Module: BSV::Wallet::Client::Crypto

Included in:

BSV::Wallet::Client

Defined in:

lib/bsv/wallet/client/brc100/crypto.rb

Overview

Cryptographic operations for the BRC-100 wallet client.

Provides the 9 crypto public methods defined by the BRC-100 interface: key derivation, symmetric encryption/decryption, HMAC creation/verification, ECDSA signing/verification, and key linkage revelation.

All methods delegate to @substrate when present. Otherwise they operate against @key_deriver directly.

Instance Method Summary

• #create_hmac(args, originator: nil) ⇒ Hash

  Creates an HMAC-SHA256 using a derived symmetric key.

• #create_signature(args, originator: nil) ⇒ Hash

  Creates an ECDSA signature using a derived private key.

• #decrypt(args, originator: nil) ⇒ Hash

  Decrypts ciphertext using AES-256-GCM with a derived symmetric key.

• #encrypt(args, originator: nil) ⇒ Hash

  Encrypts plaintext using AES-256-GCM with a derived symmetric key.

• #get_public_key(args, originator: nil) ⇒ Hash

  Returns a derived or identity public key.

• #reveal_counterparty_key_linkage(args, originator: nil) ⇒ Hash

  Reveals counterparty key linkage to a verifier (BRC-69 Method 1).

• #reveal_specific_key_linkage(args, originator: nil) ⇒ Hash

  Reveals specific key linkage for a particular interaction (BRC-69 Method 2).

• #verify_hmac(args, originator: nil) ⇒ Hash

  Verifies an HMAC-SHA256 using a derived symmetric key.

• #verify_signature(args, originator: nil) ⇒ Hash

  Verifies an ECDSA signature using a derived public key.

Instance Method Details

#create_hmac(args, originator: nil) ⇒ Hash

Creates an HMAC-SHA256 using a derived symmetric key.

Parameters:

• args (Hash)

Options Hash (args):

• :data (Array<Integer>) —

  byte array to authenticate

• :protocol_id (Array) —

  security_level, protocol_name

• :key_id (String) —

  key identifier

• :counterparty (String) —

  public key hex, ‘self’, or ‘anyone’

Returns:

• (Hash) —

  { hmac: Array<Integer> }

# File 'lib/bsv/wallet/client/brc100/crypto.rb', line 83

def create_hmac(args, originator: nil)
  return @substrate.create_hmac(args, originator: originator) if @substrate

  sym_key = derive_sym_key(args)
  hmac = BSV::Primitives::Digest.hmac_sha256(sym_key.to_bytes, bytes_to_string(args[:data]))
  { hmac: string_to_bytes(hmac) }
end

#create_signature(args, originator: nil) ⇒ Hash

Creates an ECDSA signature using a derived private key.

Parameters:

• args (Hash)

Options Hash (args):

• :data (Array<Integer>) —

  data to hash and sign

• :hash_to_directly_sign (Array<Integer>) —

  pre-computed 32-byte hash to sign

• :protocol_id (Array) —

  security_level, protocol_name

• :key_id (String) —

  key identifier

• :counterparty (String) —

  public key hex, ‘self’, or ‘anyone’

Returns:

• (Hash) —

  { signature: Array<Integer> } DER-encoded signature as byte array

# File 'lib/bsv/wallet/client/brc100/crypto.rb', line 122

def create_signature(args, originator: nil)
  return @substrate.create_signature(args, originator: originator) if @substrate

  counterparty = args[:counterparty] || 'anyone'
  priv_key = @key_deriver.derive_private_key(args[:protocol_id], args[:key_id], counterparty)

  hash = if args[:hash_to_directly_sign]
           bytes_to_string(args[:hash_to_directly_sign])
         else
           BSV::Primitives::Digest.sha256(bytes_to_string(args[:data]))
         end

  sig = priv_key.sign(hash)
  { signature: string_to_bytes(sig.to_der) }
end

#decrypt(args, originator: nil) ⇒ Hash

Decrypts ciphertext using AES-256-GCM with a derived symmetric key.

Parameters:

• args (Hash)

Options Hash (args):

• :ciphertext (Array<Integer>) —

  byte array to decrypt

• :protocol_id (Array) —

  security_level, protocol_name

• :key_id (String) —

  key identifier

• :counterparty (String) —

  public key hex, ‘self’, or ‘anyone’

Returns:

• (Hash) —

  { plaintext: Array<Integer> }

# File 'lib/bsv/wallet/client/brc100/crypto.rb', line 67

def decrypt(args, originator: nil)
  return @substrate.decrypt(args, originator: originator) if @substrate

  sym_key = derive_sym_key(args)
  plaintext = sym_key.decrypt(bytes_to_string(args[:ciphertext]))
  { plaintext: string_to_bytes(plaintext) }
end

#encrypt(args, originator: nil) ⇒ Hash

Encrypts plaintext using AES-256-GCM with a derived symmetric key.

Parameters:

• args (Hash)

Options Hash (args):

• :plaintext (Array<Integer>) —

  byte array to encrypt

• :protocol_id (Array) —

  security_level, protocol_name

• :key_id (String) —

  key identifier

• :counterparty (String) —

  public key hex, ‘self’, or ‘anyone’

Returns:

• (Hash) —

  { ciphertext: Array<Integer> }

# File 'lib/bsv/wallet/client/brc100/crypto.rb', line 51

def encrypt(args, originator: nil)
  return @substrate.encrypt(args, originator: originator) if @substrate

  sym_key = derive_sym_key(args)
  ciphertext = sym_key.encrypt(bytes_to_string(args[:plaintext]))
  { ciphertext: string_to_bytes(ciphertext) }
end

#get_public_key(args, originator: nil) ⇒ Hash

Returns a derived or identity public key.

Parameters:

• args (Hash)

Options Hash (args):

• :identity_key (Boolean) —

  return the identity key instead of deriving

• :protocol_id (Array) —

  security_level, protocol_name

• :key_id (String) —

  key identifier

• :counterparty (String) —

  public key hex, ‘self’, or ‘anyone’

• :for_self (Boolean) —

  derive from own identity

Returns:

• (Hash) —

  { public_key: String } hex-encoded compressed public key

# File 'lib/bsv/wallet/client/brc100/crypto.rb', line 26

def get_public_key(args, originator: nil)
  return @substrate.get_public_key(args, originator: originator) if @substrate

  if args[:identity_key]
    { public_key: @key_deriver.identity_key }
  else
    counterparty = args[:counterparty] || 'self'
    pub = @key_deriver.derive_public_key(
      args[:protocol_id],
      args[:key_id],
      counterparty,
      for_self: args[:for_self] || false
    )
    { public_key: pub.to_hex }
  end
end

#reveal_counterparty_key_linkage(args, originator: nil) ⇒ Hash

Reveals counterparty key linkage to a verifier (BRC-69 Method 1).

Parameters:

• args (Hash)

Options Hash (args):

• :counterparty (String) —

  counterparty public key hex (not ‘self’)

• :verifier (String) —

  verifier public key hex

Returns:

• (Hash) —

  with :prover, :verifier, :counterparty, :revelation_time, :encrypted_linkage, :encrypted_linkage_proof

Raises:

• (InvalidParameterError)

# File 'lib/bsv/wallet/client/brc100/crypto.rb', line 184

def reveal_counterparty_key_linkage(args, originator: nil)
  return @substrate.reveal_counterparty_key_linkage(args, originator: originator) if @substrate

  counterparty = args[:counterparty]
  verifier = args[:verifier]

  raise InvalidParameterError.new('counterparty', 'a specific public key hex, not "anyone"') if counterparty == 'anyone'

  Validators.validate_pub_key_hex!(verifier, 'verifier')

  linkage = @key_deriver.reveal_counterparty_secret(counterparty)
  revelation_time = Time.now.utc.iso8601

  encrypted_linkage_result = encrypt({
                                       plaintext: string_to_bytes(linkage),
                                       protocol_id: [2, 'counterparty linkage revelation'],
                                       key_id: revelation_time,
                                       counterparty: verifier
                                     })

  counterparty_pub = BSV::Primitives::PublicKey.from_hex(counterparty)
  linkage_point = BSV::Primitives::PublicKey.from_bytes(linkage)
  schnorr_proof = BSV::Primitives::Schnorr.generate_proof(
    @key_deriver.root_key,
    @key_deriver.root_key.public_key,
    counterparty_pub,
    linkage_point
  )

  z_bytes = schnorr_proof.z.to_s(2)
  z_bytes = ("\x00".b * (32 - z_bytes.length)) + z_bytes if z_bytes.length < 32
  proof_bin = schnorr_proof.r.compressed + schnorr_proof.s_prime.compressed + z_bytes

  encrypted_proof_result = encrypt({
                                     plaintext: string_to_bytes(proof_bin),
                                     protocol_id: [2, 'counterparty linkage revelation'],
                                     key_id: revelation_time,
                                     counterparty: verifier
                                   })

  {
    prover: @key_deriver.identity_key,
    verifier: verifier,
    counterparty: counterparty,
    revelation_time: revelation_time,
    encrypted_linkage: encrypted_linkage_result[:ciphertext],
    encrypted_linkage_proof: encrypted_proof_result[:ciphertext]
  }
end

#reveal_specific_key_linkage(args, originator: nil) ⇒ Hash

Reveals specific key linkage for a particular interaction (BRC-69 Method 2).

Parameters:

• args (Hash)

Options Hash (args):

• :counterparty (String) —

  counterparty public key hex

• :verifier (String) —

  verifier public key hex

• :protocol_id (Array) —

  security_level, protocol_name

• :key_id (String) —

  key identifier

Returns:

• (Hash) —

  with :prover, :verifier, :counterparty, :protocol_id, :key_id, :encrypted_linkage, :encrypted_linkage_proof, :proof_type

Raises:

• (InvalidParameterError)

# File 'lib/bsv/wallet/client/brc100/crypto.rb', line 243

def reveal_specific_key_linkage(args, originator: nil)
  return @substrate.reveal_specific_key_linkage(args, originator: originator) if @substrate

  counterparty = args[:counterparty]
  verifier = args[:verifier]
  protocol_id = args[:protocol_id]
  key_id = args[:key_id]

  raise InvalidParameterError.new('counterparty', 'a specific public key hex, not "anyone"') if counterparty == 'anyone'

  Validators.validate_pub_key_hex!(verifier, 'verifier')

  linkage = @key_deriver.reveal_specific_secret(counterparty, protocol_id, key_id)

  derived_protocol = "specific linkage revelation #{protocol_id[0]} #{protocol_id[1]}"

  encrypted_linkage_result = encrypt({
                                       plaintext: string_to_bytes(linkage),
                                       protocol_id: [2, derived_protocol],
                                       key_id: key_id,
                                       counterparty: verifier
                                     })

  encrypted_proof_result = encrypt({
                                     plaintext: [0],
                                     protocol_id: [2, derived_protocol],
                                     key_id: key_id,
                                     counterparty: verifier
                                   })

  {
    prover: @key_deriver.identity_key,
    verifier: verifier,
    counterparty: counterparty,
    protocol_id: protocol_id,
    key_id: key_id,
    encrypted_linkage: encrypted_linkage_result[:ciphertext],
    encrypted_linkage_proof: encrypted_proof_result[:ciphertext],
    proof_type: 0
  }
end

#verify_hmac(args, originator: nil) ⇒ Hash

Verifies an HMAC-SHA256 using a derived symmetric key.

Parameters:

• args (Hash)

Options Hash (args):

• :data (Array<Integer>) —

  byte array that was authenticated

• :hmac (Array<Integer>) —

  HMAC to verify

• :protocol_id (Array) —

  security_level, protocol_name

• :key_id (String) —

  key identifier

• :counterparty (String) —

  public key hex, ‘self’, or ‘anyone’

Returns:

• (Hash) —

  { valid: true }

Raises:

• (InvalidHmacError) —

  if the HMAC does not match

# File 'lib/bsv/wallet/client/brc100/crypto.rb', line 101

def verify_hmac(args, originator: nil)
  return @substrate.verify_hmac(args, originator: originator) if @substrate

  sym_key = derive_sym_key(args)
  expected = BSV::Primitives::Digest.hmac_sha256(sym_key.to_bytes, bytes_to_string(args[:data]))
  provided = bytes_to_string(args[:hmac])

  raise InvalidHmacError unless secure_compare(expected, provided)

  { valid: true }
end

#verify_signature(args, originator: nil) ⇒ Hash

Verifies an ECDSA signature using a derived public key.

Parameters:

• args (Hash)

Options Hash (args):

• :data (Array<Integer>) —

  original data that was signed

• :hash_to_directly_verify (Array<Integer>) —

  pre-computed 32-byte hash

• :signature (Array<Integer>) —

  DER-encoded signature as byte array

• :protocol_id (Array) —

  security_level, protocol_name

• :key_id (String) —

  key identifier

• :counterparty (String) —

  public key hex, ‘self’, or ‘anyone’

• :for_self (Boolean) —

  verify own derived key (default false)

Returns:

• (Hash) —

  { valid: true }

Raises:

• (InvalidSignatureError) —

  if the signature does not verify

# File 'lib/bsv/wallet/client/brc100/crypto.rb', line 150

def verify_signature(args, originator: nil)
  return @substrate.verify_signature(args, originator: originator) if @substrate

  counterparty = args[:counterparty] || 'self'
  for_self = args[:for_self] || false

  pub_key = @key_deriver.derive_public_key(
    args[:protocol_id],
    args[:key_id],
    counterparty,
    for_self: for_self
  )

  hash = if args[:hash_to_directly_verify]
           bytes_to_string(args[:hash_to_directly_verify])
         else
           BSV::Primitives::Digest.sha256(bytes_to_string(args[:data]))
         end

  sig = BSV::Primitives::Signature.from_der(bytes_to_string(args[:signature]))
  valid = pub_key.verify(hash, sig)

  raise InvalidSignatureError unless valid

  { valid: true }
end