refactor: Crypter/Wallet crypto operations

The current wallet is calling Pack/Unpack This behavior has now changed and delegated to a newer Packager interface In addition, operations involving private keys have been moved to the wallet. Namely, DerviveKEK() is the only function in the crypto functionality that deals with private keys Aries framework has been updated with new context functions to support the new structure. In addtion to WithWallet(), 2 new functions are added to the context provider: WithCrypter() and WithPackager(). JWE Crypto functionality depends on these providers in the following order: 1. WithWallet() 2. WithCrypter() 3. WithPackager() Also, minor refactoring of function names in the crypter was done for better readability. Finally the recipient key is no longer needed in Crypter.Decrypt() as it will be matched with the recipients's list in the envelope and the wallet's first key found. Signed-off-by: Baha Shaaban <[email protected]>
hyperledger-archives · Oct 11, 2019 · cbe209a · cbe209a
1 parent 5d0e99a
commit cbe209a
Show file tree

Hide file tree

Showing 41 changed files with 1,231 additions and 781 deletions.
diff --git a/pkg/didcomm/crypto/crypter.go b/pkg/didcomm/crypto/crypter.go
@@ -6,6 +6,16 @@ SPDX-License-Identifier: Apache-2.0
 
 package crypto
 
+import "github.com/hyperledger/aries-framework-go/pkg/wallet"
+
+// Provider interface for Crypter ctx
+type Provider interface {
+	CryptoWallet() wallet.Crypto
+}
+
+// CrypterCreator method to create new crypter service
+type CrypterCreator func(prov Provider) (Crypter, error)
+
 // Crypter is an Aries envelope encrypter to support
 // secure DIDComm exchange of envelopes between Aries agents
 // TODO create a higher-level crypto that switches implementations based on the algorithm - Issue #273
@@ -16,29 +26,13 @@ type Crypter interface {
 	// 		[]byte containing the encrypted envelope
 	//		error if encryption failed
 	// TODO add key type of recipients and sender keys to be validated by the implementation - Issue #272
-	Encrypt(payload []byte, sender KeyPair, recipients [][]byte) ([]byte, error)
-	// Decrypt an envelope in an Aries compliant format with the recipient's private key
-	// and the recipient's public key both set in recipientKeyPair
+	Encrypt(payload []byte, senderKey []byte, recipients [][]byte) ([]byte, error)
+	// Decrypt an envelope in an Aries compliant format.
+	// 		The recipient's key will be matched from the wallet with the list of recipients in the envelope
+	//
 	// returns:
 	// 		[]byte containing the decrypted payload
 	//		error if decryption failed
 	// TODO add key type of recipients keys to be validated by the implementation - Issue #272
-	Decrypt(envelope []byte, recipientKeyPair KeyPair) ([]byte, error)
-}
-
-// KeyPair represents a private/public key pair each with 32 bytes in size
-type KeyPair struct {
-	// Priv is a private key
-	Priv []byte
-	// Pub is a public key
-	Pub []byte
-}
-
-// IsKeyPairValid is a utility function that validates a KeyPair
-func IsKeyPairValid(kp KeyPair) bool {
-	if kp.Priv == nil || kp.Pub == nil {
-		return false
-	}
-
-	return true
+	Decrypt(envelope []byte) ([]byte, error)
 }
diff --git a/pkg/didcomm/crypto/crypter_test.go b/pkg/didcomm/crypto/crypter_test.go
diff --git a/pkg/didcomm/crypto/jwe/authcrypt/authcrypt.go b/pkg/didcomm/crypto/jwe/authcrypt/authcrypt.go
@@ -11,6 +11,9 @@ import (
 	"errors"
 
 	chacha "golang.org/x/crypto/chacha20poly1305"
+
+	"github.com/hyperledger/aries-framework-go/pkg/didcomm/crypto"
+	"github.com/hyperledger/aries-framework-go/pkg/wallet"
 )
 
 // This package deals with Authcrypt encryption for Packing/Unpacking DID Comm exchange
@@ -30,25 +33,14 @@ const XC20P = ContentEncryption("XC20P") // XChacha20 encryption + Poly1305 auth
 //nolint:gochecknoglobals
 var randReader = rand.Reader
 
-// errEmptyRecipients is used when recipients list is empty
-var errEmptyRecipients = errors.New("empty recipients")
-
-// errInvalidKeypair is used when a keypair is invalid
-var errInvalidKeypair = errors.New("invalid keypair")
-
-// errInvalidKey is used when a key is invalid
-var errInvalidKey = errors.New("invalid key")
-
-// errRecipientNotFound is used when a recipient is not found
-var errRecipientNotFound = errors.New("recipient not found")
-
 // errUnsupportedAlg is used when a bad encryption algorithm is used
 var errUnsupportedAlg = errors.New("algorithm not supported")
 
 // Crypter represents an Authcrypt Encrypter (Decrypter) that outputs/reads JWE envelopes
 type Crypter struct {
 	alg       ContentEncryption
 	nonceSize int
+	wallet    wallet.Crypto
 }
 
 // Envelope represents a JWE envelope as per the Aries Encryption envelope specs
@@ -106,7 +98,8 @@ type jwk struct {
 // C20P (chacha20-poly1305 ietf)
 // XC20P (xchacha20-poly1305 ietf)
 // The returned crypter contains all the information required to encrypt payloads.
-func New(alg ContentEncryption) (*Crypter, error) {
+func New(ctx crypto.Provider, alg ContentEncryption) (*Crypter, error) {
+	w := ctx.CryptoWallet()
 	var nonceSize int
 	switch alg {
 	case C20P:
@@ -117,16 +110,9 @@ func New(alg ContentEncryption) (*Crypter, error) {
 		return nil, errUnsupportedAlg
 	}
 
-	c := &Crypter{
-		alg,
-		nonceSize,
-	}
-
-	return c, nil
-}
-
-// IsChachaKeyValid will return true if key size is the same as chacha20poly1305.keySize
-// false otherwise
-func IsChachaKeyValid(key []byte) bool {
-	return len(key) == chacha.KeySize
+	return &Crypter{
+		alg:       alg,
+		nonceSize: nonceSize,
+		wallet:    w,
+	}, nil
 }