hyperledger-identus · goncalo-frade-iohk · Mar 20, 2023 · Mar 11, 2023 · Mar 9, 2023 · Mar 20, 2023
@@ -1,6 +1,5 @@
 import Domain
 import Foundation
-import SwiftJWT
 
 extension ApolloImpl: Apollo {
     /// createRandomMnemonics creates a random set of mnemonic phrases that can be used as a seed for generating a private key.
@@ -191,21 +190,8 @@ returns random mnemonics nerver returns invalid mnemonics
         return jsonString
     }
 
-    public func verifyJWT(jwk: String, publicKey: PublicKey) throws -> String {
-        switch publicKey.curve {
-        case "secp256k1":
-            let verifier = JWTVerifier.es256(publicKey: publicKey.value)
-            let decoder = JWTDecoder(jwtVerifier: verifier)
-            return jwk
-        default:
-            let verifier = JWTVerifier.none
-            let decoder = JWTDecoder(jwtVerifier: verifier)
-            return jwk
-        }
-    }
-
     public func keyDataToPEMString(_ keyData: PrivateKey) -> String? {
-        let keyBase64 = keyData.value.base64EncodedString(options: .lineLength64Characters)
+        let keyBase64 = keyData.value.base64EncodedString()
         let pemString = """
         -----BEGIN PRIVATE KEY-----
         \(keyBase64)
@@ -215,7 +201,7 @@ returns random mnemonics nerver returns invalid mnemonics
     }
 
     public func keyDataToPEMString(_ keyData: PublicKey) -> String? {
-        let keyBase64 = keyData.value.base64EncodedString(options: .lineLength64Characters)
+        let keyBase64 = keyData.value.base64EncodedString()
         let pemString = """
         -----BEGIN PUBLIC KEY-----
         \(keyBase64)
@@ -224,9 +210,3 @@ returns random mnemonics nerver returns invalid mnemonics
         return pemString
     }
 }
-
-struct MyClaims: Claims {
-    let iss: String
-    let sub: String
-    let exp: Date
-}
@@ -65,7 +65,7 @@ struct HDPrivateKey {
     }
 
     func privateKey() -> LockPrivateKey {
-        return LockPrivateKey(data: raw, isPublicKeyCompressed: true)
+        return LockPrivateKey(data: raw, isPublicKeyCompressed: false)
     }
 
     func extendedPublicKey() -> HDPublicKey {

@@ -76,7 +76,7 @@ struct LockPrivateKey {
         self.data = key
     }
 
-    init(data: Data, isPublicKeyCompressed: Bool = true) {
+    init(data: Data, isPublicKeyCompressed: Bool = false) {
         self.data = data
         self.isPublicKeyCompressed = isPublicKeyCompressed
     }

@@ -1,62 +1,38 @@
-//
-//  File.swift
-//  
-//
-//  Created by Goncalo Frade IOHK on 07/03/2023.
-//
-
+import CryptoKit
 import Foundation
 import secp256k1
 
 struct ECVerify {
+    public enum CryptoError: String, Error {
+        case signatureParseFailed
+        case publicKeyParseFailed
+    }
+
     let signature: Data
     let message: Data
     let publicKey: Data
 
-
     func verifySignature() throws -> Bool {
-        let ctx = secp256k1_context_create(UInt32(SECP256K1_CONTEXT_VERIFY))!
-        defer { secp256k1_context_destroy(ctx) }
-
-        let signaturePointer = UnsafeMutablePointer<secp256k1_ecdsa_signature>.allocate(capacity: 1)
-        defer { signaturePointer.deallocate() }
-        guard signature.withUnsafeBytes({
-            secp256k1_ecdsa_signature_parse_der(
-                ctx,
-                signaturePointer,
-                $0.bindMemory(to: UInt8.self).baseAddress.unsafelyUnwrapped,
-                signature.count
+        let signature = try getSignatureFromData(signature)
+        return try secp256k1
+            .Signing
+            .PublicKey(
+                rawRepresentation: publicKey,
+                format: LockPublicKey(bytes: publicKey).isCompressed ? .compressed : .uncompressed
             )
-        }) == 1 else {
-            throw CryptoError.signatureParseFailed
-        }
-
-        let pubkeyPointer = UnsafeMutablePointer<secp256k1_pubkey>.allocate(capacity: 1)
-        defer { pubkeyPointer.deallocate() }
-        guard publicKey.withUnsafeBytes({
-            secp256k1_ec_pubkey_parse(
-                ctx,
-                pubkeyPointer,
-                $0.bindMemory(to: UInt8.self).baseAddress.unsafelyUnwrapped,
-                publicKey.count
-            ) }) == 1 else {
-            throw CryptoError.publicKeyParseFailed
-        }
-
-        guard message.withUnsafeBytes ({
-            secp256k1_ecdsa_verify(
-                ctx,
-                signaturePointer,
-                $0.bindMemory(to: UInt8.self).baseAddress.unsafelyUnwrapped,
-                pubkeyPointer) }) == 1 else {
-            return false
-        }
-
-        return true
+            .ecdsa
+            .isValidSignature(signature, for: SHA256.hash(data: message))
     }
 
-    public enum CryptoError: Error {
-        case signatureParseFailed
-        case publicKeyParseFailed
+    private func getSignatureFromData(_ data: Data) throws -> secp256k1.Signing.ECDSASignature {
+        if let derSignature = try? secp256k1.Signing.ECDSASignature(derRepresentation: data) {
+            return derSignature
+        } else if let rawSignature = try? secp256k1.Signing.ECDSASignature(rawRepresentation: data) {
+            return rawSignature
+        } else if let compactSignature = try? secp256k1.Signing.ECDSASignature(compactRepresentation: data) {
+            return compactSignature
+        } else {
+            throw CryptoError.signatureParseFailed
+        }
     }
 }
@@ -24,7 +24,7 @@ struct VerifySignatureOperation {
     func compute() throws -> Bool {
         try ECVerify(
             signature: signature.value,
-            message: Data(SHA256.hash(data: challenge)),
+            message: challenge,
             publicKey: publicKey.value
         ).verifySignature()
     }

@@ -2,6 +2,7 @@
 import Core
 import Domain
 import XCTest
+import secp256k1
 
 final class BIP32Tests: XCTestCase {
 
@@ -26,4 +27,14 @@ final class BIP32Tests: XCTestCase {
             "N_JFgvYaReyRXwassz5FHg33A4I6dczzdXrjdHGksmg"
         )
     }
+
+    func testBip32KeyPathGenerationPublicKey() throws {
+        let seed = try CreateSeedOperation(words: mnemonics).compute()
+        let operation = CreateSec256k1KeyPairOperation(seed: seed, keyPath: .init(index: 3))
+        let privateKey = try operation.compute()
+        XCTAssertEqual(
+            privateKey.publicKey.value.base64UrlEncodedString(),
+            "BD-l4lrQ6Go-oN5XtdpY6o5dyf2V2v5EbMAvRjVGJpE1gYVURJfxKMpNPnKlLr4MOLNVaYvBNOoy9L50E8jVx8Q"
+        )
+    }
 }
@@ -6,10 +6,10 @@ import XCTest
 final class ECSigningTests: XCTestCase {
     func testSigning() throws {
         let privKey = PrivateKey(
-            curve: .secp256k1(index: 0),
-            value: Data(fromBase64URL: "xURclKhT6as1Tb9vg4AJRRLPAMWb9dYTTthDvXEKjMc")!
+            curve: .secp256k1(index: 3),
+            value: Data(fromBase64URL: "N_JFgvYaReyRXwassz5FHg33A4I6dczzdXrjdHGksmg")!
         )
-        let testMessage = "test".data(using: .utf8)!
+        let testMessage = "Test".data(using: .utf8)!
 
         let signing = try SignMessageOperation(
             privateKey: privKey,
@@ -18,7 +18,7 @@ final class ECSigningTests: XCTestCase {
 
         XCTAssertEqual(
             signing.value.base64UrlEncodedString(),
-            "MEUCIQDJroM8wtcJovEyZjl2unJpKZ_kbicRjPCJ2krzQzK31QIgcpe5CwIIXUrP63qOT-WzzmxVplHGhSO8R8h5-1ECKt4"
+            "MEUCIQCFeGlhJrH-9R70X4JzrurWs52SwuxCnJ8ky6riFwMOrwIgT7zlLo7URMHW5tiMgG73IOw2Dm3XyLl1iqW1-t5NFWQ"
         )
     }
 }
@@ -4,20 +4,19 @@ import Domain
 import XCTest
 
 final class ECVerification: XCTestCase {
-
     func testVerify() throws {
         let pubKey = PublicKey(
             curve: KeyCurve.secp256k1().name,
-            value: Data(fromBase64URL: "BHza5mV6_Iz6XdyMpxpjUMprZUCN_MpMuQCTFYpxSf8rW7N7DD04troywCgLkg0_ABP-IcxZcE1-qKjwCWYTVO8")!
+            value: Data(fromBase64URL: "BD-l4lrQ6Go-oN5XtdpY6o5dyf2V2v5EbMAvRjVGJpE1gYVURJfxKMpNPnKlLr4MOLNVaYvBNOoy9L50E8jVx8Q")!
         )
-        let testMessage = "test".data(using: .utf8)!
+        let testMessage = "Test".data(using: .utf8)!
+        let signature = Data(fromBase64URL: "MEUCIQCFeGlhJrH-9R70X4JzrurWs52SwuxCnJ8ky6riFwMOrwIgT7zlLo7URMHW5tiMgG73IOw2Dm3XyLl1iqW1-t5NFWQ")!
 
         XCTAssertTrue(try VerifySignatureOperation(
             publicKey: pubKey,
             challenge: testMessage,
             signature: Signature(
-                value: Data(
-                    fromBase64URL: "MEUCIQDJroM8wtcJovEyZjl2unJpKZ_kbicRjPCJ2krzQzK31QIgcpe5CwIIXUrP63qOT-WzzmxVplHGhSO8R8h5-1ECKt4")!
+                value: signature
             )
         ).compute())
     }

@@ -1,18 +1,20 @@
 @testable import Apollo
+import Domain
 import XCTest
+import secp256k1
 
 final class PublicKeyCompressionTests: XCTestCase {
 
     func testCompressPublicKey() throws {
         let privateKey = LockPrivateKey(data: Data(fromBase64URL: "xURclKhT6as1Tb9vg4AJRRLPAMWb9dYTTthDvXEKjMc")!)
 
         let pubKey = privateKey.publicKey()
-        print("Is key compressed: \(pubKey.isCompressed)")
+        XCTAssertFalse(pubKey.isCompressed)
 
         let compressedPubKey = pubKey.compressedPublicKey()
-        print("Is key compressed: \(compressedPubKey.isCompressed)")
+        XCTAssertTrue(compressedPubKey.isCompressed)
 
         let uncompressedPubKey = pubKey.uncompressedPublicKey()
-        print("Is key compressed: \(uncompressedPubKey.isCompressed)")
+        XCTAssertFalse(uncompressedPubKey.isCompressed)
     }
 }
@@ -2,13 +2,21 @@ import Domain
 import Pollux
 
 public struct PolluxBuilder {
+    let apollo: Apollo
     let castor: Castor
 
-    public init(castor: Castor) {
+    public init(
+        apollo: Apollo,
+        castor: Castor
+    ) {
+        self.apollo = apollo
         self.castor = castor
     }
 
     public func build() -> Pollux {
-        PolluxImpl(castor: castor)
+        PolluxImpl(
+            apollo: apollo,
+            castor: castor
+        )
     }
 }
@@ -93,6 +93,7 @@ struct PrismDIDPublicKey {
         var protoEC = Io_Iohk_Atala_Prism_Protos_ECKeyData()
         protoEC.x = points.x
         protoEC.y = points.y
+        protoEC.curve = "secp256k1"
         protoKey.keyData = .ecKeyData(protoEC)
         return protoKey
     }