github.com/hyperledger/aries-framework-go@v0.3.2/pkg/doc/cl/ursa/helpers.go (about) 1 //go:build ursa 2 // +build ursa 3 4 /* 5 Copyright Avast Software. All Rights Reserved. 6 7 SPDX-License-Identifier: Apache-2.0 8 */ 9 10 package ursa 11 12 import ( 13 "github.com/hyperledger/ursa-wrapper-go/pkg/libursa/ursa" 14 15 "github.com/hyperledger/aries-framework-go/pkg/doc/cl" 16 "github.com/hyperledger/aries-framework-go/pkg/internal/ursautil" 17 ) 18 19 // subProofItem is a auxiliary struct for processing proofs. 20 type subProofItem struct { 21 BlindedVals []byte 22 Credential *cl.Credential 23 CredentialDefinition *cl.CredentialDefinition 24 Item *cl.PresentationRequestItem 25 } 26 27 func newNonce() ([]byte, error) { 28 _nonce, err := ursa.NewNonce() 29 if err != nil { 30 return nil, err 31 } 32 33 defer _nonce.Free() // nolint: errcheck 34 35 nonce, err := _nonce.ToJSON() 36 if err != nil { 37 return nil, err 38 } 39 40 return nonce, nil 41 } 42 43 func blindCredentialSecrets( 44 pubKey []byte, 45 correctnessProof []byte, 46 nonce []byte, 47 blindedMs []byte, 48 ) (*cl.BlindedCredentialSecrets, error) { 49 _nonce, err := ursa.NonceFromJSON(string(nonce)) 50 if err != nil { 51 return nil, err 52 } 53 54 defer _nonce.Free() // nolint: errcheck 55 56 _pubKey, err := ursa.CredentialPublicKeyFromJSON(pubKey) 57 if err != nil { 58 return nil, err 59 } 60 61 defer _pubKey.Free() // nolint: errcheck 62 63 _correctnessProof, err := ursa.CredentialKeyCorrectnessProofFromJSON(correctnessProof) 64 if err != nil { 65 return nil, err 66 } 67 68 defer _correctnessProof.Free() // nolint: errcheck 69 70 _blindedMs, err := ursa.CredentialValuesFromJSON(blindedMs) 71 if err != nil { 72 return nil, err 73 } 74 75 defer _blindedMs.Free() // nolint: errcheck 76 77 _blindedSecrets, err := ursa.BlindCredentialSecrets(_pubKey, _correctnessProof, _nonce, _blindedMs) 78 if err != nil { 79 return nil, err 80 } 81 82 defer _blindedSecrets.Handle.Free() // nolint: errcheck 83 defer _blindedSecrets.CorrectnessProof.Free() // nolint: errcheck 84 defer _blindedSecrets.BlindingFactor.Free() // nolint: errcheck 85 86 secrets, err := _blindedSecrets.Handle.ToJSON() 87 if err != nil { 88 return nil, err 89 } 90 91 proof, err := _blindedSecrets.CorrectnessProof.ToJSON() 92 if err != nil { 93 return nil, err 94 } 95 96 blindingFactor, err := _blindedSecrets.BlindingFactor.ToJSON() 97 if err != nil { 98 return nil, err 99 } 100 101 return &cl.BlindedCredentialSecrets{Handle: secrets, CorrectnessProof: proof, BlindingFactor: blindingFactor}, nil 102 } 103 104 // nolint: funlen 105 func processCredentialSignature( 106 credential *cl.Credential, 107 credReq *cl.CredentialRequest, 108 credDef *cl.CredentialDefinition, 109 blindedVals []byte, 110 ) error { 111 _signature, err := ursa.CredentialSignatureFromJSON(credential.Signature) 112 if err != nil { 113 return err 114 } 115 116 defer _signature.Free() // nolint: errcheck 117 118 _correctnessProof, err := ursa.CredentialSignatureCorrectnessProofFromJSON(credential.SigProof) 119 if err != nil { 120 return err 121 } 122 123 defer _correctnessProof.Free() // nolint: errcheck 124 125 _blindingFactor, err := ursa.CredentialSecretsBlindingFactorsFromJSON(credReq.BlindedCredentialSecrets.BlindingFactor) 126 if err != nil { 127 return err 128 } 129 130 defer _blindingFactor.Free() // nolint: errcheck 131 132 _nonce, err := ursa.NonceFromJSON(string(credReq.Nonce)) 133 if err != nil { 134 return err 135 } 136 137 defer _nonce.Free() // nolint: errcheck 138 139 _pubKey, err := ursa.CredentialPublicKeyFromJSON(credDef.CredPubKey) 140 if err != nil { 141 return err 142 } 143 144 defer _pubKey.Free() // nolint: errcheck 145 146 _blindedVals, err := ursa.CredentialValuesFromJSON(blindedVals) 147 if err != nil { 148 return err 149 } 150 151 defer _blindedVals.Free() // nolint: errcheck 152 153 err = _signature.ProcessCredentialSignature( 154 _blindedVals, 155 _correctnessProof, 156 _blindingFactor, 157 _pubKey, 158 _nonce, 159 ) 160 if err != nil { 161 return err 162 } 163 164 updatedSignature, err := _signature.ToJSON() 165 if err != nil { 166 return err 167 } 168 169 updatedCorrectnessProof, err := _correctnessProof.ToJSON() 170 if err != nil { 171 return err 172 } 173 174 credential.Signature = updatedSignature 175 credential.SigProof = updatedCorrectnessProof 176 177 return nil 178 } 179 180 func createProof( 181 items []*subProofItem, 182 nonce []byte, 183 ) ([]byte, error) { 184 proofBuilder, err := ursa.NewProofBuilder() 185 if err != nil { 186 return nil, err 187 } 188 189 err = proofBuilder.AddCommonAttribute("master_secret") 190 if err != nil { 191 return nil, err 192 } 193 194 _reqNonce, err := ursa.NonceFromJSON(string(nonce)) 195 if err != nil { 196 return nil, err 197 } 198 199 defer _reqNonce.Free() // nolint: errcheck 200 201 for _, item := range items { 202 err = processSubProof(proofBuilder, item) 203 if err != nil { 204 return nil, err 205 } 206 } 207 208 _proof, err := proofBuilder.Finalize(_reqNonce) 209 if err != nil { 210 return nil, err 211 } 212 213 defer _proof.Free() // nolint: errcheck 214 215 proofJSON, err := _proof.ToJSON() 216 if err != nil { 217 return nil, err 218 } 219 220 return proofJSON, nil 221 } 222 223 func processSubProof( 224 proofBuilder *ursa.ProofBuilder, 225 item *subProofItem, 226 ) error { 227 _request, err := buildSubProofRequest(item.Item.RevealedAttrs, item.Item.Predicates) 228 if err != nil { 229 return err 230 } 231 232 defer _request.Free() // nolint: errcheck 233 234 _blindedValues, err := ursa.CredentialValuesFromJSON(item.BlindedVals) 235 if err != nil { 236 return err 237 } 238 239 defer _blindedValues.Free() // nolint: errcheck 240 241 _signature, err := ursa.CredentialSignatureFromJSON(item.Credential.Signature) 242 if err != nil { 243 return err 244 } 245 246 defer _signature.Free() // nolint: errcheck 247 248 _pubKey, err := ursa.CredentialPublicKeyFromJSON(item.CredentialDefinition.CredPubKey) 249 if err != nil { 250 return err 251 } 252 253 defer _pubKey.Free() // nolint: errcheck 254 255 _schema, _nonSchema, err := ursautil.BuildSchema(item.CredentialDefinition.Attrs) 256 if err != nil { 257 return err 258 } 259 260 defer _schema.Free() // nolint: errcheck 261 defer _nonSchema.Free() // nolint: errcheck 262 263 err = proofBuilder.AddSubProofRequest( 264 _request, 265 _schema, 266 _nonSchema, 267 _signature, 268 _blindedValues, 269 _pubKey, 270 ) 271 272 return err 273 } 274 275 func verifyProof( 276 proof *cl.Proof, 277 items []*subProofItem, 278 nonce []byte, 279 ) error { 280 verifier, err := ursa.NewProofVerifier() 281 if err != nil { 282 return err 283 } 284 285 _reqNonce, err := ursa.NonceFromJSON(string(nonce)) 286 if err != nil { 287 return err 288 } 289 290 defer _reqNonce.Free() // nolint: errcheck 291 292 _proof, err := ursa.ProofFromJSON(proof.Proof) 293 if err != nil { 294 return err 295 } 296 297 defer _proof.Free() // nolint: errcheck 298 299 for _, item := range items { 300 err = processSubProofVerifier(verifier, item) 301 if err != nil { 302 return err 303 } 304 } 305 306 err = verifier.Verify(_proof, _reqNonce) 307 308 return err 309 } 310 311 func processSubProofVerifier( 312 verifier *ursa.ProofVerifier, 313 item *subProofItem, 314 ) error { 315 _request, err := buildSubProofRequest(item.Item.RevealedAttrs, item.Item.Predicates) 316 if err != nil { 317 return err 318 } 319 320 defer _request.Free() // nolint: errcheck 321 322 _pubKey, err := ursa.CredentialPublicKeyFromJSON(item.CredentialDefinition.CredPubKey) 323 if err != nil { 324 return err 325 } 326 327 defer _pubKey.Free() // nolint: errcheck 328 329 _schema, _nonSchema, err := ursautil.BuildSchema(item.CredentialDefinition.Attrs) 330 if err != nil { 331 return err 332 } 333 334 defer _schema.Free() // nolint: errcheck 335 defer _nonSchema.Free() // nolint: errcheck 336 337 err = verifier.AddSubProofRequest( 338 _request, 339 _schema, 340 _nonSchema, 341 _pubKey, 342 ) 343 344 return err 345 } 346 347 func buildSubProofRequest(revealedAttrs []string, predicates []*cl.Predicate) (*ursa.SubProofRequestHandle, error) { 348 subProofBuilder, err := ursa.NewSubProofRequestBuilder() 349 if err != nil { 350 return nil, err 351 } 352 353 for _, revealedAttr := range revealedAttrs { 354 err = subProofBuilder.AddRevealedAttr(revealedAttr) 355 if err != nil { 356 return nil, err 357 } 358 } 359 360 for _, predicate := range predicates { 361 err = subProofBuilder.AddPredicate(predicate.Attr, predicate.PType, predicate.Value) 362 if err != nil { 363 return nil, err 364 } 365 } 366 367 subProofRequest, err := subProofBuilder.Finalize() 368 if err != nil { 369 return nil, err 370 } 371 372 return subProofRequest, nil 373 }