Merge pull request sicpa-dlab#95 from sicpa-dlab/fix/relax-key-compat…

…ibility-checks

Relax key compatibility checks

didcomm/core/utils.py

@@ -358,26 +358,46 @@ def get_did_and_optionally_kid(did_or_kid: DID_OR_DID_URL) -> (DID, Optional[DID
  return did, kid
 
 
+class _Crv(Enum):
+ ED25519 = "Ed25519"
+ X25519 = "X25519"
+
+
+def _get_crv_for_verification_method(
+ key: Union[VerificationMethod, Secret],
+) -> Optional[str]:
+ if key.type in {
+ VerificationMethodType.ED25519_VERIFICATION_KEY_2020,
+ VerificationMethodType.ED25519_VERIFICATION_KEY_2018,
+ }:
+ return _Crv.ED25519.value
+ elif key.type in {
+ VerificationMethodType.X25519_KEY_AGREEMENT_KEY_2020,
+ VerificationMethodType.X25519_KEY_AGREEMENT_KEY_2019,
+ }:
+ return _Crv.X25519.value
+ elif key.type is VerificationMethodType.JSON_WEB_KEY_2020:
+ jwk = (
+ json_str_to_dict(key.verification_material.value)
+ if isinstance(key, Secret)
+ else key.public_key_jwk
+ )
+ return jwk["crv"]
+ else:
+ return None
+
+
 def are_keys_compatible(
  method1: Union[Secret, VerificationMethod], method2: VerificationMethod
 ) -> bool:
- if method1.type == method2.type:
- if method1.type == VerificationMethodType.JSON_WEB_KEY_2020:
- private_jwk = (
- json_str_to_dict(method1.verification_material.value)
- if isinstance(method1, Secret)
- else method1.public_key_jwk
- )
- public_jwk = method2.public_key_jwk
- return (
- private_jwk["kty"] == public_jwk["kty"]
- and private_jwk["crv"] == public_jwk["crv"]
- )
- else:
- return True
- else:
+ crv_1 = _get_crv_for_verification_method(method1)
+ crv_2 = _get_crv_for_verification_method(method2)
+
+ if crv_1 is None or crv_2 is None:
  return False
 
+ return crv_1 == crv_2
+
 
 def parse_base64url_encoded_json(base64url):
  return json_str_to_dict(to_unicode(urlsafe_b64decode(to_bytes(base64url))))

tests/test_vectors/did_doc/did_doc_bob.py

@@ -35,6 +35,12 @@
  "x": "82k2BTUiywKv49fKLZa-WwDi8RBf0tB0M8bvSAUQ3yY",
  },
 )
+BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_4 = VerificationMethod(
+ id="did:example:bob#key-x25519-4",
+ controller="did:example:bob",
+ type=VerificationMethodType.X25519_KEY_AGREEMENT_KEY_2020,
+ public_key_multibase="z6LSp2h4y6EeqhKpLUGeKCaWTcH2PHPWbXo4paERM5QLsstT",
+)
 BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_NOT_IN_SECRETS_1 = VerificationMethod(
  id="did:example:bob#key-x25519-not-secrets-1",
  controller="did:example:bob",
@@ -152,6 +158,7 @@
  "did:example:bob#key-x25519-1",
  "did:example:bob#key-x25519-2",
  "did:example:bob#key-x25519-3",
+ "did:example:bob#key-x25519-4",
  "did:example:bob#key-p256-1",
  "did:example:bob#key-p256-2",
  "did:example:bob#key-p384-1",
@@ -164,6 +171,7 @@
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_1,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_2,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_3,
+ BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_4,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_P256_1,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_P256_2,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_P384_1,
@@ -180,6 +188,7 @@
  "did:example:bob#key-x25519-1",
  "did:example:bob#key-x25519-2",
  "did:example:bob#key-x25519-3",
+ "did:example:bob#key-x25519-4",
  "did:example:bob#key-x25519-not-secrets-1",
  "did:example:bob#key-p256-1",
  "did:example:bob#key-p256-2",
@@ -204,6 +213,7 @@
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_1,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_2,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_3,
+ BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_4,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_NOT_IN_SECRETS_1,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_P256_1,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_P256_2,

tests/test_vectors/didcomm_messages/spec/spec_test_vectors_anon_encrypted.py

@@ -5,24 +5,28 @@
 
 TEST_ENCRYPTED_DIDCOMM_MESSAGE_ANON_XC20P_1 = json_dumps(
  {
- "ciphertext": "KWS7gJU7TbyJlcT9dPkCw-ohNigGaHSukR9MUqFM0THbCTCNkY-g5tahBFyszlKIKXs7qOtqzYyWbPou2q77XlAeYs93IhF6NvaIjyNqYklvj-OtJt9W2Pj5CLOMdsR0C30wchGoXd6wEQZY4ttbzpxYznqPmJ0b9KW6ZP-l4_DSRYe9B-1oSWMNmqMPwluKbtguC-riy356Xbu2C9ShfWmpmjz1HyJWQhZfczuwkWWlE63g26FMskIZZd_jGpEhPFHKUXCFwbuiw_Iy3R0BIzmXXdK_w7PZMMPbaxssl2UeJmLQgCAP8j8TukxV96EKa6rGgULvlo7qibjJqsS5j03bnbxkuxwbfyu3OxwgVzFWlyHbUH6p",
- "protected": "eyJlcGsiOnsia3R5IjoiT0tQIiwiY3J2IjoiWDI1NTE5IiwieCI6IkpIanNtSVJaQWFCMHpSR193TlhMVjJyUGdnRjAwaGRIYlc1cmo4ZzBJMjQifSwiYXB2IjoiTmNzdUFuclJmUEs2OUEtcmtaMEw5WFdVRzRqTXZOQzNaZzc0QlB6NTNQQSIsInR5cCI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tZW5jcnlwdGVkK2pzb24iLCJlbmMiOiJYQzIwUCIsImFsZyI6IkVDREgtRVMrQTI1NktXIn0",
+ "protected": "eyJ0eXAiOiJhcHBsaWNhdGlvbi9kaWRjb21tLWVuY3J5cHRlZCtqc29uIiwiYWxnIjoiRUNESC1FUytBMjU2S1ciLCJlbmMiOiJYQzIwUCIsImFwdiI6IlkxWXh3b053WU5HNGRKRlBKanZtLTk0aWJhdXFBOUhyV0tZWmhtY29lU2ciLCJlcGsiOnsiY3J2IjoiWDI1NTE5IiwieCI6ImFNZzU4X1JqT2dGcjhZQWtCdmptOXhKYVZ3bnlXRVRmRFpYaGMyWVctamMiLCJrdHkiOiJPS1AifX0",
  "recipients": [
  {
- "encrypted_key": "3n1olyBR3nY7ZGAprOx-b7wYAKza6cvOYjNwVg3miTnbLwPP_FmE1A",
  "header": {"kid": "did:example:bob#key-x25519-1"},
+ "encrypted_key": "ThzyeMnViwuOEK3LLAhKXyoTUCOcBhaa4FxMvC1F3nLI9oXeKJjtPQ",
  },
  {
- "encrypted_key": "j5eSzn3kCrIkhQAWPnEwrFPMW6hG0zF_y37gUvvc5gvlzsuNX4hXrQ",
  "header": {"kid": "did:example:bob#key-x25519-2"},
+ "encrypted_key": "yglsPC468bnwGL2aPcbGZUdvWFSipmoP9wJoaWqWVc3Ce56jI5v9xQ",
  },
  {
- "encrypted_key": "TEWlqlq-ao7Lbynf0oZYhxs7ZB39SUWBCK4qjqQqfeItfwmNyDm73A",
  "header": {"kid": "did:example:bob#key-x25519-3"},
+ "encrypted_key": "SpAP0Gzo2lazwfAPyMhaTd1GlO6aRTmXngDu3j9iFwXetow_FkVxsw",
+ },
+ {
+ "header": {"kid": "did:example:bob#key-x25519-4"},
+ "encrypted_key": "_bWWYGGUZ2ITqcGDdP7C1_LkYb_2qtOaXQ3sWyoK6g161SGxsWEpoQ",
  },
  ],
- "tag": "6ylC_iAs4JvDQzXeY6MuYQ",
- "iv": "ESpmcyGiZpRjc5urDela21TOOTW8Wqd1",
+ "iv": "9AVo9rQR0ZX7QEhguuRWV-JcCbwkaa3x",
+ "ciphertext": "lSto80zaVP0ywIYzF2ecD01SM1xyqqPexRcZ8f-7D1T00AEWdTfJxw3Hp1ktNJFHpj5RHbFomrJy9LXErJWZXQWxmZBhmcIfZwu0b70Nq20m8I4oI-ZN2twVGMApFj-M98aZ11M17SI8jToOPPFJAdfLKBM3Q1nFW4LoqJZQgbRt0T2pHhgeS-xlwzSbC3aNpYPcfm-eceDrZis_GKgvCx5Jqw6BQdSYRxAXIwIM68owSAn9wAPTZlAqgyMXs3aZGvVSGYx6_PnWIqBhubdQ9hod2-XHUzT054MUJPCF16jC1K1qgOYrZguQC6FF0Ly9_Zcr1NQCZSeJLSuSP6BWtDsFaoVC5bLVDAtmqjKgI2uRlo6KaBaXq1f_nzIx_JfBPX8fmSI9k9nfBU0",
+ "tag": "NW406iWJxQucfftvd5Cy9Q",
  }
 )
 
@@ -95,6 +99,7 @@
  "did:example:bob#key-x25519-1",
  "did:example:bob#key-x25519-2",
  "did:example:bob#key-x25519-3",
+ "did:example:bob#key-x25519-4",
  ],
  enc_alg_anon=AnonCryptAlg.XC20P_ECDH_ES_A256KW,
  ),

tests/test_vectors/didcomm_messages/spec/spec_test_vectors_auth_encrypted.py

@@ -5,24 +5,28 @@
 
 TEST_ENCRYPTED_DIDCOMM_MESSAGE_AUTH_X25519 = json_dumps(
  {
- "ciphertext": "MJezmxJ8DzUB01rMjiW6JViSaUhsZBhMvYtezkhmwts1qXWtDB63i4-FHZP6cJSyCI7eU-gqH8lBXO_UVuviWIqnIUrTRLaumanZ4q1dNKAnxNL-dHmb3coOqSvy3ZZn6W17lsVudjw7hUUpMbeMbQ5W8GokK9ZCGaaWnqAzd1ZcuGXDuemWeA8BerQsfQw_IQm-aUKancldedHSGrOjVWgozVL97MH966j3i9CJc3k9jS9xDuE0owoWVZa7SxTmhl1PDetmzLnYIIIt-peJtNYGdpd-FcYxIFycQNRUoFEr77h4GBTLbC-vqbQHJC1vW4O2LEKhnhOAVlGyDYkNbA4DSL-LMwKxenQXRARsKSIMn7z-ZIqTE-VCNj9vbtgR",
- "protected": "eyJlcGsiOnsia3R5IjoiT0tQIiwiY3J2IjoiWDI1NTE5IiwieCI6IkdGY01vcEpsamY0cExaZmNoNGFfR2hUTV9ZQWY2aU5JMWRXREd5VkNhdzAifSwiYXB2IjoiTmNzdUFuclJmUEs2OUEtcmtaMEw5WFdVRzRqTXZOQzNaZzc0QlB6NTNQQSIsInNraWQiOiJkaWQ6ZXhhbXBsZTphbGljZSNrZXkteDI1NTE5LTEiLCJhcHUiOiJaR2xrT21WNFlXMXdiR1U2WVd4cFkyVWphMlY1TFhneU5UVXhPUzB4IiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1lbmNyeXB0ZWQranNvbiIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJhbGciOiJFQ0RILTFQVStBMjU2S1cifQ",
+ "protected": "eyJ0eXAiOiJhcHBsaWNhdGlvbi9kaWRjb21tLWVuY3J5cHRlZCtqc29uIiwiYWxnIjoiRUNESC0xUFUrQTI1NktXIiwiZW5jIjoiQTI1NkNCQy1IUzUxMiIsImFwdSI6IlpHbGtPbVY0WVcxd2JHVTZZV3hwWTJVamEyVjVMWGd5TlRVeE9TMHgiLCJhcHYiOiJZMVl4d29Od1lORzRkSkZQSmp2bS05NGliYXVxQTlIcldLWVpobWNvZVNnIiwic2tpZCI6ImRpZDpleGFtcGxlOmFsaWNlI2tleS14MjU1MTktMSIsImVwayI6eyJjcnYiOiJYMjU1MTkiLCJ4Ijoib2dIbzBwSkRENDNTcVNXZUtPZHJCLXdpb1FIZlV3TGJPSHBJMmY1VU1pZyIsImt0eSI6Ik9LUCJ9fQ",
  "recipients": [
  {
- "encrypted_key": "o0FJASHkQKhnFo_rTMHTI9qTm_m2mkJp-wv96mKyT5TP7QjBDuiQ0AMKaPI_RLLB7jpyE-Q80Mwos7CvwbMJDhIEBnk2qHVB",
  "header": {"kid": "did:example:bob#key-x25519-1"},
+ "encrypted_key": "MmT3HsZZjZ_tn5Y8E1W5xY3kW0ay7PTuxYiPSFpTQmigeHyRA3xDPiFpFPDljmzgJQG-_KKa8llAsqcT-JBH4bKYzxAkZPV8",
  },
  {
- "encrypted_key": "rYlafW0XkNd8kaXCqVbtGJ9GhwBC3lZ9AihHK4B6J6V2kT7vjbSYuIpr1IlAjvxYQOw08yqEJNIwrPpB0ouDzKqk98FVN7rK",
  "header": {"kid": "did:example:bob#key-x25519-2"},
+ "encrypted_key": "ahZ_wNMeygPtI_gkvCeEv71QlGC040iD5gFiAppu53WF1UglnUKF7Pe5jFcpTRSOZp-6PtJghXpmep9UDdqoD0SKriTiaMpQ",
  },
  {
- "encrypted_key": "aqfxMY2sV-njsVo-_9Ke9QbOf6hxhGrUVh_m-h_Aq530w3e_4IokChfKWG1tVJvXYv_AffY7vxj0k5aIfKZUxiNmBwC_QsNo",
  "header": {"kid": "did:example:bob#key-x25519-3"},
+ "encrypted_key": "KRX2BLEhMZnWx7F44umOlRO6B2TLJFS5mBsaJCJW83NJuYYJNoM41TBg03kqkMbGm9Fs4UgunMNYjCAU3mDcjB8UY5oVZoC_",
+ },
+ {
+ "header": {"kid": "did:example:bob#key-x25519-4"},
+ "encrypted_key": "c0v4zw8JhCvOI5pkJo4mXRRsGl_liMyirGFdQkZWULIK_Urw5lm7KqeUXJsqvAPRBz6n9broQP75HCQ4QtDveYmVEVbVA3c3",
  },
  ],
- "tag": "uYeo7IsZjN7AnvBjUZE5lNryNENbf6_zew_VC-d4b3U",
- "iv": "o02OXDQ6_-sKz2PX_6oyJg",
+ "iv": "LqyZeQsKsQ_0CezRDIo4ng",
+ "ciphertext": "IvSZruHdIR0JGXRaXchiwAuwce6rqOmNQMBRaBgXn49PrlmroeBAQUa5yq1bek3HBljaNXXtCxWqBiW7i_EN5oJVVfUNQPUwDL_ozRfOncU3LmYnYFeVQ3C9mndFKITnxOxWqG3hhVlJw91IN9-sYXQCj0LbG3dbbiLuaN_CqJa-sIPZaNXpE5H11FQsw8owXzcEELO8zqSIlz_ZizLuRE-S24-_gzROKzpgL2qq-9fgkBVr28GQt0NHlGuSHUEq0tloIYLtILQ3UGoqyD2Ay5EJfEOL9pK4Vu-2_6pFxfvJowAk2EsLYO8fNvZJuM3Jw0HWe4MqtNxFa-_rSh3eNT7nyZecAgQ2vFtdAlIfcPMAbDqIE9UBIm2Ttie310j6F2IIRze1PMKNUH7Wf_PclQ",
+ "tag": "p8QNhwH3n0aFeh9qV6E3g6-iZzXe8hEMP1BbkU86PgY",
  }
 )
 
@@ -103,6 +107,7 @@
  "did:example:bob#key-x25519-1",
  "did:example:bob#key-x25519-2",
  "did:example:bob#key-x25519-3",
+ "did:example:bob#key-x25519-4",
  ],
  enc_alg_auth=AuthCryptAlg.A256CBC_HS512_ECDH_1PU_A256KW,
  ),

tests/test_vectors/secrets/mock_secrets_resolver_bob.py

@@ -56,6 +56,15 @@
  ),
 )
 
+BOB_SECRET_KEY_AGREEMENT_KEY_X25519_4 = Secret(
+ kid="did:example:bob#key-x25519-4",
+ type=VerificationMethodType.X25519_KEY_AGREEMENT_KEY_2020,
+ verification_material=VerificationMaterial(
+ format=VerificationMaterialFormat.MULTIBASE,
+ value="z3weet6o3WdATuoPDqbd9mtcu3fRRPf9kcbobHPJuRhqc4Zr",
+ ),
+)
+
 BOB_SECRET_KEY_AGREEMENT_KEY_P256_1 = Secret(
  kid="did:example:bob#key-p256-1",
  type=VerificationMethodType.JSON_WEB_KEY_2020,
@@ -166,6 +175,7 @@ def __init__(self):
  BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1,
  BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2,
  BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3,
+ BOB_SECRET_KEY_AGREEMENT_KEY_X25519_4,
  BOB_SECRET_KEY_AGREEMENT_KEY_P256_1,
  BOB_SECRET_KEY_AGREEMENT_KEY_P256_2,
  BOB_SECRET_KEY_AGREEMENT_KEY_P384_1,

tests/test_vectors/test_utils.py

@@ -23,6 +23,7 @@
  BOB_VERIFICATION_METHOD_KEY_AGREEM_P521_2,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_P384_2,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_P256_2,
+ BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_4,
 )
 from tests.test_vectors.did_doc.mock_did_resolver import DID_DOC_ALICE_WITH_NO_SECRETS
 from tests.test_vectors.secrets.mock_secrets_resolver_alice import (
@@ -43,6 +44,7 @@
  BOB_SECRET_KEY_AGREEMENT_KEY_P256_2,
  BOB_SECRET_KEY_AGREEMENT_KEY_P384_2,
  BOB_SECRET_KEY_AGREEMENT_KEY_P521_2,
+ BOB_SECRET_KEY_AGREEMENT_KEY_X25519_4,
 )
 from tests.test_vectors.utils import (
  Person,
@@ -273,6 +275,7 @@ def test_get_bob_key_agreement_verification_methods_in_secrets_all():
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_1,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_2,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_3,
+ BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_4,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_P256_1,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_P256_2,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_P384_1,
@@ -288,6 +291,7 @@ def test_get_bob_key_agreement_verification_methods_in_secrets_x25519():
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_1,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_2,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_3,
+ BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_4,
  ]
  assert (
  get_key_agreement_methods_in_secrets(Person.BOB, KeyAgreementCurveType.X25519)
@@ -381,6 +385,7 @@ def test_get_bob_key_agreement_secrets_all():
  BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1,
  BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2,
  BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3,
+ BOB_SECRET_KEY_AGREEMENT_KEY_X25519_4,
  BOB_SECRET_KEY_AGREEMENT_KEY_P256_1,
  BOB_SECRET_KEY_AGREEMENT_KEY_P256_2,
  BOB_SECRET_KEY_AGREEMENT_KEY_P384_1,
@@ -396,6 +401,7 @@ def test_get_bob_key_agreement_secrets_x25519():
  BOB_SECRET_KEY_AGREEMENT_KEY_X25519_1,
  BOB_SECRET_KEY_AGREEMENT_KEY_X25519_2,
  BOB_SECRET_KEY_AGREEMENT_KEY_X25519_3,
+ BOB_SECRET_KEY_AGREEMENT_KEY_X25519_4,
  ]
  assert (
  get_key_agreement_secrets(Person.BOB, KeyAgreementCurveType.X25519) == expected
@@ -431,6 +437,7 @@ def test_get_bob_key_agreement_methods_all():
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_1,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_2,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_3,
+ BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_4,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_NOT_IN_SECRETS_1,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_P256_1,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_P256_2,
@@ -450,6 +457,7 @@ def test_get_bob_key_agreement_methods_x25519():
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_1,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_2,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_3,
+ BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_4,
  BOB_VERIFICATION_METHOD_KEY_AGREEM_X25519_NOT_IN_SECRETS_1,
  ]
  assert (

tests/test_vectors/utils.py

@@ -169,4 +169,9 @@ def _map_curve_to_type(vm: Union[Secret, VerificationMethod]) -> KeyAgreementCur
  return KeyAgreementCurveType.P384
  if jwk["crv"] == "P-521":
  return KeyAgreementCurveType.P521
+ elif (
+ vm.type == VerificationMethodType.X25519_KEY_AGREEMENT_KEY_2020
+ or vm.type == VerificationMethodType.X25519_KEY_AGREEMENT_KEY_2019
+ ):
+ return KeyAgreementCurveType.X25519
  raise DIDCommValueError("Unknown verification methods curve type: " + str(vm))