Skip to content

Commit

Permalink
feat: decrypt support recipient key id
Browse files Browse the repository at this point in the history
  • Loading branch information
saitofun committed May 23, 2024
1 parent 415e532 commit cd635d8
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 47 deletions.
56 changes: 19 additions & 37 deletions cmd/didctl/commands/decrypt.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
package commands

import (
"fmt"
"os"
"path/filepath"

"github.com/pkg/errors"
"github.com/spf13/cobra"

Expand All @@ -22,62 +26,40 @@ func NewDecryptDataCmd() *Decrypt {
_ = _cmd.Command.MarkFlagRequired("cipher")
_cmd.Command.Flags().StringVarP(&_cmd.recipient, "recipient", "", "", "recipient's ka jwk base64 secret")
_ = _cmd.Command.MarkFlagRequired("recipient")
_cmd.Command.Flags().Uint32VarP(&_cmd.recipientID, "recipient-id", "", 0, "key id of recipient's secret")
_ = _cmd.Command.MarkFlagRequired("recipient-id")
_cmd.Command.Flags().StringVarP(&_cmd.encryptor, "encryptor", "", "", "encryptor's did, if empty use default config")
_ = _cmd.Command.MarkFlagRequired("encryptor")

return _cmd
}

type Decrypt struct {
Command *cobra.Command
cipher string
encryptor string
recipient string
}

/*
func (i *Decrypt) Execute(cmd *cobra.Command) error {
var key = jwk
if i.recipient != "" {
_key, err := ioconnect.NewJWKBySecretBase64(i.recipient)
if err != nil {
return errors.Wrap(err, "failed to parse recipient's jwk secret")
}
key = _key
}
plain, err := ioconnect.Decrypt([]byte(i.cipher), i.encryptor, key.KeyAgreementKID())
if err != nil {
return errors.Wrap(err, "failed to decrypt")
}
cmd.Println("encryptor did: ", i.encryptor)
cmd.Println("recipient ka kid: ", key.KeyAgreementKID())
cmd.Println("plain data: ", string(plain))
return nil
Command *cobra.Command
cipher string
encryptor string
recipient string
recipientID uint32
}
*/

func (i *Decrypt) Execute(cmd *cobra.Command) error {
recipient := jwk.KeyAgreementKID()
encryptor := jwk.DID()
encryptor := i.encryptor

defer func() {
cwd, _ := os.Getwd()
pattern := filepath.Join(cwd, fmt.Sprintf("%016x.psa_its", i.recipientID))
os.RemoveAll(pattern)
}()

if i.recipient != "" {
s, err := ioconnect.NewJWKBySecretKaOnly(i.recipient)
s, err := ioconnect.NewJWKBySecretKaOnly(i.recipient, i.recipientID)
if err != nil {
return errors.Wrap(err, "failed to parse recipient's ka jwk secret")
}
recipient = s.KID()
}
cmd.Println("recipient ka kid: ", recipient)
if i.encryptor != "" {
r, err := ioconnect.NewJWKFromDoc([]byte(i.encryptor))
if err != nil {
return errors.Wrap(err, "failed to parse encryptor's doc")
}
encryptor = r.DID()
}
cmd.Println("encryptor did: ", encryptor)

plain, err := ioconnect.Decrypt([]byte(i.cipher), encryptor, recipient)
Expand Down
18 changes: 8 additions & 10 deletions pkg/ioconnect/jwk.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import "C"
import (
"encoding/json"
"fmt"
"strings"
"unsafe"

"github.com/pkg/errors"
Expand All @@ -22,11 +21,15 @@ func NewJWKFromDoc(content []byte) (*JWK, error) {
return doc.ParseJWK()
}

func newJWKBySecret(secret JWKSecret, tpe JwkType, keyAlg JwkSupportKeyAlg, lifetime JwkLifetime, usage PsaKeyUsageType, alg PsaHashType) (*JWK, error) {
func newJWKBySecret(secret JWKSecret, tpe JwkType, keyAlg JwkSupportKeyAlg, lifetime JwkLifetime, usage PsaKeyUsageType, alg PsaHashType, id ...uint32) (*JWK, error) {
c_secret := (*C.uint8_t)(C.CBytes(secret.Bytes()))
defer C.free(unsafe.Pointer(c_secret))

k := &JWK{}
if len(id) > 0 && id[0] > 0 {
k.id = id[0]
}

k._ptr = C.iotex_jwk_generate_by_secret(
c_secret,
32,
Expand All @@ -48,7 +51,7 @@ func newJWKBySecret(secret JWKSecret, tpe JwkType, keyAlg JwkSupportKeyAlg, life
return k, nil
}

func NewJWKBySecretKaOnly(secret string) (*JWK, error) {
func NewJWKBySecretKaOnly(secret string, keyID uint32) (*JWK, error) {
s, err := NewKAJWKSecretFromBase64(secret)
if err != nil {
return nil, err
Expand All @@ -57,20 +60,15 @@ func NewJWKBySecretKaOnly(secret string) (*JWK, error) {
s,
JwkType_EC,
JwkSupportKeyAlg_P256,
JwkLifetime_Volatile,
JwkLifetime_Persistent,
PsaKeyUsageType_Derive,
PsaAlgECDH,
keyID,
)
if err != nil {
return nil, errors.Wrap(err, "failed to generate key agreement key")
}

key := ka.KID()
parts := strings.Split(key, "-")
parts[2] = "2"
key = strings.Join(parts, "-")
ka.kid = key

kid := C.CString(ka.kid)
defer C.free(unsafe.Pointer(kid))

Expand Down

0 comments on commit cd635d8

Please sign in to comment.