Merge pull request #229 from andrewwhitehead/upd/cl-0.2

Update to anoncreds-clsignatures 0.2, update tails access

Cargo.toml

@@ -25,6 +25,7 @@ logger = ["env_logger"]
 vendored = ["anoncreds-clsignatures/openssl_vendored"]
 
 [dependencies]
+anoncreds-clsignatures = "0.2"
 bs58 = "0.4.0"
 env_logger = { version = "0.9.3", optional = true }
 ffi-support = { version = "0.4.0", optional = true }
@@ -36,10 +37,8 @@ serde = { version = "1.0.155", features = ["derive"] }
 bitvec = { version = "1.0.1", features = ["serde"] }
 serde_json = { version = "1.0.94", features = ["raw_value"] }
 sha2 = "0.10.6"
-tempfile = "3.4.0"
 thiserror = "1.0.39"
 zeroize = { version = "1.5.7", optional = true, features = ["zeroize_derive"] }
-anoncreds-clsignatures = "0.1"
 
 [profile.release]
 lto = true

src/data_types/link_secret.rs

@@ -1,11 +1,12 @@
-use crate::cl::{bn::BigNumber, MasterSecret, Prover as CryptoProver};
+use crate::cl::{bn::BigNumber, LinkSecret as ClLinkSecret, Prover as CryptoProver};
 use crate::error::ConversionError;
 use std::fmt;
+
 pub struct LinkSecret(pub BigNumber);
 
 impl LinkSecret {
     pub fn new() -> Result<Self, ConversionError> {
-        let value = CryptoProver::new_master_secret()
+        let value = CryptoProver::new_link_secret()
             .and_then(|v| v.value())
             .map_err(|err| {
                 ConversionError::from_msg(format!("Error creating link secret: {err}"))
@@ -31,10 +32,10 @@ impl fmt::Debug for LinkSecret {
     }
 }
 
-impl TryInto<MasterSecret> for LinkSecret {
+impl TryInto<ClLinkSecret> for LinkSecret {
     type Error = ConversionError;
 
-    fn try_into(self) -> Result<MasterSecret, Self::Error> {
+    fn try_into(self) -> Result<ClLinkSecret, Self::Error> {
         let j = serde_json::json!({
             "ms": self.0
         });
@@ -43,10 +44,10 @@ impl TryInto<MasterSecret> for LinkSecret {
     }
 }
 
-impl TryInto<MasterSecret> for &LinkSecret {
+impl TryInto<ClLinkSecret> for &LinkSecret {
     type Error = ConversionError;
 
-    fn try_into(self) -> Result<MasterSecret, Self::Error> {
+    fn try_into(self) -> Result<ClLinkSecret, Self::Error> {
         let j = serde_json::json!({
             "ms": self.0
         });
@@ -95,19 +96,19 @@ mod link_secret_tests {
     }
 
     #[test]
-    fn should_convert_between_master_secret() {
+    fn should_convert_between_link_secret() {
         let link_secret = LinkSecret::new().expect("Unable to create link secret");
-        let master_secret: MasterSecret = link_secret
+        let cl_link_secret: ClLinkSecret = link_secret
             .try_clone()
             .expect("Error cloning link secret")
             .try_into()
-            .expect("error converting to master secret");
+            .expect("error converting to CL link secret");
 
         assert_eq!(
             link_secret.0,
-            master_secret
+            cl_link_secret
                 .value()
-                .expect("Error getting value from master secret")
+                .expect("Error getting value from CL link secret")
         );
     }
 

src/data_types/rev_status_list.rs

@@ -89,30 +89,35 @@ impl RevocationStatusList {
         if let Some(reg) = registry {
             self.registry = Some(reg.into());
         }
+        let slots_count = self.revocation_list.len();
         if let Some(issued) = issued {
+            if let Some(max_idx) = issued.iter().last().copied() {
+                if max_idx as usize >= slots_count {
+                    return Err(Error::from_msg(
+                        crate::ErrorKind::Unexpected,
+                        "Update Revocation List Index Out of Range",
+                    ));
+                }
+            }
             // issued credentials are assigned `false`
             // i.e. NOT revoked
             for i in issued {
-                let mut bit = self.revocation_list.get_mut(i as usize).ok_or_else(|| {
-                    Error::from_msg(
-                        crate::ErrorKind::Unexpected,
-                        "Update Revocation List Index Out of Range",
-                    )
-                })?;
-                *bit = false;
+                self.revocation_list.set(i as usize, false);
             }
         }
         if let Some(revoked) = revoked {
+            if let Some(max_idx) = revoked.iter().last().copied() {
+                if max_idx as usize >= slots_count {
+                    return Err(Error::from_msg(
+                        crate::ErrorKind::Unexpected,
+                        "Update Revocation List Index Out of Range",
+                    ));
+                }
+            }
             // revoked credentials are assigned `true`
             // i.e. IS revoked
             for i in revoked {
-                let mut bit = self.revocation_list.get_mut(i as usize).ok_or_else(|| {
-                    Error::from_msg(
-                        crate::ErrorKind::Unexpected,
-                        "Update Revocation List Index Out of Range",
-                    )
-                })?;
-                *bit = true;
+                self.revocation_list.set(i as usize, true);
             }
         }
         // only update if input is Some

src/ffi/credential.rs

@@ -12,7 +12,6 @@ use crate::error::Result;
 use crate::services::{
     issuer::create_credential,
     prover::process_credential,
-    tails::TailsFileReader,
     types::{Credential, CredentialRevocationConfig, MakeCredentialValues},
     utils::encode_credential_attribute,
 };
@@ -30,7 +29,6 @@ struct RevocationConfig {
     reg_def: AnoncredsObject,
     reg_def_private: AnoncredsObject,
     reg_idx: u32,
-    tails_path: String,
 }
 
 impl RevocationConfig {
@@ -39,7 +37,6 @@ impl RevocationConfig {
             reg_def: self.reg_def.cast_ref()?,
             reg_def_private: self.reg_def_private.cast_ref()?,
             registry_idx: self.reg_idx,
-            tails_reader: TailsFileReader::new_tails_reader(self.tails_path.as_str()),
         })
     }
 }
@@ -103,19 +100,13 @@ pub extern "C" fn anoncreds_create_credential(
             None
         } else {
             let revocation = unsafe { &*revocation };
-            let tails_path = revocation
-                .tails_path
-                .as_opt_str()
-                .ok_or_else(|| err_msg!("Missing tails file path"))?
-                .to_string();
             Some(RevocationConfig {
                 reg_def: revocation.reg_def.load()?,
                 reg_def_private: revocation.reg_def_private.load()?,
                 reg_idx: revocation
                     .reg_idx
                     .try_into()
                     .map_err(|_| err_msg!("Invalid revocation index"))?,
-                tails_path,
             })
         };
 

src/services/helpers.rs

@@ -1,8 +1,8 @@
 use std::collections::HashMap;
 
 use crate::cl::{
-    bn::BigNumber, CredentialSchema, CredentialValues, Issuer, MasterSecret, NonCredentialSchema,
-    SubProofRequest, Verifier,
+    bn::BigNumber, CredentialSchema, CredentialValues, Issuer, LinkSecret as ClLinkSecret,
+    NonCredentialSchema, SubProofRequest, Verifier,
 };
 use crate::data_types::{
     credential::AttributeValues,
@@ -46,7 +46,7 @@ pub fn build_non_credential_schema() -> Result<NonCredentialSchema> {
 
 pub fn build_credential_values(
     credential_values: &HashMap<String, AttributeValues>,
-    link_secret: Option<&MasterSecret>,
+    link_secret: Option<&ClLinkSecret>,
 ) -> Result<CredentialValues> {
     trace!(
         "build_credential_values >>> credential_values: {:?}",

src/services/prover.rs

@@ -641,7 +641,7 @@ pub fn create_or_update_revocation_state(
 
     let mut issued = HashSet::<u32>::new();
     let mut revoked = HashSet::<u32>::new();
-    let tails_reader = TailsFileReader::new_tails_reader(tails_path);
+    let tails_reader = TailsFileReader::new(tails_path);
     let witness = if let (Some(source_rev_state), Some(source_rev_list)) =
         (rev_state, old_rev_status_list)
     {