Skip to content

Commit

Permalink
[FAB-9244] 6. Revendored idemix package
Browse files Browse the repository at this point in the history
Revocation authority function is being added to the idemix library.
The changes are in change set 21161. To make progress on Fabric CA
side, I cherry picked the change set and updated vendored code in
Fabric CA project.

This change set contains vendored package idemix changes and CA
changes to incorporate API changes to idemix.NewCredRequest

Change-Id: I8a8b360b2d1ffd2e11da0bcc303263b66d886e07
Signed-off-by: Anil Ambati <aambati@us.ibm.com>
  • Loading branch information
Anil Ambati committed May 17, 2018
1 parent c44f5e1 commit 6a41a5a
Show file tree
Hide file tree
Showing 12 changed files with 706 additions and 110 deletions.
29 changes: 8 additions & 21 deletions lib/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -340,7 +340,7 @@ func (c *Client) handleIdemixEnroll(req *api.EnrollmentRequest) (*EnrollmentResp
return nil, errors.WithMessage(err, fmt.Sprintf("Failed to decode issuer public key that was returned by CA %s", req.CAName))
}
// Create credential request
credReq, sk, rand, err := c.newIdemixCredentialRequest(nonce, ipkBytes)
credReq, sk, err := c.newIdemixCredentialRequest(nonce, ipkBytes)
if err != nil {
return nil, errors.WithMessage(err, "Failed to create an Idemix credential request")
}
Expand All @@ -367,7 +367,7 @@ func (c *Client) handleIdemixEnroll(req *api.EnrollmentRequest) (*EnrollmentResp
return nil, err
}
log.Infof("Successfully received Idemix credential from CA %s", req.CAName)
return c.newIdemixEnrollmentResponse(identity, &result, sk, rand, req.Name)
return c.newIdemixEnrollmentResponse(identity, &result, sk, req.Name)
}

// addAuthHeaderForIdemixEnroll adds authenticate header to the specified HTTP request
Expand Down Expand Up @@ -430,30 +430,18 @@ func (c *Client) newEnrollmentResponse(result *common.EnrollmentResponseNet, id

// newIdemixEnrollmentResponse creates a client idemix enrollment response from a network response
func (c *Client) newIdemixEnrollmentResponse(identity *Identity, result *common.IdemixEnrollmentResponseNet,
sk, rand *fp256bn.BIG, id string) (*EnrollmentResponse, error) {
sk *fp256bn.BIG, id string) (*EnrollmentResponse, error) {
log.Debugf("newIdemixEnrollmentResponse %s", id)
credBytes, err := util.B64Decode(result.Credential)
if err != nil {
return nil, errors.WithMessage(err, "Invalid response format from server")
}

icred := &idemix.Credential{}
err = proto.Unmarshal(credBytes, icred)
if err != nil {
return nil, errors.WithMessage(err, "Failed to unmarshal Idemix credential bytes")
}

icred.Complete(rand)
ccredBytes, err := proto.Marshal(icred)
if err != nil {
return nil, errors.WithMessage(err, "Failed to marshal completed Idemix credential")
}

// Create SignerConfig object with credential bytes from the response
// and secret key
isAdmin, _ := strconv.ParseBool(result.Attrs["Role"])
signerConfig := &idemixcred.SignerConfig{
Cred: ccredBytes,
Cred: credBytes,
Sk: idemix.BigToBytes(sk),
IsAdmin: isAdmin,
OrganizationalUnitIdentifier: result.Attrs["OU"],
Expand Down Expand Up @@ -512,19 +500,18 @@ func (c *Client) newCertificateRequest(req *api.CSRInfo) *csr.CertificateRequest

// newIdemixCredentialRequest returns CredentialRequest object, a secret key, and a random number used in
// the creation of credential request.
func (c *Client) newIdemixCredentialRequest(nonce *fp256bn.BIG, ipkBytes []byte) (*idemix.CredRequest, *fp256bn.BIG, *fp256bn.BIG, error) {
func (c *Client) newIdemixCredentialRequest(nonce *fp256bn.BIG, ipkBytes []byte) (*idemix.CredRequest, *fp256bn.BIG, error) {
rng, err := idemix.GetRand()
if err != nil {
return nil, nil, nil, err
return nil, nil, err
}
sk := idemix.RandModOrder(rng)
randCred := idemix.RandModOrder(rng)

issuerPubKey, err := c.getIssuerPubKey(ipkBytes)
if err != nil {
return nil, nil, nil, err
return nil, nil, err
}
return idemix.NewCredRequest(sk, randCred, nonce, issuerPubKey, rng), sk, randCred, nil
return idemix.NewCredRequest(sk, nonce, issuerPubKey, rng), sk, nil
}

func (c *Client) getIssuerPubKey(ipkBytes []byte) (*idemix.IssuerPublicKey, error) {
Expand Down
17 changes: 8 additions & 9 deletions lib/server/idemix/enroll_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ func TestHandleIdemixEnrollForCredentialError(t *testing.T) {
handler := EnrollRequestHandler{Ctx: ctx, IdmxLib: idemixlib, Issuer: issuer}
nonce := handler.GenerateNonce()

credReq, _, _, err := newIdemixCredentialRequest(t, nonce)
credReq, _, err := newIdemixCredentialRequest(t, nonce)
if err != nil {
t.Fatalf("Failed to create credential request: %s", err.Error())
}
Expand Down Expand Up @@ -224,7 +224,7 @@ func TestHandleIdemixEnrollCheckNonceError(t *testing.T) {
caller := new(mocks.User)
caller.On("Name").Return("foo")

credReq, _, _, err := newIdemixCredentialRequest(t, nonce)
credReq, _, err := newIdemixCredentialRequest(t, nonce)
if err != nil {
t.Fatalf("Failed to create test credential request")
}
Expand Down Expand Up @@ -283,7 +283,7 @@ func TestHandleIdemixEnrollNewCredError(t *testing.T) {
caller.On("GetAttribute", "isAdmin").Return(&api.Attribute{Name: "isAdmin", Value: "true"}, nil)
caller.On("LoginComplete").Return(nil)

credReq, _, _, err := newIdemixCredentialRequest(t, nonce)
credReq, _, err := newIdemixCredentialRequest(t, nonce)
if err != nil {
t.Fatalf("Failed to create test credential request")
}
Expand Down Expand Up @@ -347,7 +347,7 @@ func TestHandleIdemixEnrollInsertCredError(t *testing.T) {
caller.On("GetAttribute", "isAdmin").Return(&api.Attribute{Name: "isAdmin", Value: "true"}, nil)
caller.On("LoginComplete").Return(nil)

credReq, _, _, err := newIdemixCredentialRequest(t, nonce)
credReq, _, err := newIdemixCredentialRequest(t, nonce)
if err != nil {
t.Fatalf("Failed to create test credential request")
}
Expand Down Expand Up @@ -425,7 +425,7 @@ func TestHandleIdemixEnrollForCredentialSuccess(t *testing.T) {
caller.On("GetAttribute", "isAdmin").Return(&api.Attribute{Name: "isAdmin", Value: "true"}, nil)
caller.On("LoginComplete").Return(nil)

credReq, _, _, err := newIdemixCredentialRequest(t, nonce)
credReq, _, err := newIdemixCredentialRequest(t, nonce)
if err != nil {
t.Fatalf("Failed to create test credential request")
}
Expand Down Expand Up @@ -503,7 +503,7 @@ func getReadBodyFunc(t *testing.T, credReq *idemix.CredRequest) func(body interf
}
}

func newIdemixCredentialRequest(t *testing.T, nonce *amcl.BIG) (*idemix.CredRequest, *amcl.BIG, *amcl.BIG, error) {
func newIdemixCredentialRequest(t *testing.T, nonce *amcl.BIG) (*idemix.CredRequest, *amcl.BIG, error) {
idmxlib := new(mocks.Lib)
issuerCred := NewIssuerCredential(testPublicKeyFile, testSecretKeyFile, idmxlib)
err := issuerCred.Load()
Expand All @@ -516,9 +516,8 @@ func newIdemixCredentialRequest(t *testing.T, nonce *amcl.BIG) (*idemix.CredRequ
}
rng, err := idemix.GetRand()
if err != nil {
return nil, nil, nil, err
return nil, nil, err
}
sk := idemix.RandModOrder(rng)
randCred := idemix.RandModOrder(rng)
return idemix.NewCredRequest(sk, randCred, nonce, ik.IPk, rng), sk, randCred, nil
return idemix.NewCredRequest(sk, nonce, ik.IPk, rng), sk, nil
}
5 changes: 0 additions & 5 deletions vendor/github.com/hyperledger/fabric/idemix/credential.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

21 changes: 8 additions & 13 deletions vendor/github.com/hyperledger/fabric/idemix/credrequest.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 6a41a5a

Please sign in to comment.