diff --git a/component/models/dataintegrity/integration_test.go b/component/models/dataintegrity/integration_test.go index 48d172d1c..085e083c8 100644 --- a/component/models/dataintegrity/integration_test.go +++ b/component/models/dataintegrity/integration_test.go @@ -41,19 +41,27 @@ const ( ) func TestIntegration(t *testing.T) { - signerOpts := suiteOptions(t) + suiteOpts := suiteOptions(t) - signerInit := ecdsa2019.NewSigner(signerOpts) + signerInit := ecdsa2019.NewSignerInitializer(&ecdsa2019.SignerInitializerOptions{ + LDDocumentLoader: suiteOpts.LDDocumentLoader, + Signer: suiteOpts.Signer, + KMS: nil, + }) - verifierInit := ecdsa2019.NewVerifier(suiteOptions(t)) + verifierInit := ecdsa2019.NewVerifierInitializer(&ecdsa2019.VerifierInitializerOptions{ + LDDocumentLoader: suiteOpts.LDDocumentLoader, + Verifier: suiteOpts.Verifier, + KMS: nil, + }) - _, p256Bytes, err := signerOpts.KMS.CreateAndExportPubKeyBytes(kmsapi.ECDSAP256IEEEP1363) + _, p256Bytes, err := suiteOpts.KMS.CreateAndExportPubKeyBytes(kmsapi.ECDSAP256IEEEP1363) require.NoError(t, err) p256JWK, err := jwkkid.BuildJWK(p256Bytes, kmsapi.ECDSAP256IEEEP1363) require.NoError(t, err) - _, p384Bytes, err := signerOpts.KMS.CreateAndExportPubKeyBytes(kmsapi.ECDSAP384IEEEP1363) + _, p384Bytes, err := suiteOpts.KMS.CreateAndExportPubKeyBytes(kmsapi.ECDSAP384IEEEP1363) require.NoError(t, err) p384JWK, err := jwkkid.BuildJWK(p384Bytes, kmsapi.ECDSAP384IEEEP1363) @@ -193,7 +201,8 @@ func suiteOptions(t *testing.T) *ecdsa2019.Options { return &ecdsa2019.Options{ LDDocumentLoader: docLoader, - Crypto: cr, + Signer: cr, + Verifier: cr, KMS: kms, } } diff --git a/component/models/dataintegrity/suite/ecdsa2019/ecdsa2019.go b/component/models/dataintegrity/suite/ecdsa2019/ecdsa2019.go index bf080592a..fb7101a8f 100644 --- a/component/models/dataintegrity/suite/ecdsa2019/ecdsa2019.go +++ b/component/models/dataintegrity/suite/ecdsa2019/ecdsa2019.go @@ -25,7 +25,6 @@ import ( "github.com/hyperledger/aries-framework-go/component/models/dataintegrity/models" "github.com/hyperledger/aries-framework-go/component/models/dataintegrity/suite" "github.com/hyperledger/aries-framework-go/component/models/ld/processor" - cryptoapi "github.com/hyperledger/aries-framework-go/spi/crypto" ) const ( @@ -35,17 +34,37 @@ const ( SuiteType = "ecdsa-2019" ) +// A Signer is able to sign messages. +type Signer interface { + // Sign will sign msg using a matching signature primitive in kh key handle of a private key + // returns: + // signature in []byte + // error in case of errors + Sign(msg []byte, kh interface{}) ([]byte, error) +} + +// A Verifier is able to verify messages. +type Verifier interface { + // Verify will verify a signature for the given msg using a matching signature primitive in kh key handle of + // a public key + // returns: + // error in case of errors or nil if signature verification was successful + Verify(signature, msg []byte, kh interface{}) error +} + // Suite implements the ecdsa-2019 data integrity cryptographic suite. type Suite struct { ldLoader ld.DocumentLoader - crypto cryptoapi.Crypto + signer Signer + verifier Verifier kms kmsapi.KeyManager } // Options provides initialization options for Suite. type Options struct { LDDocumentLoader ld.DocumentLoader - Crypto cryptoapi.Crypto + Signer Signer + Verifier Verifier KMS kmsapi.KeyManager } @@ -57,7 +76,8 @@ func New(options *Options) SuiteInitializer { return func() (suite.Suite, error) { return &Suite{ ldLoader: options.LDDocumentLoader, - crypto: options.Crypto, + signer: options.Signer, + verifier: options.Verifier, kms: options.KMS, }, nil } @@ -81,16 +101,38 @@ func (i initializer) Type() string { return SuiteType } -// NewSigner returns a suite.SignerInitializer that initializes an ecdsa-2019 -// signing Suite with the given Options. -func NewSigner(options *Options) suite.SignerInitializer { - return initializer(New(options)) +// SignerInitializerOptions provides options for a SignerInitializer. +type SignerInitializerOptions struct { + LDDocumentLoader ld.DocumentLoader + Signer Signer + KMS kmsapi.KeyManager +} + +// NewSignerInitializer returns a suite.SignerInitializer that initializes an ecdsa-2019 +// signing Suite with the given SignerInitializerOptions. +func NewSignerInitializer(options *SignerInitializerOptions) suite.SignerInitializer { + return initializer(New(&Options{ + LDDocumentLoader: options.LDDocumentLoader, + Signer: options.Signer, + KMS: options.KMS, + })) +} + +// VerifierInitializerOptions provides options for a VerifierInitializer. +type VerifierInitializerOptions struct { + LDDocumentLoader ld.DocumentLoader + Verifier Verifier + KMS kmsapi.KeyManager } -// NewVerifier returns a suite.VerifierInitializer that initializes an -// ecdsa-2019 verification Suite with the given Options. -func NewVerifier(options *Options) suite.VerifierInitializer { - return initializer(New(options)) +// NewVerifierInitializer returns a suite.VerifierInitializer that initializes an +// ecdsa-2019 verification Suite with the given VerifierInitializerOptions. +func NewVerifierInitializer(options *VerifierInitializerOptions) suite.VerifierInitializer { + return initializer(New(&Options{ + LDDocumentLoader: options.LDDocumentLoader, + Verifier: options.Verifier, + KMS: options.KMS, + })) } const ( @@ -105,7 +147,7 @@ func (s *Suite) CreateProof(doc []byte, opts *models.ProofOptions) (*models.Proo return nil, err } - sig, err := sign(docHash, vmKey, s.crypto, s.kms) + sig, err := sign(docHash, vmKey, s.signer, s.kms) if err != nil { return nil, err } @@ -189,7 +231,7 @@ func (s *Suite) VerifyProof(doc []byte, proof *models.Proof, opts *models.ProofO return fmt.Errorf("decoding proofValue: %w", err) } - err = verify(sigBase, sig, vmKey, s.crypto, s.kms) + err = verify(sigBase, sig, vmKey, s.verifier, s.kms) if err != nil { return fmt.Errorf("failed to verify ecdsa-2019 DI proof: %w", err) } @@ -252,7 +294,7 @@ func kmsKID(key *jwk.JWK) (string, error) { return base64.RawURLEncoding.EncodeToString(tp), nil } -func sign(sigBase []byte, key *jwk.JWK, cr cryptoapi.Crypto, kms kmsapi.KeyManager) ([]byte, error) { +func sign(sigBase []byte, key *jwk.JWK, signer Signer, kms kmsapi.KeyManager) ([]byte, error) { kid, err := kmsKID(key) if err != nil { return nil, err @@ -263,7 +305,7 @@ func sign(sigBase []byte, key *jwk.JWK, cr cryptoapi.Crypto, kms kmsapi.KeyManag return nil, err } - sig, err := cr.Sign(sigBase, kh) + sig, err := signer.Sign(sigBase, kh) if err != nil { return nil, err } @@ -271,7 +313,7 @@ func sign(sigBase []byte, key *jwk.JWK, cr cryptoapi.Crypto, kms kmsapi.KeyManag return sig, nil } -func verify(sigBase, sig []byte, key *jwk.JWK, cr cryptoapi.Crypto, kms kmsapi.KeyManager) error { +func verify(sigBase, sig []byte, key *jwk.JWK, verifier Verifier, kms kmsapi.KeyManager) error { pkBytes, err := key.PublicKeyBytes() if err != nil { return fmt.Errorf("getting verification key bytes: %w", err) @@ -287,7 +329,7 @@ func verify(sigBase, sig []byte, key *jwk.JWK, cr cryptoapi.Crypto, kms kmsapi.K return err } - err = cr.Verify(sig, sigBase, kh) + err = verifier.Verify(sig, sigBase, kh) if err != nil { return err } diff --git a/component/models/dataintegrity/suite/ecdsa2019/ecdsa2019_test.go b/component/models/dataintegrity/suite/ecdsa2019/ecdsa2019_test.go index 45c284604..42edcdcd8 100644 --- a/component/models/dataintegrity/suite/ecdsa2019/ecdsa2019_test.go +++ b/component/models/dataintegrity/suite/ecdsa2019/ecdsa2019_test.go @@ -49,9 +49,9 @@ func TestNew(t *testing.T) { kms := &mockkms.KeyManager{} t.Run("signer success", func(t *testing.T) { - sigInit := NewSigner(&Options{ + sigInit := NewSignerInitializer(&SignerInitializerOptions{ LDDocumentLoader: docLoader, - Crypto: cryp, + Signer: cryp, KMS: kms, }) @@ -62,9 +62,9 @@ func TestNew(t *testing.T) { }) t.Run("verifier success", func(t *testing.T) { - verInit := NewVerifier(&Options{ + verInit := NewVerifierInitializer(&VerifierInitializerOptions{ LDDocumentLoader: docLoader, - Crypto: cryp, + Verifier: cryp, KMS: kms, }) @@ -135,9 +135,9 @@ func successCase(t *testing.T) *testCase { } func testSign(t *testing.T, tc *testCase) { - sigInit := NewSigner(&Options{ + sigInit := NewSignerInitializer(&SignerInitializerOptions{ LDDocumentLoader: tc.docLoader, - Crypto: tc.crypto, + Signer: tc.crypto, KMS: tc.kms, }) @@ -164,9 +164,9 @@ func testSign(t *testing.T, tc *testCase) { } func testVerify(t *testing.T, tc *testCase) { - verInit := NewVerifier(&Options{ + verInit := NewVerifierInitializer(&VerifierInitializerOptions{ LDDocumentLoader: tc.docLoader, - Crypto: tc.crypto, + Verifier: tc.crypto, KMS: tc.kms, }) diff --git a/component/models/dataintegrity/suite/ecdsa2019/integration_test.go b/component/models/dataintegrity/suite/ecdsa2019/integration_test.go index aee268107..3bd35ccd3 100644 --- a/component/models/dataintegrity/suite/ecdsa2019/integration_test.go +++ b/component/models/dataintegrity/suite/ecdsa2019/integration_test.go @@ -39,18 +39,18 @@ func TestIntegration(t *testing.T) { cr, err := tinkcrypto.New() require.NoError(t, err) - signerInit := NewSigner(&Options{ + signerInit := NewSignerInitializer(&SignerInitializerOptions{ LDDocumentLoader: docLoader, - Crypto: cr, + Signer: cr, KMS: kms, }) signer, err := signerInit.Signer() require.NoError(t, err) - verifierInit := NewVerifier(&Options{ + verifierInit := NewVerifierInitializer(&VerifierInitializerOptions{ LDDocumentLoader: docLoader, - Crypto: cr, + Verifier: cr, KMS: kms, }) diff --git a/component/models/verifiable/data_integrity_proof_test.go b/component/models/verifiable/data_integrity_proof_test.go index 762b38a93..2d2b63921 100644 --- a/component/models/verifiable/data_integrity_proof_test.go +++ b/component/models/verifiable/data_integrity_proof_test.go @@ -71,9 +71,9 @@ func Test_DataIntegrity_SignVerify(t *testing.T) { return makeMockDIDResolution(signingDID, vm, did.AssertionMethod), nil }) - signerSuite := ecdsa2019.NewSigner(&ecdsa2019.Options{ + signerSuite := ecdsa2019.NewSignerInitializer(&ecdsa2019.SignerInitializerOptions{ KMS: kms, - Crypto: cr, + Signer: cr, LDDocumentLoader: docLoader, }) @@ -91,9 +91,9 @@ func Test_DataIntegrity_SignVerify(t *testing.T) { Challenge: "mock-challenge", } - verifySuite := ecdsa2019.NewVerifier(&ecdsa2019.Options{ + verifySuite := ecdsa2019.NewVerifierInitializer(&ecdsa2019.VerifierInitializerOptions{ KMS: kms, - Crypto: cr, + Verifier: cr, LDDocumentLoader: docLoader, })