Hyperledger Ursa (a shared cryptographic library) has moved to end-of-life status, with the components of Ursa still in use moved to their relevant Hyperledger projects (AnonCreds, Indy, Aries and Iroha).
Home Page: https://wiki.hyperledger.org/display/ursa
License: Apache License 2.0
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
ursa lib depends on aead and uses aead defined types in it's public API like here. This forces the user to depend on aead in their Cargo.toml even though they make no use of aead itself except through ursa. Forcing users to manage dependency of a dependency is a malpractice.
Either reexport entire aead liib from ursa or reexport just aead types that are exposed in the public API of ursa. In the given example that would be either pub export aead or pub export aead::Error. Type aliases are also welcome
Rust edition 2021 is out. This deprecates some backwards compatibility but enables multiple enhancements. Given that Ursa is under no obligation to be compilable on older versions of Rust (and in fact can benefit greatly from the new features), it is rational to ensure that Ursa compiles with the latest edition of Rust.
Moreover, this will ensure compatibility with newer versions of several libraries. And is needed for #223
While the LICENSE file is accurate, each source file is required to start with a license banner. Only about a dozen files do.
Please see: https://wiki.hyperledger.org/display/TSC/Copyright+and+License+Policy
@ryjones @mikelodder7 Could you please publish the new version to crates.io? It would help us a lot.
Create Prover-level functions for exposing merkle-tree revocation functionality.
We have convenience containers for build environments for various OS's.
Xenial (Ubuntu 2016 LTS) is pretty old at this point and I would like to remove it.
If you are actively using that container and for some reason can't use a newer option please comment in this issue.
I'm trying to add ursa to my project by simply running npm i ursa and getting the following errors:
➜ npm i ursa
> [email protected] install /Users/andrew/test/node_modules/ursa
> node-gyp rebuild
CXX(target) Release/obj.target/ursaNative/src/ursaNative.o
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
In file included from ../../nan/nan.h:202:
In file included from ../../nan/nan_converters.h:67:
../../nan/nan_converters_43_inl.h:22:1: error: no viable conversion from 'Local<v8::Context>' to 'v8::Isolate *'
X(Boolean)
^~~~~~~~~~
../../nan/nan_converters_43_inl.h:18:23: note: expanded from macro 'X'
val->To ## TYPE(v8::Isolate::GetCurrent()->GetCurrentContext()) \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:2848:37: note: passing argument to parameter 'isolate' here
Local<Boolean> ToBoolean(Isolate* isolate) const;
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
In file included from ../../nan/nan.h:202:
In file included from ../../nan/nan_converters.h:67:
../../nan/nan_converters_43_inl.h:22:1: error: no member named 'FromMaybe' in 'v8::Local<v8::Boolean>'
X(Boolean)
^~~~~~~~~~
../../nan/nan_converters_43_inl.h:19:12: note: expanded from macro 'X'
.FromMaybe(v8::Local<v8::TYPE>())); \
^
../../nan/nan_converters_43_inl.h:40:1: error: no viable conversion from 'Local<v8::Context>' to 'v8::Isolate *'
X(bool, Boolean)
^~~~~~~~~~~~~~~~
../../nan/nan_converters_43_inl.h:37:29: note: expanded from macro 'X'
return val->NAME ## Value(isolate->GetCurrentContext()); \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:2858:30: note: passing argument to parameter 'isolate' here
bool BooleanValue(Isolate* isolate) const;
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
In file included from ../../nan/nan.h:202:
In file included from ../../nan/nan_converters.h:67:
../../nan/nan_converters_43_inl.h:40:1: error: no viable conversion from returned value of type 'bool' to function return type 'imp::ToFactory<bool>::return_t' (aka 'Maybe<bool>')
X(bool, Boolean)
^~~~~~~~~~~~~~~~
../../nan/nan_converters_43_inl.h:37:10: note: expanded from macro 'X'
return val->NAME ## Value(isolate->GetCurrentContext()); \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:9968:7: note: candidate constructor (the implicit copy constructor) not viable: no known conversion from 'bool' to 'const v8::Maybe<bool> &' for 1st argument
class Maybe {
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:9968:7: note: candidate constructor (the implicit move constructor) not viable: no known conversion from 'bool' to 'v8::Maybe<bool> &&' for 1st argument
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:10023:12: note: explicit constructor is not a candidate
explicit Maybe(const T& t) : has_value_(true), value_(t) {}
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
In file included from ../../nan/nan.h:203:
In file included from ../../nan/nan_new.h:189:
../../nan/nan_implementation_12_inl.h:103:42: error: no viable conversion from 'v8::Isolate *' to 'Local<v8::Context>'
return scope.Escape(v8::Function::New( isolate
^~~~~~~
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:190:7: note: candidate constructor (the implicit copy constructor) not viable: no known conversion from 'v8::Isolate *' to 'const v8::Local<v8::Context> &' for 1st argument
class Local {
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:190:7: note: candidate constructor (the implicit move constructor) not viable: no known conversion from 'v8::Isolate *' to 'v8::Local<v8::Context> &&' for 1st argument
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:194:13: note: candidate template ignored: could not match 'Local<type-parameter-0-0>' against 'v8::Isolate *'
V8_INLINE Local(Local<S> that)
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:337:22: note: explicit constructor is not a candidate
explicit V8_INLINE Local(T* that) : val_(that) {}
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:4446:22: note: passing argument to parameter 'context' here
Local<Context> context, FunctionCallback callback,
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
In file included from ../../nan/nan.h:203:
In file included from ../../nan/nan_new.h:189:
../../nan/nan_implementation_12_inl.h:337:37: error: too few arguments to function call, expected 2, have 1
return v8::StringObject::New(value).As<v8::StringObject>();
~~~~~~~~~~~~~~~~~~~~~ ^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:5854:23: note: 'New' declared here
static Local<Value> New(Isolate* isolate, Local<String> value);
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
../../nan/nan.h:839:18: warning: 'MakeCallback' is deprecated: Use MakeCallback(..., async_context) [-Wdeprecated-declarations]
return node::MakeCallback(
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/node.h:190:1: note: 'MakeCallback' has been explicitly marked deprecated here
NODE_DEPRECATED("Use MakeCallback(..., async_context)",
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/node.h:108:20: note: expanded from macro 'NODE_DEPRECATED'
__attribute__((deprecated(message))) declarator
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
../../nan/nan.h:854:18: warning: 'MakeCallback' is deprecated: Use MakeCallback(..., async_context) [-Wdeprecated-declarations]
return node::MakeCallback(
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/node.h:183:1: note: 'MakeCallback' has been explicitly marked deprecated here
NODE_DEPRECATED("Use MakeCallback(..., async_context)",
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/node.h:108:20: note: expanded from macro 'NODE_DEPRECATED'
__attribute__((deprecated(message))) declarator
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
../../nan/nan.h:869:18: warning: 'MakeCallback' is deprecated: Use MakeCallback(..., async_context) [-Wdeprecated-declarations]
return node::MakeCallback(
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/node.h:176:1: note: 'MakeCallback' has been explicitly marked deprecated here
NODE_DEPRECATED("Use MakeCallback(..., async_context)",
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/node.h:108:20: note: expanded from macro 'NODE_DEPRECATED'
__attribute__((deprecated(message))) declarator
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
../../nan/nan.h:916:53: error: too few arguments to function call, single argument 'context' was not specified
v8::Local<v8::String> string = from->ToString();
~~~~~~~~~~~~~~ ^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:2810:44: note: 'ToString' declared here
V8_WARN_UNUSED_RESULT MaybeLocal<String> ToString(
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
../../nan/nan.h:916:29: error: no viable conversion from 'MaybeLocal<v8::String>' to 'v8::Local<v8::String>'
v8::Local<v8::String> string = from->ToString();
^ ~~~~~~~~~~~~~~~~
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:190:7: note: candidate constructor (the implicit copy constructor) not viable: no known conversion from 'MaybeLocal<v8::String>' to 'const v8::Local<v8::String> &' for 1st argument
class Local {
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:190:7: note: candidate constructor (the implicit move constructor) not viable: no known conversion from 'MaybeLocal<v8::String>' to 'v8::Local<v8::String> &&' for 1st argument
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:194:13: note: candidate template ignored: could not match 'Local' against 'MaybeLocal'
V8_INLINE Local(Local<S> that)
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:337:22: note: explicit constructor is not a candidate
explicit V8_INLINE Local(T* that) : val_(that) {}
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
../../nan/nan.h:926:37: error: cannot initialize a parameter of type 'v8::Isolate *' with an lvalue of type 'char *'
length_ = string->WriteUtf8(str_, static_cast<int>(len), 0, flags);
^~~~
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:3037:26: note: passing argument to parameter 'isolate' here
int WriteUtf8(Isolate* isolate, char* buffer, int length = -1,
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
../../nan/nan.h:1478:31: warning: 'MakeCallback' is deprecated: Use MakeCallback(..., async_context) [-Wdeprecated-declarations]
return scope.Escape(node::MakeCallback(
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/node.h:190:1: note: 'MakeCallback' has been explicitly marked deprecated here
NODE_DEPRECATED("Use MakeCallback(..., async_context)",
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/node.h:108:20: note: expanded from macro 'NODE_DEPRECATED'
__attribute__((deprecated(message))) declarator
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
../../nan/nan.h:1538:28: error: no matching member function for call to 'Set'
New(persistentHandle)->Set(New(key).ToLocalChecked(), value);
~~~~~~~~~~~~~~~~~~~~~~~^~~
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:3670:37: note: candidate function not viable: requires 3 arguments, but 2 were provided
V8_WARN_UNUSED_RESULT Maybe<bool> Set(Local<Context> context,
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:3673:37: note: candidate function not viable: requires 3 arguments, but 2 were provided
V8_WARN_UNUSED_RESULT Maybe<bool> Set(Local<Context> context, uint32_t index,
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
../../nan/nan.h:1544:28: error: no matching member function for call to 'Set'
New(persistentHandle)->Set(key, value);
~~~~~~~~~~~~~~~~~~~~~~~^~~
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:3670:37: note: candidate function not viable: requires 3 arguments, but 2 were provided
V8_WARN_UNUSED_RESULT Maybe<bool> Set(Local<Context> context,
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:3673:37: note: candidate function not viable: requires 3 arguments, but 2 were provided
V8_WARN_UNUSED_RESULT Maybe<bool> Set(Local<Context> context, uint32_t index,
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
../../nan/nan.h:1550:28: error: no matching member function for call to 'Set'
New(persistentHandle)->Set(index, value);
~~~~~~~~~~~~~~~~~~~~~~~^~~
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:3670:37: note: candidate function not viable: requires 3 arguments, but 2 were provided
V8_WARN_UNUSED_RESULT Maybe<bool> Set(Local<Context> context,
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:3673:37: note: candidate function not viable: requires 3 arguments, but 2 were provided
V8_WARN_UNUSED_RESULT Maybe<bool> Set(Local<Context> context, uint32_t index,
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
../../nan/nan.h:1556:32: error: no matching member function for call to 'Get'
New(persistentHandle)->Get(New(key).ToLocalChecked()));
~~~~~~~~~~~~~~~~~~~~~~~^~~
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:3717:43: note: candidate function not viable: requires 2 arguments, but 1 was provided
V8_WARN_UNUSED_RESULT MaybeLocal<Value> Get(Local<Context> context,
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:3720:43: note: candidate function not viable: requires 2 arguments, but 1 was provided
V8_WARN_UNUSED_RESULT MaybeLocal<Value> Get(Local<Context> context,
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
../../nan/nan.h:1562:48: error: no matching member function for call to 'Get'
return scope.Escape(New(persistentHandle)->Get(key));
~~~~~~~~~~~~~~~~~~~~~~~^~~
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:3717:43: note: candidate function not viable: requires 2 arguments, but 1 was provided
V8_WARN_UNUSED_RESULT MaybeLocal<Value> Get(Local<Context> context,
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:3720:43: note: candidate function not viable: requires 2 arguments, but 1 was provided
V8_WARN_UNUSED_RESULT MaybeLocal<Value> Get(Local<Context> context,
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
../../nan/nan.h:1567:48: error: no matching member function for call to 'Get'
return scope.Escape(New(persistentHandle)->Get(index));
~~~~~~~~~~~~~~~~~~~~~~~^~~
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:3717:43: note: candidate function not viable: requires 2 arguments, but 1 was provided
V8_WARN_UNUSED_RESULT MaybeLocal<Value> Get(Local<Context> context,
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:3720:43: note: candidate function not viable: requires 2 arguments, but 1 was provided
V8_WARN_UNUSED_RESULT MaybeLocal<Value> Get(Local<Context> context,
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
In file included from ../../nan/nan.h:2365:
../../nan/nan_object_wrap.h:24:25: error: no member named 'IsNearDeath' in 'Nan::Persistent<v8::Object>'
assert(persistent().IsNearDeath());
~~~~~~~~~~~~ ^
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h:99:25: note: expanded from macro 'assert'
(__builtin_expect(!(e), 0) ? __assert_rtn(__func__, __ASSERT_FILE_NAME, __LINE__, #e) : (void)0)
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
In file included from ../../nan/nan.h:2365:
../../nan/nan_object_wrap.h:67:18: error: no member named 'MarkIndependent' in 'Nan::Persistent<v8::Object>'
persistent().MarkIndependent();
~~~~~~~~~~~~ ^
../../nan/nan_object_wrap.h:124:26: error: no member named 'IsNearDeath' in 'Nan::Persistent<v8::Object>'
assert(wrap->handle_.IsNearDeath());
~~~~~~~~~~~~~ ^
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h:99:25: note: expanded from macro 'assert'
(__builtin_expect(!(e), 0) ? __assert_rtn(__func__, __ASSERT_FILE_NAME, __LINE__, #e) : (void)0)
^
In file included from ../src/ursaNative.cc:3:
In file included from ../src/ursaNative.h:10:
In file included from ../../nan/nan.h:2456:
../../nan/nan_typedarray_contents.h:34:43: warning: 'GetContents' is deprecated: Use GetBackingStore. See http://crbug.com/v8/9908. [-Wdeprecated-declarations]
data = static_cast<char*>(buffer->GetContents().Data()) + byte_offset;
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:5272:3: note: 'GetContents' has been explicitly marked deprecated here
V8_DEPRECATE_SOON("Use GetBackingStore. See http://crbug.com/v8/9908.")
^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8config.h:402:39: note: expanded from macro 'V8_DEPRECATE_SOON'
# define V8_DEPRECATE_SOON(message) [[deprecated(message)]]
^
../src/ursaNative.cc:208:34: error: too few arguments to function call, single argument 'isolate' was not specified
int length = str->Utf8Length();
~~~~~~~~~~~~~~~ ^
/Users/andrew/Library/Caches/node-gyp/14.18.1/include/node/v8.h:2977:7: note: 'Utf8Length' declared here
int Utf8Length(Isolate* isolate) const;
^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
5 warnings and 20 errors generated.
make: *** [Release/obj.target/ursaNative/src/ursaNative.o] Error 1
gyp ERR! build error
gyp ERR! stack Error: `make` failed with exit code: 2
gyp ERR! stack at ChildProcess.onExit (/Users/andrew/.nvm/versions/node/v14.18.1/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:194:23)
gyp ERR! stack at ChildProcess.emit (events.js:400:28)
gyp ERR! stack at Process.ChildProcess._handle.onexit (internal/child_process.js:282:12)
gyp ERR! System Darwin 21.1.0
gyp ERR! command "/Users/andrew/.nvm/versions/node/v14.18.1/bin/node" "/Users/andrew/.nvm/versions/node/v14.18.1/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /Users/andrew/test/node_modules/ursa
gyp ERR! node -v v14.18.1
gyp ERR! node-gyp -v v5.1.0
gyp ERR! not ok
npm WARN [email protected] No description
npm WARN [email protected] No repository field.
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: `node-gyp rebuild`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/andrew/.npm/_logs/2021-10-18T12_33_27_457Z-debug.logSetup:
node v14.18.1npm v6.14.15nvm v0.39.0Ursa crashes if seed length is less than 32 bytes for secp256k1, but other algorithms work fine with this seed.
The problem seems to be that in other cases the input seed is hashed before being passed to the rng generator.
use ursa::{
keys::KeyGenOption,
signatures::{
secp256k1::EcdsaSecp256k1Sha256,
SignatureScheme,
},
};
fn main() {
let options = KeyGenOption::UseSeed(vec![1, 2, 3]);
let key_pair = EcdsaSecp256k1Sha256::new().keypair(Some(options));
println!("{:?}", key_pair);
}We have a dependency collision with cosmos_sdk=0.1.1 crate in our project.
error: failed to select a version for `ed25519-dalek`.
... required by package `tendermint v0.19.0`
... which is depended on by `cosmos_sdk v0.1.1`
... which is depended on by `libindy v1.95.0 (.../libindy)`
versions that meet the requirements `^1` are: 1.0.1, 1.0.0
all possible versions conflict with previously selected packages.
previously selected package `ed25519-dalek v1.0.0-pre.3`
... which is depended on by `ursa v0.3.5`
... which is depended on by `libindy v1.95.0 (.../libindy)`
failed to select a version for `ed25519-dalek` which could resolve this conflict
The version of ed25519-dalek is already updated in master. Could you please publish it to crates.io?
@tarcieri mentions in #162 an alternative to libsecp256k1. I think the selection of the libsecp256k1 was for minimalist builds for e.g. mobile devices. Performance differential should be evaluated as well. Please discuss other criteria to evaluate.
Current: https://crates.io/crates/libsecp256k1
Proposed: https://crates.io/crates/k256
According to ed25519-unsafe-libs the library that is used for signing, ed25519-dalek, possibly contains a security bug that allows for private key extraction (as explained in this stack overflow post.
Now, the README mentions that it is not likely that libraries, like Ursa, using the "unsafe" library will also be "unsafe", but I thought I should mention it here.
I am by no means an expert in this, so likely it is just nothing, but it never hurts to mention it.
I'm uncomfortable with the bulletproofs module for both subjective and objective reasons.
When it was originally authored there were issues with the licensing (i.e. it was copied from the Dalek project) which I think were remedied. However I'm not 100% confident. That's not a concrete criticism but I don't know how to make it concrete without revisiting the full review which seems to have allowed commits like this through:
Dont push yet. Some comments, refactorings and TODOs. Some refactoings
Moreover since it copies rather than imports/links to Dalek it is not actively incorporating changes from Dalek.
More concretely the feature also relies on a defunct crypto project, Apache Milagro Crypto Library:
https://github.com/milagro-crypto/amcl
That library seems to have changed hands or location and may only have a single maintainer. Relying (for security in particular) on single maintainer projects is contrary to best practices.
At the very least this module should be marked as experimental. That was sort of implicitly the case under the zmix code structure, but as we restructure the code this and other modules will move to a different structure that won't implicitly reflect the maturity of the feature.
I would prefer however that it be removed until it can be actively maintained to address the concerns above.
We were very curious when we noticed the support for general Zero-Knowledge Attribute equality in Anoncreds (1.0). Link
We have some use cases in mind that could really benefit from this feature.
But then we saw the implementations in indy-shared-rs and indy-sdk and recognized that this feature is "only" used for the link secret (master-secret) and the APIs don't allow to set more common attributes. This is probably because the current implementation in ursa is not very flexibel due to the fact that a common attribute MUST be present in every credential/sub proof that is involved in the proof (src).
In our use cases we think about domain-specific link data that perhaps is generated by the issuer (in contrast to the link secret).
For example the user wants to make a proof with three credentials. All share the same link secret and two of them share a domain-specific link data.
| Cred1 | Cred2 | Cred3 |
|---|---|---|
| link secret | link secret | link secret |
| link data | link data | |
| c1_a1 | c2_a1 | c3_a1 |
| c1_a2 | c2_a2 | c3_a2 |
| ... | ... |
We would like to make a ZK proof that link data of cred1 equals the link data of cred2. The user should still be able to add another credential cred3 without the domain-specific link data (but with the same link secret).
Is there any crypthographic reason to NOT ALLOW attribute equality that involve only a subset of all sub proofs by just compare the m_hat of these subproofs for AnonCred1 (see example)?
If no, would it be ok to change the semantics of common_attributes that is only enforced for credentials that have the given attributes it its schema?
Or should there be a more flexible but also more complex construct, where the equality attributes can be described for specific credential definitions and attribute name? (i.e "cred1:name" should be equal to "cred2:lastname"). Same Discussion was initiated here for Anoncreds 2.0.
What do you think?
Code coverage reporting is a standard practice. We should
main branchI see that ursa::CryptoError doesn't implement trait std::error::Error, that prevents us from comfortable error processing.
Thanks in advance!
Create Issuer-level functions for exposing merkle-tree revocation functionality.
The top-level Ursa project file and folder structure will look like the following:
ursa
|
ursa_circuits
ursa_core
ursa_encryption
ursa_dkg
ursa_keyagreement
ursa_sharing
ursa_shortgroupsignatures
ursa_signatures
...
src
Cargo.toml
Cargo.lock
CHANGELOG
CODEOWNERS
CONTRIBUTING
LICENSE
README.md
RELEASES.md
SECURITY.md
rustfmt.toml
...
The point of the top level project is to
The current Cargo.toml file only contains the following:
[profile.release]
lto = true
[workspace]
members = [
"libursa",
"libzmix",
"libzmix/bulletproofs_amcl",
"libzmix/bbs",
]This will need to be modified to accomadate the new subprojects as they are created. Some hints for how the end result could look like are the rand crate where it has multiple subprojects and itself is a crate.
According to the example of use of CL, i cross complie it with openwrt(arm) successfully, but when i make it on my router, i met the segment fault. I can't find the reason and don't konw how to fix it.
I am trying to execute Hyperledger Ursa(https://github.com/hyperledger/ursa) as described in https://crates.io/crates/ursa. That is , I have added the ursa as dependency in Cargo.toml. Then i just imported it as below
extern crate ferris_says;
extern crate ursa;
use ferris_says::say;
use std::io::{ stdout, BufWriter };
use ursa::bls::*;
fn main() {
let out = b"Hello fellow Rustaceans!";
let width = 24;
let mut writer = BufWriter::new(stdout());
say(out, width, &mut writer).unwrap();
}
But the system is throwing err as , the ursa cannot be compiled. If ferris_says can work properly, why not ursa ?
Ursa will have many traits and structures that will be common across subprojects. The idea is that if at least two subprojects have a common item, this can live in the core subproject.
Here is a list of the currently known components that can live here
As part of this the Keys struct should be changed to be a placeholder trait such that each consuming subproject can expand it in their own way without having to extend an enum.
For example, all the keys are just generic wrappers around byte arrays like PrivateKey. While it works, Rust can provide stronger typing that wrapping a generic Vec.
If PrivateKey were changed to
pub trait PrivateKey: Zeroize {
fn to_bytes(&self, compressed: bool) -> Vec<u8>;
fn from_bytes(data: &[u8], compressed: bool) -> UrsaResult<Self>;
}The BLS, Ed25519, ECDSA could provide an implemented version that is the specific to them that is stronger typed
pub struct BLSPrivateKey([u8; 32]);
impl Zeroize for BLSPrivateKey {...}
impl PrivateKey for BLSPrivateKey {...}We can similarly apply the same idea to the current enum KeyGenOption.
In the end, key generation should be flexible enough to be usable by any crypto primitive like signatures, short group signatures, post quantum methods, and others.
This also facilitates the FFI and WASM wrappers to just return the generic PrivateKey trait as part of their interfaces without having to worry about the specific implementations.
Basically we want to be able to check if a signature is valid by signing a unknown object to the signer. This should be added to key protocols but should remain optional if you need a more efficient implementation
I am currently playing around with this lib. While doing so I tried to build in portable mode.
The recommended way of doing so, according to the README:
cargo build --release --no-default-features --features=portable
If compiling that way, cargo fails with:
error: --features is not allowed in the root of a virtual workspace
note: while this was previously accepted, it didn't actually do anything
So I checked your CI file, in which you first compile the whole project with default features, and than just libzmix with portable feature enabled:
cargo build
cargo build --manifest-path=libzmix/Cargo.toml --no-default-features --features=portable
Does that make sense? Is that correct?
If yes, I propose to add that information to the README.
(I can do a PR, but I don't understand the library well enough to be sure it is the correct way of doing this.)
failure crate was deprecated. It's recommended to use thiserror and anyhow instead
In the README supported signatures section it is mentioned that Camenisch Lysyanskaya RSA based signatures are supported. But in the documentation of the latest version there is no module for this type of signatures, so from what I understand it is still in development.
It would be great if you will mention the status of the CL_RSA in the readme - in development or something like this.
Currently this is not a trivial dependency. Need to make the following changes.
Aead and AeadCore trait members.Aead instances (NewAead was deprecated).After several meetings and deliberation with @hartm et al, we settled on the following interim plan for the version 1.0
fail with anyhow and std::error::Error-based workflows.no_std.miette and more informative error handling projectsaarch64 with x86 extensions, without SVE).@mikelodder7
Now that we haveC-callable library interface, how about we go a step further with help ofCGOto provide golang one?
That would be great. We accept PRs.
Originally posted by @brentzundel in #133 (comment)
I ask for this feature, because currently used version of k256 is pretty outdated and it loads some other oudated crates, which breaks my Iroha 2 build.
Specifically k256 depends on ecdsa which depends on signature. Given that dependency graph current ursa uses signature >=1.3.0, <1.4.0 and when I need to link with another crate which uses another version constraints for signature build fails because it fails to select a proper version. I.e.
I need to link my crate with ursa and with cargo crate. cargo v0.69.1 depends on more updated version of signature with signature >=1.6.2, <1.7 version constraint.
Looks like new version of k256 depends on the new version of ecdsa which depends on signature v2. With that it will be totally okay to have signature v1 and signature v2 in one crate.
Create verifier-level functions for exposing merkle-tree revocation functionality.
In the crouse of my use ProofBuilder struct to build proof, when call add_sub_proof_request function add subproof and use construsted CredentialValues struct even through these attributes are not in the credentials or not true. Proof can still be generated and verified. (in ursa v0.3.6)
Did I ignore some important steps to prevent it from happening?
I'm adding dependence on ursa like:
ursa = { version = "=0.3.7", default-features = false, features = ["portable"] }
Only to get the following error:
Compiling ursa v0.3.7
error[E0432]: unresolved import `amcl::secp256k1`
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:226:15
|
226 | use amcl::secp256k1::{ecdh, ecp};
| ^^^^^^^^^ could not find `secp256k1` in `amcl`
error[E0433]: failed to resolve: use of undeclared crate or module `signing_key`
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:261:22
|
261 | let sk = signing_key::to_bytes();
| ^^^^^^^^^^^ use of undeclared crate or module `signing_key`
error[E0433]: failed to resolve: use of undeclared crate or module `verify_key`
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:263:30
|
263 | let compressed = verify_key::to_bytes(); //serialized as compressed point
| ^^^^^^^^^^ use of undeclared crate or module `verify_key`
error[E0433]: failed to resolve: could not find `VerifyKey` in `k256`
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:279:28
|
279 | let pk = k256::VerifyKey::from_encoded_point(compressed_pk)
| ^^^^^^^^^ could not find `VerifyKey` in `k256`
error[E0433]: failed to resolve: could not find `SigningKey` in `k256`
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:260:37
|
260 | let signing_key = k256::SigningKey::random(&mut OsRng);
| ^^^^^^^^^^ not found in `k256`
|
help: consider importing this struct
|
219 | use k256::ecdsa::SigningKey;
|
error[E0433]: failed to resolve: could not find `SigningKey` in `k256`
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:267:37
|
267 | let signing_key = k256::SigningKey::new(&sk)
| ^^^^^^^^^^ not found in `k256`
|
help: consider importing this struct
|
219 | use k256::ecdsa::SigningKey;
|
error[E0425]: cannot find value `signing_key` in crate `k256`
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:269:34
|
269 | let (sig, _) = k256::signing_key.sign(&message);
| ^^^^^^^^^^^ not found in `k256`
error[E0412]: cannot find type `Signature` in this scope
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:281:22
|
281 | let sig: Signature = k256::Signature::from_bytes(signature);
| ^^^^^^^^^ not found in this scope
|
help: consider importing one of these items
|
219 | use bls::Signature;
|
219 | use ed25519_dalek::Signature;
|
219 | use k256::ecdsa::Signature;
|
219 | use k256::ecdsa::recoverable::Signature;
|
and 3 other candidates
error[E0433]: failed to resolve: could not find `Signature` in `k256`
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:281:40
|
281 | let sig: Signature = k256::Signature::from_bytes(signature);
| ^^^^^^^^^ not found in `k256`
|
help: consider importing one of these items
|
219 | use bls::Signature;
|
219 | use ed25519_dalek::Signature;
|
219 | use k256::ecdsa::Signature;
|
219 | use k256::ecdsa::recoverable::Signature;
|
and 3 other candidates
error[E0425]: cannot find function `verify` in crate `k256`
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:282:22
|
282 | Ok(k256::verify(&msg, &sig, &pk))
| ^^^^^^ not found in `k256`
|
help: consider importing this function
|
219 | use amcl::bn254::bls::verify;
|
error[E0425]: cannot find value `msg` in this scope
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:282:30
|
282 | Ok(k256::verify(&msg, &sig, &pk))
| ^^^ not found in this scope
error[E0433]: failed to resolve: could not find `Signature` in `k256`
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:285:33
|
285 | let mut sig = k256::Signature::parse(array_ref!(signature, 0, SIGNATURE_SIZE));
| ^^^^^^^^^ not found in `k256`
|
help: consider importing one of these items
|
219 | use bls::Signature;
|
219 | use ed25519_dalek::Signature;
|
219 | use k256::ecdsa::Signature;
|
219 | use k256::ecdsa::recoverable::Signature;
|
and 3 other candidates
error[E0599]: no method named `input` found for struct `sha2::Sha256` in the current scope
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/bn/rust.rs:495:20
|
495 | hasher.input(&num);
| ^^^^^ method not found in `sha2::Sha256`
error[E0599]: no method named `result` found for struct `sha2::Sha256` in the current scope
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/bn/rust.rs:498:19
|
498 | Ok(hasher.result().as_slice().to_vec())
| ^^^^^^ method not found in `sha2::Sha256`
error[E0107]: this associated function takes 0 generic arguments but 1 generic argument was supplied
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:33:16
|
33 | self.0.keypair::<sha2::Sha256>(option)
| ^^^^^^^---------------- help: remove these generics
| |
| expected 0 generic arguments
|
note: associated function defined here, with 0 generic parameters
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:256:16
|
256 | pub fn keypair(
| ^^^^^^^
error[E0107]: this associated function takes 0 generic arguments but 1 generic argument was supplied
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:36:16
|
36 | self.0.sign::<sha2::Sha256>(message, sk)
| ^^^^---------------- help: remove these generics
| |
| expected 0 generic arguments
|
note: associated function defined here, with 0 generic parameters
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:266:16
|
266 | pub fn sign(&self, message: &[u8], sk: &PrivateKey) -> Result<Vec<u8>, CryptoError> {
| ^^^^
error[E0107]: this associated function takes 0 generic arguments but 1 generic argument was supplied
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:44:16
|
44 | self.0.verify::<sha2::Sha256>(message, signature, pk)
| ^^^^^^---------------- help: remove these generics
| |
| expected 0 generic arguments
|
note: associated function defined here, with 0 generic parameters
--> /home/garorobe/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.7/src/signatures/secp256k1.rs:272:16
|
272 | pub fn verify(
| ^^^^^^
Some errors have detailed explanations: E0107, E0412, E0425, E0432, E0433, E0599.
For more information about an error, try `rustc --explain E0107`.
error: could not compile `ursa` due to 17 previous errors
Is there something I'm missing maybe or it's planned to fix?
The instruction how to include and use libzmix in
https://github.com/hyperledger/ursa/blob/main/libzmix/README.md
are outdated. This might be confusing for new comers. It should be updated or at least include a hint to more up to date readme files in subfolders like https://github.com/hyperledger/ursa/blob/main/libzmix/bbs/README.md
I drew a diagram based on the anoncreds_demo to figure out how to use ursa, but I'm not sure if the issuer will/should know the master secret. According to Indy SDK doc and the demo, a master secret is a special piece of data that’s inserted into a credential in blinded form and is given to issuer directly in plaintext.
As part of CII badging we do claim to have a changelog
https://bestpractices.coreinfrastructure.org/projects/2447
https://github.com/hyperledger/ursa/blob/master/CHANGELOG
but it seems we've been forgetting to update it.
At the moment we are on version 0.3.5 on crates.io but the changelog only documents our initial 0.1.0 release.
A number of optimizations have been recommended for the implementation of the sparse Merkle tree in Ursa.
This issue would be resolved when those optimizations have been incorporated.
Create tests that demonstrate a credential issuance, proving, revocation, failure to prove flow.
Hi, we're using ursa in hyperledger iroha, When we ran cargo audit We found
Crate: time
Version: 0.1.43
Title: Potential segfault in the time crate
Date: 2020-11-18
ID: RUSTSEC-2020-0071
URL: https://rustsec.org/advisories/RUSTSEC-2020-0071
Solution: Upgrade to >=0.2.23
Dependency tree:
time 0.1.43
And cargo tree showed time as a direct dependency of ursa.
#Hi there! I am a newbie in Rust and Ursa. Now I am trying to test the revocation part of ursa. I have some trouble issuing multiple credentials. I want to issue two credentials and watch their witness. But I find that the second witness is always generated wrong.
I use 'ursa::cl::mod::Witness::new()' to generate new witness. I checked its source code and find some possible issues.
let mut issued = if issuance_by_default {
(1..=max_cred_num)
.filter(|idx| !rev_reg_delta.revoked.contains(idx))
.collect::<BTreeSet<u32>>()
} else {
BTreeSet::from_iter(rev_reg_delta.issued.iter().cloned())
};
issued.remove(&rev_idx);
for j in issued.iter() {
let index = max_cred_num + 1 - j + rev_idx;
rev_tails_accessor.access_tail(index, &mut |tail| {
omega = omega.add(tail).unwrap();
})?;
}
This is the code from 'ursa::cl::mod::Witness::new()' line 693 to line 707. To generate a new witness, we should use all issued credentials ' tails. However, I find that 'rev_reg_delta.issued' only contains the recently issused credential.
let rev_reg_delta = if issuance_by_default {
None
} else {
let prev_acc = rev_reg.accum;
rev_tails_accessor.access_tail(index, &mut |tail| {
rev_reg.accum = rev_reg.accum.add(tail).unwrap();
})?;
Some(RevocationRegistryDelta {
prev_accum: Some(prev_acc),
accum: rev_reg.accum,
issued: hashset![rev_idx],
revoked: HashSet::new(),
})
};
This is the code from 'ursa::cl::issuer::Issuer::_new_non_revocation_credential' line 1376-line 1393. The new generated revocation registry delta only contains one issued credential.
And here is a screenshot about my output, I issued two credentials (0,1), but the second revocation registry delta only contains one issued credential (1).
So every time I call the function 'Witness::new()', I get the same witness value:
' Witness { omega: PointG2 { point: 1 0000000000000000000000000000000000000000000000000000000000000000 1 0000000000000000000000000000000000000000000000000000000000000000 2 095E45DDF417D05FB10933FFC63D474548B7FFFF7888802F07FFFFFF7D07A8A8 1 0000000000000000000000000000000000000000000000000000000000000000 1 0000000000000000000000000000000000000000000000000000000000000000 1 0000000000000000000000000000000000000000000000000000000000000000 } } '
How can I fix this problem? Can you help me? And If I am wrong, please tell me. Many thanks in advance!
We want to use ursa in Cactus for the crypto related code, but it's a Javascript/Typescript project so it's not happening unless ursa can be compiled down to JS first.
There's a great project out there demonstrating how it could all work for both NodeJS and Browser (with Web Assembly).
https://github.com/mattrglobal/bbs-signatures
My idea is to integrate the tooling that bbs-signatures uses to my ursa fork and then send a PR. I have done very little so far due to lack of time so everyone should feel welcome to also work on this, but if not, eventually I'll come around and do it for sure. Just wanted to open this issue in anticipation and so that there's a place we can talk about this topic.
As part of the Ursa refactor, I'm breaking down the various tasks that anyone can do to contribute. Some of these tasks will need to be completed in order but may will not. The list is included here as a master list but each task will be detailed in an issue. The main goal here is to leave the current APIs as is or make small modifications and leave the old existing stuff for the moment until this operation is completed. At that point, we can start removing legacy code from the main project.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.