feat: mdoc-support

[auer-martin]

No description provided.

[changeset-bot]

🦋 Changeset detected

Latest commit: 2738270

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 14 packages

Name	Type
@credo-ts/core	Patch
@credo-ts/action-menu	Patch
@credo-ts/anoncreds	Patch
@credo-ts/askar	Patch
@credo-ts/bbs-signatures	Patch
@credo-ts/cheqd	Patch
@credo-ts/drpc	Patch
@credo-ts/indy-sdk-to-askar-migration	Patch
@credo-ts/indy-vdr	Patch
@credo-ts/node	Patch
@credo-ts/openid4vc	Patch
@credo-ts/question-answer	Patch
@credo-ts/react-native	Patch
@credo-ts/tenants	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[TimoGlastra]

this is redundant

[TimoGlastra]

how are these values mapped to the presentation? Ideally we don't add oid4vp specific properties to the pex service, but i can understand if it's not possible otherwise

[auer-martin]

Yeah, I also don't like it, but I don't see an easy better way to propagate the values. There are used to calculate the session transcript

[TimoGlastra]

okay and this is openid4vp specific, or is it mdoc specific?

[auer-martin]

Hmm I guess depends on the viewpoint the data we need is expected to come for openid4vp, but we need it to create mdoc presentations.

[TimoGlastra]

Okay so if we implement BLE exchange we wouldn't need these values?

[auer-martin]

No we need it to compute the session transcript bytes.

SessionTranscriptBytes = #6.24(bstr .cbor SessionTranscript)
SessionTranscript = [
    DeviceEngagementBytes,
    EReaderKeyBytes,
    Handover
]
DeviceEngagementBytes = #6.24(bstr .cbor DeviceEngagement)
Handover = QRHandover / NFCHandover
QRHandover= null
NFCHandover = [
    bstr        ; Binary value of the Handover Select Message
    bstr / null ; Binary value of the Handover Request Message,
; shall be null if NFC Static Handover was used DeviceEngagement is defined in 8.2.1.1.
]

[TimoGlastra]

I think this should be extracted from the challenge property in the pex service itself. As it's now redundant, and can lead to inconsistencies.

[auer-martin]

I did this intentionally. I don't think we should use a challenge property. openid4vp is very specific. To me it would be completely unclear why the verification of a device response will fail after changing a e.g. domain/challenge property which have no relation at all to Mdoc?

[auer-martin]

What do you think?

[TimoGlastra]

Hmm I think it's quite common to use one nonce and apply that in all places that need a nonce. That way you keep consistency. we use the presentation exchange nonce in the w3c vp signature creation, so i don't see why we can't use it in the mdoc presentation creation.

I rather reuse the existing property, as there's really no reason to use a different nonce for the mdoc presentation.

[TimoGlastra]

because the nonce for a w3c jwt vp / sd-jwt-vc is also based on the challenge. We just call it challenge in our api, but all VPs use this as the nonce/challenge.

[TimoGlastra]

we need to make sure to reuse this nonce when encrypting the resposne (we generate a new nonce there at the moment, but these should be the same)

[TimoGlastra]

Suggested change

	throw new CredoError('Mdoc verifiable credential is not yet supported.')
	throw new CredoError('Mdoc verifiable presentation is not yet supported.')

[TimoGlastra]

what if v1 is used?

[TimoGlastra]

I think instead of continue we could use an else clause maybe? I had a hard time understanding this code, until i spotted this continue statement

[TimoGlastra]

Suggested change

	.filter((c) => c instanceof MdocRecord === false)
	.map((c) => getSphereonOriginalVerifiableCredential(c as SdJwtVcRecord | W3cCredentialRecord))
	.filter((c): c is Exclude<typeof c, MdocRecord> => c instanceof MdocRecord === false)
	.map((c) => getSphereonOriginalVerifiableCredential(c))

[TimoGlastra]

when will we know this? (i don't see warn changed to error / info?)

[TimoGlastra]

isn't device signed the presentation?

[auer-martin]

yes. It can also include device-signed namespaces. Essentially self-attested claims.

[TimoGlastra]

but shouldn't this be on the mdoc presentation then?

[auer-martin]

A presentation is a set of mdoc's. If we want to go that route we need to split Mdoc class up into IssuerSigned / Device signed document class.

[TimoGlastra]

i see we're mostly using string certificates here. Do we want to use that as the primary method to pass around certificate in Credo (i haven't made my mind up yet, just thinking 🤔 ).

[auer-martin]

I don't mind. We essentially also set trustedCerts as strings. That's why I have chosen this approach

export interface X509ModuleConfigOptions {
  /**
   *
   * Array of trusted base64-encoded certificate strings in the DER-format.
   */
  trustedCertificates?: [string, ...string[]]

[TimoGlastra]

string is fine 👍

[TimoGlastra]

Do we check if the issuerKey and cert key match? Can't we always just extract the key from the cert?

[auer-martin]

I also think this should work. Not sure why it doesn't. It may be related to the issue I mentioned below with the jwk representation of keys.

[auer-martin]

works now with the fixes regarding key compression

[TimoGlastra]

this is the public key jwk, not the private key jwk right? I think the name is confusing. It's important we don't have to pass the private key, so we can support HSM

[TimoGlastra]

I don't like the casting here, it can lead to bugs in the future. We should check if index 0 exists, and then also whether it's a supported alg by mdoc (or does it throw if the provided alg is not supported?)

[TimoGlastra]

just as an FYI trusted certificaes will need to be aligned with #2052 once merged

[TimoGlastra]

does it return a verification object or something? Would be good to return more than true/false, but also something we can add later

[auer-martin]

doesnt return anything atm.

[TimoGlastra]

does create also sign? I think in SD JWT API we use sign so might be nice to stay consistent?

[TimoGlastra]

does this still use the credo wallet to verify the signature? I can't see the context or something passed around. It is important.

Aslo it's prob ok for now, but we should try to stay away from doing crypto operations outside of the wallet. Also with e.g. the p256 shared secret calcuation etc.. The more we can do in the wallet, the better.

So if you can provide a list of all cryptographic operations that are needed, we can look to move them to the wallet over time

[auer-martin]

We just need the key derivation.

[TimoGlastra]

what do these do? and why are they part of the protokol library?

[auer-martin]

Please take a look at my comment. There is an issue with how we represent the key as jwk. It probably should be compressed. Nothing from the protokoll library should remain here. Atleast related to crypto.

[TimoGlastra]

Which comment? I can't find it

[auer-martin]

    //expected
    //{
    //kty: 'EC',
    //x: 'OFBq4YMKg4w5fTifsytwBuJf_7E7VhRPXiNm52S3q1E',
    //y: 'EyIAXV8gyt5FcRsYHhz4ryz97rjL0uogxHO6jMZr3bg',
    //crv: 'P-256'
    //}

    //actual
    //{
    //kty: 'EC',
    //crv: 'P-256',
    //x: 'OFBq4YMKg4w5fTifsytwBuJf_7E7VhRPXiNm52S3q1ETIgBdXyDK3kVxGxgeHPiv',
    //y: 'LP3uuMvS6iDEc7qMxmvduNeBp_oWscK1x-3_1KKYDayIctdDcpXHi8HcbehAfVIK'
    //}

    //const comp = X509Certificate.fromRawCertificate(input.certificate)
    //const x = getJwkFromKey(comp.publicKey).toJson()
    //// eslint-disable-next-line @typescript-eslint/no-unused-vars
    //const { use, ...jwk } = x
    //return jwk

[TimoGlastra]

Suggested change

deviceKeyInfo.deviceKey

[TimoGlastra]

I think we can also just use an uuid?

Suggested change

	id: 'MdocPresentationSubmission ' + agentContext.wallet.generateNonce(),
	id: 'MdocPresentationSubmission ' + await agentContext.wallet.generateNonce(),

[TimoGlastra]

same with integraiont of pr #2052

[TimoGlastra]

I think name can just be a string with CN=X, N=X I think that might be nicer to keep it like that. Otherwise we'll have to add a custom prop for everything

[TimoGlastra]

or we need to nest / rename it

[TimoGlastra]

i think if it's public we shouldn't call it _internal, but just fromIssuerSignedDocument. Or we don't allow creating it from IssuerSignedDocument at all (but something else).

[TimoGlastra]

Why do we need to add both the mdoc and the deviceResponse base64? The encoded device response also contains the mdoc right?

If it's for internal APIs it's ok, but for public APIs I'd like to avoid options that could conflict (what if they don't match?)

[TimoGlastra]

This is not the private part. It's a public key that can be used during verificadtion to know which private key to use.

Suggested change

	* The private part of the ephemeral key used in the session where the DeviceResponse was obtained. This is only required if the DeviceResponse is using the MAC method for device authentication.
	* The public ephemeral key used in the session where the DeviceResponse was obtained. This is only required if the DeviceResponse is using the MAC method for device authentication.

Also, isn't the public key added in the device respnose, or do we need to make sure it's MAC'd to this specific key?

[auer-martin]

I removed this for now. As currently we never use mac authentication

[TimoGlastra]

Either both key, or both PublicKey, but issuerKey and holderPublicKey doesn't make sense I think

Suggested change

	holderPublicKey: Key
	holderKey: Key

[auer-martin]

with berends fix we now just need

  issuerCertificate: string
  holderKey: Key

[TimoGlastra]

Is device response an openid4vp specific object, if we're using BLE don't we use device response? If so I don't think the underlying API should be called openId4Vp?

[TimoGlastra]

Or should this method be called createOpenId4VpDeviceResponse?

[auer-martin]

renamed to createOpenId4VpDeviceResponse

[TimoGlastra]

nice but usually we name tests mdoc-deviceResponse-openid4vc.test.ts instead of using dots (which are more for extension types)

[TimoGlastra]

do we also want to add an oid4vci flow with mdoc? OR lateR?

[auer-martin]

I would do that later. Let's first get the basis merged?

[TimoGlastra]

I think this might look a bit clear?

Suggested change

	;[
	[
	'clientId',
	{
	clientId: 'wrong',
	responseUri,
	verifierGeneratedNonce,
	mdocGeneratedNonce,
	},
	] as const,
	[
	'responseUri',
	{
	clientId,
	responseUri: 'wrong',
	verifierGeneratedNonce,
	mdocGeneratedNonce,
	},
	] as const,
	[
	'verifierGeneratedNonce',
	{
	clientId,
	responseUri,
	verifierGeneratedNonce: 'wrong',
	mdocGeneratedNonce,
	},
	] as const,
	[
	'mdocGeneratedNonce',
	{
	clientId,
	responseUri,
	verifierGeneratedNonce,
	mdocGeneratedNonce: 'wrong',
	},
	] as const,
	].forEach(([name, values]) => {
	Object.entries({
	clientId: {
	clientId: 'wrong',
	responseUri,
	verifierGeneratedNonce,
	mdocGeneratedNonce,
	}
	}).forEach(([name, values]) => {

[TimoGlastra]

Nice 👍

[TimoGlastra]

Suggested change

agentContext.dependencyManager.resolve(X509ModuleConfig).getTrustedCertificatesForVerification

[TimoGlastra]

Not important but We also create the context above, can we reuse it?

[TimoGlastra]

Can't we reuse global other verification context for this?

[auer-martin]

For the w3cCredentials the context looks like this. Or what global context do you mean?

export interface VerificationContext {
/**

• The id of the ProofRecord that this verification is bound to.
  */
  didcommProofRecordId?: string

/**

• The id of the OpenId4VcVerificationSessionRecord that this verification is bound to.
  */
  openId4VcVerificationSessionId?: string
  }

[TimoGlastra]

Ah in my mind it would be a global verification context.