fix: build privSignKey from actually disclosed optional attributes#68
Open
rubenhensen wants to merge 12 commits intomainfrom
Open
fix: build privSignKey from actually disclosed optional attributes#68rubenhensen wants to merge 12 commits intomainfrom
rubenhensen wants to merge 12 commits intomainfrom
Conversation
Email is now required; mobile phone, full name, and date of birth are optional. Attributes are no longer taken from the frontend request.
The priv_sign_id path is not used in the current flow, so the defensive empty-check and return type changes were unnecessary.
….com:encryption4all/postguard into postguard-website/fix/design-feedback-issues
Replace single multi-platform job (QEMU, ~93 min) with parallel native runner jobs that merge into a multi-arch manifest. Separate GHA cache scopes per architecture prevent cross-contamination.
In the decryption flow the PKG was ignoring kr.con entirely and presenting a hardcoded optional disclosure (email + phone/name/DOB), so recipients were never asked to disclose the attributes they were actually encrypted with. Distinguish two modes in start.rs: - Decryption flow (kr.con contains non-email attributes): build a mandatory disclosure from all attributes in kr.con so the Yivi session requires the exact combination used during encryption. - Signing flow (email-only): keep the original optional extras behaviour so senders can choose which additional attributes to include in their signing identity. Also add a debug log in key.rs that prints the timestamp and all attributes used when deriving a USK, to aid future diagnostics.
Change the filter to compare attribute types only (previously compared
Attribute{atype, value=None} against deserialized Attribute{atype,
value=Some("")}, which always returned empty). Also return privSignKey=None
when no optional attributes were disclosed rather than an empty-policy key.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
signing_keyhandler to filter disclosed attributes by type only (previously comparedAttribute{value=None}againstAttribute{value=Some("")}, which always produced an emptypriv_conand was therefore never building a private signing key with optional attributes)privSignKey=Nonewhen no optional attributes were disclosed, rather than returning a key with an empty policyContext
The PKG's
/v2/request/startalready requests optional attributes (phone, name, date of birth) as optional disjunctions in every signing session. The user can choose to disclose them in the Yivi app. When the client calls/v2/irma/sign/key, it now passesprivSignIdwith all optional attribute types. The PKG filterscon(all disclosed attributes from the Yivi proof) againstprivSignIdto build the private signing key.The bug was that the filter used
priv_sign_id.contains(&Attribute::new(&a.atype, None)), butpriv_sign_identries were deserialized withvalue=Some("")(from JSONv: ""), sovalue=None != value=Some("")and the filter always returned empty.Closes encryption4all/postguard-website#28