feat: add data integrity proof

Signed-off-by: Misha Sizov <[email protected]>

Author: mishasizov-SK

doc/did/doc.go

@@ -48,13 +48,16 @@ const (
 	jsonldController    = "controller"
 	jsonldOwner         = "owner"
 
-	jsonldCreator        = "creator"
-	jsonldCreated        = "created"
-	jsonldProofValue     = "proofValue"
-	jsonldSignatureValue = "signatureValue"
-	jsonldDomain         = "domain"
-	jsonldNonce          = "nonce"
-	jsonldProofPurpose   = "proofPurpose"
+	jsonldCreator            = "creator"
+	jsonldCreated            = "created"
+	jsonldProofValue         = "proofValue"
+	jsonldSignatureValue     = "signatureValue"
+	jsonldDomain             = "domain"
+	jsonldNonce              = "nonce"
+	jsonldProofPurpose       = "proofPurpose"
+	jsonldChallenge          = "challenge"
+	jsonldCryptoSuite        = "cryptosuite"
+	jsonldVerificationMethod = "verificationMethod"
 
 	// various public key encodings.
 	jsonldPublicKeyBase58    = "publicKeyBase58"
@@ -487,14 +490,17 @@ func (r *rawDoc) UnmarshalJSON(data []byte) error {
 
 // Proof is cryptographic proof of the integrity of the DID Document.
 type Proof struct {
-	Type         string
-	Created      *time.Time
-	Creator      string
-	ProofValue   []byte
-	Domain       string
-	Nonce        []byte
-	ProofPurpose string
-	relativeURL  bool
+	Type               string
+	Created            *time.Time
+	Creator            string
+	ProofValue         []byte
+	Domain             string
+	Nonce              []byte
+	ProofPurpose       string
+	CryptoSuite        string
+	Challenge          string
+	VerificationMethod string
+	relativeURL        bool
 }
 
 // UnmarshalJSON unmarshals a DID Document.
@@ -659,13 +665,16 @@ func populateProofs(context, didID, baseURI string, rawProofs []interface{}) ([]
 		}
 
 		proof := Proof{
-			Type:         stringEntry(emap[jsonldType]),
-			Creator:      creator,
-			ProofValue:   proofValue,
-			ProofPurpose: stringEntry(emap[jsonldProofPurpose]),
-			Domain:       stringEntry(emap[jsonldDomain]),
-			Nonce:        nonce,
-			relativeURL:  isRelative,
+			Type:               stringEntry(emap[jsonldType]),
+			Creator:            creator,
+			ProofValue:         proofValue,
+			ProofPurpose:       stringEntry(emap[jsonldProofPurpose]),
+			Domain:             stringEntry(emap[jsonldDomain]),
+			VerificationMethod: stringEntry(emap[jsonldVerificationMethod]),
+			CryptoSuite:        stringEntry(emap[jsonldCryptoSuite]),
+			Challenge:          stringEntry(emap[jsonldChallenge]),
+			Nonce:              nonce,
+			relativeURL:        isRelative,
 		}
 
 		created := stringEntry(emap[jsonldCreated])
@@ -1246,7 +1255,8 @@ func (doc *Doc) MarshalJSON() ([]byte, error) {
 }
 
 // VerifyProof verifies document proofs.
-func (doc *Doc) VerifyProof(suites []api.VerifierSuite, jsonldOpts ...processor.Opts) error {
+// Deprecated. Please use vc-go/verifiable.VerifyDIDProof().
+func (doc *Doc) VerifyProof(suites []api.VerifierSuite, opts ...processor.Opts) error {
 	if len(doc.Proof) == 0 {
 		return ErrProofNotFound
 	}
@@ -1261,7 +1271,7 @@ func (doc *Doc) VerifyProof(suites []api.VerifierSuite, jsonldOpts ...processor.
 		return fmt.Errorf("create verifier: %w", err)
 	}
 
-	return v.Verify(docBytes, jsonldOpts...)
+	return v.Verify(docBytes, opts...)
 }
 
 // VerificationMethods returns verification methods of DID Doc of certain relationship.
@@ -1565,13 +1575,16 @@ func populateRawProofs(context, didID, baseURI string, proofs []Proof) []interfa
 		}
 
 		rawProofs = append(rawProofs, map[string]interface{}{
-			jsonldType:         p.Type,
-			jsonldCreated:      p.Created,
-			jsonldCreator:      creator,
-			k:                  sigproof.EncodeProofValue(p.ProofValue, p.Type),
-			jsonldDomain:       p.Domain,
-			jsonldNonce:        base64.RawURLEncoding.EncodeToString(p.Nonce),
-			jsonldProofPurpose: p.ProofPurpose,
+			jsonldType:               p.Type,
+			jsonldCreated:            p.Created,
+			jsonldCreator:            creator,
+			k:                        sigproof.EncodeProofValue(p.ProofValue, p.Type),
+			jsonldDomain:             p.Domain,
+			jsonldNonce:              base64.RawURLEncoding.EncodeToString(p.Nonce),
+			jsonldProofPurpose:       p.ProofPurpose,
+			jsonldVerificationMethod: p.VerificationMethod,
+			jsonldCryptoSuite:        p.CryptoSuite,
+			jsonldChallenge:          p.Challenge,
 		})
 	}
 

doc/ld/proof/proof.go

@@ -9,7 +9,6 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
-	"strings"
 
 	"github.com/multiformats/go-multibase"
 
@@ -41,6 +40,7 @@ const (
 	jsonldCapabilityChain = "capabilityChain"
 
 	ed25519Signature2020 = "Ed25519Signature2020"
+	dataIntegrityProof   = "DataIntegrityProof"
 )
 
 // Proof is cryptographic proof of the integrity of the DID Document.
@@ -150,23 +150,21 @@ func decodeBase64(s string) ([]byte, error) {
 
 // DecodeProofValue decodes proofValue basing on proof type.
 func DecodeProofValue(s, proofType string) ([]byte, error) {
-	if proofType == ed25519Signature2020 {
+	switch proofType {
+	case ed25519Signature2020:
 		_, value, err := multibase.Decode(s)
 		if err == nil {
 			return value, nil
 		}
 
 		return nil, errors.New("unsupported encoding")
+	case dataIntegrityProof:
+		// No need to decode Data integrity proof as encoding/decoding logic for this proof type
+		// is managed by vc-go/dataintegrity package.
+		return []byte(s), nil
+	default:
+		return decodeBase64(s)
 	}
-
-	if strings.HasPrefix(s, "z") { // maybe base58
-		_, value, err := multibase.Decode(s)
-		if err == nil {
-			return value, nil
-		}
-	}
-
-	return decodeBase64(s)
 }
 
 // stringEntry.
@@ -232,9 +230,14 @@ func (p *Proof) JSONLdObject() map[string]interface{} { // nolint:gocyclo
 
 // EncodeProofValue decodes proofValue basing on proof type.
 func EncodeProofValue(proofValue []byte, proofType string) string {
-	if proofType == ed25519Signature2020 {
+	switch proofType {
+	case ed25519Signature2020:
 		encoded, _ := multibase.Encode(multibase.Base58BTC, proofValue) //nolint: errcheck
 		return encoded
+	case dataIntegrityProof:
+		// No need to encode Data integrity proof as encoding/decoding logic for this proof type
+		// is managed by vc-go/dataintegrity package.
+		return string(proofValue)
 	}
 
 	return base64.RawURLEncoding.EncodeToString(proofValue)

doc/ld/proof/proof_test.go

@@ -30,6 +30,7 @@ func TestProof(t *testing.T) {
 		"domain":             "abc.com",
 		"nonce":              "",
 		"proofValue":         proofValueBase64,
+		"cryptosuite":        "ecdsa-rdfc-2019",
 	})
 	require.NoError(t, err)
 
@@ -47,6 +48,7 @@ func TestProof(t *testing.T) {
 	require.Equal(t, "abc.com", p.Domain)
 	require.Equal(t, []byte(""), p.Nonce)
 	require.Equal(t, proofValueBytes, p.ProofValue)
+	//require.Equal(t, "ecdsa-rdfc-2019", p.CryptoSuite)
 
 	// test proof with multibase encoding
 	p, err = NewProof(map[string]interface{}{
@@ -57,6 +59,7 @@ func TestProof(t *testing.T) {
 		"domain":             "abc.com",
 		"nonce":              "",
 		"proofValue":         proofValueMultibase,
+		//"cryptosuite":        "eddsa-rdfc-2022",
 	})
 	require.NoError(t, err)
 
@@ -74,6 +77,7 @@ func TestProof(t *testing.T) {
 	require.Equal(t, "abc.com", p.Domain)
 	require.Equal(t, []byte(""), p.Nonce)
 	require.Equal(t, proofValueBytes, p.ProofValue)
+	//require.Equal(t, "eddsa-rdfc-2022", p.CryptoSuite)
 
 	// test created time with milliseconds section
 	p, err = NewProof(map[string]interface{}{
@@ -391,6 +395,7 @@ func TestProof_JSONLdObject(t *testing.T) {
 		Domain:       "internal",
 		Nonce:        nonceBase64,
 		Challenge:    "sample-challenge-xyz",
+		//CryptoSuite:  "eddsa-rdfc-2022",
 	}
 
 	pJSONLd := p.JSONLdObject()
@@ -403,6 +408,7 @@ func TestProof_JSONLdObject(t *testing.T) {
 	r.Equal("internal", pJSONLd["domain"])
 	r.Equal("abc", pJSONLd["nonce"])
 	r.Equal("sample-challenge-xyz", pJSONLd["challenge"])
+	r.Equal("eddsa-rdfc-2022", pJSONLd["cryptosuite"])
 
 	// test created time with milliseconds section
 	created, err = time.Parse(time.RFC3339Nano, "2018-03-15T00:00:00.972Z")

doc/signature/signer/signer.go

@@ -36,6 +36,7 @@ func New(signatureSuites ...SignatureSuite) *DocumentSigner {
 }
 
 // Sign  will sign JSON LD document.
+// Deprecated. Please use vc-go/verifiable.AddDIDLinkedDataProof().
 func (signer *DocumentSigner) Sign(
 	context *Context,
 	jsonLdDoc []byte,

doc/signature/verifier/verifier.go

@@ -40,6 +40,7 @@ func New(resolver keyResolver, suites ...api.VerifierSuite) (*DocumentVerifier,
 }
 
 // Verify will verify document proofs.
+// Deprecated. Please use vc-go/verifiable.VerifyDIDProof().
 func (dv *DocumentVerifier) Verify(jsonLdDoc []byte, opts ...processor.Opts) error {
 	var jsonLdObject map[string]interface{}
 
@@ -52,6 +53,7 @@ func (dv *DocumentVerifier) Verify(jsonLdDoc []byte, opts ...processor.Opts) err
 }
 
 // VerifyObject will verify document proofs for JSON LD object.
+// Deprecated. Please use vc-go/verifiable.VerifyDIDProof().
 func (dv *DocumentVerifier) VerifyObject(jsonLdObject map[string]interface{}, opts ...processor.Opts) error {
 	proofs, err := proof.GetProofs(jsonLdObject)
 	if err != nil {