Updated to match indy crypto

mikelodder7 · mikelodder7 · commit 3843326bc28d · 2018-05-16T14:23:49.000-06:00
Signed-off-by: Michael Lodder &lt;redmike7@gmail.com&gt;
diff --git a/libindy/Cargo.toml b/libindy/Cargo.toml
@@ -20,8 +20,7 @@ path = "src/lib.rs"
 crate-type = ["staticlib","rlib", "dylib"]
 
 [features]
-default = ["bn_openssl", "box_sodium", "sealedbox_sodium", "base58_rust_base58", "xsalsa20_sodium", "pair_amcl", "hash_openssl", "local_nodes_pool", "revocation_tests"]
-bn_openssl = ["openssl", "int_traits"]
+default = ["box_sodium", "sealedbox_sodium", "base58_rust_base58", "xsalsa20_sodium", "pair_amcl", "hash_openssl", "local_nodes_pool", "revocation_tests"]
 box_sodium = ["sodiumoxide"]
 sealedbox_sodium = ["sodiumoxide"]
 base58_rust_base58 = ["rust-base58"]
diff --git a/libindy/build_scripts/Dockerfile.ubuntu1604 b/libindy/build_scripts/Dockerfile.ubuntu1604
@@ -0,0 +1,30 @@
+FROM ubuntu:16.04
+LABEL maintainer="Michael Lodder <redmike7@gmail.com>"
+
+ENV SODIUM_LIB_DIR /home/indy_user/libsodium/lib
+ENV SODIUM_INCLUDE_DIR /home/indy_user/libsodium/include
+ENV PATH /home/indy_user/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get -qq update -y && apt-get -qq install -y sudo zip unzip cmake autoconf libtool curl wget python3 pkg-config libssl-dev libzmq3-dev 2>&1 > /dev/null
+RUN useradd -m -d /home/indy_user -s /bin/bash -p $(openssl passwd -1 "indy") indy_user
+RUN usermod -aG sudo indy_user
+
+USER indy_user
+WORKDIR /home/indy_user
+
+RUN wget -q https://github.com/jedisct1/libsodium/releases/download/1.0.12/libsodium-1.0.12.tar.gz
+RUN tar xf /home/indy_user/libsodium-1.0.12.tar.gz
+WORKDIR /home/indy_user/libsodium-1.0.12
+RUN ./autogen.sh
+RUN ./configure --prefix=/home/indy_user/libsodium
+RUN make
+RUN make install
+
+WORKDIR /home/indy_user
+RUN rm -f libsodium-1.0.12.tar.gz
+RUN rm -rf libsodium-1.0.12
+RUN curl https://sh.rustup.rs -sSf > rustup-init.sh
+RUN chmod a+x rustup-init.sh
+RUN ./rustup-init.sh -y
+RUN rm -f rustup-init.sh
+RUN echo "libindy configured successful"
diff --git a/libindy/build_scripts/build-libindy-ios.sh b/libindy/build_scripts/build-libindy-ios.sh
diff --git a/libindy/build_scripts/make-docker.sh b/libindy/build_scripts/make-docker.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker build -t libindy:latest -f Dockerfile.ubuntu1604 .
diff --git a/libindy/src/domain/credential_request.rs b/libindy/src/domain/credential_request.rs
@@ -1,9 +1,9 @@
 extern crate indy_crypto;
 
 use self::indy_crypto::cl::{
-    BlindedMasterSecret,
-    BlindedMasterSecretCorrectnessProof,
-    MasterSecretBlindingData,
+    BlindedCredentialSecrets,
+    BlindedCredentialSecretsCorrectnessProof,
+    CredentialSecretsBlindingFactors,
     Nonce
 };
 use self::indy_crypto::utils::json::{JsonDecodable, JsonEncodable};
@@ -12,8 +12,8 @@ use self::indy_crypto::utils::json::{JsonDecodable, JsonEncodable};
 pub struct CredentialRequest {
     pub prover_did: String,
     pub cred_def_id: String,
-    pub blinded_ms: BlindedMasterSecret,
-    pub blinded_ms_correctness_proof: BlindedMasterSecretCorrectnessProof,
+    pub blinded_ms: BlindedCredentialSecrets,
+    pub blinded_ms_correctness_proof: BlindedCredentialSecretsCorrectnessProof,
     pub nonce: Nonce,
 }
 
@@ -23,11 +23,11 @@ impl<'a> JsonDecodable<'a> for CredentialRequest {}
 
 #[derive(Debug, Serialize, Deserialize)]
 pub struct CredentialRequestMetadata {
-    pub master_secret_blinding_data: MasterSecretBlindingData,
+    pub master_secret_blinding_data: CredentialSecretsBlindingFactors,
     pub nonce: Nonce,
     pub master_secret_name: String
 }
 
 impl JsonEncodable for CredentialRequestMetadata {}
 
-impl<'a> JsonDecodable<'a> for CredentialRequestMetadata {}
+impl<'a> JsonDecodable<'a> for CredentialRequestMetadata {}
diff --git a/libindy/src/services/anoncreds/helpers.rs b/libindy/src/services/anoncreds/helpers.rs
@@ -5,7 +5,7 @@ use errors::common::CommonError;
 use domain::credential::AttributeValues;
 use domain::proof_request::{AttributeInfo, PredicateInfo};
 
-use self::indy_crypto::cl::{issuer, verifier, CredentialSchema, CredentialValues, SubProofRequest};
+use self::indy_crypto::cl::{issuer, verifier, CredentialSchema, NonCredentialSchema, MasterSecret, CredentialValues, SubProofRequest};
 
 
 use std::collections::{HashSet, HashMap};
@@ -29,12 +29,26 @@ pub fn build_credential_schema(attrs: &HashSet<String>) -> Result<CredentialSche
     Ok(res)
 }
 
-pub fn build_credential_values(credential_values: &HashMap<String, AttributeValues>) -> Result<CredentialValues, CommonError> {
+pub fn build_non_credential_schema() -> Result<NonCredentialSchema, CommonError> {
+    trace!("build_non_credential_schema");
+
+    let mut non_credential_schema_builder = issuer::Issuer::new_non_credential_schema_builder()?;
+    non_credential_schema_builder.add_attr("master_secret")?;
+    let res = non_credential_schema_builder.finalize()?;
+
+    trace!("build_non_credential_schema <<< res: {:?}", res);
+    Ok(res)
+}
+
+pub fn build_credential_values(credential_values: &HashMap<String, AttributeValues>, master_secret: Option<&MasterSecret>) -> Result<CredentialValues, CommonError> {
     trace!("build_credential_values >>> credential_values: {:?}", credential_values);
 
     let mut credential_values_builder = issuer::Issuer::new_credential_values_builder()?;
     for (attr, values) in credential_values {
-        credential_values_builder.add_value(&attr_common_view(attr), &values.encoded)?;
+        credential_values_builder.add_dec_known(&attr_common_view(attr), &values.encoded)?;
+    }
+    if let Some(ms) = master_secret {
+        credential_values_builder.add_value_hidden("master_secret", &ms.value()?)?;
     }
 
     let res = credential_values_builder.finalize()?;
@@ -74,4 +88,4 @@ pub fn parse_cred_rev_id(cred_rev_id: &str) -> Result<u32, CommonError> {
     trace!("parse_cred_rev_id <<< res: {:?}", res);
 
     Ok(res)
-}
+}
diff --git a/libindy/src/services/anoncreds/issuer.rs b/libindy/src/services/anoncreds/issuer.rs
@@ -42,9 +42,10 @@ impl Issuer {
         trace!("new_credential_definition >>> issuer_did: {:?}, schema: {:?}, support_revocation: {:?}", issuer_did, schema, support_revocation);
 
         let credential_schema = build_credential_schema(&schema.attr_names)?;
+        let non_credential_schema = build_non_credential_schema()?;
 
         let (credential_public_key, credential_private_key, credential_key_correctness_proof) =
-            CryptoIssuer::new_credential_def(&credential_schema, support_revocation)?;
+            CryptoIssuer::new_credential_def(&credential_schema, &non_credential_schema, support_revocation)?;
 
         let credential_definition_value = CredentialDefinitionData {
             primary: credential_public_key.get_primary_key()?.clone()?,
@@ -87,7 +88,7 @@ impl Issuer {
     pub fn new_credential<RTA>(&self,
                                cred_def: &CredentialDefinition,
                                cred_priv_key: &CredentialPrivateKey,
-                               master_secret_blinding_nonce: &Nonce,
+                               cred_issuance_blinding_nonce: &Nonce,
                                cred_request: &CredentialRequest,
                                cred_values: &HashMap<String, AttributeValues>,
                                rev_idx: Option<u32>,
@@ -97,11 +98,11 @@ impl Issuer {
                                rev_tails_accessor: Option<&RTA>) -> Result<(CredentialSignature,
                                                                             SignatureCorrectnessProof,
                                                                             Option<RevocationRegistryDelta>), AnoncredsError> where RTA: RevocationTailsAccessor {
-        trace!("new_credential >>> cred_def: {:?}, cred_priv_key: {:?}, master_secret_blinding_nonce: {:?}, cred_request: {:?},\
+        trace!("new_credential >>> cred_def: {:?}, cred_priv_key: {:?}, cred_issuance_blinding_nonce: {:?}, cred_request: {:?},\
                cred_values: {:?}, rev_idx: {:?}, rev_reg_def: {:?}, rev_reg: {:?}, rev_key_priv: {:?}",
-               cred_def, cred_priv_key, master_secret_blinding_nonce, cred_request, cred_values, rev_idx, rev_reg_def, rev_reg, rev_key_priv);
+               cred_def, cred_priv_key, cred_issuance_blinding_nonce, cred_request, cred_values, rev_idx, rev_reg_def, rev_reg, rev_key_priv);
 
-        let credential_values = build_credential_values(&cred_values)?;
+        let credential_values = build_credential_values(&cred_values, None)?;
         let credential_pub_key = CredentialPublicKey::build_from_parts(&cred_def.value.primary, cred_def.value.revocation.as_ref())?;
 
         let (credential_signature, signature_correctness_proof, rev_reg_delta) =
@@ -119,7 +120,7 @@ impl Issuer {
                 CryptoIssuer::sign_credential_with_revoc(&cred_request.prover_did,
                                                          &cred_request.blinded_ms,
                                                          &cred_request.blinded_ms_correctness_proof,
-                                                         master_secret_blinding_nonce,
+                                                         cred_issuance_blinding_nonce,
                                                          &cred_request.nonce,
                                                          &credential_values,
                                                          &credential_pub_key,
@@ -135,7 +136,7 @@ impl Issuer {
                     CryptoIssuer::sign_credential(&cred_request.prover_did,
                                                   &cred_request.blinded_ms,
                                                   &cred_request.blinded_ms_correctness_proof,
-                                                  master_secret_blinding_nonce,
+                                                  cred_issuance_blinding_nonce,
                                                   &cred_request.nonce,
                                                   &credential_values,
                                                   &credential_pub_key,
@@ -177,4 +178,4 @@ impl Issuer {
 
         Ok(rev_reg_delta)
     }
-}
+}
diff --git a/libindy/src/services/anoncreds/prover.rs b/libindy/src/services/anoncreds/prover.rs
@@ -20,13 +20,14 @@ use errors::anoncreds::AnoncredsError;
 use services::anoncreds::helpers::*;
 
 use self::indy_crypto::cl::{
-    BlindedMasterSecret,
-    BlindedMasterSecretCorrectnessProof,
+    BlindedCredentialSecrets,
+    BlindedCredentialSecretsCorrectnessProof,
     CredentialPublicKey,
     MasterSecret,
-    MasterSecretBlindingData,
+    CredentialSecretsBlindingFactors,
     SubProofRequest
 };
+use self::indy_crypto::cl::issuer::Issuer as CryptoIssuer;
 use self::indy_crypto::cl::prover::Prover as CryptoProver;
 use self::indy_crypto::cl::verifier::Verifier as CryptoVerifier;
 
@@ -53,24 +54,27 @@ impl Prover {
     pub fn new_credential_request(&self,
                                   cred_def: &CredentialDefinition,
                                   master_secret: &MasterSecret,
-                                  credential_offer: &CredentialOffer) -> Result<(BlindedMasterSecret,
-                                                                                 MasterSecretBlindingData,
-                                                                                 BlindedMasterSecretCorrectnessProof), CommonError> {
+                                  credential_offer: &CredentialOffer) -> Result<(BlindedCredentialSecrets,
+                                                                                 CredentialSecretsBlindingFactors,
+                                                                                 BlindedCredentialSecretsCorrectnessProof), CommonError> {
         trace!("new_credential_request >>> cred_def: {:?}, master_secret: {:?}, credential_offer: {:?}",
                cred_def, master_secret, credential_offer);
 
         let credential_pub_key = CredentialPublicKey::build_from_parts(&cred_def.value.primary, cred_def.value.revocation.as_ref())?;
+        let mut credential_values_builder = CryptoIssuer::new_credential_values_builder()?;
+        credential_values_builder.add_value_hidden("master_secret", &master_secret.value()?)?;
+        let cred_values = credential_values_builder.finalize()?;
 
-        let (blinded_ms, master_secret_blinding_data, blinded_ms_correctness_proof) =
-            CryptoProver::blind_master_secret(&credential_pub_key,
-                                              &credential_offer.key_correctness_proof,
-                                              &master_secret,
-                                              &credential_offer.nonce)?;
+        let (blinded_credential_secrets, credential_secrets_blinding_factors, blinded_credential_secrets_correctness_proof) =
+            CryptoProver::blind_credential_secrets(&credential_pub_key,
+                                                   &credential_offer.key_correctness_proof,
+                                                   &cred_values,
+                                                   &credential_offer.nonce)?;
 
-        trace!("new_credential_request <<< blinded_ms: {:?}, master_secret_blinding_data: {:?}, blinded_ms_correctness_proof: {:?}",
-               blinded_ms, master_secret_blinding_data, blinded_ms_correctness_proof);
+        trace!("new_credential_request <<< blinded_credential_secrets: {:?}, credential_secrets_blinding_factors: {:?}, blinded_credential_secrets_correctness_proof: {:?}",
+               blinded_credential_secrets, credential_secrets_blinding_factors, blinded_credential_secrets_correctness_proof);
 
-        Ok((blinded_ms, master_secret_blinding_data, blinded_ms_correctness_proof))
+        Ok((blinded_credential_secrets, credential_secrets_blinding_factors, blinded_credential_secrets_correctness_proof))
     }
 
     pub fn process_credential(&self,
@@ -83,13 +87,12 @@ impl Prover {
                credential, cred_request_metadata, master_secret, cred_def, rev_reg_def);
 
         let credential_pub_key = CredentialPublicKey::build_from_parts(&cred_def.value.primary, cred_def.value.revocation.as_ref())?;
-        let credential_values = build_credential_values(&credential.values)?;
+        let credential_values = build_credential_values(&credential.values, Some(master_secret))?;
 
         CryptoProver::process_credential_signature(&mut credential.signature,
                                                    &credential_values,
                                                    &credential.signature_correctness_proof,
                                                    &cred_request_metadata.master_secret_blinding_data,
-                                                   &master_secret,
                                                    &credential_pub_key,
                                                    &cred_request_metadata.nonce,
                                                    rev_reg_def.as_ref().map(|r_reg_def| &r_reg_def.value.public_keys.accum_key),
@@ -161,6 +164,7 @@ impl Prover {
                credentials, proof_req, requested_credentials, master_secret, schemas, cred_defs, rev_states);
 
         let mut proof_builder = CryptoProver::new_proof_builder()?;
+        proof_builder.add_common_attribute("master_secret")?;
 
         let mut identifiers: Vec<Identifier> = Vec::new();
 
@@ -194,11 +198,14 @@ impl Prover {
             let credential_pub_key = CredentialPublicKey::build_from_parts(&cred_def.value.primary, cred_def.value.revocation.as_ref())?;
 
             let credential_schema = build_credential_schema(&schema.attr_names)?;
-            let credential_values = build_credential_values(&credential.values)?;
+            let non_credential_schema = build_non_credential_schema()?;
+            let credential_values = build_credential_values(&credential.values, Some(master_secret))?;
+
             let sub_proof_request = Prover::_build_sub_proof_request(req_attrs_for_cred, req_predicates_for_cred)?;
 
             proof_builder.add_sub_proof_request(&sub_proof_request,
                                                 &credential_schema,
+                                                &non_credential_schema,
                                                 &credential.signature,
                                                 &credential_values,
                                                 &credential_pub_key,
@@ -221,7 +228,7 @@ impl Prover {
             sub_proof_index += 1;
         }
 
-        let proof = proof_builder.finalize(&proof_req.nonce, &master_secret)?;
+        let proof = proof_builder.finalize(&proof_req.nonce)?;
 
         let full_proof = Proof {
             proof,
@@ -439,4 +446,4 @@ impl Prover {
 
         Ok(sub_proof_request)
     }
-}
+}
diff --git a/libindy/src/services/anoncreds/verifier.rs b/libindy/src/services/anoncreds/verifier.rs
@@ -31,6 +31,7 @@ impl Verifier {
                full_proof, proof_req, schemas, cred_defs, rev_reg_defs, rev_regs);
 
         let mut proof_verifier = CryptoVerifier::new_proof_verifier()?;
+        let non_credential_schema = build_non_credential_schema()?;
 
         for sub_proof_index in 0..full_proof.identifiers.len() {
             let identifier = full_proof.identifiers[sub_proof_index].clone();
@@ -62,6 +63,7 @@ impl Verifier {
 
             proof_verifier.add_sub_proof_request(&sub_proof_request,
                                                  &credential_schema,
+                                                 &non_credential_schema,
                                                  &credential_pub_key,
                                                  rev_reg_def.as_ref().map(|r_reg_def| &r_reg_def.value.public_keys.accum_key),
                                                  rev_reg.as_ref().map(|r_reg| &r_reg.value))?;
@@ -111,4 +113,4 @@ impl Verifier {
 
         Ok(predicates_for_credential)
     }
-}
+}
diff --git a/libindy/src/utils/crypto/bn/openssl.rs b/libindy/src/utils/crypto/bn/openssl.rs

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#!/bin/bash`
	`2`	`+`
	`3`	`+docker build -t libindy:latest -f Dockerfile.ubuntu1604 .`