From fccbfe3ddc411138ea6071578c265657d1f4be1c Mon Sep 17 00:00:00 2001 From: Angelo De Caro Date: Wed, 8 Jul 2026 07:39:43 +0200 Subject: [PATCH 1/3] mathlib update golangci-lint Signed-off-by: Angelo De Caro --- .github/workflows/go.yml | 8 +- .gitignore | 2 + Makefile | 18 + bbs/bbs12381g2pub.go | 5 +- bbs/bbs_test.go | 10 +- bbs/benchmark_test.go | 45 +- bbs/fr.go | 5 +- bbs/keys.go | 8 +- bbs/keys_test.go | 12 +- bbs/proof_of_knowledge.go | 4 +- bbs/signature.go | 1 + bbs/signature_proof.go | 12 +- bbs/utils.go | 8 +- bccsp/aries_test.go | 20 +- bccsp/bccsp.go | 582 +++++++++--------- bccsp/bccsp_test.go | 2 +- bccsp/handlers/cred.go | 13 +- bccsp/handlers/issuer.go | 15 +- bccsp/handlers/nym.go | 13 +- bccsp/handlers/nymsigner.go | 9 +- bccsp/handlers/revocation.go | 24 +- bccsp/handlers/revocation_test.go | 6 +- bccsp/handlers/signer.go | 1 + bccsp/handlers/user.go | 6 +- bccsp/impl.go | 59 +- bccsp/keystore/kvs/filebased.go | 2 +- bccsp/keystore/kvsbased.go | 4 +- bccsp/keystore/kvsbased_test.go | 28 +- bccsp/legacy_test.go | 23 +- bccsp/perf_test.go | 62 +- bccsp/schemes/aries/benchmark_test.go | 34 +- bccsp/schemes/aries/blind_sign.go | 5 +- bccsp/schemes/aries/blind_sign_test.go | 18 +- bccsp/schemes/aries/cred.pb.go | 5 +- bccsp/schemes/aries/credrequest_test.go | 10 +- bccsp/schemes/aries/error_paths_test.go | 82 +-- bccsp/schemes/aries/issuer_test.go | 4 +- bccsp/schemes/aries/nymsigner_test.go | 12 +- bccsp/schemes/aries/revocation.go | 15 +- bccsp/schemes/aries/revocation_test.go | 9 +- bccsp/schemes/aries/signer.go | 111 ++-- bccsp/schemes/aries/signer_test.go | 322 +++++----- bccsp/schemes/aries/smartcard.go | 6 +- bccsp/schemes/aries/smartcard_test.go | 119 ++-- bccsp/schemes/aries/user_test.go | 10 +- bccsp/schemes/aries/util.go | 2 +- bccsp/schemes/dlog/bridge/bridge_test.go | 18 +- bccsp/schemes/dlog/bridge/credential.go | 5 +- bccsp/schemes/dlog/bridge/issuer.go | 13 +- bccsp/schemes/dlog/bridge/rand.go | 1 + bccsp/schemes/dlog/bridge/signaturescheme.go | 16 +- bccsp/schemes/dlog/crypto/credential.go | 13 +- bccsp/schemes/dlog/crypto/credrequest.go | 6 +- bccsp/schemes/dlog/crypto/idemix.pb.go | 7 +- bccsp/schemes/dlog/crypto/idemix_test.go | 180 +++--- bccsp/schemes/dlog/crypto/issuerkey.go | 18 +- .../dlog/crypto/nonrevocation-prover.go | 1 + bccsp/schemes/dlog/crypto/nymeid.go | 6 +- bccsp/schemes/dlog/crypto/nymrh.go | 6 +- bccsp/schemes/dlog/crypto/nymsignature.go | 6 +- .../dlog/crypto/revocation_authority.go | 17 +- bccsp/schemes/dlog/crypto/signature.go | 85 +-- .../dlog/crypto/translator/amcl/amcl.pb.go | 5 +- .../dlog/crypto/translator/amcl/fp256bn.go | 28 +- .../crypto/translator/amcl/fp256bn_test.go | 33 +- .../dlog/crypto/translator/amcl/gurvy.go | 5 +- .../dlog/crypto/translator/amcl/gurvy_test.go | 13 +- bccsp/schemes/dlog/crypto/util.go | 3 + bccsp/schemes/weak-bb/weak-bb.go | 9 +- bccsp/smartcard_test.go | 79 +-- go.mod | 3 +- go.sum | 21 +- msp/audit_aries_test.go | 29 +- msp/audit_legacy_test.go | 29 +- msp/config/identities.pb.go | 5 +- msp/config/msp_config.pb.go | 5 +- msp/idemixmsp.go | 57 +- msp/idemixmsp_aries_test.go | 7 +- msp/idemixmsp_test.go | 10 +- msp/roles.go | 1 + tools/idemixgen/idemixca/idemixca.go | 13 +- tools/idemixgen/idemixca/idemixca_test.go | 22 +- tools/idemixgen/idemixca/iedmixca_aries.go | 11 +- tools/idemixgen/main.go | 16 +- 84 files changed, 1325 insertions(+), 1248 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 8486d0b2..d40376cc 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -22,9 +22,15 @@ jobs: with: go-version-file: "go.mod" + - name: Set up tools + run: make install-linter-tool + - name: Checks run: make checks + - name: Run linter + run: make lint + - name: Legacy guard run: | # Fail if new files import dlog or weak-bb outside known locations. @@ -59,7 +65,7 @@ jobs: bin/ - name: Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v2 if: startsWith(github.ref, 'refs/tags/') with: files: | diff --git a/.gitignore b/.gitignore index ba077a40..7af5cfcd 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ bin +/.bob/ +/.idea/ \ No newline at end of file diff --git a/Makefile b/Makefile index b233e9fd..44d8d923 100644 --- a/Makefile +++ b/Makefile @@ -48,3 +48,21 @@ fmt: ## Run gofmt on the entire project # tidy up go modules tidy: @go mod tidy + +.PHONY: lint +# run various linters +lint: + @echo "Running Go Linters..." + golangci-lint run --color=always --timeout=4m + +.PHONY: lint-auto-fix +# run linters with auto-fix +lint-auto-fix: + @echo "Running Go Linters with auto-fix..." + golangci-lint run --color=always --timeout=4m --fix + +.PHONY: install-linter-tool +# install golangci-lint +install-linter-tool: + @echo "Installing golangci Linter" + @curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b $(HOME)/go/bin v2.12.2 diff --git a/bbs/bbs12381g2pub.go b/bbs/bbs12381g2pub.go index ae2299ea..e5da9484 100644 --- a/bbs/bbs12381g2pub.go +++ b/bbs/bbs12381g2pub.go @@ -110,7 +110,6 @@ func (bbs *BBSG2Pub) Sign(messages [][]byte, privKeyBytes []byte) ([]byte, error // VerifyProof verifies BBS+ signature proof for one ore more revealed messages. func (bbs *BBSG2Pub) VerifyProof(messagesBytes [][]byte, proof, nonce, pubKeyBytes []byte) error { - messages := MessagesToFr(messagesBytes, bbs.curve) return bbs.VerifyProofFr(messages, proof, nonce, pubKeyBytes) @@ -140,7 +139,7 @@ func (bbs *BBSG2Pub) VerifyProofFr(messages []*SignatureMessage, proof, nonce, p } if len(payload.Revealed) > len(messages) { - return fmt.Errorf("payload revealed bigger from messages") + return errors.New("payload revealed bigger from messages") } revealedMessages := make(map[int]*SignatureMessage) @@ -160,7 +159,6 @@ func (bbs *BBSG2Pub) VerifyProofFr(messages []*SignatureMessage, proof, nonce, p // DeriveProof derives a proof of BBS+ signature with some messages disclosed. func (bbs *BBSG2Pub) DeriveProof(messages [][]byte, sigBytes, nonce, pubKeyBytes []byte, revealedIndexes []int) ([]byte, error) { - return bbs.DeriveProofZr(MessagesToFr(messages, bbs.curve), sigBytes, nonce, pubKeyBytes, revealedIndexes) } @@ -168,7 +166,6 @@ func (bbs *BBSG2Pub) DeriveProof(messages [][]byte, sigBytes, nonce, pubKeyBytes // The messages are supplied as scalars and not bytes. func (bbs *BBSG2Pub) DeriveProofZr(messagesFr []*SignatureMessage, sigBytes, nonce, pubKeyBytes []byte, revealedIndexes []int) ([]byte, error) { - if len(revealedIndexes) == 0 { return nil, errors.New("no message to reveal") } diff --git a/bbs/bbs_test.go b/bbs/bbs_test.go index 7757cb01..47cdbea9 100644 --- a/bbs/bbs_test.go +++ b/bbs/bbs_test.go @@ -9,7 +9,6 @@ package bbs_test import ( "crypto/rand" "encoding/base64" - "fmt" "testing" "github.com/IBM/idemix/bbs" @@ -78,7 +77,7 @@ func TestBlsG2Pub_Verify(t *testing.T) { func TestBBSG2Pub_SignWithKeyPair(t *testing.T) { for i, c := range ml.Curves { - t.Run(fmt.Sprintf("with curve %s", ml.CurveIDToString(ml.CurveID(i))), func(t *testing.T) { + t.Run("with curve "+ml.CurveIDToString(ml.CurveID(i)), func(t *testing.T) { pubKey, privKey, err := generateKeyPairRandom(c) require.NoError(t, err) @@ -101,7 +100,7 @@ func TestBBSG2Pub_SignWithKeyPair(t *testing.T) { func TestBBSG2Pub_Sign(t *testing.T) { for i, curve := range ml.Curves { - t.Run(fmt.Sprintf("with curve %s", ml.CurveIDToString(ml.CurveID(i))), func(t *testing.T) { + t.Run("with curve "+ml.CurveIDToString(ml.CurveID(i)), func(t *testing.T) { pubKey, privKey, err := generateKeyPairRandom(curve) require.NoError(t, err) @@ -231,7 +230,7 @@ func TestBBSG2Pub_VerifyProof_SeveralDisclosedMessages(t *testing.T) { func TestBBSG2Pub_DeriveProof(t *testing.T) { for i, curve := range ml.Curves { - t.Run(fmt.Sprintf("with curve %s", ml.CurveIDToString(ml.CurveID(i))), func(t *testing.T) { + t.Run("with curve "+ml.CurveIDToString(ml.CurveID(i)), func(t *testing.T) { pubKey, privKey, err := generateKeyPairRandom(curve) require.NoError(t, err) @@ -288,8 +287,7 @@ func TestBBSG2Pub_DeriveProof(t *testing.T) { // signer doesn't check the well-formedness of the term received from the requester func TestBlindSign(t *testing.T) { for i, curve := range ml.Curves { - t.Run(fmt.Sprintf("with curve %s", ml.CurveIDToString(ml.CurveID(i))), func(t *testing.T) { - + t.Run("with curve "+ml.CurveIDToString(ml.CurveID(i)), func(t *testing.T) { pubKey, privKey, err := generateKeyPairRandom(curve) require.NoError(t, err) diff --git a/bbs/benchmark_test.go b/bbs/benchmark_test.go index c19d5a9e..1571135e 100644 --- a/bbs/benchmark_test.go +++ b/bbs/benchmark_test.go @@ -27,6 +27,7 @@ func benchMessages(n int) [][]byte { for i := range msgs { msgs[i] = fmt.Appendf(nil, "bench-message-%d", i) } + return msgs } @@ -41,6 +42,7 @@ func benchKeyPair() (*bbs.PublicKey, *bbs.PrivateKey) { if err != nil { panic(err) } + return pub, priv } @@ -54,6 +56,7 @@ func benchRevealedIndexes(msgCount int) []int { for i := 0; i < msgCount; i += 2 { idxs = append(idxs, i) } + return idxs } @@ -76,7 +79,7 @@ func BenchmarkSign(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := scheme.Sign(msgs, privKeyBytes) if err != nil { b.Fatal(err) @@ -103,7 +106,7 @@ func BenchmarkVerify(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { err := scheme.Verify(msgs, sigBytes, pubKeyBytes) if err != nil { b.Fatal(err) @@ -132,7 +135,7 @@ func BenchmarkDeriveProof(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := scheme.DeriveProof(msgs, sigBytes, nonce, pubKeyBytes, revealed) if err != nil { b.Fatal(err) @@ -188,7 +191,7 @@ func BenchmarkVerifyProof(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for i := range b.N { err := scheme.VerifyProof(revealedMsgs, proofPool[i%proofPoolSize], nonce, pubKeyBytes) if err != nil { b.Fatalf("failed at i=%d: %v", i, err) @@ -208,7 +211,7 @@ func BenchmarkSignWithKey(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := scheme.SignWithKey(msgs, priv) if err != nil { b.Fatal(err) @@ -229,7 +232,7 @@ func BenchmarkToPublicKeyWithGenerators(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := pub.ToPublicKeyWithGenerators(n) if err != nil { b.Fatal(err) @@ -257,7 +260,7 @@ func BenchmarkComputeB(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _ = bbs.ComputeB(s, messagesFr, pubKeyWithGens, benchCurve) } }) @@ -271,7 +274,7 @@ func BenchmarkFrFromOKM(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _ = bbs.FrFromOKM(msg, benchCurve) } } @@ -284,7 +287,7 @@ func BenchmarkMessagesToFr(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _ = bbs.MessagesToFr(msgs, benchCurve) } }) @@ -310,7 +313,7 @@ func BenchmarkNewCommitmentBuilder(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { cb := bbs.NewCommitmentBuilder(n) for j := range n { cb.Add(pubKeyWithGens.H[j], scalars[j]) @@ -337,7 +340,7 @@ func BenchmarkParseSignature(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := lib.ParseSignature(sigBytes) if err != nil { b.Fatal(err) @@ -363,7 +366,7 @@ func BenchmarkSignatureToBytes(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := sig.ToBytes() if err != nil { b.Fatal(err) @@ -383,7 +386,7 @@ func BenchmarkGenerateKeyPair(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, _, err := lib.GenerateKeyPair(sha256.New, seed) if err != nil { b.Fatal(err) @@ -397,7 +400,7 @@ func BenchmarkPublicKeyMarshal(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := pub.Marshal() if err != nil { b.Fatal(err) @@ -413,7 +416,7 @@ func BenchmarkUnmarshalPublicKey(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := lib.UnmarshalPublicKey(pubKeyBytes) if err != nil { b.Fatal(err) @@ -452,7 +455,7 @@ func BenchmarkParseSignatureProof(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := lib.ParseSignatureProof(sigProofBytes) if err != nil { b.Fatal(err) @@ -471,7 +474,7 @@ func BenchmarkPairing(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { gt := benchCurve.Pairing(q, p) _ = benchCurve.FExp(gt) } @@ -489,7 +492,7 @@ func BenchmarkPairing2(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { gt := benchCurve.Pairing2(q1, p1, q2, p2) _ = benchCurve.FExp(gt) } @@ -505,7 +508,7 @@ func BenchmarkG1ScalarMul(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _ = p.Mul(s) } } @@ -517,7 +520,7 @@ func BenchmarkG1Add(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { r := p.Copy() r.Add(q) } @@ -530,7 +533,7 @@ func BenchmarkHashToG1(b *testing.B) { b.ReportAllocs() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { dst := []byte("BLS12381G1_XMD:BLAKE2B_SSWU_RO_BBS+_SIGNATURES:1_0_0") _ = benchCurve.HashToG1WithDomain(data, dst) } diff --git a/bbs/fr.go b/bbs/fr.go index 88cb5202..1fa10a83 100644 --- a/bbs/fr.go +++ b/bbs/fr.go @@ -18,7 +18,7 @@ func (b *BBSLib) parseFr(data []byte) *ml.Zr { } var ( - // nolint:gochecknoglobals + //nolint:gochecknoglobals f2192Bytes = []byte{ 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @@ -34,6 +34,7 @@ func f2192(curve *ml.Curve) *ml.Zr { } val := curve.NewZrFromBytes(f2192Bytes) f2192Cache[curve] = val + return val } @@ -44,7 +45,7 @@ func FrFromOKM(message []byte, curve *ml.Curve) *ml.Zr { ) // We pass a null key so error is impossible here. - h, _ := blake2b.New384(nil) //nolint:errcheck + h, _ := blake2b.New384(nil) // blake2b.digest() does not return an error. _, _ = h.Write(message) diff --git a/bbs/keys.go b/bbs/keys.go index 3de4e836..8d3495c2 100644 --- a/bbs/keys.go +++ b/bbs/keys.go @@ -19,10 +19,10 @@ import ( ) var ( - // nolint:gochecknoglobals + //nolint:gochecknoglobals seedSize = frCompressedSize - // nolint:gochecknoglobals + //nolint:gochecknoglobals generateKeySalt = "BBS-SIG-KEYGEN-SALT-" ) @@ -119,6 +119,9 @@ func calcData(key *PublicKey, messagesCount int) []byte { data = append(data, 0, 0, 0, 0, 0, 0) + if messagesCount < 0 || messagesCount > 0xFFFFFFFF { + panic("messagesCount out of range for uint32") + } mcBytes := uint32ToBytes(uint32(messagesCount)) data = append(data, mcBytes...) @@ -149,6 +152,7 @@ func (b *BBSLib) UnmarshalPrivateKey(privKeyBytes []byte) (*PrivateKey, error) { // Marshal marshals PrivateKey. func (k *PrivateKey) Marshal() ([]byte, error) { bytes := k.FR.Bytes() + return bytes, nil } diff --git a/bbs/keys_test.go b/bbs/keys_test.go index 27cd1297..ded73dd0 100644 --- a/bbs/keys_test.go +++ b/bbs/keys_test.go @@ -9,7 +9,6 @@ package bbs_test import ( "crypto/rand" "crypto/sha256" - "fmt" "math/big" "testing" @@ -24,7 +23,7 @@ func TestGenerateKeyPair(t *testing.T) { seed := make([]byte, 32) for i, curve := range ml.Curves { - t.Run(fmt.Sprintf("with curve %s", ml.CurveIDToString(ml.CurveID(i))), func(t *testing.T) { + t.Run("with curve "+ml.CurveIDToString(ml.CurveID(i)), func(t *testing.T) { bl := bbs.NewBBSLib(curve) pubKey, privKey, err := bl.GenerateKeyPair(h, seed) require.NoError(t, err) @@ -49,8 +48,7 @@ func TestGenerateKeyPair(t *testing.T) { func TestPrivateKey_Marshal(t *testing.T) { for i, curve := range ml.Curves { - t.Run(fmt.Sprintf("with curve %s", ml.CurveIDToString(ml.CurveID(i))), func(t *testing.T) { - + t.Run("with curve "+ml.CurveIDToString(ml.CurveID(i)), func(t *testing.T) { _, privKey, err := generateKeyPairRandom(curve) require.NoError(t, err) @@ -69,8 +67,7 @@ func TestPrivateKey_Marshal(t *testing.T) { func TestPrivateKey_PublicKey(t *testing.T) { for i, curve := range ml.Curves { - t.Run(fmt.Sprintf("with curve %s", ml.CurveIDToString(ml.CurveID(i))), func(t *testing.T) { - + t.Run("with curve "+ml.CurveIDToString(ml.CurveID(i)), func(t *testing.T) { pubKey, privKey, err := generateKeyPairRandom(curve) require.NoError(t, err) @@ -81,7 +78,7 @@ func TestPrivateKey_PublicKey(t *testing.T) { func TestPublicKey_Marshal(t *testing.T) { for i, curve := range ml.Curves { - t.Run(fmt.Sprintf("with curve %s", ml.CurveIDToString(ml.CurveID(i))), func(t *testing.T) { + t.Run("with curve "+ml.CurveIDToString(ml.CurveID(i)), func(t *testing.T) { pubKey, _, err := generateKeyPairRandom(curve) require.NoError(t, err) @@ -137,6 +134,7 @@ func decodeBase58(src string) []byte { for i, candidate := range alphabet { if candidate == r { index = int64(i) + break } } diff --git a/bbs/proof_of_knowledge.go b/bbs/proof_of_knowledge.go index 4636db93..71461fd9 100644 --- a/bbs/proof_of_knowledge.go +++ b/bbs/proof_of_knowledge.go @@ -32,7 +32,6 @@ type PoKOfSignature struct { // NewPoKOfSignature creates a new PoKOfSignature. func (bl *BBSLib) NewPoKOfSignature(signature *Signature, messages []*SignatureMessage, revealedIndexes []int, pubKey *PublicKeyWithGenerators) (*PoKOfSignature, error) { - p := &PoKOfSignatureProvider{ VC2SignatureProvider: &defaultVC2SignatureProvider{ bl: bl, @@ -67,7 +66,6 @@ func (p *PoKOfSignatureProvider) PoKOfSignature(signature *Signature, messages [ func (p *PoKOfSignatureProvider) PoKOfSignatureB(signature *Signature, messages []*SignatureMessage, revealedIndexes []int, pubKey *PublicKeyWithGenerators, b *ml.G1) (*PoKOfSignature, error) { - if p.VerifySig { err := signature.VerifyWithB(messages, pubKey, b) if err != nil { @@ -112,7 +110,7 @@ func (p *PoKOfSignatureProvider) PoKOfSignatureB(signature *Signature, messages revealedMessages[messages[ind].Idx] = messages[ind] } - pokVC2, secrets2 := p.VC2SignatureProvider.New(d, r3, pubKey, sPrime, messages, revealedMessages) + pokVC2, secrets2 := p.New(d, r3, pubKey, sPrime, messages, revealedMessages) return &PoKOfSignature{ aPrime: aPrime, diff --git a/bbs/signature.go b/bbs/signature.go index ff3fd666..b664117e 100644 --- a/bbs/signature.go +++ b/bbs/signature.go @@ -57,6 +57,7 @@ func (s *Signature) ToBytes() ([]byte, error) { // Verify is used for signature verification. func (s *Signature) Verify(messages []*SignatureMessage, pubKey *PublicKeyWithGenerators) error { p2 := ComputeB(s.S, messages, pubKey, s.curve) + return s.VerifyWithB(messages, pubKey, p2) } diff --git a/bbs/signature_proof.go b/bbs/signature_proof.go index 5eefb8f2..637db141 100644 --- a/bbs/signature_proof.go +++ b/bbs/signature_proof.go @@ -125,7 +125,7 @@ func (v *defaultVC2ProofVerifier) Verify(challenge *ml.Zr, pubKey *PublicKeyWith pr := v.curve.GenG1.Copy() pr.Sub(v.curve.GenG1) - for i := 0; i < len(basesDisclosed); i++ { + for i := range basesDisclosed { b := basesDisclosed[i] s := exponents[i] @@ -153,7 +153,10 @@ func (sp *PoKOfSignatureProof) ToBytes() []byte { proof1Bytes := sp.proofVC1.ToBytes() lenBytes := make([]byte, 4) - binary.BigEndian.PutUint32(lenBytes, uint32(len(proof1Bytes))) + if len(proof1Bytes) > 0xFFFFFFFF { + panic("proof1Bytes length out of range for uint32") + } + binary.BigEndian.PutUint32(lenBytes, uint32(len(proof1Bytes))) // #nosec G115 -- length is validated above bytes = append(bytes, lenBytes...) bytes = append(bytes, proof1Bytes...) @@ -209,7 +212,10 @@ func (pg1 *ProofG1) ToBytes() []byte { bytes = append(bytes, commitmentBytes...) lenBytes := make([]byte, 4) - binary.BigEndian.PutUint32(lenBytes, uint32(len(pg1.Responses))) + if len(pg1.Responses) > 0xFFFFFFFF { + panic("pg1.Responses length out of range for uint32") + } + binary.BigEndian.PutUint32(lenBytes, uint32(len(pg1.Responses))) // #nosec G115 -- length is validated above bytes = append(bytes, lenBytes...) for i := range pg1.Responses { diff --git a/bbs/utils.go b/bbs/utils.go index 353aed68..1eb395f0 100644 --- a/bbs/utils.go +++ b/bbs/utils.go @@ -9,6 +9,7 @@ package bbs import ( "encoding/binary" "errors" + "fmt" ) func uint32ToBytes(value uint32) []byte { @@ -56,7 +57,7 @@ type pokPayload struct { Revealed []int } -// nolint:gomnd +//nolint:gomnd func ParsePoKPayload(bytes []byte) (*pokPayload, error) { if len(bytes) < 2 { return nil, errors.New("invalid size of PoK payload") @@ -80,10 +81,13 @@ func ParsePoKPayload(bytes []byte) (*pokPayload, error) { }, nil } -// nolint:gomnd +//nolint:gomnd func (p *pokPayload) ToBytes() ([]byte, error) { bytes := make([]byte, p.LenInBytes()) + if p.MessagesCount < 0 || p.MessagesCount > 0xFFFF { + return nil, fmt.Errorf("MessagesCount out of range for uint16: %d", p.MessagesCount) + } binary.BigEndian.PutUint16(bytes, uint16(p.MessagesCount)) bitvector := bytes[2:] diff --git a/bccsp/aries_test.go b/bccsp/aries_test.go index 1c0f411a..41ac4a9e 100644 --- a/bccsp/aries_test.go +++ b/bccsp/aries_test.go @@ -99,7 +99,7 @@ func testAriesWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(os.WriteFile(path.Join(rootDir, "nymkey.sk"), raw, 0666)).NotTo(HaveOccurred()) raw, err = NymPublicKey.Bytes() - Expect(len(raw)).To(Equal(2 * curve.CoordByteSize)) + Expect(raw).To(HaveLen(2 * curve.CoordByteSize)) Expect(err).NotTo(HaveOccurred()) Expect(os.WriteFile(path.Join(rootDir, "nymkey.pk"), raw, 0666)).NotTo(HaveOccurred()) @@ -181,13 +181,12 @@ func testAriesWithCurve(id math.CurveID, translator idemix1.Translator) { SKIndex: 0, Temporary: true, } - }) It("returns the bases correctly", func() { _, err = CSP.KeyImport(ikb, keyImportOpts) Expect(err).NotTo(HaveOccurred()) - Expect(len(keyImportOpts.CommitmentBases)).To(Equal(3)) + Expect(keyImportOpts.CommitmentBases).To(HaveLen(3)) }) It("fails if two attributes have the same index", func() { @@ -512,7 +511,6 @@ func testAriesWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err.Error()).To(ContainSubstring("no EidNym provided but ExpectEidNym required")) Expect(valid).To(BeFalse()) }) - }) Describe("producing an idemix signature with an eid nym", func() { @@ -677,7 +675,7 @@ func testAriesWithCurve(id math.CurveID, translator idemix1.Translator) { }, }, ) - Expect(err).NotTo(BeNil()) + Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("signature invalid: nym eid validation failed, signature nym eid does not match metadata")) Expect(valid).To(BeFalse()) }) @@ -705,7 +703,7 @@ func testAriesWithCurve(id math.CurveID, translator idemix1.Translator) { }, }, ) - Expect(err).NotTo(BeNil()) + Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("signature invalid: nym eid validation failed, failed to unmarshal meta nym eid")) Expect(valid).To(BeFalse()) }) @@ -947,7 +945,6 @@ func testAriesWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(valid).To(BeTrue()) }) - }) Describe("producing an idemix signature with an eid nym and rh nym", func() { @@ -1507,7 +1504,6 @@ func testAriesWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(valid).To(BeTrue()) }) - }) Describe("producing an idemix signature with disclosed attributes", func() { @@ -1566,7 +1562,6 @@ func testAriesWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(valid).To(BeTrue()) }) - }) Describe("producing an idemix nym signature", func() { @@ -1603,11 +1598,9 @@ func testAriesWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(valid).To(BeTrue()) }) - }) Describe("Idemix Bridge Load", func() { - Describe("setting up the environment with one issuer and one user", func() { var ( CSP bccsp.BCCSP @@ -1654,7 +1647,7 @@ func testAriesWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) rawNymKeyPk, err := os.ReadFile(path.Join(rootDir, "nymkey.pk")) Expect(err).NotTo(HaveOccurred()) - Expect(len(rawNymKeyPk)).To(Equal(2 * curve.CoordByteSize)) + Expect(rawNymKeyPk).To(HaveLen(2 * curve.CoordByteSize)) NymKey, err = CSP.KeyImport(append(rawNymKeySk, rawNymKeyPk...), &bccsp.IdemixNymKeyImportOpts{Temporary: true}) Expect(err).NotTo(HaveOccurred()) @@ -1812,7 +1805,6 @@ func testAriesWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(valid).To(BeTrue()) }) - }) Describe("producing an idemix signature with disclosed attributes", func() { @@ -1871,7 +1863,6 @@ func testAriesWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(valid).To(BeTrue()) }) - }) Describe("producing an idemix nym signature", func() { @@ -1908,7 +1899,6 @@ func testAriesWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(valid).To(BeTrue()) }) - }) }) }) diff --git a/bccsp/bccsp.go b/bccsp/bccsp.go index 76cc72a3..b4e2b2ee 100644 --- a/bccsp/bccsp.go +++ b/bccsp/bccsp.go @@ -37,143 +37,148 @@ func New(keyStore bccsp.KeyStore, curve *math.Curve, translator idemix.Translato } // key generators - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixIssuerKeyGenOpts](), - &handlers.IssuerKeyGen{ - Exportable: exportable, - Issuer: &bridge.Issuer{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixUserSecretKeyGenOpts](), - &handlers.UserKeyGen{ - Exportable: exportable, - User: &bridge.User{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixRevocationKeyGenOpts](), - &handlers.RevocationKeyGen{ - Exportable: exportable, - Revocation: &bridge.Revocation{ - Idemix: idmx, Translator: translator, - }, - }) - - // key derivers - base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), - &handlers.NymKeyDerivation{ - Exportable: exportable, - Translator: translator, - User: &bridge.User{ - Idemix: idmx, Translator: translator, - }, - }) - - // signers - base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), - &userSecreKeySignerMultiplexer{ - signer: &handlers.Signer{ - SignatureScheme: &bridge.SignatureScheme{ + err = errors.Join( + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixIssuerKeyGenOpts](), + &handlers.IssuerKeyGen{ + Exportable: exportable, + Issuer: &bridge.Issuer{ Idemix: idmx, Translator: translator, - }}, - nymSigner: &handlers.NymSigner{ + }, + }), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixUserSecretKeyGenOpts](), + &handlers.UserKeyGen{ + Exportable: exportable, + User: &bridge.User{ + Idemix: idmx, Translator: translator, + }, + }), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixRevocationKeyGenOpts](), + &handlers.RevocationKeyGen{ + Exportable: exportable, + Revocation: &bridge.Revocation{ + Idemix: idmx, Translator: translator, + }, + }), + + // key derivers + base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), + &handlers.NymKeyDerivation{ + Exportable: exportable, + Translator: translator, + User: &bridge.User{ + Idemix: idmx, Translator: translator, + }, + }), + + // signers + base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), + &userSecreKeySignerMultiplexer{ + signer: &handlers.Signer{ + SignatureScheme: &bridge.SignatureScheme{ + Idemix: idmx, Translator: translator, + }}, + nymSigner: &handlers.NymSigner{ + NymSignatureScheme: &bridge.NymSignatureScheme{ + Idemix: idmx, Translator: translator, + }}, + credentialRequestSigner: &handlers.CredentialRequestSigner{ + CredRequest: &bridge.CredRequest{ + Idemix: idmx, Translator: translator, + }}, + }), + base.AddWrapper(reflect.TypeOf(handlers.NewIssuerSecretKey(nil, true)), + &handlers.CredentialSigner{ + Credential: &bridge.Credential{ + Idemix: idmx, Translator: translator, + }, + }), + base.AddWrapper(reflect.TypeOf(handlers.NewRevocationSecretKey(nil, true)), + &handlers.CriSigner{ + Revocation: &bridge.Revocation{ + Idemix: idmx, Translator: translator, + }, + }), + + // verifiers + base.AddWrapper(reflect.TypeOf(handlers.NewIssuerPublicKey(nil)), + &issuerPublicKeyVerifierMultiplexer{ + verifier: &handlers.Verifier{ + SignatureScheme: &bridge.SignatureScheme{ + Idemix: idmx, Translator: translator, + }}, + credentialRequestVerifier: &handlers.CredentialRequestVerifier{ + CredRequest: &bridge.CredRequest{ + Idemix: idmx, Translator: translator, + }}, + }), + base.AddWrapper(reflect.TypeOf(handlers.NewNymPublicKey(nil, translator)), + &handlers.NymVerifier{ NymSignatureScheme: &bridge.NymSignatureScheme{ Idemix: idmx, Translator: translator, - }}, - credentialRequestSigner: &handlers.CredentialRequestSigner{ - CredRequest: &bridge.CredRequest{ + }, + }), + base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), + &handlers.CredentialVerifier{ + Credential: &bridge.Credential{ + Idemix: idmx, Translator: translator, + }, + }), + base.AddWrapper(reflect.TypeOf(handlers.NewRevocationPublicKey(nil)), + &handlers.CriVerifier{ + Revocation: &bridge.Revocation{ + Idemix: idmx, Translator: translator, + }, + }), + + // importers + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixUserSecretKeyImportOpts](), + &handlers.UserKeyImporter{ + Exportable: exportable, + User: &bridge.User{ + Idemix: idmx, Translator: translator, + }, + }), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixIssuerPublicKeyImportOpts](), + &handlers.IssuerPublicKeyImporter{ + Issuer: &bridge.Issuer{ + Idemix: idmx, Translator: translator, + }, + }), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixIssuerKeyImportOpts](), + &handlers.IssuerKeyImporter{ + Exportable: exportable, + Issuer: &bridge.Issuer{ + Idemix: idmx, Translator: translator, + }, + }), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixNymPublicKeyImportOpts](), + &handlers.NymPublicKeyImporter{ + User: &bridge.User{ Idemix: idmx, Translator: translator, - }}, - }) - base.AddWrapper(reflect.TypeOf(handlers.NewIssuerSecretKey(nil, true)), - &handlers.CredentialSigner{ - Credential: &bridge.Credential{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeOf(handlers.NewRevocationSecretKey(nil, true)), - &handlers.CriSigner{ - Revocation: &bridge.Revocation{ - Idemix: idmx, Translator: translator, - }, - }) - - // verifiers - base.AddWrapper(reflect.TypeOf(handlers.NewIssuerPublicKey(nil)), - &issuerPublicKeyVerifierMultiplexer{ - verifier: &handlers.Verifier{ - SignatureScheme: &bridge.SignatureScheme{ + }, + Translator: translator, + }), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixNymKeyImportOpts](), + &handlers.NymKeyImporter{ + Exportable: exportable, + User: &bridge.User{ Idemix: idmx, Translator: translator, - }}, - credentialRequestVerifier: &handlers.CredentialRequestVerifier{ - CredRequest: &bridge.CredRequest{ + }, + Translator: translator, + }), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixRevocationPublicKeyImportOpts](), + &handlers.RevocationPublicKeyImporter{}), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixRevocationKeyImportOpts](), + &handlers.RevocationKeyImporter{ + Exportable: exportable, + Revocation: &bridge.Revocation{ Idemix: idmx, Translator: translator, - }}, - }) - base.AddWrapper(reflect.TypeOf(handlers.NewNymPublicKey(nil, translator)), - &handlers.NymVerifier{ - NymSignatureScheme: &bridge.NymSignatureScheme{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), - &handlers.CredentialVerifier{ - Credential: &bridge.Credential{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeOf(handlers.NewRevocationPublicKey(nil)), - &handlers.CriVerifier{ - Revocation: &bridge.Revocation{ - Idemix: idmx, Translator: translator, - }, - }) - - // importers - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixUserSecretKeyImportOpts](), - &handlers.UserKeyImporter{ - Exportable: exportable, - User: &bridge.User{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixIssuerPublicKeyImportOpts](), - &handlers.IssuerPublicKeyImporter{ - Issuer: &bridge.Issuer{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixIssuerKeyImportOpts](), - &handlers.IssuerKeyImporter{ - Exportable: exportable, - Issuer: &bridge.Issuer{ - Idemix: idmx, Translator: translator, - }, - }) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixNymPublicKeyImportOpts](), - &handlers.NymPublicKeyImporter{ - User: &bridge.User{ - Idemix: idmx, Translator: translator, - }, - Translator: translator, - }) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixNymKeyImportOpts](), - &handlers.NymKeyImporter{ - Exportable: exportable, - User: &bridge.User{ - Idemix: idmx, Translator: translator, - }, - Translator: translator, - }) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixRevocationPublicKeyImportOpts](), - &handlers.RevocationPublicKeyImporter{}) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixRevocationKeyImportOpts](), - &handlers.RevocationKeyImporter{ - Exportable: exportable, - Revocation: &bridge.Revocation{ - Idemix: idmx, Translator: translator, - }, - }) + }, + }), + ) + if err != nil { + return nil, err + } return csp, nil } @@ -192,166 +197,171 @@ func NewAries(keyStore bccsp.KeyStore, curve *math.Curve, _translator idemix.Tra } // key generators - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixIssuerKeyGenOpts](), - &handlers.IssuerKeyGen{ - Exportable: exportable, - Issuer: &aries.Issuer{ - Curve: curve, - }, - }) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixUserSecretKeyGenOpts](), - &handlers.UserKeyGen{ - Exportable: exportable, - User: &aries.User{ - Curve: curve, - Rng: rng, - }, - }) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixRevocationKeyGenOpts](), - &handlers.RevocationKeyGen{ - Exportable: exportable, - Revocation: &aries.RevocationAuthority{ - Curve: curve, - Rng: rng, - }, - }) - - // key derivers - base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), - &handlers.NymKeyDerivation{ - Exportable: exportable, - Translator: _translator, - User: &aries.User{ - Curve: curve, - Rng: rng, - }, - }) - - // signers - base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), - &userSecreKeySignerMultiplexer{ - signer: &handlers.Signer{ - SignatureScheme: &aries.Signer{ + err = errors.Join( + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixIssuerKeyGenOpts](), + &handlers.IssuerKeyGen{ + Exportable: exportable, + Issuer: &aries.Issuer{ + Curve: curve, + }, + }), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixUserSecretKeyGenOpts](), + &handlers.UserKeyGen{ + Exportable: exportable, + User: &aries.User{ Curve: curve, Rng: rng, - }}, - nymSigner: &handlers.NymSigner{ + }, + }), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixRevocationKeyGenOpts](), + &handlers.RevocationKeyGen{ + Exportable: exportable, + Revocation: &aries.RevocationAuthority{ + Curve: curve, + Rng: rng, + }, + }), + + // key derivers + base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), + &handlers.NymKeyDerivation{ + Exportable: exportable, + Translator: _translator, + User: &aries.User{ + Curve: curve, + Rng: rng, + }, + }), + + // signers + base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), + &userSecreKeySignerMultiplexer{ + signer: &handlers.Signer{ + SignatureScheme: &aries.Signer{ + Curve: curve, + Rng: rng, + }}, + nymSigner: &handlers.NymSigner{ + SmartcardNymSignatureScheme: &aries.SmartcardIdemixBackend{ + Curve: curve, + }, + NymSignatureScheme: &aries.NymSigner{ + Curve: curve, + Rng: rng, + }}, + blindCredentialRequestSigner: &handlers.BlindCredentialRequestSigner{ + CredRequest: &aries.CredRequest{ + Curve: curve, + }}, + credentialRequestSigner: nil, // aries does not implement this approach + }), + base.AddWrapper(reflect.TypeOf(handlers.NewIssuerSecretKey(nil, true)), + &handlers.CredentialSigner{ + Credential: &aries.Cred{ + Curve: curve, + BBS: bbs.New(curve), + }, + }), + base.AddWrapper(reflect.TypeOf(handlers.NewRevocationSecretKey(nil, true)), + &handlers.CriSigner{ + Revocation: &aries.RevocationAuthority{ + Curve: curve, + Rng: rng, + }, + }), + + // verifiers + base.AddWrapper(reflect.TypeOf(handlers.NewIssuerPublicKey(nil)), + &issuerPublicKeyVerifierMultiplexer{ + verifier: &handlers.Verifier{ + SignatureScheme: &aries.Signer{ + Curve: curve, + Rng: rng, + }}, + blindcredentialRequestVerifier: &handlers.BlindCredentialRequestVerifier{ + CredRequest: &aries.CredRequest{ + Curve: curve, + }}, + credentialRequestVerifier: nil, // aries does not implement this type of issuance + }), + base.AddWrapper(reflect.TypeOf(handlers.NewNymPublicKey(nil, _translator)), + &handlers.NymVerifier{ SmartcardNymSignatureScheme: &aries.SmartcardIdemixBackend{ Curve: curve, }, NymSignatureScheme: &aries.NymSigner{ Curve: curve, Rng: rng, - }}, - blindCredentialRequestSigner: &handlers.BlindCredentialRequestSigner{ - CredRequest: &aries.CredRequest{ + }, + }), + base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), + &handlers.CredentialVerifier{ + Credential: &aries.Cred{ Curve: curve, - }}, - credentialRequestSigner: nil, // aries does not implement this approach - }) - base.AddWrapper(reflect.TypeOf(handlers.NewIssuerSecretKey(nil, true)), - &handlers.CredentialSigner{ - Credential: &aries.Cred{ - Curve: curve, - BBS: bbs.New(curve), - }, - }) - base.AddWrapper(reflect.TypeOf(handlers.NewRevocationSecretKey(nil, true)), - &handlers.CriSigner{ - Revocation: &aries.RevocationAuthority{ - Curve: curve, - Rng: rng, - }, - }) - - // verifiers - base.AddWrapper(reflect.TypeOf(handlers.NewIssuerPublicKey(nil)), - &issuerPublicKeyVerifierMultiplexer{ - verifier: &handlers.Verifier{ - SignatureScheme: &aries.Signer{ + BBS: bbs.New(curve), + }, + }), + base.AddWrapper(reflect.TypeOf(handlers.NewRevocationPublicKey(nil)), + &handlers.CriVerifier{ + Revocation: &aries.RevocationAuthority{ Curve: curve, Rng: rng, - }}, - blindcredentialRequestVerifier: &handlers.BlindCredentialRequestVerifier{ - CredRequest: &aries.CredRequest{ + }, + }), + + // importers + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixUserSecretKeyImportOpts](), + &handlers.UserKeyImporter{ + Exportable: exportable, + User: &aries.User{ Curve: curve, - }}, - credentialRequestVerifier: nil, // aries does not implement this type of issuance - }) - base.AddWrapper(reflect.TypeOf(handlers.NewNymPublicKey(nil, _translator)), - &handlers.NymVerifier{ - SmartcardNymSignatureScheme: &aries.SmartcardIdemixBackend{ - Curve: curve, - }, - NymSignatureScheme: &aries.NymSigner{ - Curve: curve, - Rng: rng, - }, - }) - base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, true)), - &handlers.CredentialVerifier{ - Credential: &aries.Cred{ - Curve: curve, - BBS: bbs.New(curve), - }, - }) - base.AddWrapper(reflect.TypeOf(handlers.NewRevocationPublicKey(nil)), - &handlers.CriVerifier{ - Revocation: &aries.RevocationAuthority{ - Curve: curve, - Rng: rng, - }, - }) - - // importers - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixUserSecretKeyImportOpts](), - &handlers.UserKeyImporter{ - Exportable: exportable, - User: &aries.User{ - Curve: curve, - Rng: rng, - }, - }) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixIssuerPublicKeyImportOpts](), - &handlers.IssuerPublicKeyImporter{ - Issuer: &aries.Issuer{ - Curve: curve, - }, - }) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixIssuerKeyImportOpts](), - &handlers.IssuerKeyImporter{ - Exportable: exportable, - Issuer: &aries.Issuer{ - Curve: curve, - }, - }) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixNymPublicKeyImportOpts](), - &handlers.NymPublicKeyImporter{ - User: &aries.User{ - Curve: curve, - Rng: rng, - }, - Translator: _translator, - }) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixNymKeyImportOpts](), - &handlers.NymKeyImporter{ - Exportable: exportable, - User: &aries.User{ - Curve: curve, - Rng: rng, - }, - Translator: _translator, - }) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixRevocationPublicKeyImportOpts](), - &handlers.RevocationPublicKeyImporter{}) - base.AddWrapper(reflect.TypeFor[*bccsp.IdemixRevocationKeyImportOpts](), - &handlers.RevocationKeyImporter{ - Exportable: exportable, - Revocation: &aries.RevocationAuthority{ - Curve: curve, - Rng: rng, - }, - }) + Rng: rng, + }, + }), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixIssuerPublicKeyImportOpts](), + &handlers.IssuerPublicKeyImporter{ + Issuer: &aries.Issuer{ + Curve: curve, + }, + }), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixIssuerKeyImportOpts](), + &handlers.IssuerKeyImporter{ + Exportable: exportable, + Issuer: &aries.Issuer{ + Curve: curve, + }, + }), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixNymPublicKeyImportOpts](), + &handlers.NymPublicKeyImporter{ + User: &aries.User{ + Curve: curve, + Rng: rng, + }, + Translator: _translator, + }), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixNymKeyImportOpts](), + &handlers.NymKeyImporter{ + Exportable: exportable, + User: &aries.User{ + Curve: curve, + Rng: rng, + }, + Translator: _translator, + }), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixRevocationPublicKeyImportOpts](), + &handlers.RevocationPublicKeyImporter{}), + base.AddWrapper(reflect.TypeFor[*bccsp.IdemixRevocationKeyImportOpts](), + &handlers.RevocationKeyImporter{ + Exportable: exportable, + Revocation: &aries.RevocationAuthority{ + Curve: curve, + Rng: rng, + }, + }), + ) + if err != nil { + return nil, err + } return csp, nil } @@ -366,19 +376,19 @@ func NewAries(keyStore bccsp.KeyStore, curve *math.Curve, _translator idemix.Tra func (csp *csp) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error) { // Validate arguments if k == nil { - return nil, errors.New("Invalid Key. It must not be nil.") + return nil, errors.New("invalid key: it must not be nil") } // Do not check for digest keyType := reflect.TypeOf(k) signer, found := csp.Signers[keyType] if !found { - return nil, fmt.Errorf("Unsupported 'SignKey' provided [%s]", keyType) + return nil, fmt.Errorf("unsupported 'SignKey' provided [%s]", keyType) } signature, err = signer.Sign(k, digest, opts) if err != nil { - return nil, fmt.Errorf("Failed signing with opts [%v]: %w", opts, err) + return nil, fmt.Errorf("failed signing with opts [%v]: %w", opts, err) } return @@ -389,21 +399,21 @@ func (csp *csp) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signatu func (csp *csp) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error) { // Validate arguments if k == nil { - return false, errors.New("Invalid Key. It must not be nil.") + return false, errors.New("invalid key: it must not be nil") } if len(signature) == 0 { - return false, errors.New("Invalid signature. Cannot be empty.") + return false, errors.New("invalid signature: cannot be empty") } // Do not check for digest verifier, found := csp.Verifiers[reflect.TypeOf(k)] if !found { - return false, fmt.Errorf("Unsupported 'VerifyKey' provided [%v]", k) + return false, fmt.Errorf("unsupported 'VerifyKey' provided [%v]", k) } valid, err = verifier.Verify(k, signature, digest, opts) if err != nil { - return false, fmt.Errorf("Failed verifing with opts [%v]: %w", opts, err) + return false, fmt.Errorf("failed verifying with opts [%v]: %w", opts, err) } return diff --git a/bccsp/bccsp_test.go b/bccsp/bccsp_test.go index de74e070..bb8b1b14 100644 --- a/bccsp/bccsp_test.go +++ b/bccsp/bccsp_test.go @@ -43,7 +43,7 @@ func (ks *dummyKeyStore) GetKey(ski []byte) (bccsp.Key, error) { // StoreKey stores the key k in this KeyStore. // If this KeyStore is read only then the method will fail. func (ks *dummyKeyStore) StoreKey(k bccsp.Key) error { - return errors.New("Cannot store key. This is a dummy read-only KeyStore") + return errors.New("cannot store key. This is a dummy read-only KeyStore") } var _ = Describe("Idemix Bridge", func() { diff --git a/bccsp/handlers/cred.go b/bccsp/handlers/cred.go index fb1a039d..c4a4e957 100644 --- a/bccsp/handlers/cred.go +++ b/bccsp/handlers/cred.go @@ -8,14 +8,13 @@ package handlers import ( "errors" - "github.com/IBM/idemix/bccsp/types" bccsp "github.com/IBM/idemix/bccsp/types" ) // CredentialRequestSigner produces credential requests type CredentialRequestSigner struct { // CredRequest implements the underlying cryptographic algorithms - CredRequest types.CredRequest + CredRequest bccsp.CredRequest } func (c *CredentialRequestSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error) { @@ -39,7 +38,7 @@ func (c *CredentialRequestSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.Si } type BlindCredentialRequestSigner struct { - CredRequest types.BlindCredRequest + CredRequest bccsp.BlindCredRequest } func (c *BlindCredentialRequestSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error) { @@ -72,7 +71,7 @@ func (c *BlindCredentialRequestSigner) Sign(k bccsp.Key, digest []byte, opts bcc // CredentialRequestVerifier verifies credential requests type CredentialRequestVerifier struct { // CredRequest implements the underlying cryptographic algorithms - CredRequest types.CredRequest + CredRequest bccsp.CredRequest } func (c *CredentialRequestVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error) { @@ -94,7 +93,7 @@ func (c *CredentialRequestVerifier) Verify(k bccsp.Key, signature, digest []byte } type BlindCredentialRequestVerifier struct { - CredRequest types.BlindCredRequest + CredRequest bccsp.BlindCredRequest } func (c *BlindCredentialRequestVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error) { @@ -116,7 +115,7 @@ func (c *BlindCredentialRequestVerifier) Verify(k bccsp.Key, signature, digest [ } type CredentialSigner struct { - Credential types.Credential + Credential bccsp.Credential } func (s *CredentialSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error) { @@ -138,7 +137,7 @@ func (s *CredentialSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpt } type CredentialVerifier struct { - Credential types.Credential + Credential bccsp.Credential } func (v *CredentialVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error) { diff --git a/bccsp/handlers/issuer.go b/bccsp/handlers/issuer.go index 3aada3fc..328e1320 100644 --- a/bccsp/handlers/issuer.go +++ b/bccsp/handlers/issuer.go @@ -8,7 +8,6 @@ package handlers import ( "errors" - "github.com/IBM/idemix/bccsp/types" bccsp "github.com/IBM/idemix/bccsp/types" ) @@ -16,12 +15,12 @@ import ( // and implements the bccsp.Key interface type issuerSecretKey struct { // sk is the idemix reference to the issuer key - sk types.IssuerSecretKey + sk bccsp.IssuerSecretKey // exportable if true, sk can be exported via the Bytes function exportable bool } -func NewIssuerSecretKey(sk types.IssuerSecretKey, exportable bool) *issuerSecretKey { +func NewIssuerSecretKey(sk bccsp.IssuerSecretKey, exportable bool) *issuerSecretKey { return &issuerSecretKey{sk: sk, exportable: exportable} } @@ -57,10 +56,10 @@ func (k *issuerSecretKey) PublicKey() (bccsp.Key, error) { // issuerPublicKey contains the issuer public key // and implements the bccsp.Key interface type issuerPublicKey struct { - pk types.IssuerPublicKey + pk bccsp.IssuerPublicKey } -func NewIssuerPublicKey(pk types.IssuerPublicKey) *issuerPublicKey { +func NewIssuerPublicKey(pk bccsp.IssuerPublicKey) *issuerPublicKey { return &issuerPublicKey{pk} } @@ -90,7 +89,7 @@ type IssuerKeyGen struct { // If a secret key is marked as exportable, its Bytes method will return the key's byte representation. Exportable bool // Issuer implements the underlying cryptographic algorithms - Issuer types.Issuer + Issuer bccsp.Issuer } func (g *IssuerKeyGen) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error) { @@ -111,7 +110,7 @@ func (g *IssuerKeyGen) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error) { // IssuerPublicKeyImporter imports issuer public keys type IssuerPublicKeyImporter struct { // Issuer implements the underlying cryptographic algorithms - Issuer types.Issuer + Issuer bccsp.Issuer } func (i *IssuerPublicKeyImporter) KeyImport(raw any, opts bccsp.KeyImportOpts) (k bccsp.Key, err error) { @@ -154,7 +153,7 @@ type IssuerKeyImporter struct { // If a secret key is marked as exportable, its Bytes method will return the key's byte representation. Exportable bool // Issuer implements the underlying cryptographic algorithms - Issuer types.Issuer + Issuer bccsp.Issuer } func (i *IssuerKeyImporter) KeyImport(raw any, opts bccsp.KeyImportOpts) (k bccsp.Key, err error) { diff --git a/bccsp/handlers/nym.go b/bccsp/handlers/nym.go index b37616db..7a05e36b 100644 --- a/bccsp/handlers/nym.go +++ b/bccsp/handlers/nym.go @@ -10,7 +10,6 @@ import ( "errors" idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - "github.com/IBM/idemix/bccsp/types" bccsp "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" ) @@ -34,12 +33,13 @@ func computeSKI(serialise func() []byte) []byte { hash := sha256.New() hash.Write(raw) - return hash.Sum(nil) + return hash.Sum(nil) } func NewNymSecretKey(sk *math.Zr, pk *math.G1, translator idemix.Translator, exportable bool) (*NymSecretKey, error) { ski := computeSKI(sk.Bytes) + return &NymSecretKey{Ski: ski, Sk: sk, Pk: pk, Exportable: exportable, Translator: translator}, nil } @@ -54,6 +54,7 @@ func (k *NymSecretKey) Bytes() ([]byte, error) { func (k *NymSecretKey) SKI() []byte { c := make([]byte, len(k.Ski)) copy(c, k.Ski) + return c } @@ -67,6 +68,7 @@ func (*NymSecretKey) Private() bool { func (k *NymSecretKey) PublicKey() (bccsp.Key, error) { ski := computeSKI(k.Pk.Bytes) + return &nymPublicKey{ski: ski, pk: k.Pk, translator: k.Translator}, nil } @@ -85,6 +87,7 @@ func NewNymPublicKey(pk *math.G1, translator idemix.Translator) *nymPublicKey { func (k *nymPublicKey) Bytes() ([]byte, error) { ecp := k.translator.G1ToProto(k.pk) + return append(ecp.X, ecp.Y...), nil } @@ -110,7 +113,7 @@ type NymKeyDerivation struct { // If a secret key is marked as Exportable, its Bytes method will return the key's byte representation. Exportable bool // User implements the underlying cryptographic algorithms - User types.User + User bccsp.User Translator idemix.Translator } @@ -143,7 +146,7 @@ func (kd *NymKeyDerivation) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk b // NymPublicKeyImporter imports nym public keys type NymPublicKeyImporter struct { // User implements the underlying cryptographic algorithms - User types.User + User bccsp.User Translator idemix.Translator } @@ -181,7 +184,7 @@ func (i *NymPublicKeyImporter) KeyImport(raw any, opts bccsp.KeyImportOpts) (k b type NymKeyImporter struct { Exportable bool // User implements the underlying cryptographic algorithms - User types.User + User bccsp.User Translator idemix.Translator } diff --git a/bccsp/handlers/nymsigner.go b/bccsp/handlers/nymsigner.go index 7286532c..ed56966c 100644 --- a/bccsp/handlers/nymsigner.go +++ b/bccsp/handlers/nymsigner.go @@ -7,7 +7,6 @@ package handlers import ( "errors" - "fmt" "github.com/IBM/idemix/bccsp/types" ) @@ -35,11 +34,11 @@ func (s *NymSigner) Sign(k types.Key, digest []byte, opts types.SignerOpts) ([]b // handle the smartcard case if signerOpts.IsSmartcard { if s.SmartcardNymSignatureScheme == nil { - return nil, fmt.Errorf("smartcard mode is unsupported") + return nil, errors.New("smartcard mode is unsupported") } if signerOpts.Smartcard == nil { - return nil, fmt.Errorf("no s/w smartcard supplied in opts") + return nil, errors.New("no s/w smartcard supplied in opts") } sigma, nym, rNym, err := s.SmartcardNymSignatureScheme.Sign(signerOpts.Smartcard, ipk.pk, digest) @@ -110,10 +109,10 @@ func (v *NymVerifier) Verify(k types.Key, signature, digest []byte, opts types.S // handle the smartcard case if signerOpts.IsSmartcard { if v.SmartcardNymSignatureScheme == nil { - return false, fmt.Errorf("smartcard mode is unsupported") + return false, errors.New("smartcard mode is unsupported") } if signerOpts.NymEid == nil { - return false, fmt.Errorf("nym eid missing") + return false, errors.New("nym eid missing") } err := v.SmartcardNymSignatureScheme.Verify( diff --git a/bccsp/handlers/revocation.go b/bccsp/handlers/revocation.go index 95f1a8dd..13b838a7 100644 --- a/bccsp/handlers/revocation.go +++ b/bccsp/handlers/revocation.go @@ -15,7 +15,6 @@ import ( "fmt" "reflect" - "github.com/IBM/idemix/bccsp/types" bccsp "github.com/IBM/idemix/bccsp/types" ) @@ -36,7 +35,7 @@ func NewRevocationSecretKey(sk *ecdsa.PrivateKey, exportable bool) *revocationSe // if this operation is allowed. func (k *revocationSecretKey) Bytes() ([]byte, error) { if k.exportable { - return k.privKey.D.Bytes(), nil + return k.privKey.D.Bytes(), nil //nolint:staticcheck } return nil, errors.New("not exportable") @@ -45,11 +44,12 @@ func (k *revocationSecretKey) Bytes() ([]byte, error) { // SKI returns the subject key identifier of this key. func (k *revocationSecretKey) SKI() []byte { // Marshall the public key - raw := elliptic.Marshal(k.privKey.Curve, k.privKey.PublicKey.X, k.privKey.PublicKey.Y) + raw := elliptic.Marshal(k.privKey.Curve, k.privKey.X, k.privKey.Y) //nolint:staticcheck // Hash it hash := sha256.New() hash.Write(raw) + return hash.Sum(nil) } @@ -84,19 +84,21 @@ func NewRevocationPublicKey(pubKey *ecdsa.PublicKey) *revocationPublicKey { func (k *revocationPublicKey) Bytes() (raw []byte, err error) { raw, err = x509.MarshalPKIXPublicKey(k.pubKey) if err != nil { - return nil, fmt.Errorf("Failed marshalling key [%s]", err) + return nil, fmt.Errorf("failed marshalling key [%w]", err) } + return } // SKI returns the subject key identifier of this key. func (k *revocationPublicKey) SKI() []byte { // Marshall the public key - raw := elliptic.Marshal(k.pubKey.Curve, k.pubKey.X, k.pubKey.Y) + raw := elliptic.Marshal(k.pubKey.Curve, k.pubKey.X, k.pubKey.Y) //nolint:staticcheck // Hash it hash := sha256.New() hash.Write(raw) + return hash.Sum(nil) } @@ -124,7 +126,7 @@ type RevocationKeyGen struct { // If a secret key is marked as exportable, its Bytes method will return the key's byte representation. Exportable bool // Revocation implements the underlying cryptographic algorithms - Revocation types.Revocation + Revocation bccsp.Revocation } func (g *RevocationKeyGen) KeyGen(opts bccsp.KeyGenOpts) (bccsp.Key, error) { @@ -153,11 +155,11 @@ func (i *RevocationPublicKeyImporter) KeyImport(raw any, opts bccsp.KeyImportOpt blockPub, _ := pem.Decode(raw.([]byte)) if blockPub == nil { - return nil, errors.New("Failed to decode revocation ECDSA public key") + return nil, errors.New("failed to decode revocation ECDSA public key") } revocationPk, err := x509.ParsePKIXPublicKey(blockPub.Bytes) if err != nil { - return nil, fmt.Errorf("Failed to parse revocation ECDSA public key bytes: %w", err) + return nil, fmt.Errorf("failed to parse revocation ECDSA public key bytes: %w", err) } ecdsaPublicKey, isECDSA := revocationPk.(*ecdsa.PublicKey) if !isECDSA { @@ -173,7 +175,7 @@ type RevocationKeyImporter struct { // If a secret key is marked as exportable, its Bytes method will return the key's byte representation. Exportable bool // Revocation implements the underlying cryptographic algorithms - Revocation types.Revocation + Revocation bccsp.Revocation } func (i *RevocationKeyImporter) KeyImport(raw any, opts bccsp.KeyImportOpts) (k bccsp.Key, err error) { @@ -198,7 +200,7 @@ func (i *RevocationKeyImporter) KeyImport(raw any, opts bccsp.KeyImportOpts) (k } type CriSigner struct { - Revocation types.Revocation + Revocation bccsp.Revocation } func (s *CriSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error) { @@ -220,7 +222,7 @@ func (s *CriSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]b } type CriVerifier struct { - Revocation types.Revocation + Revocation bccsp.Revocation } func (v *CriVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error) { diff --git a/bccsp/handlers/revocation_test.go b/bccsp/handlers/revocation_test.go index 526528fb..79fcb8ff 100644 --- a/bccsp/handlers/revocation_test.go +++ b/bccsp/handlers/revocation_test.go @@ -55,7 +55,7 @@ var _ = Describe("Revocation", func() { }, D: big.NewInt(1)} - raw := elliptic.Marshal(idemixRevocationKey.Curve, idemixRevocationKey.PublicKey.X, idemixRevocationKey.PublicKey.Y) + raw := elliptic.Marshal(idemixRevocationKey.Curve, idemixRevocationKey.X, idemixRevocationKey.Y) //nolint:staticcheck hash := sha256.New() hash.Write(raw) SKI = hash.Sum(nil) @@ -107,7 +107,7 @@ var _ = Describe("Revocation", func() { raw, err := sk.Bytes() Expect(err).NotTo(HaveOccurred()) Expect(raw).NotTo(BeNil()) - Expect(raw).To(BeEquivalentTo(idemixRevocationKey.D.Bytes())) + Expect(raw).To(BeEquivalentTo(idemixRevocationKey.D.Bytes())) //nolint:staticcheck }) }) @@ -206,7 +206,7 @@ var _ = Describe("Revocation", func() { It("returns an error", func() { k, err := RevocationPublicKeyImporter.KeyImport([]byte("fake-raw"), nil) - Expect(err).To(MatchError("Failed to decode revocation ECDSA public key")) + Expect(err).To(MatchError("failed to decode revocation ECDSA public key")) Expect(k).To(BeNil()) }) diff --git a/bccsp/handlers/signer.go b/bccsp/handlers/signer.go index 84616411..2df0a5bd 100644 --- a/bccsp/handlers/signer.go +++ b/bccsp/handlers/signer.go @@ -173,5 +173,6 @@ func (v *Verifier) Verify(k types.Key, signature, digest []byte, opts types.Sign if err != nil { return false, err } + return true, nil } diff --git a/bccsp/handlers/user.go b/bccsp/handlers/user.go index 5f58cda2..a726f41c 100644 --- a/bccsp/handlers/user.go +++ b/bccsp/handlers/user.go @@ -9,7 +9,6 @@ import ( "crypto/sha256" "errors" - "github.com/IBM/idemix/bccsp/types" bccsp "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" ) @@ -38,6 +37,7 @@ func (k *UserSecretKey) SKI() []byte { raw := k.Sk.Bytes() hash := sha256.New() hash.Write(raw) + return hash.Sum(nil) } @@ -58,7 +58,7 @@ type UserKeyGen struct { // If a secret key is marked as Exportable, its Bytes method will return the key's byte representation. Exportable bool // User implements the underlying cryptographic algorithms - User types.User + User bccsp.User } func (g *UserKeyGen) KeyGen(opts bccsp.KeyGenOpts) (bccsp.Key, error) { @@ -76,7 +76,7 @@ type UserKeyImporter struct { // If a secret key is marked as Exportable, its Bytes method will return the key's byte representation. Exportable bool // User implements the underlying cryptographic algorithms - User types.User + User bccsp.User } func (i *UserKeyImporter) KeyImport(raw any, opts bccsp.KeyImportOpts) (k bccsp.Key, err error) { diff --git a/bccsp/impl.go b/bccsp/impl.go index 23675b8b..40633902 100644 --- a/bccsp/impl.go +++ b/bccsp/impl.go @@ -82,7 +82,7 @@ type CSP struct { func NewImpl(keyStore bccsp.KeyStore) (*CSP, error) { if keyStore == nil { - return nil, fmt.Errorf("Invalid bccsp.KeyStore instance. It must be different from nil.") + return nil, errors.New("invalid bccsp.KeyStore instance, it must be different from nil") } signers := make(map[reflect.Type]Signer) @@ -102,17 +102,17 @@ func NewImpl(keyStore bccsp.KeyStore) (*CSP, error) { func (csp *CSP) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error) { // Validate arguments if opts == nil { - return nil, errors.New("Invalid Opts parameter. It must not be nil.") + return nil, errors.New("invalid Opts parameter, it must not be nil") } keyGenerator, found := csp.KeyGenerators[reflect.TypeOf(opts)] if !found { - return nil, fmt.Errorf("Unsupported 'KeyGenOpts' provided [%v]", opts) + return nil, fmt.Errorf("unsupported 'KeyGenOpts' provided [%v]", opts) } k, err = keyGenerator.KeyGen(opts) if err != nil { - return nil, fmt.Errorf("Failed generating key with opts [%v]: %w", opts, err) + return nil, fmt.Errorf("failed generating key with opts [%v]: %w", opts, err) } // If the key is not Ephemeral, store it. @@ -120,7 +120,7 @@ func (csp *CSP) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error) { // Store the key err = csp.ks.StoreKey(k) if err != nil { - return nil, fmt.Errorf("Failed storing key [%v]: %w", reflect.TypeOf(opts), err) + return nil, fmt.Errorf("failed storing key [%v]: %w", reflect.TypeOf(opts), err) } } @@ -132,20 +132,20 @@ func (csp *CSP) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error) { func (csp *CSP) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error) { // Validate arguments if k == nil { - return nil, errors.New("Invalid Key. It must not be nil.") + return nil, errors.New("invalid Key. It must not be nil") } if opts == nil { - return nil, errors.New("Invalid opts. It must not be nil.") + return nil, errors.New("invalid opts. It must not be nil") } keyDeriver, found := csp.KeyDerivers[reflect.TypeOf(k)] if !found { - return nil, fmt.Errorf("Unsupported 'Key' provided [%v]", k) + return nil, fmt.Errorf("unsupported 'Key' provided [%v]", k) } k, err = keyDeriver.KeyDeriv(k, opts) if err != nil { - return nil, fmt.Errorf("Failed deriving key with opts [%v]: %w", opts, err) + return nil, fmt.Errorf("failed deriving key with opts [%v]: %w", opts, err) } // If the key is not Ephemeral, store it. @@ -153,7 +153,7 @@ func (csp *CSP) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, er // Store the key err = csp.ks.StoreKey(k) if err != nil { - return nil, fmt.Errorf("Failed storing key [%v]: %w", reflect.TypeOf(opts), err) + return nil, fmt.Errorf("failed storing key [%v]: %w", reflect.TypeOf(opts), err) } } @@ -165,20 +165,20 @@ func (csp *CSP) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, er func (csp *CSP) KeyImport(raw any, opts bccsp.KeyImportOpts) (k bccsp.Key, err error) { // Validate arguments if raw == nil { - return nil, errors.New("Invalid raw. It must not be nil.") + return nil, errors.New("invalid raw, it must not be nil") } if opts == nil { - return nil, errors.New("Invalid opts. It must not be nil.") + return nil, errors.New("invalid opts, it must not be nil") } keyImporter, found := csp.KeyImporters[reflect.TypeOf(opts)] if !found { - return nil, fmt.Errorf("Unsupported 'KeyImportOpts' provided [%v]", opts) + return nil, fmt.Errorf("unsupported 'KeyImportOpts' provided [%v]", opts) } k, err = keyImporter.KeyImport(raw, opts) if err != nil { - return nil, fmt.Errorf("Failed importing key with opts [%v]: %w", opts, err) + return nil, fmt.Errorf("failed importing key with opts [%v]: %w", opts, err) } // If the key is not Ephemeral, store it. @@ -186,7 +186,7 @@ func (csp *CSP) KeyImport(raw any, opts bccsp.KeyImportOpts) (k bccsp.Key, err e // Store the key err = csp.ks.StoreKey(k) if err != nil { - return nil, fmt.Errorf("Failed storing imported key with opts [%v]: %w", opts, err) + return nil, fmt.Errorf("failed storing imported key with opts [%v]: %w", opts, err) } } @@ -198,7 +198,7 @@ func (csp *CSP) KeyImport(raw any, opts bccsp.KeyImportOpts) (k bccsp.Key, err e func (csp *CSP) GetKey(ski []byte) (k bccsp.Key, err error) { k, err = csp.ks.GetKey(ski) if err != nil { - return nil, fmt.Errorf("Failed getting key for SKI [%v]: %w", ski, err) + return nil, fmt.Errorf("failed getting key for SKI [%v]: %w", ski, err) } return @@ -213,21 +213,21 @@ func (csp *CSP) GetKey(ski []byte) (k bccsp.Key, err error) { func (csp *CSP) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error) { // Validate arguments if k == nil { - return nil, errors.New("Invalid Key. It must not be nil.") + return nil, errors.New("invalid Key. It must not be nil") } if len(digest) == 0 { - return nil, errors.New("Invalid digest. Cannot be empty.") + return nil, errors.New("invalid digest. Cannot be empty") } keyType := reflect.TypeOf(k) signer, found := csp.Signers[keyType] if !found { - return nil, fmt.Errorf("Unsupported 'SignKey' provided [%s]", keyType) + return nil, fmt.Errorf("unsupported 'SignKey' provided [%s]", keyType) } signature, err = signer.Sign(k, digest, opts) if err != nil { - return nil, fmt.Errorf("Failed signing with opts [%v]: %w", opts, err) + return nil, fmt.Errorf("failed signing with opts [%v]: %w", opts, err) } return @@ -237,37 +237,37 @@ func (csp *CSP) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signatu func (csp *CSP) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error) { // Validate arguments if k == nil { - return false, errors.New("Invalid Key. It must not be nil.") + return false, errors.New("invalid Key. It must not be nil") } if len(signature) == 0 { - return false, errors.New("Invalid signature. Cannot be empty.") + return false, errors.New("invalid signature. Cannot be empty") } if len(digest) == 0 { - return false, errors.New("Invalid digest. Cannot be empty.") + return false, errors.New("invalid digest. Cannot be empty") } verifier, found := csp.Verifiers[reflect.TypeOf(k)] if !found { - return false, fmt.Errorf("Unsupported 'VerifyKey' provided [%v]", k) + return false, fmt.Errorf("unsupported 'VerifyKey' provided [%v]", k) } valid, err = verifier.Verify(k, signature, digest, opts) if err != nil { - return false, fmt.Errorf("Failed verifing with opts [%v]: %w", opts, err) + return false, fmt.Errorf("failed verifing with opts [%v]: %w", opts, err) } return } // AddWrapper binds the passed type to the passed wrapper. -// Notice that that wrapper must be an instance of one of the following interfaces: +// Notice that wrapper must be an instance of one of the following interfaces: // KeyGenerator, KeyDeriver, KeyImporter, Signer, Verifier. func (csp *CSP) AddWrapper(t reflect.Type, w any) error { if t == nil { - return fmt.Errorf("type cannot be nil") + return errors.New("type cannot be nil") } if w == nil { - return fmt.Errorf("wrapper cannot be nil") + return errors.New("wrapper cannot be nil") } switch dt := w.(type) { case KeyGenerator: @@ -281,7 +281,8 @@ func (csp *CSP) AddWrapper(t reflect.Type, w any) error { case Verifier: csp.Verifiers[t] = dt default: - return fmt.Errorf("wrapper type not valid, must be one of: KeyGenerator, KeyDeriver, KeyImporter, Signer, Verifier") + return errors.New("wrapper type not valid, must be one of: KeyGenerator, KeyDeriver, KeyImporter, Signer, Verifier") } + return nil } diff --git a/bccsp/keystore/kvs/filebased.go b/bccsp/keystore/kvs/filebased.go index 50afaac2..67be5bb3 100644 --- a/bccsp/keystore/kvs/filebased.go +++ b/bccsp/keystore/kvs/filebased.go @@ -25,7 +25,7 @@ func NewFileBased(path string) (*FileBasedKVS, error) { } if os.IsNotExist(err) { - err = os.MkdirAll(path, 0770) + err = os.MkdirAll(path, 0750) if err != nil { return nil, fmt.Errorf("could not create path [%s]: [%w]", path, err) } diff --git a/bccsp/keystore/kvsbased.go b/bccsp/keystore/kvsbased.go index 9851f057..94dca680 100644 --- a/bccsp/keystore/kvsbased.go +++ b/bccsp/keystore/kvsbased.go @@ -57,7 +57,7 @@ func (ks *KVSStore) GetKey(ski []byte) (bccsp.Key, error) { id := hex.EncodeToString(ski) entry := &entry{} - err := ks.KVS.Get(id, entry) + err := ks.Get(id, entry) if err != nil { return nil, fmt.Errorf("could not get key [%s] from kvs: %w", id, err) } @@ -117,5 +117,5 @@ func (ks *KVSStore) StoreKey(k bccsp.Key) error { return fmt.Errorf("unknown type [%T] for the supplied key", key) } - return ks.KVS.Put(id, entry) + return ks.Put(id, entry) } diff --git a/bccsp/keystore/kvsbased_test.go b/bccsp/keystore/kvsbased_test.go index 1de1fa53..329e07c3 100644 --- a/bccsp/keystore/kvsbased_test.go +++ b/bccsp/keystore/kvsbased_test.go @@ -7,7 +7,6 @@ SPDX-License-Identifier: Apache-2.0 package keystore import ( - "os" "testing" "github.com/IBM/idemix/bccsp/handlers" @@ -16,20 +15,19 @@ import ( bccsp "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestFileBased(t *testing.T) { curve := math.Curves[math.FP256BN_AMCL] translator := &amcl.Fp256bn{C: curve} rnd, err := curve.Rand() - assert.NoError(t, err) + require.NoError(t, err) - dir, err := os.MkdirTemp(os.TempDir(), "idemix-TesFileBased") - assert.NoError(t, err) - defer os.RemoveAll(dir) + dir := t.TempDir() kvs, err := kvs.NewFileBased(dir) - assert.NoError(t, err) + require.NoError(t, err) keystore := &KVSStore{ KVS: kvs, @@ -38,13 +36,13 @@ func TestFileBased(t *testing.T) { } nsk, err := handlers.NewNymSecretKey(curve.NewRandomZr(rnd), curve.GenG1.Mul(curve.NewRandomZr(rnd)), translator, true) - assert.NoError(t, err) + require.NoError(t, err) keys := []bccsp.Key{ handlers.NewUserSecretKey(curve.NewRandomZr(rnd), true), nsk, } pk, err := nsk.PublicKey() - assert.NoError(t, err) + require.NoError(t, err) skis := [][]byte{ keys[0].SKI(), pk.SKI(), @@ -52,15 +50,15 @@ func TestFileBased(t *testing.T) { for i, key := range keys { err = keystore.StoreKey(key) - assert.NoError(t, err) + require.NoError(t, err) keyBack, err := keystore.GetKey(skis[i]) - assert.NoError(t, err) + require.NoError(t, err) b1, err := key.Bytes() - assert.NoError(t, err) + require.NoError(t, err) b2, err := keyBack.Bytes() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, b1, b2) pk1, err := key.PublicKey() @@ -69,12 +67,12 @@ func TestFileBased(t *testing.T) { continue } pk2, err := keyBack.PublicKey() - assert.NoError(t, err) + require.NoError(t, err) b1, err = pk1.Bytes() - assert.NoError(t, err) + require.NoError(t, err) b2, err = pk2.Bytes() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, b1, b2) } } diff --git a/bccsp/legacy_test.go b/bccsp/legacy_test.go index 25337f37..b4688e32 100644 --- a/bccsp/legacy_test.go +++ b/bccsp/legacy_test.go @@ -7,7 +7,6 @@ package idemix_test import ( "crypto/rand" - "fmt" "os" "path" @@ -21,7 +20,7 @@ import ( ) func testWithCurve(id math.CurveID, translator idemix1.Translator) { - Describe(fmt.Sprintf("setting up the environment with one issuer and one user with curve %s", curveName(id)), func() { + Describe("setting up the environment with one issuer and one user with curve "+curveName(id), func() { var ( CSP bccsp.BCCSP IssuerKey bccsp.Key @@ -85,7 +84,7 @@ func testWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(os.WriteFile(path.Join(rootDir, "nymkey.sk"), raw, 0666)).NotTo(HaveOccurred()) raw, err = NymPublicKey.Bytes() - Expect(len(raw)).To(Equal(2 * math.Curves[id].CoordByteSize)) + Expect(raw).To(HaveLen(2 * math.Curves[id].CoordByteSize)) Expect(err).NotTo(HaveOccurred()) Expect(os.WriteFile(path.Join(rootDir, "nymkey.pk"), raw, 0666)).NotTo(HaveOccurred()) @@ -138,7 +137,6 @@ func testWithCurve(id math.CurveID, translator idemix1.Translator) { &bccsp.IdemixCRISignerOpts{}, ) Expect(err).NotTo(HaveOccurred()) - }) It("the environment is properly set", func() { @@ -377,7 +375,7 @@ func testWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) sig.EidNym = &idemix1.EIDNym{ - ProofSEid: []byte("invalid garbageinvalid garbageinvalid garbageinvalid garbageinvalid garbageinvalid garbageinvalid garbageinvalid garbage"), + ProofSEid: []byte("invalid garbageinvalid garbage"), Nym: translator.G1ToProto(math.Curves[id].GenG1), } @@ -456,7 +454,6 @@ func testWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err.Error()).To(ContainSubstring("no EidNym provided but ExpectEidNym required")) Expect(valid).To(BeFalse()) }) - }) Describe("producing an idemix signature with an eid nym", func() { @@ -621,7 +618,7 @@ func testWithCurve(id math.CurveID, translator idemix1.Translator) { }, }, ) - Expect(err).NotTo(BeNil()) + Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("signature invalid: nym eid validation failed, signature nym eid does not match metadata")) Expect(valid).To(BeFalse()) }) @@ -649,7 +646,7 @@ func testWithCurve(id math.CurveID, translator idemix1.Translator) { }, }, ) - Expect(err).NotTo(BeNil()) + Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("signature invalid: nym eid validation failed, failed to unmarshal meta nym eid")) Expect(valid).To(BeFalse()) }) @@ -869,7 +866,6 @@ func testWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(valid).To(BeTrue()) }) - }) Describe("producing an idemix signature with an eid nym and rh nym", func() { @@ -1407,7 +1403,6 @@ func testWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(valid).To(BeTrue()) }) - }) Describe("producing an idemix signature with disclosed attributes", func() { @@ -1466,7 +1461,6 @@ func testWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(valid).To(BeTrue()) }) - }) Describe("producing an idemix nym signature", func() { @@ -1503,11 +1497,9 @@ func testWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(valid).To(BeTrue()) }) - }) Describe("Idemix Bridge Load", func() { - Describe("setting up the environment with one issuer and one user", func() { var ( CSP bccsp.BCCSP @@ -1554,7 +1546,7 @@ func testWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) rawNymKeyPk, err := os.ReadFile(path.Join(rootDir, "nymkey.pk")) Expect(err).NotTo(HaveOccurred()) - Expect(len(rawNymKeyPk)).To(Equal(2 * math.Curves[id].CoordByteSize)) + Expect(rawNymKeyPk).To(HaveLen(2 * math.Curves[id].CoordByteSize)) NymKey, err = CSP.KeyImport(append(rawNymKeySk, rawNymKeyPk...), &bccsp.IdemixNymKeyImportOpts{Temporary: true}) Expect(err).NotTo(HaveOccurred()) @@ -1704,7 +1696,6 @@ func testWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(valid).To(BeTrue()) }) - }) Describe("producing an idemix signature with disclosed attributes", func() { @@ -1763,7 +1754,6 @@ func testWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(valid).To(BeTrue()) }) - }) Describe("producing an idemix nym signature", func() { @@ -1800,7 +1790,6 @@ func testWithCurve(id math.CurveID, translator idemix1.Translator) { Expect(err).NotTo(HaveOccurred()) Expect(valid).To(BeTrue()) }) - }) }) }) diff --git a/bccsp/perf_test.go b/bccsp/perf_test.go index f2d56413..71f3038b 100644 --- a/bccsp/perf_test.go +++ b/bccsp/perf_test.go @@ -7,7 +7,6 @@ package idemix_test import ( "crypto/rand" - "fmt" "reflect" "runtime" "strings" @@ -20,27 +19,29 @@ import ( imsp "github.com/IBM/idemix/msp" math "github.com/IBM/mathlib" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func setupAries(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, []byte) { + b.Helper() curve := math.Curves[math.BLS12_381_BBS] translator := &amcl.Gurvy{C: curve} CSP, err := idemix.NewAries(NewDummyKeyStore(), curve, translator, true) - assert.NoError(b, err) + require.NoError(b, err) AttributeNames := []string{imsp.AttributeNameOU, imsp.AttributeNameRole, imsp.AttributeNameEnrollmentId, imsp.AttributeNameRevocationHandle} IssuerKey, err := CSP.KeyGen(&bccsp.IdemixIssuerKeyGenOpts{Temporary: true, AttributeNames: AttributeNames}) - assert.NoError(b, err) + require.NoError(b, err) IssuerPublicKey, err := IssuerKey.PublicKey() - assert.NoError(b, err) + require.NoError(b, err) UserKey, err := CSP.KeyGen(&bccsp.IdemixUserSecretKeyGenOpts{Temporary: true}) - assert.NoError(b, err) + require.NoError(b, err) IssuerNonce := make([]byte, curve.ScalarByteSize) n, err := rand.Read(IssuerNonce) - assert.NoError(b, err) + require.NoError(b, err) assert.Equal(b, curve.ScalarByteSize, n) blindCredReqOpts := &bccsp.IdemixBlindCredentialRequestSignerOpts{IssuerPK: IssuerPublicKey, IssuerNonce: IssuerNonce} @@ -49,7 +50,7 @@ func setupAries(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, []b nil, blindCredReqOpts, ) - assert.NoError(b, err) + require.NoError(b, err) credential, err := CSP.Sign( IssuerKey, @@ -63,14 +64,14 @@ func setupAries(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, []b }, }, ) - assert.NoError(b, err) + require.NoError(b, err) cr := &aries.CredRequest{ Curve: curve, } credential, err = cr.Unblind(credential, blindCredReqOpts.Blinding) - assert.NoError(b, err) + require.NoError(b, err) valid, err := CSP.Verify( IssuerPublicKey, @@ -78,7 +79,7 @@ func setupAries(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, []b nil, &bccsp.IdemixBlindCredentialRequestSignerOpts{IssuerNonce: IssuerNonce}, ) - assert.NoError(b, err) + require.NoError(b, err) assert.True(b, valid) valid, err = CSP.Verify( @@ -95,7 +96,7 @@ func setupAries(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, []b }, }, ) - assert.NoError(b, err) + require.NoError(b, err) assert.True(b, valid) NymKey, err := CSP.KeyDeriv(UserKey, &bccsp.IdemixNymKeyDerivationOpts{Temporary: true, IssuerPK: IssuerPublicKey}) @@ -105,24 +106,25 @@ func setupAries(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, []b } func setupLegacy(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, []byte) { + b.Helper() curve := math.Curves[math.BLS12_381_BBS] translator := &amcl.Gurvy{C: curve} CSP, err := idemix.New(NewDummyKeyStore(), curve, translator, true) - assert.NoError(b, err) + require.NoError(b, err) AttributeNames := []string{imsp.AttributeNameOU, imsp.AttributeNameRole, imsp.AttributeNameEnrollmentId, imsp.AttributeNameRevocationHandle} IssuerKey, err := CSP.KeyGen(&bccsp.IdemixIssuerKeyGenOpts{Temporary: true, AttributeNames: AttributeNames}) - assert.NoError(b, err) + require.NoError(b, err) IssuerPublicKey, err := IssuerKey.PublicKey() - assert.NoError(b, err) + require.NoError(b, err) UserKey, err := CSP.KeyGen(&bccsp.IdemixUserSecretKeyGenOpts{Temporary: true}) - assert.NoError(b, err) + require.NoError(b, err) IssuerNonce := make([]byte, curve.ScalarByteSize) n, err := rand.Read(IssuerNonce) - assert.NoError(b, err) + require.NoError(b, err) assert.Equal(b, curve.ScalarByteSize, n) // Credential Request for User @@ -131,7 +133,7 @@ func setupLegacy(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, [] nil, &bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: IssuerPublicKey, IssuerNonce: IssuerNonce}, ) - assert.NoError(b, err) + require.NoError(b, err) // Credential credential, err := CSP.Sign( @@ -146,7 +148,7 @@ func setupLegacy(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, [] }, }, ) - assert.NoError(b, err) + require.NoError(b, err) valid, err := CSP.Verify( IssuerPublicKey, @@ -154,7 +156,7 @@ func setupLegacy(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, [] nil, &bccsp.IdemixCredentialRequestSignerOpts{IssuerNonce: IssuerNonce}, ) - assert.NoError(b, err) + require.NoError(b, err) assert.True(b, valid) valid, err = CSP.Verify( @@ -171,11 +173,11 @@ func setupLegacy(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, [] }, }, ) - assert.NoError(b, err) + require.NoError(b, err) assert.True(b, valid) NymKey, err := CSP.KeyDeriv(UserKey, &bccsp.IdemixNymKeyDerivationOpts{Temporary: true, IssuerPK: IssuerPublicKey}) - assert.NoError(b, err) + require.NoError(b, err) return CSP, IssuerPublicKey, UserKey, NymKey, credential } @@ -193,19 +195,17 @@ func stackNameFromSetupFnName(fname string) string { } func Benchmark_SignVerify(b *testing.B) { - setups := []func(b *testing.B) (bccsp.BCCSP, bccsp.Key, bccsp.Key, bccsp.Key, []byte){ setupLegacy, setupAries, } for _, setupFn := range setups { - CSP, IssuerPublicKey, UserKey, NymKey, credential := setupFn(b) b.ResetTimer() - b.Run(fmt.Sprintf("sign-%s", stackNameFromSetupFnName(runtime.FuncForPC(reflect.ValueOf(setupFn).Pointer()).Name())), func(b *testing.B) { + b.Run("sign-"+stackNameFromSetupFnName(runtime.FuncForPC(reflect.ValueOf(setupFn).Pointer()).Name()), func(b *testing.B) { b.RunParallel(func(pb *testing.PB) { for pb.Next() { signOpts := &bccsp.IdemixSignerOpts{ @@ -229,7 +229,7 @@ func Benchmark_SignVerify(b *testing.B) { nil, signOpts, ) - assert.NoError(b, err) + require.NoError(b, err) _ = signature } @@ -237,14 +237,14 @@ func Benchmark_SignVerify(b *testing.B) { }) RevocationKey, err := CSP.KeyGen(&bccsp.IdemixRevocationKeyGenOpts{Temporary: true}) - assert.NoError(b, err) + require.NoError(b, err) cri, err := CSP.Sign( RevocationKey, nil, &bccsp.IdemixCRISignerOpts{}, ) - assert.NoError(b, err) + require.NoError(b, err) signOpts := &bccsp.IdemixSignerOpts{ Credential: credential, @@ -268,11 +268,11 @@ func Benchmark_SignVerify(b *testing.B) { nil, signOpts, ) - assert.NoError(b, err) + require.NoError(b, err) b.ResetTimer() - b.Run(fmt.Sprintf("verify-%s", stackNameFromSetupFnName(runtime.FuncForPC(reflect.ValueOf(setupFn).Pointer()).Name())), func(b *testing.B) { + b.Run("verify-"+stackNameFromSetupFnName(runtime.FuncForPC(reflect.ValueOf(setupFn).Pointer()).Name()), func(b *testing.B) { b.RunParallel(func(pb *testing.PB) { for pb.Next() { valid, err := CSP.Verify( @@ -293,8 +293,8 @@ func Benchmark_SignVerify(b *testing.B) { Metadata: signOpts.Metadata, }, ) - assert.NoError(b, err) - assert.True(b, valid) + require.NoError(b, err) + require.True(b, valid) } }) }) diff --git a/bccsp/schemes/aries/benchmark_test.go b/bccsp/schemes/aries/benchmark_test.go index f7a05a6b..f3a4ef95 100644 --- a/bccsp/schemes/aries/benchmark_test.go +++ b/bccsp/schemes/aries/benchmark_test.go @@ -115,7 +115,7 @@ func BenchmarkIssuerNewKey(b *testing.B) { attrs := []string{"attr1", "attr2", "eid", "rh"} b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := issuer.NewKey(attrs) if err != nil { b.Fatal(err) @@ -132,7 +132,7 @@ func BenchmarkIssuerNewKeyFromBytes(b *testing.B) { attrNames := []string{"attr1", "attr2", "eid", "rh"} b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := env.issuer.NewKeyFromBytes(skBytes, attrNames) if err != nil { b.Fatal(err) @@ -149,7 +149,7 @@ func BenchmarkIssuerNewPublicKeyFromBytes(b *testing.B) { attrNames := []string{"attr1", "attr2", "eid", "rh"} b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := env.issuer.NewPublicKeyFromBytes(pkBytes, attrNames) if err != nil { b.Fatal(err) @@ -163,7 +163,7 @@ func BenchmarkUserMakeNym(b *testing.B) { env := newBenchEnv(b) b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, _, err := env.user.MakeNym(env.sk, env.ipk) if err != nil { b.Fatal(err) @@ -177,7 +177,7 @@ func BenchmarkCredRequestBlind(b *testing.B) { env := newBenchEnv(b) b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, _, err := env.cr.Blind(env.sk, env.ipk, []byte("nonce")) if err != nil { b.Fatal(err) @@ -193,7 +193,7 @@ func BenchmarkCredRequestBlindVerify(b *testing.B) { } b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { err := env.cr.BlindVerify(credReq, env.ipk, []byte("nonce")) if err != nil { b.Fatal(err) @@ -221,7 +221,7 @@ func BenchmarkCredRequestUnblind(b *testing.B) { } b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := env.cr.Unblind(blindedCred, blinding) if err != nil { b.Fatal(err) @@ -247,7 +247,7 @@ func BenchmarkCredSign(b *testing.B) { } b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := credProto.Sign(env.isk, credReq, allAttrs) if err != nil { b.Fatal(err) @@ -266,7 +266,7 @@ func BenchmarkCredVerify(b *testing.B) { } b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { err := credProto.Verify(env.sk, env.ipk, env.cred, allAttrs) if err != nil { b.Fatal(err) @@ -292,7 +292,7 @@ func BenchmarkSignerSign(b *testing.B) { for _, tc := range cases { b.Run(tc.name, func(b *testing.B) { b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, _, err := env.signer.Sign(env.cred, env.sk, env.nym, env.rNym, env.ipk, env.attrs, []byte("msg"), rhIndex, eidIndex, nil, tc.sigType, nil) if err != nil { b.Fatal(err) @@ -324,7 +324,7 @@ func BenchmarkSignerVerify(b *testing.B) { b.Run(tc.name, func(b *testing.B) { b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { err := env.signer.Verify(env.ipk, sig, []byte("msg"), env.attrs, rhIndex, eidIndex, 0, nil, 0, tc.verType, nil) if err != nil { b.Fatal(err) @@ -355,7 +355,7 @@ func BenchmarkNymSignerSign(b *testing.B) { nym := cb.Build() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := nymSigner.Sign(sk, nym, rNym, env.ipk, []byte("msg")) if err != nil { b.Fatal(err) @@ -387,7 +387,7 @@ func BenchmarkNymSignerVerify(b *testing.B) { } b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { err := nymSigner.Verify(env.ipk, nym, sig, []byte("msg"), 0) if err != nil { b.Fatal(err) @@ -411,7 +411,7 @@ func BenchmarkRevocationSign(b *testing.B) { } b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := rev.Sign(key, nil, 0, types.AlgNoRevocation) if err != nil { b.Fatal(err) @@ -438,7 +438,7 @@ func BenchmarkRevocationVerify(b *testing.B) { } b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { err := rev.Verify(&key.PublicKey, cri, 0, types.AlgNoRevocation) if err != nil { b.Fatal(err) @@ -458,7 +458,7 @@ func BenchmarkAuditNymEid(b *testing.B) { } b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { err := env.signer.AuditNymEid(env.ipk, eidIndex, 0, sig, "nymeid", m.EidNymAuditData.Rand, types.AuditExpectSignature) if err != nil { b.Fatal(err) @@ -476,7 +476,7 @@ func BenchmarkAuditNymRh(b *testing.B) { } b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { err := env.signer.AuditNymRh(env.ipk, rhIndex, 0, sig, "nymrh", m.RhNymAuditData.Rand, types.AuditExpectSignature) if err != nil { b.Fatal(err) diff --git a/bccsp/schemes/aries/blind_sign.go b/bccsp/schemes/aries/blind_sign.go index c48c23fa..9feab657 100644 --- a/bccsp/schemes/aries/blind_sign.go +++ b/bccsp/schemes/aries/blind_sign.go @@ -12,7 +12,6 @@ import ( "fmt" "github.com/IBM/idemix/bbs" - math "github.com/IBM/mathlib" ml "github.com/IBM/mathlib" ) @@ -106,7 +105,7 @@ func (b *POKOfBlindedMessages) VerifyProof(messages []bool, commitment *ml.G1, c // VerifyBlinding verifies that `msgCommit` is a valid // commitment of a set of messages against the appropriate bases. -func VerifyBlinding(messageBitmap []bool, msgCommit *ml.G1, bmProof *POKOfBlindedMessages, PK *bbs.PublicKey, nonce []byte, curve *math.Curve) error { +func VerifyBlinding(messageBitmap []bool, msgCommit *ml.G1, bmProof *POKOfBlindedMessages, PK *bbs.PublicKey, nonce []byte, curve *ml.Curve) error { challengeBytes := msgCommit.Bytes() challengeBytes = append(challengeBytes, bmProof.C.Bytes()...) challengeBytes = append(challengeBytes, nonce...) @@ -179,7 +178,7 @@ func BlindMessagesZr(zrs []*ml.Zr, PK *bbs.PublicKey, blindedMsgCount int, nonce } // BlindSign signs disclosed and blinded messages using private key in compressed form. -func BlindSign(messages []*bbs.SignatureMessage, msgCount int, commitment *ml.G1, privKeyBytes []byte, curve *math.Curve) ([]byte, error) { +func BlindSign(messages []*bbs.SignatureMessage, msgCount int, commitment *ml.G1, privKeyBytes []byte, curve *ml.Curve) ([]byte, error) { bl := bbs.NewBBSLib(curve) privKey, err := bl.UnmarshalPrivateKey(privKeyBytes) diff --git a/bccsp/schemes/aries/blind_sign_test.go b/bccsp/schemes/aries/blind_sign_test.go index 0d0c3e5c..56600dfb 100644 --- a/bccsp/schemes/aries/blind_sign_test.go +++ b/bccsp/schemes/aries/blind_sign_test.go @@ -13,13 +13,11 @@ import ( "github.com/IBM/idemix/bbs" "github.com/IBM/idemix/bccsp/schemes/aries" - math "github.com/IBM/mathlib" ml "github.com/IBM/mathlib" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) -func generateKeyPairRandom(curve *math.Curve) (*bbs.PublicKey, *bbs.PrivateKey, error) { +func generateKeyPairRandom(curve *ml.Curve) (*bbs.PublicKey, *bbs.PrivateKey, error) { seed := make([]byte, 32) _, err := rand.Read(seed) @@ -31,7 +29,7 @@ func generateKeyPairRandom(curve *math.Curve) (*bbs.PublicKey, *bbs.PrivateKey, } func TestBlindSignMessages(t *testing.T) { - curve := math.Curves[math.BLS12_381_BBS] + curve := ml.Curves[ml.BLS12_381_BBS] pubKey, privKey, err := generateKeyPairRandom(curve) require.NoError(t, err) @@ -74,16 +72,16 @@ func TestBlindSignMessages(t *testing.T) { } bm, err := aries.BlindMessages(blindedMessagesBytes, pubKey, blindMsgCount, []byte("nonce578"), curve) - assert.NoError(t, err) + require.NoError(t, err) S := bm.S bmBytes := bm.Bytes() bm, err = aries.ParseBlindedMessages(bmBytes, curve) - assert.NoError(t, err) + require.NoError(t, err) err = aries.VerifyBlinding(blindedMessagesBitmap, bm.C, bm.PoK, pubKey, []byte("nonce578"), curve) - assert.NoError(t, err) + require.NoError(t, err) bls := bbs.New(curve) @@ -106,7 +104,7 @@ func TestBlindSignMessages(t *testing.T) { } func TestBlindSignZr(t *testing.T) { - curve := math.Curves[math.BLS12_381_BBS] + curve := ml.Curves[ml.BLS12_381_BBS] pubKey, privKey, err := generateKeyPairRandom(curve) require.NoError(t, err) @@ -135,10 +133,10 @@ func TestBlindSignZr(t *testing.T) { } bm, err := aries.BlindMessagesZr(blindedMessagesZr, pubKey, blindMsgCount, []byte("nonce23423"), curve) - assert.NoError(t, err) + require.NoError(t, err) err = aries.VerifyBlinding(blindedMessagesBitmap, bm.C, bm.PoK, pubKey, []byte("nonce23423"), curve) - assert.NoError(t, err) + require.NoError(t, err) privKeyBytes, err := privKey.Marshal() require.NoError(t, err) diff --git a/bccsp/schemes/aries/cred.pb.go b/bccsp/schemes/aries/cred.pb.go index 1bed8a6a..e16b4037 100644 --- a/bccsp/schemes/aries/cred.pb.go +++ b/bccsp/schemes/aries/cred.pb.go @@ -12,11 +12,12 @@ package aries import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" unsafe "unsafe" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" ) const ( diff --git a/bccsp/schemes/aries/credrequest_test.go b/bccsp/schemes/aries/credrequest_test.go index 5e501804..e54a5c0a 100644 --- a/bccsp/schemes/aries/credrequest_test.go +++ b/bccsp/schemes/aries/credrequest_test.go @@ -51,10 +51,10 @@ func TestCredRequest(t *testing.T) { sk, err := userProto.NewKey() require.NoError(t, err) - credReq, blinding, err := cr.Blind(sk, ipk, []byte("la la land")) + credReq, blinding, err := cr.Blind(sk, ipk, []byte("la land")) require.NoError(t, err) - err = cr.BlindVerify(credReq, ipk, []byte("la la land")) + err = cr.BlindVerify(credReq, ipk, []byte("la land")) require.NoError(t, err) allAttrs := []types.IdemixAttribute{ @@ -72,7 +72,7 @@ func TestCredRequest(t *testing.T) { t.Run("full_lifecycle", func(t *testing.T) { err := credProto.Verify(sk, ipk, cred, allAttrs) - assert.NoError(t, err) + require.NoError(t, err) }) t.Run("verify_with_hidden_last_attr", func(t *testing.T) { @@ -83,7 +83,7 @@ func TestCredRequest(t *testing.T) { {Type: types.IdemixHiddenAttribute}, } err := credProto.Verify(sk, ipk, cred, attrs) - assert.NoError(t, err) + require.NoError(t, err) }) t.Run("verify_with_hidden_first_and_last_attr", func(t *testing.T) { @@ -94,7 +94,7 @@ func TestCredRequest(t *testing.T) { {Type: types.IdemixHiddenAttribute}, } err := credProto.Verify(sk, ipk, cred, attrs) - assert.NoError(t, err) + require.NoError(t, err) }) t.Run("wrong_attr_at_position_0", func(t *testing.T) { diff --git a/bccsp/schemes/aries/error_paths_test.go b/bccsp/schemes/aries/error_paths_test.go index a878de97..7e400265 100644 --- a/bccsp/schemes/aries/error_paths_test.go +++ b/bccsp/schemes/aries/error_paths_test.go @@ -53,7 +53,7 @@ func TestErrorPaths_CredRequest_Blind(t *testing.T) { t.Run("wrong_key_type", func(t *testing.T) { _, _, err := cr.Blind(sk, &fakeIPK{}, []byte("nonce")) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "invalid issuer public key") }) } @@ -69,23 +69,23 @@ func TestErrorPaths_CredRequest_BlindVerify(t *testing.T) { t.Run("wrong_key_type", func(t *testing.T) { err := cr.BlindVerify(validCredReq, &fakeIPK{}, []byte("nonce")) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "invalid issuer public key") }) t.Run("garbage_cred_request_bytes", func(t *testing.T) { err := cr.BlindVerify([]byte("garbage"), ipk, []byte("nonce")) - assert.Error(t, err) + require.Error(t, err) }) t.Run("empty_cred_request_bytes", func(t *testing.T) { err := cr.BlindVerify([]byte{}, ipk, []byte("nonce")) - assert.Error(t, err) + require.Error(t, err) }) t.Run("wrong_nonce", func(t *testing.T) { err := cr.BlindVerify(validCredReq, ipk, []byte("wrong-nonce")) - assert.Error(t, err) + require.Error(t, err) }) } @@ -97,7 +97,7 @@ func TestErrorPaths_CredRequest_Unblind(t *testing.T) { t.Run("malformed_signature_bytes", func(t *testing.T) { // Not a valid protobuf _, err := cr.Unblind([]byte("not-a-protobuf"), curve.NewRandomZr(rand.Reader).Bytes()) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "proto.Unmarshal failed") }) @@ -134,7 +134,7 @@ func TestErrorPaths_Signer_Sign(t *testing.T) { attributes, []byte("msg"), 2, 1, []byte("cri"), types.Standard, nil, ) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "invalid issuer public key") }) @@ -144,7 +144,7 @@ func TestErrorPaths_Signer_Sign(t *testing.T) { attributes, []byte("msg"), 2, 1, []byte("not-a-protobuf"), types.Standard, nil, ) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "failed unmarshalling credential revocation information") }) @@ -158,8 +158,8 @@ func TestErrorPaths_Signer_Sign(t *testing.T) { attributes, []byte("msg"), 2, 1, criWithBadAlg, types.Standard, nil, ) - assert.Error(t, err) - assert.Contains(t, err.Error(), "Unsupported revocation algorithm") + require.Error(t, err) + assert.Contains(t, err.Error(), "unsupported revocation algorithm") }) t.Run("malformed_credential_bytes", func(t *testing.T) { @@ -176,7 +176,7 @@ func TestErrorPaths_Signer_Sign(t *testing.T) { attributes, []byte("msg"), 2, 1, cri, types.Standard, nil, ) - assert.Error(t, err) + require.Error(t, err) }) } @@ -201,7 +201,7 @@ func TestErrorPaths_Signer_Verify(t *testing.T) { attributes, 2, 1, 0, nil, 0, types.ExpectStandard, nil, ) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "invalid issuer public key") }) @@ -211,7 +211,7 @@ func TestErrorPaths_Signer_Verify(t *testing.T) { attributes, 2, 1, 0, nil, 0, types.ExpectStandard, nil, ) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "proto.Unmarshal error") }) @@ -222,7 +222,7 @@ func TestErrorPaths_Signer_Verify(t *testing.T) { types.ExpectStandard, nil, ) // Empty bytes unmarshal to empty Signature proto with nil NonRevocationProof - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "no non-revocation proof") }) } @@ -240,7 +240,7 @@ func TestErrorPaths_AuditNymEid(t *testing.T) { &fakeIPK{}, 1, 0, []byte("sig"), "eid", curve.NewRandomZr(rng), types.AuditExpectSignature, ) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "invalid issuer public key") }) @@ -250,7 +250,7 @@ func TestErrorPaths_AuditNymEid(t *testing.T) { ipk, 1, 0, []byte("garbage"), "eid", curve.NewRandomZr(rng), types.AuditExpectSignature, ) - assert.Error(t, err) + require.Error(t, err) }) t.Run("garbage_signature_AuditExpectEidNym", func(t *testing.T) { @@ -259,7 +259,7 @@ func TestErrorPaths_AuditNymEid(t *testing.T) { ipk, 1, 0, []byte("garbage"), "eid", curve.NewRandomZr(rng), types.AuditExpectEidNym, ) - assert.Error(t, err) + require.Error(t, err) }) t.Run("invalid_audit_type", func(t *testing.T) { @@ -268,7 +268,7 @@ func TestErrorPaths_AuditNymEid(t *testing.T) { ipk, 1, 0, []byte("sig"), "eid", curve.NewRandomZr(rng), types.AuditVerificationType(99), ) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "invalid audit type") }) } @@ -286,7 +286,7 @@ func TestErrorPaths_AuditNymRh(t *testing.T) { &fakeIPK{}, 2, 0, []byte("sig"), "rh", curve.NewRandomZr(rng), types.AuditExpectSignature, ) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "invalid issuer public key") }) @@ -296,7 +296,7 @@ func TestErrorPaths_AuditNymRh(t *testing.T) { ipk, 2, 0, []byte("garbage"), "rh", curve.NewRandomZr(rng), types.AuditExpectSignature, ) - assert.Error(t, err) + require.Error(t, err) }) t.Run("garbage_signature_AuditExpectEidNymRhNym", func(t *testing.T) { @@ -305,7 +305,7 @@ func TestErrorPaths_AuditNymRh(t *testing.T) { ipk, 2, 0, []byte("garbage"), "rh", curve.NewRandomZr(rng), types.AuditExpectEidNymRhNym, ) - assert.Error(t, err) + require.Error(t, err) }) t.Run("invalid_audit_type", func(t *testing.T) { @@ -314,7 +314,7 @@ func TestErrorPaths_AuditNymRh(t *testing.T) { ipk, 2, 0, []byte("sig"), "rh", curve.NewRandomZr(rng), types.AuditVerificationType(99), ) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "invalid audit type") }) } @@ -328,7 +328,7 @@ func TestErrorPaths_RevocationAuthority_Sign(t *testing.T) { t.Run("nil_key", func(t *testing.T) { _, err := rev.Sign(nil, nil, 0, types.AlgNoRevocation) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "nil input") }) @@ -337,7 +337,7 @@ func TestErrorPaths_RevocationAuthority_Sign(t *testing.T) { require.NoError(t, err) _, err = rev.Sign(key, nil, 0, types.RevocationAlgorithm(99)) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "not supported") }) } @@ -351,7 +351,7 @@ func TestErrorPaths_RevocationAuthority_Verify(t *testing.T) { t.Run("nil_public_key", func(t *testing.T) { err := rev.Verify(nil, []byte("cri"), 0, types.AlgNoRevocation) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "nil input") }) @@ -360,7 +360,7 @@ func TestErrorPaths_RevocationAuthority_Verify(t *testing.T) { require.NoError(t, err) err = rev.Verify(&key.PublicKey, []byte("garbage"), 0, types.AlgNoRevocation) - assert.Error(t, err) + require.Error(t, err) }) t.Run("corrupted_epoch_signature", func(t *testing.T) { @@ -376,7 +376,7 @@ func TestErrorPaths_RevocationAuthority_Verify(t *testing.T) { corrupted[len(corrupted)-5] ^= 0xFF err = rev.Verify(&key.PublicKey, corrupted, 0, types.AlgNoRevocation) - assert.Error(t, err) + require.Error(t, err) }) } @@ -385,7 +385,7 @@ func TestErrorPaths_ParseBlindedMessages(t *testing.T) { t.Run("too_short_bytes", func(t *testing.T) { _, err := aries.ParseBlindedMessages([]byte{0x01, 0x02, 0x03}, curve) - assert.Error(t, err) + require.Error(t, err) }) t.Run("garbage_bytes_full_length", func(t *testing.T) { @@ -395,12 +395,12 @@ func TestErrorPaths_ParseBlindedMessages(t *testing.T) { garbage[i] = 0xAB } _, err := aries.ParseBlindedMessages(garbage, curve) - assert.Error(t, err) + require.Error(t, err) }) t.Run("empty_bytes", func(t *testing.T) { _, err := aries.ParseBlindedMessages([]byte{}, curve) - assert.Error(t, err) + require.Error(t, err) }) } @@ -410,12 +410,12 @@ func TestErrorPaths_Issuer_NewKeyFromBytes(t *testing.T) { t.Run("garbage_bytes", func(t *testing.T) { _, err := issuer.NewKeyFromBytes([]byte("garbage"), []string{"a", "b"}) - assert.Error(t, err) + require.Error(t, err) }) t.Run("empty_bytes", func(t *testing.T) { _, err := issuer.NewKeyFromBytes([]byte{}, []string{"a", "b"}) - assert.Error(t, err) + require.Error(t, err) }) } @@ -425,12 +425,12 @@ func TestErrorPaths_Issuer_NewPublicKeyFromBytes(t *testing.T) { t.Run("garbage_bytes", func(t *testing.T) { _, err := issuer.NewPublicKeyFromBytes([]byte("garbage"), []string{"a", "b"}) - assert.Error(t, err) + require.Error(t, err) }) t.Run("empty_bytes", func(t *testing.T) { _, err := issuer.NewPublicKeyFromBytes([]byte{}, []string{"a", "b"}) - assert.Error(t, err) + require.Error(t, err) }) } @@ -444,25 +444,25 @@ func TestErrorPaths_Issuer_Bases(t *testing.T) { t.Run("wrong_key_type", func(t *testing.T) { _, err := issuer.Bases(&fakeIPK{}, types.Dlog, 2, 1, 0) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "invalid issuer public key") }) t.Run("invalid_ipk_type", func(t *testing.T) { _, err := issuer.Bases(ipk, types.CommitmentBasesRequest(99), 2, 1, 0) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "invalid ipk type") }) t.Run("duplicate_indices", func(t *testing.T) { _, err := issuer.Bases(ipk, types.Dlog, 1, 1, 0) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "invalid indices") }) t.Run("index_out_of_range", func(t *testing.T) { _, err := issuer.Bases(ipk, types.Dlog, 99, 1, 0) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "invalid indices") }) } @@ -476,12 +476,12 @@ func TestErrorPaths_User_NewKeyFromBytes(t *testing.T) { t.Run("empty_bytes", func(t *testing.T) { _, err := user.NewKeyFromBytes([]byte{}) - assert.Error(t, err) + require.Error(t, err) }) t.Run("wrong_length_bytes", func(t *testing.T) { _, err := user.NewKeyFromBytes([]byte{0x01, 0x02, 0x03}) - assert.Error(t, err) + require.Error(t, err) }) } @@ -494,6 +494,6 @@ func TestErrorPaths_User_NewPublicNymFromBytes(t *testing.T) { t.Run("garbage_bytes", func(t *testing.T) { _, err := user.NewPublicNymFromBytes([]byte("garbage")) - assert.Error(t, err) + require.Error(t, err) }) } diff --git a/bccsp/schemes/aries/issuer_test.go b/bccsp/schemes/aries/issuer_test.go index 8a44e777..802dab6b 100644 --- a/bccsp/schemes/aries/issuer_test.go +++ b/bccsp/schemes/aries/issuer_test.go @@ -38,7 +38,7 @@ func TestIssuer(t *testing.T) { require.NotNil(t, iskBytes) isk1, err := issuer.NewKeyFromBytes(iskBytes, attrs) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, isk1) assert.Equal(t, isk, isk1) }) @@ -49,7 +49,7 @@ func TestIssuer(t *testing.T) { require.NotNil(t, ipkBytes) ipk1, err := issuer.NewPublicKeyFromBytes(ipkBytes, attrs) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, ipk1) assert.True(t, ipk.(*aries.IssuerPublicKey).PK.PointG2.Equals(ipk1.(*aries.IssuerPublicKey).PK.PointG2)) assert.Equal(t, ipk.(*aries.IssuerPublicKey).N, ipk1.(*aries.IssuerPublicKey).N) diff --git a/bccsp/schemes/aries/nymsigner_test.go b/bccsp/schemes/aries/nymsigner_test.go index f2aabc4b..52ca67a8 100644 --- a/bccsp/schemes/aries/nymsigner_test.go +++ b/bccsp/schemes/aries/nymsigner_test.go @@ -55,15 +55,15 @@ func TestNymSigner(t *testing.T) { t.Run("happy_path", func(t *testing.T) { sig, err := signer.Sign(sk, nym, rNym, _ipk, []byte("ciao")) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(_ipk, nym, sig, []byte("ciao"), skPos) - assert.NoError(t, err) + require.NoError(t, err) }) t.Run("wrong_randomness", func(t *testing.T) { sig, err := signer.Sign(sk, nym, curve.NewRandomZr(rand), _ipk, []byte("ciao")) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(_ipk, nym, sig, []byte("ciao"), skPos) assert.EqualError(t, err, "contribution is not zero") @@ -71,7 +71,7 @@ func TestNymSigner(t *testing.T) { t.Run("wrong_secret_key", func(t *testing.T) { sig, err := signer.Sign(curve.NewRandomZr(rand), nym, rNym, _ipk, []byte("ciao")) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(_ipk, nym, sig, []byte("ciao"), skPos) assert.EqualError(t, err, "contribution is not zero") @@ -79,7 +79,7 @@ func TestNymSigner(t *testing.T) { t.Run("wrong_nym_at_sign", func(t *testing.T) { sig, err := signer.Sign(sk, curve.GenG1.Mul(curve.NewRandomZr(rand)), rNym, _ipk, []byte("ciao")) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(_ipk, nym, sig, []byte("ciao"), skPos) assert.EqualError(t, err, "contribution is not zero") @@ -87,7 +87,7 @@ func TestNymSigner(t *testing.T) { t.Run("wrong_nym_at_verify", func(t *testing.T) { sig, err := signer.Sign(sk, nym, rNym, _ipk, []byte("ciao")) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(_ipk, curve.GenG1.Mul(curve.NewRandomZr(rand)), sig, []byte("ciao"), skPos) assert.EqualError(t, err, "contribution is not zero") diff --git a/bccsp/schemes/aries/revocation.go b/bccsp/schemes/aries/revocation.go index f287d71d..000c9329 100644 --- a/bccsp/schemes/aries/revocation.go +++ b/bccsp/schemes/aries/revocation.go @@ -12,6 +12,7 @@ import ( "crypto/rand" "crypto/sha256" "encoding/asn1" + "errors" "fmt" "io" "math/big" @@ -35,9 +36,9 @@ func (r *RevocationAuthority) NewKey() (*ecdsa.PrivateKey, error) { // NewKeyFromBytes generates a long term signing key that will be used for revocation from the passed bytes func (r *RevocationAuthority) NewKeyFromBytes(raw []byte) (*ecdsa.PrivateKey, error) { priv := &ecdsa.PrivateKey{} - priv.D = new(big.Int).SetBytes(raw) - priv.PublicKey.Curve = elliptic.P384() - priv.PublicKey.X, priv.PublicKey.Y = elliptic.P384().ScalarBaseMult(priv.D.Bytes()) + priv.D = new(big.Int).SetBytes(raw) //nolint:staticcheck + priv.Curve = elliptic.P384() + priv.X, priv.Y = elliptic.P384().ScalarBaseMult(priv.D.Bytes()) //nolint:staticcheck return priv, nil } @@ -46,7 +47,7 @@ func (r *RevocationAuthority) NewKeyFromBytes(raw []byte) (*ecdsa.PrivateKey, er // Users can use the CRI to prove that they are not revoked. func (r *RevocationAuthority) Sign(key *ecdsa.PrivateKey, _ [][]byte, epoch int, alg types.RevocationAlgorithm) ([]byte, error) { if key == nil { - return nil, fmt.Errorf("CreateCRI received nil input") + return nil, errors.New("createCRI received nil input") } cri := &CredentialRevocationInformation{} @@ -78,7 +79,7 @@ func (r *RevocationAuthority) Sign(key *ecdsa.PrivateKey, _ [][]byte, epoch int, if alg == types.AlgNoRevocation { return proto.Marshal(cri) } else { - return nil, fmt.Errorf("the specified revocation algorithm is not supported.") + return nil, errors.New("the specified revocation algorithm is not supported") } } @@ -89,7 +90,7 @@ func (r *RevocationAuthority) Sign(key *ecdsa.PrivateKey, _ [][]byte, epoch int, // is used in this epoch. func (r *RevocationAuthority) Verify(pk *ecdsa.PublicKey, criRaw []byte, epoch int, alg types.RevocationAlgorithm) error { if pk == nil { - return fmt.Errorf("CreateCRI received nil input") + return errors.New("createCRI received nil input") } cri := &CredentialRevocationInformation{} @@ -116,7 +117,7 @@ func (r *RevocationAuthority) Verify(pk *ecdsa.PublicKey, criRaw []byte, epoch i } if !ecdsa.Verify(pk, digest[:], sig.R, sig.S) { - return fmt.Errorf("EpochPKSig invalid") + return errors.New("epochPKSig invalid") } return nil diff --git a/bccsp/schemes/aries/revocation_test.go b/bccsp/schemes/aries/revocation_test.go index fb121681..a5b05a7d 100644 --- a/bccsp/schemes/aries/revocation_test.go +++ b/bccsp/schemes/aries/revocation_test.go @@ -11,7 +11,6 @@ import ( "github.com/IBM/idemix/bccsp/schemes/aries" idemix "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -34,20 +33,20 @@ func TestRevocation(t *testing.T) { t.Run("sign_and_verify_happy_path", func(t *testing.T) { err := rev.Verify(&revocationKey.PublicKey, cri, epoch, idemix.AlgNoRevocation) - assert.NoError(t, err) + require.NoError(t, err) }) t.Run("wrong_epoch_fails", func(t *testing.T) { err := rev.Verify(&revocationKey.PublicKey, cri, epoch+1, idemix.AlgNoRevocation) - assert.Error(t, err) + require.Error(t, err) }) t.Run("key_roundtrip", func(t *testing.T) { - bytes := revocationKey.D.Bytes() + bytes := revocationKey.D.Bytes() //nolint:staticcheck restoredKey, err := rev.NewKeyFromBytes(bytes) require.NoError(t, err) err = rev.Verify(&restoredKey.PublicKey, cri, epoch, idemix.AlgNoRevocation) - assert.NoError(t, err) + require.NoError(t, err) }) } diff --git a/bccsp/schemes/aries/signer.go b/bccsp/schemes/aries/signer.go index 88d39bf1..7078ef32 100644 --- a/bccsp/schemes/aries/signer.go +++ b/bccsp/schemes/aries/signer.go @@ -118,7 +118,7 @@ func (v *vc2SmartcardProofVerifier) Verify(challenge *math.Zr, pubKey *bbs.Publi pr := v.curve.GenG1.Copy() pr.Sub(v.curve.GenG1) - for i := 0; i < len(basesDisclosed); i++ { + for i := range basesDisclosed { b := basesDisclosed[i] s := exponents[i] @@ -162,7 +162,7 @@ func (s *Signer) getPoKOfSignature( // As such, we assume that `Nym` and `RNym` were generated by the smartcard // and so we cannot prove their knowledge. We therefore pass them in to - // `NewPoKOfSignatureExt` as their as, since thier correctiness has already + // `NewPoKOfSignatureExt` as their as, since their correctiness has already // been proven by the smartcard in a separate proof. C := Nym.Copy() C.Sub(ipk.H0.Mul(RNym)) @@ -200,7 +200,6 @@ func (s *Signer) getChallengeHash( msg []byte, sigType types.SignatureType, ) (*math.Zr, *math.Zr) { - // hash the signature type first var challengeBytes []byte switch sigType { @@ -294,13 +293,13 @@ func (s *Signer) packageProof( if nymEid != nil { sig.NymEid = nymEid.comm.Bytes() sig.NymEidProof = proofNymEid.ToBytes() - sig.NymEidIdx = int32(nymEid.index) + sig.NymEidIdx = int32(nymEid.index) // #nosec G115 -- index is from internal attribute list, always within int32 range } if rhNym != nil { sig.NymRh = rhNym.comm.Bytes() sig.NymRhProof = proofRhNym.ToBytes() - sig.NymRhIdx = int32(rhNym.index) + sig.NymRhIdx = int32(rhNym.index) // #nosec G115 -- index is from internal attribute list, always within int32 range } return proto.Marshal(sig) @@ -312,7 +311,6 @@ func (s *Signer) getCommitNym( sigType types.SignatureType, userSecretKeyIndex int, ) *bbs.ProverCommittedG1 { - if sigType == types.Smartcard || sigType == types.SmartcardNoNyms { return nil } @@ -372,7 +370,6 @@ func (s *Signer) getAttributeCommitment( enabled bool, auditData *types.AttrNymAuditData, ) (*attributeCommitment, error) { - if !enabled { return nil, nil } @@ -384,7 +381,7 @@ func (s *Signer) getAttributeCommitment( if auditData != nil { if !attr.Equals(auditData.Attr) { - return nil, fmt.Errorf("attribute supplied in metadata differs from signed") + return nil, errors.New("attribute supplied in metadata differs from signed") } R = auditData.Rand @@ -394,7 +391,7 @@ func (s *Signer) getAttributeCommitment( Nym = cb.Build() if !auditData.Nym.Equals(Nym) { - return nil, fmt.Errorf("nym supplied in metadata cannot be recomputed") + return nil, errors.New("nym supplied in metadata cannot be recomputed") } } else { R = s.Curve.NewRandomZr(s.Rng) @@ -429,7 +426,6 @@ func (s *Signer) indexOfAttributeInCommitment( indexInPk int, ipk *bbs.PublicKeyWithGenerators, ) (int, error) { - // this is the base used in the public key for the attribute; no +1 since we assume that the caller has already catered for that base := ipk.H[indexInPk] @@ -439,7 +435,7 @@ func (s *Signer) indexOfAttributeInCommitment( } } - return -1, fmt.Errorf("attribute not found") + return -1, errors.New("attribute not found") } // Sign creates a new idemix signature @@ -456,20 +452,19 @@ func (s *Signer) Sign( sigType types.SignatureType, metadata *types.IdemixSignerMetadata, ) ([]byte, *types.IdemixSignerMetadata, error) { - - /////////////// + // ///////////// // arg check // - /////////////// + // ///////////// if (sigType == types.EidNym || sigType == types.Smartcard) && attributes[eidIndex].Type != types.IdemixHiddenAttribute { - return nil, nil, fmt.Errorf("cannot create idemix signature: disclosure of enrollment ID requested for EidNym signature") + return nil, nil, errors.New("cannot create idemix signature: disclosure of enrollment ID requested for EidNym signature") } if (sigType == types.EidNymRhNym || sigType == types.Smartcard) && (attributes[eidIndex].Type != types.IdemixHiddenAttribute || attributes[rhIndex].Type != types.IdemixHiddenAttribute) { - return nil, nil, fmt.Errorf("cannot create idemix signature: disclosure of enrollment ID or RH requested for EidNymRhNym signature") + return nil, nil, errors.New("cannot create idemix signature: disclosure of enrollment ID or RH requested for EidNymRhNym signature") } ipk, ok := key.(*IssuerPublicKey) @@ -477,9 +472,9 @@ func (s *Signer) Sign( return nil, nil, fmt.Errorf("invalid issuer public key, expected *IssuerPublicKey, got [%T]", ipk) } - /////////////////////// + // ///////////////////// // handle revocation // - /////////////////////// + // ///////////////////// cri := &CredentialRevocationInformation{} err := proto.Unmarshal(criRaw, cri) @@ -489,12 +484,12 @@ func (s *Signer) Sign( // if we add any other revocation algorithm, we need to change the challenge hash if cri.RevocationAlg != int32(types.AlgNoRevocation) { - return nil, nil, fmt.Errorf("Unsupported revocation algorithm") + return nil, nil, errors.New("unsupported revocation algorithm") } - ////////////////////////////////// + // //////////////////////////////// // Generate main PoK (1st move) // - ////////////////////////////////// + // //////////////////////////////// credential := &Credential{} err = proto.Unmarshal(credBytes, credential) @@ -507,15 +502,15 @@ func (s *Signer) Sign( return nil, nil, err } - ////////////////// + // //////////////// // Handling Nym // - ////////////////// + // //////////////// commitNym := s.getCommitNym(ipk, pokSignature, sigType, int(credential.SkPos)) - /////////////////// + // ///////////////// // Handle NymEID // - /////////////////// + // ///////////////// // increment the index to cater for the index for `sk` if eidIndex >= int(credential.SkPos) { @@ -527,9 +522,9 @@ func (s *Signer) Sign( return nil, nil, err } - /////////////////// + // ///////////////// // Handle RhNym // - /////////////////// + // ///////////////// // increment the index to cater for the index for `sk` if rhIndex >= int(credential.SkPos) { @@ -541,15 +536,15 @@ func (s *Signer) Sign( return nil, nil, err } - /////////////////////// + // ///////////////////// // Get the challenge // - /////////////////////// + // ///////////////////// proofChallenge, Nonce := s.getChallengeHash(pokSignature, Nym, commitNym, nymEid, rhNym, msg, sigType) - //////////////////////// + // ////////////////////// // Generate responses // - //////////////////////// + // ////////////////////// // 1) main proof := pokSignature.GenerateProof(proofChallenge) @@ -569,9 +564,9 @@ func (s *Signer) Sign( proofRhNym = rhNym.proof.GenerateProof(proofChallenge, []*math.Zr{rhNym.r, messagesFr[rhIndex].FR}) } - /////////////////// + // ///////////////// // Package proof // - /////////////////// + // ///////////////// sigBytes, err := s.packageProof(attributes, Nym, proof, proofNym, nymEid, proofNymEid, rhNym, proofRhNym, cri, Nonce) if err != nil { @@ -632,33 +627,33 @@ func (s *Signer) Verify( } if sig.NonRevocationProof == nil { - return fmt.Errorf("signature has no non-revocation proof") + return errors.New("signature has no non-revocation proof") } if sig.NonRevocationProof.RevocationAlg != int32(types.AlgNoRevocation) { - return fmt.Errorf("unsupported revocation algorithm") + return errors.New("unsupported revocation algorithm") } if verType == types.ExpectEidNym && (len(sig.NymEid) == 0 || len(sig.NymEidProof) == 0) { - return fmt.Errorf("no EidNym provided but ExpectEidNym required") + return errors.New("no EidNym provided but ExpectEidNym required") } if verType == types.ExpectEidNymRhNym { if len(sig.NymEid) == 0 || len(sig.NymEidProof) == 0 { - return fmt.Errorf("no EidNym provided but ExpectEidNymRhNym required") + return errors.New("no EidNym provided but ExpectEidNymRhNym required") } if len(sig.NymRh) == 0 || len(sig.NymRhProof) == 0 { - return fmt.Errorf("no RhNym provided but ExpectEidNymRhNym required") + return errors.New("no RhNym provided but ExpectEidNymRhNym required") } } if verType == types.ExpectStandard || verType == types.ExpectSmartcardNoNyms { if len(sig.NymRh) != 0 || len(sig.NymRhProof) != 0 { - return fmt.Errorf("RhNym available but ExpectStandard required") + return errors.New("RhNym available but ExpectStandard required") } if len(sig.NymEid) != 0 || len(sig.NymEidProof) != 0 { - return fmt.Errorf("EidNym available but ExpectStandard required") + return errors.New("EidNym available but ExpectStandard required") } } @@ -678,7 +673,7 @@ func (s *Signer) Verify( } if len(payload.Revealed) > len(messages) { - return fmt.Errorf("payload revealed bigger from messages") + return errors.New("payload revealed bigger from messages") } Nym, err := s.Curve.NewG1FromBytes(sig.Nym) @@ -722,9 +717,9 @@ func (s *Signer) Verify( } } - //////////////////////// + // ////////////////////// // Hash the challenge // - //////////////////////// + // ////////////////////// // hash the signature type first var challengeBytes []byte @@ -779,9 +774,9 @@ func (s *Signer) Verify( challengeBytes = append(challengeBytes, sig.Nonce...) proofChallenge = bbs.FrFromOKM(challengeBytes, s.Curve) - ////////////////////// + // //////////////////// // Verify responses // - ////////////////////// + // //////////////////// // increment the index to cater for the index for `sk` if eidIndex >= skIndex { @@ -801,21 +796,21 @@ func (s *Signer) Verify( ipk.PKwG.H0, meta.EidNymAuditData.Rand) if !ne.Equals(NymEid) { - return fmt.Errorf("signature invalid: nym eid validation failed, does not match regenerated nym eid") + return errors.New("signature invalid: nym eid validation failed, does not match regenerated nym eid") } if meta.EidNymAuditData.Nym != nil && !NymEid.Equals(meta.EidNymAuditData.Nym) { - return fmt.Errorf("signature invalid: nym eid validation failed, does not match metadata") + return errors.New("signature invalid: nym eid validation failed, does not match metadata") } } if len(meta.EidNym) != 0 { NymEID_, err := s.Curve.NewG1FromBytes(meta.EidNym) if err != nil { - return fmt.Errorf("signature invalid: nym eid validation failed, failed to unmarshal meta nym eid") + return errors.New("signature invalid: nym eid validation failed, failed to unmarshal meta nym eid") } if !NymEID_.Equals(NymEid) { - return fmt.Errorf("signature invalid: nym eid validation failed, signature nym eid does not match metadata") + return errors.New("signature invalid: nym eid validation failed, signature nym eid does not match metadata") } } } @@ -829,21 +824,21 @@ func (s *Signer) Verify( ) if !rn.Equals(RhNym) { - return fmt.Errorf("signature invalid: nym rh validation failed, does not match regenerated nym rh") + return errors.New("signature invalid: nym rh validation failed, does not match regenerated nym rh") } if meta.RhNymAuditData.Nym != nil && !RhNym.Equals(meta.RhNymAuditData.Nym) { - return fmt.Errorf("signature invalid: nym rh validation failed, does not match metadata") + return errors.New("signature invalid: nym rh validation failed, does not match metadata") } } if len(meta.RhNym) != 0 { RhNym_, err := s.Curve.NewG1FromBytes(meta.RhNym) if err != nil { - return fmt.Errorf("signature invalid: rh nym validation failed, failed to unmarshal meta rh nym") + return errors.New("signature invalid: rh nym validation failed, failed to unmarshal meta rh nym") } if !RhNym_.Equals(RhNym) { - return fmt.Errorf("signature invalid: rh nym validation failed, signature rh nym does not match metadata") + return errors.New("signature invalid: rh nym validation failed, signature rh nym does not match metadata") } } } @@ -851,7 +846,7 @@ func (s *Signer) Verify( if verType != types.ExpectSmartcard && verType != types.ExpectSmartcardNoNyms { // verify that `sk` in the Nym is the same as the one in the signature if !nymProof.Responses[AttributeIndexInNym].Equals(signatureProof.ProofVC2.Responses[IndexOffsetVC2Attributes+skIndex]) { - return fmt.Errorf("failed equality proof for sk") + return errors.New("failed equality proof for sk") } // verify the proof of knowledge of the Nym @@ -864,7 +859,7 @@ func (s *Signer) Verify( if verifyEIDNym { // verify that eid in the NymEid is the same as the one in the signature if !nymEidProof.Responses[AttributeIndexInNym].Equals(signatureProof.ProofVC2.Responses[sig.NymEidIdx]) { - return fmt.Errorf("failed equality proof for eid") + return errors.New("failed equality proof for eid") } // verify the proof of knowledge of the Nym @@ -877,7 +872,7 @@ func (s *Signer) Verify( if verifyRHNym { // verify that rh in the RhNym is the same as the one in the signature if !rhNymProof.Responses[AttributeIndexInNym].Equals(signatureProof.ProofVC2.Responses[sig.NymRhIdx]) { - return fmt.Errorf("failed equality proof for rh") + return errors.New("failed equality proof for rh") } // verify the proof of knowledge of the Rh @@ -946,7 +941,7 @@ func (s *Signer) AuditNymEid( ne := ipk.PKwG.H[eidIndex].Mul2(eidAttr, ipk.PKwG.H0, RNymEid) if !ne.Equals(NymEid) { - return fmt.Errorf("eid nym does not match") + return errors.New("eid nym does not match") } return nil @@ -998,7 +993,7 @@ func (s *Signer) AuditNymRh( nr := ipk.PKwG.H[rhIndex].Mul2(rhAttr, ipk.PKwG.H0, RNymRh) if !nr.Equals(RhNym) { - return fmt.Errorf("rh nym does not match") + return errors.New("rh nym does not match") } return nil diff --git a/bccsp/schemes/aries/signer_test.go b/bccsp/schemes/aries/signer_test.go index d5643047..61e8ff8f 100644 --- a/bccsp/schemes/aries/signer_test.go +++ b/bccsp/schemes/aries/signer_test.go @@ -17,6 +17,7 @@ import ( "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "google.golang.org/protobuf/proto" ) @@ -24,13 +25,13 @@ func TestSmartcardSigner(t *testing.T) { sc, curve := getSmartcard(t) pubKey, privKey, err := generateKeyPairRandom(curve) - assert.NoError(t, err) + require.NoError(t, err) privKeyBytes, err := privKey.Marshal() - assert.NoError(t, err) + require.NoError(t, err) pkwg, err := pubKey.ToPublicKeyWithGenerators(5) - assert.NoError(t, err) + require.NoError(t, err) ou, role, eid, rh := "ou", 34, "eid", "rh" messagesCount := 5 // includes the sk @@ -60,19 +61,19 @@ func TestSmartcardSigner(t *testing.T) { sc.EID = bbs.FrFromOKM([]byte(eid), curve) proofBytes, err := sc.NymSign(nil) - assert.NoError(t, err) + require.NoError(t, err) seed := proofBytes[0:16] r := sc.PRF(seed, sc.PRF_K1) B, err := sc.Curve.NewG1FromBytes(proofBytes[16 : 16+curve.G1ByteSize]) - assert.NoError(t, err) + require.NoError(t, err) sig_, err := aries.BlindSign(msgsZr, messagesCount, B, privKeyBytes, curve) - assert.NoError(t, err) + require.NoError(t, err) sigBytes, err := aries.UnblindSign(sig_, r, curve) - assert.NoError(t, err) + require.NoError(t, err) attrs := make([][]byte, len(msgsZr)) for i, msg := range msgsZr { @@ -85,7 +86,7 @@ func TestSmartcardSigner(t *testing.T) { } credBytes, err := proto.Marshal(cred) - assert.NoError(t, err) + require.NoError(t, err) issuerProto := &aries.Issuer{curve} credProto := &aries.Cred{ @@ -113,13 +114,13 @@ func TestSmartcardSigner(t *testing.T) { } isk, err := issuerProto.NewKeyFromBytes(privKeyBytes, []string{"", "", "", ""}) - assert.NoError(t, err) + require.NoError(t, err) err = credProto.Verify(sc.Uid_sk, isk.Public(), credBytes, idemixAttrs) - assert.NoError(t, err) + require.NoError(t, err) rand, err := curve.Rand() - assert.NoError(t, err) + require.NoError(t, err) signer := &aries.Signer{ Curve: curve, @@ -127,10 +128,10 @@ func TestSmartcardSigner(t *testing.T) { } sig, _, err := signer.Sign(credBytes, nil, B, r, isk.Public(), idemixAttrs, []byte("silliness"), 0, 0, nil, types.SmartcardNoNyms, nil) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(isk.Public(), sig, []byte("silliness"), idemixAttrs, 0, 0, 0, nil, 0, types.ExpectSmartcardNoNyms, nil) - assert.NoError(t, err) + require.NoError(t, err) rhIndex, eidIndex := 3, 2 @@ -152,10 +153,10 @@ func TestSmartcardSigner(t *testing.T) { } sig, _, err = signer.Sign(credBytes, nil, B, r, isk.Public(), idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.Smartcard, nil) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(isk.Public(), sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectSmartcard, nil) - assert.NoError(t, err) + require.NoError(t, err) idemixAttrs = []types.IdemixAttribute{ { @@ -174,10 +175,10 @@ func TestSmartcardSigner(t *testing.T) { } sig, _, err = signer.Sign(credBytes, nil, B, r, isk.Public(), idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.Smartcard, nil) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(isk.Public(), sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectSmartcard, nil) - assert.NoError(t, err) + require.NoError(t, err) idemixAttrs = []types.IdemixAttribute{ { @@ -196,10 +197,10 @@ func TestSmartcardSigner(t *testing.T) { } sig, _, err = signer.Sign(credBytes, nil, B, r, isk.Public(), idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.Smartcard, nil) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(isk.Public(), sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectSmartcard, nil) - assert.NoError(t, err) + require.NoError(t, err) idemixAttrs = []types.IdemixAttribute{ { @@ -217,10 +218,10 @@ func TestSmartcardSigner(t *testing.T) { } sig, _, err = signer.Sign(credBytes, nil, B, r, isk.Public(), idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.Smartcard, nil) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(isk.Public(), sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectSmartcard, nil) - assert.NoError(t, err) + require.NoError(t, err) /**************************************************/ @@ -239,15 +240,16 @@ func TestSmartcardSigner(t *testing.T) { } sig, _, err = signer.Sign(credBytes, nil, B, r, isk.Public(), idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.Smartcard, meta) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(isk.Public(), sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectSmartcard, meta) - assert.NoError(t, err) + require.NoError(t, err) } func readFile(t *testing.T, name string) []byte { + t.Helper() bytes, err := os.ReadFile(name) - assert.NoError(t, err) + require.NoError(t, err) return bytes } @@ -265,7 +267,7 @@ func TestSmartcardSigner1(t *testing.T) { sc, curve := getSmartcard(t) rng, err := curve.Rand() - assert.NoError(t, err) + require.NoError(t, err) issuer := &aries.Issuer{curve} @@ -275,11 +277,11 @@ func TestSmartcardSigner1(t *testing.T) { } ipk, err := issuer.NewPublicKeyFromBytes(readFile(t, "testdata/idemix/msp/IssuerPublicKey"), []string{"", "", "", ""}) - assert.NoError(t, err) + require.NoError(t, err) conf := &IdemixMSPSignerConfig{} err = proto.Unmarshal(readFile(t, "testdata/idemix/user/SignerConfig"), conf) - assert.NoError(t, err) + require.NoError(t, err) eid := conf.EnrollmentId ou := conf.OrganizationalUnitIdentifier @@ -304,11 +306,11 @@ func TestSmartcardSigner1(t *testing.T) { // make nym signature nymSig, err := sc.NymSign(append(append([]byte{}, tau...), msg...)) - assert.NoError(t, err) + require.NoError(t, err) // verify nym signature err = sc.NymVerify(nymSig, NymEid, append(append([]byte{}, tau...), msg...)) - assert.NoError(t, err) + require.NoError(t, err) /**********************/ // standard signature // @@ -316,7 +318,7 @@ func TestSmartcardSigner1(t *testing.T) { // make idemix signature sig, err := idemixScSign(nymSig, conf.Cred, ipk, sc, NymEid, rNymEid, ou, role, eid) - assert.NoError(t, err) + require.NoError(t, err) // verify idemix signature err = verifier.Verify(ipk, sig, nil, []types.IdemixAttribute{ @@ -335,7 +337,7 @@ func TestSmartcardSigner1(t *testing.T) { Type: types.IdemixHiddenAttribute, }, }, 3, 2, 0, nil, -1, types.ExpectSmartcard, &types.IdemixSignerMetadata{EidNym: NymEid.Bytes()}) - assert.NoError(t, err) + require.NoError(t, err) } func idemixScSign( @@ -349,7 +351,6 @@ func idemixScSign( role int, eid string, ) ([]byte, error) { - seed := nymSig[0:16] rNym := sc.PRF(seed, sc.PRF_K1) @@ -408,7 +409,7 @@ func TestW3CCred(t *testing.T) { curve := math.Curves[math.BLS12_381_BBS] rand, err := curve.Rand() - assert.NoError(t, err) + require.NoError(t, err) pkHex := `87fae47132975f345b38fafd53149f7a009b89dd94fdc54d5d051a29e185ed4870acc2453fbd2e307d1543dfb7fbfdb30cf0008df96c75e2e43975b7f92864b4bc6e3f2f1495748d80a36691f6feaeb8fe151c1bb35de9bff5ac21ff9e57aebe` sigBase64 := "tQ4rHLBIh7a9dk5MVoly8ccb80pGeoEqybhYnYZO8VmguaFDyuCN7rFdBPCVs1/SYUHlKfzccE4m7waZyoLEkBLFiK2g54Q2i+CdtYBgDdkUDsoULSBMcH1MwGHwdjfXpldFNFrHFx/IAvLVniyeMQ==" @@ -446,14 +447,14 @@ func TestW3CCred(t *testing.T) { } pkBytes, err := hex.DecodeString(pkHex) - assert.NoError(t, err) + require.NoError(t, err) sigBytes, err := base64.StdEncoding.DecodeString(sigBase64) - assert.NoError(t, err) + require.NoError(t, err) bls := bbs.New(curve) err = bls.Verify(messagesBytes, sigBytes, pkBytes) - assert.NoError(t, err) + require.NoError(t, err) attributeNames := []string{ "_:c14n0 2147483647 { + t.Fatalf("skIndex out of range for int32: %d", skIndex) + } cred := &aries.Credential{ Cred: sigBytes, Attrs: attributes, - SkPos: int32(skIndex), + SkPos: int32(skIndex), // #nosec G115 -- range is validated above } credBytes, err := proto.Marshal(cred) - assert.NoError(t, err) + require.NoError(t, err) credProto := &aries.Cred{ BBS: bbs.New(curve), @@ -714,7 +718,7 @@ func TestW3CCredSkElsewhere(t *testing.T) { issuerProto := &aries.Issuer{curve} ipk, err := issuerProto.NewPublicKeyFromBytes(pkBytes, attributeNames) - assert.NoError(t, err) + require.NoError(t, err) idemixAttrs := []types.IdemixAttribute{} for i, msg := range messagesBytes { @@ -728,7 +732,7 @@ func TestW3CCredSkElsewhere(t *testing.T) { } err = credProto.Verify(sk, ipk, credBytes, idemixAttrs) - assert.NoError(t, err) + require.NoError(t, err) signer := &aries.Signer{ Curve: curve, @@ -748,24 +752,24 @@ func TestW3CCredSkElsewhere(t *testing.T) { } Nym, RNmy, err := userProto.MakeNym(sk, ipk) - assert.NoError(t, err) + require.NoError(t, err) - //////////////////// + // ////////////////// // base signature // - //////////////////// + // ////////////////// sig, _, err := signer.Sign(credBytes, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.Standard, nil) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, skIndex, nil, 0, types.Basic, nil) - assert.NoError(t, err) + require.NoError(t, err) - ////////////////////// + // //////////////////// // eidNym signature // - ////////////////////// + // //////////////////// sig, m, err := signer.Sign(credBytes, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.EidNym, nil) - assert.NoError(t, err) + require.NoError(t, err) cb := bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, m.EidNymAuditData.Rand) @@ -773,11 +777,11 @@ func TestW3CCredSkElsewhere(t *testing.T) { assert.True(t, cb.Build().Equals(m.EidNymAuditData.Nym)) err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, skIndex, nil, 0, types.ExpectEidNym, nil) - assert.NoError(t, err) + require.NoError(t, err) - ////////////////////// + // //////////////////// // eidNym signature // (nym supplied) - ////////////////////// + // //////////////////// rNym := curve.NewRandomZr(rand) @@ -796,26 +800,26 @@ func TestW3CCredSkElsewhere(t *testing.T) { } sig, _, err = signer.Sign(credBytes, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.EidNym, meta) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, skIndex, nil, 0, types.ExpectEidNym, nil) - assert.NoError(t, err) + require.NoError(t, err) // supply correct metadata for verification err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, skIndex, nil, 0, types.ExpectEidNym, meta) - assert.NoError(t, err) + require.NoError(t, err) // audit with AuditNymEid - it should succeed with the right nym and randomness err = signer.AuditNymEid(ipk, eidIndex, skIndex, sig, string(eidAttr), rNym, types.AuditExpectSignature) - assert.NoError(t, err) + require.NoError(t, err) - ///////////////////// + // /////////////////// // NymRh signature // - ///////////////////// + // /////////////////// sig, m, err = signer.Sign(credBytes, sk, Nym, RNmy, ipk, idemixAttrs, []byte("tome"), rhIndex, eidIndex, nil, types.EidNymRhNym, nil) - assert.NoError(t, err) + require.NoError(t, err) cb = bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, m.EidNymAuditData.Rand) @@ -828,11 +832,11 @@ func TestW3CCredSkElsewhere(t *testing.T) { assert.True(t, cb.Build().Equals(m.RhNymAuditData.Nym)) err = signer.Verify(ipk, sig, []byte("tome"), idemixAttrs, rhIndex, eidIndex, skIndex, nil, 0, types.ExpectEidNymRhNym, nil) - assert.NoError(t, err) + require.NoError(t, err) - ///////////////////// + // /////////////////// // NymRh signature // (nym supplied) - ///////////////////// + // /////////////////// rNym = curve.NewRandomZr(rand) @@ -851,18 +855,18 @@ func TestW3CCredSkElsewhere(t *testing.T) { } sig, _, err = signer.Sign(credBytes, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.EidNymRhNym, meta) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, skIndex, nil, 0, types.ExpectEidNymRhNym, nil) - assert.NoError(t, err) + require.NoError(t, err) // supply correct metadata for verification err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, skIndex, nil, 0, types.ExpectEidNymRhNym, meta) - assert.NoError(t, err) + require.NoError(t, err) // audit with AuditNymEid - it should succeed with the right nym and randomness err = signer.AuditNymRh(ipk, rhIndex, skIndex, sig, string(rhAttr), rNym, types.AuditExpectSignature) - assert.NoError(t, err) + require.NoError(t, err) }) } } @@ -886,7 +890,7 @@ func TestSigner(t *testing.T) { rhIndex, eidIndex := 3, 2 isk, err := issuerProto.NewKey(attrs) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, isk) ipk := isk.Public() @@ -896,7 +900,7 @@ func TestSigner(t *testing.T) { } rand, err := curve.Rand() - assert.NoError(t, err) + require.NoError(t, err) userProto := &aries.User{ Curve: curve, @@ -904,13 +908,13 @@ func TestSigner(t *testing.T) { } sk, err := userProto.NewKey() - assert.NoError(t, err) + require.NoError(t, err) - credReq, blinding, err := cr.Blind(sk, ipk, []byte("la la land")) - assert.NoError(t, err) + credReq, blinding, err := cr.Blind(sk, ipk, []byte("la land")) + require.NoError(t, err) - err = cr.BlindVerify(credReq, ipk, []byte("la la land")) - assert.NoError(t, err) + err = cr.BlindVerify(credReq, ipk, []byte("la land")) + require.NoError(t, err) idemixAttrs := []types.IdemixAttribute{ { @@ -932,13 +936,13 @@ func TestSigner(t *testing.T) { } cred, err := credProto.Sign(isk, credReq, idemixAttrs) - assert.NoError(t, err) + require.NoError(t, err) cred, err = cr.Unblind(cred, blinding) - assert.NoError(t, err) + require.NoError(t, err) err = credProto.Verify(sk, ipk, cred, idemixAttrs) - assert.NoError(t, err) + require.NoError(t, err) signer := &aries.Signer{ Curve: curve, @@ -963,7 +967,7 @@ func TestSigner(t *testing.T) { } Nym, RNmy, err := userProto.MakeNym(sk, ipk) - assert.NoError(t, err) + require.NoError(t, err) // commit := bbs.NewProverCommittingG1() // commit.Commit(ipk.(*aries.IssuerPublicKey).PKwG.H0) @@ -974,24 +978,24 @@ func TestSigner(t *testing.T) { // proof := commitNym.GenerateProof(chal, []*math.Zr{RNmy, sk}) // err = proof.Verify([]*math.G1{ipk.(*aries.IssuerPublicKey).PKwG.H0, ipk.(*aries.IssuerPublicKey).PKwG.H[0]}, Nym, chal) - // assert.NoError(t, err) + // require.NoError(t,err) - //////////////////// + // ////////////////// // base signature // - //////////////////// + // ////////////////// sig, _, err := signer.Sign(cred, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.Standard, nil) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.Basic, nil) - assert.NoError(t, err) + require.NoError(t, err) - ////////////////////// + // //////////////////// // eidNym signature // - ////////////////////// + // //////////////////// sig, m, err := signer.Sign(cred, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.EidNym, nil) - assert.NoError(t, err) + require.NoError(t, err) cb := bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, m.EidNymAuditData.Rand) @@ -999,11 +1003,11 @@ func TestSigner(t *testing.T) { assert.True(t, cb.Build().Equals(m.EidNymAuditData.Nym)) err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNym, nil) - assert.NoError(t, err) + require.NoError(t, err) - ////////////////////// + // //////////////////// // eidNym signature // (nym supplied) - ////////////////////// + // //////////////////// rNym := curve.NewRandomZr(rand) @@ -1022,15 +1026,15 @@ func TestSigner(t *testing.T) { } sig, _, err = signer.Sign(cred, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.EidNym, meta) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNym, nil) - assert.NoError(t, err) + require.NoError(t, err) // supply correct metadata for verification err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNym, meta) - assert.NoError(t, err) + require.NoError(t, err) meta = &types.IdemixSignerMetadata{ EidNym: nym.Bytes(), @@ -1044,7 +1048,7 @@ func TestSigner(t *testing.T) { // supply wrong metadata for verification err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNym, meta) - assert.EqualError(t, err, "signature invalid: nym eid validation failed, does not match regenerated nym eid") + require.EqualError(t, err, "signature invalid: nym eid validation failed, does not match regenerated nym eid") meta = &types.IdemixSignerMetadata{ EidNym: curve.GenG1.Bytes(), @@ -1053,7 +1057,7 @@ func TestSigner(t *testing.T) { // supply wrong metadata for verification err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNym, meta) - assert.EqualError(t, err, "signature invalid: nym eid validation failed, signature nym eid does not match metadata") + require.EqualError(t, err, "signature invalid: nym eid validation failed, signature nym eid does not match metadata") meta = &types.IdemixSignerMetadata{ EidNym: []byte("garbage"), @@ -1062,7 +1066,7 @@ func TestSigner(t *testing.T) { // supply wrong metadata for verification err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNym, meta) - assert.EqualError(t, err, "signature invalid: nym eid validation failed, failed to unmarshal meta nym eid") + require.EqualError(t, err, "signature invalid: nym eid validation failed, failed to unmarshal meta nym eid") meta = &types.IdemixSignerMetadata{ EidNym: nym.Bytes(), @@ -1076,47 +1080,47 @@ func TestSigner(t *testing.T) { // supply wrong metadata for verification err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNym, meta) - assert.EqualError(t, err, "signature invalid: nym eid validation failed, does not match metadata") + require.EqualError(t, err, "signature invalid: nym eid validation failed, does not match metadata") // audit with AuditNymEid - it should succeed with the right nym and randomness err = signer.AuditNymEid(ipk, eidIndex, 0, sig, "nymeid", rNym, types.AuditExpectSignature) - assert.NoError(t, err) + require.NoError(t, err) // audit with AuditNymEid - it should fail with the wrong nym err = signer.AuditNymEid(ipk, eidIndex, 0, sig, "not so much the nymeid", rNym, types.AuditExpectSignature) - assert.EqualError(t, err, "eid nym does not match") + require.EqualError(t, err, "eid nym does not match") // audit with AuditNymEid - it should fail with the wrong randomness err = signer.AuditNymEid(ipk, eidIndex, 0, sig, "nymeid", curve.NewRandomZr(rand), types.AuditExpectSignature) - assert.EqualError(t, err, "eid nym does not match") + require.EqualError(t, err, "eid nym does not match") // audit with AuditNymEid - it should succeed with the right nym and randomness err = signer.AuditNymEid(ipk, eidIndex, 0, nym.Bytes(), "nymeid", rNym, types.AuditExpectEidNym) - assert.NoError(t, err) + require.NoError(t, err) // audit with AuditNymEid - it should fail with the wrong nym err = signer.AuditNymEid(ipk, eidIndex, 0, nym.Bytes(), "not so much the nymeid", rNym, types.AuditExpectEidNym) - assert.EqualError(t, err, "eid nym does not match") + require.EqualError(t, err, "eid nym does not match") // audit with AuditNymEid - it should fail with the wrong randomness err = signer.AuditNymEid(ipk, eidIndex, 0, nym.Bytes(), "nymeid", curve.NewRandomZr(rand), types.AuditExpectEidNym) - assert.EqualError(t, err, "eid nym does not match") + require.EqualError(t, err, "eid nym does not match") // audit with AuditNymEid - it should succeed with the right nym and randomness err = signer.AuditNymEid(ipk, eidIndex, 0, nym.Bytes(), "nymeid", rNym, types.AuditExpectEidNymRhNym) - assert.NoError(t, err) + require.NoError(t, err) // audit with AuditNymEid - it should fail with the wrong nym err = signer.AuditNymEid(ipk, eidIndex, 0, nym.Bytes(), "not so much the nymeid", rNym, types.AuditExpectEidNymRhNym) - assert.EqualError(t, err, "eid nym does not match") + require.EqualError(t, err, "eid nym does not match") // audit with AuditNymEid - it should fail with the wrong randomness err = signer.AuditNymEid(ipk, eidIndex, 0, nym.Bytes(), "nymeid", curve.NewRandomZr(rand), types.AuditExpectEidNymRhNym) - assert.EqualError(t, err, "eid nym does not match") + require.EqualError(t, err, "eid nym does not match") - ////////////////////// + // //////////////////// // eidNym signature // (wrong nym supplied) - ////////////////////// + // //////////////////// rNym = curve.NewRandomZr(rand) @@ -1135,14 +1139,14 @@ func TestSigner(t *testing.T) { } _, _, err = signer.Sign(cred, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.EidNym, meta) - assert.EqualError(t, err, "nym supplied in metadata cannot be recomputed") + require.EqualError(t, err, "nym supplied in metadata cannot be recomputed") - ///////////////////// + // /////////////////// // NymRh signature // - ///////////////////// + // /////////////////// sig, m, err = signer.Sign(cred, sk, Nym, RNmy, ipk, idemixAttrs, []byte("tome"), rhIndex, eidIndex, nil, types.EidNymRhNym, nil) - assert.NoError(t, err) + require.NoError(t, err) cb = bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, m.EidNymAuditData.Rand) @@ -1155,11 +1159,11 @@ func TestSigner(t *testing.T) { assert.True(t, cb.Build().Equals(m.RhNymAuditData.Nym)) err = signer.Verify(ipk, sig, []byte("tome"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNymRhNym, nil) - assert.NoError(t, err) + require.NoError(t, err) - ///////////////////// + // /////////////////// // NymRh signature // (nym supplied) - ///////////////////// + // /////////////////// rNym = curve.NewRandomZr(rand) @@ -1178,14 +1182,14 @@ func TestSigner(t *testing.T) { } sig, _, err = signer.Sign(cred, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.EidNymRhNym, meta) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNymRhNym, nil) - assert.NoError(t, err) + require.NoError(t, err) // supply correct metadata for verification err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNymRhNym, meta) - assert.NoError(t, err) + require.NoError(t, err) meta = &types.IdemixSignerMetadata{ RhNym: nym.Bytes(), @@ -1198,7 +1202,7 @@ func TestSigner(t *testing.T) { // supply wrong metadata for verification err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNymRhNym, meta) - assert.EqualError(t, err, "signature invalid: nym rh validation failed, does not match regenerated nym rh") + require.EqualError(t, err, "signature invalid: nym rh validation failed, does not match regenerated nym rh") meta = &types.IdemixSignerMetadata{ RhNym: curve.GenG1.Bytes(), @@ -1206,7 +1210,7 @@ func TestSigner(t *testing.T) { // supply wrong metadata for verification err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNymRhNym, meta) - assert.EqualError(t, err, "signature invalid: rh nym validation failed, signature rh nym does not match metadata") + require.EqualError(t, err, "signature invalid: rh nym validation failed, signature rh nym does not match metadata") meta = &types.IdemixSignerMetadata{ RhNym: []byte("garbage"), @@ -1214,7 +1218,7 @@ func TestSigner(t *testing.T) { // supply wrong metadata for verification err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNymRhNym, meta) - assert.EqualError(t, err, "signature invalid: rh nym validation failed, failed to unmarshal meta rh nym") + require.EqualError(t, err, "signature invalid: rh nym validation failed, failed to unmarshal meta rh nym") meta = &types.IdemixSignerMetadata{ RhNym: nym.Bytes(), @@ -1227,39 +1231,39 @@ func TestSigner(t *testing.T) { // supply wrong metadata for verification err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNymRhNym, meta) - assert.EqualError(t, err, "signature invalid: nym rh validation failed, does not match metadata") + require.EqualError(t, err, "signature invalid: nym rh validation failed, does not match metadata") // audit with AuditNymEid - it should succeed with the right nym and randomness err = signer.AuditNymRh(ipk, rhIndex, 0, sig, "nymrh", rNym, types.AuditExpectSignature) - assert.NoError(t, err) + require.NoError(t, err) // audit with AuditNymEid - it should fail with the wrong nym err = signer.AuditNymRh(ipk, rhIndex, 0, sig, "not so much the nymrh", rNym, types.AuditExpectSignature) - assert.EqualError(t, err, "rh nym does not match") + require.EqualError(t, err, "rh nym does not match") // audit with AuditNymEid - it should fail with the wrong randomness err = signer.AuditNymRh(ipk, rhIndex, 0, sig, "nymrh", curve.NewRandomZr(rand), types.AuditExpectSignature) - assert.EqualError(t, err, "rh nym does not match") + require.EqualError(t, err, "rh nym does not match") // audit with AuditNymEid - it should succeed with the right nym and randomness err = signer.AuditNymRh(ipk, rhIndex, 0, nym.Bytes(), "nymrh", rNym, types.AuditExpectEidNymRhNym) - assert.NoError(t, err) + require.NoError(t, err) // audit with AuditNymEid - it should fail with the wrong nym err = signer.AuditNymRh(ipk, rhIndex, 0, nym.Bytes(), "not so much the nymrh", rNym, types.AuditExpectEidNymRhNym) - assert.EqualError(t, err, "rh nym does not match") + require.EqualError(t, err, "rh nym does not match") // audit with AuditNymEid - it should fail with the wrong randomness err = signer.AuditNymRh(ipk, rhIndex, 0, nym.Bytes(), "nymrh", curve.NewRandomZr(rand), types.AuditExpectEidNymRhNym) - assert.EqualError(t, err, "rh nym does not match") + require.EqualError(t, err, "rh nym does not match") // audit with AuditNymEid - it should fail with AuditExpectEidNym err = signer.AuditNymRh(ipk, rhIndex, 0, nym.Bytes(), "nymrh", rNym, types.AuditExpectEidNym) - assert.EqualError(t, err, "invalid audit type [1]") + require.EqualError(t, err, "invalid audit type [1]") - ///////////////////// + // /////////////////// // NymRh signature // (wrong nym supplied) - ///////////////////// + // /////////////////// rNym = curve.NewRandomZr(rand) @@ -1278,31 +1282,31 @@ func TestSigner(t *testing.T) { } _, _, err = signer.Sign(cred, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.EidNymRhNym, meta) - assert.EqualError(t, err, "nym supplied in metadata cannot be recomputed") + require.EqualError(t, err, "nym supplied in metadata cannot be recomputed") - ////////////////////// + // //////////////////// // eidNym signature // (eidNym missing but expected) - ////////////////////// + // //////////////////// sig, _, err = signer.Sign(cred, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.Standard, nil) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNym, nil) - assert.EqualError(t, err, "no EidNym provided but ExpectEidNym required") + require.EqualError(t, err, "no EidNym provided but ExpectEidNym required") - ///////////////////// + // /////////////////// // rhNym signature // (rhNym missing but expected) - ///////////////////// + // /////////////////// sig, _, err = signer.Sign(cred, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.EidNym, nil) - assert.NoError(t, err) + require.NoError(t, err) err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNymRhNym, nil) - assert.EqualError(t, err, "no RhNym provided but ExpectEidNymRhNym required") + require.EqualError(t, err, "no RhNym provided but ExpectEidNymRhNym required") - ////////////////////// + // //////////////////// // eidNym signature // (but eid disclosed) - ////////////////////// + // //////////////////// idemixAttrs = []types.IdemixAttribute{ { @@ -1323,11 +1327,11 @@ func TestSigner(t *testing.T) { } _, _, err = signer.Sign(cred, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.EidNym, nil) - assert.EqualError(t, err, "cannot create idemix signature: disclosure of enrollment ID requested for EidNym signature") + require.EqualError(t, err, "cannot create idemix signature: disclosure of enrollment ID requested for EidNym signature") - ///////////////////// + // /////////////////// // rhNym signature // (but rh disclosed) - ///////////////////// + // /////////////////// idemixAttrs = []types.IdemixAttribute{ { @@ -1348,5 +1352,5 @@ func TestSigner(t *testing.T) { } _, _, err = signer.Sign(cred, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.EidNymRhNym, nil) - assert.EqualError(t, err, "cannot create idemix signature: disclosure of enrollment ID or RH requested for EidNymRhNym signature") + require.EqualError(t, err, "cannot create idemix signature: disclosure of enrollment ID or RH requested for EidNymRhNym signature") } diff --git a/bccsp/schemes/aries/smartcard.go b/bccsp/schemes/aries/smartcard.go index a7ecc9b8..e6a13e64 100644 --- a/bccsp/schemes/aries/smartcard.go +++ b/bccsp/schemes/aries/smartcard.go @@ -10,6 +10,7 @@ import ( "crypto/cipher" "crypto/rand" "crypto/sha256" + "errors" "fmt" "io" @@ -68,7 +69,6 @@ func (sc *Smartcard) NymEid() (*math.Zr, *math.G1) { } func (sc *Smartcard) NymSign(msg []byte) ([]byte, error) { - // set PRNG_input from random PRNG_input := make([]byte, 16) _, err := rand.Read(PRNG_input) @@ -122,7 +122,6 @@ func (sc *Smartcard) NymSign(msg []byte) ([]byte, error) { } func (sc *Smartcard) NymVerify(proofBytes []byte, nymEid *math.G1, msg []byte) error { - offset := 16 B, err := sc.Curve.NewG1FromBytes(proofBytes[offset : offset+sc.Curve.G1ByteSize]) @@ -141,7 +140,6 @@ func (sc *Smartcard) NymVerify(proofBytes []byte, nymEid *math.G1, msg []byte) e offset += sc.Curve.ScalarByteSize r_hat := sc.Curve.NewZrFromBytes(proofBytes[offset : offset+sc.Curve.ScalarByteSize]) - offset += sc.Curve.ScalarByteSize var challengeBytes []byte challengeBytes = append(challengeBytes, sc.H0.Bytes()[1:]...) @@ -163,7 +161,7 @@ func (sc *Smartcard) NymVerify(proofBytes []byte, nymEid *math.G1, msg []byte) e return nil } - return fmt.Errorf("invalid proof") + return errors.New("invalid proof") } type SmartcardIdemixBackend struct { diff --git a/bccsp/schemes/aries/smartcard_test.go b/bccsp/schemes/aries/smartcard_test.go index fa6c1b7b..12887c49 100644 --- a/bccsp/schemes/aries/smartcard_test.go +++ b/bccsp/schemes/aries/smartcard_test.go @@ -17,45 +17,47 @@ import ( "github.com/IBM/idemix/bccsp/schemes/aries" math "github.com/IBM/mathlib" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func getSmartcard(t *testing.T) (*aries.Smartcard, *math.Curve) { + t.Helper() c := math.Curves[math.FP256BN_AMCL_MIRACL] rng, err := c.Rand() - assert.NoError(t, err) + require.NoError(t, err) k0, err := hex.DecodeString("4669650c993c43ef45742c3aa8aeb842") - assert.NoError(t, err) + require.NoError(t, err) k1, err := hex.DecodeString("358abd275e6a945d680d40474f5f16c7") - assert.NoError(t, err) + require.NoError(t, err) ciph0, err := aes.NewCipher(k0) - assert.NoError(t, err) + require.NoError(t, err) ciph1, err := aes.NewCipher(k1) - assert.NoError(t, err) + require.NoError(t, err) h0Bytes, err := hex.DecodeString("0441c48875b5045400ce6bb4ce5b9c733f6d539a89f1ec2c24e0e04f56932c52ffd918f0679996b017363c591df413e1ac0be63e919defd6edc0686d41b1fcd68d") - assert.NoError(t, err) + require.NoError(t, err) h0, err := c.NewG1FromBytes(h0Bytes) - assert.NoError(t, err) + require.NoError(t, err) h1Bytes, err := hex.DecodeString("041e304080e9afd0d04317d12b5cb058cd4f322a1cddb71e64a47528353d51f7a8324fce4698dff52cd8d4c7dd2c8c94c6fba8ce12493d182e4d849106dc5c46de") - assert.NoError(t, err) + require.NoError(t, err) h1, err := c.NewG1FromBytes(h1Bytes) - assert.NoError(t, err) + require.NoError(t, err) h2Bytes, err := hex.DecodeString("04196c48c6d0249de961b97433a577da537c341ad0ea0cde4dfa40ef6bab9b59f274a07a3665518401119957a52a32a18256d7215e4f1d0ce6c9e2646d939c07f9") - assert.NoError(t, err) + require.NoError(t, err) h2, err := c.NewG1FromBytes(h2Bytes) - assert.NoError(t, err) + require.NoError(t, err) eidBytes, err := hex.DecodeString("003522e297a5f7db7521e23d9f9b87378126acd80429cf4ec07344f06bd9f7d5") - assert.NoError(t, err) + require.NoError(t, err) eid := c.NewZrFromBytes(eidBytes) skBytes, err := hex.DecodeString("00f022e297a5f7db7521e23d9f9b87378182acd80429cf4ec07344f06bd9f7d5") - assert.NoError(t, err) + require.NoError(t, err) sk := c.NewZrFromBytes(skBytes) return &aries.Smartcard{ @@ -156,7 +158,7 @@ func (v *defaultVC2ProofVerifier) Verify(challenge *math.Zr, pubKey *bbs.PublicK pr := v.curve.GenG1.Copy() pr.Sub(v.curve.GenG1) - for i := 0; i < len(basesDisclosed); i++ { + for i := range basesDisclosed { b := basesDisclosed[i] s := exponents[i] @@ -180,32 +182,32 @@ func TestAll(t *testing.T) { bl := bbs.NewBBSLib(curve) pubKey, privKey, err := generateKeyPairRandom(curve) - assert.NoError(t, err) + require.NoError(t, err) privKeyBytes, err := privKey.Marshal() - assert.NoError(t, err) + require.NoError(t, err) pkwg, err := pubKey.ToPublicKeyWithGenerators(5) - assert.NoError(t, err) + require.NoError(t, err) // convert public key pkbbs, err := bbs.NewBBSLib(curve).UnmarshalPublicKey(pubKey.PointG2.Compressed()) - assert.NoError(t, err) + require.NoError(t, err) pkwgbbs, err := pkbbs.ToPublicKeyWithGenerators(5) - assert.NoError(t, err) + require.NoError(t, err) sc.H0 = pkwg.H0 sc.H1 = pkwg.H[0] sc.H2 = pkwg.H[3] proofBytes, err := sc.NymSign(nil) - assert.NoError(t, err) + require.NoError(t, err) seed := proofBytes[0:16] r := sc.PRF(seed, sc.PRF_K1) B, err := sc.Curve.NewG1FromBytes(proofBytes[16 : 16+curve.G1ByteSize]) - assert.NoError(t, err) + require.NoError(t, err) ou, role, eid, rh := "ou", "role", "eid", "rh" messagesCount := 5 // includes the sk @@ -228,13 +230,13 @@ func TestAll(t *testing.T) { FR: bbs.FrFromOKM([]byte(rh), curve), }, }, messagesCount, B, privKeyBytes, curve) - assert.NoError(t, err) + require.NoError(t, err) sigBytes, err := aries.UnblindSign(sig_, r, curve) - assert.NoError(t, err) + require.NoError(t, err) sig, err := bbs.NewBBSLib(curve).ParseSignature(sigBytes) - assert.NoError(t, err) + require.NoError(t, err) messagesFr := []*bbs.SignatureMessage{ { @@ -260,13 +262,13 @@ func TestAll(t *testing.T) { } err = sig.Verify(messagesFr, pkwgbbs) - assert.NoError(t, err) + require.NoError(t, err) /*********************************************************************/ /*********************************************************************/ pok_, err := bbs.NewBBSLib(curve).NewPoKOfSignature(sig, messagesFr, []int{1, 2}, pkwg) - assert.NoError(t, err) + require.NoError(t, err) c := curve.NewRandomZr(rand.Reader) @@ -274,10 +276,10 @@ func TestAll(t *testing.T) { pokbytes := pok.ToBytes() pok, err = bbs.NewBBSLib(curve).ParseSignatureProof(pokbytes) - assert.NoError(t, err) + require.NoError(t, err) err = pok.Verify(c, pkwg, map[int]*bbs.SignatureMessage{1: {}, 2: {}}, []*bbs.SignatureMessage{messagesFr[1], messagesFr[2]}) - assert.NoError(t, err) + require.NoError(t, err) /*********************************************************************/ @@ -327,7 +329,7 @@ func TestAll(t *testing.T) { b.Add(C) pok_, err = p.PoKOfSignatureB(sig, messagesFr[1:], []int{0, 1}, pkwgbbs, b) - assert.NoError(t, err) + require.NoError(t, err) c = curve.NewRandomZr(rand.Reader) @@ -339,26 +341,26 @@ func TestAll(t *testing.T) { } err = pok.Verify(c, pkwgbbs, map[int]*bbs.SignatureMessage{1: {}, 2: {}}, []*bbs.SignatureMessage{messagesFr[1], messagesFr[2]}) - assert.NoError(t, err) + require.NoError(t, err) - //////////////////////////////////////////////////////////////////////////////////////////////////// - ///////////////////////////////////////COMPATIBILITY WITH OLD CODE////////////////////////////////// - //////////////////////////////////////////////////////////////////////////////////////////////////// + // ////////////////////////////////////////////////////////////////////////////////////////////////// + // /////////////////////////////////////COMPATIBILITY WITH OLD CODE////////////////////////////////// + // ////////////////////////////////////////////////////////////////////////////////////////////////// // convert signature sigbbs, err := bl.ParseSignature(sigBytes) - assert.NoError(t, err) + require.NoError(t, err) // convert POK proof := pok_.GenerateProof(c) payload := bbs.NewPoKPayload(messagesCount, []int{1, 2}) payloadBytes, err := payload.ToBytes() - assert.NoError(t, err) + require.NoError(t, err) signatureProofBytes := append(payloadBytes, proof.ToBytes()...) payload, err = bbs.ParsePoKPayload(signatureProofBytes) - assert.NoError(t, err) + require.NoError(t, err) signatureProof, err := bl.ParseSignatureProof(signatureProofBytes[payload.LenInBytes():]) - assert.NoError(t, err) + require.NoError(t, err) // set custom verifier on the new POK signatureProof.VC2ProofVerifier = &defaultVC2ProofVerifier{ @@ -377,7 +379,7 @@ func TestAll(t *testing.T) { Idx: messagesFr[2].Idx, }}, ) - assert.NoError(t, err) + require.NoError(t, err) p = &bbs.PoKOfSignatureProvider{ VC2SignatureProvider: &defaultVC2SignatureProvider{ @@ -396,7 +398,7 @@ func TestAll(t *testing.T) { // create proof with new code pokSignature, err := p.PoKOfSignatureB(sigbbs, messagesFrbbs[1:], []int{0, 1}, pkwg, b) - assert.NoError(t, err) + require.NoError(t, err) proofbbs := pokSignature.GenerateProof(c) // set custom verifier on the new POK @@ -416,17 +418,17 @@ func TestAll(t *testing.T) { Idx: messagesFr[2].Idx, }}, ) - assert.NoError(t, err) + require.NoError(t, err) // convert POK payloadnew := bbs.NewPoKPayload(messagesCount, []int{1, 2}) payloadBytesnew, err := payloadnew.ToBytes() - assert.NoError(t, err) + require.NoError(t, err) signatureProofBytesnew := append(payloadBytesnew, proofbbs.ToBytes()...) payloadnew, err = bbs.ParsePoKPayload(signatureProofBytesnew) - assert.NoError(t, err) + require.NoError(t, err) signatureProofnew, err := bbs.NewBBSLib(curve).ParseSignatureProof(signatureProofBytesnew[payloadnew.LenInBytes():]) - assert.NoError(t, err) + require.NoError(t, err) // set custom verifier on the new POK signatureProofnew.VC2ProofVerifier = &defaultVC2ProofVerifier{ @@ -436,10 +438,10 @@ func TestAll(t *testing.T) { // verify proof with old code err = signatureProofnew.Verify(c, pkwgbbs, map[int]*bbs.SignatureMessage{1: {}, 2: {}}, []*bbs.SignatureMessage{messagesFr[1], messagesFr[2]}) - assert.NoError(t, err) - //////////////////////////////////////////////////////////////////////////////////////////////////// - //////////////////////////////////////////////////////////////////////////////////////////////////// - //////////////////////////////////////////////////////////////////////////////////////////////////// + require.NoError(t, err) + // ////////////////////////////////////////////////////////////////////////////////////////////////// + // ////////////////////////////////////////////////////////////////////////////////////////////////// + // ////////////////////////////////////////////////////////////////////////////////////////////////// /*********************************************************************/ @@ -559,7 +561,7 @@ func TestAll(t *testing.T) { pr := curve.GenG1.Copy() pr.Sub(curve.GenG1) - for i := 0; i < len(basesDisclosed); i++ { + for i := range basesDisclosed { b := basesDisclosed[i] s := exponents[i] @@ -572,7 +574,7 @@ func TestAll(t *testing.T) { pr.Neg() err = pi.Verify(basesVC2, pr, c) - assert.NoError(t, err) + require.NoError(t, err) } func computeB(s *math.Zr, messages []*bbs.SignatureMessage, key *bbs.PublicKeyWithGenerators, curve *math.Curve) *math.G1 { @@ -599,7 +601,6 @@ func newModifiedVC2Signature( revealedMessages map[int]*bbs.SignatureMessage, curve *math.Curve, ) (*bbs.ProverCommittedG1, []*math.Zr) { - messagesCount := len(messages) committing2 := bbs.NewBBSLib(curve).NewProverCommittingG1() baseSecretsCount := 2 @@ -638,12 +639,12 @@ func TestPRF(t *testing.T) { sc, _ := getSmartcard(t) seed, err := hex.DecodeString("62189E8BFAC71BA9894ACEC9FCE45FE7") - assert.NoError(t, err) + require.NoError(t, err) r := sc.PRF(seed, sc.PRF_K1) rExpected, err := hex.DecodeString("87e904087f9c5e975a0334534db8d5ed1ba4d75df1ba61349817ce0469168488") - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, rExpected, r.Bytes()) } @@ -653,16 +654,16 @@ func TestVerifyFromCard(t *testing.T) { _, tau0 := sc.NymEid() proof, err := hex.DecodeString("751A2CB0ECE86ACCCA5846E578DA045E04C10FE2D02FED20CED167BB12C94B52C82C3269AB423BC977B1052D9A891E78321BCDB9AAD44A79922611DEA4832F1DD310F18FAA24B01A273C6BCFE2044FF11804B00567E220E1E8C0E76E2EA7DBAEE8F9ABCF8B7CACB562086D827345A02D76F83BB7DFD533745D57E4AD618D4CE8DF031F437B6220EE97C19B78B2DBFCCBFC69C0733191905FC5550BCC4D0F5DCE10780558E99DA037155CCE0452EC298390D186DAC6BA386550952467A45C366175E8A5465B8FBD30AC64885630309F9E73BD9000") - assert.NoError(t, err) + require.NoError(t, err) nonce, err := hex.DecodeString("00e7a59abb5692a91b3e41d483af1279216b0f855ff9f688335a7d2cd92f877d") - assert.NoError(t, err) + require.NoError(t, err) tau, err := hex.DecodeString("a622f6dc87e125705980c7185f2b5b7766ec3cb6a21d78108e01865bf02ea9ddc449793856bf9a7ea7c3e6ce39cae9c4c3d5c39a1e37e436d60ccf2cdd8339ea") - assert.NoError(t, err) + require.NoError(t, err) err = sc.NymVerify(proof, tau0, append(append([]byte{}, tau...), nonce...)) - assert.NoError(t, err) + require.NoError(t, err) } func TestSmartcard(t *testing.T) { @@ -671,16 +672,16 @@ func TestSmartcard(t *testing.T) { _, nymEid := sc.NymEid() tau0Expected, err := hex.DecodeString("049a82e7816bc68a24ffb9331158c5112473f60cb3c738f8bcf9eca9b2a914d1cc519e3b3c1792cc1447a7c5c1edb6d8ae0b40c49dec4b6f40ccfbc39df31e01cd") - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, tau0Expected, nymEid.Bytes()) nonce := []byte("nonce") tau := []byte("tau") pi, err := sc.NymSign(append(append([]byte{}, tau...), nonce...)) - assert.NoError(t, err) + require.NoError(t, err) assert.Len(t, pi, 16+2*curve.G1ByteSize+2*curve.ScalarByteSize) err = sc.NymVerify(pi, nymEid, append(append([]byte{}, tau...), nonce...)) - assert.NoError(t, err) + require.NoError(t, err) } diff --git a/bccsp/schemes/aries/user_test.go b/bccsp/schemes/aries/user_test.go index e4ca974f..101d2ec2 100644 --- a/bccsp/schemes/aries/user_test.go +++ b/bccsp/schemes/aries/user_test.go @@ -43,7 +43,7 @@ func TestUser(t *testing.T) { t.Run("key_roundtrip", func(t *testing.T) { sk1, err := user.NewKeyFromBytes(sk.Bytes()) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, sk1) assert.Equal(t, sk, sk1) }) @@ -59,14 +59,14 @@ func TestUser(t *testing.T) { t.Run("public_nym_roundtrip", func(t *testing.T) { nym1, err := user.NewPublicNymFromBytes(nymBytes) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, nym1) assert.True(t, nym.Equals(nym1)) }) t.Run("nym_roundtrip", func(t *testing.T) { nym1, r1, err := user.NewNymFromBytes(bothBytes) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, nym1) assert.True(t, nym.Equals(nym1)) assert.NotNil(t, r1) @@ -78,7 +78,7 @@ func TestUser(t *testing.T) { copy(corrupted, nymBytes) corrupted[len(corrupted)-1] = 0 _, err := user.NewPublicNymFromBytes(corrupted) - assert.EqualError(t, err, "failure [set bytes failed [point is not on curve]]") + assert.EqualError(t, err, "failure [set bytes failed [invalid point: subgroup check failed]]") }) t.Run("corrupted_nym_bytes", func(t *testing.T) { @@ -86,7 +86,7 @@ func TestUser(t *testing.T) { copy(corrupted, bothBytes) corrupted[len(corrupted)-1] = 0 _, _, err := user.NewNymFromBytes(corrupted) - assert.EqualError(t, err, "failure [set bytes failed [point is not on curve]]") + assert.EqualError(t, err, "failure [set bytes failed [invalid point: subgroup check failed]]") }) t.Run("invalid_key_bytes", func(t *testing.T) { diff --git a/bccsp/schemes/aries/util.go b/bccsp/schemes/aries/util.go index d540a568..b9b1fad2 100644 --- a/bccsp/schemes/aries/util.go +++ b/bccsp/schemes/aries/util.go @@ -64,7 +64,7 @@ func (c *Credential) toSignatureMessage(sk *math.Zr, curve *math.Curve) []*bbs.S msgsZr := make([]*bbs.SignatureMessage, 0, len(c.Attrs)+1) j := 0 - for i := 0; i < len(c.Attrs)+1; i++ { + for i := range len(c.Attrs) + 1 { msg := &bbs.SignatureMessage{} msgsZr = append(msgsZr, msg) diff --git a/bccsp/schemes/dlog/bridge/bridge_test.go b/bccsp/schemes/dlog/bridge/bridge_test.go index 91ec3605..a3b15267 100644 --- a/bccsp/schemes/dlog/bridge/bridge_test.go +++ b/bccsp/schemes/dlog/bridge/bridge_test.go @@ -8,7 +8,6 @@ package bridge_test import ( "crypto/rand" "fmt" - "io" "github.com/IBM/idemix/bccsp/handlers" "github.com/IBM/idemix/bccsp/schemes/dlog/bridge" @@ -22,15 +21,6 @@ import ( "google.golang.org/protobuf/proto" ) -func rndOrPanic(curve *math.Curve) io.Reader { - rnd, err := curve.Rand() - if err != nil { - panic(err) - } - - return rnd -} - var _ = Describe("Idemix Bridge", func() { var ( userSecretKey *math.Zr @@ -406,13 +396,13 @@ var _ = Describe("Idemix Bridge", func() { It("fail on nil inputs", func() { raw, err := Revocation.Sign(nil, nil, 0, 0) - Expect(err).To(MatchError("failed creating CRI: CreateCRI received nil input")) + Expect(err).To(MatchError("failed creating CRI: createCRI received nil input")) Expect(raw).To(BeNil()) }) It("fail on invalid handlers", func() { raw, err := Revocation.Sign(nil, [][]byte{{0, 2, 3, 4}}, 0, 0) - Expect(err).To(MatchError(ContainSubstring("CreateCRI received nil input"))) + Expect(err).To(MatchError(ContainSubstring("createCRI received nil input"))) Expect(raw).To(BeNil()) }) }) @@ -420,7 +410,7 @@ var _ = Describe("Idemix Bridge", func() { Context("verify", func() { It("fail on nil inputs", func() { err := Revocation.Verify(nil, nil, 0, 0) - Expect(err).To(MatchError("EpochPK invalid: received nil input")) + Expect(err).To(MatchError("epochPK invalid: received nil input")) }) It("fail on malformed cri", func() { @@ -849,7 +839,7 @@ var _ = Describe("Idemix Bridge", func() { nil, &types.IdemixCRISignerOpts{}, ) - Expect(err).To(MatchError("EpochPKSig invalid")) + Expect(err).To(MatchError("epochPKSig invalid")) Expect(valid).To(BeFalse()) }) }) diff --git a/bccsp/schemes/dlog/bridge/credential.go b/bccsp/schemes/dlog/bridge/credential.go index 3d3c202a..07529434 100644 --- a/bccsp/schemes/dlog/bridge/credential.go +++ b/bccsp/schemes/dlog/bridge/credential.go @@ -7,6 +7,7 @@ package bridge import ( "bytes" + "errors" "fmt" idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" @@ -58,7 +59,7 @@ func (c *Credential) Sign(key types.IssuerSecretKey, credentialRequest []byte, a } else if v, ok := attributes[i].Value.(int64); ok { value = v } else { - return nil, fmt.Errorf("invalid int type for IdemixIntAttribute attribute") + return nil, errors.New("invalid int type for IdemixIntAttribute attribute") } attrValues[i] = c.Idemix.Curve.NewZrFromInt(value) default: @@ -111,7 +112,7 @@ func (c *Credential) Verify(sk *math.Zr, ipk types.IssuerPublicKey, credential [ } else if v, ok := attributes[i].Value.(int64); ok { value = v } else { - return fmt.Errorf("invalid int type for IdemixIntAttribute attribute") + return errors.New("invalid int type for IdemixIntAttribute attribute") } if !bytes.Equal( diff --git a/bccsp/schemes/dlog/bridge/issuer.go b/bccsp/schemes/dlog/bridge/issuer.go index b46133e4..0bd680e5 100644 --- a/bccsp/schemes/dlog/bridge/issuer.go +++ b/bccsp/schemes/dlog/bridge/issuer.go @@ -9,7 +9,6 @@ import ( "fmt" idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - "github.com/IBM/idemix/bccsp/types" bccsp "github.com/IBM/idemix/bccsp/types" "google.golang.org/protobuf/proto" ) @@ -36,7 +35,7 @@ func (o *IssuerSecretKey) Bytes() ([]byte, error) { return proto.Marshal(o.SK) } -func (o *IssuerSecretKey) Public() types.IssuerPublicKey { +func (o *IssuerSecretKey) Public() bccsp.IssuerPublicKey { return &IssuerPublicKey{o.SK.Ipk} } @@ -47,7 +46,7 @@ type Issuer struct { } // NewKey generates a new issuer key-pair -func (i *Issuer) NewKey(attributeNames []string) (res types.IssuerSecretKey, err error) { +func (i *Issuer) NewKey(attributeNames []string) (res bccsp.IssuerSecretKey, err error) { defer func() { if r := recover(); r != nil { res = nil @@ -65,7 +64,7 @@ func (i *Issuer) NewKey(attributeNames []string) (res types.IssuerSecretKey, err return } -func (i *Issuer) NewKeyFromBytes(raw []byte, attributes []string) (res types.IssuerSecretKey, err error) { +func (i *Issuer) NewKeyFromBytes(raw []byte, attributes []string) (res bccsp.IssuerSecretKey, err error) { defer func() { if r := recover(); r != nil { res = nil @@ -83,11 +82,11 @@ func (i *Issuer) NewKeyFromBytes(raw []byte, attributes []string) (res types.Iss return } -func (i *Issuer) Bases(ipk types.IssuerPublicKey, ipkType types.CommitmentBasesRequest, RhIndex, EidIndex, SKIndex int) (map[types.CommitmentType]any, error) { +func (i *Issuer) Bases(ipk bccsp.IssuerPublicKey, ipkType bccsp.CommitmentBasesRequest, RhIndex, EidIndex, SKIndex int) (map[bccsp.CommitmentType]any, error) { panic("not implemented") } -func (i *Issuer) NewPublicKeyFromBytes(raw []byte, attributes []string) (res types.IssuerPublicKey, err error) { +func (i *Issuer) NewPublicKeyFromBytes(raw []byte, attributes []string) (res bccsp.IssuerPublicKey, err error) { defer func() { if r := recover(); r != nil { res = nil @@ -142,5 +141,5 @@ func (i *Issuer) NewPublicKeyFromBytes(raw []byte, attributes []string) (res typ res = &IssuerPublicKey{PK: ipk} - return + return res, err } diff --git a/bccsp/schemes/dlog/bridge/rand.go b/bccsp/schemes/dlog/bridge/rand.go index efdd3d22..f8a9b0c0 100644 --- a/bccsp/schemes/dlog/bridge/rand.go +++ b/bccsp/schemes/dlog/bridge/rand.go @@ -16,5 +16,6 @@ func newRandOrPanic(curve *math.Curve) io.Reader { if err != nil { panic(err) } + return rng } diff --git a/bccsp/schemes/dlog/bridge/signaturescheme.go b/bccsp/schemes/dlog/bridge/signaturescheme.go index a1cab217..c5af6c56 100644 --- a/bccsp/schemes/dlog/bridge/signaturescheme.go +++ b/bccsp/schemes/dlog/bridge/signaturescheme.go @@ -8,10 +8,10 @@ package bridge import ( "crypto/ecdsa" + "errors" "fmt" idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" - "github.com/IBM/idemix/bccsp/types" bccsp "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" "google.golang.org/protobuf/proto" @@ -26,7 +26,7 @@ type SignatureScheme struct { // Sign produces an idemix-signature with the respect to the passed serialised credential (cred), // user secret key (sk), pseudonym public key (Nym) and secret key (RNym), issuer public key (ipk), // and attributes to be disclosed. -func (s *SignatureScheme) Sign(cred []byte, sk *math.Zr, Nym *math.G1, RNym *math.Zr, ipk types.IssuerPublicKey, attributes []bccsp.IdemixAttribute, +func (s *SignatureScheme) Sign(cred []byte, sk *math.Zr, Nym *math.G1, RNym *math.Zr, ipk bccsp.IssuerPublicKey, attributes []bccsp.IdemixAttribute, msg []byte, rhIndex, eidIndex int, criRaw []byte, sigType bccsp.SignatureType, metadata *bccsp.IdemixSignerMetadata) (res []byte, meta *bccsp.IdemixSignerMetadata, err error) { defer func() { if r := recover(); r != nil { @@ -91,7 +91,7 @@ func (s *SignatureScheme) Sign(cred []byte, sk *math.Zr, Nym *math.G1, RNym *mat // AuditNymEid Audits the pseudonymous enrollment id of a signature func (s *SignatureScheme) AuditNymEid( - ipk types.IssuerPublicKey, + ipk bccsp.IssuerPublicKey, eidIndex, _ int, signature []byte, enrollmentID string, @@ -118,6 +118,7 @@ func (s *SignatureScheme) AuditNymEid( if err != nil { return err } + return sig.AuditNymEid( iipk.PK, eidAttr, @@ -147,7 +148,7 @@ func (s *SignatureScheme) AuditNymEid( // AuditNymRh Audits the pseudonymous revocation handle of a signature func (s *SignatureScheme) AuditNymRh( - ipk types.IssuerPublicKey, + ipk bccsp.IssuerPublicKey, rhIndex, _ int, signature []byte, revocationHandle string, @@ -174,6 +175,7 @@ func (s *SignatureScheme) AuditNymRh( if err != nil { return err } + return sig.AuditNymRh( iipk.PK, rhAttr, @@ -202,7 +204,7 @@ func (s *SignatureScheme) AuditNymRh( // Verify checks that an idemix signature is valid with the respect to the passed issuer public key, digest, attributes, // revocation index (rhIndex), revocation public key, and epoch. func (s *SignatureScheme) Verify( - ipk types.IssuerPublicKey, + ipk bccsp.IssuerPublicKey, signature, digest []byte, attributes []bccsp.IdemixAttribute, rhIndex, eidIndex, _ int, @@ -244,7 +246,7 @@ func (s *SignatureScheme) Verify( } else if v, ok := attributes[i].Value.(int64); ok { value = v } else { - return fmt.Errorf("invalid int type for IdemixIntAttribute attribute") + return errors.New("invalid int type for IdemixIntAttribute attribute") } disclosure[i] = 1 @@ -254,7 +256,7 @@ func (s *SignatureScheme) Verify( } } if err != nil { - return + return err } return sig.Ver( diff --git a/bccsp/schemes/dlog/crypto/credential.go b/bccsp/schemes/dlog/crypto/credential.go index 0aa2e503..f06c2516 100644 --- a/bccsp/schemes/dlog/crypto/credential.go +++ b/bccsp/schemes/dlog/crypto/credential.go @@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0 package idemix import ( + "errors" "fmt" "io" @@ -56,7 +57,7 @@ func newCredential(key *IssuerKey, m *CredRequest, attrs []*math.Zr, rng io.Read } if len(attrs) != len(key.Ipk.AttributeNames) { - return nil, fmt.Errorf("incorrect number of attribute values passed") + return nil, errors.New("incorrect number of attribute values passed") } // Place a BBS+ signature on the user key and the attribute values @@ -99,7 +100,7 @@ func newCredential(key *IssuerKey, m *CredRequest, attrs []*math.Zr, rng io.Read // Append attributes // Use Mul2 instead of Mul as much as possible for efficiency reasones - for i := 0; i < len(attrs)/2; i++ { + for i := range len(attrs) / 2 { B.Add( // Add two attributes in one shot HAttrs[2*i].Mul2( @@ -154,7 +155,7 @@ func (cred *Credential) Ver(sk *math.Zr, ipk *IssuerPublicKey, curve *math.Curve S := curve.NewZrFromBytes(cred.GetS()) // - verify that all attribute values are present - for i := 0; i < len(cred.GetAttrs()); i++ { + for i := range len(cred.GetAttrs()) { if cred.Attrs[i] == nil { return fmt.Errorf("credential has no value for attribute %s", ipk.AttributeNames[i]) } @@ -183,7 +184,7 @@ func (cred *Credential) Ver(sk *math.Zr, ipk *IssuerPublicKey, curve *math.Curve BPrime := curve.NewG1() BPrime.Clone(curve.GenG1) BPrime.Add(HSk.Mul2(sk, HRand, S)) - for i := 0; i < len(cred.Attrs)/2; i++ { + for i := range len(cred.Attrs) / 2 { BPrime.Add( HAttrs[2*i].Mul2( curve.NewZrFromBytes(cred.Attrs[2*i]), @@ -196,7 +197,7 @@ func (cred *Credential) Ver(sk *math.Zr, ipk *IssuerPublicKey, curve *math.Curve BPrime.Add(HAttrs[len(cred.Attrs)-1].Mul(curve.NewZrFromBytes(cred.Attrs[len(cred.Attrs)-1]))) } if !B.Equals(BPrime) { - return fmt.Errorf("b-value from credential does not match the attribute values") + return errors.New("b-value from credential does not match the attribute values") } W, err := t.G2FromProto(ipk.W) @@ -213,7 +214,7 @@ func (cred *Credential) Ver(sk *math.Zr, ipk *IssuerPublicKey, curve *math.Curve right := curve.FExp(curve.Pairing(curve.GenG2, B)) if !left.Equals(right) { - return fmt.Errorf("credential is not cryptographically valid") + return errors.New("credential is not cryptographically valid") } return nil diff --git a/bccsp/schemes/dlog/crypto/credrequest.go b/bccsp/schemes/dlog/crypto/credrequest.go index ebb88814..e8280921 100644 --- a/bccsp/schemes/dlog/crypto/credrequest.go +++ b/bccsp/schemes/dlog/crypto/credrequest.go @@ -7,7 +7,7 @@ SPDX-License-Identifier: Apache-2.0 package idemix import ( - fmt "fmt" + "errors" "io" math "github.com/IBM/mathlib" @@ -98,7 +98,7 @@ func (m *CredRequest) Check(ipk *IssuerPublicKey, curve *math.Curve, tr Translat } if Nym == nil || IssuerNonce == nil || ProofC == nil || ProofS == nil { - return fmt.Errorf("one of the proof values is undefined") + return errors.New("one of the proof values is undefined") } // Verify Proof @@ -118,7 +118,7 @@ func (m *CredRequest) Check(ipk *IssuerPublicKey, curve *math.Curve, tr Translat copy(proofData[index:], ipk.Hash) if !ProofC.Equals(curve.HashToZr(proofData)) { - return fmt.Errorf("zero knowledge proof is invalid") + return errors.New("zero knowledge proof is invalid") } return nil diff --git a/bccsp/schemes/dlog/crypto/idemix.pb.go b/bccsp/schemes/dlog/crypto/idemix.pb.go index eb8cbf35..6d00f7f1 100644 --- a/bccsp/schemes/dlog/crypto/idemix.pb.go +++ b/bccsp/schemes/dlog/crypto/idemix.pb.go @@ -17,12 +17,13 @@ package idemix import ( - amcl "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" unsafe "unsafe" + + amcl "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" ) const ( diff --git a/bccsp/schemes/dlog/crypto/idemix_test.go b/bccsp/schemes/dlog/crypto/idemix_test.go index 9677c816..477125b9 100644 --- a/bccsp/schemes/dlog/crypto/idemix_test.go +++ b/bccsp/schemes/dlog/crypto/idemix_test.go @@ -12,6 +12,7 @@ import ( "testing" math "github.com/IBM/mathlib" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" @@ -70,6 +71,7 @@ func TestIdemixAllCurves(t *testing.T) { } func testIdemix(t *testing.T, curve *math.Curve, tr Translator) { + t.Helper() idmx := &Idemix{ Curve: curve, } @@ -99,12 +101,14 @@ func testIdemix(t *testing.T, curve *math.Curve, tr Translator) { // Test issuer key generation if err != nil { t.Fatalf("Error getting rng: \"%s\"", err) + return } // Create a new key pair key, err := idmx.NewIssuerKey(AttributeNames, rng, tr) if err != nil { t.Fatalf("Issuer key generation should have succeeded but gave error \"%s\"", err) + return } @@ -112,6 +116,7 @@ func testIdemix(t *testing.T, curve *math.Curve, tr Translator) { err = key.GetIpk().Check(curve, tr) if err != nil { t.Fatalf("Issuer public key should be valid") + return } @@ -143,7 +148,7 @@ func testIdemix(t *testing.T, curve *math.Curve, tr Translator) { require.NoError(t, err, "NewCredRequest failed: \"%s\"", err) cred, err := idmx.NewCredential(key, m, attrs, rng, tr) - require.NoError(t, err, "Failed to issue a credential: \"%s\"", err) + require.NoError(t, err, "failed to issue a credential: \"%s\"", err) require.NoError(t, cred.Ver(sk, key.Ipk, idmx.Curve, tr), "credential should be valid") @@ -201,12 +206,14 @@ func testIdemix(t *testing.T, curve *math.Curve, tr Translator) { err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) if err != nil { t.Fatalf("Signature should be valid but verification returned error: %s", err) + return } err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) if err != nil { t.Fatalf("Signature should be valid but verification returned error: %s", err) + return } @@ -231,6 +238,7 @@ func testIdemix(t *testing.T, curve *math.Curve, tr Translator) { err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) if err != nil { t.Fatalf("Signature should be valid but verification returned error: %s", err) + return } err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) @@ -301,6 +309,7 @@ func testIdemix(t *testing.T, curve *math.Curve, tr Translator) { err = nymsig.Ver(Nym, key.Ipk, []byte("testing"), idmx.Curve, tr) if err != nil { t.Fatalf("NymSig should be valid but verification returned error: %s", err) + return } } @@ -326,6 +335,7 @@ func TestCredentialVerParallelGurvy254(t *testing.T) { } func testCredentialVerParallel(t *testing.T, curve *math.Curve, tr Translator) { + t.Helper() idmx := &Idemix{ Curve: curve, } @@ -352,14 +362,14 @@ func testCredentialVerParallel(t *testing.T, curve *math.Curve, tr Translator) { defer waitGroup.Done() rng, err := curve.Rand() - require.NoError(t, err) + assert.NoError(t, err) sk := curve.NewRandomZr(rng) ni := curve.NewRandomZr(rng) m, err := idmx.NewCredRequest(sk, ni.Bytes(), key.Ipk, rng, tr) - require.NoError(t, err, "NewCredRequest failed: \"%s\"", err) + assert.NoError(t, err, "NewCredRequest failed: \"%s\"", err) cred, err := idmx.NewCredential(key, m, attrs, rng, tr) - require.NoError(t, err, "Failed to issue a credential: \"%s\"", err) - require.NoError(t, cred.Ver(sk, key.Ipk, idmx.Curve, tr), "credential should be valid") + assert.NoError(t, err, "failed to issue a credential: \"%s\"", err) + assert.NoError(t, cred.Ver(sk, key.Ipk, idmx.Curve, tr), "credential should be valid") }() } waitGroup.Wait() @@ -386,6 +396,7 @@ func TestSigParallelGurvy254(t *testing.T) { } func testSigParallel(t *testing.T, curve *math.Curve, tr Translator) { + t.Helper() idmx := &Idemix{ Curve: curve, } @@ -416,7 +427,7 @@ func testSigParallel(t *testing.T, curve *math.Curve, tr Translator) { require.NoError(t, err, "NewCredRequest failed: \"%s\"", err) cred, err := idmx.NewCredential(key, m, attrs, rng, tr) - require.NoError(t, err, "Failed to issue a credential: \"%s\"", err) + require.NoError(t, err, "failed to issue a credential: \"%s\"", err) require.NoError(t, cred.Ver(sk, key.Ipk, idmx.Curve, tr), "credential should be valid") // Generate a revocation key pair @@ -448,12 +459,13 @@ func testSigParallel(t *testing.T, curve *math.Curve, tr Translator) { msg := []byte{1, 2, 3, 4, 5} rhindex := 4 sig, _, err := idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, 0, cri, rng, tr, opts.Standard, nil) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) if err != nil { t.Logf("Signature should be valid but verification returned error: %s", err) t.Fail() + return } @@ -461,28 +473,31 @@ func testSigParallel(t *testing.T, curve *math.Curve, tr Translator) { if err != nil { t.Logf("Signature should be valid but verification returned error: %s", err) t.Fail() + return } err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.Error(t, err) - require.Equal(t, "no EidNym provided but ExpectEidNym required", err.Error()) + assert.Error(t, err) + assert.Equal(t, "no EidNym provided but ExpectEidNym required", err.Error()) eidIndex := 2 sig, meta, err := idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, eidIndex, cri, rng, tr, opts.EidNym, nil) - require.NoError(t, err) + assert.NoError(t, err) // assert that the returned randomness is the right one H_a_eid, err := tr.G1FromProto(key.Ipk.HAttrs[eidIndex]) if err != nil { t.Logf("G1FromProto returned error: %s", err) t.Fail() + return } HRand, err := tr.G1FromProto(key.Ipk.HRand) if err != nil { t.Logf("G1FromProto returned error: %s", err) t.Fail() + return } Nym_eid := H_a_eid.Mul2(attrs[eidIndex], HRand, meta.EidNymAuditData.Rand) @@ -490,48 +505,50 @@ func testSigParallel(t *testing.T, curve *math.Curve, tr Translator) { if err != nil { t.Logf("G1FromProto returned error: %s", err) t.Fail() + return } - require.True(t, Nym_eid.Equals(EidNym)) + assert.True(t, Nym_eid.Equals(EidNym)) err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) if err != nil { t.Logf("Signature should be valid but verification returned error: %s", err) t.Fail() + return } err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) - require.Error(t, err) - require.Equal(t, "EidNym available but ExpectStandard required", err.Error()) + assert.Error(t, err) + assert.Equal(t, "EidNym available but ExpectStandard required", err.Error()) // supply the meta to audit the nym eid err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.NoError(t, err) + assert.NoError(t, err) // tamper with the randomness of the nym eid to expect a failed verification meta.EidNymAuditData.Attr = curve.NewZrFromInt(35) err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) + assert.Error(t, err) + assert.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) + assert.Error(t, err) + assert.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) // Test signing selective disclosure disclosure = []byte{0, 1, 1, 1, 0} sig, _, err = idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, 0, cri, rng, tr, opts.Standard, nil) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.Error(t, err) - require.Equal(t, "no EidNym provided but ExpectEidNym required", err.Error()) + assert.Error(t, err) + assert.Equal(t, "no EidNym provided but ExpectEidNym required", err.Error()) }() } @@ -547,50 +564,51 @@ func testSigParallel(t *testing.T, curve *math.Curve, tr Translator) { eidIndex := 2 sig, meta, err := idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, eidIndex, cri, rng, tr, opts.EidNym, nil) - require.NoError(t, err) + assert.NoError(t, err) // assert that the returned randomness is the right one H_a_eid, err := tr.G1FromProto(key.Ipk.HAttrs[eidIndex]) - require.NoError(t, err) + assert.NoError(t, err) HRand, err := tr.G1FromProto(key.Ipk.HRand) - require.NoError(t, err) + assert.NoError(t, err) Nym_eid := H_a_eid.Mul2(attrs[eidIndex], HRand, meta.EidNymAuditData.Rand) EidNym, err := tr.G1FromProto(sig.EidNym.Nym) - require.NoError(t, err) - require.True(t, Nym_eid.Equals(EidNym)) + assert.NoError(t, err) + assert.True(t, Nym_eid.Equals(EidNym)) // and now do it with the function err = sig.AuditNymEid(key.Ipk, attrs[eidIndex], eidIndex, meta.EidNymAuditData.Rand, idmx.Curve, tr) - require.NoError(t, err) + assert.NoError(t, err) err = NymEID(meta.EidNymAuditData.Nym.Bytes()).AuditNymEid(key.Ipk, attrs[eidIndex], eidIndex, meta.EidNymAuditData.Rand, idmx.Curve, tr) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, nil, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) if err != nil { t.Logf("Signature should be valid but verification returned error: %s", err) t.Fail() + return } err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) - require.Error(t, err) - require.Equal(t, "EidNym available but ExpectStandard required", err.Error()) + assert.Error(t, err) + assert.Equal(t, "EidNym available but ExpectStandard required", err.Error()) // supply the meta to audit the nym eid err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.NoError(t, err) + assert.NoError(t, err) // tamper with the randomness of the nym eid to expect a failed verification meta.EidNymAuditData.Attr = curve.NewZrFromInt(35) err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) + assert.Error(t, err) + assert.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) err = sig.Ver(disclosure, key.Ipk, msg, attrs, 0, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) + assert.Error(t, err) + assert.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) }() } @@ -606,78 +624,79 @@ func testSigParallel(t *testing.T, curve *math.Curve, tr Translator) { eidIndex := 2 sig, meta, err := idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, eidIndex, cri, rng, tr, opts.EidNymRhNym, nil) - require.NoError(t, err) + assert.NoError(t, err) // assert that the returned randomness is the right one H_a_eid, err := tr.G1FromProto(key.Ipk.HAttrs[eidIndex]) - require.NoError(t, err) + assert.NoError(t, err) HRand, err := tr.G1FromProto(key.Ipk.HRand) - require.NoError(t, err) + assert.NoError(t, err) Nym_eid := H_a_eid.Mul2(attrs[eidIndex], HRand, meta.EidNymAuditData.Rand) EidNym, err := tr.G1FromProto(sig.EidNym.Nym) - require.NoError(t, err) - require.True(t, Nym_eid.Equals(EidNym)) + assert.NoError(t, err) + assert.True(t, Nym_eid.Equals(EidNym)) // and now do it with the function err = sig.AuditNymEid(key.Ipk, attrs[eidIndex], eidIndex, meta.EidNymAuditData.Rand, idmx.Curve, tr) - require.NoError(t, err) + assert.NoError(t, err) err = NymEID(meta.EidNymAuditData.Nym.Bytes()).AuditNymEid(key.Ipk, attrs[eidIndex], eidIndex, meta.EidNymAuditData.Rand, idmx.Curve, tr) - require.NoError(t, err) + assert.NoError(t, err) err = sig.AuditNymRh(key.Ipk, attrs[rhindex], rhindex, meta.RhNymAuditData.Rand, idmx.Curve, tr) - require.NoError(t, err) + assert.NoError(t, err) err = NymRH(meta.RhNymAuditData.Nym.Bytes()).AuditNymRh(key.Ipk, attrs[rhindex], rhindex, meta.RhNymAuditData.Rand, idmx.Curve, tr) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, nil, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) if err != nil { t.Logf("Signature should be valid but verification returned error: %s", err) t.Fail() + return } err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNymRhNym, nil) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.Error(t, err) + assert.Error(t, err) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) - require.Error(t, err) - require.Equal(t, "RhNym available but ExpectStandard required", err.Error()) + assert.Error(t, err) + assert.Equal(t, "RhNym available but ExpectStandard required", err.Error()) // supply the meta to audit the nym eid and rh err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.Error(t, err) + assert.Error(t, err) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNymRhNym, meta) - require.NoError(t, err) + assert.NoError(t, err) // tamper with the randomness of the nym eid to expect a failed verification tmp := meta.EidNymAuditData.Attr meta.EidNymAuditData.Attr = curve.NewZrFromInt(35) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) + assert.Error(t, err) + assert.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) + assert.Error(t, err) + assert.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNymRhNym, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) + assert.Error(t, err) + assert.Equal(t, "signature invalid: nym eid validation failed, does not match regenerated nym eid", err.Error()) meta.EidNymAuditData.Attr = tmp // tamper with the randomness of the nym rh to expect a failed verification meta.RhNymAuditData.Attr = curve.NewZrFromInt(35) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym rh validation failed, does not match regenerated nym rh", err.Error()) + assert.Error(t, err) + assert.Equal(t, "signature invalid: nym rh validation failed, does not match regenerated nym rh", err.Error()) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNymRhNym, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: nym rh validation failed, does not match regenerated nym rh", err.Error()) + assert.Error(t, err) + assert.Equal(t, "signature invalid: nym rh validation failed, does not match regenerated nym rh", err.Error()) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, eidIndex, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, meta) - require.Error(t, err) - require.Equal(t, "signature invalid: zero-knowledge proof is invalid", err.Error()) + assert.Error(t, err) + assert.Equal(t, "signature invalid: zero-knowledge proof is invalid", err.Error()) }() } @@ -693,15 +712,15 @@ func testSigParallel(t *testing.T, curve *math.Curve, tr Translator) { // Test signing selective disclosure disclosure := []byte{0, 1, 1, 1, 0} sig, _, err := idmx.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, 0, cri, rng, tr, opts.Standard, nil) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.BestEffort, nil) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectStandard, nil) - require.NoError(t, err) + assert.NoError(t, err) err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, 2, &revocationKey.PublicKey, epoch, idmx.Curve, tr, opts.ExpectEidNym, nil) - require.Error(t, err) - require.Equal(t, "no EidNym provided but ExpectEidNym required", err.Error()) + assert.Error(t, err) + assert.Equal(t, "no EidNym provided but ExpectEidNym required", err.Error()) }() } @@ -729,6 +748,7 @@ func TestNymSigParallelGurvy254(t *testing.T) { } func testNymSigParallel(t *testing.T, curve *math.Curve, tr Translator) { + t.Helper() idmx := &Idemix{ Curve: curve, } @@ -759,7 +779,7 @@ func testNymSigParallel(t *testing.T, curve *math.Curve, tr Translator) { require.NoError(t, err) cred, err := idmx.NewCredential(key, m, attrs, rng, tr) - require.NoError(t, err, "Failed to issue a credential: \"%s\"", err) + require.NoError(t, err, "failed to issue a credential: \"%s\"", err) require.NoError(t, cred.Ver(sk, key.Ipk, idmx.Curve, tr), "credential should be valid") // Generate a revocation key pair @@ -787,12 +807,13 @@ func testNymSigParallel(t *testing.T, curve *math.Curve, tr Translator) { // Test NymSignatures nymsig, err := idmx.NewNymSignature(sk, Nym, RandNym, key.Ipk, []byte("testing"), rng, tr) - require.NoError(t, err) + assert.NoError(t, err) err = nymsig.Ver(Nym, key.Ipk, []byte("testing"), idmx.Curve, tr) if err != nil { t.Logf("NymSig should be valid but verification returned error: %s", err) t.Fail() + return } }() @@ -822,6 +843,7 @@ func TestIPKCheckGurvy254(t *testing.T) { } func testIPKCheck(t *testing.T, curve *math.Curve, tr Translator) { + t.Helper() idmx := &Idemix{ Curve: curve, } @@ -834,7 +856,7 @@ func testIPKCheck(t *testing.T, curve *math.Curve, tr Translator) { // Test weak BB sigs: // Test KeyGen rng, err := curve.Rand() - require.NoError(t, err) + assert.NoError(t, err) // Test idemix functionality AttributeNames := []string{"Attr1", "Attr2", "Attr3", "Attr4", "Attr5"} @@ -845,11 +867,11 @@ func testIPKCheck(t *testing.T, curve *math.Curve, tr Translator) { // Create a new key pair key, err := idmx.NewIssuerKey(AttributeNames, rng, tr) - require.NoError(t, err) + assert.NoError(t, err) // Check that the key is valid err = key.GetIpk().Check(curve, tr) - require.NoError(t, err) + assert.NoError(t, err) }() } waitGroup.Wait() diff --git a/bccsp/schemes/dlog/crypto/issuerkey.go b/bccsp/schemes/dlog/crypto/issuerkey.go index d182fa20..eb39eed4 100644 --- a/bccsp/schemes/dlog/crypto/issuerkey.go +++ b/bccsp/schemes/dlog/crypto/issuerkey.go @@ -7,7 +7,8 @@ SPDX-License-Identifier: Apache-2.0 package idemix import ( - fmt "fmt" + "errors" + "fmt" "io" "github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl" @@ -95,7 +96,7 @@ func newIssuerKey(AttributeNames []string, rng io.Reader, curve *math.Curve, t T index = appendBytesG2(proofData, index, curve.GenG2) index = appendBytesG1(proofData, index, BarG1) index = appendBytesG2(proofData, index, W) - index = appendBytesG1(proofData, index, BarG2) + _ = appendBytesG1(proofData, index, BarG2) proofC := curve.HashToZr(proofData) key.Ipk.ProofC = proofC.Bytes() @@ -150,7 +151,7 @@ func (IPk *IssuerPublicKey) Check(curve *math.Curve, t Translator) error { } HAttrs := make([]*math.G1, len(IPk.GetHAttrs())) - for i := 0; i < len(IPk.GetHAttrs()); i++ { + for i := range len(IPk.GetHAttrs()) { HAttrs[i], err = t.G1FromProto(IPk.GetHAttrs()[i]) if err != nil { return err @@ -183,11 +184,11 @@ func (IPk *IssuerPublicKey) Check(curve *math.Curve, t Translator) error { BarG2 == nil || HAttrs == nil || len(IPk.HAttrs) < NumAttrs { - return fmt.Errorf("some part of the public key is undefined") + return errors.New("some part of the public key is undefined") } for i := range NumAttrs { if IPk.HAttrs[i] == nil { - return fmt.Errorf("some part of the public key is undefined") + return errors.New("some part of the public key is undefined") } } @@ -209,11 +210,11 @@ func (IPk *IssuerPublicKey) Check(curve *math.Curve, t Translator) error { index = appendBytesG2(proofData, index, curve.GenG2) index = appendBytesG1(proofData, index, BarG1) index = appendBytesG2(proofData, index, W) - index = appendBytesG1(proofData, index, BarG2) + _ = appendBytesG1(proofData, index, BarG2) // Verify that the challenge is the same if !ProofC.Equals(curve.HashToZr(proofData)) { - return fmt.Errorf("zero knowledge proof in public key invalid") + return errors.New("zero knowledge proof in public key invalid") } return IPk.SetHash(curve) @@ -224,8 +225,9 @@ func (IPk *IssuerPublicKey) SetHash(curve *math.Curve) error { IPk.Hash = nil serializedIPk, err := proto.Marshal(IPk) if err != nil { - return fmt.Errorf("Failed to marshal issuer public key: %w", err) + return fmt.Errorf("failed to marshal issuer public key: %w", err) } IPk.Hash = curve.HashToZr(serializedIPk).Bytes() + return nil } diff --git a/bccsp/schemes/dlog/crypto/nonrevocation-prover.go b/bccsp/schemes/dlog/crypto/nonrevocation-prover.go index 0eee8827..f6b84e92 100644 --- a/bccsp/schemes/dlog/crypto/nonrevocation-prover.go +++ b/bccsp/schemes/dlog/crypto/nonrevocation-prover.go @@ -32,6 +32,7 @@ func (prover *nopNonRevokedProver) getFSContribution(rh *math.Zr, rRh *math.Zr, func (prover *nopNonRevokedProver) getNonRevokedProof(chal *math.Zr) (*NonRevocationProof, error) { ret := &NonRevocationProof{} ret.RevocationAlg = int32(ALG_NO_REVOCATION) + return ret, nil } diff --git a/bccsp/schemes/dlog/crypto/nymeid.go b/bccsp/schemes/dlog/crypto/nymeid.go index a8af8a97..e2cf41c2 100644 --- a/bccsp/schemes/dlog/crypto/nymeid.go +++ b/bccsp/schemes/dlog/crypto/nymeid.go @@ -25,15 +25,15 @@ func (nym NymEID) AuditNymEid( ) error { // Validate inputs if ipk == nil { - return fmt.Errorf("cannot verify idemix signature: received nil input") + return errors.New("cannot verify idemix signature: received nil input") } if len(nym) == 0 { - return fmt.Errorf("no EidNym provided") + return errors.New("no EidNym provided") } if len(ipk.HAttrs) <= eidIndex { - return fmt.Errorf("could not access H_a_eid in array") + return errors.New("could not access H_a_eid in array") } H_a_eid, err := t.G1FromProto(ipk.HAttrs[eidIndex]) diff --git a/bccsp/schemes/dlog/crypto/nymrh.go b/bccsp/schemes/dlog/crypto/nymrh.go index 9c48b8e5..00470553 100644 --- a/bccsp/schemes/dlog/crypto/nymrh.go +++ b/bccsp/schemes/dlog/crypto/nymrh.go @@ -25,15 +25,15 @@ func (nym NymRH) AuditNymRh( ) error { // Validate inputs if ipk == nil { - return fmt.Errorf("cannot verify idemix signature: received nil input") + return errors.New("cannot verify idemix signature: received nil input") } if len(nym) == 0 { - return fmt.Errorf("no RhNym provided") + return errors.New("no RhNym provided") } if len(ipk.HAttrs) <= rhIndex { - return fmt.Errorf("could not access H_a_rh in array") + return errors.New("could not access H_a_rh in array") } H_a_rh, err := t.G1FromProto(ipk.HAttrs[rhIndex]) diff --git a/bccsp/schemes/dlog/crypto/nymsignature.go b/bccsp/schemes/dlog/crypto/nymsignature.go index d9589285..6e5dc7f8 100644 --- a/bccsp/schemes/dlog/crypto/nymsignature.go +++ b/bccsp/schemes/dlog/crypto/nymsignature.go @@ -7,7 +7,7 @@ SPDX-License-Identifier: Apache-2.0 package idemix import ( - fmt "fmt" + "errors" "io" math "github.com/IBM/mathlib" @@ -21,7 +21,7 @@ func (i *Idemix) NewNymSignature(sk *math.Zr, Nym *math.G1, RNym *math.Zr, ipk * func newNymSignature(sk *math.Zr, Nym *math.G1, RNym *math.Zr, ipk *IssuerPublicKey, msg []byte, rng io.Reader, curve *math.Curve, tr Translator) (*NymSignature, error) { // Validate inputs if sk == nil || Nym == nil || RNym == nil || ipk == nil || rng == nil { - return nil, fmt.Errorf("cannot create NymSignature: received nil input") + return nil, errors.New("cannot create NymSignature: received nil input") } Nonce := curve.NewRandomZr(rng) @@ -121,7 +121,7 @@ func (sig *NymSignature) Ver(nym *math.G1, ipk *IssuerPublicKey, msg []byte, cur appendBytesBig(proofData, index, Nonce) if !ProofC.Equals(curve.HashToZr(proofData)) { - return fmt.Errorf("pseudonym signature invalid: zero-knowledge proof is invalid") + return errors.New("pseudonym signature invalid: zero-knowledge proof is invalid") } return nil diff --git a/bccsp/schemes/dlog/crypto/revocation_authority.go b/bccsp/schemes/dlog/crypto/revocation_authority.go index 83525644..11081446 100644 --- a/bccsp/schemes/dlog/crypto/revocation_authority.go +++ b/bccsp/schemes/dlog/crypto/revocation_authority.go @@ -12,7 +12,8 @@ import ( "crypto/rand" "crypto/sha256" "encoding/asn1" - fmt "fmt" + "errors" + "fmt" "io" "math/big" @@ -48,9 +49,9 @@ func (i *Idemix) LongTermRevocationKeyFromBytes(raw []byte) (*ecdsa.PrivateKey, func longTermRevocationKeyFromBytes(raw []byte) (*ecdsa.PrivateKey, error) { priv := &ecdsa.PrivateKey{} - priv.D = new(big.Int).SetBytes(raw) - priv.PublicKey.Curve = elliptic.P384() - priv.PublicKey.X, priv.PublicKey.Y = elliptic.P384().ScalarBaseMult(priv.D.Bytes()) + priv.D = new(big.Int).SetBytes(raw) //nolint:staticcheck + priv.Curve = elliptic.P384() + priv.X, priv.Y = elliptic.P384().ScalarBaseMult(priv.D.Bytes()) //nolint:staticcheck return priv, nil } @@ -65,7 +66,7 @@ func (i *Idemix) CreateCRI(key *ecdsa.PrivateKey, unrevokedHandles []*math.Zr, e func createCRI(key *ecdsa.PrivateKey, unrevokedHandles []*math.Zr, epoch int, alg RevocationAlgorithm, rng io.Reader, curve *math.Curve, t Translator) (*CredentialRevocationInformation, error) { if key == nil || rng == nil { - return nil, fmt.Errorf("CreateCRI received nil input") + return nil, errors.New("createCRI received nil input") } cri := &CredentialRevocationInformation{} cri.RevocationAlg = int32(alg) @@ -96,7 +97,7 @@ func createCRI(key *ecdsa.PrivateKey, unrevokedHandles []*math.Zr, epoch int, al if alg == ALG_NO_REVOCATION { return cri, nil } else { - return nil, fmt.Errorf("the specified revocation algorithm is not supported.") + return nil, errors.New("the specified revocation algorithm is not supported") } } @@ -111,7 +112,7 @@ func (i *Idemix) VerifyEpochPK(pk *ecdsa.PublicKey, epochPK *amcl.ECP2, epochPkS func verifyEpochPK(pk *ecdsa.PublicKey, epochPK *amcl.ECP2, epochPkSig []byte, epoch int, alg RevocationAlgorithm) error { if pk == nil || epochPK == nil { - return fmt.Errorf("EpochPK invalid: received nil input") + return errors.New("epochPK invalid: received nil input") } cri := &CredentialRevocationInformation{} cri.RevocationAlg = int32(alg) @@ -129,7 +130,7 @@ func verifyEpochPK(pk *ecdsa.PublicKey, epochPK *amcl.ECP2, epochPkSig []byte, e } if !ecdsa.Verify(pk, digest[:], sig.R, sig.S) { - return fmt.Errorf("EpochPKSig invalid") + return errors.New("epochPKSig invalid") } return nil diff --git a/bccsp/schemes/dlog/crypto/signature.go b/bccsp/schemes/dlog/crypto/signature.go index 41b2469c..d8610862 100644 --- a/bccsp/schemes/dlog/crypto/signature.go +++ b/bccsp/schemes/dlog/crypto/signature.go @@ -43,6 +43,7 @@ func hiddenIndices(Disclosure []byte) []int { HiddenIndices = append(HiddenIndices, index) } } + return HiddenIndices } @@ -140,7 +141,7 @@ func newSignatureWithEIDNym( metadata *opts.IdemixSignerMetadata, ) (*Signature, *opts.IdemixSignerMetadata, error) { if Disclosure[eidIndex] != 0 { - return nil, nil, fmt.Errorf("cannot create idemix signature: disclosure of enrollment ID requested for NewSignatureWithEIDNym") + return nil, nil, errors.New("cannot create idemix signature: disclosure of enrollment ID requested for NewSignatureWithEIDNym") } t1, t2, t3, APrime, ABar, BPrime, nonRevokedProofHashData, E, Nonce, rSk, rSPrime, rR2, rR3, r2, r3, re, sPrime, rRNym, rAttrs, prover, HiddenIndices, err := prepare(cred, sk, Nym, RNym, ipk, Disclosure, msg, rhIndex, cri, rng, curve, tr) @@ -191,11 +192,11 @@ func newSignatureWithEIDNymAndRHNym( metadata *opts.IdemixSignerMetadata, ) (*Signature, *opts.IdemixSignerMetadata, error) { if Disclosure[eidIndex] != 0 { - return nil, nil, fmt.Errorf("cannot create idemix signature: disclosure of enrollment ID requested for NewSignatureWithEIDNym") + return nil, nil, errors.New("cannot create idemix signature: disclosure of enrollment ID requested for NewSignatureWithEIDNym") } if Disclosure[rhIndex] != 0 { - return nil, nil, fmt.Errorf("cannot create idemix signature: disclosure of revocation handle requested for NewSignatureWithEIDNymAndRHNym") + return nil, nil, errors.New("cannot create idemix signature: disclosure of revocation handle requested for NewSignatureWithEIDNymAndRHNym") } t1, t2, t3, APrime, ABar, BPrime, nonRevokedProofHashData, E, Nonce, rSk, rSPrime, rR2, rR3, r2, r3, re, sPrime, rRNym, rAttrs, prover, HiddenIndices, err := prepare(cred, sk, Nym, RNym, ipk, Disclosure, msg, rhIndex, cri, rng, curve, tr) @@ -254,15 +255,15 @@ func prepare( ) { // Validate inputs if cred == nil || sk == nil || Nym == nil || RNym == nil || ipk == nil || rng == nil || cri == nil { - return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("cannot create idemix signature: received nil input") + return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, errors.New("cannot create idemix signature: received nil input") } if rhIndex < 0 || rhIndex >= len(ipk.AttributeNames) || len(Disclosure) != len(ipk.AttributeNames) { - return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("cannot create idemix signature: received invalid input") + return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, errors.New("cannot create idemix signature: received invalid input") } if cri.RevocationAlg != int32(ALG_NO_REVOCATION) && Disclosure[rhIndex] == 1 { - return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("Attribute %d is disclosed but also used as revocation handle attribute, which should remain hidden.", rhIndex) + return nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, fmt.Errorf("attribute %d is disclosed but also used as revocation handle attribute, which should remain hidden", rhIndex) } // locate the indices of the attributes to hide and sample randomness for them @@ -376,7 +377,7 @@ func prepare( // t2: is related to knowledge of the non-disclosed attributes that signed in (A,B,S,E) t2 := HRand.Mul(rSPrime) // h_r^{r_{s'}} t2.Add(BPrime.Mul2(rR3, HSk, rSk)) // B'^{r_{r3}} \cdot h_{sk}^{r_{sk}} - for i := 0; i < len(HiddenIndices)/2; i++ { + for i := range len(HiddenIndices) / 2 { t2.Add( // \cdot h_{2 \cdot i}^{r_{attrs,i} HAttrs[HiddenIndices[2*i]].Mul2( @@ -429,7 +430,6 @@ func finalise( sigType opts.SignatureType, metadata *opts.IdemixSignerMetadata, ) (*Signature, *opts.IdemixSignerMetadata, error) { - var Nym_eid, Nym_rh *math.G1 var t4_eid, t4_rh *math.G1 var r_r_eid, r_eid, r_r_rh, r_rh *math.Zr @@ -440,11 +440,11 @@ func finalise( EID = curve.NewZrFromBytes(cred.Attrs[eidIndex]) if metadata != nil { if metadata.EidNymAuditData == nil { - return nil, nil, fmt.Errorf("invalid argument, expected metadata") + return nil, nil, errors.New("invalid argument, expected metadata") } if !metadata.EidNymAuditData.Attr.Equals(EID) { - return nil, nil, fmt.Errorf("invalid argument, eid nym audit metadata does not match (1)") + return nil, nil, errors.New("invalid argument, eid nym audit metadata does not match (1)") } r_eid = metadata.EidNymAuditData.Rand } else { @@ -471,7 +471,7 @@ func finalise( if metadata != nil { if !metadata.EidNymAuditData.Nym.Equals(Nym_eid) { - return nil, nil, fmt.Errorf("invalid argument, eid nym audit metadata does not match (2)") + return nil, nil, errors.New("invalid argument, eid nym audit metadata does not match (2)") } } @@ -483,11 +483,11 @@ func finalise( RH = curve.NewZrFromBytes(cred.Attrs[rhIndex]) if metadata != nil { if metadata.RhNymAuditData == nil { - return nil, nil, fmt.Errorf("invalid argument, expected metadata") + return nil, nil, errors.New("invalid argument, expected metadata") } if !metadata.RhNymAuditData.Attr.Equals(RH) { - return nil, nil, fmt.Errorf("invalid argument, rh nym audit metadata does not match (1)") + return nil, nil, errors.New("invalid argument, rh nym audit metadata does not match (1)") } r_rh = metadata.RhNymAuditData.Rand } else { @@ -514,7 +514,7 @@ func finalise( if metadata != nil { if !metadata.RhNymAuditData.Nym.Equals(Nym_rh) { - return nil, nil, fmt.Errorf("invalid argument, rh nym audit metadata does not match (2)") + return nil, nil, errors.New("invalid argument, rh nym audit metadata does not match (2)") } } @@ -595,7 +595,7 @@ func finalise( ProofSAttrs := make([][]byte, len(HiddenIndices)) for i, j := range HiddenIndices { ProofSAttrs[i] = - // s_attrsi = rAttrsi + C \cdot cred.Attrs[j] + // s_attrsi = rAttrsi + C \cdot cred.Attrs[j] curve.ModAdd(rAttrs[i], curve.ModMul(ProofC, curve.NewZrFromBytes(cred.Attrs[j]), curve.GroupOrder), curve.GroupOrder).Bytes() } @@ -718,15 +718,15 @@ func (sig *Signature) AuditNymEid( ) error { // Validate inputs if ipk == nil { - return fmt.Errorf("cannot verify idemix signature: received nil input") + return errors.New("cannot verify idemix signature: received nil input") } if sig.EidNym == nil || sig.EidNym.Nym == nil { - return fmt.Errorf("no EidNym provided") + return errors.New("no EidNym provided") } if len(ipk.HAttrs) <= eidIndex { - return fmt.Errorf("could not access H_a_eid in array") + return errors.New("could not access H_a_eid in array") } H_a_eid, err := t.G1FromProto(ipk.HAttrs[eidIndex]) @@ -763,15 +763,15 @@ func (sig *Signature) AuditNymRh( ) error { // Validate inputs if ipk == nil { - return fmt.Errorf("cannot verify idemix signature: received nil input") + return errors.New("cannot verify idemix signature: received nil input") } if sig.RhNym == nil || sig.RhNym.Nym == nil { - return fmt.Errorf("no RhNym provided") + return errors.New("no RhNym provided") } if len(ipk.HAttrs) <= rhIndex { - return fmt.Errorf("could not access H_a_rh in array") + return errors.New("could not access H_a_rh in array") } H_a_rh, err := t.G1FromProto(ipk.HAttrs[rhIndex]) @@ -817,36 +817,36 @@ func (sig *Signature) Ver( ) error { // Validate inputs if ipk == nil { - return fmt.Errorf("cannot verify idemix signature: received nil input") + return errors.New("cannot verify idemix signature: received nil input") } if rhIndex < 0 || rhIndex >= len(ipk.AttributeNames) || len(Disclosure) != len(ipk.AttributeNames) { - return fmt.Errorf("cannot verify idemix signature: received invalid input") + return errors.New("cannot verify idemix signature: received invalid input") } if sig.NonRevocationProof.RevocationAlg != int32(ALG_NO_REVOCATION) && Disclosure[rhIndex] == 1 { - return fmt.Errorf("Attribute %d is disclosed but is also used as revocation handle, which should remain hidden.", rhIndex) + return fmt.Errorf("attribute %d is disclosed but is also used as revocation handle, which should remain hidden", rhIndex) } if verType == opts.ExpectEidNym && (sig.EidNym == nil || sig.EidNym.Nym == nil || sig.EidNym.ProofSEid == nil) { - return fmt.Errorf("no EidNym provided but ExpectEidNym required") + return errors.New("no EidNym provided but ExpectEidNym required") } if verType == opts.ExpectEidNymRhNym { if sig.EidNym == nil || sig.EidNym.Nym == nil || sig.EidNym.ProofSEid == nil { - return fmt.Errorf("no EidNym provided but ExpectEidNymRhNym required") + return errors.New("no EidNym provided but ExpectEidNymRhNym required") } if sig.RhNym == nil || sig.RhNym.Nym == nil || sig.RhNym.ProofSRh == nil { - return fmt.Errorf("no RhNym provided but ExpectEidNymRhNym required") + return errors.New("no RhNym provided but ExpectEidNymRhNym required") } } if verType == opts.ExpectStandard { if sig.RhNym != nil { - return fmt.Errorf("RhNym available but ExpectStandard required") + return errors.New("RhNym available but ExpectStandard required") } if sig.EidNym != nil { - return fmt.Errorf("EidNym available but ExpectStandard required") + return errors.New("EidNym available but ExpectStandard required") } } @@ -889,7 +889,7 @@ func (sig *Signature) Ver( ProofSRNym := curve.NewZrFromBytes(sig.GetProofSRNym()) ProofSAttrs := make([]*math.Zr, len(sig.GetProofSAttrs())) if len(sig.ProofSAttrs) != len(HiddenIndices) { - return fmt.Errorf("signature invalid: incorrect amount of s-values for AttributeProofSpec") + return errors.New("signature invalid: incorrect amount of s-values for AttributeProofSpec") } for i, b := range sig.ProofSAttrs { ProofSAttrs[i] = curve.NewZrFromBytes(b) @@ -916,14 +916,14 @@ func (sig *Signature) Ver( // Verify signature if APrime.IsInfinity() { - return fmt.Errorf("signature invalid: APrime = 1") + return errors.New("signature invalid: APrime = 1") } temp1 := curve.Pairing(W, APrime) temp2 := curve.Pairing(curve.GenG2, ABar) temp2.Inverse() temp1.Mul(temp2) if !curve.FExp(temp1).IsUnity() { - return fmt.Errorf("signature invalid: APrime and ABar don't have the expected structure") + return errors.New("signature invalid: APrime and ABar don't have the expected structure") } // Verify ZK proof @@ -948,7 +948,7 @@ func (sig *Signature) Ver( // Recompute t2 t2 := HRand.Mul(ProofSSPrime) t2.Add(BPrime.Mul2(ProofSR3, HSk, ProofSSk)) - for i := 0; i < len(HiddenIndices)/2; i++ { + for i := range len(HiddenIndices) / 2 { t2.Add(HAttrs[HiddenIndices[2*i]].Mul2(ProofSAttrs[2*i], HAttrs[HiddenIndices[2*i+1]], ProofSAttrs[2*i+1])) } if len(HiddenIndices)%2 != 0 { @@ -1091,21 +1091,21 @@ func (sig *Signature) Ver( Nym_eid := H_a_eid.Mul2(meta.EidNymAuditData.Attr, HRand, meta.EidNymAuditData.Rand) if !Nym_eid.Equals(EidNym) { - return fmt.Errorf("signature invalid: nym eid validation failed, does not match regenerated nym eid") + return errors.New("signature invalid: nym eid validation failed, does not match regenerated nym eid") } if meta.EidNymAuditData.Nym != nil && !EidNym.Equals(meta.EidNymAuditData.Nym) { - return fmt.Errorf("signature invalid: nym eid validation failed, does not match metadata") + return errors.New("signature invalid: nym eid validation failed, does not match metadata") } } if len(meta.EidNym) != 0 { NymEID, err := curve.NewG1FromBytes(meta.EidNym) if err != nil { - return fmt.Errorf("signature invalid: nym eid validation failed, failed to unmarshal meta nym eid") + return errors.New("signature invalid: nym eid validation failed, failed to unmarshal meta nym eid") } if !NymEID.Equals(EidNym) { - return fmt.Errorf("signature invalid: nym eid validation failed, signature nym eid does not match metadata") + return errors.New("signature invalid: nym eid validation failed, signature nym eid does not match metadata") } } } @@ -1124,21 +1124,21 @@ func (sig *Signature) Ver( Nym_rh := H_a_rh.Mul2(meta.RhNymAuditData.Attr, HRand, meta.RhNymAuditData.Rand) if !Nym_rh.Equals(RhNym) { - return fmt.Errorf("signature invalid: nym rh validation failed, does not match regenerated nym rh") + return errors.New("signature invalid: nym rh validation failed, does not match regenerated nym rh") } if meta.RhNymAuditData.Nym != nil && !RhNym.Equals(meta.RhNymAuditData.Nym) { - return fmt.Errorf("signature invalid: nym rh validation failed, does not match metadata") + return errors.New("signature invalid: nym rh validation failed, does not match metadata") } } if len(meta.RhNym) != 0 { NymRH, err := curve.NewG1FromBytes(meta.RhNym) if err != nil { - return fmt.Errorf("signature invalid: nym rh validation failed, failed to unmarshal meta nym rh") + return errors.New("signature invalid: nym rh validation failed, failed to unmarshal meta nym rh") } if !NymRH.Equals(RhNym) { - return fmt.Errorf("signature invalid: nym rh validation failed, signature nym rh does not match metadata") + return errors.New("signature invalid: nym rh validation failed, signature nym rh does not match metadata") } } } @@ -1184,7 +1184,8 @@ func (sig *Signature) Ver( HRand.Bytes(), ProofSRNym.Bytes(), ) - return fmt.Errorf("signature invalid: zero-knowledge proof is invalid") + + return errors.New("signature invalid: zero-knowledge proof is invalid") } // Signature is valid diff --git a/bccsp/schemes/dlog/crypto/translator/amcl/amcl.pb.go b/bccsp/schemes/dlog/crypto/translator/amcl/amcl.pb.go index 2d54c3b0..b674d29d 100644 --- a/bccsp/schemes/dlog/crypto/translator/amcl/amcl.pb.go +++ b/bccsp/schemes/dlog/crypto/translator/amcl/amcl.pb.go @@ -12,11 +12,12 @@ package amcl import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" unsafe "unsafe" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" ) const ( diff --git a/bccsp/schemes/dlog/crypto/translator/amcl/fp256bn.go b/bccsp/schemes/dlog/crypto/translator/amcl/fp256bn.go index 6d0320b8..ca1a9e93 100644 --- a/bccsp/schemes/dlog/crypto/translator/amcl/fp256bn.go +++ b/bccsp/schemes/dlog/crypto/translator/amcl/fp256bn.go @@ -7,7 +7,7 @@ SPDX-License-Identifier: Apache-2.0 package amcl import ( - fmt "fmt" + "errors" math "github.com/IBM/mathlib" ) @@ -23,6 +23,7 @@ func (a *Fp256bn) G1ToProto(g1 *math.G1) *ECP { bytes := g1.Bytes()[1:] l := len(bytes) / 2 + return &ECP{ X: bytes[:l], Y: bytes[l:], @@ -40,11 +41,11 @@ func (a *Fp256bn) G1FromRawBytes(raw []byte) (*math.G1, error) { func (a *Fp256bn) G1FromProto(e *ECP) (*math.G1, error) { if e == nil { - return nil, fmt.Errorf("nil argument") + return nil, errors.New("nil argument") } if len(e.X) != a.C.CoordByteSize || len(e.Y) != a.C.CoordByteSize { - return nil, fmt.Errorf("invalid marshalled length") + return nil, errors.New("invalid marshalled length") } bytes := make([]byte, len(e.X)*2+1) @@ -52,6 +53,7 @@ func (a *Fp256bn) G1FromProto(e *ECP) (*math.G1, error) { bytes[0] = 0x04 copy(bytes[1:], e.X) copy(bytes[l+1:], e.Y) + return a.C.NewG1FromBytes(bytes) } @@ -62,22 +64,22 @@ func (a *Fp256bn) G2ToProto(g2 *math.G2) *ECP2 { bytes := g2.Bytes() l := len(bytes) / 4 + return &ECP2{ Xa: bytes[0:l], Xb: bytes[l : 2*l], Ya: bytes[2*l : 3*l], Yb: bytes[3*l:], } - } func (a *Fp256bn) G2FromProto(e *ECP2) (*math.G2, error) { if e == nil { - return nil, fmt.Errorf("nil argument") + return nil, errors.New("nil argument") } if len(e.Xa) != a.C.CoordByteSize || len(e.Xb) != a.C.CoordByteSize || len(e.Ya) != a.C.CoordByteSize || len(e.Yb) != a.C.CoordByteSize { - return nil, fmt.Errorf("invalid marshalled length") + return nil, errors.New("invalid marshalled length") } bytes := make([]byte, len(e.Xa)*4) @@ -86,6 +88,7 @@ func (a *Fp256bn) G2FromProto(e *ECP2) (*math.G2, error) { copy(bytes[l:2*l], e.Xb) copy(bytes[2*l:3*l], e.Ya) copy(bytes[3*l:], e.Yb) + return a.C.NewG2FromBytes(bytes) } @@ -100,6 +103,7 @@ func (a *Fp256bnMiracl) G1ToProto(g1 *math.G1) *ECP { bytes := g1.Bytes()[1:] l := len(bytes) / 2 + return &ECP{ X: bytes[:l], Y: bytes[l:], @@ -117,11 +121,11 @@ func (a *Fp256bnMiracl) G1FromRawBytes(raw []byte) (*math.G1, error) { func (a *Fp256bnMiracl) G1FromProto(e *ECP) (*math.G1, error) { if e == nil { - return nil, fmt.Errorf("nil argument") + return nil, errors.New("nil argument") } if len(e.X) != a.C.CoordByteSize || len(e.Y) != a.C.CoordByteSize { - return nil, fmt.Errorf("invalid marshalled length") + return nil, errors.New("invalid marshalled length") } bytes := make([]byte, len(e.X)*2+1) @@ -129,6 +133,7 @@ func (a *Fp256bnMiracl) G1FromProto(e *ECP) (*math.G1, error) { bytes[0] = 0x04 copy(bytes[1:], e.X) copy(bytes[l+1:], e.Y) + return a.C.NewG1FromBytes(bytes) } @@ -139,22 +144,22 @@ func (a *Fp256bnMiracl) G2ToProto(g2 *math.G2) *ECP2 { bytes := g2.Bytes()[1:] l := len(bytes) / 4 + return &ECP2{ Xa: bytes[0:l], Xb: bytes[l : 2*l], Ya: bytes[2*l : 3*l], Yb: bytes[3*l:], } - } func (a *Fp256bnMiracl) G2FromProto(e *ECP2) (*math.G2, error) { if e == nil { - return nil, fmt.Errorf("nil argument") + return nil, errors.New("nil argument") } if len(e.Xa) != a.C.CoordByteSize || len(e.Xb) != a.C.CoordByteSize || len(e.Ya) != a.C.CoordByteSize || len(e.Yb) != a.C.CoordByteSize { - return nil, fmt.Errorf("invalid marshalled length") + return nil, errors.New("invalid marshalled length") } bytes := make([]byte, 1+len(e.Xa)*4) @@ -164,5 +169,6 @@ func (a *Fp256bnMiracl) G2FromProto(e *ECP2) (*math.G2, error) { copy(bytes[1+l:], e.Xb) copy(bytes[1+2*l:], e.Ya) copy(bytes[1+3*l:], e.Yb) + return a.C.NewG2FromBytes(bytes) } diff --git a/bccsp/schemes/dlog/crypto/translator/amcl/fp256bn_test.go b/bccsp/schemes/dlog/crypto/translator/amcl/fp256bn_test.go index 10aa16b6..7b55a696 100644 --- a/bccsp/schemes/dlog/crypto/translator/amcl/fp256bn_test.go +++ b/bccsp/schemes/dlog/crypto/translator/amcl/fp256bn_test.go @@ -12,6 +12,7 @@ import ( math "github.com/IBM/mathlib" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "google.golang.org/protobuf/proto" ) @@ -25,13 +26,13 @@ func TestFp256bnTranslatorGen(t *testing.T) { ecp := tr.G1ToProto(genG1) p, err := tr.G1FromProto(ecp) assert.True(t, p.Equals(genG1)) - assert.NoError(t, err) + require.NoError(t, err) genG2 := curve.GenG2 ecp2 := tr.G2ToProto(genG2) p2, err := tr.G2FromProto(ecp2) assert.True(t, p2.Equals(genG2)) - assert.NoError(t, err) + require.NoError(t, err) } func TestFp256bnTranslatorRndG1(t *testing.T) { @@ -41,7 +42,7 @@ func TestFp256bnTranslatorRndG1(t *testing.T) { } rnd, err := curve.Rand() - assert.NoError(t, err) + require.NoError(t, err) g := curve.GenG1 r := curve.NewRandomZr(rnd) @@ -52,7 +53,7 @@ func TestFp256bnTranslatorRndG1(t *testing.T) { h1, err := tr.G1FromProto(ecp) assert.True(t, h.Equals(h1)) - assert.NoError(t, err) + require.NoError(t, err) } func TestFp256bnTranslatorRndG2(t *testing.T) { @@ -62,7 +63,7 @@ func TestFp256bnTranslatorRndG2(t *testing.T) { } rnd, err := curve.Rand() - assert.NoError(t, err) + require.NoError(t, err) g := curve.GenG2 r := curve.NewRandomZr(rnd) @@ -73,7 +74,7 @@ func TestFp256bnTranslatorRndG2(t *testing.T) { h1, err := tr.G2FromProto(ecp) assert.True(t, h.Equals(h1)) - assert.NoError(t, err) + require.NoError(t, err) } func TestFp256bnMiraclTranslatorGen(t *testing.T) { @@ -86,13 +87,13 @@ func TestFp256bnMiraclTranslatorGen(t *testing.T) { ecp := tr.G1ToProto(genG1) p, err := tr.G1FromProto(ecp) assert.True(t, p.Equals(genG1)) - assert.NoError(t, err) + require.NoError(t, err) genG2 := curve.GenG2 ecp2 := tr.G2ToProto(genG2) p2, err := tr.G2FromProto(ecp2) assert.True(t, p2.Equals(genG2)) - assert.NoError(t, err) + require.NoError(t, err) } func TestFp256bnMiraclTranslatorRndG1(t *testing.T) { @@ -102,7 +103,7 @@ func TestFp256bnMiraclTranslatorRndG1(t *testing.T) { } rnd, err := curve.Rand() - assert.NoError(t, err) + require.NoError(t, err) g := curve.GenG1 r := curve.NewRandomZr(rnd) @@ -113,7 +114,7 @@ func TestFp256bnMiraclTranslatorRndG1(t *testing.T) { h1, err := tr.G1FromProto(ecp) assert.True(t, h.Equals(h1)) - assert.NoError(t, err) + require.NoError(t, err) } func TestFp256bnMiraclTranslatorRndG2(t *testing.T) { @@ -123,7 +124,7 @@ func TestFp256bnMiraclTranslatorRndG2(t *testing.T) { } rnd, err := curve.Rand() - assert.NoError(t, err) + require.NoError(t, err) g := curve.GenG2 r := curve.NewRandomZr(rnd) @@ -134,7 +135,7 @@ func TestFp256bnMiraclTranslatorRndG2(t *testing.T) { h1, err := tr.G2FromProto(ecp) assert.True(t, h.Equals(h1)) - assert.NoError(t, err) + require.NoError(t, err) } func TestFp256bnTranslatorG2FromFile(t *testing.T) { @@ -144,15 +145,15 @@ func TestFp256bnTranslatorG2FromFile(t *testing.T) { } wBytes, err := os.ReadFile("./testdata/old/g2.bytes") - assert.NoError(t, err) + require.NoError(t, err) wProtoBytes, err := os.ReadFile("./testdata/old/g2.proto.bytes") - assert.NoError(t, err) + require.NoError(t, err) ecp := &ECP2{} err = proto.Unmarshal(wProtoBytes, ecp) - assert.NoError(t, err) + require.NoError(t, err) h1, err := tr.G2FromProto(ecp) assert.Equal(t, wBytes, h1.Bytes()) - assert.NoError(t, err) + require.NoError(t, err) } diff --git a/bccsp/schemes/dlog/crypto/translator/amcl/gurvy.go b/bccsp/schemes/dlog/crypto/translator/amcl/gurvy.go index 2be82f27..83edf8ef 100644 --- a/bccsp/schemes/dlog/crypto/translator/amcl/gurvy.go +++ b/bccsp/schemes/dlog/crypto/translator/amcl/gurvy.go @@ -18,6 +18,7 @@ func (a *Gurvy) G1ToProto(g1 *math.G1) *ECP { bytes := g1.Bytes() l := len(bytes) / 2 + return &ECP{ X: bytes[:l], Y: bytes[l:], @@ -38,19 +39,20 @@ func (a *Gurvy) G1FromProto(e *ECP) (*math.G1, error) { l := len(e.X) copy(bytes, e.X) copy(bytes[l:], e.Y) + return a.C.NewG1FromBytes(bytes) } func (a *Gurvy) G2ToProto(g2 *math.G2) *ECP2 { bytes := g2.Bytes() l := len(bytes) / 4 + return &ECP2{ Xa: bytes[0:l], Xb: bytes[l : 2*l], Ya: bytes[2*l : 3*l], Yb: bytes[3*l:], } - } func (a *Gurvy) G2FromProto(e *ECP2) (*math.G2, error) { @@ -60,5 +62,6 @@ func (a *Gurvy) G2FromProto(e *ECP2) (*math.G2, error) { copy(bytes[l:2*l], e.Xb) copy(bytes[2*l:3*l], e.Ya) copy(bytes[3*l:], e.Yb) + return a.C.NewG2FromBytes(bytes) } diff --git a/bccsp/schemes/dlog/crypto/translator/amcl/gurvy_test.go b/bccsp/schemes/dlog/crypto/translator/amcl/gurvy_test.go index c14999aa..6ca87bac 100644 --- a/bccsp/schemes/dlog/crypto/translator/amcl/gurvy_test.go +++ b/bccsp/schemes/dlog/crypto/translator/amcl/gurvy_test.go @@ -11,6 +11,7 @@ import ( math "github.com/IBM/mathlib" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestGurvyTranslatorGen(t *testing.T) { @@ -22,14 +23,14 @@ func TestGurvyTranslatorGen(t *testing.T) { genG1 := curve.GenG1 ecp := tr.G1ToProto(genG1) p, err := tr.G1FromProto(ecp) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, p.Equals(genG1)) genG2 := curve.GenG2 ecp2 := tr.G2ToProto(genG2) p2, err := tr.G2FromProto(ecp2) assert.True(t, p2.Equals(genG2)) - assert.NoError(t, err) + require.NoError(t, err) } func TestGurvyTranslatorRndG1(t *testing.T) { @@ -39,7 +40,7 @@ func TestGurvyTranslatorRndG1(t *testing.T) { } rnd, err := curve.Rand() - assert.NoError(t, err) + require.NoError(t, err) g := curve.GenG1 r := curve.NewRandomZr(rnd) @@ -50,7 +51,7 @@ func TestGurvyTranslatorRndG1(t *testing.T) { h1, err := tr.G1FromProto(ecp) assert.True(t, h.Equals(h1)) - assert.NoError(t, err) + require.NoError(t, err) } func TestGurvyTranslatorRndG2(t *testing.T) { @@ -60,7 +61,7 @@ func TestGurvyTranslatorRndG2(t *testing.T) { } rnd, err := curve.Rand() - assert.NoError(t, err) + require.NoError(t, err) g := curve.GenG2 r := curve.NewRandomZr(rnd) @@ -71,5 +72,5 @@ func TestGurvyTranslatorRndG2(t *testing.T) { h1, err := tr.G2FromProto(ecp) assert.True(t, h.Equals(h1)) - assert.NoError(t, err) + require.NoError(t, err) } diff --git a/bccsp/schemes/dlog/crypto/util.go b/bccsp/schemes/dlog/crypto/util.go index fe95016f..ad70609f 100644 --- a/bccsp/schemes/dlog/crypto/util.go +++ b/bccsp/schemes/dlog/crypto/util.go @@ -15,6 +15,7 @@ import ( func appendBytes(data []byte, index int, bytesToAdd []byte) int { copy(data[index:], bytesToAdd) + return index + len(bytesToAdd) } func appendBytesG1(data []byte, index int, E *math.G1) int { @@ -29,6 +30,7 @@ func appendBytesBig(data []byte, index int, B *math.Zr) int { func appendBytesString(data []byte, index int, s string) int { bytes := []byte(s) copy(data[index:], bytes) + return index + len(bytes) } @@ -50,6 +52,7 @@ func makeNym(sk *math.Zr, IPk *IssuerPublicKey, rng io.Reader, curve *math.Curve return nil, nil, err } Nym := HSk.Mul2(sk, HRand, RandNym) + return Nym, RandNym, nil } diff --git a/bccsp/schemes/weak-bb/weak-bb.go b/bccsp/schemes/weak-bb/weak-bb.go index 4e084590..16a952dc 100644 --- a/bccsp/schemes/weak-bb/weak-bb.go +++ b/bccsp/schemes/weak-bb/weak-bb.go @@ -4,9 +4,6 @@ Copyright IBM Corp. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ -// Deprecated: Package weakbb implements Weak Boneh-Boyen signatures for epoch-based -// revocation. The dlog scheme's usage of this package will be removed in Phase 6. -// The aries scheme will continue to use it. package weakbb import ( @@ -22,6 +19,7 @@ func WbbKeyGen(curve *math.Curve, rng io.Reader) (*math.Zr, *math.G2) { sk := curve.NewRandomZr(rng) // set pk = g2^sk pk := curve.GenG2.Mul(sk) + return sk, pk } @@ -38,7 +36,7 @@ func WbbSign(curve *math.Curve, sk *math.Zr, m *math.Zr) *math.G1 { // WbbVerify verifies a weak Boneh-Boyen signature sig on message m with public key pk func WbbVerify(curve *math.Curve, pk *math.G2, sig *math.G1, m *math.Zr) error { if pk == nil || sig == nil || m == nil { - return errors.New("Weak-BB signature invalid: received nil input") + return errors.New("weak-BB signature invalid: received nil input") } // Set P = pk * g2^m P := curve.NewG2() @@ -47,7 +45,8 @@ func WbbVerify(curve *math.Curve, pk *math.G2, sig *math.G1, m *math.Zr) error { P.Affine() // check that e(sig, pk * g2^m) = e(g1, g2) if !curve.FExp(curve.Pairing(P, sig)).Equals(curve.GenGt) { - return errors.New("Weak-BB signature is invalid") + return errors.New("weak-BB signature is invalid") } + return nil } diff --git a/bccsp/smartcard_test.go b/bccsp/smartcard_test.go index 5c689124..e042d782 100644 --- a/bccsp/smartcard_test.go +++ b/bccsp/smartcard_test.go @@ -22,46 +22,48 @@ import ( "github.com/IBM/idemix/msp/config" math "github.com/IBM/mathlib" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "google.golang.org/protobuf/proto" ) func getSmartcard(t *testing.T) (*aries.Smartcard, *math.Curve) { + t.Helper() c := math.Curves[math.FP256BN_AMCL_MIRACL] rng, err := c.Rand() - assert.NoError(t, err) + require.NoError(t, err) k0, err := hex.DecodeString("4669650c993c43ef45742c3aa8aeb842") - assert.NoError(t, err) + require.NoError(t, err) k1, err := hex.DecodeString("358abd275e6a945d680d40474f5f16c7") - assert.NoError(t, err) + require.NoError(t, err) ciph0, err := aes.NewCipher(k0) - assert.NoError(t, err) + require.NoError(t, err) ciph1, err := aes.NewCipher(k1) - assert.NoError(t, err) + require.NoError(t, err) h0Bytes, err := hex.DecodeString("0441c48875b5045400ce6bb4ce5b9c733f6d539a89f1ec2c24e0e04f56932c52ffd918f0679996b017363c591df413e1ac0be63e919defd6edc0686d41b1fcd68d") - assert.NoError(t, err) + require.NoError(t, err) h0, err := c.NewG1FromBytes(h0Bytes) - assert.NoError(t, err) + require.NoError(t, err) h1Bytes, err := hex.DecodeString("041e304080e9afd0d04317d12b5cb058cd4f322a1cddb71e64a47528353d51f7a8324fce4698dff52cd8d4c7dd2c8c94c6fba8ce12493d182e4d849106dc5c46de") - assert.NoError(t, err) + require.NoError(t, err) h1, err := c.NewG1FromBytes(h1Bytes) - assert.NoError(t, err) + require.NoError(t, err) h2Bytes, err := hex.DecodeString("04196c48c6d0249de961b97433a577da537c341ad0ea0cde4dfa40ef6bab9b59f274a07a3665518401119957a52a32a18256d7215e4f1d0ce6c9e2646d939c07f9") - assert.NoError(t, err) + require.NoError(t, err) h2, err := c.NewG1FromBytes(h2Bytes) - assert.NoError(t, err) + require.NoError(t, err) eidBytes, err := hex.DecodeString("003522e297a5f7db7521e23d9f9b87378126acd80429cf4ec07344f06bd9f7d5") - assert.NoError(t, err) + require.NoError(t, err) eid := c.NewZrFromBytes(eidBytes) skBytes, err := hex.DecodeString("00f022e297a5f7db7521e23d9f9b87378182acd80429cf4ec07344f06bd9f7d5") - assert.NoError(t, err) + require.NoError(t, err) sk := c.NewZrFromBytes(skBytes) return &aries.Smartcard{ @@ -78,8 +80,9 @@ func getSmartcard(t *testing.T) (*aries.Smartcard, *math.Curve) { } func readFile(t *testing.T, name string) []byte { + t.Helper() bytes, err := os.ReadFile(name) - assert.NoError(t, err) + require.NoError(t, err) return bytes } @@ -95,21 +98,21 @@ func TestSmartcardHybrid(t *testing.T) { issuer := &aries.Issuer{Curve: curve} _ipk, err := issuer.NewPublicKeyFromBytes(readFile(t, "testdata/idemix/msp/IssuerPublicKey"), []string{"", "", "", ""}) - assert.NoError(t, err) + require.NoError(t, err) conf := &config.IdemixMSPSignerConfig{} err = proto.Unmarshal(readFile(t, "testdata/idemix/user/SignerConfig"), conf) - assert.NoError(t, err) + require.NoError(t, err) /*******************************************************************************/ /*****************instantiate an idemix bccsp and import ipk********************/ /*******************************************************************************/ CSP, err := idemix.NewAries(NewDummyKeyStore(), curve, translator, true) - assert.NoError(t, err) + require.NoError(t, err) IssuerPublicKey, err := CSP.KeyImport(readFile(t, "testdata/idemix/msp/IssuerPublicKey"), &types.IdemixIssuerPublicKeyImportOpts{Temporary: true, AttributeNames: []string{"", "", "", ""}}) - assert.NoError(t, err) + require.NoError(t, err) /*******************************************************************************/ /**************configure the smartcard to work with these creds*****************/ @@ -134,7 +137,7 @@ func TestSmartcardHybrid(t *testing.T) { /*****sign low-level*****/ sig, nym, rNym, err := scIdmx.Sign(sc, ipk, msg) - assert.NoError(t, err) + require.NoError(t, err) /*****verify with csp*****/ @@ -143,7 +146,7 @@ func TestSmartcardHybrid(t *testing.T) { IsSmartcard: true, NymEid: nymEid, }) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) /*******************************************************************************/ @@ -186,7 +189,7 @@ func TestSmartcardHybrid(t *testing.T) { /*****sign low-level*****/ sig, _, err = signer.Sign(conf.Cred, nil, nym, rNym, ipk, idemixAttrs, nil, rhIndex, eidIndex, nil, types.Smartcard, meta) - assert.NoError(t, err) + require.NoError(t, err) /*****verify with csp*****/ @@ -204,7 +207,7 @@ func TestSmartcardHybrid(t *testing.T) { }, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) } @@ -219,21 +222,21 @@ func TestSmartcardCSP(t *testing.T) { issuer := &aries.Issuer{Curve: curve} _ipk, err := issuer.NewPublicKeyFromBytes(readFile(t, "testdata/idemix/msp/IssuerPublicKey"), []string{"", "", "", ""}) - assert.NoError(t, err) + require.NoError(t, err) conf := &config.IdemixMSPSignerConfig{} err = proto.Unmarshal(readFile(t, "testdata/idemix/user/SignerConfig"), conf) - assert.NoError(t, err) + require.NoError(t, err) /*******************************************************************************/ /*****************instantiate an idemix bccsp and import ipk********************/ /*******************************************************************************/ CSP, err := idemix.NewAries(NewDummyKeyStore(), curve, translator, true) - assert.NoError(t, err) + require.NoError(t, err) IssuerPublicKey, err := CSP.KeyImport(readFile(t, "testdata/idemix/msp/IssuerPublicKey"), &types.IdemixIssuerPublicKeyImportOpts{Temporary: true, AttributeNames: []string{"", "", "", ""}}) - assert.NoError(t, err) + require.NoError(t, err) /*******************************************************************************/ /**************configure the smartcard to work with these creds*****************/ @@ -262,7 +265,7 @@ func TestSmartcardCSP(t *testing.T) { } sig, err := CSP.Sign(handlers.NewUserSecretKey(nil, true), msg, opts) - assert.NoError(t, err) + require.NoError(t, err) /*****verify*****/ @@ -271,7 +274,7 @@ func TestSmartcardCSP(t *testing.T) { IsSmartcard: true, NymEid: nymEid, }) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) /*******************************************************************************/ @@ -281,7 +284,7 @@ func TestSmartcardCSP(t *testing.T) { /*****sign*****/ nymsk, err := handlers.NewNymSecretKey(opts.RNym, opts.NymG1, translator, true) - assert.NoError(t, err) + require.NoError(t, err) signOpts := &types.IdemixSignerOpts{ Credential: conf.Cred, @@ -317,7 +320,7 @@ func TestSmartcardCSP(t *testing.T) { nil, signOpts, ) - assert.NoError(t, err) + require.NoError(t, err) /*****verify*****/ @@ -346,7 +349,7 @@ func TestSmartcardCSP(t *testing.T) { }, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) /*******************************************************************************/ @@ -354,7 +357,7 @@ func TestSmartcardCSP(t *testing.T) { /*****sign*****/ nymsk, err = handlers.NewNymSecretKey(opts.RNym, opts.NymG1, translator, true) - assert.NoError(t, err) + require.NoError(t, err) signOpts = &types.IdemixSignerOpts{ Credential: conf.Cred, @@ -384,7 +387,7 @@ func TestSmartcardCSP(t *testing.T) { nil, signOpts, ) - assert.NoError(t, err) + require.NoError(t, err) /*****verify*****/ @@ -407,7 +410,7 @@ func TestSmartcardCSP(t *testing.T) { }, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) /*******************************************************************************/ @@ -442,7 +445,7 @@ func TestSmartcardCSP(t *testing.T) { } rand, err := sc.Curve.Rand() - assert.NoError(t, err) + require.NoError(t, err) signer := &aries.Signer{ Curve: sc.Curve, @@ -452,10 +455,10 @@ func TestSmartcardCSP(t *testing.T) { /*****sign*****/ sig, _, err = signer.Sign(conf.Cred, nil, opts.NymG1, opts.RNym, ipk, idemixAttrs, nil, rhIndex, eidIndex, nil, types.Smartcard, meta) - assert.NoError(t, err) + require.NoError(t, err) rng, err := curve.Rand() - assert.NoError(t, err) + require.NoError(t, err) /*****verify*****/ @@ -478,7 +481,7 @@ func TestSmartcardCSP(t *testing.T) { Type: types.IdemixHiddenAttribute, }, }, 3, 2, 0, nil, -1, types.ExpectSmartcard, &types.IdemixSignerMetadata{EidNym: nymEid.Bytes()}) - assert.NoError(t, err) + require.NoError(t, err) /*******************************************************************************/ /*******************************************************************************/ diff --git a/go.mod b/go.mod index 1798a9e9..7dd345f3 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/IBM/idemix go 1.26.3 require ( - github.com/IBM/mathlib v0.2.0 + github.com/IBM/mathlib v0.2.1-0.20260708043658-e8f8fcd199a4 github.com/alecthomas/kingpin/v2 v2.4.0 github.com/hyperledger/fabric-protos-go-apiv2 v0.3.7 github.com/onsi/ginkgo/v2 v2.32.0 @@ -25,7 +25,6 @@ require ( github.com/google/go-cmp v0.7.0 // indirect github.com/google/pprof v0.0.0-20260604005048-7023385849c0 // indirect github.com/hyperledger/fabric-amcl v0.0.0-20230602173724-9e02669dceb2 // indirect - github.com/kilic/bls12-381 v0.1.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/xhit/go-str2duration/v2 v2.1.0 // indirect go.uber.org/multierr v1.11.0 // indirect diff --git a/go.sum b/go.sum index c1487978..bb5bd268 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/IBM/mathlib v0.2.0 h1:/6KUsbFm04UV9aBV7oN6+jGMfckxmh9+HcLVartRhMQ= -github.com/IBM/mathlib v0.2.0/go.mod h1:5KCSHHlg4Ec6w5gets9IVIa2H7qe0Cl47v87CCS9BEQ= +github.com/IBM/mathlib v0.2.1-0.20260708043658-e8f8fcd199a4 h1:HRDczSMpaugF7rq8AirQX7dvL9iK7TCyPnI+QkrqCX8= +github.com/IBM/mathlib v0.2.1-0.20260708043658-e8f8fcd199a4/go.mod h1:r5/+9SWcYCm1TSZE9HRXq9/ejjdtS0Ab2MjLYBuF9S4= github.com/Masterminds/semver/v3 v3.5.0 h1:kQceYJfbupGfZOKZQg0kou0DgAKhzDg2NZPAwZ/2OOE= github.com/Masterminds/semver/v3 v3.5.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/alecthomas/kingpin/v2 v2.4.0 h1:f48lwail6p8zpO1bC4TxtqACaGqHYA22qkHjHpqDjYY= @@ -35,8 +35,6 @@ github.com/hyperledger/fabric-protos-go-apiv2 v0.3.7 h1:sQ5qv8vQQfwewa1JlCiSCC8d github.com/hyperledger/fabric-protos-go-apiv2 v0.3.7/go.mod h1:bJnwzfv03oZQeCc863pdGTDgf5nmCy6Za3RAE7d2XsQ= github.com/joshdk/go-junit v1.0.0 h1:S86cUKIdwBHWwA6xCmFlf3RTLfVXYQfvanM5Uh+K6GE= github.com/joshdk/go-junit v1.0.0/go.mod h1:TiiV0PqkaNfFXjEiyjWM3XXrhVyCa1K4Zfga6W52ung= -github.com/kilic/bls12-381 v0.1.0 h1:encrdjqKMEvabVQ7qYOKu1OvhqpK4s47wDYtNiPtlp4= -github.com/kilic/bls12-381 v0.1.0/go.mod h1:vDTTHJONJ6G+P2R74EhnyotQDTliQDnFEwhdmfzw1ig= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -47,12 +45,8 @@ github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE= github.com/mfridman/tparse v0.18.0/go.mod h1:gEvqZTuCgEhPbYk/2lS3Kcxg1GmTxxU7kTC8DvP0i/A= -github.com/onsi/ginkgo/v2 v2.29.0 h1:rfh+ZFjgJhYWRoIqVf3Uwx/W20yLrcrE2h2GmYVRaag= -github.com/onsi/ginkgo/v2 v2.29.0/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44= github.com/onsi/ginkgo/v2 v2.32.0 h1:Hw7s2pVrQo/8Yz5N77qdnpHaoc+c6cC9WIV1Jce+J6E= github.com/onsi/ginkgo/v2 v2.32.0/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44= -github.com/onsi/gomega v1.41.0 h1:OwKp4pXNgVxf6sCplzYo794OFNuoL2q2SBMU5NSWOjA= -github.com/onsi/gomega v1.41.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A= github.com/onsi/gomega v1.42.1 h1:iN1rCUX+44NZ1Dc97MPoeFYbFR0vh8zxoxMFwKdyZ6I= github.com/onsi/gomega v1.42.1/go.mod h1:REff/hsDsodHoKlWsP2mAPhu1+5/6hVYNf9rIEBpeSg= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -87,27 +81,16 @@ go.uber.org/zap v1.28.0 h1:IZzaP1Fv73/T/pBMLk4VutPl36uNC+OSUh3JLG3FIjo= go.uber.org/zap v1.28.0/go.mod h1:rDLpOi171uODNm/mxFcuYWxDsqWSAVkFdX4XojSKg/Q= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= -golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988= -golang.org/x/crypto v0.52.0/go.mod h1:1QgfPxDqh0T2M/elOJtp9RvuR95kVjir0e6/BvEmGbc= golang.org/x/crypto v0.53.0 h1:QZ4Muo8THX6CizN2vPPd5fBGHyogrdK9fG4wLPFUsto= golang.org/x/crypto v0.53.0/go.mod h1:DNLU434OwVakk9PzuwV8w62mAJpRJL3vsgcfp4Qnsio= golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4= golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ= -golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8= -golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww= golang.org/x/net v0.56.0 h1:Rw8j/hFzGvJUZwNBXnAtf5sVDVt+65SK2C7IxCxZt5o= golang.org/x/net v0.56.0/go.mod h1:D3Ku6r+V6JROoZK144D2XfMHFcMq/0zSfLelVTCFKec= -golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= -golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sync v0.21.0 h1:HLII4xRRTtCRkxYp4HNFF0Js/Og6q2i++KXbg0gHCwM= golang.org/x/sync v0.21.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= -golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY= -golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/sys v0.46.0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw= golang.org/x/sys v0.46.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= -golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= -golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= golang.org/x/text v0.38.0 h1:sXmwo9DwP3OK9EZ7PqAdaooSGozfl/3a6/xJcbzPRhE= golang.org/x/text v0.38.0/go.mod h1:YXZt3QhHUKYT53r2lLKFIVi6Ao1jdzrTR/KQ09qyxF4= golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8= diff --git a/msp/audit_aries_test.go b/msp/audit_aries_test.go index 7f31f3d9..43f76797 100644 --- a/msp/audit_aries_test.go +++ b/msp/audit_aries_test.go @@ -12,31 +12,32 @@ import ( bccsp "github.com/IBM/idemix/bccsp/types" im "github.com/IBM/idemix/msp/config" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "google.golang.org/protobuf/proto" ) func TestAuditAries(t *testing.T) { msp, err := NewIdemixMspAries(MSPv1_3) - assert.NoError(t, err) + require.NoError(t, err) // fixtures in testdata/aries/EidRH were generated by running: // idemixgen ca-keygen --aries // idemixgen signerconfig --aries --ca-input=./idemix-config/ --enrollmentId=my-enrollment-id --revocationHandle=my-revocation-handle --org-unit=my-ou conf, err := GetIdemixMspConfigWithType("testdata/aries/EidRH", "EidRH", IDEMIX_ARIES) - assert.NoError(t, err) + require.NoError(t, err) err = msp.Setup(conf) - assert.NoError(t, err) + require.NoError(t, err) id, err := msp.GetDefaultSigningIdentity() - assert.NoError(t, err) + require.NoError(t, err) idemixSigner := id.(*IdemixSigningIdentity) config := &im.IdemixMSPConfig{} err = proto.Unmarshal(conf.Config, config) - assert.NoError(t, err) + require.NoError(t, err) idemixMsp := msp.(*Idemixmsp) csp := idemixMsp.csp @@ -64,7 +65,7 @@ func TestAuditAries(t *testing.T) { CRI: config.Signer.CredentialRevocationInformation, }, ) - assert.NoError(t, err) + require.NoError(t, err) valid, err := csp.Verify( idemixMsp.ipk, @@ -84,7 +85,7 @@ func TestAuditAries(t *testing.T) { VerificationType: bccsp.BestEffort, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) // STEP 2: Sign by also generating a commitment to the EID (and Verify) @@ -111,7 +112,7 @@ func TestAuditAries(t *testing.T) { msg, sOpts, ) - assert.NoError(t, err) + require.NoError(t, err) valid, err = csp.Verify( idemixMsp.ipk, @@ -131,7 +132,7 @@ func TestAuditAries(t *testing.T) { VerificationType: bccsp.ExpectEidNym, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) // STEP 3: audit of the nym eid @@ -145,7 +146,7 @@ func TestAuditAries(t *testing.T) { RNymEid: sOpts.Metadata.EidNymAuditData.Rand, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) // STEP 4: Sign by also generating a commitment to the EID and to the RH (and Verify) @@ -172,7 +173,7 @@ func TestAuditAries(t *testing.T) { msg, sOpts, ) - assert.NoError(t, err) + require.NoError(t, err) valid, err = csp.Verify( idemixMsp.ipk, @@ -192,7 +193,7 @@ func TestAuditAries(t *testing.T) { VerificationType: bccsp.ExpectEidNymRhNym, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) // STEP 5: audit of the nym eid @@ -206,7 +207,7 @@ func TestAuditAries(t *testing.T) { RNymEid: sOpts.Metadata.EidNymAuditData.Rand, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) // STEP 6: audit of the rh @@ -220,6 +221,6 @@ func TestAuditAries(t *testing.T) { RNymRh: sOpts.Metadata.RhNymAuditData.Rand, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) } diff --git a/msp/audit_legacy_test.go b/msp/audit_legacy_test.go index 86a1cb21..15eded92 100644 --- a/msp/audit_legacy_test.go +++ b/msp/audit_legacy_test.go @@ -12,31 +12,32 @@ import ( bccsp "github.com/IBM/idemix/bccsp/types" im "github.com/IBM/idemix/msp/config" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "google.golang.org/protobuf/proto" ) func TestAudit(t *testing.T) { msp, err := NewIdemixMsp(MSPv1_3) - assert.NoError(t, err) + require.NoError(t, err) // fixtures in testdata/idemix/EidRH were generated by running: // idemixgen ca-keygen // idemixgen signerconfig --ca-input=./idemix-config/ --enrollmentId=my-enrollment-id --revocationHandle=my-revocation-handle --org-unit=my-ou conf, err := GetIdemixMspConfigWithType("testdata/idemix/EidRH", "EidRH", IDEMIX) - assert.NoError(t, err) + require.NoError(t, err) err = msp.Setup(conf) - assert.NoError(t, err) + require.NoError(t, err) id, err := msp.GetDefaultSigningIdentity() - assert.NoError(t, err) + require.NoError(t, err) idemixSigner := id.(*IdemixSigningIdentity) config := &im.IdemixMSPConfig{} err = proto.Unmarshal(conf.Config, config) - assert.NoError(t, err) + require.NoError(t, err) idemixMsp := msp.(*Idemixmsp) csp := idemixMsp.csp @@ -64,7 +65,7 @@ func TestAudit(t *testing.T) { CRI: config.Signer.CredentialRevocationInformation, }, ) - assert.NoError(t, err) + require.NoError(t, err) valid, err := csp.Verify( idemixMsp.ipk, @@ -84,7 +85,7 @@ func TestAudit(t *testing.T) { VerificationType: bccsp.BestEffort, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) // STEP 2: Sign by also generating a commitment to the EID (and Verify) @@ -111,7 +112,7 @@ func TestAudit(t *testing.T) { msg, sOpts, ) - assert.NoError(t, err) + require.NoError(t, err) valid, err = csp.Verify( idemixMsp.ipk, @@ -131,7 +132,7 @@ func TestAudit(t *testing.T) { VerificationType: bccsp.ExpectEidNym, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) // STEP 3: audit of the nym eid @@ -145,7 +146,7 @@ func TestAudit(t *testing.T) { RNymEid: sOpts.Metadata.EidNymAuditData.Rand, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) // STEP 4: Sign by also generating a commitment to the EID and to the RH (and Verify) @@ -172,7 +173,7 @@ func TestAudit(t *testing.T) { msg, sOpts, ) - assert.NoError(t, err) + require.NoError(t, err) valid, err = csp.Verify( idemixMsp.ipk, @@ -192,7 +193,7 @@ func TestAudit(t *testing.T) { VerificationType: bccsp.ExpectEidNymRhNym, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) // STEP 5: audit of the nym eid @@ -206,7 +207,7 @@ func TestAudit(t *testing.T) { RNymEid: sOpts.Metadata.EidNymAuditData.Rand, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) // STEP 6: audit of the rh @@ -220,6 +221,6 @@ func TestAudit(t *testing.T) { RNymRh: sOpts.Metadata.RhNymAuditData.Rand, }, ) - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, valid) } diff --git a/msp/config/identities.pb.go b/msp/config/identities.pb.go index 096f91fa..56aeef44 100644 --- a/msp/config/identities.pb.go +++ b/msp/config/identities.pb.go @@ -11,11 +11,12 @@ package config import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" unsafe "unsafe" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" ) const ( diff --git a/msp/config/msp_config.pb.go b/msp/config/msp_config.pb.go index 88788f57..4c33aedc 100644 --- a/msp/config/msp_config.pb.go +++ b/msp/config/msp_config.pb.go @@ -14,11 +14,12 @@ package config import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" unsafe "unsafe" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" ) const ( diff --git a/msp/idemixmsp.go b/msp/idemixmsp.go index 6f810cd7..9a19070a 100644 --- a/msp/idemixmsp.go +++ b/msp/idemixmsp.go @@ -109,9 +109,11 @@ func newDefaultLogger(name string) Logger { zapLogger, err := config.Build() if err != nil { // Fallback to standard log if zap initialization fails - log.Printf("Failed to initialize zap logger: %v, using standard logger", err) + log.Printf("failed to initialize zap logger: %v, using standard logger", err) + return &stdLogger{prefix: name} } + return &defaultLogger{ SugaredLogger: zapLogger.Sugar().Named(name), core: zapLogger.Core(), @@ -152,6 +154,7 @@ func NewIdemixMsp(version MSPVersion) (MSP, error) { msp := Idemixmsp{csp: csp, logger: logger} msp.version = version + return &msp, nil } @@ -169,6 +172,7 @@ func NewIdemixMspAries(version MSPVersion) (MSP, error) { msp := Idemixmsp{csp: csp, logger: logger} msp.version = version + return &msp, nil } @@ -176,7 +180,7 @@ func (msp *Idemixmsp) Setup(conf1 *m.MSPConfig) error { msp.logger.Debugf("Setting up Idemix-based MSP instance") if conf1 == nil { - return fmt.Errorf("setup error: nil conf reference") + return errors.New("setup error: nil conf reference") } var conf im.IdemixMSPConfig @@ -192,7 +196,7 @@ func (msp *Idemixmsp) Setup(conf1 *m.MSPConfig) error { case int32(IDEMIX): case int32(IDEMIX_ARIES): default: - return fmt.Errorf("setup error: config is not of type IDEMIX") + return errors.New("setup error: config is not of type IDEMIX") } // Import Issuer Public Key @@ -223,7 +227,7 @@ func (msp *Idemixmsp) Setup(conf1 *m.MSPConfig) error { case bccsp.IdemixIssuerPublicKeyImporterNumAttributesError: fallthrough case bccsp.IdemixIssuerPublicKeyImporterAttributeNameError: - return fmt.Errorf("issuer public key must have have attributes OU, Role, EnrollmentId, and RevocationHandle") + return errors.New("issuer public key must have attributes OU, Role, EnrollmentId, and RevocationHandle") default: panic(fmt.Sprintf("unexpected condtion, issuer public key import error not valid, got [%d]", importErr.Type)) } @@ -243,6 +247,7 @@ func (msp *Idemixmsp) Setup(conf1 *m.MSPConfig) error { if conf.Signer == nil { // No credential in config, so we don't setup a default signer msp.logger.Debug("idemix msp setup as verification only msp (no key material found)") + return nil } @@ -296,10 +301,10 @@ func (msp *Idemixmsp) Setup(conf1 *m.MSPConfig) error { }, ) if err != nil { - return fmt.Errorf("Credential is not cryptographically valid: %w", err) + return fmt.Errorf("credential is not cryptographically valid: %w", err) } if !valid { - return errors.New("Credential is not cryptographically valid") + return errors.New("credential is not cryptographically valid") } // Create the cryptographic evidence that this identity is valid @@ -322,7 +327,7 @@ func (msp *Idemixmsp) Setup(conf1 *m.MSPConfig) error { }, ) if err != nil { - return fmt.Errorf("Failed to setup cryptographic proof of identity: %w", err) + return fmt.Errorf("failed to setup cryptographic proof of identity: %w", err) } // Set up default signer @@ -353,8 +358,9 @@ func (msp *Idemixmsp) GetDefaultSigningIdentity() (SigningIdentity, error) { msp.logger.Debugf("Obtaining default idemix signing identity") if msp.signer == nil { - return nil, fmt.Errorf("no default signer setup") + return nil, errors.New("no default signer setup") } + return msp.signer, nil } @@ -380,7 +386,7 @@ func (msp *Idemixmsp) DeserializeIdentityInternal(serializedID []byte) (Identity return nil, fmt.Errorf("could not deserialize a SerializedIdemixIdentity: %w", err) } if serialized.NymX == nil || serialized.NymY == nil { - return nil, fmt.Errorf("unable to deserialize idemix identity: pseudonym is invalid") + return nil, errors.New("unable to deserialize idemix identity: pseudonym is invalid") } // Import NymPublicKey @@ -425,8 +431,9 @@ func (msp *Idemixmsp) Validate(id Identity) error { msp.logger.Debugf("Validating identity %+v", identity) if identity.GetMSPIdentifier() != msp.name { - return fmt.Errorf("the supplied identity does not belong to this msp") + return errors.New("the supplied identity does not belong to this msp") } + return identity.verifyProof() } @@ -491,22 +498,26 @@ func (msp *Idemixmsp) satisfiesPrincipalValidated(id Identity, principal *m.MSPP // in the case of member, we simply check // whether this identity is valid for the MSP msp.logger.Debugf("Checking if identity satisfies MEMBER role for %s", msp.name) + return nil case m.MSPRole_ADMIN: msp.logger.Debugf("Checking if identity satisfies ADMIN role for %s", msp.name) if id.(*Idemixidentity).Role.Role != m.MSPRole_ADMIN { - return fmt.Errorf("user is not an admin") + return errors.New("user is not an admin") } + return nil case m.MSPRole_PEER: if msp.version >= MSPv1_3 { - return fmt.Errorf("idemixmsp only supports client use, so it cannot satisfy an MSPRole PEER principal") + return errors.New("idemixmsp only supports client use, so it cannot satisfy an MSPRole PEER principal") } + fallthrough case m.MSPRole_CLIENT: if msp.version >= MSPv1_3 { return nil // any valid idemixmsp member must be a client } + fallthrough default: return fmt.Errorf("invalid MSP role type %d", int32(mspRole.Role)) @@ -524,7 +535,8 @@ func (msp *Idemixmsp) satisfiesPrincipalValidated(id Identity, principal *m.MSPP if rv == 0 { return nil } - return fmt.Errorf("the identities do not match") + + return errors.New("the identities do not match") case m.MSPPrincipal_ORGANIZATION_UNIT: ou := &m.OrganizationUnit{} @@ -542,13 +554,13 @@ func (msp *Idemixmsp) satisfiesPrincipalValidated(id Identity, principal *m.MSPP } if ou.OrganizationalUnitIdentifier != id.(*Idemixidentity).OU.OrganizationalUnitIdentifier { - return fmt.Errorf("user is not part of the desired organizational unit") + return errors.New("user is not part of the desired organizational unit") } return nil case m.MSPPrincipal_COMBINED: if msp.version <= MSPv1_1 { - return fmt.Errorf("Combined MSP Principals are unsupported in MSPv1_1") + return errors.New("combined MSP Principals are unsupported in MSPv1_1") } // Principal is a combination of multiple principals. @@ -573,7 +585,7 @@ func (msp *Idemixmsp) satisfiesPrincipalValidated(id Identity, principal *m.MSPP return nil case m.MSPPrincipal_ANONYMITY: if msp.version <= MSPv1_1 { - return fmt.Errorf("Anonymity MSP Principals are unsupported in MSPv1_1") + return errors.New("anonymity MSP Principals are unsupported in MSPv1_1") } anon := &m.MSPIdentityAnonymity{} @@ -603,6 +615,7 @@ func (id *Idemixmsp) IsWellFormed(identity *m.SerializedIdentity) error { if err != nil { return fmt.Errorf("not an idemix identity: %w", err) } + return nil } @@ -664,6 +677,7 @@ func (id *Idemixidentity) GetIdentifier() *IdentityIdentifier { func (id *Idemixidentity) GetMSPIdentifier() string { mspid, _ := id.msp.GetIdentifier() + return mspid } @@ -671,7 +685,8 @@ func (id *Idemixidentity) GetOrganizationalUnits() []*OUIdentifier { // we use the (serialized) public key of this MSP as the CertifiersIdentifier certifiersIdentifier, err := id.msp.ipk.Bytes() if err != nil { - id.msp.logger.Errorf("Failed to marshal ipk in GetOrganizationalUnits: %s", err) + id.msp.logger.Errorf("failed to marshal ipk in GetOrganizationalUnits: %s", err) + return nil } @@ -696,6 +711,7 @@ func (id *Idemixidentity) Verify(msg []byte, sig []byte) error { IssuerPK: id.msp.ipk, }, ) + return err } @@ -764,6 +780,7 @@ func (id *IdemixSigningIdentity) Sign(msg []byte) ([]byte, error) { if err != nil { return nil, err } + return sig, nil } @@ -795,6 +812,10 @@ func GetIdemixMspConfig(dir string, ID string) (*m.MSPConfig, error) { // GetIdemixMspConfigWithType returns the configuration for the Idemix MSP of the specified type func GetIdemixMspConfigWithType(dir string, ID string, mspType ProviderType) (*m.MSPConfig, error) { + if mspType < 0 { + return nil, fmt.Errorf("msp type %d is not supported", mspType) + } + ipkBytes, err := readFile(filepath.Join(dir, IdemixConfigDirMsp, IdemixConfigFileIssuerPublicKey)) if err != nil { return nil, fmt.Errorf("failed to read issuer public key file: %w", err) @@ -826,5 +847,5 @@ func GetIdemixMspConfigWithType(dir string, ID string, mspType ProviderType) (*m return nil, err } - return &m.MSPConfig{Config: confBytes, Type: int32(mspType)}, nil + return &m.MSPConfig{Config: confBytes, Type: int32(mspType)}, nil //nolint:gosec } diff --git a/msp/idemixmsp_aries_test.go b/msp/idemixmsp_aries_test.go index 4a533235..62b94803 100644 --- a/msp/idemixmsp_aries_test.go +++ b/msp/idemixmsp_aries_test.go @@ -143,7 +143,6 @@ func TestPrincipalIdentityWrongIdentityAries(t *testing.T) { err = id2.SatisfiesPrincipal(principal) require.Error(t, err, "Identity MSP principal for different user should fail") require.Contains(t, err.Error(), "the identities do not match") - } func TestPrincipalIdentityBadIdentityAries(t *testing.T) { @@ -217,7 +216,7 @@ func TestAnonymityPrincipalV11Aries(t *testing.T) { err = id1.SatisfiesPrincipal(principal) require.Error(t, err) - require.Contains(t, err.Error(), "Anonymity MSP Principals are unsupported in MSPv1_1") + require.Contains(t, err.Error(), "anonymity MSP Principals are unsupported in MSPv1_1") } func TestIdemixIsWellFormedAries(t *testing.T) { @@ -285,7 +284,6 @@ func TestPrincipalOUWrongOUAries(t *testing.T) { err = id1.SatisfiesPrincipal(principal) require.Error(t, err, "OU MSP principal should have failed for user of different OU") require.Contains(t, err.Error(), "user is not part of the desired organizational unit") - } func TestPrincipalOUWrongMSPAries(t *testing.T) { @@ -310,7 +308,6 @@ func TestPrincipalOUWrongMSPAries(t *testing.T) { err = id1.SatisfiesPrincipal(principal) require.Error(t, err, "OU MSP principal should have failed for user of different MSP") require.Contains(t, err.Error(), "the identity is a member of a different MSP") - } func TestPrincipalOUBadAries(t *testing.T) { @@ -600,7 +597,7 @@ func TestPrincipalCombinedV11Aries(t *testing.T) { err = id1.SatisfiesPrincipal(principalsCombined) require.Error(t, err) - require.Contains(t, err.Error(), "Combined MSP Principals are unsupported in MSPv1_1") + require.Contains(t, err.Error(), "combined MSP Principals are unsupported in MSPv1_1") } func TestRoleClientV11Aries(t *testing.T) { diff --git a/msp/idemixmsp_test.go b/msp/idemixmsp_test.go index 1ff79cb6..c8170c5a 100644 --- a/msp/idemixmsp_test.go +++ b/msp/idemixmsp_test.go @@ -51,6 +51,7 @@ func setupWithTypeAndVersion(configPath string, ID string, version MSPVersion, m if err != nil { return nil, fmt.Errorf("Setting up MSP failed: %w", err) } + return msp, nil } @@ -134,7 +135,7 @@ func TestSetupBad(t *testing.T) { err = msp1.Setup(conf) require.Error(t, err) - require.Contains(t, err.Error(), "issuer public key must have have attributes OU, Role, EnrollmentId, and RevocationHandle") + require.Contains(t, err.Error(), "issuer public key must have attributes OU, Role, EnrollmentId, and RevocationHandle") // Create MSP config with bad IPK bytes ipkBytes = []byte("barf") @@ -278,7 +279,6 @@ func TestPrincipalIdentityWrongIdentity(t *testing.T) { err = id2.SatisfiesPrincipal(principal) require.Error(t, err, "Identity MSP principal for different user should fail") require.Contains(t, err.Error(), "the identities do not match") - } func TestPrincipalIdentityBadIdentity(t *testing.T) { @@ -352,7 +352,7 @@ func TestAnonymityPrincipalV11(t *testing.T) { err = id1.SatisfiesPrincipal(principal) require.Error(t, err) - require.Contains(t, err.Error(), "Anonymity MSP Principals are unsupported in MSPv1_1") + require.Contains(t, err.Error(), "anonymity MSP Principals are unsupported in MSPv1_1") } func TestIdemixIsWellFormed(t *testing.T) { @@ -420,7 +420,6 @@ func TestPrincipalOUWrongOU(t *testing.T) { err = id1.SatisfiesPrincipal(principal) require.Error(t, err, "OU MSP principal should have failed for user of different OU") require.Contains(t, err.Error(), "user is not part of the desired organizational unit") - } func TestPrincipalOUWrongMSP(t *testing.T) { @@ -445,7 +444,6 @@ func TestPrincipalOUWrongMSP(t *testing.T) { err = id1.SatisfiesPrincipal(principal) require.Error(t, err, "OU MSP principal should have failed for user of different MSP") require.Contains(t, err.Error(), "the identity is a member of a different MSP") - } func TestPrincipalOUBad(t *testing.T) { @@ -735,7 +733,7 @@ func TestPrincipalCombinedV11(t *testing.T) { err = id1.SatisfiesPrincipal(principalsCombined) require.Error(t, err) - require.Contains(t, err.Error(), "Combined MSP Principals are unsupported in MSPv1_1") + require.Contains(t, err.Error(), "combined MSP Principals are unsupported in MSPv1_1") } func TestRoleClientV11(t *testing.T) { diff --git a/msp/roles.go b/msp/roles.go index ccfbd8b7..128af406 100644 --- a/msp/roles.go +++ b/msp/roles.go @@ -36,6 +36,7 @@ func getRoleMaskFromIdemixRoles(roles []Role) int { for _, role := range roles { mask = mask | role.getValue() } + return mask } diff --git a/tools/idemixgen/idemixca/idemixca.go b/tools/idemixgen/idemixca/idemixca.go index 2d3acc32..26e1948b 100644 --- a/tools/idemixgen/idemixca/idemixca.go +++ b/tools/idemixgen/idemixca/idemixca.go @@ -8,7 +8,9 @@ package idemixca import ( "crypto/ecdsa" + "errors" "fmt" + stdmath "math" idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" imsp "github.com/IBM/idemix/msp" @@ -55,11 +57,11 @@ func GenerateSignerConfig( attrs := make([]*math.Zr, 4) if ouString == "" { - return nil, fmt.Errorf("the OU attribute value is empty") + return nil, errors.New("the OU attribute value is empty") } if enrollmentId == "" { - return nil, fmt.Errorf("the enrollment id value is empty") + return nil, errors.New("the enrollment id value is empty") } attrs[imsp.AttributeIndexOU] = idmx.Curve.HashToZr([]byte(ouString)) @@ -70,13 +72,13 @@ func GenerateSignerConfig( ipk := &idemix.IssuerPublicKey{} err := proto.Unmarshal(ipkBytes, ipk) if err != nil { - return nil, fmt.Errorf("Error unmarshalling ipk: %w", err) + return nil, fmt.Errorf("error unmarshalling ipk: %w", err) } key := &idemix.IssuerKey{Isk: iskBytes, Ipk: ipk} rng, err := idmx.Curve.Rand() if err != nil { - return nil, fmt.Errorf("Error getting PRNG: %w", err) + return nil, fmt.Errorf("error getting PRNG: %w", err) } sk := idmx.Curve.NewRandomZr(rng) ni := idmx.Curve.NewRandomZr(rng).Bytes() @@ -104,6 +106,9 @@ func GenerateSignerConfig( return nil, fmt.Errorf("failed to marshal CRI: %w", err) } + if roleMask < stdmath.MinInt32 || roleMask > stdmath.MaxInt32 { + return nil, fmt.Errorf("roleMask out of range for int32: %d", roleMask) + } signer := &im.IdemixMSPSignerConfig{ Cred: credBytes, Sk: sk.Bytes(), diff --git a/tools/idemixgen/idemixca/idemixca_test.go b/tools/idemixgen/idemixca/idemixca_test.go index aae8a0f3..da7db93d 100644 --- a/tools/idemixgen/idemixca/idemixca_test.go +++ b/tools/idemixgen/idemixca/idemixca_test.go @@ -26,7 +26,7 @@ import ( var testDir = filepath.Join(os.TempDir(), "idemixca-test") func TestIdemixCaAries(t *testing.T) { - cleanup() + require.NoError(t, cleanup()) curve := math.Curves[math.BLS12_381_BBS] rng, err := curve.Rand() @@ -58,7 +58,7 @@ func TestIdemixCaAries(t *testing.T) { require.NoError(t, err) pemEncodedRevocationPK := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: encodedRevocationPK}) - writeVerifierToFile(ipkBytes, pemEncodedRevocationPK) + require.NoError(t, writeVerifierToFile(ipkBytes, pemEncodedRevocationPK)) conf, err := GenerateSignerConfigAries(imsp.GetRoleMaskFromIdemixRole(imsp.MEMBER), "OU1", "enrollmentid1", "1", iskBytes, ipkBytes, revocationkey, curve) require.NoError(t, err) @@ -84,7 +84,7 @@ func TestIdemixCaAries(t *testing.T) { } func TestIdemixCa(t *testing.T) { - cleanup() + require.NoError(t, cleanup()) curve := math.Curves[math.FP256BN_AMCL] tr := &amclt.Fp256bn{ @@ -109,7 +109,7 @@ func TestIdemixCa(t *testing.T) { require.NoError(t, err) pemEncodedRevocationPK := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: encodedRevocationPK}) - writeVerifierToFile(ipkBytes, pemEncodedRevocationPK) + require.NoError(t, writeVerifierToFile(ipkBytes, pemEncodedRevocationPK)) conf, err := GenerateSignerConfig(imsp.GetRoleMaskFromIdemixRole(imsp.MEMBER), "OU1", "enrollmentid1", "1", iskBytes, ipkBytes, revocationkey, idmx, tr) require.NoError(t, err) @@ -138,21 +138,22 @@ func cleanup() error { // clean up any previous files err := os.RemoveAll(testDir) if err != nil { - return nil + return err } - return os.Mkdir(testDir, os.ModePerm) + + return os.Mkdir(testDir, 0750) } func cleanupSigner() { - os.RemoveAll(filepath.Join(testDir, imsp.IdemixConfigDirUser)) + _ = os.RemoveAll(filepath.Join(testDir, imsp.IdemixConfigDirUser)) } func cleanupVerifier() { - os.RemoveAll(filepath.Join(testDir, imsp.IdemixConfigDirMsp)) + _ = os.RemoveAll(filepath.Join(testDir, imsp.IdemixConfigDirMsp)) } func writeVerifierToFile(ipkBytes []byte, revpkBytes []byte) error { - err := os.Mkdir(filepath.Join(testDir, imsp.IdemixConfigDirMsp), os.ModePerm) + err := os.Mkdir(filepath.Join(testDir, imsp.IdemixConfigDirMsp), 0750) if err != nil { return err } @@ -165,10 +166,11 @@ func writeVerifierToFile(ipkBytes []byte, revpkBytes []byte) error { } func writeSignerToFile(signerBytes []byte) error { - err := os.Mkdir(filepath.Join(testDir, imsp.IdemixConfigDirUser), os.ModePerm) + err := os.Mkdir(filepath.Join(testDir, imsp.IdemixConfigDirUser), 0750) if err != nil { return err } + return os.WriteFile(filepath.Join(testDir, imsp.IdemixConfigDirUser, imsp.IdemixConfigFileSigner), signerBytes, 0644) } diff --git a/tools/idemixgen/idemixca/iedmixca_aries.go b/tools/idemixgen/idemixca/iedmixca_aries.go index 6aab3642..370c7363 100644 --- a/tools/idemixgen/idemixca/iedmixca_aries.go +++ b/tools/idemixgen/idemixca/iedmixca_aries.go @@ -8,7 +8,9 @@ package idemixca import ( "crypto/ecdsa" + "errors" "fmt" + stdmath "math" "github.com/IBM/idemix/bbs" "github.com/IBM/idemix/bccsp/schemes/aries" @@ -61,16 +63,16 @@ func GenerateSignerConfigAries( curve *math.Curve, ) ([]byte, error) { if ouString == "" { - return nil, fmt.Errorf("the OU attribute value is empty") + return nil, errors.New("the OU attribute value is empty") } if enrollmentId == "" { - return nil, fmt.Errorf("the enrollment id value is empty") + return nil, errors.New("the enrollment id value is empty") } rng, err := curve.Rand() if err != nil { - return nil, fmt.Errorf("Error getting PRNG: %w", err) + return nil, fmt.Errorf("error getting PRNG: %w", err) } blindSigner := &aries.CredRequest{ @@ -145,6 +147,9 @@ func GenerateSignerConfigAries( return nil, fmt.Errorf("revocationAuthority.Sign failed: %w", err) } + if roleMask < stdmath.MinInt32 || roleMask > stdmath.MaxInt32 { + return nil, fmt.Errorf("roleMask out of range for int32: %d", roleMask) + } signer := &im.IdemixMSPSignerConfig{ Cred: cred, Sk: sk.Bytes(), diff --git a/tools/idemixgen/main.go b/tools/idemixgen/main.go index 610d26c9..8049eea0 100644 --- a/tools/idemixgen/main.go +++ b/tools/idemixgen/main.go @@ -121,7 +121,6 @@ func main() { } switch command { - case genIssuerKey.FullCommand(): var isk, ipk []byte var err error @@ -151,8 +150,8 @@ func main() { checkDirectoryNotExists(path, fmt.Sprintf("Directory %s already exists", path)) // write private and public keys to the file - handleError(os.MkdirAll(filepath.Join(*outputDir, IdemixDirIssuer), 0770)) - handleError(os.MkdirAll(filepath.Join(*outputDir, imsp.IdemixConfigDirMsp), 0770)) + handleError(os.MkdirAll(filepath.Join(*outputDir, IdemixDirIssuer), 0750)) + handleError(os.MkdirAll(filepath.Join(*outputDir, imsp.IdemixConfigDirMsp), 0750)) writeFile(filepath.Join(*outputDir, IdemixDirIssuer, IdemixConfigIssuerSecretKey), isk) writeFile(filepath.Join(*outputDir, IdemixDirIssuer, IdemixConfigRevocationKey), pemEncodedRevocationSK) writeFile(filepath.Join(*outputDir, IdemixDirIssuer, imsp.IdemixConfigFileIssuerPublicKey), ipk) @@ -160,7 +159,7 @@ func main() { writeFile(filepath.Join(*outputDir, imsp.IdemixConfigDirMsp, imsp.IdemixConfigFileIssuerPublicKey), ipk) case genSignerConfig.FullCommand(): - roleMask := 0 + var roleMask int if *genCredIsAdmin { roleMask = imsp.GetRoleMaskFromIdemixRole(imsp.ADMIN) } else { @@ -199,19 +198,18 @@ func main() { checkDirectoryNotExists(path, fmt.Sprintf("This MSP config already contains a directory \"%s\"", path)) // Write config to file - handleError(os.MkdirAll(filepath.Join(*outputDir, imsp.IdemixConfigDirUser), 0770)) + handleError(os.MkdirAll(filepath.Join(*outputDir, imsp.IdemixConfigDirUser), 0750)) writeFile(filepath.Join(*outputDir, imsp.IdemixConfigDirUser, imsp.IdemixConfigFileSigner), config) // Write CA public info in case genCAInput != outputDir if *genCAInput != *outputDir { - handleError(os.MkdirAll(filepath.Join(*outputDir, imsp.IdemixConfigDirMsp), 0770)) + handleError(os.MkdirAll(filepath.Join(*outputDir, imsp.IdemixConfigDirMsp), 0750)) writeFile(filepath.Join(*outputDir, imsp.IdemixConfigDirMsp, imsp.IdemixConfigFileRevocationPublicKey), rpk) writeFile(filepath.Join(*outputDir, imsp.IdemixConfigDirMsp, imsp.IdemixConfigFileIssuerPublicKey), ipkBytes) } case version.FullCommand(): printVersion() - } } @@ -249,7 +247,9 @@ func readRevocationKey() *ecdsa.PrivateKey { block, _ := pem.Decode(keyBytes) if block == nil { - handleError(fmt.Errorf("failed to decode ECDSA private key")) + handleError(errors.New("failed to decode ECDSA private key")) + + return nil } key, err := x509.ParseECPrivateKey(block.Bytes) handleError(err) From c44ca8b445a5b56f199b10da03f7637e470d7b03 Mon Sep 17 00:00:00 2001 From: Angelo De Caro Date: Wed, 8 Jul 2026 07:43:14 +0200 Subject: [PATCH 2/3] linter conf Signed-off-by: Angelo De Caro --- .golangci.yml | 164 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 164 insertions(+) create mode 100644 .golangci.yml diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 00000000..088cd6a6 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,164 @@ +version: "2" +linters: + enable: + - asasalint # Check for pass []any as any in variadic func(...any). + - canonicalheader # Canonicalheader checks whether net/http.Header uses canonical header. [auto-fix] + - copyloopvar # A linter detects places where loop variables are copied. [fast, auto-fix] + - depguard # Go linter that checks if package imports are in a list of acceptable packages. [fast] + - dupword # Checks for duplicate words in the source code. [fast, auto-fix] + - durationcheck # Check for two durations multiplied together. + - errorlint # Find code that can cause problems with the error wrapping scheme introduced in Go 1.13. [auto-fix] + - exptostd # Detects functions from golang.org/x/exp/ that can be replaced by std functions. [auto-fix] + - ginkgolinter # Enforces standards of using ginkgo and gomega. [auto-fix] + - goheader # Check if file header matches to pattern. [fast, auto-fix] + - gosec # Inspects source code for security problems. + - govet # Vet examines Go source code and reports suspicious constructs. It is roughly the same as 'go vet' and uses its passes. [auto-fix] + - importas # Enforces consistent import aliases. [auto-fix] + - intrange # Intrange is a linter to find places where for loops could make use of an integer range. [auto-fix] + - loggercheck # Checks key value pairs for common logger libraries (kitlog,klog,logr,slog,zap). + - mirror # Reports wrong mirror patterns of bytes/strings usage. [auto-fix] + - misspell # Finds commonly misspelled English words. [fast, auto-fix] + - nakedret # Checks that functions with naked returns are not longer than a maximum size (can be zero). [fast, auto-fix] + - nilerr # Find the code that returns nil even if it checks that the error is not nil. + - nilnesserr # Reports constructs that checks for err != nil, but returns a different nil value error. + - nlreturn # Checks for a new line before return and branch statements to increase code clarity. [fast, auto-fix] + - nolintlint # Reports ill-formed or insufficient nolint directives. [fast, auto-fix] + - perfsprint # Checks that fmt.Sprintf can be replaced with a faster alternative. [auto-fix] + - reassign # Checks that package variables are not reassigned. + - sloglint # Ensure consistent code style when using log/slog. [auto-fix] + - spancheck # Checks for mistakes with OpenTelemetry/Census spans. + - staticcheck # It's the set of rules from staticcheck. [auto-fix] + - tagalign # Check that struct tags are well aligned. [fast, auto-fix] + - testifylint # Checks usage of github.com/stretchr/testify. [auto-fix] + - thelper # Thelper detects tests helpers which do not start with the t.Helper() method. + - unconvert # Remove unnecessary type conversions. + - usestdlibvars # A linter that detect the possibility to use variables/constants from the Go standard library. [fast, auto-fix] + - usetesting # Reports uses of functions with replacement inside the testing package. [auto-fix] + - wastedassign # Finds wasted assignment statements. + - whitespace # Whitespace is a linter that checks for unnecessary newlines at the start and end of functions, if, for, etc. [fast, auto-fix] + - zerologlint # Detects the wrong usage of `zerolog` that a user forgets to dispatch with `Send` or `Msg`. + settings: + depguard: + rules: + main: + deny: + - pkg: github.com/pkg/errors + desc: github.com/pkg/errors is no longer maintained + errcheck: + # Report about not checking of errors in type assertions: `a := b.(MyStruct)`. + check-type-assertions: false + errorlint: + # Check whether fmt.Errorf uses the %w verb for formatting errors. + errorf: true + # Check for plain type assertions and type switches. + asserts: false + # Check for plain error comparisons. + comparison: true + fatcontext: + check-struct-pointers: true + gocognit: + min-complexity: 15 + gosec: + excludes: + - G204 + - G404 + - G306 + govet: + disable: + - fieldalignment + # Enable all analyzers. + enable-all: false + iface: + enable: + - identical # Identifies interfaces in the same package that have identical method sets. + - unused # Identifies interfaces that are not used anywhere in the same package where the interface is defined. + - opaque # Identifies functions that return interfaces, but the actual returned value is always a single concrete implementation. + ireturn: + # By default, it allows using errors, empty interfaces, anonymous interfaces, + # and interfaces provided by the standard library. + allow: + - error + - empty + - anon + - stdlib + - generic + - (or|er)$ + - T + - github.com/prometheus/client_golang/prometheus.Counter + - github.com/prometheus/client_golang/prometheus.Gauge + - github.com/prometheus/client_golang/prometheus.Histogram + lll: + # Max line length, lines longer will be reported. + line-length: 240 + maintidx: + under: 20 + nolintlint: + require-specific: true + revive: + enable-all-rules: true + rules: + - name: argument-limit + arguments: + - 5 + - name: line-length-limit + arguments: + - 240 + - name: file-header + disabled: true + - name: package-comments + disabled: true + - name: max-public-structs + disabled: true + - name: banned-characters + disabled: true + - name: cognitive-complexity + disabled: true + - name: cyclomatic + disabled: true + - name: function-length + disabled: true + - name: function-result-limit + arguments: + - 3 + - name: add-constant + disabled: true + - name: unhandled-error + arguments: + - fmt.Printf + - fmt.Println + - name: confusing-naming + disabled: true + - name: comment-spacings + arguments: + - 'nolint:' + rowserrcheck: + packages: + - github.com/jackc/pgx/v5 + - github.com/jackc/pgx/v4 + wrapcheck: + # An array of strings specifying additional substrings of signatures to ignore. + extra-ignore-sigs: + - .CustomError( + - .SpecificWrap( + + # An array of strings that specify substrings of signatures to ignore. + ignore-sigs: + - errors.New( + - errors.Newf( + - errors.Unwrap( + - errors.Join( + - .Wrap( + - .Wrapf( + - status.Error( + - .Wait() # The error reported by errorgroup.Wait() (external) actually originates from the internal code. + # An array of strings that specify regular expressions of signatures to ignore. + ignore-sig-regexps: + - \.New.*Error\( + exclusions: + # Mode of the generated files analysis. + generated: lax + # Log a warning if an exclusion rule is unused. + warn-unused: true + # Predefined exclusion rules. + presets: + - common-false-positives From cc900f24a95b80af4e671f2a8958a7a0040ab494 Mon Sep 17 00:00:00 2001 From: Angelo De Caro Date: Wed, 8 Jul 2026 07:47:07 +0200 Subject: [PATCH 3/3] checks fix Signed-off-by: Angelo De Caro --- bccsp/schemes/dlog/crypto/signature.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bccsp/schemes/dlog/crypto/signature.go b/bccsp/schemes/dlog/crypto/signature.go index d8610862..d39866ca 100644 --- a/bccsp/schemes/dlog/crypto/signature.go +++ b/bccsp/schemes/dlog/crypto/signature.go @@ -595,7 +595,7 @@ func finalise( ProofSAttrs := make([][]byte, len(HiddenIndices)) for i, j := range HiddenIndices { ProofSAttrs[i] = - // s_attrsi = rAttrsi + C \cdot cred.Attrs[j] + // s_attrsi = rAttrsi + C \cdot cred.Attrs[j] curve.ModAdd(rAttrs[i], curve.ModMul(ProofC, curve.NewZrFromBytes(cred.Attrs[j]), curve.GroupOrder), curve.GroupOrder).Bytes() }