add support for the Multikey verification method

MichaelMure · MichaelMure · commit 1f146785a285 · 2025-06-24T18:10:36.000+02:00
diff --git a/crypto/_helpers/multibase.go b/crypto/_helpers/multibase.go
diff --git a/crypto/_testsuite/testsuite.go b/crypto/_testsuite/testsuite.go
@@ -1,4 +1,4 @@
-package helpers
+package testsuite
 
 import (
 	"fmt"
diff --git a/crypto/ed25519/key_test.go b/crypto/ed25519/key_test.go
@@ -3,10 +3,10 @@ package ed25519
 import (
 	"testing"
 
-	"github.com/INFURA/go-did/crypto/internal"
+	"github.com/INFURA/go-did/crypto/_testsuite"
 )
 
-var harness = helpers.TestHarness[PublicKey, PrivateKey]{
+var harness = testsuite.TestHarness[PublicKey, PrivateKey]{
 	Name:                            "ed25519",
 	GenerateKeyPair:                 GenerateKeyPair,
 	PublicKeyFromBytes:              PublicKeyFromBytes,
@@ -23,9 +23,9 @@ var harness = helpers.TestHarness[PublicKey, PrivateKey]{
 }
 
 func TestSuite(t *testing.T) {
-	helpers.TestSuite(t, harness)
+	testsuite.TestSuite(t, harness)
 }
 
 func BenchmarkSuite(b *testing.B) {
-	helpers.BenchSuite(b, harness)
+	testsuite.BenchSuite(b, harness)
 }
diff --git a/crypto/ed25519/public.go b/crypto/ed25519/public.go
@@ -10,7 +10,7 @@ import (
 	"golang.org/x/crypto/cryptobyte"
 
 	"github.com/INFURA/go-did/crypto"
-	"github.com/INFURA/go-did/crypto/internal"
+	"github.com/INFURA/go-did/crypto/_helpers"
 )
 
 var _ crypto.SigningPublicKey = &PublicKey{}
diff --git a/crypto/p256/key_test.go b/crypto/p256/key_test.go
@@ -3,10 +3,10 @@ package p256
 import (
 	"testing"
 
-	"github.com/INFURA/go-did/crypto/internal"
+	"github.com/INFURA/go-did/crypto/_testsuite"
 )
 
-var harness = helpers.TestHarness[*PublicKey, *PrivateKey]{
+var harness = testsuite.TestHarness[*PublicKey, *PrivateKey]{
 	Name:                            "p256",
 	GenerateKeyPair:                 GenerateKeyPair,
 	PublicKeyFromBytes:              PublicKeyFromBytes,
@@ -23,9 +23,9 @@ var harness = helpers.TestHarness[*PublicKey, *PrivateKey]{
 }
 
 func TestSuite(t *testing.T) {
-	helpers.TestSuite(t, harness)
+	testsuite.TestSuite(t, harness)
 }
 
 func BenchmarkSuite(b *testing.B) {
-	helpers.BenchSuite(b, harness)
+	testsuite.BenchSuite(b, harness)
 }
diff --git a/crypto/p256/public.go b/crypto/p256/public.go
@@ -10,7 +10,7 @@ import (
 	"math/big"
 
 	"github.com/INFURA/go-did/crypto"
-	helpers "github.com/INFURA/go-did/crypto/internal"
+	helpers "github.com/INFURA/go-did/crypto/_helpers"
 )
 
 var _ crypto.SigningPublicKey = (*PublicKey)(nil)
diff --git a/crypto/x25519/key_test.go b/crypto/x25519/key_test.go
@@ -5,11 +5,11 @@ import (
 
 	"github.com/stretchr/testify/require"
 
+	"github.com/INFURA/go-did/crypto/_testsuite"
 	"github.com/INFURA/go-did/crypto/ed25519"
-	"github.com/INFURA/go-did/crypto/internal"
 )
 
-var harness = helpers.TestHarness[*PublicKey, *PrivateKey]{
+var harness = testsuite.TestHarness[*PublicKey, *PrivateKey]{
 	Name:                            "x25519",
 	GenerateKeyPair:                 GenerateKeyPair,
 	PublicKeyFromBytes:              PublicKeyFromBytes,
@@ -26,11 +26,11 @@ var harness = helpers.TestHarness[*PublicKey, *PrivateKey]{
 }
 
 func TestSuite(t *testing.T) {
-	helpers.TestSuite(t, harness)
+	testsuite.TestSuite(t, harness)
 }
 
 func BenchmarkSuite(b *testing.B) {
-	helpers.BenchSuite(b, harness)
+	testsuite.BenchSuite(b, harness)
 }
 
 func TestEd25519ToX25519(t *testing.T) {
diff --git a/crypto/x25519/public.go b/crypto/x25519/public.go
@@ -8,8 +8,8 @@ import (
 	"math/big"
 
 	"github.com/INFURA/go-did/crypto"
+	helpers "github.com/INFURA/go-did/crypto/_helpers"
 	"github.com/INFURA/go-did/crypto/ed25519"
-	helpers "github.com/INFURA/go-did/crypto/internal"
 )
 
 var _ crypto.PublicKey = (*PublicKey)(nil)
diff --git a/interfaces.go b/interfaces.go
@@ -102,7 +102,7 @@ type VerificationMethodSignature interface {
 	VerificationMethod
 
 	// Verify checks that 'sig' is a valid signature of 'data'.
-	Verify(data []byte, sig []byte) bool
+	Verify(data []byte, sig []byte) (bool, error)
 }
 
 // VerificationMethodKeyAgreement is a VerificationMethod implementing a shared key agreement.
diff --git a/methods/did-key/key.go b/methods/did-key/key.go
@@ -4,15 +4,14 @@ import (
 	"fmt"
 	"strings"
 
-	mbase "github.com/multiformats/go-multibase"
-	"github.com/multiformats/go-varint"
-
 	"github.com/INFURA/go-did"
 	"github.com/INFURA/go-did/crypto"
+	"github.com/INFURA/go-did/crypto/_helpers"
 	"github.com/INFURA/go-did/crypto/ed25519"
 	"github.com/INFURA/go-did/crypto/p256"
 	"github.com/INFURA/go-did/crypto/x25519"
 	"github.com/INFURA/go-did/verifications/ed25519"
+	"github.com/INFURA/go-did/verifications/multikey"
 	"github.com/INFURA/go-did/verifications/x25519"
 )
 
@@ -39,61 +38,45 @@ func Decode(identifier string) (did.DID, error) {
 
 	msi := identifier[len(keyPrefix):]
 
-	baseCodec, bytes, err := mbase.Decode(msi)
+	code, bytes, err := helpers.PublicKeyMultibaseDecode(msi)
 	if err != nil {
-		return nil, fmt.Errorf("%w: %w", did.ErrInvalidDid, err)
+		return nil, err
 	}
-	// the specification enforces that encoding
-	if baseCodec != mbase.Base58BTC {
-		return nil, fmt.Errorf("%w: not Base58BTC encoded", did.ErrInvalidDid)
+
+	decoder, ok := map[uint64]func(b []byte) (crypto.PublicKey, error){
+		ed25519.MultibaseCode: func(b []byte) (crypto.PublicKey, error) { return ed25519.PublicKeyFromBytes(b) },
+		p256.MultibaseCode:    func(b []byte) (crypto.PublicKey, error) { return p256.PublicKeyFromBytes(b) },
+		x25519.MultibaseCode:  func(b []byte) (crypto.PublicKey, error) { return x25519.PublicKeyFromBytes(b) },
+	}[code]
+	if !ok {
+		return nil, fmt.Errorf("%w: unsupported did:key multicodec: 0x%x", did.ErrInvalidDid, code)
 	}
-	code, read, err := varint.FromUvarint(bytes)
+
+	pub, err := decoder(bytes)
 	if err != nil {
 		return nil, fmt.Errorf("%w: %w", did.ErrInvalidDid, err)
 	}
-
-	switch code {
-	case ed25519.MultibaseCode:
-		pub, err := ed25519.PublicKeyFromBytes(bytes[read:])
-		if err != nil {
-			return nil, fmt.Errorf("%w: %w", did.ErrInvalidDid, err)
-		}
-		return FromPublicKey(pub)
-	case p256.MultibaseCode:
-		pub, err := p256.PublicKeyFromBytes(bytes[read:])
-		if err != nil {
-			return nil, fmt.Errorf("%w: %w", did.ErrInvalidDid, err)
-		}
-		return FromPublicKey(pub)
-
-		// case Secp256k1: // TODO
-		// case RSA: // TODO
-	}
-
-	return nil, fmt.Errorf("%w: unsupported did:key multicodec: 0x%x", did.ErrInvalidDid, code)
+	return FromPublicKey(pub)
 }
 
 func FromPublicKey(pub crypto.PublicKey) (did.DID, error) {
-	var err error
 	switch pub := pub.(type) {
 	case ed25519.PublicKey:
 		d := DidKey{msi: pub.ToPublicKeyMultibase()}
-		d.signature, err = ed25519vm.NewVerificationKey2020(fmt.Sprintf("did:key:%s#%s", d.msi, d.msi), pub, d)
-		if err != nil {
-			return nil, err
-		}
+		d.signature = ed25519vm.NewVerificationKey2020(fmt.Sprintf("did:key:%s#%s", d.msi, d.msi), pub, d)
 		xpub, err := x25519.PublicKeyFromEd25519(pub)
 		if err != nil {
 			return nil, fmt.Errorf("%w: %w", did.ErrInvalidDid, err)
 		}
 		xmsi := xpub.ToPublicKeyMultibase()
-		d.keyAgreement, err = x25519vm.NewKeyAgreementKey2020(fmt.Sprintf("did:key:%s#%s", d.msi, xmsi), xpub, d)
-		if err != nil {
-			return nil, fmt.Errorf("%w: %w", did.ErrInvalidDid, err)
-		}
+		d.keyAgreement = x25519vm.NewKeyAgreementKey2020(fmt.Sprintf("did:key:%s#%s", d.msi, xmsi), xpub, d)
+		return d, nil
+	case *p256.PublicKey:
+		d := DidKey{msi: pub.ToPublicKeyMultibase()}
+		mk := multikey.NewMultiKey(fmt.Sprintf("did:key:%s#%s", d.msi, d.msi), pub, d)
+		d.signature = mk
+		d.keyAgreement = mk
 		return d, nil
-	// case *p256.PublicKey:
-	// 	d := DidKey{msi: pub.ToPublicKeyMultibase()}
 
 	default:
 		return nil, fmt.Errorf("unsupported public key: %T", pub)
diff --git a/utilities.go b/utilities.go
@@ -11,7 +11,7 @@ import (
 // If no method verifies the signature, it returns false and nil.
 func TryAllVerify(methods []VerificationMethodSignature, data []byte, sig []byte) (bool, VerificationMethodSignature) {
 	for _, method := range methods {
-		if method.Verify(data, sig) {
+		if valid, err := method.Verify(data, sig); err == nil && valid {
 			return true, method
 		}
 	}
diff --git a/verifications/ed25519/VerificationKey2020.go b/verifications/ed25519/VerificationKey2020.go
@@ -24,12 +24,12 @@ type VerificationKey2020 struct {
 	controller string
 }
 
-func NewVerificationKey2020(id string, pubkey ed25519.PublicKey, controller did.DID) (*VerificationKey2020, error) {
+func NewVerificationKey2020(id string, pubkey ed25519.PublicKey, controller did.DID) *VerificationKey2020 {
 	return &VerificationKey2020{
 		id:         id,
 		pubkey:     pubkey,
 		controller: controller.String(),
-	}, nil
+	}
 }
 
 func (v VerificationKey2020) MarshalJSON() ([]byte, error) {
@@ -91,6 +91,6 @@ func (v VerificationKey2020) JsonLdContext() string {
 	return JsonLdContext
 }
 
-func (v VerificationKey2020) Verify(data []byte, sig []byte) bool {
-	return v.pubkey.VerifyBytes(data, sig)
+func (v VerificationKey2020) Verify(data []byte, sig []byte) (bool, error) {
+	return v.pubkey.VerifyBytes(data, sig), nil
 }
diff --git a/verifications/ed25519/VerificationKey2020_test.go b/verifications/ed25519/VerificationKey2020_test.go
@@ -78,7 +78,9 @@ func TestSignature(t *testing.T) {
 		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
-			require.Equal(t, tc.valid, vk.Verify(tc.data, tc.signature))
+			valid, err := vk.Verify(tc.data, tc.signature)
+			require.NoError(t, err)
+			require.Equal(t, tc.valid, valid)
 		})
 	}
 }
diff --git a/verifications/json.go b/verifications/json.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/INFURA/go-did"
 	"github.com/INFURA/go-did/verifications/ed25519"
+	"github.com/INFURA/go-did/verifications/multikey"
 	"github.com/INFURA/go-did/verifications/x25519"
 )
 
@@ -21,6 +22,8 @@ func UnmarshalJSON(data []byte) (did.VerificationMethod, error) {
 	switch aux.Type {
 	case ed25519vm.Type:
 		res = &ed25519vm.VerificationKey2020{}
+	case multikey.Type:
+		res = &multikey.MultiKey{}
 	case x25519vm.Type:
 		res = &x25519vm.KeyAgreementKey2020{}
 	default:
diff --git a/verifications/multikey/multikey.go b/verifications/multikey/multikey.go
diff --git a/verifications/multikey/multikey_test.go b/verifications/multikey/multikey_test.go
diff --git a/verifications/x25519/KeyAgreementKey2020.go b/verifications/x25519/KeyAgreementKey2020.go

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-package helpers`
	`1`	`+package testsuite`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"fmt"`
Original file line number	Diff line number	Diff line change
`@@ -3,10 +3,10 @@ package ed25519`
`3`	`3`	`import (`
`4`	`4`	`"testing"`
`5`	`5`
`6`		`- "github.com/INFURA/go-did/crypto/internal"`
	`6`	`+ "github.com/INFURA/go-did/crypto/_testsuite"`
`7`	`7`	`)`
`8`	`8`
`9`		`-var harness = helpers.TestHarness[PublicKey, PrivateKey]{`
	`9`	`+var harness = testsuite.TestHarness[PublicKey, PrivateKey]{`
`10`	`10`	`Name: "ed25519",`
`11`	`11`	`GenerateKeyPair: GenerateKeyPair,`
`12`	`12`	`PublicKeyFromBytes: PublicKeyFromBytes,`
`@@ -23,9 +23,9 @@ var harness = helpers.TestHarness[PublicKey, PrivateKey]{`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`func TestSuite(t *testing.T) {`
`26`		`- helpers.TestSuite(t, harness)`
	`26`	`+ testsuite.TestSuite(t, harness)`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`func BenchmarkSuite(b *testing.B) {`
`30`		`- helpers.BenchSuite(b, harness)`
	`30`	`+ testsuite.BenchSuite(b, harness)`
`31`	`31`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ import (`
`10`	`10`	`"golang.org/x/crypto/cryptobyte"`
`11`	`11`
`12`	`12`	`"github.com/INFURA/go-did/crypto"`
`13`		`- "github.com/INFURA/go-did/crypto/internal"`
	`13`	`+ "github.com/INFURA/go-did/crypto/_helpers"`
`14`	`14`	`)`
`15`	`15`
`16`	`16`	`var _ crypto.SigningPublicKey = &PublicKey{}`
Original file line number	Diff line number	Diff line change
`@@ -3,10 +3,10 @@ package p256`
`3`	`3`	`import (`
`4`	`4`	`"testing"`
`5`	`5`
`6`		`- "github.com/INFURA/go-did/crypto/internal"`
	`6`	`+ "github.com/INFURA/go-did/crypto/_testsuite"`
`7`	`7`	`)`
`8`	`8`
`9`		`-var harness = helpers.TestHarness[PublicKey, PrivateKey]{`
	`9`	`+var harness = testsuite.TestHarness[PublicKey, PrivateKey]{`
`10`	`10`	`Name: "p256",`
`11`	`11`	`GenerateKeyPair: GenerateKeyPair,`
`12`	`12`	`PublicKeyFromBytes: PublicKeyFromBytes,`
`@@ -23,9 +23,9 @@ var harness = helpers.TestHarness[PublicKey, PrivateKey]{`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`func TestSuite(t *testing.T) {`
`26`		`- helpers.TestSuite(t, harness)`
	`26`	`+ testsuite.TestSuite(t, harness)`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`func BenchmarkSuite(b *testing.B) {`
`30`		`- helpers.BenchSuite(b, harness)`
	`30`	`+ testsuite.BenchSuite(b, harness)`
`31`	`31`	`}`
Original file line number	Diff line number	Diff line change
`@@ -5,11 +5,11 @@ import (`
`5`	`5`
`6`	`6`	`"github.com/stretchr/testify/require"`
`7`	`7`
	`8`	`+ "github.com/INFURA/go-did/crypto/_testsuite"`
`8`	`9`	`"github.com/INFURA/go-did/crypto/ed25519"`
`9`		`- "github.com/INFURA/go-did/crypto/internal"`
`10`	`10`	`)`
`11`	`11`
`12`		`-var harness = helpers.TestHarness[PublicKey, PrivateKey]{`
	`12`	`+var harness = testsuite.TestHarness[PublicKey, PrivateKey]{`
`13`	`13`	`Name: "x25519",`
`14`	`14`	`GenerateKeyPair: GenerateKeyPair,`
`15`	`15`	`PublicKeyFromBytes: PublicKeyFromBytes,`
`@@ -26,11 +26,11 @@ var harness = helpers.TestHarness[PublicKey, PrivateKey]{`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`func TestSuite(t *testing.T) {`
`29`		`- helpers.TestSuite(t, harness)`
	`29`	`+ testsuite.TestSuite(t, harness)`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`func BenchmarkSuite(b *testing.B) {`
`33`		`- helpers.BenchSuite(b, harness)`
	`33`	`+ testsuite.BenchSuite(b, harness)`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`func TestEd25519ToX25519(t *testing.T) {`
Original file line number	Diff line number	Diff line change
`@@ -8,8 +8,8 @@ import (`
`8`	`8`	`"math/big"`
`9`	`9`
`10`	`10`	`"github.com/INFURA/go-did/crypto"`
	`11`	`+ helpers "github.com/INFURA/go-did/crypto/_helpers"`
`11`	`12`	`"github.com/INFURA/go-did/crypto/ed25519"`
`12`		`- helpers "github.com/INFURA/go-did/crypto/internal"`
`13`	`13`	`)`
`14`	`14`
`15`	`15`	`var _ crypto.PublicKey = (*PublicKey)(nil)`
Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ type VerificationMethodSignature interface {`
`102`	`102`	`VerificationMethod`
`103`	`103`
`104`	`104`	`// Verify checks that 'sig' is a valid signature of 'data'.`
`105`		`- Verify(data []byte, sig []byte) bool`
	`105`	`+ Verify(data []byte, sig []byte) (bool, error)`
`106`	`106`	`}`
`107`	`107`
`108`	`108`	`// VerificationMethodKeyAgreement is a VerificationMethod implementing a shared key agreement.`