Back to godoc.org
github.com/privacybydesign/gabi

Package gabi

v0.0.0-...-9df3e39
Latest Go to latest

The latest major version is .

Published: Mar 4, 2020 | License: BSD-3-Clause | Module: github.com/privacybydesign/gabi

Overview

Package gabi is an implementation of the IRMA (https://irmacard.org) approach to attribute based credentials. For now, see gabi_test.go on how to use the library.

Index

Constants

const (
	//XMLHeader can be a used as the XML header when writing keys in XML format.
	XMLHeader = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\n"
	// DefaultEpochLength is the default epoch length for public keys.
	DefaultEpochLength = 432000
)

Variables

var (
	// ErrIncorrectProofOfSignatureCorrectness is issued when the the proof of
	// correctness on the signature does not verify.
	ErrIncorrectProofOfSignatureCorrectness = errors.New("Proof of correctness on signature does not verify.")
	// ErrIncorrectAttributeSignature is issued when the signature on the
	// attributes is not correct.
	ErrIncorrectAttributeSignature = errors.New("The Signature on the attributes is not correct.")
)
var DefaultKeyLengths = getAvailableKeyLengths(DefaultSystemParameters)

DefaultKeyLengths is a slice of integers holding the keylengths for which system parameters are available.

var DefaultSystemParameters = map[int]*SystemParameters{
	1024: &SystemParameters{defaultBaseParameters[1024], MakeDerivedParameters(defaultBaseParameters[1024])},
	2048: &SystemParameters{defaultBaseParameters[2048], MakeDerivedParameters(defaultBaseParameters[2048])},
	4096: &SystemParameters{defaultBaseParameters[4096], MakeDerivedParameters(defaultBaseParameters[4096])},
}

DefaultSystemParameters holds per keylength the default parameters as are currently in use at the moment. This might (and probably will) change in the future.

var (
	// ErrMissingProofU is returned when a ProofU proof is missing in a prooflist
	// when this is expected.
	ErrMissingProofU = errors.New("Missing ProofU in ProofList, has a CredentialBuilder been added?")
)
var Logger *logrus.Logger

func GenerateKeyPair

func GenerateKeyPair(param *SystemParameters, numAttributes int, counter uint, expiryDate time.Time) (*PrivateKey, *PublicKey, error)

GenerateKeyPair generates a private/public keypair for an Issuer

func GenerateNonce

func GenerateNonce() (*big.Int, error)

Generate nonce for use in proofs

func GenerateRevocationKeypair

func GenerateRevocationKeypair(privk *PrivateKey, pubk *PublicKey) error

func GenerateSecretAttribute

func GenerateSecretAttribute() (*big.Int, error)

Generate secret attribute used prove ownership and links between credentials from the same user.

func ParamSize

func ParamSize(a int) int

ParamSize computes the size of a parameter in bytes given the size in bits.

func RepresentToPublicKey

func RepresentToPublicKey(pk *PublicKey, exps []*big.Int) (*big.Int, error)

RepresentToPublicKey returns a representation of the given exponents in terms of the R bases from the public key. For example given exponents exps[1],...,exps[k] this function returns

R[1]^{exps[1]}*...*R[k]^{exps[k]} (mod N)

with R and N coming from the public key. The exponents are hashed if their length exceeds the maximum message length from the public key.

type BaseParameters

type BaseParameters struct {
	LePrime uint
	Lh      uint
	Lm      uint
	Ln      uint
	Lstatzk uint
}

BaseParameters holds the base system parameters

type Bases

type Bases []*big.Int

Bases is a type that is introduced to simplify the encoding/decoding of a PublicKey whilst using the xml support of Go's standard library.

func (*Bases) MarshalXML

func (bl *Bases) MarshalXML(e *xml.Encoder, start xml.StartElement) error

MarshalXML is an internal function to simplify encoding a PublicKey to XML.

func (*Bases) UnmarshalXML

func (bl *Bases) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML is an internal function to simplify decoding a PublicKey from XML.

type CLSignature

type CLSignature struct {
	A         *big.Int
	E         *big.Int `json:"e"`
	V         *big.Int `json:"v"`
	KeyshareP *big.Int `json:"KeyshareP"` // R_0^{keysharesecret}, necessary for verification
}

CLSignature is a data structure for holding a Camenisch-Lysyanskaya signature.

func SignMessageBlock

func SignMessageBlock(sk *PrivateKey, pk *PublicKey, ms []*big.Int) (*CLSignature, error)

SignMessageBlock signs a message block (ms) using the Camenisch-Lysyanskaya signature scheme as used in the IdeMix system.

func (*CLSignature) Randomize

func (s *CLSignature) Randomize(pk *PublicKey) *CLSignature

Randomize returns a randomized copy of the signature.

func (*CLSignature) Verify

func (s *CLSignature) Verify(pk *PublicKey, ms []*big.Int) bool

Verify checks whether the signature is correct while being given a public key and the messages.

type Credential

type Credential struct {
	Signature            *CLSignature        `json:"signature"`
	Pk                   *PublicKey          `json:"-"`
	Attributes           []*big.Int          `json:"attributes"`
	NonRevocationWitness *revocation.Witness `json:"nonrevWitness,omitempty"`
	// contains filtered or unexported fields
}

Credential represents an Idemix credential.

func (*Credential) CreateDisclosureProof

func (ic *Credential) CreateDisclosureProof(disclosedAttributes []int, nonrev bool, context, nonce1 *big.Int) (*ProofD, error)

CreateDisclosureProof creates a disclosure proof (ProofD) voor the provided indices of disclosed attributes.

func (*Credential) CreateDisclosureProofBuilder

func (ic *Credential) CreateDisclosureProofBuilder(disclosedAttributes []int, nonrev bool) (*DisclosureProofBuilder, error)

CreateDisclosureProofBuilder produces a DisclosureProofBuilder, an object to hold the state in the protocol for producing a disclosure proof that is linked to other proofs.

func (*Credential) NonrevBuildProofBuilder

func (ic *Credential) NonrevBuildProofBuilder() (*NonRevocationProofBuilder, error)

NonrevBuildProofBuilder builds and returns a new commited-to NonRevocationProofBuilder.

func (*Credential) NonrevIndex

func (ic *Credential) NonrevIndex() (int, error)

func (*Credential) NonrevPrepareCache

func (ic *Credential) NonrevPrepareCache() error

NonrevPrepareCache ensures that the Credential's nonrevocation proof builder cache is usable, by creating one if it does not exist, or otherwise updating it to the latest accumulator contained in the credential's witness.

type CredentialBuilder

type CredentialBuilder struct {
	// contains filtered or unexported fields
}

CredentialBuilder is a temporary object to hold some state for the protocol that is used to create (build) a credential. It also implements the ProofBuilder interface.

func NewCredentialBuilder

func NewCredentialBuilder(pk *PublicKey, context, secret *big.Int, nonce2 *big.Int) *CredentialBuilder

NewCredentialBuilder creates a new credential builder. The resulting credential builder is already committed to the provided secret.

func (*CredentialBuilder) Commit

func (b *CredentialBuilder) Commit(randomizers map[string]*big.Int) []*big.Int

Commit commits to the secret (first) attribute using the provided randomizer.

func (*CredentialBuilder) CommitToSecretAndProve

func (b *CredentialBuilder) CommitToSecretAndProve(nonce1 *big.Int) *IssueCommitmentMessage

CommitToSecretAndProve creates the response to the initial challenge nonce nonce1 sent by the issuer. The response consists of a commitment to the secret (set on creation of the builder, see NewBuilder) and a proof of correctness of this commitment.

func (*CredentialBuilder) ConstructCredential

func (b *CredentialBuilder) ConstructCredential(msg *IssueSignatureMessage, attributes []*big.Int) (*Credential, error)

ConstructCredential creates a credential using the IssueSignatureMessage from the issuer and the content of the attributes.

func (*CredentialBuilder) CreateIssueCommitmentMessage

func (b *CredentialBuilder) CreateIssueCommitmentMessage(proofs ProofList) *IssueCommitmentMessage

CreateIssueCommitmentMessage creates the IssueCommitmentMessage based on the provided prooflist, to be sent to the issuer.

func (*CredentialBuilder) CreateProof

func (b *CredentialBuilder) CreateProof(challenge *big.Int) Proof

CreateProof creates a (ProofU) Proof using the provided challenge.

func (*CredentialBuilder) MergeProofPCommitment

func (b *CredentialBuilder) MergeProofPCommitment(commitment *ProofPCommitment)

func (*CredentialBuilder) PublicKey

func (b *CredentialBuilder) PublicKey() *PublicKey

PublicKey returns the Idemix public key against which the credential will verify.

type DerivedParameters

type DerivedParameters struct {
	Le            uint
	LeCommit      uint
	LmCommit      uint
	LRA           uint
	LsCommit      uint
	Lv            uint
	LvCommit      uint
	LvPrime       uint
	LvPrimeCommit uint
}

DerivedParameters holds system parameters that can be drived from base systemparameters (BaseParameters)

func MakeDerivedParameters

func MakeDerivedParameters(base BaseParameters) DerivedParameters

MakeDerivedParameters computes the derived system parameters

type DisclosureProofBuilder

type DisclosureProofBuilder struct {
	// contains filtered or unexported fields
}

DisclosureProofBuilder is an object that holds the state for the protocol to produce a disclosure proof.

func (*DisclosureProofBuilder) Commit

func (d *DisclosureProofBuilder) Commit(randomizers map[string]*big.Int) []*big.Int

Commit commits to the first attribute (the secret) using the provided randomizer.

func (*DisclosureProofBuilder) CreateProof

func (d *DisclosureProofBuilder) CreateProof(challenge *big.Int) Proof

CreateProof creates a (disclosure) proof with the provided challenge.

func (*DisclosureProofBuilder) MergeProofPCommitment

func (d *DisclosureProofBuilder) MergeProofPCommitment(commitment *ProofPCommitment)

func (*DisclosureProofBuilder) PublicKey

func (d *DisclosureProofBuilder) PublicKey() *PublicKey

PublicKey returns the Idemix public key against which this disclosure proof will verify.

func (*DisclosureProofBuilder) TimestampRequestContributions

func (d *DisclosureProofBuilder) TimestampRequestContributions() (*big.Int, []*big.Int)

TimestampRequestContributions returns the contributions of this disclosure proof to the message that is to be signed by the timestamp server: - A of the randomized CL-signature - Slice of bigints populated with the disclosed attributes and 0 for the undisclosed ones.

type EpochLength

type EpochLength int

EpochLength is a type that is introduced to simplify the encoding/decoding of a PublicKey whilst using the xml support of Go's standard library.

func (*EpochLength) MarshalXML

func (el *EpochLength) MarshalXML(e *xml.Encoder, start xml.StartElement) error

MarshalXML is an internal function to simplify encoding a PublicKey to XML.

func (*EpochLength) UnmarshalXML

func (el *EpochLength) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML is an internal function to simplify decoding a PublicKey from XML.

type IssueCommitmentMessage

type IssueCommitmentMessage struct {
	U          *big.Int          `json:"U,omitempty"`
	Nonce2     *big.Int          `json:"n_2"`
	Proofs     ProofList         `json:"combinedProofs"`
	ProofPjwt  string            `json:"proofPJwt,omitempty"`
	ProofPjwts map[string]string `json:"proofPJwts,omitempty"`
}

IssueCommitmentMessage encapsulates the messages sent by the receiver to the issuer in the second step of the issuance protocol.

type IssueSignatureMessage

type IssueSignatureMessage struct {
	Proof                *ProofS             `json:"proof"`
	Signature            *CLSignature        `json:"signature"`
	NonRevocationWitness *revocation.Witness `json:"nonrev,omitempty"`
}

IssueSignatureMessage encapsulates the messages sent from the issuer to the reciver in the final step of the issuance protocol.

type Issuer

type Issuer struct {
	Sk      *PrivateKey
	Pk      *PublicKey
	Context *big.Int
}

Issuer holds the key material for a credential issuer.

func NewIssuer

func NewIssuer(sk *PrivateKey, pk *PublicKey, context *big.Int) *Issuer

NewIssuer creates a new credential issuer.

func (*Issuer) IssueSignature

func (i *Issuer) IssueSignature(U *big.Int, attributes []*big.Int, witness *revocation.Witness, nonce2 *big.Int) (*IssueSignatureMessage, error)

IssueSignature produces an IssueSignatureMessage for the attributes based on the IssueCommitmentMessage provided. Note that this function DOES NOT check the proofs containted in the IssueCommitmentMessage! That needs to be done at a higher level!

type NonRevocationProofBuilder

type NonRevocationProofBuilder struct {
	// contains filtered or unexported fields
}

func (*NonRevocationProofBuilder) Commit

func (b *NonRevocationProofBuilder) Commit() ([]*big.Int, error)

func (*NonRevocationProofBuilder) CreateProof

func (b *NonRevocationProofBuilder) CreateProof(challenge *big.Int) *revocation.Proof

func (*NonRevocationProofBuilder) UpdateCommit

func (b *NonRevocationProofBuilder) UpdateCommit(witness *revocation.Witness) error

UpdateCommit updates the builder to the latest accumulator contained in the specified (updated) witness.

type PrivateKey

type PrivateKey struct {
	XMLName    xml.Name `xml:"http://www.zurich.ibm.com/security/idemix IssuerPrivateKey"`
	Counter    uint     `xml:"Counter"`
	ExpiryDate int64    `xml:"ExpiryDate"`
	P          *big.Int `xml:"Elements>p"`
	Q          *big.Int `xml:"Elements>q"`
	PPrime     *big.Int `xml:"Elements>pPrime"`
	QPrime     *big.Int `xml:"Elements>qPrime"`
	ECDSA      string   `xml:",omitempty"`
	// contains filtered or unexported fields
}

PrivateKey represents an issuer's private key.

func NewPrivateKey

func NewPrivateKey(p, q *big.Int, ecdsa string, counter uint, expiryDate time.Time) *PrivateKey

NewPrivateKey creates a new issuer private key using the provided parameters.

func NewPrivateKeyFromFile

func NewPrivateKeyFromFile(filename string) (*PrivateKey, error)

NewPrivateKeyFromFile create a new issuer private key from an xml file.

func NewPrivateKeyFromXML

func NewPrivateKeyFromXML(xmlInput string) (*PrivateKey, error)

NewPrivateKeyFromXML creates a new issuer private key using the xml data provided.

func (*PrivateKey) Print

func (privk *PrivateKey) Print() error

Print prints the key to stdout.

func (*PrivateKey) RevocationGenerateWitness

func (privk *PrivateKey) RevocationGenerateWitness(accumulator *revocation.Accumulator) (*revocation.Witness, error)

func (*PrivateKey) RevocationKey

func (privk *PrivateKey) RevocationKey() (*revocation.PrivateKey, error)

func (*PrivateKey) RevocationSupported

func (privk *PrivateKey) RevocationSupported() bool

func (*PrivateKey) WriteTo

func (privk *PrivateKey) WriteTo(writer io.Writer) (int64, error)

WriteTo writes the XML-serialized public key to the given writer.

func (*PrivateKey) WriteToFile

func (privk *PrivateKey) WriteToFile(filename string, forceOverwrite bool) (int64, error)

WriteToFile writes the private key to an xml file. If any existing file with the same filename should be overwritten, set forceOverwrite to true.

type Proof

type Proof interface {
	VerifyWithChallenge(pk *PublicKey, reconstructedChallenge *big.Int) bool
	SecretKeyResponse() *big.Int
	ChallengeContribution(pk *PublicKey) ([]*big.Int, error)
	MergeProofP(proofP *ProofP, pk *PublicKey)
}

Proof represents a non-interactive zero-knowledge proof

type ProofBuilder

type ProofBuilder interface {
	Commit(randomizers map[string]*big.Int) []*big.Int
	CreateProof(challenge *big.Int) Proof
	PublicKey() *PublicKey
	MergeProofPCommitment(commitment *ProofPCommitment)
}

ProofBuilder is an interface for a proof builder. That is, an object to hold the state to build a list of bounded proofs (see ProofList).

type ProofBuilderList

type ProofBuilderList []ProofBuilder

ProofBuilderList is a list of proof builders, for calculating a list of bound proofs.

func (ProofBuilderList) BuildDistributedProofList

func (builders ProofBuilderList) BuildDistributedProofList(
	challenge *big.Int, proofPs []*ProofP,
) (ProofList, error)

func (ProofBuilderList) BuildProofList

func (builders ProofBuilderList) BuildProofList(context, nonce *big.Int, issig bool) ProofList

BuildProofList builds a list of bounded proofs. For this it is given a list of ProofBuilders. Examples of proof builders are CredentialBuilder and DisclosureProofBuilder.

func (ProofBuilderList) Challenge

func (builders ProofBuilderList) Challenge(context, nonce *big.Int, issig bool) *big.Int

type ProofD

type ProofD struct {
	C                  *big.Int          `json:"c"`
	A                  *big.Int          `json:"A"`
	EResponse          *big.Int          `json:"e_response"`
	VResponse          *big.Int          `json:"v_response"`
	AResponses         map[int]*big.Int  `json:"a_responses"`
	ADisclosed         map[int]*big.Int  `json:"a_disclosed"`
	NonRevocationProof *revocation.Proof `json:"nonrev_proof,omitempty"`
}

ProofD represents a proof in the showing protocol.

func (*ProofD) Challenge

func (p *ProofD) Challenge() *big.Int

Challenge returns the challenge in the proof (part of the Proof interface).

func (*ProofD) ChallengeContribution

func (p *ProofD) ChallengeContribution(pk *PublicKey) ([]*big.Int, error)

ChallengeContribution returns the contribution of this proof to the challenge.

func (*ProofD) HasNonRevocationProof

func (p *ProofD) HasNonRevocationProof() bool

func (*ProofD) MergeProofP

func (p *ProofD) MergeProofP(proofP *ProofP, pk *PublicKey)

func (*ProofD) SecretKeyResponse

func (p *ProofD) SecretKeyResponse() *big.Int

SecretKeyResponse returns the secret key response (as part of Proof interface).

func (*ProofD) Verify

func (p *ProofD) Verify(pk *PublicKey, context, nonce1 *big.Int, issig bool) bool

Verify verifies the proof against the given public key, context, and nonce.

func (*ProofD) VerifyWithChallenge

func (p *ProofD) VerifyWithChallenge(pk *PublicKey, reconstructedChallenge *big.Int) bool

Verify verifies the proof against the given public key and the provided reconstruted challenge.

type ProofList

type ProofList []Proof

ProofList represents a list of (typically bound) proofs.

func (ProofList) GetFirstProofU

func (pl ProofList) GetFirstProofU() (*ProofU, error)

GetFirstProofU returns the first ProofU in this proof list

func (ProofList) GetProofU

func (pl ProofList) GetProofU(n int) (*ProofU, error)

GetProofU returns the n'th ProofU in this proof list.

func (*ProofList) UnmarshalJSON

func (pl *ProofList) UnmarshalJSON(bytes []byte) error

UnmarshalJSON implements json.Unmarshaler (json's default unmarshaler is unable to handle a list of interfaces).

func (ProofList) Verify

func (pl ProofList) Verify(publicKeys []*PublicKey, context, nonce *big.Int, issig bool, keyshareServers []string) bool

Verify returns true when all the proofs inside verify. The keyshareServers parameter is used to indicate which proofs should be verified to share the same secret key: when two proofs share the same keyshare server (or none), so that they should have the same secret key, they should have identical entries (index-wise) in keyshareServers. Pass nil if all proofs should have the same secret key (i.e. it should be verified that all proofs use either none, or one and the same keyshare server). An empty ProofList is not considered valid.

type ProofP

type ProofP struct {
	P         *big.Int `json:"P"`
	C         *big.Int `json:"c"`
	SResponse *big.Int `json:"s_response"`
}

ProofP is a keyshare server's knowledge of its part of the secret key.

type ProofPCommitment

type ProofPCommitment struct {
	P       *big.Int
	Pcommit *big.Int
}

ProofPCommitment is a keyshare server's first message in its proof of knowledge of its part of the secret key.

type ProofS

type ProofS struct {
	C         *big.Int `json:"c"`
	EResponse *big.Int `json:"e_response"`
}

ProofS represents a proof.

func (*ProofS) Verify

func (p *ProofS) Verify(pk *PublicKey, signature *CLSignature, context, nonce *big.Int) bool

Verify verifies the proof agains the given public key, signature, context, and nonce.

type ProofU

type ProofU struct {
	U              *big.Int `json:"U"`
	C              *big.Int `json:"c"`
	VPrimeResponse *big.Int `json:"v_prime_response"`
	SResponse      *big.Int `json:"s_response"`
}

ProofU represents a proof of correctness of the commitment in the first phase of the issuance protocol.

func (*ProofU) Challenge

func (p *ProofU) Challenge() *big.Int

Challenge returns the challenge in the proof (part of the Proof interface).

func (*ProofU) ChallengeContribution

func (p *ProofU) ChallengeContribution(pk *PublicKey) ([]*big.Int, error)

ChallengeContribution returns the contribution of this proof to the challenge.

func (*ProofU) MergeProofP

func (p *ProofU) MergeProofP(proofP *ProofP, pk *PublicKey)

func (*ProofU) SecretKeyResponse

func (p *ProofU) SecretKeyResponse() *big.Int

SecretKeyResponse returns the secret key response (as part of Proof interface).

func (*ProofU) Verify

func (p *ProofU) Verify(pk *PublicKey, context, nonce *big.Int) bool

Verify verifies whether the proof is correct.

func (*ProofU) VerifyWithChallenge

func (p *ProofU) VerifyWithChallenge(pk *PublicKey, reconstructedChallenge *big.Int) bool

VerifyWithChallenge verifies whether the proof is correct.

type PublicKey

type PublicKey struct {
	XMLName     xml.Name          `xml:"http://www.zurich.ibm.com/security/idemix IssuerPublicKey"`
	Counter     uint              `xml:"Counter"`
	ExpiryDate  int64             `xml:"ExpiryDate"`
	N           *big.Int          `xml:"Elements>n"` // Modulus n
	Z           *big.Int          `xml:"Elements>Z"` // Generator Z
	S           *big.Int          `xml:"Elements>S"` // Generator S
	G           *big.Int          `xml:"Elements>G"` // Generator G for revocation
	H           *big.Int          `xml:"Elements>H"` // Generator H for revocation
	R           Bases             `xml:"Elements>Bases"`
	EpochLength EpochLength       `xml:"Features"`
	Params      *SystemParameters `xml:"-"`
	Issuer      string            `xml:"-"`
	ECDSA       string            `xml:",omitempty"`
	// contains filtered or unexported fields
}

PublicKey represents an issuer's public key.

func NewPublicKey

func NewPublicKey(N, Z, S, G, H *big.Int, R []*big.Int, ecdsa string, counter uint, expiryDate time.Time) *PublicKey

NewPublicKey creates and returns a new public key based on the provided parameters.

func NewPublicKeyFromBytes

func NewPublicKeyFromBytes(bts []byte) (*PublicKey, error)

NewPublicKeyFromXML creates a new issuer public key using the xml data provided.

func NewPublicKeyFromFile

func NewPublicKeyFromFile(filename string) (*PublicKey, error)

NewPublicKeyFromFile create a new issuer public key from an xml file.

func NewPublicKeyFromXML

func NewPublicKeyFromXML(xmlInput string) (*PublicKey, error)

func (*PublicKey) Print

func (pubk *PublicKey) Print() error

Print prints the key to stdout.

func (*PublicKey) RevocationKey

func (pubk *PublicKey) RevocationKey() (*revocation.PublicKey, error)

func (*PublicKey) RevocationSupported

func (pubk *PublicKey) RevocationSupported() bool

func (*PublicKey) WriteTo

func (pubk *PublicKey) WriteTo(writer io.Writer) (int64, error)

WriteTo writes the XML-serialized public key to the given writer.

func (*PublicKey) WriteToFile

func (pubk *PublicKey) WriteToFile(filename string, forceOverwrite bool) (int64, error)

WriteToFile writes the public key to an xml file. If any existing file with the same filename should be overwritten, set forceOverwrite to true.

type SystemParameters

type SystemParameters struct {
	BaseParameters
	DerivedParameters
}

SystemParameters holds the system parameters of the IRMA system.

Package Files

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier