irma

package module
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 14, 2019 License: Apache-2.0 Imports: 40 Imported by: 0

README

irmago   GoDoc Go Report Card

irmago is an IRMA implementation in Go. It contains multiple libraries and applications:

  • The commandline tool irma, which contains an IRMA server; subcommands for manipulating IRMA schemes, generating IRMA issuer public/private keypairs, performing test IRMA sessions on the command line; and more.
  • The Go library irmaserver providing a HTTP server that handles IRMA session with the IRMA mobile app, and functions for starting and managing IRMA sessions.
  • The root package irma contains generic IRMA functionality used by all other components below, such as parsing IRMA schemes, parsing IRMA metadata attributes, and structs representing messages of the IRMA protocol.
  • The Go package irmaclient is a library that serves as the client in the IRMA protocol; it can receive and disclose IRMA attributes and store and read them from storage. It also implements the keyshare protocol and handles registering to keyshare servers. The IRMA mobile app uses irmaclient.

Documentation

Technical documentation of all components of irmago and more can be found at https://irma.app/docs.

Installing

go get -d -u github.com/privacybydesign/irmago

irmago and its subpackages uses dep for its dependencies. After Installing dep if necesssary, run

cd $GOPATH/src/github.com/privacybydesign/irmago
dep ensure

to download and vendor the correct version of each dependency. To install the irma command line tool:

go install ./irma

Running the unit tests

The tests can be run using:

go test -v -p 1 --tags=local_tests ./...
  • The option ./... makes sure all tests are run. You can also limit the number of tests by only running the tests from a single directory or even from a single file, for example only running all tests in the directory ./internal/sessiontest. When you only want to execute one single test, for example the TestDisclosureSession test, you can do this by adding the option -run TestDisclosureSession.
  • The option -p 1 is necessary to prevent parallel execution of tests. Most tests use file manipulation and therefore tests can interfere.

The command above only runs the local tests. These tests cover all regular use cases. The tests that are dependent on the irma_keyshare_server are skipped. These tests are only relevant for client implementations, like the IRMA app.

If you do want to also run the tests using a keyshare server, you have to run your own local instance. How to set up a keyshare server suitable for these tests is described below. After this is done, the tests can be added by removing the --tags=local_tests parameter from the command.

IRMA Keyshare Server

An irma_keyshare_server suitable for testing irmago can be set up in the following way:

  • Copy or symlink the irma_configuration folder from testdata/ to the configuration of the Keyshare server.

    • Note that a gradle appRun won't automatically use the new irma_configuration folder if it was already built with an old one. For this, use gradle clean.

  • Add the keyshare user used in the unit tests to the keyshare database by a command like this:

      mysql -uirma -pirma irma_keyshare < keyshareuser.sql

  • Make sure check_user_enabled is set to false in the Keyshare server configuration. Other options are already setup correctly in the example configuration.

Documentation

Overview

Package irma contains generic IRMA strucs and logic of use to all IRMA participants. It parses irma_configuration folders to scheme managers, issuers, credential types and public keys; it contains various messages from the IRMA protocol; it parses IRMA metadata attributes; and it contains attribute and credential verification logic.

Index

Constants

View Source 
const (
	SchemeManagerStatusValid               = SchemeManagerStatus("Valid")
	SchemeManagerStatusUnprocessed         = SchemeManagerStatus("Unprocessed")
	SchemeManagerStatusInvalidIndex        = SchemeManagerStatus("InvalidIndex")
	SchemeManagerStatusInvalidSignature    = SchemeManagerStatus("InvalidSignature")
	SchemeManagerStatusParsingError        = SchemeManagerStatus("ParsingError")
	SchemeManagerStatusContentParsingError = SchemeManagerStatus("ContentParsingError")
)
View Source 
const (
	MinVersionHeader = "X-IRMA-MinProtocolVersion"
	MaxVersionHeader = "X-IRMA-MaxProtocolVersion"
)
View Source 
const (
	StatusConnected     = Status("connected")
	StatusCommunicating = Status("communicating")
	StatusManualStarted = Status("manualStarted")
)

Statuses

View Source 
const (
	ActionSchemeManager = Action("schememanager")
	ActionDisclosing    = Action("disclosing")
	ActionSigning       = Action("signing")
	ActionIssuing       = Action("issuing")
	ActionRedirect      = Action("redirect")
	ActionUnknown       = Action("unknown")
)

Actions

View Source 
const (
	// Protocol version not supported
	ErrorProtocolVersionNotSupported = ErrorType("protocolVersionNotSupported")
	// Error in HTTP communication
	ErrorTransport = ErrorType("transport")
	// Invalid client JWT in first IRMA message
	ErrorInvalidJWT = ErrorType("invalidJwt")
	// Unkown session type (not disclosing, signing, or issuing)
	ErrorUnknownAction = ErrorType("unknownAction")
	// Crypto error during calculation of our response (second IRMA message)
	ErrorCrypto = ErrorType("crypto")
	// Server rejected our response (second IRMA message)
	ErrorRejected = ErrorType("rejected")
	// (De)serializing of a message failed
	ErrorSerialization = ErrorType("serialization")
	// Error in keyshare protocol
	ErrorKeyshare = ErrorType("keyshare")
	// API server error
	ErrorApi = ErrorType("api")
	// Server returned unexpected or malformed response
	ErrorServerResponse = ErrorType("serverResponse")
	// Credential type not present in our Configuration
	ErrorUnknownIdentifier = ErrorType("unknownIdentifier")
	// Error during downloading of credential type, issuer, or public keys
	ErrorConfigurationDownload = ErrorType("configurationDownload")
	// IRMA requests refers to unknown scheme manager
	ErrorUnknownSchemeManager = ErrorType("unknownSchemeManager")
	// A session is requested involving a scheme manager that has some problem
	ErrorInvalidSchemeManager = ErrorType("invalidSchemeManager")
	// Invalid session request
	ErrorInvalidRequest = ErrorType("invalidRequest")
	// Recovered panic
	ErrorPanic = ErrorType("panic")
)

Protocol errors

View Source 
const (
	LDContextDisclosureRequest = "https://irma.app/ld/request/disclosure/v2"
	LDContextSignatureRequest  = "https://irma.app/ld/request/signature/v2"
	LDContextIssuanceRequest   = "https://irma.app/ld/request/issuance/v2"
)
View Source 
const (
	ProofStatusValid             = ProofStatus("VALID")              // Proof is valid
	ProofStatusInvalid           = ProofStatus("INVALID")            // Proof is invalid
	ProofStatusInvalidTimestamp  = ProofStatus("INVALID_TIMESTAMP")  // Attribute-based signature had invalid timestamp
	ProofStatusUnmatchedRequest  = ProofStatus("UNMATCHED_REQUEST")  // Proof does not correspond to a specified request
	ProofStatusMissingAttributes = ProofStatus("MISSING_ATTRIBUTES") // Proof does not contain all requested attributes
	ProofStatusExpired           = ProofStatus("EXPIRED")            // Attributes were expired at proof creation time (now, or according to timestamp in case of abs)

	AttributeProofStatusPresent = AttributeProofStatus("PRESENT") // Attribute is disclosed and matches the value
	AttributeProofStatusExtra   = AttributeProofStatus("EXTRA")   // Attribute is disclosed, but wasn't requested in request
	AttributeProofStatusNull    = AttributeProofStatus("NULL")    // Attribute is disclosed but is null
)
View Source 
const (
	// ExpiryFactor is the precision for the expiry attribute. Value is one week.
	ExpiryFactor = 60 * 60 * 24 * 7
)
View Source 
const LDContextSignedMessage = "https://irma.app/ld/signature/v2"
View Source 
const Version = "0.4.1"

Version of the IRMA command line and libraries

Variables

View Source 
var DefaultSchemeManagers = [2]SchemeManagerPointer{
	{
		Url: "https://privacybydesign.foundation/schememanager/irma-demo",
		Publickey: []byte(`-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHVnmAY+kGkFZn7XXozdI4HY8GOjm
54ngh4chTfn6WsTCf2w5rprfIqML61z2VTE4k8yJ0Z1QbyW6cdaao8obTQ==
-----END PUBLIC KEY-----`),
	},
	{
		Url: "https://privacybydesign.foundation/schememanager/pbdf",
		Publickey: []byte(`-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELzHV5ipBimWpuZIDaQQd+KmNpNop
dpBeCqpDwf+Grrw9ReODb6nwlsPJ/c/gqLnc+Y3sKOAJ2bFGI+jHBSsglg==
-----END PUBLIC KEY-----`),
	},
}
View Source 
var ErrorMissingPublicKey = errors.New("Missing public key")
View Source 
var ForceHttps bool = false

disabled until we offer a convenient way to toggle this in irma_mobile

View Source 
var Logger *logrus.Logger

Logger is used for logging. If not set, init() will initialize it to logrus.StandardLogger().

Functions

func ASN1ConvertSignatureNonce 

func ASN1ConvertSignatureNonce(message string, nonce *big.Int, timestamp *atum.Timestamp) *big.Int

ASN1ConvertSignatureNonce computes the nonce that is used in the creation of the attribute-based signature: 

nonce = SHA256(serverNonce, SHA256(message), timestampSignature)

where serverNonce is the nonce sent by the signature requestor.

func FloorToEpochBoundary 

func FloorToEpochBoundary(t time.Time) time.Time

FloorToEpochBoundary returns the greatest time not greater than the argument that falls on the boundary of an epoch for attribute validity or expiry, of which the value is defined by ExpiryFactor (one week).

func GetMetadataVersion 

func GetMetadataVersion(v *ProtocolVersion) byte

GetMetadataVersion maps a chosen protocol version to a metadata version that the server will use.

func GetTimestamp 

func GetTimestamp(message string, sigs []*big.Int, disclosed [][]*big.Int, conf *Configuration) (*atum.Timestamp, error)

GetTimestamp GETs a signed timestamp (a signature over the current time and the parameters) over the message to be signed, the randomized signatures over the attributes, and the disclosed attributes, for in attribute-based signature sessions.

func ParseApiServerJwt 

func ParseApiServerJwt(inputJwt string, signingKey *rsa.PublicKey) (map[AttributeTypeIdentifier]*DisclosedAttribute, error)

ParseApiServerJwt verifies and parses a JWT as returned by an irma_api_server after a disclosure request into a key-value pair.

func ParsePemEcdsaPublicKey 

func ParsePemEcdsaPublicKey(pkbts []byte) (*ecdsa.PublicKey, error)

func SignRequestorRequest 

func SignRequestorRequest(request RequestorRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)

func SignSessionRequest 

func SignSessionRequest(request SessionRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)

func TimestampRequest 

func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, new bool, conf *Configuration) (
	[]byte, string, error)

TimestampRequest computes the nonce to be signed by a timestamp server, given a message to be signed in an attribute-based signature session along with the randomized signatures over the attributes and the disclosed attributes. The url of the timestamp server that should be used to validate the request is returned as the second return value.

func UnmarshalValidate 

func UnmarshalValidate(data []byte, dest interface{}) error

UnmarshalValidate json.Unmarshal's data, and validates it using the Validate() method if dest implements the Validator interface.

Types

type Action 

type Action string

Action encodes the session type of an IRMA session (e.g., disclosing).

type AttributeCon added in v0.3.0 

type AttributeCon []AttributeRequest

An AttributeCon is only satisfied if all of its containing attribute requests are satisfied.

func (AttributeCon) CredentialTypes added in v0.3.0 

func (c AttributeCon) CredentialTypes() []CredentialTypeIdentifier

CredentialTypes returns an array of all credential types occuring in this conjunction.

func (AttributeCon) Satisfy added in v0.3.0 

func (c AttributeCon) Satisfy(proofs gabi.ProofList, indices []*DisclosedAttributeIndex, conf *Configuration) (bool, []*DisclosedAttribute, error)

Satisfy returns if each of the attributes specified by proofs and indices satisfies each of the contained AttributeRequests's. If so it also returns a list of the disclosed attribute values.

func (AttributeCon) Validate added in v0.3.0 

func (c AttributeCon) Validate() error

type AttributeConDisCon added in v0.3.0 

type AttributeConDisCon []AttributeDisCon

AttributeConDisCon is only satisfied if all of the containing AttributeDisCon are satisfied.

func (AttributeConDisCon) Iterate added in v0.3.0 

func (cdc AttributeConDisCon) Iterate(f func(attr *AttributeRequest) error) error

func (AttributeConDisCon) Satisfy added in v0.3.0 

func (cdc AttributeConDisCon) Satisfy(disclosure *Disclosure, conf *Configuration) (bool, [][]*DisclosedAttribute, error)

Satisfy returns true if each of the contained AttributeDisCon is satisfied by the specified disclosure. If so it also returns the disclosed attributes.

func (AttributeConDisCon) Validate added in v0.3.0 

func (cdc AttributeConDisCon) Validate(conf *Configuration) error

type AttributeDisCon added in v0.3.0 

type AttributeDisCon []AttributeCon

An AttributeDisCon is satisfied if at least one of its containing AttributeCon is satisfied.

func (AttributeDisCon) Satisfy added in v0.3.0 

func (dc AttributeDisCon) Satisfy(proofs gabi.ProofList, indices []*DisclosedAttributeIndex, conf *Configuration) (bool, []*DisclosedAttribute, error)

Satisfy returns true if the attributes specified by proofs and indices satisfies any one of the contained AttributeCon's. If so it also returns a list of the disclosed attribute values.

func (AttributeDisCon) Validate added in v0.3.0 

func (dc AttributeDisCon) Validate() error

type AttributeIdentifier 

type AttributeIdentifier struct {
	Type           AttributeTypeIdentifier
	CredentialHash string
}

AttributeIdentifier identifies an attribute instance.

func (*AttributeIdentifier) CredentialIdentifier 

func (ai *AttributeIdentifier) CredentialIdentifier() CredentialIdentifier

CredentialIdentifier returns the credential identifier of this attribute.

type AttributeList 

type AttributeList struct {
	*MetadataAttribute `json:"-"`
	Ints               []*big.Int
	// contains filtered or unexported fields
}

AttributeList contains attributes, excluding the secret key, providing convenient access to the metadata attribute.

func NewAttributeListFromInts 

func NewAttributeListFromInts(ints []*big.Int, conf *Configuration) *AttributeList

NewAttributeListFromInts initializes a new AttributeList from a list of bigints.

func (*AttributeList) Attribute 

func (al *AttributeList) Attribute(identifier AttributeTypeIdentifier) TranslatedString

Attribute returns the content of the specified attribute, or nil if not present in this attribute list.

func (*AttributeList) Hash 

func (al *AttributeList) Hash() string

func (*AttributeList) Info 

func (al *AttributeList) Info() *CredentialInfo

func (*AttributeList) Map 

func (al *AttributeList) Map(conf *Configuration) map[AttributeTypeIdentifier]TranslatedString

func (*AttributeList) Strings 

func (al *AttributeList) Strings() []TranslatedString

Strings converts the current instance to human-readable strings.

func (*AttributeList) UntranslatedAttribute 

func (al *AttributeList) UntranslatedAttribute(identifier AttributeTypeIdentifier) *string

UntranslatedAttribute decodes the bigint corresponding to the specified attribute.

type AttributeProofStatus 

type AttributeProofStatus string

Status is the proof status of a single attribute

type AttributeRequest added in v0.3.0 

type AttributeRequest struct {
	Type    AttributeTypeIdentifier `json:"type"`
	Value   *string                 `json:"value,omitempty"`
	NotNull bool                    `json:"notNull,omitempty"`
}

An AttributeRequest asks for an instance of an attribute type, possibly requiring it to have a specified value, in a session request.

func NewAttributeRequest added in v0.3.0 

func NewAttributeRequest(attr string) AttributeRequest

NewAttributeRequest requests the specified attribute.

func (*AttributeRequest) MarshalJSON added in v0.3.0 

func (ar *AttributeRequest) MarshalJSON() ([]byte, error)

func (*AttributeRequest) Satisfy added in v0.3.0 

func (ar *AttributeRequest) Satisfy(attr AttributeTypeIdentifier, val *string) bool

Satisfy indicates whether the given attribute type and value satisfies this AttributeRequest.

func (*AttributeRequest) UnmarshalJSON added in v0.3.0 

func (ar *AttributeRequest) UnmarshalJSON(bts []byte) error

type AttributeType 

type AttributeType struct {
	ID          string `xml:"id,attr"`
	Optional    string `xml:"optional,attr"  json:",omitempty"`
	Name        TranslatedString
	Description TranslatedString

	Index        int  `xml:"-"`
	DisplayIndex *int `xml:"displayIndex,attr" json:",omitempty"`

	// Taken from containing CredentialType
	CredentialTypeID string `xml:"-"`
	IssuerID         string `xml:"-"`
	SchemeManagerID  string `xml:"-"`
}

AttributeType is a description of an attribute within a credential type.

func (AttributeType) GetAttributeTypeIdentifier 

func (ad AttributeType) GetAttributeTypeIdentifier() AttributeTypeIdentifier

func (AttributeType) IsOptional 

func (ad AttributeType) IsOptional() bool

type AttributeTypeIdentifier 

type AttributeTypeIdentifier struct {
	// contains filtered or unexported fields
}

AttributeTypeIdentifier identifies an attribute. For example "irma-demo.RU.studentCard.studentID".

func NewAttributeTypeIdentifier 

func NewAttributeTypeIdentifier(id string) AttributeTypeIdentifier

NewAttributeTypeIdentifier converts the specified identifier to a AttributeTypeIdentifier.

func (AttributeTypeIdentifier) CredentialTypeIdentifier 

func (id AttributeTypeIdentifier) CredentialTypeIdentifier() CredentialTypeIdentifier

CredentialTypeIdentifier returns the CredentialTypeIdentifier of the attribute identifier.

func (AttributeTypeIdentifier) Empty 

func (oi AttributeTypeIdentifier) Empty() bool

func (AttributeTypeIdentifier) IsCredential 

func (id AttributeTypeIdentifier) IsCredential() bool

IsCredential returns true if this attribute refers to its containing credential (i.e., it consists of only 3 parts).

func (AttributeTypeIdentifier) MarshalText 

func (id AttributeTypeIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (AttributeTypeIdentifier) Name 

func (oi AttributeTypeIdentifier) Name() string

Name returns the last part of this identifier.

func (AttributeTypeIdentifier) Parent 

func (oi AttributeTypeIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (AttributeTypeIdentifier) Root 

func (oi AttributeTypeIdentifier) Root() string

func (AttributeTypeIdentifier) String 

func (oi AttributeTypeIdentifier) String() string

String returns this identifier as a string.

func (*AttributeTypeIdentifier) UnmarshalText 

func (id *AttributeTypeIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

type BaseRequest 

type BaseRequest struct {
	LDContext string `json:"@context,omitempty"`

	// Chosen by the IRMA server during the session
	Context         *big.Int         `json:"context,omitempty"`
	Nonce           *big.Int         `json:"nonce,omitempty"`
	ProtocolVersion *ProtocolVersion `json:"protocolVersion,omitempty"`

	Type Action `json:"type,omitempty"` // Session type, only used in legacy code
	// contains filtered or unexported fields
}

BaseRequest contains the context and nonce for an IRMA session.

func (*BaseRequest) GetContext added in v0.3.0 

func (b *BaseRequest) GetContext() *big.Int

func (*BaseRequest) GetNonce added in v0.3.0 

func (b *BaseRequest) GetNonce(*atum.Timestamp) *big.Int

func (*BaseRequest) Legacy added in v0.3.0 

func (b *BaseRequest) Legacy() bool

type Configuration 

type Configuration struct {
	SchemeManagers  map[SchemeManagerIdentifier]*SchemeManager
	Issuers         map[IssuerIdentifier]*Issuer
	CredentialTypes map[CredentialTypeIdentifier]*CredentialType
	AttributeTypes  map[AttributeTypeIdentifier]*AttributeType

	// Path to the irma_configuration folder that this instance represents
	Path string

	// DisabledSchemeManagers keeps track of scheme managers that did not parse  succesfully
	// (i.e., invalid signature, parsing error), and the problem that occurred when parsing them
	DisabledSchemeManagers map[SchemeManagerIdentifier]*SchemeManagerError

	Warnings []string
	// contains filtered or unexported fields
}

Configuration keeps track of scheme managers, issuers, credential types and public keys, dezerializing them from an irma_configuration folder, and downloads and saves new ones on demand.

func NewConfiguration 

func NewConfiguration(path string) (*Configuration, error)

NewConfiguration returns a new configuration. After this ParseFolder() should be called to parse the specified path.

func NewConfigurationFromAssets 

func NewConfigurationFromAssets(path, assets string) (*Configuration, error)

NewConfigurationFromAssets returns a new configuration, copying the schemes out of the assets folder to path. ParseFolder() should be called to parse the specified path.

func NewConfigurationReadOnly 

func NewConfigurationReadOnly(path string) (*Configuration, error)

NewConfigurationReadOnly returns a new configuration whose representation on disk is never altered. ParseFolder() should be called to parse the specified path.

func (*Configuration) AutoUpdateSchemes 

func (conf *Configuration) AutoUpdateSchemes(interval uint)

func (*Configuration) ContainsAttributeType added in v0.3.0 

func (conf *Configuration) ContainsAttributeType(attr AttributeTypeIdentifier) bool

func (*Configuration) ContainsCredentialType added in v0.3.0 

func (conf *Configuration) ContainsCredentialType(cred CredentialTypeIdentifier) bool

ContainsCredentialType checks if the configuration contains the specified credential type.

func (*Configuration) CopyManagerFromAssets 

func (conf *Configuration) CopyManagerFromAssets(scheme SchemeManagerIdentifier) (bool, error)

func (*Configuration) DeleteSchemeManager 

func (conf *Configuration) DeleteSchemeManager(id SchemeManagerIdentifier) error

func (*Configuration) Download 

func (conf *Configuration) Download(session SessionRequest) (downloaded *IrmaIdentifierSet, err error)

Download downloads the issuers, credential types and public keys specified in set if the current Configuration does not already have them, and checks their authenticity using the scheme manager index.

func (*Configuration) DownloadDefaultSchemes 

func (conf *Configuration) DownloadDefaultSchemes() error

func (*Configuration) DownloadSchemeManagerSignature 

func (conf *Configuration) DownloadSchemeManagerSignature(manager *SchemeManager) (err error)

DownloadSchemeManagerSignature downloads, stores and verifies the latest version of the index file and signature of the specified manager.

func (*Configuration) InstallSchemeManager 

func (conf *Configuration) InstallSchemeManager(manager *SchemeManager, publickey []byte) error

InstallSchemeManager downloads and adds the specified scheme manager to this Configuration, provided its signature is valid.

func (*Configuration) IsInitialized 

func (conf *Configuration) IsInitialized() bool

IsInitialized indicates whether this instance has successfully been initialized.

func (*Configuration) KeyshareServerKeyFunc 

func (conf *Configuration) KeyshareServerKeyFunc(scheme SchemeManagerIdentifier) func(t *jwt.Token) (interface{}, error)

KeyshareServerKeyFunc returns a function that returns the public key with which to verify a keyshare server JWT, suitable for passing to jwt.Parse() and jwt.ParseWithClaims().

func (*Configuration) KeyshareServerPublicKey 

func (conf *Configuration) KeyshareServerPublicKey(scheme SchemeManagerIdentifier, i int) (*rsa.PublicKey, error)

KeyshareServerPublicKey returns the i'th public key of the specified scheme.

func (*Configuration) ParseFolder 

func (conf *Configuration) ParseFolder() (err error)

ParseFolder populates the current Configuration by parsing the storage path, listing the containing scheme managers, issuers and credential types.

func (*Configuration) ParseOrRestoreFolder 

func (conf *Configuration) ParseOrRestoreFolder() error

ParseOrRestoreFolder parses the irma_configuration folder, and when possible attempts to restore any broken scheme managers from their remote. Any error encountered during parsing is considered recoverable only if it is of type *SchemeManagerError; In this case the scheme in which it occured is downloaded from its remote and re-parsed. If any other error is encountered at any time, it is returned immediately. If no error is returned, parsing and possibly restoring has been succesfull, and there should be no disabled scheme managers.

func (*Configuration) ParseSchemeManagerFolder 

func (conf *Configuration) ParseSchemeManagerFolder(dir string, manager *SchemeManager) (err error)

ParseSchemeManagerFolder parses the entire tree of the specified scheme manager If err != nil then a problem occured

func (*Configuration) PrivateKey 

func (conf *Configuration) PrivateKey(id IssuerIdentifier) (*gabi.PrivateKey, error)

PrivateKey returns the specified private key, or nil if not present in the Configuration.

func (*Configuration) Prune 

func (conf *Configuration) Prune()

Prune removes any invalid scheme managers and everything they own from this Configuration

func (*Configuration) PublicKey 

func (conf *Configuration) PublicKey(id IssuerIdentifier, counter int) (*gabi.PublicKey, error)

PublicKey returns the specified public key, or nil if not present in the Configuration.

func (*Configuration) PublicKeyIndices 

func (conf *Configuration) PublicKeyIndices(issuerid IssuerIdentifier) (i []int, err error)

func (*Configuration) ReadAuthenticatedFile 

func (conf *Configuration) ReadAuthenticatedFile(manager *SchemeManager, path string) ([]byte, bool, error)

ReadAuthenticatedFile reads the file at the specified path and verifies its authenticity by checking that the file hash is present in the (signed) scheme manager index file.

func (*Configuration) ReinstallSchemeManager 

func (conf *Configuration) ReinstallSchemeManager(manager *SchemeManager) (err error)

func (*Configuration) RemoveSchemeManager 

func (conf *Configuration) RemoveSchemeManager(id SchemeManagerIdentifier, fromStorage bool) error

RemoveSchemeManager removes the specified scheme manager and all associated issuers, public keys and credential types from this Configuration.

func (*Configuration) StopAutoUpdateSchemes 

func (conf *Configuration) StopAutoUpdateSchemes()

func (*Configuration) UpdateSchemeManager 

func (conf *Configuration) UpdateSchemeManager(id SchemeManagerIdentifier, downloaded *IrmaIdentifierSet) (err error)

UpdateSchemeManager syncs the stored version within the irma_configuration directory with the remote version at the scheme manager's URL, downloading and storing new and modified files, according to the index files of both versions. It stores the identifiers of new or updated credential types or issuers in the second parameter. Note: any newly downloaded files are not yet parsed and inserted into conf.

func (*Configuration) UpdateSchemes added in v0.3.0 

func (conf *Configuration) UpdateSchemes() error

func (*Configuration) ValidateKeys added in v0.3.0 

func (conf *Configuration) ValidateKeys() error

func (*Configuration) VerifySchemeManager 

func (conf *Configuration) VerifySchemeManager(manager *SchemeManager) error

func (*Configuration) VerifySignature 

func (conf *Configuration) VerifySignature(id SchemeManagerIdentifier) (err error)

VerifySignature verifies the signature on the scheme manager index file (which contains the SHA256 hashes of all files under this scheme manager, which are used for verifying file authenticity).

type ConfigurationFileHash 

type ConfigurationFileHash []byte

ConfigurationFileHash encodes the SHA256 hash of an authenticated file under a scheme manager within the configuration folder.

func (ConfigurationFileHash) Equal 

func (hash ConfigurationFileHash) Equal(other ConfigurationFileHash) bool

func (ConfigurationFileHash) String 

func (hash ConfigurationFileHash) String() string

type CredentialIdentifier 

type CredentialIdentifier struct {
	Type CredentialTypeIdentifier
	Hash string
}

CredentialIdentifier identifies a credential instance.

type CredentialInfo 

type CredentialInfo struct {
	ID              string                                       // e.g., "studentCard"
	IssuerID        string                                       // e.g., "RU"
	SchemeManagerID string                                       // e.g., "irma-demo"
	SignedOn        Timestamp                                    // Unix timestamp
	Expires         Timestamp                                    // Unix timestamp
	Attributes      map[AttributeTypeIdentifier]TranslatedString // Human-readable rendered attributes
	Hash            string                                       // SHA256 hash over the attributes
}

CredentialInfo contains all information of an IRMA credential.

func NewCredentialInfo 

func NewCredentialInfo(ints []*big.Int, conf *Configuration) *CredentialInfo

func (CredentialInfo) GetCredentialType 

func (ci CredentialInfo) GetCredentialType(conf *Configuration) *CredentialType

func (CredentialInfo) IsExpired 

func (ci CredentialInfo) IsExpired() bool

Returns true if credential is expired at moment of calling this function

type CredentialInfoList 

type CredentialInfoList []*CredentialInfo

A CredentialInfoList is a list of credentials (implements sort.Interface).

func (CredentialInfoList) Len 

func (cl CredentialInfoList) Len() int

Len implements sort.Interface.

func (CredentialInfoList) Less 

func (cl CredentialInfoList) Less(i, j int) bool

Less implements sort.Interface.

func (CredentialInfoList) Swap 

func (cl CredentialInfoList) Swap(i, j int)

Swap implements sort.Interface.

type CredentialRequest 

type CredentialRequest struct {
	Validity         *Timestamp               `json:"validity,omitempty"`
	KeyCounter       int                      `json:"keyCounter,omitempty"`
	CredentialTypeID CredentialTypeIdentifier `json:"credential"`
	Attributes       map[string]string        `json:"attributes"`
}

A CredentialRequest contains the attributes and metadata of a credential that will be issued in an IssuanceRequest.

func (*CredentialRequest) AttributeList 

func (cr *CredentialRequest) AttributeList(conf *Configuration, metadataVersion byte) (*AttributeList, error)

AttributeList returns the list of attributes from this credential request.

func (*CredentialRequest) Info 

func (cr *CredentialRequest) Info(conf *Configuration, metadataVersion byte) (*CredentialInfo, error)

func (*CredentialRequest) Validate 

func (cr *CredentialRequest) Validate(conf *Configuration) error

Validate checks that this credential request is consistent with the specified Configuration: the credential type is known, all required attributes are present and no unknown attributes are given.

type CredentialType 

type CredentialType struct {
	ID              string           `xml:"CredentialID"`
	Name            TranslatedString `xml:"Name"`
	ShortName       TranslatedString `xml:"ShortName"`
	IssuerID        string           `xml:"IssuerID"`
	SchemeManagerID string           `xml:"SchemeManager"`
	IsSingleton     bool             `xml:"ShouldBeSingleton"`
	Description     TranslatedString
	AttributeTypes  []*AttributeType `xml:"Attributes>Attribute" json:"-"`
	XMLVersion      int              `xml:"version,attr"`
	XMLName         xml.Name         `xml:"IssueSpecification"`
	IssueURL        TranslatedString `xml:"IssueURL"`

	Valid bool `xml:"-"`
}

CredentialType is a description of a credential type, specifying (a.o.) its name, issuer, and attributes.

func (CredentialType) AttributeType 

func (ct CredentialType) AttributeType(ai AttributeTypeIdentifier) *AttributeType

func (*CredentialType) ContainsAttribute 

func (ct *CredentialType) ContainsAttribute(ai AttributeTypeIdentifier) bool

ContainsAttribute tests whether the specified attribute is contained in this credentialtype.

func (*CredentialType) Identifier 

func (ct *CredentialType) Identifier() CredentialTypeIdentifier

Identifier returns the identifier of the specified credential type.

func (CredentialType) IndexOf 

func (ct CredentialType) IndexOf(ai AttributeTypeIdentifier) (int, error)

IndexOf returns the index of the specified attribute if present, or an error (and -1) if not present.

func (*CredentialType) IssuerIdentifier 

func (ct *CredentialType) IssuerIdentifier() IssuerIdentifier

IssuerIdentifier returns the issuer identifier of the specified credential type. 

func (ct *CredentialType) Logo(conf *Configuration) string

func (*CredentialType) SchemeManagerIdentifier 

func (ct *CredentialType) SchemeManagerIdentifier() SchemeManagerIdentifier

type CredentialTypeIdentifier 

type CredentialTypeIdentifier struct {
	// contains filtered or unexported fields
}

CredentialTypeIdentifier identifies a credentialtype. For example "irma-demo.RU.studentCard".

func NewCredentialTypeIdentifier 

func NewCredentialTypeIdentifier(id string) CredentialTypeIdentifier

NewCredentialTypeIdentifier converts the specified identifier to a CredentialTypeIdentifier.

func (CredentialTypeIdentifier) Empty 

func (oi CredentialTypeIdentifier) Empty() bool

func (CredentialTypeIdentifier) IssuerIdentifier 

func (id CredentialTypeIdentifier) IssuerIdentifier() IssuerIdentifier

IssuerIdentifier returns the IssuerIdentifier of the credential identifier.

func (CredentialTypeIdentifier) MarshalText 

func (id CredentialTypeIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (CredentialTypeIdentifier) Name 

func (oi CredentialTypeIdentifier) Name() string

Name returns the last part of this identifier.

func (CredentialTypeIdentifier) Parent 

func (oi CredentialTypeIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (CredentialTypeIdentifier) Root 

func (oi CredentialTypeIdentifier) Root() string

func (CredentialTypeIdentifier) String 

func (oi CredentialTypeIdentifier) String() string

String returns this identifier as a string.

func (*CredentialTypeIdentifier) UnmarshalText 

func (id *CredentialTypeIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

type DisclosedAttribute 

type DisclosedAttribute struct {
	RawValue     *string                 `json:"rawvalue"`
	Value        TranslatedString        `json:"value"` // Value of the disclosed attribute
	Identifier   AttributeTypeIdentifier `json:"id"`
	Status       AttributeProofStatus    `json:"status"`
	IssuanceTime Timestamp               `json:"issuancetime"`
}

DisclosedAttribute represents a disclosed attribute.

type DisclosedAttributeIndex 

type DisclosedAttributeIndex struct {
	CredentialIndex int                  `json:"cred"`
	AttributeIndex  int                  `json:"attr"`
	Identifier      CredentialIdentifier `json:"-"` // credential from which this attribute was disclosed
}

DisclosedAttributeIndex points to a specific attribute in a gabi.ProofList.

type DisclosedAttributeIndices 

type DisclosedAttributeIndices [][]*DisclosedAttributeIndex

DisclosedAttributeIndices contains, for each conjunction of an attribute disclosure request, a list of attribute indices, pointing to where the disclosed attributes for that conjunction can be found within a gabi.ProofList.

type Disclosure 

type Disclosure struct {
	Proofs  gabi.ProofList            `json:"proofs"`
	Indices DisclosedAttributeIndices `json:"indices"`
}

func (*Disclosure) DisclosedAttributes 

func (d *Disclosure) DisclosedAttributes(configuration *Configuration, condiscon AttributeConDisCon) (bool, [][]*DisclosedAttribute, error)

DisclosedAttributes returns a slice containing for each item in the conjunction the disclosed attributes that are present in the proof list. If a non-empty and non-nil AttributeDisjunctionList is included, then the first attributes in the returned slice match with the disjunction list in the disjunction list. The first return parameter of this function indicates whether or not all disjunctions (if present) are satisfied.

func (*Disclosure) Verify 

func (d *Disclosure) Verify(configuration *Configuration, request *DisclosureRequest) ([][]*DisclosedAttribute, ProofStatus, error)

func (*Disclosure) VerifyAgainstDisjunctions 

func (d *Disclosure) VerifyAgainstDisjunctions(
	configuration *Configuration,
	required AttributeConDisCon,
	context, nonce *big.Int,
	publickeys []*gabi.PublicKey,
	issig bool,
) ([][]*DisclosedAttribute, ProofStatus, error)

type DisclosureChoice 

type DisclosureChoice struct {
	Attributes [][]*AttributeIdentifier
}

A DisclosureChoice contains the attributes chosen to be disclosed.

type DisclosureRequest 

type DisclosureRequest struct {
	BaseRequest

	Disclose AttributeConDisCon       `json:"disclose,omitempty"`
	Labels   map[int]TranslatedString `json:"labels,omitempty"`
}

A DisclosureRequest is a request to disclose certain attributes. Construct new instances using NewDisclosureRequest().

func NewDisclosureRequest added in v0.3.0 

func NewDisclosureRequest(attrs ...AttributeTypeIdentifier) *DisclosureRequest

func (*DisclosureRequest) Action 

func (dr *DisclosureRequest) Action() Action

func (*DisclosureRequest) AddSingle added in v0.3.0 

func (dr *DisclosureRequest) AddSingle(attr AttributeTypeIdentifier, value *string, label TranslatedString)

func (*DisclosureRequest) Base added in v0.3.0 

func (dr *DisclosureRequest) Base() *BaseRequest

func (*DisclosureRequest) Disclosure added in v0.3.0 

func (dr *DisclosureRequest) Disclosure() *DisclosureRequest

func (*DisclosureRequest) Identifiers 

func (dr *DisclosureRequest) Identifiers() *IrmaIdentifierSet

func (*DisclosureRequest) Legacy added in v0.3.0 

func (dr *DisclosureRequest) Legacy() (SessionRequest, error)

func (*DisclosureRequest) UnmarshalJSON added in v0.3.0 

func (dr *DisclosureRequest) UnmarshalJSON(bts []byte) (err error)

func (*DisclosureRequest) Validate 

func (dr *DisclosureRequest) Validate() error

type ErrorType 

type ErrorType string

ErrorType are session errors.

func (ErrorType) Error added in v0.3.0 

func (err ErrorType) Error() string

type ExpiredError 

type ExpiredError struct {
	Err error // underlying error
}

ExpiredError indicates that something (e.g. a JWT) has expired.

func (ExpiredError) Error 

func (e ExpiredError) Error() string

type HTTPTransport 

type HTTPTransport struct {
	Server string
	// contains filtered or unexported fields
}

HTTPTransport sends and receives JSON messages to a HTTP server.

func NewHTTPTransport 

func NewHTTPTransport(serverURL string) *HTTPTransport

NewHTTPTransport returns a new HTTPTransport.

func (*HTTPTransport) Delete 

func (transport *HTTPTransport) Delete()

Delete performs a DELETE.

func (*HTTPTransport) Get 

func (transport *HTTPTransport) Get(url string, result interface{}) error

Get performs a GET request and parses the server's response into result.

func (*HTTPTransport) GetBytes 

func (transport *HTTPTransport) GetBytes(url string) ([]byte, error)

func (*HTTPTransport) GetFile 

func (transport *HTTPTransport) GetFile(url string, dest string) error

func (*HTTPTransport) GetSignedFile 

func (transport *HTTPTransport) GetSignedFile(url string, dest string, hash ConfigurationFileHash) error

func (*HTTPTransport) Post 

func (transport *HTTPTransport) Post(url string, result interface{}, object interface{}) error

Post sends the object to the server and parses its response into result.

func (*HTTPTransport) SetHeader 

func (transport *HTTPTransport) SetHeader(name, val string)

SetHeader sets a header to be sent in requests.

type IdentityProviderJwt 

type IdentityProviderJwt struct {
	ServerJwt
	Request *IdentityProviderRequest `json:"iprequest"`
}

IdentityProviderJwt is a requestor JWT for issuance session.

func NewIdentityProviderJwt 

func NewIdentityProviderJwt(servername string, ir *IssuanceRequest) *IdentityProviderJwt

NewIdentityProviderJwt returns a new IdentityProviderJwt.

func (*IdentityProviderJwt) Action 

func (claims *IdentityProviderJwt) Action() Action

func (*IdentityProviderJwt) RequestorRequest 

func (claims *IdentityProviderJwt) RequestorRequest() RequestorRequest

func (*IdentityProviderJwt) SessionRequest 

func (claims *IdentityProviderJwt) SessionRequest() SessionRequest

SessionRequest returns an IRMA session object.

func (*IdentityProviderJwt) Sign 

func (claims *IdentityProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*IdentityProviderJwt) Valid 

func (claims *IdentityProviderJwt) Valid() error

type IdentityProviderRequest 

type IdentityProviderRequest struct {
	RequestorBaseRequest
	Request *IssuanceRequest `json:"request"`
}

An IdentityProviderRequest contains an issuance request.

func (*IdentityProviderRequest) Base 

func (r *IdentityProviderRequest) Base() RequestorBaseRequest

func (*IdentityProviderRequest) SessionRequest 

func (r *IdentityProviderRequest) SessionRequest() SessionRequest

func (*IdentityProviderRequest) Validate 

func (r *IdentityProviderRequest) Validate() error

type IrmaIdentifierSet 

type IrmaIdentifierSet struct {
	SchemeManagers  map[SchemeManagerIdentifier]struct{}
	Issuers         map[IssuerIdentifier]struct{}
	CredentialTypes map[CredentialTypeIdentifier]struct{}
	PublicKeys      map[IssuerIdentifier][]int
}

IrmaIdentifierSet contains a set (ensured by using map[...]struct{}) of all scheme managers, all issuers, all credential types and all public keys that are involved in an IRMA session.

func (*IrmaIdentifierSet) Distributed 

func (set *IrmaIdentifierSet) Distributed(conf *Configuration) bool

func (*IrmaIdentifierSet) Empty 

func (set *IrmaIdentifierSet) Empty() bool

func (*IrmaIdentifierSet) String added in v0.3.0 

func (set *IrmaIdentifierSet) String() string

type IssuanceRequest 

type IssuanceRequest struct {
	DisclosureRequest
	Credentials []*CredentialRequest `json:"credentials"`

	// Derived data
	CredentialInfoList        CredentialInfoList `json:",omitempty"`
	RemovalCredentialInfoList CredentialInfoList `json:",omitempty"`
}

An IssuanceRequest is a request to issue certain credentials, optionally also asking for certain attributes to be simultaneously disclosed. Construct new instances using NewIssuanceRequest().

func NewIssuanceRequest added in v0.3.0 

func NewIssuanceRequest(creds []*CredentialRequest, attrs ...AttributeTypeIdentifier) *IssuanceRequest

func (*IssuanceRequest) Action 

func (ir *IssuanceRequest) Action() Action

func (*IssuanceRequest) GetCredentialInfoList 

func (ir *IssuanceRequest) GetCredentialInfoList(conf *Configuration, version *ProtocolVersion) (CredentialInfoList, error)

func (*IssuanceRequest) Identifiers 

func (ir *IssuanceRequest) Identifiers() *IrmaIdentifierSet

func (*IssuanceRequest) Legacy added in v0.3.0 

func (ir *IssuanceRequest) Legacy() (SessionRequest, error)

func (*IssuanceRequest) UnmarshalJSON added in v0.3.0 

func (ir *IssuanceRequest) UnmarshalJSON(bts []byte) (err error)

func (*IssuanceRequest) Validate 

func (ir *IssuanceRequest) Validate() error

type IssueCommitmentMessage 

type IssueCommitmentMessage struct {
	*gabi.IssueCommitmentMessage
	Indices DisclosedAttributeIndices `json:"indices"`
}

func (*IssueCommitmentMessage) Disclosure 

func (i *IssueCommitmentMessage) Disclosure() *Disclosure

type Issuer 

type Issuer struct {
	ID              string           `xml:"ID"`
	Name            TranslatedString `xml:"Name"`
	ShortName       TranslatedString `xml:"ShortName"`
	SchemeManagerID string           `xml:"SchemeManager"`
	ContactAddress  string
	ContactEMail    string
	XMLVersion      int `xml:"version,attr"`

	Valid bool `xml:"-"`
}

Issuer describes an issuer.

func (*Issuer) Identifier 

func (id *Issuer) Identifier() IssuerIdentifier

Identifier returns the identifier of the specified issuer description.

func (*Issuer) SchemeManagerIdentifier 

func (id *Issuer) SchemeManagerIdentifier() SchemeManagerIdentifier

type IssuerIdentifier 

type IssuerIdentifier struct {
	// contains filtered or unexported fields
}

IssuerIdentifier identifies an issuer. For example "irma-demo.RU".

func NewIssuerIdentifier 

func NewIssuerIdentifier(id string) IssuerIdentifier

NewIssuerIdentifier converts the specified identifier to a IssuerIdentifier.

func (IssuerIdentifier) Empty 

func (oi IssuerIdentifier) Empty() bool

func (IssuerIdentifier) MarshalText 

func (id IssuerIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (IssuerIdentifier) Name 

func (oi IssuerIdentifier) Name() string

Name returns the last part of this identifier.

func (IssuerIdentifier) Parent 

func (oi IssuerIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (IssuerIdentifier) Root 

func (oi IssuerIdentifier) Root() string

func (IssuerIdentifier) SchemeManagerIdentifier 

func (id IssuerIdentifier) SchemeManagerIdentifier() SchemeManagerIdentifier

SchemeManagerIdentifier returns the scheme manager identifer of the issuer.

func (IssuerIdentifier) String 

func (oi IssuerIdentifier) String() string

String returns this identifier as a string.

func (*IssuerIdentifier) UnmarshalText 

func (id *IssuerIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

type LegacyDisclosureRequest added in v0.3.0 

type LegacyDisclosureRequest struct {
	BaseRequest
	Content []LegacyLabeledDisjunction `json:"content"`
}

func (*LegacyDisclosureRequest) Action added in v0.3.0 

func (dr *LegacyDisclosureRequest) Action() Action

func (*LegacyDisclosureRequest) Base added in v0.3.0 

func (dr *LegacyDisclosureRequest) Base() *BaseRequest

func (*LegacyDisclosureRequest) Disclosure added in v0.3.0 

func (dr *LegacyDisclosureRequest) Disclosure() *DisclosureRequest

func (*LegacyDisclosureRequest) Identifiers added in v0.3.0 

func (dr *LegacyDisclosureRequest) Identifiers() *IrmaIdentifierSet

func (*LegacyDisclosureRequest) Legacy added in v0.3.0 

func (dr *LegacyDisclosureRequest) Legacy() (SessionRequest, error)

func (*LegacyDisclosureRequest) Validate added in v0.3.0 

func (dr *LegacyDisclosureRequest) Validate() error

type LegacyDisjunction added in v0.3.0 

type LegacyDisjunction []AttributeRequest

LegacyDisjunction is a disjunction of attributes from before the condiscon feature, representing a list of attribute types one of which must be given by the user, possibly requiring specific values. (C.f. AttributeCon, also defined as []AttributeRequest, which is only satisfied if all listed attributes are given by the user.)

func (*LegacyDisjunction) MarshalJSON added in v0.3.0 

func (l *LegacyDisjunction) MarshalJSON() ([]byte, error)

func (*LegacyDisjunction) UnmarshalJSON added in v0.3.0 

func (l *LegacyDisjunction) UnmarshalJSON(bts []byte) error

type LegacyIssuanceRequest added in v0.3.0 

type LegacyIssuanceRequest struct {
	BaseRequest
	Credentials []*CredentialRequest       `json:"credentials"`
	Disclose    []LegacyLabeledDisjunction `json:"disclose"`
}

func (*LegacyIssuanceRequest) Action added in v0.3.0 

func (ir *LegacyIssuanceRequest) Action() Action

func (*LegacyIssuanceRequest) Base added in v0.3.0 

func (ir *LegacyIssuanceRequest) Base() *BaseRequest

func (*LegacyIssuanceRequest) Disclosure added in v0.3.0 

func (ir *LegacyIssuanceRequest) Disclosure() *DisclosureRequest

func (*LegacyIssuanceRequest) Identifiers added in v0.3.0 

func (ir *LegacyIssuanceRequest) Identifiers() *IrmaIdentifierSet

func (*LegacyIssuanceRequest) Legacy added in v0.3.0 

func (ir *LegacyIssuanceRequest) Legacy() (SessionRequest, error)

func (*LegacyIssuanceRequest) Validate added in v0.3.0 

func (ir *LegacyIssuanceRequest) Validate() error

type LegacyLabeledDisjunction added in v0.3.0 

type LegacyLabeledDisjunction struct {
	Label      string            `json:"label"`
	Attributes LegacyDisjunction `json:"attributes"`
}

type LegacySignatureRequest added in v0.3.0 

type LegacySignatureRequest struct {
	LegacyDisclosureRequest
	Message string `json:"message"`
}

func (*LegacySignatureRequest) Action added in v0.3.0 

func (ir *LegacySignatureRequest) Action() Action

type MetadataAttribute 

type MetadataAttribute struct {
	Int *big.Int

	Conf *Configuration
	// contains filtered or unexported fields
}

metadataAttribute represents a metadata attribute. Contains the credential type, signing date, validity, and the public key counter.

func MetadataFromInt 

func MetadataFromInt(i *big.Int, conf *Configuration) *MetadataAttribute

MetadataFromInt wraps the given Int

func NewMetadataAttribute 

func NewMetadataAttribute(version byte) *MetadataAttribute

NewMetadataAttribute constructs a new instance containing the default values: provided version as versionField now as signing date 0 as keycounter ValidityDefault (half a year) as default validity.

func (*MetadataAttribute) Bytes 

func (attr *MetadataAttribute) Bytes() []byte

Bytes returns this metadata attribute as a byte slice.

func (*MetadataAttribute) CredentialType 

func (attr *MetadataAttribute) CredentialType() *CredentialType

CredentialType returns the credential type of the current instance using the Configuration.

func (*MetadataAttribute) CredentialTypeHash 

func (attr *MetadataAttribute) CredentialTypeHash() []byte

func (*MetadataAttribute) Expiry 

func (attr *MetadataAttribute) Expiry() time.Time

Expiry returns the expiry date of this instance

func (*MetadataAttribute) IsValid 

func (attr *MetadataAttribute) IsValid() bool

IsValid returns whether this instance is valid.

func (*MetadataAttribute) IsValidOn 

func (attr *MetadataAttribute) IsValidOn(t time.Time) bool

IsValidOn returns whether this instance is still valid at the given time

func (*MetadataAttribute) KeyCounter 

func (attr *MetadataAttribute) KeyCounter() int

KeyCounter return the public key counter of the metadata attribute

func (*MetadataAttribute) PublicKey 

func (attr *MetadataAttribute) PublicKey() (*gabi.PublicKey, error)

PublicKey extracts identifier of the Idemix public key with which this instance was signed, and returns this public key.

func (*MetadataAttribute) SigningDate 

func (attr *MetadataAttribute) SigningDate() time.Time

SigningDate returns the time at which this instance was signed

func (*MetadataAttribute) ValidityDuration 

func (attr *MetadataAttribute) ValidityDuration() int

ValidityDuration returns the amount of epochs during which this instance is valid

func (*MetadataAttribute) Version 

func (attr *MetadataAttribute) Version() byte

Version returns the metadata version of this instance

type ProofList 

type ProofList gabi.ProofList

ProofList is a gabi.ProofList with some extra methods.

func (ProofList) Expired 

func (pl ProofList) Expired(configuration *Configuration, t *time.Time) bool

Expired returns true if any of the contained disclosure proofs is specified at the specified time, or now, when the specified time is nil.

func (ProofList) ExtractPublicKeys 

func (pl ProofList) ExtractPublicKeys(configuration *Configuration) ([]*gabi.PublicKey, error)

ExtractPublicKeys returns the public keys of each proof in the proofList, in the same order, for later use in verification of the proofList. If one of the proofs is not a ProofD an error is returned.

func (ProofList) VerifyProofs 

func (pl ProofList) VerifyProofs(configuration *Configuration, context *big.Int, nonce *big.Int, publickeys []*gabi.PublicKey, isSig bool) (bool, error)

VerifyProofs verifies the proofs cryptographically.

type ProofStatus 

type ProofStatus string

ProofStatus is the status of the complete proof

type ProtocolVersion 

type ProtocolVersion struct {
	Major int
	Minor int
}

ProtocolVersion encodes the IRMA protocol version of an IRMA session.

func NewVersion 

func NewVersion(major, minor int) *ProtocolVersion

func (*ProtocolVersion) Above 

func (v *ProtocolVersion) Above(major, minor int) bool

func (*ProtocolVersion) AboveVersion 

func (v *ProtocolVersion) AboveVersion(other *ProtocolVersion) bool

func (*ProtocolVersion) Below 

func (v *ProtocolVersion) Below(major, minor int) bool

Returns true if v is below the given version.

func (*ProtocolVersion) BelowVersion 

func (v *ProtocolVersion) BelowVersion(other *ProtocolVersion) bool

func (*ProtocolVersion) MarshalJSON 

func (v *ProtocolVersion) MarshalJSON() ([]byte, error)

func (*ProtocolVersion) String 

func (v *ProtocolVersion) String() string

func (*ProtocolVersion) UnmarshalJSON 

func (v *ProtocolVersion) UnmarshalJSON(b []byte) (err error)

type Qr 

type Qr struct {
	// Server with which to perform the session
	URL string `json:"u"`
	// Session type (disclosing, signing, issuing)
	Type Action `json:"irmaqr"`
}

Qr contains the data of an IRMA session QR (as generated by irma_js), suitable for NewSession().

func (*Qr) Validate 

func (qr *Qr) Validate() (err error)

type RemoteError 

type RemoteError struct {
	Status      int    `json:"status,omitempty"`
	ErrorName   string `json:"error,omitempty"`
	Description string `json:"description,omitempty"`
	Message     string `json:"message,omitempty"`
	Stacktrace  string `json:"stacktrace,omitempty"`
}

RemoteError is an error message returned by the API server on errors.

func (*RemoteError) Error 

func (err *RemoteError) Error() string

type RequestorBaseRequest 

type RequestorBaseRequest struct {
	ResultJwtValidity int    `json:"validity,omitempty"`    // Validity of session result JWT in seconds
	ClientTimeout     int    `json:"timeout,omitempty"`     // Wait this many seconds for the IRMA app to connect before the session times out
	CallbackUrl       string `json:"callbackUrl,omitempty"` // URL to post session result to
}

RequestorBaseRequest contains fields present in all RequestorRequest types with which the requestor configures an IRMA session.

type RequestorJwt 

type RequestorJwt interface {
	Action() Action
	RequestorRequest() RequestorRequest
	SessionRequest() SessionRequest
	Requestor() string
	Valid() error
	Sign(jwt.SigningMethod, interface{}) (string, error)
}

A RequestorJwt contains an IRMA session object.

func ParseRequestorJwt 

func ParseRequestorJwt(action string, requestorJwt string) (RequestorJwt, error)

ParseRequestorJwt parses the specified JWT and returns the contents. Note: this function does not verify the signature! Do that elsewhere.

type RequestorRequest 

type RequestorRequest interface {
	Validator
	SessionRequest() SessionRequest
	Base() RequestorBaseRequest
}

RequestorRequest is the message with which requestors start an IRMA session. It contains a SessionRequest instance for the irmaclient along with extra fields in a RequestorBaseRequest.

type SchemeAppVersion added in v0.3.0 

type SchemeAppVersion struct {
	Android int `xml:"Android"`
	IOS     int `xml:"iOS"`
}

type SchemeManager 

type SchemeManager struct {
	ID                string           `xml:"Id"`
	Name              TranslatedString `xml:"Name"`
	URL               string           `xml:"Url"`
	Contact           string           `xml:"contact"`
	Demo              bool             `xml:"Demo"` // Decides whether to download private keys
	Description       TranslatedString
	MinimumAppVersion SchemeAppVersion
	KeyshareServer    string
	KeyshareWebsite   string
	KeyshareAttribute string
	TimestampServer   string
	XMLVersion        int      `xml:"version,attr"`
	XMLName           xml.Name `xml:"SchemeManager"`

	Status SchemeManagerStatus `xml:"-"`
	Valid  bool                `xml:"-"` // true iff Status == SchemeManagerStatusValid

	Timestamp Timestamp
	// contains filtered or unexported fields
}

SchemeManager describes a scheme manager.

func DownloadSchemeManager 

func DownloadSchemeManager(url string) (*SchemeManager, error)

DownloadSchemeManager downloads and returns a scheme manager description.xml file from the specified URL.

func NewSchemeManager 

func NewSchemeManager(name string) *SchemeManager

func (*SchemeManager) Distributed 

func (sm *SchemeManager) Distributed() bool

Distributed indicates if this scheme manager uses a keyshare server.

func (*SchemeManager) Identifier 

func (sm *SchemeManager) Identifier() SchemeManagerIdentifier

Identifier returns the identifier of the specified scheme manager.

type SchemeManagerError 

type SchemeManagerError struct {
	Manager SchemeManagerIdentifier
	Status  SchemeManagerStatus
	Err     error
}

func (SchemeManagerError) Error 

func (sme SchemeManagerError) Error() string

type SchemeManagerIdentifier 

type SchemeManagerIdentifier struct {
	// contains filtered or unexported fields
}

SchemeManagerIdentifier identifies a scheme manager. Equal to its ID. For example "irma-demo".

func NewSchemeManagerIdentifier 

func NewSchemeManagerIdentifier(id string) SchemeManagerIdentifier

NewSchemeManagerIdentifier converts the specified identifier to a SchemeManagerIdentifier.

func (SchemeManagerIdentifier) Empty 

func (oi SchemeManagerIdentifier) Empty() bool

func (SchemeManagerIdentifier) MarshalText 

func (id SchemeManagerIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (SchemeManagerIdentifier) Name 

func (oi SchemeManagerIdentifier) Name() string

Name returns the last part of this identifier.

func (SchemeManagerIdentifier) Parent 

func (oi SchemeManagerIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (SchemeManagerIdentifier) Root 

func (oi SchemeManagerIdentifier) Root() string

func (SchemeManagerIdentifier) String 

func (oi SchemeManagerIdentifier) String() string

String returns this identifier as a string.

func (*SchemeManagerIdentifier) UnmarshalText 

func (id *SchemeManagerIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

type SchemeManagerIndex 

type SchemeManagerIndex map[string]ConfigurationFileHash

SchemeManagerIndex is a (signed) list of files under a scheme manager along with their SHA266 hash

func (SchemeManagerIndex) FromString 

func (i SchemeManagerIndex) FromString(s string) error

FromString populates this index by parsing the specified string.

func (SchemeManagerIndex) Scheme added in v0.3.0 

func (i SchemeManagerIndex) Scheme() SchemeManagerIdentifier

func (SchemeManagerIndex) String 

func (i SchemeManagerIndex) String() string

type SchemeManagerPointer 

type SchemeManagerPointer struct {
	Url       string // URL to download scheme from
	Publickey []byte // Public key of scheme against which to verify files after they have been downloaded
}

SchemeManagerPointer points to a remote IRMA scheme, containing information to download the scheme, including its (pinned) public key.

type SchemeManagerRequest 

type SchemeManagerRequest Qr

func (*SchemeManagerRequest) Validate 

func (smr *SchemeManagerRequest) Validate() error

type SchemeManagerStatus 

type SchemeManagerStatus string

type ServerJwt 

type ServerJwt struct {
	Type       string    `json:"sub"`
	ServerName string    `json:"iss"`
	IssuedAt   Timestamp `json:"iat"`
}

ServerJwt contains standard JWT fields.

func (*ServerJwt) Requestor 

func (jwt *ServerJwt) Requestor() string

type ServiceProviderJwt 

type ServiceProviderJwt struct {
	ServerJwt
	Request *ServiceProviderRequest `json:"sprequest"`
}

ServiceProviderJwt is a requestor JWT for a disclosure session.

func NewServiceProviderJwt 

func NewServiceProviderJwt(servername string, dr *DisclosureRequest) *ServiceProviderJwt

NewServiceProviderJwt returns a new ServiceProviderJwt.

func (*ServiceProviderJwt) Action 

func (claims *ServiceProviderJwt) Action() Action

func (*ServiceProviderJwt) RequestorRequest 

func (claims *ServiceProviderJwt) RequestorRequest() RequestorRequest

func (*ServiceProviderJwt) SessionRequest 

func (claims *ServiceProviderJwt) SessionRequest() SessionRequest

SessionRequest returns an IRMA session object.

func (*ServiceProviderJwt) Sign 

func (claims *ServiceProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*ServiceProviderJwt) Valid 

func (claims *ServiceProviderJwt) Valid() error

type ServiceProviderRequest 

type ServiceProviderRequest struct {
	RequestorBaseRequest
	Request *DisclosureRequest `json:"request"`
}

A ServiceProviderRequest contains a disclosure request.

func (*ServiceProviderRequest) Base 

func (r *ServiceProviderRequest) Base() RequestorBaseRequest

func (*ServiceProviderRequest) SessionRequest 

func (r *ServiceProviderRequest) SessionRequest() SessionRequest

func (*ServiceProviderRequest) Validate 

func (r *ServiceProviderRequest) Validate() error

type SessionError 

type SessionError struct {
	Err error
	ErrorType
	Info         string
	RemoteError  *RemoteError
	RemoteStatus int
}

SessionError is a protocol error.

func (*SessionError) Error 

func (e *SessionError) Error() string

func (*SessionError) Stack 

func (e *SessionError) Stack() string

func (*SessionError) WrappedError 

func (e *SessionError) WrappedError() string

type SessionRequest 

type SessionRequest interface {
	Validator
	Base() *BaseRequest
	GetNonce(timestamp *atum.Timestamp) *big.Int
	Disclosure() *DisclosureRequest
	Identifiers() *IrmaIdentifierSet
	Action() Action
	Legacy() (SessionRequest, error)
}

SessionRequest instances contain all information the irmaclient needs to perform an IRMA session.

type SignatureRequest 

type SignatureRequest struct {
	DisclosureRequest
	Message string `json:"message"`
}

A SignatureRequest is a a request to sign a message with certain attributes. Construct new instances using NewSignatureRequest().

func NewSignatureRequest added in v0.3.0 

func NewSignatureRequest(message string, attrs ...AttributeTypeIdentifier) *SignatureRequest

func (*SignatureRequest) Action 

func (sr *SignatureRequest) Action() Action

func (*SignatureRequest) GetNonce 

func (sr *SignatureRequest) GetNonce(timestamp *atum.Timestamp) *big.Int

GetNonce returns the nonce of this signature session (with the message already hashed into it).

func (*SignatureRequest) Legacy added in v0.3.0 

func (sr *SignatureRequest) Legacy() (SessionRequest, error)

func (*SignatureRequest) SignatureFromMessage 

func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp *atum.Timestamp) (*SignedMessage, error)

func (*SignatureRequest) UnmarshalJSON added in v0.3.0 

func (sr *SignatureRequest) UnmarshalJSON(bts []byte) (err error)

func (*SignatureRequest) Validate 

func (sr *SignatureRequest) Validate() error

type SignatureRequestorJwt 

type SignatureRequestorJwt struct {
	ServerJwt
	Request *SignatureRequestorRequest `json:"absrequest"`
}

SignatureRequestorJwt is a requestor JWT for a signing session.

func NewSignatureRequestorJwt 

func NewSignatureRequestorJwt(servername string, sr *SignatureRequest) *SignatureRequestorJwt

NewSignatureRequestorJwt returns a new SignatureRequestorJwt.

func (*SignatureRequestorJwt) Action 

func (claims *SignatureRequestorJwt) Action() Action

func (*SignatureRequestorJwt) RequestorRequest 

func (claims *SignatureRequestorJwt) RequestorRequest() RequestorRequest

func (*SignatureRequestorJwt) SessionRequest 

func (claims *SignatureRequestorJwt) SessionRequest() SessionRequest

SessionRequest returns an IRMA session object.

func (*SignatureRequestorJwt) Sign 

func (claims *SignatureRequestorJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*SignatureRequestorJwt) Valid 

func (claims *SignatureRequestorJwt) Valid() error

type SignatureRequestorRequest 

type SignatureRequestorRequest struct {
	RequestorBaseRequest
	Request *SignatureRequest `json:"request"`
}

A SignatureRequestorRequest contains a signing request.

func (*SignatureRequestorRequest) Base 

func (r *SignatureRequestorRequest) Base() RequestorBaseRequest

func (*SignatureRequestorRequest) SessionRequest 

func (r *SignatureRequestorRequest) SessionRequest() SessionRequest

func (*SignatureRequestorRequest) Validate 

func (r *SignatureRequestorRequest) Validate() error

type SignedMessage 

type SignedMessage struct {
	LDContext string                    `json:"@context"`
	Signature gabi.ProofList            `json:"signature"`
	Indices   DisclosedAttributeIndices `json:"indices"`
	Nonce     *big.Int                  `json:"nonce"`
	Context   *big.Int                  `json:"context"`
	Message   string                    `json:"message"`
	Timestamp *atum.Timestamp           `json:"timestamp"`
}

SignedMessage is a message signed with an attribute-based signature The 'realnonce' will be calculated as: SigRequest.GetNonce() = ASN1(nonce, SHA256(message), timestampSignature)

func (*SignedMessage) Disclosure 

func (sm *SignedMessage) Disclosure() *Disclosure

func (*SignedMessage) GetNonce 

func (sm *SignedMessage) GetNonce() *big.Int

func (*SignedMessage) MatchesNonceAndContext 

func (sm *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool

func (*SignedMessage) Verify 

func (sm *SignedMessage) Verify(configuration *Configuration, request *SignatureRequest) ([][]*DisclosedAttribute, ProofStatus, error)

Verify the attribute-based signature, optionally against a corresponding signature request. If the request is present (i.e. not nil), then the first attributes in the returned result match with the disjunction list in the request (that is, the i'th attribute in the result should satisfy the i'th disjunction in the request). If the request is not fully satisfied in this fasion, the Status of the result is ProofStatusMissingAttributes. Any remaining attributes (i.e. not asked for by the request) are also included in the result, after the attributes that match disjunctions in the request.

The signature request is optional; if it is nil then the attribute-based signature is still verified, and all containing attributes returned in the result.

func (*SignedMessage) VerifyTimestamp 

func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) error

Given an SignedMessage, verify the timestamp over the signed message, disclosed attributes, and rerandomized CL-signatures.

func (*SignedMessage) Version added in v0.3.0 

func (sm *SignedMessage) Version() int

type Status 

type Status string

Status encodes the status of an IRMA session (e.g., connected).

type Timestamp 

type Timestamp time.Time

Timestamp is a time.Time that marshals to Unix timestamps.

func (Timestamp) After 

func (t Timestamp) After(u Timestamp) bool

func (Timestamp) Before 

func (t Timestamp) Before(u Timestamp) bool

Check if Timestamp is before other Timestamp. Used for checking expiry of attributes

func (*Timestamp) Floor added in v0.3.0 

func (t *Timestamp) Floor() Timestamp

func (*Timestamp) MarshalJSON 

func (t *Timestamp) MarshalJSON() ([]byte, error)

MarshalJSON marshals a timestamp.

func (*Timestamp) String 

func (t *Timestamp) String() string

Timestamp implements Stringer.

func (*Timestamp) UnmarshalJSON 

func (t *Timestamp) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals a timestamp.

type TranslatedString 

type TranslatedString map[string]string

TranslatedString is a map of translated strings.

func NewTranslatedString 

func NewTranslatedString(attr *string) TranslatedString

NewTranslatedString returns a TranslatedString containing the specified string for each supported language, or nil when attr is nil.

func (*TranslatedString) MarshalXML 

func (ts *TranslatedString) MarshalXML(e *xml.Encoder, start xml.StartElement) error

MarshalXML implements xml.Marshaler.

func (*TranslatedString) UnmarshalXML 

func (ts *TranslatedString) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML unmarshals an XML tag containing a string translated to multiple languages, for example: <Foo><en>Hello world</en><nl>Hallo wereld</nl></Foo> into a TranslatedString: { "en": "Hello world" , "nl": "Hallo wereld" }

type UnknownIdentifierError added in v0.3.0 

type UnknownIdentifierError struct {
	ErrorType
	Missing *IrmaIdentifierSet
}

func (*UnknownIdentifierError) Error added in v0.3.0 

func (e *UnknownIdentifierError) Error() string

type Validator 

type Validator interface {
	Validate() error
}

Source Files

View all Source files

Directories

Path Synopsis
internal
disable_sigpipe
fs
servercore
Package servercore is the core of the IRMA server library, allowing IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
 Package servercore is the core of the IRMA server library, allowing IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
sessiontest
This package just contains tests.
 This package just contains tests.
test
Package test contains functionality that should be available to all unit tests (which live in separate packages).
 Package test contains functionality that should be available to all unit tests (which live in separate packages).
cmd
Package irmaclient implements an IRMA client, that can manage and use IRMA attributes.
 Package irmaclient implements an IRMA client, that can manage and use IRMA attributes.
irmac
Required to be main when building a shared library
 Required to be main when building a shared library
irmad/cmd
irmaserver
Package irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
 Package irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
requestorserver
Package requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e.
 Package requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.