github.com/yimialmonte/fabric@v2.1.1+incompatible/bccsp/idemix/bridge/bridge_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 package bridge_test 7 8 import ( 9 "crypto/rand" 10 "fmt" 11 12 "github.com/golang/protobuf/proto" 13 "github.com/hyperledger/fabric-amcl/amcl/FP256BN" 14 "github.com/hyperledger/fabric/bccsp" 15 "github.com/hyperledger/fabric/bccsp/idemix/bridge" 16 "github.com/hyperledger/fabric/bccsp/idemix/handlers" 17 "github.com/hyperledger/fabric/bccsp/idemix/handlers/mock" 18 cryptolib "github.com/hyperledger/fabric/idemix" 19 . "github.com/onsi/ginkgo" 20 . "github.com/onsi/gomega" 21 ) 22 23 var _ = Describe("Idemix Bridge", func() { 24 var ( 25 userSecretKey handlers.Big 26 issuerPublicKey handlers.IssuerPublicKey 27 issuerSecretKey handlers.IssuerSecretKey 28 nymPublicKey handlers.Ecp 29 nymSecretKey handlers.Big 30 ) 31 32 BeforeEach(func() { 33 userSecretKey = &bridge.Big{} 34 issuerPublicKey = &bridge.IssuerPublicKey{} 35 issuerSecretKey = &bridge.IssuerSecretKey{} 36 nymPublicKey = &bridge.Ecp{} 37 nymSecretKey = &bridge.Big{} 38 }) 39 40 Describe("issuer", func() { 41 var ( 42 Issuer *bridge.Issuer 43 ) 44 45 BeforeEach(func() { 46 Issuer = &bridge.Issuer{NewRand: bridge.NewRandOrPanic} 47 }) 48 49 Context("key generation", func() { 50 51 Context("successful generation", func() { 52 var ( 53 key handlers.IssuerSecretKey 54 err error 55 attributes []string 56 ) 57 58 It("with valid attributes", func() { 59 attributes = []string{"A", "B"} 60 key, err = Issuer.NewKey(attributes) 61 Expect(err).NotTo(HaveOccurred()) 62 Expect(key).NotTo(BeNil()) 63 }) 64 65 It("with empty attributes", func() { 66 attributes = nil 67 key, err = Issuer.NewKey(attributes) 68 Expect(err).NotTo(HaveOccurred()) 69 Expect(key).NotTo(BeNil()) 70 }) 71 72 AfterEach(func() { 73 raw, err := key.Bytes() 74 Expect(err).NotTo(HaveOccurred()) 75 Expect(raw).NotTo(BeEmpty()) 76 77 pk := key.Public() 78 Expect(pk).NotTo(BeNil()) 79 80 h := pk.Hash() 81 Expect(h).NotTo(BeEmpty()) 82 83 raw, err = pk.Bytes() 84 Expect(err).NotTo(HaveOccurred()) 85 Expect(raw).NotTo(BeEmpty()) 86 87 pk2, err := Issuer.NewPublicKeyFromBytes(raw, attributes) 88 Expect(err).NotTo(HaveOccurred()) 89 90 raw2, err := pk2.Bytes() 91 Expect(err).NotTo(HaveOccurred()) 92 Expect(raw2).NotTo(BeEmpty()) 93 Expect(pk2.Hash()).To(BeEquivalentTo(pk.Hash())) 94 Expect(raw2).To(BeEquivalentTo(raw)) 95 }) 96 }) 97 98 It("panic on rand failure", func() { 99 Issuer.NewRand = NewRandPanic 100 key, err := Issuer.NewKey(nil) 101 Expect(err).To(MatchError("failure [new rand panic]")) 102 Expect(key).To(BeNil()) 103 }) 104 }) 105 106 Context("public key import", func() { 107 108 It("fails to unmarshal issuer public key", func() { 109 pk, err := Issuer.NewPublicKeyFromBytes([]byte{0, 1, 2, 3, 4}, nil) 110 Expect(err).To(MatchError("failed to unmarshal issuer public key: proto: idemix.IssuerPublicKey: illegal tag 0 (wire type 0)")) 111 Expect(pk).To(BeNil()) 112 }) 113 114 It("fails to unmarshal issuer public key", func() { 115 pk, err := Issuer.NewPublicKeyFromBytes(nil, nil) 116 Expect(err).To(MatchError(ContainSubstring("failure [runtime error: index out of range"))) 117 Expect(pk).To(BeNil()) 118 }) 119 120 Context("and it is modified", func() { 121 var ( 122 pk handlers.IssuerPublicKey 123 ) 124 BeforeEach(func() { 125 attributes := []string{"A", "B"} 126 key, err := Issuer.NewKey(attributes) 127 Expect(err).NotTo(HaveOccurred()) 128 pk = key.Public() 129 Expect(pk).NotTo(BeNil()) 130 }) 131 132 It("fails to validate invalid issuer public key", func() { 133 if pk.(*bridge.IssuerPublicKey).PK.ProofC[0] != 1 { 134 pk.(*bridge.IssuerPublicKey).PK.ProofC[0] = 1 135 } else { 136 pk.(*bridge.IssuerPublicKey).PK.ProofC[0] = 0 137 } 138 raw, err := pk.Bytes() 139 Expect(err).NotTo(HaveOccurred()) 140 Expect(raw).NotTo(BeEmpty()) 141 142 pk, err = Issuer.NewPublicKeyFromBytes(raw, nil) 143 Expect(err).To(MatchError("invalid issuer public key: zero knowledge proof in public key invalid")) 144 Expect(pk).To(BeNil()) 145 }) 146 147 It("fails to verify attributes, different length", func() { 148 raw, err := pk.Bytes() 149 Expect(err).NotTo(HaveOccurred()) 150 Expect(raw).NotTo(BeEmpty()) 151 152 pk, err := Issuer.NewPublicKeyFromBytes(raw, []string{"A"}) 153 Expect(err).To(MatchError("invalid number of attributes, expected [2], got [1]")) 154 Expect(pk).To(BeNil()) 155 }) 156 157 It("fails to verify attributes, different attributes", func() { 158 raw, err := pk.Bytes() 159 Expect(err).NotTo(HaveOccurred()) 160 Expect(raw).NotTo(BeEmpty()) 161 162 pk, err := Issuer.NewPublicKeyFromBytes(raw, []string{"A", "C"}) 163 Expect(err).To(MatchError("invalid attribute name at position [1]")) 164 Expect(pk).To(BeNil()) 165 }) 166 }) 167 168 }) 169 }) 170 171 Describe("user", func() { 172 var ( 173 User *bridge.User 174 ) 175 176 BeforeEach(func() { 177 User = &bridge.User{NewRand: bridge.NewRandOrPanic} 178 }) 179 180 Context("secret key generation", func() { 181 It("panic on rand failure", func() { 182 User.NewRand = NewRandPanic 183 key, err := User.NewKey() 184 Expect(err).To(MatchError("failure [new rand panic]")) 185 Expect(key).To(BeNil()) 186 }) 187 }) 188 189 Context("secret key import", func() { 190 It("success", func() { 191 key, err := User.NewKey() 192 Expect(err).NotTo(HaveOccurred()) 193 194 raw, err := key.Bytes() 195 Expect(err).NotTo(HaveOccurred()) 196 Expect(raw).NotTo(BeNil()) 197 198 key2, err := User.NewKeyFromBytes(raw) 199 Expect(err).NotTo(HaveOccurred()) 200 201 raw2, err := key2.Bytes() 202 Expect(err).NotTo(HaveOccurred()) 203 Expect(raw2).NotTo(BeNil()) 204 205 Expect(raw2).To(BeEquivalentTo(raw)) 206 }) 207 208 It("fails on nil raw", func() { 209 key, err := User.NewKeyFromBytes(nil) 210 Expect(err).To(MatchError("invalid length, expected [32], got [0]")) 211 Expect(key).To(BeNil()) 212 }) 213 214 It("fails on invalid raw", func() { 215 key, err := User.NewKeyFromBytes([]byte{0, 1, 2, 3}) 216 Expect(err).To(MatchError("invalid length, expected [32], got [4]")) 217 Expect(key).To(BeNil()) 218 }) 219 }) 220 221 Context("nym generation", func() { 222 223 It("fails on nil user secret key", func() { 224 r1, r2, err := User.MakeNym(nil, issuerPublicKey) 225 Expect(err).To(MatchError("invalid user secret key, expected *Big, got [<nil>]")) 226 Expect(r1).To(BeNil()) 227 Expect(r2).To(BeNil()) 228 }) 229 230 It("fails on invalid user secret key", func() { 231 r1, r2, err := User.MakeNym(issuerPublicKey, issuerPublicKey) 232 Expect(err).To(MatchError("invalid user secret key, expected *Big, got [*bridge.IssuerPublicKey]")) 233 Expect(r1).To(BeNil()) 234 Expect(r2).To(BeNil()) 235 }) 236 237 It("fails on nil issuer public key", func() { 238 r1, r2, err := User.MakeNym(userSecretKey, nil) 239 Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [<nil>]")) 240 Expect(r1).To(BeNil()) 241 Expect(r2).To(BeNil()) 242 }) 243 244 It("fails on invalid issuer public key", func() { 245 r1, r2, err := User.MakeNym(userSecretKey, &mock.IssuerPublicKey{}) 246 Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [*mock.IssuerPublicKey]")) 247 Expect(r1).To(BeNil()) 248 Expect(r2).To(BeNil()) 249 }) 250 251 It("panic on rand failure", func() { 252 User.NewRand = NewRandPanic 253 r1, r2, err := User.MakeNym(userSecretKey, issuerPublicKey) 254 Expect(err).To(MatchError("failure [new rand panic]")) 255 Expect(r1).To(BeNil()) 256 Expect(r2).To(BeNil()) 257 }) 258 }) 259 260 Context("public nym import", func() { 261 262 It("success", func() { 263 npk := handlers.NewNymPublicKey(&bridge.Ecp{ 264 E: FP256BN.NewECPbigs(FP256BN.NewBIGint(10), FP256BN.NewBIGint(20)), 265 }) 266 raw, err := npk.Bytes() 267 Expect(err).NotTo(HaveOccurred()) 268 Expect(raw).NotTo(BeNil()) 269 270 npk2, err := User.NewPublicNymFromBytes(raw) 271 raw2, err := npk2.Bytes() 272 Expect(err).NotTo(HaveOccurred()) 273 Expect(raw2).NotTo(BeNil()) 274 275 Expect(raw2).To(BeEquivalentTo(raw)) 276 }) 277 278 It("panic on nil raw", func() { 279 key, err := User.NewPublicNymFromBytes(nil) 280 Expect(err).To(MatchError("failure [%!s(<nil>)]")) 281 Expect(key).To(BeNil()) 282 }) 283 284 It("failure unmarshalling invalid raw", func() { 285 key, err := User.NewPublicNymFromBytes([]byte{0, 1, 2, 3}) 286 Expect(err).To(MatchError("failure [%!s(<nil>)]")) 287 Expect(key).To(BeNil()) 288 }) 289 290 }) 291 }) 292 293 Describe("credential request", func() { 294 var ( 295 CredRequest *bridge.CredRequest 296 IssuerNonce []byte 297 ) 298 BeforeEach(func() { 299 CredRequest = &bridge.CredRequest{NewRand: bridge.NewRandOrPanic} 300 IssuerNonce = make([]byte, 32) 301 n, err := rand.Read(IssuerNonce) 302 Expect(n).To(BeEquivalentTo(32)) 303 Expect(err).NotTo(HaveOccurred()) 304 }) 305 306 Context("sign", func() { 307 It("fail on nil user secret key", func() { 308 raw, err := CredRequest.Sign(nil, issuerPublicKey, IssuerNonce) 309 Expect(err).To(MatchError("invalid user secret key, expected *Big, got [<nil>]")) 310 Expect(raw).To(BeNil()) 311 }) 312 313 It("fail on invalid user secret key", func() { 314 raw, err := CredRequest.Sign(issuerPublicKey, issuerPublicKey, IssuerNonce) 315 Expect(err).To(MatchError("invalid user secret key, expected *Big, got [*bridge.IssuerPublicKey]")) 316 Expect(raw).To(BeNil()) 317 }) 318 319 It("fail on nil issuer public key", func() { 320 raw, err := CredRequest.Sign(userSecretKey, nil, IssuerNonce) 321 Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [<nil>]")) 322 Expect(raw).To(BeNil()) 323 }) 324 325 It("fail on invalid issuer public key", func() { 326 raw, err := CredRequest.Sign(userSecretKey, &mock.IssuerPublicKey{}, IssuerNonce) 327 Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [*mock.IssuerPublicKey]")) 328 Expect(raw).To(BeNil()) 329 }) 330 331 It("fail on nil nonce", func() { 332 raw, err := CredRequest.Sign(userSecretKey, issuerPublicKey, nil) 333 Expect(err).To(MatchError("invalid issuer nonce, expected length 32, got 0")) 334 Expect(raw).To(BeNil()) 335 }) 336 337 It("fail on empty nonce", func() { 338 raw, err := CredRequest.Sign(userSecretKey, issuerPublicKey, []byte{}) 339 Expect(err).To(MatchError("invalid issuer nonce, expected length 32, got 0")) 340 Expect(raw).To(BeNil()) 341 }) 342 343 It("panic on rand failure", func() { 344 CredRequest.NewRand = NewRandPanic 345 raw, err := CredRequest.Sign(userSecretKey, issuerPublicKey, IssuerNonce) 346 Expect(err).To(MatchError("failure [new rand panic]")) 347 Expect(raw).To(BeNil()) 348 }) 349 350 }) 351 352 Context("verify", func() { 353 It("panic on nil credential request", func() { 354 err := CredRequest.Verify(nil, issuerPublicKey, IssuerNonce) 355 Expect(err).To(MatchError(ContainSubstring("failure [runtime error: index out of range"))) 356 }) 357 358 It("fail on invalid credential request", func() { 359 err := CredRequest.Verify([]byte{0, 1, 2, 3, 4}, issuerPublicKey, IssuerNonce) 360 Expect(err).To(MatchError("proto: idemix.CredRequest: illegal tag 0 (wire type 0)")) 361 }) 362 363 It("fail on nil issuer public key", func() { 364 err := CredRequest.Verify(nil, nil, IssuerNonce) 365 Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [<nil>]")) 366 }) 367 368 It("fail on invalid issuer public key", func() { 369 err := CredRequest.Verify(nil, &mock.IssuerPublicKey{}, IssuerNonce) 370 Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [*mock.IssuerPublicKey]")) 371 }) 372 373 }) 374 }) 375 376 Describe("credential", func() { 377 var ( 378 Credential handlers.Credential 379 ) 380 BeforeEach(func() { 381 Credential = &bridge.Credential{} 382 }) 383 384 Context("sign", func() { 385 386 It("fail on nil issuer secret key", func() { 387 raw, err := Credential.Sign(nil, []byte{0, 1, 2, 3, 4}, nil) 388 Expect(err).To(MatchError("invalid issuer secret key, expected *Big, got [<nil>]")) 389 Expect(raw).To(BeNil()) 390 }) 391 392 It("fail on invalid credential request", func() { 393 raw, err := Credential.Sign(issuerSecretKey, []byte{0, 1, 2, 3, 4}, nil) 394 Expect(err).To(MatchError("failed unmarshalling credential request: proto: idemix.CredRequest: illegal tag 0 (wire type 0)")) 395 Expect(raw).To(BeNil()) 396 }) 397 398 It("fail on nil inputs", func() { 399 raw, err := Credential.Sign(issuerSecretKey, nil, nil) 400 Expect(err).To(MatchError("failure [runtime error: invalid memory address or nil pointer dereference]")) 401 Expect(raw).To(BeNil()) 402 }) 403 404 It("fail on invalid attributes", func() { 405 raw, err := Credential.Sign(issuerSecretKey, nil, []bccsp.IdemixAttribute{ 406 {Type: 5, Value: nil}, 407 }) 408 Expect(err).To(MatchError("attribute type not allowed or supported [5] at position [0]")) 409 Expect(raw).To(BeNil()) 410 }) 411 }) 412 413 Context("verify", func() { 414 It("fail on nil user secret key", func() { 415 err := Credential.Verify(nil, nil, nil, nil) 416 Expect(err).To(MatchError("invalid user secret key, expected *Big, got [<nil>]")) 417 }) 418 419 It("fail on invalid user secret key", func() { 420 err := Credential.Verify(issuerPublicKey, nil, nil, nil) 421 Expect(err).To(MatchError("invalid user secret key, expected *Big, got [*bridge.IssuerPublicKey]")) 422 }) 423 424 It("fail on nil issuer public key", func() { 425 err := Credential.Verify(userSecretKey, nil, nil, nil) 426 Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [*bridge.Big]")) 427 }) 428 429 It("fail on invalid issuer public key", func() { 430 err := Credential.Verify(userSecretKey, &mock.IssuerPublicKey{}, nil, nil) 431 Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [*bridge.Big]")) 432 }) 433 434 It("fail on invalid attributes", func() { 435 err := Credential.Verify(userSecretKey, issuerPublicKey, nil, []bccsp.IdemixAttribute{ 436 {Type: 5, Value: nil}, 437 }) 438 Expect(err).To(MatchError("attribute type not allowed or supported [5] at position [0]")) 439 }) 440 }) 441 }) 442 443 Describe("revocation", func() { 444 var ( 445 Revocation handlers.Revocation 446 ) 447 BeforeEach(func() { 448 Revocation = &bridge.Revocation{} 449 }) 450 451 Context("sign", func() { 452 453 It("fail on nil inputs", func() { 454 raw, err := Revocation.Sign(nil, nil, 0, 0) 455 Expect(err).To(MatchError("failed creating CRI: CreateCRI received nil input")) 456 Expect(raw).To(BeNil()) 457 }) 458 459 It("fail on invalid handlers", func() { 460 raw, err := Revocation.Sign(nil, [][]byte{{0, 2, 3, 4}}, 0, 0) 461 Expect(err).To(MatchError(ContainSubstring("failure [runtime error: index out of range"))) 462 Expect(raw).To(BeNil()) 463 }) 464 }) 465 466 Context("verify", func() { 467 It("fail on nil inputs", func() { 468 err := Revocation.Verify(nil, nil, 0, 0) 469 Expect(err).To(MatchError("EpochPK invalid: received nil input")) 470 }) 471 472 It("fail on malformed cri", func() { 473 err := Revocation.Verify(nil, []byte{0, 1, 2, 3, 4}, 0, 0) 474 Expect(err).To(MatchError("proto: idemix.CredentialRevocationInformation: illegal tag 0 (wire type 0)")) 475 }) 476 }) 477 }) 478 479 Describe("signature", func() { 480 var ( 481 SignatureScheme handlers.SignatureScheme 482 ) 483 BeforeEach(func() { 484 SignatureScheme = &bridge.SignatureScheme{NewRand: bridge.NewRandOrPanic} 485 }) 486 487 Context("sign", func() { 488 It("fail on nil user secret key", func() { 489 signature, err := SignatureScheme.Sign(nil, nil, nil, nil, nil, nil, nil, 0, nil) 490 Expect(err).To(MatchError("invalid user secret key, expected *Big, got [<nil>]")) 491 Expect(signature).To(BeNil()) 492 }) 493 494 It("fail on nil nym public key", func() { 495 signature, err := SignatureScheme.Sign(nil, userSecretKey, nil, nil, nil, nil, nil, 0, nil) 496 Expect(err).To(MatchError("invalid nym public key, expected *Ecp, got [<nil>]")) 497 Expect(signature).To(BeNil()) 498 }) 499 500 It("fail on nil nym secret key", func() { 501 signature, err := SignatureScheme.Sign(nil, userSecretKey, nymPublicKey, nil, nil, nil, nil, 0, nil) 502 Expect(err).To(MatchError("invalid nym secret key, expected *Big, got [<nil>]")) 503 Expect(signature).To(BeNil()) 504 }) 505 506 It("fail on nil issuer public key", func() { 507 signature, err := SignatureScheme.Sign(nil, userSecretKey, nymPublicKey, nymSecretKey, nil, nil, nil, 0, nil) 508 Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [<nil>]")) 509 Expect(signature).To(BeNil()) 510 }) 511 }) 512 513 Context("verify", func() { 514 It("fail on nil issuer Public key", func() { 515 err := SignatureScheme.Verify(nil, nil, nil, nil, 0, nil, 0) 516 Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [<nil>]")) 517 }) 518 519 It("fail on nil signature", func() { 520 err := SignatureScheme.Verify(issuerPublicKey, nil, nil, nil, 0, nil, 0) 521 Expect(err).To(MatchError("cannot verify idemix signature: received nil input")) 522 }) 523 524 It("fail on invalid signature", func() { 525 err := SignatureScheme.Verify(issuerPublicKey, []byte{0, 1, 2, 3, 4}, nil, nil, 0, nil, 0) 526 Expect(err).To(MatchError("proto: idemix.Signature: illegal tag 0 (wire type 0)")) 527 }) 528 529 It("fail on invalid attributes", func() { 530 err := SignatureScheme.Verify(issuerPublicKey, nil, nil, 531 []bccsp.IdemixAttribute{{Type: -1}}, 0, nil, 0) 532 Expect(err).To(MatchError("attribute type not allowed or supported [-1] at position [0]")) 533 }) 534 }) 535 }) 536 537 Describe("nym signature", func() { 538 var ( 539 NymSignatureScheme handlers.NymSignatureScheme 540 ) 541 BeforeEach(func() { 542 NymSignatureScheme = &bridge.NymSignatureScheme{NewRand: bridge.NewRandOrPanic} 543 }) 544 545 Context("sign", func() { 546 It("fail on nil user secret key", func() { 547 signature, err := NymSignatureScheme.Sign(nil, nil, nil, nil, nil) 548 Expect(err).To(MatchError("invalid user secret key, expected *Big, got [<nil>]")) 549 Expect(signature).To(BeNil()) 550 }) 551 552 It("fail on nil nym public key", func() { 553 signature, err := NymSignatureScheme.Sign(userSecretKey, nil, nil, nil, nil) 554 Expect(err).To(MatchError("invalid nym public key, expected *Ecp, got [<nil>]")) 555 Expect(signature).To(BeNil()) 556 }) 557 558 It("fail on nil nym secret key", func() { 559 signature, err := NymSignatureScheme.Sign(userSecretKey, nymPublicKey, nil, nil, nil) 560 Expect(err).To(MatchError("invalid nym secret key, expected *Big, got [<nil>]")) 561 Expect(signature).To(BeNil()) 562 }) 563 564 It("fail on nil issuer public key", func() { 565 signature, err := NymSignatureScheme.Sign(userSecretKey, nymPublicKey, nymSecretKey, nil, nil) 566 Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [<nil>]")) 567 Expect(signature).To(BeNil()) 568 }) 569 }) 570 571 Context("verify", func() { 572 It("fail on nil issuer Public key", func() { 573 err := NymSignatureScheme.Verify(nil, nil, nil, nil) 574 Expect(err).To(MatchError("invalid issuer public key, expected *IssuerPublicKey, got [<nil>]")) 575 }) 576 577 It("fail on nil nym public key", func() { 578 err := NymSignatureScheme.Verify(issuerPublicKey, nil, nil, nil) 579 Expect(err).To(MatchError("invalid nym public key, expected *Ecp, got [<nil>]")) 580 }) 581 582 It("panic on nil signature", func() { 583 err := NymSignatureScheme.Verify(issuerPublicKey, nymPublicKey, nil, nil) 584 Expect(err).To(MatchError(ContainSubstring("failure [runtime error: index out of range"))) 585 }) 586 587 It("fail on invalid signature", func() { 588 err := NymSignatureScheme.Verify(issuerPublicKey, nymPublicKey, []byte{0, 1, 2, 3, 4}, nil) 589 Expect(err).To(MatchError("error unmarshalling signature: proto: idemix.NymSignature: illegal tag 0 (wire type 0)")) 590 }) 591 592 }) 593 }) 594 595 Describe("setting up the environment with one issuer and one user", func() { 596 var ( 597 Issuer handlers.Issuer 598 IssuerKeyGen *handlers.IssuerKeyGen 599 IssuerKey bccsp.Key 600 IssuerPublicKey bccsp.Key 601 AttributeNames []string 602 603 User handlers.User 604 UserKeyGen *handlers.UserKeyGen 605 UserKey bccsp.Key 606 NymKeyDerivation *handlers.NymKeyDerivation 607 NymKey bccsp.Key 608 NymPublicKey bccsp.Key 609 610 CredRequest handlers.CredRequest 611 CredentialRequestSigner *handlers.CredentialRequestSigner 612 CredentialRequestVerifier *handlers.CredentialRequestVerifier 613 IssuerNonce []byte 614 credRequest []byte 615 616 Credential handlers.Credential 617 CredentialSigner *handlers.CredentialSigner 618 CredentialVerifier *handlers.CredentialVerifier 619 credential []byte 620 621 Revocation handlers.Revocation 622 RevocationKeyGen *handlers.RevocationKeyGen 623 RevocationKey bccsp.Key 624 RevocationPublicKey bccsp.Key 625 CriSigner *handlers.CriSigner 626 CriVerifier *handlers.CriVerifier 627 cri []byte 628 ) 629 630 BeforeEach(func() { 631 // Issuer 632 var err error 633 Issuer = &bridge.Issuer{NewRand: bridge.NewRandOrPanic} 634 IssuerKeyGen = &handlers.IssuerKeyGen{Issuer: Issuer} 635 AttributeNames = []string{"Attr1", "Attr2", "Attr3", "Attr4", "Attr5"} 636 IssuerKey, err = IssuerKeyGen.KeyGen(&bccsp.IdemixIssuerKeyGenOpts{Temporary: true, AttributeNames: AttributeNames}) 637 Expect(err).NotTo(HaveOccurred()) 638 IssuerPublicKey, err = IssuerKey.PublicKey() 639 Expect(err).NotTo(HaveOccurred()) 640 641 // User 642 User = &bridge.User{NewRand: bridge.NewRandOrPanic} 643 UserKeyGen = &handlers.UserKeyGen{User: User} 644 UserKey, err = UserKeyGen.KeyGen(&bccsp.IdemixUserSecretKeyGenOpts{}) 645 Expect(err).NotTo(HaveOccurred()) 646 647 // User Nym Key 648 NymKeyDerivation = &handlers.NymKeyDerivation{User: User} 649 NymKey, err = NymKeyDerivation.KeyDeriv(UserKey, &bccsp.IdemixNymKeyDerivationOpts{IssuerPK: IssuerPublicKey}) 650 Expect(err).NotTo(HaveOccurred()) 651 NymPublicKey, err = NymKey.PublicKey() 652 Expect(err).NotTo(HaveOccurred()) 653 654 // Credential Request for User 655 IssuerNonce = make([]byte, 32) 656 n, err := rand.Read(IssuerNonce) 657 Expect(n).To(BeEquivalentTo(32)) 658 Expect(err).NotTo(HaveOccurred()) 659 660 CredRequest = &bridge.CredRequest{NewRand: bridge.NewRandOrPanic} 661 CredentialRequestSigner = &handlers.CredentialRequestSigner{CredRequest: CredRequest} 662 CredentialRequestVerifier = &handlers.CredentialRequestVerifier{CredRequest: CredRequest} 663 credRequest, err = CredentialRequestSigner.Sign( 664 UserKey, 665 nil, 666 &bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: IssuerPublicKey, IssuerNonce: IssuerNonce}, 667 ) 668 Expect(err).NotTo(HaveOccurred()) 669 670 // Credential 671 Credential = &bridge.Credential{NewRand: bridge.NewRandOrPanic} 672 CredentialSigner = &handlers.CredentialSigner{Credential: Credential} 673 CredentialVerifier = &handlers.CredentialVerifier{Credential: Credential} 674 credential, err = CredentialSigner.Sign( 675 IssuerKey, 676 credRequest, 677 &bccsp.IdemixCredentialSignerOpts{ 678 Attributes: []bccsp.IdemixAttribute{ 679 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, 680 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1}}, 681 {Type: bccsp.IdemixIntAttribute, Value: 1}, 682 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, 683 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2, 3}}, 684 }, 685 }, 686 ) 687 Expect(err).NotTo(HaveOccurred()) 688 689 // Revocation 690 Revocation = &bridge.Revocation{} 691 RevocationKeyGen = &handlers.RevocationKeyGen{Revocation: Revocation} 692 RevocationKey, err = RevocationKeyGen.KeyGen(&bccsp.IdemixRevocationKeyGenOpts{}) 693 Expect(err).NotTo(HaveOccurred()) 694 RevocationPublicKey, err = RevocationKey.PublicKey() 695 Expect(err).NotTo(HaveOccurred()) 696 697 // CRI 698 CriSigner = &handlers.CriSigner{Revocation: Revocation} 699 CriVerifier = &handlers.CriVerifier{Revocation: Revocation} 700 cri, err = CriSigner.Sign( 701 RevocationKey, 702 nil, 703 &bccsp.IdemixCRISignerOpts{}, 704 ) 705 Expect(err).NotTo(HaveOccurred()) 706 }) 707 708 It("the environment is properly set", func() { 709 // Verify CredRequest 710 valid, err := CredentialRequestVerifier.Verify( 711 IssuerPublicKey, 712 credRequest, 713 nil, 714 &bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce}, 715 ) 716 Expect(err).NotTo(HaveOccurred()) 717 Expect(valid).To(BeTrue()) 718 719 // Verify Credential 720 valid, err = CredentialVerifier.Verify( 721 UserKey, 722 credential, 723 nil, 724 &bccsp.IdemixCredentialSignerOpts{ 725 IssuerPK: IssuerPublicKey, 726 Attributes: []bccsp.IdemixAttribute{ 727 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, 728 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1}}, 729 {Type: bccsp.IdemixIntAttribute, Value: 1}, 730 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, 731 {Type: bccsp.IdemixHiddenAttribute}, 732 }, 733 }, 734 ) 735 Expect(err).NotTo(HaveOccurred()) 736 Expect(valid).To(BeTrue()) 737 738 // Verify CRI 739 valid, err = CriVerifier.Verify( 740 RevocationPublicKey, 741 cri, 742 nil, 743 &bccsp.IdemixCRISignerOpts{}, 744 ) 745 Expect(err).NotTo(HaveOccurred()) 746 Expect(valid).To(BeTrue()) 747 }) 748 749 Context("the environment is not valid with the respect to different parameters", func() { 750 751 It("invalid credential request nonce", func() { 752 valid, err := CredentialRequestVerifier.Verify( 753 IssuerPublicKey, 754 credRequest, 755 nil, 756 &bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: []byte("pine-apple-pine-apple-pine-apple")}, 757 ) 758 Expect(err).To(MatchError(fmt.Sprintf("invalid nonce, expected [%v], got [%v]", []byte("pine-apple-pine-apple-pine-apple"), IssuerNonce))) 759 Expect(valid).NotTo(BeTrue()) 760 }) 761 762 It("invalid credential request nonce, too short", func() { 763 valid, err := CredentialRequestVerifier.Verify( 764 IssuerPublicKey, 765 credRequest, 766 nil, 767 &bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: []byte("pine-aple-pine-apple-pinapple")}, 768 ) 769 Expect(err).To(MatchError("invalid issuer nonce, expected length 32, got 29")) 770 Expect(valid).NotTo(BeTrue()) 771 }) 772 773 It("invalid credential request", func() { 774 if credRequest[4] == 0 { 775 credRequest[4] = 1 776 } else { 777 credRequest[4] = 0 778 } 779 valid, err := CredentialRequestVerifier.Verify( 780 IssuerPublicKey, 781 credRequest, 782 nil, 783 &bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce}, 784 ) 785 Expect(err).To(MatchError("zero knowledge proof is invalid")) 786 Expect(valid).NotTo(BeTrue()) 787 }) 788 789 It("invalid credential request in verifying credential", func() { 790 if credRequest[4] == 0 { 791 credRequest[4] = 1 792 } else { 793 credRequest[4] = 0 794 } 795 credential, err := CredentialSigner.Sign( 796 IssuerKey, 797 credRequest, 798 &bccsp.IdemixCredentialSignerOpts{ 799 Attributes: []bccsp.IdemixAttribute{ 800 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, 801 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1}}, 802 {Type: bccsp.IdemixIntAttribute, Value: 1}, 803 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, 804 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2, 3}}, 805 }, 806 }, 807 ) 808 Expect(err).To(MatchError("failed creating new credential: zero knowledge proof is invalid")) 809 Expect(credential).To(BeNil()) 810 }) 811 812 It("nil credential", func() { 813 // Verify Credential 814 valid, err := CredentialVerifier.Verify( 815 UserKey, 816 nil, 817 nil, 818 &bccsp.IdemixCredentialSignerOpts{ 819 IssuerPK: IssuerPublicKey, 820 Attributes: []bccsp.IdemixAttribute{ 821 {Type: bccsp.IdemixBytesAttribute, Value: []byte{1}}, 822 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1}}, 823 {Type: bccsp.IdemixIntAttribute, Value: 1}, 824 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, 825 {Type: bccsp.IdemixHiddenAttribute}, 826 }, 827 }, 828 ) 829 Expect(err).To(MatchError("invalid signature, it must not be empty")) 830 Expect(valid).To(BeFalse()) 831 }) 832 833 It("malformed credential", func() { 834 // Verify Credential 835 valid, err := CredentialVerifier.Verify( 836 UserKey, 837 []byte{0, 1, 2, 3, 4}, 838 nil, 839 &bccsp.IdemixCredentialSignerOpts{ 840 IssuerPK: IssuerPublicKey, 841 Attributes: []bccsp.IdemixAttribute{ 842 {Type: bccsp.IdemixBytesAttribute, Value: []byte{1}}, 843 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1}}, 844 {Type: bccsp.IdemixIntAttribute, Value: 1}, 845 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, 846 {Type: bccsp.IdemixHiddenAttribute}, 847 }, 848 }, 849 ) 850 Expect(err).To(MatchError("proto: idemix.Credential: illegal tag 0 (wire type 0)")) 851 Expect(valid).To(BeFalse()) 852 }) 853 854 It("invalid credential", func() { 855 // Invalidate credential by changing it in one position 856 if credential[4] == 0 { 857 credential[4] = 1 858 } else { 859 credential[4] = 0 860 } 861 862 // Verify Credential 863 valid, err := CredentialVerifier.Verify( 864 UserKey, 865 credential, 866 nil, 867 &bccsp.IdemixCredentialSignerOpts{ 868 IssuerPK: IssuerPublicKey, 869 Attributes: []bccsp.IdemixAttribute{ 870 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, 871 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1}}, 872 {Type: bccsp.IdemixIntAttribute, Value: 1}, 873 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, 874 {Type: bccsp.IdemixHiddenAttribute}, 875 }, 876 }, 877 ) 878 Expect(err).To(MatchError("credential is not cryptographically valid")) 879 Expect(valid).To(BeFalse()) 880 }) 881 882 It("invalid byte array in credential", func() { 883 // Verify Credential 884 valid, err := CredentialVerifier.Verify( 885 UserKey, 886 credential, 887 nil, 888 &bccsp.IdemixCredentialSignerOpts{ 889 IssuerPK: IssuerPublicKey, 890 Attributes: []bccsp.IdemixAttribute{ 891 {Type: bccsp.IdemixBytesAttribute, Value: []byte{1}}, 892 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1}}, 893 {Type: bccsp.IdemixIntAttribute, Value: 1}, 894 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, 895 {Type: bccsp.IdemixHiddenAttribute}, 896 }, 897 }, 898 ) 899 Expect(err).To(MatchError("credential does not contain the correct attribute value at position [0]")) 900 Expect(valid).To(BeFalse()) 901 }) 902 903 It("invalid int in credential", func() { 904 // Verify Credential 905 valid, err := CredentialVerifier.Verify( 906 UserKey, 907 credential, 908 nil, 909 &bccsp.IdemixCredentialSignerOpts{ 910 IssuerPK: IssuerPublicKey, 911 Attributes: []bccsp.IdemixAttribute{ 912 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, 913 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1}}, 914 {Type: bccsp.IdemixIntAttribute, Value: 2}, 915 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0, 1, 2}}, 916 {Type: bccsp.IdemixHiddenAttribute}, 917 }, 918 }, 919 ) 920 Expect(err).To(MatchError("credential does not contain the correct attribute value at position [2]")) 921 Expect(valid).To(BeFalse()) 922 923 }) 924 925 It("invalid cri", func() { 926 // Verify CRI 927 cri[8] = 0 928 valid, err := CriVerifier.Verify( 929 RevocationPublicKey, 930 cri, 931 nil, 932 &bccsp.IdemixCRISignerOpts{}, 933 ) 934 Expect(err).To(MatchError("EpochPKSig invalid")) 935 Expect(valid).To(BeFalse()) 936 }) 937 }) 938 939 Describe("the environment is not properly set", func() { 940 941 Describe("issuer", func() { 942 Context("duplicate attribute", func() { 943 It("returns an error", func() { 944 AttributeNames = []string{"A", "A"} 945 IssuerKey, err := IssuerKeyGen.KeyGen(&bccsp.IdemixIssuerKeyGenOpts{Temporary: true, AttributeNames: AttributeNames}) 946 Expect(err).To(MatchError("attribute A appears multiple times in AttributeNames")) 947 Expect(IssuerKey).To(BeNil()) 948 }) 949 }) 950 }) 951 952 }) 953 954 Describe("producing and verifying idemix signature with different sets of attributes", func() { 955 var ( 956 SignatureScheme handlers.SignatureScheme 957 Signer *handlers.Signer 958 Verifier *handlers.Verifier 959 digest []byte 960 signature []byte 961 962 SignAttributes []bccsp.IdemixAttribute 963 VerifyAttributes []bccsp.IdemixAttribute 964 RhIndex int 965 Epoch int 966 errMessage string 967 validity bool 968 ) 969 970 BeforeEach(func() { 971 SignatureScheme = &bridge.SignatureScheme{NewRand: bridge.NewRandOrPanic} 972 Signer = &handlers.Signer{SignatureScheme: SignatureScheme} 973 Verifier = &handlers.Verifier{SignatureScheme: SignatureScheme} 974 975 digest = []byte("a digest") 976 RhIndex = 4 977 Epoch = 0 978 errMessage = "" 979 }) 980 981 It("the signature with no disclosed attributes is valid", func() { 982 validity = true 983 SignAttributes = []bccsp.IdemixAttribute{ 984 {Type: bccsp.IdemixHiddenAttribute}, 985 {Type: bccsp.IdemixHiddenAttribute}, 986 {Type: bccsp.IdemixHiddenAttribute}, 987 {Type: bccsp.IdemixHiddenAttribute}, 988 {Type: bccsp.IdemixHiddenAttribute}, 989 } 990 VerifyAttributes = SignAttributes 991 }) 992 993 It("the signature with disclosed attributes is valid", func() { 994 validity = true 995 SignAttributes = []bccsp.IdemixAttribute{ 996 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, 997 {Type: bccsp.IdemixHiddenAttribute}, 998 {Type: bccsp.IdemixIntAttribute, Value: 1}, 999 {Type: bccsp.IdemixHiddenAttribute}, 1000 {Type: bccsp.IdemixHiddenAttribute}, 1001 } 1002 VerifyAttributes = SignAttributes 1003 }) 1004 1005 It("the signature with different disclosed attributes is not valid", func() { 1006 validity = false 1007 errMessage = "signature invalid: zero-knowledge proof is invalid" 1008 SignAttributes = []bccsp.IdemixAttribute{ 1009 {Type: bccsp.IdemixBytesAttribute}, 1010 {Type: bccsp.IdemixHiddenAttribute}, 1011 {Type: bccsp.IdemixIntAttribute}, 1012 {Type: bccsp.IdemixHiddenAttribute}, 1013 {Type: bccsp.IdemixHiddenAttribute}, 1014 } 1015 VerifyAttributes = []bccsp.IdemixAttribute{ 1016 {Type: bccsp.IdemixBytesAttribute, Value: []byte{1}}, 1017 {Type: bccsp.IdemixHiddenAttribute}, 1018 {Type: bccsp.IdemixIntAttribute, Value: 1}, 1019 {Type: bccsp.IdemixHiddenAttribute}, 1020 {Type: bccsp.IdemixHiddenAttribute}, 1021 } 1022 }) 1023 1024 It("the signature with different disclosed attributes is not valid", func() { 1025 validity = false 1026 errMessage = "signature invalid: zero-knowledge proof is invalid" 1027 SignAttributes = []bccsp.IdemixAttribute{ 1028 {Type: bccsp.IdemixBytesAttribute}, 1029 {Type: bccsp.IdemixHiddenAttribute}, 1030 {Type: bccsp.IdemixIntAttribute}, 1031 {Type: bccsp.IdemixHiddenAttribute}, 1032 {Type: bccsp.IdemixHiddenAttribute}, 1033 } 1034 VerifyAttributes = []bccsp.IdemixAttribute{ 1035 {Type: bccsp.IdemixBytesAttribute, Value: []byte{0}}, 1036 {Type: bccsp.IdemixHiddenAttribute}, 1037 {Type: bccsp.IdemixIntAttribute, Value: 10}, 1038 {Type: bccsp.IdemixHiddenAttribute}, 1039 {Type: bccsp.IdemixHiddenAttribute}, 1040 } 1041 }) 1042 1043 AfterEach(func() { 1044 var err error 1045 signature, err = Signer.Sign( 1046 UserKey, 1047 digest, 1048 &bccsp.IdemixSignerOpts{ 1049 Credential: credential, 1050 Nym: NymKey, 1051 IssuerPK: IssuerPublicKey, 1052 Attributes: SignAttributes, 1053 RhIndex: RhIndex, 1054 Epoch: Epoch, 1055 CRI: cri, 1056 }, 1057 ) 1058 Expect(err).NotTo(HaveOccurred()) 1059 1060 valid, err := Verifier.Verify( 1061 IssuerPublicKey, 1062 signature, 1063 digest, 1064 &bccsp.IdemixSignerOpts{ 1065 RevocationPublicKey: RevocationPublicKey, 1066 Attributes: VerifyAttributes, 1067 RhIndex: RhIndex, 1068 Epoch: Epoch, 1069 }, 1070 ) 1071 1072 if errMessage == "" { 1073 Expect(err).NotTo(HaveOccurred()) 1074 } else { 1075 Expect(err).To(MatchError(errMessage)) 1076 } 1077 Expect(valid).To(BeEquivalentTo(validity)) 1078 }) 1079 1080 }) 1081 1082 Context("producing an idemix signature", func() { 1083 var ( 1084 SignatureScheme handlers.SignatureScheme 1085 Signer *handlers.Signer 1086 SignAttributes []bccsp.IdemixAttribute 1087 Verifier *handlers.Verifier 1088 ) 1089 1090 BeforeEach(func() { 1091 SignatureScheme = &bridge.SignatureScheme{NewRand: bridge.NewRandOrPanic} 1092 Signer = &handlers.Signer{SignatureScheme: SignatureScheme} 1093 SignAttributes = []bccsp.IdemixAttribute{ 1094 {Type: bccsp.IdemixHiddenAttribute}, 1095 {Type: bccsp.IdemixHiddenAttribute}, 1096 {Type: bccsp.IdemixHiddenAttribute}, 1097 {Type: bccsp.IdemixHiddenAttribute}, 1098 {Type: bccsp.IdemixHiddenAttribute}, 1099 } 1100 Verifier = &handlers.Verifier{SignatureScheme: SignatureScheme} 1101 }) 1102 1103 It("fails when the credential is malformed", func() { 1104 signature, err := Signer.Sign( 1105 UserKey, 1106 []byte("a message"), 1107 &bccsp.IdemixSignerOpts{ 1108 Credential: []byte{0, 1, 2, 3}, 1109 Nym: NymKey, 1110 IssuerPK: IssuerPublicKey, 1111 Attributes: SignAttributes, 1112 RhIndex: 4, 1113 Epoch: 0, 1114 CRI: cri, 1115 }, 1116 ) 1117 Expect(err).To(MatchError("failed unmarshalling credential: proto: idemix.Credential: illegal tag 0 (wire type 0)")) 1118 Expect(signature).To(BeNil()) 1119 }) 1120 1121 It("fails when the cri is malformed", func() { 1122 signature, err := Signer.Sign( 1123 UserKey, 1124 []byte("a message"), 1125 &bccsp.IdemixSignerOpts{ 1126 Credential: credential, 1127 Nym: NymKey, 1128 IssuerPK: IssuerPublicKey, 1129 Attributes: SignAttributes, 1130 RhIndex: 4, 1131 Epoch: 0, 1132 CRI: []byte{0, 1, 2, 3, 4}, 1133 }, 1134 ) 1135 Expect(err).To(MatchError("failed unmarshalling credential revocation information: proto: idemix.CredentialRevocationInformation: illegal tag 0 (wire type 0)")) 1136 Expect(signature).To(BeNil()) 1137 }) 1138 1139 It("fails when invalid rhIndex is passed", func() { 1140 signature, err := Signer.Sign( 1141 UserKey, 1142 []byte("a message"), 1143 &bccsp.IdemixSignerOpts{ 1144 Credential: credential, 1145 Nym: NymKey, 1146 IssuerPK: IssuerPublicKey, 1147 Attributes: SignAttributes, 1148 RhIndex: 5, 1149 Epoch: 0, 1150 CRI: cri, 1151 }, 1152 ) 1153 Expect(err).To(MatchError("failed creating new signature: cannot create idemix signature: received invalid input")) 1154 Expect(signature).To(BeNil()) 1155 }) 1156 1157 It("fails when the credential is invalid", func() { 1158 if credential[4] != 0 { 1159 credential[4] = 0 1160 } else { 1161 credential[4] = 1 1162 } 1163 1164 signature, err := Signer.Sign( 1165 UserKey, 1166 []byte("a message"), 1167 &bccsp.IdemixSignerOpts{ 1168 Credential: credential, 1169 Nym: NymKey, 1170 IssuerPK: IssuerPublicKey, 1171 Attributes: SignAttributes, 1172 RhIndex: 4, 1173 Epoch: 0, 1174 CRI: cri, 1175 }, 1176 ) 1177 Expect(err).NotTo(HaveOccurred()) 1178 Expect(signature).NotTo(BeNil()) 1179 1180 valid, err := Verifier.Verify( 1181 IssuerPublicKey, 1182 signature, 1183 []byte("a message"), 1184 &bccsp.IdemixSignerOpts{ 1185 RevocationPublicKey: RevocationPublicKey, 1186 Attributes: SignAttributes, 1187 RhIndex: 0, 1188 Epoch: 0, 1189 }, 1190 ) 1191 Expect(err).To(MatchError("signature invalid: APrime = 1")) 1192 Expect(valid).To(BeFalse()) 1193 1194 }) 1195 1196 It("fails when the credential is nil", func() { 1197 credential[4] = 0 1198 signature, err := Signer.Sign( 1199 UserKey, 1200 []byte("a message"), 1201 &bccsp.IdemixSignerOpts{ 1202 Credential: nil, 1203 Nym: NymKey, 1204 IssuerPK: IssuerPublicKey, 1205 Attributes: SignAttributes, 1206 RhIndex: 4, 1207 Epoch: 0, 1208 CRI: cri, 1209 }, 1210 ) 1211 Expect(err).To(MatchError(ContainSubstring("failure [runtime error: index out of range"))) 1212 Expect(signature).To(BeNil()) 1213 }) 1214 }) 1215 1216 Describe("producing an idemix nym signature", func() { 1217 var ( 1218 NymSignatureScheme *bridge.NymSignatureScheme 1219 NymSigner *handlers.NymSigner 1220 NymVerifier *handlers.NymVerifier 1221 digest []byte 1222 signature []byte 1223 ) 1224 1225 BeforeEach(func() { 1226 var err error 1227 NymSignatureScheme = &bridge.NymSignatureScheme{NewRand: bridge.NewRandOrPanic} 1228 NymSigner = &handlers.NymSigner{NymSignatureScheme: NymSignatureScheme} 1229 NymVerifier = &handlers.NymVerifier{NymSignatureScheme: NymSignatureScheme} 1230 1231 digest = []byte("a digest") 1232 1233 signature, err = NymSigner.Sign( 1234 UserKey, 1235 digest, 1236 &bccsp.IdemixNymSignerOpts{ 1237 Nym: NymKey, 1238 IssuerPK: IssuerPublicKey, 1239 }, 1240 ) 1241 Expect(err).NotTo(HaveOccurred()) 1242 }) 1243 1244 It("the signature is valid", func() { 1245 valid, err := NymVerifier.Verify( 1246 NymPublicKey, 1247 signature, 1248 digest, 1249 &bccsp.IdemixNymSignerOpts{ 1250 IssuerPK: IssuerPublicKey, 1251 }, 1252 ) 1253 Expect(err).NotTo(HaveOccurred()) 1254 Expect(valid).To(BeTrue()) 1255 }) 1256 1257 Context("the signature is malformed", func() { 1258 var nymSignature *cryptolib.NymSignature 1259 1260 BeforeEach(func() { 1261 nymSignature = &cryptolib.NymSignature{} 1262 err := proto.Unmarshal(signature, nymSignature) 1263 Expect(err).NotTo(HaveOccurred()) 1264 }) 1265 1266 marshalAndVerify := func(nymSignature *cryptolib.NymSignature) (bool, error) { 1267 signature, err := proto.Marshal(nymSignature) 1268 Expect(err).NotTo(HaveOccurred()) 1269 1270 return NymVerifier.Verify( 1271 NymPublicKey, 1272 signature, 1273 digest, 1274 &bccsp.IdemixNymSignerOpts{ 1275 IssuerPK: IssuerPublicKey, 1276 }, 1277 ) 1278 } 1279 1280 Context("cause nonce does not encode a proper Big", func() { 1281 It("returns an error", func() { 1282 nymSignature.Nonce = []byte{0, 1, 2, 3, 4} 1283 valid, err := marshalAndVerify(nymSignature) 1284 Expect(valid).To(BeFalse()) 1285 Expect(err).To(MatchError(ContainSubstring("failure [runtime error: index out of range"))) 1286 }) 1287 }) 1288 1289 Context("cause nonce is nil", func() { 1290 It("returns an error", func() { 1291 nymSignature.Nonce = nil 1292 valid, err := marshalAndVerify(nymSignature) 1293 Expect(valid).To(BeFalse()) 1294 Expect(err).To(MatchError(ContainSubstring("failure [runtime error: index out of range"))) 1295 }) 1296 }) 1297 1298 Context("cause nonce encode a different thing", func() { 1299 It("returns an error", func() { 1300 var err error 1301 nymSignature.Nonce, err = (&bridge.Big{E: FP256BN.NewBIGint(1)}).Bytes() 1302 Expect(err).NotTo(HaveOccurred()) 1303 1304 valid, err := marshalAndVerify(nymSignature) 1305 Expect(valid).To(BeFalse()) 1306 Expect(err).To(MatchError("pseudonym signature invalid: zero-knowledge proof is invalid")) 1307 }) 1308 }) 1309 1310 Context("cause ProofC is not encoded properly", func() { 1311 It("returns an error", func() { 1312 nymSignature.ProofC = []byte{0, 1, 2, 3, 4} 1313 1314 valid, err := marshalAndVerify(nymSignature) 1315 Expect(valid).To(BeFalse()) 1316 Expect(err).To(MatchError(ContainSubstring("failure [runtime error: index out of range"))) 1317 }) 1318 }) 1319 1320 Context("cause ProofC is nil", func() { 1321 It("returns an error", func() { 1322 nymSignature.ProofC = nil 1323 1324 valid, err := marshalAndVerify(nymSignature) 1325 Expect(valid).To(BeFalse()) 1326 Expect(err).To(MatchError(ContainSubstring("failure [runtime error: index out of range"))) 1327 }) 1328 }) 1329 1330 Context("cause ProofC encode a different thing", func() { 1331 It("returns an error", func() { 1332 var err error 1333 nymSignature.ProofC, err = (&bridge.Big{E: FP256BN.NewBIGint(1)}).Bytes() 1334 Expect(err).NotTo(HaveOccurred()) 1335 1336 valid, err := marshalAndVerify(nymSignature) 1337 Expect(valid).To(BeFalse()) 1338 Expect(err).To(MatchError("pseudonym signature invalid: zero-knowledge proof is invalid")) 1339 }) 1340 }) 1341 1342 Context("cause ProofSRNym is not encoded properly", func() { 1343 It("returns an error", func() { 1344 nymSignature.ProofSRNym = []byte{0, 1, 2, 3, 4} 1345 1346 valid, err := marshalAndVerify(nymSignature) 1347 Expect(valid).To(BeFalse()) 1348 Expect(err).To(MatchError(ContainSubstring("failure [runtime error: index out of range"))) 1349 }) 1350 }) 1351 1352 Context("cause ProofSRNym is nil", func() { 1353 It("returns an error", func() { 1354 nymSignature.ProofSRNym = nil 1355 valid, err := marshalAndVerify(nymSignature) 1356 Expect(valid).To(BeFalse()) 1357 Expect(err).To(MatchError(ContainSubstring("failure [runtime error: index out of range"))) 1358 }) 1359 }) 1360 1361 Context("cause ProofSRNym encode a different thing", func() { 1362 It("returns an error", func() { 1363 var err error 1364 nymSignature.ProofSRNym, err = (&bridge.Big{E: FP256BN.NewBIGint(1)}).Bytes() 1365 Expect(err).NotTo(HaveOccurred()) 1366 1367 valid, err := marshalAndVerify(nymSignature) 1368 Expect(valid).To(BeFalse()) 1369 Expect(err).To(MatchError("pseudonym signature invalid: zero-knowledge proof is invalid")) 1370 }) 1371 }) 1372 1373 Context("cause ProofSSk is not encoded properly", func() { 1374 It("returns an error", func() { 1375 nymSignature.ProofSSk = []byte{0, 1, 2, 3, 4} 1376 1377 valid, err := marshalAndVerify(nymSignature) 1378 Expect(valid).To(BeFalse()) 1379 Expect(err).To(MatchError(ContainSubstring("failure [runtime error: index out of range"))) 1380 }) 1381 }) 1382 1383 Context("cause ProofSSk is nil", func() { 1384 It("returns an error", func() { 1385 nymSignature.ProofSSk = nil 1386 1387 valid, err := marshalAndVerify(nymSignature) 1388 Expect(valid).To(BeFalse()) 1389 Expect(err).To(MatchError(ContainSubstring("failure [runtime error: index out of range"))) 1390 }) 1391 }) 1392 1393 Context("cause ProofSSk encode a different thing", func() { 1394 It("returns an error", func() { 1395 var err error 1396 nymSignature.ProofSSk, err = (&bridge.Big{E: FP256BN.NewBIGint(1)}).Bytes() 1397 Expect(err).NotTo(HaveOccurred()) 1398 1399 valid, err := marshalAndVerify(nymSignature) 1400 Expect(valid).To(BeFalse()) 1401 Expect(err).To(MatchError("pseudonym signature invalid: zero-knowledge proof is invalid")) 1402 }) 1403 }) 1404 }) 1405 }) 1406 1407 Context("importing nym key", func() { 1408 var ( 1409 NymPublicKeyImporter *handlers.NymPublicKeyImporter 1410 ) 1411 1412 BeforeEach(func() { 1413 NymPublicKeyImporter = &handlers.NymPublicKeyImporter{User: User} 1414 }) 1415 1416 It("nym key import is successful", func() { 1417 raw, err := NymPublicKey.Bytes() 1418 Expect(err).NotTo(HaveOccurred()) 1419 Expect(raw).NotTo(BeEmpty()) 1420 1421 k, err := NymPublicKeyImporter.KeyImport(raw, nil) 1422 Expect(err).NotTo(HaveOccurred()) 1423 raw2, err := k.Bytes() 1424 Expect(err).NotTo(HaveOccurred()) 1425 Expect(raw2).To(BeEquivalentTo(raw)) 1426 }) 1427 }) 1428 }) 1429 })