gabi

package module
v0.0.0-...-a0c47e1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2019 License: BSD-3-Clause Imports: 14 Imported by: 0

README

GoDoc Build Status Gabi

Gabi is a Go implementation of the IRMA approach to the Idemix attribute based credential system. Check out the IRMA website to learn more on this great alternative to traditional identity management.

gabi itself is designed to be compatible with the existing Java and C++ implementations of the IRMA system.

Status

Do note that this library is still fairly young. As such there might be some API-changes in the near future. And although most (if not all) cryptographic primitives are present, it does need additional "field testing". In addition, since this library implements (non-trivial) cryptography it needs to be checked by many more eyeballs.

Install

To install:

go get -v github.com/mhe/gabi

Test

To run tests:

go test -v ./...

Documentation

Overview

Package gabi is an implementation of the IRMA (https://irmacard.org) approach to attribute based credentials. For now, see gabi_test.go on how to use the library.

Index

Constants

View Source 
const (
	//XMLHeader can be a used as the XML header when writing keys in XML format.
	XMLHeader = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\n"
	// DefaultEpochLength is the default epoch length for public keys.
	DefaultEpochLength = 432000
)

Variables

View Source 
var (
	// ErrIncorrectProofOfSignatureCorrectness is issued when the the proof of
	// correctness on the signature does not verify.
	ErrIncorrectProofOfSignatureCorrectness = errors.New("Proof of correctness on signature does not verify.")
	// ErrIncorrectAttributeSignature is issued when the signature on the
	// attributes is not correct.
	ErrIncorrectAttributeSignature = errors.New("The Signature on the attributes is not correct.")
)
View Source 
var DefaultKeyLengths = getAvailableKeyLengths(DefaultSystemParameters)

DefaultKeyLengths is a slice of integers holding the keylengths for which system parameters are available.

View Source 
var DefaultSystemParameters = map[int]*SystemParameters{
	1024: &SystemParameters{defaultBaseParameters[1024], MakeDerivedParameters(defaultBaseParameters[1024])},
	2048: &SystemParameters{defaultBaseParameters[2048], MakeDerivedParameters(defaultBaseParameters[2048])},
	4096: &SystemParameters{defaultBaseParameters[4096], MakeDerivedParameters(defaultBaseParameters[4096])},
}

DefaultSystemParameters holds per keylength the default parameters as are currently in use at the moment. This might (and probably will) change in the future.

View Source 
var (
	// ErrMissingProofU is returned when a ProofU proof is missing in a prooflist
	// when this is expected.
	ErrMissingProofU = errors.New("Missing ProofU in ProofList, has a CredentialBuilder been added?")
)

Functions

func GenerateKeyPair 

func GenerateKeyPair(param *SystemParameters, numAttributes int, counter uint, expiryDate time.Time) (*PrivateKey, *PublicKey, error)

GenerateKeyPair generates a private/public keypair for an Issuer

func ParamSize 

func ParamSize(a int) int

ParamSize computes the size of a parameter in bytes given the size in bits.

func RandomBigInt 

func RandomBigInt(numBits uint) (*big.Int, error)

RandomBigInt returns a random big integer value in the range [0,(2^numBits)-1], inclusive.

Types

type BaseParameters 

type BaseParameters struct {
	Le      uint
	LePrime uint
	Lh      uint
	Lm      uint
	Ln      uint
	Lstatzk uint
	Lv      uint
}

BaseParameters holds the base system parameters

type Bases 

type Bases []*big.Int

Bases is a type that is introduced to simplify the encoding/decoding of a PublicKey whilst using the xml support of Go's standard library.

func (*Bases) MarshalXML 

func (bl *Bases) MarshalXML(e *xml.Encoder, start xml.StartElement) error

MarshalXML is an internal function to simplify encoding a PublicKey to XML.

func (*Bases) UnmarshalXML 

func (bl *Bases) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML is an internal function to simplify decoding a PublicKey from XML.

type CLSignature 

type CLSignature struct {
	A         *big.Int
	E         *big.Int `json:"e"`
	V         *big.Int `json:"v"`
	KeyshareP *big.Int `json:"KeyshareP"` // R_0^{keysharesecret}, necessary for verification
}

CLSignature is a data structure for holding a Camenisch-Lysyanskaya signature.

func SignMessageBlock 

func SignMessageBlock(sk *PrivateKey, pk *PublicKey, ms []*big.Int) (*CLSignature, error)

SignMessageBlock signs a message block (ms) using the Camenisch-Lysyanskaya signature scheme as used in the IdeMix system.

func (*CLSignature) Randomize 

func (s *CLSignature) Randomize(pk *PublicKey) *CLSignature

Randomize returns a randomized copy of the signature.

func (*CLSignature) Verify 

func (s *CLSignature) Verify(pk *PublicKey, ms []*big.Int) bool

Verify checks whether the signature is correct while being given a public key and the messages.

type Credential 

type Credential struct {
	Signature  *CLSignature `json:"signature"`
	Pk         *PublicKey   `json:"-"`
	Attributes []*big.Int   `json:"attributes"`
}

Credential represents an Idemix credential.

func (*Credential) CreateDisclosureProof 

func (ic *Credential) CreateDisclosureProof(disclosedAttributes []int, context, nonce1 *big.Int) *ProofD

CreateDisclosureProof creates a disclosure proof (ProofD) voor the provided indices of disclosed attributes.

func (*Credential) CreateDisclosureProofBuilder 

func (ic *Credential) CreateDisclosureProofBuilder(disclosedAttributes []int) *DisclosureProofBuilder

CreateDisclosureProofBuilder produces a DisclosureProofBuilder, an object to hold the state in the protocol for producing a disclosure proof that is linked to other proofs.

type CredentialBuilder 

type CredentialBuilder struct {
	// contains filtered or unexported fields
}

CredentialBuilder is a temporary object to hold some state for the protocol that is used to create (build) a credential. It also implements the ProofBuilder interface.

func NewCredentialBuilder 

func NewCredentialBuilder(pk *PublicKey, context, secret *big.Int, nonce2 *big.Int) *CredentialBuilder

NewCredentialBuilder creates a new credential builder. The resulting credential builder is already committed to the provided secret.

func (*CredentialBuilder) Commit 

func (b *CredentialBuilder) Commit(skRandomizer *big.Int) []*big.Int

Commit commits to the secret (first) attribute using the provided randomizer.

func (*CredentialBuilder) CommitToSecretAndProve 

func (b *CredentialBuilder) CommitToSecretAndProve(nonce1 *big.Int) *IssueCommitmentMessage

CommitToSecretAndProve creates the response to the initial challenge nonce nonce1 sent by the issuer. The response consists of a commitment to the secret (set on creation of the builder, see NewBuilder) and a proof of correctness of this commitment.

func (*CredentialBuilder) ConstructCredential 

func (b *CredentialBuilder) ConstructCredential(msg *IssueSignatureMessage, attributes []*big.Int) (*Credential, error)

ConstructCredential creates a credential using the IssueSignatureMessage from the issuer and the content of the attributes.

func (*CredentialBuilder) CreateIssueCommitmentMessage 

func (b *CredentialBuilder) CreateIssueCommitmentMessage(proofs ProofList) *IssueCommitmentMessage

CreateIssueCommitmentMessage creates the IssueCommitmentMessage based on the provided prooflist, to be sent to the issuer.

func (*CredentialBuilder) CreateProof 

func (b *CredentialBuilder) CreateProof(challenge *big.Int) Proof

CreateProof creates a (ProofU) Proof using the provided challenge.

func (*CredentialBuilder) MergeProofPCommitment 

func (b *CredentialBuilder) MergeProofPCommitment(commitment *ProofPCommitment)

func (*CredentialBuilder) PublicKey 

func (b *CredentialBuilder) PublicKey() *PublicKey

PublicKey returns the Idemix public key against which the credential will verify.

type DerivedParameters 

type DerivedParameters struct {
	LeCommit      uint
	LmCommit      uint
	LRA           uint
	LsCommit      uint
	LvCommit      uint
	LvPrime       uint
	LvPrimeCommit uint
}

DerivedParameters holds system parameters that can be drived from base systemparameters (BaseParameters)

func MakeDerivedParameters 

func MakeDerivedParameters(base BaseParameters) DerivedParameters

MakeDerivedParameters computes the derived system parameters

type DisclosureProofBuilder 

type DisclosureProofBuilder struct {
	// contains filtered or unexported fields
}

DisclosureProofBuilder is an object that holds the state for the protocol to produce a disclosure proof.

func (*DisclosureProofBuilder) Commit 

func (d *DisclosureProofBuilder) Commit(skRandomizer *big.Int) []*big.Int

Commit commits to the first attribute (the secret) using the provided randomizer.

func (*DisclosureProofBuilder) CreateProof 

func (d *DisclosureProofBuilder) CreateProof(challenge *big.Int) Proof

CreateProof creates a (disclosure) proof with the provided challenge.

func (*DisclosureProofBuilder) MergeProofPCommitment 

func (d *DisclosureProofBuilder) MergeProofPCommitment(commitment *ProofPCommitment)

func (*DisclosureProofBuilder) PublicKey 

func (d *DisclosureProofBuilder) PublicKey() *PublicKey

PublicKey returns the Idemix public key against which this disclosure proof will verify.

func (*DisclosureProofBuilder) TimestampRequestContributions 

func (d *DisclosureProofBuilder) TimestampRequestContributions() (*big.Int, []*big.Int)

TimestampRequestContributions returns the contributions of this disclosure proof to the message that is to be signed by the timestamp server: - A of the randomized CL-signature - Slice of bigints populated with the disclosed attributes and 0 for the undisclosed ones.

type EpochLength 

type EpochLength int

EpochLength is a type that is introduced to simplify the encoding/decoding of a PublicKey whilst using the xml support of Go's standard library.

func (*EpochLength) MarshalXML 

func (el *EpochLength) MarshalXML(e *xml.Encoder, start xml.StartElement) error

MarshalXML is an internal function to simplify encoding a PublicKey to XML.

func (*EpochLength) UnmarshalXML 

func (el *EpochLength) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML is an internal function to simplify decoding a PublicKey from XML.

type IssueCommitmentMessage 

type IssueCommitmentMessage struct {
	U         *big.Int  `json:"U"`
	Nonce2    *big.Int  `json:"n_2"`
	Proofs    ProofList `json:"combinedProofs"`
	ProofPjwt string    `json:"proofPJwt"`
}

IssueCommitmentMessage encapsulates the messages sent by the receiver to the issuer in the second step of the issuance protocol.

type IssueSignatureMessage 

type IssueSignatureMessage struct {
	Proof     *ProofS      `json:"proof"`
	Signature *CLSignature `json:"signature"`
}

IssueSignatureMessage encapsulates the messages sent from the issuer to the reciver in the final step of the issuance protocol.

type Issuer 

type Issuer struct {
	Sk      *PrivateKey
	Pk      *PublicKey
	Context *big.Int
}

Issuer holds the key material for a credential issuer.

func NewIssuer 

func NewIssuer(sk *PrivateKey, pk *PublicKey, context *big.Int) *Issuer

NewIssuer creates a new credential issuer.

func (*Issuer) IssueSignature 

func (i *Issuer) IssueSignature(msg *IssueCommitmentMessage, attributes []*big.Int, nonce1 *big.Int) (*IssueSignatureMessage, error)

IssueSignature produces an IssueSignatureMessage for the attributes based on the IssueCommitmentMessage provided. Note that this function DOES NOT check the proofs containted in the IssueCommitmentMessage! That needs to be done at a higher level!

type PrivateKey 

type PrivateKey struct {
	XMLName    xml.Name `xml:"http://www.zurich.ibm.com/security/idemix IssuerPrivateKey"`
	Counter    uint     `xml:"Counter"`
	ExpiryDate int64    `xml:"ExpiryDate"`
	P          *big.Int `xml:"Elements>p"`
	Q          *big.Int `xml:"Elements>q"`
	PPrime     *big.Int `xml:"Elements>pPrime"`
	QPrime     *big.Int `xml:"Elements>qPrime"`
}

PrivateKey represents an issuer's private key.

func NewPrivateKey 

func NewPrivateKey(p, q *big.Int, counter uint, expiryDate time.Time) *PrivateKey

NewPrivateKey creates a new issuer private key using the provided parameters.

func NewPrivateKeyFromFile 

func NewPrivateKeyFromFile(filename string) (*PrivateKey, error)

NewPrivateKeyFromFile create a new issuer private key from an xml file.

func NewPrivateKeyFromXML 

func NewPrivateKeyFromXML(xmlInput string) (*PrivateKey, error)

NewPrivateKeyFromXML creates a new issuer private key using the xml data provided.

func (*PrivateKey) Print 

func (privk *PrivateKey) Print() error

Print prints the key to stdout.

func (*PrivateKey) WriteTo 

func (privk *PrivateKey) WriteTo(writer io.Writer) (int64, error)

WriteTo writes the XML-serialized public key to the given writer.

func (*PrivateKey) WriteToFile 

func (privk *PrivateKey) WriteToFile(filename string, forceOverwrite bool) (int64, error)

WriteToFile writes the private key to an xml file. If any existing file with the same filename should be overwritten, set forceOverwrite to true.

type Proof 

type Proof interface {
	VerifyWithChallenge(pk *PublicKey, reconstructedChallenge *big.Int) bool
	SecretKeyResponse() *big.Int
	ChallengeContribution(pk *PublicKey) []*big.Int
	MergeProofP(proofP *ProofP, pk *PublicKey)
}

Proof represents a non-interactive zero-knowledge proof

type ProofBuilder 

type ProofBuilder interface {
	Commit(skRandomizer *big.Int) []*big.Int
	CreateProof(challenge *big.Int) Proof
	PublicKey() *PublicKey
	MergeProofPCommitment(commitment *ProofPCommitment)
}

ProofBuilder is an interface for a proof builder. That is, an object to hold the state to build a list of bounded proofs (see ProofList).

type ProofBuilderList 

type ProofBuilderList []ProofBuilder

ProofBuilderList is a list of proof builders, for calculating a list of bound proofs.

func (ProofBuilderList) BuildDistributedProofList 

func (builders ProofBuilderList) BuildDistributedProofList(
	challenge *big.Int, proofPs []*ProofP,
) (ProofList, error)

func (ProofBuilderList) BuildProofList 

func (builders ProofBuilderList) BuildProofList(context, nonce *big.Int, issig bool) ProofList

BuildProofList builds a list of bounded proofs. For this it is given a list of ProofBuilders. Examples of proof builders are CredentialBuilder and DisclosureProofBuilder.

func (ProofBuilderList) Challenge 

func (builders ProofBuilderList) Challenge(context, nonce *big.Int, issig bool) *big.Int

type ProofD 

type ProofD struct {
	C          *big.Int         `json:"c"`
	A          *big.Int         `json:"A"`
	EResponse  *big.Int         `json:"e_response"`
	VResponse  *big.Int         `json:"v_response"`
	AResponses map[int]*big.Int `json:"a_responses"`
	ADisclosed map[int]*big.Int `json:"a_disclosed"`
}

ProofD represents a proof in the showing protocol.

func (*ProofD) Challenge 

func (p *ProofD) Challenge() *big.Int

Challenge returns the challenge in the proof (part of the Proof interface).

func (*ProofD) ChallengeContribution 

func (p *ProofD) ChallengeContribution(pk *PublicKey) []*big.Int

ChallengeContribution returns the contribution of this proof to the challenge.

func (*ProofD) MergeProofP 

func (p *ProofD) MergeProofP(proofP *ProofP, pk *PublicKey)

func (*ProofD) SecretKeyResponse 

func (p *ProofD) SecretKeyResponse() *big.Int

SecretKeyResponse returns the secret key response (as part of Proof interface).

func (*ProofD) Verify 

func (p *ProofD) Verify(pk *PublicKey, context, nonce1 *big.Int, issig bool) bool

Verify verifies the proof against the given public key, context, and nonce.

func (*ProofD) VerifyWithChallenge 

func (p *ProofD) VerifyWithChallenge(pk *PublicKey, reconstructedChallenge *big.Int) bool

Verify verifies the proof against the given public key and the provided reconstruted challenge.

type ProofList 

type ProofList []Proof

ProofList represents a list of (typically bound) proofs.

func (ProofList) GetFirstProofU 

func (pl ProofList) GetFirstProofU() (*ProofU, error)

GetFirstProofU returns the first ProofU in this proof list

func (ProofList) GetProofU 

func (pl ProofList) GetProofU(n int) (*ProofU, error)

GetProofU returns the n'th ProofU in this proof list.

func (*ProofList) UnmarshalJSON 

func (pl *ProofList) UnmarshalJSON(bytes []byte) error

UnmarshalJSON implements json.Unmarshaler (json's default unmarshaler is unable to handle a list of interfaces).

func (ProofList) Verify 

func (pl ProofList) Verify(publicKeys []*PublicKey, context, nonce *big.Int, shouldBeBound bool, issig bool) bool

Verify returns true when all the proofs inside verify and if shouldBeBound is set to true whether all proofs are properly bound.

type ProofP 

type ProofP struct {
	P         *big.Int `json:"P"`
	C         *big.Int `json:"c"`
	SResponse *big.Int `json:"s_response"`
}

ProofP is a keyshare server's knowledge of its part of the secret key.

type ProofPCommitment 

type ProofPCommitment struct {
	P       *big.Int
	Pcommit *big.Int
}

ProofPCommitment is a keyshare server's first message in its proof of knowledge of its part of the secret key.

type ProofS 

type ProofS struct {
	C         *big.Int `json:"c"`
	EResponse *big.Int `json:"e_response"`
}

ProofS represents a proof.

func (*ProofS) Verify 

func (p *ProofS) Verify(pk *PublicKey, signature *CLSignature, context, nonce *big.Int) bool

Verify verifies the proof agains the given public key, signature, context, and nonce.

type ProofU 

type ProofU struct {
	U              *big.Int `json:"U"`
	C              *big.Int `json:"c"`
	VPrimeResponse *big.Int `json:"v_prime_response"`
	SResponse      *big.Int `json:"s_response"`
}

ProofU represents a proof of correctness of the commitment in the first phase of the issuance protocol.

func (*ProofU) Challenge 

func (p *ProofU) Challenge() *big.Int

Challenge returns the challenge in the proof (part of the Proof interface).

func (*ProofU) ChallengeContribution 

func (p *ProofU) ChallengeContribution(pk *PublicKey) []*big.Int

ChallengeContribution returns the contribution of this proof to the challenge.

func (*ProofU) MergeProofP 

func (p *ProofU) MergeProofP(proofP *ProofP, pk *PublicKey)

func (*ProofU) SecretKeyResponse 

func (p *ProofU) SecretKeyResponse() *big.Int

SecretKeyResponse returns the secret key response (as part of Proof interface).

func (*ProofU) Verify 

func (p *ProofU) Verify(pk *PublicKey, context, nonce *big.Int) bool

Verify verifies whether the proof is correct.

func (*ProofU) VerifyWithChallenge 

func (p *ProofU) VerifyWithChallenge(pk *PublicKey, reconstructedChallenge *big.Int) bool

VerifyWithChallenge verifies whether the proof is correct.

type PublicKey 

type PublicKey struct {
	XMLName     xml.Name          `xml:"http://www.zurich.ibm.com/security/idemix IssuerPublicKey"`
	Counter     uint              `xml:"Counter"`
	ExpiryDate  int64             `xml:"ExpiryDate"`
	N           *big.Int          `xml:"Elements>n"` // Modulus n
	Z           *big.Int          `xml:"Elements>Z"` // Generator Z
	S           *big.Int          `xml:"Elements>S"` // Generator S
	R           Bases             `xml:"Elements>Bases"`
	EpochLength EpochLength       `xml:"Features"`
	Params      *SystemParameters `xml:"-"`
	Issuer      string            `xml:"-"`
}

PublicKey represents an issuer's public key.

func NewPublicKey 

func NewPublicKey(N, Z, S *big.Int, R []*big.Int, counter uint, expiryDate time.Time) *PublicKey

NewPublicKey creates and returns a new public key based on the provided parameters.

func NewPublicKeyFromBytes 

func NewPublicKeyFromBytes(bts []byte) (*PublicKey, error)

NewPublicKeyFromXML creates a new issuer public key using the xml data provided.

func NewPublicKeyFromFile 

func NewPublicKeyFromFile(filename string) (*PublicKey, error)

NewPublicKeyFromFile create a new issuer public key from an xml file.

func NewPublicKeyFromXML 

func NewPublicKeyFromXML(xmlInput string) (*PublicKey, error)

func (*PublicKey) Print 

func (pubk *PublicKey) Print() error

Print prints the key to stdout.

func (*PublicKey) WriteTo 

func (pubk *PublicKey) WriteTo(writer io.Writer) (int64, error)

WriteTo writes the XML-serialized public key to the given writer.

func (*PublicKey) WriteToFile 

func (pubk *PublicKey) WriteToFile(filename string, forceOverwrite bool) (int64, error)

WriteToFile writes the public key to an xml file. If any existing file with the same filename should be overwritten, set forceOverwrite to true.

type SystemParameters 

type SystemParameters struct {
	BaseParameters
	DerivedParameters
}

SystemParameters holds the system parameters of the IRMA system.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.