ - /*******************************************************************************/ - - /*****sign*****/ - - nymsk, err := handlers.NewNymSecretKey(opts.RNym, opts.NymG1, curve, true) - assert.NoError(t, err) - - signOpts := &types.IdemixSignerOpts{ - Credential: conf.Cred, - Nym: nymsk, - IssuerPK: IssuerPublicKey, - Attributes: []types.IdemixAttribute{ - { - Type: types.IdemixBytesAttribute, - Value: []byte(conf.OrganizationalUnitIdentifier), - }, - { - Type: types.IdemixIntAttribute, - Value: int(conf.Role), - }, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - }, - RhIndex: 3, - EidIndex: 2, - SigType: types.Smartcard, - Metadata: &types.IdemixSignerMetadata{ - EidNym: nymEid.Bytes(), - EidNymAuditData: &types.AttrNymAuditData{ - Nym: nymEid, - Rand: rNymEid, - Attr: bbs.FrFromOKM([]byte(conf.EnrollmentId), curve), - }, - }, - } - - signature, err := CSP.Sign( - handlers.NewUserSecretKey(nil, false), - nil, - signOpts, - ) - assert.NoError(t, err) - - /*****verify*****/ - - valid, err = CSP.Verify( - IssuerPublicKey, - signature, - nil, - &types.IdemixSignerOpts{ - Attributes: []types.IdemixAttribute{ - { - Type: types.IdemixBytesAttribute, - Value: []byte(conf.OrganizationalUnitIdentifier), - }, - { - Type: types.IdemixIntAttribute, - Value: int(conf.Role), - }, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - }, - RhIndex: 3, - EidIndex: 2, - VerificationType: types.ExpectSmartcard, - Metadata: &types.IdemixSignerMetadata{ - EidNym: nymEid.Bytes(), - }, - }, - ) - assert.NoError(t, err) - assert.True(t, valid) - - /*******************************************************************************/ - - /*****sign*****/ - - nymsk, err = handlers.NewNymSecretKey(opts.RNym, opts.NymG1, curve, true) - assert.NoError(t, err) - - signOpts = &types.IdemixSignerOpts{ - Credential: conf.Cred, - Nym: nymsk, - IssuerPK: IssuerPublicKey, - Attributes: []types.IdemixAttribute{ - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - }, - RhIndex: 3, - EidIndex: 2, - SigType: types.Smartcard, - Metadata: &types.IdemixSignerMetadata{ - EidNym: nymEid.Bytes(), - EidNymAuditData: &types.AttrNymAuditData{ - Nym: nymEid, - Rand: rNymEid, - Attr: bbs.FrFromOKM([]byte(conf.EnrollmentId), curve), - }, - }, - } - - signature, err = CSP.Sign( - handlers.NewUserSecretKey(nil, false), - nil, - signOpts, - ) - assert.NoError(t, err) - - /*****verify*****/ - - valid, err = CSP.Verify( - IssuerPublicKey, - signature, - nil, - &types.IdemixSignerOpts{ - Attributes: []types.IdemixAttribute{ - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - {Type: types.IdemixHiddenAttribute}, - }, - RhIndex: 3, - EidIndex: 2, - VerificationType: types.ExpectSmartcard, - Metadata: &types.IdemixSignerMetadata{ - EidNym: nymEid.Bytes(), - }, - }, - ) - assert.NoError(t, err) - assert.True(t, valid) - - /*******************************************************************************/ - /***********************low-level invocation************************************/ - /*******************************************************************************/ - - rhIndex, eidIndex := 3, 2 - - idemixAttrs := []types.IdemixAttribute{ - { - Type: types.IdemixHiddenAttribute, - }, - { - Type: types.IdemixIntAttribute, - Value: int(conf.Role), - }, - { - Type: types.IdemixHiddenAttribute, - }, - { - Type: types.IdemixHiddenAttribute, - }, - } - - meta := &types.IdemixSignerMetadata{ - EidNym: nymEid.Bytes(), - EidNymAuditData: &types.AttrNymAuditData{ - Nym: nymEid, - Rand: rNymEid, - Attr: bbs.FrFromOKM([]byte(conf.EnrollmentId), curve), - }, - } - - rand, err := sc.Curve.Rand() - assert.NoError(t, err) - - signer := &aries.Signer{ - Curve: sc.Curve, - Rng: rand, - } - - /*****sign*****/ - - sig, _, err = signer.Sign(conf.Cred, nil, opts.NymG1, opts.RNym, ipk, idemixAttrs, nil, rhIndex, eidIndex, nil, types.Smartcard, meta) - assert.NoError(t, err) - - rng, err := curve.Rand() - assert.NoError(t, err) - - /*****verify*****/ - - verifier := &aries.Signer{ - Curve: curve, - Rng: rng, - } - err = verifier.Verify(ipk, sig, nil, []types.IdemixAttribute{ - { - Type: types.IdemixHiddenAttribute, - }, - { - Type: types.IdemixIntAttribute, - Value: int(conf.Role), - }, - { - Type: types.IdemixHiddenAttribute, - }, - { - Type: types.IdemixHiddenAttribute, - }, - }, 3, 2, 0, nil, -1, types.ExpectSmartcard, &types.IdemixSignerMetadata{EidNym: nymEid.Bytes()}) - assert.NoError(t, err) - - /*******************************************************************************/ - /*******************************************************************************/ -} diff --git a/bccsp/testdata/idemix/ca/IssuerPublicKey b/bccsp/testdata/idemix/ca/IssuerPublicKey deleted file mode 100644 index dfbb020d..00000000 --- a/bccsp/testdata/idemix/ca/IssuerPublicKey +++ /dev/null @@ -1 +0,0 @@ -}rrB^*¾\VY."'Y緶ʍ#i s9n♡d?`@@x \ No newline at end of file diff --git a/bccsp/testdata/idemix/ca/IssuerSecretKey b/bccsp/testdata/idemix/ca/IssuerSecretKey deleted file mode 100644 index d83b4f96..00000000 --- a/bccsp/testdata/idemix/ca/IssuerSecretKey +++ /dev/null @@ -1 +0,0 @@ --z#AFVP\:Ni \ No newline at end of file diff --git a/bccsp/testdata/idemix/ca/RevocationKey b/bccsp/testdata/idemix/ca/RevocationKey deleted file mode 100644 index 67778035..00000000 --- a/bccsp/testdata/idemix/ca/RevocationKey +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIGkAgEBBDBvIARacTRedf41rk7begOTj+oAgH8G87H6+h1riXgwp6PS8d2Bq7PO -Me4GxsAhZBegBwYFK4EEACKhZANiAATRJZTooqayA4MiwC2p9Of4XXqBCryNFHwW -wOcyM1nQpaQsZXr7SmC63el7SPV0M9CFbkagGwvqGPYLtK5sP9TdOGLu1wctvBpL -Q5jvKFLrP1/kebee1JVLeSCvlybi7ww= ------END PRIVATE KEY----- diff --git a/bccsp/testdata/idemix/msp/IssuerPublicKey b/bccsp/testdata/idemix/msp/IssuerPublicKey deleted file mode 100644 index dfbb020d..00000000 --- a/bccsp/testdata/idemix/msp/IssuerPublicKey +++ /dev/null @@ -1 +0,0 @@ -}rrB^*¾\VY."'Y緶ʍ#i s9n♡d?`@@x \ No newline at end of file diff --git a/bccsp/testdata/idemix/msp/RevocationPublicKey b/bccsp/testdata/idemix/msp/RevocationPublicKey deleted file mode 100644 index 1d65405a..00000000 --- a/bccsp/testdata/idemix/msp/RevocationPublicKey +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE0SWU6KKmsgODIsAtqfTn+F16gQq8jRR8 -FsDnMjNZ0KWkLGV6+0pgut3pe0j1dDPQhW5GoBsL6hj2C7SubD/U3Thi7tcHLbwa -S0OY7yhS6z9f5Hm3ntSVS3kgr5cm4u8M ------END PUBLIC KEY----- diff --git a/bccsp/testdata/idemix/user/SignerConfig b/bccsp/testdata/idemix/user/SignerConfig deleted file mode 100644 index 11b2763d34d1c1d91b62301ec7121f1f991f2abf..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 561 zcmd;j&B&F=+$)n~+ga28Z?mpgWpc)8g`elnZ3|AF_^9>yt_#aGJ*F6{+ugeKciM)e zSG)%EZA}0E?yM+X$MXcPyMm(e{*od`bQ%E zCBLqJdLk&K@bdcYieA3yyS{DV+PZpO>eWXx90fi+{I_4iegUs>p;nrZ0t0@)D5S7( zs^vA^(;@bDYj;iizVzXZKe{`LV*K77xcD_wHTB5sy+R7tGm^OHEl59fbV^RCP=?WK zPKUD1TMl;q)8Cx-^%Ae_c_9VK%dN-n-Ea-HRNS&QUDn{Yy5f)MQ}ar6GgFM-G72>^viL1a2ruqB5OO=};W6_Y!aG&& zRy=CIVA^>p^R3C^x-9K~JjMZAPUa|Rgz<;hXiT&^ClfqNXn%{%B{i{aod@RqW(|3~ z=W@rP2~O{pd1}^en&0iSuc1k5#^wh?je=flS!Nd~xII7Ww0Lt_Id7?upIzYl(<-IC zi4h(zIkz7|di4o*FX0{mc&5#()2KyM33LW|*GbT{64UMB>5xPkbSU sj_aOq_izY4W-{x#`DwmR)($HXU1HJ6rR1an0A@b@pa1{> diff --git a/bccsp/testdata/old/cred_request.sign b/bccsp/testdata/old/cred_request.sign deleted file mode 100644 index 1f3f4294..00000000 --- a/bccsp/testdata/old/cred_request.sign +++ /dev/null @@ -1,4 +0,0 @@ - -D - r~?+԰1XO篸Tϵ}6 =5=A -uc{FE[%$ >|"21]>$O ʇ`vʽ+ ]:CA|!?گPq" 4!Jj~2E/0=?~uJN \ No newline at end of file diff --git a/bccsp/testdata/old/credential.sign b/bccsp/testdata/old/credential.sign deleted file mode 100644 index 73bf01fc3162b1d27d276008416781bbc3d0d171..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 378 zcmd;b;Zk^^DOs^bR&^$O?~F3P;^+O__54)I=ky%q_ElA_IjuDHs@J|fTr*;9*r;ew4Iq0q7qa!`$Vy_&eh!q&l_`hzFf0KvT07%0>-Zg-duk8zkD8_ltStf&)%Xr zH)7SUKU}b*hNGaWY|3Q$#fqkx-v3%9tNGlO6q@RMJNo9-sdM~O?B1$yX;YBO?>T3t zr`m09;alqAJ$;jwLY@itod27vX3SaY@@#hnmrlh5S^LfA7GT)3dt&r529nrymv=mtV?j5|KD4*p2mS@k(D?c5$`8;KuOSC>6-LU%g Jhm#X-008v5o}mB$ diff --git a/bccsp/testdata/old/cri.sign b/bccsp/testdata/old/cri.sign deleted file mode 100644 index df983410446c66e748e636f1af9b18c2e3ac2d7f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 244 zcmV;l?-E6S*Yac;bi9HHp$`?KGo)YAYHba3DtK#X_UAc6SYR5>7r*@5>~0jbT_w z=?S!fzT7AOA|M4+d+Z7mgd--E}}j=n;XK}X3Z04tWDn)0x|"21]>$O ʇ`vʽ+ \ No newline at end of file diff --git a/bccsp/testdata/old/issuerkey.pk b/bccsp/testdata/old/issuerkey.pk deleted file mode 100644 index 3335e2487f895aea15cf84c662d7bc20bb01e651..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 906 zcmV;519kig1wnLlaxn@8L3DI-G71GjbaZkv3I#!QbaFHb1wnLlay1e}3Lr$&J*!t6 zx-WI#k<7}M`HsaJLU#z2`^tX71bhLHOK1`xQB=H?c(?kNL3dIGN5~AWSvtXGd?Pc^ z!Yr^c9T=7$8bk^ph9Le2uSxUWQuVx903(Sv;tK5U?4+V=P<>X2bJ@j~5+IK5lbAhx zo!1^}_R@MzbiOm{@A1-@ivh-CB^*@AHG?8V3Ls}hpJvX(H|EK3-drhr3AEp`W2FgB zgd{zLl$$p+?{g9$!kJ|gVp(n>)@zh3m@O_OWYmRy8>B~l2i02$0;j-h5qGweX;n*VXlYYB~t$R5+F!-^ihApda{PK(`kq6&6=q5cNk>v zr|dizuud4XS6w1R3Ltt#7{iv zF-W7i@$=h#+GHkh{aInWjc`4rGspLgbE8`~B18%x`)K#Mxy47%fC2YpD-AbEgK2WN z@`CMqkuhJcaJ?@@5+DNfC5fY=Vjg%K3Z|lFUV^UuVYJvnU4q*0<1jKPfJP!j3LuzV zEQNKn;UV#;6wPL?Q1qKls9g^OJ0p}z1smf6(OwcDsh&y}wsu%v%8Grbn>3W2WD6z~ z)Jq?=1B-ix1OrScX$CEHO2A}TIl2KWF)r?(*G8to=|8!bUL8{`4S*h zGJ(;p((0{4s diff --git a/bccsp/testdata/old/issuerkey.sk b/bccsp/testdata/old/issuerkey.sk deleted file mode 100644 index 5283435bbb44c7c282319ac91651a0cb35e6efce..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 943 zcmV;g15o@5AOl&pi_6pmZq8?=)w!am&DonhV_z&%;!^B_Zh0K|e-erZ3I#!QbaF8Y z1wnLlaxw}9L3DI-GYSPkbaZkw3I#!QbaFKkL<%58(><$K8@exb-;vD9m-&vx8bWsn zmHWzm!32B(k4tD0AW>Ajlz6xLmO*z?1xLsXu30+4Wqczu(84URF&!9|9~wjoAci3R z2d_!<-BR_uSpXx6H{uHH?(C$ZYfybwh;!M+mJ%S2?vt23e4W=GYWC84PISIA>hJN= zn2Q0%Vqgp`{%H1Bf~Ai|kt z6Jl9zA=Yb@ESN1WBxKZueH)}leF*DT7Q99TBO*i!AVdT_eY&1Fuq!rZI>#w1fQA0$ zdVR6@$6>CA-z8H1`4S*Vcl1$z!g{iXwbN;b>&=>|^LH3z@2BiM7qCtkv{zjsL<%5! zMdd8&KZmxc06DENOf=9>k6wDcli8_6ql{h+`YzuRAnB!bG%-k{x$*PcecEIuaQ#_f zyp3=@q%+6&jB}$~HzGs|Ap2{b97&LS2H|@8d8sD1b&HL<%67Tr7okwBaG~s1(g+u2A%w zPN-cE13M#>N(CF^0?}R)AgP{87PfX+UdoDnr<*jCon#9p6x2%}wF8TLh6DplODc!~ z3Ly8PN?Hd^E;Q+m8+%|r9Cg_*JONqutwyx0F%sM?u38cxH*hCwsjltW0~7I+MB2ESK6-TYrc`5K~2D{HfOm zSXOi^`_L+8%d)*xDsR8u5+E(4AJIBf_Ax(z{l->W7auHQ??k}^b}~YsJ=P|2HN84S z3LqSv#&>uD9W}-B5L)Qt>|`Xj4ATD=qn=P`Jajst0r?UjR5F3ltP yܰR" 35TlN}3RX6=X \ No newline at end of file diff --git a/bccsp/testdata/old/nymkey.pk b/bccsp/testdata/old/nymkey.pk deleted file mode 100644 index 7f41b889..00000000 --- a/bccsp/testdata/old/nymkey.pk +++ /dev/null @@ -1 +0,0 @@ -}˰ vEW[eUv0TԮkֻ[9:ra ! _Rw: \ No newline at end of file diff --git a/bccsp/testdata/old/nymkey.sk b/bccsp/testdata/old/nymkey.sk deleted file mode 100644 index 37ac7fb6..00000000 --- a/bccsp/testdata/old/nymkey.sk +++ /dev/null @@ -1 +0,0 @@ -!$&vXGu^ՃZ] \ No newline at end of file diff --git a/bccsp/testdata/old/revocation.pk b/bccsp/testdata/old/revocation.pk deleted file mode 100644 index d1f02a868c8c96eb49bbe91cc682d1577bb004f7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 120 zcmV-;0EhoDb}$eI2P%e0&OHJF1_djD1OOrfVgLmC?)Ouo@TK#W;-Y}j@M~XNUjivT zJs#dkpoxs<=~iHZpYXXxXc7l_sfBSYW;cu==)wt&qB_iNFlCr z^gZqEqH5VT`Vt_CN}c1k2h{FR?kc#4vk4ch)M5vCUKNF@rVE*664tdEL<%4h!n-zd z&|8vl2}F348VVf*u@|`{(`39A=XtlOD?J4gAYhRAO@AGJZ8ic2oq|a|Ku=ZTEe+RI z?B5NzksAb`Uil^@E= z{72A(JYEcCSXwkOR;CO`zTv!V{$WoIEixcse`+3oIW3pAe~tVBiU%WXL$IJZOP(rF zGXCvLl0C{gAcI-xxH)`{Mn&T*qrKS4tiK~$2kl>c{(b?562aq1KXQu6t|D|wAY}3|{xwaT__i7&PHemSXvYePYi#y?=vftB zzN529sZt;skUxhiQ>eI>3mpUVVrulI`A=cICi@1w%kV9vwrk~5AU6*Ldhcov^Jj7X z8p-uSN|R<3y;t@Pw-dx|_|GWUhf*M|1@zYnI@Hwb_&^_-YaZMX>o3y6O@iqzDXO9* z%!H^?AmK%YaI6V-d9ZH;joI~WG)XL{kv~U!%BImNNDvB_;Zh)DzwfgxLJ1L1iY4X? zA`F{1xVt5EBDRH157U+YlA4BEAc&lW>)9*@rnSH!j%70?4a}R2yI}Rf0mNu{!e0cy z9b!ZZAbrcQ84Mqkc8`+6MI2XKWzki3tT6UeALZ1pxN8Uj))FAQ2wOSA|E?FMI&##_ zVfV+vpdkypv=U#xQg?(pq4Sq&Af{I)_3eYldA4uSMR7n1Hk4uaaS`gdeG_rAWiPkN z26Bi23LyRrGf=e2Y#=CB4_ACBkvh&CQ<@ULggnwF7Pg7Np8FCYPNra2bBe%J+gjnq zH`o)oB;9!8htM^N(rN89qkd{D8X#~WM(4#sqqBB*4RsPuK2h(>Bz28pSV-v!w1K|d zC;uWK1ytj_(}=>5LhhzXDSon_i%h8IK@HfWj diff --git a/bccsp/testdata/old/signature_with_disclosed_attribute.sign b/bccsp/testdata/old/signature_with_disclosed_attribute.sign deleted file mode 100644 index 95ace8d405225335df767f56a394c254b5a6fec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 901 zcmV;01A6=lL<%6Q)peI`3`_FY%en1n2C%={jCrUf4VL$*h4O}Yzk})$AS6ZR^WC>{ zUt~Oem;=s!0)l2?uS~Wu~>b14^KiaoU5=yB_$-`s~6fDL<%7FeV|*H zpqBlSXx}rR;95g&6aR;H1sdQURaYDr$>C%YAg8GbHcAAy{NkYQK(^y0Q+>^l=r0Q) zk{`|J!err#wjv-X#>A@RC{O|L{PsCd&;FF^JZ00p^b(u5`Zhw%ps8#sAewq;o)-)0 z@N0Yupx5Z+vpp(#T#%DyO3pa+iUnFkXj^SZHjr0 zMT$su4@I?WL)pO_D;<^H|WU#S4@B67l-+-YP<{$fN5AbrcQ84Mqkc8`+6 zMI2XKWzki3tT6UeALZ1pxN8Uj))FAQ2wOSA|E?FMI&##_VfV+vpdkypv=U#xQg?(p zq4Sq&ApYXWboQ7mfwg?LhJ;BFqo-{~U<(bM7nH-tBP)$Y6LN?F3LyRrGf=e2Y#=CB z4_ACBkvh&CQ<@ULggnwF7Pg7Np8FCYPNra2bBe%J+gjnqH`o)oB;9!8htM^N(rN89 zqkd{D8X#~WM(4#sqqBB*4RsPuK2h(>Bz28pSV-v!w1K|dC;uWK1ytj_(}=>5LhhzX zDSon_i%h8IKy*#oF diff --git a/bccsp/testdata/old/userkey.sk b/bccsp/testdata/old/userkey.sk deleted file mode 100644 index 2e8d4771..00000000 --- a/bccsp/testdata/old/userkey.sk +++ /dev/null @@ -1 +0,0 @@ -Ah!ğ0oZJPz&Ϲ)" \ No newline at end of file diff --git a/msp/audit_legacy_test.go b/msp/audit_legacy_test.go deleted file mode 100644 index 983ab5db..00000000 --- a/msp/audit_legacy_test.go +++ /dev/null @@ -1,225 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package msp - -import ( - "testing" - - bccsp "github.com/IBM/idemix/bccsp/types" - im "github.com/IBM/idemix/msp/config" - "github.com/golang/protobuf/proto" - "github.com/stretchr/testify/assert" -) - -func TestAudit(t *testing.T) { - msp, err := NewIdemixMsp(MSPv1_3) - assert.NoError(t, err) - - // fixtures in testdata/idemix/EidRH were generated by running: - // idemixgen ca-keygen - // idemixgen signerconfig --ca-input=./idemix-config/ --enrollmentId=my-enrollment-id --revocationHandle=my-revocation-handle --org-unit=my-ou - - conf, err := GetIdemixMspConfigWithType("testdata/idemix/EidRH", "EidRH", IDEMIX) - assert.NoError(t, err) - - err = msp.Setup(conf) - assert.NoError(t, err) - - id, err := msp.GetDefaultSigningIdentity() - assert.NoError(t, err) - - idemixSigner := id.(*IdemixSigningIdentity) - - config := &im.IdemixMSPConfig{} - err = proto.Unmarshal(conf.Config, config) - assert.NoError(t, err) - - idemixMsp := msp.(*Idemixmsp) - csp := idemixMsp.csp - - msg := []byte("Lost forever, now and ever\nTo this magical sound that I hear") - - // STEP 1: Sign and Verify normally - - signature, err := csp.Sign( - idemixSigner.UserKey, - msg, - &bccsp.IdemixSignerOpts{ - Credential: idemixSigner.Cred, - Nym: idemixSigner.NymKey, - IssuerPK: idemixMsp.ipk, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: AttributeIndexRevocationHandle, - EidIndex: AttributeIndexEnrollmentId, - Epoch: 0, - CRI: config.Signer.CredentialRevocationInformation, - }, - ) - assert.NoError(t, err) - - valid, err := csp.Verify( - idemixMsp.ipk, - signature, - msg, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: idemixMsp.revocationPK, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: AttributeIndexRevocationHandle, - EidIndex: AttributeIndexEnrollmentId, - Epoch: 0, - VerificationType: bccsp.BestEffort, - }, - ) - assert.NoError(t, err) - assert.True(t, valid) - - // STEP 2: Sign by also generating a commitment to the EID (and Verify) - - sOpts := &bccsp.IdemixSignerOpts{ - SigType: bccsp.EidNym, - Credential: idemixSigner.Cred, - Nym: idemixSigner.NymKey, - IssuerPK: idemixMsp.ipk, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: AttributeIndexRevocationHandle, - EidIndex: AttributeIndexEnrollmentId, - Epoch: 0, - CRI: config.Signer.CredentialRevocationInformation, - } - - signature, err = csp.Sign( - idemixSigner.UserKey, - msg, - sOpts, - ) - assert.NoError(t, err) - - valid, err = csp.Verify( - idemixMsp.ipk, - signature, - msg, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: idemixMsp.revocationPK, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: AttributeIndexRevocationHandle, - EidIndex: AttributeIndexEnrollmentId, - Epoch: 0, - VerificationType: bccsp.ExpectEidNym, - }, - ) - assert.NoError(t, err) - assert.True(t, valid) - - // STEP 3: audit of the nym eid - valid, err = csp.Verify( - idemixMsp.ipk, - signature, - msg, - &bccsp.EidNymAuditOpts{ - EidIndex: AttributeIndexEnrollmentId, - EnrollmentID: config.Signer.EnrollmentId, - RNymEid: sOpts.Metadata.EidNymAuditData.Rand, - }, - ) - assert.NoError(t, err) - assert.True(t, valid) - - // STEP 4: Sign by also generating a commitment to the EID and to the RH (and Verify) - - sOpts = &bccsp.IdemixSignerOpts{ - SigType: bccsp.EidNymRhNym, - Credential: idemixSigner.Cred, - Nym: idemixSigner.NymKey, - IssuerPK: idemixMsp.ipk, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: AttributeIndexRevocationHandle, - EidIndex: AttributeIndexEnrollmentId, - Epoch: 0, - CRI: config.Signer.CredentialRevocationInformation, - } - - signature, err = csp.Sign( - idemixSigner.UserKey, - msg, - sOpts, - ) - assert.NoError(t, err) - - valid, err = csp.Verify( - idemixMsp.ipk, - signature, - msg, - &bccsp.IdemixSignerOpts{ - RevocationPublicKey: idemixMsp.revocationPK, - Attributes: []bccsp.IdemixAttribute{ - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - {Type: bccsp.IdemixHiddenAttribute}, - }, - RhIndex: AttributeIndexRevocationHandle, - EidIndex: AttributeIndexEnrollmentId, - Epoch: 0, - VerificationType: bccsp.ExpectEidNymRhNym, - }, - ) - assert.NoError(t, err) - assert.True(t, valid) - - // STEP 5: audit of the nym eid - valid, err = csp.Verify( - idemixMsp.ipk, - signature, - msg, - &bccsp.EidNymAuditOpts{ - EidIndex: AttributeIndexEnrollmentId, - EnrollmentID: config.Signer.EnrollmentId, - RNymEid: sOpts.Metadata.EidNymAuditData.Rand, - }, - ) - assert.NoError(t, err) - assert.True(t, valid) - - // STEP 6: audit of the rh - valid, err = csp.Verify( - idemixMsp.ipk, - signature, - msg, - &bccsp.RhNymAuditOpts{ - RhIndex: AttributeIndexRevocationHandle, - RevocationHandle: config.Signer.RevocationHandle, - RNymRh: sOpts.Metadata.RhNymAuditData.Rand, - }, - ) - assert.NoError(t, err) - assert.True(t, valid) -} diff --git a/msp/helpers_test.go b/msp/helpers_test.go new file mode 100644 index 00000000..6f61e8be --- /dev/null +++ b/msp/helpers_test.go @@ -0,0 +1,57 @@ +/* +Copyright IBM Corp. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package msp + +import ( + "github.com/pkg/errors" +) + +func setupWithTypeAndVersion(configPath string, ID string, version MSPVersion, mspType ProviderType) (MSP, error) { + var msp MSP + var err error + switch mspType { + case IDEMIX: + msp, err = NewIdemixMsp(version) + case IDEMIX_ARIES: + msp, err = NewIdemixMspAries(version) + default: + panic("programming error") + } + if err != nil { + return nil, err + } + + conf, err := GetIdemixMspConfigWithType(configPath, ID, mspType) + if err != nil { + return nil, errors.Wrap(err, "Getting MSP config failed") + } + + err = msp.Setup(conf) + if err != nil { + return nil, errors.Wrap(err, "Setting up MSP failed") + } + return msp, nil +} + +func getDefaultSigner(msp MSP) (SigningIdentity, error) { + id, err := msp.GetDefaultSigningIdentity() + if err != nil { + return nil, errors.Wrap(err, "Getting default signing identity failed") + } + + err = id.Validate() + if err != nil { + return nil, errors.Wrap(err, "Default signing identity invalid") + } + + err = msp.Validate(id) + if err != nil { + return nil, errors.Wrap(err, "Default signing identity invalid") + } + + return id, nil +} diff --git a/msp/idemixmsp_test.go b/msp/idemixmsp_test.go deleted file mode 100644 index e0e6f398..00000000 --- a/msp/idemixmsp_test.go +++ /dev/null @@ -1,762 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package msp - -import ( - "testing" - - "github.com/IBM/idemix/bccsp/schemes/aries" - im "github.com/IBM/idemix/msp/config" - math "github.com/IBM/mathlib" - "github.com/golang/protobuf/proto" - "github.com/hyperledger/fabric-protos-go-apiv2/msp" - "github.com/pkg/errors" - "github.com/stretchr/testify/require" -) - -func setup(configPath string, ID string) (MSP, error) { - return setupWithTypeAndVersion(configPath, ID, MSPv1_3, IDEMIX) -} - -func setupWithVersion(configPath string, ID string, version MSPVersion) (MSP, error) { - return setupWithTypeAndVersion(configPath, ID, version, IDEMIX) -} - -func setupWithTypeAndVersion(configPath string, ID string, version MSPVersion, mspType ProviderType) (MSP, error) { - var msp MSP - var err error - switch mspType { - case IDEMIX: - msp, err = NewIdemixMsp(version) - case IDEMIX_ARIES: - msp, err = NewIdemixMspAries(version) - default: - panic("programming error") - } - if err != nil { - return nil, err - } - - conf, err := GetIdemixMspConfigWithType(configPath, ID, mspType) - if err != nil { - return nil, errors.Wrap(err, "Getting MSP config failed") - } - - err = msp.Setup(conf) - if err != nil { - return nil, errors.Wrap(err, "Setting up MSP failed") - } - return msp, nil -} - -func getDefaultSigner(msp MSP) (SigningIdentity, error) { - id, err := msp.GetDefaultSigningIdentity() - if err != nil { - return nil, errors.Wrap(err, "Getting default signing identity failed") - } - - err = id.Validate() - if err != nil { - return nil, errors.Wrap(err, "Default signing identity invalid") - } - - err = msp.Validate(id) - if err != nil { - return nil, errors.Wrap(err, "Default signing identity invalid") - } - - return id, nil -} - -func TestSetup(t *testing.T) { - msp, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - require.Equal(t, IDEMIX, msp.GetType()) -} - -func TestSetupBad(t *testing.T) { - _, err := setup("testdata/idemix/badpath", "MSPID") - require.Error(t, err) - require.Contains(t, err.Error(), "Getting MSP config failed") - - msp1, err := NewIdemixMsp(MSPv1_3) - require.NoError(t, err) - - // Setup with nil config - err = msp1.Setup(nil) - require.Error(t, err) - require.Contains(t, err.Error(), "setup error: nil conf reference") - - // Setup with incorrect MSP type - conf := &msp.MSPConfig{Type: 1234, Config: nil} - err = msp1.Setup(conf) - require.Error(t, err) - require.Contains(t, err.Error(), "setup error: config is not of type IDEMIX") - - // Setup with bad idemix config bytes - conf = &msp.MSPConfig{Type: int32(IDEMIX), Config: []byte("barf")} - err = msp1.Setup(conf) - require.Error(t, err) - require.Contains(t, err.Error(), "failed unmarshalling idemix msp config") - - conf, err = GetIdemixMspConfigWithType("testdata/idemix/MSP1OU1", "IdemixMSP1", IDEMIX) - require.NoError(t, err) - idemixconfig := &im.IdemixMSPConfig{} - err = proto.Unmarshal(conf.Config, idemixconfig) - require.NoError(t, err) - - // Create MSP config with IPK with incorrect attribute names (empty attrs) - curve := math.Curves[math.BLS12_381_BBS] - issuer := &aries.Issuer{Curve: curve} - key, err := issuer.NewKey([]string{}) - require.NoError(t, err) - ipkBytes, err := key.Public().Bytes() - require.NoError(t, err) - idemixconfig.Ipk = ipkBytes - - idemixConfigBytes, err := proto.Marshal(idemixconfig) - require.NoError(t, err) - conf.Config = idemixConfigBytes - - err = msp1.Setup(conf) - require.Error(t, err) - require.Contains(t, err.Error(), "issuer public key must have have attributes OU, Role, EnrollmentId, and RevocationHandle") - - // Create MSP config with bad IPK bytes - ipkBytes = []byte("barf") - idemixconfig.Ipk = ipkBytes - - idemixConfigBytes, err = proto.Marshal(idemixconfig) - require.NoError(t, err) - conf.Config = idemixConfigBytes - - err = msp1.Setup(conf) - require.Error(t, err) - require.Contains(t, err.Error(), "failed to unmarshal ipk from idemix msp config") -} - -func TestSigning(t *testing.T) { - msp, err := setup("testdata/idemix/MSP1OU1", "MSP1") - require.NoError(t, err) - - id, err := getDefaultSigner(msp) - require.NoError(t, err) - - msg := []byte("TestMessage") - sig, err := id.Sign(msg) - require.NoError(t, err) - - err = id.Verify(msg, sig) - require.NoError(t, err) - - err = id.Verify([]byte("OtherMessage"), sig) - require.Error(t, err) - require.Contains(t, err.Error(), "pseudonym signature invalid: zero-knowledge proof is invalid") - - verMsp, err := setup("testdata/idemix/MSP1Verifier", "MSP1") - require.NoError(t, err) - err = verMsp.Validate(id) - require.NoError(t, err) - _, err = verMsp.GetDefaultSigningIdentity() - require.Error(t, err) - require.Contains(t, err.Error(), "no default signer setup") -} - -func TestSigningBad(t *testing.T) { - msp, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id, err := getDefaultSigner(msp) - require.NoError(t, err) - - msg := []byte("TestMessage") - sig := []byte("barf") - - err = id.Verify(msg, sig) - require.Error(t, err) - require.Contains(t, err.Error(), "error unmarshalling signature") -} - -func TestIdentitySerialization(t *testing.T) { - msp, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id, err := getDefaultSigner(msp) - require.NoError(t, err) - - // Test serialization of identities - serializedID, err := id.Serialize() - require.NoError(t, err) - - verID, err := msp.DeserializeIdentity(serializedID) - require.NoError(t, err) - - err = verID.Validate() - require.NoError(t, err) - - err = msp.Validate(verID) - require.NoError(t, err) -} - -func TestIdentitySerializationBad(t *testing.T) { - msp, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - _, err = msp.DeserializeIdentity([]byte("barf")) - require.Error(t, err, "DeserializeIdentity should have failed for bad input") - require.Contains(t, err.Error(), "could not deserialize a SerializedIdentity") -} - -func TestIdentitySerializationWrongMSP(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - msp2, err := setup("testdata/idemix/MSP2OU1", "MSP2OU1") - require.NoError(t, err) - id2, err := getDefaultSigner(msp2) - require.NoError(t, err) - - idBytes, err := id2.Serialize() - require.NoError(t, err) - - _, err = msp1.DeserializeIdentity(idBytes) - require.Error(t, err, "DeserializeIdentity should have failed for ID of other MSP") - require.Contains(t, err.Error(), "expected MSP ID MSP1OU1, received MSP2OU1") -} - -func TestPrincipalIdentity(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - idBytes, err := id1.Serialize() - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_IDENTITY, - Principal: idBytes} - - err = id1.SatisfiesPrincipal(principal) - require.NoError(t, err) -} - -func TestPrincipalIdentityWrongIdentity(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - msp2, err := setup("testdata/idemix/MSP1OU2", "MSP1OU2") - require.NoError(t, err) - - id2, err := getDefaultSigner(msp2) - require.NoError(t, err) - - idBytes, err := id1.Serialize() - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_IDENTITY, - Principal: idBytes} - - err = id2.SatisfiesPrincipal(principal) - require.Error(t, err, "Identity MSP principal for different user should fail") - require.Contains(t, err.Error(), "the identities do not match") - -} - -func TestPrincipalIdentityBadIdentity(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - idBytes := []byte("barf") - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_IDENTITY, - Principal: idBytes} - - err = id1.SatisfiesPrincipal(principal) - require.Error(t, err, "Identity MSP principal for a bad principal should fail") - require.Contains(t, err.Error(), "the identities do not match") -} - -func TestAnonymityPrincipal(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - principalBytes, err := proto.Marshal(&msp.MSPIdentityAnonymity{AnonymityType: msp.MSPIdentityAnonymity_ANONYMOUS}) - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ANONYMITY, - Principal: principalBytes} - - err = id1.SatisfiesPrincipal(principal) - require.NoError(t, err) -} - -func TestAnonymityPrincipalBad(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - principalBytes, err := proto.Marshal(&msp.MSPIdentityAnonymity{AnonymityType: msp.MSPIdentityAnonymity_NOMINAL}) - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ANONYMITY, - Principal: principalBytes} - - err = id1.SatisfiesPrincipal(principal) - require.Error(t, err, "Idemix identity is anonymous and should not pass NOMINAL anonymity principal") - require.Contains(t, err.Error(), "principal is nominal, but idemix MSP is anonymous") -} - -func TestAnonymityPrincipalV11(t *testing.T) { - msp1, err := setupWithVersion("testdata/idemix/MSP1OU1", "MSP1OU1", MSPv1_1) - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - principalBytes, err := proto.Marshal(&msp.MSPIdentityAnonymity{AnonymityType: msp.MSPIdentityAnonymity_NOMINAL}) - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ANONYMITY, - Principal: principalBytes} - - err = id1.SatisfiesPrincipal(principal) - require.Error(t, err) - require.Contains(t, err.Error(), "Anonymity MSP Principals are unsupported in MSPv1_1") -} - -func TestIdemixIsWellFormed(t *testing.T) { - idemixMSP, err := setup("testdata/idemix/MSP1OU1", "TestName") - require.NoError(t, err) - - id, err := getDefaultSigner(idemixMSP) - require.NoError(t, err) - rawId, err := id.Serialize() - require.NoError(t, err) - sId := &msp.SerializedIdentity{} - err = proto.Unmarshal(rawId, sId) - require.NoError(t, err) - err = idemixMSP.IsWellFormed(sId) - require.NoError(t, err) - // Corrupt the identity bytes - sId.IdBytes = append(sId.IdBytes, 1) - err = idemixMSP.IsWellFormed(sId) - require.Error(t, err) - require.Contains(t, err.Error(), "not an idemix identity") -} - -func TestPrincipalOU(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - ou := &msp.OrganizationUnit{ - OrganizationalUnitIdentifier: id1.GetOrganizationalUnits()[0].OrganizationalUnitIdentifier, - MspIdentifier: id1.GetMSPIdentifier(), - CertifiersIdentifier: nil, - } - bytes, err := proto.Marshal(ou) - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, - Principal: bytes} - - err = id1.SatisfiesPrincipal(principal) - require.NoError(t, err) -} - -func TestPrincipalOUWrongOU(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - ou := &msp.OrganizationUnit{ - OrganizationalUnitIdentifier: "DifferentOU", - MspIdentifier: id1.GetMSPIdentifier(), - CertifiersIdentifier: nil, - } - bytes, err := proto.Marshal(ou) - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, - Principal: bytes} - - err = id1.SatisfiesPrincipal(principal) - require.Error(t, err, "OU MSP principal should have failed for user of different OU") - require.Contains(t, err.Error(), "user is not part of the desired organizational unit") - -} - -func TestPrincipalOUWrongMSP(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - ou := &msp.OrganizationUnit{ - OrganizationalUnitIdentifier: "OU1", - MspIdentifier: "OtherMSP", - CertifiersIdentifier: nil, - } - bytes, err := proto.Marshal(ou) - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, - Principal: bytes} - - err = id1.SatisfiesPrincipal(principal) - require.Error(t, err, "OU MSP principal should have failed for user of different MSP") - require.Contains(t, err.Error(), "the identity is a member of a different MSP") - -} - -func TestPrincipalOUBad(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - bytes := []byte("barf") - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, - Principal: bytes} - - err = id1.SatisfiesPrincipal(principal) - require.Error(t, err, "OU MSP principal should have failed for a bad OU principal") - require.Contains(t, err.Error(), "could not unmarshal OU from principal") -} - -func TestPrincipalRoleMember(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: id1.GetMSPIdentifier()}) - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ROLE, - Principal: principalBytes} - - err = id1.SatisfiesPrincipal(principal) - require.NoError(t, err) - - // Member should also satisfy client - principalBytes, err = proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_CLIENT, MspIdentifier: id1.GetMSPIdentifier()}) - require.NoError(t, err) - - principal = &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ROLE, - Principal: principalBytes} - - err = id1.SatisfiesPrincipal(principal) - require.NoError(t, err) -} - -func TestPrincipalRoleAdmin(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1Admin", "MSP1OU1Admin") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: id1.GetMSPIdentifier()}) - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ROLE, - Principal: principalBytes} - - // Admin should also satisfy member - err = id1.SatisfiesPrincipal(principal) - require.NoError(t, err) - - principalBytes, err = proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: id1.GetMSPIdentifier()}) - require.NoError(t, err) - - principal = &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ROLE, - Principal: principalBytes} - - err = id1.SatisfiesPrincipal(principal) - require.NoError(t, err) -} - -func TestPrincipalRoleNotPeer(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1Admin", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_PEER, MspIdentifier: id1.GetMSPIdentifier()}) - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ROLE, - Principal: principalBytes} - - err = id1.SatisfiesPrincipal(principal) - require.Error(t, err, "Admin should not satisfy PEER principal") - require.Contains(t, err.Error(), "idemixmsp only supports client use, so it cannot satisfy an MSPRole PEER principal") -} - -func TestPrincipalRoleNotAdmin(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: id1.GetMSPIdentifier()}) - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ROLE, - Principal: principalBytes} - - err = id1.SatisfiesPrincipal(principal) - require.Error(t, err, "Member should not satisfy Admin principal") - require.Contains(t, err.Error(), "user is not an admin") -} - -func TestPrincipalRoleWrongMSP(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: "OtherMSP"}) - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ROLE, - Principal: principalBytes} - - err = id1.SatisfiesPrincipal(principal) - require.Error(t, err, "Role MSP principal should have failed for user of different MSP") - require.Contains(t, err.Error(), "the identity is a member of a different MSP") -} - -func TestPrincipalRoleBadRole(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - // Make principal for nonexisting role 1234 - principalBytes, err := proto.Marshal(&msp.MSPRole{Role: 1234, MspIdentifier: id1.GetMSPIdentifier()}) - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ROLE, - Principal: principalBytes} - - err = id1.SatisfiesPrincipal(principal) - require.Error(t, err, "Role MSP principal should have failed for a bad Role") - require.Contains(t, err.Error(), "invalid MSP role type") -} - -func TestPrincipalBad(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - principal := &msp.MSPPrincipal{ - PrincipalClassification: 1234, - Principal: nil} - - err = id1.SatisfiesPrincipal(principal) - require.Error(t, err, "Principal with bad Classification should fail") - require.Contains(t, err.Error(), "invalid principal type") -} - -func TestPrincipalCombined(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - ou := &msp.OrganizationUnit{ - OrganizationalUnitIdentifier: id1.GetOrganizationalUnits()[0].OrganizationalUnitIdentifier, - MspIdentifier: id1.GetMSPIdentifier(), - CertifiersIdentifier: nil, - } - principalBytes, err := proto.Marshal(ou) - require.NoError(t, err) - - principalOU := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, - Principal: principalBytes} - - principalBytes, err = proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: id1.GetMSPIdentifier()}) - require.NoError(t, err) - - principalRole := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ROLE, - Principal: principalBytes} - - principals := []*msp.MSPPrincipal{principalOU, principalRole} - - combinedPrincipal := &msp.CombinedPrincipal{Principals: principals} - combinedPrincipalBytes, err := proto.Marshal(combinedPrincipal) - - require.NoError(t, err) - - principalsCombined := &msp.MSPPrincipal{PrincipalClassification: msp.MSPPrincipal_COMBINED, Principal: combinedPrincipalBytes} - - err = id1.SatisfiesPrincipal(principalsCombined) - require.NoError(t, err) -} - -func TestPrincipalCombinedBad(t *testing.T) { - msp1, err := setup("testdata/idemix/MSP1OU1", "MSP1OU1") - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - // create combined principal requiring membership of OU1 in MSP1 and requiring admin role - ou := &msp.OrganizationUnit{ - OrganizationalUnitIdentifier: id1.GetOrganizationalUnits()[0].OrganizationalUnitIdentifier, - MspIdentifier: id1.GetMSPIdentifier(), - CertifiersIdentifier: nil, - } - principalBytes, err := proto.Marshal(ou) - require.NoError(t, err) - - principalOU := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, - Principal: principalBytes} - - principalBytes, err = proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: id1.GetMSPIdentifier()}) - require.NoError(t, err) - - principalRole := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ROLE, - Principal: principalBytes} - - principals := []*msp.MSPPrincipal{principalOU, principalRole} - - combinedPrincipal := &msp.CombinedPrincipal{Principals: principals} - combinedPrincipalBytes, err := proto.Marshal(combinedPrincipal) - - require.NoError(t, err) - - principalsCombined := &msp.MSPPrincipal{PrincipalClassification: msp.MSPPrincipal_COMBINED, Principal: combinedPrincipalBytes} - - err = id1.SatisfiesPrincipal(principalsCombined) - require.Error(t, err, "non-admin member of OU1 in MSP1 should not satisfy principal admin and OU1 in MSP1") - require.Contains(t, err.Error(), "user is not an admin") -} - -func TestPrincipalCombinedV11(t *testing.T) { - msp1, err := setupWithVersion("testdata/idemix/MSP1OU1", "MSP1OU1", MSPv1_1) - require.NoError(t, err) - - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - ou := &msp.OrganizationUnit{ - OrganizationalUnitIdentifier: id1.GetOrganizationalUnits()[0].OrganizationalUnitIdentifier, - MspIdentifier: id1.GetMSPIdentifier(), - CertifiersIdentifier: nil, - } - principalBytes, err := proto.Marshal(ou) - require.NoError(t, err) - - principalOU := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, - Principal: principalBytes} - - principalBytes, err = proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: id1.GetMSPIdentifier()}) - require.NoError(t, err) - - principalRole := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ROLE, - Principal: principalBytes} - - principals := []*msp.MSPPrincipal{principalOU, principalRole} - - combinedPrincipal := &msp.CombinedPrincipal{Principals: principals} - combinedPrincipalBytes, err := proto.Marshal(combinedPrincipal) - - require.NoError(t, err) - - principalsCombined := &msp.MSPPrincipal{PrincipalClassification: msp.MSPPrincipal_COMBINED, Principal: combinedPrincipalBytes} - - err = id1.SatisfiesPrincipal(principalsCombined) - require.Error(t, err) - require.Contains(t, err.Error(), "Combined MSP Principals are unsupported in MSPv1_1") -} - -func TestRoleClientV11(t *testing.T) { - msp1, err := setupWithVersion("testdata/idemix/MSP1OU1", "MSP1OU1", MSPv1_1) - require.NoError(t, err) - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_CLIENT, MspIdentifier: id1.GetMSPIdentifier()}) - require.NoError(t, err) - principalRole := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ROLE, - Principal: principalBytes} - err = id1.SatisfiesPrincipal(principalRole) - require.Error(t, err) - require.Contains(t, err.Error(), "invalid MSP role type") -} - -func TestRolePeerV11(t *testing.T) { - msp1, err := setupWithVersion("testdata/idemix/MSP1OU1", "MSP1OU1", MSPv1_1) - require.NoError(t, err) - id1, err := getDefaultSigner(msp1) - require.NoError(t, err) - - principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_PEER, MspIdentifier: id1.GetMSPIdentifier()}) - require.NoError(t, err) - principalRole := &msp.MSPPrincipal{ - PrincipalClassification: msp.MSPPrincipal_ROLE, - Principal: principalBytes} - err = id1.SatisfiesPrincipal(principalRole) - require.Error(t, err) - require.Contains(t, err.Error(), "invalid MSP role type") -} diff --git a/msp/testdata/idemix/EidRH/ca/IssuerPublicKey b/msp/testdata/idemix/EidRH/ca/IssuerPublicKey deleted file mode 100644 index 92a0a476006da6c36c90c6193ea9af05a180ed9a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 843 zcmV-R1GM}K0#8*61X6EoWeN;MZgOvIY;9$3bV)=C5K?7!Z)0I}X>V>wVQyq>WfDXR zApI@q{PH4~(~Yxp<146uv>mY<^-9Uj04s+!X8AKzXA&TL>E9i43LVD#W+tMngR^v1 z$U^~R237ML!VpLk_7cw;L<%7AcB9y8g0Yxi_$P94`MbcwBQ=YYg?!Q9_rqv?KxD-d zAO*i)A^r21_A{pT=L4DOJ~L3Z>Ua^;uRbIB7D^b!dLl#$Ahi@U^Kx9K=1$nZ28;!i z5N)04O5B7NwrW0`Tmxz&UJ@X9IO5eaOS$rOtB07h+)3yT3eHk!jIjn1AhBM$A45JO zL<%4rAD!vnsFw;1q7`vQ!y-{QPh|~57v9GD_xA=OL<%4f6fZx4>0N=`s)};U zal}8TQao`+l|0wgmX{baTf7AlAYsCi_Bi6}8+mQi&w8Pz%f`^T{NM zAk88m|CbEh?G|U>HnIk$mD}_{)~m31r;s3Iw|QEMe=@0Sn}oy( zDQHkC91}BQ8Z}$eX)MIuBbplt5+G+t81hA|d8t(wYc-?l?A8UmVXD7$Df0~qfe<0X zHu^e53Lqbs!-|qI5US^v>!KMYGL=PRmskAmkjF4PF%1rC^?ni{Lc~=`Vh?pECd&bQ zsD(Vf)mov-Tn_6zfhAr>^4a(r{gXVH;i`n7(^vq4zbT9QqiV2nn`8xUcd^`XE diff --git a/msp/testdata/idemix/EidRH/ca/IssuerSecretKey b/msp/testdata/idemix/EidRH/ca/IssuerSecretKey deleted file mode 100644 index e169f4a7..00000000 --- a/msp/testdata/idemix/EidRH/ca/IssuerSecretKey +++ /dev/null @@ -1 +0,0 @@ -9wM(dVCyȸk"$. \ No newline at end of file diff --git a/msp/testdata/idemix/EidRH/ca/RevocationKey b/msp/testdata/idemix/EidRH/ca/RevocationKey deleted file mode 100644 index d56b4988..00000000 --- a/msp/testdata/idemix/EidRH/ca/RevocationKey +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIGkAgEBBDA5veMN5FDY2j29d5qdIYnhAuRwSjMPMgDuML5hroKa27H75qinmDAV -N+PY8VCzqCagBwYFK4EEACKhZANiAARRhTsyo0HH2D5TYCfZvLSqsUTKCtCkpSsm -nDzHPFbB3vaqb1TFCgwmNaTGnZinVqGy/2e83SCMc4eXNdNhIOuc56yBlqBPV9Cx -B25y/qT3XJS/tkQtjhz4LZ7S1owerMs= ------END PRIVATE KEY----- diff --git a/msp/testdata/idemix/EidRH/msp/IssuerPublicKey b/msp/testdata/idemix/EidRH/msp/IssuerPublicKey deleted file mode 100644 index 92a0a476006da6c36c90c6193ea9af05a180ed9a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 843 zcmV-R1GM}K0#8*61X6EoWeN;MZgOvIY;9$3bV)=C5K?7!Z)0I}X>V>wVQyq>WfDXR zApI@q{PH4~(~Yxp<146uv>mY<^-9Uj04s+!X8AKzXA&TL>E9i43LVD#W+tMngR^v1 z$U^~R237ML!VpLk_7cw;L<%7AcB9y8g0Yxi_$P94`MbcwBQ=YYg?!Q9_rqv?KxD-d zAO*i)A^r21_A{pT=L4DOJ~L3Z>Ua^;uRbIB7D^b!dLl#$Ahi@U^Kx9K=1$nZ28;!i z5N)04O5B7NwrW0`Tmxz&UJ@X9IO5eaOS$rOtB07h+)3yT3eHk!jIjn1AhBM$A45JO zL<%4rAD!vnsFw;1q7`vQ!y-{QPh|~57v9GD_xA=OL<%4f6fZx4>0N=`s)};U zal}8TQao`+l|0wgmX{baTf7AlAYsCi_Bi6}8+mQi&w8Pz%f`^T{NM zAk88m|CbEh?G|U>HnIk$mD}_{)~m31r;s3Iw|QEMe=@0Sn}oy( zDQHkC91}BQ8Z}$eX)MIuBbplt5+G+t81hA|d8t(wYc-?l?A8UmVXD7$Df0~qfe<0X zHu^e53Lqbs!-|qI5US^v>!KMYGL=PRmskAmkjF4PF%1rC^?ni{Lc~=`Vh?pECd&bQ zsD(Vf)mov-Tn_6zfhAr>^4a(r{gXVH;i`n7(^vq4zbT9QqiV2nn`8xUcd^`XE diff --git a/msp/testdata/idemix/EidRH/msp/RevocationPublicKey b/msp/testdata/idemix/EidRH/msp/RevocationPublicKey deleted file mode 100644 index 21fcc259..00000000 --- a/msp/testdata/idemix/EidRH/msp/RevocationPublicKey +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEUYU7MqNBx9g+U2An2by0qrFEygrQpKUr -Jpw8xzxWwd72qm9UxQoMJjWkxp2Yp1ahsv9nvN0gjHOHlzXTYSDrnOesgZagT1fQ -sQducv6k91yUv7ZELY4c+C2e0taMHqzL ------END PUBLIC KEY----- diff --git a/msp/testdata/idemix/EidRH/user/SignerConfig b/msp/testdata/idemix/EidRH/user/SignerConfig deleted file mode 100644 index 8afb3f682b937acdb038bd352067abc3e56cf0c1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 677 zcmdcxIZALc@dNFS}DS zPhOa&RXBs+>a}XwrmtVl23(51+O)4;yhBO|Xo~%6YfZ69YD*0tyqp(PB)_Hf^1YY! z@1jDaLoIg5WJVqnQrLPu@sLl&Ki5*rd12e9pVzN$3M%yZwW>Vz{I4C4uB+)vDX6eI zozMEn#!~V~xcJuU2KK{8?>%5l@>n7KgQH;iy*frEg|45xM`G9Yz4VDX_1I`}<>HJM z=J`8*FFHBhD^Md){X&?QLh<>`HLhH2b0=J5+;(ke|3Pj`n;8waDw9*beO8sb5?7$5 zzA4|fqB1$6#SMYgco-m2)P~g@R<1x;hidXD;~99FzvjQ z`PO7{U6!_#LV<$Y^P^6SHi?A#SVJD~x!iGR zg44TYo|<)==6Cz-YiN?1vH5{eqoCJXmf2G22B}O2oQ@_BmzJOY@uxzH+h%IyKf?>t zY<53?-^1yjWa1(8XwS2w3XWl#rr#PLgj9zazPiX{$nbIQ60xPmADxzLRTGapRkGvF zxAz`T`gAsyI~|$Cl=$bTF?+B2kz*PO57!h-GOIr{+e!o&5JjnF`N@eTnfZCT8Hsr* GIjI0{E-bwO diff --git a/msp/testdata/idemix/MSP1OU1/ca/IssuerPublicKey b/msp/testdata/idemix/MSP1OU1/ca/IssuerPublicKey deleted file mode 100644 index 034daa57..00000000 --- a/msp/testdata/idemix/MSP1OU1/ca/IssuerPublicKey +++ /dev/null @@ -1,16 +0,0 @@ - -OU -Role - EnrollmentID -RevocationHandleD - ^٪hĉl<3t%(NP 5x|_}|M΂38uUX˷D - '+{S9! x^k좃9NXO{?% @n GڣHD8|٘p$6!6"D - !sdW40bʸTD-+(mX ʺ[Ҋεx ˛[T"D - O(1qJ)Ji,\a e%s3 ]#%"D - \nm;s=asmR&Wm#j ,.lTwjWpH6hg]eAT~"D - oE6‘۔<$^bbE% HؙgּI]nT ǃ'܆٘* - U~;lkE0S&Lj̗#@9PVN >ӠNHh67fJ 9EZɳ1z*B# N" !9uLNH -y2D - i mLB ^Y~D.D HRxIk%>orV7?YL:D - ]Fq#A3ITgGfK\x - iՉ~o/P։ >ˆPvB 3}x]RJP@DJ ;lDNyxEbtچR Z1̶V0o{܉֫ \ No newline at end of file diff --git a/msp/testdata/idemix/MSP1OU1/ca/IssuerSecretKey b/msp/testdata/idemix/MSP1OU1/ca/IssuerSecretKey deleted file mode 100644 index 10b591de..00000000 --- a/msp/testdata/idemix/MSP1OU1/ca/IssuerSecretKey +++ /dev/null @@ -1 +0,0 @@ -d{ҟ \fRQ[ӠNHh67fJ 9EZɳ1z*B# N" !9uLNH -y2D - i mLB ^Y~D.D HRxIk%>orV7?YL:D - ]Fq#A3ITgGfK\x - iՉ~o/P։ >ˆPvB 3}x]RJP@DJ ;lDNyxEbtچR Z1̶V0o{܉֫ \ No newline at end of file diff --git a/msp/testdata/idemix/MSP1OU1/msp/RevocationPublicKey b/msp/testdata/idemix/MSP1OU1/msp/RevocationPublicKey deleted file mode 100644 index a0fc2af3..00000000 --- a/msp/testdata/idemix/MSP1OU1/msp/RevocationPublicKey +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE76UE50n31TB34E3tEHi9vyaLXEJIpxF6 -Ur1eWKRIpZ7Pyi55fHg93nM2kKwglbX6LLRIl0nzMLhgvwJpIlVh+REM63cNj9D0 -80OaN8HetLRG7Hpj7ipR3Q4VjZ0x22ZC ------END PUBLIC KEY----- diff --git a/msp/testdata/idemix/MSP1OU1/user/SignerConfig b/msp/testdata/idemix/MSP1OU1/user/SignerConfig deleted file mode 100644 index f496457a543ae0fae3d7c9c95a79d750231fa8b7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 644 zcmd1_H+NlnbX-Q=H@{k@B~8$9_r2Snq?r9f4HX!**mH{u4D(A3jlM7nbue-% z{NphW*m5#QK_iSmyhdZ9)j65qSwj0;Y%ZyZZRO) zzmfuL$m2biI}S~7dbi9|vu@M;Zl8S(O;R&9KM-mZ^jga@TPockmC2Byo6)l}=c-`N zs&%!tM(6CSYh%wArQWGu@ypzN_CEh}&mV7_5U%2R?}2SFr`%5CibYHYmaIa?>bmc0 umYq~QBP6!R>X+nagCLvR@>-rXf|K6KUw-P&_BF*sIPHpZ&8N$^A{hXT;Rs*= diff --git a/msp/testdata/idemix/MSP1OU1Admin/ca/IssuerPublicKey b/msp/testdata/idemix/MSP1OU1Admin/ca/IssuerPublicKey deleted file mode 100644 index 034daa57..00000000 --- a/msp/testdata/idemix/MSP1OU1Admin/ca/IssuerPublicKey +++ /dev/null @@ -1,16 +0,0 @@ - -OU -Role - EnrollmentID -RevocationHandleD - ^٪hĉl<3t%(NP 5x|_}|M΂38uUX˷D - '+{S9! x^k좃9NXO{?% @n GڣHD8|٘p$6!6"D - !sdW40bʸTD-+(mX ʺ[Ҋεx ˛[T"D - O(1qJ)Ji,\a e%s3 ]#%"D - \nm;s=asmR&Wm#j ,.lTwjWpH6hg]eAT~"D - oE6‘۔<$^bbE% HؙgּI]nT ǃ'܆٘* - U~;lkE0S&Lj̗#@9PVN >ӠNHh67fJ 9EZɳ1z*B# N" !9uLNH -y2D - i mLB ^Y~D.D HRxIk%>orV7?YL:D - ]Fq#A3ITgGfK\x - iՉ~o/P։ >ˆPvB 3}x]RJP@DJ ;lDNyxEbtچR Z1̶V0o{܉֫ \ No newline at end of file diff --git a/msp/testdata/idemix/MSP1OU1Admin/ca/IssuerSecretKey b/msp/testdata/idemix/MSP1OU1Admin/ca/IssuerSecretKey deleted file mode 100644 index 10b591de..00000000 --- a/msp/testdata/idemix/MSP1OU1Admin/ca/IssuerSecretKey +++ /dev/null @@ -1 +0,0 @@ -d{ҟ \fRQ[ӠNHh67fJ 9EZɳ1z*B# N" !9uLNH -y2D - i mLB ^Y~D.D HRxIk%>orV7?YL:D - ]Fq#A3ITgGfK\x - iՉ~o/P։ >ˆPvB 3}x]RJP@DJ ;lDNyxEbtچR Z1̶V0o{܉֫ \ No newline at end of file diff --git a/msp/testdata/idemix/MSP1OU1Admin/msp/RevocationPublicKey b/msp/testdata/idemix/MSP1OU1Admin/msp/RevocationPublicKey deleted file mode 100644 index a0fc2af3..00000000 --- a/msp/testdata/idemix/MSP1OU1Admin/msp/RevocationPublicKey +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE76UE50n31TB34E3tEHi9vyaLXEJIpxF6 -Ur1eWKRIpZ7Pyi55fHg93nM2kKwglbX6LLRIl0nzMLhgvwJpIlVh+REM63cNj9D0 -80OaN8HetLRG7Hpj7ipR3Q4VjZ0x22ZC ------END PUBLIC KEY----- diff --git a/msp/testdata/idemix/MSP1OU1Admin/user/SignerConfig b/msp/testdata/idemix/MSP1OU1Admin/user/SignerConfig deleted file mode 100644 index 767b1131585cd2362665b12da1d6dc70ea61ff25..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmdQtj8_WwAy(dG~RNbWs>;5Ytir0)doA(S?6>JDLgsz@Q|zT zhHmFc4c&k91LS|i_@?GB?mef_^5Mx{?$29=fTjqkZ?>MZ{@e6U-gBX=gDUKk{XJ42 z6@Hqv(aEu9itb%OAq8cJMddR;DG0^AVSLO}cD;O~$sC5Al|n}hWR<JU|A;!zvpaqDzS9MsMQipcDeyOo#*{2QRNS4pkwrI13d+(~Q4 zA61u+a@5p3oZdWNFmh?-rl@uQ-nj;^pU7p=B*p9>YN)`Z#gkiHV3=QO=$Mk5nP>Es zQK*BFOW_}naln?7ISLwK{NXhk6Rpn41kV!M-(qt~O>A4|fqB1$6#SMYgco-m2)P~g z@R<1x;hidXD;~99FzvjQ`PO7{U6!_#LV<$Y^P^6SHi?A#SVJD~x!iGRg44TYo|<)==6Cz-YiN?1vH5{eqoCJXmf2Dn25C%&46TR% zS6gS&rZ>9r(Pe=^Et6fQ zC$?qe8-Cvwab?QYe~)b*I~LsOWhsB{Ju!ZE1Ka;k3J>ddR9I-AvQEsFt~xp$0CӠNHh67fJ 9EZɳ1z*B# N" !9uLNH -y2D - i mLB ^Y~D.D HRxIk%>orV7?YL:D - ]Fq#A3ITgGfK\x - iՉ~o/P։ >ˆPvB 3}x]RJP@DJ ;lDNyxEbtچR Z1̶V0o{܉֫ \ No newline at end of file diff --git a/msp/testdata/idemix/MSP1OU2/ca/IssuerSecretKey b/msp/testdata/idemix/MSP1OU2/ca/IssuerSecretKey deleted file mode 100644 index 10b591de..00000000 --- a/msp/testdata/idemix/MSP1OU2/ca/IssuerSecretKey +++ /dev/null @@ -1 +0,0 @@ -d{ҟ \fRQ[ӠNHh67fJ 9EZɳ1z*B# N" !9uLNH -y2D - i mLB ^Y~D.D HRxIk%>orV7?YL:D - ]Fq#A3ITgGfK\x - iՉ~o/P։ >ˆPvB 3}x]RJP@DJ ;lDNyxEbtچR Z1̶V0o{܉֫ \ No newline at end of file diff --git a/msp/testdata/idemix/MSP1OU2/msp/RevocationPublicKey b/msp/testdata/idemix/MSP1OU2/msp/RevocationPublicKey deleted file mode 100644 index a0fc2af3..00000000 --- a/msp/testdata/idemix/MSP1OU2/msp/RevocationPublicKey +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE76UE50n31TB34E3tEHi9vyaLXEJIpxF6 -Ur1eWKRIpZ7Pyi55fHg93nM2kKwglbX6LLRIl0nzMLhgvwJpIlVh+REM63cNj9D0 -80OaN8HetLRG7Hpj7ipR3Q4VjZ0x22ZC ------END PUBLIC KEY----- diff --git a/msp/testdata/idemix/MSP1OU2/user/SignerConfig b/msp/testdata/idemix/MSP1OU2/user/SignerConfig deleted file mode 100644 index 7b2c560afac1d62c00f3933e0d0cdbe22e760c94..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 644 zcmd=3o|xZ`ys@N=w@_B&q3YkD_oc#Dx2f+HQdqh%@%Q5X zl$}?iEZ+-r4ccR~;10R;!S_mw)_U^CDuK*S$1<~#mb$>!m#+`Y7uV3o<%jBQF zJ`OBlnwL{zMN?Kb)c9&C%o9va{-w7$&_re9ky}3ncQ-8hov$~u;YIM7ZGx|D_%3NF zFyIGFS_*z|nfA+MF@5UK7rErC+laGWG4wpG5d!aDKKfV=N1Ak--6wU%YJRJuVblOe;x-m=xVzWiBT zz1(6(r_++zrQxP*x+O>R-(OBU=pfS=&2V33A^$#Wk{nzPx1rXJ5|z@xCy=&pg34w`V#4U!4dl diff --git a/msp/testdata/idemix/MSP1Verifier/ca/IssuerPublicKey b/msp/testdata/idemix/MSP1Verifier/ca/IssuerPublicKey deleted file mode 100644 index 034daa57..00000000 --- a/msp/testdata/idemix/MSP1Verifier/ca/IssuerPublicKey +++ /dev/null @@ -1,16 +0,0 @@ - -OU -Role - EnrollmentID -RevocationHandleD - ^٪hĉl<3t%(NP 5x|_}|M΂38uUX˷D - '+{S9! x^k좃9NXO{?% @n GڣHD8|٘p$6!6"D - !sdW40bʸTD-+(mX ʺ[Ҋεx ˛[T"D - O(1qJ)Ji,\a e%s3 ]#%"D - \nm;s=asmR&Wm#j ,.lTwjWpH6hg]eAT~"D - oE6‘۔<$^bbE% HؙgּI]nT ǃ'܆٘* - U~;lkE0S&Lj̗#@9PVN >ӠNHh67fJ 9EZɳ1z*B# N" !9uLNH -y2D - i mLB ^Y~D.D HRxIk%>orV7?YL:D - ]Fq#A3ITgGfK\x - iՉ~o/P։ >ˆPvB 3}x]RJP@DJ ;lDNyxEbtچR Z1̶V0o{܉֫ \ No newline at end of file diff --git a/msp/testdata/idemix/MSP1Verifier/ca/IssuerSecretKey b/msp/testdata/idemix/MSP1Verifier/ca/IssuerSecretKey deleted file mode 100644 index 10b591de..00000000 --- a/msp/testdata/idemix/MSP1Verifier/ca/IssuerSecretKey +++ /dev/null @@ -1 +0,0 @@ -d{ҟ \fRQ[ӠNHh67fJ 9EZɳ1z*B# N" !9uLNH -y2D - i mLB ^Y~D.D HRxIk%>orV7?YL:D - ]Fq#A3ITgGfK\x - iՉ~o/P։ >ˆPvB 3}x]RJP@DJ ;lDNyxEbtچR Z1̶V0o{܉֫ \ No newline at end of file diff --git a/msp/testdata/idemix/MSP1Verifier/msp/RevocationPublicKey b/msp/testdata/idemix/MSP1Verifier/msp/RevocationPublicKey deleted file mode 100644 index a0fc2af3..00000000 --- a/msp/testdata/idemix/MSP1Verifier/msp/RevocationPublicKey +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE76UE50n31TB34E3tEHi9vyaLXEJIpxF6 -Ur1eWKRIpZ7Pyi55fHg93nM2kKwglbX6LLRIl0nzMLhgvwJpIlVh+REM63cNj9D0 -80OaN8HetLRG7Hpj7ipR3Q4VjZ0x22ZC ------END PUBLIC KEY----- diff --git a/msp/testdata/idemix/MSP2OU1/ca/IssuerPublicKey b/msp/testdata/idemix/MSP2OU1/ca/IssuerPublicKey deleted file mode 100644 index cb904d7580f68ecaf0d66b9e7278dec5a3a7c777..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 843 zcmV-R1GM}K0#8*61X6EoWeN;MZgOvIY;9$3bV)=C5K?7!Z)0I}X>V>wVQyq>WfDXR zASOz)MNsm6M{u?b3mIG+lCitf4`l-zH6vzb;;k0t&JrN=oLnp+j@5<}^x^F3(HoXs zB+qv>^gJ0-BAtsQajS9~L<%5<5@Mia>k@fFgyxj`Z+5tL(Ixm3j`Cfx^OJ!s(`0fI zAQgH;gE@eeP8&c#gYoMODN6jN`U4)Gb*KT>ov3a*MIuBBAU++ua9l`dV3?zLEmBcN z8!rOp_`=V;_KX%?bE_Z)aS|ZX7cKuv(KqraeJ#bkFpJV>JfD;F!I;MD8_|AHwvx0W zL<%54M9?gz_#@{2Hvbs|oSk=zcp~8wd7q@fHkMG^HRBf&An?D8c8)t+My?d0!KTl@ zVWIDT`?HaEav3dLgAVI^IU+;~AYPx{If6RZM#r@*8)fsHUPp(0vD|0L!I#4BBUAd^ zy%Hd|Rv3Q5j1^jD49E^BB+_BN6kz1-07hUpe$%a9NYfZ1L<%5gdOVqEm97n1m#@o9 zK9<54ulyi!_^=ztdx6i%CgB8q;SI^^$^F28X%>}@hQ`-km*NGZdL4sKJ1z9@Oj~?xZk!bmcz0& zNKqmnAme1nP}j_;KL!_mk3Pj2U^0kQr9d1BI7sZBg;WzT&zB?CB8C&G{!!C z0Bxb|--+w9yk{^VQw+E$RrB4o5+F&5skk<|t*JB>t~INEU$^}vvOz5rp2T7*)*Yxb2D6mZ_q3v)@=2wTx*yPs6<5 VVE`=$2$6V7ts}y=28u4Dn3AsZhAIF6 diff --git a/msp/testdata/idemix/MSP2OU1/ca/IssuerSecretKey b/msp/testdata/idemix/MSP2OU1/ca/IssuerSecretKey deleted file mode 100644 index 7645123f..00000000 --- a/msp/testdata/idemix/MSP2OU1/ca/IssuerSecretKey +++ /dev/null @@ -1 +0,0 @@ -Z݇-E_} DEtQIw` \ No newline at end of file diff --git a/msp/testdata/idemix/MSP2OU1/ca/RevocationKey b/msp/testdata/idemix/MSP2OU1/ca/RevocationKey deleted file mode 100644 index fc9280c5..00000000 --- a/msp/testdata/idemix/MSP2OU1/ca/RevocationKey +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIGkAgEBBDACDZ/H28Lz9ZkRt9DPS0S2St6myYr0yOXUBh6jXnL6Xd6KtxG9Gvbx -izkRk9WPY0qgBwYFK4EEACKhZANiAAShz6e2n4kjEI/AmkIciyGlVXlrcupnNjSN -3wgtr7WvvtmhmrMSxNRNa+wAuaHKcLwUlRvf/S6xswzdFaWkSOv7b0XQrlpTPZkb -Y7l14ajp4H3Le6dw4D8Wj6PLgDA6EXc= ------END PRIVATE KEY----- diff --git a/msp/testdata/idemix/MSP2OU1/msp/IssuerPublicKey b/msp/testdata/idemix/MSP2OU1/msp/IssuerPublicKey deleted file mode 100644 index cb904d7580f68ecaf0d66b9e7278dec5a3a7c777..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 843 zcmV-R1GM}K0#8*61X6EoWeN;MZgOvIY;9$3bV)=C5K?7!Z)0I}X>V>wVQyq>WfDXR zASOz)MNsm6M{u?b3mIG+lCitf4`l-zH6vzb;;k0t&JrN=oLnp+j@5<}^x^F3(HoXs zB+qv>^gJ0-BAtsQajS9~L<%5<5@Mia>k@fFgyxj`Z+5tL(Ixm3j`Cfx^OJ!s(`0fI zAQgH;gE@eeP8&c#gYoMODN6jN`U4)Gb*KT>ov3a*MIuBBAU++ua9l`dV3?zLEmBcN z8!rOp_`=V;_KX%?bE_Z)aS|ZX7cKuv(KqraeJ#bkFpJV>JfD;F!I;MD8_|AHwvx0W zL<%54M9?gz_#@{2Hvbs|oSk=zcp~8wd7q@fHkMG^HRBf&An?D8c8)t+My?d0!KTl@ zVWIDT`?HaEav3dLgAVI^IU+;~AYPx{If6RZM#r@*8)fsHUPp(0vD|0L!I#4BBUAd^ zy%Hd|Rv3Q5j1^jD49E^BB+_BN6kz1-07hUpe$%a9NYfZ1L<%5gdOVqEm97n1m#@o9 zK9<54ulyi!_^=ztdx6i%CgB8q;SI^^$^F28X%>}@hQ`-km*NGZdL4sKJ1z9@Oj~?xZk!bmcz0& zNKqmnAme1nP}j_;KL!_mk3Pj2U^0kQr9d1BI7sZBg;WzT&zB?CB8C&G{!!C z0Bxb|--+w9yk{^VQw+E$RrB4o5+F&5skk<|t*JB>t~INEU$^}vvOz5rp2T7*)*Yxb2D6mZ_q3v)@=2wTx*yPs6<5 VVE`=$2$6V7ts}y=28u4Dn3AsZhAIF6 diff --git a/msp/testdata/idemix/MSP2OU1/msp/RevocationPublicKey b/msp/testdata/idemix/MSP2OU1/msp/RevocationPublicKey deleted file mode 100644 index ed47424a..00000000 --- a/msp/testdata/idemix/MSP2OU1/msp/RevocationPublicKey +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEoc+ntp+JIxCPwJpCHIshpVV5a3LqZzY0 -jd8ILa+1r77ZoZqzEsTUTWvsALmhynC8FJUb3/0usbMM3RWlpEjr+29F0K5aUz2Z -G2O5deGo6eB9y3uncOA/Fo+jy4AwOhF3 ------END PUBLIC KEY----- diff --git a/msp/testdata/idemix/MSP2OU1/user/SignerConfig b/msp/testdata/idemix/MSP2OU1/user/SignerConfig deleted file mode 100644 index 90d9578675d703c1a2caf327e1a22d9ba165ae01..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 645 zcmdoISU;j|~S4!cu z!sXunuWy^KeEY!J(cr@r$57DB60>ScAaAwMJ9j2OB?Z0<8d-O<=D4lX?B@TQWhxrP z{Fv`EtJyJy4O|-^%9ccFDa?Gkb4B(?)gJ<8HBUX4OU;%^ zu3`a~WLCJYmz%z)+41Aa(D*ox05!|yiy}5hNHP0|8Y(bpvF8>S80D858hvFH>R{wj z_{U=$u;pZqf<_pBc#XzHt8+5JvxN4y*j!Q*+tztt-ftlVzhw#G#a#zNZbv;lW`09> zr^?-mN9`9(J1=FvHCbGjr7fjUpy2lWsMF%jW#zo3LVk9E?@z0g_9jMnyyV={xbKeo zelJ2X_Z!E&C$5`B)hPqVhp|1ESuVoT8GqAJPbe3iXR@60VMT=el304seBd;kCd From ab0ce639eaa52bb9f976463cc0d87203e2103779 Mon Sep 17 00:00:00 2001 From: Soumya Mohapatra Date: Mon, 8 Jun 2026 00:25:39 +0530 Subject: [PATCH 9/9] =?UTF-8?q?ci:=20harden=20CI=20pipeline=20=E2=80=94=20?= =?UTF-8?q?add=20linter,=20remove=20legacy=20guard,=20enforce=20-count=3D1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Remove 'Legacy guard' step from CI (dlog/weak-bb fully removed) - Add golangci-lint step with curated ruleset: errcheck, gosimple, govet, ineffassign, staticcheck, unused - Add .golangci.yml config: suppress SA1019 (deprecated usage tracked for Phase 7), exclude mock and flogging dirs, exclude errcheck in tests and AddWrapper calls - Add -count=1 to unit-tests and unit-tests-race Makefile targets - Fix lint issues: remove unused logger var (impl.go), fix ineffectual assignment (smartcard.go), register testAries with Ginkgo suite (aries_test.go), add unreachable return for staticcheck (main.go) Signed-off-by: Soumya Mohapatra --- .github/workflows/go.yml | 22 +++++----------------- .golangci.yml | 31 +++++++++++++++++++++++++++++++ Makefile | 4 ++-- bccsp/aries_test.go | 2 ++ bccsp/impl.go | 5 ----- bccsp/schemes/aries/smartcard.go | 1 - tools/idemixgen/main.go | 1 + 7 files changed, 41 insertions(+), 25 deletions(-) create mode 100644 .golangci.yml diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 8486d0b2..c08af375 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -25,23 +25,11 @@ jobs: - name: Checks run: make checks - - name: Legacy guard - run: | - # Fail if new files import dlog or weak-bb outside known locations. - # Known files are listed in docs/LEGACY_REMOVAL_CHECKLIST.md. - KNOWN_DLOG_FILES="bccsp/bccsp.go|bccsp/bccsp_test.go|bccsp/aries_test.go|bccsp/legacy_test.go|bccsp/perf_test.go|bccsp/smartcard_test.go|bccsp/handlers/nym.go|bccsp/handlers/nymsigner_test.go|bccsp/handlers/signer_test.go|bccsp/handlers/user_test.go|bccsp/keystore/kvsbased.go|bccsp/keystore/kvsbased_test.go|msp/idemixmsp.go|msp/idemixmsp_test.go|tools/idemixgen/main.go|tools/idemixgen/idemixca/idemixca.go|tools/idemixgen/idemixca/idemixca_test.go" - KNOWN_WEAKBB_FILES="bccsp/schemes/aries/revocation.go|bccsp/schemes/dlog/crypto/revocation_authority.go|bccsp/schemes/dlog/crypto/idemix_test.go" - - NEW_DLOG=$(grep -rn "schemes/dlog" --include="*.go" . | grep -v "schemes/dlog/" | grep -v -E "$KNOWN_DLOG_FILES" | grep -v "_test.go:" || true) - NEW_WEAKBB=$(grep -rn "schemes/weak-bb" --include="*.go" . | grep -v "schemes/weak-bb/" | grep -v -E "$KNOWN_WEAKBB_FILES" || true) - - if [ -n "$NEW_DLOG" ] || [ -n "$NEW_WEAKBB" ]; then - echo "❌ New legacy imports detected! Do not add new dlog/weak-bb imports." - echo "$NEW_DLOG" - echo "$NEW_WEAKBB" - exit 1 - fi - echo "✅ No new legacy imports found." + - name: Lint + uses: golangci/golangci-lint-action@v6 + with: + version: latest + args: --timeout=5m - name: Unit Tests run: make unit-tests diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 00000000..a66a62d4 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,31 @@ +linters: + enable: + - errcheck + - gosimple + - govet + - ineffassign + - staticcheck + - unused + +linters-settings: + errcheck: + check-blank: false + check-type-assertions: false + staticcheck: + checks: + - "all" + - "-SA1019" # Suppress deprecated usage — tracked for Phase 7 + +issues: + exclude-dirs: + - bccsp/types/mock + - common/flogging/mock + - common/flogging + exclude-rules: + - path: bccsp/bccsp\.go + linters: + - errcheck + text: "AddWrapper" + - path: _test\.go + linters: + - errcheck diff --git a/Makefile b/Makefile index ff65578c..54845f3d 100644 --- a/Makefile +++ b/Makefile @@ -9,11 +9,11 @@ checks: check-deps .PHONY: unit-tests unit-tests: - @go test ./... + @go test -count=1 ./... .PHONY: unit-tests-race unit-tests-race: - @export GORACE=history_size=7; go test -timeout 960s -race -cover $(shell go list ./...) + @export GORACE=history_size=7; go test -count=1 -timeout 960s -race -cover $(shell go list ./...) .PHONY: check-deps check-deps: diff --git a/bccsp/aries_test.go b/bccsp/aries_test.go index 5aa6a05e..a92f03d9 100644 --- a/bccsp/aries_test.go +++ b/bccsp/aries_test.go @@ -20,6 +20,8 @@ import ( . "github.com/onsi/gomega" ) +var _ = Describe("Aries", testAries) + func testAries() { curve := math.Curves[math.BLS12_381_BBS] diff --git a/bccsp/impl.go b/bccsp/impl.go index c85eadd4..fa15d338 100644 --- a/bccsp/impl.go +++ b/bccsp/impl.go @@ -18,14 +18,9 @@ import ( "reflect" bccsp "github.com/IBM/idemix/bccsp/types" - "github.com/IBM/idemix/common/flogging" "github.com/pkg/errors" ) -var ( - logger = flogging.MustGetLogger("bccsp_idemix") -) - // KeyGenerator is a BCCSP-like interface that provides key generation algorithms type KeyGenerator interface { diff --git a/bccsp/schemes/aries/smartcard.go b/bccsp/schemes/aries/smartcard.go index 41503347..a82e1be2 100644 --- a/bccsp/schemes/aries/smartcard.go +++ b/bccsp/schemes/aries/smartcard.go @@ -141,7 +141,6 @@ func (sc *Smartcard) NymVerify(proofBytes []byte, nymEid *math.G1, msg []byte) e offset += sc.Curve.ScalarByteSize r_hat := sc.Curve.NewZrFromBytes(proofBytes[offset : offset+sc.Curve.ScalarByteSize]) - offset += sc.Curve.ScalarByteSize var challengeBytes []byte challengeBytes = append(challengeBytes, sc.H0.Bytes()[1:]...) diff --git a/tools/idemixgen/main.go b/tools/idemixgen/main.go index 2d20e760..07abdf11 100644 --- a/tools/idemixgen/main.go +++ b/tools/idemixgen/main.go @@ -173,6 +173,7 @@ func readRevocationKey() *ecdsa.PrivateKey { block, _ := pem.Decode(keyBytes) if block == nil { handleError(errors.Errorf("failed to decode ECDSA private key")) + return nil // unreachable, but satisfies staticcheck } key, err := x509.ParseECPrivateKey(block.Bytes) handleError(err)