Use bccsp instead of directly idemix

Part II: Migration and tests in lib/client/credential/idemix/ work

Signed-off-by: Alessandro Sorniotti <aso@zurich.ibm.com>

Author: ale-linux

lib/client.go

@@ -641,7 +641,7 @@ func (c *Client) getIssuerPubKey(ipkBytes []byte) (ibccsp.Key, error) {
 		}
 	}
 
-	ipk, err := c.iCSP.KeyImport(ipkBytes, &bccsp.IdemixIssuerPublicKeyImportOpts{AttributeNames: GetAttributeNames(), Temporary: true})
+	ipk, err := c.iCSP.KeyImport(ipkBytes, &ibccsp.IdemixIssuerPublicKeyImportOpts{AttributeNames: GetAttributeNames(), Temporary: true})
 	if err != nil {
 		return nil, errors.Wrapf(err, "Error importing issuer public key")
 	}

lib/client/credential/idemix/credential.go

@@ -12,7 +12,6 @@ import (
 	"net/http"
 
 	"github.com/IBM/idemix/bccsp/types"
-	schemes "github.com/IBM/idemix/bccsp/types"
 	"github.com/cloudflare/cfssl/log"
 	"github.com/hyperledger/fabric-ca/api"
 	"github.com/hyperledger/fabric-ca/util"
@@ -170,7 +169,7 @@ func (cred *Credential) CreateToken(req *http.Request, reqBody []byte) (string,
 		RhIndex:  3,
 		EidIndex: 2,
 		Epoch:    0,
-		SigType:  schemes.Standard,
+		SigType:  types.Standard,
 		CRI:      cred.val.GetCredentialRevocationInformation(),
 	}
 

lib/client/credential/idemix/credential_test.go

@@ -9,41 +9,33 @@ package idemix_test
 import (
 	"bytes"
 	"encoding/json"
-	"fmt"
 	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
 
-	scheme "github.com/IBM/idemix/bccsp/schemes/dlog/crypto"
+	i "github.com/IBM/idemix/bccsp"
+	"github.com/IBM/idemix/bccsp/schemes/dlog/crypto/translator/amcl"
+	bccsp "github.com/IBM/idemix/bccsp/types"
 	math "github.com/IBM/mathlib"
-	"github.com/golang/protobuf/proto"
 	lib "github.com/hyperledger/fabric-ca/lib"
 	. "github.com/hyperledger/fabric-ca/lib/client/credential/idemix"
-	cidemix "github.com/hyperledger/fabric-ca/lib/common/idemix"
 	"github.com/hyperledger/fabric-ca/lib/server/idemix"
+	"github.com/pkg/errors"
 	"github.com/stretchr/testify/assert"
 )
 
 func TestIdemixCredential(t *testing.T) {
-	for _, curveID := range []cidemix.CurveID{cidemix.Gurvy} {
-		t.Run(fmt.Sprintf("%s-%d", t.Name(), curveID), func(t *testing.T) {
-			testIdemixCredential(t, curveID)
-		})
-	}
-}
-
-func testIdemixCredential(t *testing.T, curveID cidemix.CurveID) {
 	testDataDir, err := os.MkdirTemp("", strings.Replace(t.Name(), "/", "-", -1))
 	assert.NoError(t, err)
 	defer os.RemoveAll(testDataDir)
 
 	testSignerConfigFile := testDataDir + "/IdemixSignerConfig"
 	testIssuerPublicFile := testDataDir + "/IdemixPublicKey"
 
-	signerConf, ipk := makeSignerConfigAndIPK(curveID, t)
+	signerConf, ipk, CSP := makeSignerConfigAndIPK(math.BLS12_381_BBS, t)
 	rawSignerConf, err := json.Marshal(signerConf)
 	if err != nil {
 		t.Fatalf("Failed to marshal signer config: %s", err.Error())
@@ -54,7 +46,7 @@ func testIdemixCredential(t *testing.T, curveID cidemix.CurveID) {
 		t.Fatalf("Failed to write signer config to file: %s", err.Error())
 	}
 
-	rawIPK, err := proto.Marshal(ipk)
+	rawIPK, err := ipk.Bytes()
 	if err != nil {
 		t.Fatalf("Failed to marshal IPK: %s", err.Error())
 	}
@@ -78,7 +70,7 @@ func testIdemixCredential(t *testing.T, curveID cidemix.CurveID) {
 		t.Fatalf("Failed to initialize client: %s", err.Error())
 	}
 
-	idemixCred := NewCredential(signerConfig, client, curveID)
+	idemixCred := NewCredential(signerConfig, client, CSP)
 
 	assert.Equal(t, idemixCred.Type(), CredType, "Type for a IdemixCredential instance must be Idemix")
 	_, err = idemixCred.Val()
@@ -205,50 +197,106 @@ func testIdemixCredential(t *testing.T, curveID cidemix.CurveID) {
 	assert.Error(t, err, "RevokeSelf should fail as it is not implemented for Idemix credential")
 }
 
-func makeSignerConfigAndIPK(curveID cidemix.CurveID, t *testing.T) (SignerConfig, *scheme.IssuerPublicKey) {
-	curve := cidemix.CurveByID(curveID)
-	rand, err := curve.Rand()
-	assert.NoError(t, err)
+// NewDummyKeyStore instantiate a dummy key store
+// that neither loads nor stores keys
+func NewDummyKeyStore() bccsp.KeyStore {
+	return &dummyKeyStore{}
+}
+
+// dummyKeyStore is a read-only KeyStore that neither loads nor stores keys.
+type dummyKeyStore struct {
+}
+
+// ReadOnly returns true if this KeyStore is read only, false otherwise.
+// If ReadOnly is true then StoreKey will fail.
+func (ks *dummyKeyStore) ReadOnly() bool {
+	return true
+}
 
+// GetKey returns a key object whose SKI is the one passed.
+func (ks *dummyKeyStore) GetKey(ski []byte) (bccsp.Key, error) {
+	return nil, errors.New("Key not found. This is a dummy KeyStore")
+}
+
+// StoreKey stores the key k in this KeyStore.
+// If this KeyStore is read only then the method will fail.
+func (ks *dummyKeyStore) StoreKey(k bccsp.Key) error {
+	return nil
+}
+
+func makeSignerConfigAndIPK(curveID math.CurveID, t *testing.T) (SignerConfig, bccsp.Key, bccsp.BCCSP) {
 	attrs := []string{idemix.AttrOU, idemix.AttrRole, idemix.AttrEnrollmentID, idemix.AttrRevocationHandle}
-	var numericalAttrs []*math.Zr
-	for _, attr := range attrs {
-		numericalAttrs = append(numericalAttrs, curve.HashToZr([]byte(attr)))
-	}
 
-	idemix := cidemix.InstanceForCurve(curveID)
-	ik, err := idemix.NewIssuerKey(attrs, rand, idemix.Translator)
+	curve := math.Curves[curveID]
+	CSP, err := i.New(NewDummyKeyStore(), curve, &amcl.Gurvy{C: curve}, true)
 	assert.NoError(t, err)
 
-	sk := curve.NewZrFromBytes(ik.Isk)
+	isk, err := CSP.KeyGen(&bccsp.IdemixIssuerKeyGenOpts{Temporary: true, AttributeNames: attrs})
+	assert.NoError(t, err)
 
-	revKey, err := idemix.GenerateLongTermRevocationKey()
+	ipk, err := isk.PublicKey()
 	assert.NoError(t, err)
 
-	cri, err := idemix.CreateCRI(revKey, nil, 1, scheme.ALG_NO_REVOCATION, rand, idemix.Translator)
+	revKey, err := CSP.KeyGen(&bccsp.IdemixRevocationKeyGenOpts{Temporary: true})
 	assert.NoError(t, err)
 
-	criBytes, err := proto.Marshal(cri)
+	cri, err := CSP.Sign(
+		revKey,
+		nil,
+		&bccsp.IdemixCRISignerOpts{
+			UnrevokedHandles:    nil,
+			Epoch:               1,
+			RevocationAlgorithm: bccsp.AlgNoRevocation,
+		},
+	)
 	assert.NoError(t, err)
 
-	nonce := curve.NewRandomZr(rand)
+	nonce := []byte("do not reuse me do not reuse me ")
 
-	credReq, err := idemix.NewCredRequest(sk, nonce.Bytes(), ik.Ipk, rand, idemix.Translator)
+	UserKey, err := CSP.KeyGen(&bccsp.IdemixUserSecretKeyGenOpts{Temporary: true})
 	assert.NoError(t, err)
 
-	cred, err := idemix.NewCredential(ik, credReq, numericalAttrs, rand, idemix.Translator)
+	uskBytes, err := UserKey.Bytes()
 	assert.NoError(t, err)
 
-	credBytes, err := proto.Marshal(cred)
+	credReq, err := CSP.Sign(
+		UserKey,
+		nil,
+		&bccsp.IdemixCredentialRequestSignerOpts{IssuerPK: ipk, IssuerNonce: nonce},
+	)
 	assert.NoError(t, err)
 
-	signerSK := curve.NewRandomZr(rand)
+	cred, err := CSP.Sign(
+		isk,
+		credReq,
+		&bccsp.IdemixCredentialSignerOpts{
+			Attributes: []bccsp.IdemixAttribute{
+				{
+					Type:  bccsp.IdemixBytesAttribute,
+					Value: []byte(attrs[0]),
+				},
+				{
+					Type:  bccsp.IdemixIntAttribute,
+					Value: 1,
+				},
+				{
+					Type:  bccsp.IdemixBytesAttribute,
+					Value: []byte(attrs[2]),
+				},
+				{
+					Type:  bccsp.IdemixBytesAttribute,
+					Value: []byte(attrs[3]),
+				},
+			},
+		},
+	)
+	assert.NoError(t, err)
 
 	return SignerConfig{
-		CredentialRevocationInformation: criBytes,
-		Cred:                            credBytes,
+		CredentialRevocationInformation: cri,
+		Cred:                            cred,
 		EnrollmentID:                    "admin",
 		OrganizationalUnitIdentifier:    "MSPID",
-		Sk:                              signerSK.Bytes(),
-	}, ik.Ipk
+		USk:                             uskBytes,
+	}, ipk, CSP
 }