diff --git a/cmd/hid-noded/cmd/debug_extensions.go b/cmd/hid-noded/cmd/debug_extensions.go index 29e5638..fa1f487 100644 --- a/cmd/hid-noded/cmd/debug_extensions.go +++ b/cmd/hid-noded/cmd/debug_extensions.go @@ -338,14 +338,14 @@ func signDidDocCmd() *cobra.Command { case types.Ed25519Signature2020: var didDocBytes []byte if len(didDoc.Context) > 0 { - didDocBytes, err = ldcontext.EdDSACryptoSuite2020Canonize(&didDoc, &didDocProof) + didDocBytes, err = ldcontext.Ed25519Signature2020Normalize(&didDoc, &didDocProof) if err != nil { return err } } else { didDocBytes = didDoc.GetSignBytes() } - + signature, err = hidnodecli.GetEd25519Signature2020(argPrivateKey, didDocBytes[:]) if err != nil { return err @@ -353,7 +353,7 @@ func signDidDocCmd() *cobra.Command { case types.EcdsaSecp256k1Signature2019: var didDocBytes []byte if len(didDoc.Context) > 0 { - didDocBytes, err = ldcontext.EcdsaSecp256k1Signature2019Canonize(&didDoc, &didDocProof) + didDocBytes, err = ldcontext.EcdsaSecp256k1Signature2019Normalize(&didDoc, &didDocProof) if err != nil { return err } @@ -368,7 +368,7 @@ func signDidDocCmd() *cobra.Command { case types.EcdsaSecp256k1RecoverySignature2020: var didDocBytes []byte if len(didDoc.Context) > 0 { - didDocBytes, err = ldcontext.EcdsaSecp256k1RecoverySignature2020Canonize(&didDoc, &didDocProof) + didDocBytes, err = ldcontext.EcdsaSecp256k1RecoverySignature2020Normalize(&didDoc, &didDocProof) if err != nil { return err } @@ -383,7 +383,7 @@ func signDidDocCmd() *cobra.Command { case types.BbsBlsSignature2020: var didDocBytes []byte if len(didDoc.Context) > 0 { - didDocBytes, err = ldcontext.BbsBlsSignature2020Canonize(&didDoc, &didDocProof) + didDocBytes, err = ldcontext.BbsBlsSignature2020Normalize(&didDoc, &didDocProof) if err != nil { return err } diff --git a/x/ssi/client/cli/tx_ssi.go b/x/ssi/client/cli/tx_ssi.go index 2be888b..9a5ed2e 100644 --- a/x/ssi/client/cli/tx_ssi.go +++ b/x/ssi/client/cli/tx_ssi.go @@ -97,7 +97,7 @@ func CmdRegisterDID() *cobra.Command { }, } - didDocCanonizedHash, err := ldcontext.EcdsaSecp256k1Signature2019Canonize(&didDoc, didDocumentProofs[0]) + didDocCanonizedHash, err := ldcontext.EcdsaSecp256k1Signature2019Normalize(&didDoc, didDocumentProofs[0]) if err != nil { return err } @@ -119,7 +119,7 @@ func CmdRegisterDID() *cobra.Command { if err != nil { return err } - didDocumentProofs[0].ProofValue = base64.StdEncoding.EncodeToString(signatureBytes) + didDocumentProofs[0].ProofValue = base64.StdEncoding.EncodeToString(signatureBytes) } // Submit RegisterDID Tx diff --git a/x/ssi/ld-context/normalize.go b/x/ssi/ld-context/normalize.go index c729316..636cbc7 100644 --- a/x/ssi/ld-context/normalize.go +++ b/x/ssi/ld-context/normalize.go @@ -1,33 +1,35 @@ package ldcontext import ( + "crypto/sha256" + "github.com/hypersign-protocol/hid-node/x/ssi/types" ) -// NormalizeByVerificationMethodType canonizes DID Document based on the input Verification +// NormalizeByVerificationMethodType normalizes DID Document based on the input Verification // Method type func NormalizeByVerificationMethodType(didDoc *types.DidDocument, vmType string, didDocumentProof *types.DocumentProof) ([]byte, error) { switch vmType { case types.Ed25519VerificationKey2020: - didDocBytes, err := EdDSACryptoSuite2020Canonize(didDoc, didDocumentProof) + didDocBytes, err := Ed25519Signature2020Normalize(didDoc, didDocumentProof) if err != nil { return nil, err } return didDocBytes, nil case types.EcdsaSecp256k1RecoveryMethod2020: - didDocBytes, err := EcdsaSecp256k1RecoverySignature2020Canonize(didDoc, didDocumentProof) + didDocBytes, err := EcdsaSecp256k1RecoverySignature2020Normalize(didDoc, didDocumentProof) if err != nil { return nil, err } return didDocBytes, nil case types.Bls12381G2Key2020: - didDocBytes, err := BbsBlsSignature2020Canonize(didDoc, didDocumentProof) + didDocBytes, err := BbsBlsSignature2020Normalize(didDoc, didDocumentProof) if err != nil { return nil, err } return didDocBytes, nil case types.EcdsaSecp256k1VerificationKey2019: - didDocBytes, err := EcdsaSecp256k1Signature2019Canonize(didDoc, didDocumentProof) + didDocBytes, err := EcdsaSecp256k1Signature2019Normalize(didDoc, didDocumentProof) if err != nil { return nil, err } @@ -36,3 +38,55 @@ func NormalizeByVerificationMethodType(didDoc *types.DidDocument, vmType string, return didDoc.GetSignBytes(), nil } } + +// normalizeDocumentWithProof normalizes the DidDocument along with Document Proof +// Read more: https://w3c.github.io/vc-di-eddsa/#representation-ed25519signature2020 +func normalizeDocumentWithProof(didDoc *types.DidDocument, didDocProof *types.DocumentProof) ([]byte, error) { + jsonLdDid := NewJsonLdDid(didDoc) + canonizedDidDocument, err := jsonLdDid.NormalizeWithURDNA2015() + if err != nil { + return nil, err + } + canonizedDidDocumentHash := sha256.Sum256([]byte(canonizedDidDocument)) + + jsonLdDocumentProof := NewJsonLdDocumentProof(didDocProof, didDoc.Context) + canonizedDocumentProof, err := jsonLdDocumentProof.NormalizeWithURDNA2015() + if err != nil { + return nil, err + } + canonizedDocumentProofHash := sha256.Sum256([]byte(canonizedDocumentProof)) + + var finalNormalizedHash []byte = []byte{} + // NOTE: The order is: ProofHash + DocumentHash + finalNormalizedHash = append(finalNormalizedHash, canonizedDocumentProofHash[:]...) + finalNormalizedHash = append(finalNormalizedHash, canonizedDidDocumentHash[:]...) + + return finalNormalizedHash, nil +} + +// Ed25519Signature2020Normalize normalizes DID Document in accordance with +// EdDSA Cryptosuite v2020 (https://www.w3.org/community/reports/credentials/CG-FINAL-di-eddsa-2020-20220724/) +func Ed25519Signature2020Normalize(didDoc *types.DidDocument, didDocProof *types.DocumentProof) ([]byte, error) { + return normalizeDocumentWithProof(didDoc, didDocProof) +} + +// EcdsaSecp256k1RecoverySignature2020Normalize normalizes DID Document in accordance with +// the Identity Foundation draft on EcdsaSecp256k1RecoverySignature2020 +// Read more: https://identity.foundation/EcdsaSecp256k1RecoverySignature2020/ +func EcdsaSecp256k1RecoverySignature2020Normalize(didDoc *types.DidDocument, didDocProof *types.DocumentProof) ([]byte, error) { + return normalizeDocumentWithProof(didDoc, didDocProof) +} + +// BbsBlsSignature2020Normalize normalizes the DID Document for the +// BbsBlsSignature2020 signature type +// Read more: https://identity.foundation/bbs-signature/draft-irtf-cfrg-bbs-signatures.html +func BbsBlsSignature2020Normalize(didDoc *types.DidDocument, didDocProof *types.DocumentProof) ([]byte, error) { + return normalizeDocumentWithProof(didDoc, didDocProof) +} + +// EcdsaSecp256k1Signature2019Normalize normalizes the DID Document for the +// EcdsaSecp256k1Signature2019 signature type +// Read more: https://w3c-ccg.github.io/lds-ecdsa-secp256k1-2019/ +func EcdsaSecp256k1Signature2019Normalize(didDoc *types.DidDocument, didDocProof *types.DocumentProof) ([]byte, error) { + return normalizeDocumentWithProof(didDoc, didDocProof) +} diff --git a/x/ssi/ld-context/suite.go b/x/ssi/ld-context/suite.go deleted file mode 100644 index ccae6e2..0000000 --- a/x/ssi/ld-context/suite.go +++ /dev/null @@ -1,111 +0,0 @@ -package ldcontext - -import ( - "crypto/sha256" - - "github.com/hypersign-protocol/hid-node/x/ssi/types" -) - -// EdDSACryptoSuite2020Canonize canonizes DID Document in accordance with -// EdDSA Cryptosuite v2020 (https://www.w3.org/community/reports/credentials/CG-FINAL-di-eddsa-2020-20220724/) -func EdDSACryptoSuite2020Canonize(didDoc *types.DidDocument, didDocProof *types.DocumentProof) ([]byte, error) { - jsonLdDid := NewJsonLdDid(didDoc) - canonizedDidDocument, err := jsonLdDid.NormalizeWithURDNA2015() - if err != nil { - return nil, err - } - canonizedDidDocumentHash := sha256.Sum256([]byte(canonizedDidDocument)) - - jsonLdDocumentProof := NewJsonLdDocumentProof(didDocProof, didDoc.Context) - canonizedDocumentProof, err := jsonLdDocumentProof.NormalizeWithURDNA2015() - if err != nil { - return nil, err - } - canonizedDocumentProofHash := sha256.Sum256([]byte(canonizedDocumentProof)) - - var finalNormalizedHash []byte = []byte{} - // NOTE: The order is: ProofHash + DocumentHash - finalNormalizedHash = append(finalNormalizedHash, canonizedDocumentProofHash[:]...) - finalNormalizedHash = append(finalNormalizedHash, canonizedDidDocumentHash[:]...) - - return finalNormalizedHash, nil -} - -// EcdsaSecp256k1RecoverySignature2020Canonize canonizes DID Document in accordance with -// the Identity Foundation draft on EcdsaSecp256k1RecoverySignature2020 -// Read more: https://identity.foundation/EcdsaSecp256k1RecoverySignature2020/ -// LD Context: https://ns.did.ai/suites/secp256k1-2020/v1 -func EcdsaSecp256k1RecoverySignature2020Canonize(didDoc *types.DidDocument, didDocProof *types.DocumentProof) ([]byte, error) { - jsonLdDid := NewJsonLdDid(didDoc) - canonizedDidDocument, err := jsonLdDid.NormalizeWithURDNA2015() - if err != nil { - return nil, err - } - - canonizedDidDocumentHash := sha256.Sum256([]byte(canonizedDidDocument)) - - jsonLdDocumentProof := NewJsonLdDocumentProof(didDocProof, didDoc.Context) - canonizedDocumentProof, err := jsonLdDocumentProof.NormalizeWithURDNA2015() - if err != nil { - return nil, err - } - canonizedDocumentProofHash := sha256.Sum256([]byte(canonizedDocumentProof)) - - var finalNormalizedHash []byte = []byte{} - // NOTE: The order is: ProofHash + DocumentHash - finalNormalizedHash = append(finalNormalizedHash, canonizedDocumentProofHash[:]...) - finalNormalizedHash = append(finalNormalizedHash, canonizedDidDocumentHash[:]...) - - return finalNormalizedHash, nil -} - -// BbsBlsSignature2020Canonize canonizes the DID Document for the -// BbsBlsSignature2020 signature type -func BbsBlsSignature2020Canonize(didDoc *types.DidDocument, didDocProof *types.DocumentProof) ([]byte, error) { - jsonLdDid := NewJsonLdDid(didDoc) - canonizedDidDocument, err := jsonLdDid.NormalizeWithURDNA2015() - if err != nil { - return nil, err - } - - canonizedDidDocumentHash := sha256.Sum256([]byte(canonizedDidDocument)) - - jsonLdDocumentProof := NewJsonLdDocumentProof(didDocProof, didDoc.Context) - canonizedDocumentProof, err := jsonLdDocumentProof.NormalizeWithURDNA2015() - if err != nil { - return nil, err - } - canonizedDocumentProofHash := sha256.Sum256([]byte(canonizedDocumentProof)) - - var finalNormalizedHash []byte = []byte{} - // NOTE: The order is: ProofHash + DocumentHash - finalNormalizedHash = append(finalNormalizedHash, canonizedDocumentProofHash[:]...) - finalNormalizedHash = append(finalNormalizedHash, canonizedDidDocumentHash[:]...) - - return finalNormalizedHash, nil -} - -// EcdsaSecp256k1Signature2019Canonize canonizes the DID Document for the -// EcdsaSecp256k1Signature2019 signature type -func EcdsaSecp256k1Signature2019Canonize(didDoc *types.DidDocument, didDocProof *types.DocumentProof) ([]byte, error) { - jsonLdDid := NewJsonLdDid(didDoc) - canonizedDidDocument, err := jsonLdDid.NormalizeWithURDNA2015() - if err != nil { - return nil, err - } - canonizedDidDocumentHash := sha256.Sum256([]byte(canonizedDidDocument)) - - jsonLdDocumentProof := NewJsonLdDocumentProof(didDocProof, didDoc.Context) - canonizedDocumentProof, err := jsonLdDocumentProof.NormalizeWithURDNA2015() - if err != nil { - return nil, err - } - canonizedDocumentProofHash := sha256.Sum256([]byte(canonizedDocumentProof)) - - var finalNormalizedHash []byte = []byte{} - // NOTE: The order is: ProofHash + DocumentHash - finalNormalizedHash = append(finalNormalizedHash, canonizedDocumentProofHash[:]...) - finalNormalizedHash = append(finalNormalizedHash, canonizedDidDocumentHash[:]...) - - return finalNormalizedHash, nil -} diff --git a/x/ssi/verification/client_spec.go b/x/ssi/verification/client_spec.go index 9ea2207..c565ca2 100644 --- a/x/ssi/verification/client_spec.go +++ b/x/ssi/verification/client_spec.go @@ -67,7 +67,7 @@ func getDocBytesByClientSpec(ssiMsg types.SsiMsg, extendedVm *types.ExtendedVeri } if didDoc, ok := ssiMsg.(*types.DidDocument); ok && len(didDoc.Context) > 0 { - canonizedDidDocHash, err := ldcontext.EcdsaSecp256k1Signature2019Canonize(didDoc, extendedVm.Proof) + canonizedDidDocHash, err := ldcontext.EcdsaSecp256k1Signature2019Normalize(didDoc, extendedVm.Proof) if err != nil { return nil, err } @@ -77,18 +77,18 @@ func getDocBytesByClientSpec(ssiMsg types.SsiMsg, extendedVm *types.ExtendedVeri return getCosmosADR036SignDocBytes(ssiMsg.GetSignBytes(), signerAddress) case types.CLIENT_SPEC_TYPE_ETH_PERSONAL_SIGN: if didDoc, ok := ssiMsg.(*types.DidDocument); ok && len(didDoc.Context) > 0 { - canonizedDidDocHash, err := ldcontext.EcdsaSecp256k1RecoverySignature2020Canonize(didDoc, extendedVm.Proof) + canonizedDidDocHash, err := ldcontext.EcdsaSecp256k1RecoverySignature2020Normalize(didDoc, extendedVm.Proof) if err != nil { return nil, err } - // TODO: This is temporary fix eth.personal.sign() client function, since it only signs JSON + // TODO: This is temporary fix eth.personal.sign() client function, since it only signs JSON // stringified document and hence the following struct was used to sign from the Client end. - return json.Marshal(struct{ - DidId string `json:"didId"` + return json.Marshal(struct { + DidId string `json:"didId"` DidDocDigest string `json:"didDocDigest"` - } { - DidId: didDoc.Id, + }{ + DidId: didDoc.Id, DidDocDigest: hex.EncodeToString(canonizedDidDocHash), }) }