Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Simplify LinkSecret handling #237

Merged
merged 2 commits into from
Sep 5, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ logger = ["env_logger"]
vendored = ["anoncreds-clsignatures/openssl_vendored"]

[dependencies]
anoncreds-clsignatures = "0.2.1"
anoncreds-clsignatures = "0.2.2"
bs58 = "0.4.0"
env_logger = { version = "0.9.3", optional = true }
ffi-support = { version = "0.4.0", optional = true }
Expand Down
63 changes: 10 additions & 53 deletions src/data_types/link_secret.rs
Original file line number Diff line number Diff line change
@@ -1,16 +1,15 @@
use crate::cl::{bn::BigNumber, LinkSecret as ClLinkSecret, Prover as CryptoProver};
use crate::error::ConversionError;
use std::fmt;

pub struct LinkSecret(pub BigNumber);
use crate::cl::{bn::BigNumber, Prover as CryptoProver};
use crate::error::ConversionError;

pub struct LinkSecret(pub(crate) BigNumber);

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to derive zeroize on this? It was not done before due to Ursa but it might be possible now.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For version 0.2.2 the crate is using openssl's secure context for big numbers, which as I understand it zeroizes the entire buffer before it's released. So this type could implement ZeroizeOnDrop, but probably not Zeroize.

impl LinkSecret {
pub fn new() -> Result<Self, ConversionError> {
let value = CryptoProver::new_link_secret()
.and_then(|v| v.value())
.map_err(|err| {
ConversionError::from_msg(format!("Error creating link secret: {err}"))
})?;
.map_err(|err| ConversionError::from_msg(format!("Error creating link secret: {err}")))?
.into();

Ok(Self(value))
}
Expand All @@ -32,38 +31,13 @@ impl fmt::Debug for LinkSecret {
}
}

impl TryInto<ClLinkSecret> for LinkSecret {
type Error = ConversionError;

fn try_into(self) -> Result<ClLinkSecret, Self::Error> {
let j = serde_json::json!({
"ms": self.0
});
serde_json::from_value(j)
.map_err(|err| ConversionError::from_msg(format!("Error creating link secret: {err}")))
}
}

impl TryInto<ClLinkSecret> for &LinkSecret {
type Error = ConversionError;

fn try_into(self) -> Result<ClLinkSecret, Self::Error> {
let j = serde_json::json!({
"ms": self.0
});

serde_json::from_value(j)
.map_err(|err| ConversionError::from_msg(format!("Error creating link secret: {err}")))
}
}

impl TryInto<String> for LinkSecret {
type Error = ConversionError;

fn try_into(self) -> Result<String, Self::Error> {
self.0
.to_dec()
.map_err(|err| ConversionError::from_msg(format!("Error creating link secret: {err}")))
self.0.to_dec().map_err(|err| {
ConversionError::from_msg(format!("Error converting link secret: {err}"))
})
}
}

Expand All @@ -72,7 +46,7 @@ impl TryFrom<&str> for LinkSecret {

fn try_from(value: &str) -> Result<Self, Self::Error> {
Ok(Self(BigNumber::from_dec(value).map_err(|err| {
ConversionError::from_msg(format!("Error creating link secret: {err}"))
ConversionError::from_msg(format!("Error converting link secret: {err}"))
})?))
}
}
Expand All @@ -95,23 +69,6 @@ mod link_secret_tests {
assert_eq!(link_secret_str, ls);
}

#[test]
fn should_convert_between_link_secret() {
let link_secret = LinkSecret::new().expect("Unable to create link secret");
let cl_link_secret: ClLinkSecret = link_secret
.try_clone()
.expect("Error cloning link secret")
.try_into()
.expect("error converting to CL link secret");

assert_eq!(
link_secret.0,
cl_link_secret
.value()
.expect("Error getting value from CL link secret")
);
}

#[test]
fn should_clone_link_secret() {
let link_secret = LinkSecret::new().expect("Unable to create link secret");
Expand Down
11 changes: 6 additions & 5 deletions src/services/helpers.rs
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
use std::collections::HashMap;

use crate::cl::{
bn::BigNumber, CredentialSchema, CredentialValues, Issuer, LinkSecret as ClLinkSecret,
NonCredentialSchema, SubProofRequest, Verifier,
bn::BigNumber, CredentialSchema, CredentialValues, Issuer, NonCredentialSchema,
SubProofRequest, Verifier,
};
use crate::data_types::{
credential::AttributeValues,
link_secret::LinkSecret,
nonce::Nonce,
pres_request::{AttributeInfo, NonRevokedInterval, PredicateInfo, PresentationRequestPayload},
presentation::RequestedProof,
Expand Down Expand Up @@ -46,7 +47,7 @@ pub fn build_non_credential_schema() -> Result<NonCredentialSchema> {

pub fn build_credential_values(
credential_values: &HashMap<String, AttributeValues>,
link_secret: Option<&ClLinkSecret>,
link_secret: Option<&LinkSecret>,
) -> Result<CredentialValues> {
trace!(
"build_credential_values >>> credential_values: {:?}",
Expand All @@ -57,9 +58,9 @@ pub fn build_credential_values(
for (attr, values) in credential_values {
credential_values_builder.add_dec_known(&attr_common_view(attr), &values.encoded)?;
}
if let Some(ms) = link_secret {
if let Some(ls) = link_secret {
// value is master_secret as that's what's historically been used in published credential definitions
credential_values_builder.add_value_hidden("master_secret", &ms.value()?)?;
credential_values_builder.add_value_hidden("master_secret", &ls.0)?;
}

let res = credential_values_builder.finalize()?;
Expand Down
6 changes: 2 additions & 4 deletions src/services/prover.rs
Original file line number Diff line number Diff line change
Expand Up @@ -254,8 +254,7 @@ pub fn process_credential(
&cred_def.value.primary,
cred_def.value.revocation.as_ref(),
)?;
let credential_values =
build_credential_values(&credential.values.0, Some(&link_secret.try_into()?))?;
let credential_values = build_credential_values(&credential.values.0, Some(&link_secret))?;
let rev_pub_key = rev_reg_def.map(|d| &d.value.public_keys.accum_key);

Prover::process_credential_signature(
Expand Down Expand Up @@ -454,8 +453,7 @@ pub fn create_presentation(
)?;

let credential_schema = build_credential_schema(&schema.attr_names.0)?;
let credential_values =
build_credential_values(&credential.values.0, Some(&link_secret.try_into()?))?;
let credential_values = build_credential_values(&credential.values.0, Some(&link_secret))?;
let (req_attrs, req_predicates) = prepare_credential_for_proving(
present.requested_attributes,
present.requested_predicates,
Expand Down
Loading