Closed timothee-haudebourg closed 2 months ago
This is finally happening! Everything compiles, every test, doc test, example can run fine, no warnings, no broken doc links. I've fixed, tested and documented features. Now it is not perfect, there are a lot of ugly things living in ssi_jwk
, ssi_jws
for instance, but I'll consider it out of scope. Other issues are directly related to the refactor:
VerificationResult
containing warnings and errors. There was no distinction between verification failure (the signature/proof is not valid), and verification errors (we could not verify the signature for some reason, it may or may not be valid). I tried to do the distinction using a more fine grain result type Result<ProofValidity, VerificationError>
where ProofValidity
captures the validity of the proof (it may be invalid) and VerificationError
for when the verification process failed. I think its a good idea overall but
ProofValidity::Invalid
instead throw a VerificationError
ProofValidity::Invalid
would also gives the reason why the verification failed, but for now there is noneProofValidity::Valid
variantValidate
trait to validate claims independently of the proof/signature. It can be used to check the expiration date of a credential for instance. I think this trait could be improved so we can pass an "environment" to the validation function. This is required for some advanced validation checks, such as validating the aud
(audience) claim of a JWT against the application domain. To do it correctly the validation function needs to know the application domain, which could be passed through this "environment".These are points we can discuss but I think overall the refactor is ready to be reviewed.
@sbihel any ETA on merging this?
rustfmt
is failing because the crates/multicodec/src/table.rs
file is not found. This file is generated by the build.rs
script of ssi_multicodec
from the crates/multicodec/src/table.csv
file. I'll try to find a way to run the build script before rustfmt
.
For context I'm in the process of rewriting the VC API in DIDKit https://github.com/spruceid/didkit/pull/384, and I'm currently stuck with lifetime bound issues, but if you could have a look to see if I'm doing anything wrong that would be great.
@timothee-haudebourg @clehner @sbihel - any ETA on the completion of this PR? Reason I ask is because merging this PR is blocking one of mine: https://github.com/spruceid/ssi/pull/545
Thanks.
There's is no ETA but we're hoping to get it merged and published within two months.
I've made some changes to follow the reviews. With a few days away from ssi I had some fresh eyes, so I've fixed some other issues that were necessary in my opinion:
SignatureError
and one ProofValidationError
used across all the sign
/verify
functions, whatever the claim type (Data-Integrity, JWS, JWT, etc.).Validate::validate
. This can be used to deterministically set the time of verification for instance, used to check the expiration/issuance date claims. The function now returns a result, giving an insight on why the validation failed (if the claim expired for instance).ssi-jws
and ssi-jwt
. I've also added documentation of this "verification pipeline" here: crates/claims/core/src/verification/mod.rs (maybe not the best place since this won't appear in the generated doc).cose-rs
, which we will probably use in the future to verify CBOR-encoded claims. It is also more memory efficient.ssi-verification-methods
crate, just so it stays reasonable to use the ssi-jws
/ss-jwt
crates alone, without the rest of ssi
.There are still some error types that are missing Send
and would probably benefit from moving to a String
or anyhow::Error
-- at least MessageSignatureError
. Have you tried compiling the VC API in DIDKit in https://github.com/spruceid/didkit/pull/384?
🎉
This PR aims at refactoring
ssi
to make better use of Rust traits.Verifable<Claims>
type family for verifiable claims, independent of the underlying implementation.ssi
will not depend on TreeLDR).This is a work in early progress.
Status
Most of the work is completed. There are still some DID methods that needs to be reintroduced. Most of the remaining work is testing everything (and that's a lot).
Below are all the parts that needs to be added or changed in
ssi
:ssi-vc-jwt
library)ssi-verification-methods
library), with VMs clearly defined.EcdsaSecp256k1RecoveryMethod2020
EcdsaSecp256k1VerificationKey2019
EcdsaSecp256r1VerificationKey2019
Ed25519VerificationKey2018
Ed25519VerificationKey2020
JsonWebKey2020
Multikey
RsaVerificationKey2018
Ed25519PublicKeyBLAKE2BDigestSize20Base58CheckEncoded2021
P256PublicKeyBLAKE2BDigestSize20Base58CheckEncoded2021
TezosMethod2021
AleoMethod2021
BlockchainVerificationMethod2021
Eip712Method2021
ssi-dids
library)DIDResolver
traitssi-verification-methods
librarytz
(Tezos)jwk
pkh
(https://github.com/spruceid/ssi/pull/539)key
(https://github.com/spruceid/ssi/pull/540)web
(https://github.com/spruceid/ssi/pull/541)ethr
(https://github.com/spruceid/ssi/pull/542)ion
(https://github.com/spruceid/ssi/pull/543)sol
~ (deprecate)onion
~ (deprecate)webkey
~ (deprecate)test
(test suite? not sure if required)ssi-vc-ldp
library)CryptographicSuite
trait designEcdsaSecp256k1Signature2019
EcdsaSecp256r1Signature2019
Ed25519Signature2018
Ed25519Signature2020
eddsa-2022
EthereumEip712Signature2021
JsonWebSignature2020
RsaSignature2018
EcdsaSecp256k1RecoverySignature2020
AleoSignature2021
Eip712Signature2021
EthereumPersonalSignature2021
SolanaSignature2021