From eb52e49ad484f7520e9db49bf094c43aa346e93b Mon Sep 17 00:00:00 2001 From: Sergey Minaev Date: Fri, 21 Oct 2022 15:10:22 +0500 Subject: [PATCH] [3392] BBS update: support header in creds. Signed-off-by: Sergey Minaev --- .../command/verifiable/command_test.go | 2 +- .../rest/verifiable/operation_test.go | 2 +- pkg/crypto/primitive/bbs12381g2pub/bbs.go | 20 +++--- .../primitive/bbs12381g2pub/bbs_test.go | 62 +++++++++---------- pkg/crypto/primitive/bbs12381g2pub/keys.go | 4 +- .../primitive/bbs12381g2pub/keys_test.go | 5 +- .../primitive/bbs/subtle/bls12381g2_signer.go | 2 +- .../bbs/subtle/bls12381g2_verifier.go | 6 +- pkg/doc/presexch/definition_test.go | 2 +- .../suite/bbsblssignatureproof2020/signer.go | 2 +- .../signature/verifier/public_key_verifier.go | 4 +- pkg/doc/verifiable/credential_ldp_test.go | 2 +- pkg/doc/verifiable/example_support_test.go | 2 +- test/bbs/src/support_signer.go | 2 +- 14 files changed, 59 insertions(+), 58 deletions(-) diff --git a/pkg/controller/command/verifiable/command_test.go b/pkg/controller/command/verifiable/command_test.go index f26e832011..1571e5910a 100644 --- a/pkg/controller/command/verifiable/command_test.go +++ b/pkg/controller/command/verifiable/command_test.go @@ -2934,7 +2934,7 @@ func newBBSSigner(privKey *bbs12381g2pub.PrivateKey) (*bbsSigner, error) { func (s *bbsSigner) Sign(data []byte) ([]byte, error) { msgs := s.textToLines(string(data)) - return bbs12381g2pub.New().Sign(msgs, s.privKeyBytes) + return bbs12381g2pub.New().Sign(nil, msgs, s.privKeyBytes) } func (s *bbsSigner) Alg() string { diff --git a/pkg/controller/rest/verifiable/operation_test.go b/pkg/controller/rest/verifiable/operation_test.go index 7a1f3c8a11..e30f3eebdd 100644 --- a/pkg/controller/rest/verifiable/operation_test.go +++ b/pkg/controller/rest/verifiable/operation_test.go @@ -1523,7 +1523,7 @@ func newBBSSigner(privKey *bbs12381g2pub.PrivateKey) (*bbsSigner, error) { func (s *bbsSigner) Sign(data []byte) ([]byte, error) { msgs := s.textToLines(string(data)) - return bbs12381g2pub.New().Sign(msgs, s.privKeyBytes) + return bbs12381g2pub.New().Sign(nil, msgs, s.privKeyBytes) } func (s *bbsSigner) Alg() string { diff --git a/pkg/crypto/primitive/bbs12381g2pub/bbs.go b/pkg/crypto/primitive/bbs12381g2pub/bbs.go index 438bc0fa09..9144cf6a48 100644 --- a/pkg/crypto/primitive/bbs12381g2pub/bbs.go +++ b/pkg/crypto/primitive/bbs12381g2pub/bbs.go @@ -54,7 +54,7 @@ const ( ) // Verify makes BLS BBS12-381 signature verification. -func (bbs *BBSG2Pub) Verify(messages [][]byte, sigBytes, pubKeyBytes []byte) error { +func (bbs *BBSG2Pub) Verify(header []byte, messages [][]byte, sigBytes, pubKeyBytes []byte) error { signature, err := ParseSignature(sigBytes) if err != nil { return fmt.Errorf("parse signature: %w", err) @@ -67,7 +67,7 @@ func (bbs *BBSG2Pub) Verify(messages [][]byte, sigBytes, pubKeyBytes []byte) err messagesCount := len(messages) - publicKeyWithGenerators, err := pubKey.ToPublicKeyWithGenerators(messagesCount) + publicKeyWithGenerators, err := pubKey.ToPublicKeyWithGenerators(messagesCount, header) if err != nil { return fmt.Errorf("build generators from public key: %w", err) } @@ -78,7 +78,7 @@ func (bbs *BBSG2Pub) Verify(messages [][]byte, sigBytes, pubKeyBytes []byte) err } // Sign signs the one or more messages using private key in compressed form. -func (bbs *BBSG2Pub) Sign(messages [][]byte, privKeyBytes []byte) ([]byte, error) { +func (bbs *BBSG2Pub) Sign(header []byte, messages [][]byte, privKeyBytes []byte) ([]byte, error) { privKey, err := UnmarshalPrivateKey(privKeyBytes) if err != nil { return nil, fmt.Errorf("unmarshal private key: %w", err) @@ -88,11 +88,11 @@ func (bbs *BBSG2Pub) Sign(messages [][]byte, privKeyBytes []byte) ([]byte, error return nil, errors.New("messages are not defined") } - return bbs.SignWithKey(messages, privKey) + return bbs.SignWithKey(header, messages, privKey) } // VerifyProof verifies BBS+ signature proof for one ore more revealed messages. -func (bbs *BBSG2Pub) VerifyProof(messagesBytes [][]byte, proof, nonce, pubKeyBytes []byte) error { +func (bbs *BBSG2Pub) VerifyProof(header []byte, messagesBytes [][]byte, proof, nonce, pubKeyBytes []byte) error { payload, err := parsePoKPayload(proof) if err != nil { return fmt.Errorf("parse signature proof: %w", err) @@ -110,7 +110,7 @@ func (bbs *BBSG2Pub) VerifyProof(messagesBytes [][]byte, proof, nonce, pubKeyByt return fmt.Errorf("parse public key: %w", err) } - publicKeyWithGenerators, err := pubKey.ToPublicKeyWithGenerators(payload.messagesCount) + publicKeyWithGenerators, err := pubKey.ToPublicKeyWithGenerators(payload.messagesCount, header) if err != nil { return fmt.Errorf("build generators from public key: %w", err) } @@ -130,7 +130,7 @@ func (bbs *BBSG2Pub) VerifyProof(messagesBytes [][]byte, proof, nonce, pubKeyByt } // DeriveProof derives a proof of BBS+ signature with some messages disclosed. -func (bbs *BBSG2Pub) DeriveProof(messages [][]byte, sigBytes, nonce, pubKeyBytes []byte, +func (bbs *BBSG2Pub) DeriveProof(header []byte, messages [][]byte, sigBytes, nonce, pubKeyBytes []byte, revealedIndexes []int) ([]byte, error) { if len(revealedIndexes) == 0 { return nil, errors.New("no message to reveal") @@ -147,7 +147,7 @@ func (bbs *BBSG2Pub) DeriveProof(messages [][]byte, sigBytes, nonce, pubKeyBytes return nil, fmt.Errorf("parse public key: %w", err) } - publicKeyWithGenerators, err := pubKey.ToPublicKeyWithGenerators(messagesCount) + publicKeyWithGenerators, err := pubKey.ToPublicKeyWithGenerators(messagesCount, header) if err != nil { return nil, fmt.Errorf("build generators from public key: %w", err) } @@ -179,13 +179,13 @@ func (bbs *BBSG2Pub) DeriveProof(messages [][]byte, sigBytes, nonce, pubKeyBytes } // SignWithKey signs the one or more messages using BBS+ key pair. -func (bbs *BBSG2Pub) SignWithKey(messages [][]byte, privKey *PrivateKey) ([]byte, error) { +func (bbs *BBSG2Pub) SignWithKey(header []byte, messages [][]byte, privKey *PrivateKey) ([]byte, error) { var err error pubKey := privKey.PublicKey() messagesCount := len(messages) - pubKeyWithGenerators, err := pubKey.ToPublicKeyWithGenerators(messagesCount) + pubKeyWithGenerators, err := pubKey.ToPublicKeyWithGenerators(messagesCount, header) if err != nil { return nil, fmt.Errorf("build generators from public key: %w", err) } diff --git a/pkg/crypto/primitive/bbs12381g2pub/bbs_test.go b/pkg/crypto/primitive/bbs12381g2pub/bbs_test.go index 1efefdd8b4..8e7a8ed187 100644 --- a/pkg/crypto/primitive/bbs12381g2pub/bbs_test.go +++ b/pkg/crypto/primitive/bbs12381g2pub/bbs_test.go @@ -26,16 +26,16 @@ func TestBlsG2Pub_Verify(t *testing.T) { require.NoError(t, err) sigBytes := hexStringToBytesTest(t, - "836370c0f9fee53a4518e3294d2cd9880e9ced5a92fd21f20af898cf76c43a1fa88b3b8a0347313b83cb2f52055c3b56"+ - "24f8ea83101ff3429b07708c790975a43a1893fa848e1ffec1ab97c61196823d"+ - "28c3baa5900943929f3b0fdf36665fa43db9ee82dd855551bb9e7aaa6cc5c764") + "84d9677e651d7e039ff1bd3c6c37a6d465b23ebcc1291cf0082cd94c3971ff2ec64d8ddfd0c2f68d37429f6c751003a7"+ + "5435cae4b55250e5a3e357b7bd52589ff830820cd5e07a6125d846245efacccb"+ + "5814139b8bef5b329b3a269f576565d33bf6254916468f9e997a685ac68508a6") messagesBytes := default10messages(t) bls := bbs12381g2pub.New() t.Run("valid signature", func(t *testing.T) { - err = bls.Verify(messagesBytes, sigBytes, pkBytes) + err = bls.Verify(nil, messagesBytes, sigBytes, pkBytes) require.NoError(t, err) }) @@ -45,13 +45,13 @@ func TestBlsG2Pub_Verify(t *testing.T) { copy(invalidMessagesBytes, messagesBytes) invalidMessagesBytes[0] = invalidMessagesBytes[1] - err = bls.Verify(invalidMessagesBytes, sigBytes, pkBytes) + err = bls.Verify(nil, invalidMessagesBytes, sigBytes, pkBytes) require.Error(t, err) require.EqualError(t, err, "invalid BLS12-381 signature") }) t.Run("invalid input public key", func(t *testing.T) { - err = bls.Verify(messagesBytes, sigBytes, []byte("invalid")) + err = bls.Verify(nil, messagesBytes, sigBytes, []byte("invalid")) require.Error(t, err) require.EqualError(t, err, "parse public key: invalid size of public key") @@ -60,13 +60,13 @@ func TestBlsG2Pub_Verify(t *testing.T) { _, err = rand.Read(pkBytesInvalid) require.NoError(t, err) - err = bls.Verify(messagesBytes, sigBytes, pkBytesInvalid) + err = bls.Verify(nil, messagesBytes, sigBytes, pkBytesInvalid) require.Error(t, err) require.Contains(t, err.Error(), "parse public key: deserialize public key") }) t.Run("invalid input signature", func(t *testing.T) { - err = bls.Verify(messagesBytes, []byte("invalid"), pkBytes) + err = bls.Verify(nil, messagesBytes, []byte("invalid"), pkBytes) require.Error(t, err) require.EqualError(t, err, "parse signature: invalid size of signature") @@ -75,7 +75,7 @@ func TestBlsG2Pub_Verify(t *testing.T) { _, err = rand.Read(sigBytesInvalid) require.NoError(t, err) - err = bls.Verify(messagesBytes, sigBytesInvalid, pkBytes) + err = bls.Verify(nil, messagesBytes, sigBytesInvalid, pkBytes) require.Error(t, err) require.Contains(t, err.Error(), "parse signature: deserialize G1 compressed signature") }) @@ -89,7 +89,7 @@ func TestBBSG2Pub_SignWithKeyPair(t *testing.T) { messagesBytes := [][]byte{[]byte("message1"), []byte("message2")} - signatureBytes, err := bls.SignWithKey(messagesBytes, privKey) + signatureBytes, err := bls.SignWithKey(nil, messagesBytes, privKey) require.NoError(t, err) require.NotEmpty(t, signatureBytes) require.Len(t, signatureBytes, 112) @@ -97,7 +97,7 @@ func TestBBSG2Pub_SignWithKeyPair(t *testing.T) { pubKeyBytes, err := pubKey.Marshal() require.NoError(t, err) - require.NoError(t, bls.Verify(messagesBytes, signatureBytes, pubKeyBytes)) + require.NoError(t, bls.Verify(nil, messagesBytes, signatureBytes, pubKeyBytes)) } func TestBBSG2Pub_Sign(t *testing.T) { @@ -111,7 +111,7 @@ func TestBBSG2Pub_Sign(t *testing.T) { privKeyBytes, err := privKey.Marshal() require.NoError(t, err) - signatureBytes, err := bls.Sign(messagesBytes, privKeyBytes) + signatureBytes, err := bls.Sign(nil, messagesBytes, privKeyBytes) require.NoError(t, err) require.NotEmpty(t, signatureBytes) require.Len(t, signatureBytes, 112) @@ -119,16 +119,16 @@ func TestBBSG2Pub_Sign(t *testing.T) { pubKeyBytes, err := pubKey.Marshal() require.NoError(t, err) - require.NoError(t, bls.Verify(messagesBytes, signatureBytes, pubKeyBytes)) + require.NoError(t, bls.Verify(nil, messagesBytes, signatureBytes, pubKeyBytes)) // invalid private key bytes - signatureBytes, err = bls.Sign(messagesBytes, []byte("invalid")) + signatureBytes, err = bls.Sign(nil, messagesBytes, []byte("invalid")) require.Error(t, err) require.EqualError(t, err, "unmarshal private key: invalid size of private key") require.Nil(t, signatureBytes) // at least one message must be passed - signatureBytes, err = bls.Sign([][]byte{}, privKeyBytes) + signatureBytes, err = bls.Sign(nil, [][]byte{}, privKeyBytes) require.Error(t, err) require.EqualError(t, err, "messages are not defined") require.Nil(t, signatureBytes) @@ -142,13 +142,13 @@ func TestBBSG2Pub_SignWithPredefinedKeys(t *testing.T) { messagesBytes := default10messages(t) bls := bbs12381g2pub.New() - signature, err := bls.Sign(messagesBytes, privateKeyBytes) + signature, err := bls.Sign(nil, messagesBytes, privateKeyBytes) require.NoError(t, err) expectedSignatureBytes := hexStringToBytesTest(t, - "836370c0f9fee53a4518e3294d2cd9880e9ced5a92fd21f20af898cf76c43a1fa88b3b8a0347313b83cb2f52055c3b56"+ - "24f8ea83101ff3429b07708c790975a43a1893fa848e1ffec1ab97c61196823d"+ - "28c3baa5900943929f3b0fdf36665fa43db9ee82dd855551bb9e7aaa6cc5c764") + "84d9677e651d7e039ff1bd3c6c37a6d465b23ebcc1291cf0082cd94c3971ff2ec64d8ddfd0c2f68d37429f6c751003a7"+ + "5435cae4b55250e5a3e357b7bd52589ff830820cd5e07a6125d846245efacccb"+ + "5814139b8bef5b329b3a269f576565d33bf6254916468f9e997a685ac68508a6") // TODO signature defined in the spec // "9157456791e4f9cae1130372f7cf37709ba661e43df5c23cc1c76be91abff7e2603e2ddaaa71fc42bd6f9d44bd58315b"+ // "09ee5cc4e7614edde358f2c497b6b05c8b118fae3f71a52af482dceffccb3785"+ @@ -166,7 +166,7 @@ func TestBBSG2Pub_VerifyProof_SeveralDisclosedMessages(t *testing.T) { pkBytes, err := privateKey.PublicKey().Marshal() require.NoError(t, err) - proofBytes := hexStringToBytesTest(t, "000a0005b6f1890b66d4ffaaceda451c4986e36553b4db2622057e8a96b2f29e9274bb8f0249f305088269e39772ec845c267b6c84d60886cec2615e3f0b18a58b4ee97404fcaecff3889b1361df37baaf75bb4c11cb427dcbb91aac11ef32f2d4568540b1e527b52626a4f081f43182f2fcdb3f0197eb6b22d3050be87ece2c719e79b948f00be75d10b851641c6de2b84a49040000007480ce09f9513044ce742c18eb796a6cda777b836931675c7a6b76910c15debf9aa991165bc54a50d1899c00742ecd75dc000000026ae46e197c2fd0f0d7233b7eb8235b85bbbb10664c6b4c69bc645bd4e211df754f14ae46e8358107caab0e91c7a39c7b8d3bb57d6f932a2bc786877fa271bc39a8c3a8823f9246239ed8fe58da4de9bb47d4e535e27e11a764c2ae5d2d9bf5bf38db5d9e71d61d3bbc40896afc79f64f0000000a19de08e7f3ef1dca5b05363a0cf765c5c455a89fcf61513c100d9219d87f60db11ef7535cdc6f6fd6820eb8cfd8b4f89fa80321ec0121daded6257496c7ed24b4b0894a65c2abcdbfec475a10167c58f3801d3dd2563d788b6a9310ba908849135b34c5fa902e08c4f26bcd3fdd197146ee4f5d89b6bc0bd54046b68d07fcf5e42941fb950d223a508639add65e90e52380524c5cc5fef3fdca7a0f12e03f1c7559ff3467e9650230ff491699edb25daafa162c3c1dbd467d94cb2c0d63ec3305a7c022dce4952135fa1d7945af17ec131563a9d1925297945df74b46e19175f234885eea5e7b1b3b0f11aabb7f587271aeae106a6e9a4ea6662d82d5530f05d04bbe0001b8858cca3160df6dfdbcdbf4bf0dd7897f0394615026d81c4b955c13c9a99852c667c08d40de2522b138ae66de5055f9dc79df43a2a2c6522f459a1") //nolint:lll + proofBytes := hexStringToBytesTest(t, "000a0005ab1a7238bc9ba5065c9d1f395720f97b8d68208e89edb1fa8f1cde16c07b7771a46359ef198317ca71cfae5937200485b3e62de95b4d05a95c8d882197c56e582f74b5e6e1e4ae866a93fa13ae32690b8ea1bbbd7f1138f18a750ede1915a6d2898eec5b19028f2765585f36be4f152bd4ac2ad280743bed14ec78e0cdbf80f0547b37b1de62d71144f03e1fdec89b05000000748adcb65ca0ed38b9c6d1649bef5cd942175affdb9c7ad5212b371f0472d39228dc6c220cc80846fb2f44911b7aed2f32000000020910a8400998e7903a401b439d9a84723e46c9f0c03a9949ac9ee2d545caf72a50cd0f2f340a04a22ffbc8c4c6aa15af1ae972c18bbe6b463707836fb08d624089a4b92531729d0ce3f44ca36b47331a4c9a51af11d5b0f9bf4b55d8d09db24c8df59c6ad111ae0f9af56e16681a53df0000000a5916c0c291dc659d25699f2b182e2fbafe091bdf7a0667a4e4f047e80fa3d64214ee7f20d63f31472ec2eeac73ca01e51c2e420f3a26cda4e0cbe82e64f92a62075131c9dfde53d16e8c3e1d0b56bd6ac203f07af450cb94b019c6bb667df2465f9317c9ac178e58f638eb52751638fd54a211ab0ab3aeee8d87a69392de458f6ddb6b9f007589f6bdb5376eeffc4f64f7c7c0c426197be97f4f83a1a6f06ff74473dde98edbb444976ef4083237a859807d1a4c1e94fe68b69609fa00431e4b4622a39bd74791ce4b1f7545291b5ded098a757f680cbe1612312c8f841a8d0b077e5cf3eb5cf85f0ed9a3a061c3aa447c9a6bc87808d3ee1f293d157d1f41f14edd5cd0b1fcb5112d7e09386a276f396d4f31f1660bb65f0206eb92d669d2800f1e0f418be23895ad0cac055f973b50c38d57df54563e5493dd7910308ed9a6") //nolint:lll // TODO "header": "11223344556677889900aabbccddeeff" nonce := hexStringToBytesTest(t, "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501") @@ -177,12 +177,12 @@ func TestBBSG2Pub_VerifyProof_SeveralDisclosedMessages(t *testing.T) { bls := bbs12381g2pub.New() t.Run("valid signature", func(t *testing.T) { - err = bls.VerifyProof(revealedMessagesBytes, proofBytes, nonce, pkBytes) + err = bls.VerifyProof(nil, revealedMessagesBytes, proofBytes, nonce, pkBytes) require.NoError(t, err) }) t.Run("invalid size of signature proof payload", func(t *testing.T) { - err = bls.VerifyProof(revealedMessagesBytes, []byte("?"), nonce, pkBytes) + err = bls.VerifyProof(nil, revealedMessagesBytes, []byte("?"), nonce, pkBytes) require.Error(t, err) require.EqualError(t, err, "parse signature proof: invalid size of PoK payload") }) @@ -192,7 +192,7 @@ func TestBBSG2Pub_VerifyProof_SeveralDisclosedMessages(t *testing.T) { copy(proofBytesCopy, proofBytes) - err = bls.VerifyProof(revealedMessagesBytes, proofBytesCopy, nonce, pkBytes) + err = bls.VerifyProof(nil, revealedMessagesBytes, proofBytesCopy, nonce, pkBytes) require.Error(t, err) require.EqualError(t, err, "parse signature proof: invalid size of signature proof") }) @@ -201,15 +201,15 @@ func TestBBSG2Pub_VerifyProof_SeveralDisclosedMessages(t *testing.T) { proofBytesCopy := make([]byte, len(proofBytes)) copy(proofBytesCopy, proofBytes) - proofBytesCopy[21] = 255 - proofBytesCopy[21] + proofBytesCopy[23] = 255 - proofBytesCopy[23] - err = bls.VerifyProof(revealedMessagesBytes, proofBytesCopy, nonce, pkBytes) + err = bls.VerifyProof(nil, revealedMessagesBytes, proofBytesCopy, nonce, pkBytes) require.Error(t, err) require.EqualError(t, err, "parse signature proof: parse G1 point: point is not on curve") }) t.Run("invalid input public key", func(t *testing.T) { - err = bls.VerifyProof(revealedMessagesBytes, proofBytes, nonce, []byte("invalid public key")) + err = bls.VerifyProof(nil, revealedMessagesBytes, proofBytes, nonce, []byte("invalid public key")) require.Error(t, err) require.EqualError(t, err, "parse public key: invalid size of public key") }) @@ -226,17 +226,17 @@ func TestBBSG2Pub_DeriveProof(t *testing.T) { messagesBytes := default10messages(t) bls := bbs12381g2pub.New() - signatureBytes, err := bls.Sign(messagesBytes, privKeyBytes) + signatureBytes, err := bls.Sign(nil, messagesBytes, privKeyBytes) require.NoError(t, err) pubKeyBytes, err := pubKey.Marshal() require.NoError(t, err) - require.NoError(t, bls.Verify(messagesBytes, signatureBytes, pubKeyBytes)) + require.NoError(t, bls.Verify(nil, messagesBytes, signatureBytes, pubKeyBytes)) nonce := hexStringToBytesTest(t, "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501") revealedIndexes := []int{0, 2} - proofBytes, err := bls.DeriveProof(messagesBytes, signatureBytes, nonce, pubKeyBytes, revealedIndexes) + proofBytes, err := bls.DeriveProof(nil, messagesBytes, signatureBytes, nonce, pubKeyBytes, revealedIndexes) require.NoError(t, err) require.NotEmpty(t, proofBytes) @@ -245,11 +245,11 @@ func TestBBSG2Pub_DeriveProof(t *testing.T) { revealedMessages[i] = messagesBytes[ind] } - require.NoError(t, bls.VerifyProof(revealedMessages, proofBytes, nonce, pubKeyBytes)) + require.NoError(t, bls.VerifyProof(nil, revealedMessages, proofBytes, nonce, pubKeyBytes)) t.Run("DeriveProof with revealedIndexes larger than revealedMessages count", func(t *testing.T) { revealedIndexes = []int{0, 2, 4, 7, 9, 11} - _, err = bls.DeriveProof(messagesBytes, signatureBytes, nonce, pubKeyBytes, revealedIndexes) + _, err = bls.DeriveProof(nil, messagesBytes, signatureBytes, nonce, pubKeyBytes, revealedIndexes) require.EqualError(t, err, "init proof of knowledge signature: "+ "invalid revealed index: requested index 11 is larger than 10 messages count") }) diff --git a/pkg/crypto/primitive/bbs12381g2pub/keys.go b/pkg/crypto/primitive/bbs12381g2pub/keys.go index 28d3e69e2e..abe595eae4 100644 --- a/pkg/crypto/primitive/bbs12381g2pub/keys.go +++ b/pkg/crypto/primitive/bbs12381g2pub/keys.go @@ -54,7 +54,7 @@ type PublicKeyWithGenerators struct { } // ToPublicKeyWithGenerators creates PublicKeyWithGenerators from the PublicKey. -func (pk *PublicKey) ToPublicKeyWithGenerators(messagesCount int) (*PublicKeyWithGenerators, error) { +func (pk *PublicKey) ToPublicKeyWithGenerators(messagesCount int, header []byte) (*PublicKeyWithGenerators, error) { specGenCnt := 2 genCnt := messagesCount + specGenCnt @@ -72,7 +72,7 @@ func (pk *PublicKey) ToPublicKeyWithGenerators(messagesCount int) (*PublicKeyWit } domainBuilder.addCsID() - // TODO use header. Probably should be a parameter to this func + domainBuilder.addBytes(header) domain := Hash2scalar(domainBuilder.build()) diff --git a/pkg/crypto/primitive/bbs12381g2pub/keys_test.go b/pkg/crypto/primitive/bbs12381g2pub/keys_test.go index 0d6264f016..6567507ae3 100644 --- a/pkg/crypto/primitive/bbs12381g2pub/keys_test.go +++ b/pkg/crypto/primitive/bbs12381g2pub/keys_test.go @@ -127,10 +127,11 @@ func TestParseMattrKeys(t *testing.T) { pubKeyBytes := base58.Decode(pubKeyB58) messagesBytes := [][]byte{[]byte("message1"), []byte("message2")} - signatureBytes, err := bbs.New().Sign(messagesBytes, privKeyBytes) + signatureBytes, err := bbs.New().Sign(nil, messagesBytes, privKeyBytes) require.NoError(t, err) - err = bbs.New().Verify(messagesBytes, signatureBytes, pubKeyBytes) + err = bbs.New().Verify(nil, + messagesBytes, signatureBytes, pubKeyBytes) require.NoError(t, err) } diff --git a/pkg/crypto/tinkcrypto/primitive/bbs/subtle/bls12381g2_signer.go b/pkg/crypto/tinkcrypto/primitive/bbs/subtle/bls12381g2_signer.go index c1d11cf9c9..c01967707a 100644 --- a/pkg/crypto/tinkcrypto/primitive/bbs/subtle/bls12381g2_signer.go +++ b/pkg/crypto/tinkcrypto/primitive/bbs/subtle/bls12381g2_signer.go @@ -32,5 +32,5 @@ func NewBLS12381G2Signer(privateKey []byte) *BLS12381G2Signer { // signature in []byte // error in case of errors func (s *BLS12381G2Signer) Sign(messages [][]byte) ([]byte, error) { - return s.bbsPrimitive.Sign(messages, s.privateKeyBytes) + return s.bbsPrimitive.Sign(nil, messages, s.privateKeyBytes) } diff --git a/pkg/crypto/tinkcrypto/primitive/bbs/subtle/bls12381g2_verifier.go b/pkg/crypto/tinkcrypto/primitive/bbs/subtle/bls12381g2_verifier.go index ce181dda1b..2f64555fb7 100644 --- a/pkg/crypto/tinkcrypto/primitive/bbs/subtle/bls12381g2_verifier.go +++ b/pkg/crypto/tinkcrypto/primitive/bbs/subtle/bls12381g2_verifier.go @@ -30,14 +30,14 @@ func NewBLS12381G2Verifier(signerPublicKey []byte) *BLS12381G2Verifier { // returns: // error in case of errors or nil if signature verification was successful func (v *BLS12381G2Verifier) Verify(messages [][]byte, signature []byte) error { - return v.bbsPrimitive.Verify(messages, signature, v.signerPubKeyBytes) + return v.bbsPrimitive.Verify(nil, messages, signature, v.signerPubKeyBytes) } // VerifyProof will verify a BBS+ signature proof (generated e.g. by DeriveProof()) with the signer's public key. // returns: // error in case of errors or nil if signature proof verification was successful func (v *BLS12381G2Verifier) VerifyProof(messages [][]byte, proof, nonce []byte) error { - return v.bbsPrimitive.VerifyProof(messages, proof, nonce, v.signerPubKeyBytes) + return v.bbsPrimitive.VerifyProof(nil, messages, proof, nonce, v.signerPubKeyBytes) } // DeriveProof will create a BBS+ signature proof for a list of revealed messages using BBS signature @@ -47,5 +47,5 @@ func (v *BLS12381G2Verifier) VerifyProof(messages [][]byte, proof, nonce []byte) // error in case of errors func (v *BLS12381G2Verifier) DeriveProof(messages [][]byte, signature, nonce []byte, revealedIndexes []int) ([]byte, error) { - return v.bbsPrimitive.DeriveProof(messages, signature, nonce, v.signerPubKeyBytes, revealedIndexes) + return v.bbsPrimitive.DeriveProof(nil, messages, signature, nonce, v.signerPubKeyBytes, revealedIndexes) } diff --git a/pkg/doc/presexch/definition_test.go b/pkg/doc/presexch/definition_test.go index 4f79cbde08..ceb756861c 100644 --- a/pkg/doc/presexch/definition_test.go +++ b/pkg/doc/presexch/definition_test.go @@ -1634,7 +1634,7 @@ func newBBSSigner(key *bbs12381g2pub.PrivateKey) (*bbsSigner, error) { } func (s *bbsSigner) Sign(data []byte) ([]byte, error) { - return bbs12381g2pub.New().Sign(s.textToLines(string(data)), s.privateKey) + return bbs12381g2pub.New().Sign(nil, s.textToLines(string(data)), s.privateKey) } func (s *bbsSigner) Alg() string { diff --git a/pkg/doc/signature/suite/bbsblssignatureproof2020/signer.go b/pkg/doc/signature/suite/bbsblssignatureproof2020/signer.go index 3c736c1cb8..e79e007e6d 100644 --- a/pkg/doc/signature/suite/bbsblssignatureproof2020/signer.go +++ b/pkg/doc/signature/suite/bbsblssignatureproof2020/signer.go @@ -101,7 +101,7 @@ func generateSignatureProof(blsSignature map[string]interface{}, resolver keyRes return nil, fmt.Errorf("get public key and signature: %w", pErr) } - signatureProofBytes, err := bls.DeriveProof(verData.blsMessages, signatureBytes, + signatureProofBytes, err := bls.DeriveProof(nil, verData.blsMessages, signatureBytes, nonce, pubKeyBytes, verData.revealIndexes) if err != nil { return nil, fmt.Errorf("derive BBS+ proof: %w", err) diff --git a/pkg/doc/signature/verifier/public_key_verifier.go b/pkg/doc/signature/verifier/public_key_verifier.go index ca5fb424a9..aedd91f6a3 100644 --- a/pkg/doc/signature/verifier/public_key_verifier.go +++ b/pkg/doc/signature/verifier/public_key_verifier.go @@ -443,7 +443,7 @@ type BBSG2SignatureVerifier struct { func (v *BBSG2SignatureVerifier) Verify(pubKeyValue *PublicKey, doc, signature []byte) error { bbs := bbs12381g2pub.New() - return bbs.Verify(splitMessageIntoLines(string(doc), false), signature, pubKeyValue.Value) + return bbs.Verify(nil, splitMessageIntoLines(string(doc), false), signature, pubKeyValue.Value) } // NewBBSG2SignatureProofVerifier creates a new BBSG2SignatureProofVerifier. @@ -467,7 +467,7 @@ type BBSG2SignatureProofVerifier struct { func (v *BBSG2SignatureProofVerifier) Verify(pubKeyValue *PublicKey, doc, signature []byte) error { bbs := bbs12381g2pub.New() - return bbs.VerifyProof(splitMessageIntoLines(string(doc), true), + return bbs.VerifyProof(nil, splitMessageIntoLines(string(doc), true), signature, v.nonce, pubKeyValue.Value) } diff --git a/pkg/doc/verifiable/credential_ldp_test.go b/pkg/doc/verifiable/credential_ldp_test.go index bfa324af3b..df2cbe4e69 100644 --- a/pkg/doc/verifiable/credential_ldp_test.go +++ b/pkg/doc/verifiable/credential_ldp_test.go @@ -1341,7 +1341,7 @@ func newBBSSigner(privKey *bbs12381g2pub.PrivateKey) (*bbsSigner, error) { func (s *bbsSigner) Sign(data []byte) ([]byte, error) { msgs := s.textToLines(string(data)) - return bbs12381g2pub.New().Sign(msgs, s.privKeyBytes) + return bbs12381g2pub.New().Sign(nil, msgs, s.privKeyBytes) } func (s *bbsSigner) Alg() string { diff --git a/pkg/doc/verifiable/example_support_test.go b/pkg/doc/verifiable/example_support_test.go index a39b0850f0..6fbc15a06b 100644 --- a/pkg/doc/verifiable/example_support_test.go +++ b/pkg/doc/verifiable/example_support_test.go @@ -72,7 +72,7 @@ func newBBSSigner(privKey *bbs12381g2pub.PrivateKey) (*bbsSigner, error) { func (s *bbsSigner) Sign(data []byte) ([]byte, error) { msgs := s.textToLines(string(data)) - return bbs12381g2pub.New().Sign(msgs, s.privKeyBytes) + return bbs12381g2pub.New().Sign(nil, msgs, s.privKeyBytes) } // Alg return alg. diff --git a/test/bbs/src/support_signer.go b/test/bbs/src/support_signer.go index c904dc279d..e5199cfc79 100644 --- a/test/bbs/src/support_signer.go +++ b/test/bbs/src/support_signer.go @@ -30,7 +30,7 @@ func newBBSSigner(privKey *bbs.PrivateKey) (*bbsSigner, error) { func (s *bbsSigner) Sign(data []byte) ([]byte, error) { msgs := s.textToLines(string(data)) - return bbs.New().Sign(msgs, s.privKeyBytes) + return bbs.New().Sign(nil, msgs, s.privKeyBytes) } func (s *bbsSigner) Alg() string {