diff --git a/index.html b/index.html index e459f9c..240af28 100644 --- a/index.html +++ b/index.html @@ -688,13 +688,14 @@

parseBaseProofValue

  1. -Ensure the `proofValue` string starts with +If the `proofValue` string does not start with u (U+0075 LATIN SMALL LETTER U), -indicating that it is a `multibase-base64url-no-pad-encoded` value, and throw -an error if it does not. +indicating that it is a `multibase-base64url-no-pad-encoded` value, +an error MUST be raised and SHOULD convey an error type of +PROOF_VERIFICATION_ERROR.
  2. Initialize |decodedProofValue| to the result of base64url-no-pad-decoding the @@ -721,8 +722,9 @@

    parseBaseProofValue

    |featureOption| to `"pseudonym_hidden_pid"`.
  3. -If the |decodedProofValue| starts with any other three byte sequence, throw an -error. +If the |decodedProofValue| starts with any other three byte sequence, +an error MUST be raised and SHOULD convey an error type of +PROOF_VERIFICATION_ERROR.
@@ -1125,13 +1127,14 @@

parseDerivedProofValue

  1. -Ensure the `proofValue` string starts with +If the `proofValue` string does not start with u (U+0075, LATIN SMALL LETTER U), indicating that -it is a `multibase-base64url-no-pad-encoded` value, and throw an error if it does -not. +it is a `multibase-base64url-no-pad-encoded` value, +an error MUST be raised and SHOULD convey an error type of +PROOF_VERIFICATION_ERROR.
  2. Initialize |decodedProofValue| to the result of base64url-no-pad-decoding the @@ -1161,11 +1164,12 @@

    parseDerivedProofValue

  3. Initialize `components` to an array that is the result of CBOR-decoding the -bytes that follow the three-byte BBS disclosure proof header. Ensure the result -is an array of five or six elements — -a byte array, a map of integers to integers, an -array of integers, another array of integers, and one or two byte arrays; -otherwise, throw an error. +bytes that follow the three-byte BBS disclosure proof header. If the result +is not an array of five or six elements — +a byte array, a map of integers to integers, +two arrays of integers, and one or two byte arrays; +an error MUST be raised and SHOULD convey an error type of +PROOF_VERIFICATION_ERROR.
  4. Replace the second element in `components` using the result of calling the @@ -1463,13 +1467,15 @@

    Base Proof Configuration (bbs-2023)

  5. If |proofConfig|.|type| is not set to `DataIntegrityProof` and/or -|proofConfig|.|cryptosuite| is not set to `bbs-2023`, an -`INVALID_PROOF_CONFIGURATION` error MUST be raised. +|proofConfig|.|cryptosuite| is not set to `bbs-2023`, an error MUST be raised +and SHOULD convey an error type of +PROOF_GENERATION_ERROR.
  6. -If |proofConfig|.|created| is set and the value is not a -valid [[XMLSCHEMA11-2]] datetime, an `INVALID_PROOF_DATETIME` error MUST be -raised. +If |proofConfig|.|created| is set and if the value is not a +valid [[XMLSCHEMA11-2]] datetime, an error MUST be raised and SHOULD convey an +error type of +PROOF_GENERATION_ERROR.
  7. Set |proofConfig|.|@context| to @@ -1504,9 +1510,13 @@

    Base Proof Serialization (bbs-2023)

    |commitment_with_proof|. If |featureOption| is set to `"anonymous_holder_binding"` or `"pseudonym_hidden_pid"`, the -|commitment_with_proof| input MUST be supplied; if not supplied, an error SHOULD be -returned. -A single digital proof value +|commitment_with_proof| input MUST be supplied; if not supplied, +an error MUST be raised and SHOULD convey an error type of +PROOF_GENERATION_ERROR. +The proof options MUST contain a type identifier for the + +cryptographic suite (|type|) and MAY contain a cryptosuite +identifier (|cryptosuite|). A single digital proof value represented as series of bytes is produced as output.