|
| 1 | +/*! |
| 2 | + * Copyright 2024 Digital Bazaar, Inc. |
| 3 | + * SPDX-License-Identifier: BSD-3-Clause |
| 4 | + */ |
| 5 | + |
| 6 | +export function sd2023Algorithms({ |
| 7 | + credential, |
| 8 | + verifiers, |
| 9 | + mandatoryPointers, |
| 10 | + selectivePointers, |
| 11 | + keyTypes, |
| 12 | + suiteName, |
| 13 | + vcVersion, |
| 14 | + setup = _setup |
| 15 | +}) { |
| 16 | + return describe(`${suiteName} - Algorithms - VC ${vcVersion}`, function() { |
| 17 | + this.matrix = true; |
| 18 | + this.report = true; |
| 19 | + this.implemented = []; |
| 20 | + this.rowLabel = 'Test Name'; |
| 21 | + this.columnLabel = 'Implementation'; |
| 22 | + const credentials = new Map(keyTypes.map(kt => [kt, null])); |
| 23 | + before(async function() { |
| 24 | + for(const keyType of keyTypes) { |
| 25 | + credentials.set(keyType, await setup({ |
| 26 | + suiteName, |
| 27 | + keyType, |
| 28 | + credential, |
| 29 | + mandatoryPointers, |
| 30 | + selectivePointers |
| 31 | + })); |
| 32 | + } |
| 33 | + }); |
| 34 | + for(const [name, {endpoints}] of verifiers) { |
| 35 | + const [verifier] = endpoints; |
| 36 | + for(const keyType of keyTypes) { |
| 37 | + this.implemented.push(`${name}: ${keyType}`); |
| 38 | + describe(`${name}: ${keyType}`, function() { |
| 39 | + beforeEach(function() { |
| 40 | + this.currentTest.cell = { |
| 41 | + rowId: this.currentTest.title, |
| 42 | + columnId: this.currentTest.parent.title |
| 43 | + }; |
| 44 | + }); |
| 45 | + it('If source has an id that is not a blank node identifier, set ' + |
| 46 | + 'selection.id to its value. Note: All non-blank node identifiers ' + |
| 47 | + 'in the path of any JSON Pointer MUST be included in the ' + |
| 48 | + 'selection, this includes any root document identifier.', |
| 49 | + async function() { |
| 50 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#jsonpointertopaths:~:text=If%20source%20has%20an%20id%20that%20is%20not%20a%20blank%20node%20identifier%2C%20set%20selection.id%20to%20its%20value.%20Note%3A%20All%20non%2Dblank%20node%20identifiers%20in%20the%20path%20of%20any%20JSON%20Pointer%20MUST%20be%20included%20in%20the%20selection%2C%20this%20includes%20any%20root%20document%20identifier.'; |
| 51 | + }); |
| 52 | + it('If source.type is set, set selection.type to its value. ' + |
| 53 | + 'Note: The selection MUST include all types in the path of any ' + |
| 54 | + 'JSON Pointer, including any root document type.', async function() { |
| 55 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#selective-disclosure-functions:~:text=If%20source.type%20is%20set%2C%20set%20selection.type%20to%20its%20value.%20Note%3A%20The%20selection%20MUST%20include%20all%20types%20in%20the%20path%20of%20any%20JSON%20Pointer%2C%20including%20any%20root%20document%20type.'; |
| 56 | + }); |
| 57 | + it('Set value to parentValue.path. If value is now undefined, an ' + |
| 58 | + 'error MUST be raised and SHOULD convey an error type of ' + |
| 59 | + 'PROOF_GENERATION_ERROR, indicating that the JSON pointer does ' + |
| 60 | + 'not match the given document.', async function() { |
| 61 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#selective-disclosure-functions:~:text=Set%20value%20to%20parentValue.path.%20If%20value%20is%20now%20undefined%2C%20an%20error%20MUST%20be%20raised%20and%20SHOULD%20convey%20an%20error%20type%20of%20PROOF_GENERATION_ERROR%2C%20indicating%20that%20the%20JSON%20pointer%20does%20not%20match%20the%20given%20document.'; |
| 62 | + }); |
| 63 | + it('CBOR-encode components per [RFC8949] where CBOR tagging MUST ' + |
| 64 | + 'NOT be used on any of the components. Append the produced encoded ' + |
| 65 | + 'value to proofValue.', async function() { |
| 66 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#selective-disclosure-functions:~:text=and%20mandatoryPointers.-,CBOR%2Dencode%20components%20per%20%5BRFC8949%5D%20where%20CBOR%20tagging%20MUST,-NOT%20be%20used'; |
| 67 | + }); |
| 68 | + it('If the proofValue string does not start with u, indicating ' + |
| 69 | + 'that it is a multibase-base64url-no-pad-encoded value, an error ' + |
| 70 | + 'MUST be raised and SHOULD convey an error type of ' + |
| 71 | + 'PROOF_VERIFICATION_ERROR.', async function() { |
| 72 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#selective-disclosure-functions:~:text=produced%20as%20output.-,If%20the%20proofValue%20string%20does%20not%20start%20with%20u%2C%20indicating%20that%20it%20is%20a%20multibase%2Dbase64url%2Dno%2Dpad%2Dencoded%20value%2C%20an%20error%20MUST%20be%20raised%20and%20SHOULD%20convey%20an%20error%20type%20of%20PROOF_VERIFICATION_ERROR.,-Initialize%20decodedProofValue%20to'; |
| 73 | + }); |
| 74 | + it('If the decodedProofValue does not start with the ECDSA-SD ' + |
| 75 | + 'base proof header bytes 0xd9, 0x5d, and 0x00, an error MUST be ' + |
| 76 | + 'raised and SHOULD convey an error type of PROOF_VERIFICATION_ERROR.', |
| 77 | + async function() { |
| 78 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#selective-disclosure-functions:~:text=If%20the%20decodedProofValue%20does%20not%20start%20with%20the%20ECDSA%2DSD%20base%20proof%20header%20bytes%200xd9%2C%200x5d%2C%20and%200x00%2C%20an%20error%20MUST%20be%20raised%20and%20SHOULD%20convey%20an%20error%20type%20of%20PROOF_VERIFICATION_ERROR.'; |
| 79 | + }); |
| 80 | + it('CBOR-encode components per [RFC8949] where CBOR tagging MUST ' + |
| 81 | + 'NOT be used on any of the components. Append the produced ' + |
| 82 | + 'encoded value to proofValue.', async function() { |
| 83 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#selective-disclosure-functions:~:text=and%20mandatoryIndexes.-,CBOR%2Dencode%20components%20per%20%5BRFC8949%5D%20where%20CBOR%20tagging%20MUST%20NOT%20be%20used%20on%20any%20of%20the%20components.%20Append%20the%20produced%20encoded%20value%20to%20proofValue.,-Return%20the%20derived'; |
| 84 | + }); |
| 85 | + it('If the proofValue string does not start with u, indicating ' + |
| 86 | + 'that it is a multibase-base64url-no-pad-encoded value, an error ' + |
| 87 | + 'MUST be raised and SHOULD convey an error type of ' + |
| 88 | + 'PROOF_VERIFICATION_ERROR.', async function() { |
| 89 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#selective-disclosure-functions:~:text=labelMap%22%2C%20and%20%22mandatoryIndexes%22.-,If%20the%20proofValue%20string%20does%20not%20start%20with%20u%2C%20indicating%20that%20it%20is%20a%20multibase%2Dbase64url%2Dno%2Dpad%2Dencoded%20value%2C%20an%20error%20MUST%20be%20raised%20and%20SHOULD%20convey%20an%20error%20type%20of%20PROOF_VERIFICATION_ERROR.,-Initialize%20decodedProofValue%20to'; |
| 90 | + }); |
| 91 | + it('If the decodedProofValue does not start with the ECDSA-SD ' + |
| 92 | + 'disclosure proof header bytes 0xd9, 0x5d, and 0x01, an error ' + |
| 93 | + 'MUST be raised and SHOULD convey an error type of ' + |
| 94 | + 'PROOF_VERIFICATION_ERROR.', async function() { |
| 95 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#selective-disclosure-functions:~:text=If%20the%20decodedProofValue%20does%20not%20start%20with%20the%20ECDSA%2DSD%20disclosure%20proof%20header%20bytes%200xd9%2C%200x5d%2C%20and%200x01%2C%20an%20error%20MUST%20be%20raised%20and%20SHOULD%20convey%20an%20error%20type%20of%20PROOF_VERIFICATION_ERROR.'; |
| 96 | + }); |
| 97 | + it('If the result is not an array of the following five elements ' + |
| 98 | + '— a byte array of length 64; a byte array of length 36; an array ' + |
| 99 | + 'of byte arrays, each of length 64; a map of integers to byte ' + |
| 100 | + 'arrays, each of length 32; and an array of integers — an error ' + |
| 101 | + 'MUST be raised and SHOULD convey an error type of ' + |
| 102 | + 'PROOF_VERIFICATION_ERROR.', async function() { |
| 103 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#selective-disclosure-functions:~:text=array%20of%20integers%20%E2%80%94-,an%20error%20MUST%20be%20raised%20and%20SHOULD%20convey%20an%20error%20type%20of%20PROOF_VERIFICATION_ERROR.,-Replace%20the%20fourth'; |
| 104 | + }); |
| 105 | + it('The transformation options MUST contain a type identifier for ' + |
| 106 | + 'the cryptographic suite (type), a cryptosuite identifier ' + |
| 107 | + '(cryptosuite), and a verification method (verificationMethod).', |
| 108 | + async function() { |
| 109 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#selective-disclosure-functions:~:text=The%20transformation%20options%20MUST%20contain%20a%20type%20identifier%20for%20the%20cryptographic%20suite%20(type)%2C%20a%20cryptosuite%20identifier%20(cryptosuite)%2C%20and%20a%20verification%20method%20(verificationMethod).'; |
| 110 | + }); |
| 111 | + it('The transformation options MUST contain an array of mandatory ' + |
| 112 | + 'JSON pointers (mandatoryPointers) and MAY contain additional ' + |
| 113 | + 'options, such as a JSON-LD document loader.', async function() { |
| 114 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#selective-disclosure-functions:~:text=The%20transformation%20options%20MUST%20contain%20an%20array%20of%20mandatory%20JSON%20pointers%20(mandatoryPointers)%20and%20MAY%20contain%20additional%20options%2C%20such%20as%20a%20JSON%2DLD%20document%20loader.'; |
| 115 | + }); |
| 116 | + it('Whenever this algorithm encodes strings, it MUST use UTF-8 ' + |
| 117 | + 'encoding.', async function() { |
| 118 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#selective-disclosure-functions:~:text=produced%20as%20output.-,Whenever%20this%20algorithm%20encodes%20strings%2C%20it%20MUST%20use%20UTF%2D8%20encoding.,-Initialize%20hmac%20to'; |
| 119 | + }); |
| 120 | + it('Per the recommendations of [RFC2104], the HMAC key MUST be the ' + |
| 121 | + 'same length as the digest size; for SHA-256, this is 256 bits or ' + |
| 122 | + '32 bytes.', async function() { |
| 123 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#selective-disclosure-functions:~:text=Per%20the%20recommendations%20of%20%5BRFC2104%5D%2C%20the%20HMAC%20key%20MUST%20be%20the%20same%20length%20as%20the%20digest%20size%3B%20for%20SHA%2D256%2C%20this%20is%20256%20bits%20or%2032%20bytes.'; |
| 124 | + }); |
| 125 | + it('The proof options MUST contain a type identifier for the ' + |
| 126 | + 'cryptographic suite (type) and MUST contain a cryptosuite ' + |
| 127 | + 'identifier (cryptosuite).', async function() { |
| 128 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#base-proof-configuration-ecdsa-sd-2023'; |
| 129 | + }); |
| 130 | + it('If proofConfig.type is not set to DataIntegrityProof and/or ' + |
| 131 | + 'proofConfig.cryptosuite is not set to ecdsa-sd-2023, an error ' + |
| 132 | + 'MUST be raised and SHOULD convey an error type of ' + |
| 133 | + 'PROOF_GENERATION_ERROR.', async function() { |
| 134 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#base-proof-configuration-ecdsa-sd-2023:~:text=If%20proofConfig.type%20is%20not%20set%20to%20DataIntegrityProof%20and/or%20proofConfig.cryptosuite%20is%20not%20set%20to%20ecdsa%2Dsd%2D2023%2C%20an%20error%20MUST%20be%20raised%20and%20SHOULD%20convey%20an%20error%20type%20of%20PROOF_GENERATION_ERROR.'; |
| 135 | + }); |
| 136 | + it('If proofConfig.created is set and if the value is not a valid ' + |
| 137 | + '[XMLSCHEMA11-2] datetime, an error MUST be raised and SHOULD ' + |
| 138 | + 'convey an error type of PROOF_GENERATION_ERROR.', async function() { |
| 139 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#base-proof-configuration-ecdsa-sd-2023'; |
| 140 | + }); |
| 141 | + it('The proof options MUST contain a type identifier for the ' + |
| 142 | + 'cryptographic suite (type) and MAY contain a cryptosuite ' + |
| 143 | + 'identifier (cryptosuite).', async function() { |
| 144 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#base-proof-serialization-ecdsa-sd-2023'; |
| 145 | + }); |
| 146 | + it('If the length of signatures does not match the length of ' + |
| 147 | + 'nonMandatory, an error MUST be raised and SHOULD convey an ' + |
| 148 | + 'error type of PROOF_VERIFICATION_ERROR, indicating that the ' + |
| 149 | + 'signature count does not match the non-mandatory message count.', |
| 150 | + async function() { |
| 151 | + this.test.link = 'https://w3c.github.io/vc-di-ecdsa/#base-proof-serialization-ecdsa-sd-2023:~:text=If%20the%20length%20of%20signatures%20does%20not%20match%20the%20length%20of%20nonMandatory%2C%20an%20error%20MUST%20be%20raised%20and%20SHOULD%20convey%20an%20error%20type%20of%20PROOF_VERIFICATION_ERROR%2C%20indicating%20that%20the%20signature%20count%20does%20not%20match%20the%20non%2Dmandatory%20message%20count.'; |
| 152 | + }); |
| 153 | + }); |
| 154 | + } |
| 155 | + } |
| 156 | + }); |
| 157 | +} |
| 158 | + |
| 159 | +function _setup() { |
| 160 | + |
| 161 | +} |
0 commit comments