Skip to content
This repository has been archived by the owner on Mar 27, 2024. It is now read-only.

feat: CL Anoncreds KMS extension #3329

Merged
merged 1 commit into from
Aug 16, 2022
Merged

feat: CL Anoncreds KMS extension #3329

merged 1 commit into from
Aug 16, 2022

Conversation

kgoncharov
Copy link
Contributor

Title:
CL Anoncreds KMS extension

Description:

  • Third PR to support CL in af-go #180
  • This PR adds support for CL CredDef and MasterSecret keys in KMS
  • This PR extend KMS API methods to support extra parameters on key's creation/rotation/export
  • remotekms and remotecrypto changes will be implemented in the next PR in both af-go and trustbloc/kms

Summary:

  • extended kms API key create/rotate/export with extra options
  • added CL CredDef and MasterSecret keys to localkms
  • implemented CredDef pubkey export
  • refactored keytemplate resolving
  • added unit tests for CL keys
  • re-generated kms's mock

@kgoncharov kgoncharov changed the title CL Anoncreds KMS extension feat: CL Anoncreds KMS extension Aug 11, 2022
@codecov
Copy link

codecov bot commented Aug 11, 2022
edited
Loading

Codecov Report

Merging #3329 (ffd26bc) into main (5fa4db1) will decrease coverage by 0.07%.
The diff coverage is 69.91%.

@@            Coverage Diff             @@
##             main    #3329      +/-   ##
==========================================
- Coverage   88.05%   87.98%   -0.08%     
==========================================
  Files         327      329       +2     
  Lines       45221    45261      +40     
==========================================
+ Hits        39819    39821       +2     
- Misses       3987     4024      +37     
- Partials     1415     1416       +1
Impacted Files Coverage Δ
pkg/kms/localkms/privkey_import.go 79.77% <0.00%> (-3.43%) ⬇️
pkg/kms/localkms/pubkey_writer.go 68.53% <8.33%> (-5.72%) ⬇️
pkg/kms/localkms/pubkey_reader.go 87.62% <26.66%> (-5.78%) ⬇️
pkg/kms/localkms/localkms.go 82.29% <71.42%> (-5.71%) ⬇️
pkg/kms/localkms/keytemplate.go 100.00% <100.00%> (ø)
pkg/kms/localkms/keytemplate_factory.go 100.00% <100.00%> (ø)
pkg/kms/webkms/remotekms.go 94.00% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

baha-ai
baha-ai reviewed Aug 12, 2022
View reviewed changes
pkg/kms/localkms/keytemplate_factory_ursa.go
)

// getKeyTemplate returns tink KeyTemplate associated with the provided keyType.
func getKeyTemplate(keyType kms.KeyType, opts ...kms.KeyOpts) (*tinkpb.KeyTemplate, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't Ursa build complement normal build instead of replacing it? It seems Ursa build only supports CL keys and nothing else.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it'll fallback to keyTemplate which contains switch statement for all other keys, if passed keyType isn't one of ursas

	default:
		return keyTemplate(keyType, opts...)

baha-ai
baha-ai reviewed Aug 12, 2022
View reviewed changes
pkg/kms/api.go
@@ -168,6 +176,10 @@ const (
X25519ECDHKWType = KeyType(X25519ECDHKW)
// BLS12381G2Type BBS+ key type value.
BLS12381G2Type = KeyType(BLS12381G2)
// CLCredDefType type value.
CLCredDefType = KeyType(CLCredDef)
// CLMasterSecretType key type value.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CL keyType is exposed to non Ursa build, but creating a key with this type is only available in ursa build. Do we want this behaviour?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess it's ok, if there are no direct build dependencies to ursa lib, which is true for most of kms, localkms and remotekms methods/code.
The only part is ursa-dependent - is creating key templates - which was splited to by ursa and non-ursa source files.
So, for non-ursa build CL keys would be simply not created.
Also, later on, CL keys could be created with other lib or be incorporated inside af-go

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, later on, CL keys could be created with other lib or be incorporated inside af-go

sounds good, let's keep this in mind for future support of CL and afgo in general

@kgoncharov kgoncharov closed this Aug 15, 2022
@kgoncharov kgoncharov reopened this Aug 15, 2022
@kgoncharov kgoncharov force-pushed the cl-kms-extension branch 2 times, most recently from 0f3623b to d9b521a Compare August 15, 2022 21:10
@kgoncharov kgoncharov closed this Aug 15, 2022
@kgoncharov kgoncharov reopened this Aug 15, 2022
CL Anoncreds KMS extension
ffd26bc 
* extended kms API key create/rotate/export with extra options
* added CL CredDef and MasterSecret keys to localkms
* implemented CredDef pubkey export
* refactored keytemplate resolving
* added unit tests for CL keys
* re-generated kms's mock

Signed-off-by: konstantin.goncharov <konstantin.goncharov@avast.com>
@sudeshrshetty sudeshrshetty merged commit aab94d2 into hyperledger-archives:main Aug 16, 2022
@kgoncharov kgoncharov deleted the cl-kms-extension branch August 16, 2022 13:41
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sudeshrshetty sudeshrshetty sudeshrshetty approved these changes

@baha-ai baha-ai baha-ai approved these changes

@ashcherbakov ashcherbakov ashcherbakov approved these changes

@fqutishat fqutishat Awaiting requested review from fqutishat

@troyronda troyronda Awaiting requested review from troyronda

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kgoncharov @ashcherbakov @baha-ai @sudeshrshetty