Skip to content

Commit

Permalink
fix: wrong type of kid in jwe for v1
Browse files Browse the repository at this point in the history
Signed-off-by: Daniel Bluhm <[email protected]>
  • Loading branch information
dbluhm committed Jun 7, 2024
1 parent 892b614 commit e218ee3
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 5 deletions.
6 changes: 5 additions & 1 deletion didcomm_messaging/crypto/backend/askar.py
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,10 @@ def kid(self) -> str:
"""Get the key ID."""
return self._kid

def as_public_key(self) -> AskarKey:
"""Return AskarKey representation."""
return AskarKey(self.key, self.kid)


class AskarCryptoService(CryptoService[AskarKey, AskarSecretKey]):
"""CryptoService backend implemented using Askar."""
Expand Down Expand Up @@ -413,4 +417,4 @@ async def get_secret_by_kid(self, kid: str) -> Optional[AskarSecretKey]:
return None

# cached_property doesn't play nice with pyright
return AskarKey(key_entry.key, kid) # type: ignore
return AskarSecretKey(key_entry.key, kid) # type: ignore
9 changes: 6 additions & 3 deletions didcomm_messaging/v1/crypto/askar.py
Original file line number Diff line number Diff line change
Expand Up @@ -58,11 +58,14 @@ async def pack_message(
# avoid converting to bytes object: this way the only copy is zeroed afterward
# tell type checking it's bytes to make it happy
cek_b = cast(bytes, key_get_secret_bytes(cek._handle))
sender_vk = from_key.kid if from_key else None
sender_vk = (
self.public_key_to_v1_kid(from_key.as_public_key()) if from_key else None
)
sender_xk = from_key.key.convert_key(KeyAlg.X25519) if from_key else None

for target_vk in to_verkeys:
target_xk = target_vk.key.convert_key(KeyAlg.X25519)
target_vk_kid = self.public_key_to_v1_kid(target_vk)
if sender_vk and sender_xk:
enc_sender = crypto_box.crypto_box_seal(target_xk, sender_vk)
nonce = crypto_box.random_nonce()
Expand All @@ -72,7 +75,7 @@ async def pack_message(
encrypted_key=enc_cek,
header=OrderedDict(
[
("kid", target_vk.kid),
("kid", target_vk_kid),
("sender", self.b64url.encode(enc_sender)),
("iv", self.b64url.encode(nonce)),
]
Expand All @@ -82,7 +85,7 @@ async def pack_message(
else:
enc_cek = crypto_box.crypto_box_seal(target_xk, cek_b)
builder.add_recipient(
JweRecipient(encrypted_key=enc_cek, header={"kid": target_vk.kid})
JweRecipient(encrypted_key=enc_cek, header={"kid": target_vk_kid})
)
builder.set_protected(
OrderedDict(
Expand Down
2 changes: 1 addition & 1 deletion tests/v1/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ async def bob_key(store: Store):
kid = base58.b58encode(key.get_public_bytes()).decode()
async with store.session() as session:
await session.insert_key(kid, key)
return AskarKey(key, kid)
yield AskarKey(key, kid)


@pytest.fixture
Expand Down

0 comments on commit e218ee3

Please sign in to comment.