draft: support alg ECDH-1PU+A256KW for jwe tokens

iden3 · Dec 13, 2024 · bbc488c · bbc488c
1 parent 9145519
commit bbc488c
Show file tree

Hide file tree

Showing 13 changed files with 923 additions and 0 deletions.
diff --git a/.github/workflows/ci-lint.yaml b/.github/workflows/ci-lint.yaml
@@ -0,0 +1,23 @@
+name: Lint
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache: true
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.62
diff --git a/.github/workflows/ci-test.yaml b/.github/workflows/ci-test.yaml
@@ -0,0 +1,31 @@
+name: Test
+
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        containers: [ 1.22, 1.21, 1.20 ]
+    runs-on: ubuntu-latest
+    container: golang:${{ matrix.containers }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cache/go-build
+            /go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: Update go modules
+        run: go mod tidy
+      - name: Unit Tests
+        run: go test -v -race -count=1 ./...
diff --git a/.golangci.yml b/.golangci.yml
@@ -0,0 +1,68 @@
+linters-settings:
+  govet:
+    enable-all: true
+  revive:
+    confidence: 0.1
+    rules:
+      - name: package-comments
+        disabled: true
+  goconst:
+    min-len: 2
+    min-occurrences: 2
+  misspell:
+    locale: US
+  lll:
+    line-length: 140
+  gocritic:
+    enabled-tags:
+      - performance
+      - style
+      - experimental
+    disabled-checks:
+      - hugeParam
+      - commentedOutCode
+  gci:
+    sections:
+      - standard
+      - default
+
+linters:
+  enable:
+    - bodyclose
+    - revive
+    - govet
+    - unconvert
+    - gosec
+    - gocyclo
+    - dupl
+    - misspell
+    - unparam
+    - typecheck
+    - ineffassign
+    - stylecheck
+    - gochecknoinits
+    - gocritic
+    - nakedret
+    - gosimple
+    - prealloc
+    - gci
+    - errcheck
+    - gofmt
+    - goimports
+    - staticcheck
+    - unused
+  fast: false
+  disable-all: true
+
+issues:
+  exclude-rules:
+    - text: "at least one file in a package should have a package comment"
+      linters:
+        - stylecheck
+    - text: "should have a package comment, unless it's in another file for this package"
+      linters:
+        - revive
+    - text: "appendAssign: *"
+      linters:
+        - gocritic
+  exclude-use-default: false
diff --git a/Makefile b/Makefile
@@ -0,0 +1,8 @@
+test:
+	go test -v -count=1 ./...
+
+lint:
+	golangci-lint run
+
+lint-fix:
+	golangci-lint run --fix
diff --git a/README.md b/README.md
@@ -1 +1,40 @@
 # jose-primitives
+
+This library provides support for creating and parsing JWE (JSON Web Encryption) tokens using the `ECDH-1PU` key agreement protocol. The library is specifically designed to facilitate authenticated encryption (authcrypt) and supports generating a common key between participants using secure cryptographic methods.
+
+## Features
+- **Key Agreement Protocol:** `ECDH-1PU` to derive a shared common key between participants.
+- **Supported Curves:** `P-384` and `X25519` (as specified in the [DIDComm Messaging RFC](https://identity.foundation/didcomm-messaging/spec/)).
+- **JWE Token Creation:** Supports `alg` and `enc` combinations such as:
+  - `ECDH-1PU+A256KW` for key agreement.
+  - `A256CBC-HS512` for content encryption.
+- **JWE Token Parsing:** Parses JWE tokens in compressed format with the above `alg` and `enc` combinations.
+
+## Supported Algorithms
+
+### Key Agreement (`alg`)
+| Algorithm         | Description                                |
+| ----------------- | ------------------------------------------ |
+| `ECDH-1PU+A256KW` | Authenticated encryption with key wrapping |
+
+### Content Encryption (`enc`)
+| Algorithm       | Description                   |
+| --------------- | ----------------------------- |
+| `A256CBC-HS512` | AES-256 CBC with HMAC SHA-512 |
+
+## Supported Key Types
+| Curve Name   | Description                  |
+| ------------ | ---------------------------- |
+| `NIST P-384` | High-security elliptic curve |
+| `X25519`     | Modern, fast elliptic curve  |
+
+## Limitations
+- The library only supports JWE tokens created with:
+  - `alg`: `ECDH-1PU+A256KW`
+  - `enc`: `A256CBC-HS512`
+- Parsing is restricted to JWE tokens in **compressed format**.
+- Only `P-384` and `X25519` curves are supported.
+
+## License
+This library is licensed under the MIT License.
+