Skip to content

Commit

Permalink
feat: add BBS+ support to crypto.Crypto and webkms
Browse files Browse the repository at this point in the history
closes hyperledger-archives#2295

Signed-off-by: Baha Shaaban <[email protected]>
  • Loading branch information
Baha Shaaban committed Feb 26, 2021
1 parent b5e28fa commit 3e05095
Show file tree
Hide file tree
Showing 9 changed files with 845 additions and 6 deletions.
2 changes: 2 additions & 0 deletions cmd/aries-js-worker/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,8 @@ github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210212132055-b
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210219073333-c46e84ce678f/go.mod h1:/ljIFCu5iDIziwuvObF0vEc3fJ5dgDpT8RYAhQdNeHI=
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210224230531-58e1368e5661 h1:5qhGwJ5+Gea3wzr7MjGLUmmKb4BAj78ok6vP2v1ZwnI=
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210224230531-58e1368e5661/go.mod h1:/ljIFCu5iDIziwuvObF0vEc3fJ5dgDpT8RYAhQdNeHI=
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210225210554-4f581697f7ec h1:klgqrSw5emAoZ7lKr5igdOsQf89Nyp22U2RJh90VZlc=
github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210225210554-4f581697f7ec/go.mod h1:6Za6hvu+eZDPerePXIlMuBWbQZDKqTgOrKV56WZMtcI=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a h1:zPPuIq2jAWWPTrGt70eK/BSch+gFAGrNzecsoENgu2o=
Expand Down
24 changes: 22 additions & 2 deletions pkg/crypto/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,6 @@ type Crypto interface {
// VerifyMAC determines if mac is a correct authentication code (MAC) for data
// using a matching MAC primitive in kh key handle and returns nil if so, otherwise it returns an error.
VerifyMAC(mac, data []byte, kh interface{}) error

// WrapKey will execute key wrapping of cek using apu, apv and recipient public key 'recPubKey'.
// 'opts' allows setting the option sender key handle using WithSender() option. It allows ECDH-1PU key wrapping
// (aka Authcrypt). The absence of this option uses ECDH-ES key wrapping (aka Anoncrypt). Another option that can
Expand All @@ -53,7 +52,6 @@ type Crypto interface {
// error in case of errors
WrapKey(cek, apu, apv []byte, recPubKey *PublicKey,
opts ...WrapKeyOpts) (*RecipientWrappedKey, error)

// UnwrapKey unwraps a key in recWK using recipient private key kh.
// 'opts' allows setting the option sender key handle using WithSender() option. It allows ECDH-1PU key unwrapping
// (aka Authcrypt). The absence of this option uses ECDH-ES key unwrapping (aka Anoncrypt). There is no need to
Expand All @@ -62,6 +60,28 @@ type Crypto interface {
// unwrapped key in raw bytes
// error in case of errors
UnwrapKey(recWK *RecipientWrappedKey, kh interface{}, opts ...WrapKeyOpts) ([]byte, error)
// BBSSign will sign create signature of each message in messages and aggregate it into a single signature using a
// matching signature primitive in kh key handle of a private key.
// returns:
// signature in []byte
// error in case of errors
BBSSign(messages [][]byte, kh interface{}) ([]byte, error)
// BBSVerify will verify an aggregated signature of one or more messages using a matching signature primitive in kh
// key handle of a public key
// returns:
// error in case of errors or nil if signature verification was successful
BBSVerify(messages [][]byte, signature []byte, kh interface{}) error
// VerifyProof will verify a BBS+ signature proof (generated e.g. by Verifier's DeriveProof() call) for
// revealedMessages using a matching signature primitive in kh key handle of a public key
// returns:
// error in case of errors or nil if signature proof verification was successful
VerifyProof(revealedMessages [][]byte, proof, nonce []byte, kh interface{}) error
// DeriveProof will create a BBS+ signature proof for a list of revealed messages using BBS signature
// (can be built using a Signer's Sign() call) and a matching signature primitive in kh key handle of a public key
// returns:
// signature proof in []byte
// error in case of errors
DeriveProof(messages [][]byte, bbsSignature, nonce []byte, revealedIndexes []int, kh interface{}) ([]byte, error)
}

// DefKeySize is the default key size for crypto primitives.
Expand Down
5 changes: 3 additions & 2 deletions pkg/crypto/primitive/bbs12381g2pub/bbs.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@ SPDX-License-Identifier: Apache-2.0
*/

// Package bbs12381g2pub contains BBS+ signing primitives and keys. Although it can be used directly, it is recommended
// to use BBS+ keys created by the kms along with the tinkcrypto BBS+ package primitives bbs.Signer and bbs.Verifier
// imported from: "github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/bbs"
// to use BBS+ keys created by the kms along with the framework's Crypto service.
// The default local Crypto service is found at: "github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto"
// while the remote Crypto service is found at: "github.com/hyperledger/aries-framework-go/pkg/crypto/webkms"
package bbs12381g2pub

import (
Expand Down
95 changes: 95 additions & 0 deletions pkg/crypto/tinkcrypto/crypto.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"golang.org/x/crypto/chacha20poly1305"

cryptoapi "github.com/hyperledger/aries-framework-go/pkg/crypto"
"github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/bbs"
)

const (
Expand Down Expand Up @@ -276,3 +277,97 @@ func (t *Crypto) UnwrapKey(recWK *cryptoapi.RecipientWrappedKey, recipientKH int

return key, nil
}

// BBSSign will sign create signature of each message and aggregate it into a single signature using the signer's
// private key in signerKH.
// returns:
// signature in []byte
// error in case of errors
func (t *Crypto) BBSSign(messages [][]byte, signerKH interface{}) ([]byte, error) {
keyHandle, ok := signerKH.(*keyset.Handle)
if !ok {
return nil, errBadKeyHandleFormat
}

signer, err := bbs.NewSigner(keyHandle)
if err != nil {
return nil, fmt.Errorf("create new BBS+ signer: %w", err)
}

s, err := signer.Sign(messages)
if err != nil {
return nil, fmt.Errorf("BBS+ sign msg: %w", err)
}

return s, nil
}

// BBSVerify will verify an aggregated signature of one or more messages against the signer's public key in signerPubKH.
// returns:
// error in case of errors or nil if signature verification was successful
func (t *Crypto) BBSVerify(messages [][]byte, bbsSignature []byte, signerPubKH interface{}) error {
keyHandle, ok := signerPubKH.(*keyset.Handle)
if !ok {
return errBadKeyHandleFormat
}

verifier, err := bbs.NewVerifier(keyHandle)
if err != nil {
return fmt.Errorf("create new BBS+ verifier: %w", err)
}

err = verifier.Verify(messages, bbsSignature)
if err != nil {
err = fmt.Errorf("BBS+ verify msg: %w", err)
}

return err
}

// VerifyProof will verify a BBS+ signature proof (generated e.g. by Verifier's DeriveProof() call) for revealedMessages
// with the signer's public key in signerPubKH.
// returns:
// error in case of errors or nil if signature proof verification was successful
func (t *Crypto) VerifyProof(revealedMessages [][]byte, proof, nonce []byte, signerPubKH interface{}) error {
keyHandle, ok := signerPubKH.(*keyset.Handle)
if !ok {
return errBadKeyHandleFormat
}

verifier, err := bbs.NewVerifier(keyHandle)
if err != nil {
return fmt.Errorf("create new BBS+ verifier: %w", err)
}

err = verifier.VerifyProof(revealedMessages, proof, nonce)
if err != nil {
err = fmt.Errorf("verify proof msg: %w", err)
}

return err
}

// DeriveProof will create a BBS+ signature proof for a list of revealed messages using BBS signature
// (can be built using a Signer's Sign() call) and the signer's public key in signerPubKH.
// returns:
// signature proof in []byte
// error in case of errors
func (t *Crypto) DeriveProof(messages [][]byte, bbsSignature, nonce []byte, revealedIndexes []int,
signerPubKH interface{}) ([]byte, error) {
keyHandle, ok := signerPubKH.(*keyset.Handle)
if !ok {
return nil, errBadKeyHandleFormat
}

verifier, err := bbs.NewVerifier(keyHandle)
if err != nil {
return nil, fmt.Errorf("create new BBS+ verifier: %w", err)
}

proof, err := verifier.DeriveProof(messages, bbsSignature, nonce, revealedIndexes)
if err != nil {
return nil, fmt.Errorf("verify proof msg: %w", err)
}

return proof, nil
}
102 changes: 102 additions & 0 deletions pkg/crypto/tinkcrypto/crypto_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ package tinkcrypto
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"math/big"
"testing"

Expand All @@ -24,6 +25,7 @@ import (
chacha "golang.org/x/crypto/chacha20poly1305"

"github.com/hyperledger/aries-framework-go/pkg/crypto"
"github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/bbs"
"github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/composite/ecdh"
"github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/composite/keyio"
ecdhpb "github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/proto/ecdh_aead_go_proto"
Expand Down Expand Up @@ -625,3 +627,103 @@ func TestCrypto_ECDH1PU_Wrap_Unwrap_Key_Using_CryptoPubKey_as_SenderKey(t *testi
require.NoError(t, err)
require.EqualValues(t, cek, uCEK)
}

func TestBBSCrypto_SignVerify_DeriveProofVerifyProof(t *testing.T) {
c := Crypto{}
msg := [][]byte{
[]byte(testMessage + "0"), []byte(testMessage + "1"), []byte(testMessage + "2"),
[]byte(testMessage + "3"), []byte(testMessage + "4"), []byte(testMessage + "5"),
}

var (
s []byte
pubKH *keyset.Handle
badKH *keyset.Handle
)

t.Run("test with BBS+ signature", func(t *testing.T) {
kh, err := keyset.NewHandle(bbs.BLS12381G2KeyTemplate())
require.NoError(t, err)

badKH, err = keyset.NewHandle(aead.KMSEnvelopeAEADKeyTemplate("babdUrl", nil))
require.NoError(t, err)

s, err = c.BBSSign(msg, kh)
require.NoError(t, err)

// sign with nil key handle - should fail
_, err = c.BBSSign(msg, nil)
require.EqualError(t, err, errBadKeyHandleFormat.Error())

// sign with bad key type - should fail
_, err = c.BBSSign(msg, "bad key type")
require.EqualError(t, err, errBadKeyHandleFormat.Error())

// sign with empty messages - should fail
_, err = c.BBSSign([][]byte{}, kh)
require.EqualError(t, err, "BBS+ sign msg: messages are not defined")

// sign with bad key handle - should fail
_, err = c.BBSSign(msg, badKH)
require.Error(t, err)

// get corresponding public key handle to verify
pubKH, err = kh.Public()
require.NoError(t, err)

err = c.BBSVerify(msg, s, nil)
require.EqualError(t, err, errBadKeyHandleFormat.Error())

err = c.BBSVerify(msg, s, "bad key type")
require.EqualError(t, err, errBadKeyHandleFormat.Error())

err = c.BBSVerify(msg, s, badKH)
require.Error(t, err)

err = c.BBSVerify([][]byte{}, s, pubKH)
require.EqualError(t, err, "BBS+ verify msg: bbs_verifier_factory: invalid signature")

err = c.BBSVerify(msg, s, pubKH)
require.NoError(t, err)
})

require.NotEmpty(t, s)

t.Run("test with BBS+ proof", func(t *testing.T) {
revealedIndexes := []int{0, 2}
nonce := make([]byte, 32)

_, err := rand.Read(nonce)
require.NoError(t, err)

_, err = c.DeriveProof(msg, s, nonce, revealedIndexes, nil)
require.EqualError(t, err, errBadKeyHandleFormat.Error())

_, err = c.DeriveProof(msg, s, nonce, revealedIndexes, "bad key type")
require.EqualError(t, err, errBadKeyHandleFormat.Error())

_, err = c.DeriveProof(msg, s, nonce, revealedIndexes, badKH)
require.Error(t, err)

_, err = c.DeriveProof([][]byte{}, s, nonce, revealedIndexes, pubKH)
require.EqualError(t, err, "verify proof msg: bbs_verifier_factory: invalid signature proof")

proof, err := c.DeriveProof(msg, s, nonce, revealedIndexes, pubKH)
require.NoError(t, err)

err = c.VerifyProof([][]byte{msg[0], msg[2]}, proof, nonce, nil)
require.EqualError(t, err, errBadKeyHandleFormat.Error())

err = c.VerifyProof([][]byte{msg[0], msg[2]}, proof, nonce, "bad key type")
require.EqualError(t, err, errBadKeyHandleFormat.Error())

err = c.VerifyProof([][]byte{msg[0], msg[2]}, proof, nonce, badKH)
require.Error(t, err)

err = c.VerifyProof([][]byte{msg[3], msg[4]}, proof, nonce, pubKH)
require.EqualError(t, err, "verify proof msg: bbs_verifier_factory: invalid signature proof")

err = c.VerifyProof([][]byte{msg[0], msg[2]}, proof, nonce, pubKH)
require.NoError(t, err)
})
}
2 changes: 1 addition & 1 deletion pkg/crypto/tinkcrypto/primitive/bbs/bbs.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ SPDX-License-Identifier: Apache-2.0
// v := bbs.NewVerifier(verKH)
//
// // and verify signature
// pt, err := v.Verify(messages, sig)
// err = v.Verify(messages, sig)
// if err != nil {
// // handle error
// }
Expand Down
Loading

0 comments on commit 3e05095

Please sign in to comment.