UNPKG

@vqp/core

Version:

Core VQP protocol implementation - adapter-agnostic

126 lines 4.37 kB
/** * VQP Verifier - Validates cryptographic proofs in VQP responses * * This is a separate component from VQPService because verification * is often done by different parties than those generating responses. */ export class VQPVerifier { crypto; constructor(crypto) { this.crypto = crypto; } /** * Verify a VQP response's cryptographic proof */ async verify(response) { try { switch (response.proof.type) { case 'signature': return await this.verifySignature(response); case 'zk-snark': return await this.verifyZKProof(response); case 'multisig': return await this.verifyMultiSignature(response); default: throw new Error(`Unsupported proof type: ${response.proof.type}`); } } catch (error) { console.error('Verification failed:', error); return false; } } /** * Verify digital signature proof */ async verifySignature(response) { if (response.proof.type !== 'signature') { return false; } const { publicKey, signature } = response.proof; if (!publicKey || !signature) { throw new Error('Missing publicKey or signature in proof'); } // Create the payload that should have been signed const signaturePayload = this.createSignaturePayload(response); const payloadBuffer = Buffer.from(JSON.stringify(signaturePayload)); // Create a signature proof object for verification const signatureProof = { type: 'signature', algorithm: response.proof.algorithm || 'ed25519', publicKey, signature, }; return await this.crypto.verify(signatureProof, payloadBuffer, publicKey); } /** * Verify zero-knowledge proof */ async verifyZKProof(response) { if (response.proof.type !== 'zk-snark') { return false; } // TODO: Implement ZK proof verification // This would use the circuit and public inputs to verify the proof throw new Error('ZK proof verification not yet implemented'); } /** * Verify multi-signature proof */ async verifyMultiSignature(response) { if (response.proof.type !== 'multisig') { return false; } // TODO: Implement multi-signature verification throw new Error('Multi-signature verification not yet implemented'); } /** * Create the canonical payload that should be signed */ createSignaturePayload(response) { return { queryId: response.queryId, result: response.result, timestamp: response.timestamp, responder: response.responder, }; } /** * Verify response metadata (timestamps, IDs, etc.) */ async verifyMetadata(response, originalQueryId) { // Check timestamp is reasonable (not too old, not in future) const responseTime = new Date(response.timestamp); const now = new Date(); const maxAge = 24 * 60 * 60 * 1000; // 24 hours const maxSkew = 5 * 60 * 1000; // 5 minutes if (responseTime.getTime() > now.getTime() + maxSkew) { return false; // Response from future } if (now.getTime() - responseTime.getTime() > maxAge) { return false; // Response too old } // Verify query ID matches if provided if (originalQueryId && response.queryId !== originalQueryId) { return false; } // Verify required fields are present if (!response.queryId || !response.version || !response.responder) { return false; } return true; } /** * Full verification: both cryptographic proof and metadata */ async verifyComplete(response, originalQueryId) { const cryptographicProof = await this.verify(response); const metadata = await this.verifyMetadata(response, originalQueryId); return { cryptographicProof, metadata, overall: cryptographicProof && metadata, }; } } //# sourceMappingURL=vqp-verifier.js.map