def _create_keypair(key_type: KeyType, seed: Union[str, bytes] = None) -> Key:
"""Instantiate a new keypair with an optional seed value."""
if key_type == KeyType.ED25519:
alg = KeyAlg.ED25519
method = None
# elif key_type == KeyType.BLS12381G1:
# alg = KeyAlg.BLS12_381_G1
elif key_type == KeyType.BLS12381G2:
alg = KeyAlg.BLS12_381_G2
method = SeedMethod.BlsKeyGen
# elif key_type == KeyType.BLS12381G1G2:
# alg = KeyAlg.BLS12_381_G1G2
else:
raise WalletError(f"Unsupported key algorithm: {key_type}")
if seed:
try:
if key_type == KeyType.ED25519:
# not a seed - it is the secret key
seed = validate_seed(seed)
return Key.from_secret_bytes(alg, seed)
else:
return Key.from_seed(alg, seed, method=method)
except AskarError as err:
if err.code == AskarErrorCode.INPUT:
raise WalletError("Invalid seed for key generation") from None
else:
return Key.generate(alg)
async def _unpack_message(session: Session,
enc_message: bytes) -> Tuple[str, str, str]:
"""Decode a message using the DIDComm v1 'unpack' algorithm."""
try:
wrapper = JweEnvelope.from_json(enc_message)
except ValidationError:
raise WalletError("Invalid packed message")
alg = wrapper.protected.get("alg")
is_authcrypt = alg == "Authcrypt"
if not is_authcrypt and alg != "Anoncrypt":
raise WalletError("Unsupported pack algorithm: {}".format(alg))
recips = extract_pack_recipients(wrapper.recipients())
payload_key, sender_vk = None, None
for recip_vk in recips:
recip_key_entry = await session.fetch_key(recip_vk)
if recip_key_entry:
payload_key, sender_vk = _extract_payload_key(
recips[recip_vk], recip_key_entry.key)
break
if not payload_key:
raise WalletError("No corresponding recipient key found in {}".format(
tuple(recips)))
if not sender_vk and is_authcrypt:
raise WalletError(
"Sender public key not provided for Authcrypt message")
cek = Key.from_secret_bytes(KeyAlg.C20P, payload_key)
message = cek.aead_decrypt(
wrapper.ciphertext,
nonce=wrapper.iv,
tag=wrapper.tag,
aad=wrapper.protected_bytes,
)
return message, recip_vk, sender_vk
def test_ecdh_1pu_wrapped_expected():
ephem = Key.from_jwk("""
{"kty": "OKP",
"crv": "X25519",
"x": "k9of_cpAajy0poW5gaixXGs9nHkwg1AFqUAFa39dyBc",
"d": "x8EVZH4Fwk673_mUujnliJoSrLz0zYzzCWp5GUX2fc8"}
""")
alice = Key.from_jwk("""
{"kty": "OKP",
"crv": "X25519",
"x": "Knbm_BcdQr7WIoz-uqit9M0wbcfEr6y-9UfIZ8QnBD4",
"d": "i9KuFhSzEBsiv3PKVL5115OCdsqQai5nj_Flzfkw5jU"}
""")
bob = Key.from_jwk("""
{"kty": "OKP",
"crv": "X25519",
"x": "BT7aR0ItXfeDAldeeOlXL_wXqp-j5FltT0vRSG16kRw",
"d": "1gDirl_r_Y3-qUa3WXHgEXrrEHngWThU3c9zj9A2uBg"}
""")
alg = "ECDH-1PU+A128KW"
enc = "A256CBC-HS512"
apu = "Alice"
apv = "Bob and Charlie"
protected_b64 = b64_url(
f'{{"alg":"{alg}",'
f'"enc":"{enc}",'
f'"apu":"{b64_url(apu)}",'
f'"apv":"{b64_url(apv)}",'
'"epk":'
'{"kty":"OKP",'
'"crv":"X25519",'
'"x":"k9of_cpAajy0poW5gaixXGs9nHkwg1AFqUAFa39dyBc"}}').encode("ascii")
protected = (f'{{"alg":"{alg}",'
f'"enc":"{enc}",'
f'"apu":"{b64_url(apu)}",'
f'"apv":"{b64_url(apv)}",'
'"epk":'
'{"kty":"OKP",'
'"crv":"X25519",'
'"x":"k9of_cpAajy0poW5gaixXGs9nHkwg1AFqUAFa39dyBc"}}')
assert protected == (
'{"alg":"ECDH-1PU+A128KW",'
'"enc":"A256CBC-HS512",'
'"apu":"QWxpY2U",' # Alice
'"apv":"Qm9iIGFuZCBDaGFybGll",' # Bob and Charlie
'"epk":'
'{"kty":"OKP",'
'"crv":"X25519",'
'"x":"k9of_cpAajy0poW5gaixXGs9nHkwg1AFqUAFa39dyBc"}}')
cek = Key.from_secret_bytes(
KeyAlg.A256CBC_HS512,
bytes.fromhex("fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0"
"efeeedecebeae9e8e7e6e5e4e3e2e1e0"
"dfdedddcdbdad9d8d7d6d5d4d3d2d1d0"
"cfcecdcccbcac9c8c7c6c5c4c3c2c1c0"),
)
iv = bytes.fromhex("000102030405060708090a0b0c0d0e0f")
message = b"Three is a magic number."
enc = cek.aead_encrypt(message, nonce=iv, aad=protected_b64)
ciphertext, cc_tag = enc.ciphertext, enc.tag
assert b64_url(ciphertext) == "Az2IWsISEMDJvyc5XRL-3-d-RgNBOGolCsxFFoUXFYw"
assert b64_url(cc_tag) == "HLb4fTlm8spGmij3RyOs2gJ4DpHM4hhVRwdF_hGb3WQ"
derived = Ecdh1PU(alg, apu, apv)._derive_key(
KeyAlg.A128KW,
ephem,
sender_key=alice,
receiver_key=bob,
cc_tag=cc_tag,
receive=False,
)
assert derived.get_secret_bytes() == bytes.fromhex(
"df4c37a0668306a11e3d6b0074b5d8df")
encrypted_key = derived.wrap_key(cek).ciphertext_tag
assert b64_url(encrypted_key) == (
"pOMVA9_PtoRe7xXW1139NzzN1UhiFoio8lGto9cf0t8PyU-"
"sjNXH8-LIRLycq8CHJQbDwvQeU1cSl55cQ0hGezJu2N9IY0QN")
# test sender_wrap_key
encrypted_key_2 = Ecdh1PU(alg, apu, apv).sender_wrap_key(
KeyAlg.A128KW,
ephem,
alice,
bob,
cek,
cc_tag=cc_tag,
)
assert encrypted_key_2.ciphertext_tag == encrypted_key
# Skipping key derivation for Charlie.
# Assemble encrypted_key, iv, cc_tag, ciphertext, and headers into a JWE envelope here.
# Receiver disassembles envelope and..
derived_recv = Ecdh1PU(alg, apu, apv)._derive_key(
KeyAlg.A128KW,
ephem,
sender_key=alice,
receiver_key=bob,
cc_tag=cc_tag,
receive=True,
)
cek_recv = derived_recv.unwrap_key(KeyAlg.A256CBC_HS512, encrypted_key)
assert cek_recv.get_jwk_secret() == cek.get_jwk_secret()
message_recv = cek_recv.aead_decrypt(ciphertext,
nonce=iv,
aad=protected_b64,
tag=cc_tag)
assert message_recv == message
# test receiver_wrap_key
cek_recv_2 = Ecdh1PU(alg, apu, apv).receiver_unwrap_key(
KeyAlg.A128KW,
KeyAlg.A256CBC_HS512,
ephem,
sender_key=alice,
receiver_key=bob,
ciphertext=encrypted_key,
cc_tag=cc_tag,
)
assert cek_recv_2.get_jwk_secret() == cek.get_jwk_secret()
