di-wings
Version:
Aviary Tech's common library for decentralized identity
310 lines • 14.6 kB
TypeScript
import { type DocumentLoader, type VerificationResult } from "../../../crypto";
import type { DataIntegrityProof, ProofOptions } from "../proofs/data-integrity";
import { Multikey } from "../../../crypto/keypairs/Multikey";
import type { VerifiableCredential } from "../types";
interface VerifyData {
bbsProof: Uint8Array;
proofHash: Uint8Array;
mandatoryHash: Uint8Array;
selectiveIndexes: number[];
presentationHeader: Uint8Array;
nonMandatory: Uint8Array[];
featureOption: string;
pseudonym?: string;
lengthBBSMessages?: number;
}
interface TransformationOptions {
type: string;
cryptosuite: string;
verificationMethod: string;
mandatoryPointers?: string[];
documentLoader?: (url: string) => Promise<any>;
}
interface HashData {
proofHash: string;
mandatoryHash: string;
[key: string]: any;
}
export declare class BBSCryptosuiteManager {
static name: string;
private readonly keypair;
constructor(keypair: Multikey);
/**
* Compares two byte arrays
*
* @param a - The first byte array
* @param b - The second byte array
* @returns boolean
*/
private static compareBytes;
/**
* Gets the public key from the keypair
*
* @returns Uint8Array
*/
private getPublicKey;
/**
* Signs messages using the BBS signature scheme
*
* @param header - The header to use for signing
* @param messages - The messages to sign
* @returns Uint8Array
*/
private sign;
/**
* Performs blind signing for anonymous holder binding
*
* @param header - The header to use for signing
* @param messages - The messages to sign
* @param commitment - The commitment to use for signing
* @param signer_blind - The signer blind to use for signing
* @returns Promise<Uint8Array>
*/
private blindSign;
/**
* Generates a cryptographically random PID
*
* @returns string
*/
private generatePid;
/**
* Signs with PID for pseudonym issuer pid feature
*
* @param header - The header to use for signing
* @param messages - The messages to sign
* @param pid - The PID to use for signing
* @returns Uint8Array
*/
private signWithPid;
/**
* Signs with hidden PID for pseudonym hidden pid feature
*
* @param header - The header to use for signing
* @param messages - The messages to sign
* @param commitment - The commitment to use for signing
* @returns Promise<{ signature: Uint8Array, signer_blind: Uint8Array }>
*/
private signWithHiddenPid;
/**
* https://www.w3.org/TR/vc-di-bbs/#serializebaseproofvalue
* Data Integrity BBS Cryptosuite v1.0
* 3.3.1 - serializes the components of a bbs-2023 base proof value.
*
* params:
* @param bbsSignature - Uint8Array
* @param bbsHeader - Uint8Array
* @param publicKey - Uint8Array
* @param hmacKey - Uint8Array
* @param mandatoryPointers - string[]
* @param featureOption - string
* @param pid - string
* @param signer_blind - Uint8Array
* @returns string
*/
static serializeBaseProofValue(bbsSignature: Uint8Array, bbsHeader: Uint8Array, publicKey: Uint8Array, hmacKey: Uint8Array, mandatoryPointers: string[], featureOption: string, pid?: Uint8Array, signer_blind?: Uint8Array): string;
/**
* https://www.w3.org/TR/vc-di-bbs/#parsebaseproofvalue
* Data Integrity BBS Cryptosuite v1.0
* 3.3.2 - Parses the components of a bbs-2023 selective disclosure base proof value.
*
* @param proofValue - The proof value string to parse
* @returns ParsedBaseProof containing the parsed components
* @throws Error if parsing fails or proof value is invalid
*/
private static parseBaseProofValue;
/**
* https://www.w3.org/TR/vc-di-bbs/#createdisclosuredata
* Data Integrity BBS Cryptosuite v1.0
* 3.3.3 - Creates data to be used to generate a derived proof.
*
* @param document - The JSON-LD document to create disclosure data for
* @param proof - The BBS base proof to derive from
* @param selectivePointers - Array of JSON pointers indicating statements to selectively disclose
* @param featureOption - The feature option being used (baseline, anonymous_holder_binding, etc)
* @param options - Additional options including document loader
* @param presentationHeader - Optional BBS presentation header
* @param additionalFeatureOptions - Additional options required by specific features
* @returns DisclosureData containing the data needed for derived proof generation
* @throws Error if data creation fails or required parameters are missing
*/
private static createDisclosureData;
/**
* https://www.w3.org/TR/vc-di-bbs/#compresslabelmap
* Data Integrity BBS Cryptosuite v1.0
* 3.3.4 - Compresses a label map according to the BBS cryptosuite specification
*
* @param labelMap - Array of label mappings to compress
* @returns Object containing compressed label mappings
* @throws Error if compression fails or input is invalid
*/
private static compressLabelMap;
/**
* https://www.w3.org/TR/vc-di-bbs/#decompresslabelmap
* Data Integrity BBS Cryptosuite v1.0
* 3.3.5 - Decompresses a label map according to the BBS cryptosuite specification.
*
* @param compressedLabelMap - Object containing compressed label mappings as key-value pairs
* @returns Array of strings representing the decompressed label map
* @throws Error if decompression fails or input is invalid
*/
private static decompressLabelMap;
/**
* https://www.w3.org/TR/vc-di-bbs/#serializederivedproofvalue
* Data Integrity BBS Cryptosuite v1.0
* 3.3.6 - Serializes a derived proof value according to the BBS cryptosuite specification
*
* @param bbsProof - The BBS proof to serialize
* @param labelMap - Array of label mappings
* @param mandatoryIndexes - Array of mandatory statement indexes
* @param selectiveIndexes - Array of selectively disclosed statement indexes
* @param presentationHeader - Optional BBS presentation header
* @param featureOption - The feature option being used (baseline, anonymous_holder_binding, etc)
* @param pseudonym - Optional pseudonym value for pseudonym features
* @param lengthBBSMessages - Optional length of BBS messages for certain features
* @returns Uint8Array containing the serialized derived proof value
* @throws Error if serialization fails or feature option is unsupported
*/
static serializeDerivedProofValue(bbsProof: Uint8Array, labelMap: {
[key: string]: string;
}, mandatoryIndexes: number[], selectiveIndexes: number[], presentationHeader: Uint8Array, featureOption: string, pseudonym?: string, lengthBBSMessages?: number): string;
/**
* https://www.w3.org/TR/vc-di-bbs/#parsederivedproofvalue
* Data Integrity BBS Cryptosuite v1.0
* 3.3.7 - Parses the components of the derived proof value.
*
* @param proofValue - The derived proof value string to parse
* @returns DerivedProofValue containing the parsed components
* @throws Error if parsing fails or proof value is invalid
*/
private static parseDerivedProofValue;
/**
* https://www.w3.org/TR/vc-di-bbs/#createverifydata
* Data Integrity BBS Cryptosuite v1.0
* 3.3.8 - Creates the data needed to perform verification of a BBS-protected verifiable credential.
*
* @param document - The JSON-LD document to verify
* @param proof - The BBS disclosure proof to verify
* @param options - Additional options including document loader
* @returns VerifyData containing the data needed for verification
* @throws Error if data creation fails or required parameters are missing
*/
static createVerifyData(document: any, proof: DataIntegrityProof, options: {
documentLoader?: (url: string) => Promise<any>;
}): Promise<VerifyData>;
/**
* https://www.w3.org/TR/vc-di-bbs/#create-base-proof-bbs-2023
* Data Integrity BBS Cryptosuite v1.0
* 3.4.1 - Creates a data integrity proof given an unsecured data document.
*
* @param unsecuredDocument - The unsecured data document to create a proof for
* @param options - Proof options containing type, cryptosuite, verificationMethod etc
* @param mandatoryPointers - Array of JSON pointers indicating mandatory statements
* @param featureOption - Optional feature to use (baseline, anonymous_holder_binding, etc)
* @param commitment_with_proof - Optional commitment with proof required for certain features
* @returns Promise<DataIntegrityProof> The created proof
* @throws Error if proof creation fails
*/
createBaseProof(unsecuredDocument: any, options: ProofOptions, mandatoryPointers?: string[], featureOption?: string, commitment_with_proof?: Uint8Array): Promise<DataIntegrityProof>;
static createProof(document: any, options: ProofOptions): Promise<DataIntegrityProof>;
/**
* https://www.w3.org/TR/vc-di-bbs/#base-proof-transformation-bbs-2023
* Data Integrity BBS Cryptosuites v1.0
* 3.4.2 - Transforms an unsecured input document into a transformed document ready
* to be provided as input to the hashing algorithm.
*
* @param unsecuredDocument - The unsecured data document to transform
* @param options - Transformation options containing type, cryptosuite, verificationMethod and optional mandatoryPointers
* @returns Transformed document containing mandatory and non-mandatory statements
* @throws Error if transformation fails or options are invalid
*/
static baseProofTransformation(unsecuredDocument: any, options: TransformationOptions): Promise<{
mandatory: string[];
nonMandatory: string[];
hmacKey: Uint8Array;
mandatoryPointers: string[];
}>;
/**
* https://www.w3.org/TR/vc-di-bbs/#baseproofhashing
* Data Integrity BBS Cryptosuites v1.0
* 3.4.3 - Cryptographically hashes a transformed data document and proof configuration
* into cryptographic hash data that is ready to be provided as input to baseProofSerialization.
*
* @param transformedDocument - The transformed document containing mandatory and non-mandatory statements
* @param canonicalProofConfig - The canonical proof configuration
* @returns HashData containing proofHash and mandatoryHash
* @throws Error if hashing fails
*/
static baseProofHashing(transformedDocument: any, canonicalProofConfig: string): HashData;
/**
* 3.4.4 - generates a proof configuration from a set of proof options that is used as input to baseProofHashing.
*
* params:
* @param options - ProofOptions
* @param context - string[]
* @returns Promise<string>
*/
static baseProofConfiguration(options: ProofOptions, context: string[]): Promise<string>;
/**
* https://www.w3.org/TR/vc-di-bbs/#base-proof-serialization
* Data Integrity BBS Cryptosuite v1.0
* 3.4.5 - Creates a base proof by processing hash data according to feature options
*
* @param hashData - Hash data containing proofHash, mandatoryPointers, mandatoryHash, etc
* @param featureOption - The feature option to use (baseline, anonymous_holder_binding, etc)
* @param commitment_with_proof - Optional commitment with proof for certain feature options
* @param keypair - The keypair to use for signing
* @returns Uint8Array containing the proof value as digital proof
* @throws Error if required parameters are missing or signing fails
*/
baseProofSerialization(hashData: HashData, featureOption: string, commitment_with_proof?: Uint8Array): Promise<Uint8Array>;
/**
* https://www.w3.org/TR/vc-di-bbs/#add-derived-proof-bbs-2023
* Data Integrity BBS Cryptosuites v1.0
* 3.4.6 - Creates a selective disclosure derived proof from a BBS base proof
*
* @param document - The JSON-LD document to create a derived proof for
* @param proof - The BBS base proof to derive from
* @param selectivePointers - Array of JSON pointers indicating statements to selectively disclose
* @param featureOption - The feature option to use (baseline, anonymous_holder_binding, etc)
* @param options - Additional options including document loader
* @param presentationHeader - Optional BBS presentation header
* @param holderSecret - Required for anonymous_holder_binding
* @param proverBlind - Required for anonymous_holder_binding and pseudonym_hidden_pid
* @param verifier_id - Required for pseudonym features
* @param pid - Required for pseudonym_hidden_pid
* @returns The document with derived proof
* @throws Error if proof creation fails or required parameters are missing
*/
static addDerivedProof(document: any, proof: DataIntegrityProof, selectivePointers: string[], featureOption?: string, options?: {
documentLoader?: DocumentLoader;
}, presentationHeader?: Uint8Array, holderSecret?: string, proverBlind?: string, verifier_id?: string, pid?: string): Promise<VerifiableCredential>;
/**
* https://www.w3.org/TR/vc-di-bbs/#verify-derived-proof-bbs-2023
* Data Integrity BBS Cryptosuite v1.0
* 3.4.7 - Verifies a derived proof according to the BBS cryptosuite specification
*
* @param document - The document containing the derived proof to verify
* @param proof - The derived proof to verify
* @param options - Additional options including document loader
* @returns Promise<{ verified: boolean, verifiedDocument: any | null }>
*/
static verifyDerivedProof(securedDocument: any, options?: {
documentLoader?: DocumentLoader;
}): Promise<{
verified: boolean;
verifiedDocument: any;
}>;
/**
* Verifies a BBS proof according to the cryptosuite specification
*
* @param document - The document containing the proof to verify
* @param proof - The proof to verify
* @param options - Optional verification options
* @returns Promise<boolean> indicating if verification succeeded
*/
static verifyProof(document: Record<string, unknown>, proof: DataIntegrityProof, options?: {
documentLoader?: DocumentLoader;
}): Promise<VerificationResult>;
}
export {};
//# sourceMappingURL=bbs.d.ts.map