Commit 95e4cded authored by Angelo De Caro's avatar Angelo De Caro
Browse files

[FAB-13135,FAB-13136] Idemix/Fabric-CA Integration



This change-set addresses two JIRA items to help
the idemix-bccsp integration in Fabric-ca

Change-Id: I1c202831fa43287d877340037f9bdc93f6665f0e
Signed-off-by: default avatarAngelo De Caro <adc@zurich.ibm.com>
parent 239155b9
......@@ -6,6 +6,8 @@ SPDX-License-Identifier: Apache-2.0
package idemix_test
import (
"crypto/rand"
"github.com/hyperledger/fabric/bccsp"
"github.com/hyperledger/fabric/bccsp/idemix"
"github.com/hyperledger/fabric/bccsp/sw"
......@@ -26,6 +28,7 @@ var _ = Describe("Idemix Bridge", func() {
NymKey bccsp.Key
NymPublicKey bccsp.Key
IssuerNonce []byte
credRequest []byte
credential []byte
......@@ -57,11 +60,16 @@ var _ = Describe("Idemix Bridge", func() {
NymPublicKey, err = NymKey.PublicKey()
Expect(err).NotTo(HaveOccurred())
IssuerNonce = make([]byte, 32)
n, err := rand.Read(IssuerNonce)
Expect(n).To(BeEquivalentTo(32))
Expect(err).NotTo(HaveOccurred())
// Credential Request for User
credRequest, err = CSP.Sign(
UserKey,
bccsp.IdemixEmptyDigest(),
&bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: IssuerPublicKey},
&bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: IssuerPublicKey, IssuerNonce: IssuerNonce},
)
Expect(err).NotTo(HaveOccurred())
......@@ -103,7 +111,7 @@ var _ = Describe("Idemix Bridge", func() {
IssuerPublicKey,
credRequest,
bccsp.IdemixEmptyDigest(),
&bccsp.IdemixCredentialRequestSignerOpts{},
&bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce},
)
Expect(err).NotTo(HaveOccurred())
Expect(valid).To(BeTrue())
......
......@@ -6,6 +6,9 @@ SPDX-License-Identifier: Apache-2.0
package bridge_test
import (
"crypto/rand"
"fmt"
"github.com/golang/protobuf/proto"
"github.com/hyperledger/fabric-amcl/amcl/FP256BN"
"github.com/hyperledger/fabric/bccsp"
......@@ -291,39 +294,56 @@ var _ = Describe("Idemix Bridge", func() {
Describe("credential request", func() {
var (
CredRequest *bridge.CredRequest
IssuerNonce []byte
)
BeforeEach(func() {
CredRequest = &bridge.CredRequest{NewRand: bridge.NewRandOrPanic}
IssuerNonce = make([]byte, 32)
n, err := rand.Read(IssuerNonce)
Expect(n).To(BeEquivalentTo(32))
Expect(err).NotTo(HaveOccurred())
})
Context("sign", func() {
It("fail on nil user secret key", func() {
raw, err := CredRequest.Sign(nil, issuerPublicKey)
raw, err := CredRequest.Sign(nil, issuerPublicKey, IssuerNonce)
Expect(err.Error()).To(BeEquivalentTo("invalid user secret key, expected *Big, got [<nil>]"))
Expect(raw).To(BeNil())
})
It("fail on invalid user secret key", func() {
raw, err := CredRequest.Sign(issuerPublicKey, issuerPublicKey)
raw, err := CredRequest.Sign(issuerPublicKey, issuerPublicKey, IssuerNonce)
Expect(err.Error()).To(BeEquivalentTo("invalid user secret key, expected *Big, got [*bridge.IssuerPublicKey]"))
Expect(raw).To(BeNil())
})
It("fail on nil issuer public key", func() {
raw, err := CredRequest.Sign(userSecretKey, nil)
raw, err := CredRequest.Sign(userSecretKey, nil, IssuerNonce)
Expect(err.Error()).To(BeEquivalentTo("invalid issuer public key, expected *IssuerPublicKey, got [<nil>]"))
Expect(raw).To(BeNil())
})
It("fail on invalid issuer public key", func() {
raw, err := CredRequest.Sign(userSecretKey, &mock.IssuerPublicKey{})
raw, err := CredRequest.Sign(userSecretKey, &mock.IssuerPublicKey{}, IssuerNonce)
Expect(err.Error()).To(BeEquivalentTo("invalid issuer public key, expected *IssuerPublicKey, got [*mock.IssuerPublicKey]"))
Expect(raw).To(BeNil())
})
It("fail on nil nonce", func() {
raw, err := CredRequest.Sign(userSecretKey, issuerPublicKey, nil)
Expect(err.Error()).To(BeEquivalentTo("invalid issuer nonce, expected length 32, got 0"))
Expect(raw).To(BeNil())
})
It("fail on empty nonce", func() {
raw, err := CredRequest.Sign(userSecretKey, issuerPublicKey, []byte{})
Expect(err.Error()).To(BeEquivalentTo("invalid issuer nonce, expected length 32, got 0"))
Expect(raw).To(BeNil())
})
It("panic on rand failure", func() {
CredRequest.NewRand = NewRandPanic
raw, err := CredRequest.Sign(userSecretKey, issuerPublicKey)
raw, err := CredRequest.Sign(userSecretKey, issuerPublicKey, IssuerNonce)
Expect(err.Error()).To(BeEquivalentTo("failure [new rand panic]"))
Expect(raw).To(BeNil())
})
......@@ -332,24 +352,25 @@ var _ = Describe("Idemix Bridge", func() {
Context("verify", func() {
It("panic on nil credential request", func() {
err := CredRequest.Verify(nil, issuerPublicKey)
err := CredRequest.Verify(nil, issuerPublicKey, IssuerNonce)
Expect(err.Error()).To(BeEquivalentTo("failure [runtime error: index out of range]"))
})
It("fail on invalid credential request", func() {
err := CredRequest.Verify([]byte{0, 1, 2, 3, 4}, issuerPublicKey)
err := CredRequest.Verify([]byte{0, 1, 2, 3, 4}, issuerPublicKey, IssuerNonce)
Expect(err.Error()).To(BeEquivalentTo("proto: idemix.CredRequest: illegal tag 0 (wire type 0)"))
})
It("fail on nil issuer public key", func() {
err := CredRequest.Verify(nil, nil)
err := CredRequest.Verify(nil, nil, IssuerNonce)
Expect(err.Error()).To(BeEquivalentTo("invalid issuer public key, expected *IssuerPublicKey, got [<nil>]"))
})
It("fail on invalid issuer public key", func() {
err := CredRequest.Verify(nil, &mock.IssuerPublicKey{})
err := CredRequest.Verify(nil, &mock.IssuerPublicKey{}, IssuerNonce)
Expect(err.Error()).To(BeEquivalentTo("invalid issuer public key, expected *IssuerPublicKey, got [*mock.IssuerPublicKey]"))
})
})
})
......@@ -590,6 +611,7 @@ var _ = Describe("Idemix Bridge", func() {
CredRequest handlers.CredRequest
CredentialRequestSigner *handlers.CredentialRequestSigner
CredentialRequestVerifier *handlers.CredentialRequestVerifier
IssuerNonce []byte
credRequest []byte
Credential handlers.Credential
......@@ -631,13 +653,18 @@ var _ = Describe("Idemix Bridge", func() {
Expect(err).NotTo(HaveOccurred())
// Credential Request for User
IssuerNonce = make([]byte, 32)
n, err := rand.Read(IssuerNonce)
Expect(n).To(BeEquivalentTo(32))
Expect(err).NotTo(HaveOccurred())
CredRequest = &bridge.CredRequest{NewRand: bridge.NewRandOrPanic}
CredentialRequestSigner = &handlers.CredentialRequestSigner{CredRequest: CredRequest}
CredentialRequestVerifier = &handlers.CredentialRequestVerifier{CredRequest: CredRequest}
credRequest, err = CredentialRequestSigner.Sign(
UserKey,
bccsp.IdemixEmptyDigest(),
&bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: IssuerPublicKey},
&bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: IssuerPublicKey, IssuerNonce: IssuerNonce},
)
Expect(err).NotTo(HaveOccurred())
......@@ -685,7 +712,7 @@ var _ = Describe("Idemix Bridge", func() {
IssuerPublicKey,
credRequest,
bccsp.IdemixEmptyDigest(),
nil,
&bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce},
)
Expect(err).NotTo(HaveOccurred())
Expect(valid).To(BeTrue())
......@@ -722,7 +749,45 @@ var _ = Describe("Idemix Bridge", func() {
Context("the environment is not valid with the respect to different parameters", func() {
It("invalid credential request nonce", func() {
valid, err := CredentialRequestVerifier.Verify(
IssuerPublicKey,
credRequest,
bccsp.IdemixEmptyDigest(),
&bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: []byte("pine-apple-pine-apple-pine-apple")},
)
Expect(err.Error()).To(BeEquivalentTo(fmt.Sprintf("invalid nonce, expected [%v], got [%v]", []byte("pine-apple-pine-apple-pine-apple"), IssuerNonce)))
Expect(valid).ToNot(BeTrue())
})
It("invalid credential request nonce, too short", func() {
valid, err := CredentialRequestVerifier.Verify(
IssuerPublicKey,
credRequest,
bccsp.IdemixEmptyDigest(),
&bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: []byte("pine-aple-pine-apple-pinapple")},
)
Expect(err.Error()).To(BeEquivalentTo("invalid issuer nonce, expected length 32, got 29"))
Expect(valid).ToNot(BeTrue())
})
It("invalid credential request", func() {
if credRequest[4] == 0 {
credRequest[4] = 1
} else {
credRequest[4] = 0
}
valid, err := CredentialRequestVerifier.Verify(
IssuerPublicKey,
credRequest,
bccsp.IdemixEmptyDigest(),
&bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce},
)
Expect(err.Error()).To(BeEquivalentTo("zero knowledge proof is invalid"))
Expect(valid).ToNot(BeTrue())
})
It("invalid credential request in verifying credential", func() {
credRequest[4] = 0
credential, err := CredentialSigner.Sign(
IssuerKey,
......
......@@ -6,6 +6,8 @@ SPDX-License-Identifier: Apache-2.0
package bridge
import (
"bytes"
"github.com/golang/protobuf/proto"
"github.com/hyperledger/fabric-amcl/amcl"
"github.com/hyperledger/fabric/bccsp/idemix/handlers"
......@@ -22,7 +24,7 @@ type CredRequest struct {
// Sign produces an idemix credential request. It takes in input a user secret key and
// an issuer public key.
func (cr *CredRequest) Sign(sk handlers.Big, ipk handlers.IssuerPublicKey) (res []byte, err error) {
func (cr *CredRequest) Sign(sk handlers.Big, ipk handlers.IssuerPublicKey, nonce []byte) (res []byte, err error) {
defer func() {
if r := recover(); r != nil {
res = nil
......@@ -38,12 +40,15 @@ func (cr *CredRequest) Sign(sk handlers.Big, ipk handlers.IssuerPublicKey) (res
if !ok {
return nil, errors.Errorf("invalid issuer public key, expected *IssuerPublicKey, got [%T]", ipk)
}
if len(nonce) != cryptolib.FieldBytes {
return nil, errors.Errorf("invalid issuer nonce, expected length %d, got %d", cryptolib.FieldBytes, len(nonce))
}
rng := cr.NewRand()
credRequest := cryptolib.NewCredRequest(
isk.E,
cryptolib.RandModOrder(rng),
nonce,
iipk.PK,
rng)
......@@ -52,7 +57,7 @@ func (cr *CredRequest) Sign(sk handlers.Big, ipk handlers.IssuerPublicKey) (res
// Verify checks that the passed credential request is valid with the respect to the passed
// issuer public key.
func (*CredRequest) Verify(credentialRequest []byte, ipk handlers.IssuerPublicKey) (err error) {
func (*CredRequest) Verify(credentialRequest []byte, ipk handlers.IssuerPublicKey, nonce []byte) (err error) {
defer func() {
if r := recover(); r != nil {
err = errors.Errorf("failure [%s]", r)
......@@ -70,5 +75,18 @@ func (*CredRequest) Verify(credentialRequest []byte, ipk handlers.IssuerPublicKe
return errors.Errorf("invalid issuer public key, expected *IssuerPublicKey, got [%T]", ipk)
}
return credRequest.Check(iipk.PK)
err = credRequest.Check(iipk.PK)
if err != nil {
return err
}
// Nonce checks
if len(nonce) != cryptolib.FieldBytes {
return errors.Errorf("invalid issuer nonce, expected length %d, got %d", cryptolib.FieldBytes, len(nonce))
}
if !bytes.Equal(nonce, credRequest.IssuerNonce) {
return errors.Errorf("invalid nonce, expected [%v], got [%v]", nonce, credRequest.IssuerNonce)
}
return nil
}
......@@ -38,7 +38,7 @@ func (c *CredentialRequestSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.Si
return nil, errors.New("invalid digest, the idemix empty digest is expected")
}
return c.CredRequest.Sign(userSecretKey.sk, issuerPK.pk)
return c.CredRequest.Sign(userSecretKey.sk, issuerPK.pk, credentialRequestSignerOpts.IssuerNonce)
}
// CredentialRequestVerifier verifies credential requests
......@@ -55,8 +55,12 @@ func (c *CredentialRequestVerifier) Verify(k bccsp.Key, signature, digest []byte
if !reflect.DeepEqual(digest, bccsp.IdemixEmptyDigest()) {
return false, errors.New("invalid digest, the idemix empty digest is expected")
}
credentialRequestSignerOpts, ok := opts.(*bccsp.IdemixCredentialRequestSignerOpts)
if !ok {
return false, errors.New("invalid options, expected *IdemixCredentialRequestSignerOpts")
}
err := c.CredRequest.Verify(signature, issuerPublicKey.pk)
err := c.CredRequest.Verify(signature, issuerPublicKey.pk, credentialRequestSignerOpts.IssuerNonce)
if err != nil {
return false, err
}
......
......@@ -6,6 +6,8 @@ SPDX-License-Identifier: Apache-2.0
package handlers_test
import (
"crypto/rand"
"github.com/hyperledger/fabric/bccsp"
"github.com/hyperledger/fabric/bccsp/idemix/handlers"
"github.com/hyperledger/fabric/bccsp/idemix/handlers/mock"
......@@ -158,11 +160,16 @@ var _ = Describe("Credential Request", func() {
var (
CredentialRequestVerifier *handlers.CredentialRequestVerifier
IssuerNonce []byte
fakeCredRequest *mock.CredRequest
)
BeforeEach(func() {
fakeCredRequest = &mock.CredRequest{}
IssuerNonce = make([]byte, 32)
n, err := rand.Read(IssuerNonce)
Expect(n).To(BeEquivalentTo(32))
Expect(err).NotTo(HaveOccurred())
CredentialRequestVerifier = &handlers.CredentialRequestVerifier{CredRequest: fakeCredRequest}
})
......@@ -176,7 +183,7 @@ var _ = Describe("Credential Request", func() {
handlers.NewIssuerPublicKey(nil),
[]byte("fake signature"),
bccsp.IdemixEmptyDigest(),
nil,
&bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce},
)
Expect(err).NotTo(HaveOccurred())
Expect(valid).To(BeTrue())
......@@ -193,7 +200,7 @@ var _ = Describe("Credential Request", func() {
handlers.NewIssuerPublicKey(nil),
[]byte("fake signature"),
bccsp.IdemixEmptyDigest(),
nil,
&bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce},
)
Expect(err).To(MatchError("verify error"))
Expect(valid).To(BeFalse())
......@@ -208,7 +215,7 @@ var _ = Describe("Credential Request", func() {
nil,
[]byte("fake signature"),
nil,
nil,
&bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce},
)
Expect(err).To(MatchError("invalid key, expected *issuerPublicKey"))
Expect(valid).To(BeFalse())
......@@ -221,7 +228,7 @@ var _ = Describe("Credential Request", func() {
handlers.NewUserSecretKey(nil, false),
[]byte("fake signature"),
nil,
nil,
&bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce},
)
Expect(err).To(MatchError("invalid key, expected *issuerPublicKey"))
Expect(valid).To(BeFalse())
......@@ -234,13 +241,38 @@ var _ = Describe("Credential Request", func() {
handlers.NewIssuerPublicKey(nil),
[]byte("fake signature"),
[]byte{1, 2, 3, 4},
nil,
&bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce},
)
Expect(err).To(MatchError("invalid digest, the idemix empty digest is expected"))
Expect(valid).To(BeFalse())
})
})
Context("and nil options are passed", func() {
It("returns error", func() {
valid, err := CredentialRequestVerifier.Verify(
handlers.NewIssuerPublicKey(nil),
[]byte("fake signature"),
bccsp.IdemixEmptyDigest(),
nil,
)
Expect(err).To(MatchError("invalid options, expected *IdemixCredentialRequestSignerOpts"))
Expect(valid).To(BeFalse())
})
})
Context("and non-valid options are passed", func() {
It("returns error", func() {
valid, err := CredentialRequestVerifier.Verify(
handlers.NewIssuerPublicKey(nil),
[]byte("fake signature"),
bccsp.IdemixEmptyDigest(),
&bccsp.IdemixCRISignerOpts{},
)
Expect(err).To(MatchError("invalid options, expected *IdemixCredentialRequestSignerOpts"))
Expect(valid).To(BeFalse())
})
})
})
})
})
......
......@@ -74,10 +74,10 @@ type User interface {
type CredRequest interface {
// Sign creates a new Credential Request, the first message of the interactive credential issuance protocol
// (from user to issuer)
Sign(sk Big, ipk IssuerPublicKey) ([]byte, error)
Sign(sk Big, ipk IssuerPublicKey, nonce []byte) ([]byte, error)
// Verify verifies the credential request
Verify(credRequest []byte, ipk IssuerPublicKey) error
Verify(credRequest []byte, ipk IssuerPublicKey, nonce []byte) error
}
// CredRequest is a local interface to decouple from the idemix implementation
......
......@@ -8,11 +8,12 @@ import (
)
type CredRequest struct {
SignStub func(sk handlers.Big, ipk handlers.IssuerPublicKey) ([]byte, error)
SignStub func(sk handlers.Big, ipk handlers.IssuerPublicKey, nonce []byte) ([]byte, error)
signMutex sync.RWMutex
signArgsForCall []struct {
sk handlers.Big
ipk handlers.IssuerPublicKey
sk handlers.Big
ipk handlers.IssuerPublicKey
nonce []byte
}
signReturns struct {
result1 []byte
......@@ -22,11 +23,12 @@ type CredRequest struct {
result1 []byte
result2 error
}
VerifyStub func(credRequest []byte, ipk handlers.IssuerPublicKey) error
VerifyStub func(credRequest []byte, ipk handlers.IssuerPublicKey, nonce []byte) error
verifyMutex sync.RWMutex
verifyArgsForCall []struct {
credRequest []byte
ipk handlers.IssuerPublicKey
nonce []byte
}
verifyReturns struct {
result1 error
......@@ -38,17 +40,23 @@ type CredRequest struct {
invocationsMutex sync.RWMutex
}
func (fake *CredRequest) Sign(sk handlers.Big, ipk handlers.IssuerPublicKey) ([]byte, error) {
func (fake *CredRequest) Sign(sk handlers.Big, ipk handlers.IssuerPublicKey, nonce []byte) ([]byte, error) {
var nonceCopy []byte
if nonce != nil {
nonceCopy = make([]byte, len(nonce))
copy(nonceCopy, nonce)
}
fake.signMutex.Lock()
ret, specificReturn := fake.signReturnsOnCall[len(fake.signArgsForCall)]
fake.signArgsForCall = append(fake.signArgsForCall, struct {
sk handlers.Big
ipk handlers.IssuerPublicKey
}{sk, ipk})
fake.recordInvocation("Sign", []interface{}{sk, ipk})
sk handlers.Big
ipk handlers.IssuerPublicKey
nonce []byte
}{sk, ipk, nonceCopy})
fake.recordInvocation("Sign", []interface{}{sk, ipk, nonceCopy})
fake.signMutex.Unlock()
if fake.SignStub != nil {
return fake.SignStub(sk, ipk)
return fake.SignStub(sk, ipk, nonce)
}
if specificReturn {
return ret.result1, ret.result2
......@@ -62,10 +70,10 @@ func (fake *CredRequest) SignCallCount() int {
return len(fake.signArgsForCall)
}
func (fake *CredRequest) SignArgsForCall(i int) (handlers.Big, handlers.IssuerPublicKey) {
func (fake *CredRequest) SignArgsForCall(i int) (handlers.Big, handlers.IssuerPublicKey, []byte) {
fake.signMutex.RLock()
defer fake.signMutex.RUnlock()
return fake.signArgsForCall[i].sk, fake.signArgsForCall[i].ipk
return fake.signArgsForCall[i].sk, fake.signArgsForCall[i].ipk, fake.signArgsForCall[i].nonce
}
func (fake *CredRequest) SignReturns(result1 []byte, result2 error) {
......@@ -90,22 +98,28 @@ func (fake *CredRequest) SignReturnsOnCall(i int, result1 []byte, result2 error)
}{result1, result2}
}
func (fake *CredRequest) Verify(credRequest []byte, ipk handlers.IssuerPublicKey) error {
func (fake *CredRequest) Verify(credRequest []byte, ipk handlers.IssuerPublicKey, nonce []byte) error {
var credRequestCopy []byte
if credRequest != nil {
credRequestCopy = make([]byte, len(credRequest))
copy(credRequestCopy, credRequest)
}
var nonceCopy []byte
if nonce != nil {
nonceCopy = make([]byte, len(nonce))
copy(nonceCopy, nonce)
}
fake.verifyMutex.Lock()
ret, specificReturn := fake.verifyReturnsOnCall[len(fake.verifyArgsForCall)]
fake.verifyArgsForCall = append(fake.verifyArgsForCall, struct {
credRequest []byte
ipk handlers.IssuerPublicKey
}{credRequestCopy, ipk})
fake.recordInvocation("Verify", []interface{}{credRequestCopy, ipk})
nonce []byte
}{credRequestCopy, ipk, nonceCopy})
fake.recordInvocation("Verify", []interface{}{credRequestCopy, ipk, nonceCopy})
fake.verifyMutex.Unlock()
if fake.VerifyStub != nil {
return fake.VerifyStub(credRequest, ipk)
return fake.VerifyStub(credRequest, ipk, nonce)
}
if specificReturn {
return ret.result1
......@@ -119,10 +133,10 @@ func (fake *CredRequest) VerifyCallCount() int {
return len(fake.verifyArgsForCall)
}
func (fake *CredRequest) VerifyArgsForCall(i int) ([]byte, handlers.IssuerPublicKey) {
func (fake *CredRequest) VerifyArgsForCall(i int) ([]byte, handlers.IssuerPublicKey, []byte) {
fake.verifyMutex.RLock()
defer fake.verifyMutex.RUnlock()
return fake.verifyArgsForCall[i].credRequest, fake.verifyArgsForCall[i].ipk
return fake.verifyArgsForCall[i].credRequest, fake.verifyArgsForCall[i].ipk, fake.verifyArgsForCall[i].nonce
}
func (fake *CredRequest) VerifyReturns(result1 error) {
......
......@@ -15,7 +15,9 @@ type RevocationAlgorithm int32
const (
// IDEMIX constant to identify Idemix related algorithms
IDEMIX = "IDEMIX"
)
const (
// AlgNoRevocation means no revocation support
AlgNoRevocation RevocationAlgorithm = iota
)
......@@ -147,6 +149,9 @@ type IdemixCredentialRequestSignerOpts struct {
Attributes []int
// IssuerPK is the public-key of the issuer
IssuerPK Key
// IssuerNonce is generated by the issuer and used by the client to generate the credential request.
// Once the issuer gets the credential requests, it checks that the nonce is the same.
IssuerNonce []byte
// HashFun is the hash function to be used
H crypto.Hash
}
......
......@@ -63,7 +63,7 @@ func GenerateSignerConfig(roleMask int, ouString string, enrollmentId string, re
return nil, errors.WithMessage(err, "Error getting PRNG")
}
sk := idemix.RandModOrder(rng)
ni := idemix.RandModOrder(rng)
ni := idemix.BigToBytes(idemix.RandModOrder(rng))
msg := idemix.NewCredRequest(sk, ni, key.Ipk, rng)
cred, err := idemix.NewCredential(key, msg, attrs, rng)
if err != nil {
......
......@@ -32,7 +32,7 @@ const credRequestLabel = "credRequest"
// NewCredRequest creates a new Credential Request, the first message of the interactive credential issuance protocol
// (from user to issuer)
func NewCredRequest(sk *FP256BN.BIG, IssuerNonce *FP256BN.BIG, ipk *IssuerPublicKey, rng *amcl.RAND) *CredRequest {
func NewCredRequest(sk *FP256BN.BIG, IssuerNonce []byte, ipk *IssuerPublicKey, rng *amcl.RAND) *CredRequest {
// Set Nym as h_{sk}^{sk}
HSk := EcpFromProto(ipk.HSk)
Nym := HSk.Mul(sk)
......@@ -57,7 +57,7 @@ func NewCredRequest(sk *FP256BN.BIG, IssuerNonce *FP256BN.BIG, ipk *IssuerPublic
index = appendBytesG1(proofData, index, t)
index = appendBytesG1(proofData, index, HSk)
index = appendBytesG1(proofData, index, Nym)
index = appendBytesBig(proofData, index, IssuerNonce)
index = appendBytes(proofData, index, IssuerNonce)
copy(proofData[index:], ipk.Hash)
proofC := HashModOrder(proofData)
......@@ -67,7 +67,7 @@ func NewCredRequest(sk *FP256BN.BIG, IssuerNonce *FP256BN.BIG, ipk *IssuerPublic
// Done
return &CredRequest{
Nym: EcpToProto(Nym),
IssuerNonce: BigToBytes(IssuerNonce),
IssuerNonce: IssuerNonce,
ProofC: BigToBytes(proofC),
ProofS: BigToBytes(proofS)}
}
......@@ -75,7 +75,7 @@ func NewCredRequest(sk *FP256BN.BIG, IssuerNonce *FP256BN.BIG, ipk *IssuerPublic