refactor: modify JWE to attach apu/apv in base64 decoded format (#112)

* refactor: modify JWE to attach apu/apv in base64 decoded format

closes inji/inji-wallet#2288

Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>

* refactor: throw error instead of fallback for mandatory jweheader checks

Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>

---------

Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>

Author: KiruthikaJeyashankar

Sources/OpenID4VP/jwt/JWE/Encryption/types/AESGCMEncryption.swift

@@ -9,15 +9,21 @@ class AESGCMEncryption: JWEEncryption {
            self.keySize = keySize
        }
 
-    func encrypt(_ data: Data, with key: SymmetricKey) throws -> (ciphertext: Data, nonce: Data, tag: Data) {
+    func encrypt(_ data: Data, with key: SymmetricKey, aad: Data? = nil) throws -> (ciphertext: Data, nonce: Data, tag: Data) {
 
         guard key.bitCount == keySize.bitCount else {
 
             throw InvalidEncryptionKeySize(className: AESGCMEncryption.className)
         }
 
         let nonce = AES.GCM.Nonce()
-        let sealedBox = try AES.GCM.seal(data, using: key, nonce: nonce)
+        let sealedBox: AES.GCM.SealedBox
+        
+        if let aad = aad {
+            sealedBox = try AES.GCM.seal(data, using: key, nonce: nonce, authenticating: aad)
+        } else {
+            sealedBox = try AES.GCM.seal(data, using: key, nonce: nonce)
+        }
 
         return (
             sealedBox.ciphertext,

Sources/OpenID4VP/jwt/JWE/JWEHandler.swift

@@ -19,37 +19,56 @@ public struct JWEHandler {
             throw PayloadConversionFailed(className: JWEHandler.className)
         }
 
-        //TODO: Perform key agreement based on keyEncryptionAlgorithm
         let encrypter = try EncryptionProvider.getEncrypter(contentEncryptionAlgorithm)
         let keyAgreement = try KeyAgreementFactory.createKeyAgreement(for: publicKey)
-        let sharedKey = try keyAgreement.deriveKey(publicKey: publicKey.x ?? Data(), algorithm: contentEncryptionAlgorithm, apu: producerInfo, apv: recipientInfo)
+        
+        guard let publicKeyXCoordinate = publicKey.x else {
+            throw PublicKeyResolutionFailed(message: "Public key is missing 'x' coordinate", className: Self.className)
+        }
+        
+        guard let encryptionAlgorithm = publicKey.algorithm else {
+            throw PublicKeyResolutionFailed(message: "Public key is missing 'algorithm' property", className: Self.className)
+        }
 
-        let (ciphertext, nonce, tag) = try encrypter.encrypt(payloadData, with: sharedKey)
+        
+        let sharedKey = try keyAgreement.deriveKey(publicKey: publicKeyXCoordinate, algorithm: contentEncryptionAlgorithm, apu: producerInfo, apv: recipientInfo)
 
-        var header = keyAgreement.getJWEHeader(alg: publicKey.algorithm ?? "", enc: contentEncryptionAlgorithm, jwk: publicKey, producerInfo: producerInfo, recipientInfo: recipientInfo)
+        var header = keyAgreement.getJWEHeader(alg: encryptionAlgorithm, enc: contentEncryptionAlgorithm, jwk: publicKey, producerInfo: producerInfo, recipientInfo: recipientInfo)
         if let epk = keyAgreement.getEphemeralPublicKey() {
             header["epk"] = epk
         }
 
+        let encodedHeader = try encodeHeader(header)
+        let aad = encodedHeader.data(using: .utf8)
+        
+        let (ciphertext, nonce, tag) = try encrypter.encrypt(payloadData, with: sharedKey, aad: aad)
+
         return try encodeJWEComponents(
-            header: header,
+            encodedHeader: encodedHeader,
             encryptedKey: keyAgreement.getEncyptionKey(),
             nonce: nonce,
             ciphertext: ciphertext,
             tag: tag
         )
     }
-
+    
+    private func encodeHeader(_ header: [String: Any]) throws -> String {
+        do {
+            let headerData = try JSONSerialization.data(withJSONObject: header)
+            return headerData.toBase64UrlEncoded()
+        } catch {
+            throw JsonEncodingFailed(errorMessage: "Failure occurred while encoding the JWE header - \(error)", className: Self.className)
+        }
+    }
+            
     private func encodeJWEComponents(
-        header: [String: Any],
+        encodedHeader: String,
         encryptedKey: String,
         nonce: Data,
         ciphertext: Data,
         tag: Data
     ) throws -> String {
 
-        let headerJson = try JSONSerialization.data(withJSONObject: header)
-        let encodedHeader = headerJson.toBase64UrlEncoded()
         let encodedEncryptedKey = encryptedKey
         let encodedIV = nonce.toBase64UrlEncoded()
         let encodedCiphertext = ciphertext.toBase64UrlEncoded()

Sources/OpenID4VP/jwt/JWE/JWEProtocol/JWEProtocol.swift

@@ -3,7 +3,6 @@ import JSONWebKey
 import CryptoKit
 
 protocol JWEKeyAgreement {
-    func deriveKey(publicKey: Data) throws -> SymmetricKey
     func deriveKey(publicKey: Data, algorithm: String,
                    apu: String,
                    apv: String) throws -> SymmetricKey
@@ -14,5 +13,5 @@ protocol JWEKeyAgreement {
 }
 
 protocol JWEEncryption {
-    func encrypt(_ data: Data, with key: SymmetricKey) throws -> (ciphertext: Data, nonce: Data, tag: Data)
+    func encrypt(_ data: Data, with key: SymmetricKey, aad: Data?) throws -> (ciphertext: Data, nonce: Data, tag: Data)
 }

Sources/OpenID4VP/jwt/JWE/KeyAgreementFactory/Impl/X25519KeyAgreement.swift

@@ -7,29 +7,6 @@ class X25519KeyAgreement: JWEKeyAgreement {
     private var ephemeralKeyPair: (privateKey: Curve25519.KeyAgreement.PrivateKey,
                                    publicKey: Curve25519.KeyAgreement.PublicKey)?
 
-    func deriveKey(publicKey: Data) throws -> SymmetricKey {
-        do {
-            let privateKey = Curve25519.KeyAgreement.PrivateKey()
-            let publicKey = try Curve25519.KeyAgreement.PublicKey(rawRepresentation: publicKey)
-            
-            ephemeralKeyPair = (privateKey, privateKey.publicKey)
-            
-            let sharedSecret = try privateKey.sharedSecretFromKeyAgreement(with: publicKey)
-            
-            return sharedSecret.hkdfDerivedSymmetricKey(
-                using: SHA256.self,
-                salt: "ECDH-ES+A256GCM".data(using: .utf8)!,
-                sharedInfo: Data(),
-                outputByteCount: 32
-            )
-        } catch {
-            throw wrapError(
-                error,
-                customError: { msg in KeyAgreementFailed(message: msg, className: X25519KeyAgreement.className) }
-            )
-        }
-    }
-    
     func deriveKey(publicKey: Data,
                    algorithm: String = "A256GCM",
                    apu: String,
@@ -43,9 +20,15 @@ class X25519KeyAgreement: JWEKeyAgreement {
             let sharedSecret = try privateKey.sharedSecretFromKeyAgreement(with: publicKey)
 
             let algorithmID = Data(algorithm.utf8)
-            let partyUInfo = Data(apu.utf8)
-            let partyVInfo = Data(apv.utf8)
-            let keyLength = 32 // 256-bit AES key
+            
+            guard let partyUInfo = Data(base64UrlEncoded: apu) else {
+                throw Base64DecodingFailed(message: "Failed to decode producer info (apu)", className: X25519KeyAgreement.className)
+            }
+            guard let partyVInfo = Data(base64UrlEncoded: apv) else {
+                throw Base64DecodingFailed(message: "Failed to decode recipient info (apv)", className: X25519KeyAgreement.className)
+            }
+            
+            let keyLength = try getKeyLength(algorithm: algorithm)
 
             // Convert key length (in bits) to big-endian bytes
             var bitsBE = UInt32(keyLength * 8).bigEndian
@@ -77,6 +60,15 @@ class X25519KeyAgreement: JWEKeyAgreement {
         suppPubInfo: Data,
         suppPrivInfo: Data = Data()
     ) -> SymmetricKey {
+        var otherInfo = Data()
+        
+        appendLengthPrefixed(algorithmID, to: &otherInfo)
+        appendLengthPrefixed(partyUInfo, to: &otherInfo)
+        appendLengthPrefixed(partyVInfo, to: &otherInfo)
+        
+        otherInfo.append(suppPubInfo)
+        otherInfo.append(suppPrivInfo)
+        
         var derivedKey = Data()
         var counter: UInt32 = 1
 
@@ -91,11 +83,7 @@ class X25519KeyAgreement: JWEKeyAgreement {
 
             // Append Z and OtherInfo
             data.append(zData)
-            data.append(algorithmID)
-            data.append(partyUInfo)
-            data.append(partyVInfo)
-            data.append(suppPubInfo)
-            data.append(suppPrivInfo)
+            data.append(otherInfo)
 
             // Hash
             let hash = SHA256.hash(data: data)
@@ -128,4 +116,20 @@ class X25519KeyAgreement: JWEKeyAgreement {
     func getEncyptionKey() -> String {
         return ""
     }
+    
+    private func appendLengthPrefixed(_ value: Data, to buffer: inout Data) {
+        var valueLength = UInt32(value.count).bigEndian
+        buffer.append(Data(bytes: &valueLength, count: 4))
+        buffer.append(value)
+    }
+    
+    private func getKeyLength(algorithm: String) throws -> Int {
+        let algorithmValue = ContentEncryptionAlgorithm.fromValue(algorithm)
+        switch algorithmValue {
+        case .A256GCM:
+            return 32 // 256-bit AES key
+        default:
+            throw UnsupportedOperationException(message: "Unsupported content encryption algorithm: \(algorithm)", className: X25519KeyAgreement.className)
+        }
+    }
 }

Tests/OpenID4VPTests/AuthorizationResponse/AuthorizationResponseHandlerTests.swift

@@ -6,7 +6,7 @@ final class AuthorizationResponseHandlerTests: XCTestCase {
     let state = "state"
     let responseUri = "https://mock-verifier.com"
     let holderId = "wallet-holder-id"
-    let walletNonce = "mock-nonce"
+    let walletNonce = "_G6UkKgcsUPFlHAbzUMerA"
     let signatureSuite = SignatureAlgorithm.ed25519Signature2020.rawValue
     let walletMetadata = WalletMetadata()
 

Tests/OpenID4VPTests/AuthorizationResponse/UnsignedVPToken/UnsignedLdpVPTokenBuilderTests.swift

@@ -26,7 +26,7 @@ final class UnsignedLdpVPTokenBuilderTests: XCTestCase {
         XCTAssertEqual(token.id, "ebc6f1c2")
         XCTAssertEqual(token.holder, "did:example:wallet")
         XCTAssertEqual(token.verifiableCredential.count, 1)
-        assertJsonString(expected: "{\"holder\":\"did:example:wallet\",\"type\":[\"VerifiablePresentation\"],\"@context\":[\"https:\\/\\/www.w3.org\\/2018\\/credentials\\/v1\",\"https:\\/\\/w3id.org\\/security\\/suites\\/ed25519-2020\\/v1\"],\"id\":\"ebc6f1c2\",\"verifiableCredential\":[{\"type\":[\"VerifiableCredential\"],\"issuanceDate\":\"2020-08-19T21:41:50Z\",\"credentialSubject\":{\"id\":\"did:example:subject\"},\"@context\":[\"https:\\/\\/www.w3.org\\/2018\\/credentials\\/v1\"],\"issuer\":\"did:example:issuer\"}],\"proof\":{\"verificationMethod\":\"did:example:wallet\",\"challenge\":\"nonce\",\"domain\":\"client_id\",\"type\":\"Ed25519Signature2020\"}}", actual: (unsignedVPToken as! UnsignedLdpVPToken).dataToSign)
+        assertJsonString(expected: "{\"holder\":\"did:example:wallet\",\"type\":[\"VerifiablePresentation\"],\"@context\":[\"https:\\/\\/www.w3.org\\/2018\\/credentials\\/v1\",\"https:\\/\\/w3id.org\\/security\\/suites\\/ed25519-2020\\/v1\"],\"id\":\"ebc6f1c2\",\"verifiableCredential\":[{\"type\":[\"VerifiableCredential\"],\"issuanceDate\":\"2020-08-19T21:41:50Z\",\"credentialSubject\":{\"id\":\"did:example:subject\"},\"@context\":[\"https:\\/\\/www.w3.org\\/2018\\/credentials\\/v1\"],\"issuer\":\"did:example:issuer\"}],\"proof\":{\"verificationMethod\":\"did:example:wallet\",\"challenge\":\"tHwahwI6M5_Cd_Sj5k2_Aw\",\"domain\":\"client_id\",\"type\":\"Ed25519Signature2020\"}}", actual: (unsignedVPToken as! UnsignedLdpVPToken).dataToSign)
     }
 
     func testCreationOfUnsignedLdpVPTokenWithDifferentSignatureSuite() async throws {
@@ -57,7 +57,7 @@ final class UnsignedLdpVPTokenBuilderTests: XCTestCase {
         XCTAssertEqual(token.id, "ebc6f1c2")
         XCTAssertEqual(token.holder, "did:example:wallet")
         XCTAssertEqual(token.verifiableCredential.count, 1)
-        assertJsonString(expected: "{\"holder\":\"did:example:wallet\",\"type\":[\"VerifiablePresentation\"],\"@context\":[\"https:\\/\\/www.w3.org\\/2018\\/credentials\\/v1\",\"https:\\/\\/w3id.org\\/security\\/suites\\/jws-2020\\/v1\"],\"id\":\"ebc6f1c2\",\"verifiableCredential\":[{\"type\":[\"VerifiableCredential\"],\"issuanceDate\":\"2020-08-19T21:41:50Z\",\"credentialSubject\":{\"id\":\"did:example:subject\"},\"@context\":[\"https:\\/\\/www.w3.org\\/2018\\/credentials\\/v1\"],\"issuer\":\"did:example:issuer\"}],\"proof\":{\"verificationMethod\":\"did:example:wallet\",\"challenge\":\"nonce\",\"domain\":\"client_id\",\"type\":\"JsonWebSignature2020\"}}", actual: (unsignedVPToken as! UnsignedLdpVPToken).dataToSign)
+        assertJsonString(expected: "{\"holder\":\"did:example:wallet\",\"type\":[\"VerifiablePresentation\"],\"@context\":[\"https:\\/\\/www.w3.org\\/2018\\/credentials\\/v1\",\"https:\\/\\/w3id.org\\/security\\/suites\\/jws-2020\\/v1\"],\"id\":\"ebc6f1c2\",\"verifiableCredential\":[{\"type\":[\"VerifiableCredential\"],\"issuanceDate\":\"2020-08-19T21:41:50Z\",\"credentialSubject\":{\"id\":\"did:example:subject\"},\"@context\":[\"https:\\/\\/www.w3.org\\/2018\\/credentials\\/v1\"],\"issuer\":\"did:example:issuer\"}],\"proof\":{\"verificationMethod\":\"did:example:wallet\",\"challenge\":\"tHwahwI6M5_Cd_Sj5k2_Aw\",\"domain\":\"client_id\",\"type\":\"JsonWebSignature2020\"}}", actual: (unsignedVPToken as! UnsignedLdpVPToken).dataToSign)
     }
 
 

Tests/OpenID4VPTests/ResponseModeHandler/types/DirectPostJwtResponseModeHandlerTests.swift

@@ -590,7 +590,7 @@ final class DirectPostJwtResponseModeHandlerTests: XCTestCase {
         mockNetworkManager.setMockResponse(for: responseUri, responseBody: "Response has been shared successfully here.")
 
         let v1Request = getMockAuthorizationRequest(responseMode: .directPostJwt, specVersion: .v1)
-        let dcqlAuthorizationResult = try await directPostJwtResponseModeHandler.sendAuthorizationResponse(authorizationRequest: v1Request, authorizationResponse: authorizationResponse, url: v1Request.responseUri!, networkManager: mockNetworkManager, producerInfo: "mock-nonce", recipientInfo: "verifier-nonce", walletMetadata: nil)
+        let dcqlAuthorizationResult = try await directPostJwtResponseModeHandler.sendAuthorizationResponse(authorizationRequest: v1Request, authorizationResponse: authorizationResponse, url: v1Request.responseUri!, networkManager: mockNetworkManager, producerInfo: "tHwahwI6M5_Cd_Sj5k2_Aw", recipientInfo: "_G6UkKgcsUPFlHAbzUMerA", walletMetadata: nil)
         let v1RecordedRequest = mockNetworkManager.recordedRequests[responseUri]
         XCTAssertEqual(HttpMethod.post, v1RecordedRequest?.requestMethod)
         XCTAssertEqual(1, v1RecordedRequest?.requestBody?.keys.count)

Tests/OpenID4VPTests/TestData/TestUtils.swift

@@ -253,7 +253,7 @@ func getMockAuthorizationRequest(responseMode: ResponseMode = .directPost, respo
             responseMode: responseModeValue ?? responseMode.rawValue,
             responseUri: "https://mock-verifier.com",
             redirectUri: "1234",
-            nonce: "nonce",
+            nonce: "tHwahwI6M5_Cd_Sj5k2_Aw",
             walletNonce: nil,
             state: "state",
             presentationDefinition: mockPresentationDefinitionObject,
@@ -267,7 +267,7 @@ func getMockAuthorizationRequest(responseMode: ResponseMode = .directPost, respo
         responseMode: responseModeValue ?? responseMode.rawValue,
         responseUri: "https://mock-verifier.com",
         redirectUri: "1234",
-        nonce: "nonce",
+        nonce: "tHwahwI6M5_Cd_Sj5k2_Aw",
         walletNonce: nil,
         state: "state",
         clientMetadata: mockClientMetadataSpecVersion1[responseMode]