-
Notifications
You must be signed in to change notification settings - Fork 4
/
idemixopts.go
297 lines (252 loc) · 9.17 KB
/
idemixopts.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package bccsp
import (
"crypto"
)
// RevocationAlgorithm identifies the revocation algorithm
type RevocationAlgorithm int32
const (
// IDEMIX constant to identify Idemix related algorithms
IDEMIX = "IDEMIX"
)
const (
// AlgNoRevocation means no revocation support
AlgNoRevocation RevocationAlgorithm = iota
)
// IdemixIssuerKeyGenOpts contains the options for the Idemix Issuer key-generation.
// A list of attribytes may be optionally passed
type IdemixIssuerKeyGenOpts struct {
// Temporary tells if the key is ephemeral
Temporary bool
// AttributeNames is a list of attributes
AttributeNames []string
}
// Algorithm returns the key generation algorithm identifier (to be used).
func (*IdemixIssuerKeyGenOpts) Algorithm() string {
return IDEMIX
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (o *IdemixIssuerKeyGenOpts) Ephemeral() bool {
return o.Temporary
}
// IdemixIssuerPublicKeyImportOpts contains the options for importing of an Idemix issuer public key.
type IdemixIssuerPublicKeyImportOpts struct {
Temporary bool
// AttributeNames is a list of attributes to ensure the import public key has
AttributeNames []string
}
// Algorithm returns the key generation algorithm identifier (to be used).
func (*IdemixIssuerPublicKeyImportOpts) Algorithm() string {
return IDEMIX
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (o *IdemixIssuerPublicKeyImportOpts) Ephemeral() bool {
return o.Temporary
}
// IdemixUserSecretKeyGenOpts contains the options for the generation of an Idemix credential secret key.
type IdemixUserSecretKeyGenOpts struct {
Temporary bool
}
// Algorithm returns the key generation algorithm identifier (to be used).
func (*IdemixUserSecretKeyGenOpts) Algorithm() string {
return IDEMIX
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (o *IdemixUserSecretKeyGenOpts) Ephemeral() bool {
return o.Temporary
}
// IdemixUserSecretKeyImportOpts contains the options for importing of an Idemix credential secret key.
type IdemixUserSecretKeyImportOpts struct {
Temporary bool
}
// Algorithm returns the key generation algorithm identifier (to be used).
func (*IdemixUserSecretKeyImportOpts) Algorithm() string {
return IDEMIX
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (o *IdemixUserSecretKeyImportOpts) Ephemeral() bool {
return o.Temporary
}
// IdemixNymKeyDerivationOpts contains the options to create a new unlinkable pseudonym from a
// credential secret key with the respect to the specified issuer public key
type IdemixNymKeyDerivationOpts struct {
// Temporary tells if the key is ephemeral
Temporary bool
// IssuerPK is the public-key of the issuer
IssuerPK Key
}
// Algorithm returns the key derivation algorithm identifier (to be used).
func (*IdemixNymKeyDerivationOpts) Algorithm() string {
return IDEMIX
}
// Ephemeral returns true if the key to derive has to be ephemeral,
// false otherwise.
func (o *IdemixNymKeyDerivationOpts) Ephemeral() bool {
return o.Temporary
}
// IssuerPublicKey returns the issuer public key used to derive
// a new unlinkable pseudonym from a credential secret key
func (o *IdemixNymKeyDerivationOpts) IssuerPublicKey() Key {
return o.IssuerPK
}
// IdemixNymPublicKeyImportOpts contains the options to import the public part of a pseudonym
type IdemixNymPublicKeyImportOpts struct {
// Temporary tells if the key is ephemeral
Temporary bool
}
// Algorithm returns the key derivation algorithm identifier (to be used).
func (*IdemixNymPublicKeyImportOpts) Algorithm() string {
return IDEMIX
}
// Ephemeral returns true if the key to derive has to be ephemeral,
// false otherwise.
func (o *IdemixNymPublicKeyImportOpts) Ephemeral() bool {
return o.Temporary
}
// IdemixCredentialRequestSignerOpts contains the option to create a Idemix credential request.
type IdemixCredentialRequestSignerOpts struct {
// Attributes contains a list of indices of the attributes to be included in the
// credential. The indices are with the respect to IdemixIssuerKeyGenOpts#AttributeNames.
Attributes []int
// IssuerPK is the public-key of the issuer
IssuerPK Key
// IssuerNonce is generated by the issuer and used by the client to generate the credential request.
// Once the issuer gets the credential requests, it checks that the nonce is the same.
IssuerNonce []byte
// HashFun is the hash function to be used
H crypto.Hash
}
func (o *IdemixCredentialRequestSignerOpts) HashFunc() crypto.Hash {
return o.H
}
// IssuerPublicKey returns the issuer public key used to derive
// a new unlinkable pseudonym from a credential secret key
func (o *IdemixCredentialRequestSignerOpts) IssuerPublicKey() Key {
return o.IssuerPK
}
// IdemixAttributeType represents the type of an idemix attribute
type IdemixAttributeType int
const (
// IdemixHiddenAttribute represents an hidden attribute
IdemixHiddenAttribute IdemixAttributeType = iota
// IdemixStringAttribute represents a sequence of bytes
IdemixBytesAttribute
// IdemixIntAttribute represents an int
IdemixIntAttribute
)
type IdemixAttribute struct {
// Type is the attribute's type
Type IdemixAttributeType
// Value is the attribute's value
Value interface{}
}
// IdemixCredentialSignerOpts contains the options to produce a credential starting from a credential request
type IdemixCredentialSignerOpts struct {
// Attributes to include in the credentials. IdemixHiddenAttribute is not allowed here
Attributes []IdemixAttribute
// IssuerPK is the public-key of the issuer
IssuerPK Key
// HashFun is the hash function to be used
H crypto.Hash
}
// HashFunc returns an identifier for the hash function used to produce
// the message passed to Signer.Sign, or else zero to indicate that no
// hashing was done.
func (o *IdemixCredentialSignerOpts) HashFunc() crypto.Hash {
return o.H
}
func (o *IdemixCredentialSignerOpts) IssuerPublicKey() Key {
return o.IssuerPK
}
// IdemixSignerOpts contains the options to generate an Idemix signature
type IdemixSignerOpts struct {
// Nym is the pseudonym to be used
Nym Key
// IssuerPK is the public-key of the issuer
IssuerPK Key
// Credential is the byte representation of the credential signed by the issuer
Credential []byte
// Attributes specifies which attribute should be disclosed and which not.
// If Attributes[i].Type = IdemixHiddenAttribute
// then the i-th credential attribute should not be disclosed, otherwise the i-th
// credential attribute will be disclosed.
// At verification time, if the i-th attribute is disclosed (Attributes[i].Type != IdemixHiddenAttribute),
// then Attributes[i].Value must be set accordingly.
Attributes []IdemixAttribute
// RhIndex is the index of attribute containing the revocation handler.
// Notice that this attributed cannot be discloused
RhIndex int
// CRI contains the credential revocation information
CRI []byte
// Epoch is the revocation epoch the signature should be produced against
Epoch int
// RevocationPublicKey is the revocation public key
RevocationPublicKey Key
// H is the hash function to be used
H crypto.Hash
}
func (o *IdemixSignerOpts) HashFunc() crypto.Hash {
return o.H
}
// IdemixNymSignerOpts contains the options to generate an idemix pseudonym signature.
type IdemixNymSignerOpts struct {
// Nym is the pseudonym to be used
Nym Key
// IssuerPK is the public-key of the issuer
IssuerPK Key
// H is the hash function to be used
H crypto.Hash
}
// HashFunc returns an identifier for the hash function used to produce
// the message passed to Signer.Sign, or else zero to indicate that no
// hashing was done.
func (o *IdemixNymSignerOpts) HashFunc() crypto.Hash {
return o.H
}
// IdemixRevocationKeyGenOpts contains the options for the Idemix revocation key-generation.
type IdemixRevocationKeyGenOpts struct {
// Temporary tells if the key is ephemeral
Temporary bool
}
// Algorithm returns the key generation algorithm identifier (to be used).
func (*IdemixRevocationKeyGenOpts) Algorithm() string {
return IDEMIX
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (o *IdemixRevocationKeyGenOpts) Ephemeral() bool {
return o.Temporary
}
// IdemixRevocationPublicKeyImportOpts contains the options for importing of an Idemix revocation public key.
type IdemixRevocationPublicKeyImportOpts struct {
Temporary bool
}
// Algorithm returns the key generation algorithm identifier (to be used).
func (*IdemixRevocationPublicKeyImportOpts) Algorithm() string {
return IDEMIX
}
// Ephemeral returns true if the key to generate has to be ephemeral,
// false otherwise.
func (o *IdemixRevocationPublicKeyImportOpts) Ephemeral() bool {
return o.Temporary
}
// IdemixCRISignerOpts contains the options to generate an Idemix CRI.
// The CRI is supposed to be generated by the Issuing authority and
// can be verified publicly by using the revocation public key.
type IdemixCRISignerOpts struct {
Epoch int
RevocationAlgorithm RevocationAlgorithm
UnrevokedHandles [][]byte
// H is the hash function to be used
H crypto.Hash
}
func (o *IdemixCRISignerOpts) HashFunc() crypto.Hash {
return o.H
}