fix: jwe encryption/decryption issues (openwallet-foundation#2053)

Signed-off-by: Timo Glastra <[email protected]>
Signed-off-by: Martin Auer <[email protected]>

packages/askar/src/wallet/AskarBaseWallet.ts

@@ -502,10 +502,10 @@ export abstract class AskarBaseWallet implements Wallet {
       epk: ephemeralKey.jwkPublic,
     }
 
-    const encodedHeader = JsonEncoder.toBuffer(_header)
+    const encodedHeader = JsonEncoder.toBase64URL(_header)
 
     const ecdh = new EcdhEs({
-      algId: Uint8Array.from(Buffer.from(encAlg)),
+      algId: Uint8Array.from(Buffer.from(encryptionAlgorithm)),
       apu: apu ? Uint8Array.from(TypedArrayEncoder.fromBase64(apu)) : Uint8Array.from([]),
       apv: apv ? Uint8Array.from(TypedArrayEncoder.fromBase64(apv)) : Uint8Array.from([]),
     })
@@ -518,12 +518,13 @@ export abstract class AskarBaseWallet implements Wallet {
         algorithm: keyAlgFromString(recipientKey.keyType),
         publicKey: recipientKey.publicKey,
       }),
-      aad: Uint8Array.from(encodedHeader),
+      // NOTE: aad is bytes of base64url encoded string. It SHOULD NOT be decoded as base64
+      aad: Uint8Array.from(Buffer.from(encodedHeader)),
     })
 
-    const compactJwe = `${TypedArrayEncoder.toBase64URL(encodedHeader)}..${TypedArrayEncoder.toBase64URL(
-      nonce
-    )}.${TypedArrayEncoder.toBase64URL(ciphertext)}.${TypedArrayEncoder.toBase64URL(tag)}`
+    const compactJwe = `${encodedHeader}..${TypedArrayEncoder.toBase64URL(nonce)}.${TypedArrayEncoder.toBase64URL(
+      ciphertext
+    )}.${TypedArrayEncoder.toBase64URL(tag)}`
     return compactJwe
   }
 
@@ -569,7 +570,7 @@ export abstract class AskarBaseWallet implements Wallet {
     const encAlg = KeyAlgs.AesA256Gcm
 
     const ecdh = new EcdhEs({
-      algId: Uint8Array.from(Buffer.from(encAlg)),
+      algId: Uint8Array.from(Buffer.from(header.enc)),
       apu: header.apu ? Uint8Array.from(TypedArrayEncoder.fromBase64(header.apu)) : Uint8Array.from([]),
       apv: header.apv ? Uint8Array.from(TypedArrayEncoder.fromBase64(header.apv)) : Uint8Array.from([]),
     })
@@ -581,7 +582,8 @@ export abstract class AskarBaseWallet implements Wallet {
       ephemeralKey: Jwk.fromJson(header.epk),
       recipientKey: askarKey,
       tag: TypedArrayEncoder.fromBase64(encodedTag),
-      aad: TypedArrayEncoder.fromBase64(encodedHeader),
+      // NOTE: aad is bytes of base64url encoded string. It SHOULD NOT be decoded as base64
+      aad: TypedArrayEncoder.fromString(encodedHeader),
     })
 
     return { data: Buffer.from(plaintext), header }

packages/askar/src/wallet/__tests__/AskarWallet.test.ts

@@ -6,6 +6,7 @@ import type {
   SignOptions,
   VerifyOptions,
 } from '@credo-ts/core'
+import type { JwkProps } from '@hyperledger/aries-askar-shared'
 
 import {
   WalletKeyExistsError,
@@ -21,7 +22,10 @@ import {
   Buffer,
   JsonEncoder,
 } from '@credo-ts/core'
-import { Store } from '@hyperledger/aries-askar-shared'
+import { Key as AskarKey } from '@hyperledger/aries-askar-nodejs'
+import { Jwk, Store } from '@hyperledger/aries-askar-shared'
+import { readFileSync } from 'fs'
+import path from 'path'
 
 import { KeyBackend } from '../../../../core/src/crypto/KeyBackend'
 import { encodeToBase58 } from '../../../../core/src/utils/base58'
@@ -211,6 +215,36 @@ describe('AskarWallet basic operations', () => {
     })
     expect(JsonEncoder.fromBuffer(data)).toEqual({ vp_token: ['something'] })
   })
+
+  test('decrypt using JWE ECDH-ES based on test vector from OpenID Conformance test', async () => {
+    const {
+      compactJwe,
+      decodedPayload,
+      privateKeyJwk,
+      header: expectedHeader,
+    } = JSON.parse(
+      readFileSync(path.join(__dirname, '__fixtures__/jarm-jwe-encrypted-response.json')).toString('utf-8')
+    ) as {
+      compactJwe: string
+      decodedPayload: Record<string, unknown>
+      privateKeyJwk: JwkProps
+      header: string
+    }
+
+    const key = AskarKey.fromJwk({ jwk: Jwk.fromJson(privateKeyJwk) })
+    const recipientKey = await askarWallet.createKey({
+      keyType: KeyType.P256,
+      privateKey: Buffer.from(key.secretBytes),
+    })
+
+    const { data, header } = await askarWallet.directDecryptCompactJweEcdhEs({
+      compactJwe,
+      recipientKey,
+    })
+
+    expect(header).toEqual(expectedHeader)
+    expect(JsonEncoder.fromBuffer(data)).toEqual(decodedPayload)
+  })
 })
 
 describe.skip('Currently, all KeyTypes are supported by Askar natively', () => {