diff --git a/aries/aries_vcx/src/errors/error.rs b/aries/aries_vcx/src/errors/error.rs index fb6dc35da4..3cc23a89b1 100644 --- a/aries/aries_vcx/src/errors/error.rs +++ b/aries/aries_vcx/src/errors/error.rs @@ -13,6 +13,8 @@ pub enum AriesVcxErrorKind { InvalidState, #[error("Invalid Configuration")] InvalidConfiguration, + #[error("Authentication error")] + AuthenticationError, #[error("Invalid JSON string")] InvalidJson, #[error("Invalid Option")] diff --git a/aries/aries_vcx/src/errors/mapping_others.rs b/aries/aries_vcx/src/errors/mapping_others.rs index 192ec1ced1..ec0a675d37 100644 --- a/aries/aries_vcx/src/errors/mapping_others.rs +++ b/aries/aries_vcx/src/errors/mapping_others.rs @@ -171,100 +171,3 @@ impl From for AriesVcxError { AriesVcxError::from_msg(kind, format!("AriesVcxCoreError: {}", err)) } } - -// TODO -impl From for AriesVcxCoreError { - fn from(err: AriesVcxError) -> Self { - let kind = match err.kind() { - AriesVcxErrorKind::InvalidState => AriesVcxCoreErrorKind::InvalidState, - AriesVcxErrorKind::InvalidConfiguration => AriesVcxCoreErrorKind::InvalidConfiguration, - AriesVcxErrorKind::InvalidJson => AriesVcxCoreErrorKind::InvalidJson, - AriesVcxErrorKind::InvalidOption => AriesVcxCoreErrorKind::InvalidOption, - AriesVcxErrorKind::InvalidMessagePack => AriesVcxCoreErrorKind::InvalidMessagePack, - AriesVcxErrorKind::NotReady => AriesVcxCoreErrorKind::NotReady, - AriesVcxErrorKind::IOError => AriesVcxCoreErrorKind::IOError, - AriesVcxErrorKind::LibindyInvalidStructure => { - AriesVcxCoreErrorKind::LibindyInvalidStructure - } - AriesVcxErrorKind::InvalidLibindyParam => AriesVcxCoreErrorKind::InvalidLibindyParam, - AriesVcxErrorKind::ActionNotSupported => AriesVcxCoreErrorKind::ActionNotSupported, - AriesVcxErrorKind::InvalidInput => AriesVcxCoreErrorKind::InvalidInput, - AriesVcxErrorKind::UnimplementedFeature => AriesVcxCoreErrorKind::UnimplementedFeature, - AriesVcxErrorKind::CredDefAlreadyCreated => { - AriesVcxCoreErrorKind::CredDefAlreadyCreated - } - AriesVcxErrorKind::RevDeltaNotFound => AriesVcxCoreErrorKind::RevDeltaNotFound, - AriesVcxErrorKind::RevDeltaFailedToClear => { - AriesVcxCoreErrorKind::RevDeltaFailedToClear - } - AriesVcxErrorKind::CreateRevRegDef => AriesVcxCoreErrorKind::CreateRevRegDef, - AriesVcxErrorKind::InvalidRevocationDetails => { - AriesVcxCoreErrorKind::InvalidRevocationDetails - } - AriesVcxErrorKind::InvalidRevocationEntry => { - AriesVcxCoreErrorKind::InvalidRevocationEntry - } - AriesVcxErrorKind::InvalidRevocationTimestamp => { - AriesVcxCoreErrorKind::InvalidRevocationTimestamp - } - AriesVcxErrorKind::RevRegDefNotFound => AriesVcxCoreErrorKind::RevRegDefNotFound, - AriesVcxErrorKind::InvalidAttributesStructure => { - AriesVcxCoreErrorKind::InvalidAttributesStructure - } - AriesVcxErrorKind::InvalidProof => AriesVcxCoreErrorKind::InvalidProof, - AriesVcxErrorKind::InvalidSchema => AriesVcxCoreErrorKind::InvalidSchema, - AriesVcxErrorKind::InvalidProofCredentialData => { - AriesVcxCoreErrorKind::InvalidProofCredentialData - } - AriesVcxErrorKind::InvalidProofRequest => AriesVcxCoreErrorKind::InvalidProofRequest, - AriesVcxErrorKind::ProofRejected => AriesVcxCoreErrorKind::ProofRejected, - AriesVcxErrorKind::InvalidSchemaSeqNo => AriesVcxCoreErrorKind::InvalidSchemaSeqNo, - AriesVcxErrorKind::DuplicationSchema => AriesVcxCoreErrorKind::DuplicationSchema, - AriesVcxErrorKind::UnknownSchemaRejection => { - AriesVcxCoreErrorKind::UnknownSchemaRejection - } - AriesVcxErrorKind::InvalidGenesisTxnPath => { - AriesVcxCoreErrorKind::InvalidGenesisTxnPath - } - AriesVcxErrorKind::CreatePoolConfig => AriesVcxCoreErrorKind::CreatePoolConfig, - AriesVcxErrorKind::PoolLedgerConnect => AriesVcxCoreErrorKind::PoolLedgerConnect, - AriesVcxErrorKind::InvalidLedgerResponse => { - AriesVcxCoreErrorKind::InvalidLedgerResponse - } - AriesVcxErrorKind::LedgerItemNotFound => AriesVcxCoreErrorKind::LedgerItemNotFound, - AriesVcxErrorKind::NoPoolOpen => AriesVcxCoreErrorKind::NoPoolOpen, - AriesVcxErrorKind::PostMessageFailed => AriesVcxCoreErrorKind::PostMessageFailed, - AriesVcxErrorKind::WalletCreate => AriesVcxCoreErrorKind::WalletCreate, - AriesVcxErrorKind::WalletAccessFailed => AriesVcxCoreErrorKind::WalletAccessFailed, - AriesVcxErrorKind::InvalidWalletHandle => AriesVcxCoreErrorKind::InvalidWalletHandle, - AriesVcxErrorKind::DuplicationWallet => AriesVcxCoreErrorKind::DuplicationWallet, - AriesVcxErrorKind::WalletRecordNotFound => AriesVcxCoreErrorKind::WalletRecordNotFound, - AriesVcxErrorKind::DuplicationWalletRecord => { - AriesVcxCoreErrorKind::DuplicationWalletRecord - } - AriesVcxErrorKind::WalletNotFound => AriesVcxCoreErrorKind::WalletNotFound, - AriesVcxErrorKind::WalletAlreadyOpen => AriesVcxCoreErrorKind::WalletAlreadyOpen, - AriesVcxErrorKind::DuplicationMasterSecret => { - AriesVcxCoreErrorKind::DuplicationMasterSecret - } - AriesVcxErrorKind::DuplicationDid => AriesVcxCoreErrorKind::DuplicationDid, - AriesVcxErrorKind::LoggingError => AriesVcxCoreErrorKind::LoggingError, - AriesVcxErrorKind::EncodeError => AriesVcxCoreErrorKind::EncodeError, - AriesVcxErrorKind::UnknownError => AriesVcxCoreErrorKind::UnknownError, - AriesVcxErrorKind::InvalidDid => AriesVcxCoreErrorKind::InvalidDid, - AriesVcxErrorKind::InvalidVerkey => AriesVcxCoreErrorKind::InvalidVerkey, - AriesVcxErrorKind::InvalidNonce => AriesVcxCoreErrorKind::InvalidNonce, - AriesVcxErrorKind::InvalidUrl => AriesVcxCoreErrorKind::InvalidUrl, - AriesVcxErrorKind::SerializationError => AriesVcxCoreErrorKind::SerializationError, - AriesVcxErrorKind::NotBase58 => AriesVcxCoreErrorKind::NotBase58, - AriesVcxErrorKind::ParsingError => AriesVcxCoreErrorKind::ParsingError, - AriesVcxErrorKind::InvalidHttpResponse => AriesVcxCoreErrorKind::InvalidHttpResponse, - AriesVcxErrorKind::InvalidMessages => AriesVcxCoreErrorKind::InvalidMessages, - AriesVcxErrorKind::VdrToolsError(u32) => AriesVcxCoreErrorKind::VdrToolsError(u32), - AriesVcxErrorKind::UrsaError => AriesVcxCoreErrorKind::UrsaError, - AriesVcxErrorKind::NoAgentInformation => AriesVcxCoreErrorKind::NoAgentInformation, - AriesVcxErrorKind::InvalidMessageFormat => AriesVcxCoreErrorKind::InvalidMessageFormat, - }; - AriesVcxCoreError::from_msg(kind, format!("AriesVcxError: {}", err)) - } -} diff --git a/aries/aries_vcx/src/handlers/mediated_connection/cloud_agent.rs b/aries/aries_vcx/src/handlers/mediated_connection/cloud_agent.rs index 1e8969b88a..07211ad498 100644 --- a/aries/aries_vcx/src/handlers/mediated_connection/cloud_agent.rs +++ b/aries/aries_vcx/src/handlers/mediated_connection/cloud_agent.rs @@ -269,7 +269,7 @@ impl CloudAgentInfo { message: &DownloadedMessageEncrypted, expected_sender_vk: &str, ) -> VcxResult { - EncryptionEnvelope::auth_unpack( + EncryptionEnvelope::auth_unpack_aries_msg( &wallet.to_base_wallet(), message.payload()?, expected_sender_vk, @@ -283,7 +283,7 @@ impl CloudAgentInfo { message: &DownloadedMessageEncrypted, ) -> VcxResult { Ok( - EncryptionEnvelope::anon_unpack(&wallet.to_base_wallet(), message.payload()?) + EncryptionEnvelope::anon_unpack_aries_msg(&wallet.to_base_wallet(), message.payload()?) .await? .0, ) diff --git a/aries/aries_vcx/src/utils/encryption_envelope.rs b/aries/aries_vcx/src/utils/encryption_envelope.rs index 018fc912d5..751b63fb08 100644 --- a/aries/aries_vcx/src/utils/encryption_envelope.rs +++ b/aries/aries_vcx/src/utils/encryption_envelope.rs @@ -17,13 +17,13 @@ impl EncryptionEnvelope { /// If did_doc includes routing_keys, then also wrap in appropriate layers of forward message. pub async fn create( wallet: &impl BaseWallet, - message: &[u8], + data: &[u8], sender_vk: Option<&str>, did_doc: &AriesDidDoc, ) -> VcxResult { trace!( - "EncryptionEnvelope::create >>> message: {:?}, sender_vk: {:?}, did_doc: {:?}", - message, + "EncryptionEnvelope::create >>> data: {:?}, sender_vk: {:?}, did_doc: {:?}", + data, sender_vk, did_doc ); @@ -38,9 +38,19 @@ impl EncryptionEnvelope { format!("No recipient key found in DIDDoc: {:?}", did_doc), ))?; let routing_keys = did_doc.routing_keys(); + Self::create2(wallet, data, sender_vk, recipient_key, routing_keys).await + } + + pub async fn create2( + wallet: &impl BaseWallet, + data: &[u8], + sender_vk: Option<&str>, + recipient_key: String, + routing_keys: Vec, + ) -> VcxResult { let message = EncryptionEnvelope::encrypt_for_pairwise( wallet, - message, + data, sender_vk, recipient_key.clone(), ) @@ -52,7 +62,7 @@ impl EncryptionEnvelope { async fn encrypt_for_pairwise( wallet: &impl BaseWallet, - message: &[u8], + data: &[u8], sender_vk: Option<&str>, recipient_key: String, ) -> VcxResult> { @@ -62,14 +72,14 @@ impl EncryptionEnvelope { ); let recipient_keys = json!([recipient_key.clone()]).to_string(); wallet - .pack_message(sender_vk, &recipient_keys, message) + .pack_message(sender_vk, &recipient_keys, data) .await .map_err(|err| err.into()) } async fn wrap_into_forward_messages( wallet: &impl BaseWallet, - mut message: Vec, + mut data: Vec, recipient_key: String, routing_keys: Vec, ) -> VcxResult> { @@ -80,27 +90,23 @@ impl EncryptionEnvelope { "Wrapping message in forward message; forward_to_key: {}, routing_key: {}", forward_to_key, routing_key ); - message = EncryptionEnvelope::wrap_into_forward( - wallet, - message, - &forward_to_key, - routing_key, - ) - .await?; + data = + EncryptionEnvelope::wrap_into_forward(wallet, data, &forward_to_key, routing_key) + .await?; forward_to_key = routing_key.clone(); } - Ok(message) + Ok(data) } async fn wrap_into_forward( wallet: &impl BaseWallet, - message: Vec, + data: Vec, forward_to_key: &str, routing_key: &str, ) -> VcxResult> { let content = ForwardContent::builder() .to(forward_to_key.to_string()) - .msg(serde_json::from_slice(&message)?) + .msg(serde_json::from_slice(&data)?) .build(); let message: Forward = Forward::builder() @@ -119,30 +125,37 @@ impl EncryptionEnvelope { async fn _unpack_a2a_message( wallet: &impl BaseWallet, - payload: Vec, + encrypted_data: Vec, ) -> VcxResult<(String, Option)> { trace!( "EncryptionEnvelope::_unpack_a2a_message >>> processing payload of {} bytes", - payload.len() + encrypted_data.len() ); + let unpacked_msg = wallet.unpack_message(&encrypted_data).await?; + Ok((unpacked_msg.message, unpacked_msg.sender_verkey)) + } - let unpacked_msg = wallet.unpack_message(&payload).await?; - - let sender_vk = unpacked_msg.sender_verkey; - - let msg_string = unpacked_msg.message; - - Ok((msg_string, sender_vk)) + pub async fn anon_unpack_aries_msg( + wallet: &impl BaseWallet, + encrypted_data: Vec, + ) -> VcxResult<(AriesMessage, Option)> { + let (message, sender_vk) = Self::anon_unpack(wallet, encrypted_data).await?; + let a2a_message = serde_json::from_str(&message).map_err(|err| { + AriesVcxError::from_msg( + AriesVcxErrorKind::InvalidJson, + format!("Cannot deserialize A2A message: {}", err), + ) + })?; + Ok((a2a_message, sender_vk)) } - // todo: we should use auth_unpack wherever possible pub async fn anon_unpack( wallet: &impl BaseWallet, - payload: Vec, - ) -> VcxResult<(AriesMessage, Option)> { + encrypted_data: Vec, + ) -> VcxResult<(String, Option)> { trace!( "EncryptionEnvelope::anon_unpack >>> processing payload of {} bytes", - payload.len() + encrypted_data.len() ); let (message, sender_vk) = if AgencyMockDecrypted::has_decrypted_mock_messages() { trace!("EncryptionEnvelope::anon_unpack >>> returning decrypted mock message"); @@ -151,25 +164,35 @@ impl EncryptionEnvelope { Some(VERKEY.to_string()), ) } else { - Self::_unpack_a2a_message(wallet, payload).await? + Self::_unpack_a2a_message(wallet, encrypted_data).await? }; + + Ok((message, sender_vk)) + } + + pub async fn auth_unpack_aries_msg( + wallet: &impl BaseWallet, + encrypted_data: Vec, + expected_vk: &str, + ) -> VcxResult { + let message = Self::auth_unpack(wallet, encrypted_data, expected_vk).await?; let a2a_message = serde_json::from_str(&message).map_err(|err| { AriesVcxError::from_msg( AriesVcxErrorKind::InvalidJson, format!("Cannot deserialize A2A message: {}", err), ) })?; - Ok((a2a_message, sender_vk)) + Ok(a2a_message) } pub async fn auth_unpack( wallet: &impl BaseWallet, - payload: Vec, + encrypted_data: Vec, expected_vk: &str, - ) -> VcxResult { + ) -> VcxResult { trace!( "EncryptionEnvelope::auth_unpack >>> processing payload of {} bytes, expected_vk: {}", - payload.len(), + encrypted_data.len(), expected_vk ); @@ -177,7 +200,8 @@ impl EncryptionEnvelope { trace!("EncryptionEnvelope::auth_unpack >>> returning decrypted mock message"); AgencyMockDecrypted::get_next_decrypted_message() } else { - let (a2a_message, sender_vk) = Self::_unpack_a2a_message(wallet, payload).await?; + let (a2a_message, sender_vk) = + Self::_unpack_a2a_message(wallet, encrypted_data).await?; trace!( "anon_unpack >> a2a_msg: {:?}, sender_vk: {:?}", a2a_message, @@ -193,7 +217,7 @@ impl EncryptionEnvelope { sender_vk, expected_vk ); return Err(AriesVcxError::from_msg( - AriesVcxErrorKind::InvalidJson, + AriesVcxErrorKind::AuthenticationError, format!( "Message did not pass authentication check. Expected sender \ verkey was {}, but actually was {}", @@ -205,204 +229,170 @@ impl EncryptionEnvelope { None => { error!("auth_unpack message was authcrypted"); return Err(AriesVcxError::from_msg( - AriesVcxErrorKind::InvalidJson, + AriesVcxErrorKind::AuthenticationError, "Can't authenticate message because it was anoncrypted.", )); } } a2a_message }; - let a2a_message = serde_json::from_str(&message).map_err(|err| { - AriesVcxError::from_msg( - AriesVcxErrorKind::InvalidJson, - format!("Cannot deserialize A2A message: {}", err), - ) - })?; - Ok(a2a_message) + Ok(message) } } -// #[cfg(test)] -// pub mod unit_tests { -// use crate::common::test_utils::{create_key, create_trustee_key, indy_handles_to_profile}; -// use crate::utils::devsetup::SetupEmpty; -// use aries_vcx_core::indy::utils::test_setup; -// use aries_vcx_core::INVALID_POOL_HANDLE; -// use messages::concepts::ack::test_utils::_ack; -// use messages::diddoc::aries::diddoc::test_utils::*; - -// use super::*; - -// #[tokio::test] -// async fn test_encryption_envelope_works_for_no_keys() { -// SetupEmpty::init(); -// test_setup::with_wallet(|wallet_handle| async move { -// let profile = indy_handles_to_profile(wallet_handle, INVALID_POOL_HANDLE); -// let trustee_key = create_trustee_key(&profile).await; - -// let message = A2AMessage::Ack(_ack()); - -// let res = EncryptionEnvelope::create( -// &profile.inject_wallet(), -// &message, -// Some(&trustee_key), -// &AriesDidDoc::default(), -// ) -// .await; -// assert_eq!(res.unwrap_err().kind(), AriesVcxErrorKind::InvalidLibindyParam); -// }) -// .await; -// } - -// #[tokio::test] -// async fn test_encryption_envelope_works_for_recipient_only() { -// SetupEmpty::init(); -// test_setup::with_wallet(|wallet_handle| async move { -// let profile = indy_handles_to_profile(wallet_handle, INVALID_POOL_HANDLE); -// let trustee_key = create_trustee_key(&profile).await; - -// let message = A2AMessage::Ack(_ack()); - -// let envelope = EncryptionEnvelope::create( -// &profile.inject_wallet(), -// &message, -// Some(&trustee_key), -// &_did_doc_empty_routing(), -// ) -// .await -// .unwrap(); -// assert_eq!( -// message, -// EncryptionEnvelope::anon_unpack(&profile.inject_wallet(), envelope.0) -// .await -// .unwrap() -// .0 -// ); -// }) -// .await; -// } - -// #[tokio::test] -// async fn test_encryption_envelope_works_for_routing_keys() { -// SetupEmpty::init(); -// test_setup::with_wallet(|wallet_handle| async move { -// let profile = indy_handles_to_profile(wallet_handle, INVALID_POOL_HANDLE); -// let trustee_key = create_trustee_key(&profile).await; - -// let key_1 = create_key(&profile).await; -// let key_2 = create_key(&profile).await; - -// let mut did_doc = AriesDidDoc::default(); -// did_doc.set_service_endpoint(_service_endpoint()); -// did_doc.set_recipient_keys(_recipient_keys()); -// did_doc.set_routing_keys(vec![key_1.clone(), key_2.clone()]); - -// let ack = A2AMessage::Ack(_ack()); - -// let envelope = EncryptionEnvelope::create(&profile.inject_wallet(), &ack, -// Some(&trustee_key), &did_doc) .await -// .unwrap(); - -// let message_1 = EncryptionEnvelope::anon_unpack(&profile.inject_wallet(), envelope.0) -// .await -// .unwrap() -// .0; - -// let message_1 = match message_1 { -// A2AMessage::Forward(forward) => { -// assert_eq!(key_1, forward.to); -// serde_json::to_vec(&forward.msg).unwrap() -// } -// _ => return assert!(false), -// }; - -// let message_2 = EncryptionEnvelope::anon_unpack(&profile.inject_wallet(), message_1) -// .await -// .unwrap() -// .0; - -// let message_2 = match message_2 { -// A2AMessage::Forward(forward) => { -// assert_eq!(_key_1(), forward.to); -// serde_json::to_vec(&forward.msg).unwrap() -// } -// _ => return assert!(false), -// }; - -// assert_eq!( -// ack, -// EncryptionEnvelope::anon_unpack(&profile.inject_wallet(), message_2) -// .await -// .unwrap() -// .0 -// ); -// }) -// .await; -// } - -// #[tokio::test] -// async fn test_auth_unpack_message_should_succeed_if_sender_key_matches_expectation() { -// SetupEmpty::init(); - -// test_setup::with_wallet(|recipient_wallet| async move { -// let recipient_profile = indy_handles_to_profile(recipient_wallet, -// INVALID_POOL_HANDLE); let recipient_key = -// test_setup::create_key(recipient_wallet).await; - -// test_setup::with_wallet(|sender_wallet| async move { -// let sender_profile = indy_handles_to_profile(sender_wallet, INVALID_POOL_HANDLE); -// let sender_key = test_setup::create_key(sender_wallet).await; - -// let mut did_doc = AriesDidDoc::default(); -// did_doc.set_recipient_keys(vec![recipient_key]); - -// let ack = A2AMessage::Ack(_ack()); -// let envelope = -// EncryptionEnvelope::create(&sender_profile.inject_wallet(), &ack, -// Some(&sender_key), &did_doc) .await -// .unwrap(); -// let _message_1 = -// EncryptionEnvelope::auth_unpack(&recipient_profile.inject_wallet(), -// envelope.0, &sender_key) .await -// .unwrap(); -// }) -// .await; -// }) -// .await; -// } - -// #[tokio::test] -// async fn test_auth_unpack_message_should_fail_if_sender_key_does_not_match_expectation() { -// let _setup = SetupEmpty::init(); - -// test_setup::with_wallet(|recipient_wallet| async move { -// let recipient_profile = indy_handles_to_profile(recipient_wallet, -// INVALID_POOL_HANDLE); let recipient_key = -// test_setup::create_key(recipient_wallet).await; - -// test_setup::with_wallet(|sender_wallet| async move { -// let sender_profile = indy_handles_to_profile(sender_wallet, INVALID_POOL_HANDLE); -// let sender_key_1 = test_setup::create_key(sender_wallet).await; -// let sender_key_2 = test_setup::create_key(sender_wallet).await; - -// let mut did_doc = AriesDidDoc::default(); - -// did_doc.set_recipient_keys(vec![recipient_key]); - -// let ack = A2AMessage::Ack(_ack()); -// let envelope = -// EncryptionEnvelope::create(&sender_profile.inject_wallet(), &ack, -// Some(&sender_key_2), &did_doc) .await -// .unwrap(); - -// let result = -// EncryptionEnvelope::auth_unpack(&recipient_profile.inject_wallet(), -// envelope.0, &sender_key_1) .await; - -// assert!(result.is_err()); -// }) -// .await; -// }) -// .await; -// } -// } +#[cfg(test)] +pub mod unit_tests { + use serde_json::Value; + use test_utils::devsetup::build_setup_profile; + + use super::*; + + #[tokio::test] + async fn test_pack_unpack_anon() { + let setup = build_setup_profile().await; + let (_, recipient_key) = setup + .wallet + .create_and_store_my_did(None, None) + .await + .unwrap(); + + let data_original = "foobar"; + + let envelope = EncryptionEnvelope::create2( + &setup.wallet, + data_original.as_bytes(), + None, + recipient_key, + [].to_vec(), + ) + .await + .unwrap(); + + let (data_unpacked, sender_verkey) = + EncryptionEnvelope::anon_unpack(&setup.wallet, envelope.0) + .await + .unwrap(); + + assert_eq!(data_original, data_unpacked); + assert!(sender_verkey.is_none()); + } + + #[tokio::test] + async fn test_pack_unpack_auth() { + let setup = build_setup_profile().await; + let (_, sender_key) = setup + .wallet + .create_and_store_my_did(None, None) + .await + .unwrap(); + let (_, recipient_key) = setup + .wallet + .create_and_store_my_did(None, None) + .await + .unwrap(); + + let data_original = "foobar"; + + let envelope = EncryptionEnvelope::create2( + &setup.wallet, + data_original.as_bytes(), + Some(&sender_key), + recipient_key, + [].to_vec(), + ) + .await + .unwrap(); + + let data_unpacked = EncryptionEnvelope::auth_unpack(&setup.wallet, envelope.0, &sender_key) + .await + .unwrap(); + + assert_eq!(data_original, data_unpacked); + } + + #[tokio::test] + async fn test_pack_unpack_with_routing() { + let setup = build_setup_profile().await; + let (_, sender_key) = setup + .wallet + .create_and_store_my_did(None, None) + .await + .unwrap(); + let (_, recipient_key) = setup + .wallet + .create_and_store_my_did(None, None) + .await + .unwrap(); + let (_, routing_key1) = setup + .wallet + .create_and_store_my_did(None, None) + .await + .unwrap(); + + let data_original = "foobar"; + + let envelope = EncryptionEnvelope::create2( + &setup.wallet, + data_original.as_bytes(), + Some(&sender_key), + recipient_key, + [routing_key1].to_vec(), + ) + .await + .unwrap(); + + let (fwd_msg, _) = EncryptionEnvelope::anon_unpack(&setup.wallet, envelope.0) + .await + .unwrap(); + let fwd_payload = serde_json::from_str::(&fwd_msg) + .unwrap() + .get("msg") + .unwrap() + .to_string(); + let (core_payload, _) = EncryptionEnvelope::anon_unpack(&setup.wallet, fwd_payload.into()) + .await + .unwrap(); + + assert_eq!(data_original, core_payload); + } + + #[tokio::test] + async fn test_pack_unpack_unexpected_key_detection() { + let setup = build_setup_profile().await; + let (_, sender_key_alice) = setup + .wallet + .create_and_store_my_did(None, None) + .await + .unwrap(); + let (_, sender_key_bob) = setup + .wallet + .create_and_store_my_did(None, None) + .await + .unwrap(); + let (_, recipient_key) = setup + .wallet + .create_and_store_my_did(None, None) + .await + .unwrap(); + + let data_original = "foobar"; + + let envelope = EncryptionEnvelope::create2( + &setup.wallet, + data_original.as_bytes(), + Some(&sender_key_bob), // bob trying to impersonate alice + recipient_key, + [].to_vec(), + ) + .await + .unwrap(); + + let err = + EncryptionEnvelope::auth_unpack(&setup.wallet, envelope.0, &sender_key_alice).await; + assert!(err.is_err()); + assert_eq!( + err.unwrap_err().kind(), + AriesVcxErrorKind::AuthenticationError + ); + } +} diff --git a/aries/aries_vcx/tests/test_connection.rs b/aries/aries_vcx/tests/test_connection.rs index 24fd3ee717..c2a6ad7bcb 100644 --- a/aries/aries_vcx/tests/test_connection.rs +++ b/aries/aries_vcx/tests/test_connection.rs @@ -64,7 +64,7 @@ async fn decrypt_message( received: Vec, consumer_to_institution: &GenericConnection, ) -> AriesMessage { - EncryptionEnvelope::auth_unpack( + EncryptionEnvelope::auth_unpack_aries_msg( &consumer.wallet, received, &consumer_to_institution.remote_vk().unwrap(), diff --git a/aries/aries_vcx_core/src/wallet/indy/indy_wallet.rs b/aries/aries_vcx_core/src/wallet/indy/indy_wallet.rs index fb57aee12c..fa9ba6e324 100644 --- a/aries/aries_vcx_core/src/wallet/indy/indy_wallet.rs +++ b/aries/aries_vcx_core/src/wallet/indy/indy_wallet.rs @@ -130,11 +130,11 @@ impl BaseWallet for IndySdkWallet { } async fn sign(&self, my_vk: &str, msg: &[u8]) -> VcxCoreResult> { - wallet::indy::signing::sign(self.wallet_handle, my_vk, msg).await + wallet::indy::signing::vdrtools_sign(self.wallet_handle, my_vk, msg).await } async fn verify(&self, vk: &str, msg: &[u8], signature: &[u8]) -> VcxCoreResult { - wallet::indy::signing::verify(vk, msg, signature).await + wallet::indy::signing::vdrtools_verify(vk, msg, signature).await } async fn pack_message( @@ -143,12 +143,18 @@ impl BaseWallet for IndySdkWallet { receiver_keys: &str, msg: &[u8], ) -> VcxCoreResult> { - wallet::indy::signing::pack_message(self.wallet_handle, sender_vk, receiver_keys, msg).await + wallet::indy::signing::vdrtools_pack_message( + self.wallet_handle, + sender_vk, + receiver_keys, + msg, + ) + .await } async fn unpack_message(&self, msg: &[u8]) -> VcxCoreResult { let unpack_json_bytes = - wallet::indy::signing::unpack_message(self.wallet_handle, msg).await?; + wallet::indy::signing::vdrtools_unpack_message(self.wallet_handle, msg).await?; serde_json::from_slice(&unpack_json_bytes[..]).map_err(|err| { AriesVcxCoreError::from_msg(AriesVcxCoreErrorKind::ParsingError, err.to_string()) }) diff --git a/aries/aries_vcx_core/src/wallet/indy/signing.rs b/aries/aries_vcx_core/src/wallet/indy/signing.rs index 0ae9910754..d50c75ea55 100644 --- a/aries/aries_vcx_core/src/wallet/indy/signing.rs +++ b/aries/aries_vcx_core/src/wallet/indy/signing.rs @@ -5,7 +5,11 @@ use crate::{ WalletHandle, }; -pub async fn sign(wallet_handle: WalletHandle, my_vk: &str, msg: &[u8]) -> VcxCoreResult> { +pub async fn vdrtools_sign( + wallet_handle: WalletHandle, + my_vk: &str, + msg: &[u8], +) -> VcxCoreResult> { let res = Locator::instance() .crypto_controller .crypto_sign(wallet_handle, my_vk, msg) @@ -14,7 +18,7 @@ pub async fn sign(wallet_handle: WalletHandle, my_vk: &str, msg: &[u8]) -> VcxCo Ok(res) } -pub async fn verify(vk: &str, msg: &[u8], signature: &[u8]) -> VcxCoreResult { +pub async fn vdrtools_verify(vk: &str, msg: &[u8], signature: &[u8]) -> VcxCoreResult { let res = Locator::instance() .crypto_controller .crypto_verify(vk, msg, signature) @@ -23,7 +27,7 @@ pub async fn verify(vk: &str, msg: &[u8], signature: &[u8]) -> VcxCoreResult, receiver_keys: &str, @@ -62,7 +66,10 @@ pub async fn pack_message( Ok(res) } -pub async fn unpack_message(wallet_handle: WalletHandle, msg: &[u8]) -> VcxCoreResult> { +pub async fn vdrtools_unpack_message( + wallet_handle: WalletHandle, + msg: &[u8], +) -> VcxCoreResult> { let res = Locator::instance() .crypto_controller .unpack_msg(serde_json::from_slice(msg)?, wallet_handle) diff --git a/aries/misc/legacy/libvcx_core/src/errors/error.rs b/aries/misc/legacy/libvcx_core/src/errors/error.rs index 4f0241e211..2a8b5c58fc 100644 --- a/aries/misc/legacy/libvcx_core/src/errors/error.rs +++ b/aries/misc/legacy/libvcx_core/src/errors/error.rs @@ -96,6 +96,8 @@ pub enum LibvcxErrorKind { InvalidProofRequest, #[error("The proof was rejected")] ProofRejected, + #[error("Authentication error")] + AuthenticationError, // Schema #[error("Could not create schema")] diff --git a/aries/misc/legacy/libvcx_core/src/errors/mapping_from_ariesvcx.rs b/aries/misc/legacy/libvcx_core/src/errors/mapping_from_ariesvcx.rs index 8cfe0ce84c..48ef005599 100644 --- a/aries/misc/legacy/libvcx_core/src/errors/mapping_from_ariesvcx.rs +++ b/aries/misc/legacy/libvcx_core/src/errors/mapping_from_ariesvcx.rs @@ -91,6 +91,7 @@ impl From for LibvcxErrorKind { AriesVcxErrorKind::LedgerItemNotFound => LibvcxErrorKind::LedgerItemNotFound, AriesVcxErrorKind::UrsaError => LibvcxErrorKind::UrsaError, AriesVcxErrorKind::ProofRejected => LibvcxErrorKind::ProofRejected, + AriesVcxErrorKind::AuthenticationError => LibvcxErrorKind::AuthenticationError, } } }