diff --git a/pkg/api/protocol/protocol.go b/pkg/api/protocol/protocol.go index fd4e0fcd..ae933e45 100644 --- a/pkg/api/protocol/protocol.go +++ b/pkg/api/protocol/protocol.go @@ -10,7 +10,6 @@ import ( "github.com/trustbloc/sidetree-core-go/pkg/api/operation" "github.com/trustbloc/sidetree-core-go/pkg/api/txn" "github.com/trustbloc/sidetree-core-go/pkg/document" - "github.com/trustbloc/sidetree-core-go/pkg/jws" "github.com/trustbloc/sidetree-core-go/pkg/patch" ) @@ -72,7 +71,7 @@ type TxnProcessor interface { type OperationParser interface { Parse(namespace string, operation []byte) (*operation.Operation, error) ParseDID(namespace, shortOrLongFormDID string) (string, []byte, error) - GetRevealValue(operation []byte) (*jws.JWK, error) + GetRevealValue(operation []byte) (string, error) GetCommitment(operation []byte) (string, error) } diff --git a/pkg/batch/writer_test.go b/pkg/batch/writer_test.go index 80ce1662..bcc1c6d4 100644 --- a/pkg/batch/writer_test.go +++ b/pkg/batch/writer_test.go @@ -478,12 +478,12 @@ func generateOperation(num int) (*operation.QueuedOperation, error) { Y: "y", } - updateCommitment, err := commitment.Calculate(updateJwk, sha2_256) + updateCommitment, err := commitment.GetCommitment(updateJwk, sha2_256) if err != nil { return nil, err } - recoverComitment, err := commitment.Calculate(recoverJWK, sha2_256) + recoverComitment, err := commitment.GetCommitment(recoverJWK, sha2_256) if err != nil { return nil, err } diff --git a/pkg/commitment/hash.go b/pkg/commitment/hash.go index 355efd35..9c7c011b 100644 --- a/pkg/commitment/hash.go +++ b/pkg/commitment/hash.go @@ -7,6 +7,8 @@ SPDX-License-Identifier: Apache-2.0 package commitment import ( + "fmt" + "github.com/trustbloc/edge-core/pkg/log" "github.com/trustbloc/sidetree-core-go/pkg/canonicalizer" @@ -17,8 +19,8 @@ import ( var logger = log.New("sidetree-core-commitment") -// Calculate will calculate commitment hash from JWK. -func Calculate(jwk *jws.JWK, multihashCode uint) (string, error) { +// GetCommitment will calculate commitment from JWK. +func GetCommitment(jwk *jws.JWK, multihashCode uint) (string, error) { data, err := canonicalizer.MarshalCanonical(jwk) if err != nil { return "", err @@ -43,3 +45,28 @@ func Calculate(jwk *jws.JWK, multihashCode uint) (string, error) { return encoder.EncodeToString(multiHash), nil } + +// GetRevealValue will calculate reveal value from JWK. +func GetRevealValue(jwk *jws.JWK, multihashCode uint) (string, error) { + rv, err := hashing.CalculateModelMultihash(jwk, multihashCode) + if err != nil { + return "", fmt.Errorf("failed to get reveal value: %s", err.Error()) + } + + return rv, nil +} + +// GetCommitmentFromRevealValue will calculate commitment from reveal value. +func GetCommitmentFromRevealValue(rv string) (string, error) { + mh, err := hashing.GetMultihash(rv) + if err != nil { + return "", fmt.Errorf("failed to get commitment from reveal value (get multihash): %s", err.Error()) + } + + multiHash, err := hashing.ComputeMultihash(uint(mh.Code), mh.Digest) + if err != nil { + return "", fmt.Errorf("failed to get commitment from reveal value (compute multihash): %s", err.Error()) + } + + return encoder.EncodeToString(multiHash), nil +} diff --git a/pkg/commitment/hash_test.go b/pkg/commitment/hash_test.go index 784fb497..fd2e8f07 100644 --- a/pkg/commitment/hash_test.go +++ b/pkg/commitment/hash_test.go @@ -19,7 +19,7 @@ const ( sha2_256 uint = 18 // multihash code ) -func TestCalculate(t *testing.T) { +func TestGetCommitment(t *testing.T) { jwk := &jws.JWK{ Crv: "crv", Kty: "kty", @@ -28,20 +28,20 @@ func TestCalculate(t *testing.T) { } t.Run("success", func(t *testing.T) { - commitment, err := Calculate(jwk, sha2_256) + commitment, err := GetCommitment(jwk, sha2_256) require.NoError(t, err) require.NotEmpty(t, commitment) }) t.Run(" error - multihash not supported", func(t *testing.T) { - commitment, err := Calculate(jwk, 55) + commitment, err := GetCommitment(jwk, 55) require.Error(t, err) require.Empty(t, commitment) require.Contains(t, err.Error(), "algorithm not supported, unable to compute hash") }) t.Run("error - canonicalization failed", func(t *testing.T) { - commitment, err := Calculate(nil, sha2_256) + commitment, err := GetCommitment(nil, sha2_256) require.Error(t, err) require.Empty(t, commitment) require.Contains(t, err.Error(), "Expected '{' but got 'n'") @@ -62,3 +62,53 @@ func TestCalculate(t *testing.T) { require.Equal(t, string(canonicalized), expected) }) } + +func TestGetRevealValue(t *testing.T) { + jwk := &jws.JWK{ + Crv: "crv", + Kty: "kty", + X: "x", + Y: "y", + } + + t.Run("success", func(t *testing.T) { + rv, err := GetRevealValue(jwk, sha2_256) + require.NoError(t, err) + require.NotEmpty(t, rv) + }) + + t.Run("error - wrong multihash code", func(t *testing.T) { + rv, err := GetRevealValue(jwk, 55) + require.Error(t, err) + require.Empty(t, rv) + require.Contains(t, err.Error(), "failed to get reveal value: algorithm not supported, unable to compute hash") + }) +} + +func TestGetCommitmentFromRevealValue(t *testing.T) { + jwk := &jws.JWK{ + Crv: "crv", + Kty: "kty", + X: "x", + Y: "y", + } + + t.Run("success", func(t *testing.T) { + rv, err := GetRevealValue(jwk, sha2_256) + require.NoError(t, err) + + cFromRv, err := GetCommitmentFromRevealValue(rv) + require.NoError(t, err) + + c, err := GetCommitment(jwk, sha2_256) + require.NoError(t, err) + require.Equal(t, c, cFromRv) + }) + + t.Run("error - reveal value is not a multihash", func(t *testing.T) { + cFromRv, err := GetCommitmentFromRevealValue("reveal") + require.Error(t, err) + require.Empty(t, cFromRv) + require.Contains(t, err.Error(), "failed to get commitment from reveal value") + }) +} diff --git a/pkg/dochandler/handler_test.go b/pkg/dochandler/handler_test.go index e3469602..25d4df56 100644 --- a/pkg/dochandler/handler_test.go +++ b/pkg/dochandler/handler_test.go @@ -499,7 +499,7 @@ func getSuffixData(delta *model.DeltaModel) (*model.SuffixDataModel, error) { X: "x", } - c, err := commitment.Calculate(jwk, sha2_256) + c, err := commitment.GetCommitment(jwk, sha2_256) if err != nil { return nil, err } diff --git a/pkg/hashing/hash.go b/pkg/hashing/hash.go index 09f7856e..35b8bab7 100644 --- a/pkg/hashing/hash.go +++ b/pkg/hashing/hash.go @@ -68,17 +68,22 @@ func IsComputedUsingMultihashAlgorithm(encodedMultihash string, code uint64) boo // GetMultihashCode returns multihash code from encoded multihash. func GetMultihashCode(encodedMultihash string) (uint64, error) { - multihashBytes, err := encoder.DecodeString(encodedMultihash) + mh, err := GetMultihash(encodedMultihash) if err != nil { - return 0, err + return 0, fmt.Errorf("failed to get decoded multihash: %s", err.Error()) } - mh, err := multihash.Decode(multihashBytes) + return mh.Code, nil +} + +// GetMultihash returns decoded multihash from encoded multihash. +func GetMultihash(encodedMultihash string) (*multihash.DecodedMultihash, error) { + multihashBytes, err := encoder.DecodeString(encodedMultihash) if err != nil { - return 0, err + return nil, err } - return mh.Code, nil + return multihash.Decode(multihashBytes) } // IsValidModelMultihash compares model with provided model multihash. diff --git a/pkg/mocks/operationparser.gen.go b/pkg/mocks/operationparser.gen.go index 6eea0981..dcd03023 100644 --- a/pkg/mocks/operationparser.gen.go +++ b/pkg/mocks/operationparser.gen.go @@ -6,7 +6,6 @@ import ( "github.com/trustbloc/sidetree-core-go/pkg/api/operation" "github.com/trustbloc/sidetree-core-go/pkg/api/protocol" - "github.com/trustbloc/sidetree-core-go/pkg/jws" ) type OperationParser struct { @@ -23,17 +22,17 @@ type OperationParser struct { result1 string result2 error } - GetRevealValueStub func([]byte) (*jws.JWK, error) + GetRevealValueStub func([]byte) (string, error) getRevealValueMutex sync.RWMutex getRevealValueArgsForCall []struct { arg1 []byte } getRevealValueReturns struct { - result1 *jws.JWK + result1 string result2 error } getRevealValueReturnsOnCall map[int]struct { - result1 *jws.JWK + result1 string result2 error } ParseStub func(string, []byte) (*operation.Operation, error) @@ -138,7 +137,7 @@ func (fake *OperationParser) GetCommitmentReturnsOnCall(i int, result1 string, r }{result1, result2} } -func (fake *OperationParser) GetRevealValue(arg1 []byte) (*jws.JWK, error) { +func (fake *OperationParser) GetRevealValue(arg1 []byte) (string, error) { var arg1Copy []byte if arg1 != nil { arg1Copy = make([]byte, len(arg1)) @@ -167,7 +166,7 @@ func (fake *OperationParser) GetRevealValueCallCount() int { return len(fake.getRevealValueArgsForCall) } -func (fake *OperationParser) GetRevealValueCalls(stub func([]byte) (*jws.JWK, error)) { +func (fake *OperationParser) GetRevealValueCalls(stub func([]byte) (string, error)) { fake.getRevealValueMutex.Lock() defer fake.getRevealValueMutex.Unlock() fake.GetRevealValueStub = stub @@ -180,28 +179,28 @@ func (fake *OperationParser) GetRevealValueArgsForCall(i int) []byte { return argsForCall.arg1 } -func (fake *OperationParser) GetRevealValueReturns(result1 *jws.JWK, result2 error) { +func (fake *OperationParser) GetRevealValueReturns(result1 string, result2 error) { fake.getRevealValueMutex.Lock() defer fake.getRevealValueMutex.Unlock() fake.GetRevealValueStub = nil fake.getRevealValueReturns = struct { - result1 *jws.JWK + result1 string result2 error }{result1, result2} } -func (fake *OperationParser) GetRevealValueReturnsOnCall(i int, result1 *jws.JWK, result2 error) { +func (fake *OperationParser) GetRevealValueReturnsOnCall(i int, result1 string, result2 error) { fake.getRevealValueMutex.Lock() defer fake.getRevealValueMutex.Unlock() fake.GetRevealValueStub = nil if fake.getRevealValueReturnsOnCall == nil { fake.getRevealValueReturnsOnCall = make(map[int]struct { - result1 *jws.JWK + result1 string result2 error }) } fake.getRevealValueReturnsOnCall[i] = struct { - result1 *jws.JWK + result1 string result2 error }{result1, result2} } diff --git a/pkg/processor/processor.go b/pkg/processor/processor.go index d7622367..a59cfc12 100644 --- a/pkg/processor/processor.go +++ b/pkg/processor/processor.go @@ -16,7 +16,6 @@ import ( "github.com/trustbloc/sidetree-core-go/pkg/api/operation" "github.com/trustbloc/sidetree-core-go/pkg/api/protocol" "github.com/trustbloc/sidetree-core-go/pkg/commitment" - "github.com/trustbloc/sidetree-core-go/pkg/jws" ) var logger = log.New("sidetree-core-processor") @@ -87,36 +86,25 @@ func (s *OperationProcessor) Resolve(uniqueSuffix string) (*protocol.ResolutionM return rm, nil } -func (s *OperationProcessor) createOperationHashMap(ops []*operation.AnchoredOperation, multihashAlg uint) map[string][]*operation.AnchoredOperation { +func (s *OperationProcessor) createOperationHashMap(ops []*operation.AnchoredOperation) map[string][]*operation.AnchoredOperation { opMap := make(map[string][]*operation.AnchoredOperation) - previousVersions := make(map[uint]bool) - if multihashAlg != 0 { - previousVersions[multihashAlg] = true - } - for _, op := range ops { - r, p, err := s.getRevealValue(op) + rv, err := s.getRevealValue(op) if err != nil { logger.Infof("[%s] Skipped bad operation while creating operation hash map {UniqueSuffix: %s, Type: %s, TransactionTime: %d, TransactionNumber: %d}. Reason: %s", s.name, op.UniqueSuffix, op.Type, op.TransactionTime, op.TransactionNumber, err) continue } - if _, ok := previousVersions[p.MultihashAlgorithm]; !ok { - previousVersions[p.MultihashAlgorithm] = true - } - - for key := range previousVersions { - c, err := commitment.Calculate(r, key) - if err != nil { - logger.Infof("[%s] Skipped calculating commitment while creating operation hash map {UniqueSuffix: %s, Type: %s, TransactionTime: %d, TransactionNumber: %d}. Reason: %s", s.name, op.UniqueSuffix, op.Type, op.TransactionTime, op.TransactionNumber, err) - - continue - } + c, err := commitment.GetCommitmentFromRevealValue(rv) + if err != nil { + logger.Infof("[%s] Skipped calculating commitment while creating operation hash map {UniqueSuffix: %s, Type: %s, TransactionTime: %d, TransactionNumber: %d}. Reason: %s", s.name, op.UniqueSuffix, op.Type, op.TransactionTime, op.TransactionNumber, err) - opMap[c] = append(opMap[c], op) + continue } + + opMap[c] = append(opMap[c], op) } return opMap @@ -164,14 +152,7 @@ func (s *OperationProcessor) applyOperations(ops []*operation.AnchoredOperation, state := rm - p, err := s.pc.Get(rm.LastOperationProtocolGenesisTime) - if err != nil { - logger.Infof("[%s] Unable to apply operations due to protocol error '%s' {UniqueSuffix: %s}", s.name, uniqueSuffix) - - return state - } - - opMap := s.createOperationHashMap(ops, p.Protocol().MultihashAlgorithm) + opMap := s.createOperationHashMap(ops) // holds applied commitments commitmentMap := make(map[string]bool) @@ -309,22 +290,22 @@ func sortOperations(ops []*operation.AnchoredOperation) { }) } -func (s *OperationProcessor) getRevealValue(op *operation.AnchoredOperation) (*jws.JWK, protocol.Protocol, error) { +func (s *OperationProcessor) getRevealValue(op *operation.AnchoredOperation) (string, error) { if op.Type == operation.TypeCreate { - return nil, protocol.Protocol{}, errors.New("create operation doesn't have reveal value") + return "", errors.New("create operation doesn't have reveal value") } p, err := s.pc.Get(op.ProtocolGenesisTime) if err != nil { - return nil, protocol.Protocol{}, fmt.Errorf("get operation reveal value - retrieve protocol: %s", err.Error()) + return "", fmt.Errorf("get operation reveal value - retrieve protocol: %s", err.Error()) } - commitmentKey, err := p.OperationParser().GetRevealValue(op.OperationBuffer) + rv, err := p.OperationParser().GetRevealValue(op.OperationBuffer) if err != nil { - return nil, protocol.Protocol{}, fmt.Errorf("get operation reveal value from operation parser: %s", err.Error()) + return "", fmt.Errorf("get operation reveal value from operation parser: %s", err.Error()) } - return commitmentKey, p.Protocol(), nil + return rv, nil } func (s *OperationProcessor) getCommitment(op *operation.AnchoredOperation) (string, error) { diff --git a/pkg/processor/processor_test.go b/pkg/processor/processor_test.go index da8d6ea0..615642fd 100644 --- a/pkg/processor/processor_test.go +++ b/pkg/processor/processor_test.go @@ -163,11 +163,21 @@ func TestUpdateDocument(t *testing.T) { t.Run("success - protocol version changed between create/update", func(t *testing.T) { store, uniqueSuffix := getDefaultStore(recoveryKey, updateKey) + pubJWK, err := pubkey.GetPublicKeyJWK(&updateKey.PublicKey) + require.NoError(t, err) + + rv, err := commitment.GetRevealValue(pubJWK, getProtocol(1).MultihashAlgorithm) + require.NoError(t, err) + // protocol value for hashing algorithm changed at block 100 - updateOp, _, err := getAnchoredUpdateOperation(updateKey, uniqueSuffix, 200) - require.Nil(t, err) + updateOp, _, err := getUpdateOperation(updateKey, uniqueSuffix, 200) + require.NoError(t, err) - err = store.Put(updateOp) + updateOp.RevealValue = rv + + anchoredOp := getAnchoredOperation(updateOp, 200) + + err = store.Put(anchoredOp) require.Nil(t, err) p := New("test", store, pc) @@ -196,9 +206,20 @@ func TestUpdateDocument(t *testing.T) { didDoc := document.DidDocumentFromJSONLDObject(result.Doc) require.Equal(t, "special50", didDoc["test"]) + pubJWK, err := pubkey.GetPublicKeyJWK(&nextUpdateKey.PublicKey) + require.NoError(t, err) + + // previous operation commit value was calculated with protocol value at block 50 + rv, err := commitment.GetRevealValue(pubJWK, getProtocol(50).MultihashAlgorithm) + require.NoError(t, err) + // protocol value for hashing algorithm changed at block 100 - updateOp, nextUpdateKey, err = getAnchoredUpdateOperation(nextUpdateKey, uniqueSuffix, 500) - require.Nil(t, err) + op, nextUpdateKey, err := getUpdateOperation(nextUpdateKey, uniqueSuffix, 500) + require.NoError(t, err) + + op.RevealValue = rv + + updateOp = getAnchoredOperation(op, 500) err = store.Put(updateOp) require.Nil(t, err) @@ -453,9 +474,20 @@ func TestRecover(t *testing.T) { t.Run("success - protocol version changed between create and recover", func(t *testing.T) { store, uniqueSuffix := getDefaultStore(recoveryKey, updateKey) + // hashing algorithm changed at block 100 - calculate reveal based on the hashing protocol of previous operation (block 1) + pubJWK, err := pubkey.GetPublicKeyJWK(&recoveryKey.PublicKey) + require.NoError(t, err) + + rv, err := commitment.GetRevealValue(pubJWK, getProtocol(1).MultihashAlgorithm) + require.NoError(t, err) + // hashing algorithm changed at block 100 - recoverOp, nextRecoveryKey, err := getAnchoredRecoverOperation(recoveryKey, updateKey, uniqueSuffix, 200) + op, nextRecoveryKey, err := getRecoverOperationWithBlockNum(recoveryKey, updateKey, uniqueSuffix, 200) require.NoError(t, err) + + op.RevealValue = rv + + recoverOp := getAnchoredOperation(op, 200) err = store.Put(recoverOp) require.Nil(t, err) @@ -502,8 +534,20 @@ func TestRecover(t *testing.T) { require.Contains(t, string(docBytes), "recovered50") // apply recover again - there was a protocol change at 100 (new hashing algorithm) - recoverOp, _, err = getAnchoredRecoverOperation(nextRecoveryKey, updateKey, uniqueSuffix, 200) + // hashing algorithm changed at block 100 - calculate reveal based on the hashing protocol of previous operation (block 1) + pubJWK, err := pubkey.GetPublicKeyJWK(&nextRecoveryKey.PublicKey) require.NoError(t, err) + + rv, err := commitment.GetRevealValue(pubJWK, getProtocol(50).MultihashAlgorithm) + require.NoError(t, err) + + // hashing algorithm changed at block 100 + op, nextRecoveryKey, err := getRecoverOperationWithBlockNum(nextRecoveryKey, updateKey, uniqueSuffix, 200) + require.NoError(t, err) + + op.RevealValue = rv + + recoverOp = getAnchoredOperation(op, 200) err = store.Put(recoverOp) require.Nil(t, err) @@ -534,49 +578,48 @@ func TestGetOperationCommitment(t *testing.T) { recoverOp, _, err := getAnchoredRecoverOperation(recoveryKey, updateKey, uniqueSuffix, 1) require.NoError(t, err) - reveal, p, err := p.getRevealValue(recoverOp) + rv, err := p.getRevealValue(recoverOp) require.NoError(t, err) - require.NotNil(t, reveal) - require.NotEmpty(t, p) + require.NotEmpty(t, rv) - value, err := commitment.Calculate(reveal, p.MultihashAlgorithm) + expected, err := commitment.GetCommitmentFromRevealValue(rv) require.NoError(t, err) c, err := getCommitment(recoveryKey, getProtocol(1)) require.NoError(t, err) - require.Equal(t, c, value) + require.Equal(t, c, expected) }) t.Run("success - update", func(t *testing.T) { updateOp, _, err := getAnchoredUpdateOperation(updateKey, uniqueSuffix, 1) require.NoError(t, err) - reveal, p, err := p.getRevealValue(updateOp) + rv, err := p.getRevealValue(updateOp) require.NoError(t, err) - require.NotNil(t, reveal) + require.NotEmpty(t, rv) - value, err := commitment.Calculate(reveal, p.MultihashAlgorithm) + expected, err := commitment.GetCommitmentFromRevealValue(rv) require.NoError(t, err) c, err := getCommitment(updateKey, getProtocol(1)) require.NoError(t, err) - require.Equal(t, c, value) + require.Equal(t, c, expected) }) t.Run("success - deactivate", func(t *testing.T) { deactivateOp, err := getAnchoredDeactivateOperation(recoveryKey, uniqueSuffix) require.NoError(t, err) - reveal, p, err := p.getRevealValue(deactivateOp) + rv, err := p.getRevealValue(deactivateOp) require.NoError(t, err) - require.NotNil(t, reveal) + require.NotEmpty(t, rv) - value, err := commitment.Calculate(reveal, p.MultihashAlgorithm) + expected, err := commitment.GetCommitmentFromRevealValue(rv) require.NoError(t, err) c, err := getCommitment(recoveryKey, getProtocol(1)) require.NoError(t, err) - require.Equal(t, c, value) + require.Equal(t, c, expected) }) t.Run("error - protocol error", func(t *testing.T) { @@ -587,7 +630,7 @@ func TestGetOperationCommitment(t *testing.T) { updateOp, _, err := getAnchoredUpdateOperation(updateKey, uniqueSuffix, 1) require.NoError(t, err) - value, _, err := New("test", store, pcWithoutProtocols).getRevealValue(updateOp) + value, err := New("test", store, pcWithoutProtocols).getRevealValue(updateOp) require.Error(t, err) require.Empty(t, value) require.Contains(t, err.Error(), "protocol parameters are not defined for blockchain time") @@ -597,10 +640,9 @@ func TestGetOperationCommitment(t *testing.T) { createOp, err := getAnchoredCreateOperation(recoveryKey, updateKey) require.NoError(t, err) - value, p, err := p.getRevealValue(createOp) + value, err := p.getRevealValue(createOp) require.Error(t, err) require.Empty(t, value) - require.Equal(t, p, protocol.Protocol{}) require.Contains(t, err.Error(), "create operation doesn't have reveal value") }) @@ -612,10 +654,9 @@ func TestGetOperationCommitment(t *testing.T) { anchoredOp := getAnchoredOperation(recoverOp, 1) - value, p, err := p.getRevealValue(anchoredOp) + value, err := p.getRevealValue(anchoredOp) require.Error(t, err) require.Empty(t, value) - require.Equal(t, p, protocol.Protocol{}) require.Contains(t, err.Error(), "missing signed data") }) @@ -632,10 +673,9 @@ func TestGetOperationCommitment(t *testing.T) { anchoredOp := getAnchoredOperation(recoverOp, 1) - value, pv, err := p.getRevealValue(anchoredOp) + value, err := p.getRevealValue(anchoredOp) require.Error(t, err) require.Empty(t, value) - require.Equal(t, pv, protocol.Protocol{}) require.Contains(t, err.Error(), "failed to unmarshal signed data model for recover") // test deactivate signed model @@ -646,10 +686,9 @@ func TestGetOperationCommitment(t *testing.T) { anchoredOp = getAnchoredOperation(deactivateOp, 1) - value, pv, err = p.getRevealValue(anchoredOp) + value, err = p.getRevealValue(anchoredOp) require.Error(t, err) require.Empty(t, value) - require.Equal(t, pv, protocol.Protocol{}) require.Contains(t, err.Error(), "failed to unmarshal signed data model for deactivate") // test deactivate signed model @@ -664,10 +703,9 @@ func TestGetOperationCommitment(t *testing.T) { anchoredOp = getAnchoredOperation(updateOp, 1) - value, pv, err = p.getRevealValue(anchoredOp) + value, err = p.getRevealValue(anchoredOp) require.Error(t, err) require.Empty(t, value) - require.Equal(t, pv, protocol.Protocol{}) require.Contains(t, err.Error(), "failed to unmarshal signed data model for update") }) } @@ -888,6 +926,11 @@ func getUpdateOperationWithSigner(s client.Signer, privateKey *ecdsa.PrivateKey, return nil, nil, err } + rv, err := commitment.GetRevealValue(updatePubKey, getProtocol(blockNumber).MultihashAlgorithm) + if err != nil { + return nil, nil, err + } + op := &model.Operation{ Namespace: mocks.DefaultNS, ID: "did:sidetree:" + uniqueSuffix, @@ -895,6 +938,7 @@ func getUpdateOperationWithSigner(s client.Signer, privateKey *ecdsa.PrivateKey, Delta: delta, Type: operation.TypeUpdate, SignedData: jws, + RevealValue: rv, } return op, nextUpdateKey, nil @@ -911,7 +955,7 @@ func generateKeyAndCommitment(p protocol.Protocol) (*ecdsa.PrivateKey, string, e return nil, "", err } - c, err := commitment.Calculate(pubKey, p.MultihashAlgorithm) + c, err := commitment.GetCommitment(pubKey, p.MultihashAlgorithm) if err != nil { return nil, "", err } @@ -950,12 +994,18 @@ func getDeactivateOperationWithSigner(singer client.Signer, privateKey *ecdsa.Pr return nil, err } + rv, err := commitment.GetRevealValue(signedDataModel.RecoveryKey, sha2_256) + if err != nil { + return nil, err + } + return &model.Operation{ Namespace: mocks.DefaultNS, ID: "did:sidetree:" + uniqueSuffix, UniqueSuffix: uniqueSuffix, Type: operation.TypeDeactivate, SignedData: jws, + RevealValue: rv, }, nil } @@ -991,6 +1041,7 @@ func getRecoverOperationWithSigner(signer client.Signer, recoveryKey, updateKey OperationBuffer: []byte(recoverRequest.Operation), Delta: recoverRequest.Delta, SignedData: recoverRequest.SignedData, + RevealValue: recoverRequest.RevealValue, }, nextRecoveryKey, nil } @@ -1007,11 +1058,17 @@ func getRecoverRequest(signer client.Signer, deltaModel *model.DeltaModel, signe return nil, err } + rv, err := commitment.GetRevealValue(signedDataModel.RecoveryKey, getProtocol(blockNum).MultihashAlgorithm) + if err != nil { + return nil, err + } + return &model.RecoverRequest{ - Operation: operation.TypeRecover, - DidSuffix: "suffix", - Delta: deltaModel, - SignedData: jws, + Operation: operation.TypeRecover, + DidSuffix: "suffix", + Delta: deltaModel, + SignedData: jws, + RevealValue: rv, }, nil } @@ -1196,7 +1253,7 @@ func getCommitment(key *ecdsa.PrivateKey, p protocol.Protocol) (string, error) { return "", err } - return commitment.Calculate(pubKey, p.MultihashAlgorithm) + return commitment.GetCommitment(pubKey, p.MultihashAlgorithm) } func getSuffixData(privateKey *ecdsa.PrivateKey, delta *model.DeltaModel, p protocol.Protocol) (*model.SuffixDataModel, error) { diff --git a/pkg/restapi/diddochandler/updatehandler_test.go b/pkg/restapi/diddochandler/updatehandler_test.go index 68b5e172..71864624 100644 --- a/pkg/restapi/diddochandler/updatehandler_test.go +++ b/pkg/restapi/diddochandler/updatehandler_test.go @@ -117,7 +117,7 @@ func getDelta() (*model.DeltaModel, error) { return nil, err } - updateCommitment, err := commitment.Calculate(testJWK, sha2_256) + updateCommitment, err := commitment.GetCommitment(testJWK, sha2_256) if err != nil { return nil, err } @@ -129,7 +129,7 @@ func getDelta() (*model.DeltaModel, error) { } func getSuffixData() (*model.SuffixDataModel, error) { - recoveryCommitment, err := commitment.Calculate(testJWK, sha2_256) + recoveryCommitment, err := commitment.GetCommitment(testJWK, sha2_256) if err != nil { return nil, err } diff --git a/pkg/restapi/dochandler/updatehandler_test.go b/pkg/restapi/dochandler/updatehandler_test.go index 040001a2..ff02ccfe 100644 --- a/pkg/restapi/dochandler/updatehandler_test.go +++ b/pkg/restapi/dochandler/updatehandler_test.go @@ -139,12 +139,12 @@ func TestUpdateHandler_Update(t *testing.T) { } func getCreateRequestInfo() (*client.CreateRequestInfo, error) { - recoveryCommitment, err := commitment.Calculate(recoverJWK, sha2_256) + recoveryCommitment, err := commitment.GetCommitment(recoverJWK, sha2_256) if err != nil { return nil, err } - updateCommitment, err := commitment.Calculate(updateJWK, sha2_256) + updateCommitment, err := commitment.GetCommitment(updateJWK, sha2_256) if err != nil { return nil, err } @@ -174,7 +174,12 @@ func getUpdateRequestInfo(uniqueSuffix string) *client.UpdateRequestInfo { panic(err) } - updateCommitment, err := commitment.Calculate(updateJWK, sha2_256) + rv, err := commitment.GetRevealValue(pubKey, sha2_256) + if err != nil { + panic(err) + } + + updateCommitment, err := commitment.GetCommitment(updateJWK, sha2_256) if err != nil { panic(err) } @@ -186,6 +191,7 @@ func getUpdateRequestInfo(uniqueSuffix string) *client.UpdateRequestInfo { UpdateCommitment: updateCommitment, MultihashCode: sha2_256, Signer: ecsigner.New(privateKey, "ES256", ""), + RevealValue: rv, } } @@ -196,10 +202,21 @@ func getDeactivateRequestInfo(uniqueSuffix string) *client.DeactivateRequestInfo panic(err) } + jwk, err := pubkey.GetPublicKeyJWK(&privateKey.PublicKey) + if err != nil { + panic(err) + } + + rv, err := commitment.GetRevealValue(jwk, sha2_256) + if err != nil { + panic(err) + } + return &client.DeactivateRequestInfo{ DidSuffix: uniqueSuffix, - RecoveryKey: recoverJWK, + RecoveryKey: jwk, Signer: ecsigner.New(privateKey, "ES256", ""), + RevealValue: rv, } } @@ -214,12 +231,17 @@ func getRecoverRequestInfo(uniqueSuffix string) *client.RecoverRequestInfo { panic(err) } - recoveryCommitment, err := commitment.Calculate(recoverJWK, sha2_256) + recoveryCommitment, err := commitment.GetCommitment(recoverJWK, sha2_256) + if err != nil { + panic(err) + } + + updateCommitment, err := commitment.GetCommitment(updateJWK, sha2_256) if err != nil { panic(err) } - updateCommitment, err := commitment.Calculate(updateJWK, sha2_256) + rv, err := commitment.GetRevealValue(recoveryKey, sha2_256) if err != nil { panic(err) } @@ -232,6 +254,7 @@ func getRecoverRequestInfo(uniqueSuffix string) *client.RecoverRequestInfo { UpdateCommitment: updateCommitment, MultihashCode: sha2_256, Signer: ecsigner.New(privateKey, "ES256", ""), + RevealValue: rv, } } diff --git a/pkg/versions/0_1/client/create_test.go b/pkg/versions/0_1/client/create_test.go index c5d8fbbe..10608fb8 100644 --- a/pkg/versions/0_1/client/create_test.go +++ b/pkg/versions/0_1/client/create_test.go @@ -41,10 +41,10 @@ func TestNewCreateRequest(t *testing.T) { updateJWK, err := pubkey.GetPublicKeyJWK(&updatePrivateKey.PublicKey) require.NoError(t, err) - recoveryCommitment, err := commitment.Calculate(recoverJWK, sha2_256) + recoveryCommitment, err := commitment.GetCommitment(recoverJWK, sha2_256) require.NoError(t, err) - updateCommitment, err := commitment.Calculate(updateJWK, sha2_256) + updateCommitment, err := commitment.GetCommitment(updateJWK, sha2_256) require.NoError(t, err) t.Run("missing opaque document or patches", func(t *testing.T) { diff --git a/pkg/versions/0_1/client/deactivate.go b/pkg/versions/0_1/client/deactivate.go index 6e6171c3..a113ba48 100644 --- a/pkg/versions/0_1/client/deactivate.go +++ b/pkg/versions/0_1/client/deactivate.go @@ -38,6 +38,9 @@ type DeactivateRequestInfo struct { // Signer that will be used for signing specific subset of request data // Signer for recover operation must be recovery key Signer Signer + + // RevealValue is reveal value + RevealValue string } // NewDeactivateRequest is utility function to create payload for 'deactivate' request. @@ -57,9 +60,10 @@ func NewDeactivateRequest(info *DeactivateRequestInfo) ([]byte, error) { } schema := &model.DeactivateRequest{ - Operation: operation.TypeDeactivate, - DidSuffix: info.DidSuffix, - SignedData: jws, + Operation: operation.TypeDeactivate, + DidSuffix: info.DidSuffix, + RevealValue: info.RevealValue, + SignedData: jws, } return canonicalizer.MarshalCanonical(schema) @@ -70,6 +74,10 @@ func validateDeactivateRequest(info *DeactivateRequestInfo) error { return errors.New("missing did unique suffix") } + if info.RevealValue == "" { + return errors.New("missing reveal value") + } + return validateSigner(info.Signer) } diff --git a/pkg/versions/0_1/client/deactivate_test.go b/pkg/versions/0_1/client/deactivate_test.go index 0dc621f7..98e2ca76 100644 --- a/pkg/versions/0_1/client/deactivate_test.go +++ b/pkg/versions/0_1/client/deactivate_test.go @@ -17,6 +17,7 @@ import ( "github.com/trustbloc/sidetree-core-go/pkg/jws" "github.com/trustbloc/sidetree-core-go/pkg/util/ecsigner" + "github.com/trustbloc/sidetree-core-go/pkg/util/pubkey" ) func TestNewDeactivateRequest(t *testing.T) { @@ -28,8 +29,20 @@ func TestNewDeactivateRequest(t *testing.T) { require.Empty(t, request) require.Contains(t, err.Error(), "missing did unique suffix") }) + t.Run("missing reveal value", func(t *testing.T) { + info := &DeactivateRequestInfo{DidSuffix: "suffix"} + + request, err := NewDeactivateRequest(info) + require.Error(t, err) + require.Empty(t, request) + require.Contains(t, err.Error(), "missing reveal value") + }) t.Run("signing error", func(t *testing.T) { - info := &DeactivateRequestInfo{DidSuffix: "whatever", Signer: NewMockSigner(errors.New(signerErr))} + info := &DeactivateRequestInfo{ + DidSuffix: "whatever", + Signer: NewMockSigner(errors.New(signerErr)), + RevealValue: "reveal", + } request, err := NewDeactivateRequest(info) require.Error(t, err) @@ -40,9 +53,17 @@ func TestNewDeactivateRequest(t *testing.T) { privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) require.NoError(t, err) + jwk, err := pubkey.GetPublicKeyJWK(&privateKey.PublicKey) + require.NoError(t, err) + signer := ecsigner.New(privateKey, "ES256", "") - info := &DeactivateRequestInfo{DidSuffix: "whatever", Signer: signer} + info := &DeactivateRequestInfo{ + DidSuffix: "whatever", + Signer: signer, + RecoveryKey: jwk, + RevealValue: "reveal", + } request, err := NewDeactivateRequest(info) require.NoError(t, err) diff --git a/pkg/versions/0_1/client/recover.go b/pkg/versions/0_1/client/recover.go index 7413c268..2181a0d8 100644 --- a/pkg/versions/0_1/client/recover.go +++ b/pkg/versions/0_1/client/recover.go @@ -48,6 +48,9 @@ type RecoverRequestInfo struct { // Signer will be used for signing specific subset of request data // Signer for recover operation must be recovery key Signer Signer + + // RevealValue is reveal value + RevealValue string } // NewRecoverRequest is utility function to create payload for 'recovery' request. @@ -89,10 +92,11 @@ func NewRecoverRequest(info *RecoverRequestInfo) ([]byte, error) { } schema := &model.RecoverRequest{ - Operation: operation.TypeRecover, - DidSuffix: info.DidSuffix, - Delta: delta, - SignedData: jws, + Operation: operation.TypeRecover, + DidSuffix: info.DidSuffix, + RevealValue: info.RevealValue, + Delta: delta, + SignedData: jws, } return canonicalizer.MarshalCanonical(schema) @@ -103,6 +107,10 @@ func validateRecoverRequest(info *RecoverRequestInfo) error { return errors.New("missing did unique suffix") } + if info.RevealValue == "" { + return errors.New("missing reveal value") + } + if info.OpaqueDocument == "" && len(info.Patches) == 0 { return errors.New("either opaque document or patches have to be supplied") } @@ -127,7 +135,7 @@ func validateRecoveryKey(key *jws.JWK) error { } func validateCommitment(jwk *jws.JWK, multihashCode uint, nextCommitment string) error { - currentCommitment, err := commitment.Calculate(jwk, multihashCode) + currentCommitment, err := commitment.GetCommitment(jwk, multihashCode) if err != nil { return fmt.Errorf("calculate current commitment: %s", err.Error()) } diff --git a/pkg/versions/0_1/client/recover_test.go b/pkg/versions/0_1/client/recover_test.go index ccb5c7a3..ba5c7505 100644 --- a/pkg/versions/0_1/client/recover_test.go +++ b/pkg/versions/0_1/client/recover_test.go @@ -32,6 +32,15 @@ func TestNewRecoverRequest(t *testing.T) { require.Empty(t, request) require.Contains(t, err.Error(), "missing did unique suffix") }) + t.Run("missing reveal value", func(t *testing.T) { + info := getRecoverRequestInfo() + info.RevealValue = "" + + request, err := NewRecoverRequest(info) + require.Error(t, err) + require.Empty(t, request) + require.Contains(t, err.Error(), "missing reveal value") + }) t.Run("missing opaque document", func(t *testing.T) { info := getRecoverRequestInfo() info.OpaqueDocument = "" @@ -99,7 +108,7 @@ func TestNewRecoverRequest(t *testing.T) { t.Run("error - re-using public keys for commitment is not allowed", func(t *testing.T) { info := getRecoverRequestInfo() - currentCommitment, err := commitment.Calculate(info.RecoveryKey, info.MultihashCode) + currentCommitment, err := commitment.GetCommitment(info.RecoveryKey, info.MultihashCode) require.NoError(t, err) info.RecoveryCommitment = currentCommitment @@ -164,5 +173,6 @@ func getRecoverRequestInfo() *RecoverRequestInfo { RecoveryKey: jwk, MultihashCode: sha2_256, Signer: ecsigner.New(privKey, "ES256", ""), + RevealValue: "reveal", } } diff --git a/pkg/versions/0_1/client/update.go b/pkg/versions/0_1/client/update.go index eb09956d..fe952303 100644 --- a/pkg/versions/0_1/client/update.go +++ b/pkg/versions/0_1/client/update.go @@ -38,6 +38,9 @@ type UpdateRequestInfo struct { // Signer that will be used for signing request specific subset of data Signer Signer + + // RevealValue is reveal value + RevealValue string } // NewUpdateRequest is utility function to create payload for 'update' request. @@ -72,10 +75,11 @@ func NewUpdateRequest(info *UpdateRequestInfo) ([]byte, error) { } schema := &model.UpdateRequest{ - Operation: operation.TypeUpdate, - DidSuffix: info.DidSuffix, - Delta: delta, - SignedData: jws, + Operation: operation.TypeUpdate, + DidSuffix: info.DidSuffix, + RevealValue: info.RevealValue, + Delta: delta, + SignedData: jws, } return canonicalizer.MarshalCanonical(schema) @@ -86,6 +90,10 @@ func validateUpdateRequest(info *UpdateRequestInfo) error { return errors.New("missing did unique suffix") } + if info.RevealValue == "" { + return errors.New("missing reveal value") + } + if len(info.Patches) == 0 { return errors.New("missing update information") } diff --git a/pkg/versions/0_1/client/update_test.go b/pkg/versions/0_1/client/update_test.go index 60d47316..07b69a3d 100644 --- a/pkg/versions/0_1/client/update_test.go +++ b/pkg/versions/0_1/client/update_test.go @@ -43,9 +43,17 @@ func TestNewUpdateRequest(t *testing.T) { require.Empty(t, request) require.Contains(t, err.Error(), "missing did unique suffix") }) - t.Run("missing json patch", func(t *testing.T) { + t.Run("missing reveal value", func(t *testing.T) { info := &UpdateRequestInfo{DidSuffix: didSuffix} + request, err := NewUpdateRequest(info) + require.Error(t, err) + require.Empty(t, request) + require.Contains(t, err.Error(), "missing reveal value") + }) + t.Run("missing json patch", func(t *testing.T) { + info := &UpdateRequestInfo{DidSuffix: didSuffix, RevealValue: "reveal"} + request, err := NewUpdateRequest(info) require.Error(t, err) require.Empty(t, request) @@ -53,10 +61,11 @@ func TestNewUpdateRequest(t *testing.T) { }) t.Run("multihash not supported", func(t *testing.T) { info := &UpdateRequestInfo{ - DidSuffix: didSuffix, - Patches: patches, - UpdateKey: updateJWK, - Signer: signer, + DidSuffix: didSuffix, + Patches: patches, + UpdateKey: updateJWK, + Signer: signer, + RevealValue: "reveal", } request, err := NewUpdateRequest(info) @@ -73,6 +82,7 @@ func TestNewUpdateRequest(t *testing.T) { Patches: patches, MultihashCode: sha2_256, Signer: signer, + RevealValue: "reveal", } request, err := NewUpdateRequest(info) @@ -90,6 +100,7 @@ func TestNewUpdateRequest(t *testing.T) { MultihashCode: sha2_256, UpdateKey: updateJWK, Signer: signer, + RevealValue: "reveal", } request, err := NewUpdateRequest(info) @@ -104,6 +115,7 @@ func TestNewUpdateRequest(t *testing.T) { MultihashCode: sha2_256, UpdateKey: updateJWK, Signer: NewMockSigner(errors.New(signerErr)), + RevealValue: "reveal", } request, err := NewUpdateRequest(info) @@ -117,7 +129,7 @@ func TestNewUpdateRequest(t *testing.T) { signer := ecsigner.New(privateKey, "ES256", "key-1") - currentCommitment, err := commitment.Calculate(updateJWK, sha2_256) + currentCommitment, err := commitment.GetCommitment(updateJWK, sha2_256) require.NoError(t, err) info := &UpdateRequestInfo{ @@ -127,6 +139,7 @@ func TestNewUpdateRequest(t *testing.T) { UpdateKey: updateJWK, UpdateCommitment: currentCommitment, Signer: signer, + RevealValue: "reveal", } request, err := NewUpdateRequest(info) @@ -146,6 +159,7 @@ func TestNewUpdateRequest(t *testing.T) { MultihashCode: sha2_256, UpdateKey: updateJWK, Signer: signer, + RevealValue: "reveal", } request, err := NewUpdateRequest(info) diff --git a/pkg/versions/0_1/model/request.go b/pkg/versions/0_1/model/request.go index ed5ffd62..8962343d 100644 --- a/pkg/versions/0_1/model/request.go +++ b/pkg/versions/0_1/model/request.go @@ -55,6 +55,9 @@ type UpdateRequest struct { // DidSuffix is the suffix of the DID DidSuffix string `json:"didSuffix"` + // RevealValue is the reveal value + RevealValue string `json:"revealValue"` + // SignedData is compact JWS - signature information SignedData string `json:"signedData"` @@ -72,6 +75,9 @@ type DeactivateRequest struct { // Required: true DidSuffix string `json:"didSuffix"` + // RevealValue is the reveal value + RevealValue string `json:"revealValue"` + // Compact JWS - signature information SignedData string `json:"signedData"` } @@ -105,6 +111,9 @@ type DeactivateSignedDataModel struct { // Required: true DidSuffix string `json:"didSuffix"` + // RevealValue is the reveal value + RevealValue string `json:"revealValue"` + // RecoveryKey is the current recovery key RecoveryKey *jws.JWK `json:"recoveryKey"` } @@ -119,6 +128,9 @@ type RecoverRequest struct { // Required: true DidSuffix string `json:"didSuffix"` + // RevealValue is the reveal value + RevealValue string `json:"revealValue"` + // Compact JWS - signature information SignedData string `json:"signedData"` diff --git a/pkg/versions/0_1/model/util.go b/pkg/versions/0_1/model/util.go index aa11ac95..b0c48261 100644 --- a/pkg/versions/0_1/model/util.go +++ b/pkg/versions/0_1/model/util.go @@ -26,25 +26,28 @@ func GetAnchoredOperation(op *Operation) (*operation.AnchoredOperation, error) { case operation.TypeUpdate: request = UpdateRequest{ - Operation: op.Type, - DidSuffix: op.UniqueSuffix, - Delta: op.Delta, - SignedData: op.SignedData, + Operation: op.Type, + DidSuffix: op.UniqueSuffix, + Delta: op.Delta, + SignedData: op.SignedData, + RevealValue: op.RevealValue, } case operation.TypeDeactivate: request = DeactivateRequest{ - Operation: op.Type, - DidSuffix: op.UniqueSuffix, - SignedData: op.SignedData, + Operation: op.Type, + DidSuffix: op.UniqueSuffix, + SignedData: op.SignedData, + RevealValue: op.RevealValue, } case operation.TypeRecover: request = RecoverRequest{ - Operation: op.Type, - DidSuffix: op.UniqueSuffix, - Delta: op.Delta, - SignedData: op.SignedData, + Operation: op.Type, + DidSuffix: op.UniqueSuffix, + Delta: op.Delta, + SignedData: op.SignedData, + RevealValue: op.RevealValue, } default: diff --git a/pkg/versions/0_1/operationapplier/operationapplier_test.go b/pkg/versions/0_1/operationapplier/operationapplier_test.go index 93194119..65a905da 100644 --- a/pkg/versions/0_1/operationapplier/operationapplier_test.go +++ b/pkg/versions/0_1/operationapplier/operationapplier_test.go @@ -777,6 +777,11 @@ func getUpdateOperationWithSigner(s client.Signer, privateKey *ecdsa.PrivateKey, return nil, nil, err } + rv, err := commitment.GetRevealValue(updatePubKey, sha2_256) + if err != nil { + return nil, nil, err + } + op := &model.Operation{ Namespace: mocks.DefaultNS, ID: "did:sidetree:" + uniqueSuffix, @@ -784,6 +789,7 @@ func getUpdateOperationWithSigner(s client.Signer, privateKey *ecdsa.PrivateKey, Delta: delta, Type: operation.TypeUpdate, SignedData: jws, + RevealValue: rv, } return op, nextUpdateKey, nil @@ -800,7 +806,7 @@ func generateKeyAndCommitment() (*ecdsa.PrivateKey, string, error) { return nil, "", err } - c, err := commitment.Calculate(pubKey, sha2_256) + c, err := commitment.GetCommitment(pubKey, sha2_256) if err != nil { return nil, "", err } @@ -829,6 +835,11 @@ func getDeactivateOperationWithSigner(singer client.Signer, privateKey *ecdsa.Pr return nil, err } + rv, err := commitment.GetRevealValue(recoverPubKey, sha2_256) + if err != nil { + return nil, err + } + signedDataModel := model.DeactivateSignedDataModel{ DidSuffix: uniqueSuffix, RecoveryKey: recoverPubKey, @@ -845,6 +856,7 @@ func getDeactivateOperationWithSigner(singer client.Signer, privateKey *ecdsa.Pr UniqueSuffix: uniqueSuffix, Type: operation.TypeDeactivate, SignedData: jws, + RevealValue: rv, }, nil } @@ -881,6 +893,7 @@ func getRecoverOperationWithSigner(signer client.Signer, recoveryKey, updateKey OperationBuffer: operationBuffer, Delta: recoverRequest.Delta, SignedData: recoverRequest.SignedData, + RevealValue: recoverRequest.RevealValue, }, nextRecoveryKey, nil } @@ -897,11 +910,17 @@ func getRecoverRequest(signer client.Signer, delta *model.DeltaModel, signedData return nil, err } + rv, err := commitment.GetRevealValue(signedDataModel.RecoveryKey, sha2_256) + if err != nil { + return nil, err + } + return &model.RecoverRequest{ - Operation: operation.TypeRecover, - DidSuffix: "suffix", - Delta: delta, - SignedData: jws, + Operation: operation.TypeRecover, + DidSuffix: "suffix", + Delta: delta, + SignedData: jws, + RevealValue: rv, }, nil } @@ -1074,7 +1093,7 @@ func getCommitment(key *ecdsa.PrivateKey) (string, error) { return "", err } - c, err := commitment.Calculate(pubKey, sha2_256) + c, err := commitment.GetCommitment(pubKey, sha2_256) if err != nil { return "", err } diff --git a/pkg/versions/0_1/operationparser/commitment.go b/pkg/versions/0_1/operationparser/commitment.go index ca32d798..f923ee77 100644 --- a/pkg/versions/0_1/operationparser/commitment.go +++ b/pkg/versions/0_1/operationparser/commitment.go @@ -4,44 +4,21 @@ import ( "fmt" "github.com/trustbloc/sidetree-core-go/pkg/api/operation" - "github.com/trustbloc/sidetree-core-go/pkg/jws" ) // GetRevealValue returns this operation reveal value. -func (p *Parser) GetRevealValue(opBytes []byte) (*jws.JWK, error) { +func (p *Parser) GetRevealValue(opBytes []byte) (string, error) { // namespace is irrelevant in this case op, err := p.ParseOperation("", opBytes, false) if err != nil { - return nil, fmt.Errorf("get reveal value - parse operation error: %s", err.Error()) + return "", fmt.Errorf("get reveal value - parse operation error: %s", err.Error()) } - switch op.Type { //nolint:exhaustive - case operation.TypeUpdate: - signedDataModel, innerErr := p.ParseSignedDataForUpdate(op.SignedData) - if innerErr != nil { - return nil, fmt.Errorf("failed to parse signed data model for update: %s", innerErr.Error()) - } - - return signedDataModel.UpdateKey, nil - - case operation.TypeDeactivate: - signedDataModel, innerErr := p.ParseSignedDataForDeactivate(op.SignedData) - if innerErr != nil { - return nil, fmt.Errorf("failed to parse signed data model for deactivate: %s", innerErr.Error()) - } - - return signedDataModel.RecoveryKey, nil - - case operation.TypeRecover: - signedDataModel, innerErr := p.ParseSignedDataForRecover(op.SignedData) - if innerErr != nil { - return nil, fmt.Errorf("failed to parse signed data model for recover: %s", innerErr.Error()) - } - - return signedDataModel.RecoveryKey, nil + if op.Type == operation.TypeCreate { + return "", fmt.Errorf("operation type '%s' not supported for getting operation reveal value", op.Type) } - return nil, fmt.Errorf("operation type '%s' not supported for getting operation reveal value", op.Type) + return op.RevealValue, nil } // GetCommitment returns next operation commitment. diff --git a/pkg/versions/0_1/operationparser/commitment_test.go b/pkg/versions/0_1/operationparser/commitment_test.go index 499d943d..56d97bd7 100644 --- a/pkg/versions/0_1/operationparser/commitment_test.go +++ b/pkg/versions/0_1/operationparser/commitment_test.go @@ -119,42 +119,51 @@ func TestParser_GetRevealValue(t *testing.T) { recover, err := generateRecoverRequest(recoveryKey, recoveryCommitment, parser.Protocol) require.NoError(t, err) - revealJWK, err := parser.GetRevealValue(recover) + rv, err := parser.GetRevealValue(recover) require.NoError(t, err) - require.NotNil(t, revealJWK) + require.NotEmpty(t, rv) pubJWK, err := pubkey.GetPublicKeyJWK(&recoveryKey.PublicKey) require.NoError(t, err) - require.Equal(t, revealJWK, pubJWK) + expected, err := commitment.GetRevealValue(pubJWK, parser.Protocol.MultihashAlgorithm) + require.NoError(t, err) + + require.Equal(t, rv, expected) }) t.Run("success - deactivate", func(t *testing.T) { deactivate, err := generateDeactivateRequest(recoveryKey) require.NoError(t, err) - revealJWK, err := parser.GetRevealValue(deactivate) + rv, err := parser.GetRevealValue(deactivate) require.NoError(t, err) - require.NotNil(t, revealJWK) + require.NotEmpty(t, rv) pubJWK, err := pubkey.GetPublicKeyJWK(&recoveryKey.PublicKey) require.NoError(t, err) - require.Equal(t, revealJWK, pubJWK) + expected, err := commitment.GetRevealValue(pubJWK, parser.Protocol.MultihashAlgorithm) + require.NoError(t, err) + + require.Equal(t, rv, expected) }) t.Run("success - update", func(t *testing.T) { update, err := generateUpdateRequest(updateKey, updateCommitment, parser.Protocol) require.NoError(t, err) - revealJWK, err := parser.GetRevealValue(update) + rv, err := parser.GetRevealValue(update) require.NoError(t, err) - require.NotNil(t, revealJWK) + require.NotEmpty(t, rv) pubJWK, err := pubkey.GetPublicKeyJWK(&updateKey.PublicKey) require.NoError(t, err) - require.Equal(t, revealJWK, pubJWK) + expected, err := commitment.GetRevealValue(pubJWK, parser.Protocol.MultihashAlgorithm) + require.NoError(t, err) + + require.Equal(t, rv, expected) }) t.Run("error - create", func(t *testing.T) { @@ -175,7 +184,7 @@ func TestParser_GetRevealValue(t *testing.T) { }) } -func generateRecoverRequest(recoveryKey *ecdsa.PrivateKey, commitment string, p protocol.Protocol) ([]byte, error) { +func generateRecoverRequest(recoveryKey *ecdsa.PrivateKey, recoveryCommitment string, p protocol.Protocol) ([]byte, error) { jwk, err := pubkey.GetPublicKeyJWK(&recoveryKey.PublicKey) if err != nil { return nil, err @@ -186,14 +195,20 @@ func generateRecoverRequest(recoveryKey *ecdsa.PrivateKey, commitment string, p return nil, err } + rv, err := commitment.GetRevealValue(jwk, sha2_256) + if err != nil { + return nil, err + } + info := &client.RecoverRequestInfo{ DidSuffix: "recover-suffix", OpaqueDocument: `{"test":"value"}`, - RecoveryCommitment: commitment, + RecoveryCommitment: recoveryCommitment, UpdateCommitment: updateCommitment, // not evaluated in operation getting commitment/reveal value RecoveryKey: jwk, MultihashCode: p.MultihashAlgorithm, Signer: ecsigner.New(recoveryKey, "ES256", ""), + RevealValue: rv, } return client.NewRecoverRequest(info) @@ -215,16 +230,23 @@ func generateDeactivateRequest(recoveryKey *ecdsa.PrivateKey) ([]byte, error) { if err != nil { return nil, err } + + rv, err := commitment.GetRevealValue(jwk, sha2_256) + if err != nil { + return nil, err + } + info := &client.DeactivateRequestInfo{ DidSuffix: "deactivate-suffix", Signer: ecsigner.New(recoveryKey, "ES256", ""), RecoveryKey: jwk, + RevealValue: rv, } return client.NewDeactivateRequest(info) } -func generateUpdateRequest(updateKey *ecdsa.PrivateKey, commitment string, p protocol.Protocol) ([]byte, error) { +func generateUpdateRequest(updateKey *ecdsa.PrivateKey, updateCommitment string, p protocol.Protocol) ([]byte, error) { jwk, err := pubkey.GetPublicKeyJWK(&updateKey.PublicKey) if err != nil { return nil, err @@ -235,13 +257,19 @@ func generateUpdateRequest(updateKey *ecdsa.PrivateKey, commitment string, p pro return nil, err } + rv, err := commitment.GetRevealValue(jwk, sha2_256) + if err != nil { + return nil, err + } + info := &client.UpdateRequestInfo{ DidSuffix: "update-suffix", Signer: ecsigner.New(updateKey, "ES256", ""), - UpdateCommitment: commitment, + UpdateCommitment: updateCommitment, UpdateKey: jwk, Patches: []patch.Patch{testPatch}, MultihashCode: p.MultihashAlgorithm, + RevealValue: rv, } return client.NewUpdateRequest(info) @@ -258,7 +286,7 @@ func generateKeyAndCommitment(p protocol.Protocol) (*ecdsa.PrivateKey, string, e return nil, "", err } - c, err := commitment.Calculate(pubKey, p.MultihashAlgorithm) + c, err := commitment.GetCommitment(pubKey, p.MultihashAlgorithm) if err != nil { return nil, "", err } diff --git a/pkg/versions/0_1/operationparser/create_test.go b/pkg/versions/0_1/operationparser/create_test.go index 4e719379..bde804a4 100644 --- a/pkg/versions/0_1/operationparser/create_test.go +++ b/pkg/versions/0_1/operationparser/create_test.go @@ -352,7 +352,7 @@ func getSuffixData() (*model.SuffixDataModel, error) { X: "x", } - recoveryCommitment, err := commitment.Calculate(jwk, sha2_256) + recoveryCommitment, err := commitment.GetCommitment(jwk, sha2_256) if err != nil { return nil, err } diff --git a/pkg/versions/0_1/operationparser/deactivate.go b/pkg/versions/0_1/operationparser/deactivate.go index d8784c24..4af4ee99 100644 --- a/pkg/versions/0_1/operationparser/deactivate.go +++ b/pkg/versions/0_1/operationparser/deactivate.go @@ -12,6 +12,7 @@ import ( "fmt" "github.com/trustbloc/sidetree-core-go/pkg/api/operation" + "github.com/trustbloc/sidetree-core-go/pkg/hashing" "github.com/trustbloc/sidetree-core-go/pkg/versions/0_1/model" ) @@ -31,9 +32,9 @@ func (p *Parser) ParseDeactivateOperation(request []byte, batch bool) (*model.Op return nil, errors.New("signed did suffix mismatch for deactivate") } - revealValue, err := p.getRevealValueMultihash(signedData.RecoveryKey) + err = hashing.IsValidModelMultihash(signedData.RecoveryKey, schema.RevealValue) if err != nil { - return nil, fmt.Errorf("failed to get reveal value multihash for deactivate: %s", err.Error()) + return nil, fmt.Errorf("canonicalized recovery public key hash doesn't match reveal value: %s", err.Error()) } return &model.Operation{ @@ -41,7 +42,7 @@ func (p *Parser) ParseDeactivateOperation(request []byte, batch bool) (*model.Op OperationBuffer: request, UniqueSuffix: schema.DidSuffix, SignedData: schema.SignedData, - RevealValue: revealValue, + RevealValue: schema.RevealValue, }, nil } diff --git a/pkg/versions/0_1/operationparser/deactivate_test.go b/pkg/versions/0_1/operationparser/deactivate_test.go index e97bc9f3..692ae425 100644 --- a/pkg/versions/0_1/operationparser/deactivate_test.go +++ b/pkg/versions/0_1/operationparser/deactivate_test.go @@ -14,6 +14,8 @@ import ( "github.com/trustbloc/sidetree-core-go/pkg/api/operation" "github.com/trustbloc/sidetree-core-go/pkg/api/protocol" + "github.com/trustbloc/sidetree-core-go/pkg/commitment" + "github.com/trustbloc/sidetree-core-go/pkg/hashing" "github.com/trustbloc/sidetree-core-go/pkg/internal/signutil" "github.com/trustbloc/sidetree-core-go/pkg/jws" "github.com/trustbloc/sidetree-core-go/pkg/versions/0_1/model" @@ -23,10 +25,11 @@ const sha2_256 = 18 func TestParseDeactivateOperation(t *testing.T) { p := protocol.Protocol{ - MaxProofSize: maxProofSize, - MultihashAlgorithm: sha2_256, - SignatureAlgorithms: []string{"alg"}, - KeyAlgorithms: []string{"crv"}, + MaxProofSize: maxProofSize, + MultihashAlgorithm: sha2_256, + MaxOperationHashLength: maxHashLength, + SignatureAlgorithms: []string{"alg"}, + KeyAlgorithms: []string{"crv"}, } parser := New(p) @@ -40,7 +43,7 @@ func TestParseDeactivateOperation(t *testing.T) { require.Equal(t, operation.TypeDeactivate, op.Type) signedData, err := parser.ParseSignedDataForDeactivate(op.SignedData) - expectedRevealValue, err := parser.getRevealValueMultihash(signedData.RecoveryKey) + expectedRevealValue, err := commitment.GetRevealValue(signedData.RecoveryKey, sha2_256) require.NoError(t, err) require.Equal(t, expectedRevealValue, op.RevealValue) @@ -112,10 +115,11 @@ func TestParseDeactivateOperation(t *testing.T) { }) t.Run("error - key algorithm not supported", func(t *testing.T) { p := protocol.Protocol{ - MaxProofSize: maxProofSize, - MultihashAlgorithm: sha2_256, - SignatureAlgorithms: []string{"alg"}, - KeyAlgorithms: []string{"other"}, + MaxProofSize: maxProofSize, + MultihashAlgorithm: sha2_256, + MaxOperationHashLength: maxHashLength, + SignatureAlgorithms: []string{"alg"}, + KeyAlgorithms: []string{"other"}, } parser := New(p) @@ -135,10 +139,16 @@ func getDeactivateRequest(signedData *model.DeactivateSignedDataModel) (*model.D return nil, err } + revealValue, err := hashing.CalculateModelMultihash(signedData.RecoveryKey, sha2_256) + if err != nil { + return nil, err + } + return &model.DeactivateRequest{ - Operation: operation.TypeDeactivate, - DidSuffix: "did", - SignedData: compactJWS, + Operation: operation.TypeDeactivate, + DidSuffix: "did", + SignedData: compactJWS, + RevealValue: revealValue, }, nil } diff --git a/pkg/versions/0_1/operationparser/operation_test.go b/pkg/versions/0_1/operationparser/operation_test.go index d4ce0f6e..d961b3db 100644 --- a/pkg/versions/0_1/operationparser/operation_test.go +++ b/pkg/versions/0_1/operationparser/operation_test.go @@ -83,16 +83,18 @@ func TestGetOperation(t *testing.T) { op, err := New(invalid).Parse(namespace, operation) require.Error(t, err) - require.Contains(t, err.Error(), "operation size[698] exceeds maximum operation size[20]") + require.Contains(t, err.Error(), "operation size[761] exceeds maximum operation size[20]") require.Nil(t, op) }) t.Run("operation parsing error", func(t *testing.T) { // set-up invalid hash algorithm in protocol configuration invalid := protocol.Protocol{ - SignatureAlgorithms: []string{"not-used"}, - MaxOperationSize: maxOperationSize, - MaxDeltaSize: maxDeltaSize, - MaxProofSize: maxProofSize, + SignatureAlgorithms: []string{"not-used"}, + MaxOperationSize: maxOperationSize, + MaxDeltaSize: maxDeltaSize, + MaxProofSize: maxProofSize, + MaxOperationHashLength: maxHashLength, + MultihashAlgorithm: 18, } operation, err := getRecoverRequestBytes() diff --git a/pkg/versions/0_1/operationparser/recover.go b/pkg/versions/0_1/operationparser/recover.go index e142189a..56c21292 100644 --- a/pkg/versions/0_1/operationparser/recover.go +++ b/pkg/versions/0_1/operationparser/recover.go @@ -43,9 +43,9 @@ func (p *Parser) ParseRecoverOperation(request []byte, batch bool) (*model.Opera } } - revealValue, err := p.getRevealValueMultihash(signedData.RecoveryKey) + err = hashing.IsValidModelMultihash(signedData.RecoveryKey, schema.RevealValue) if err != nil { - return nil, fmt.Errorf("failed to get reveal value multihash for recover: %s", err.Error()) + return nil, fmt.Errorf("canonicalized recovery public key hash doesn't match reveal value: %s", err.Error()) } return &model.Operation{ @@ -54,7 +54,7 @@ func (p *Parser) ParseRecoverOperation(request []byte, batch bool) (*model.Opera UniqueSuffix: schema.DidSuffix, Delta: schema.Delta, SignedData: schema.SignedData, - RevealValue: revealValue, + RevealValue: schema.RevealValue, }, nil } @@ -205,13 +205,8 @@ func contains(values []string, value string) bool { return false } -// getRevealValueMultihash calculates reveal value multihash. -func (p *Parser) getRevealValueMultihash(value interface{}) (string, error) { - return hashing.CalculateModelMultihash(value, p.MultihashAlgorithm) -} - func validateCommitment(jwk *jws.JWK, multihashCode uint, nextCommitment string) error { - currentCommitment, err := commitment.Calculate(jwk, multihashCode) + currentCommitment, err := commitment.GetCommitment(jwk, multihashCode) if err != nil { return fmt.Errorf("calculate current commitment: %s", err.Error()) } diff --git a/pkg/versions/0_1/operationparser/recover_test.go b/pkg/versions/0_1/operationparser/recover_test.go index 8012ef1b..8323bd9d 100644 --- a/pkg/versions/0_1/operationparser/recover_test.go +++ b/pkg/versions/0_1/operationparser/recover_test.go @@ -49,7 +49,7 @@ func TestParseRecoverOperation(t *testing.T) { require.Equal(t, operation.TypeRecover, op.Type) signedData, err := parser.ParseSignedDataForRecover(op.SignedData) - expectedRevealValue, err := parser.getRevealValueMultihash(signedData.RecoveryKey) + expectedRevealValue, err := commitment.GetRevealValue(signedData.RecoveryKey, sha2_256) require.NoError(t, err) require.Equal(t, expectedRevealValue, op.RevealValue) @@ -133,7 +133,7 @@ func TestParseRecoverOperation(t *testing.T) { }) t.Run("validate signed data error", func(t *testing.T) { signedData := getSignedDataForRecovery() - signedData.RecoveryKey = nil + signedData.RecoveryKey = &jws.JWK{} delta, err := getDelta() require.NoError(t, err) @@ -146,7 +146,7 @@ func TestParseRecoverOperation(t *testing.T) { op, err := parser.ParseRecoverOperation(request, false) require.Error(t, err) - require.Contains(t, err.Error(), "validate signed data for recovery: missing signing key") + require.Contains(t, err.Error(), "validate signed data for recovery: signing key validation failed: JWK crv is missing") require.Nil(t, op) }) @@ -172,7 +172,7 @@ func TestParseRecoverOperation(t *testing.T) { t.Run("error - current commitment cannot equal recovery commitment", func(t *testing.T) { signedData := getSignedDataForRecovery() - recoveryCommitment, err := commitment.Calculate(signedData.RecoveryKey, sha2_256) + recoveryCommitment, err := commitment.GetCommitment(signedData.RecoveryKey, sha2_256) require.NoError(t, err) signedData.RecoveryCommitment = recoveryCommitment @@ -361,7 +361,7 @@ func TestValidateSigningKey(t *testing.T) { } func TestValidateRecoverRequest(t *testing.T) { - parser := New(protocol.Protocol{}) + parser := New(protocol.Protocol{MaxOperationHashLength: maxHashLength, MultihashAlgorithm: 18}) t.Run("success", func(t *testing.T) { recover, err := getDefaultRecoverRequest() @@ -450,47 +450,6 @@ func TestValidateProtectedHeader(t *testing.T) { }) } -func TestGetRevealValueMultihash(t *testing.T) { - jwk := &jws.JWK{ - Kty: "kty", - Crv: "crv", - X: "x", - } - - t.Run("success", func(t *testing.T) { - parser := New(protocol.Protocol{ - MultihashAlgorithm: sha2_256, - }) - - rv, err := parser.getRevealValueMultihash(jwk) - require.Nil(t, err) - require.NotEmpty(t, rv) - }) - - t.Run("error - multihash algorithm not supported", func(t *testing.T) { - parser := New(protocol.Protocol{ - MultihashAlgorithm: 55, - }) - - rv, err := parser.getRevealValueMultihash(jwk) - require.Error(t, err) - require.Empty(t, rv) - require.Contains(t, err.Error(), "algorithm not supported, unable to compute hash") - }) - - t.Run("error - marshal canonical", func(t *testing.T) { - parser := New(protocol.Protocol{ - MultihashAlgorithm: sha2_256, - }) - - var c chan int - rv, err := parser.getRevealValueMultihash(c) - require.Error(t, err) - require.Empty(t, rv) - require.Contains(t, err.Error(), "json: unsupported type: chan int") - }) -} - func getHeaders(alg, kid string) jws.Headers { header := make(jws.Headers) header[algKey] = alg @@ -505,11 +464,17 @@ func getRecoverRequest(delta *model.DeltaModel, signedData *model.RecoverSignedD return nil, err } + rv, err := commitment.GetRevealValue(signedData.RecoveryKey, sha2_256) + if err != nil { + return nil, err + } + return &model.RecoverRequest{ - Operation: operation.TypeRecover, - DidSuffix: "suffix", - Delta: delta, - SignedData: compactJWS, + Operation: operation.TypeRecover, + DidSuffix: "suffix", + Delta: delta, + SignedData: compactJWS, + RevealValue: rv, }, nil } diff --git a/pkg/versions/0_1/operationparser/update.go b/pkg/versions/0_1/operationparser/update.go index b05357f2..884430b0 100644 --- a/pkg/versions/0_1/operationparser/update.go +++ b/pkg/versions/0_1/operationparser/update.go @@ -12,6 +12,7 @@ import ( "fmt" "github.com/trustbloc/sidetree-core-go/pkg/api/operation" + "github.com/trustbloc/sidetree-core-go/pkg/hashing" "github.com/trustbloc/sidetree-core-go/pkg/versions/0_1/model" ) @@ -39,9 +40,9 @@ func (p *Parser) ParseUpdateOperation(request []byte, batch bool) (*model.Operat } } - revealValue, err := p.getRevealValueMultihash(signedData.UpdateKey) + err = hashing.IsValidModelMultihash(signedData.UpdateKey, schema.RevealValue) if err != nil { - return nil, fmt.Errorf("failed to get reveal value multihash for update: %s", err.Error()) + return nil, fmt.Errorf("canonicalized update public key hash doesn't match reveal value: %s", err.Error()) } return &model.Operation{ @@ -50,7 +51,7 @@ func (p *Parser) ParseUpdateOperation(request []byte, batch bool) (*model.Operat UniqueSuffix: schema.DidSuffix, Delta: schema.Delta, SignedData: schema.SignedData, - RevealValue: revealValue, + RevealValue: schema.RevealValue, }, nil } diff --git a/pkg/versions/0_1/operationparser/update_test.go b/pkg/versions/0_1/operationparser/update_test.go index 610b7aa3..76553632 100644 --- a/pkg/versions/0_1/operationparser/update_test.go +++ b/pkg/versions/0_1/operationparser/update_test.go @@ -44,7 +44,7 @@ func TestParseUpdateOperation(t *testing.T) { require.Equal(t, operation.TypeUpdate, op.Type) signedData, err := parser.ParseSignedDataForUpdate(op.SignedData) - expectedRevealValue, err := parser.getRevealValueMultihash(signedData.UpdateKey) + expectedRevealValue, err := commitment.GetRevealValue(signedData.UpdateKey, sha2_256) require.NoError(t, err) require.Equal(t, expectedRevealValue, op.RevealValue) @@ -121,7 +121,7 @@ func TestParseUpdateOperation(t *testing.T) { delta, err := getUpdateDelta() require.NoError(t, err) - currentCommitment, err := commitment.Calculate(testJWK, sha2_256) + currentCommitment, err := commitment.GetCommitment(testJWK, sha2_256) require.NoError(t, err) delta.UpdateCommitment = currentCommitment @@ -212,7 +212,7 @@ func TestValidateUpdateDelta(t *testing.T) { } func TestValidateUpdateRequest(t *testing.T) { - parser := New(protocol.Protocol{}) + parser := New(protocol.Protocol{MaxOperationHashLength: maxHashLength, MultihashAlgorithm: 18}) t.Run("success", func(t *testing.T) { update, err := getDefaultUpdateRequest() @@ -252,16 +252,22 @@ func getUpdateRequest(delta *model.DeltaModel) (*model.UpdateRequest, error) { UpdateKey: testJWK, } + rv, err := commitment.GetRevealValue(testJWK, sha2_256) + if err != nil { + return nil, err + } + compactJWS, err := signutil.SignModel(signedModel, NewMockSigner()) if err != nil { return nil, err } return &model.UpdateRequest{ - DidSuffix: "suffix", - SignedData: compactJWS, - Operation: operation.TypeUpdate, - Delta: delta, + DidSuffix: "suffix", + SignedData: compactJWS, + Operation: operation.TypeUpdate, + Delta: delta, + RevealValue: rv, }, nil } diff --git a/pkg/versions/0_1/txnprovider/handler_test.go b/pkg/versions/0_1/txnprovider/handler_test.go index 161bb28f..d95909f5 100644 --- a/pkg/versions/0_1/txnprovider/handler_test.go +++ b/pkg/versions/0_1/txnprovider/handler_test.go @@ -403,12 +403,12 @@ func generateCreateOperation(num int) ([]byte, error) { Y: "y", } - recoverCommitment, err := commitment.Calculate(recoverJWK, sha2_256) + recoverCommitment, err := commitment.GetCommitment(recoverJWK, sha2_256) if err != nil { return nil, err } - updateCommitment, err := commitment.Calculate(updateJWK, sha2_256) + updateCommitment, err := commitment.GetCommitment(updateJWK, sha2_256) if err != nil { return nil, err } @@ -445,6 +445,11 @@ func generateRecoverOperation(num int) ([]byte, error) { return nil, err } + rv, err := commitment.GetRevealValue(jwk, sha2_256) + if err != nil { + return nil, err + } + info := &client.RecoverRequestInfo{ DidSuffix: fmt.Sprintf("recover-%d", num), OpaqueDocument: `{"test":"value"}`, @@ -453,6 +458,7 @@ func generateRecoverOperation(num int) ([]byte, error) { RecoveryKey: jwk, MultihashCode: sha2_256, Signer: ecsigner.New(privKey, "ES256", ""), + RevealValue: rv, } return client.NewRecoverRequest(info) @@ -464,10 +470,21 @@ func generateDeactivateOperation(num int) ([]byte, error) { return nil, err } + recoveryPubKey, err := pubkey.GetPublicKeyJWK(&privateKey.PublicKey) + if err != nil { + return nil, err + } + + rv, err := commitment.GetRevealValue(recoveryPubKey, sha2_256) + if err != nil { + return nil, err + } + info := &client.DeactivateRequestInfo{ DidSuffix: fmt.Sprintf("deactivate-%d", num), Signer: ecsigner.New(privateKey, "ES256", ""), - RecoveryKey: testJWK, + RecoveryKey: recoveryPubKey, + RevealValue: rv, } return client.NewDeactivateRequest(info) @@ -489,13 +506,24 @@ func generateUpdateOperation(num int) ([]byte, error) { return nil, err } + updatePubKey, err := pubkey.GetPublicKeyJWK(&privateKey.PublicKey) + if err != nil { + return nil, err + } + + rv, err := commitment.GetRevealValue(updatePubKey, sha2_256) + if err != nil { + return nil, err + } + info := &client.UpdateRequestInfo{ DidSuffix: fmt.Sprintf("update-%d", num), Signer: ecsigner.New(privateKey, "ES256", ""), UpdateCommitment: updateCommitment, - UpdateKey: testJWK, + UpdateKey: updatePubKey, Patches: []patch.Patch{testPatch}, MultihashCode: sha2_256, + RevealValue: rv, } return client.NewUpdateRequest(info) @@ -505,12 +533,6 @@ func getTestPatch() (patch.Patch, error) { return patch.NewJSONPatch(`[{"op": "replace", "path": "/name", "value": "Jane"}]`) } -var testJWK = &jws.JWK{ - Kty: "kty", - Crv: "P-256", - X: "x", -} - func generateUniqueCommitment() (string, error) { key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { @@ -522,7 +544,7 @@ func generateUniqueCommitment() (string, error) { return "", err } - c, err := commitment.Calculate(pubKey, sha2_256) + c, err := commitment.GetCommitment(pubKey, sha2_256) if err != nil { return "", err } diff --git a/pkg/versions/0_1/txnprovider/provider_test.go b/pkg/versions/0_1/txnprovider/provider_test.go index 30a0df13..532e9fb8 100644 --- a/pkg/versions/0_1/txnprovider/provider_test.go +++ b/pkg/versions/0_1/txnprovider/provider_test.go @@ -130,7 +130,7 @@ func TestHandler_GetTxnOperations(t *testing.T) { require.Error(t, err) require.Nil(t, txnOps) - require.Contains(t, err.Error(), "failed to validate signed data for update[0]: proof size[264] exceeds maximum proof size[10]") + require.Contains(t, err.Error(), "failed to validate signed data for update[0]: proof size[376] exceeds maximum proof size[10]") }) t.Run("error - delta exceeds maximum delta size in chunk file", func(t *testing.T) {