@nuggetslife/vc 0.0.23 → 0.0.24

package/generate_golden_files.mjs

@@ -0,0 +1,181 @@
+/**
+ * generate_golden_files.mjs
+ *
+ * Generates golden-file signed VCs using the @mattrglobal library.
+ * These fixtures are saved as static JSON for backward compatibility testing
+ * against the new NAPI-based implementation.
+ *
+ * Outputs:
+ *   test-data/golden/mattrglobal-signed-prc.json   (BbsBlsSignature2020 signed VC)
+ *   test-data/golden/mattrglobal-derived-prc.json   (BbsBlsSignatureProof2020 derived proof)
+ *
+ * Usage:
+ *   node generate_golden_files.mjs
+ */
+
+import { readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { resolve, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { createRequire } from 'node:module';
+
+// @mattrglobal libraries (CJS, loaded via createRequire)
+const require = createRequire(import.meta.url);
+const { Bls12381G2KeyPair } = require('@mattrglobal/bls12381-key-pair');
+const {
+  BbsBlsSignature2020,
+  BbsBlsSignatureProof2020,
+  deriveProof,
+} = require('@mattrglobal/jsonld-signatures-bbs');
+const { sign, purposes, extendContextLoader } = require('jsonld-signatures');
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const dataDir = resolve(__dirname, 'test-data');
+const goldenDir = resolve(dataDir, 'golden');
+const loadJson = (name) => JSON.parse(readFileSync(resolve(dataDir, name), 'utf8'));
+
+// Load test data
+const inputDocument = loadJson('inputDocument.json');
+const keyPairJson = loadJson('keyPair.json');
+const controllerDocument = loadJson('controllerDocument.json');
+const citizenVocab = loadJson('citizenVocab.json');
+const bbsContext = loadJson('bbs.json');
+const credentialsContext = loadJson('credentialsContext.json');
+const suiteContext = loadJson('suiteContext.json');
+const revealDocument = loadJson('deriveProofFrame.json');
+
+// Build document loader (same pattern as test_jsonld_crossverify.mjs)
+const documents = {
+  "did:example:489398593#test": keyPairJson,
+  "did:example:489398593": controllerDocument,
+  "https://w3id.org/citizenship/v1": citizenVocab,
+  "https://w3id.org/security/bbs/v1": bbsContext,
+  "https://www.w3.org/2018/credentials/v1": credentialsContext,
+  "https://w3id.org/security/suites/jws-2020/v1": suiteContext,
+};
+
+const customDocLoader = (url) => {
+  const context = documents[url];
+  if (context) {
+    return { contextUrl: null, document: context, documentUrl: url };
+  }
+  throw new Error(`Attempted to remote load context: '${url}', please cache instead`);
+};
+const documentLoader = extendContextLoader(customDocLoader);
+
+async function main() {
+  // Ensure golden directory exists
+  mkdirSync(goldenDir, { recursive: true });
+
+  // ---------- Step 1: Sign the PRC document ----------
+  console.log('Creating key pair from test data...');
+  const keyPair = await Bls12381G2KeyPair.from({
+    id: keyPairJson.id,
+    controller: keyPairJson.controller,
+    publicKeyBase58: keyPairJson.publicKeyBase58,
+    privateKeyBase58: keyPairJson.privateKeyBase58,
+  });
+
+  const suite = new BbsBlsSignature2020({ key: keyPair });
+
+  console.log('Signing inputDocument with @mattrglobal BbsBlsSignature2020...');
+  const signedDocument = await sign(inputDocument, {
+    suite,
+    purpose: new purposes.AssertionProofPurpose(),
+    documentLoader,
+  });
+
+  const signedPath = resolve(goldenDir, 'mattrglobal-signed-prc.json');
+  writeFileSync(signedPath, JSON.stringify(signedDocument, null, 2) + '\n');
+  console.log(`  Saved signed document to: ${signedPath}`);
+  console.log(`  Proof type: ${signedDocument.proof.type}`);
+  console.log(`  Verification method: ${signedDocument.proof.verificationMethod}`);
+
+  // ---------- Step 2: Derive a proof ----------
+  console.log('Deriving proof with @mattrglobal BbsBlsSignatureProof2020...');
+  const derivedDocument = await deriveProof(signedDocument, revealDocument, {
+    suite: new BbsBlsSignatureProof2020(),
+    documentLoader,
+  });
+
+  const derivedPath = resolve(goldenDir, 'mattrglobal-derived-prc.json');
+  writeFileSync(derivedPath, JSON.stringify(derivedDocument, null, 2) + '\n');
+  console.log(`  Saved derived document to: ${derivedPath}`);
+  console.log(`  Proof type: ${derivedDocument.proof.type}`);
+  console.log(`  Nonce present: ${!!derivedDocument.proof.nonce}`);
+
+  // ---------- Step 3: Verify both documents ----------
+  console.log('Verifying signed document...');
+  const { verify } = require('jsonld-signatures');
+  const verifySignedResult = await verify(signedDocument, {
+    suite: new BbsBlsSignature2020(),
+    purpose: new purposes.AssertionProofPurpose(),
+    documentLoader,
+  });
+  console.log(`  Signed document verified: ${verifySignedResult.verified}`);
+  if (!verifySignedResult.verified) {
+    console.error('  ERROR:', verifySignedResult.error);
+    process.exit(1);
+  }
+
+  console.log('Verifying derived document...');
+  const verifyDerivedResult = await verify(derivedDocument, {
+    suite: new BbsBlsSignatureProof2020(),
+    purpose: new purposes.AssertionProofPurpose(),
+    documentLoader,
+  });
+  console.log(`  Derived document verified: ${verifyDerivedResult.verified}`);
+  if (!verifyDerivedResult.verified) {
+    console.error('  ERROR:', verifyDerivedResult.error);
+    process.exit(1);
+  }
+
+  // ---------- Step 4: Sign additional VC variants ----------
+  // These test different field counts (BBS+ signatures depend on statement count)
+
+  const loadGolden = (name) => JSON.parse(readFileSync(resolve(goldenDir, name), 'utf8'));
+
+  // Minimal VC (few fields)
+  const minimalDoc = loadGolden('inputDocument-minimal.json');
+  console.log('Signing minimal VC (few fields)...');
+  const signedMinimal = await sign(minimalDoc, {
+    suite: new BbsBlsSignature2020({ key: keyPair }),
+    purpose: new purposes.AssertionProofPurpose(),
+    documentLoader,
+  });
+  const minimalPath = resolve(goldenDir, 'mattrglobal-signed-minimal.json');
+  writeFileSync(minimalPath, JSON.stringify(signedMinimal, null, 2) + '\n');
+  console.log(`  Saved: ${minimalPath}`);
+
+  // Rich VC (many fields, similar to Nuggets identity credentials)
+  const richDoc = loadGolden('inputDocument-rich.json');
+  console.log('Signing rich VC (many fields)...');
+  const signedRich = await sign(richDoc, {
+    suite: new BbsBlsSignature2020({ key: keyPair }),
+    purpose: new purposes.AssertionProofPurpose(),
+    documentLoader,
+  });
+  const richPath = resolve(goldenDir, 'mattrglobal-signed-rich.json');
+  writeFileSync(richPath, JSON.stringify(signedRich, null, 2) + '\n');
+  console.log(`  Saved: ${richPath}`);
+
+  // Verify additional variants
+  for (const [name, doc] of [['minimal', signedMinimal], ['rich', signedRich]]) {
+    const result = await verify(doc, {
+      suite: new BbsBlsSignature2020(),
+      purpose: new purposes.AssertionProofPurpose(),
+      documentLoader,
+    });
+    console.log(`  ${name} VC verified: ${result.verified}`);
+    if (!result.verified) {
+      console.error('  ERROR:', result.error);
+      process.exit(1);
+    }
+  }
+
+  console.log('\nAll golden files generated and verified successfully.');
+}
+
+main().catch((err) => {
+  console.error('Fatal error:', err);
+  process.exit(1);
+});

package/index.d.ts

@@ -3,6 +3,24 @@
 
 /* auto-generated by NAPI-RS */
 
+export interface Bbs2023VerifyOutput {
+  verified: boolean
+  error?: string
+}
+export declare function bbs2023Sign(options: any): any
+export declare function bbs2023Derive(options: any): any
+export declare function bbs2023Verify(document: any, publicKey?: string | undefined | null): Bbs2023VerifyOutput
+export interface BbsIetfKeyPair {
+  /** Hex-encoded secret key (32 bytes) */
+  secretKey: string
+  /** Hex-encoded public key (96 bytes, compressed G2) */
+  publicKey: string
+}
+export declare function bbsIetfKeygen(ikm?: Buffer | undefined | null, keyInfo?: Buffer | undefined | null, ciphersuite?: string | undefined | null): BbsIetfKeyPair
+export declare function bbsIetfSign(secretKey: Buffer, publicKey: Buffer, header: Buffer | undefined | null, messages: Array<string>, ciphersuite?: string | undefined | null): Buffer
+export declare function bbsIetfVerify(publicKey: Buffer, signature: Buffer, header: Buffer | undefined | null, messages: Array<string>, ciphersuite?: string | undefined | null): boolean
+export declare function bbsIetfProofGen(publicKey: Buffer, signature: Buffer, header: Buffer | undefined | null, presentationHeader: Buffer | undefined | null, messages: Array<string>, disclosedIndices: Array<number>, ciphersuite?: string | undefined | null): Buffer
+export declare function bbsIetfProofVerify(publicKey: Buffer, proof: Buffer, header: Buffer | undefined | null, presentationHeader: Buffer | undefined | null, disclosedMessages: any, totalMessageCount: number, ciphersuite?: string | undefined | null): boolean
 export interface BoundSignatureSuiteOptions {
   key?: KeyPairOptions
   verificationMethod?: string
@@ -336,6 +354,28 @@ export declare function unblindSignature(blindSignature: Uint8Array, blindingFac
  * Output: derived document JSON with embedded proof
  */
 export declare function deriveProofHolderBound(proofDocument: any, revealDocument: any, options: any): Promise<any>
+export interface SdJwtDisclosure {
+  salt: string
+  claimName: string
+  claimValue: any
+  encoded: string
+  digest: string
+}
+export interface SdJwtIssueOutput {
+  sdJwt: string
+  disclosures: Array<SdJwtDisclosure>
+}
+export interface SdJwtPresentOutput {
+  presentation: string
+}
+export interface SdJwtVerifyOutput {
+  verified: boolean
+  claims: any
+  error?: string
+}
+export declare function sdJwtIssue(claims: any, disclosable: Array<string>, jwk: any, alg: string, holderJwk?: any | undefined | null, decoyCount?: number | undefined | null): SdJwtIssueOutput
+export declare function sdJwtPresent(sdJwt: string, disclosuresToReveal: Array<string>, kbJwk?: any | undefined | null, kbAlg?: string | undefined | null, audience?: string | undefined | null, nonce?: string | undefined | null): SdJwtPresentOutput
+export declare function sdJwtVerify(presentation: string, issuerJwk: any, holderJwk?: any | undefined | null, audience?: string | undefined | null, nonce?: string | undefined | null): SdJwtVerifyOutput
 export declare class BbsBlsHolderBoundSignature2022 {
   type: string
   constructor(options?: BoundSignatureSuiteOptions | undefined | null)

package/index.js

@@ -310,8 +310,16 @@ if (!nativeBinding) {
   throw new Error(`Failed to load native binding`)
 }
 
-const { BbsBlsHolderBoundSignature2022, BbsBlsHolderBoundSignatureProof2022, BbsBlsSignature2020, BbsBlsSignatureProof2020, Bls12381G2KeyPair, KeyPairSigner, KeyPairVerifier, BoundBls12381G2KeyPair, JoseNamedCurve, JoseContentEncryption, JoseKeyEncryption, JoseSigningAlgorithm, generateJwk, generateKeyPair, joseEncrypt, joseDecrypt, generalEncryptJson, decryptJson, compactSignJson, compactJsonVerify, flattenedSignJson, jsonVerify, generalSignJson, JsonLd, ldSign, ldVerify, ldDeriveProof, deriveProof, createCommitment, verifyCommitment, unblindSignature, deriveProofHolderBound } = nativeBinding
+const { bbs2023Sign, bbs2023Derive, bbs2023Verify, bbsIetfKeygen, bbsIetfSign, bbsIetfVerify, bbsIetfProofGen, bbsIetfProofVerify, BbsBlsHolderBoundSignature2022, BbsBlsHolderBoundSignatureProof2022, BbsBlsSignature2020, BbsBlsSignatureProof2020, Bls12381G2KeyPair, KeyPairSigner, KeyPairVerifier, BoundBls12381G2KeyPair, JoseNamedCurve, JoseContentEncryption, JoseKeyEncryption, JoseSigningAlgorithm, generateJwk, generateKeyPair, joseEncrypt, joseDecrypt, generalEncryptJson, decryptJson, compactSignJson, compactJsonVerify, flattenedSignJson, jsonVerify, generalSignJson, JsonLd, ldSign, ldVerify, ldDeriveProof, deriveProof, createCommitment, verifyCommitment, unblindSignature, deriveProofHolderBound, sdJwtIssue, sdJwtPresent, sdJwtVerify } = nativeBinding
 
+module.exports.bbs2023Sign = bbs2023Sign
+module.exports.bbs2023Derive = bbs2023Derive
+module.exports.bbs2023Verify = bbs2023Verify
+module.exports.bbsIetfKeygen = bbsIetfKeygen
+module.exports.bbsIetfSign = bbsIetfSign
+module.exports.bbsIetfVerify = bbsIetfVerify
+module.exports.bbsIetfProofGen = bbsIetfProofGen
+module.exports.bbsIetfProofVerify = bbsIetfProofVerify
 module.exports.BbsBlsHolderBoundSignature2022 = BbsBlsHolderBoundSignature2022
 module.exports.BbsBlsHolderBoundSignatureProof2022 = BbsBlsHolderBoundSignatureProof2022
 module.exports.BbsBlsSignature2020 = BbsBlsSignature2020
@@ -344,3 +352,6 @@ module.exports.createCommitment = createCommitment
 module.exports.verifyCommitment = verifyCommitment
 module.exports.unblindSignature = unblindSignature
 module.exports.deriveProofHolderBound = deriveProofHolderBound
+module.exports.sdJwtIssue = sdJwtIssue
+module.exports.sdJwtPresent = sdJwtPresent
+module.exports.sdJwtVerify = sdJwtVerify

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nuggetslife/vc",
-  "version": "0.0.23",
+  "version": "0.0.24",
   "main": "index.js",
   "types": "index.d.ts",
   "napi": {
@@ -32,17 +32,17 @@
     "build": "napi build --platform --release",
     "build:debug": "napi build --platform",
     "prepublishOnly": "napi prepublish -t npm",
-    "test": "node test.mjs && node test_jose.mjs && node test_jsonld_crossverify.mjs",
+    "test": "node test.mjs && node test_jose.mjs && node test_sd_jwt.mjs && node test_jsonld_crossverify.mjs && node test_backward_compat.mjs",
     "universal": "napi universal",
     "version": "napi version"
   },
   "packageManager": "yarn@4.3.1",
   "optionalDependencies": {
-    "@nuggetslife/vc-darwin-arm64": "0.0.23",
-    "@nuggetslife/vc-linux-arm64-gnu": "0.0.23",
-    "@nuggetslife/vc-linux-arm64-musl": "0.0.23",
-    "@nuggetslife/vc-linux-x64-gnu": "0.0.23",
-    "@nuggetslife/vc-linux-x64-musl": "0.0.23"
+    "@nuggetslife/vc-darwin-arm64": "0.0.24",
+    "@nuggetslife/vc-linux-arm64-gnu": "0.0.24",
+    "@nuggetslife/vc-linux-arm64-musl": "0.0.24",
+    "@nuggetslife/vc-linux-x64-gnu": "0.0.24",
+    "@nuggetslife/vc-linux-x64-musl": "0.0.24"
   },
   "dependencies": {}
 }

package/src/bbs_2023.rs

@@ -0,0 +1,71 @@
+use serde_json::Value;
+
+// ---------------------------------------------------------------------------
+// Result types
+// ---------------------------------------------------------------------------
+
+#[napi(object)]
+pub struct Bbs2023VerifyOutput {
+    pub verified: bool,
+    pub error: Option<String>,
+}
+
+// ---------------------------------------------------------------------------
+// bbs2023Sign — create a base proof (issuer)
+// ---------------------------------------------------------------------------
+
+#[napi(js_name = "bbs2023Sign")]
+pub fn bbs2023_sign(options: Value) -> napi::Result<Value> {
+    let sign_opts: vc::bbs_2023::SignOptions = serde_json::from_value(options)
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023Sign parse options: {e}")))?;
+
+    let rt = tokio::runtime::Runtime::new()
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023Sign runtime: {e}")))?;
+
+    let result = rt
+        .block_on(vc::bbs_2023::create_base_proof(sign_opts))
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023Sign failed: {e}")))?;
+
+    Ok(result)
+}
+
+// ---------------------------------------------------------------------------
+// bbs2023Derive — create a derived proof (holder)
+// ---------------------------------------------------------------------------
+
+#[napi(js_name = "bbs2023Derive")]
+pub fn bbs2023_derive(options: Value) -> napi::Result<Value> {
+    let derive_opts: vc::bbs_2023::DeriveOptions = serde_json::from_value(options)
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023Derive parse options: {e}")))?;
+
+    let rt = tokio::runtime::Runtime::new()
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023Derive runtime: {e}")))?;
+
+    let result = rt
+        .block_on(vc::bbs_2023::create_derived_proof(derive_opts))
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023Derive failed: {e}")))?;
+
+    Ok(result)
+}
+
+// ---------------------------------------------------------------------------
+// bbs2023Verify — verify a base or derived proof
+// ---------------------------------------------------------------------------
+
+#[napi(js_name = "bbs2023Verify")]
+pub fn bbs2023_verify(
+    document: Value,
+    public_key: Option<String>,
+) -> napi::Result<Bbs2023VerifyOutput> {
+    let rt = tokio::runtime::Runtime::new()
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023Verify runtime: {e}")))?;
+
+    let result = rt
+        .block_on(vc::bbs_2023::verify_proof(document, public_key))
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023Verify failed: {e}")))?;
+
+    Ok(Bbs2023VerifyOutput {
+        verified: result.verified,
+        error: result.error,
+    })
+}

package/src/bbs_ietf.rs

@@ -0,0 +1,255 @@
+use napi::bindgen_prelude::Buffer;
+use serde_json::Value;
+
+// ---------------------------------------------------------------------------
+// Result types
+// ---------------------------------------------------------------------------
+
+#[napi(object)]
+pub struct BbsIetfKeyPair {
+    /// Hex-encoded secret key (32 bytes)
+    pub secret_key: String,
+    /// Hex-encoded public key (96 bytes, compressed G2)
+    pub public_key: String,
+}
+
+// ---------------------------------------------------------------------------
+// Key Generation
+// ---------------------------------------------------------------------------
+
+#[napi(js_name = "bbsIetfKeygen")]
+pub fn bbs_ietf_keygen(
+    ikm: Option<Buffer>,
+    key_info: Option<Buffer>,
+    ciphersuite: Option<String>,
+) -> napi::Result<BbsIetfKeyPair> {
+    let ikm_bytes = ikm.as_deref();
+    let key_info_bytes = key_info.as_deref().unwrap_or(&[]);
+    let cs = ciphersuite.as_deref().unwrap_or("SHA-256");
+
+    let kp = match cs {
+        "SHAKE-256" => vc::bbs_ietf::keygen::<vc::bbs_ietf::Bls12381Shake256>(
+            ikm_bytes,
+            key_info_bytes,
+        ),
+        _ => vc::bbs_ietf::keygen::<vc::bbs_ietf::Bls12381Sha256>(
+            ikm_bytes,
+            key_info_bytes,
+        ),
+    }
+    .map_err(|e| napi::Error::from_reason(format!("bbsIetfKeygen: {e}")))?;
+
+    Ok(BbsIetfKeyPair {
+        secret_key: hex::encode(vc::bbs_ietf::serialize::scalar_to_bytes(&kp.secret_key.0)),
+        public_key: hex::encode(vc::bbs_ietf::serialize::point_to_octets_g2(&kp.public_key.0)),
+    })
+}
+
+// ---------------------------------------------------------------------------
+// Sign
+// ---------------------------------------------------------------------------
+
+#[napi(js_name = "bbsIetfSign")]
+pub fn bbs_ietf_sign(
+    secret_key: Buffer,
+    public_key: Buffer,
+    header: Option<Buffer>,
+    messages: Vec<String>,
+    ciphersuite: Option<String>,
+) -> napi::Result<Buffer> {
+    let sk = vc::bbs_ietf::serialize::bytes_to_scalar(&secret_key)
+        .map_err(|e| napi::Error::from_reason(format!("bbsIetfSign invalid SK: {e}")))?;
+    let pk_point = vc::bbs_ietf::serialize::octets_to_point_g2(&public_key)
+        .map_err(|e| napi::Error::from_reason(format!("bbsIetfSign invalid PK: {e}")))?;
+
+    let header = header.as_deref().unwrap_or(&[]);
+    let cs = ciphersuite.as_deref().unwrap_or("SHA-256");
+
+    let sk = vc::bbs_ietf::SecretKey(sk);
+    let pk = vc::bbs_ietf::PublicKey(pk_point);
+
+    let sig = match cs {
+        "SHAKE-256" => {
+            let scalars: Vec<_> = messages
+                .iter()
+                .map(|m| vc::bbs_ietf::map_message_to_scalar::<vc::bbs_ietf::Bls12381Shake256>(m.as_bytes()))
+                .collect();
+            vc::bbs_ietf::sign::<vc::bbs_ietf::Bls12381Shake256>(&sk, &pk, header, &scalars)
+        }
+        _ => {
+            let scalars: Vec<_> = messages
+                .iter()
+                .map(|m| vc::bbs_ietf::map_message_to_scalar::<vc::bbs_ietf::Bls12381Sha256>(m.as_bytes()))
+                .collect();
+            vc::bbs_ietf::sign::<vc::bbs_ietf::Bls12381Sha256>(&sk, &pk, header, &scalars)
+        }
+    }
+    .map_err(|e| napi::Error::from_reason(format!("bbsIetfSign: {e}")))?;
+
+    let bytes = vc::bbs_ietf::serialize_signature(&sig);
+    Ok(Buffer::from(bytes.to_vec()))
+}
+
+// ---------------------------------------------------------------------------
+// Verify
+// ---------------------------------------------------------------------------
+
+#[napi(js_name = "bbsIetfVerify")]
+pub fn bbs_ietf_verify(
+    public_key: Buffer,
+    signature: Buffer,
+    header: Option<Buffer>,
+    messages: Vec<String>,
+    ciphersuite: Option<String>,
+) -> napi::Result<bool> {
+    let pk_point = vc::bbs_ietf::serialize::octets_to_point_g2(&public_key)
+        .map_err(|e| napi::Error::from_reason(format!("bbsIetfVerify invalid PK: {e}")))?;
+    let sig = vc::bbs_ietf::deserialize_signature(&signature)
+        .map_err(|e| napi::Error::from_reason(format!("bbsIetfVerify invalid sig: {e}")))?;
+
+    let header = header.as_deref().unwrap_or(&[]);
+    let cs = ciphersuite.as_deref().unwrap_or("SHA-256");
+    let pk = vc::bbs_ietf::PublicKey(pk_point);
+
+    match cs {
+        "SHAKE-256" => {
+            let scalars: Vec<_> = messages
+                .iter()
+                .map(|m| vc::bbs_ietf::map_message_to_scalar::<vc::bbs_ietf::Bls12381Shake256>(m.as_bytes()))
+                .collect();
+            vc::bbs_ietf::verify::<vc::bbs_ietf::Bls12381Shake256>(&pk, &sig, header, &scalars)
+        }
+        _ => {
+            let scalars: Vec<_> = messages
+                .iter()
+                .map(|m| vc::bbs_ietf::map_message_to_scalar::<vc::bbs_ietf::Bls12381Sha256>(m.as_bytes()))
+                .collect();
+            vc::bbs_ietf::verify::<vc::bbs_ietf::Bls12381Sha256>(&pk, &sig, header, &scalars)
+        }
+    }
+    .map_err(|e| napi::Error::from_reason(format!("bbsIetfVerify: {e}")))
+}
+
+// ---------------------------------------------------------------------------
+// ProofGen
+// ---------------------------------------------------------------------------
+
+#[napi(js_name = "bbsIetfProofGen")]
+pub fn bbs_ietf_proof_gen(
+    public_key: Buffer,
+    signature: Buffer,
+    header: Option<Buffer>,
+    presentation_header: Option<Buffer>,
+    messages: Vec<String>,
+    disclosed_indices: Vec<u32>,
+    ciphersuite: Option<String>,
+) -> napi::Result<Buffer> {
+    let pk_point = vc::bbs_ietf::serialize::octets_to_point_g2(&public_key)
+        .map_err(|e| napi::Error::from_reason(format!("bbsIetfProofGen invalid PK: {e}")))?;
+    let sig = vc::bbs_ietf::deserialize_signature(&signature)
+        .map_err(|e| napi::Error::from_reason(format!("bbsIetfProofGen invalid sig: {e}")))?;
+
+    let header = header.as_deref().unwrap_or(&[]);
+    let ph = presentation_header.as_deref().unwrap_or(&[]);
+    let cs = ciphersuite.as_deref().unwrap_or("SHA-256");
+    let indices: Vec<usize> = disclosed_indices.iter().map(|&i| i as usize).collect();
+    let pk = vc::bbs_ietf::PublicKey(pk_point);
+
+    let proof = match cs {
+        "SHAKE-256" => {
+            let scalars: Vec<_> = messages
+                .iter()
+                .map(|m| vc::bbs_ietf::map_message_to_scalar::<vc::bbs_ietf::Bls12381Shake256>(m.as_bytes()))
+                .collect();
+            vc::bbs_ietf::proof_gen::<vc::bbs_ietf::Bls12381Shake256>(
+                &pk, &sig, header, ph, &scalars, &indices,
+            )
+        }
+        _ => {
+            let scalars: Vec<_> = messages
+                .iter()
+                .map(|m| vc::bbs_ietf::map_message_to_scalar::<vc::bbs_ietf::Bls12381Sha256>(m.as_bytes()))
+                .collect();
+            vc::bbs_ietf::proof_gen::<vc::bbs_ietf::Bls12381Sha256>(
+                &pk, &sig, header, ph, &scalars, &indices,
+            )
+        }
+    }
+    .map_err(|e| napi::Error::from_reason(format!("bbsIetfProofGen: {e}")))?;
+
+    Ok(Buffer::from(proof))
+}
+
+// ---------------------------------------------------------------------------
+// ProofVerify
+// ---------------------------------------------------------------------------
+
+#[napi(js_name = "bbsIetfProofVerify")]
+pub fn bbs_ietf_proof_verify(
+    public_key: Buffer,
+    proof: Buffer,
+    header: Option<Buffer>,
+    presentation_header: Option<Buffer>,
+    disclosed_messages: Value, // { "0": "msg0", "2": "msg2", ... }
+    total_message_count: u32,
+    ciphersuite: Option<String>,
+) -> napi::Result<bool> {
+    let pk_point = vc::bbs_ietf::serialize::octets_to_point_g2(&public_key)
+        .map_err(|e| napi::Error::from_reason(format!("bbsIetfProofVerify invalid PK: {e}")))?;
+
+    let header = header.as_deref().unwrap_or(&[]);
+    let ph = presentation_header.as_deref().unwrap_or(&[]);
+    let cs = ciphersuite.as_deref().unwrap_or("SHA-256");
+    let pk = vc::bbs_ietf::PublicKey(pk_point);
+
+    let obj = disclosed_messages
+        .as_object()
+        .ok_or_else(|| napi::Error::from_reason("disclosedMessages must be an object"))?;
+
+    match cs {
+        "SHAKE-256" => {
+            let disclosed: Vec<(usize, vc::bbs_ietf::Scalar)> = obj
+                .iter()
+                .map(|(k, v)| {
+                    let idx: usize = k.parse().map_err(|_| {
+                        napi::Error::from_reason(format!("invalid index: {k}"))
+                    })?;
+                    let msg_str = v.as_str().unwrap_or("");
+                    let scalar = vc::bbs_ietf::map_message_to_scalar::<vc::bbs_ietf::Bls12381Shake256>(msg_str.as_bytes());
+                    Ok((idx, scalar))
+                })
+                .collect::<napi::Result<_>>()?;
+            vc::bbs_ietf::proof_verify::<vc::bbs_ietf::Bls12381Shake256>(
+                &pk,
+                &proof,
+                header,
+                ph,
+                &disclosed,
+                total_message_count as usize,
+            )
+            .map_err(|e| napi::Error::from_reason(format!("bbsIetfProofVerify: {e}")))
+        }
+        _ => {
+            let disclosed: Vec<(usize, vc::bbs_ietf::Scalar)> = obj
+                .iter()
+                .map(|(k, v)| {
+                    let idx: usize = k.parse().map_err(|_| {
+                        napi::Error::from_reason(format!("invalid index: {k}"))
+                    })?;
+                    let msg_str = v.as_str().unwrap_or("");
+                    let scalar = vc::bbs_ietf::map_message_to_scalar::<vc::bbs_ietf::Bls12381Sha256>(msg_str.as_bytes());
+                    Ok((idx, scalar))
+                })
+                .collect::<napi::Result<_>>()?;
+            vc::bbs_ietf::proof_verify::<vc::bbs_ietf::Bls12381Sha256>(
+                &pk,
+                &proof,
+                header,
+                ph,
+                &disclosed,
+                total_message_count as usize,
+            )
+            .map_err(|e| napi::Error::from_reason(format!("bbsIetfProofVerify: {e}")))
+        }
+    }
+}

package/src/lib.rs

@@ -3,7 +3,10 @@
 #[macro_use]
 extern crate napi_derive;
 
+pub mod bbs_2023;
+pub mod bbs_ietf;
 pub mod bls_signatures;
 pub mod jose;
 pub mod jsonld;
 pub mod ld_signatures;
+pub mod sd_jwt;