feat: Support Linked Data Signatures for JWS

pkg/didcomm/protocol/didexchange/states.go

@@ -23,7 +23,8 @@ import (
 	"github.com/hyperledger/aries-framework-go/pkg/didcomm/protocol/decorator"
 	"github.com/hyperledger/aries-framework-go/pkg/didcomm/protocol/route"
 	"github.com/hyperledger/aries-framework-go/pkg/doc/did"
-	"github.com/hyperledger/aries-framework-go/pkg/doc/signature/ed25519signature2018"
+	"github.com/hyperledger/aries-framework-go/pkg/doc/signature/suite"
+	"github.com/hyperledger/aries-framework-go/pkg/doc/signature/suite/ed25519signature2018"
 	"github.com/hyperledger/aries-framework-go/pkg/doc/signature/verifier"
 	"github.com/hyperledger/aries-framework-go/pkg/framework/aries/api/vdri"
 	"github.com/hyperledger/aries-framework-go/pkg/kms"
@@ -592,7 +593,7 @@ func verifySignature(connSignature *ConnectionSignature, recipientKeys string) (
 
 	// TODO: Replace with signed attachments issue-626
 	suiteVerifier := &ed25519signature2018.PublicKeyVerifier{}
-	signatureSuite := ed25519signature2018.New(ed25519signature2018.WithVerifier(suiteVerifier))
+	signatureSuite := ed25519signature2018.New(suite.WithVerifier(suiteVerifier))
 
 	err = signatureSuite.Verify(&verifier.PublicKey{
 		Type:  kms.ED25519,

pkg/doc/did/doc_test.go

@@ -21,8 +21,9 @@ import (
 	"github.com/btcsuite/btcutil/base58"
 	"github.com/stretchr/testify/require"
 
-	"github.com/hyperledger/aries-framework-go/pkg/doc/signature/ed25519signature2018"
 	"github.com/hyperledger/aries-framework-go/pkg/doc/signature/signer"
+	"github.com/hyperledger/aries-framework-go/pkg/doc/signature/suite"
+	"github.com/hyperledger/aries-framework-go/pkg/doc/signature/suite/ed25519signature2018"
 )
 
 const pemPK = `-----BEGIN PUBLIC KEY-----
@@ -813,26 +814,26 @@ func TestVerifyProof(t *testing.T) {
 
 		signedDoc := createSignedDidDocument(privKey, pubKey)
 
-		suite := ed25519signature2018.New(ed25519signature2018.WithVerifier(&ed25519signature2018.PublicKeyVerifier{}))
+		s := ed25519signature2018.New(suite.WithVerifier(&ed25519signature2018.PublicKeyVerifier{}))
 
 		// happy path - valid signed document
 		doc, err := ParseDocument(signedDoc)
 		require.Nil(t, err)
 		require.NotNil(t, doc)
-		err = doc.VerifyProof(suite)
+		err = doc.VerifyProof(s)
 		require.NoError(t, err)
 
 		// error - doc with invalid proof value
 		doc.Proof[0].ProofValue = []byte("invalid")
-		err = doc.VerifyProof(suite)
+		err = doc.VerifyProof(s)
 		require.NotNil(t, err)
 		require.Contains(t, err.Error(), "ed25519: invalid signature")
 
 		// error - doc with no proof
 		doc, err = ParseDocument([]byte(d))
 		require.NoError(t, err)
 		require.NotNil(t, doc)
-		err = doc.VerifyProof(suite)
+		err = doc.VerifyProof(s)
 		require.Equal(t, ErrProofNotFound, err)
 		require.Contains(t, err.Error(), "proof not found")
 	}
@@ -1089,7 +1090,7 @@ func createSignedDidDocument(privKey, pubKey []byte) []byte {
 		SignatureType: signatureType}
 
 	s := signer.New(ed25519signature2018.New(
-		ed25519signature2018.WithSigner(getSigner(privKey))))
+		suite.WithSigner(getSigner(privKey))))
 
 	signedDoc, err := s.Sign(context, jsonDoc)
 	if err != nil {

pkg/doc/signature/signer/signer_test.go

@@ -14,8 +14,9 @@ import (
 
 	"github.com/stretchr/testify/require"
 
-	"github.com/hyperledger/aries-framework-go/pkg/doc/signature/ed25519signature2018"
 	"github.com/hyperledger/aries-framework-go/pkg/doc/signature/proof"
+	"github.com/hyperledger/aries-framework-go/pkg/doc/signature/suite"
+	"github.com/hyperledger/aries-framework-go/pkg/doc/signature/suite/ed25519signature2018"
 )
 
 const signatureType = "Ed25519Signature2018"
@@ -24,7 +25,7 @@ func TestDocumentSigner_Sign(t *testing.T) {
 	context := getSignatureContext()
 
 	s := New(ed25519signature2018.New(
-		ed25519signature2018.WithSigner(
+		suite.WithSigner(
 			getSigner(generatePrivateKey()))))
 	signedDoc, err := s.Sign(context, []byte(validDoc))
 	require.NoError(t, err)
@@ -39,7 +40,7 @@ func TestDocumentSigner_Sign(t *testing.T) {
 func TestDocumentSigner_SignErrors(t *testing.T) {
 	context := getSignatureContext()
 	s := New(ed25519signature2018.New(
-		ed25519signature2018.WithSigner(
+		suite.WithSigner(
 			getSigner(generatePrivateKey()))))
 
 	// test invalid json
@@ -75,7 +76,7 @@ func TestDocumentSigner_SignErrors(t *testing.T) {
 	// test signing error
 	context = getSignatureContext()
 	s = New(ed25519signature2018.New(
-		ed25519signature2018.WithSigner(
+		suite.WithSigner(
 			getSigner([]byte("invalid")))))
 	signedDoc, err = s.Sign(context, []byte(validDoc))
 	require.NotNil(t, err)

pkg/doc/signature/suite/ed25519signature2018/suite.go

@@ -0,0 +1,67 @@
+/*
+Copyright SecureKey Technologies Inc. All Rights Reserved.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+// Package ed25519signature2018 implements the Ed25519Signature2018 signature suite
+// for the Linked Data Signatures [LD-SIGNATURES] specification.
+// It uses the RDF Dataset Normalization Algorithm [RDF-DATASET-NORMALIZATION]
+// to transform the input document into its canonical form.
+// It uses SHA-256 [RFC6234] as the message digest algorithm and
+// Ed25519 [ED25519] as the signature algorithm.
+package ed25519signature2018
+
+import (
+	"crypto/sha256"
+
+	"github.com/piprate/json-gold/ld"
+
+	"github.com/hyperledger/aries-framework-go/pkg/doc/signature/suite"
+)
+
+// Suite implements ed25519 signature suite
+type Suite struct {
+	suite.SignatureSuite
+}
+
+const (
+	signatureType = "Ed25519Signature2018"
+	format        = "application/n-quads"
+)
+
+// New an instance of ed25519 signature suite
+func New(opts ...suite.Opt) *Suite {
+	s := &Suite{}
+
+	suite.InitSuiteOptions(&s.SignatureSuite, opts...)
+
+	return s
+}
+
+// GetCanonicalDocument will return normalized/canonical version of the document
+// Ed25519Signature2018 signature SignatureSuite uses RDF Dataset Normalization as canonicalization algorithm
+func (s *Suite) GetCanonicalDocument(doc map[string]interface{}) ([]byte, error) {
+	proc := ld.NewJsonLdProcessor()
+	options := ld.NewJsonLdOptions("")
+	options.ProcessingMode = ld.JsonLd_1_1
+	options.Format = format
+	options.ProduceGeneralizedRdf = true
+
+	canonicalDoc, err := proc.Normalize(doc, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return []byte(canonicalDoc.(string)), nil
+}
+
+// GetDigest returns document digest
+func (s *Suite) GetDigest(doc []byte) []byte {
+	digest := sha256.Sum256(doc)
+	return digest[:]
+}
+
+// Accept will accept only ed25519 signature type
+func (s *Suite) Accept(t string) bool {
+	return t == signatureType
+}

pkg/doc/signature/ed25519signature2018/suite_crypto_test.go → pkg/doc/signature/suite/ed25519signature2018/suite_crypto_test.go

@@ -1,6 +1,5 @@
 /*
 Copyright SecureKey Technologies Inc. All Rights Reserved.
-
 SPDX-License-Identifier: Apache-2.0
 */
 
@@ -14,6 +13,7 @@ import (
 	"github.com/google/tink/go/keyset"
 
 	"github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto"
+	"github.com/hyperledger/aries-framework-go/pkg/doc/signature/suite"
 	sigverifier "github.com/hyperledger/aries-framework-go/pkg/doc/signature/verifier"
 	kmsapi "github.com/hyperledger/aries-framework-go/pkg/kms"
 	"github.com/hyperledger/aries-framework-go/pkg/kms/localkms"
@@ -34,13 +34,13 @@ func TestNewCryptoSignerAndVerifier(t *testing.T) {
 
 	doc := []byte("test doc")
 
-	suiteSigner := NewCryptoSigner(tinkCrypto, kh)
-	suiteVerifier := NewCryptoVerifier(&Crypto{
+	suiteSigner := suite.NewCryptoSigner(tinkCrypto, kh)
+	suiteVerifier := suite.NewCryptoVerifier(&Crypto{
 		Crypto:   tinkCrypto,
 		localKMS: lKMS,
 	})
 
-	ss := New(WithSigner(suiteSigner), WithVerifier(suiteVerifier))
+	ss := New(suite.WithSigner(suiteSigner), suite.WithVerifier(suiteVerifier))
 
 	docSig, err := ss.Sign(doc)
 	if err != nil {