Use latest releases of zkryptium/json-proof-token and add new BLS key representation

Cargo.toml

@@ -23,8 +23,8 @@ serde = { version = "1.0", default-features = false, features = ["alloc", "deriv
 thiserror = { version = "1.0", default-features = false }
 strum = { version = "0.25", default-features = false, features = ["std", "derive"] }
 serde_json = { version = "1.0", default-features = false }
-json-proof-token = { version = "0.3.3" }
-zkryptium = { version = "0.1.9", default-features = false, features = ["bbsplus"] }
+json-proof-token = { version = "0.3.4" }
+zkryptium = { version = "0.2.0", default-features = false, features = ["bbsplus"] }
 
 [workspace.package]
 authors = ["IOTA Stiftung"]

identity_jose/src/jwk/curve/bls.rs

@@ -0,0 +1,36 @@
+use core::fmt::Display;
+use core::fmt::Formatter;
+use core::fmt::Result;
+
+/// Supported BLS Curves.
+///
+/// [More Info](https://datatracker.ietf.org/doc/html/draft-ietf-cose-bls-key-representations-05#name-curve-parameter-registratio)
+#[derive(Clone, Copy, Debug, Hash, PartialEq, Eq, PartialOrd, Ord)]
+pub enum BlsCurve {
+  /// A cryptographic key on the Barreto-Lynn-Scott (BLS) curve featuring an embedding degree 12 with 381-bit p in the subgroup of G1.
+  BLS12381G1,
+  /// A cryptographic key on the Barreto-Lynn-Scott (BLS) curve featuring an embedding degree 12 with 381-bit p in the subgroup of G2.
+  BLS12381G2,
+  /// A cryptographic key on the Barreto-Lynn-Scott (BLS) curve featuring an embedding degree 48 with 581-bit p in the subgroup of G1.
+  BLS48581G1,
+  /// A cryptographic key on the Barreto-Lynn-Scott (BLS) curve featuring an embedding degree 48 with 581-bit p in the subgroup of G2.
+  BLS48581G2,
+}
+
+impl BlsCurve {
+  /// Returns the name of the curve as a string slice.
+  pub const fn name(self) -> &'static str {
+    match self {
+      Self::BLS12381G1 => "BLS12381G1",
+      Self::BLS12381G2 => "BLS12381G2",
+      Self::BLS48581G1 => "BLS48581G1",
+      Self::BLS48581G2 => "BLS48581G2",
+    }
+  }
+}
+
+impl Display for BlsCurve {
+  fn fmt(&self, f: &mut Formatter<'_>) -> Result {
+    f.write_str(self.name())
+  }
+}

identity_jose/src/jwk/curve/mod.rs

@@ -4,7 +4,9 @@
 mod ec;
 mod ecx;
 mod ed;
+mod bls;
 
 pub use self::ec::*;
 pub use self::ecx::*;
 pub use self::ed::*;
+pub use self::bls::*;

identity_jose/src/jwk/jwk_ext.rs

@@ -1,14 +1,14 @@
 use super::Jwk;
 use super::JwkOperation;
 use super::JwkParams;
-use super::JwkParamsOkp;
+use super::JwkParamsEc;
 use super::JwkType;
 use super::JwkUse;
 use identity_core::common::Url;
 use jsonprooftoken::jpa::algs::ProofAlgorithm;
 use jsonprooftoken::jwk::alg_parameters::Algorithm;
 use jsonprooftoken::jwk::alg_parameters::JwkAlgorithmParameters;
-use jsonprooftoken::jwk::alg_parameters::JwkOctetKeyPairParameters;
+use jsonprooftoken::jwk::alg_parameters::JwkEllipticCurveKeyParameters;
 use jsonprooftoken::jwk::curves::EllipticCurveTypes;
 use jsonprooftoken::jwk::key::Jwk as JwkExt;
 use jsonprooftoken::jwk::key::KeyOps;
@@ -50,23 +50,6 @@ impl From<JwkOperation> for KeyOps {
   }
 }
 
-// impl Into<KeyOps> for JwkOperation {
-//     fn into(self) -> KeyOps {
-//         match self {
-//             Self::Sign => KeyOps::Sign,
-//             Self::Verify => KeyOps::Verify,
-//             Self::Encrypt => KeyOps::Encrypt,
-//             Self::Decrypt => KeyOps::Decrypt,
-//             Self::WrapKey => KeyOps::WrapKey,
-//             Self::UnwrapKey => KeyOps::UnwrapKey,
-//             Self::DeriveKey => KeyOps::DeriveKey,
-//             Self::DeriveBits => KeyOps::DeriveBits,
-//             Self::ProofGeneration => KeyOps::ProofGeneration,
-//             Self::ProofVerification => KeyOps::ProofVerification,
-//         }
-//     }
-// }
-
 impl From<PKUse> for JwkUse {
   fn from(value: PKUse) -> Self {
     match value {
@@ -87,24 +70,26 @@ impl From<JwkUse> for PKUse {
   }
 }
 
-impl From<JwkOctetKeyPairParameters> for JwkParamsOkp {
-  fn from(value: JwkOctetKeyPairParameters) -> Self {
+impl From<JwkEllipticCurveKeyParameters> for JwkParamsEc {
+  fn from(value: JwkEllipticCurveKeyParameters) -> Self {
     Self {
       crv: value.crv.to_string(),
       x: value.x,
+      y: value.y,
       d: value.d,
     }
   }
 }
 
-impl TryInto<JwkOctetKeyPairParameters> for &JwkParamsOkp {
+impl TryInto<JwkEllipticCurveKeyParameters> for &JwkParamsEc {
   type Error = crate::error::Error;
 
-  fn try_into(self) -> Result<JwkOctetKeyPairParameters, Self::Error> {
-    Ok(JwkOctetKeyPairParameters {
-      kty: KeyType::OctetKeyPair,
-      crv: EllipticCurveTypes::from_str(&self.crv).map_err(|_| Self::Error::KeyError("Invalid crv!"))?,
+  fn try_into(self) -> Result<JwkEllipticCurveKeyParameters, Self::Error> {
+    Ok(JwkEllipticCurveKeyParameters {
+      kty: KeyType::EllipticCurve,
+      crv: EllipticCurveTypes::from_str(&self.crv).map_err(|_| Self::Error::KeyError("crv not supported!"))?,
       x: self.x.clone(),
+      y: self.y.clone(),
       d: self.d.clone(),
     })
   }
@@ -120,8 +105,8 @@ impl TryFrom<JwkExt> for Jwk {
     };
 
     let (kty, params) = match value.key_params {
-      JwkAlgorithmParameters::OctetKeyPair(p) => (JwkType::Okp, JwkParams::Okp(JwkParamsOkp::from(p))),
-      _ => unreachable!(),
+      JwkAlgorithmParameters::EllipticCurve(p) => (JwkType::Ec, JwkParams::Ec(JwkParamsEc::from(p))),
+      _ => unreachable!()
     };
 
     Ok(Self {
@@ -146,7 +131,7 @@ impl TryInto<JwkExt> for &Jwk {
 
   fn try_into(self) -> Result<JwkExt, Self::Error> {
     let params = match &self.params {
-      JwkParams::Okp(p) => JwkAlgorithmParameters::OctetKeyPair(p.try_into()?),
+      JwkParams::Ec(p) => JwkAlgorithmParameters::EllipticCurve(p.try_into()?),
       _ => return Err(Self::Error::InvalidParam("Parameters not supported!")),
     };
 
@@ -171,4 +156,4 @@ impl TryInto<JwkExt> for &Jwk {
       key_params: params,
     })
   }
-}
+}

identity_storage/src/key_storage/jwk_storage.rs

@@ -11,6 +11,7 @@ use identity_verification::jose::jws::JwsAlgorithm;
 use jsonprooftoken::jpa::algs::ProofAlgorithm;
 use jsonprooftoken::jpt::claims::JptClaims;
 use jsonprooftoken::jwp::header::IssuerProtectedHeader;
+use zkryptium::bbsplus::signature::BBSplusSignature;
 
 use super::jwk_gen_output::JwkGenOutput;
 
@@ -88,7 +89,7 @@ pub trait JwkStorageExt: JwkStorage {
     &self,
     key_id: &KeyId,
     public_key: &Jwk,
-    proof: &[u8; 112],
+    proof: &[u8; BBSplusSignature::BYTES],
     ctx: ProofUpdateCtx,
-  ) -> KeyStorageResult<[u8; 112]>;
+  ) -> KeyStorageResult<[u8; BBSplusSignature::BYTES]>;
 }