@nuggetslife/vc 0.0.23 → 0.0.24

package/test_bbs_2023.mjs

@@ -0,0 +1,195 @@
+import test from 'node:test';
+import assert from 'node:assert';
+import {
+    bbsIetfKeygen,
+    bbs2023Sign,
+    bbs2023Derive,
+    bbs2023Verify,
+} from './index.js';
+
+// =====================================================================
+// Helpers
+// =====================================================================
+
+function makeKeyPair() {
+    const kp = bbsIetfKeygen();
+    return { secretKey: kp.secretKey, publicKey: kp.publicKey };
+}
+
+function sampleCredential() {
+    return {
+        '@context': [
+            'https://www.w3.org/2018/credentials/v1',
+            {
+                name: 'http://schema.org/name',
+                age: 'http://schema.org/age',
+                email: 'http://schema.org/email',
+                alumniOf: 'http://schema.org/alumniOf',
+            },
+        ],
+        type: ['VerifiableCredential'],
+        issuer: 'did:example:issuer',
+        issuanceDate: '2024-01-01T00:00:00Z',
+        credentialSubject: {
+            id: 'did:example:user123',
+            name: 'Alice',
+            age: 30,
+            email: 'alice@example.com',
+            alumniOf: 'Example University',
+        },
+    };
+}
+
+// =====================================================================
+// BBS-2023 Round-Trip: Sign → Verify Base Proof
+// =====================================================================
+
+test('bbs-2023: sign and verify base proof', () => {
+    const kp = makeKeyPair();
+    const doc = sampleCredential();
+
+    const signed = bbs2023Sign({
+        document: doc,
+        secretKey: kp.secretKey,
+        publicKey: kp.publicKey,
+        mandatoryPointers: ['/issuer', '/issuanceDate'],
+        verificationMethod: 'did:example:issuer#bbs-key-1',
+        proofPurpose: 'assertionMethod',
+    });
+
+    assert.ok(signed.proof, 'signed document has proof');
+    assert.equal(signed.proof.type, 'DataIntegrityProof');
+    assert.equal(signed.proof.cryptosuite, 'bbs-2023');
+    assert.ok(signed.proof.proofValue.startsWith('u'), 'proofValue starts with multibase u');
+
+    // Verify
+    const result = bbs2023Verify(signed, kp.publicKey);
+    assert.ok(result.verified, 'base proof verified');
+    assert.equal(result.error, null);
+});
+
+// =====================================================================
+// BBS-2023 Full Round-Trip: Sign → Derive → Verify
+// =====================================================================
+
+test('bbs-2023: sign → derive → verify round-trip', () => {
+    const kp = makeKeyPair();
+    const doc = sampleCredential();
+
+    // Issuer signs
+    const signed = bbs2023Sign({
+        document: doc,
+        secretKey: kp.secretKey,
+        publicKey: kp.publicKey,
+        mandatoryPointers: ['/issuer', '/issuanceDate'],
+    });
+
+    // Holder derives selective disclosure
+    const derived = bbs2023Derive({
+        document: signed,
+        selectivePointers: ['/credentialSubject/name'],
+    });
+
+    assert.ok(derived.proof, 'derived document has proof');
+    assert.equal(derived.proof.cryptosuite, 'bbs-2023');
+
+    // Verifier verifies
+    const result = bbs2023Verify(derived, kp.publicKey);
+    assert.ok(result.verified, 'derived proof verified');
+    assert.equal(result.error, null);
+});
+
+// =====================================================================
+// Wrong Key Rejection
+// =====================================================================
+
+test('bbs-2023: verification fails with wrong key', () => {
+    const kp = makeKeyPair();
+    const wrongKp = makeKeyPair();
+    const doc = sampleCredential();
+
+    const signed = bbs2023Sign({
+        document: doc,
+        secretKey: kp.secretKey,
+        publicKey: kp.publicKey,
+        mandatoryPointers: ['/issuer'],
+    });
+
+    const result = bbs2023Verify(signed, wrongKp.publicKey);
+    assert.equal(result.verified, false, 'should not verify with wrong key');
+});
+
+// =====================================================================
+// Mandatory-Only (No Selective Disclosure)
+// =====================================================================
+
+test('bbs-2023: derive with no selective pointers', () => {
+    const kp = makeKeyPair();
+    const doc = sampleCredential();
+
+    const signed = bbs2023Sign({
+        document: doc,
+        secretKey: kp.secretKey,
+        publicKey: kp.publicKey,
+        mandatoryPointers: ['/issuer', '/issuanceDate'],
+    });
+
+    // Derive with no selective pointers — only mandatory fields disclosed
+    const derived = bbs2023Derive({
+        document: signed,
+        selectivePointers: [],
+    });
+
+    const result = bbs2023Verify(derived, kp.publicKey);
+    assert.ok(result.verified, 'mandatory-only derived proof verified');
+});
+
+// =====================================================================
+// All Fields Selective
+// =====================================================================
+
+test('bbs-2023: derive revealing all fields', () => {
+    const kp = makeKeyPair();
+    const doc = sampleCredential();
+
+    const signed = bbs2023Sign({
+        document: doc,
+        secretKey: kp.secretKey,
+        publicKey: kp.publicKey,
+        mandatoryPointers: ['/issuer'],
+    });
+
+    // Reveal everything that's non-mandatory
+    const derived = bbs2023Derive({
+        document: signed,
+        selectivePointers: [
+            '/credentialSubject/name',
+            '/credentialSubject/age',
+            '/credentialSubject/email',
+            '/credentialSubject/alumniOf',
+            '/issuanceDate',
+        ],
+    });
+
+    const result = bbs2023Verify(derived, kp.publicKey);
+    assert.ok(result.verified, 'all-selective derived proof verified');
+});
+
+// =====================================================================
+// No Mandatory Pointers
+// =====================================================================
+
+test('bbs-2023: sign with no mandatory pointers', () => {
+    const kp = makeKeyPair();
+    const doc = sampleCredential();
+
+    const signed = bbs2023Sign({
+        document: doc,
+        secretKey: kp.secretKey,
+        publicKey: kp.publicKey,
+        mandatoryPointers: [],
+    });
+
+    const result = bbs2023Verify(signed, kp.publicKey);
+    assert.ok(result.verified, 'base proof with no mandatory pointers verified');
+});

package/test_bbs_ietf.mjs

@@ -0,0 +1,168 @@
+import test from 'node:test';
+import assert from 'node:assert';
+import {
+    bbsIetfKeygen,
+    bbsIetfSign,
+    bbsIetfVerify,
+    bbsIetfProofGen,
+    bbsIetfProofVerify,
+} from './index.js';
+
+// =====================================================================
+// Helper
+// =====================================================================
+
+function makeKeyPair(ciphersuite) {
+    // Generate a 32-byte IKM
+    const ikm = Buffer.alloc(32);
+    for (let i = 0; i < 32; i++) ikm[i] = i + 1;
+
+    const kp = bbsIetfKeygen(ikm, null, ciphersuite);
+    return {
+        secretKey: Buffer.from(kp.secretKey, 'hex'),
+        publicKey: Buffer.from(kp.publicKey, 'hex'),
+    };
+}
+
+// =====================================================================
+// KeyGen Tests
+// =====================================================================
+
+test('BBS IETF keygen produces deterministic keys', () => {
+    const ikm = Buffer.alloc(32, 42);
+    const kp1 = bbsIetfKeygen(ikm);
+    const kp2 = bbsIetfKeygen(ikm);
+    assert.equal(kp1.secretKey, kp2.secretKey, 'same IKM -> same SK');
+    assert.equal(kp1.publicKey, kp2.publicKey, 'same IKM -> same PK');
+});
+
+test('BBS IETF keygen with random IKM', () => {
+    const kp = bbsIetfKeygen();
+    assert.ok(kp.secretKey, 'SK is present');
+    assert.ok(kp.publicKey, 'PK is present');
+    assert.equal(kp.secretKey.length, 64, 'SK is 32 bytes hex');
+    assert.equal(kp.publicKey.length, 192, 'PK is 96 bytes hex');
+});
+
+// =====================================================================
+// Sign / Verify Round-Trip (SHA-256)
+// =====================================================================
+
+test('BBS IETF sign/verify round-trip (SHA-256)', () => {
+    const kp = makeKeyPair('SHA-256');
+    const messages = ['message1', 'message2', 'message3'];
+    const header = Buffer.from('test-header');
+
+    const signature = bbsIetfSign(kp.secretKey, kp.publicKey, header, messages, 'SHA-256');
+    assert.equal(signature.length, 80, 'signature is 80 bytes');
+
+    const verified = bbsIetfVerify(kp.publicKey, signature, header, messages, 'SHA-256');
+    assert.ok(verified, 'valid signature verifies');
+});
+
+// =====================================================================
+// Sign / Verify Round-Trip (SHAKE-256)
+// =====================================================================
+
+test('BBS IETF sign/verify round-trip (SHAKE-256)', () => {
+    const ikm = Buffer.alloc(32, 99);
+    const kp = bbsIetfKeygen(ikm, null, 'SHAKE-256');
+    const sk = Buffer.from(kp.secretKey, 'hex');
+    const pk = Buffer.from(kp.publicKey, 'hex');
+
+    const messages = ['hello', 'world'];
+    const signature = bbsIetfSign(sk, pk, null, messages, 'SHAKE-256');
+    assert.equal(signature.length, 80);
+
+    const verified = bbsIetfVerify(pk, signature, null, messages, 'SHAKE-256');
+    assert.ok(verified, 'SHAKE-256 signature verifies');
+});
+
+// =====================================================================
+// Wrong Key Rejection
+// =====================================================================
+
+test('BBS IETF wrong key rejected', () => {
+    const kp1 = makeKeyPair('SHA-256');
+    const kp2Raw = bbsIetfKeygen(); // different key (random IKM)
+    const kp2 = {
+        secretKey: Buffer.from(kp2Raw.secretKey, 'hex'),
+        publicKey: Buffer.from(kp2Raw.publicKey, 'hex'),
+    };
+
+    const messages = ['msg1', 'msg2'];
+    const signature = bbsIetfSign(kp1.secretKey, kp1.publicKey, null, messages, 'SHA-256');
+
+    const verified = bbsIetfVerify(kp2.publicKey, signature, null, messages, 'SHA-256');
+    assert.ok(!verified, 'wrong key should not verify');
+});
+
+// =====================================================================
+// Selective Disclosure (ProofGen -> ProofVerify)
+// =====================================================================
+
+test('BBS IETF selective disclosure proof', () => {
+    const kp = makeKeyPair('SHA-256');
+    const messages = ['claim-a', 'claim-b', 'claim-c', 'claim-d'];
+    const header = Buffer.from('proof-header');
+    const ph = Buffer.from('presentation-header');
+
+    // Sign all messages
+    const signature = bbsIetfSign(kp.secretKey, kp.publicKey, header, messages, 'SHA-256');
+
+    // Generate proof disclosing messages at indices 0 and 2
+    const disclosedIndices = [0, 2];
+    const proof = bbsIetfProofGen(
+        kp.publicKey, signature, header, ph, messages, disclosedIndices, 'SHA-256'
+    );
+    assert.ok(proof.length > 0, 'proof generated');
+
+    // Build disclosed messages map
+    const disclosedMessages = {};
+    for (const idx of disclosedIndices) {
+        disclosedMessages[idx] = messages[idx];
+    }
+
+    // Verify proof
+    const verified = bbsIetfProofVerify(
+        kp.publicKey, proof, header, ph, disclosedMessages, messages.length, 'SHA-256'
+    );
+    assert.ok(verified, 'proof verifies with correct disclosed messages');
+});
+
+// =====================================================================
+// Proof with wrong disclosed message
+// =====================================================================
+
+test('BBS IETF proof rejects wrong disclosed message', () => {
+    const kp = makeKeyPair('SHA-256');
+    const messages = ['msg0', 'msg1', 'msg2'];
+    const header = Buffer.from('h');
+
+    const signature = bbsIetfSign(kp.secretKey, kp.publicKey, header, messages, 'SHA-256');
+
+    const proof = bbsIetfProofGen(
+        kp.publicKey, signature, header, null, messages, [1], 'SHA-256'
+    );
+
+    // Provide wrong message for disclosed index
+    const verified = bbsIetfProofVerify(
+        kp.publicKey, proof, header, null, { 1: 'wrong-message' }, messages.length, 'SHA-256'
+    );
+    assert.ok(!verified, 'wrong disclosed message should not verify');
+});
+
+// =====================================================================
+// Cross-ciphersuite: SHA-256 vs SHAKE-256
+// =====================================================================
+
+test('BBS IETF cross-ciphersuite: SHA-256 sig not verifiable with SHAKE-256', () => {
+    const kp = makeKeyPair('SHA-256');
+    const messages = ['test'];
+
+    const signature = bbsIetfSign(kp.secretKey, kp.publicKey, null, messages, 'SHA-256');
+
+    // Try verifying with SHAKE-256 — should fail
+    const verified = bbsIetfVerify(kp.publicKey, signature, null, messages, 'SHAKE-256');
+    assert.ok(!verified, 'SHA-256 signature should not verify under SHAKE-256');
+});

package/test_sd_jwt.mjs

@@ -0,0 +1,197 @@
+import test from 'node:test';
+import assert from 'node:assert';
+import {
+    JoseNamedCurve,
+    generateJwk,
+    sdJwtIssue,
+    sdJwtPresent,
+    sdJwtVerify,
+} from './index.js';
+
+function makeKeyPair(curve = JoseNamedCurve.P256) {
+    const jwk = generateJwk(curve);
+    const { d, ...pubJwk } = jwk;
+    return { privateJwk: jwk, publicJwk: pubJwk };
+}
+
+// =====================================================================
+// SD-JWT Round-Trip Tests
+// =====================================================================
+
+test('SD-JWT round-trip with ES256', () => {
+    const issuer = makeKeyPair(JoseNamedCurve.P256);
+
+    const claims = { sub: 'user123', name: 'Alice', email: 'alice@example.com', age: 30 };
+    const result = sdJwtIssue(claims, ['name', 'email'], issuer.privateJwk, 'ES256');
+
+    assert.ok(result.sdJwt, 'sd_jwt is present');
+    assert.ok(result.sdJwt.includes('~'), 'sd_jwt contains tilde separators');
+    assert.equal(result.disclosures.length, 2, 'two disclosures');
+
+    // Present all disclosures
+    const allEncoded = result.disclosures.map(d => d.encoded);
+    const presentation = sdJwtPresent(result.sdJwt, allEncoded);
+
+    assert.ok(presentation.presentation, 'presentation is present');
+
+    // Verify
+    const verified = sdJwtVerify(presentation.presentation, issuer.publicJwk);
+    assert.ok(verified.verified, 'verification succeeded');
+    assert.equal(verified.claims.sub, 'user123');
+    assert.equal(verified.claims.name, 'Alice');
+    assert.equal(verified.claims.email, 'alice@example.com');
+    assert.equal(verified.claims.age, 30);
+    assert.equal(verified.error, null);
+});
+
+test('SD-JWT round-trip with EdDSA (Ed25519)', () => {
+    const issuer = makeKeyPair(JoseNamedCurve.Ed25519);
+
+    const claims = { sub: 'user456', name: 'Bob' };
+    const result = sdJwtIssue(claims, ['name'], issuer.privateJwk, 'EdDSA');
+
+    assert.equal(result.disclosures.length, 1);
+
+    const allEncoded = result.disclosures.map(d => d.encoded);
+    const presentation = sdJwtPresent(result.sdJwt, allEncoded);
+    const verified = sdJwtVerify(presentation.presentation, issuer.publicJwk);
+
+    assert.ok(verified.verified);
+    assert.equal(verified.claims.name, 'Bob');
+});
+
+// =====================================================================
+// Selective Reveal
+// =====================================================================
+
+test('SD-JWT selective reveal: only name disclosed', () => {
+    const issuer = makeKeyPair();
+
+    const claims = { sub: 'user123', name: 'Alice', email: 'alice@example.com', age: 30 };
+    const result = sdJwtIssue(claims, ['name', 'email', 'age'], issuer.privateJwk, 'ES256');
+
+    // Only reveal name
+    const nameDisclosure = result.disclosures.find(d => d.claimName === 'name');
+    const presentation = sdJwtPresent(result.sdJwt, [nameDisclosure.encoded]);
+    const verified = sdJwtVerify(presentation.presentation, issuer.publicJwk);
+
+    assert.ok(verified.verified);
+    assert.equal(verified.claims.sub, 'user123', 'sub is always visible');
+    assert.equal(verified.claims.name, 'Alice', 'name is disclosed');
+    assert.equal(verified.claims.email, undefined, 'email is NOT disclosed');
+    assert.equal(verified.claims.age, undefined, 'age is NOT disclosed');
+});
+
+// =====================================================================
+// Wrong Key Rejection
+// =====================================================================
+
+test('SD-JWT verification fails with wrong issuer key', () => {
+    const issuer = makeKeyPair();
+    const wrongKey = makeKeyPair();
+
+    const claims = { sub: 'user', name: 'Test' };
+    const result = sdJwtIssue(claims, ['name'], issuer.privateJwk, 'ES256');
+
+    const allEncoded = result.disclosures.map(d => d.encoded);
+    const presentation = sdJwtPresent(result.sdJwt, allEncoded);
+
+    assert.throws(() => {
+        sdJwtVerify(presentation.presentation, wrongKey.publicJwk);
+    }, 'should throw with wrong key');
+});
+
+// =====================================================================
+// Nested Objects
+// =====================================================================
+
+test('SD-JWT with nested object disclosure', () => {
+    const issuer = makeKeyPair();
+
+    const claims = {
+        sub: 'user123',
+        address: {
+            street: '123 Main St',
+            city: 'Springfield',
+            state: 'IL',
+        },
+    };
+    const result = sdJwtIssue(
+        claims,
+        ['address.street', 'address.city'],
+        issuer.privateJwk,
+        'ES256',
+    );
+
+    assert.equal(result.disclosures.length, 2);
+
+    // Reveal only street
+    const streetDisclosure = result.disclosures.find(d => d.claimName === 'street');
+    const presentation = sdJwtPresent(result.sdJwt, [streetDisclosure.encoded]);
+    const verified = sdJwtVerify(presentation.presentation, issuer.publicJwk);
+
+    assert.ok(verified.verified);
+    assert.equal(verified.claims.address.street, '123 Main St');
+    assert.equal(verified.claims.address.state, 'IL', 'state always visible');
+    assert.equal(verified.claims.address.city, undefined, 'city not disclosed');
+});
+
+// =====================================================================
+// Key Binding
+// =====================================================================
+
+test('SD-JWT with Key Binding JWT', () => {
+    const issuer = makeKeyPair();
+    const holder = makeKeyPair();
+
+    const claims = { sub: 'user123', name: 'Alice' };
+    const result = sdJwtIssue(
+        claims,
+        ['name'],
+        issuer.privateJwk,
+        'ES256',
+        holder.publicJwk,
+    );
+
+    const allEncoded = result.disclosures.map(d => d.encoded);
+    const presentation = sdJwtPresent(
+        result.sdJwt,
+        allEncoded,
+        holder.privateJwk,
+        'ES256',
+        'https://verifier.example.com',
+        'nonce123',
+    );
+
+    const verified = sdJwtVerify(
+        presentation.presentation,
+        issuer.publicJwk,
+        holder.publicJwk,
+        'https://verifier.example.com',
+        'nonce123',
+    );
+
+    assert.ok(verified.verified);
+    assert.equal(verified.claims.name, 'Alice');
+    assert.equal(verified.error, null);
+});
+
+// =====================================================================
+// Decoys
+// =====================================================================
+
+test('SD-JWT with decoy digests', () => {
+    const issuer = makeKeyPair();
+
+    const claims = { sub: 'user123', name: 'Alice' };
+    const result = sdJwtIssue(claims, ['name'], issuer.privateJwk, 'ES256', null, 3);
+
+    assert.equal(result.disclosures.length, 1, 'only 1 real disclosure');
+
+    const allEncoded = result.disclosures.map(d => d.encoded);
+    const presentation = sdJwtPresent(result.sdJwt, allEncoded);
+    const verified = sdJwtVerify(presentation.presentation, issuer.publicJwk);
+
+    assert.ok(verified.verified);
+    assert.equal(verified.claims.name, 'Alice');
+});