CL Anoncreds Crypto API (#3275)

* extended Crypto API with SignWithSecrets and Blind methods * refactored CL primitives * implemented new methods for tinkcrypto * formatted all ursa code * added ursautil for common ursa methods * added stubs for CL for remotecrypto and non-ursa tinkcrypto build * added unit tests Signed-off-by: konstantin.goncharov <konstantin.goncharov@avast.com> Signed-off-by: konstantin.goncharov <konstantin.goncharov@avast.com>
hyperledger-archives · Aug 11, 2022 · 45c3566 · 45c3566
1 parent 9957132
commit 45c3566
Show file tree

Hide file tree

Showing 47 changed files with 1,675 additions and 1,423 deletions.
diff --git a/cmd/aries-agent-mobile/go.sum b/cmd/aries-agent-mobile/go.sum
@@ -189,8 +189,8 @@ github.com/hyperledger/aries-framework-go/component/storage/edv v0.0.0-202206061
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220322085443-50e8f9bd208b/go.mod h1:HojN6OAh8ZtXBe5X2arcSOe1SLo5Dsjqto8ICjSLQ2g=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1 h1:vxZ0DlFNLjgxMdBESLZu895AsI1JWL2SJerphwIn8Po=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
-github.com/hyperledger/ursa-wrapper-go v0.3.0 h1:ZYgPkPqy0AWEoU2Dhiziz91QacNdIX3j21UIOIVCXA8=
-github.com/hyperledger/ursa-wrapper-go v0.3.0/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
+github.com/hyperledger/ursa-wrapper-go v0.3.1 h1:Do+QrVNniY77YK2jTIcyWqj9rm/Yb5SScN0bqCjiibA=
+github.com/hyperledger/ursa-wrapper-go v0.3.1/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=

diff --git a/cmd/aries-agent-rest/go.sum b/cmd/aries-agent-rest/go.sum
@@ -355,8 +355,8 @@ github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220330140627-0
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220509181817-261c3746d03e h1:Jw8qXxl32lfdkxqUOjwLEhsQC2+lT/YtcM7MuOd9+7k=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220509181817-261c3746d03e/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
-github.com/hyperledger/ursa-wrapper-go v0.3.0 h1:ZYgPkPqy0AWEoU2Dhiziz91QacNdIX3j21UIOIVCXA8=
-github.com/hyperledger/ursa-wrapper-go v0.3.0/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
+github.com/hyperledger/ursa-wrapper-go v0.3.1 h1:Do+QrVNniY77YK2jTIcyWqj9rm/Yb5SScN0bqCjiibA=
+github.com/hyperledger/ursa-wrapper-go v0.3.1/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=

diff --git a/cmd/aries-js-worker/go.sum b/cmd/aries-js-worker/go.sum
@@ -187,8 +187,8 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220322085443-50e8f9bd208b/go.mod h1:HojN6OAh8ZtXBe5X2arcSOe1SLo5Dsjqto8ICjSLQ2g=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1 h1:vxZ0DlFNLjgxMdBESLZu895AsI1JWL2SJerphwIn8Po=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
-github.com/hyperledger/ursa-wrapper-go v0.3.0 h1:ZYgPkPqy0AWEoU2Dhiziz91QacNdIX3j21UIOIVCXA8=
-github.com/hyperledger/ursa-wrapper-go v0.3.0/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
+github.com/hyperledger/ursa-wrapper-go v0.3.1 h1:Do+QrVNniY77YK2jTIcyWqj9rm/Yb5SScN0bqCjiibA=
+github.com/hyperledger/ursa-wrapper-go v0.3.1/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=

diff --git a/go.mod b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/hyperledger/aries-framework-go/component/storage/edv v0.0.0-20220606124520-53422361c38c
 	github.com/hyperledger/aries-framework-go/component/storageutil v0.0.0-20220322085443-50e8f9bd208b
 	github.com/hyperledger/aries-framework-go/spi v0.0.0-20220606124520-53422361c38c
-	github.com/hyperledger/ursa-wrapper-go v0.3.0
+	github.com/hyperledger/ursa-wrapper-go v0.3.1
 	github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a
 	github.com/kawamuray/jsonpath v0.0.0-20201211160320-7483bafabd7e
 	github.com/kilic/bls12-381 v0.1.1-0.20210503002446-7b7597926c69
@@ -64,6 +64,4 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-// replace github.com/hyperledger/ursa-wrapper-go => github.com/ashcherbakov/ursa-wrapper-go v0.3.1
-
 go 1.17
diff --git a/go.sum b/go.sum
@@ -234,8 +234,8 @@ github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210820153043-8
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220217153004-1622c70e5767/go.mod h1:HojN6OAh8ZtXBe5X2arcSOe1SLo5Dsjqto8ICjSLQ2g=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1 h1:vxZ0DlFNLjgxMdBESLZu895AsI1JWL2SJerphwIn8Po=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
-github.com/hyperledger/ursa-wrapper-go v0.3.0 h1:ZYgPkPqy0AWEoU2Dhiziz91QacNdIX3j21UIOIVCXA8=
-github.com/hyperledger/ursa-wrapper-go v0.3.0/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
+github.com/hyperledger/ursa-wrapper-go v0.3.1 h1:Do+QrVNniY77YK2jTIcyWqj9rm/Yb5SScN0bqCjiibA=
+github.com/hyperledger/ursa-wrapper-go v0.3.1/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=

diff --git a/pkg/crypto/api.go b/pkg/crypto/api.go
@@ -84,6 +84,24 @@ type Crypto interface {
 	// 		signature proof in []byte
 	//		error in case of errors
 	DeriveProof(messages [][]byte, bbsSignature, nonce []byte, revealedIndexes []int, kh interface{}) ([]byte, error)
+	// Blind will blind provided values and add blinded data realted to the key in kh
+	// returns:
+	// 		blinded values in []byte
+	//		error in case of errors
+	Blind(kh interface{}, values ...map[string]interface{}) ([][]byte, error)
+	// GetCorrectnessProof will return correctness proof for a public key handle
+	// returns:
+	// 		correctness proof in []byte
+	//		error in case of errors
+	GetCorrectnessProof(kh interface{}) ([]byte, error)
+	// SignWithSecrets will generate a signature and related correctness proof
+	// for the provided values using secrets and related DID
+	// returns:
+	// 		signature in []byte
+	// 		correctness proof in []byte
+	//		error in case of errors
+	SignWithSecrets(kh interface{}, values map[string]interface{},
+		secrets []byte, correctnessProof []byte, nonces [][]byte, did string) ([]byte, []byte, error)
 }
 
 // DefKeySize is the default key size for crypto primitives.

diff --git a/pkg/crypto/tinkcrypto/cl_crypto.go b/pkg/crypto/tinkcrypto/cl_crypto.go
@@ -0,0 +1,112 @@
+//go:build ursa
+// +build ursa
+
+/*
+Copyright Avast Software. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package tinkcrypto
+
+import (
+	"fmt"
+
+	"github.com/google/tink/go/keyset"
+
+	bld "github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/cl/blinder"
+	sgn "github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/cl/signer"
+)
+
+// Blind will blind provided values with MasterSecret provided in a kh
+// returns:
+// 		blinded values in []byte
+//		error in case of errors
+func (t *Crypto) Blind(kh interface{}, values ...map[string]interface{}) ([][]byte, error) {
+	keyHandle, ok := kh.(*keyset.Handle)
+	if !ok {
+		return nil, errBadKeyHandleFormat
+	}
+
+	blinder, err := bld.NewBlinder(keyHandle)
+	if err != nil {
+		return nil, fmt.Errorf("create new CL blinder: %w", err)
+	}
+
+	defer blinder.Free() // nolint: errcheck
+
+	if len(values) == 0 {
+		blinded, err := blinder.Blind(map[string]interface{}{})
+		if err != nil {
+			return nil, err
+		}
+
+		return [][]byte{blinded}, nil
+	}
+
+	blindedList := make([][]byte, len(values))
+
+	for i, val := range values {
+		blinded, err := blinder.Blind(val)
+		if err != nil {
+			return nil, err
+		}
+
+		blindedList[i] = blinded
+	}
+
+	return blindedList, nil
+}
+
+// GetCorrectnessProof will return correctness proof for a public key handle
+// returns:
+// 		correctness proof in []byte
+//		error in case of errors
+func (t *Crypto) GetCorrectnessProof(kh interface{}) ([]byte, error) {
+	keyHandle, ok := kh.(*keyset.Handle)
+	if !ok {
+		return nil, errBadKeyHandleFormat
+	}
+
+	signer, err := sgn.NewSigner(keyHandle)
+	if err != nil {
+		return nil, fmt.Errorf("create new CL signer: %w", err)
+	}
+
+	defer signer.Free() // nolint: errcheck
+
+	correctnessProof, err := signer.GetCorrectnessProof()
+	if err != nil {
+		return nil, err
+	}
+
+	return correctnessProof, nil
+}
+
+// SignWithSecrets will generate a signature and related correctness proof
+// for the provided values using secrets and related DID
+// returns:
+// 		signature in []byte
+// 		correctness proof in []byte
+//		error in case of errors
+func (t *Crypto) SignWithSecrets(kh interface{}, values map[string]interface{},
+	secrets []byte, correctnessProof []byte, nonces [][]byte, did string) ([]byte, []byte, error) {
+	keyHandle, ok := kh.(*keyset.Handle)
+	if !ok {
+		return nil, nil, errBadKeyHandleFormat
+	}
+
+	signer, err := sgn.NewSigner(keyHandle)
+	if err != nil {
+		return nil, nil, fmt.Errorf("create new CL signer: %w", err)
+	}
+
+	defer signer.Free() // nolint: errcheck
+
+	signature, signatureCorrectnessProof, err := signer.Sign(values, secrets, correctnessProof, nonces, did)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return signature, signatureCorrectnessProof, nil
+}
diff --git a/pkg/crypto/tinkcrypto/cl_crypto_stub.go b/pkg/crypto/tinkcrypto/cl_crypto_stub.go
@@ -0,0 +1,44 @@
+//go:build !ursa
+// +build !ursa
+
+/*
+Copyright Avast Software. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package tinkcrypto
+
+import (
+	"errors"
+)
+
+// Blind will blind provided values with MasterSecret provided in a kh
+// returns:
+// 		blinded values in []byte
+//		error in case of errors
+// STUB.
+func (t *Crypto) Blind(kh interface{}, values ...map[string]interface{}) ([][]byte, error) {
+	return nil, errors.New("not implemented")
+}
+
+// GetCorrectnessProof will return correctness proof for a public key handle
+// returns:
+// 		correctness proof in []byte
+//		error in case of errors
+// STUB.
+func (t *Crypto) GetCorrectnessProof(kh interface{}) ([]byte, error) {
+	return nil, errors.New("not implemented")
+}
+
+// SignWithSecrets will generate a signature and related correctness proof
+// for the provided values using secrets and related DID
+// returns:
+// 		signature in []byte
+// 		correctness proof in []byte
+//		error in case of errors
+// STUB.
+func (t *Crypto) SignWithSecrets(kh interface{}, values map[string]interface{},
+	secrets []byte, correctnessProof []byte, nonces [][]byte, did string) ([]byte, []byte, error) {
+	return nil, nil, errors.New("not implemented")
+}
diff --git a/pkg/crypto/tinkcrypto/cl_crypto_stub_test.go b/pkg/crypto/tinkcrypto/cl_crypto_stub_test.go
@@ -0,0 +1,35 @@
+//go:build !ursa
+// +build !ursa
+
+/*
+Copyright SecureKey Technologies Inc. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package tinkcrypto
+
+import (
+	"errors"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestCLStubs(t *testing.T) {
+	c := Crypto{}
+
+	t.Run("test CL methods return not implemented", func(t *testing.T) {
+		errNotImplemented := errors.New("not implemented")
+		var err error
+
+		_, err = c.GetCorrectnessProof(nil)
+		require.EqualError(t, err, errNotImplemented.Error())
+
+		_, _, err = c.SignWithSecrets(nil, map[string]interface{}{}, nil, nil, nil, "")
+		require.EqualError(t, err, errNotImplemented.Error())
+
+		_, err = c.Blind(nil, map[string]interface{}{})
+		require.EqualError(t, err, errNotImplemented.Error())
+	})
+}