async def test_es_encrypt_x(self, session: Session):
alg = KeyAlg.X25519
bob_sk = Key.generate(alg)
bob_pk = Key.from_jwk(bob_sk.get_jwk_public())
with pytest.raises(
test_module.DidcommEnvelopeError, match="No message recipients"
):
_ = test_module.ecdh_es_encrypt({}, MESSAGE)
with async_mock.patch(
"aries_askar.Key.generate",
async_mock.MagicMock(side_effect=AskarError(99, "")),
):
with pytest.raises(
test_module.DidcommEnvelopeError,
match="Error creating content encryption key",
):
_ = test_module.ecdh_es_encrypt({BOB_KID: bob_pk}, MESSAGE)
with async_mock.patch(
"aries_askar.Key.aead_encrypt",
async_mock.MagicMock(side_effect=AskarError(99, "")),
):
with pytest.raises(
test_module.DidcommEnvelopeError,
match="Error encrypting",
):
_ = test_module.ecdh_es_encrypt({BOB_KID: bob_pk}, MESSAGE)
def ecdh_1pu_decrypt(
wrapper: JweEnvelope,
recip_kid: str,
recip_key: Key,
sender_key: Key,
) -> Tuple[str, str, str]:
"""Decode a message with DIDComm v2 authenticated encryption."""
alg_id = wrapper.protected.get("alg")
if alg_id in ("ECDH-1PU+A128KW", "ECDH-1PU+A256KW"):
wrap_alg = alg_id[9:]
else:
raise DidcommEnvelopeError(f"Unsupported ECDH-1PU algorithm: {alg_id}")
enc_alg = wrapper.protected.get("enc")
if enc_alg not in ("A128CBC-HS256", "A256CBC-HS512"):
raise DidcommEnvelopeError(
f"Unsupported ECDH-1PU content encryption: {enc_alg}")
recip = wrapper.get_recipient(recip_kid)
if not recip:
raise DidcommEnvelopeError(f"Recipient header not found: {recip_kid}")
try:
epk = Key.from_jwk(wrapper.protected.get("epk"))
except AskarError:
raise DidcommEnvelopeError("Error loading ephemeral key")
apu = wrapper.protected.get("apu")
apv = wrapper.protected.get("apv")
try:
cek = ecdh.Ecdh1PU(alg_id, apu, apv).receiver_unwrap_key(
wrap_alg,
enc_alg,
epk,
sender_key,
recip_key,
recip.encrypted_key,
cc_tag=wrapper.tag,
)
except AskarError:
raise DidcommEnvelopeError("Error decrypting content encryption key")
try:
plaintext = cek.aead_decrypt(
wrapper.ciphertext,
nonce=wrapper.iv,
tag=wrapper.tag,
aad=wrapper.combined_aad,
)
except AskarError:
raise DidcommEnvelopeError("Error decrypting message payload")
return plaintext
async def test_es_round_trip(self, session: Session):
alg = KeyAlg.X25519
bob_sk = Key.generate(alg)
bob_pk = Key.from_jwk(bob_sk.get_jwk_public())
carol_sk = Key.generate(KeyAlg.P256) # testing mixed recipient key types
carol_pk = Key.from_jwk(carol_sk.get_jwk_public())
enc_message = test_module.ecdh_es_encrypt(
{BOB_KID: bob_pk, CAROL_KID: carol_pk}, MESSAGE
)
# receiver must have the private keypair accessible
await session.insert_key("my_sk", bob_sk, tags={"kid": BOB_KID})
plaintext, recip_kid, sender_kid = await test_module.unpack_message(
session, enc_message
)
assert recip_kid == BOB_KID
assert sender_kid is None
assert plaintext == MESSAGE
async def test_1pu_decrypt_x(self):
alg = KeyAlg.X25519
alice_sk = Key.generate(alg)
alice_pk = Key.from_jwk(alice_sk.get_jwk_public())
bob_sk = Key.generate(alg)
message_unknown_alg = JweEnvelope(
protected={"alg": "NOT-SUPPORTED"},
)
message_unknown_alg.add_recipient(
JweRecipient(encrypted_key=b"0000", header={"kid": BOB_KID})
)
with pytest.raises(
test_module.DidcommEnvelopeError,
match="Unsupported ECDH-1PU algorithm",
):
_ = test_module.ecdh_1pu_decrypt(
message_unknown_alg,
BOB_KID,
bob_sk,
alice_pk,
)
message_unknown_enc = JweEnvelope(
protected={"alg": "ECDH-1PU+A128KW", "enc": "UNKNOWN"},
)
message_unknown_enc.add_recipient(
JweRecipient(encrypted_key=b"0000", header={"kid": BOB_KID})
)
with pytest.raises(
test_module.DidcommEnvelopeError,
match="Unsupported ECDH-1PU content encryption",
):
_ = test_module.ecdh_1pu_decrypt(
message_unknown_enc, BOB_KID, bob_sk, alice_pk
)
message_invalid_epk = JweEnvelope(
protected={"alg": "ECDH-1PU+A128KW", "enc": "A256CBC-HS512", "epk": {}},
)
message_invalid_epk.add_recipient(
JweRecipient(encrypted_key=b"0000", header={"kid": BOB_KID})
)
with pytest.raises(
test_module.DidcommEnvelopeError,
match="Error loading ephemeral key",
):
_ = test_module.ecdh_1pu_decrypt(
message_invalid_epk,
BOB_KID,
bob_sk,
alice_pk,
)
async def test_1pu_round_trip(self, session: Session):
alg = KeyAlg.X25519
alice_sk = Key.generate(alg)
alice_pk = Key.from_jwk(alice_sk.get_jwk_public())
bob_sk = Key.generate(alg)
bob_pk = Key.from_jwk(bob_sk.get_jwk_public())
enc_message = test_module.ecdh_1pu_encrypt(
{BOB_KID: bob_pk}, ALICE_KID, alice_sk, MESSAGE
)
# receiver must have the private keypair accessible
await session.insert_key("my_sk", bob_sk, tags={"kid": BOB_KID})
# for now at least, insert the sender public key so it can be resolved
await session.insert_key("alice_pk", alice_pk, tags={"kid": ALICE_KID})
plaintext, recip_kid, sender_kid = await test_module.unpack_message(
session, enc_message
)
assert recip_kid == BOB_KID
assert sender_kid == ALICE_KID
assert plaintext == MESSAGE
async def test_unpack_message_1pu_x(self, session: Session):
alg = KeyAlg.X25519
alice_sk = Key.generate(alg)
alice_pk = Key.from_jwk(alice_sk.get_jwk_public())
bob_sk = Key.generate(alg)
bob_pk = Key.from_jwk(bob_sk.get_jwk_public())
# receiver must have the private keypair accessible
await session.insert_key("my_sk", bob_sk, tags={"kid": BOB_KID})
# for now at least, insert the sender public key so it can be resolved
await session.insert_key("alice_pk", alice_pk, tags={"kid": ALICE_KID})
message_1pu_no_skid = json.dumps(
{
"protected": b64url(json.dumps({"alg": "ECDH-1PU+A128KW"})),
"recipients": [{"header": {"kid": BOB_KID}, "encrypted_key": "MTIzNA"}],
"iv": "MTIzNA",
"ciphertext": "MTIzNA",
"tag": "MTIzNA",
}
)
with pytest.raises(
test_module.DidcommEnvelopeError,
match="Sender key ID not provided",
):
_ = await test_module.unpack_message(session, message_1pu_no_skid)
message_1pu_unknown_skid = json.dumps(
{
"protected": b64url(
json.dumps({"alg": "ECDH-1PU+A128KW", "skid": "UNKNOWN"})
),
"recipients": [{"header": {"kid": BOB_KID}, "encrypted_key": "MTIzNA"}],
"iv": "MTIzNA",
"ciphertext": "MTIzNA",
"tag": "MTIzNA",
}
)
with pytest.raises(
test_module.DidcommEnvelopeError,
match="Sender public key not found",
):
_ = await test_module.unpack_message(session, message_1pu_unknown_skid)
message_1pu_apu_invalid = json.dumps(
{
"protected": b64url(
json.dumps({"alg": "ECDH-1PU+A128KW", "skid": "A", "apu": "A"})
),
"recipients": [{"header": {"kid": BOB_KID}, "encrypted_key": "MTIzNA"}],
"iv": "MTIzNA",
"ciphertext": "MTIzNA",
"tag": "MTIzNA",
}
)
with pytest.raises(
test_module.DidcommEnvelopeError,
match="Invalid apu value",
):
_ = await test_module.unpack_message(session, message_1pu_apu_invalid)
message_1pu_apu_mismatch = json.dumps(
{
"protected": b64url(
json.dumps(
{
"alg": "ECDH-1PU+A128KW",
"skid": ALICE_KID,
"apu": b64url("UNKNOWN"),
}
)
),
"recipients": [{"header": {"kid": BOB_KID}, "encrypted_key": "MTIzNA"}],
"iv": "MTIzNA",
"ciphertext": "MTIzNA",
"tag": "MTIzNA",
}
)
with pytest.raises(
test_module.DidcommEnvelopeError,
match="Mismatch between skid and apu",
):
_ = await test_module.unpack_message(session, message_1pu_apu_mismatch)
def test_ecdh_1pu_wrapped_expected():
ephem = Key.from_jwk("""
{"kty": "OKP",
"crv": "X25519",
"x": "k9of_cpAajy0poW5gaixXGs9nHkwg1AFqUAFa39dyBc",
"d": "x8EVZH4Fwk673_mUujnliJoSrLz0zYzzCWp5GUX2fc8"}
""")
alice = Key.from_jwk("""
{"kty": "OKP",
"crv": "X25519",
"x": "Knbm_BcdQr7WIoz-uqit9M0wbcfEr6y-9UfIZ8QnBD4",
"d": "i9KuFhSzEBsiv3PKVL5115OCdsqQai5nj_Flzfkw5jU"}
""")
bob = Key.from_jwk("""
{"kty": "OKP",
"crv": "X25519",
"x": "BT7aR0ItXfeDAldeeOlXL_wXqp-j5FltT0vRSG16kRw",
"d": "1gDirl_r_Y3-qUa3WXHgEXrrEHngWThU3c9zj9A2uBg"}
""")
alg = "ECDH-1PU+A128KW"
enc = "A256CBC-HS512"
apu = "Alice"
apv = "Bob and Charlie"
protected_b64 = b64_url(
f'{{"alg":"{alg}",'
f'"enc":"{enc}",'
f'"apu":"{b64_url(apu)}",'
f'"apv":"{b64_url(apv)}",'
'"epk":'
'{"kty":"OKP",'
'"crv":"X25519",'
'"x":"k9of_cpAajy0poW5gaixXGs9nHkwg1AFqUAFa39dyBc"}}').encode("ascii")
protected = (f'{{"alg":"{alg}",'
f'"enc":"{enc}",'
f'"apu":"{b64_url(apu)}",'
f'"apv":"{b64_url(apv)}",'
'"epk":'
'{"kty":"OKP",'
'"crv":"X25519",'
'"x":"k9of_cpAajy0poW5gaixXGs9nHkwg1AFqUAFa39dyBc"}}')
assert protected == (
'{"alg":"ECDH-1PU+A128KW",'
'"enc":"A256CBC-HS512",'
'"apu":"QWxpY2U",' # Alice
'"apv":"Qm9iIGFuZCBDaGFybGll",' # Bob and Charlie
'"epk":'
'{"kty":"OKP",'
'"crv":"X25519",'
'"x":"k9of_cpAajy0poW5gaixXGs9nHkwg1AFqUAFa39dyBc"}}')
cek = Key.from_secret_bytes(
KeyAlg.A256CBC_HS512,
bytes.fromhex("fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0"
"efeeedecebeae9e8e7e6e5e4e3e2e1e0"
"dfdedddcdbdad9d8d7d6d5d4d3d2d1d0"
"cfcecdcccbcac9c8c7c6c5c4c3c2c1c0"),
)
iv = bytes.fromhex("000102030405060708090a0b0c0d0e0f")
message = b"Three is a magic number."
enc = cek.aead_encrypt(message, nonce=iv, aad=protected_b64)
ciphertext, cc_tag = enc.ciphertext, enc.tag
assert b64_url(ciphertext) == "Az2IWsISEMDJvyc5XRL-3-d-RgNBOGolCsxFFoUXFYw"
assert b64_url(cc_tag) == "HLb4fTlm8spGmij3RyOs2gJ4DpHM4hhVRwdF_hGb3WQ"
derived = Ecdh1PU(alg, apu, apv)._derive_key(
KeyAlg.A128KW,
ephem,
sender_key=alice,
receiver_key=bob,
cc_tag=cc_tag,
receive=False,
)
assert derived.get_secret_bytes() == bytes.fromhex(
"df4c37a0668306a11e3d6b0074b5d8df")
encrypted_key = derived.wrap_key(cek).ciphertext_tag
assert b64_url(encrypted_key) == (
"pOMVA9_PtoRe7xXW1139NzzN1UhiFoio8lGto9cf0t8PyU-"
"sjNXH8-LIRLycq8CHJQbDwvQeU1cSl55cQ0hGezJu2N9IY0QN")
# test sender_wrap_key
encrypted_key_2 = Ecdh1PU(alg, apu, apv).sender_wrap_key(
KeyAlg.A128KW,
ephem,
alice,
bob,
cek,
cc_tag=cc_tag,
)
assert encrypted_key_2.ciphertext_tag == encrypted_key
# Skipping key derivation for Charlie.
# Assemble encrypted_key, iv, cc_tag, ciphertext, and headers into a JWE envelope here.
# Receiver disassembles envelope and..
derived_recv = Ecdh1PU(alg, apu, apv)._derive_key(
KeyAlg.A128KW,
ephem,
sender_key=alice,
receiver_key=bob,
cc_tag=cc_tag,
receive=True,
)
cek_recv = derived_recv.unwrap_key(KeyAlg.A256CBC_HS512, encrypted_key)
assert cek_recv.get_jwk_secret() == cek.get_jwk_secret()
message_recv = cek_recv.aead_decrypt(ciphertext,
nonce=iv,
aad=protected_b64,
tag=cc_tag)
assert message_recv == message
# test receiver_wrap_key
cek_recv_2 = Ecdh1PU(alg, apu, apv).receiver_unwrap_key(
KeyAlg.A128KW,
KeyAlg.A256CBC_HS512,
ephem,
sender_key=alice,
receiver_key=bob,
ciphertext=encrypted_key,
cc_tag=cc_tag,
)
assert cek_recv_2.get_jwk_secret() == cek.get_jwk_secret()