public void HandleResponse(RegistrationResponse registrationResponse, RegistrationValidationData registrationValidationData)
        {
            Guard.NotNull(nameof(registrationResponse), registrationResponse);
            Guard.NotNull(nameof(registrationValidationData), registrationValidationData);

            var issuedCredentialCount    = registrationResponse.IssuedCredentials.Count();
            var requestedCredentialCount = registrationValidationData.Requested.Count();

            if (issuedCredentialCount != NumberOfCredentials)
            {
                throw new WabiSabiException(
                          WabiSabiErrorCode.IssuedCredentialNumberMismatch,
                          $"{issuedCredentialCount} issued but {requestedCredentialCount} were requested.");
            }

            var credentials = Enumerable
                              .Zip(registrationValidationData.Requested, registrationResponse.IssuedCredentials)
                              .Select(x => (Requested: x.First, Issued: x.Second))
                              .ToArray();

            var statements = credentials
                             .Select(x => ProofSystem.IssuerParametersStmt(CoordinatorParameters, x.Issued, x.Requested.Ma));

            var areCorrectlyIssued = ProofSystem.Verify(registrationValidationData.Transcript, statements, registrationResponse.Proofs);

            if (!areCorrectlyIssued)
            {
                throw new WabiSabiException(WabiSabiErrorCode.ClientReceivedInvalidProofs);
            }

            var credentialReceived = credentials.Select(x =>
                                                        new Credential(new Scalar((ulong)x.Requested.Amount.Satoshi), x.Requested.Randomness, x.Issued));

            Credentials.UpdateCredentials(credentialReceived, registrationValidationData.Presented);
        }
예제 #2
0
        public RegistrationResponse HandleRequest(RegistrationRequest registrationRequest)
        {
            Guard.NotNull(nameof(registrationRequest), registrationRequest);

            var requested = registrationRequest.Requested ?? Enumerable.Empty <IssuanceRequest>();
            var presented = registrationRequest.Presented ?? Enumerable.Empty <CredentialPresentation>();

            var requestedCount = requested.Count();

            if (requestedCount != NumberOfCredentials)
            {
                throw new WabiSabiException(
                          WabiSabiErrorCode.InvalidNumberOfRequestedCredentials,
                          $"{NumberOfCredentials} credential requests were expected but {requestedCount} were received.");
            }

            var presentedCount = presented.Count();
            var requiredNumberOfPresentations = registrationRequest.IsNullRequest ? 0 : NumberOfCredentials;

            if (presentedCount != requiredNumberOfPresentations)
            {
                throw new WabiSabiException(
                          WabiSabiErrorCode.InvalidNumberOfPresentedCredentials,
                          $"{requiredNumberOfPresentations} credential presentations were expected but {presentedCount} were received.");
            }

            // Don't allow balance to go negative. In case this goes below zero
            // then there is a problem somewhere because this should not be possible.
            if (Balance + registrationRequest.DeltaAmount < Money.Zero)
            {
                throw new WabiSabiException(WabiSabiErrorCode.NegativeBalance);
            }

            // Check that the range proofs are of the appropriate bitwidth
            var rangeProofWidth = registrationRequest.IsNullRequest ? 0 : Constants.RangeProofWidth;
            var allRangeProofsAreCorrectSize = requested.All(x => x.BitCommitments.Count() == rangeProofWidth);

            if (!allRangeProofsAreCorrectSize)
            {
                throw new WabiSabiException(WabiSabiErrorCode.InvalidBitCommitment);
            }

            // Check all the serial numbers are unique. Note that this is checked separately from
            // ensuring that they haven't been used before, because even presenting a previously
            // unused credential more than once in the same request is still a double spend.
            if (registrationRequest.AreThereDuplicatedSerialNumbers)
            {
                throw new WabiSabiException(WabiSabiErrorCode.SerialNumberDuplicated);
            }

            var statements = new List <Statement>();

            foreach (var presentation in presented)
            {
                // Calculate Z using coordinator secret.
                var Z = presentation.ComputeZ(CoordinatorSecretKey);

                // Add the credential presentation to the statements to be verified.
                statements.Add(ProofSystem.ShowCredentialStmt(presentation, Z, CoordinatorParameters));

                // Check if the serial numbers have been used before. Note that
                // the serial numbers have not yet been verified at this point, but a
                // request with an invalid proof and a used serial number should also be
                // rejected.
                if (SerialNumbers.Contains(presentation.S))
                {
                    throw new WabiSabiException(WabiSabiErrorCode.SerialNumberAlreadyUsed, $"Serial number reused {presentation.S}");
                }
            }

            foreach (var credentialRequest in requested)
            {
                statements.Add(registrationRequest.IsNullRequest
                                        ? ProofSystem.ZeroProofStmt(credentialRequest.Ma)
                                        : ProofSystem.RangeProofStmt(credentialRequest.Ma, credentialRequest.BitCommitments));
            }

            // Balance proof
            if (!registrationRequest.IsNullRequest)
            {
                var sumCa = presented.Select(x => x.Ca).Sum();
                var sumMa = requested.Select(x => x.Ma).Sum();

                // A positive Delta_a means the requested credential amounts are larger
                // than the presented ones (i.e. input registration, and a negative
                // balance correspond to output registration). The equation requires a
                // commitment to 0, so the sum of the presented attributes and the
                // negated requested attributes are tweaked by delta_a.
                var absAmountDelta = new Scalar(registrationRequest.DeltaAmount.Abs());
                var deltaA         = registrationRequest.DeltaAmount < Money.Zero ? absAmountDelta.Negate() : absAmountDelta;
                var balanceTweak   = deltaA * Generators.Gg;
                statements.Add(ProofSystem.BalanceProofStmt(balanceTweak + sumCa - sumMa));
            }

            var transcript = BuildTransnscript(registrationRequest.IsNullRequest);

            // Verify all statements.
            var areProofsValid = ProofSystem.Verify(transcript, statements, registrationRequest.Proofs);

            if (!areProofsValid)
            {
                throw new WabiSabiException(WabiSabiErrorCode.CoordinatorReceivedInvalidProofs);
            }

            // Issue credentials.
            var credentials = requested.Select(x => IssueCredential(x.Ma, RandomNumberGenerator.GetScalar())).ToArray();

            // Construct response.
            var proofs   = ProofSystem.Prove(transcript, credentials.Select(x => x.Knowledge), RandomNumberGenerator);
            var macs     = credentials.Select(x => x.Mac);
            var response = new RegistrationResponse(macs, proofs);

            // Register the serial numbers to prevent credential reuse.
            foreach (var presentation in presented)
            {
                SerialNumbers.Add(presentation.S);
            }
            Balance += registrationRequest.DeltaAmount;

            return(response);
        }