Skip to content

hide organization #4

Description

@adecaro

Currently, an idemix signature leaks the organisation the credential's owner belongs to.
In many situations this is not desirable.

The MSP code to validate an Idemix Identity should be able to validate Idemix identity with hidden organizations.
In more details, the function verfiyProof (

func (id *Idemixidentity) verifyProof() error {
) should be changed to the following:

func (id *Idemixidentity) verifyProof() error {
	if id.OU == nil {
		// Verify signature with hidden organization
		valid, err := id.msp.csp.Verify(
			id.msp.ipk,
			id.associationProof,
			nil,
			&bccsp.IdemixSignerOpts{
				RevocationPublicKey: id.msp.revocationPK,
				Attributes: []bccsp.IdemixAttribute{
					{Type: bccsp.IdemixHiddenAttribute},
					{Type: bccsp.IdemixIntAttribute, Value: getIdemixRoleFromMSPRole(id.Role)},
					{Type: bccsp.IdemixHiddenAttribute},
					{Type: bccsp.IdemixHiddenAttribute},
				},
				RhIndex:  rhIndex,
				EidIndex: eidIndex,
				Epoch:    id.msp.epoch,
			},
		)
		if err == nil && !valid {
			panic("unexpected condition, an error should be returned for an invalid signature")
		}
	}

	// Verify signature with organization
	valid, err := id.msp.csp.Verify(
		id.msp.ipk,
		id.associationProof,
		nil,
		&bccsp.IdemixSignerOpts{
			RevocationPublicKey: id.msp.revocationPK,
			Attributes: []bccsp.IdemixAttribute{
				{Type: bccsp.IdemixBytesAttribute, Value: []byte(id.OU.OrganizationalUnitIdentifier)},
				{Type: bccsp.IdemixIntAttribute, Value: getIdemixRoleFromMSPRole(id.Role)},
				{Type: bccsp.IdemixHiddenAttribute},
				{Type: bccsp.IdemixHiddenAttribute},
			},
			RhIndex:  rhIndex,
			EidIndex: eidIndex,
			Epoch:    id.msp.epoch,
		},
	)
	if err == nil && !valid {
		panic("unexpected condition, an error should be returned for an invalid signature")
	}

	return err
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions