TBD54566975
diff --git a/‎lib/src/protocol/crypto.dart
+20 b/‎lib/src/protocol/crypto.dart
+20
diff --git a/‎lib/src/protocol/exceptions.dart
+61 b/‎lib/src/protocol/exceptions.dart
+61
diff --git a/‎lib/src/protocol/json-schemas/message.schema.json
+3-6 b/‎lib/src/protocol/json-schemas/message.schema.json
+3-6
diff --git a/‎lib/src/protocol/json-schemas/rfq-private.schema.json
+40 b/‎lib/src/protocol/json-schemas/rfq-private.schema.json
+40
diff --git a/‎lib/src/protocol/json-schemas/rfq.schema.json
+10-13 b/‎lib/src/protocol/json-schemas/rfq.schema.json
+10-13
diff --git a/‎lib/src/protocol/models/message.dart
+8-7 b/‎lib/src/protocol/models/message.dart
+8-7
@@ -0,0 +1,20 @@
+import 'dart:convert';
+import 'dart:math';
+import 'dart:typed_data';
+
+import 'package:crypto/crypto.dart';
+import 'package:web5/web5.dart';
+
+class CryptoUtils {
+  static Uint8List digest(Object value) {
+    final payload = json.encode(value);
+    final bytes = utf8.encode(payload);
+    return Uint8List.fromList(sha256.convert(bytes).bytes);
+  }
+
+  static String generateSalt() {
+    var random = Random.secure();
+    var bytes = Uint8List.fromList(List.generate(16, (_) => random.nextInt(256)));
+    return Base64Url.encode(bytes);
+  }
+}
@@ -0,0 +1,61 @@
+// Tbdex exception codes are each thrown in exactly one place.
+// Each code is prefixed with the name of the file in which it is thrown.
+enum TbdexExceptionCode {
+  parserKindRequired,
+  parserMessageJsonNotObject,
+  parserMetadataMalformed,
+  parserUnknownMessageKind,
+  parserUnknownResourceKind,
+  messageSignatureMissing,
+  messageSignatureMismatch,
+  messageUnknownKind,
+  resourceSignatureMissing,
+  resourceSignatureMismatch,
+  resourceUnknownKind,
+  rfqClaimsHashMismatch,
+  rfqClaimsMissing,
+  rfqOfferingIdMismatch,
+  rfqPrivateDataMissing,
+  rfqPayinDetailsHashMismatch,
+  rfqPayinDetailsMissing,
+  rfqPayinGreaterThanMax,
+  rfqPayinLessThanMin,
+  rfqPayinDetailsNotValid,
+  rfqPayoutDetailsHashMismatch,
+  rfqPayoutDetailsMissing,
+  rfqPayoutDetailsNotValid,
+  rfqProtocolVersionMismatch,
+  rfqUnknownPayinKind,
+  rfqUnknownPayoutKind,
+  validatorNoSchema,
+  validatorUnknownMessageKind,
+  validatorUnknownResourceKind,
+  validatorJsonSchemaError,
+}
+
+// TbdexException is the parent class for all custom exceptions thrown from this package
+class TbdexException implements Exception {
+  final String message;
+  final TbdexExceptionCode code;
+  TbdexException(this.code, this.message);
+
+  @override
+  String toString() => 'TbdexException($code): $message';
+}
+
+class TbdexParseException extends TbdexException {
+  TbdexParseException(TbdexExceptionCode code, String message): super(code, message);
+}
+
+class TbdexSignatureVerificationException extends TbdexException {
+  TbdexSignatureVerificationException(TbdexExceptionCode code, String message): super(code, message);
+}
+
+class TbdexValidatorException extends TbdexException {
+  TbdexValidatorException(TbdexExceptionCode code, String message): super(code, message);
+}
+
+// Thrown when verifying RFQ against offering
+class TbdexVerifyOfferingRequirementsException extends TbdexException {
+  TbdexVerifyOfferingRequirementsException(TbdexExceptionCode code, String message): super(code, message);
+}
@@ -41,10 +41,6 @@
         }
       },
       "required": ["from", "to", "kind", "id", "exchangeId", "createdAt", "protocol"]
-    },
-    "Private": {
-      "type": "object",
-      "description": "An ephemeral JSON object used to transmit sensitive data (e.g. PII)"
     }
   },
   "type": "object",
@@ -60,8 +56,9 @@
       "type": "string",
       "description": "Signature that verifies the authenticity and integrity of a message"
     },
-    "private": {
-      "$ref": "#/definitions/Private"
+    "privateData": {
+      "type": "object",
+      "description": "Private data which can be detached from the payload without disrupting integrity. Only used in RFQs"
     }
   },
   "additionalProperties": false,
 
@@ -0,0 +1,40 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://tbdex.dev/rfq-private.schema.json",
+  "type": "object",
+  "properties": {
+    "additionalProperties": false,
+    "salt": {
+      "type": "string",
+      "description": "Randomly generated cryptographic salt used to hash privateData fields"
+    },
+    "claims": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      },
+      "description": "Presentation Submission that fulfills the requirements included in the respective Offering"
+    },
+    "payin": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "paymentDetails": {
+          "type": "object",
+          "description": "An object containing the properties defined in the respective Offering's requiredPaymentDetails json schema"
+        }
+      }
+    },
+    "payout": {
+      "additionalProperties": false,
+      "type": "object",
+      "properties": {
+        "paymentDetails": {
+          "type": "object",
+          "description": "An object containing the properties defined in the respective Offering's requiredPaymentDetails json schema"
+        }
+      }
+    }
+  },
+  "required": ["salt"]
+}
@@ -8,12 +8,9 @@
       "type": "string",
       "description": "Offering which Alice would like to get a quote for"
     },
-    "claims": {
-      "type": "array",
-      "items": {
-        "type": "string"
-      },
-      "description": "Presentation Submission that fulfills the requirements included in the respective Offering"
+    "claimsHash": {
+      "type": "string",
+      "description": "Digests of Presentation Submissions that fulfills the requirements included in the respective Offering"
     },
     "payin": {
       "type": "object",
@@ -25,9 +22,9 @@
           "type": "string",
           "description": "Type of payment method e.g. BTC_ADDRESS, DEBIT_CARD, MOMO_MPESA"
         },
-        "paymentDetails": {
-          "type": "object",
-          "description": "An object containing the properties defined in the respective Offering's requiredPaymentDetails json schema"
+        "paymentDetailsHash": {
+          "type": "string",
+          "description": "Digest of an object containing the properties defined in the respective Offering's requiredPaymentDetails json schema"
         }
       },
       "required": ["amount", "kind"]
@@ -39,13 +36,13 @@
           "type": "string",
           "description": "Selected payout method from the respective offering"
         },
-        "paymentDetails": {
-          "type": "object",
-          "description": "An object containing the properties defined in the respective Offering's requiredPaymentDetails json schema"
+        "paymentDetailsHash": {
+          "type": "string",
+          "description": "Digest of an object containing the properties defined in the respective Offering's requiredPaymentDetails json schema"
         }
       },
       "required": ["kind"]
     }
   },
-  "required": ["offeringId", "claims", "payin", "payout"]
+  "required": ["offeringId", "payin", "payout"]
 }
@@ -1,7 +1,8 @@
 import 'dart:convert';
 import 'dart:typed_data';
 
-import 'package:crypto/crypto.dart';
+import 'package:tbdex/src/protocol/crypto.dart';
+import 'package:tbdex/src/protocol/exceptions.dart';
 import 'package:tbdex/src/protocol/models/message_data.dart';
 import 'package:tbdex/src/protocol/models/resource.dart';
 import 'package:tbdex/src/protocol/validator.dart';
@@ -41,7 +42,7 @@ class MessageMetadata extends Metadata {
     return MessageMetadata(
       kind: MessageKind.values.firstWhere(
         (kind) => kind.name == json['kind'],
-        orElse: () => throw Exception('unknown message kind: ${json['kind']}'),
+        orElse: () => throw TbdexParseException(TbdexExceptionCode.messageUnknownKind, 'unknown message kind: ${json['kind']}'),
       ),
       to: json['to'],
       from: json['from'],
@@ -91,7 +92,8 @@ abstract class Message {
 
   Future<void> verify() async {
     if (signature == null) {
-      throw Exception(
+      throw TbdexSignatureVerificationException(
+        TbdexExceptionCode.messageSignatureMissing,
         'signature verification failed: expected signature property to exist',
       );
     }
@@ -102,7 +104,8 @@ abstract class Message {
     final signingDid = parsedDidUrl.uri;
 
     if (signingDid != metadata.from) {
-      throw Exception(
+      throw TbdexSignatureVerificationException(
+      TbdexExceptionCode.messageSignatureMismatch,
         'signature verification failed: was not signed by the expected DID',
       );
     }
@@ -111,9 +114,7 @@ abstract class Message {
   }
 
   Uint8List _digest() {
-    final payload = json.encode({'metadata': metadata, 'data': data});
-    final bytes = utf8.encode(payload);
-    return Uint8List.fromList(sha256.convert(bytes).bytes);
+    return CryptoUtils.digest({'metadata': metadata, 'data': data});
   }
 
   @override