chore: replace ursa lib with anoncreds-clsignatures-rs

Cargo.toml

@@ -1,7 +1,9 @@
 [package]
 name = "anoncreds"
 version = "0.1.0"
-authors = ["Hyperledger AnonCreds Contributors <[email protected]>"]
+authors = [
+    "Hyperledger AnonCreds Contributors <[email protected]>",
+]
 description = "Verifiable credential issuance and presentation for Hyperledger AnonCreds (https://www.hyperledger.org/projects), which provides a foundation for self-sovereign identity."
 edition = "2021"
 license = "Apache-2.0"
@@ -20,7 +22,6 @@ crate-type = ["staticlib", "rlib", "cdylib"]
 default = ["ffi", "logger", "zeroize"]
 ffi = ["ffi-support"]
 logger = ["env_logger"]
-vendored = ["openssl", "openssl/vendored"]
 
 [dependencies]
 bs58 = "0.4.0"
@@ -32,17 +33,12 @@ rand = "0.8.5"
 regex = "1.7.1"
 serde = { version = "1.0.155", features = ["derive"] }
 bitvec = { version = "1.0.1", features = ["serde"] }
-serde_json = { version = "1.0.94", features = ["raw_value"]}
+serde_json = { version = "1.0.94", features = ["raw_value"] }
 sha2 = "0.10.6"
 tempfile = "3.4.0"
 thiserror = "1.0.39"
-ursa = { version = "0.3.7", default-features = false, features = ["cl_native", "serde"] }
 zeroize = { version = "1.5.7", optional = true, features = ["zeroize_derive"] }
-
-# We add the openssl dependency here because ursa does not expose a vendored openssl feature
-# Since we use "cl_native" as a feature, which uses openssl, we can add a vendored build with 
-# the new exposed "vendored" feature
-openssl = { version = "0.10.45", optional = true }
+anoncreds-clsignatures = "0.1"
 
 [profile.release]
 lto = true

src/data_types/cred_def.rs

@@ -1,5 +1,10 @@
 use std::str::FromStr;
 
+use crate::cl::{
+    CredentialKeyCorrectnessProof as CryptoCredentialKeyCorrectnessProof,
+    CredentialPrimaryPublicKey, CredentialPrivateKey, CredentialPublicKey,
+    CredentialRevocationPublicKey,
+};
 use crate::{error::ConversionError, impl_anoncreds_object_identifier};
 
 use super::{issuer_id::IssuerId, schema::SchemaId};
@@ -26,9 +31,9 @@ impl FromStr for SignatureType {
 
 #[derive(Debug, Serialize, Deserialize)]
 pub struct CredentialDefinitionData {
-    pub primary: ursa::cl::CredentialPrimaryPublicKey,
+    pub primary: CredentialPrimaryPublicKey,
     #[serde(skip_serializing_if = "Option::is_none")]
-    pub revocation: Option<ursa::cl::CredentialRevocationPublicKey>,
+    pub revocation: Option<CredentialRevocationPublicKey>,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
@@ -43,8 +48,8 @@ pub struct CredentialDefinition {
 }
 
 impl CredentialDefinition {
-    pub fn get_public_key(&self) -> Result<ursa::cl::CredentialPublicKey, ConversionError> {
-        let key = ursa::cl::CredentialPublicKey::build_from_parts(
+    pub fn get_public_key(&self) -> Result<CredentialPublicKey, ConversionError> {
+        let key = CredentialPublicKey::build_from_parts(
             &self.value.primary,
             self.value.revocation.as_ref(),
         )
@@ -64,13 +69,13 @@ impl Validatable for CredentialDefinition {
 
 #[derive(Debug, Deserialize, Serialize)]
 pub struct CredentialDefinitionPrivate {
-    pub value: ursa::cl::CredentialPrivateKey,
+    pub value: CredentialPrivateKey,
 }
 
 #[derive(Debug, Deserialize, Serialize)]
 #[serde(transparent)]
 pub struct CredentialKeyCorrectnessProof {
-    pub value: ursa::cl::CredentialKeyCorrectnessProof,
+    pub value: CryptoCredentialKeyCorrectnessProof,
 }
 
 impl CredentialKeyCorrectnessProof {

src/data_types/cred_offer.rs

@@ -1,3 +1,4 @@
+use crate::cl::CredentialKeyCorrectnessProof;
 use crate::error::ValidationError;
 use crate::utils::validation::Validatable;
 
@@ -7,7 +8,7 @@ use super::{cred_def::CredentialDefinitionId, nonce::Nonce, schema::SchemaId};
 pub struct CredentialOffer {
     pub schema_id: SchemaId,
     pub cred_def_id: CredentialDefinitionId,
-    pub key_correctness_proof: ursa::cl::CredentialKeyCorrectnessProof,
+    pub key_correctness_proof: CredentialKeyCorrectnessProof,
     pub nonce: Nonce,
     #[serde(skip_serializing_if = "Option::is_none")]
     pub method_name: Option<String>,

src/data_types/cred_request.rs

@@ -1,3 +1,7 @@
+use crate::cl::{
+    BlindedCredentialSecrets, BlindedCredentialSecretsCorrectnessProof,
+    CredentialSecretsBlindingFactors,
+};
 use crate::error::{Result, ValidationError};
 use crate::invalid;
 use crate::utils::validation::{Validatable, LEGACY_DID_IDENTIFIER};
@@ -11,8 +15,8 @@ pub struct CredentialRequest {
     #[serde(skip_serializing_if = "Option::is_none")]
     prover_did: Option<String>,
     cred_def_id: CredentialDefinitionId,
-    pub blinded_ms: ursa::cl::BlindedCredentialSecrets,
-    pub blinded_ms_correctness_proof: ursa::cl::BlindedCredentialSecretsCorrectnessProof,
+    pub blinded_ms: BlindedCredentialSecrets,
+    pub blinded_ms_correctness_proof: BlindedCredentialSecretsCorrectnessProof,
     pub nonce: Nonce,
 }
 
@@ -55,8 +59,8 @@ impl CredentialRequest {
         entropy: Option<&str>,
         prover_did: Option<&str>,
         cred_def_id: CredentialDefinitionId,
-        blinded_ms: ursa::cl::BlindedCredentialSecrets,
-        blinded_ms_correctness_proof: ursa::cl::BlindedCredentialSecretsCorrectnessProof,
+        blinded_ms: BlindedCredentialSecrets,
+        blinded_ms_correctness_proof: BlindedCredentialSecretsCorrectnessProof,
         nonce: Nonce,
     ) -> Result<Self> {
         let s = Self {
@@ -85,7 +89,7 @@ impl CredentialRequest {
 
 #[derive(Debug, Deserialize, Serialize)]
 pub struct CredentialRequestMetadata {
-    pub link_secret_blinding_data: ursa::cl::CredentialSecretsBlindingFactors,
+    pub link_secret_blinding_data: CredentialSecretsBlindingFactors,
     pub nonce: Nonce,
     pub link_secret_name: String,
 }

src/data_types/credential.rs

@@ -1,7 +1,7 @@
 use std::collections::HashMap;
-
 use zeroize::Zeroize;
 
+use crate::cl::{CredentialSignature, RevocationRegistry, SignatureCorrectnessProof, Witness};
 use crate::error::{ConversionError, ValidationError};
 use crate::utils::validation::Validatable;
 
@@ -13,10 +13,10 @@ pub struct Credential {
     pub cred_def_id: CredentialDefinitionId,
     pub rev_reg_id: Option<RevocationRegistryId>,
     pub values: CredentialValues,
-    pub signature: ursa::cl::CredentialSignature,
-    pub signature_correctness_proof: ursa::cl::SignatureCorrectnessProof,
-    pub rev_reg: Option<ursa::cl::RevocationRegistry>,
-    pub witness: Option<ursa::cl::Witness>,
+    pub signature: CredentialSignature,
+    pub signature_correctness_proof: SignatureCorrectnessProof,
+    pub rev_reg: Option<RevocationRegistry>,
+    pub witness: Option<Witness>,
 }
 
 impl Credential {

src/data_types/link_secret.rs

@@ -1,14 +1,11 @@
+use crate::cl::{bn::BigNumber, MasterSecret, Prover as CryptoProver};
 use crate::error::ConversionError;
 use std::fmt;
-use ursa::{
-    bn::BigNumber,
-    cl::{prover::Prover as UrsaProver, MasterSecret},
-};
-pub struct LinkSecret(pub ursa::bn::BigNumber);
+pub struct LinkSecret(pub BigNumber);
 
 impl LinkSecret {
     pub fn new() -> Result<Self, ConversionError> {
-        let value = UrsaProver::new_master_secret()
+        let value = CryptoProver::new_master_secret()
             .and_then(|v| v.value())
             .map_err(|err| {
                 ConversionError::from_msg(format!("Error creating link secret: {err}"))

src/data_types/nonce.rs

@@ -2,13 +2,13 @@ use std::convert::TryFrom;
 use std::fmt;
 use std::hash::{Hash, Hasher};
 
+use crate::cl::{new_nonce, Nonce as CryptoNonce};
 use crate::error::ConversionError;
-use crate::ursa::cl::{new_nonce, Nonce as UrsaNonce};
 use serde::{de::Visitor, Deserialize, Deserializer, Serialize, Serializer};
 
 pub struct Nonce {
     strval: String,
-    native: UrsaNonce,
+    native: CryptoNonce,
 }
 
 impl Nonce {
@@ -20,20 +20,20 @@ impl Nonce {
     }
 
     #[inline]
-    pub fn from_native(native: UrsaNonce) -> Result<Self, ConversionError> {
+    pub fn from_native(native: CryptoNonce) -> Result<Self, ConversionError> {
         let strval = native.to_dec().map_err(|e| e.to_string())?;
         Ok(Self { strval, native })
     }
 
     #[inline]
     #[must_use]
-    pub const fn as_native(&self) -> &UrsaNonce {
+    pub const fn as_native(&self) -> &CryptoNonce {
         &self.native
     }
 
     #[inline]
     #[must_use]
-    pub fn into_native(self) -> UrsaNonce {
+    pub fn into_native(self) -> CryptoNonce {
         self.native
     }
 
@@ -48,7 +48,7 @@ impl Nonce {
             }
         }
 
-        let native = UrsaNonce::from_dec(&strval).map_err(|e| e.to_string())?;
+        let native = CryptoNonce::from_dec(&strval).map_err(|e| e.to_string())?;
         Ok(Self { strval, native })
     }
 
@@ -229,11 +229,11 @@ mod tests {
 
     #[test]
     fn nonce_convert() {
-        let nonce = UrsaNonce::new().expect("Error creating nonce");
+        let nonce = CryptoNonce::new().expect("Error creating nonce");
         let ser = serde_json::to_string(&nonce).unwrap();
         let des = serde_json::from_str::<Nonce>(&ser).unwrap();
         let ser2 = serde_json::to_string(&des).unwrap();
-        let nonce_des = serde_json::from_str::<UrsaNonce>(&ser2).unwrap();
+        let nonce_des = serde_json::from_str::<CryptoNonce>(&ser2).unwrap();
         assert_eq!(nonce, nonce_des);
 
         let nonce = Nonce::new().unwrap();

src/data_types/presentation.rs

@@ -1,13 +1,14 @@
 use std::collections::HashMap;
 
+use crate::cl::Proof;
 use crate::error::ValidationError;
 use crate::utils::validation::Validatable;
 
 use super::{cred_def::CredentialDefinitionId, rev_reg::RevocationRegistryId, schema::SchemaId};
 
 #[derive(Debug, Deserialize, Serialize)]
 pub struct Presentation {
-    pub proof: ursa::cl::Proof,
+    pub proof: Proof,
     pub requested_proof: RequestedProof,
     pub identifiers: Vec<Identifier>,
 }

src/data_types/rev_reg.rs

@@ -1,19 +1,20 @@
-use crate::{impl_anoncreds_object_identifier, Error};
 use serde::de::{self, Deserialize, Deserializer, MapAccess, Visitor};
 use serde::Serialize;
-use ursa::cl::Accumulator;
+
+use crate::cl::{Accumulator, RevocationRegistry as CryptoRevocationRegistry};
+use crate::{impl_anoncreds_object_identifier, Error};
 
 impl_anoncreds_object_identifier!(RevocationRegistryId);
 
 #[derive(Clone, Debug, Serialize, Deserialize)]
 pub struct RevocationRegistry {
-    pub value: ursa::cl::RevocationRegistry,
+    pub value: CryptoRevocationRegistry,
 }
 
 #[derive(Clone, Copy, Debug, Serialize)]
-pub struct UrsaRevocationRegistry(Accumulator);
+pub struct CLSignaturesRevocationRegistry(Accumulator);
 
-impl TryFrom<&str> for UrsaRevocationRegistry {
+impl TryFrom<&str> for CLSignaturesRevocationRegistry {
     type Error = Error;
 
     fn try_from(value: &str) -> Result<Self, Self::Error> {
@@ -22,34 +23,34 @@ impl TryFrom<&str> for UrsaRevocationRegistry {
     }
 }
 
-impl TryFrom<ursa::cl::RevocationRegistry> for UrsaRevocationRegistry {
+impl TryFrom<CryptoRevocationRegistry> for CLSignaturesRevocationRegistry {
     type Error = Error;
 
-    fn try_from(value: ursa::cl::RevocationRegistry) -> Result<Self, Self::Error> {
+    fn try_from(value: CryptoRevocationRegistry) -> Result<Self, Self::Error> {
         let s = serde_json::to_string(&value)?;
         Ok(serde_json::from_str(&s)?)
     }
 }
 
-impl TryFrom<UrsaRevocationRegistry> for ursa::cl::RevocationRegistry {
+impl TryFrom<CLSignaturesRevocationRegistry> for CryptoRevocationRegistry {
     type Error = Error;
 
-    fn try_from(value: UrsaRevocationRegistry) -> Result<Self, Self::Error> {
+    fn try_from(value: CLSignaturesRevocationRegistry) -> Result<Self, Self::Error> {
         let s = serde_json::to_string(&value)?;
         let json = format!("{{\"accum\": {s}}}");
         Ok(serde_json::from_str(&json)?)
     }
 }
 
-impl<'de> Deserialize<'de> for UrsaRevocationRegistry {
+impl<'de> Deserialize<'de> for CLSignaturesRevocationRegistry {
     fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
     where
         D: Deserializer<'de>,
     {
-        struct UrsaRevocationRegistryVisitor;
+        struct CLSignaturesRevocationRegistryVisitor;
 
-        impl<'de> Visitor<'de> for UrsaRevocationRegistryVisitor {
-            type Value = UrsaRevocationRegistry;
+        impl<'de> Visitor<'de> for CLSignaturesRevocationRegistryVisitor {
+            type Value = CLSignaturesRevocationRegistry;
 
             fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
                 write!(formatter, "string or map")
@@ -58,12 +59,12 @@ impl<'de> Deserialize<'de> for UrsaRevocationRegistry {
             fn visit_str<E: serde::de::Error>(
                 self,
                 value: &str,
-            ) -> Result<UrsaRevocationRegistry, E> {
+            ) -> Result<CLSignaturesRevocationRegistry, E> {
                 let accum = Accumulator::from_string(value).map_err(de::Error::custom)?;
-                Ok(UrsaRevocationRegistry(accum))
+                Ok(CLSignaturesRevocationRegistry(accum))
             }
 
-            fn visit_map<V>(self, mut map: V) -> Result<UrsaRevocationRegistry, V::Error>
+            fn visit_map<V>(self, mut map: V) -> Result<CLSignaturesRevocationRegistry, V::Error>
             where
                 V: MapAccess<'de>,
             {
@@ -83,9 +84,9 @@ impl<'de> Deserialize<'de> for UrsaRevocationRegistry {
                 }
                 let accum: Accumulator =
                     accum.ok_or_else(|| de::Error::missing_field("(accum|currentAccumulator)"))?;
-                Ok(UrsaRevocationRegistry(accum))
+                Ok(CLSignaturesRevocationRegistry(accum))
             }
         }
-        deserializer.deserialize_any(UrsaRevocationRegistryVisitor)
+        deserializer.deserialize_any(CLSignaturesRevocationRegistryVisitor)
     }
 }

src/data_types/rev_reg_def.rs

@@ -1,5 +1,6 @@
 use std::str::FromStr;
 
+use crate::cl::{RevocationKeyPrivate, RevocationKeyPublic};
 use crate::{error::ConversionError, impl_anoncreds_object_identifier};
 
 use super::{cred_def::CredentialDefinitionId, issuer_id::IssuerId};
@@ -37,7 +38,7 @@ pub struct RevocationRegistryDefinitionValue {
 #[derive(Clone, Debug, Deserialize, Serialize)]
 #[serde(rename_all = "camelCase")]
 pub struct RevocationRegistryDefinitionValuePublicKeys {
-    pub accum_key: ursa::cl::RevocationKeyPublic,
+    pub accum_key: RevocationKeyPublic,
 }
 
 #[derive(Clone, Debug, Deserialize, Serialize)]
@@ -61,5 +62,5 @@ impl Validatable for RevocationRegistryDefinition {
 
 #[derive(Debug, Deserialize, Serialize)]
 pub struct RevocationRegistryDefinitionPrivate {
-    pub value: ursa::cl::RevocationKeyPrivate,
+    pub value: RevocationKeyPrivate,
 }