Skip to content

Commit ab41512

Browse files
authored
Merge pull request #405 from openwallet-foundation-labs/fix/vp-enc
fix: add A256GCM for vp encryption
2 parents 9f10668 + 3d6b961 commit ab41512

File tree

3 files changed

+67
-2
lines changed

3 files changed

+67
-2
lines changed

apps/backend/src/verifier/oid4vp/oid4vp.service.ts

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -166,7 +166,10 @@ export class Oid4vpService {
166166
this.cryptoImplementationService.getSupportedAlgorithms(),
167167
},
168168
},
169-
encrypted_response_enc_values_supported: ["A128GCM"],
169+
encrypted_response_enc_values_supported: [
170+
"A128GCM",
171+
"A256GCM",
172+
],
170173
},
171174
state: session.useDcApi ? undefined : session.id,
172175
transaction_data,

apps/backend/test/presentation/presentation-sdjwt.e2e-spec.ts

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,4 +145,65 @@ describe("Presentation - SD-JWT Credential", () => {
145145
expect(submitRes).toBeDefined();
146146
expect(submitRes.response.status).toBe(200);
147147
});
148+
149+
test("present sd jwt credential with A256GCM encryption", async () => {
150+
const requestBody: PresentationRequest = {
151+
response_type: ResponseType.URI,
152+
requestId: "pid-no-hook",
153+
};
154+
155+
const res = await createPresentationRequest(
156+
app,
157+
authToken,
158+
requestBody,
159+
);
160+
161+
const authRequest = client.parseOpenid4vpAuthorizationRequest({
162+
authorizationRequest: res.body.uri,
163+
});
164+
165+
const resolved = await client.resolveOpenId4vpAuthorizationRequest({
166+
authorizationRequestPayload: authRequest.params,
167+
});
168+
169+
const x5c = [
170+
issuerCert
171+
.replace("-----BEGIN CERTIFICATE-----", "")
172+
.replace("-----END CERTIFICATE-----", "")
173+
.replaceAll(/\r?\n|\r/g, ""),
174+
];
175+
const vp_token = await preparePresentation(
176+
{
177+
iat: Math.floor(Date.now() / 1000),
178+
aud: resolved.authorizationRequestPayload.aud as string,
179+
nonce: resolved.authorizationRequestPayload.nonce,
180+
},
181+
privateIssuerKey,
182+
x5c,
183+
statusListService,
184+
credentialConfigId,
185+
);
186+
187+
// Use A256GCM encryption instead of A128GCM
188+
const jwt = await encryptVpToken(vp_token, "pid", resolved, "A256GCM");
189+
190+
const authorizationResponse =
191+
await client.createOpenid4vpAuthorizationResponse({
192+
authorizationRequestPayload: authRequest.params,
193+
authorizationResponsePayload: {
194+
response: jwt,
195+
},
196+
...callbacks,
197+
});
198+
199+
const submitRes = await client.submitOpenid4vpAuthorizationResponse({
200+
authorizationResponsePayload:
201+
authorizationResponse.authorizationResponsePayload,
202+
authorizationRequestPayload:
203+
resolved.authorizationRequestPayload as Openid4vpAuthorizationRequest,
204+
});
205+
206+
expect(submitRes).toBeDefined();
207+
expect(submitRes.response.status).toBe(200);
208+
});
148209
});

apps/backend/test/utils.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -774,6 +774,7 @@ export async function encryptVpToken(
774774
vp_token: string,
775775
credentialId: string,
776776
resolved: ResolvedOpenid4vpAuthorizationRequest,
777+
enc: "A128GCM" | "A256GCM" = "A128GCM",
777778
): Promise<string> {
778779
const key = (await importJWK(
779780
resolved.authorizationRequestPayload.client_metadata?.jwks
@@ -787,7 +788,7 @@ export async function encryptVpToken(
787788
})
788789
.setProtectedHeader({
789790
alg: "ECDH-ES",
790-
enc: "A128GCM",
791+
enc,
791792
})
792793
.setIssuedAt()
793794
.setExpirationTime("2h")

0 commit comments

Comments
 (0)