Commit 15df8233 authored by Jonathan Levi (HACERA)'s avatar Jonathan Levi (HACERA) Committed by Gerrit Code Review
Browse files

Merge "[FAB-8921] add idemix revocation authority"

parents d78039b7 9570d473
......@@ -16,6 +16,7 @@ It has these top-level messages:
CredRequest
Signature
NymSignature
CredentialRevocationInformation
*/
package idemix
......@@ -495,6 +496,59 @@ func (m *NymSignature) GetNonce() []byte {
return nil
}
type CredentialRevocationInformation struct {
// Epoch contains the epoch (time window) in which this CRI is valid
Epoch int64 `protobuf:"varint,1,opt,name=Epoch" json:"Epoch,omitempty"`
// EpochPK is the public key that is used by the revocation authority in this epoch
EpochPK *ECP2 `protobuf:"bytes,2,opt,name=EpochPK" json:"EpochPK,omitempty"`
// EpochPKSig is a signature on the EpochPK valid under the revocation authority's long term key
EpochPKSig []byte `protobuf:"bytes,3,opt,name=EpochPKSig,proto3" json:"EpochPKSig,omitempty"`
// RevocationAlg denotes which revocation algorithm is used
RevocationAlg int32 `protobuf:"varint,4,opt,name=RevocationAlg" json:"RevocationAlg,omitempty"`
// RevocationData contains data specific to the revocation algorithm used
RevocationData []byte `protobuf:"bytes,5,opt,name=RevocationData,proto3" json:"RevocationData,omitempty"`
}
func (m *CredentialRevocationInformation) Reset() { *m = CredentialRevocationInformation{} }
func (m *CredentialRevocationInformation) String() string { return proto.CompactTextString(m) }
func (*CredentialRevocationInformation) ProtoMessage() {}
func (*CredentialRevocationInformation) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{8} }
func (m *CredentialRevocationInformation) GetEpoch() int64 {
if m != nil {
return m.Epoch
}
return 0
}
func (m *CredentialRevocationInformation) GetEpochPK() *ECP2 {
if m != nil {
return m.EpochPK
}
return nil
}
func (m *CredentialRevocationInformation) GetEpochPKSig() []byte {
if m != nil {
return m.EpochPKSig
}
return nil
}
func (m *CredentialRevocationInformation) GetRevocationAlg() int32 {
if m != nil {
return m.RevocationAlg
}
return 0
}
func (m *CredentialRevocationInformation) GetRevocationData() []byte {
if m != nil {
return m.RevocationData
}
return nil
}
func init() {
proto.RegisterType((*ECP)(nil), "ECP")
proto.RegisterType((*ECP2)(nil), "ECP2")
......@@ -504,47 +558,53 @@ func init() {
proto.RegisterType((*CredRequest)(nil), "CredRequest")
proto.RegisterType((*Signature)(nil), "Signature")
proto.RegisterType((*NymSignature)(nil), "NymSignature")
proto.RegisterType((*CredentialRevocationInformation)(nil), "CredentialRevocationInformation")
}
func init() { proto.RegisterFile("idemix/idemix.proto", fileDescriptor0) }
var fileDescriptor0 = []byte{
// 591 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x54, 0x4d, 0x6b, 0xdb, 0x4c,
0x18, 0x64, 0xf5, 0xe1, 0xc4, 0x8f, 0xf5, 0xe6, 0x0d, 0x9b, 0x12, 0x96, 0x50, 0x8a, 0x2b, 0x4a,
0xc8, 0xc9, 0x21, 0xca, 0x2f, 0x90, 0x8c, 0x5a, 0x87, 0x82, 0x11, 0xd2, 0x21, 0x76, 0x6f, 0xb2,
0xbd, 0xb6, 0x85, 0x2d, 0x2b, 0x5d, 0x49, 0x10, 0xff, 0x8e, 0x5e, 0xfb, 0x4f, 0x7b, 0x29, 0xfb,
0xa1, 0x4f, 0xe8, 0xc9, 0x9a, 0x19, 0x3d, 0xfb, 0x8c, 0x67, 0x16, 0xc1, 0x4d, 0xb2, 0xa1, 0x69,
0xf2, 0xfe, 0x28, 0x7f, 0x26, 0x6f, 0x2c, 0x2b, 0x32, 0xfb, 0x33, 0xe8, 0xfe, 0x34, 0xc0, 0x16,
0xa0, 0x05, 0x41, 0x63, 0xf4, 0x60, 0x85, 0x68, 0xc1, 0xd1, 0x92, 0x68, 0x12, 0x2d, 0xed, 0xaf,
0x60, 0xf8, 0xd3, 0xc0, 0xc1, 0x57, 0xa0, 0x2d, 0x5c, 0xf5, 0x92, 0xb6, 0x70, 0x05, 0xf6, 0xd4,
0x6b, 0xda, 0xc2, 0xe3, 0x78, 0xe9, 0x12, 0x5d, 0xe2, 0xa5, 0xd0, 0x97, 0x1e, 0x31, 0x14, 0xf6,
0xec, 0xdf, 0x1a, 0xfc, 0xff, 0x92, 0xe7, 0x25, 0x65, 0x41, 0xb9, 0x3a, 0x26, 0xeb, 0xef, 0xf4,
0x8c, 0xef, 0xe1, 0xca, 0x2d, 0x0a, 0x96, 0xac, 0xca, 0x82, 0xce, 0xe3, 0x94, 0xe6, 0x04, 0x8d,
0xf5, 0x87, 0x61, 0xd8, 0x63, 0xf1, 0x2d, 0xe8, 0xb3, 0xe8, 0x20, 0x96, 0x8d, 0x1c, 0x63, 0xe2,
0x4f, 0x83, 0x90, 0x13, 0xf8, 0x0e, 0xcc, 0x59, 0x18, 0x9f, 0x36, 0x62, 0x6d, 0xa5, 0x48, 0x0a,
0x7f, 0x84, 0xc1, 0x8c, 0x1f, 0x93, 0x13, 0x63, 0xac, 0xd7, 0xa2, 0xe2, 0xf0, 0x0d, 0xa0, 0x57,
0x62, 0x8a, 0x29, 0x93, 0x0b, 0x4e, 0x88, 0x5e, 0xf9, 0x71, 0x5e, 0xcc, 0xbe, 0x3d, 0x91, 0x41,
0xfb, 0x38, 0x41, 0x55, 0x9a, 0x43, 0x2e, 0xfa, 0x9a, 0x83, 0x6f, 0x61, 0x10, 0xb0, 0x2c, 0xdb,
0x4e, 0xc9, 0xa5, 0xf8, 0xbb, 0x0a, 0xd5, 0x7c, 0x44, 0x86, 0x2d, 0x3e, 0xc2, 0x18, 0x8c, 0x59,
0x9c, 0xef, 0x09, 0x08, 0x56, 0x3c, 0xdb, 0x2e, 0x0c, 0x65, 0x3a, 0x3c, 0x97, 0x6b, 0xd0, 0x5f,
0xa2, 0x83, 0x0a, 0x9b, 0x3f, 0x62, 0x1b, 0xf4, 0x97, 0xa0, 0x4a, 0xe0, 0x7a, 0xd2, 0x0b, 0x32,
0xe4, 0xa2, 0xbd, 0x05, 0x98, 0x32, 0xba, 0xa1, 0xa7, 0x22, 0x89, 0x8f, 0x18, 0x03, 0x92, 0x75,
0x55, 0x66, 0x91, 0xcb, 0x39, 0xaf, 0x93, 0x22, 0xf2, 0x78, 0xdb, 0xbe, 0xaa, 0x0d, 0xf9, 0x1c,
0x45, 0xaa, 0x34, 0x14, 0xe1, 0x0f, 0x60, 0xca, 0x08, 0xcd, 0xb1, 0xfe, 0x60, 0x85, 0x12, 0xd8,
0xbf, 0x10, 0x8c, 0xf8, 0xa2, 0x90, 0xfe, 0x2c, 0x69, 0x5e, 0xf0, 0x76, 0xe6, 0xe7, 0xb4, 0xb3,
0x8b, 0x13, 0x78, 0x0c, 0x23, 0xe9, 0x73, 0x9e, 0x9d, 0xd6, 0x54, 0x5d, 0x95, 0x36, 0xd5, 0x0a,
0x4e, 0xef, 0x04, 0x47, 0xe0, 0x42, 0x46, 0xf5, 0xa4, 0xbc, 0x54, 0xb0, 0x51, 0x1c, 0xd1, 0x5e,
0xad, 0x38, 0xf6, 0x1f, 0x0d, 0x86, 0x51, 0xb2, 0x3b, 0xc5, 0x45, 0xc9, 0x28, 0x6f, 0xdf, 0x0d,
0x58, 0x92, 0xd2, 0x8e, 0x2d, 0xc5, 0x61, 0x02, 0x86, 0xeb, 0xc5, 0xac, 0x13, 0x85, 0x60, 0xf8,
0x9c, 0x27, 0xe7, 0xda, 0x57, 0x4a, 0x71, 0x2d, 0xbf, 0x46, 0xc7, 0xef, 0x1d, 0x5c, 0x4a, 0x1b,
0xd1, 0x41, 0xd9, 0xaa, 0x71, 0xe3, 0xd8, 0x17, 0xd7, 0xaa, 0x76, 0xec, 0x37, 0x53, 0xa1, 0xbc,
0x55, 0xf5, 0x54, 0xe8, 0xb4, 0xb4, 0x67, 0x75, 0xa9, 0x6a, 0x8c, 0x6d, 0xb0, 0xd4, 0xe9, 0xd2,
0xa9, 0xbc, 0x5c, 0x1d, 0x8e, 0x67, 0x2f, 0xb1, 0xec, 0x0f, 0x44, 0x7f, 0x6d, 0x8a, 0x77, 0x2b,
0x7b, 0x19, 0x89, 0x71, 0xb3, 0x6a, 0x44, 0x74, 0x69, 0xf5, 0xbb, 0xfc, 0x04, 0xa0, 0xf6, 0x73,
0xf9, 0x3f, 0x31, 0xd2, 0x62, 0xec, 0x77, 0xb0, 0xe6, 0xe7, 0xb4, 0xc9, 0xbf, 0x49, 0x0a, 0xfd,
0x33, 0x29, 0xad, 0x97, 0x54, 0x77, 0x87, 0xde, 0xdf, 0xd1, 0x38, 0x36, 0x5a, 0x8e, 0xbd, 0xfb,
0x1f, 0x5f, 0x76, 0x49, 0xb1, 0x2f, 0x57, 0x93, 0x75, 0x96, 0x3e, 0xee, 0xcf, 0x6f, 0x94, 0x1d,
0xe9, 0x66, 0x47, 0xd9, 0xe3, 0x36, 0x5e, 0xb1, 0x64, 0xad, 0x3e, 0x78, 0xab, 0x81, 0xf8, 0xe2,
0x3d, 0xff, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x06, 0x88, 0xd9, 0x9e, 0x08, 0x05, 0x00, 0x00,
// 670 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x54, 0xcd, 0x6e, 0xda, 0x4c,
0x14, 0xd5, 0x60, 0x9b, 0x84, 0x0b, 0xc9, 0x17, 0x4d, 0x3e, 0x45, 0xa3, 0xa8, 0x6a, 0xa8, 0x15,
0x45, 0x59, 0x11, 0xc5, 0x79, 0x02, 0x9b, 0xba, 0x05, 0x45, 0x42, 0xd6, 0x78, 0x11, 0xe8, 0xce,
0xc0, 0x00, 0x56, 0x30, 0x4e, 0x07, 0x53, 0x85, 0xe7, 0xe8, 0xb6, 0xcf, 0xd3, 0x97, 0xea, 0xa6,
0x9a, 0x1f, 0xff, 0x4a, 0x5d, 0x31, 0xe7, 0x5c, 0xdf, 0xb9, 0x87, 0x73, 0xae, 0x06, 0x2e, 0xe3,
0x25, 0x4b, 0xe2, 0xf7, 0x07, 0xf5, 0x33, 0x78, 0xe3, 0x69, 0x96, 0xda, 0x9f, 0xc0, 0xf0, 0x87,
0x01, 0xee, 0x01, 0x9a, 0x12, 0xd4, 0x47, 0xf7, 0x3d, 0x8a, 0xa6, 0x02, 0xcd, 0x48, 0x4b, 0xa1,
0x99, 0xfd, 0x05, 0x4c, 0x7f, 0x18, 0x38, 0xf8, 0x1c, 0x5a, 0x53, 0x57, 0x7f, 0xd4, 0x9a, 0xba,
0x12, 0x7b, 0xfa, 0xb3, 0xd6, 0xd4, 0x13, 0x78, 0xe6, 0x12, 0x43, 0xe1, 0x99, 0xac, 0xcf, 0x3c,
0x62, 0x6a, 0xec, 0xd9, 0xbf, 0x5a, 0xf0, 0xdf, 0x78, 0xbf, 0x3f, 0x30, 0x1e, 0x1c, 0xe6, 0xdb,
0x78, 0xf1, 0xcc, 0x8e, 0xf8, 0x0e, 0xce, 0xdd, 0x2c, 0xe3, 0xf1, 0xfc, 0x90, 0xb1, 0x49, 0x94,
0xb0, 0x3d, 0x41, 0x7d, 0xe3, 0xbe, 0x43, 0x1b, 0x2c, 0xbe, 0x02, 0x63, 0x14, 0xbe, 0xca, 0x61,
0x5d, 0xc7, 0x1c, 0xf8, 0xc3, 0x80, 0x0a, 0x02, 0x5f, 0x83, 0x35, 0xa2, 0xd1, 0x6e, 0x29, 0xc7,
0xe6, 0x15, 0x45, 0xe1, 0x0f, 0xd0, 0x1e, 0x89, 0x6b, 0xf6, 0xc4, 0xec, 0x1b, 0x45, 0x51, 0x73,
0xf8, 0x12, 0xd0, 0x0b, 0xb1, 0x64, 0x97, 0x25, 0x0a, 0x0e, 0x45, 0x2f, 0xe2, 0x3a, 0x2f, 0xe2,
0x5f, 0x1f, 0x49, 0xbb, 0x7a, 0x9d, 0xa4, 0xf2, 0x9a, 0x43, 0x4e, 0x9a, 0x35, 0x07, 0x5f, 0x41,
0x3b, 0xe0, 0x69, 0xba, 0x1a, 0x92, 0x53, 0xf9, 0x77, 0x35, 0x2a, 0xf8, 0x90, 0x74, 0x2a, 0x7c,
0x88, 0x31, 0x98, 0xa3, 0x68, 0xbf, 0x21, 0x20, 0x59, 0x79, 0xb6, 0x5d, 0xe8, 0x28, 0x77, 0x84,
0x2f, 0x17, 0x60, 0x8c, 0xc3, 0x57, 0x6d, 0xb6, 0x38, 0x62, 0x1b, 0x8c, 0x71, 0x90, 0x3b, 0x70,
0x31, 0x68, 0x18, 0x49, 0x45, 0xd1, 0x5e, 0x01, 0x0c, 0x39, 0x5b, 0xb2, 0x5d, 0x16, 0x47, 0x5b,
0x8c, 0x01, 0xa9, 0xb8, 0x72, 0xb1, 0xc8, 0x15, 0x9c, 0x57, 0x73, 0x11, 0x79, 0x22, 0x6d, 0x5f,
0xc7, 0x86, 0x7c, 0x81, 0x42, 0x1d, 0x1a, 0x0a, 0xf1, 0xff, 0x60, 0x29, 0x0b, 0xad, 0xbe, 0x71,
0xdf, 0xa3, 0x0a, 0xd8, 0x3f, 0x11, 0x74, 0xc5, 0x20, 0xca, 0xbe, 0x1f, 0xd8, 0x3e, 0x13, 0xe9,
0x4c, 0x8e, 0x49, 0x6d, 0x96, 0x20, 0x70, 0x1f, 0xba, 0x4a, 0xe7, 0x24, 0xdd, 0x2d, 0x98, 0x5e,
0x95, 0x2a, 0x55, 0x31, 0xce, 0xa8, 0x19, 0x47, 0xe0, 0x44, 0x59, 0xf5, 0xa8, 0xb5, 0xe4, 0xb0,
0xac, 0x38, 0x32, 0xbd, 0xa2, 0xe2, 0xd8, 0x7f, 0x5a, 0xd0, 0x09, 0xe3, 0xf5, 0x2e, 0xca, 0x0e,
0x9c, 0x89, 0xf4, 0xdd, 0x80, 0xc7, 0x09, 0xab, 0xc9, 0xd2, 0x1c, 0x26, 0x60, 0xba, 0x5e, 0xc4,
0x6b, 0x56, 0x48, 0x46, 0xf4, 0x79, 0xaa, 0xaf, 0xba, 0x52, 0x9a, 0xab, 0xe8, 0x35, 0x6b, 0x7a,
0xaf, 0xe1, 0x54, 0xc9, 0x08, 0x5f, 0xb5, 0xac, 0x02, 0x97, 0x8a, 0x7d, 0xb9, 0x56, 0x85, 0x62,
0xbf, 0xec, 0xa2, 0x6a, 0xab, 0x8a, 0x2e, 0xea, 0x54, 0x6a, 0x4f, 0x7a, 0xa9, 0x0a, 0x8c, 0x6d,
0xe8, 0xe9, 0xdb, 0x95, 0x52, 0xb5, 0x5c, 0x35, 0x4e, 0x78, 0xaf, 0xb0, 0xca, 0x0f, 0x64, 0x7e,
0x55, 0x4a, 0x64, 0xab, 0x72, 0xe9, 0xca, 0x76, 0x2b, 0x4f, 0x44, 0x66, 0xd9, 0x6b, 0x66, 0xf9,
0x11, 0x40, 0xcf, 0x17, 0xe5, 0x33, 0xd9, 0x52, 0x61, 0xec, 0x77, 0xe8, 0x4d, 0x8e, 0x49, 0xe9,
0x7f, 0xe9, 0x14, 0xfa, 0xa7, 0x53, 0xad, 0x86, 0x53, 0xf5, 0x19, 0x46, 0x73, 0x46, 0xa9, 0xd8,
0xac, 0x28, 0xb6, 0x7f, 0x23, 0xb8, 0x29, 0xd7, 0x9e, 0xb2, 0x1f, 0xe9, 0x22, 0xca, 0xe2, 0x74,
0x37, 0xde, 0xad, 0x52, 0x9e, 0xc8, 0xa3, 0xe8, 0xf4, 0xdf, 0xd2, 0xc5, 0x46, 0x8a, 0x31, 0xa8,
0x02, 0xf8, 0x06, 0x4e, 0xe4, 0x21, 0x78, 0xd6, 0x8b, 0xa0, 0x5f, 0x82, 0x9c, 0x15, 0x82, 0xf4,
0x31, 0x8c, 0xd7, 0xb9, 0xa0, 0x92, 0xc1, 0xb7, 0x70, 0x56, 0xce, 0x73, 0xb7, 0x6b, 0x29, 0xcc,
0xa2, 0x75, 0x52, 0x3c, 0x72, 0x25, 0xf1, 0x39, 0xca, 0x22, 0xbd, 0x22, 0x0d, 0xd6, 0xbb, 0xfb,
0x76, 0xbb, 0x8e, 0xb3, 0xcd, 0x61, 0x3e, 0x58, 0xa4, 0xc9, 0xc3, 0xe6, 0xf8, 0xc6, 0xf8, 0x96,
0x2d, 0xd7, 0x8c, 0x3f, 0xac, 0xa2, 0x39, 0x8f, 0x17, 0xfa, 0xe5, 0x9e, 0xb7, 0xe5, 0xd3, 0xfd,
0xf4, 0x37, 0x00, 0x00, 0xff, 0xff, 0x9b, 0x7b, 0xe4, 0xc7, 0xd1, 0x05, 0x00, 0x00,
}
......@@ -108,6 +108,27 @@ func TestIdemix(t *testing.T) {
assert.Error(t, cred.Ver(sk, key.IPk), "credential with nil attribute should be invalid")
cred.Attrs = attrsBackup
// Generate a revocation key pair
revocationKey, err := GenerateLongTermRevocationKey()
assert.NoError(t, err)
// Create CRI that contains no revocation mechanism
epoch := 0
cri, err := CreateCRI(revocationKey, []*FP256BN.BIG{}, epoch, ALG_NO_REVOCATION, rng)
assert.NoError(t, err)
err = VerifyEpochPK(&revocationKey.PublicKey, cri.EpochPK, cri.EpochPKSig, int(cri.Epoch), RevocationAlgorithm(cri.RevocationAlg))
assert.NoError(t, err)
// make sure that epoch pk is not valid in future epoch
err = VerifyEpochPK(&revocationKey.PublicKey, cri.EpochPK, cri.EpochPKSig, int(cri.Epoch)+1, RevocationAlgorithm(cri.RevocationAlg))
assert.Error(t, err)
// Test bad input
_, err = CreateCRI(nil, []*FP256BN.BIG{}, epoch, ALG_NO_REVOCATION, rng)
assert.Error(t, err)
_, err = CreateCRI(revocationKey, []*FP256BN.BIG{}, epoch, ALG_NO_REVOCATION, nil)
assert.Error(t, err)
// Test signing no disclosure
Nym, RandNym := MakeNym(sk, key.IPk, rng)
......
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package idemix
import (
"crypto/ecdsa"
"crypto/rand"
"crypto/sha256"
"crypto/elliptic"
"math/big"
"github.com/golang/protobuf/proto"
"github.com/hyperledger/fabric-amcl/amcl"
"github.com/hyperledger/fabric-amcl/amcl/FP256BN"
"github.com/pkg/errors"
)
type RevocationAlgorithm int32
const (
ALG_NO_REVOCATION RevocationAlgorithm = iota
)
var ProofBytes = map[RevocationAlgorithm]int{
ALG_NO_REVOCATION: 0,
}
// GenerateLongTermRevocationKey generates a long term signing key that will be used for revocation
func GenerateLongTermRevocationKey() (*ecdsa.PrivateKey, error) {
return ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
}
// CreateCRI creates the Credential Revocation Information for a certain time period (epoch).
// Users can use the CRI to prove that they are not revoked.
func CreateCRI(key *ecdsa.PrivateKey, unrevokedHandles []*FP256BN.BIG, epoch int, alg RevocationAlgorithm, rng *amcl.RAND) (*CredentialRevocationInformation, error) {
if key == nil || rng == nil {
return nil, errors.Errorf("CreateCRI received nil input")
}
cri := &CredentialRevocationInformation{}
cri.RevocationAlg = int32(alg)
cri.Epoch = int64(epoch)
if alg == ALG_NO_REVOCATION {
// put a dummy PK in the proto
cri.EpochPK = Ecp2ToProto(GenG2)
} else {
// create epoch key
_, epochPk := WBBKeyGen(rng)
cri.EpochPK = Ecp2ToProto(epochPk)
}
// sign epoch + epoch key with long term key
bytesToSign, err := proto.Marshal(cri)
digest := sha256.New().Sum(bytesToSign)
pkSigR, pkSigS, err := ecdsa.Sign(rand.Reader, key, digest)
if err != nil {
return nil, err
}
cri.EpochPKSig = append(pkSigR.Bytes(), pkSigS.Bytes()...)
if alg == ALG_NO_REVOCATION {
return cri, nil
} else {
return nil, errors.Errorf("the specified revocation algorithm is not supported.")
}
}
// VerifyEpochPK verifies that the revocation PK for a certain epoch is valid,
// by checking that it was signed with the long term revocation key.
// Note that even if we use no revocation (i.e., alg = ALG_NO_REVOCATION), we need
// to verify the signature to make sure the issuer indeed signed that no revocation
// is used in this epoch.
func VerifyEpochPK(pk *ecdsa.PublicKey, epochPK *ECP2, epochPkSig []byte, epoch int, alg RevocationAlgorithm) error {
if pk == nil || epochPK == nil {
return errors.Errorf("EpochPK invalid: received nil input")
}
cri := &CredentialRevocationInformation{}
cri.RevocationAlg = int32(alg)
cri.EpochPK = epochPK
cri.Epoch = int64(epoch)
bytesToSign, err := proto.Marshal(cri)
if err != nil {
return err
}
digest := sha256.New().Sum(bytesToSign)
sigR := &big.Int{}
sigR.SetBytes(epochPkSig[0 : len(epochPkSig)/2])
sigS := &big.Int{}
sigS.SetBytes(epochPkSig[len(epochPkSig)/2:])
if !ecdsa.Verify(pk, digest, sigR, sigS) {
return errors.Errorf("EpochPKSig invalid")
}
return nil
}
......@@ -117,4 +117,21 @@ message NymSignature {
bytes ProofSRNym = 3;
// Nonce is a fresh nonce used for the signature
bytes Nonce = 4;
}
message CredentialRevocationInformation {
// Epoch contains the epoch (time window) in which this CRI is valid
int64 Epoch = 1;
// EpochPK is the public key that is used by the revocation authority in this epoch
ECP2 EpochPK = 2;
// EpochPKSig is a signature on the EpochPK valid under the revocation authority's long term key
bytes EpochPKSig = 3;
// RevocationAlg denotes which revocation algorithm is used
int32 RevocationAlg = 4;
// RevocationData contains data specific to the revocation algorithm used
bytes RevocationData = 5;
}
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment