/**
* Create Idemix Identity from a Serialized Identity
*
* @param proto
*/
public IdemixIdentity(SerializedIdentity proto)
{
if (proto == null)
{
throw new ArgumentException("Input must not be null");
}
mspId = proto.Mspid;
try
{
logger.Trace("Fetching Idemix Proto");
SerializedIdemixIdentity idemixProto = SerializedIdemixIdentity.Parser.ParseFrom(proto.IdBytes);
if (idemixProto == null)
{
throw new ArgumentException("The identity does not contain a serialized idemix identity");
}
logger.Trace("Deserializing Nym and attribute values");
pseudonym = new ECP(BIG.FromBytes(idemixProto.NymX.ToByteArray()), BIG.FromBytes(idemixProto.NymY.ToByteArray()));
OrganizationUnit ou = OrganizationUnit.Parser.ParseFrom(idemixProto.Ou);
MSPRole role = MSPRole.Parser.ParseFrom(idemixProto.Role);
Ou = ou.OrganizationalUnitIdentifier;
RoleMask = role.Role.ToIdemixRole();
ipkHash = ou.CertifiersIdentifier.ToByteArray();
logger.Trace("Deserializing Proof");
associationProof = new IdemixSignature(Signature.Parser.ParseFrom(idemixProto.Proof.ToByteArray()));
}
catch (InvalidProtocolBufferException e)
{
throw new CryptoException("Cannot deserialize MSP ID", e);
}
}
/**
* Construct a new signature from a serialized IdemixSignature
*
* @param proto a protobuf object representing an IdemixSignature
*/
public IdemixSignature(Signature proto)
{
if (proto == null)
{
throw new ArgumentException("Cannot construct idemix signature from null input");
}
aBar = proto.ABar.ToECP();
aPrime = proto.APrime.ToECP();
bPrime = proto.BPrime.ToECP();
nym = proto.Nym.ToECP();
proofC = BIG.FromBytes(proto.ProofC.ToByteArray());
proofSSk = BIG.FromBytes(proto.ProofSSk.ToByteArray());
proofSE = BIG.FromBytes(proto.ProofSE.ToByteArray());
proofSR2 = BIG.FromBytes(proto.ProofSR2.ToByteArray());
proofSR3 = BIG.FromBytes(proto.ProofSR3.ToByteArray());
proofSSPrime = BIG.FromBytes(proto.ProofSSPrime.ToByteArray());
proofSRNym = BIG.FromBytes(proto.ProofSRNym.ToByteArray());
nonce = BIG.FromBytes(proto.Nonce.ToByteArray());
proofSAttrs = new BIG[proto.ProofSAttrs.Count];
for (int i = 0; i < proto.ProofSAttrs.Count; i++)
{
proofSAttrs[i] = BIG.FromBytes(proto.ProofSAttrs[i].ToByteArray());
}
revocationPk = proto.RevocationEpochPk;
revocationPKSig = proto.RevocationPkSig.ToByteArray();
epoch = proto.Epoch;
nonRevocationProof = proto.NonRevocationProof;
}
/**
* Helper function to create IdemixSigningIdentity from a file generated by idemixgen go tool
*
* @param mspId
* @return IdemixSigningIdentity object
* @throws IOException
* @throws InvalidProtocolBufferException
*/
private IdemixSigningIdentity CreateIdemixSigningIdentity(string mspId)
{
IdemixMSPSignerConfig signerConfig;
signerConfig = ReadIdemixMSPConfig(Path.Combine(TEST_PATH, mspId, USER_PATH).Locate(), SIGNER_CONFIG);
Assert.IsNotNull(signerConfig);
IssuerPublicKey ipkProto = ReadIdemixIssuerPublicKey(Path.Combine(TEST_PATH, mspId, VERIFIER_PATH).Locate(), IPK_CONFIG);
IdemixIssuerPublicKey ipkt = new IdemixIssuerPublicKey(ipkProto);
Assert.IsTrue(ipkt.Check());
KeyPair revPk = ReadIdemixRevocationPublicKey(Path.Combine(TEST_PATH, mspId, VERIFIER_PATH).Locate(), REVOCATION_PUBLIC_KEY);
BIG skt = BIG.FromBytes(signerConfig.Sk.ToByteArray());
Credential credProto = Credential.Parser.ParseFrom(signerConfig.Cred);
Assert.IsNotNull(credProto);
IdemixCredential credt = new IdemixCredential(credProto);
CredentialRevocationInformation crit = CredentialRevocationInformation.Parser.ParseFrom(signerConfig.CredentialRevocationInformation);
return(new IdemixSigningIdentity(ipkt, revPk, mspId, skt, credt, crit, signerConfig.OrganizationalUnitIdentifier, (IdemixRoles)signerConfig.Role));
}
/**
* Returns an amcl.BN256.ECP2 on input of an ECP2 protobuf object.
*
* @param w a protobuf object representing an ECP2
* @return a ECP2 created from the protobuf object
*/
public static ECP2 ToECP2(this Protos.Idemix.ECP2 w)
{
byte[] valuexa = w.Xa.ToByteArray();
byte[] valuexb = w.Xb.ToByteArray();
byte[] valueya = w.Ya.ToByteArray();
byte[] valueyb = w.Yb.ToByteArray();
FP2 valuex = new FP2(BIG.FromBytes(valuexa), BIG.FromBytes(valuexb));
FP2 valuey = new FP2(BIG.FromBytes(valueya), BIG.FromBytes(valueyb));
return(new ECP2(valuex, valuey));
}
/**
* Construct a IdemixCredRequest from a serialized credrequest
*
* @param proto a protobuf representation of a credential request
*/
public IdemixCredRequest(CredRequest proto)
{
if (proto == null)
{
throw new ArgumentException("Cannot create idemix credrequest from null input");
}
Nym = proto.Nym.ToECP();
proofC = BIG.FromBytes(proto.ProofC.ToByteArray());
proofS = BIG.FromBytes(proto.ProofS.ToByteArray());
issuerNonce = BIG.FromBytes(proto.IssuerNonce.ToByteArray());
}
/**
* Construct a new signature from a serialized IdemixPseudonymSignature
*
* @param proto a protobuf object representing an IdemixPseudonymSignature
*/
public IdemixPseudonymSignature(NymSignature proto)
{
if (proto == null)
{
throw new ArgumentException("Cannot create idemix nym signature from null input");
}
proofC = BIG.FromBytes(proto.ProofC.ToByteArray());
proofSSk = BIG.FromBytes(proto.ProofSSk.ToByteArray());
proofSRNym = BIG.FromBytes(proto.ProofSRNym.ToByteArray());
nonce = BIG.FromBytes(proto.Nonce.ToByteArray());
}
public IUser GetUser(string id)
{
IdemixMSPSignerConfig signerConfig = ReadIdemixMSPConfig(Path.Combine(mspId, USER_PATH + id));
KeyPair revocationPk = ReadIdemixRevocationPublicKey(mspId);
BIG sk = BIG.FromBytes(signerConfig.Sk.ToByteArray());
IdemixCredential cred = new IdemixCredential(Credential.Parser.ParseFrom(signerConfig.Cred));
CredentialRevocationInformation cri = CredentialRevocationInformation.Parser.ParseFrom(signerConfig.CredentialRevocationInformation);
IdemixEnrollment enrollment = new IdemixEnrollment(ipk, revocationPk, mspId, sk, cred, cri, signerConfig.OrganizationalUnitIdentifier, (IdemixRoles)signerConfig.Role);
return(new IdemixUser(id, mspId, enrollment));
}
/**
* hashModOrder hashes bytes to an amcl.BIG
* in 0, ..., GROUP_ORDER
*
* @param data the data to be hashed
* @return a BIG in 0, ..., GROUP_ORDER-1 that is the hash of the data
*/
public static BIG HashModOrder(this byte[] data)
{
HASH256 hash = new HASH256();
foreach (byte b in data)
{
hash.Process(b);
}
byte[] hasheddata = (byte[])(Array)hash.Hash();
BIG ret = BIG.FromBytes(hasheddata);
ret.Mod(GROUP_ORDER);
return(ret);
}
/**
* Construct an IdemixCredential from a serialized credential
*
* @param proto a protobuf representation of a credential
*/
public IdemixCredential(Credential proto)
{
if (proto == null)
{
throw new ArgumentException("Cannot create idemix credential from null input");
}
A = proto.A.ToECP();
B = proto.B.ToECP();
E = BIG.FromBytes(proto.E.ToByteArray());
S = BIG.FromBytes(proto.S.ToByteArray());
Attrs = new byte[proto.Attrs.Count][];
for (int i = 0; i < proto.Attrs.Count; i++)
{
Attrs[i] = proto.Attrs[i].ToByteArray();
}
}
public void TestSerializingAndDeserializingIdentity()
{
SerializedIdentity proto = signingIdentity.CreateSerializedIdentity();
Assert.IsNotNull(proto);
SerializedIdemixIdentity idemixProto = null;
try
{
idemixProto = SerializedIdemixIdentity.Parser.ParseFrom(proto.IdBytes);
}
catch (InvalidProtocolBufferException e)
{
Assert.Fail("Could not parse Idemix Serialized Identity" + e.Message);
}
if (idemixProto != null)
{
new ECP(BIG.FromBytes(idemixProto.NymX.ToByteArray()), BIG.FromBytes(idemixProto.NymY.ToByteArray()));
idemixProto.Ou.ToByteArray();
idemixProto.Role.ToByteArray();
try
{
new IdemixSignature(Signature.Parser.ParseFrom(idemixProto.Proof.ToByteArray()));
}
catch (InvalidProtocolBufferException e)
{
Assert.Fail("Cannot deserialize proof" + e.Message);
}
}
try
{
new IdemixIdentity(proto);
}
catch (System.Exception e) when(e is CryptoException || e is ArgumentException)
{
Assert.Fail("Cannot create Idemix Identity from Proto" + e.Message);
}
}
/**
* verify cryptographically verifies the credential
*
* @param sk the secret key of the user
* @param ipk the public key of the issuer
* @return true iff valid
*/
public bool Verify(BIG sk, IdemixIssuerPublicKey ipk)
{
if (ipk == null || Attrs.Length != ipk.AttributeNames.Length)
{
return(false);
}
foreach (byte[] attr in Attrs)
{
if (attr == null)
{
return(false);
}
}
ECP bPrime = new ECP();
bPrime.Copy(IdemixUtils.GenG1);
bPrime.Add(ipk.Hsk.Mul2(sk, ipk.HRand, S));
for (int i = 0; i < Attrs.Length / 2; i++)
{
bPrime.Add(ipk.HAttrs[2 * i].Mul2(BIG.FromBytes(Attrs[2 * i]), ipk.HAttrs[2 * i + 1], BIG.FromBytes(Attrs[2 * i + 1])));
}
if (Attrs.Length % 2 != 0)
{
bPrime.Add(ipk.HAttrs[Attrs.Length - 1].Mul(BIG.FromBytes(Attrs[Attrs.Length - 1])));
}
if (!B.Equals(bPrime))
{
return(false);
}
ECP2 a = IdemixUtils.GenG2.Mul(E);
a.Add(ipk.W);
a.Affine();
return(PAIR.FExp(PAIR.Ate(a, A)).Equals(PAIR.FExp(PAIR.Ate(IdemixUtils.GenG2, B))));
}
/**
* Construct an IdemixIssuerPublicKey from a serialized issuer public key
*
* @param proto a protobuf representation of an issuer public key
*/
public IdemixIssuerPublicKey(IssuerPublicKey proto)
{
// check for bad input
if (proto == null)
{
throw new ArgumentException("Cannot create IdemixIssuerPublicKey from null input");
}
if (proto.HAttrs.Count < proto.AttributeNames.Count)
{
throw new ArgumentException("Serialized IPk does not contain enough HAttr values");
}
AttributeNames = new string[proto.AttributeNames.Count];
for (int i = 0; i < proto.AttributeNames.Count; i++)
{
AttributeNames[i] = proto.AttributeNames[i];
}
HAttrs = new ECP[proto.HAttrs.Count];
for (int i = 0; i < proto.HAttrs.Count; i++)
{
HAttrs[i] = proto.HAttrs[i].ToECP();
}
BarG1 = proto.BarG1.ToECP();
BarG2 = proto.BarG2.ToECP();
HRand = proto.HRand.ToECP();
Hsk = proto.HSk.ToECP();
ProofC = BIG.FromBytes(proto.ProofC.ToByteArray());
ProofS = BIG.FromBytes(proto.ProofS.ToByteArray());
W = proto.W.ToECP2();
// Compute Hash of IdemixIssuerPublicKey
byte[] serializedIpk = ToProto().ToByteArray();
Hash = serializedIpk.HashModOrder().ToBytes();
}
/**
* Create a new IdemixSignature by proving knowledge of a credential
*
* @param c the credential used to create an idemix signature
* @param sk the signer's secret key
* @param pseudonym a pseudonym of the signer
* @param ipk the issuer public key
* @param disclosure a bool-array that steers the disclosure of attributes
* @param msg the message to be signed
* @param rhIndex the index of the attribute that represents the revocation handle
* @param cri the credential revocation information that allows the signer to prove non-revocation
*/
public IdemixSignature(IdemixCredential c, BIG sk, IdemixPseudonym pseudonym, IdemixIssuerPublicKey ipk, bool[] disclosure, byte[] msg, int rhIndex, CredentialRevocationInformation cri)
{
if (c == null || sk == null || pseudonym == null || pseudonym.Nym == null || pseudonym.RandNym == null || ipk == null || disclosure == null || msg == null || cri == null)
{
throw new ArgumentException("Cannot construct idemix signature from null input");
}
if (disclosure.Length != c.Attrs.Length)
{
throw new ArgumentException("Disclosure length must be the same as the number of attributes");
}
if (cri.RevocationAlg >= Enum.GetValues(typeof(RevocationAlgorithm)).Length)
{
throw new ArgumentException("CRI specifies unknown revocation algorithm");
}
if (cri.RevocationAlg != (int)RevocationAlgorithm.ALG_NO_REVOCATION && disclosure[rhIndex])
{
throw new ArgumentException("Attribute " + rhIndex + " is disclosed but also used a revocation handle attribute, which should remain hidden");
}
RevocationAlgorithm revocationAlgorithm = (RevocationAlgorithm)cri.RevocationAlg;
int[] hiddenIndices = HiddenIndices(disclosure);
RAND rng = IdemixUtils.GetRand();
// Start signature
BIG r1 = rng.RandModOrder();
BIG r2 = rng.RandModOrder();
BIG r3 = new BIG(r1);
r3.InvModp(IdemixUtils.GROUP_ORDER);
nonce = rng.RandModOrder();
aPrime = PAIR.G1Mul(c.A, r1);
aBar = PAIR.G1Mul(c.B, r1);
aBar.Sub(PAIR.G1Mul(aPrime, c.E));
bPrime = PAIR.G1Mul(c.B, r1);
bPrime.Sub(PAIR.G1Mul(ipk.HRand, r2));
BIG sPrime = new BIG(c.S);
sPrime.Add(BIG.ModNeg(BIG.ModMul(r2, r3, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER));
sPrime.Mod(IdemixUtils.GROUP_ORDER);
//Construct Zero Knowledge Proof
BIG rsk = rng.RandModOrder();
BIG re = rng.RandModOrder();
BIG rR2 = rng.RandModOrder();
BIG rR3 = rng.RandModOrder();
BIG rSPrime = rng.RandModOrder();
BIG rRNym = rng.RandModOrder();
BIG[] rAttrs = new BIG[hiddenIndices.Length];
for (int i = 0; i < hiddenIndices.Length; i++)
{
rAttrs[i] = rng.RandModOrder();
}
// Compute non-revoked proof
INonRevocationProver prover = NonRevocationProver.GetNonRevocationProver(revocationAlgorithm);
int hiddenRHIndex = Array.IndexOf(hiddenIndices, rhIndex);
if (hiddenRHIndex < 0)
{
// rhIndex is not present, set to last index position
hiddenRHIndex = hiddenIndices.Length;
}
byte[] nonRevokedProofHashData = prover.GetFSContribution(BIG.FromBytes(c.Attrs[rhIndex]), rAttrs[hiddenRHIndex], cri);
if (nonRevokedProofHashData == null)
{
throw new Exception("Failed to compute non-revoked proof");
}
ECP t1 = aPrime.Mul2(re, ipk.HRand, rR2);
ECP t2 = PAIR.G1Mul(ipk.HRand, rSPrime);
t2.Add(bPrime.Mul2(rR3, ipk.Hsk, rsk));
for (int i = 0; i < hiddenIndices.Length / 2; i++)
{
t2.Add(ipk.HAttrs[hiddenIndices[2 * i]].Mul2(rAttrs[2 * i], ipk.HAttrs[hiddenIndices[2 * i + 1]], rAttrs[2 * i + 1]));
}
if (hiddenIndices.Length % 2 != 0)
{
t2.Add(PAIR.G1Mul(ipk.HAttrs[hiddenIndices[hiddenIndices.Length - 1]], rAttrs[hiddenIndices.Length - 1]));
}
ECP t3 = ipk.Hsk.Mul2(rsk, ipk.HRand, rRNym);
// create proofData such that it can contain the sign label, 7 elements in G1 (each of size 2*FIELD_BYTES+1),
// the ipk hash, the disclosure array, and the message
byte[] proofData = new byte[0];
proofData = proofData.Append(SIGN_LABEL.ToBytes());
proofData = proofData.Append(t1.ToBytes());
proofData = proofData.Append(t2.ToBytes());
proofData = proofData.Append(t3.ToBytes());
proofData = proofData.Append(aPrime.ToBytes());
proofData = proofData.Append(aBar.ToBytes());
proofData = proofData.Append(bPrime.ToBytes());
proofData = proofData.Append(pseudonym.Nym.ToBytes());
proofData = proofData.Append(ipk.Hash);
proofData = proofData.Append(disclosure);
proofData = proofData.Append(msg);
BIG cvalue = proofData.HashModOrder();
byte[] finalProofData = new byte[0];
finalProofData = finalProofData.Append(cvalue.ToBytes());
finalProofData = finalProofData.Append(nonce.ToBytes());
proofC = finalProofData.HashModOrder();
proofSSk = rsk.ModAdd(BIG.ModMul(proofC, sk, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
proofSE = re.ModSub(BIG.ModMul(proofC, c.E, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
proofSR2 = rR2.ModAdd(BIG.ModMul(proofC, r2, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
proofSR3 = rR3.ModSub(BIG.ModMul(proofC, r3, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
proofSSPrime = rSPrime.ModAdd(BIG.ModMul(proofC, sPrime, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
proofSRNym = rRNym.ModAdd(BIG.ModMul(proofC, pseudonym.RandNym, IdemixUtils.GROUP_ORDER), IdemixUtils.GROUP_ORDER);
nym = new ECP();
nym.Copy(pseudonym.Nym);
proofSAttrs = new BIG[hiddenIndices.Length];
for (int i = 0; i < hiddenIndices.Length; i++)
{
proofSAttrs[i] = new BIG(rAttrs[i]);
proofSAttrs[i].Add(BIG.ModMul(proofC, BIG.FromBytes(c.Attrs[hiddenIndices[i]]), IdemixUtils.GROUP_ORDER));
proofSAttrs[i].Mod(IdemixUtils.GROUP_ORDER);
}
// include non-revocation proof in signature
revocationPk = cri.EpochPk;
revocationPKSig = cri.EpochPkSig.ToByteArray();
epoch = cri.Epoch;
nonRevocationProof = prover.GetNonRevocationProof(proofC);
}
public static void Setup(TestContext context)
{
// Parse crypto material from files
IdemixMSPSignerConfig signerConfig = null;
try
{
signerConfig = ReadIdemixMSPConfig(Path.Combine(TEST_PATH, MSP1OU1, USER_PATH).Locate(), SIGNER_CONFIG);
}
catch (System.Exception e)
{
Assert.Fail("Unexpected exception while reading signerconfig: " + e.Message);
}
Assert.IsNotNull(signerConfig);
try
{
revocationPk = ReadIdemixRevocationPublicKey(Path.Combine(TEST_PATH, MSP1OU1, VERIFIER_PATH).Locate(), REVOCATION_PUBLIC_KEY);
}
catch (System.Exception e)
{
Assert.Fail("Unexpected exception while reading revocation public key: " + e.Message);
}
Assert.IsNotNull(revocationPk);
IssuerPublicKey ipkProto = null;
try
{
ipkProto = ReadIdemixIssuerPublicKey(Path.Combine(TEST_PATH, MSP1OU1, VERIFIER_PATH).Locate(), IPK_CONFIG);
}
catch (IOException e1)
{
Assert.Fail("Unexpected exception while reading revocation public key" + e1.Message);
}
ipk = new IdemixIssuerPublicKey(ipkProto);
Assert.IsTrue(ipk.Check());
sk = BIG.FromBytes(signerConfig.Sk.ToByteArray());
Credential credProto = null;
try
{
credProto = Credential.Parser.ParseFrom(signerConfig.Cred);
}
catch (InvalidProtocolBufferException)
{
Assert.Fail("Could not parse a credential");
}
Assert.IsNotNull(credProto);
cred = new IdemixCredential(credProto);
try
{
cri = CredentialRevocationInformation.Parser.ParseFrom(signerConfig.CredentialRevocationInformation);
}
catch (InvalidProtocolBufferException e)
{
Assert.Fail("failed to extract cri from signer config: " + e.Message);
}
Assert.IsNotNull(cri);
try
{
signingIdentity = new IdemixSigningIdentity(ipk, revocationPk, MSP1OU1, sk, cred, cri, OU1, IdemixRoles.MEMBER);
}
catch (System.Exception e) when(e is CryptoException || e is ArgumentException)
{
Assert.Fail("Could not create Idemix Signing Identity" + e.Message);
}
Assert.IsNotNull(signingIdentity);
nym = signingIdentity.Pseudonym;
nymPublic = nym.Nym;
proof = signingIdentity.Proof;
}
/**
* Create new Idemix Signing Identity with a fresh pseudonym
*
* @param ipk issuer public key
* @param revocationPk the issuer's long term revocation public key
* @param mspId MSP identifier
* @param sk user's secret
* @param cred idemix credential
* @param cri the credential revocation information
* @param ou is OU attribute
* @param role is role attribute
* @throws CryptoException
* @throws InvalidArgumentException
*/
public IdemixSigningIdentity(IdemixIssuerPublicKey ipk, KeyPair revocationPk, string mspId, BIG sk, IdemixCredential cred, CredentialRevocationInformation cri, string ou, IdemixRoles role)
{
// input checks
if (ipk == null)
{
throw new ArgumentException("Issuer Public Key (IPK) must not be null");
}
if (revocationPk == null)
{
throw new ArgumentException("Revocation PK must not be null");
}
if (mspId == null)
{
throw new ArgumentException("MSP ID must not be null");
}
if (string.IsNullOrEmpty(mspId))
{
throw new ArgumentException("MSP ID must not be empty");
}
if (ou == null)
{
throw new ArgumentException("OU must not be null");
}
if (string.IsNullOrEmpty(ou))
{
throw new ArgumentException("OU must not be empty");
}
if (sk == null)
{
throw new ArgumentException("SK must not be null");
}
if (cred == null)
{
throw new ArgumentException("Credential must not be null");
}
if (cri == null)
{
throw new ArgumentException("Credential revocation information must not be null");
}
logger.Trace($"Verifying public key with hash: [{BitConverter.ToString(ipk.Hash).Replace("-", "")}] \nAttributes: [{string.Join(",", ipk.AttributeNames)}]");
if (!ipk.Check())
{
CryptoException e = new CryptoException("Issuer public key is not valid");
logger.Error("", e);
throw e;
}
this.ipk = ipk;
this.sk = sk;
this.cri = cri;
logger.Trace("Verifying the credential");
// cryptographically verify credential
// (check if the issuer's signature is valid)
if (!cred.Verify(sk, ipk))
{
CryptoException e = new CryptoException("Credential is not cryptographically valid");
logger.Error("", e);
throw e;
}
logger.Trace("Checking attributes");
// attribute checks
// 4 attributes are expected:
// - organization unit (disclosed)
// - role: admin or member (disclosed)
// - enrollment id (hidden, for future auditing feature and authorization with CA)
// - revocation handle (hidden, for future revocation support)
if (cred.Attrs.Length != 4)
{
throw new CryptoException($"Error: There are {cred.Attrs.Length} attributes and the expected are 4");
}
byte[] ouBytes = cred.Attrs[0];
byte[] roleBytes = cred.Attrs[1];
byte[] eIdBytes = cred.Attrs[2];
byte[] rHBytes = cred.Attrs[3];
BIG[] attributes = new BIG[4];
attributes[0] = BIG.FromBytes(ouBytes);
attributes[1] = BIG.FromBytes(roleBytes);
attributes[2] = BIG.FromBytes(eIdBytes);
attributes[3] = BIG.FromBytes(rHBytes);
// check that the OU string matches the credential's attribute value
if (!ou.ToBytes().HashModOrder().ToBytes().SequenceEqual(ouBytes))
{
throw new ArgumentException("the OU string does not match the credential");
}
// check that the role matches the credential's attribute value
if (!new BIG((int)role).ToBytes().SequenceEqual(roleBytes))
{
throw new ArgumentException("the role does not match the credential");
}
logger.Trace("Generating fresh pseudonym and proof");
// generate a fresh pseudonym
Pseudonym = new IdemixPseudonym(this.sk, this.ipk);
// generate a fresh proof of possession of a credential
// with respect to a freshly generated pseudonym
Proof = new IdemixSignature(cred, this.sk, Pseudonym, this.ipk, disclosedFlags, msgEmpty, rhIndex, cri);
logger.Trace("Verifying the proof");
// verify the proof
if (!Proof.Verify(disclosedFlags, this.ipk, msgEmpty, attributes, rhIndex, revocationPk, (int)cri.Epoch))
{
throw new CryptoException("Generated proof of identity is not valid");
}
logger.Trace("Generating the Identity Object");
// generate a fresh identity with new pseudonym
idemixIdentity = new IdemixIdentity(mspId, this.ipk, Pseudonym.Nym, ou, role, Proof);
logger.Trace(idemixIdentity.ToString());
}
/**
* Returns an amcl.BN256.ECP on input of an ECP protobuf object.
*
* @param w a protobuf object representing an ECP
* @return a ECP created from the protobuf object
*/
public static ECP ToECP(this Protos.Idemix.ECP w)
{
byte[] valuex = w.X.ToByteArray();
byte[] valuey = w.Y.ToByteArray();
return(new ECP(BIG.FromBytes(valuex), BIG.FromBytes(valuey)));
}
/* convert from byte array to FP12 */
public static FP12 FromBytes(sbyte[] w)
{
BIG a, b;
FP2 c, d;
FP4 e, f, g;
sbyte[] t = new sbyte[BIG.MODBYTES];
for (int i = 0; i < BIG.MODBYTES; i++)
{
t[i] = w[i];
}
a = BIG.FromBytes(t);
for (int i = 0; i < BIG.MODBYTES; i++)
{
t[i] = w[i + BIG.MODBYTES];
}
b = BIG.FromBytes(t);
c = new FP2(a, b);
for (int i = 0; i < BIG.MODBYTES; i++)
{
t[i] = w[i + 2 * BIG.MODBYTES];
}
a = BIG.FromBytes(t);
for (int i = 0; i < BIG.MODBYTES; i++)
{
t[i] = w[i + 3 * BIG.MODBYTES];
}
b = BIG.FromBytes(t);
d = new FP2(a, b);
e = new FP4(c, d);
for (int i = 0; i < BIG.MODBYTES; i++)
{
t[i] = w[i + 4 * BIG.MODBYTES];
}
a = BIG.FromBytes(t);
for (int i = 0; i < BIG.MODBYTES; i++)
{
t[i] = w[i + 5 * BIG.MODBYTES];
}
b = BIG.FromBytes(t);
c = new FP2(a, b);
for (int i = 0; i < BIG.MODBYTES; i++)
{
t[i] = w[i + 6 * BIG.MODBYTES];
}
a = BIG.FromBytes(t);
for (int i = 0; i < BIG.MODBYTES; i++)
{
t[i] = w[i + 7 * BIG.MODBYTES];
}
b = BIG.FromBytes(t);
d = new FP2(a, b);
f = new FP4(c, d);
for (int i = 0; i < BIG.MODBYTES; i++)
{
t[i] = w[i + 8 * BIG.MODBYTES];
}
a = BIG.FromBytes(t);
for (int i = 0; i < BIG.MODBYTES; i++)
{
t[i] = w[i + 9 * BIG.MODBYTES];
}
b = BIG.FromBytes(t);
c = new FP2(a, b);
for (int i = 0; i < BIG.MODBYTES; i++)
{
t[i] = w[i + 10 * BIG.MODBYTES];
}
a = BIG.FromBytes(t);
for (int i = 0; i < BIG.MODBYTES; i++)
{
t[i] = w[i + 11 * BIG.MODBYTES];
}
b = BIG.FromBytes(t);
d = new FP2(a, b);
g = new FP4(c, d);
return(new FP12(e, f, g));
}
