Support EcdsaSecp256r1Signature2019 linked data proof (openwallet-foundation#3443)

* sign working

Signed-off-by: George Mulhearn <[email protected]>

* fmt and ld proof tests

Signed-off-by: George Mulhearn <[email protected]>

* easy unit test fixes

Signed-off-by: George Mulhearn <[email protected]>

* fix up pres exch flow, run scenario

Signed-off-by: George Mulhearn <[email protected]>

* ruff

Signed-off-by: George Mulhearn <[email protected]>

* lint

Signed-off-by: George Mulhearn <[email protected]>

* poke sonarqube

Signed-off-by: George Mulhearn <[email protected]>

* improve coverage

Signed-off-by: George Mulhearn <[email protected]>

* improve coverage

Signed-off-by: George Mulhearn <[email protected]>

* route p256 fallback improve

Signed-off-by: George Mulhearn <[email protected]>

* rm prints

Signed-off-by: George Mulhearn <[email protected]>

---------

Signed-off-by: George Mulhearn <[email protected]>
Co-authored-by: George Mulhearn <[email protected]>

Author: gmulhearn

acapy_agent/protocols/present_proof/dif/pres_exch_handler.py

@@ -31,6 +31,7 @@
     DocumentLoader,
     Ed25519Signature2018,
     Ed25519Signature2020,
+    EcdsaSecp256r1Signature2019,
     WalletKeyPair,
 )
 from ....vc.ld_proofs.constants import (
@@ -45,7 +46,7 @@
     ProofPurposeStr,
 )
 from ....wallet.error import WalletError, WalletNotFoundError
-from ....wallet.key_type import BLS12381G2, ED25519
+from ....wallet.key_type import BLS12381G2, ED25519, P256
 from .pres_exch import (
     Constraints,
     DIFField,
@@ -79,6 +80,7 @@ class DIFPresExchHandler:
     ISSUE_SIGNATURE_SUITE_KEY_TYPE_MAPPING = {
         Ed25519Signature2018: ED25519,
         Ed25519Signature2020: ED25519,
+        EcdsaSecp256r1Signature2019: P256,
     }
 
     if BbsBlsSignature2020.BBS_SUPPORTED:
@@ -193,6 +195,8 @@ async def get_sign_key_credential_subject_id(
         filtered_creds_list = []
         if self.proof_type == BbsBlsSignature2020.signature_type:
             reqd_key_type = BLS12381G2
+        elif self.proof_type == EcdsaSecp256r1Signature2019.signature_type:
+            reqd_key_type = P256
         else:
             reqd_key_type = ED25519
         for cred in applicable_creds:

acapy_agent/protocols/present_proof/dif/tests/test_pres_exch_handler.py

@@ -24,7 +24,7 @@
 )
 from .....wallet.did_method import KEY, SOV, DIDMethods
 from .....wallet.error import WalletNotFoundError
-from .....wallet.key_type import BLS12381G2, ED25519, KeyTypes
+from .....wallet.key_type import BLS12381G2, ED25519, P256, KeyTypes
 from .. import pres_exch_handler as test_module
 from ..pres_exch import (
     Constraints,
@@ -2070,6 +2070,70 @@ async def test_get_sign_key_credential_subject_id_error(self):
                     VC_RECORDS
                 )
 
+    async def test_get_sign_key_credential_subject_id_secp256r1(self):
+        dif_pres_exch_handler = DIFPresExchHandler(
+            self.profile, proof_type="EcdsaSecp256r1Signature2019"
+        )
+
+        VC_RECORDS = [
+            VCRecord(
+                contexts=[
+                    "https://www.w3.org/2018/credentials/v1",
+                    "https://www.w3.org/2018/credentials/examples/v1",
+                ],
+                expanded_types=[
+                    "https://www.w3.org/2018/credentials#VerifiableCredential",
+                    "https://example.org/examples#UniversityDegreeCredential",
+                ],
+                issuer_id="https://example.edu/issuers/565049",
+                subject_ids=["did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL"],
+                proof_types=["EcdsaSecp256r1Signature2019"],
+                schema_ids=["https://example.org/examples/degree.json"],
+                cred_value={"...": "..."},
+                given_id="http://example.edu/credentials/3732",
+                cred_tags={"some": "tag"},
+            ),
+            VCRecord(
+                contexts=[
+                    "https://www.w3.org/2018/credentials/v1",
+                    "https://www.w3.org/2018/credentials/examples/v1",
+                ],
+                expanded_types=[
+                    "https://www.w3.org/2018/credentials#VerifiableCredential",
+                    "https://example.org/examples#UniversityDegreeCredential",
+                ],
+                issuer_id="https://example.edu/issuers/565049",
+                subject_ids=[
+                    "did:sov:LjgpST2rjsoxYegQDRm7EL",
+                    "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL",
+                ],
+                proof_types=["EcdsaSecp256r1Signature2019"],
+                schema_ids=["https://example.org/examples/degree.json"],
+                cred_value={"...": "..."},
+                given_id="http://example.edu/credentials/3732",
+                cred_tags={"some": "tag"},
+            ),
+        ]
+        with mock.patch.object(
+            DIFPresExchHandler,
+            "_did_info_for_did",
+            mock.CoroutineMock(),
+        ) as mock_did_info:
+            did_info = DIDInfo(
+                did="did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL",
+                verkey="verkey",
+                metadata={},
+                method=KEY,
+                key_type=P256,
+            )
+            mock_did_info.return_value = did_info
+            (
+                issuer_id,
+                filtered_creds,
+            ) = await dif_pres_exch_handler.get_sign_key_credential_subject_id(VC_RECORDS)
+            assert issuer_id == "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL"
+            assert len(filtered_creds) == 2
+
     async def test_get_sign_key_credential_subject_id_bbsbls(self):
         dif_pres_exch_handler = DIFPresExchHandler(
             self.profile, proof_type="BbsBlsSignature2020"

acapy_agent/protocols/present_proof/v2_0/formats/dif/handler.py

@@ -15,6 +15,7 @@
     BbsBlsSignature2020,
     Ed25519Signature2018,
     Ed25519Signature2020,
+    EcdsaSecp256r1Signature2019,
 )
 from ......vc.vc_di.manager import VcDiManager
 from ......vc.vc_ld.manager import VcLdpManager
@@ -232,12 +233,16 @@ async def create_pres(
                                 and (
                                     Ed25519Signature2020.signature_type not in proof_types
                                 )
+                                and (
+                                    EcdsaSecp256r1Signature2019.signature_type
+                                    not in proof_types
+                                )
                             ):
                                 raise V20PresFormatHandlerError(
                                     "Only BbsBlsSignature2020 and/or "
                                     "Ed25519Signature2018 and/or "
-                                    "Ed25519Signature2018 and/or "
-                                    "Ed25519Signature2020 signature types "
+                                    "Ed25519Signature2020 and/or "
+                                    "EcdsaSecp256r1Signature2019 signature types "
                                     "are supported"
                                 )
                             elif (
@@ -251,11 +256,16 @@ async def create_pres(
                                 and (
                                     Ed25519Signature2020.signature_type not in proof_types
                                 )
+                                and (
+                                    EcdsaSecp256r1Signature2019.signature_type
+                                    not in proof_types
+                                )
                             ):
                                 raise V20PresFormatHandlerError(
-                                    "Only BbsBlsSignature2020, Ed25519Signature2018 and "
-                                    "Ed25519Signature2020 signature types "
-                                    "are supported"
+                                    "Only BbsBlsSignature2020, Ed25519Signature2018, "
+                                    "Ed25519Signature2020 and "
+                                    "EcdsaSecp256r1Signature2019 "
+                                    "signature types are supported"
                                 )
                             else:
                                 for proof_format in proof_types:
@@ -268,6 +278,17 @@ async def create_pres(
                                             Ed25519Signature2018.signature_type
                                         )
                                         break
+                                    if (
+                                        proof_format
+                                        == EcdsaSecp256r1Signature2019.signature_type
+                                    ):
+                                        proof_type = [
+                                            EcdsaSecp256r1Signature2019.signature_type
+                                        ]
+                                        dif_handler_proof_type = (
+                                            EcdsaSecp256r1Signature2019.signature_type
+                                        )
+                                        break
                                     elif (
                                         proof_format == BbsBlsSignature2020.signature_type
                                     ):
@@ -291,9 +312,10 @@ async def create_pres(
                         # TODO di_vc allowed ...
                         raise V20PresFormatHandlerError(
                             "Currently, only: ldp_vp with "
-                            "BbsBlsSignature2020, Ed25519Signature2018 and "
-                            "Ed25519Signature2020 signature types; and "
-                            "di_vc with anoncreds-2023 signatures are supported"
+                            "BbsBlsSignature2020, Ed25519Signature2018, "
+                            "Ed25519Signature2020 and EcdsaSecp256r1Signature2019 "
+                            "signature types; and di_vc with anoncreds-2023 "
+                            "signatures are supported"
                         )
 
                 if one_of_uri_groups:

acapy_agent/protocols/present_proof/v2_0/formats/dif/tests/test_handler.py

@@ -1042,6 +1042,52 @@ async def test_create_pres_pd_claim_format_ed255(self):
             )
             assert output[1].data.json_ == DIF_PRES
 
+    async def test_create_pres_pd_claim_format_secp256r1(self):
+        test_pd = deepcopy(DIF_PRES_REQUEST_B)
+        test_pd["presentation_definition"]["format"] = {
+            "ldp_vp": {"proof_type": ["EcdsaSecp256r1Signature2019"]}
+        }
+        del test_pd["presentation_definition"]["input_descriptors"][0]["constraints"][
+            "limit_disclosure"
+        ]
+        dif_pres_request = V20PresRequest(
+            formats=[
+                V20PresFormat(
+                    attach_id="dif",
+                    format_=ATTACHMENT_FORMAT[PRES_20_REQUEST][
+                        V20PresFormat.Format.DIF.api
+                    ],
+                )
+            ],
+            request_presentations_attach=[
+                AttachDecorator.data_json(test_pd, ident="dif")
+            ],
+        )
+        record = V20PresExRecord(
+            pres_ex_id="pxid",
+            thread_id="thid",
+            connection_id="conn_id",
+            initiator="init",
+            role="role",
+            state="state",
+            pres_request=dif_pres_request,
+            verified="false",
+            auto_present=True,
+            error_msg="error",
+        )
+
+        with mock.patch.object(
+            DIFPresExchHandler,
+            "create_vp",
+            mock.CoroutineMock(),
+        ) as mock_create_vp:
+            mock_create_vp.return_value = DIF_PRES
+            output = await self.handler.create_pres(record, {})
+            assert isinstance(output[0], V20PresFormat) and isinstance(
+                output[1], AttachDecorator
+            )
+            assert output[1].data.json_ == DIF_PRES
+
     async def test_create_pres_pd_claim_format_bls12381g2(self):
         test_pd = deepcopy(DIF_PRES_REQUEST_B)
         test_pd["presentation_definition"]["format"] = {

acapy_agent/protocols/present_proof/v2_0/routes.py

@@ -47,6 +47,7 @@
     BbsBlsSignature2020,
     Ed25519Signature2018,
     Ed25519Signature2020,
+    EcdsaSecp256r1Signature2019,
 )
 from ....wallet.error import WalletNotFoundError
 from ..dif.pres_exch import ClaimFormat, InputDescriptors, SchemaInputDescriptor
@@ -685,12 +686,17 @@ async def present_proof_credentials_list(request: web.BaseRequest):
                                 and (
                                     Ed25519Signature2020.signature_type not in proof_types
                                 )
+                                and (
+                                    EcdsaSecp256r1Signature2019.signature_type
+                                    not in proof_types
+                                )
                             ):
                                 raise web.HTTPBadRequest(
                                     reason=(
                                         "Only BbsBlsSignature2020 and/or "
                                         "Ed25519Signature2018 and/or "
-                                        "Ed25519Signature2020 signature types "
+                                        "Ed25519Signature2020 and/or "
+                                        "EcdsaSecp256r1Signature2019 signature types "
                                         "are supported"
                                     )
                                 )
@@ -705,12 +711,17 @@ async def present_proof_credentials_list(request: web.BaseRequest):
                                 and (
                                     Ed25519Signature2020.signature_type not in proof_types
                                 )
+                                and (
+                                    EcdsaSecp256r1Signature2019.signature_type
+                                    not in proof_types
+                                )
                             ):
                                 raise web.HTTPBadRequest(
                                     reason=(
                                         "Only BbsBlsSignature2020, Ed25519Signature2018"
-                                        " and Ed25519Signature2020 signature types are"
-                                        " supported"
+                                        " and Ed25519Signature2020,"
+                                        " EcdsaSecp256r1Signature2019"
+                                        " signature types are supported"
                                     )
                                 )
                             else:
@@ -727,6 +738,14 @@ async def present_proof_credentials_list(request: web.BaseRequest):
                                     ):
                                         proof_type = [Ed25519Signature2020.signature_type]
                                         break
+                                    elif (
+                                        proof_format
+                                        == EcdsaSecp256r1Signature2019.signature_type
+                                    ):
+                                        proof_type = [
+                                            EcdsaSecp256r1Signature2019.signature_type
+                                        ]
+                                        break
                                     elif (
                                         proof_format == BbsBlsSignature2020.signature_type
                                     ):
@@ -746,7 +765,8 @@ async def present_proof_credentials_list(request: web.BaseRequest):
                             reason=(
                                 "Currently, only ldp_vp with "
                                 "BbsBlsSignature2020, Ed25519Signature2018 and "
-                                "Ed25519Signature2020 signature types are supported"
+                                "Ed25519Signature2020, EcdsaSecp256r1Signature2019"
+                                " signature types are supported"
                             )
                         )
                 if one_of_uri_groups:

acapy_agent/vc/ld_proofs/__init__.py

@@ -14,6 +14,7 @@
 from .suites import _BbsBlsSignatureProof2020 as BbsBlsSignatureProof2020
 from .suites import _Ed25519Signature2018 as Ed25519Signature2018
 from .suites import _Ed25519Signature2020 as Ed25519Signature2020
+from .suites import _EcdsaSecp256r1Signature2019 as EcdsaSecp256r1Signature2019
 from .suites import _JwsLinkedDataSignature as JwsLinkedDataSignature
 from .suites import _LinkedDataProof as LinkedDataProof
 from .suites import _LinkedDataSignature as LinkedDataSignature
@@ -36,6 +37,7 @@
     "JwsLinkedDataSignature",
     "Ed25519Signature2018",
     "Ed25519Signature2020",
+    "EcdsaSecp256r1Signature2019",
     "BbsBlsSignature2020",
     "BbsBlsSignatureProof2020",
     # Key pairs

acapy_agent/vc/ld_proofs/suites/__init__.py

@@ -4,6 +4,9 @@
 )
 from .ed25519_signature_2018 import Ed25519Signature2018 as _Ed25519Signature2018
 from .ed25519_signature_2020 import Ed25519Signature2020 as _Ed25519Signature2020
+from .ecdsa_secp256r1_signature_2019 import (
+    EcdsaSecp256r1Signature2019 as _EcdsaSecp256r1Signature2019,
+)
 from .jws_linked_data_signature import JwsLinkedDataSignature as _JwsLinkedDataSignature
 from .linked_data_proof import LinkedDataProof as _LinkedDataProof
 from .linked_data_signature import LinkedDataSignature as _LinkedDataSignature
@@ -14,6 +17,7 @@
     "_JwsLinkedDataSignature",
     "_Ed25519Signature2018",
     "_Ed25519Signature2020",
+    "_EcdsaSecp256r1Signature2019",
     "_BbsBlsSignature2020",
     "_BbsBlsSignatureProof2020",
 ]