[FAB-9244] 6. Revendored idemix package

Revocation authority function is being added to the idemix library. The changes are in change set 21161. To make progress on Fabric CA side, I cherry picked the change set and updated vendored code in Fabric CA project. This change set contains vendored package idemix changes and CA changes to incorporate API changes to idemix.NewCredRequest Change-Id: I8a8b360b2d1ffd2e11da0bcc303263b66d886e07 Signed-off-by: Anil Ambati <aambati@us.ibm.com>
hyperledger · May 17, 2018 · 6a41a5a · 6a41a5a
1 parent c44f5e1
commit 6a41a5a
Show file tree

Hide file tree

Showing 12 changed files with 706 additions and 110 deletions.
diff --git a/lib/client.go b/lib/client.go
@@ -340,7 +340,7 @@ func (c *Client) handleIdemixEnroll(req *api.EnrollmentRequest) (*EnrollmentResp
 		return nil, errors.WithMessage(err, fmt.Sprintf("Failed to decode issuer public key that was returned by CA %s", req.CAName))
 	}
 	// Create credential request
-	credReq, sk, rand, err := c.newIdemixCredentialRequest(nonce, ipkBytes)
+	credReq, sk, err := c.newIdemixCredentialRequest(nonce, ipkBytes)
 	if err != nil {
 		return nil, errors.WithMessage(err, "Failed to create an Idemix credential request")
 	}
@@ -367,7 +367,7 @@ func (c *Client) handleIdemixEnroll(req *api.EnrollmentRequest) (*EnrollmentResp
 		return nil, err
 	}
 	log.Infof("Successfully received Idemix credential from CA %s", req.CAName)
-	return c.newIdemixEnrollmentResponse(identity, &result, sk, rand, req.Name)
+	return c.newIdemixEnrollmentResponse(identity, &result, sk, req.Name)
 }
 
 // addAuthHeaderForIdemixEnroll adds authenticate header to the specified HTTP request
@@ -430,30 +430,18 @@ func (c *Client) newEnrollmentResponse(result *common.EnrollmentResponseNet, id
 
 // newIdemixEnrollmentResponse creates a client idemix enrollment response from a network response
 func (c *Client) newIdemixEnrollmentResponse(identity *Identity, result *common.IdemixEnrollmentResponseNet,
-	sk, rand *fp256bn.BIG, id string) (*EnrollmentResponse, error) {
+	sk *fp256bn.BIG, id string) (*EnrollmentResponse, error) {
 	log.Debugf("newIdemixEnrollmentResponse %s", id)
 	credBytes, err := util.B64Decode(result.Credential)
 	if err != nil {
 		return nil, errors.WithMessage(err, "Invalid response format from server")
 	}
 
-	icred := &idemix.Credential{}
-	err = proto.Unmarshal(credBytes, icred)
-	if err != nil {
-		return nil, errors.WithMessage(err, "Failed to unmarshal Idemix credential bytes")
-	}
-
-	icred.Complete(rand)
-	ccredBytes, err := proto.Marshal(icred)
-	if err != nil {
-		return nil, errors.WithMessage(err, "Failed to marshal completed Idemix credential")
-	}
-
 	// Create SignerConfig object with credential bytes from the response
 	// and secret key
 	isAdmin, _ := strconv.ParseBool(result.Attrs["Role"])
 	signerConfig := &idemixcred.SignerConfig{
-		Cred:    ccredBytes,
+		Cred:    credBytes,
 		Sk:      idemix.BigToBytes(sk),
 		IsAdmin: isAdmin,
 		OrganizationalUnitIdentifier: result.Attrs["OU"],
@@ -512,19 +500,18 @@ func (c *Client) newCertificateRequest(req *api.CSRInfo) *csr.CertificateRequest
 
 // newIdemixCredentialRequest returns CredentialRequest object, a secret key, and a random number used in
 // the creation of credential request.
-func (c *Client) newIdemixCredentialRequest(nonce *fp256bn.BIG, ipkBytes []byte) (*idemix.CredRequest, *fp256bn.BIG, *fp256bn.BIG, error) {
+func (c *Client) newIdemixCredentialRequest(nonce *fp256bn.BIG, ipkBytes []byte) (*idemix.CredRequest, *fp256bn.BIG, error) {
 	rng, err := idemix.GetRand()
 	if err != nil {
-		return nil, nil, nil, err
+		return nil, nil, err
 	}
 	sk := idemix.RandModOrder(rng)
-	randCred := idemix.RandModOrder(rng)
 
 	issuerPubKey, err := c.getIssuerPubKey(ipkBytes)
 	if err != nil {
-		return nil, nil, nil, err
+		return nil, nil, err
 	}
-	return idemix.NewCredRequest(sk, randCred, nonce, issuerPubKey, rng), sk, randCred, nil
+	return idemix.NewCredRequest(sk, nonce, issuerPubKey, rng), sk, nil
 }
 
 func (c *Client) getIssuerPubKey(ipkBytes []byte) (*idemix.IssuerPublicKey, error) {

diff --git a/lib/server/idemix/enroll_test.go b/lib/server/idemix/enroll_test.go
@@ -159,7 +159,7 @@ func TestHandleIdemixEnrollForCredentialError(t *testing.T) {
 	handler := EnrollRequestHandler{Ctx: ctx, IdmxLib: idemixlib, Issuer: issuer}
 	nonce := handler.GenerateNonce()
 
-	credReq, _, _, err := newIdemixCredentialRequest(t, nonce)
+	credReq, _, err := newIdemixCredentialRequest(t, nonce)
 	if err != nil {
 		t.Fatalf("Failed to create credential request: %s", err.Error())
 	}
@@ -224,7 +224,7 @@ func TestHandleIdemixEnrollCheckNonceError(t *testing.T) {
 	caller := new(mocks.User)
 	caller.On("Name").Return("foo")
 
-	credReq, _, _, err := newIdemixCredentialRequest(t, nonce)
+	credReq, _, err := newIdemixCredentialRequest(t, nonce)
 	if err != nil {
 		t.Fatalf("Failed to create test credential request")
 	}
@@ -283,7 +283,7 @@ func TestHandleIdemixEnrollNewCredError(t *testing.T) {
 	caller.On("GetAttribute", "isAdmin").Return(&api.Attribute{Name: "isAdmin", Value: "true"}, nil)
 	caller.On("LoginComplete").Return(nil)
 
-	credReq, _, _, err := newIdemixCredentialRequest(t, nonce)
+	credReq, _, err := newIdemixCredentialRequest(t, nonce)
 	if err != nil {
 		t.Fatalf("Failed to create test credential request")
 	}
@@ -347,7 +347,7 @@ func TestHandleIdemixEnrollInsertCredError(t *testing.T) {
 	caller.On("GetAttribute", "isAdmin").Return(&api.Attribute{Name: "isAdmin", Value: "true"}, nil)
 	caller.On("LoginComplete").Return(nil)
 
-	credReq, _, _, err := newIdemixCredentialRequest(t, nonce)
+	credReq, _, err := newIdemixCredentialRequest(t, nonce)
 	if err != nil {
 		t.Fatalf("Failed to create test credential request")
 	}
@@ -425,7 +425,7 @@ func TestHandleIdemixEnrollForCredentialSuccess(t *testing.T) {
 	caller.On("GetAttribute", "isAdmin").Return(&api.Attribute{Name: "isAdmin", Value: "true"}, nil)
 	caller.On("LoginComplete").Return(nil)
 
-	credReq, _, _, err := newIdemixCredentialRequest(t, nonce)
+	credReq, _, err := newIdemixCredentialRequest(t, nonce)
 	if err != nil {
 		t.Fatalf("Failed to create test credential request")
 	}
@@ -503,7 +503,7 @@ func getReadBodyFunc(t *testing.T, credReq *idemix.CredRequest) func(body interf
 	}
 }
 
-func newIdemixCredentialRequest(t *testing.T, nonce *amcl.BIG) (*idemix.CredRequest, *amcl.BIG, *amcl.BIG, error) {
+func newIdemixCredentialRequest(t *testing.T, nonce *amcl.BIG) (*idemix.CredRequest, *amcl.BIG, error) {
 	idmxlib := new(mocks.Lib)
 	issuerCred := NewIssuerCredential(testPublicKeyFile, testSecretKeyFile, idmxlib)
 	err := issuerCred.Load()
@@ -516,9 +516,8 @@ func newIdemixCredentialRequest(t *testing.T, nonce *amcl.BIG) (*idemix.CredRequ
 	}
 	rng, err := idemix.GetRand()
 	if err != nil {
-		return nil, nil, nil, err
+		return nil, nil, err
 	}
 	sk := idemix.RandModOrder(rng)
-	randCred := idemix.RandModOrder(rng)
-	return idemix.NewCredRequest(sk, randCred, nonce, ik.IPk, rng), sk, randCred, nil
+	return idemix.NewCredRequest(sk, nonce, ik.IPk, rng), sk, nil
 }
diff --git a/vendor/github.com/hyperledger/fabric/idemix/credential.go b/vendor/github.com/hyperledger/fabric/idemix/credential.go
diff --git a/vendor/github.com/hyperledger/fabric/idemix/credrequest.go b/vendor/github.com/hyperledger/fabric/idemix/credrequest.go