CL Anoncreds Crypto API

* extended Crypto API with SignWithSecrets and Blind methods
* refactored CL primitives
* implemented new methods for tinkcrypto
* formatted all ursa code
* added ursautil for common ursa methods
* added stubs for CL for remotecrypto and non-ursa tinkcrypto build
* added unit tests

Signed-off-by: konstantin.goncharov <[email protected]>

cmd/aries-agent-mobile/go.sum

@@ -189,8 +189,8 @@ github.com/hyperledger/aries-framework-go/component/storage/edv v0.0.0-202206061
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220322085443-50e8f9bd208b/go.mod h1:HojN6OAh8ZtXBe5X2arcSOe1SLo5Dsjqto8ICjSLQ2g=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1 h1:vxZ0DlFNLjgxMdBESLZu895AsI1JWL2SJerphwIn8Po=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
-github.com/hyperledger/ursa-wrapper-go v0.3.0 h1:ZYgPkPqy0AWEoU2Dhiziz91QacNdIX3j21UIOIVCXA8=
-github.com/hyperledger/ursa-wrapper-go v0.3.0/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
+github.com/hyperledger/ursa-wrapper-go v0.3.1 h1:Do+QrVNniY77YK2jTIcyWqj9rm/Yb5SScN0bqCjiibA=
+github.com/hyperledger/ursa-wrapper-go v0.3.1/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=

cmd/aries-agent-rest/go.sum

@@ -355,8 +355,8 @@ github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220330140627-0
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220509181817-261c3746d03e h1:Jw8qXxl32lfdkxqUOjwLEhsQC2+lT/YtcM7MuOd9+7k=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220509181817-261c3746d03e/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
-github.com/hyperledger/ursa-wrapper-go v0.3.0 h1:ZYgPkPqy0AWEoU2Dhiziz91QacNdIX3j21UIOIVCXA8=
-github.com/hyperledger/ursa-wrapper-go v0.3.0/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
+github.com/hyperledger/ursa-wrapper-go v0.3.1 h1:Do+QrVNniY77YK2jTIcyWqj9rm/Yb5SScN0bqCjiibA=
+github.com/hyperledger/ursa-wrapper-go v0.3.1/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=

cmd/aries-js-worker/go.sum

@@ -187,8 +187,8 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220322085443-50e8f9bd208b/go.mod h1:HojN6OAh8ZtXBe5X2arcSOe1SLo5Dsjqto8ICjSLQ2g=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1 h1:vxZ0DlFNLjgxMdBESLZu895AsI1JWL2SJerphwIn8Po=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
-github.com/hyperledger/ursa-wrapper-go v0.3.0 h1:ZYgPkPqy0AWEoU2Dhiziz91QacNdIX3j21UIOIVCXA8=
-github.com/hyperledger/ursa-wrapper-go v0.3.0/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
+github.com/hyperledger/ursa-wrapper-go v0.3.1 h1:Do+QrVNniY77YK2jTIcyWqj9rm/Yb5SScN0bqCjiibA=
+github.com/hyperledger/ursa-wrapper-go v0.3.1/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=

go.mod

@@ -20,7 +20,7 @@ require (
 	github.com/hyperledger/aries-framework-go/component/storage/edv v0.0.0-20220606124520-53422361c38c
 	github.com/hyperledger/aries-framework-go/component/storageutil v0.0.0-20220322085443-50e8f9bd208b
 	github.com/hyperledger/aries-framework-go/spi v0.0.0-20220606124520-53422361c38c
-	github.com/hyperledger/ursa-wrapper-go v0.3.0
+	github.com/hyperledger/ursa-wrapper-go v0.3.1
 	github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a
 	github.com/kawamuray/jsonpath v0.0.0-20201211160320-7483bafabd7e
 	github.com/kilic/bls12-381 v0.1.1-0.20210503002446-7b7597926c69
@@ -64,6 +64,4 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-// replace github.com/hyperledger/ursa-wrapper-go => github.com/ashcherbakov/ursa-wrapper-go v0.3.1
-
 go 1.17

go.sum

@@ -234,8 +234,8 @@ github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210820153043-8
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220217153004-1622c70e5767/go.mod h1:HojN6OAh8ZtXBe5X2arcSOe1SLo5Dsjqto8ICjSLQ2g=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1 h1:vxZ0DlFNLjgxMdBESLZu895AsI1JWL2SJerphwIn8Po=
 github.com/hyperledger/aries-framework-go/test/component v0.0.0-20220428211718-66cc046674a1/go.mod h1:lykx3N+GX+sAWSxO2Ycc4Dz+ynV9b0Fv4NdP+ms4Alc=
-github.com/hyperledger/ursa-wrapper-go v0.3.0 h1:ZYgPkPqy0AWEoU2Dhiziz91QacNdIX3j21UIOIVCXA8=
-github.com/hyperledger/ursa-wrapper-go v0.3.0/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
+github.com/hyperledger/ursa-wrapper-go v0.3.1 h1:Do+QrVNniY77YK2jTIcyWqj9rm/Yb5SScN0bqCjiibA=
+github.com/hyperledger/ursa-wrapper-go v0.3.1/go.mod h1:nPSAuMasIzSVciQo22PedBk4Opph6bJ6ia3ms7BH/mk=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=

pkg/crypto/api.go

@@ -84,6 +84,24 @@ type Crypto interface {
 	// 		signature proof in []byte
 	//		error in case of errors
 	DeriveProof(messages [][]byte, bbsSignature, nonce []byte, revealedIndexes []int, kh interface{}) ([]byte, error)
+	// Blind will blind provided values and add blinded data realted to the key in kh
+	// returns:
+	// 		blinded values in []byte
+	//		error in case of errors
+	Blind(kh interface{}, values ...map[string]interface{}) ([][]byte, error)
+	// GetCorrectnessProof will return correctness proof for a public key handle
+	// returns:
+	// 		correctness proof in []byte
+	//		error in case of errors
+	GetCorrectnessProof(kh interface{}) ([]byte, error)
+	// SignWithSecrets will generate a signature and related correctness proof
+	// for the provided values using secrets and related DID
+	// returns:
+	// 		signature in []byte
+	// 		correctness proof in []byte
+	//		error in case of errors
+	SignWithSecrets(kh interface{}, values map[string]interface{},
+		secrets []byte, correctnessProof []byte, nonces [][]byte, did string) ([]byte, []byte, error)
 }
 
 // DefKeySize is the default key size for crypto primitives.

pkg/crypto/tinkcrypto/cl_crypto.go

@@ -0,0 +1,112 @@
+//go:build ursa
+// +build ursa
+
+/*
+Copyright Avast Software. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package tinkcrypto
+
+import (
+	"fmt"
+
+	"github.com/google/tink/go/keyset"
+
+	bld "github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/cl/blinder"
+	sgn "github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/cl/signer"
+)
+
+// Blind will blind provided values with MasterSecret provided in a kh
+// returns:
+// 		blinded values in []byte
+//		error in case of errors
+func (t *Crypto) Blind(kh interface{}, values ...map[string]interface{}) ([][]byte, error) {
+	keyHandle, ok := kh.(*keyset.Handle)
+	if !ok {
+		return nil, errBadKeyHandleFormat
+	}
+
+	blinder, err := bld.NewBlinder(keyHandle)
+	if err != nil {
+		return nil, fmt.Errorf("create new CL blinder: %w", err)
+	}
+
+	defer blinder.Free() // nolint: errcheck
+
+	if len(values) == 0 {
+		blinded, err := blinder.Blind(map[string]interface{}{})
+		if err != nil {
+			return nil, err
+		}
+
+		return [][]byte{blinded}, nil
+	}
+
+	blindedList := make([][]byte, len(values))
+
+	for i, val := range values {
+		blinded, err := blinder.Blind(val)
+		if err != nil {
+			return nil, err
+		}
+
+		blindedList[i] = blinded
+	}
+
+	return blindedList, nil
+}
+
+// GetCorrectnessProof will return correctness proof for a public key handle
+// returns:
+// 		correctness proof in []byte
+//		error in case of errors
+func (t *Crypto) GetCorrectnessProof(kh interface{}) ([]byte, error) {
+	keyHandle, ok := kh.(*keyset.Handle)
+	if !ok {
+		return nil, errBadKeyHandleFormat
+	}
+
+	signer, err := sgn.NewSigner(keyHandle)
+	if err != nil {
+		return nil, fmt.Errorf("create new CL signer: %w", err)
+	}
+
+	defer signer.Free() // nolint: errcheck
+
+	correctnessProof, err := signer.GetCorrectnessProof()
+	if err != nil {
+		return nil, err
+	}
+
+	return correctnessProof, nil
+}
+
+// SignWithSecrets will generate a signature and related correctness proof
+// for the provided values using secrets and related DID
+// returns:
+// 		signature in []byte
+// 		correctness proof in []byte
+//		error in case of errors
+func (t *Crypto) SignWithSecrets(kh interface{}, values map[string]interface{},
+	secrets []byte, correctnessProof []byte, nonces [][]byte, did string) ([]byte, []byte, error) {
+	keyHandle, ok := kh.(*keyset.Handle)
+	if !ok {
+		return nil, nil, errBadKeyHandleFormat
+	}
+
+	signer, err := sgn.NewSigner(keyHandle)
+	if err != nil {
+		return nil, nil, fmt.Errorf("create new CL signer: %w", err)
+	}
+
+	defer signer.Free() // nolint: errcheck
+
+	signature, signatureCorrectnessProof, err := signer.Sign(values, secrets, correctnessProof, nonces, did)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return signature, signatureCorrectnessProof, nil
+}

pkg/crypto/tinkcrypto/cl_crypto_stub.go

@@ -0,0 +1,44 @@
+//go:build !ursa
+// +build !ursa
+
+/*
+Copyright Avast Software. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package tinkcrypto
+
+import (
+	"errors"
+)
+
+// Blind will blind provided values with MasterSecret provided in a kh
+// returns:
+// 		blinded values in []byte
+//		error in case of errors
+// STUB.
+func (t *Crypto) Blind(kh interface{}, values ...map[string]interface{}) ([][]byte, error) {
+	return nil, errors.New("not implemented")
+}
+
+// GetCorrectnessProof will return correctness proof for a public key handle
+// returns:
+// 		correctness proof in []byte
+//		error in case of errors
+// STUB.
+func (t *Crypto) GetCorrectnessProof(kh interface{}) ([]byte, error) {
+	return nil, errors.New("not implemented")
+}
+
+// SignWithSecrets will generate a signature and related correctness proof
+// for the provided values using secrets and related DID
+// returns:
+// 		signature in []byte
+// 		correctness proof in []byte
+//		error in case of errors
+// STUB.
+func (t *Crypto) SignWithSecrets(kh interface{}, values map[string]interface{},
+	secrets []byte, correctnessProof []byte, nonces [][]byte, did string) ([]byte, []byte, error) {
+	return nil, nil, errors.New("not implemented")
+}