/** * Serialize Idemix Identity */ public SerializedIdentity CreateSerializedIdentity() { OrganizationUnit ou = new OrganizationUnit(); ou.CertifiersIdentifier = ByteString.CopyFrom(ipkHash); ou.MspIdentifier = mspId; ou.OrganizationalUnitIdentifier = Ou; //Warning, this does not support multi-roleMask. //Serialize the bitmask is the correct way to support multi-roleMask in the future MSPRole role = new MSPRole(); role.Role = RoleMask.ToMSPRoleTypes().First(); role.MspIdentifier = mspId; SerializedIdemixIdentity serializedIdemixIdentity = new SerializedIdemixIdentity(); serializedIdemixIdentity.Proof = ByteString.CopyFrom(associationProof.ToProto().ToByteArray()); serializedIdemixIdentity.Ou = ByteString.CopyFrom(ou.ToByteArray()); serializedIdemixIdentity.Role = ByteString.CopyFrom(role.ToByteArray()); serializedIdemixIdentity.NymY = ByteString.CopyFrom(pseudonym.Y.ToBytes()); serializedIdemixIdentity.NymX = ByteString.CopyFrom(pseudonym.X.ToBytes()); SerializedIdentity serializedIdentity = new SerializedIdentity(); serializedIdentity.IdBytes = ByteString.CopyFrom(serializedIdemixIdentity.ToByteArray()); serializedIdentity.Mspid = mspId; return(serializedIdentity); }
private void Test() { RAND rng = IdemixUtils.GetRand(); // WeakBB test // Random message to sign BIG wbbMessage = rng.RandModOrder(); // Sign the message with keypair secret key ECP wbbSignature = WeakBB.WeakBBSign(setup.wbbKeyPair.Sk, wbbMessage); // Check the signature with valid PK and valid message Assert.IsTrue(WeakBB.weakBBVerify(setup.wbbKeyPair.Pk, wbbSignature, wbbMessage)); // Try to check a random message Assert.IsFalse(WeakBB.weakBBVerify(setup.wbbKeyPair.Pk, wbbSignature, rng.RandModOrder())); // user completes the idemixCredential and checks validity Assert.IsTrue(setup.idemixCredential.Verify(setup.sk, setup.key.Ipk)); // Test serialization of IdemixidemixCredential Assert.IsTrue(new IdemixCredential(setup.idemixCredential.ToProto()).Verify(setup.sk, setup.key.Ipk)); // Create CRI that contains no revocation mechanism int epoch = 0; BIG[] rhIndex = { new BIG(0) }; CredentialRevocationInformation cri = RevocationAuthority.CreateCRI(setup.revocationKeyPair, rhIndex, epoch, RevocationAlgorithm.ALG_NO_REVOCATION); // Create a new unlinkable pseudonym IdemixPseudonym pseudonym = new IdemixPseudonym(setup.sk, setup.key.Ipk); //tcert // Test signing no disclosure bool[] disclosure = { false, false, false, false, false }; byte[] msg = { 1, 2, 3, 4, 5 }; IdemixSignature signature = new IdemixSignature(setup.idemixCredential, setup.sk, pseudonym, setup.key.Ipk, disclosure, msg, 0, cri); Assert.IsNotNull(signature); // Test bad disclosure: Disclosure > number of attributes || Disclosure < number of attributes bool[] badDisclosure = { false, true }; bool[] badDisclosure2 = { true, true, true, true, true, true, true }; try { new IdemixSignature(setup.idemixCredential, setup.sk, pseudonym, setup.key.Ipk, badDisclosure, msg, 0, cri); new IdemixSignature(setup.idemixCredential, setup.sk, pseudonym, setup.key.Ipk, badDisclosure2, msg, 0, cri); Assert.Fail("Expected an ArgumentException"); } catch (ArgumentException) { //ignored /* Do nothing, the expected behaviour is to catch this exception.*/ } // check that the signature is valid Assert.IsTrue(signature.Verify(disclosure, setup.key.Ipk, msg, setup.attrs, 0, setup.revocationKeyPair, epoch)); // Test serialization of IdemixSignature Assert.IsTrue(new IdemixSignature(signature.ToProto()).Verify(disclosure, setup.key.Ipk, msg, setup.attrs, 0, setup.revocationKeyPair, epoch)); // Test signing selective disclosure bool[] disclosure2 = { false, true, true, true, false }; signature = new IdemixSignature(setup.idemixCredential, setup.sk, pseudonym, setup.key.Ipk, disclosure2, msg, 0, cri); Assert.IsNotNull(signature); // check that the signature is valid Assert.IsTrue(signature.Verify(disclosure2, setup.key.Ipk, msg, setup.attrs, 0, setup.revocationKeyPair, epoch)); // Test signature verification with different disclosure Assert.IsFalse(signature.Verify(disclosure, setup.key.Ipk, msg, setup.attrs, 0, setup.revocationKeyPair, epoch)); // test signature verification with different issuer public key Assert.IsFalse(signature.Verify(disclosure2, new IdemixIssuerKey(new [] { "Attr1, Attr2, Attr3, Attr4, Attr5" }).Ipk, msg, setup.attrs, 0, setup.revocationKeyPair, epoch)); // test signature verification with different message byte[] msg2 = { 1, 1, 1 }; Assert.IsFalse(signature.Verify(disclosure2, setup.key.Ipk, msg2, setup.attrs, 0, setup.revocationKeyPair, epoch)); // Sign a message with respect to a pseudonym IdemixPseudonymSignature nymsig = new IdemixPseudonymSignature(setup.sk, pseudonym, setup.key.Ipk, msg); // check that the pseudonym signature is valid Assert.IsTrue(nymsig.Verify(pseudonym.Nym, setup.key.Ipk, msg)); // Test serialization of IdemixPseudonymSignature Assert.IsTrue(new IdemixPseudonymSignature(nymsig.ToProto()).Verify(pseudonym.Nym, setup.key.Ipk, msg)); }