@nuggetslife/vc 0.0.5 → 0.0.7

package/index.d.ts

@@ -9,11 +9,83 @@ export interface KeyPairOptions {
   privateKeyBase58?: string
   publicKeyBase58?: string
 }
+export interface JwkKeyPairOptions {
+  id?: string
+  controller?: string
+  privateKeyJwk?: JsonWebKey
+  publicKeyJwk?: JsonWebKey
+}
+export interface JsonWebKey {
+  /**
+   * Indicates the key type used
+   * For BLS12381_G1 and BLS12381_G2 the string "EC" MUST be used
+   * @see https://tools.ietf.org/html/rfc7517#section-4.1
+   *
+   */
+  kty: string
+  /**
+   * Indicates the curve this key is associated with
+   * In the case of BLS12-381, the curve will also indicate if it's a G1 or G2 point
+   * For a G1 point, use the string "BLS12381_G1"
+   * For a G2 point, use the string "BLS12381_G2"
+   */
+  crv: string
+  /**
+   * This is a compression of the public key point
+   * For a G1 public key, X is a 384bit base64url encoding of the octet string representation of the coordinate
+   * For a G2 public key, X is a 768bit made up of the concatenation of two 384 bit x coordinates known as
+   * x_a and x_b in the following form (x_a || x_b) as a base64url encoding of the octet string representation of the two coordinates
+   *
+   */
+  x: string
+  /** @see https://tools.ietf.org/html/rfc7517#section-4.2 */
+  use?: string
+  /**
+   * @see https://tools.ietf.org/html/rfc7517#section-4.3
+   *
+   */
+  keyOps?: Array<string>
+  /**
+   * @see https://tools.ietf.org/html/rfc7517#section-4.4
+   *
+   */
+  alg?: string
+  /**
+   * @see https://tools.ietf.org/html/rfc7517#section-4.5
+   * TODO: Add note about referencing did-jose-extensions when ready
+   *
+   */
+  kid?: string
+  /**
+   * IMPORTANT NOTE: d represents the private key value and should not be shared
+   * IT IS HIGHLY SENSITIVE DATA AND IF NOT SECURED PROPERLY CONSIDER THE KEY COMPROMISED
+   * @see https://tools.ietf.org/html/rfc7517#section-9.2
+   *
+   */
+  d?: string
+  /**
+   * This coordinate is not used for BLS Keys, but is kept here to make the interface more standard
+   *
+   */
+  y?: string
+  /**
+   * @see https://www.w3.org/TR/WebCryptoAPI/#cryptokey-interface-members
+   *
+   */
+  ext?: boolean
+}
 export interface GenerateKeyPairOptions {
   id?: string
   controller?: string
   seed?: Buffer
 }
+export interface KeyPairSignerOptions {
+  data: Array<Uint8Array>
+}
+export interface KeyPairVerifierOptions {
+  data: Array<Uint8Array>
+  signature: Uint8Array
+}
 export class Bls12381G2KeyPair {
   id?: string
   controller?: string
@@ -23,6 +95,15 @@ export class Bls12381G2KeyPair {
   constructor(options?: KeyPairOptions | undefined | null)
   static generate(options?: GenerateKeyPairOptions | undefined | null): Promise<Bls12381G2KeyPair>
   static from(options: KeyPairOptions): Promise<Bls12381G2KeyPair>
+  static fromJwk(options: JwkKeyPairOptions): Promise<Bls12381G2KeyPair>
   get publicKey(): string | null
   get privateKey(): string | null
+  signer(): KeyPairSigner
+  verifier(): KeyPairVerifier
+}
+export class KeyPairSigner {
+  sign(options: KeyPairSignerOptions): Promise<Uint8Array>
+}
+export class KeyPairVerifier {
+  verify(options: KeyPairVerifierOptions): Promise<boolean>
 }

package/index.js

@@ -310,6 +310,8 @@ if (!nativeBinding) {
   throw new Error(`Failed to load native binding`)
 }
 
-const { Bls12381G2KeyPair } = nativeBinding
+const { Bls12381G2KeyPair, KeyPairSigner, KeyPairVerifier } = nativeBinding
 
 module.exports.Bls12381G2KeyPair = Bls12381G2KeyPair
+module.exports.KeyPairSigner = KeyPairSigner
+module.exports.KeyPairVerifier = KeyPairVerifier

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nuggetslife/vc",
-  "version": "0.0.5",
+  "version": "0.0.7",
   "main": "index.js",
   "types": "index.d.ts",
   "napi": {
@@ -38,6 +38,6 @@
   },
   "packageManager": "yarn@4.3.1",
   "optionalDependencies": {
-    "@nuggetslife/vc-darwin-arm64": "0.0.5"
+    "@nuggetslife/vc-darwin-arm64": "0.0.7"
   }
 }

package/src/lib.rs

@@ -3,34 +3,16 @@
 #[macro_use]
 extern crate napi_derive;
 
-// use base64::{engine::general_purpose::STANDARD, Engine as _};
+use base64::{engine::general_purpose::URL_SAFE, Engine as _};
 use napi::bindgen_prelude::*;
-use vc::bbs_signatures::bls12381::bls_generate_g2_key;
+use types::{Bls12381G2KeyPair, GenerateKeyPairOptions, JwkKeyPairOptions, KeyPairOptions};
+use validators::{assert_bls_12381_g2_private_jwk, assert_bls_12381_g2_public_jwk};
+use vc::bbs_signatures::bls12381::{
+  bls_generate_g2_key, bls_sign, bls_verify, BlsBbsSignRequest, BlsBbsVerifyRequest, BlsKeyPair,
+};
 
-#[napi]
-pub struct Bls12381G2KeyPair {
-  pub id: Option<String>,
-  pub controller: Option<String>,
-  pub private_key_buffer: Option<Vec<u8>>,
-  pub public_key_buffer: Option<Vec<u8>>,
-  #[napi(js_name = "type")]
-  pub type_: String,
-}
-
-#[napi(object)]
-pub struct KeyPairOptions {
-  pub id: Option<String>,
-  pub controller: Option<String>,
-  pub private_key_base58: Option<String>,
-  pub public_key_base58: Option<String>,
-}
-
-#[napi(object)]
-pub struct GenerateKeyPairOptions {
-  pub id: Option<String>,
-  pub controller: Option<String>,
-  pub seed: Option<Buffer>,
-}
+pub mod types;
+pub mod validators;
 
 #[napi]
 impl Bls12381G2KeyPair {
@@ -126,6 +108,49 @@ impl Bls12381G2KeyPair {
     Bls12381G2KeyPair::new(Some(options)).await
   }
 
+  #[napi(factory)]
+  pub async fn from_jwk(options: JwkKeyPairOptions) -> Result<Bls12381G2KeyPair> {
+    let JwkKeyPairOptions {
+      id,
+      controller,
+      private_key_jwk,
+      public_key_jwk,
+    } = options;
+
+    if let Some(jwk) = private_key_jwk {
+      assert_bls_12381_g2_private_jwk(&jwk)?;
+      let public_key_base58 = Some(convert_base64_url_to_base58(jwk.x)?);
+      let d = jwk
+        .d
+        .ok_or(napi::Error::from_reason("jwk.d value is none"))?;
+      let private_key_base58 = Some(convert_base64_url_to_base58(d)?);
+
+      let kp = Bls12381G2KeyPair::new(Some(KeyPairOptions {
+        id,
+        controller,
+        public_key_base58,
+        private_key_base58,
+      }))
+      .await;
+
+      Ok(kp)
+    } else if let Some(jwk) = public_key_jwk {
+      assert_bls_12381_g2_public_jwk(&jwk)?;
+      let public_key_base58 = Some(convert_base64_url_to_base58(jwk.x)?);
+      let kp = Bls12381G2KeyPair::new(Some(KeyPairOptions {
+        id,
+        controller,
+        public_key_base58,
+        private_key_base58: None,
+      }))
+      .await;
+
+      Ok(kp)
+    } else {
+      Err(napi::Error::from_reason("The JWK provided is not a valid"))
+    }
+  }
+
   #[napi(getter)]
   pub fn public_key(&self) -> Option<String> {
     self
@@ -141,6 +166,87 @@ impl Bls12381G2KeyPair {
       .clone()
       .map(|b| bs58::encode(b).into_string())
   }
+
+  #[napi]
+  pub fn signer(&self) -> KeyPairSigner {
+    KeyPairSigner { key: self.clone() }
+  }
+  #[napi]
+  pub fn verifier(&self) -> KeyPairVerifier {
+    KeyPairVerifier { key: self.clone() }
+  }
+}
+
+pub fn convert_base64_url_to_base58(value: String) -> Result<String> {
+  let decoded = URL_SAFE.decode(value).map_err(|err| {
+    napi::Error::from_reason(format!("failed to decode base64 url_safe. error {err}"))
+  })?;
+  Ok(bs58::encode(decoded).into_string())
+}
+
+#[napi]
+pub struct KeyPairSigner {
+  key: Bls12381G2KeyPair,
 }
 
-pub fn test() {}
+#[napi(object)]
+pub struct KeyPairSignerOptions {
+  pub data: Vec<Uint8Array>,
+}
+
+#[napi]
+impl KeyPairSigner {
+  #[napi]
+  pub async fn sign(&self, options: KeyPairSignerOptions) -> Result<Uint8Array> {
+    if self.key.private_key_buffer.is_none() {
+      return Err(napi::Error::from_reason("No private key to sign with."));
+    }
+
+    let messages: Vec<Vec<u8>> = options.data.into_iter().map(|x| x.to_vec()).collect();
+    let key_pair = BlsKeyPair {
+      public_key: self.key.public_key_buffer.clone(),
+      secret_key: self.key.private_key_buffer.clone(),
+    };
+    let sig = bls_sign(BlsBbsSignRequest { messages, key_pair })
+      .await
+      .map_err(|err| napi::Error::from_reason(format!("bls_signed failed: {err}")))?;
+
+    Ok(Uint8Array::from(sig))
+  }
+}
+
+#[napi]
+pub struct KeyPairVerifier {
+  key: Bls12381G2KeyPair,
+}
+
+#[napi(object)]
+pub struct KeyPairVerifierOptions {
+  pub data: Vec<Uint8Array>,
+  pub signature: Uint8Array,
+}
+
+#[napi]
+impl KeyPairVerifier {
+  #[napi]
+  pub async fn verify(&self, options: KeyPairVerifierOptions) -> Result<bool> {
+    let KeyPairVerifierOptions { data, signature } = options;
+    let Some(public_key) = self.key.public_key_buffer.clone() else {
+      return Err(napi::Error::from_reason(
+        "key.public_key is required for verify",
+      ));
+    };
+    let signature = signature.to_vec();
+    let messages = data.into_iter().map(|a| a.to_vec()).collect::<Vec<_>>();
+
+    let verified = bls_verify(BlsBbsVerifyRequest {
+      public_key,
+      signature,
+      messages,
+    })
+    .await
+    .map_err(|err| napi::Error::from_reason(format!("bls_verify failed: {err}")))?;
+
+    Ok(verified)
+  }
+}

package/src/types.rs

@@ -0,0 +1,154 @@
+use napi::bindgen_prelude::*;
+
+#[derive(Clone)]
+#[napi]
+pub struct Bls12381G2KeyPair {
+  pub id: Option<String>,
+  pub controller: Option<String>,
+  pub private_key_buffer: Option<Vec<u8>>,
+  pub public_key_buffer: Option<Vec<u8>>,
+  #[napi(js_name = "type")]
+  pub type_: String,
+}
+
+#[napi(object)]
+pub struct KeyPairOptions {
+  pub id: Option<String>,
+  pub controller: Option<String>,
+  pub private_key_base58: Option<String>,
+  pub public_key_base58: Option<String>,
+}
+
+#[napi(object)]
+pub struct JwkKeyPairOptions {
+  pub id: Option<String>,
+  pub controller: Option<String>,
+  pub private_key_jwk: Option<JsonWebKey>,
+  pub public_key_jwk: Option<JsonWebKey>,
+}
+
+#[napi(object)]
+pub struct JsonWebKey {
+  /////
+  /// Indicates the key type used
+  /// For BLS12381_G1 and BLS12381_G2 the string "EC" MUST be used
+  //
+  /// @see https://tools.ietf.org/html/rfc7517#section-4.1
+  ///
+  pub kty: String,
+
+  /////
+  /// Indicates the curve this key is associated with
+  /// In the case of BLS12-381, the curve will also indicate if it's a G1 or G2 point
+  //
+  /// For a G1 point, use the string "BLS12381_G1"
+  /// For a G2 point, use the string "BLS12381_G2"
+  //
+  pub crv: String,
+
+  /////
+  /// This is a compression of the public key point
+  //
+  /// For a G1 public key, X is a 384bit base64url encoding of the octet string representation of the coordinate
+  /// For a G2 public key, X is a 768bit made up of the concatenation of two 384 bit x coordinates known as
+  /// x_a and x_b in the following form (x_a || x_b) as a base64url encoding of the octet string representation of the two coordinates
+  ///
+  pub x: String,
+
+  /////
+  /// @see https://tools.ietf.org/html/rfc7517#section-4.2
+  //
+  #[napi(js_name = "use")]
+  pub use_: Option<String>,
+
+  /////
+  /// @see https://tools.ietf.org/html/rfc7517#section-4.3
+  ///
+  pub key_ops: Option<Vec<String>>,
+
+  /////
+  /// @see https://tools.ietf.org/html/rfc7517#section-4.4
+  ///
+  pub alg: Option<String>,
+
+  /////
+  /// @see https://tools.ietf.org/html/rfc7517#section-4.5
+  //
+  /// TODO: Add note about referencing did-jose-extensions when ready
+  ///
+  pub kid: Option<String>,
+
+  /////
+  //
+  /// IMPORTANT NOTE: d represents the private key value and should not be shared
+  /// IT IS HIGHLY SENSITIVE DATA AND IF NOT SECURED PROPERLY CONSIDER THE KEY COMPROMISED
+  //
+  /// @see https://tools.ietf.org/html/rfc7517#section-9.2
+  ///
+  pub d: Option<String>,
+
+  /////
+  /// This coordinate is not used for BLS Keys, but is kept here to make the interface more standard
+  ///
+  pub y: Option<String>,
+
+  /////
+  /// @see https://www.w3.org/TR/WebCryptoAPI/#cryptokey-interface-members
+  ///
+  pub ext: Option<bool>,
+}
+
+#[napi(object)]
+pub struct GenerateKeyPairOptions {
+  pub id: Option<String>,
+  pub controller: Option<String>,
+  pub seed: Option<Buffer>,
+}
+
+#[derive(PartialEq)]
+pub enum BlsCurveName {
+  DeprecatedG1,
+  DeprecatedG2,
+  G1,
+  G2,
+}
+
+impl TryFrom<&str> for BlsCurveName {
+  type Error = napi::Error;
+
+  fn try_from(value: &str) -> std::result::Result<Self, Self::Error> {
+    match value {
+      "BLS12381_G1" => Ok(BlsCurveName::DeprecatedG1),
+      "BLS12381_G2" => Ok(BlsCurveName::DeprecatedG2),
+      "Bls12381G1" => Ok(BlsCurveName::G1),
+      "Bls12381G2" => Ok(BlsCurveName::G2),
+      _ => Err(napi::Error::from_reason(format!(
+        "no matching BlsNamedCurve for value: {}",
+        value
+      ))),
+    }
+  }
+}
+
+#[derive(PartialEq)]
+pub enum JwkKty {
+  OctetKeyPair,
+  EC,
+  RSA,
+}
+
+impl TryFrom<&str> for JwkKty {
+  type Error = napi::Error;
+
+  fn try_from(value: &str) -> std::result::Result<Self, Self::Error> {
+    match value {
+      "OKP" => Ok(JwkKty::OctetKeyPair),
+      "EC" => Ok(JwkKty::EC),
+      "RSA" => Ok(JwkKty::RSA),
+      _ => Err(napi::Error::from_reason(format!(
+        "no matching JwkKty for value: {}",
+        value
+      ))),
+    }
+  }
+}

package/src/validators.rs

@@ -0,0 +1,68 @@
+use crate::types::{BlsCurveName, JsonWebKey, JwkKty};
+
+pub fn check_common_bls_jwk_values(jwk: &JsonWebKey) -> napi::Result<()> {
+  BlsCurveName::try_from(jwk.crv.as_str())?;
+  let kty = JwkKty::try_from(jwk.kty.as_str())?;
+  if kty == JwkKty::EC || kty == JwkKty::OctetKeyPair {
+    Ok(())
+  } else {
+    Err(napi::Error::from_reason(format!(
+      "kty value: {} not allowed",
+      jwk.kty
+    )))
+  }
+}
+
+pub fn assert_public_bls_jwk(jwk: &JsonWebKey) -> napi::Result<()> {
+  check_common_bls_jwk_values(jwk)?;
+  if jwk.d.is_none() {
+    Ok(())
+  } else {
+    Err(napi::Error::from_reason(
+      "expected jwk.d to be none, found some value",
+    ))
+  }
+}
+
+pub fn assert_private_bls_jwk(jwk: &JsonWebKey) -> napi::Result<()> {
+  check_common_bls_jwk_values(jwk)?;
+  Ok(())
+}
+
+pub fn assert_bls_12381_g2_public_jwk(jwk: &JsonWebKey) -> napi::Result<()> {
+  let curve = BlsCurveName::try_from(jwk.crv.as_str())?;
+  if curve != BlsCurveName::DeprecatedG2 || curve != BlsCurveName::G2 {
+    return Err(napi::Error::from_reason(format!(
+      "curve value: {} not allowed",
+      jwk.crv
+    )));
+  }
+  assert_public_bls_jwk(jwk)?;
+  if jwk.x.len() != 128 {
+    Err(napi::Error::from_reason(format!(
+      "jwk.x expected length 128, got {}",
+      jwk.x.len()
+    )))
+  } else {
+    Ok(())
+  }
+}
+
+pub fn assert_bls_12381_g2_private_jwk(jwk: &JsonWebKey) -> napi::Result<()> {
+  let curve = BlsCurveName::try_from(jwk.crv.as_str())?;
+  if curve != BlsCurveName::DeprecatedG2 || curve != BlsCurveName::G2 {
+    return Err(napi::Error::from_reason(format!(
+      "curve value: {} not allowed",
+      jwk.crv
+    )));
+  }
+  assert_private_bls_jwk(jwk)?;
+  if jwk.x.len() != 128 {
+    Err(napi::Error::from_reason(format!(
+      "jwk.x expected length 128, got {}",
+      jwk.x.len()
+    )))
+  } else {
+    Ok(())
+  }
+}

package/test.mjs

@@ -0,0 +1,78 @@
+import test from 'node:test';
+import assert from 'node:assert';
+import { Bls12381G2KeyPair } from '@mattrglobal/bls12381-key-pair';
+import { Bls12381G2KeyPair as NewKeyPairClass } from './index.js'
+import bs58 from 'bs58'
+import bbs from '@nuggetslife/ffi-bbs-signatures'
+
+const seed = Buffer.alloc(32, 0)
+const address = '0x581510277Bc56802dE75BA021b66873437e0169f'
+const addressBase58 = bs58.encode(Buffer.from(address.slice(2), 'hex'))
+
+//Set of messages we wish to sign
+const messages = [
+    Uint8Array.from(Buffer.from("message1", "utf8")),
+    Uint8Array.from(Buffer.from("message2", "utf8")),
+];
+
+test('gen keypair for same seed', async () => {
+    const mattr = await Bls12381G2KeyPair.generate({ seed, });
+    const harry = await NewKeyPairClass.generate({ seed })
+    const ffi = await bbs.generateBls12381G2KeyPair(seed)
+    const ffi_sec_key = bs58.encode(Buffer.from(ffi.secretKey))
+    const ffi_pub_key = bs58.encode(Buffer.from(ffi.publicKey))
+
+    // private keys match
+    assert.equal(mattr.privateKey, harry.privateKey)
+    assert.equal(ffi_sec_key, harry.privateKey)
+
+    // public keys match
+    assert.equal(mattr.publicKey, harry.publicKey)
+    assert.equal(ffi_pub_key, harry.publicKey)
+})
+
+
+test('keypair from keypair', async () => {
+    const mattr = await Bls12381G2KeyPair.generate({ seed, });
+    const harry = await NewKeyPairClass.from({
+        id: mattr.id,
+        controller: mattr.controller,
+        publicKeyBase58: mattr.publicKey,
+        privateKeyBase58: mattr.privateKey
+    })
+
+    // private keys match
+    assert.equal(mattr.id, harry.id)
+    assert.equal(mattr.controller, harry.controller)
+    assert.equal(mattr.publicKey, harry.publicKey)
+    assert.equal(mattr.privateKey, harry.privateKey)
+})
+
+
+test('sign and verify', async () => {
+    const mattr = await Bls12381G2KeyPair.generate({ seed, });
+    const harry = await NewKeyPairClass.generate({ seed })
+
+    const ms = mattr.signer();
+    const hs = harry.signer();
+
+    const sign_opts = { data: messages }
+
+    let ms_sig = await ms.sign(sign_opts);
+    let hs_sig = await hs.sign(sign_opts);
+
+    assert.equal(ms_sig.length, hs_sig.length)
+
+    const hsv = harry.verifier();
+    const msv = mattr.verifier();
+
+    let hs_verify_hs_sig = await hsv.verify({ data: messages, signature: hs_sig })
+    let hs_verify_ms_sig = await hsv.verify({ data: messages, signature: ms_sig })
+    let ms_verify_ms_sig = await msv.verify({ data: messages, signature: ms_sig })
+    let ms_verify_hs_sig = await msv.verify({ data: messages, signature: hs_sig })
+
+    assert.equal(hs_verify_hs_sig, true)
+    assert.equal(hs_verify_ms_sig, true)
+    assert.equal(ms_verify_ms_sig, true)
+    assert.equal(ms_verify_hs_sig, true)
+})