A few renamings.

Unification of the signature options and verification options interface.

crates/bbs/src/lib.rs

@@ -85,7 +85,7 @@ impl MultiSigningMethod<BBSplusSecretKey, Bbs> for Multikey {
             Bbs::Baseline { header } => Signature::<BBSplus<Bls12381Sha256>>::sign(
                 Some(messages),
                 secret,
-                &pk,
+                pk,
                 Some(&header),
             )
             .map_err(MessageSignatureError::signature_failed)?
@@ -99,7 +99,7 @@ impl MultiSigningMethod<BBSplusSecretKey, Bbs> for Multikey {
                 let signer_blind = signer_blind.map(|b| BlindFactor::from_bytes(&b).unwrap());
                 BlindSignature::<BBSplus<Bls12381Sha256>>::blind_sign(
                     secret,
-                    &pk,
+                    pk,
                     commitment_with_proof.as_deref(),
                     Some(&header),
                     Some(messages),

crates/claims/core/src/verification/mod.rs

@@ -104,6 +104,19 @@ pub enum Invalid {
     Proof(#[from] InvalidProof),
 }
 
+/// Arbitrary resource provider.
+pub trait ResourceProvider<T> {
+    /// Returns a reference to the resource of type `T`.
+    fn get_resource(&self) -> &T;
+}
+
+/// Anything can return the unit resource.
+impl<T> ResourceProvider<()> for T {
+    fn get_resource(&self) -> &() {
+        &()
+    }
+}
+
 /// Type that provides a public key resolver.
 pub trait ResolverProvider {
     /// Public key resolver.

crates/claims/crates/data-integrity/core/src/canonicalization.rs

@@ -39,7 +39,7 @@ where
         context: &C,
         data: &T,
         proof_configuration: ProofConfigurationRef<'_, S>,
-        _transformation_options: Option<TransformationOptions<S>>,
+        _transformation_options: TransformationOptions<S>,
     ) -> Result<Self::Output, TransformationError> {
         let mut ld = LdEnvironment::default();
 

crates/claims/crates/data-integrity/core/src/proof/mod.rs

@@ -1,12 +1,14 @@
 use crate::suite::bounds::{OptionsRefOf, SignatureRefOf, VerificationMethodRefOf};
-use crate::suite::{CryptographicSuiteVerification, SerializeCryptographicSuite};
+use crate::suite::{
+    CryptographicSuiteVerification, InputVerificationOptions, SerializeCryptographicSuite,
+};
 use crate::{
     CloneCryptographicSuite, CryptographicSuite, DataIntegrity, DebugCryptographicSuite,
     DeserializeCryptographicSuite,
 };
 use educe::Educe;
 use serde::{Deserialize, Serialize};
-use ssi_claims_core::{AttachProof, ProofValidationError, ProofValidity};
+use ssi_claims_core::{AttachProof, ProofValidationError, ProofValidity, ResourceProvider};
 use ssi_core::{one_or_many::OneOrManyRef, OneOrMany};
 use ssi_verification_methods_core::{ProofPurpose, ReferenceOrOwned};
 use std::collections::BTreeMap;
@@ -221,14 +223,18 @@ impl<S: DebugCryptographicSuite> fmt::Debug for Proof<S> {
 impl<S: CryptographicSuite, T, V> ssi_claims_core::ValidateProof<V, T> for Proof<S>
 where
     S: CryptographicSuiteVerification<T, V>,
+    V: ResourceProvider<InputVerificationOptions<S>>,
 {
     async fn validate_proof<'a>(
         &'a self,
         verifier: &'a V,
         claims: &'a T,
     ) -> Result<ProofValidity, ProofValidationError> {
+        let transformation_options = self
+            .suite()
+            .configure_verification(verifier.get_resource())?;
         self.suite()
-            .verify_proof(verifier, claims, self.borrowed())
+            .verify_proof(verifier, claims, self.borrowed(), transformation_options)
             .await
     }
 }
@@ -327,6 +333,7 @@ impl<S: CryptographicSuite> From<Vec<Proof<S>>> for Proofs<S> {
 impl<S: CryptographicSuite, T, V> ssi_claims_core::ValidateProof<V, T> for Proofs<S>
 where
     S: CryptographicSuiteVerification<T, V>,
+    V: ResourceProvider<InputVerificationOptions<S>>,
 {
     async fn validate_proof<'a>(
         &'a self,

crates/claims/crates/data-integrity/core/src/suite/configuration.rs

@@ -1,20 +1,23 @@
 use std::marker::PhantomData;
 
-use ssi_claims_core::SignatureError;
+use ssi_claims_core::{ProofValidationError, SignatureError};
 use ssi_json_ld::syntax::Context;
 
 use crate::{CryptographicSuite, ProofConfiguration, ProofOptions};
 
 pub type InputVerificationMethod<S> = <<S as CryptographicSuite>::Configuration as ConfigurationAlgorithm<S>>::InputVerificationMethod;
 
 pub type InputSuiteOptions<S> =
-    <<S as CryptographicSuite>::Configuration as ConfigurationAlgorithm<S>>::InputProofOptions;
+    <<S as CryptographicSuite>::Configuration as ConfigurationAlgorithm<S>>::InputSuiteOptions;
 
 pub type InputProofOptions<S> = ProofOptions<InputVerificationMethod<S>, InputSuiteOptions<S>>;
 
 pub type InputSignatureOptions<S> =
     <<S as CryptographicSuite>::Configuration as ConfigurationAlgorithm<S>>::InputSignatureOptions;
 
+pub type InputVerificationOptions<S> =
+    <<S as CryptographicSuite>::Configuration as ConfigurationAlgorithm<S>>::InputVerificationOptions;
+
 pub type TransformationOptions<S> =
     <<S as CryptographicSuite>::Configuration as ConfigurationAlgorithm<S>>::TransformationOptions;
 
@@ -48,41 +51,72 @@ impl From<ConfigurationError> for SignatureError {
     }
 }
 
+impl From<ConfigurationError> for ProofValidationError {
+    fn from(value: ConfigurationError) -> Self {
+        Self::other(value)
+    }
+}
+
 pub trait ConfigurationAlgorithm<S: CryptographicSuite> {
     /// Input type for the verification method.
     type InputVerificationMethod;
 
     /// Input suite-specific proof options.
-    type InputProofOptions;
+    ///
+    /// These options are stored in the `proof` object.
+    type InputSuiteOptions;
 
-    /// Input signature options.
+    /// Input suite-specific signature options.
+    ///
+    /// These options do not appear in the `proof` object.
     type InputSignatureOptions;
 
+    /// Input suite-specific verification options.
+    ///
+    /// These options do not appear in the `proof` object.
+    type InputVerificationOptions;
+
     /// Document transformation options.
     type TransformationOptions;
 
-    fn configure(
+    fn configure_signature(
         suite: &S,
-        proof_options: ProofOptions<Self::InputVerificationMethod, Self::InputProofOptions>,
-        signature_options: Self::InputSignatureOptions,
+        proof_options: ProofOptions<Self::InputVerificationMethod, Self::InputSuiteOptions>,
+        signature_options: InputSignatureOptions<S>,
     ) -> Result<(ProofConfiguration<S>, Self::TransformationOptions), ConfigurationError>;
+
+    fn configure_verification(
+        suite: &S,
+        verification_options: &InputVerificationOptions<S>,
+    ) -> Result<Self::TransformationOptions, ConfigurationError>;
 }
 
 pub struct NoConfiguration;
 
 impl<S: CryptographicSuite> ConfigurationAlgorithm<S> for NoConfiguration {
     type InputVerificationMethod = S::VerificationMethod;
-    type InputProofOptions = S::ProofOptions;
+    type InputSuiteOptions = S::ProofOptions;
+
     type InputSignatureOptions = ();
+
+    type InputVerificationOptions = ();
+
     type TransformationOptions = ();
 
-    fn configure(
+    fn configure_signature(
         suite: &S,
         proof_options: ProofOptions<S::VerificationMethod, S::ProofOptions>,
-        _: (),
-    ) -> Result<(ProofConfiguration<S>, ()), ConfigurationError> {
+        _: InputSignatureOptions<S>,
+    ) -> Result<(ProofConfiguration<S>, Self::TransformationOptions), ConfigurationError> {
         Ok((proof_options.into_configuration(suite.clone())?, ()))
     }
+
+    fn configure_verification(
+        _suite: &S,
+        _verification_options: &InputVerificationOptions<S>,
+    ) -> Result<Self::TransformationOptions, ConfigurationError> {
+        Ok(())
+    }
 }
 
 pub struct AddProofContext<C>(PhantomData<C>);
@@ -92,15 +126,16 @@ where
     C: Default + Into<ssi_json_ld::syntax::Context>,
 {
     type InputVerificationMethod = S::VerificationMethod;
-    type InputProofOptions = S::ProofOptions;
+    type InputSuiteOptions = S::ProofOptions;
     type InputSignatureOptions = ();
+    type InputVerificationOptions = ();
     type TransformationOptions = ();
 
-    fn configure(
+    fn configure_signature(
         suite: &S,
         options: ProofOptions<S::VerificationMethod, S::ProofOptions>,
-        _: (),
-    ) -> Result<(ProofConfiguration<S>, ()), ConfigurationError> {
+        _: InputSignatureOptions<S>,
+    ) -> Result<(ProofConfiguration<S>, Self::TransformationOptions), ConfigurationError> {
         let mut result = options.into_configuration(suite.clone())?;
         result.context = match result.context {
             None => Some(C::default().into()),
@@ -110,4 +145,11 @@ where
         };
         Ok((result, ()))
     }
+
+    fn configure_verification(
+        _suite: &S,
+        _verification_options: &InputVerificationOptions<S>,
+    ) -> Result<Self::TransformationOptions, ConfigurationError> {
+        Ok(())
+    }
 }

crates/claims/crates/data-integrity/core/src/suite/mod.rs

@@ -58,12 +58,20 @@ pub trait CryptographicSuite: Clone {
     fn type_(&self) -> TypeRef;
 
     /// Generates a proof configuration from input options.
-    fn configure(
+    fn configure_signature(
         &self,
         proof_options: InputProofOptions<Self>,
         signature_options: InputSignatureOptions<Self>,
     ) -> Result<(ProofConfiguration<Self>, TransformationOptions<Self>), ConfigurationError> {
-        Self::Configuration::configure(self, proof_options, signature_options)
+        Self::Configuration::configure_signature(self, proof_options, signature_options)
+    }
+
+    /// Generates a proof configuration from input options.
+    fn configure_verification(
+        &self,
+        verification_options: &InputVerificationOptions<Self>,
+    ) -> Result<TransformationOptions<Self>, ConfigurationError> {
+        Self::Configuration::configure_verification(self, verification_options)
     }
 
     /// Generates a verifiable document secured with this cryptographic suite.
@@ -81,7 +89,7 @@ pub trait CryptographicSuite: Clone {
         Self: CryptographicSuiteSigning<T, C, R, S>,
     {
         let (proof_configuration, transformation_options) =
-            self.configure(proof_options, signature_options)?;
+            self.configure_signature(proof_options, signature_options)?;
         let proof_configuration_ref = proof_configuration.borrowed();
         let signature = self
             .generate_signature(

crates/claims/crates/data-integrity/core/src/suite/standard/mod.rs

@@ -1,7 +1,9 @@
 //! Cryptographic suites.
 use std::borrow::Cow;
 
-use ssi_claims_core::{ProofValidationError, ProofValidity, ResolverProvider, SignatureError};
+use ssi_claims_core::{
+    ProofValidationError, ProofValidity, ResolverProvider, ResourceProvider, SignatureError,
+};
 use ssi_verification_methods_core::{Signer, VerificationMethodResolver, VerificationMethodSet};
 
 use crate::{CryptographicSuite, ProofConfigurationRef, ProofRef, TypeRef};
@@ -20,7 +22,7 @@ pub use verification::*;
 
 use super::{
     ConfigurationAlgorithm, CryptographicSuiteSigning, CryptographicSuiteVerification,
-    TransformationOptions,
+    InputVerificationOptions, TransformationOptions,
 };
 
 // mod test_bbs;
@@ -59,7 +61,7 @@ pub trait StandardCryptographicSuite: Clone {
         context: &C,
         unsecured_document: &T,
         proof_configuration: ProofConfigurationRef<'_, Self>,
-        transformation_options: Option<TransformationOptions<Self>>,
+        transformation_options: TransformationOptions<Self>,
     ) -> Result<TransformedData<Self>, TransformationError>
     where
         Self::Transformation: TypedTransformationAlgorithm<Self, T, C>,
@@ -143,12 +145,7 @@ where
             .await?;
 
         let transformed = self
-            .transform(
-                context,
-                claims,
-                proof_configuration,
-                Some(transformation_options),
-            )
+            .transform(context, claims, proof_configuration, transformation_options)
             .await?;
 
         let hashed = self.hash(transformed, proof_configuration, &method)?;
@@ -165,7 +162,7 @@ where
 
 impl<S: StandardCryptographicSuite, C, V> CryptographicSuiteVerification<C, V> for S
 where
-    V: ResolverProvider,
+    V: ResolverProvider + ResourceProvider<InputVerificationOptions<S>>,
     V::Resolver: VerificationMethodResolver<Method = S::VerificationMethod>,
     S::Transformation: TypedTransformationAlgorithm<Self, C, V>,
     S::SignatureAlgorithm: VerificationAlgorithm<S>,
@@ -175,6 +172,7 @@ where
         verifier: &V,
         claims: &C,
         proof: ProofRef<'_, Self>,
+        transformation_options: TransformationOptions<S>,
     ) -> Result<ProofValidity, ProofValidationError> {
         let options = ssi_verification_methods_core::ResolutionOptions {
             accept: Some(Box::new(Self::VerificationMethod::type_set())),
@@ -189,7 +187,12 @@ where
         let proof_configuration = proof.configuration();
 
         let transformed = self
-            .transform(verifier, claims, proof_configuration, None)
+            .transform(
+                verifier,
+                claims,
+                proof_configuration,
+                transformation_options,
+            )
             .await?;
 
         let hashed = self.hash(transformed, proof_configuration, &method)?;

crates/claims/crates/data-integrity/core/src/suite/standard/transformation.rs

@@ -72,7 +72,7 @@ pub trait TypedTransformationAlgorithm<S: CryptographicSuite, T, C>:
         context: &C,
         data: &T,
         proof_configuration: ProofConfigurationRef<S>,
-        transformation_options: Option<TransformationOptions<S>>,
+        transformation_options: TransformationOptions<S>,
     ) -> Result<Self::Output, TransformationError>;
 }
 
@@ -82,14 +82,14 @@ impl<S: CryptographicSuite> TransformationAlgorithm<S> for JsonObjectTransformat
     type Output = json_syntax::Object;
 }
 
-impl<S: CryptographicSuite, T: Serialize, C> TypedTransformationAlgorithm<S, T, C>
+impl<S: StandardCryptographicSuite, T: Serialize, C> TypedTransformationAlgorithm<S, T, C>
     for JsonObjectTransformation
 {
     async fn transform(
         _context: &C,
         data: &T,
         _options: ProofConfigurationRef<'_, S>,
-        _transformation_options: Option<TransformationOptions<S>>,
+        _transformation_options: TransformationOptions<S>,
     ) -> Result<Self::Output, TransformationError> {
         json_syntax::to_value(data)
             .map_err(TransformationError::JsonSerialization)?

crates/claims/crates/data-integrity/core/src/suite/standard/verification.rs

@@ -5,7 +5,7 @@ use crate::{CryptographicSuite, ProofRef};
 pub trait VerificationAlgorithm<S: CryptographicSuite> {
     fn verify(
         method: &S::VerificationMethod,
-        prepared_claims: S::PreparedClaims,
+        prepared_claims: <S as CryptographicSuite>::PreparedClaims,
         proof: ProofRef<S>,
     ) -> Result<ProofValidity, ProofValidationError>;
 }

crates/claims/crates/data-integrity/core/src/suite/verification.rs

@@ -1,4 +1,4 @@
-use super::CryptographicSuite;
+use super::{CryptographicSuite, TransformationOptions};
 use crate::ProofRef;
 use ssi_claims_core::{ProofValidationError, ProofValidity};
 
@@ -9,5 +9,6 @@ pub trait CryptographicSuiteVerification<T, V>: CryptographicSuite {
         verifier: &V,
         claims: &T,
         proof: ProofRef<'_, Self>,
+        transformation_options: TransformationOptions<Self>,
     ) -> Result<ProofValidity, ProofValidationError>;
 }