Skip to content
This repository has been archived by the owner on Mar 27, 2024. It is now read-only.

feat: CL Anoncreds Crypto API #3275

Merged
merged 1 commit into from
Aug 11, 2022
Merged

feat: CL Anoncreds Crypto API #3275

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions cmd/aries-agent-mobile/go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -189,8 +189,8 @@ github.com/hyperledger/aries-framework-go/component/storage/edv v0.0.0-202206061
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220322085443-50e8f9bd208b/go.mod h1:HojN6OAh8ZtXBe5X2arcSOe1SLo5Dsjqto8ICjSLQ2g=
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1 h1:vxZ0DlFNLjgxMdBESLZu895AsI1JWL2SJerphwIn8Po=
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
github.com/hyperledger/ursa-wrapper-go v0.3.0 h1:ZYgPkPqy0AWEoU2Dhiziz91QacNdIX3j21UIOIVCXA8=
github.com/hyperledger/ursa-wrapper-go v0.3.0/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
github.com/hyperledger/ursa-wrapper-go v0.3.1 h1:Do+QrVNniY77YK2jTIcyWqj9rm/Yb5SScN0bqCjiibA=
github.com/hyperledger/ursa-wrapper-go v0.3.1/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
Expand Down
4 changes: 2 additions & 2 deletions cmd/aries-agent-rest/go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -355,8 +355,8 @@ github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220330140627-0
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220509181817-261c3746d03e h1:Jw8qXxl32lfdkxqUOjwLEhsQC2+lT/YtcM7MuOd9+7k=
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220509181817-261c3746d03e/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
github.com/hyperledger/ursa-wrapper-go v0.3.0 h1:ZYgPkPqy0AWEoU2Dhiziz91QacNdIX3j21UIOIVCXA8=
github.com/hyperledger/ursa-wrapper-go v0.3.0/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
github.com/hyperledger/ursa-wrapper-go v0.3.1 h1:Do+QrVNniY77YK2jTIcyWqj9rm/Yb5SScN0bqCjiibA=
github.com/hyperledger/ursa-wrapper-go v0.3.1/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
Expand Down
4 changes: 2 additions & 2 deletions cmd/aries-js-worker/go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,8 +187,8 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220322085443-50e8f9bd208b/go.mod h1:HojN6OAh8ZtXBe5X2arcSOe1SLo5Dsjqto8ICjSLQ2g=
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1 h1:vxZ0DlFNLjgxMdBESLZu895AsI1JWL2SJerphwIn8Po=
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
github.com/hyperledger/ursa-wrapper-go v0.3.0 h1:ZYgPkPqy0AWEoU2Dhiziz91QacNdIX3j21UIOIVCXA8=
github.com/hyperledger/ursa-wrapper-go v0.3.0/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
github.com/hyperledger/ursa-wrapper-go v0.3.1 h1:Do+QrVNniY77YK2jTIcyWqj9rm/Yb5SScN0bqCjiibA=
github.com/hyperledger/ursa-wrapper-go v0.3.1/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
Expand Down
4 changes: 1 addition & 3 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ require (
github.com/hyperledger/aries-framework-go/component/storage/edv v0.0.0-20220606124520-53422361c38c
github.com/hyperledger/aries-framework-go/component/storageutil v0.0.0-20220322085443-50e8f9bd208b
github.com/hyperledger/aries-framework-go/spi v0.0.0-20220606124520-53422361c38c
github.com/hyperledger/ursa-wrapper-go v0.3.0
github.com/hyperledger/ursa-wrapper-go v0.3.1
github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a
github.com/kawamuray/jsonpath v0.0.0-20201211160320-7483bafabd7e
github.com/kilic/bls12-381 v0.1.1-0.20210503002446-7b7597926c69
Expand Down Expand Up @@ -64,6 +64,4 @@ require (
gopkg.in/yaml.v3 v3.0.1 // indirect
)

// replace github.com/hyperledger/ursa-wrapper-go => github.com/ashcherbakov/ursa-wrapper-go v0.3.1

go 1.17
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,8 +234,8 @@ github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210820153043-8
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220217153004-1622c70e5767/go.mod h1:HojN6OAh8ZtXBe5X2arcSOe1SLo5Dsjqto8ICjSLQ2g=
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1 h1:vxZ0DlFNLjgxMdBESLZu895AsI1JWL2SJerphwIn8Po=
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
github.com/hyperledger/ursa-wrapper-go v0.3.0 h1:ZYgPkPqy0AWEoU2Dhiziz91QacNdIX3j21UIOIVCXA8=
github.com/hyperledger/ursa-wrapper-go v0.3.0/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
github.com/hyperledger/ursa-wrapper-go v0.3.1 h1:Do+QrVNniY77YK2jTIcyWqj9rm/Yb5SScN0bqCjiibA=
github.com/hyperledger/ursa-wrapper-go v0.3.1/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
Expand Down
18 changes: 18 additions & 0 deletions pkg/crypto/api.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,24 @@ type Crypto interface {
// signature proof in []byte
// error in case of errors
DeriveProof(messages [][]byte, bbsSignature, nonce []byte, revealedIndexes []int, kh interface{}) ([]byte, error)
// Blind will blind provided values and add blinded data realted to the key in kh
// returns:
// blinded values in []byte
// error in case of errors
Blind(kh interface{}, values ...map[string]interface{}) ([][]byte, error)
// GetCorrectnessProof will return correctness proof for a public key handle
// returns:
// correctness proof in []byte
// error in case of errors
GetCorrectnessProof(kh interface{}) ([]byte, error)
// SignWithSecrets will generate a signature and related correctness proof
// for the provided values using secrets and related DID
// returns:
// signature in []byte
// correctness proof in []byte
// error in case of errors
SignWithSecrets(kh interface{}, values map[string]interface{},
secrets []byte, correctnessProof []byte, nonces [][]byte, did string) ([]byte, []byte, error)
}

// DefKeySize is the default key size for crypto primitives.
Expand Down
112 changes: 112 additions & 0 deletions pkg/crypto/tinkcrypto/cl_crypto.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
//go:build ursa
// +build ursa
Copy link
Contributor

@baha-ai baha-ai Jul 13, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it looks like ursa tagged files are not included in our linter

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems it'll take ursa and cgo to be provided in golangci-lint Docker container.
should we create a new image for lint with these dependencies inside and use it in check_lint.sh?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it seems the default golangci-lint won't have these tools, might as well create a new dedicated image. Thanks.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Baha-sk Where should I keep related Dockerfile and push the corresponding image?
Also, we could try to make a separate github job as Alex did for ursa tests - it'll use docker with pre-installed ursa

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can create a ursa subfolder under images and have a new dockerfile there.

as for the job, i would recommend simply updating scripts/check_lint.sh with new entries for ursa linting using your new image.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Baha-sk can we postpone this chage to the next PR?
Currently, I'm not a contributor to af-go, since I haven't made any commit to the repo. Therefore, pipelines would be not started automatically. And it'll be painful to ask you to start pipeline on each of me changes during debug.
Although, I ran golangci-lint locally with ursa tag and made the fixes according to all lint warnings.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no issues @kgoncharov, this is not mandatory, but a suggestion if you need to have a separate dockerfile for ursa builds.

Comment on lines +1 to +2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since the crypto api was updated to add the new CL functions, the framework won't compile without this build tag.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as discussed in today's planning, since there are empty stubs in the non-ursa build, the framework should be ok. Further changes will be needed on the server side of KMS.


/*
Copyright Avast Software. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0
*/

package tinkcrypto

import (
"fmt"

"github.com/google/tink/go/keyset"

bld "github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/cl/blinder"
sgn "github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/cl/signer"
)

// Blind will blind provided values with MasterSecret provided in a kh
// returns:
// blinded values in []byte
// error in case of errors
func (t *Crypto) Blind(kh interface{}, values ...map[string]interface{}) ([][]byte, error) {
keyHandle, ok := kh.(*keyset.Handle)
if !ok {
return nil, errBadKeyHandleFormat
}

blinder, err := bld.NewBlinder(keyHandle)
if err != nil {
return nil, fmt.Errorf("create new CL blinder: %w", err)
}

defer blinder.Free() // nolint: errcheck

if len(values) == 0 {
blinded, err := blinder.Blind(map[string]interface{}{})
if err != nil {
return nil, err
}

return [][]byte{blinded}, nil
}

blindedList := make([][]byte, len(values))

for i, val := range values {
blinded, err := blinder.Blind(val)
if err != nil {
return nil, err
}

blindedList[i] = blinded
}

return blindedList, nil
}

// GetCorrectnessProof will return correctness proof for a public key handle
// returns:
// correctness proof in []byte
// error in case of errors
func (t *Crypto) GetCorrectnessProof(kh interface{}) ([]byte, error) {
keyHandle, ok := kh.(*keyset.Handle)
if !ok {
return nil, errBadKeyHandleFormat
}

signer, err := sgn.NewSigner(keyHandle)
if err != nil {
return nil, fmt.Errorf("create new CL signer: %w", err)
}

defer signer.Free() // nolint: errcheck

correctnessProof, err := signer.GetCorrectnessProof()
if err != nil {
return nil, err
}

return correctnessProof, nil
}

// SignWithSecrets will generate a signature and related correctness proof
// for the provided values using secrets and related DID
// returns:
// signature in []byte
// correctness proof in []byte
// error in case of errors
func (t *Crypto) SignWithSecrets(kh interface{}, values map[string]interface{},
secrets []byte, correctnessProof []byte, nonces [][]byte, did string) ([]byte, []byte, error) {
keyHandle, ok := kh.(*keyset.Handle)
if !ok {
return nil, nil, errBadKeyHandleFormat
}

signer, err := sgn.NewSigner(keyHandle)
if err != nil {
return nil, nil, fmt.Errorf("create new CL signer: %w", err)
}

defer signer.Free() // nolint: errcheck

signature, signatureCorrectnessProof, err := signer.Sign(values, secrets, correctnessProof, nonces, did)
if err != nil {
return nil, nil, err
}

return signature, signatureCorrectnessProof, nil
}
44 changes: 44 additions & 0 deletions pkg/crypto/tinkcrypto/cl_crypto_stub.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
//go:build !ursa
// +build !ursa

/*
Copyright Avast Software. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0
*/

package tinkcrypto

import (
"errors"
)

// Blind will blind provided values with MasterSecret provided in a kh
// returns:
// blinded values in []byte
// error in case of errors
// STUB.
func (t *Crypto) Blind(kh interface{}, values ...map[string]interface{}) ([][]byte, error) {
return nil, errors.New("not implemented")
}

// GetCorrectnessProof will return correctness proof for a public key handle
// returns:
// correctness proof in []byte
// error in case of errors
// STUB.
func (t *Crypto) GetCorrectnessProof(kh interface{}) ([]byte, error) {
return nil, errors.New("not implemented")
}

// SignWithSecrets will generate a signature and related correctness proof
// for the provided values using secrets and related DID
// returns:
// signature in []byte
// correctness proof in []byte
// error in case of errors
// STUB.
func (t *Crypto) SignWithSecrets(kh interface{}, values map[string]interface{},
secrets []byte, correctnessProof []byte, nonces [][]byte, did string) ([]byte, []byte, error) {
return nil, nil, errors.New("not implemented")
}
35 changes: 35 additions & 0 deletions pkg/crypto/tinkcrypto/cl_crypto_stub_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
//go:build !ursa
// +build !ursa

/*
Copyright SecureKey Technologies Inc. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0
*/

package tinkcrypto

import (
"errors"
"testing"

"github.com/stretchr/testify/require"
)

func TestCLStubs(t *testing.T) {
c := Crypto{}

t.Run("test CL methods return not implemented", func(t *testing.T) {
errNotImplemented := errors.New("not implemented")
var err error

_, err = c.GetCorrectnessProof(nil)
require.EqualError(t, err, errNotImplemented.Error())

_, _, err = c.SignWithSecrets(nil, map[string]interface{}{}, nil, nil, nil, "")
require.EqualError(t, err, errNotImplemented.Error())

_, err = c.Blind(nil, map[string]interface{}{})
require.EqualError(t, err, errNotImplemented.Error())
})
}