CL Anoncreds Crypto API

* extended Crypto API with CL * added verifier functionality * implemented issuer/prover/verifier methods for tinkcrypto * added stubs for CL for remotecrypto and non-ursa tinkcrypto build * added unit tests Signed-off-by: konstantin.goncharov <konstantin.goncharov@avast.com>
hyperledger-archives · Jul 13, 2022 · 80abd8f · 80abd8f
1 parent d5d31b7
commit 80abd8f
Show file tree

Hide file tree

Showing 24 changed files with 1,204 additions and 95 deletions.
diff --git a/pkg/crypto/api.go b/pkg/crypto/api.go
@@ -13,6 +13,10 @@ package crypto
 // directly. It is accessible via the framework's KMS BBS+ keys and tinkcrypto's bbs package's Signer and Verifier
 // primitives or via webkms for remote KMS BBS+ signing.
 
+import (
+	"github.com/hyperledger/aries-framework-go/pkg/crypto/cl"
+)
+
 // Crypto interface provides all crypto operations needed in the Aries framework.
 type Crypto interface {
 	// Encrypt will encrypt msg and aad using a matching AEAD primitive in kh key handle of a public key
@@ -84,6 +88,30 @@ type Crypto interface {
 	// 		signature proof in []byte
 	//		error in case of errors
 	DeriveProof(messages [][]byte, bbsSignature, nonce []byte, revealedIndexes []int, kh interface{}) ([]byte, error)
+
+	// CL Anoncreds methods
+
+	// Issuer
+
+	CLGetCredentialDefinition(kh interface{}) (*cl.CredentialDefinition, error)
+
+	CLOfferCredential(kh interface{}) (*cl.CredentialOffer, error)
+
+	CLIssueCredential(kh interface{}, values map[string]interface{}, credentialRequest *cl.CredentialRequest, credOffer *cl.CredentialOffer) (*cl.Credential, error)
+
+	// Prover
+
+	CLRequestCredential(kh interface{}, credOffer *cl.CredentialOffer, credDef *cl.CredentialDefinition, proverId string) (*cl.CredentialRequest, error)
+
+	CLProcessCredential(kh interface{}, credential *cl.Credential, credRequest *cl.CredentialRequest, credDef *cl.CredentialDefinition) (*cl.Credential, error)
+
+	CLCreateProof(kh interface{}, presentationRequest *cl.PresentationRequest, credentials []*cl.Credential, credDefs []*cl.CredentialDefinition) (*cl.Proof, error)
+
+	// Verifier
+
+	CLRequestPresentation(items []*cl.PresentationRequestItem) (*cl.PresentationRequest, error)
+
+	CLVerifyProof(proof *cl.Proof, presentationRequest *cl.PresentationRequest, credDefs []*cl.CredentialDefinition) error
 }
 
 // DefKeySize is the default key size for crypto primitives.

diff --git a/pkg/crypto/cl/model.go b/pkg/crypto/cl/model.go
@@ -0,0 +1,55 @@
+/*
+Copyright Avast Software. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package cl
+
+type CredentialDefinition struct {
+	CredPubKey              []byte
+	CredDefCorrectnessProof []byte
+	Attrs                   []string
+}
+
+type CredentialOffer struct {
+	Nonce string
+}
+
+type CredentialRequest struct {
+	BlindedCredentialSecrets *BlindedCredentialSecrets
+	Nonce                    string
+	ProverId                 string
+}
+
+type BlindedCredentialSecrets struct {
+	Handle           []byte
+	BlindingFactor   []byte
+	CorrectnessProof []byte
+}
+
+type Credential struct {
+	Signature []byte
+	Values    map[string]interface{}
+	SigProof  []byte
+}
+
+type PresentationRequest struct {
+	Items []*PresentationRequestItem
+	Nonce string
+}
+
+type PresentationRequestItem struct {
+	RevealedAttrs []string
+	Predicates    []*Predicate
+}
+
+type Predicate struct {
+	Attr  string
+	PType string
+	Value int32
+}
+
+type Proof struct {
+	Proof []byte
+}