add stronghold bbs+ tests

iotaledger · Apr 25, 2024 · 6a32429 · 6a32429
1 parent 4738605
commit 6a32429
Show file tree

Hide file tree

Showing 6 changed files with 109 additions and 7 deletions.
diff --git a/identity_stronghold/Cargo.toml b/identity_stronghold/Cargo.toml
@@ -27,7 +27,10 @@ zkryptium = { workspace = true, optional = true }
 
 [dev-dependencies]
 identity_did = { version = "=1.2.0", path = "../identity_did", default_features = false }
+identity_storage = { version = "=1.2.0", path = "../identity_storage", default_features = false, features = ["jpt-bbs-plus"] }
+json-proof-token = { workspace = true }
 tokio = { version = "1.29.0", default-features = false, features = ["macros", "sync", "rt"] }
+zkryptium = { workspace = true }
 
 [features]
 default = []

diff --git a/identity_stronghold/src/lib.rs b/identity_stronghold/src/lib.rs
@@ -3,7 +3,7 @@
 
 pub(crate) mod ed25519;
 mod stronghold_jwk_storage;
-#[cfg(feature = "bbs-plus")]
+#[cfg(any(feature = "bbs-plus", test))]
 mod stronghold_jwk_storage_ext;
 mod stronghold_key_id;
 pub(crate) mod stronghold_key_type;

diff --git a/identity_stronghold/src/stronghold_jwk_storage_ext.rs b/identity_stronghold/src/stronghold_jwk_storage_ext.rs
@@ -42,6 +42,10 @@ impl JwkStorageBbsPlusExt for StrongholdStorage {
       );
     }
 
+    if !matches!(alg, ProofAlgorithm::BLS12381_SHA256 | ProofAlgorithm::BLS12381_SHAKE256) {
+      return Err(KeyStorageErrorKind::UnsupportedProofAlgorithm.into());
+    }
+
     let stronghold = self.get_stronghold().await;
     let client = get_client(&stronghold)?;
 
@@ -78,9 +82,6 @@ impl JwkStorageBbsPlusExt for StrongholdStorage {
     header: &[u8],
     public_key: &Jwk,
   ) -> KeyStorageResult<Vec<u8>> {
-    let stronghold = self.get_stronghold().await;
-    let client = get_client(&stronghold)?;
-
     // Extract the required alg from the given public key
     let alg = public_key
       .alg()
@@ -103,6 +104,8 @@ impl JwkStorageBbsPlusExt for StrongholdStorage {
       record_path: key_id.to_string().as_bytes().to_vec(),
     };
 
+    let stronghold = self.get_stronghold().await;
+    let client = get_client(&stronghold)?;
     client
       .get_guards([sk_location], |[sk]| {
         let sk = BBSplusSecretKey::from_bytes(&sk.borrow()).map_err(|e| FatalProcedureError::from(e.to_string()))?;
@@ -123,9 +126,6 @@ impl JwkStorageBbsPlusExt for StrongholdStorage {
     signature: &[u8; BBSplusSignature::BYTES],
     ctx: ProofUpdateCtx,
   ) -> KeyStorageResult<[u8; BBSplusSignature::BYTES]> {
-    let stronghold = self.get_stronghold().await;
-    let client = get_client(&stronghold)?;
-
     // Extract the required alg from the given public key
     let alg = public_key
       .alg()
@@ -143,6 +143,8 @@ impl JwkStorageBbsPlusExt for StrongholdStorage {
       vault_path: IDENTITY_VAULT_PATH.as_bytes().to_vec(),
       record_path: key_id.to_string().as_bytes().to_vec(),
     };
+    let stronghold = self.get_stronghold().await;
+    let client = get_client(&stronghold)?;
 
     client
       .get_guards([sk_location], |[sk]| {

diff --git a/identity_stronghold/src/stronghold_key_type.rs b/identity_stronghold/src/stronghold_key_type.rs
@@ -48,6 +48,12 @@ impl TryFrom<&KeyType> for StrongholdKeyType {
   }
 }
 
+impl From<StrongholdKeyType> for KeyType {
+  fn from(key_type: StrongholdKeyType) -> KeyType {
+    KeyType::from_static_str(key_type.name())
+  }
+}
+
 impl TryFrom<&Jwk> for StrongholdKeyType {
   type Error = KeyStorageError;
 

diff --git a/identity_stronghold/src/tests/mod.rs b/identity_stronghold/src/tests/mod.rs
@@ -1,6 +1,7 @@
 // Copyright 2020-2023 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
+mod test_bbs_ext;
 mod test_jwk_storage;
 mod test_key_id_storage;
 pub(crate) mod utils;
diff --git a/identity_stronghold/src/tests/test_bbs_ext.rs b/identity_stronghold/src/tests/test_bbs_ext.rs
@@ -0,0 +1,90 @@
+use identity_storage::key_storage::bls::expand_bls_jwk;
+use identity_storage::key_storage::bls::sign_bbs;
+use identity_storage::JwkGenOutput;
+use identity_storage::JwkStorage;
+use identity_storage::JwkStorageBbsPlusExt;
+use identity_storage::KeyStorageErrorKind;
+use iota_stronghold::procedures::Runner;
+use iota_stronghold::Location;
+use jsonprooftoken::jpa::algs::ProofAlgorithm;
+use rand::RngCore;
+use zkryptium::bbsplus::keys::BBSplusSecretKey;
+
+use crate::stronghold_key_type::StrongholdKeyType;
+use crate::tests::utils::create_stronghold_secret_manager;
+use crate::utils::get_client;
+use crate::utils::IDENTITY_VAULT_PATH;
+use crate::StrongholdStorage;
+
+#[tokio::test]
+async fn stronghold_bbs_keypair_gen_works() -> anyhow::Result<()> {
+  let stronghold_storage = StrongholdStorage::new(create_stronghold_secret_manager());
+  let JwkGenOutput { key_id, jwk, .. } = stronghold_storage
+    .generate_bbs(StrongholdKeyType::BLS12381G2.into(), ProofAlgorithm::BLS12381_SHA256)
+    .await?;
+
+  assert!(jwk.is_public());
+  assert!(stronghold_storage.exists(&key_id).await?);
+
+  Ok(())
+}
+
+#[tokio::test]
+async fn stronghold_bbs_keypair_gen_fails_with_wrong_key_type() -> anyhow::Result<()> {
+  let stronghold_storage = StrongholdStorage::new(create_stronghold_secret_manager());
+  let error = stronghold_storage
+    .generate_bbs(StrongholdKeyType::Ed25519.into(), ProofAlgorithm::BLS12381_SHA256)
+    .await
+    .unwrap_err();
+  assert!(matches!(error.kind(), KeyStorageErrorKind::UnsupportedKeyType));
+
+  Ok(())
+}
+
+#[tokio::test]
+async fn stronghold_bbs_keypair_gen_fails_with_wrong_alg() -> anyhow::Result<()> {
+  let stronghold_storage = StrongholdStorage::new(create_stronghold_secret_manager());
+  let error = stronghold_storage
+    .generate_bbs(StrongholdKeyType::BLS12381G2.into(), ProofAlgorithm::MAC_H256)
+    .await
+    .unwrap_err();
+
+  assert!(matches!(error.kind(), KeyStorageErrorKind::UnsupportedProofAlgorithm));
+
+  Ok(())
+}
+
+#[tokio::test]
+async fn stronghold_sign_bbs_works() -> anyhow::Result<()> {
+  let stronghold_storage = StrongholdStorage::new(create_stronghold_secret_manager());
+  let JwkGenOutput { key_id, jwk, .. } = stronghold_storage
+    .generate_bbs(StrongholdKeyType::BLS12381G2.into(), ProofAlgorithm::BLS12381_SHA256)
+    .await?;
+  let pk = expand_bls_jwk(&jwk)?.1;
+  let sk = {
+    let stronghold = stronghold_storage.get_stronghold().await;
+    let client = get_client(&stronghold)?;
+    let sk_location = Location::Generic {
+      vault_path: IDENTITY_VAULT_PATH.as_bytes().to_owned(),
+      record_path: key_id.as_str().as_bytes().to_owned(),
+    };
+    client
+      .get_guards([sk_location], |[sk]| Ok(BBSplusSecretKey::from_bytes(&sk.borrow())))
+      .unwrap()
+  }?;
+
+  let mut data = vec![0; 1024];
+  rand::thread_rng().fill_bytes(&mut data);
+  let expected_signature = sign_bbs(
+    ProofAlgorithm::BLS12381_SHA256,
+    std::slice::from_ref(&data),
+    &sk,
+    &pk,
+    &[],
+  )?;
+
+  let signature = stronghold_storage.sign_bbs(&key_id, &[data], &[], &jwk).await?;
+  assert_eq!(signature, expected_signature);
+
+  Ok(())
+}