baseid_bbs/

lib.rs

//! # baseid-bbs
//!
//! BBS+ signatures with unlinkable selective disclosure for BaseID.
//!
//! Provides:
//! - BBS+ key generation (BLS12-381 G2)
//! - Multi-message signing (each claim is a separate "message")
//! - Zero-knowledge proof derivation with selective disclosure
//! - Proof verification (verifier sees only disclosed claims)
//! - Predicate evaluation (range proofs, set membership)
//! - Full credential lifecycle (issue, verify, present) via `BbsLifecycle`
//!
//! Reference: IETF draft-irtf-cfrg-bbs-signatures

pub mod credential;
pub mod error;
pub mod keys;
pub mod lifecycle;
pub mod predicates;
pub mod proof;
pub mod signing;

pub use credential::{BbsClaim, BbsCredential, BbsDerivedProof};
pub use keys::BbsKeyPair;
pub use lifecycle::{verify_derived_proof, BbsLifecycle};

#[cfg(test)]
mod tests {
    use super::*;
    use baseid_core::claims::{ClaimSet, DisclosureSelection, PredicateType};
    use baseid_core::lifecycle::*;
    use baseid_core::types::CredentialFormat;
    use serde_json::json;

    #[test]
    fn key_generation() {
        let kp = BbsKeyPair::generate().unwrap();
        assert!(!kp.public_key.is_empty());
        assert!(!kp.secret_key.is_empty());
    }

    #[test]
    fn key_roundtrip() {
        let kp = BbsKeyPair::generate().unwrap();
        let restored = BbsKeyPair::from_bytes(&kp.secret_key, &kp.public_key).unwrap();
        assert_eq!(kp.public_key, restored.public_key);
    }

    #[test]
    fn sign_and_verify() {
        let kp = BbsKeyPair::generate().unwrap();
        let messages = vec![
            b"claim1: Alice".to_vec(),
            b"claim2: age=30".to_vec(),
            b"claim3: CA".to_vec(),
        ];

        let sig = signing::bbs_sign(&kp, &messages, None).unwrap();
        assert_eq!(sig.len(), 80);

        let valid = signing::bbs_verify(&kp.public_key, &sig, &messages, None).unwrap();
        assert!(valid, "signature should be valid");
    }

    #[test]
    fn verify_wrong_messages_fails() {
        let kp = BbsKeyPair::generate().unwrap();
        let messages = vec![b"claim1".to_vec(), b"claim2".to_vec()];
        let sig = signing::bbs_sign(&kp, &messages, None).unwrap();

        let wrong = vec![b"claim1".to_vec(), b"TAMPERED".to_vec()];
        let valid = signing::bbs_verify(&kp.public_key, &sig, &wrong, None).unwrap();
        assert!(!valid, "tampered messages should fail");
    }

    #[test]
    fn proof_selective_disclosure() {
        let kp = BbsKeyPair::generate().unwrap();
        let messages = vec![
            b"name: Alice".to_vec(),
            b"age: 30".to_vec(),
            b"ssn: 123-45-6789".to_vec(),
        ];
        let sig = signing::bbs_sign(&kp, &messages, None).unwrap();

        // Disclose only message 0 (name)
        let disclosed = [0usize];
        let proof_bytes =
            proof::bbs_proof_gen(&kp.public_key, &sig, &messages, &disclosed, None, None).unwrap();
        assert!(!proof_bytes.is_empty());

        // Verify with only the disclosed message
        let disclosed_msgs = vec![(0, b"name: Alice".to_vec())];
        let valid =
            proof::bbs_proof_verify(&kp.public_key, &proof_bytes, &disclosed_msgs, None, None)
                .unwrap();
        assert!(valid, "selective disclosure proof should verify");
    }

    #[test]
    fn proof_unlinkability() {
        let kp = BbsKeyPair::generate().unwrap();
        let messages = vec![b"claim1".to_vec(), b"claim2".to_vec()];
        let sig = signing::bbs_sign(&kp, &messages, None).unwrap();

        let proof1 =
            proof::bbs_proof_gen(&kp.public_key, &sig, &messages, &[0], None, None).unwrap();
        let proof2 =
            proof::bbs_proof_gen(&kp.public_key, &sig, &messages, &[0], None, None).unwrap();

        // Two proofs from same credential should be different (unlinkable)
        assert_ne!(
            proof1, proof2,
            "proofs should be unlinkable (different bytes)"
        );

        // Both should verify
        let disclosed = vec![(0, b"claim1".to_vec())];
        assert!(proof::bbs_proof_verify(&kp.public_key, &proof1, &disclosed, None, None).unwrap());
        assert!(proof::bbs_proof_verify(&kp.public_key, &proof2, &disclosed, None, None).unwrap());
    }

    #[test]
    fn lifecycle_issue_verify() {
        let kp = BbsKeyPair::generate().unwrap();
        let lifecycle = BbsLifecycle::new(kp);

        let mut claims = ClaimSet::new();
        claims.insert("", "given_name", json!("Alice"));
        claims.insert("", "family_name", json!("Smith"));
        claims.insert("", "age", json!(30));

        let options = IssuanceOptions {
            credential_id: Some("urn:uuid:test".to_string()),
            types: vec![
                "VerifiableCredential".to_string(),
                "IdentityCredential".to_string(),
            ],
            valid_from: None,
            valid_until: None,
            status: None,
        };

        let issued = lifecycle
            .issue("did:key:issuer", Some("did:key:holder"), &claims, &options)
            .unwrap();
        assert_eq!(issued.format, CredentialFormat::Bbs);

        let outcome = lifecycle.verify(&issued.data).unwrap();
        assert!(outcome.valid, "issued credential should verify");
        assert_eq!(outcome.claims.get("", "given_name"), Some(&json!("Alice")));
        assert!(!outcome.unlinkable, "full verification is not unlinkable");
    }

    #[test]
    fn lifecycle_present_selective_disclosure() {
        let kp = BbsKeyPair::generate().unwrap();
        let lifecycle = BbsLifecycle::new(kp);

        let mut claims = ClaimSet::new();
        claims.insert("", "given_name", json!("Alice"));
        claims.insert("", "family_name", json!("Smith"));
        claims.insert("", "birth_date", json!("1994-01-15"));
        claims.insert("", "ssn", json!("123-45-6789"));

        let options = IssuanceOptions::default();

        let issued = lifecycle
            .issue("did:key:issuer", None, &claims, &options)
            .unwrap();

        // Present: reveal name, hide SSN and birth_date
        let disclosure = DisclosureSelection::new()
            .reveal("given_name")
            .reveal("family_name")
            .hide("birth_date")
            .hide("ssn");

        let pres_options = PresentationOptions {
            nonce: Some("verifier-nonce-123".to_string()),
            audience: None,
            holder_did: None,
        };

        let presented = lifecycle
            .present(&issued.data, &disclosure, &pres_options)
            .unwrap();
        assert_eq!(presented.format, CredentialFormat::Bbs);
        assert!(presented.unlinkable, "BBS+ presentations are unlinkable");

        // Verify the derived proof
        let outcome = verify_derived_proof(&presented.data).unwrap();
        assert!(outcome.valid, "derived proof should verify");
        assert!(outcome.unlinkable, "derived proof is unlinkable");
        // Only disclosed claims should be present
        assert_eq!(outcome.claims.get("", "given_name"), Some(&json!("Alice")));
        assert_eq!(outcome.claims.get("", "family_name"), Some(&json!("Smith")));
        assert_eq!(outcome.claims.get("", "ssn"), None, "SSN should be hidden");
        assert_eq!(
            outcome.claims.get("", "birth_date"),
            None,
            "birth_date should be hidden"
        );
    }

    #[test]
    fn lifecycle_predicate_evaluation() {
        let kp = BbsKeyPair::generate().unwrap();
        let lifecycle = BbsLifecycle::new(kp);

        let mut claims = ClaimSet::new();
        claims.insert("", "name", json!("Alice"));
        claims.insert("", "age", json!(25));
        claims.insert("", "country", json!("CA"));

        let options = IssuanceOptions::default();
        let issued = lifecycle
            .issue("did:key:issuer", None, &claims, &options)
            .unwrap();

        // Present with predicate: age > 18
        let disclosure = DisclosureSelection::new()
            .reveal("name")
            .predicate("age", PredicateType::GreaterThan(json!(18)))
            .hide("country");

        let pres_options = PresentationOptions {
            nonce: None,
            audience: None,
            holder_did: None,
        };
        let presented = lifecycle
            .present(&issued.data, &disclosure, &pres_options)
            .unwrap();

        let derived = BbsDerivedProof::from_bytes(&presented.data).unwrap();
        // Check that the predicate was evaluated and satisfied
        assert_eq!(derived.predicate_results.len(), 1);
        assert_eq!(derived.predicate_results[0].0, "age");
        assert!(
            derived.predicate_results[0].1,
            "age > 18 should be true for age=25"
        );
    }

    #[test]
    fn predicate_age_over_18() {
        assert!(predicates::evaluate_predicate(
            &json!(25),
            &PredicateType::GreaterThan(json!(18))
        ));
        assert!(!predicates::evaluate_predicate(
            &json!(16),
            &PredicateType::GreaterThan(json!(18))
        ));
        assert!(predicates::evaluate_predicate(
            &json!(18),
            &PredicateType::GreaterThanOrEqual(json!(18))
        ));
    }

    #[test]
    fn predicate_set_membership() {
        let set = vec![json!("CA"), json!("US"), json!("MX")];
        assert!(predicates::evaluate_predicate(
            &json!("CA"),
            &PredicateType::InSet(set.clone())
        ));
        assert!(!predicates::evaluate_predicate(
            &json!("UK"),
            &PredicateType::InSet(set.clone())
        ));
        assert!(predicates::evaluate_predicate(
            &json!("UK"),
            &PredicateType::NotInSet(set)
        ));
    }
}